/*
* ARM MPCore internal peripheral emulation.
*
* Copyright (c) 2006-2007 CodeSourcery.
* Written by Paul Brook
*
* This code is licenced under the GPL.
*/
#include "hw.h"
#include "qemu-timer.h"
#include "primecell.h"
#define MPCORE_PRIV_BASE 0x10100000
#define NCPU 4
/* ??? The MPCore TRM says the on-chip controller has 224 external IRQ lines
(+ 32 internal). However my test chip only exposes/reports 32.
More importantly Linux falls over if more than 32 are present! */
#define GIC_NIRQ 64
static inline int
gic_get_current_cpu(void)
{
return cpu_single_env->cpu_index;
}
#include "arm_gic.c"
/* MPCore private memory region. */
typedef struct {
uint32_t count;
uint32_t load;
uint32_t control;
uint32_t status;
uint32_t old_status;
int64_t tick;
QEMUTimer *timer;
struct mpcore_priv_state *mpcore;
int id; /* Encodes both timer/watchdog and CPU. */
} mpcore_timer_state;
typedef struct mpcore_priv_state {
gic_state *gic;
uint32_t scu_control;
mpcore_timer_state timer[8];
} mpcore_priv_state;
/* Per-CPU Timers. */
static inline void mpcore_timer_update_irq(mpcore_timer_state *s)
{
if (s->status & ~s->old_status) {
gic_set_pending_private(s->mpcore->gic, s->id >> 1, 29 + (s->id & 1));
}
s->old_status = s->status;
}
/* Return conversion factor from mpcore timer ticks to qemu timer ticks. */
static inline uint32_t mpcore_timer_scale(mpcore_timer_state *s)
{
return (((s->control >> 8) & 0xff) + 1) * 10;
}
static void mpcore_timer_reload(mpcore_timer_state *s, int restart)
{
if (s->count == 0)
return;
if (restart)
s->tick = qemu_get_clock(vm_clock);
s->tick += (int64_t)s->count * mpcore_timer_scale(s);
qemu_mod_timer(s->timer, s->tick);
}
static void mpcore_timer_tick(void *opaque)
{
mpcore_timer_state *s = (mpcore_timer_state *)opaque;
s->status = 1;
if (s->control & 2) {
s->count = s->load;
mpcore_timer_reload(s, 0);
} else {
s->count = 0;
}
mpcore_timer_update_irq(s);
}
static uint32_t mpcore_timer_read(mpcore_timer_state *s, int offset)
{
int64_t val;
switch (offset) {
case 0: /* Load */
return s->load;
/* Fall through. */
case 4: /* Counter. */
if (((s->control & 1) == 0) || (s->count == 0))
return 0;
/* Slow and ugly, but hopefully won't happen too often. */
val = s->tick - qemu_get_clock(vm_clock);
val /= mpcore_timer_scale(s);
if (val < 0)
val = 0;
return val;
case 8: /* Control. */
return s->control;
case 12: /* Interrupt status. */
return s->status;
default:
return 0;
}
}
static void mpcore_timer_write(mpcore_timer_state *s, int offset,
uint32_t value)
{
int64_t old;
switch (offset) {
case 0: /* Load */
s->load = value;
/* Fall through. */
case 4: /* Counter. */
if ((s->control & 1) && s->count) {
/* Cancel the previous timer. */
qemu_del_timer(s->timer);
}
s->count = value;
if (s->control & 1) {
mpcore_timer_reload(s, 1);
}
break;
case 8: /* Control. */
old = s->control;
s->control = value;
if (((old & 1) == 0) && (value & 1)) {
if (s->count == 0 && (s->control & 2))
s->count = s->load;
mpcore_timer_reload(s, 1);
}
break;
case 12: /* Interrupt status. */
s->status &= ~value;
mpcore_timer_update_irq(s);
break;
}
}
static void mpcore_timer_init(mpcore_priv_state *mpcore,
mpcore_timer_state *s, int id)
{
s->id = id;
s->mpcore = mpcore;
s->timer = qemu_new_timer(vm_clock, mpcore_timer_tick, s);
}
/* Per-CPU private memory mapped IO. */
static uint32_t mpcore_priv_read(void *opaque, target_phys_addr_t offset)
{
mpcore_priv_state *s = (mpcore_priv_state *)opaque;
int id;
offset &= 0xfff;
if (offset < 0x100) {
/* SCU */
switch (offset) {
case 0x00: /* Control. */
return s->scu_control;
case 0x04: /* Configuration. */
return 0xf3;
case 0x08: /* CPU status. */
return 0;
case 0x0c: /* Invalidate all. */
return 0;
default:
goto bad_reg;
}
} else if (offset < 0x600) {
/* Interrupt controller. */
if (offset < 0x200) {
id = gic_get_current_cpu();
} else {
id = (offset - 0x200) >> 8;
}
return gic_cpu_read(s->gic, id, offset & 0xff);
} else if (offset < 0xb00) {
/* Timers. */
if (offset < 0x700) {
id = gic_get_current_cpu();
} else {
id = (offset - 0x700) >> 8;
}
id <<= 1;
if (offset & 0x20)
id++;
return mpcore_timer_read(&s->timer[id], offset & 0xf);
}
bad_reg:
cpu_abort(cpu_single_env, "mpcore_priv_read: Bad offset %x\n",
(int)offset);
return 0;
}
static void mpcore_priv_write(void *opaque, target_phys_addr_t offset,
uint32_t value)
{
mpcore_priv_state *s = (mpcore_priv_state *)opaque;
int id;
offset &= 0xfff;
if (offset < 0x100) {
/* SCU */
switch (offset) {
case 0: /* Control register. */
s->scu_control = value & 1;
break;
case 0x0c: /* Invalidate all. */
/* This is a no-op as cache is not emulated. */
break;
default:
goto bad_reg;
}
} else if (offset < 0x600) {
/* Interrupt controller. */
if (offset < 0x200) {
id = gic_get_current_cpu();
} else {
id = (offset - 0x200) >> 8;
}
gic_cpu_write(s->gic, id, offset & 0xff, value);
} else if (offset < 0xb00) {
/* Timers. */
if (offset < 0x700) {
id = gic_get_current_cpu();
} else {
id = (offset - 0x700) >> 8;
}
id <<= 1;
if (offset & 0x20)
id++;
mpcore_timer_write(&s->timer[id], offset & 0xf, value);
return;
}
return;
bad_reg:
cpu_abort(cpu_single_env, "mpcore_priv_read: Bad offset %x\n",
(int)offset);
}
static CPUReadMemoryFunc *mpcore_priv_readfn[] = {
mpcore_priv_read,
mpcore_priv_read,
mpcore_priv_read
};
static CPUWriteMemoryFunc *mpcore_priv_writefn[] = {
mpcore_priv_write,
mpcore_priv_write,
mpcore_priv_write
};
static qemu_irq *mpcore_priv_init(uint32_t base, qemu_irq *pic_irq)
{
mpcore_priv_state *s;
int iomemtype;
int i;
s = (mpcore_priv_state *)qemu_mallocz(sizeof(mpcore_priv_state));
if (!s)
return NULL;
s->gic = gic_init(base + 0x1000, pic_irq);
if (!s->gic)
return NULL;
iomemtype = cpu_register_io_memory(0, mpcore_priv_readfn,
mpcore_priv_writefn, s);
cpu_register_physical_memory(base, 0x00001000, iomemtype);
for (i = 0; i < 8; i++) {
mpcore_timer_init(s, &s->timer[i], i);
}
return s->gic->in;
}
/* Dummy PIC to route IRQ lines. The baseboard has 4 independent IRQ
controllers. The output of these, plus some of the raw input lines
are fed into a single SMP-aware interrupt controller on the CPU. */
typedef struct {
qemu_irq *cpuic;
qemu_irq *rvic[4];
} mpcore_rirq_state;
/* Map baseboard IRQs onto CPU IRQ lines. */
static const int mpcore_irq_map[32] = {
-1, -1, -1, -1, 1, 2, -1, -1,
-1, -1, 6, -1, 4, 5, -1, -1,
-1, 14, 15, 0, 7, 8, -1, -1,
-1, -1, -1, -1, 9, 3, -1, -1,
};
static void mpcore_rirq_set_irq(void *opaque, int irq, int level)
{
mpcore_rirq_state *s = (mpcore_rirq_state *)opaque;
int i;
for (i = 0; i < 4; i++) {
qemu_set_irq(s->rvic[i][irq], level);
}
if (irq < 32) {
irq = mpcore_irq_map[irq];
if (irq >= 0) {
qemu_set_irq(s->cpuic[irq], level);
}
}
}
qemu_irq *mpcore_irq_init(qemu_irq *cpu_irq)
{
mpcore_rirq_state *s;
int n;
/* ??? IRQ routing is hardcoded to "normal" mode. */
s = qemu_mallocz(sizeof(mpcore_rirq_state));
s->cpuic = mpcore_priv_init(MPCORE_PRIV_BASE, cpu_irq);
for (n = 0; n < 4; n++) {
s->rvic[n] = realview_gic_init(0x10040000 + n * 0x10000,
s->cpuic[10 + n]);
}
return qemu_allocate_irqs(mpcore_rirq_set_irq, s, 64);
}