2 * QEMU generic PowerPC hardware System Emulator
4 * Copyright (c) 2003-2007 Jocelyn Mayer
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
27 //#define PPC_DEBUG_IRQ
28 //#define PPC_DEBUG_TB
33 void ppc_set_irq (CPUState *env, int n_IRQ, int level)
36 env->pending_interrupts |= 1 << n_IRQ;
37 cpu_interrupt(env, CPU_INTERRUPT_HARD);
39 env->pending_interrupts &= ~(1 << n_IRQ);
40 if (env->pending_interrupts == 0)
41 cpu_reset_interrupt(env, CPU_INTERRUPT_HARD);
43 #if defined(PPC_DEBUG_IRQ)
44 if (loglevel & CPU_LOG_INT) {
45 fprintf(logfile, "%s: %p n_IRQ %d level %d => pending %08x req %08x\n",
46 __func__, env, n_IRQ, level,
47 env->pending_interrupts, env->interrupt_request);
52 /* PowerPC 6xx / 7xx internal IRQ controller */
53 static void ppc6xx_set_irq (void *opaque, int pin, int level)
55 CPUState *env = opaque;
58 #if defined(PPC_DEBUG_IRQ)
59 if (loglevel & CPU_LOG_INT) {
60 fprintf(logfile, "%s: env %p pin %d level %d\n", __func__,
64 cur_level = (env->irq_input_state >> pin) & 1;
65 /* Don't generate spurious events */
66 if ((cur_level == 1 && level == 0) || (cur_level == 0 && level != 0)) {
68 case PPC6xx_INPUT_INT:
69 /* Level sensitive - active high */
70 #if defined(PPC_DEBUG_IRQ)
71 if (loglevel & CPU_LOG_INT) {
72 fprintf(logfile, "%s: set the external IRQ state to %d\n",
76 ppc_set_irq(env, PPC_INTERRUPT_EXT, level);
78 case PPC6xx_INPUT_SMI:
79 /* Level sensitive - active high */
80 #if defined(PPC_DEBUG_IRQ)
81 if (loglevel & CPU_LOG_INT) {
82 fprintf(logfile, "%s: set the SMI IRQ state to %d\n",
86 ppc_set_irq(env, PPC_INTERRUPT_SMI, level);
88 case PPC6xx_INPUT_MCP:
89 /* Negative edge sensitive */
90 /* XXX: TODO: actual reaction may depends on HID0 status
91 * 603/604/740/750: check HID0[EMCP]
93 if (cur_level == 1 && level == 0) {
94 #if defined(PPC_DEBUG_IRQ)
95 if (loglevel & CPU_LOG_INT) {
96 fprintf(logfile, "%s: raise machine check state\n",
100 ppc_set_irq(env, PPC_INTERRUPT_MCK, 1);
103 case PPC6xx_INPUT_CKSTP_IN:
104 /* Level sensitive - active low */
105 /* XXX: TODO: relay the signal to CKSTP_OUT pin */
107 #if defined(PPC_DEBUG_IRQ)
108 if (loglevel & CPU_LOG_INT) {
109 fprintf(logfile, "%s: stop the CPU\n", __func__);
114 #if defined(PPC_DEBUG_IRQ)
115 if (loglevel & CPU_LOG_INT) {
116 fprintf(logfile, "%s: restart the CPU\n", __func__);
122 case PPC6xx_INPUT_HRESET:
123 /* Level sensitive - active low */
126 #if defined(PPC_DEBUG_IRQ)
127 if (loglevel & CPU_LOG_INT) {
128 fprintf(logfile, "%s: reset the CPU\n", __func__);
135 case PPC6xx_INPUT_SRESET:
136 #if defined(PPC_DEBUG_IRQ)
137 if (loglevel & CPU_LOG_INT) {
138 fprintf(logfile, "%s: set the RESET IRQ state to %d\n",
142 ppc_set_irq(env, PPC_INTERRUPT_RESET, level);
145 /* Unknown pin - do nothing */
146 #if defined(PPC_DEBUG_IRQ)
147 if (loglevel & CPU_LOG_INT) {
148 fprintf(logfile, "%s: unknown IRQ pin %d\n", __func__, pin);
154 env->irq_input_state |= 1 << pin;
156 env->irq_input_state &= ~(1 << pin);
160 void ppc6xx_irq_init (CPUState *env)
162 env->irq_inputs = (void **)qemu_allocate_irqs(&ppc6xx_set_irq, env, 6);
165 /* PowerPC 970 internal IRQ controller */
166 static void ppc970_set_irq (void *opaque, int pin, int level)
168 CPUState *env = opaque;
171 #if defined(PPC_DEBUG_IRQ)
172 if (loglevel & CPU_LOG_INT) {
173 fprintf(logfile, "%s: env %p pin %d level %d\n", __func__,
177 cur_level = (env->irq_input_state >> pin) & 1;
178 /* Don't generate spurious events */
179 if ((cur_level == 1 && level == 0) || (cur_level == 0 && level != 0)) {
181 case PPC970_INPUT_INT:
182 /* Level sensitive - active high */
183 #if defined(PPC_DEBUG_IRQ)
184 if (loglevel & CPU_LOG_INT) {
185 fprintf(logfile, "%s: set the external IRQ state to %d\n",
189 ppc_set_irq(env, PPC_INTERRUPT_EXT, level);
191 case PPC970_INPUT_THINT:
192 /* Level sensitive - active high */
193 #if defined(PPC_DEBUG_IRQ)
194 if (loglevel & CPU_LOG_INT) {
195 fprintf(logfile, "%s: set the SMI IRQ state to %d\n", __func__,
199 ppc_set_irq(env, PPC_INTERRUPT_THERM, level);
201 case PPC970_INPUT_MCP:
202 /* Negative edge sensitive */
203 /* XXX: TODO: actual reaction may depends on HID0 status
204 * 603/604/740/750: check HID0[EMCP]
206 if (cur_level == 1 && level == 0) {
207 #if defined(PPC_DEBUG_IRQ)
208 if (loglevel & CPU_LOG_INT) {
209 fprintf(logfile, "%s: raise machine check state\n",
213 ppc_set_irq(env, PPC_INTERRUPT_MCK, 1);
216 case PPC970_INPUT_CKSTP:
217 /* Level sensitive - active low */
218 /* XXX: TODO: relay the signal to CKSTP_OUT pin */
220 #if defined(PPC_DEBUG_IRQ)
221 if (loglevel & CPU_LOG_INT) {
222 fprintf(logfile, "%s: stop the CPU\n", __func__);
227 #if defined(PPC_DEBUG_IRQ)
228 if (loglevel & CPU_LOG_INT) {
229 fprintf(logfile, "%s: restart the CPU\n", __func__);
235 case PPC970_INPUT_HRESET:
236 /* Level sensitive - active low */
239 #if defined(PPC_DEBUG_IRQ)
240 if (loglevel & CPU_LOG_INT) {
241 fprintf(logfile, "%s: reset the CPU\n", __func__);
248 case PPC970_INPUT_SRESET:
249 #if defined(PPC_DEBUG_IRQ)
250 if (loglevel & CPU_LOG_INT) {
251 fprintf(logfile, "%s: set the RESET IRQ state to %d\n",
255 ppc_set_irq(env, PPC_INTERRUPT_RESET, level);
257 case PPC970_INPUT_TBEN:
258 #if defined(PPC_DEBUG_IRQ)
259 if (loglevel & CPU_LOG_INT) {
260 fprintf(logfile, "%s: set the TBEN state to %d\n", __func__,
267 /* Unknown pin - do nothing */
268 #if defined(PPC_DEBUG_IRQ)
269 if (loglevel & CPU_LOG_INT) {
270 fprintf(logfile, "%s: unknown IRQ pin %d\n", __func__, pin);
276 env->irq_input_state |= 1 << pin;
278 env->irq_input_state &= ~(1 << pin);
282 void ppc970_irq_init (CPUState *env)
284 env->irq_inputs = (void **)qemu_allocate_irqs(&ppc970_set_irq, env, 7);
287 /* PowerPC 405 internal IRQ controller */
288 static void ppc405_set_irq (void *opaque, int pin, int level)
290 CPUState *env = opaque;
293 #if defined(PPC_DEBUG_IRQ)
294 if (loglevel & CPU_LOG_INT) {
295 fprintf(logfile, "%s: env %p pin %d level %d\n", __func__,
299 cur_level = (env->irq_input_state >> pin) & 1;
300 /* Don't generate spurious events */
301 if ((cur_level == 1 && level == 0) || (cur_level == 0 && level != 0)) {
303 case PPC405_INPUT_RESET_SYS:
305 #if defined(PPC_DEBUG_IRQ)
306 if (loglevel & CPU_LOG_INT) {
307 fprintf(logfile, "%s: reset the PowerPC system\n",
311 ppc40x_system_reset(env);
314 case PPC405_INPUT_RESET_CHIP:
316 #if defined(PPC_DEBUG_IRQ)
317 if (loglevel & CPU_LOG_INT) {
318 fprintf(logfile, "%s: reset the PowerPC chip\n", __func__);
321 ppc40x_chip_reset(env);
325 case PPC405_INPUT_RESET_CORE:
326 /* XXX: TODO: update DBSR[MRR] */
328 #if defined(PPC_DEBUG_IRQ)
329 if (loglevel & CPU_LOG_INT) {
330 fprintf(logfile, "%s: reset the PowerPC core\n", __func__);
333 ppc40x_core_reset(env);
336 case PPC405_INPUT_CINT:
337 /* Level sensitive - active high */
338 #if defined(PPC_DEBUG_IRQ)
339 if (loglevel & CPU_LOG_INT) {
340 fprintf(logfile, "%s: set the critical IRQ state to %d\n",
345 ppc_set_irq(env, PPC_INTERRUPT_RESET, level);
347 case PPC405_INPUT_INT:
348 /* Level sensitive - active high */
349 #if defined(PPC_DEBUG_IRQ)
350 if (loglevel & CPU_LOG_INT) {
351 fprintf(logfile, "%s: set the external IRQ state to %d\n",
355 ppc_set_irq(env, PPC_INTERRUPT_EXT, level);
357 case PPC405_INPUT_HALT:
358 /* Level sensitive - active low */
360 #if defined(PPC_DEBUG_IRQ)
361 if (loglevel & CPU_LOG_INT) {
362 fprintf(logfile, "%s: stop the CPU\n", __func__);
367 #if defined(PPC_DEBUG_IRQ)
368 if (loglevel & CPU_LOG_INT) {
369 fprintf(logfile, "%s: restart the CPU\n", __func__);
375 case PPC405_INPUT_DEBUG:
376 /* Level sensitive - active high */
377 #if defined(PPC_DEBUG_IRQ)
378 if (loglevel & CPU_LOG_INT) {
379 fprintf(logfile, "%s: set the debug pin state to %d\n",
383 ppc_set_irq(env, PPC_INTERRUPT_DEBUG, level);
386 /* Unknown pin - do nothing */
387 #if defined(PPC_DEBUG_IRQ)
388 if (loglevel & CPU_LOG_INT) {
389 fprintf(logfile, "%s: unknown IRQ pin %d\n", __func__, pin);
395 env->irq_input_state |= 1 << pin;
397 env->irq_input_state &= ~(1 << pin);
401 void ppc405_irq_init (CPUState *env)
403 env->irq_inputs = (void **)qemu_allocate_irqs(&ppc405_set_irq, env, 7);
406 /*****************************************************************************/
407 /* PowerPC time base and decrementer emulation */
409 /* Time base management */
410 int64_t tb_offset; /* Compensation */
411 uint32_t tb_freq; /* TB frequency */
412 /* Decrementer management */
413 uint64_t decr_next; /* Tick for next decr interrupt */
414 struct QEMUTimer *decr_timer;
418 static inline uint64_t cpu_ppc_get_tb (ppc_tb_t *tb_env)
420 /* TB time in tb periods */
421 return muldiv64(qemu_get_clock(vm_clock) + tb_env->tb_offset,
422 tb_env->tb_freq, ticks_per_sec);
425 uint32_t cpu_ppc_load_tbl (CPUState *env)
427 ppc_tb_t *tb_env = env->tb_env;
430 tb = cpu_ppc_get_tb(tb_env);
433 static int last_time;
436 if (last_time != now) {
439 fprintf(logfile, "%s: tb=0x%016lx %d %08lx\n",
440 __func__, tb, now, tb_env->tb_offset);
446 return tb & 0xFFFFFFFF;
449 uint32_t cpu_ppc_load_tbu (CPUState *env)
451 ppc_tb_t *tb_env = env->tb_env;
454 tb = cpu_ppc_get_tb(tb_env);
455 #if defined(PPC_DEBUG_TB)
457 fprintf(logfile, "%s: tb=0x%016lx\n", __func__, tb);
464 static void cpu_ppc_store_tb (ppc_tb_t *tb_env, uint64_t value)
466 tb_env->tb_offset = muldiv64(value, ticks_per_sec, tb_env->tb_freq)
467 - qemu_get_clock(vm_clock);
470 fprintf(logfile, "%s: tb=0x%016lx offset=%08lx\n", __func__, value,
476 void cpu_ppc_store_tbu (CPUState *env, uint32_t value)
478 ppc_tb_t *tb_env = env->tb_env;
480 cpu_ppc_store_tb(tb_env,
481 ((uint64_t)value << 32) | cpu_ppc_load_tbl(env));
484 void cpu_ppc_store_tbl (CPUState *env, uint32_t value)
486 ppc_tb_t *tb_env = env->tb_env;
488 cpu_ppc_store_tb(tb_env,
489 ((uint64_t)cpu_ppc_load_tbu(env) << 32) | value);
492 uint32_t cpu_ppc_load_decr (CPUState *env)
494 ppc_tb_t *tb_env = env->tb_env;
498 diff = tb_env->decr_next - qemu_get_clock(vm_clock);
500 decr = muldiv64(diff, tb_env->tb_freq, ticks_per_sec);
502 decr = -muldiv64(-diff, tb_env->tb_freq, ticks_per_sec);
503 #if defined(PPC_DEBUG_TB)
505 fprintf(logfile, "%s: 0x%08x\n", __func__, decr);
512 /* When decrementer expires,
513 * all we need to do is generate or queue a CPU exception
515 static inline void cpu_ppc_decr_excp (CPUState *env)
520 fprintf(logfile, "raise decrementer exception\n");
523 ppc_set_irq(env, PPC_INTERRUPT_DECR, 1);
526 static void _cpu_ppc_store_decr (CPUState *env, uint32_t decr,
527 uint32_t value, int is_excp)
529 ppc_tb_t *tb_env = env->tb_env;
534 fprintf(logfile, "%s: 0x%08x => 0x%08x\n", __func__, decr, value);
537 now = qemu_get_clock(vm_clock);
538 next = now + muldiv64(value, ticks_per_sec, tb_env->tb_freq);
540 next += tb_env->decr_next - now;
543 tb_env->decr_next = next;
545 qemu_mod_timer(tb_env->decr_timer, next);
546 /* If we set a negative value and the decrementer was positive,
547 * raise an exception.
549 if ((value & 0x80000000) && !(decr & 0x80000000))
550 cpu_ppc_decr_excp(env);
553 void cpu_ppc_store_decr (CPUState *env, uint32_t value)
555 _cpu_ppc_store_decr(env, cpu_ppc_load_decr(env), value, 0);
558 static void cpu_ppc_decr_cb (void *opaque)
560 _cpu_ppc_store_decr(opaque, 0x00000000, 0xFFFFFFFF, 1);
563 static void cpu_ppc_set_tb_clk (void *opaque, uint32_t freq)
565 CPUState *env = opaque;
566 ppc_tb_t *tb_env = env->tb_env;
568 tb_env->tb_freq = freq;
569 /* There is a bug in Linux 2.4 kernels:
570 * if a decrementer exception is pending when it enables msr_ee at startup,
571 * it's not ready to handle it...
573 _cpu_ppc_store_decr(env, 0xFFFFFFFF, 0xFFFFFFFF, 0);
576 /* Set up (once) timebase frequency (in Hz) */
577 clk_setup_cb cpu_ppc_tb_init (CPUState *env, uint32_t freq)
581 tb_env = qemu_mallocz(sizeof(ppc_tb_t));
584 env->tb_env = tb_env;
585 /* Create new timer */
586 tb_env->decr_timer = qemu_new_timer(vm_clock, &cpu_ppc_decr_cb, env);
587 cpu_ppc_set_tb_clk(env, freq);
589 return &cpu_ppc_set_tb_clk;
592 /* Specific helpers for POWER & PowerPC 601 RTC */
593 clk_setup_cb cpu_ppc601_rtc_init (CPUState *env)
595 return cpu_ppc_tb_init(env, 7812500);
598 void cpu_ppc601_store_rtcu (CPUState *env, uint32_t value)
599 __attribute__ (( alias ("cpu_ppc_store_tbu") ));
601 uint32_t cpu_ppc601_load_rtcu (CPUState *env)
602 __attribute__ (( alias ("cpu_ppc_load_tbu") ));
604 void cpu_ppc601_store_rtcl (CPUState *env, uint32_t value)
606 cpu_ppc_store_tbl(env, value & 0x3FFFFF80);
609 uint32_t cpu_ppc601_load_rtcl (CPUState *env)
611 return cpu_ppc_load_tbl(env) & 0x3FFFFF80;
614 /*****************************************************************************/
615 /* Embedded PowerPC timers */
618 typedef struct ppcemb_timer_t ppcemb_timer_t;
619 struct ppcemb_timer_t {
620 uint64_t pit_reload; /* PIT auto-reload value */
621 uint64_t fit_next; /* Tick for next FIT interrupt */
622 struct QEMUTimer *fit_timer;
623 uint64_t wdt_next; /* Tick for next WDT interrupt */
624 struct QEMUTimer *wdt_timer;
627 /* Fixed interval timer */
628 static void cpu_4xx_fit_cb (void *opaque)
632 ppcemb_timer_t *ppcemb_timer;
636 tb_env = env->tb_env;
637 ppcemb_timer = tb_env->opaque;
638 now = qemu_get_clock(vm_clock);
639 switch ((env->spr[SPR_40x_TCR] >> 24) & 0x3) {
653 /* Cannot occur, but makes gcc happy */
656 next = now + muldiv64(next, ticks_per_sec, tb_env->tb_freq);
659 qemu_mod_timer(ppcemb_timer->fit_timer, next);
660 env->spr[SPR_40x_TSR] |= 1 << 26;
661 if ((env->spr[SPR_40x_TCR] >> 23) & 0x1)
662 ppc_set_irq(env, PPC_INTERRUPT_FIT, 1);
665 fprintf(logfile, "%s: ir %d TCR " ADDRX " TSR " ADDRX "\n", __func__,
666 (int)((env->spr[SPR_40x_TCR] >> 23) & 0x1),
667 env->spr[SPR_40x_TCR], env->spr[SPR_40x_TSR]);
672 /* Programmable interval timer */
673 static void start_stop_pit (CPUState *env, ppc_tb_t *tb_env, int is_excp)
675 ppcemb_timer_t *ppcemb_timer;
678 ppcemb_timer = tb_env->opaque;
679 if (ppcemb_timer->pit_reload <= 1 ||
680 !((env->spr[SPR_40x_TCR] >> 26) & 0x1) ||
681 (is_excp && !((env->spr[SPR_40x_TCR] >> 22) & 0x1))) {
685 fprintf(logfile, "%s: stop PIT\n", __func__);
688 qemu_del_timer(tb_env->decr_timer);
692 fprintf(logfile, "%s: start PIT 0x" REGX "\n",
693 __func__, ppcemb_timer->pit_reload);
696 now = qemu_get_clock(vm_clock);
697 next = now + muldiv64(ppcemb_timer->pit_reload,
698 ticks_per_sec, tb_env->tb_freq);
700 next += tb_env->decr_next - now;
703 qemu_mod_timer(tb_env->decr_timer, next);
704 tb_env->decr_next = next;
708 static void cpu_4xx_pit_cb (void *opaque)
712 ppcemb_timer_t *ppcemb_timer;
715 tb_env = env->tb_env;
716 ppcemb_timer = tb_env->opaque;
717 env->spr[SPR_40x_TSR] |= 1 << 27;
718 if ((env->spr[SPR_40x_TCR] >> 26) & 0x1)
719 ppc_set_irq(env, PPC_INTERRUPT_PIT, 1);
720 start_stop_pit(env, tb_env, 1);
723 fprintf(logfile, "%s: ar %d ir %d TCR " ADDRX " TSR " ADDRX " "
724 "%016" PRIx64 "\n", __func__,
725 (int)((env->spr[SPR_40x_TCR] >> 22) & 0x1),
726 (int)((env->spr[SPR_40x_TCR] >> 26) & 0x1),
727 env->spr[SPR_40x_TCR], env->spr[SPR_40x_TSR],
728 ppcemb_timer->pit_reload);
734 static void cpu_4xx_wdt_cb (void *opaque)
738 ppcemb_timer_t *ppcemb_timer;
742 tb_env = env->tb_env;
743 ppcemb_timer = tb_env->opaque;
744 now = qemu_get_clock(vm_clock);
745 switch ((env->spr[SPR_40x_TCR] >> 30) & 0x3) {
759 /* Cannot occur, but makes gcc happy */
762 next = now + muldiv64(next, ticks_per_sec, tb_env->tb_freq);
767 fprintf(logfile, "%s: TCR " ADDRX " TSR " ADDRX "\n", __func__,
768 env->spr[SPR_40x_TCR], env->spr[SPR_40x_TSR]);
771 switch ((env->spr[SPR_40x_TSR] >> 30) & 0x3) {
774 qemu_mod_timer(ppcemb_timer->wdt_timer, next);
775 ppcemb_timer->wdt_next = next;
776 env->spr[SPR_40x_TSR] |= 1 << 31;
779 qemu_mod_timer(ppcemb_timer->wdt_timer, next);
780 ppcemb_timer->wdt_next = next;
781 env->spr[SPR_40x_TSR] |= 1 << 30;
782 if ((env->spr[SPR_40x_TCR] >> 27) & 0x1)
783 ppc_set_irq(env, PPC_INTERRUPT_WDT, 1);
786 env->spr[SPR_40x_TSR] &= ~0x30000000;
787 env->spr[SPR_40x_TSR] |= env->spr[SPR_40x_TCR] & 0x30000000;
788 switch ((env->spr[SPR_40x_TCR] >> 28) & 0x3) {
792 case 0x1: /* Core reset */
793 ppc40x_core_reset(env);
795 case 0x2: /* Chip reset */
796 ppc40x_chip_reset(env);
798 case 0x3: /* System reset */
799 ppc40x_system_reset(env);
805 void store_40x_pit (CPUState *env, target_ulong val)
808 ppcemb_timer_t *ppcemb_timer;
810 tb_env = env->tb_env;
811 ppcemb_timer = tb_env->opaque;
814 fprintf(logfile, "%s %p %p\n", __func__, tb_env, ppcemb_timer);
817 ppcemb_timer->pit_reload = val;
818 start_stop_pit(env, tb_env, 0);
821 target_ulong load_40x_pit (CPUState *env)
823 return cpu_ppc_load_decr(env);
826 void store_booke_tsr (CPUState *env, target_ulong val)
830 fprintf(logfile, "%s: val=" ADDRX "\n", __func__, val);
833 env->spr[SPR_40x_TSR] &= ~(val & 0xFC000000);
834 if (val & 0x80000000)
835 ppc_set_irq(env, PPC_INTERRUPT_PIT, 0);
838 void store_booke_tcr (CPUState *env, target_ulong val)
842 tb_env = env->tb_env;
845 fprintf(logfile, "%s: val=" ADDRX "\n", __func__, val);
848 env->spr[SPR_40x_TCR] = val & 0xFFC00000;
849 start_stop_pit(env, tb_env, 1);
853 static void ppc_emb_set_tb_clk (void *opaque, uint32_t freq)
855 CPUState *env = opaque;
856 ppc_tb_t *tb_env = env->tb_env;
860 fprintf(logfile, "%s set new frequency to %u\n", __func__, freq);
863 tb_env->tb_freq = freq;
864 /* XXX: we should also update all timers */
867 clk_setup_cb ppc_emb_timers_init (CPUState *env, uint32_t freq)
870 ppcemb_timer_t *ppcemb_timer;
872 tb_env = qemu_mallocz(sizeof(ppc_tb_t));
873 if (tb_env == NULL) {
876 env->tb_env = tb_env;
877 ppcemb_timer = qemu_mallocz(sizeof(ppcemb_timer_t));
878 tb_env->tb_freq = freq;
879 tb_env->opaque = ppcemb_timer;
882 fprintf(logfile, "%s %p %p %p\n", __func__, tb_env, ppcemb_timer,
883 &ppc_emb_set_tb_clk);
886 if (ppcemb_timer != NULL) {
887 /* We use decr timer for PIT */
888 tb_env->decr_timer = qemu_new_timer(vm_clock, &cpu_4xx_pit_cb, env);
889 ppcemb_timer->fit_timer =
890 qemu_new_timer(vm_clock, &cpu_4xx_fit_cb, env);
891 ppcemb_timer->wdt_timer =
892 qemu_new_timer(vm_clock, &cpu_4xx_wdt_cb, env);
895 return &ppc_emb_set_tb_clk;
898 /*****************************************************************************/
899 /* Embedded PowerPC Device Control Registers */
900 typedef struct ppc_dcrn_t ppc_dcrn_t;
902 dcr_read_cb dcr_read;
903 dcr_write_cb dcr_write;
907 /* XXX: on 460, DCR addresses are 32 bits wide,
908 * using DCRIPR to get the 22 upper bits of the DCR address
912 ppc_dcrn_t dcrn[DCRN_NB];
913 int (*read_error)(int dcrn);
914 int (*write_error)(int dcrn);
917 int ppc_dcr_read (ppc_dcr_t *dcr_env, int dcrn, target_ulong *valp)
921 if (dcrn < 0 || dcrn >= DCRN_NB)
923 dcr = &dcr_env->dcrn[dcrn];
924 if (dcr->dcr_read == NULL)
926 *valp = (*dcr->dcr_read)(dcr->opaque, dcrn);
931 if (dcr_env->read_error != NULL)
932 return (*dcr_env->read_error)(dcrn);
937 int ppc_dcr_write (ppc_dcr_t *dcr_env, int dcrn, target_ulong val)
941 if (dcrn < 0 || dcrn >= DCRN_NB)
943 dcr = &dcr_env->dcrn[dcrn];
944 if (dcr->dcr_write == NULL)
946 (*dcr->dcr_write)(dcr->opaque, dcrn, val);
951 if (dcr_env->write_error != NULL)
952 return (*dcr_env->write_error)(dcrn);
957 int ppc_dcr_register (CPUState *env, int dcrn, void *opaque,
958 dcr_read_cb dcr_read, dcr_write_cb dcr_write)
963 dcr_env = env->dcr_env;
966 if (dcrn < 0 || dcrn >= DCRN_NB)
968 dcr = &dcr_env->dcrn[dcrn];
969 if (dcr->opaque != NULL ||
970 dcr->dcr_read != NULL ||
971 dcr->dcr_write != NULL)
973 dcr->opaque = opaque;
974 dcr->dcr_read = dcr_read;
975 dcr->dcr_write = dcr_write;
980 int ppc_dcr_init (CPUState *env, int (*read_error)(int dcrn),
981 int (*write_error)(int dcrn))
985 dcr_env = qemu_mallocz(sizeof(ppc_dcr_t));
988 dcr_env->read_error = read_error;
989 dcr_env->write_error = write_error;
990 env->dcr_env = dcr_env;
997 /*****************************************************************************/
998 /* Handle system reset (for now, just stop emulation) */
999 void cpu_ppc_reset (CPUState *env)
1001 printf("Reset asked... Stop emulation\n");
1006 /*****************************************************************************/
1008 void PPC_debug_write (void *opaque, uint32_t addr, uint32_t val)
1020 printf("Set loglevel to %04x\n", val);
1021 cpu_set_log(val | 0x100);
1026 /*****************************************************************************/
1028 void NVRAM_set_byte (m48t59_t *nvram, uint32_t addr, uint8_t value)
1030 m48t59_write(nvram, addr, value);
1033 uint8_t NVRAM_get_byte (m48t59_t *nvram, uint32_t addr)
1035 return m48t59_read(nvram, addr);
1038 void NVRAM_set_word (m48t59_t *nvram, uint32_t addr, uint16_t value)
1040 m48t59_write(nvram, addr, value >> 8);
1041 m48t59_write(nvram, addr + 1, value & 0xFF);
1044 uint16_t NVRAM_get_word (m48t59_t *nvram, uint32_t addr)
1048 tmp = m48t59_read(nvram, addr) << 8;
1049 tmp |= m48t59_read(nvram, addr + 1);
1053 void NVRAM_set_lword (m48t59_t *nvram, uint32_t addr, uint32_t value)
1055 m48t59_write(nvram, addr, value >> 24);
1056 m48t59_write(nvram, addr + 1, (value >> 16) & 0xFF);
1057 m48t59_write(nvram, addr + 2, (value >> 8) & 0xFF);
1058 m48t59_write(nvram, addr + 3, value & 0xFF);
1061 uint32_t NVRAM_get_lword (m48t59_t *nvram, uint32_t addr)
1065 tmp = m48t59_read(nvram, addr) << 24;
1066 tmp |= m48t59_read(nvram, addr + 1) << 16;
1067 tmp |= m48t59_read(nvram, addr + 2) << 8;
1068 tmp |= m48t59_read(nvram, addr + 3);
1073 void NVRAM_set_string (m48t59_t *nvram, uint32_t addr,
1074 const unsigned char *str, uint32_t max)
1078 for (i = 0; i < max && str[i] != '\0'; i++) {
1079 m48t59_write(nvram, addr + i, str[i]);
1081 m48t59_write(nvram, addr + max - 1, '\0');
1084 int NVRAM_get_string (m48t59_t *nvram, uint8_t *dst, uint16_t addr, int max)
1088 memset(dst, 0, max);
1089 for (i = 0; i < max; i++) {
1090 dst[i] = NVRAM_get_byte(nvram, addr + i);
1098 static uint16_t NVRAM_crc_update (uint16_t prev, uint16_t value)
1101 uint16_t pd, pd1, pd2;
1106 pd2 = ((pd >> 4) & 0x000F) ^ pd1;
1107 tmp ^= (pd1 << 3) | (pd1 << 8);
1108 tmp ^= pd2 | (pd2 << 7) | (pd2 << 12);
1113 uint16_t NVRAM_compute_crc (m48t59_t *nvram, uint32_t start, uint32_t count)
1116 uint16_t crc = 0xFFFF;
1121 for (i = 0; i != count; i++) {
1122 crc = NVRAM_crc_update(crc, NVRAM_get_word(nvram, start + i));
1125 crc = NVRAM_crc_update(crc, NVRAM_get_byte(nvram, start + i) << 8);
1131 #define CMDLINE_ADDR 0x017ff000
1133 int PPC_NVRAM_set_params (m48t59_t *nvram, uint16_t NVRAM_size,
1134 const unsigned char *arch,
1135 uint32_t RAM_size, int boot_device,
1136 uint32_t kernel_image, uint32_t kernel_size,
1137 const char *cmdline,
1138 uint32_t initrd_image, uint32_t initrd_size,
1139 uint32_t NVRAM_image,
1140 int width, int height, int depth)
1144 /* Set parameters for Open Hack'Ware BIOS */
1145 NVRAM_set_string(nvram, 0x00, "QEMU_BIOS", 16);
1146 NVRAM_set_lword(nvram, 0x10, 0x00000002); /* structure v2 */
1147 NVRAM_set_word(nvram, 0x14, NVRAM_size);
1148 NVRAM_set_string(nvram, 0x20, arch, 16);
1149 NVRAM_set_lword(nvram, 0x30, RAM_size);
1150 NVRAM_set_byte(nvram, 0x34, boot_device);
1151 NVRAM_set_lword(nvram, 0x38, kernel_image);
1152 NVRAM_set_lword(nvram, 0x3C, kernel_size);
1154 /* XXX: put the cmdline in NVRAM too ? */
1155 strcpy(phys_ram_base + CMDLINE_ADDR, cmdline);
1156 NVRAM_set_lword(nvram, 0x40, CMDLINE_ADDR);
1157 NVRAM_set_lword(nvram, 0x44, strlen(cmdline));
1159 NVRAM_set_lword(nvram, 0x40, 0);
1160 NVRAM_set_lword(nvram, 0x44, 0);
1162 NVRAM_set_lword(nvram, 0x48, initrd_image);
1163 NVRAM_set_lword(nvram, 0x4C, initrd_size);
1164 NVRAM_set_lword(nvram, 0x50, NVRAM_image);
1166 NVRAM_set_word(nvram, 0x54, width);
1167 NVRAM_set_word(nvram, 0x56, height);
1168 NVRAM_set_word(nvram, 0x58, depth);
1169 crc = NVRAM_compute_crc(nvram, 0x00, 0xF8);
1170 NVRAM_set_word(nvram, 0xFC, crc);
projects / qemu / blob