2 * QEMU generic PowerPC hardware System Emulator
4 * Copyright (c) 2003-2007 Jocelyn Mayer
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
27 //#define PPC_DEBUG_IRQ
28 //#define PPC_DEBUG_TB
33 static void ppc_set_irq (CPUState *env, int n_IRQ, int level)
36 env->pending_interrupts |= 1 << n_IRQ;
37 cpu_interrupt(env, CPU_INTERRUPT_HARD);
39 env->pending_interrupts &= ~(1 << n_IRQ);
40 if (env->pending_interrupts == 0)
41 cpu_reset_interrupt(env, CPU_INTERRUPT_HARD);
43 #if defined(PPC_DEBUG_IRQ)
44 if (loglevel & CPU_LOG_INT) {
45 fprintf(logfile, "%s: %p n_IRQ %d level %d => pending %08x req %08x\n",
46 __func__, env, n_IRQ, level,
47 env->pending_interrupts, env->interrupt_request);
52 /* PowerPC 6xx / 7xx internal IRQ controller */
53 static void ppc6xx_set_irq (void *opaque, int pin, int level)
55 CPUState *env = opaque;
58 #if defined(PPC_DEBUG_IRQ)
59 if (loglevel & CPU_LOG_INT) {
60 fprintf(logfile, "%s: env %p pin %d level %d\n", __func__,
64 cur_level = (env->irq_input_state >> pin) & 1;
65 /* Don't generate spurious events */
66 if ((cur_level == 1 && level == 0) || (cur_level == 0 && level != 0)) {
68 case PPC6xx_INPUT_INT:
69 /* Level sensitive - active high */
70 #if defined(PPC_DEBUG_IRQ)
71 if (loglevel & CPU_LOG_INT) {
72 fprintf(logfile, "%s: set the external IRQ state to %d\n",
76 ppc_set_irq(env, PPC_INTERRUPT_EXT, level);
78 case PPC6xx_INPUT_SMI:
79 /* Level sensitive - active high */
80 #if defined(PPC_DEBUG_IRQ)
81 if (loglevel & CPU_LOG_INT) {
82 fprintf(logfile, "%s: set the SMI IRQ state to %d\n",
86 ppc_set_irq(env, PPC_INTERRUPT_SMI, level);
88 case PPC6xx_INPUT_MCP:
89 /* Negative edge sensitive */
90 /* XXX: TODO: actual reaction may depends on HID0 status
91 * 603/604/740/750: check HID0[EMCP]
93 if (cur_level == 1 && level == 0) {
94 #if defined(PPC_DEBUG_IRQ)
95 if (loglevel & CPU_LOG_INT) {
96 fprintf(logfile, "%s: raise machine check state\n",
100 ppc_set_irq(env, PPC_INTERRUPT_MCK, 1);
103 case PPC6xx_INPUT_CKSTP_IN:
104 /* Level sensitive - active low */
105 /* XXX: TODO: relay the signal to CKSTP_OUT pin */
106 /* XXX: Note that the only way to restart the CPU is to reset it */
108 #if defined(PPC_DEBUG_IRQ)
109 if (loglevel & CPU_LOG_INT) {
110 fprintf(logfile, "%s: stop the CPU\n", __func__);
116 case PPC6xx_INPUT_HRESET:
117 /* Level sensitive - active low */
120 #if defined(PPC_DEBUG_IRQ)
121 if (loglevel & CPU_LOG_INT) {
122 fprintf(logfile, "%s: reset the CPU\n", __func__);
129 case PPC6xx_INPUT_SRESET:
130 #if defined(PPC_DEBUG_IRQ)
131 if (loglevel & CPU_LOG_INT) {
132 fprintf(logfile, "%s: set the RESET IRQ state to %d\n",
136 ppc_set_irq(env, PPC_INTERRUPT_RESET, level);
139 /* Unknown pin - do nothing */
140 #if defined(PPC_DEBUG_IRQ)
141 if (loglevel & CPU_LOG_INT) {
142 fprintf(logfile, "%s: unknown IRQ pin %d\n", __func__, pin);
148 env->irq_input_state |= 1 << pin;
150 env->irq_input_state &= ~(1 << pin);
154 void ppc6xx_irq_init (CPUState *env)
156 env->irq_inputs = (void **)qemu_allocate_irqs(&ppc6xx_set_irq, env, 6);
159 #if defined(TARGET_PPC64)
160 /* PowerPC 970 internal IRQ controller */
161 static void ppc970_set_irq (void *opaque, int pin, int level)
163 CPUState *env = opaque;
166 #if defined(PPC_DEBUG_IRQ)
167 if (loglevel & CPU_LOG_INT) {
168 fprintf(logfile, "%s: env %p pin %d level %d\n", __func__,
172 cur_level = (env->irq_input_state >> pin) & 1;
173 /* Don't generate spurious events */
174 if ((cur_level == 1 && level == 0) || (cur_level == 0 && level != 0)) {
176 case PPC970_INPUT_INT:
177 /* Level sensitive - active high */
178 #if defined(PPC_DEBUG_IRQ)
179 if (loglevel & CPU_LOG_INT) {
180 fprintf(logfile, "%s: set the external IRQ state to %d\n",
184 ppc_set_irq(env, PPC_INTERRUPT_EXT, level);
186 case PPC970_INPUT_THINT:
187 /* Level sensitive - active high */
188 #if defined(PPC_DEBUG_IRQ)
189 if (loglevel & CPU_LOG_INT) {
190 fprintf(logfile, "%s: set the SMI IRQ state to %d\n", __func__,
194 ppc_set_irq(env, PPC_INTERRUPT_THERM, level);
196 case PPC970_INPUT_MCP:
197 /* Negative edge sensitive */
198 /* XXX: TODO: actual reaction may depends on HID0 status
199 * 603/604/740/750: check HID0[EMCP]
201 if (cur_level == 1 && level == 0) {
202 #if defined(PPC_DEBUG_IRQ)
203 if (loglevel & CPU_LOG_INT) {
204 fprintf(logfile, "%s: raise machine check state\n",
208 ppc_set_irq(env, PPC_INTERRUPT_MCK, 1);
211 case PPC970_INPUT_CKSTP:
212 /* Level sensitive - active low */
213 /* XXX: TODO: relay the signal to CKSTP_OUT pin */
215 #if defined(PPC_DEBUG_IRQ)
216 if (loglevel & CPU_LOG_INT) {
217 fprintf(logfile, "%s: stop the CPU\n", __func__);
222 #if defined(PPC_DEBUG_IRQ)
223 if (loglevel & CPU_LOG_INT) {
224 fprintf(logfile, "%s: restart the CPU\n", __func__);
230 case PPC970_INPUT_HRESET:
231 /* Level sensitive - active low */
234 #if defined(PPC_DEBUG_IRQ)
235 if (loglevel & CPU_LOG_INT) {
236 fprintf(logfile, "%s: reset the CPU\n", __func__);
243 case PPC970_INPUT_SRESET:
244 #if defined(PPC_DEBUG_IRQ)
245 if (loglevel & CPU_LOG_INT) {
246 fprintf(logfile, "%s: set the RESET IRQ state to %d\n",
250 ppc_set_irq(env, PPC_INTERRUPT_RESET, level);
252 case PPC970_INPUT_TBEN:
253 #if defined(PPC_DEBUG_IRQ)
254 if (loglevel & CPU_LOG_INT) {
255 fprintf(logfile, "%s: set the TBEN state to %d\n", __func__,
262 /* Unknown pin - do nothing */
263 #if defined(PPC_DEBUG_IRQ)
264 if (loglevel & CPU_LOG_INT) {
265 fprintf(logfile, "%s: unknown IRQ pin %d\n", __func__, pin);
271 env->irq_input_state |= 1 << pin;
273 env->irq_input_state &= ~(1 << pin);
277 void ppc970_irq_init (CPUState *env)
279 env->irq_inputs = (void **)qemu_allocate_irqs(&ppc970_set_irq, env, 7);
281 #endif /* defined(TARGET_PPC64) */
283 /* PowerPC 40x internal IRQ controller */
284 static void ppc40x_set_irq (void *opaque, int pin, int level)
286 CPUState *env = opaque;
289 #if defined(PPC_DEBUG_IRQ)
290 if (loglevel & CPU_LOG_INT) {
291 fprintf(logfile, "%s: env %p pin %d level %d\n", __func__,
295 cur_level = (env->irq_input_state >> pin) & 1;
296 /* Don't generate spurious events */
297 if ((cur_level == 1 && level == 0) || (cur_level == 0 && level != 0)) {
299 case PPC40x_INPUT_RESET_SYS:
301 #if defined(PPC_DEBUG_IRQ)
302 if (loglevel & CPU_LOG_INT) {
303 fprintf(logfile, "%s: reset the PowerPC system\n",
307 ppc40x_system_reset(env);
310 case PPC40x_INPUT_RESET_CHIP:
312 #if defined(PPC_DEBUG_IRQ)
313 if (loglevel & CPU_LOG_INT) {
314 fprintf(logfile, "%s: reset the PowerPC chip\n", __func__);
317 ppc40x_chip_reset(env);
320 case PPC40x_INPUT_RESET_CORE:
321 /* XXX: TODO: update DBSR[MRR] */
323 #if defined(PPC_DEBUG_IRQ)
324 if (loglevel & CPU_LOG_INT) {
325 fprintf(logfile, "%s: reset the PowerPC core\n", __func__);
328 ppc40x_core_reset(env);
331 case PPC40x_INPUT_CINT:
332 /* Level sensitive - active high */
333 #if defined(PPC_DEBUG_IRQ)
334 if (loglevel & CPU_LOG_INT) {
335 fprintf(logfile, "%s: set the critical IRQ state to %d\n",
339 ppc_set_irq(env, PPC_INTERRUPT_CEXT, level);
341 case PPC40x_INPUT_INT:
342 /* Level sensitive - active high */
343 #if defined(PPC_DEBUG_IRQ)
344 if (loglevel & CPU_LOG_INT) {
345 fprintf(logfile, "%s: set the external IRQ state to %d\n",
349 ppc_set_irq(env, PPC_INTERRUPT_EXT, level);
351 case PPC40x_INPUT_HALT:
352 /* Level sensitive - active low */
354 #if defined(PPC_DEBUG_IRQ)
355 if (loglevel & CPU_LOG_INT) {
356 fprintf(logfile, "%s: stop the CPU\n", __func__);
361 #if defined(PPC_DEBUG_IRQ)
362 if (loglevel & CPU_LOG_INT) {
363 fprintf(logfile, "%s: restart the CPU\n", __func__);
369 case PPC40x_INPUT_DEBUG:
370 /* Level sensitive - active high */
371 #if defined(PPC_DEBUG_IRQ)
372 if (loglevel & CPU_LOG_INT) {
373 fprintf(logfile, "%s: set the debug pin state to %d\n",
377 ppc_set_irq(env, PPC_INTERRUPT_DEBUG, level);
380 /* Unknown pin - do nothing */
381 #if defined(PPC_DEBUG_IRQ)
382 if (loglevel & CPU_LOG_INT) {
383 fprintf(logfile, "%s: unknown IRQ pin %d\n", __func__, pin);
389 env->irq_input_state |= 1 << pin;
391 env->irq_input_state &= ~(1 << pin);
395 void ppc40x_irq_init (CPUState *env)
397 env->irq_inputs = (void **)qemu_allocate_irqs(&ppc40x_set_irq,
398 env, PPC40x_INPUT_NB);
401 /*****************************************************************************/
402 /* PowerPC time base and decrementer emulation */
404 /* Time base management */
405 int64_t tb_offset; /* Compensation */
406 int64_t atb_offset; /* Compensation */
407 uint32_t tb_freq; /* TB frequency */
408 /* Decrementer management */
409 uint64_t decr_next; /* Tick for next decr interrupt */
410 struct QEMUTimer *decr_timer;
411 #if defined(TARGET_PPC64H)
412 /* Hypervisor decrementer management */
413 uint64_t hdecr_next; /* Tick for next hdecr interrupt */
414 struct QEMUTimer *hdecr_timer;
421 static always_inline uint64_t cpu_ppc_get_tb (ppc_tb_t *tb_env,
424 /* TB time in tb periods */
425 return muldiv64(qemu_get_clock(vm_clock) + tb_env->tb_offset,
426 tb_env->tb_freq, ticks_per_sec);
429 uint32_t cpu_ppc_load_tbl (CPUState *env)
431 ppc_tb_t *tb_env = env->tb_env;
434 tb = cpu_ppc_get_tb(tb_env, tb_env->tb_offset);
435 #if defined(PPC_DEBUG_TB)
437 fprintf(logfile, "%s: tb=0x%016lx\n", __func__, tb);
441 return tb & 0xFFFFFFFF;
444 static always_inline uint32_t _cpu_ppc_load_tbu (CPUState *env)
446 ppc_tb_t *tb_env = env->tb_env;
449 tb = cpu_ppc_get_tb(tb_env, tb_env->tb_offset);
450 #if defined(PPC_DEBUG_TB)
452 fprintf(logfile, "%s: tb=0x%016lx\n", __func__, tb);
459 uint32_t cpu_ppc_load_tbu (CPUState *env)
461 return _cpu_ppc_load_tbu(env);
464 static always_inline void cpu_ppc_store_tb (ppc_tb_t *tb_env,
468 *tb_offsetp = muldiv64(value, ticks_per_sec, tb_env->tb_freq)
469 - qemu_get_clock(vm_clock);
472 fprintf(logfile, "%s: tb=0x%016lx offset=%08lx\n", __func__, value,
478 void cpu_ppc_store_tbl (CPUState *env, uint32_t value)
480 ppc_tb_t *tb_env = env->tb_env;
483 tb = cpu_ppc_get_tb(tb_env, tb_env->tb_offset);
484 tb &= 0xFFFFFFFF00000000ULL;
485 cpu_ppc_store_tb(tb_env, &tb_env->tb_offset, tb | (uint64_t)value);
488 static always_inline void _cpu_ppc_store_tbu (CPUState *env, uint32_t value)
490 ppc_tb_t *tb_env = env->tb_env;
493 tb = cpu_ppc_get_tb(tb_env, tb_env->tb_offset);
494 tb &= 0x00000000FFFFFFFFULL;
495 cpu_ppc_store_tb(tb_env, &tb_env->tb_offset,
496 ((uint64_t)value << 32) | tb);
499 void cpu_ppc_store_tbu (CPUState *env, uint32_t value)
501 _cpu_ppc_store_tbu(env, value);
504 uint32_t cpu_ppc_load_atbl (CPUState *env)
506 ppc_tb_t *tb_env = env->tb_env;
509 tb = cpu_ppc_get_tb(tb_env, tb_env->atb_offset);
510 #if defined(PPC_DEBUG_TB)
512 fprintf(logfile, "%s: tb=0x%016lx\n", __func__, tb);
516 return tb & 0xFFFFFFFF;
519 uint32_t cpu_ppc_load_atbu (CPUState *env)
521 ppc_tb_t *tb_env = env->tb_env;
524 tb = cpu_ppc_get_tb(tb_env, tb_env->atb_offset);
525 #if defined(PPC_DEBUG_TB)
527 fprintf(logfile, "%s: tb=0x%016lx\n", __func__, tb);
534 void cpu_ppc_store_atbl (CPUState *env, uint32_t value)
536 ppc_tb_t *tb_env = env->tb_env;
539 tb = cpu_ppc_get_tb(tb_env, tb_env->atb_offset);
540 tb &= 0xFFFFFFFF00000000ULL;
541 cpu_ppc_store_tb(tb_env, &tb_env->atb_offset, tb | (uint64_t)value);
544 void cpu_ppc_store_atbu (CPUState *env, uint32_t value)
546 ppc_tb_t *tb_env = env->tb_env;
549 tb = cpu_ppc_get_tb(tb_env, tb_env->atb_offset);
550 tb &= 0x00000000FFFFFFFFULL;
551 cpu_ppc_store_tb(tb_env, &tb_env->atb_offset,
552 ((uint64_t)value << 32) | tb);
555 static always_inline uint32_t _cpu_ppc_load_decr (CPUState *env,
558 ppc_tb_t *tb_env = env->tb_env;
562 diff = tb_env->decr_next - qemu_get_clock(vm_clock);
564 decr = muldiv64(diff, tb_env->tb_freq, ticks_per_sec);
566 decr = -muldiv64(-diff, tb_env->tb_freq, ticks_per_sec);
567 #if defined(PPC_DEBUG_TB)
569 fprintf(logfile, "%s: 0x%08x\n", __func__, decr);
576 uint32_t cpu_ppc_load_decr (CPUState *env)
578 ppc_tb_t *tb_env = env->tb_env;
580 return _cpu_ppc_load_decr(env, &tb_env->decr_next);
583 #if defined(TARGET_PPC64H)
584 uint32_t cpu_ppc_load_hdecr (CPUState *env)
586 ppc_tb_t *tb_env = env->tb_env;
588 return _cpu_ppc_load_decr(env, &tb_env->hdecr_next);
591 uint64_t cpu_ppc_load_purr (CPUState *env)
593 ppc_tb_t *tb_env = env->tb_env;
596 diff = qemu_get_clock(vm_clock) - tb_env->purr_start;
598 return tb_env->purr_load + muldiv64(diff, tb_env->tb_freq, ticks_per_sec);
600 #endif /* defined(TARGET_PPC64H) */
602 /* When decrementer expires,
603 * all we need to do is generate or queue a CPU exception
605 static always_inline void cpu_ppc_decr_excp (CPUState *env)
610 fprintf(logfile, "raise decrementer exception\n");
613 ppc_set_irq(env, PPC_INTERRUPT_DECR, 1);
616 static always_inline void cpu_ppc_hdecr_excp (CPUState *env)
621 fprintf(logfile, "raise decrementer exception\n");
624 ppc_set_irq(env, PPC_INTERRUPT_HDECR, 1);
627 static void __cpu_ppc_store_decr (CPUState *env, uint64_t *nextp,
628 struct QEMUTimer *timer,
629 void (*raise_excp)(CPUState *),
630 uint32_t decr, uint32_t value,
633 ppc_tb_t *tb_env = env->tb_env;
638 fprintf(logfile, "%s: 0x%08x => 0x%08x\n", __func__, decr, value);
641 now = qemu_get_clock(vm_clock);
642 next = now + muldiv64(value, ticks_per_sec, tb_env->tb_freq);
644 next += *nextp - now;
649 qemu_mod_timer(timer, next);
650 /* If we set a negative value and the decrementer was positive,
651 * raise an exception.
653 if ((value & 0x80000000) && !(decr & 0x80000000))
657 static always_inline void _cpu_ppc_store_decr (CPUState *env, uint32_t decr,
658 uint32_t value, int is_excp)
660 ppc_tb_t *tb_env = env->tb_env;
662 __cpu_ppc_store_decr(env, &tb_env->decr_next, tb_env->decr_timer,
663 &cpu_ppc_decr_excp, decr, value, is_excp);
666 void cpu_ppc_store_decr (CPUState *env, uint32_t value)
668 _cpu_ppc_store_decr(env, cpu_ppc_load_decr(env), value, 0);
671 static void cpu_ppc_decr_cb (void *opaque)
673 _cpu_ppc_store_decr(opaque, 0x00000000, 0xFFFFFFFF, 1);
676 #if defined(TARGET_PPC64H)
677 static always_inline void _cpu_ppc_store_hdecr (CPUState *env, uint32_t hdecr,
678 uint32_t value, int is_excp)
680 ppc_tb_t *tb_env = env->tb_env;
682 __cpu_ppc_store_decr(env, &tb_env->hdecr_next, tb_env->hdecr_timer,
683 &cpu_ppc_hdecr_excp, hdecr, value, is_excp);
686 void cpu_ppc_store_hdecr (CPUState *env, uint32_t value)
688 _cpu_ppc_store_hdecr(env, cpu_ppc_load_hdecr(env), value, 0);
691 static void cpu_ppc_hdecr_cb (void *opaque)
693 _cpu_ppc_store_hdecr(opaque, 0x00000000, 0xFFFFFFFF, 1);
696 void cpu_ppc_store_purr (CPUState *env, uint64_t value)
698 ppc_tb_t *tb_env = env->tb_env;
700 tb_env->purr_load = value;
701 tb_env->purr_start = qemu_get_clock(vm_clock);
703 #endif /* defined(TARGET_PPC64H) */
705 static void cpu_ppc_set_tb_clk (void *opaque, uint32_t freq)
707 CPUState *env = opaque;
708 ppc_tb_t *tb_env = env->tb_env;
710 tb_env->tb_freq = freq;
711 /* There is a bug in Linux 2.4 kernels:
712 * if a decrementer exception is pending when it enables msr_ee at startup,
713 * it's not ready to handle it...
715 _cpu_ppc_store_decr(env, 0xFFFFFFFF, 0xFFFFFFFF, 0);
716 #if defined(TARGET_PPC64H)
717 _cpu_ppc_store_hdecr(env, 0xFFFFFFFF, 0xFFFFFFFF, 0);
718 cpu_ppc_store_purr(env, 0x0000000000000000ULL);
719 #endif /* defined(TARGET_PPC64H) */
722 /* Set up (once) timebase frequency (in Hz) */
723 clk_setup_cb cpu_ppc_tb_init (CPUState *env, uint32_t freq)
727 tb_env = qemu_mallocz(sizeof(ppc_tb_t));
730 env->tb_env = tb_env;
731 /* Create new timer */
732 tb_env->decr_timer = qemu_new_timer(vm_clock, &cpu_ppc_decr_cb, env);
733 #if defined(TARGET_PPC64H)
734 tb_env->hdecr_timer = qemu_new_timer(vm_clock, &cpu_ppc_hdecr_cb, env);
735 #endif /* defined(TARGET_PPC64H) */
736 cpu_ppc_set_tb_clk(env, freq);
738 return &cpu_ppc_set_tb_clk;
741 /* Specific helpers for POWER & PowerPC 601 RTC */
742 clk_setup_cb cpu_ppc601_rtc_init (CPUState *env)
744 return cpu_ppc_tb_init(env, 7812500);
747 void cpu_ppc601_store_rtcu (CPUState *env, uint32_t value)
749 _cpu_ppc_store_tbu(env, value);
752 uint32_t cpu_ppc601_load_rtcu (CPUState *env)
754 return _cpu_ppc_load_tbu(env);
757 void cpu_ppc601_store_rtcl (CPUState *env, uint32_t value)
759 cpu_ppc_store_tbl(env, value & 0x3FFFFF80);
762 uint32_t cpu_ppc601_load_rtcl (CPUState *env)
764 return cpu_ppc_load_tbl(env) & 0x3FFFFF80;
767 /*****************************************************************************/
768 /* Embedded PowerPC timers */
771 typedef struct ppcemb_timer_t ppcemb_timer_t;
772 struct ppcemb_timer_t {
773 uint64_t pit_reload; /* PIT auto-reload value */
774 uint64_t fit_next; /* Tick for next FIT interrupt */
775 struct QEMUTimer *fit_timer;
776 uint64_t wdt_next; /* Tick for next WDT interrupt */
777 struct QEMUTimer *wdt_timer;
780 /* Fixed interval timer */
781 static void cpu_4xx_fit_cb (void *opaque)
785 ppcemb_timer_t *ppcemb_timer;
789 tb_env = env->tb_env;
790 ppcemb_timer = tb_env->opaque;
791 now = qemu_get_clock(vm_clock);
792 switch ((env->spr[SPR_40x_TCR] >> 24) & 0x3) {
806 /* Cannot occur, but makes gcc happy */
809 next = now + muldiv64(next, ticks_per_sec, tb_env->tb_freq);
812 qemu_mod_timer(ppcemb_timer->fit_timer, next);
813 env->spr[SPR_40x_TSR] |= 1 << 26;
814 if ((env->spr[SPR_40x_TCR] >> 23) & 0x1)
815 ppc_set_irq(env, PPC_INTERRUPT_FIT, 1);
818 fprintf(logfile, "%s: ir %d TCR " ADDRX " TSR " ADDRX "\n", __func__,
819 (int)((env->spr[SPR_40x_TCR] >> 23) & 0x1),
820 env->spr[SPR_40x_TCR], env->spr[SPR_40x_TSR]);
825 /* Programmable interval timer */
826 static void start_stop_pit (CPUState *env, ppc_tb_t *tb_env, int is_excp)
828 ppcemb_timer_t *ppcemb_timer;
831 ppcemb_timer = tb_env->opaque;
832 if (ppcemb_timer->pit_reload <= 1 ||
833 !((env->spr[SPR_40x_TCR] >> 26) & 0x1) ||
834 (is_excp && !((env->spr[SPR_40x_TCR] >> 22) & 0x1))) {
838 fprintf(logfile, "%s: stop PIT\n", __func__);
841 qemu_del_timer(tb_env->decr_timer);
845 fprintf(logfile, "%s: start PIT 0x" REGX "\n",
846 __func__, ppcemb_timer->pit_reload);
849 now = qemu_get_clock(vm_clock);
850 next = now + muldiv64(ppcemb_timer->pit_reload,
851 ticks_per_sec, tb_env->tb_freq);
853 next += tb_env->decr_next - now;
856 qemu_mod_timer(tb_env->decr_timer, next);
857 tb_env->decr_next = next;
861 static void cpu_4xx_pit_cb (void *opaque)
865 ppcemb_timer_t *ppcemb_timer;
868 tb_env = env->tb_env;
869 ppcemb_timer = tb_env->opaque;
870 env->spr[SPR_40x_TSR] |= 1 << 27;
871 if ((env->spr[SPR_40x_TCR] >> 26) & 0x1)
872 ppc_set_irq(env, PPC_INTERRUPT_PIT, 1);
873 start_stop_pit(env, tb_env, 1);
876 fprintf(logfile, "%s: ar %d ir %d TCR " ADDRX " TSR " ADDRX " "
877 "%016" PRIx64 "\n", __func__,
878 (int)((env->spr[SPR_40x_TCR] >> 22) & 0x1),
879 (int)((env->spr[SPR_40x_TCR] >> 26) & 0x1),
880 env->spr[SPR_40x_TCR], env->spr[SPR_40x_TSR],
881 ppcemb_timer->pit_reload);
887 static void cpu_4xx_wdt_cb (void *opaque)
891 ppcemb_timer_t *ppcemb_timer;
895 tb_env = env->tb_env;
896 ppcemb_timer = tb_env->opaque;
897 now = qemu_get_clock(vm_clock);
898 switch ((env->spr[SPR_40x_TCR] >> 30) & 0x3) {
912 /* Cannot occur, but makes gcc happy */
915 next = now + muldiv64(next, ticks_per_sec, tb_env->tb_freq);
920 fprintf(logfile, "%s: TCR " ADDRX " TSR " ADDRX "\n", __func__,
921 env->spr[SPR_40x_TCR], env->spr[SPR_40x_TSR]);
924 switch ((env->spr[SPR_40x_TSR] >> 30) & 0x3) {
927 qemu_mod_timer(ppcemb_timer->wdt_timer, next);
928 ppcemb_timer->wdt_next = next;
929 env->spr[SPR_40x_TSR] |= 1 << 31;
932 qemu_mod_timer(ppcemb_timer->wdt_timer, next);
933 ppcemb_timer->wdt_next = next;
934 env->spr[SPR_40x_TSR] |= 1 << 30;
935 if ((env->spr[SPR_40x_TCR] >> 27) & 0x1)
936 ppc_set_irq(env, PPC_INTERRUPT_WDT, 1);
939 env->spr[SPR_40x_TSR] &= ~0x30000000;
940 env->spr[SPR_40x_TSR] |= env->spr[SPR_40x_TCR] & 0x30000000;
941 switch ((env->spr[SPR_40x_TCR] >> 28) & 0x3) {
945 case 0x1: /* Core reset */
946 ppc40x_core_reset(env);
948 case 0x2: /* Chip reset */
949 ppc40x_chip_reset(env);
951 case 0x3: /* System reset */
952 ppc40x_system_reset(env);
958 void store_40x_pit (CPUState *env, target_ulong val)
961 ppcemb_timer_t *ppcemb_timer;
963 tb_env = env->tb_env;
964 ppcemb_timer = tb_env->opaque;
967 fprintf(logfile, "%s %p %p\n", __func__, tb_env, ppcemb_timer);
970 ppcemb_timer->pit_reload = val;
971 start_stop_pit(env, tb_env, 0);
974 target_ulong load_40x_pit (CPUState *env)
976 return cpu_ppc_load_decr(env);
979 void store_booke_tsr (CPUState *env, target_ulong val)
983 fprintf(logfile, "%s: val=" ADDRX "\n", __func__, val);
986 env->spr[SPR_40x_TSR] &= ~(val & 0xFC000000);
987 if (val & 0x80000000)
988 ppc_set_irq(env, PPC_INTERRUPT_PIT, 0);
991 void store_booke_tcr (CPUState *env, target_ulong val)
995 tb_env = env->tb_env;
998 fprintf(logfile, "%s: val=" ADDRX "\n", __func__, val);
1001 env->spr[SPR_40x_TCR] = val & 0xFFC00000;
1002 start_stop_pit(env, tb_env, 1);
1003 cpu_4xx_wdt_cb(env);
1006 static void ppc_emb_set_tb_clk (void *opaque, uint32_t freq)
1008 CPUState *env = opaque;
1009 ppc_tb_t *tb_env = env->tb_env;
1012 if (loglevel != 0) {
1013 fprintf(logfile, "%s set new frequency to %u\n", __func__, freq);
1016 tb_env->tb_freq = freq;
1017 /* XXX: we should also update all timers */
1020 clk_setup_cb ppc_emb_timers_init (CPUState *env, uint32_t freq)
1023 ppcemb_timer_t *ppcemb_timer;
1025 tb_env = qemu_mallocz(sizeof(ppc_tb_t));
1026 if (tb_env == NULL) {
1029 env->tb_env = tb_env;
1030 ppcemb_timer = qemu_mallocz(sizeof(ppcemb_timer_t));
1031 tb_env->tb_freq = freq;
1032 tb_env->opaque = ppcemb_timer;
1034 if (loglevel != 0) {
1035 fprintf(logfile, "%s %p %p %p\n", __func__, tb_env, ppcemb_timer,
1036 &ppc_emb_set_tb_clk);
1039 if (ppcemb_timer != NULL) {
1040 /* We use decr timer for PIT */
1041 tb_env->decr_timer = qemu_new_timer(vm_clock, &cpu_4xx_pit_cb, env);
1042 ppcemb_timer->fit_timer =
1043 qemu_new_timer(vm_clock, &cpu_4xx_fit_cb, env);
1044 ppcemb_timer->wdt_timer =
1045 qemu_new_timer(vm_clock, &cpu_4xx_wdt_cb, env);
1048 return &ppc_emb_set_tb_clk;
1051 /*****************************************************************************/
1052 /* Embedded PowerPC Device Control Registers */
1053 typedef struct ppc_dcrn_t ppc_dcrn_t;
1055 dcr_read_cb dcr_read;
1056 dcr_write_cb dcr_write;
1060 /* XXX: on 460, DCR addresses are 32 bits wide,
1061 * using DCRIPR to get the 22 upper bits of the DCR address
1063 #define DCRN_NB 1024
1065 ppc_dcrn_t dcrn[DCRN_NB];
1066 int (*read_error)(int dcrn);
1067 int (*write_error)(int dcrn);
1070 int ppc_dcr_read (ppc_dcr_t *dcr_env, int dcrn, target_ulong *valp)
1074 if (dcrn < 0 || dcrn >= DCRN_NB)
1076 dcr = &dcr_env->dcrn[dcrn];
1077 if (dcr->dcr_read == NULL)
1079 *valp = (*dcr->dcr_read)(dcr->opaque, dcrn);
1084 if (dcr_env->read_error != NULL)
1085 return (*dcr_env->read_error)(dcrn);
1090 int ppc_dcr_write (ppc_dcr_t *dcr_env, int dcrn, target_ulong val)
1094 if (dcrn < 0 || dcrn >= DCRN_NB)
1096 dcr = &dcr_env->dcrn[dcrn];
1097 if (dcr->dcr_write == NULL)
1099 (*dcr->dcr_write)(dcr->opaque, dcrn, val);
1104 if (dcr_env->write_error != NULL)
1105 return (*dcr_env->write_error)(dcrn);
1110 int ppc_dcr_register (CPUState *env, int dcrn, void *opaque,
1111 dcr_read_cb dcr_read, dcr_write_cb dcr_write)
1116 dcr_env = env->dcr_env;
1117 if (dcr_env == NULL)
1119 if (dcrn < 0 || dcrn >= DCRN_NB)
1121 dcr = &dcr_env->dcrn[dcrn];
1122 if (dcr->opaque != NULL ||
1123 dcr->dcr_read != NULL ||
1124 dcr->dcr_write != NULL)
1126 dcr->opaque = opaque;
1127 dcr->dcr_read = dcr_read;
1128 dcr->dcr_write = dcr_write;
1133 int ppc_dcr_init (CPUState *env, int (*read_error)(int dcrn),
1134 int (*write_error)(int dcrn))
1138 dcr_env = qemu_mallocz(sizeof(ppc_dcr_t));
1139 if (dcr_env == NULL)
1141 dcr_env->read_error = read_error;
1142 dcr_env->write_error = write_error;
1143 env->dcr_env = dcr_env;
1149 /*****************************************************************************/
1150 /* Handle system reset (for now, just stop emulation) */
1151 void cpu_ppc_reset (CPUState *env)
1153 printf("Reset asked... Stop emulation\n");
1158 /*****************************************************************************/
1160 void PPC_debug_write (void *opaque, uint32_t addr, uint32_t val)
1172 printf("Set loglevel to %04x\n", val);
1173 cpu_set_log(val | 0x100);
1178 /*****************************************************************************/
1180 void NVRAM_set_byte (m48t59_t *nvram, uint32_t addr, uint8_t value)
1182 m48t59_write(nvram, addr, value);
1185 uint8_t NVRAM_get_byte (m48t59_t *nvram, uint32_t addr)
1187 return m48t59_read(nvram, addr);
1190 void NVRAM_set_word (m48t59_t *nvram, uint32_t addr, uint16_t value)
1192 m48t59_write(nvram, addr, value >> 8);
1193 m48t59_write(nvram, addr + 1, value & 0xFF);
1196 uint16_t NVRAM_get_word (m48t59_t *nvram, uint32_t addr)
1200 tmp = m48t59_read(nvram, addr) << 8;
1201 tmp |= m48t59_read(nvram, addr + 1);
1205 void NVRAM_set_lword (m48t59_t *nvram, uint32_t addr, uint32_t value)
1207 m48t59_write(nvram, addr, value >> 24);
1208 m48t59_write(nvram, addr + 1, (value >> 16) & 0xFF);
1209 m48t59_write(nvram, addr + 2, (value >> 8) & 0xFF);
1210 m48t59_write(nvram, addr + 3, value & 0xFF);
1213 uint32_t NVRAM_get_lword (m48t59_t *nvram, uint32_t addr)
1217 tmp = m48t59_read(nvram, addr) << 24;
1218 tmp |= m48t59_read(nvram, addr + 1) << 16;
1219 tmp |= m48t59_read(nvram, addr + 2) << 8;
1220 tmp |= m48t59_read(nvram, addr + 3);
1225 void NVRAM_set_string (m48t59_t *nvram, uint32_t addr,
1226 const unsigned char *str, uint32_t max)
1230 for (i = 0; i < max && str[i] != '\0'; i++) {
1231 m48t59_write(nvram, addr + i, str[i]);
1233 m48t59_write(nvram, addr + max - 1, '\0');
1236 int NVRAM_get_string (m48t59_t *nvram, uint8_t *dst, uint16_t addr, int max)
1240 memset(dst, 0, max);
1241 for (i = 0; i < max; i++) {
1242 dst[i] = NVRAM_get_byte(nvram, addr + i);
1250 static uint16_t NVRAM_crc_update (uint16_t prev, uint16_t value)
1253 uint16_t pd, pd1, pd2;
1258 pd2 = ((pd >> 4) & 0x000F) ^ pd1;
1259 tmp ^= (pd1 << 3) | (pd1 << 8);
1260 tmp ^= pd2 | (pd2 << 7) | (pd2 << 12);
1265 uint16_t NVRAM_compute_crc (m48t59_t *nvram, uint32_t start, uint32_t count)
1268 uint16_t crc = 0xFFFF;
1273 for (i = 0; i != count; i++) {
1274 crc = NVRAM_crc_update(crc, NVRAM_get_word(nvram, start + i));
1277 crc = NVRAM_crc_update(crc, NVRAM_get_byte(nvram, start + i) << 8);
1283 #define CMDLINE_ADDR 0x017ff000
1285 int PPC_NVRAM_set_params (m48t59_t *nvram, uint16_t NVRAM_size,
1286 const unsigned char *arch,
1287 uint32_t RAM_size, int boot_device,
1288 uint32_t kernel_image, uint32_t kernel_size,
1289 const char *cmdline,
1290 uint32_t initrd_image, uint32_t initrd_size,
1291 uint32_t NVRAM_image,
1292 int width, int height, int depth)
1296 /* Set parameters for Open Hack'Ware BIOS */
1297 NVRAM_set_string(nvram, 0x00, "QEMU_BIOS", 16);
1298 NVRAM_set_lword(nvram, 0x10, 0x00000002); /* structure v2 */
1299 NVRAM_set_word(nvram, 0x14, NVRAM_size);
1300 NVRAM_set_string(nvram, 0x20, arch, 16);
1301 NVRAM_set_lword(nvram, 0x30, RAM_size);
1302 NVRAM_set_byte(nvram, 0x34, boot_device);
1303 NVRAM_set_lword(nvram, 0x38, kernel_image);
1304 NVRAM_set_lword(nvram, 0x3C, kernel_size);
1306 /* XXX: put the cmdline in NVRAM too ? */
1307 strcpy(phys_ram_base + CMDLINE_ADDR, cmdline);
1308 NVRAM_set_lword(nvram, 0x40, CMDLINE_ADDR);
1309 NVRAM_set_lword(nvram, 0x44, strlen(cmdline));
1311 NVRAM_set_lword(nvram, 0x40, 0);
1312 NVRAM_set_lword(nvram, 0x44, 0);
1314 NVRAM_set_lword(nvram, 0x48, initrd_image);
1315 NVRAM_set_lword(nvram, 0x4C, initrd_size);
1316 NVRAM_set_lword(nvram, 0x50, NVRAM_image);
1318 NVRAM_set_word(nvram, 0x54, width);
1319 NVRAM_set_word(nvram, 0x56, height);
1320 NVRAM_set_word(nvram, 0x58, depth);
1321 crc = NVRAM_compute_crc(nvram, 0x00, 0xF8);
1322 NVRAM_set_word(nvram, 0xFC, crc);
projects / qemu / blob