Push AUD_init down to devices

[qemu] / hw / musicpal.c

diff --git a/hw/musicpal.c b/hw/musicpal.c
index 2b60752..b1cece4 100644 (file)
--- a/hw/musicpal.c
+++ b/hw/musicpal.c
@@ -20,12 +20,21 @@
 #include "audio/audio.h"
 #include "i2c.h"
 
+#define MP_MISC_BASE            0x80002000
+#define MP_MISC_SIZE            0x00001000
+
 #define MP_ETH_BASE             0x80008000
 #define MP_ETH_SIZE             0x00001000
 
+#define MP_WLAN_BASE            0x8000C000
+#define MP_WLAN_SIZE            0x00000800
+
 #define MP_UART1_BASE           0x8000C840
 #define MP_UART2_BASE           0x8000C940
 
+#define MP_GPIO_BASE            0x8000D000
+#define MP_GPIO_SIZE            0x00001000
+
 #define MP_FLASHCFG_BASE        0x90006000
 #define MP_FLASHCFG_SIZE        0x00001000
 
@@ -59,33 +68,10 @@
 #define MP_AUDIO_IRQ            30
 
 static uint32_t gpio_in_state = 0xffffffff;
+static uint32_t gpio_isr;
 static uint32_t gpio_out_state;
 static ram_addr_t sram_off;
 
-/* Address conversion helpers */
-static void *target2host_addr(uint32_t addr)
-{
-    if (addr < MP_SRAM_BASE) {
-        if (addr >= MP_RAM_DEFAULT_SIZE)
-            return NULL;
-        return (void *)(phys_ram_base + addr);
-    } else {
-        if (addr >= MP_SRAM_BASE + MP_SRAM_SIZE)
-            return NULL;
-        return (void *)(phys_ram_base + sram_off + addr - MP_SRAM_BASE);
-    }
-}
-
-static uint32_t host2target_addr(void *addr)
-{
-    if (addr < ((void *)phys_ram_base) + sram_off)
-        return (unsigned long)addr - (unsigned long)phys_ram_base;
-    else
-        return (unsigned long)addr - (unsigned long)phys_ram_base -
-            sram_off + MP_SRAM_BASE;
-}
-
-
 typedef enum i2c_state {
     STOPPED = 0,
     INITIALIZING,
@@ -235,16 +221,15 @@ static i2c_interface *mixer_i2c;
 /* Wolfson 8750 I2C address */
 #define MP_WM_ADDR              0x34
 
-const char audio_name[] = "mv88w8618";
+static const char audio_name[] = "mv88w8618";
 
 typedef struct musicpal_audio_state {
-    uint32_t base;
     qemu_irq irq;
     uint32_t playback_mode;
     uint32_t status;
     uint32_t irq_enable;
     unsigned long phys_buf;
-    void *target_buffer;
+    uint32_t target_buffer;
     unsigned int threshold;
     unsigned int play_pos;
     unsigned int last_free;
@@ -256,7 +241,8 @@ static void audio_callback(void *opaque, int free_out, int free_in)
 {
     musicpal_audio_state *s = opaque;
     int16_t *codec_buffer;
-    void *mem_buffer;
+    int8_t buf[4096];
+    int8_t *mem_buffer;
     int pos, block_size;
 
     if (!(s->playback_mode & MP_AUDIO_PLAYBACK_EN))
@@ -272,13 +258,18 @@ static void audio_callback(void *opaque, int free_out, int free_in)
     if (free_out - s->last_free < block_size)
         return;
 
-    mem_buffer = s->target_buffer + s->play_pos;
+    if (block_size > 4096)
+        return;
+
+    cpu_physical_memory_read(s->target_buffer + s->play_pos, (void *)buf,
+                             block_size);
+    mem_buffer = buf;
     if (s->playback_mode & MP_AUDIO_16BIT_SAMPLE) {
         if (s->playback_mode & MP_AUDIO_MONO) {
             codec_buffer = wm8750_dac_buffer(s->wm, block_size >> 1);
             for (pos = 0; pos < block_size; pos += 2) {
-                *codec_buffer++ = *(uint16_t *)mem_buffer;
-                *codec_buffer++ = *(uint16_t *)mem_buffer;
+                *codec_buffer++ = *(int16_t *)mem_buffer;
+                *codec_buffer++ = *(int16_t *)mem_buffer;
                 mem_buffer += 2;
             }
         } else
@@ -288,14 +279,14 @@ static void audio_callback(void *opaque, int free_out, int free_in)
         if (s->playback_mode & MP_AUDIO_MONO) {
             codec_buffer = wm8750_dac_buffer(s->wm, block_size);
             for (pos = 0; pos < block_size; pos++) {
-                *codec_buffer++ = cpu_to_le16(256 * *(int8_t *)mem_buffer);
-                *codec_buffer++ = cpu_to_le16(256 * *(int8_t *)mem_buffer++);
+                *codec_buffer++ = cpu_to_le16(256 * *mem_buffer);
+                *codec_buffer++ = cpu_to_le16(256 * *mem_buffer++);
             }
         } else {
             codec_buffer = wm8750_dac_buffer(s->wm, block_size >> 1);
             for (pos = 0; pos < block_size; pos += 2) {
-                *codec_buffer++ = cpu_to_le16(256 * *(int8_t *)mem_buffer++);
-                *codec_buffer++ = cpu_to_le16(256 * *(int8_t *)mem_buffer++);
+                *codec_buffer++ = cpu_to_le16(256 * *mem_buffer++);
+                *codec_buffer++ = cpu_to_le16(256 * *mem_buffer++);
             }
         }
     }
@@ -333,7 +324,6 @@ static uint32_t musicpal_audio_read(void *opaque, target_phys_addr_t offset)
 {
     musicpal_audio_state *s = opaque;
 
-    offset -= s->base;
     switch (offset) {
     case MP_AUDIO_PLAYBACK_MODE:
         return s->playback_mode;
@@ -360,7 +350,6 @@ static void musicpal_audio_write(void *opaque, target_phys_addr_t offset,
 {
     musicpal_audio_state *s = opaque;
 
-    offset -= s->base;
     switch (offset) {
     case MP_AUDIO_PLAYBACK_MODE:
         if (value & MP_AUDIO_PLAYBACK_EN &&
@@ -392,7 +381,7 @@ static void musicpal_audio_write(void *opaque, target_phys_addr_t offset,
 
     case MP_AUDIO_TX_START_LO:
         s->phys_buf = (s->phys_buf & 0xFFFF0000) | (value & 0xFFFF);
-        s->target_buffer = target2host_addr(s->phys_buf);
+        s->target_buffer = s->phys_buf;
         s->play_pos = 0;
         s->last_free = 0;
         break;
@@ -403,7 +392,7 @@ static void musicpal_audio_write(void *opaque, target_phys_addr_t offset,
 
     case MP_AUDIO_TX_START_HI:
         s->phys_buf = (s->phys_buf & 0xFFFF) | (value << 16);
-        s->target_buffer = target2host_addr(s->phys_buf);
+        s->target_buffer = s->phys_buf;
         s->play_pos = 0;
         s->last_free = 0;
         break;
@@ -431,32 +420,20 @@ static CPUWriteMemoryFunc *musicpal_audio_writefn[] = {
     musicpal_audio_write
 };
 
-static i2c_interface *musicpal_audio_init(uint32_t base, qemu_irq irq)
+static i2c_interface *musicpal_audio_init(qemu_irq irq)
 {
-    AudioState *audio;
     musicpal_audio_state *s;
     i2c_interface *i2c;
     int iomemtype;
 
-    audio = AUD_init();
-    if (!audio) {
-        AUD_log(audio_name, "No audio state\n");
-        return NULL;
-    }
-
     s = qemu_mallocz(sizeof(musicpal_audio_state));
-    if (!s)
-        return NULL;
-    s->base = base;
     s->irq = irq;
 
     i2c = qemu_mallocz(sizeof(i2c_interface));
-    if (!i2c)
-        return NULL;
     i2c->bus = i2c_init_bus();
     i2c->current_addr = -1;
 
-    s->wm = wm8750_init(i2c->bus, audio);
+    s->wm = wm8750_init(i2c->bus);
     if (!s->wm)
         return NULL;
     i2c_set_slave_address(s->wm, MP_WM_ADDR);
@@ -464,14 +441,14 @@ static i2c_interface *musicpal_audio_init(uint32_t base, qemu_irq irq)
 
     iomemtype = cpu_register_io_memory(0, musicpal_audio_readfn,
                        musicpal_audio_writefn, s);
-    cpu_register_physical_memory(base, MP_AUDIO_SIZE, iomemtype);
+    cpu_register_physical_memory(MP_AUDIO_BASE, MP_AUDIO_SIZE, iomemtype);
 
     qemu_register_reset(musicpal_audio_reset, s);
 
     return i2c;
 }
 #else  /* !HAS_AUDIO */
-static i2c_interface *musicpal_audio_init(uint32_t base, qemu_irq irq)
+static i2c_interface *musicpal_audio_init(qemu_irq irq)
 {
     return NULL;
 }
@@ -548,19 +525,39 @@ typedef struct mv88w8618_rx_desc {
 } mv88w8618_rx_desc;
 
 typedef struct mv88w8618_eth_state {
-    uint32_t base;
     qemu_irq irq;
     uint32_t smir;
     uint32_t icr;
     uint32_t imr;
+    int mmio_index;
     int vlan_header;
-    mv88w8618_tx_desc *tx_queue[2];
-    mv88w8618_rx_desc *rx_queue[4];
-    mv88w8618_rx_desc *frx_queue[4];
-    mv88w8618_rx_desc *cur_rx[4];
+    uint32_t tx_queue[2];
+    uint32_t rx_queue[4];
+    uint32_t frx_queue[4];
+    uint32_t cur_rx[4];
     VLANClientState *vc;
 } mv88w8618_eth_state;
 
+static void eth_rx_desc_put(uint32_t addr, mv88w8618_rx_desc *desc)
+{
+    cpu_to_le32s(&desc->cmdstat);
+    cpu_to_le16s(&desc->bytes);
+    cpu_to_le16s(&desc->buffer_size);
+    cpu_to_le32s(&desc->buffer);
+    cpu_to_le32s(&desc->next);
+    cpu_physical_memory_write(addr, (void *)desc, sizeof(*desc));
+}
+
+static void eth_rx_desc_get(uint32_t addr, mv88w8618_rx_desc *desc)
+{
+    cpu_physical_memory_read(addr, (void *)desc, sizeof(*desc));
+    le32_to_cpus(&desc->cmdstat);
+    le16_to_cpus(&desc->bytes);
+    le16_to_cpus(&desc->buffer_size);
+    le32_to_cpus(&desc->buffer);
+    le32_to_cpus(&desc->next);
+}
+
 static int eth_can_receive(void *opaque)
 {
     return 1;
@@ -569,54 +566,82 @@ static int eth_can_receive(void *opaque)
 static void eth_receive(void *opaque, const uint8_t *buf, int size)
 {
     mv88w8618_eth_state *s = opaque;
-    mv88w8618_rx_desc *desc;
+    uint32_t desc_addr;
+    mv88w8618_rx_desc desc;
     int i;
 
     for (i = 0; i < 4; i++) {
-        desc = s->cur_rx[i];
-        if (!desc)
+        desc_addr = s->cur_rx[i];
+        if (!desc_addr)
             continue;
         do {
-            if (le32_to_cpu(desc->cmdstat) & MP_ETH_RX_OWN &&
-                le16_to_cpu(desc->buffer_size) >= size) {
-                memcpy(target2host_addr(le32_to_cpu(desc->buffer) +
-                                        s->vlan_header),
-                       buf, size);
-                desc->bytes = cpu_to_le16(size + s->vlan_header);
-                desc->cmdstat &= cpu_to_le32(~MP_ETH_RX_OWN);
-                s->cur_rx[i] = target2host_addr(le32_to_cpu(desc->next));
+            eth_rx_desc_get(desc_addr, &desc);
+            if ((desc.cmdstat & MP_ETH_RX_OWN) && desc.buffer_size >= size) {
+                cpu_physical_memory_write(desc.buffer + s->vlan_header,
+                                          buf, size);
+                desc.bytes = size + s->vlan_header;
+                desc.cmdstat &= ~MP_ETH_RX_OWN;
+                s->cur_rx[i] = desc.next;
 
                 s->icr |= MP_ETH_IRQ_RX;
                 if (s->icr & s->imr)
                     qemu_irq_raise(s->irq);
+                eth_rx_desc_put(desc_addr, &desc);
                 return;
             }
-            desc = target2host_addr(le32_to_cpu(desc->next));
-        } while (desc != s->rx_queue[i]);
+            desc_addr = desc.next;
+        } while (desc_addr != s->rx_queue[i]);
     }
 }
 
+static void eth_tx_desc_put(uint32_t addr, mv88w8618_tx_desc *desc)
+{
+    cpu_to_le32s(&desc->cmdstat);
+    cpu_to_le16s(&desc->res);
+    cpu_to_le16s(&desc->bytes);
+    cpu_to_le32s(&desc->buffer);
+    cpu_to_le32s(&desc->next);
+    cpu_physical_memory_write(addr, (void *)desc, sizeof(*desc));
+}
+
+static void eth_tx_desc_get(uint32_t addr, mv88w8618_tx_desc *desc)
+{
+    cpu_physical_memory_read(addr, (void *)desc, sizeof(*desc));
+    le32_to_cpus(&desc->cmdstat);
+    le16_to_cpus(&desc->res);
+    le16_to_cpus(&desc->bytes);
+    le32_to_cpus(&desc->buffer);
+    le32_to_cpus(&desc->next);
+}
+
 static void eth_send(mv88w8618_eth_state *s, int queue_index)
 {
-    mv88w8618_tx_desc *desc = s->tx_queue[queue_index];
+    uint32_t desc_addr = s->tx_queue[queue_index];
+    mv88w8618_tx_desc desc;
+    uint8_t buf[2048];
+    int len;
+
 
     do {
-        if (le32_to_cpu(desc->cmdstat) & MP_ETH_TX_OWN) {
-            qemu_send_packet(s->vc,
-                             target2host_addr(le32_to_cpu(desc->buffer)),
-                             le16_to_cpu(desc->bytes));
-            desc->cmdstat &= cpu_to_le32(~MP_ETH_TX_OWN);
+        eth_tx_desc_get(desc_addr, &desc);
+        if (desc.cmdstat & MP_ETH_TX_OWN) {
+            len = desc.bytes;
+            if (len < 2048) {
+                cpu_physical_memory_read(desc.buffer, buf, len);
+                qemu_send_packet(s->vc, buf, len);
+            }
+            desc.cmdstat &= ~MP_ETH_TX_OWN;
             s->icr |= 1 << (MP_ETH_IRQ_TXLO_BIT - queue_index);
+            eth_tx_desc_put(desc_addr, &desc);
         }
-        desc = target2host_addr(le32_to_cpu(desc->next));
-    } while (desc != s->tx_queue[queue_index]);
+        desc_addr = desc.next;
+    } while (desc_addr != s->tx_queue[queue_index]);
 }
 
 static uint32_t mv88w8618_eth_read(void *opaque, target_phys_addr_t offset)
 {
     mv88w8618_eth_state *s = opaque;
 
-    offset -= s->base;
     switch (offset) {
     case MP_ETH_SMIR:
         if (s->smir & MP_ETH_SMIR_OPCODE) {
@@ -641,13 +666,13 @@ static uint32_t mv88w8618_eth_read(void *opaque, target_phys_addr_t offset)
         return s->imr;
 
     case MP_ETH_FRDP0 ... MP_ETH_FRDP3:
-        return host2target_addr(s->frx_queue[(offset - MP_ETH_FRDP0)/4]);
+        return s->frx_queue[(offset - MP_ETH_FRDP0)/4];
 
     case MP_ETH_CRDP0 ... MP_ETH_CRDP3:
-        return host2target_addr(s->rx_queue[(offset - MP_ETH_CRDP0)/4]);
+        return s->rx_queue[(offset - MP_ETH_CRDP0)/4];
 
     case MP_ETH_CTDP0 ... MP_ETH_CTDP3:
-        return host2target_addr(s->tx_queue[(offset - MP_ETH_CTDP0)/4]);
+        return s->tx_queue[(offset - MP_ETH_CTDP0)/4];
 
     default:
         return 0;
@@ -659,7 +684,6 @@ static void mv88w8618_eth_write(void *opaque, target_phys_addr_t offset,
 {
     mv88w8618_eth_state *s = opaque;
 
-    offset -= s->base;
     switch (offset) {
     case MP_ETH_SMIR:
         s->smir = value;
@@ -689,16 +713,16 @@ static void mv88w8618_eth_write(void *opaque, target_phys_addr_t offset,
         break;
 
     case MP_ETH_FRDP0 ... MP_ETH_FRDP3:
-        s->frx_queue[(offset - MP_ETH_FRDP0)/4] = target2host_addr(value);
+        s->frx_queue[(offset - MP_ETH_FRDP0)/4] = value;
         break;
 
     case MP_ETH_CRDP0 ... MP_ETH_CRDP3:
         s->rx_queue[(offset - MP_ETH_CRDP0)/4] =
-            s->cur_rx[(offset - MP_ETH_CRDP0)/4] = target2host_addr(value);
+            s->cur_rx[(offset - MP_ETH_CRDP0)/4] = value;
         break;
 
     case MP_ETH_CTDP0 ... MP_ETH_CTDP3:
-        s->tx_queue[(offset - MP_ETH_CTDP0)/4] = target2host_addr(value);
+        s->tx_queue[(offset - MP_ETH_CTDP0)/4] = value;
         break;
     }
 }
@@ -715,20 +739,29 @@ static CPUWriteMemoryFunc *mv88w8618_eth_writefn[] = {
     mv88w8618_eth_write
 };
 
+static void eth_cleanup(VLANClientState *vc)
+{
+    mv88w8618_eth_state *s = vc->opaque;
+
+    cpu_unregister_io_memory(s->mmio_index);
+
+    qemu_free(s);
+}
+
 static void mv88w8618_eth_init(NICInfo *nd, uint32_t base, qemu_irq irq)
 {
     mv88w8618_eth_state *s;
-    int iomemtype;
+
+    qemu_check_nic_model(nd, "mv88w8618");
 
     s = qemu_mallocz(sizeof(mv88w8618_eth_state));
-    if (!s)
-        return;
-    s->base = base;
     s->irq = irq;
-    s->vc = qemu_new_vlan_client(nd->vlan, eth_receive, eth_can_receive, s);
-    iomemtype = cpu_register_io_memory(0, mv88w8618_eth_readfn,
-                                       mv88w8618_eth_writefn, s);
-    cpu_register_physical_memory(base, MP_ETH_SIZE, iomemtype);
+    s->vc = qemu_new_vlan_client(nd->vlan, nd->model, nd->name,
+                                 eth_receive, eth_can_receive,
+                                 eth_cleanup, s);
+    s->mmio_index = cpu_register_io_memory(0, mv88w8618_eth_readfn,
+                                           mv88w8618_eth_writefn, s);
+    cpu_register_physical_memory(base, MP_ETH_SIZE, s->mmio_index);
 }
 
 /* LCD register offsets */
@@ -751,7 +784,6 @@ static void mv88w8618_eth_init(NICInfo *nd, uint32_t base, qemu_irq irq)
 #define MP_LCD_TEXTCOLOR        0xe0e0ff /* RRGGBB */
 
 typedef struct musicpal_lcd_state {
-    uint32_t base;
     uint32_t mode;
     uint32_t irqctrl;
     int page;
@@ -799,7 +831,7 @@ static inline void glue(set_lcd_pixel, depth) \
         (musicpal_lcd_state *s, int x, int y, type col) \
 { \
     int dx, dy; \
-    type *pixel = &((type *) s->ds->data)[(y * 128 * 3 + x) * 3]; \
+    type *pixel = &((type *) ds_get_data(s->ds))[(y * 128 * 3 + x) * 3]; \
 \
     for (dy = 0; dy < 3; dy++, pixel += 127 * 3) \
         for (dx = 0; dx < 3; dx++, pixel++) \
@@ -816,7 +848,7 @@ static void lcd_refresh(void *opaque)
     musicpal_lcd_state *s = opaque;
     int x, y, col;
 
-    switch (s->ds->depth) {
+    switch (ds_get_bits_per_pixel(s->ds)) {
     case 0:
         return;
 #define LCD_REFRESH(depth, func) \
@@ -833,20 +865,24 @@ static void lcd_refresh(void *opaque)
         break;
     LCD_REFRESH(8, rgb_to_pixel8)
     LCD_REFRESH(16, rgb_to_pixel16)
-    LCD_REFRESH(32, (s->ds->bgr ? rgb_to_pixel32bgr : rgb_to_pixel32))
+    LCD_REFRESH(32, (is_surface_bgr(s->ds->surface) ?
+                     rgb_to_pixel32bgr : rgb_to_pixel32))
     default:
-        cpu_abort(cpu_single_env, "unsupported colour depth %i\n",
-                  s->ds->depth);
+        hw_error("unsupported colour depth %i\n",
+                  ds_get_bits_per_pixel(s->ds));
     }
 
     dpy_update(s->ds, 0, 0, 128*3, 64*3);
 }
 
+static void lcd_invalidate(void *opaque)
+{
+}
+
 static uint32_t musicpal_lcd_read(void *opaque, target_phys_addr_t offset)
 {
     musicpal_lcd_state *s = opaque;
 
-    offset -= s->base;
     switch (offset) {
     case MP_LCD_IRQCTRL:
         return s->irqctrl;
@@ -861,7 +897,6 @@ static void musicpal_lcd_write(void *opaque, target_phys_addr_t offset,
 {
     musicpal_lcd_state *s = opaque;
 
-    offset -= s->base;
     switch (offset) {
     case MP_LCD_IRQCTRL:
         s->irqctrl = value;
@@ -908,22 +943,19 @@ static CPUWriteMemoryFunc *musicpal_lcd_writefn[] = {
     musicpal_lcd_write
 };
 
-static void musicpal_lcd_init(DisplayState *ds, uint32_t base)
+static void musicpal_lcd_init(void)
 {
     musicpal_lcd_state *s;
     int iomemtype;
 
     s = qemu_mallocz(sizeof(musicpal_lcd_state));
-    if (!s)
-        return;
-    s->base = base;
-    s->ds = ds;
     iomemtype = cpu_register_io_memory(0, musicpal_lcd_readfn,
                                        musicpal_lcd_writefn, s);
-    cpu_register_physical_memory(base, MP_LCD_SIZE, iomemtype);
+    cpu_register_physical_memory(MP_LCD_BASE, MP_LCD_SIZE, iomemtype);
 
-    graphic_console_init(ds, lcd_refresh, NULL, NULL, NULL, s);
-    dpy_resize(ds, 128*3, 64*3);
+    s->ds = graphic_console_init(lcd_refresh, lcd_invalidate,
+                                 NULL, NULL, s);
+    qemu_console_resize(s->ds, 128*3, 64*3);
 }
 
 /* PIC register offsets */
@@ -933,7 +965,6 @@ static void musicpal_lcd_init(DisplayState *ds, uint32_t base)
 
 typedef struct mv88w8618_pic_state
 {
-    uint32_t base;
     uint32_t level;
     uint32_t enabled;
     qemu_irq parent_irq;
@@ -959,7 +990,6 @@ static uint32_t mv88w8618_pic_read(void *opaque, target_phys_addr_t offset)
 {
     mv88w8618_pic_state *s = opaque;
 
-    offset -= s->base;
     switch (offset) {
     case MP_PIC_STATUS:
         return s->level & s->enabled;
@@ -974,7 +1004,6 @@ static void mv88w8618_pic_write(void *opaque, target_phys_addr_t offset,
 {
     mv88w8618_pic_state *s = opaque;
 
-    offset -= s->base;
     switch (offset) {
     case MP_PIC_ENABLE_SET:
         s->enabled |= value;
@@ -1015,10 +1044,7 @@ static qemu_irq *mv88w8618_pic_init(uint32_t base, qemu_irq parent_irq)
     qemu_irq *qi;
 
     s = qemu_mallocz(sizeof(mv88w8618_pic_state));
-    if (!s)
-        return NULL;
     qi = qemu_allocate_irqs(mv88w8618_pic_set_irq, s, 32);
-    s->base = base;
     s->parent_irq = parent_irq;
     iomemtype = cpu_register_io_memory(0, mv88w8618_pic_readfn,
                                        mv88w8618_pic_writefn, s);
@@ -1052,7 +1078,6 @@ typedef struct mv88w8618_timer_state {
 typedef struct mv88w8618_pit_state {
     void *timer[4];
     uint32_t control;
-    uint32_t base;
 } mv88w8618_pit_state;
 
 static void mv88w8618_timer_tick(void *opaque)
@@ -1082,7 +1107,6 @@ static uint32_t mv88w8618_pit_read(void *opaque, target_phys_addr_t offset)
     mv88w8618_pit_state *s = opaque;
     mv88w8618_timer_state *t;
 
-    offset -= s->base;
     switch (offset) {
     case MP_PIT_TIMER1_VALUE ... MP_PIT_TIMER4_VALUE:
         t = s->timer[(offset-MP_PIT_TIMER1_VALUE) >> 2];
@@ -1100,7 +1124,6 @@ static void mv88w8618_pit_write(void *opaque, target_phys_addr_t offset,
     mv88w8618_timer_state *t;
     int i;
 
-    offset -= s->base;
     switch (offset) {
     case MP_PIT_TIMER1_LENGTH ... MP_PIT_TIMER4_LENGTH:
         t = s->timer[offset >> 2];
@@ -1145,10 +1168,7 @@ static void mv88w8618_pit_init(uint32_t base, qemu_irq *pic, int irq)
     mv88w8618_pit_state *s;
 
     s = qemu_mallocz(sizeof(mv88w8618_pit_state));
-    if (!s)
-        return;
 
-    s->base = base;
     /* Letting them all run at 1 MHz is likely just a pragmatic
      * simplification. */
     s->timer[0] = mv88w8618_timer_init(1000000, pic[irq]);
@@ -1165,7 +1185,6 @@ static void mv88w8618_pit_init(uint32_t base, qemu_irq *pic, int irq)
 #define MP_FLASHCFG_CFGR0    0x04
 
 typedef struct mv88w8618_flashcfg_state {
-    uint32_t base;
     uint32_t cfgr0;
 } mv88w8618_flashcfg_state;
 
@@ -1174,7 +1193,6 @@ static uint32_t mv88w8618_flashcfg_read(void *opaque,
 {
     mv88w8618_flashcfg_state *s = opaque;
 
-    offset -= s->base;
     switch (offset) {
     case MP_FLASHCFG_CFGR0:
         return s->cfgr0;
@@ -1189,7 +1207,6 @@ static void mv88w8618_flashcfg_write(void *opaque, target_phys_addr_t offset,
 {
     mv88w8618_flashcfg_state *s = opaque;
 
-    offset -= s->base;
     switch (offset) {
     case MP_FLASHCFG_CFGR0:
         s->cfgr0 = value;
@@ -1215,30 +1232,109 @@ static void mv88w8618_flashcfg_init(uint32_t base)
     mv88w8618_flashcfg_state *s;
 
     s = qemu_mallocz(sizeof(mv88w8618_flashcfg_state));
-    if (!s)
-        return;
 
-    s->base = base;
     s->cfgr0 = 0xfffe4285; /* Default as set by U-Boot for 8 MB flash */
     iomemtype = cpu_register_io_memory(0, mv88w8618_flashcfg_readfn,
                        mv88w8618_flashcfg_writefn, s);
     cpu_register_physical_memory(base, MP_FLASHCFG_SIZE, iomemtype);
 }
 
-/* Various registers in the 0x80000000 domain */
-#define MP_BOARD_REVISION       0x2018
+/* Misc register offsets */
+#define MP_MISC_BOARD_REVISION  0x18
+
+#define MP_BOARD_REVISION       0x31
+
+static uint32_t musicpal_misc_read(void *opaque, target_phys_addr_t offset)
+{
+    switch (offset) {
+    case MP_MISC_BOARD_REVISION:
+        return MP_BOARD_REVISION;
+
+    default:
+        return 0;
+    }
+}
+
+static void musicpal_misc_write(void *opaque, target_phys_addr_t offset,
+                                uint32_t value)
+{
+}
+
+static CPUReadMemoryFunc *musicpal_misc_readfn[] = {
+    musicpal_misc_read,
+    musicpal_misc_read,
+    musicpal_misc_read,
+};
+
+static CPUWriteMemoryFunc *musicpal_misc_writefn[] = {
+    musicpal_misc_write,
+    musicpal_misc_write,
+    musicpal_misc_write,
+};
+
+static void musicpal_misc_init(void)
+{
+    int iomemtype;
+
+    iomemtype = cpu_register_io_memory(0, musicpal_misc_readfn,
+                                       musicpal_misc_writefn, NULL);
+    cpu_register_physical_memory(MP_MISC_BASE, MP_MISC_SIZE, iomemtype);
+}
+
+/* WLAN register offsets */
+#define MP_WLAN_MAGIC1          0x11c
+#define MP_WLAN_MAGIC2          0x124
 
-#define MP_WLAN_MAGIC1          0xc11c
-#define MP_WLAN_MAGIC2          0xc124
+static uint32_t mv88w8618_wlan_read(void *opaque, target_phys_addr_t offset)
+{
+    switch (offset) {
+    /* Workaround to allow loading the binary-only wlandrv.ko crap
+     * from the original Freecom firmware. */
+    case MP_WLAN_MAGIC1:
+        return ~3;
+    case MP_WLAN_MAGIC2:
+        return -1;
 
-#define MP_GPIO_OE_LO           0xd008
-#define MP_GPIO_OUT_LO          0xd00c
-#define MP_GPIO_IN_LO           0xd010
-#define MP_GPIO_ISR_LO          0xd020
-#define MP_GPIO_OE_HI           0xd508
-#define MP_GPIO_OUT_HI          0xd50c
-#define MP_GPIO_IN_HI           0xd510
-#define MP_GPIO_ISR_HI          0xd520
+    default:
+        return 0;
+    }
+}
+
+static void mv88w8618_wlan_write(void *opaque, target_phys_addr_t offset,
+                                 uint32_t value)
+{
+}
+
+static CPUReadMemoryFunc *mv88w8618_wlan_readfn[] = {
+    mv88w8618_wlan_read,
+    mv88w8618_wlan_read,
+    mv88w8618_wlan_read,
+};
+
+static CPUWriteMemoryFunc *mv88w8618_wlan_writefn[] = {
+    mv88w8618_wlan_write,
+    mv88w8618_wlan_write,
+    mv88w8618_wlan_write,
+};
+
+static void mv88w8618_wlan_init(uint32_t base)
+{
+    int iomemtype;
+
+    iomemtype = cpu_register_io_memory(0, mv88w8618_wlan_readfn,
+                                       mv88w8618_wlan_writefn, NULL);
+    cpu_register_physical_memory(base, MP_WLAN_SIZE, iomemtype);
+}
+
+/* GPIO register offsets */
+#define MP_GPIO_OE_LO           0x008
+#define MP_GPIO_OUT_LO          0x00c
+#define MP_GPIO_IN_LO           0x010
+#define MP_GPIO_ISR_LO          0x020
+#define MP_GPIO_OE_HI           0x508
+#define MP_GPIO_OUT_HI          0x50c
+#define MP_GPIO_IN_HI           0x510
+#define MP_GPIO_ISR_HI          0x520
 
 /* GPIO bits & masks */
 #define MP_GPIO_WHEEL_VOL       (1 << 8)
@@ -1257,13 +1353,9 @@ static void mv88w8618_flashcfg_init(uint32_t base)
 /* LCD brightness bits in GPIO_OE_HI */
 #define MP_OE_LCD_BRIGHTNESS    0x0007
 
-static uint32_t musicpal_read(void *opaque, target_phys_addr_t offset)
+static uint32_t musicpal_gpio_read(void *opaque, target_phys_addr_t offset)
 {
-    offset -= 0x80000000;
     switch (offset) {
-    case MP_BOARD_REVISION:
-        return 0x0031;
-
     case MP_GPIO_OE_HI: /* used for LCD brightness control */
         return lcd_brightness & MP_OE_LCD_BRIGHTNESS;
 
@@ -1280,28 +1372,19 @@ static uint32_t musicpal_read(void *opaque, target_phys_addr_t offset)
                         (i2c_get_data(mixer_i2c) << MP_GPIO_I2C_DATA_BIT);
         return gpio_in_state >> 16;
 
-    /* This is a simplification of reality */
     case MP_GPIO_ISR_LO:
-        return ~gpio_in_state & 0xFFFF;
+        return gpio_isr & 0xFFFF;
     case MP_GPIO_ISR_HI:
-        return ~gpio_in_state >> 16;
-
-    /* Workaround to allow loading the binary-only wlandrv.ko crap
-     * from the original Freecom firmware. */
-    case MP_WLAN_MAGIC1:
-        return ~3;
-    case MP_WLAN_MAGIC2:
-        return -1;
+        return gpio_isr >> 16;
 
     default:
         return 0;
     }
 }
 
-static void musicpal_write(void *opaque, target_phys_addr_t offset,
-                           uint32_t value)
+static void musicpal_gpio_write(void *opaque, target_phys_addr_t offset,
+                                uint32_t value)
 {
-    offset -= 0x80000000;
     switch (offset) {
     case MP_GPIO_OE_HI: /* used for LCD brightness control */
         lcd_brightness = (lcd_brightness & MP_GPIO_LCD_BRIGHTNESS) |
@@ -1323,8 +1406,29 @@ static void musicpal_write(void *opaque, target_phys_addr_t offset,
     }
 }
 
+static CPUReadMemoryFunc *musicpal_gpio_readfn[] = {
+    musicpal_gpio_read,
+    musicpal_gpio_read,
+    musicpal_gpio_read,
+};
+
+static CPUWriteMemoryFunc *musicpal_gpio_writefn[] = {
+    musicpal_gpio_write,
+    musicpal_gpio_write,
+    musicpal_gpio_write,
+};
+
+static void musicpal_gpio_init(void)
+{
+    int iomemtype;
+
+    iomemtype = cpu_register_io_memory(0, musicpal_gpio_readfn,
+                                       musicpal_gpio_writefn, NULL);
+    cpu_register_physical_memory(MP_GPIO_BASE, MP_GPIO_SIZE, iomemtype);
+}
+
 /* Keyboard codes & masks */
-#define KEY_PRESSED             0x80
+#define KEY_RELEASED            0x80
 #define KEY_CODE                0x7f
 
 #define KEYCODE_TAB             0x0f
@@ -1367,7 +1471,7 @@ static void musicpal_key_event(void *opaque, int keycode)
             event = MP_GPIO_WHEEL_VOL;
             break;
         }
-    else
+    else {
         switch (keycode & KEY_CODE) {
         case KEYCODE_F:
             event = MP_GPIO_BTN_FAVORITS;
@@ -1385,43 +1489,37 @@ static void musicpal_key_event(void *opaque, int keycode)
             event = MP_GPIO_BTN_MENU;
             break;
         }
+        /* Do not repeat already pressed buttons */
+        if (!(keycode & KEY_RELEASED) && !(gpio_in_state & event))
+            event = 0;
+    }
 
-    if (keycode & KEY_PRESSED)
-        gpio_in_state |= event;
-    else if (gpio_in_state & event) {
-        gpio_in_state &= ~event;
-        qemu_irq_raise(irq);
+    if (event) {
+        if (keycode & KEY_RELEASED) {
+            gpio_in_state |= event;
+        } else {
+            gpio_in_state &= ~event;
+            gpio_isr = event;
+            qemu_irq_raise(irq);
+        }
     }
 
     kbd_extended = 0;
 }
 
-static CPUReadMemoryFunc *musicpal_readfn[] = {
-    musicpal_read,
-    musicpal_read,
-    musicpal_read,
-};
-
-static CPUWriteMemoryFunc *musicpal_writefn[] = {
-    musicpal_write,
-    musicpal_write,
-    musicpal_write,
-};
-
 static struct arm_boot_info musicpal_binfo = {
     .loader_start = 0x0,
     .board_id = 0x20e,
 };
 
 static void musicpal_init(ram_addr_t ram_size, int vga_ram_size,
-               const char *boot_device, DisplayState *ds,
+               const char *boot_device,
                const char *kernel_filename, const char *kernel_cmdline,
                const char *initrd_filename, const char *cpu_model)
 {
     CPUState *env;
     qemu_irq *pic;
     int index;
-    int iomemtype;
     unsigned long flash_size;
 
     if (!cpu_model)
@@ -1441,11 +1539,6 @@ static void musicpal_init(ram_addr_t ram_size, int vga_ram_size,
     sram_off = qemu_ram_alloc(MP_SRAM_SIZE);
     cpu_register_physical_memory(MP_SRAM_BASE, MP_SRAM_SIZE, sram_off);
 
-    /* Catch various stuff not handled by separate subsystems */
-    iomemtype = cpu_register_io_memory(0, musicpal_readfn,
-                                       musicpal_writefn, env);
-    cpu_register_physical_memory(0x80000000, 0x10000, iomemtype);
-
     pic = mv88w8618_pic_init(MP_PIC_BASE, pic[ARM_PIC_CPU_IRQ]);
     mv88w8618_pit_init(MP_PIT_BASE, pic, MP_TIMER1_IRQ);
 
@@ -1480,19 +1573,18 @@ static void musicpal_init(ram_addr_t ram_size, int vga_ram_size,
     }
     mv88w8618_flashcfg_init(MP_FLASHCFG_BASE);
 
-    musicpal_lcd_init(ds, MP_LCD_BASE);
+    musicpal_lcd_init();
 
     qemu_add_kbd_event_handler(musicpal_key_event, pic[MP_GPIO_IRQ]);
 
-    /*
-     * Wait a bit to catch menu button during U-Boot start-up
-     * (to trigger emergency update).
-     */
-    sleep(1);
-
     mv88w8618_eth_init(&nd_table[0], MP_ETH_BASE, pic[MP_ETH_IRQ]);
 
-    mixer_i2c = musicpal_audio_init(MP_AUDIO_BASE, pic[MP_AUDIO_IRQ]);
+    mixer_i2c = musicpal_audio_init(pic[MP_AUDIO_IRQ]);
+
+    mv88w8618_wlan_init(MP_WLAN_BASE);
+
+    musicpal_misc_init();
+    musicpal_gpio_init();
 
     musicpal_binfo.ram_size = MP_RAM_DEFAULT_SIZE;
     musicpal_binfo.kernel_filename = kernel_filename;
@@ -1502,8 +1594,7 @@ static void musicpal_init(ram_addr_t ram_size, int vga_ram_size,
 }
 
 QEMUMachine musicpal_machine = {
-    "musicpal",
-    "Marvell 88w8618 / MusicPal (ARM926EJ-S)",
-    musicpal_init,
-    MP_RAM_DEFAULT_SIZE + MP_SRAM_SIZE + MP_FLASH_SIZE_MAX + RAMSIZE_FIXED
+    .name = "musicpal",
+    .desc = "Marvell 88w8618 / MusicPal (ARM926EJ-S)",
+    .init = musicpal_init,
 };