/* * QEMU JAZZ RC4030 chipset * * Copyright (c) 2007-2013 Hervé Poussineau * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN * THE SOFTWARE. */ #include "qemu/osdep.h" #include "qemu/units.h" #include "hw/irq.h" #include "hw/mips/mips.h" #include "hw/sysbus.h" #include "migration/vmstate.h" #include "qapi/error.h" #include "qemu/timer.h" #include "qemu/log.h" #include "qemu/module.h" #include "exec/address-spaces.h" #include "trace.h" #include "qom/object.h" /********************************************************/ /* rc4030 emulation */ typedef struct dma_pagetable_entry { int32_t frame; int32_t owner; } QEMU_PACKED dma_pagetable_entry; #define DMA_PAGESIZE 4096 #define DMA_REG_ENABLE 1 #define DMA_REG_COUNT 2 #define DMA_REG_ADDRESS 3 #define DMA_FLAG_ENABLE 0x0001 #define DMA_FLAG_MEM_TO_DEV 0x0002 #define DMA_FLAG_TC_INTR 0x0100 #define DMA_FLAG_MEM_INTR 0x0200 #define DMA_FLAG_ADDR_INTR 0x0400 #define TYPE_RC4030 "rc4030" typedef struct rc4030State rc4030State; DECLARE_INSTANCE_CHECKER(rc4030State, RC4030, TYPE_RC4030) #define TYPE_RC4030_IOMMU_MEMORY_REGION "rc4030-iommu-memory-region" struct rc4030State { SysBusDevice parent; uint32_t config; /* 0x0000: RC4030 config register */ uint32_t revision; /* 0x0008: RC4030 Revision register */ uint32_t invalid_address_register; /* 0x0010: Invalid Address register */ /* DMA */ uint32_t dma_regs[8][4]; uint32_t dma_tl_base; /* 0x0018: DMA transl. table base */ uint32_t dma_tl_limit; /* 0x0020: DMA transl. table limit */ /* cache */ uint32_t cache_maint; /* 0x0030: Cache Maintenance */ uint32_t remote_failed_address; /* 0x0038: Remote Failed Address */ uint32_t memory_failed_address; /* 0x0040: Memory Failed Address */ uint32_t cache_ptag; /* 0x0048: I/O Cache Physical Tag */ uint32_t cache_ltag; /* 0x0050: I/O Cache Logical Tag */ uint32_t cache_bmask; /* 0x0058: I/O Cache Byte Mask */ uint32_t nmi_interrupt; /* 0x0200: interrupt source */ uint32_t memory_refresh_rate; /* 0x0210: memory refresh rate */ uint32_t nvram_protect; /* 0x0220: NV ram protect register */ uint32_t rem_speed[16]; uint32_t imr_jazz; /* Local bus int enable mask */ uint32_t isr_jazz; /* Local bus int source */ /* timer */ QEMUTimer *periodic_timer; uint32_t itr; /* Interval timer reload */ qemu_irq timer_irq; qemu_irq jazz_bus_irq; /* whole DMA memory region, root of DMA address space */ IOMMUMemoryRegion dma_mr; AddressSpace dma_as; MemoryRegion iomem_chipset; MemoryRegion iomem_jazzio; }; static void set_next_tick(rc4030State *s) { uint32_t tm_hz; qemu_irq_lower(s->timer_irq); tm_hz = 1000 / (s->itr + 1); timer_mod(s->periodic_timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + NANOSECONDS_PER_SECOND / tm_hz); } /* called for accesses to rc4030 */ static uint64_t rc4030_read(void *opaque, hwaddr addr, unsigned int size) { rc4030State *s = opaque; uint32_t val; addr &= 0x3fff; switch (addr & ~0x3) { /* Global config register */ case 0x0000: val = s->config; break; /* Revision register */ case 0x0008: val = s->revision; break; /* Invalid Address register */ case 0x0010: val = s->invalid_address_register; break; /* DMA transl. table base */ case 0x0018: val = s->dma_tl_base; break; /* DMA transl. table limit */ case 0x0020: val = s->dma_tl_limit; break; /* Remote Failed Address */ case 0x0038: val = s->remote_failed_address; break; /* Memory Failed Address */ case 0x0040: val = s->memory_failed_address; break; /* I/O Cache Byte Mask */ case 0x0058: val = s->cache_bmask; /* HACK */ if (s->cache_bmask == (uint32_t)-1) { s->cache_bmask = 0; } break; /* Remote Speed Registers */ case 0x0070: case 0x0078: case 0x0080: case 0x0088: case 0x0090: case 0x0098: case 0x00a0: case 0x00a8: case 0x00b0: case 0x00b8: case 0x00c0: case 0x00c8: case 0x00d0: case 0x00d8: case 0x00e0: case 0x00e8: val = s->rem_speed[(addr - 0x0070) >> 3]; break; /* DMA channel base address */ case 0x0100: case 0x0108: case 0x0110: case 0x0118: case 0x0120: case 0x0128: case 0x0130: case 0x0138: case 0x0140: case 0x0148: case 0x0150: case 0x0158: case 0x0160: case 0x0168: case 0x0170: case 0x0178: case 0x0180: case 0x0188: case 0x0190: case 0x0198: case 0x01a0: case 0x01a8: case 0x01b0: case 0x01b8: case 0x01c0: case 0x01c8: case 0x01d0: case 0x01d8: case 0x01e0: case 0x01e8: case 0x01f0: case 0x01f8: { int entry = (addr - 0x0100) >> 5; int idx = (addr & 0x1f) >> 3; val = s->dma_regs[entry][idx]; } break; /* Interrupt source */ case 0x0200: val = s->nmi_interrupt; break; /* Error type */ case 0x0208: val = 0; break; /* Memory refresh rate */ case 0x0210: val = s->memory_refresh_rate; break; /* NV ram protect register */ case 0x0220: val = s->nvram_protect; break; /* Interval timer count */ case 0x0230: val = 0; qemu_irq_lower(s->timer_irq); break; /* EISA interrupt */ case 0x0238: val = 7; /* FIXME: should be read from EISA controller */ break; default: qemu_log_mask(LOG_GUEST_ERROR, "rc4030: invalid read at 0x%x", (int)addr); val = 0; break; } if ((addr & ~3) != 0x230) { trace_rc4030_read(addr, val); } return val; } static void rc4030_write(void *opaque, hwaddr addr, uint64_t data, unsigned int size) { rc4030State *s = opaque; uint32_t val = data; addr &= 0x3fff; trace_rc4030_write(addr, val); switch (addr & ~0x3) { /* Global config register */ case 0x0000: s->config = val; break; /* DMA transl. table base */ case 0x0018: s->dma_tl_base = val; break; /* DMA transl. table limit */ case 0x0020: s->dma_tl_limit = val; break; /* DMA transl. table invalidated */ case 0x0028: break; /* Cache Maintenance */ case 0x0030: s->cache_maint = val; break; /* I/O Cache Physical Tag */ case 0x0048: s->cache_ptag = val; break; /* I/O Cache Logical Tag */ case 0x0050: s->cache_ltag = val; break; /* I/O Cache Byte Mask */ case 0x0058: s->cache_bmask |= val; /* HACK */ break; /* I/O Cache Buffer Window */ case 0x0060: /* HACK */ if (s->cache_ltag == 0x80000001 && s->cache_bmask == 0xf0f0f0f) { hwaddr dest = s->cache_ptag & ~0x1; dest += (s->cache_maint & 0x3) << 3; cpu_physical_memory_write(dest, &val, 4); } break; /* Remote Speed Registers */ case 0x0070: case 0x0078: case 0x0080: case 0x0088: case 0x0090: case 0x0098: case 0x00a0: case 0x00a8: case 0x00b0: case 0x00b8: case 0x00c0: case 0x00c8: case 0x00d0: case 0x00d8: case 0x00e0: case 0x00e8: s->rem_speed[(addr - 0x0070) >> 3] = val; break; /* DMA channel base address */ case 0x0100: case 0x0108: case 0x0110: case 0x0118: case 0x0120: case 0x0128: case 0x0130: case 0x0138: case 0x0140: case 0x0148: case 0x0150: case 0x0158: case 0x0160: case 0x0168: case 0x0170: case 0x0178: case 0x0180: case 0x0188: case 0x0190: case 0x0198: case 0x01a0: case 0x01a8: case 0x01b0: case 0x01b8: case 0x01c0: case 0x01c8: case 0x01d0: case 0x01d8: case 0x01e0: case 0x01e8: case 0x01f0: case 0x01f8: { int entry = (addr - 0x0100) >> 5; int idx = (addr & 0x1f) >> 3; s->dma_regs[entry][idx] = val; } break; /* Memory refresh rate */ case 0x0210: s->memory_refresh_rate = val; break; /* Interval timer reload */ case 0x0228: s->itr = val & 0x01FF; qemu_irq_lower(s->timer_irq); set_next_tick(s); break; /* EISA interrupt */ case 0x0238: break; default: qemu_log_mask(LOG_GUEST_ERROR, "rc4030: invalid write of 0x%02x at 0x%x", val, (int)addr); break; } } static const MemoryRegionOps rc4030_ops = { .read = rc4030_read, .write = rc4030_write, .impl.min_access_size = 4, .impl.max_access_size = 4, .endianness = DEVICE_NATIVE_ENDIAN, }; static void update_jazz_irq(rc4030State *s) { uint16_t pending; pending = s->isr_jazz & s->imr_jazz; if (pending != 0) { qemu_irq_raise(s->jazz_bus_irq); } else { qemu_irq_lower(s->jazz_bus_irq); } } static void rc4030_irq_jazz_request(void *opaque, int irq, int level) { rc4030State *s = opaque; if (level) { s->isr_jazz |= 1 << irq; } else { s->isr_jazz &= ~(1 << irq); } update_jazz_irq(s); } static void rc4030_periodic_timer(void *opaque) { rc4030State *s = opaque; set_next_tick(s); qemu_irq_raise(s->timer_irq); } static uint64_t jazzio_read(void *opaque, hwaddr addr, unsigned int size) { rc4030State *s = opaque; uint32_t val; uint32_t irq; addr &= 0xfff; switch (addr) { /* Local bus int source */ case 0x00: { uint32_t pending = s->isr_jazz & s->imr_jazz; val = 0; irq = 0; while (pending) { if (pending & 1) { val = (irq + 1) << 2; break; } irq++; pending >>= 1; } break; } /* Local bus int enable mask */ case 0x02: val = s->imr_jazz; break; default: qemu_log_mask(LOG_GUEST_ERROR, "rc4030/jazzio: invalid read at 0x%x", (int)addr); val = 0; break; } trace_jazzio_read(addr, val); return val; } static void jazzio_write(void *opaque, hwaddr addr, uint64_t data, unsigned int size) { rc4030State *s = opaque; uint32_t val = data; addr &= 0xfff; trace_jazzio_write(addr, val); switch (addr) { /* Local bus int enable mask */ case 0x02: s->imr_jazz = val; update_jazz_irq(s); break; default: qemu_log_mask(LOG_GUEST_ERROR, "rc4030/jazzio: invalid write of 0x%02x at 0x%x", val, (int)addr); break; } } static const MemoryRegionOps jazzio_ops = { .read = jazzio_read, .write = jazzio_write, .impl.min_access_size = 2, .impl.max_access_size = 2, .endianness = DEVICE_NATIVE_ENDIAN, }; static IOMMUTLBEntry rc4030_dma_translate(IOMMUMemoryRegion *iommu, hwaddr addr, IOMMUAccessFlags flag, int iommu_idx) { rc4030State *s = container_of(iommu, rc4030State, dma_mr); IOMMUTLBEntry ret = { .target_as = &address_space_memory, .iova = addr & ~(DMA_PAGESIZE - 1), .translated_addr = 0, .addr_mask = DMA_PAGESIZE - 1, .perm = IOMMU_NONE, }; uint64_t i, entry_address; dma_pagetable_entry entry; i = addr / DMA_PAGESIZE; if (i < s->dma_tl_limit / sizeof(entry)) { entry_address = (s->dma_tl_base & 0x7fffffff) + i * sizeof(entry); if (address_space_read(ret.target_as, entry_address, MEMTXATTRS_UNSPECIFIED, &entry, sizeof(entry)) == MEMTX_OK) { ret.translated_addr = entry.frame & ~(DMA_PAGESIZE - 1); ret.perm = IOMMU_RW; } } return ret; } static void rc4030_reset(DeviceState *dev) { rc4030State *s = RC4030(dev); int i; s->config = 0x410; /* some boards seem to accept 0x104 too */ s->revision = 1; s->invalid_address_register = 0; memset(s->dma_regs, 0, sizeof(s->dma_regs)); s->remote_failed_address = s->memory_failed_address = 0; s->cache_maint = 0; s->cache_ptag = s->cache_ltag = 0; s->cache_bmask = 0; s->memory_refresh_rate = 0x18186; s->nvram_protect = 7; for (i = 0; i < 15; i++) { s->rem_speed[i] = 7; } s->imr_jazz = 0x10; /* XXX: required by firmware, but why? */ s->isr_jazz = 0; s->itr = 0; qemu_irq_lower(s->timer_irq); qemu_irq_lower(s->jazz_bus_irq); } static int rc4030_post_load(void *opaque, int version_id) { rc4030State *s = opaque; set_next_tick(s); update_jazz_irq(s); return 0; } static const VMStateDescription vmstate_rc4030 = { .name = "rc4030", .version_id = 3, .post_load = rc4030_post_load, .fields = (VMStateField []) { VMSTATE_UINT32(config, rc4030State), VMSTATE_UINT32(invalid_address_register, rc4030State), VMSTATE_UINT32_2DARRAY(dma_regs, rc4030State, 8, 4), VMSTATE_UINT32(dma_tl_base, rc4030State), VMSTATE_UINT32(dma_tl_limit, rc4030State), VMSTATE_UINT32(cache_maint, rc4030State), VMSTATE_UINT32(remote_failed_address, rc4030State), VMSTATE_UINT32(memory_failed_address, rc4030State), VMSTATE_UINT32(cache_ptag, rc4030State), VMSTATE_UINT32(cache_ltag, rc4030State), VMSTATE_UINT32(cache_bmask, rc4030State), VMSTATE_UINT32(memory_refresh_rate, rc4030State), VMSTATE_UINT32(nvram_protect, rc4030State), VMSTATE_UINT32_ARRAY(rem_speed, rc4030State, 16), VMSTATE_UINT32(imr_jazz, rc4030State), VMSTATE_UINT32(isr_jazz, rc4030State), VMSTATE_UINT32(itr, rc4030State), VMSTATE_END_OF_LIST() } }; static void rc4030_do_dma(void *opaque, int n, uint8_t *buf, int len, bool is_write) { rc4030State *s = opaque; hwaddr dma_addr; int dev_to_mem; s->dma_regs[n][DMA_REG_ENABLE] &= ~(DMA_FLAG_TC_INTR | DMA_FLAG_MEM_INTR | DMA_FLAG_ADDR_INTR); /* Check DMA channel consistency */ dev_to_mem = (s->dma_regs[n][DMA_REG_ENABLE] & DMA_FLAG_MEM_TO_DEV) ? 0 : 1; if (!(s->dma_regs[n][DMA_REG_ENABLE] & DMA_FLAG_ENABLE) || (is_write != dev_to_mem)) { s->dma_regs[n][DMA_REG_ENABLE] |= DMA_FLAG_MEM_INTR; s->nmi_interrupt |= 1 << n; return; } /* Get start address and len */ if (len > s->dma_regs[n][DMA_REG_COUNT]) { len = s->dma_regs[n][DMA_REG_COUNT]; } dma_addr = s->dma_regs[n][DMA_REG_ADDRESS]; /* Read/write data at right place */ address_space_rw(&s->dma_as, dma_addr, MEMTXATTRS_UNSPECIFIED, buf, len, is_write); s->dma_regs[n][DMA_REG_ENABLE] |= DMA_FLAG_TC_INTR; s->dma_regs[n][DMA_REG_COUNT] -= len; } struct rc4030DMAState { void *opaque; int n; }; void rc4030_dma_read(void *dma, uint8_t *buf, int len) { rc4030_dma s = dma; rc4030_do_dma(s->opaque, s->n, buf, len, false); } void rc4030_dma_write(void *dma, uint8_t *buf, int len) { rc4030_dma s = dma; rc4030_do_dma(s->opaque, s->n, buf, len, true); } static rc4030_dma *rc4030_allocate_dmas(void *opaque, int n) { rc4030_dma *s; struct rc4030DMAState *p; int i; s = (rc4030_dma *)g_new0(rc4030_dma, n); p = (struct rc4030DMAState *)g_new0(struct rc4030DMAState, n); for (i = 0; i < n; i++) { p->opaque = opaque; p->n = i; s[i] = p; p++; } return s; } static void rc4030_initfn(Object *obj) { DeviceState *dev = DEVICE(obj); rc4030State *s = RC4030(obj); SysBusDevice *sysbus = SYS_BUS_DEVICE(obj); qdev_init_gpio_in(dev, rc4030_irq_jazz_request, 16); sysbus_init_irq(sysbus, &s->timer_irq); sysbus_init_irq(sysbus, &s->jazz_bus_irq); sysbus_init_mmio(sysbus, &s->iomem_chipset); sysbus_init_mmio(sysbus, &s->iomem_jazzio); } static void rc4030_realize(DeviceState *dev, Error **errp) { rc4030State *s = RC4030(dev); Object *o = OBJECT(dev); s->periodic_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, rc4030_periodic_timer, s); memory_region_init_io(&s->iomem_chipset, o, &rc4030_ops, s, "rc4030.chipset", 0x300); memory_region_init_io(&s->iomem_jazzio, o, &jazzio_ops, s, "rc4030.jazzio", 0x00001000); memory_region_init_iommu(&s->dma_mr, sizeof(s->dma_mr), TYPE_RC4030_IOMMU_MEMORY_REGION, o, "rc4030.dma", 4 * GiB); address_space_init(&s->dma_as, MEMORY_REGION(&s->dma_mr), "rc4030-dma"); } static void rc4030_unrealize(DeviceState *dev) { rc4030State *s = RC4030(dev); timer_free(s->periodic_timer); address_space_destroy(&s->dma_as); object_unparent(OBJECT(&s->dma_mr)); } static void rc4030_class_init(ObjectClass *klass, void *class_data) { DeviceClass *dc = DEVICE_CLASS(klass); dc->realize = rc4030_realize; dc->unrealize = rc4030_unrealize; dc->reset = rc4030_reset; dc->vmsd = &vmstate_rc4030; } static const TypeInfo rc4030_info = { .name = TYPE_RC4030, .parent = TYPE_SYS_BUS_DEVICE, .instance_size = sizeof(rc4030State), .instance_init = rc4030_initfn, .class_init = rc4030_class_init, }; static void rc4030_iommu_memory_region_class_init(ObjectClass *klass, void *data) { IOMMUMemoryRegionClass *imrc = IOMMU_MEMORY_REGION_CLASS(klass); imrc->translate = rc4030_dma_translate; } static const TypeInfo rc4030_iommu_memory_region_info = { .parent = TYPE_IOMMU_MEMORY_REGION, .name = TYPE_RC4030_IOMMU_MEMORY_REGION, .class_init = rc4030_iommu_memory_region_class_init, }; static void rc4030_register_types(void) { type_register_static(&rc4030_info); type_register_static(&rc4030_iommu_memory_region_info); } type_init(rc4030_register_types) DeviceState *rc4030_init(rc4030_dma **dmas, IOMMUMemoryRegion **dma_mr) { DeviceState *dev; dev = qdev_new(TYPE_RC4030); sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal); *dmas = rc4030_allocate_dmas(dev, 4); *dma_mr = &RC4030(dev)->dma_mr; return dev; }