xref: /openbmc/qemu/hw/alpha/typhoon.c (revision f3fa412de28ae3cb31d38811d30a77e4e20456cc)
1 /*
2  * DEC 21272 (TSUNAMI/TYPHOON) chipset emulation.
3  *
4  * Written by Richard Henderson.
5  *
6  * This work is licensed under the GNU GPL license version 2 or later.
7  */
8 
9 #include "qemu/osdep.h"
10 #include "qemu/module.h"
11 #include "qemu/units.h"
12 #include "qapi/error.h"
13 #include "cpu.h"
14 #include "hw/irq.h"
15 #include "alpha_sys.h"
16 #include "qom/object.h"
17 
18 
19 #define TYPE_TYPHOON_PCI_HOST_BRIDGE "typhoon-pcihost"
20 #define TYPE_TYPHOON_IOMMU_MEMORY_REGION "typhoon-iommu-memory-region"
21 
22 typedef struct TyphoonCchip {
23     MemoryRegion region;
24     uint64_t misc;
25     uint64_t drir;
26     uint64_t dim[4];
27     uint32_t iic[4];
28     AlphaCPU *cpu[4];
29 } TyphoonCchip;
30 
31 typedef struct TyphoonWindow {
32     uint64_t wba;
33     uint64_t wsm;
34     uint64_t tba;
35 } TyphoonWindow;
36 
37 typedef struct TyphoonPchip {
38     MemoryRegion region;
39     MemoryRegion reg_iack;
40     MemoryRegion reg_mem;
41     MemoryRegion reg_io;
42     MemoryRegion reg_conf;
43 
44     AddressSpace iommu_as;
45     IOMMUMemoryRegion iommu;
46 
47     uint64_t ctl;
48     TyphoonWindow win[4];
49 } TyphoonPchip;
50 
51 OBJECT_DECLARE_SIMPLE_TYPE(TyphoonState, TYPHOON_PCI_HOST_BRIDGE)
52 
53 struct TyphoonState {
54     PCIHostState parent_obj;
55 
56     TyphoonCchip cchip;
57     TyphoonPchip pchip;
58     MemoryRegion dchip_region;
59 };
60 
61 /* Called when one of DRIR or DIM changes.  */
62 static void cpu_irq_change(AlphaCPU *cpu, uint64_t req)
63 {
64     /* If there are any non-masked interrupts, tell the cpu.  */
65     if (cpu != NULL) {
66         CPUState *cs = CPU(cpu);
67         if (req) {
68             cpu_interrupt(cs, CPU_INTERRUPT_HARD);
69         } else {
70             cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD);
71         }
72     }
73 }
74 
75 static MemTxResult cchip_read(void *opaque, hwaddr addr,
76                               uint64_t *data, unsigned size,
77                               MemTxAttrs attrs)
78 {
79     CPUState *cpu = current_cpu;
80     TyphoonState *s = opaque;
81     uint64_t ret = 0;
82 
83     switch (addr) {
84     case 0x0000:
85         /* CSC: Cchip System Configuration Register.  */
86         /* All sorts of data here; probably the only thing relevant is
87            PIP<14> Pchip 1 Present = 0.  */
88         break;
89 
90     case 0x0040:
91         /* MTR: Memory Timing Register.  */
92         /* All sorts of stuff related to real DRAM.  */
93         break;
94 
95     case 0x0080:
96         /* MISC: Miscellaneous Register.  */
97         ret = s->cchip.misc | (cpu->cpu_index & 3);
98         break;
99 
100     case 0x00c0:
101         /* MPD: Memory Presence Detect Register.  */
102         break;
103 
104     case 0x0100: /* AAR0 */
105     case 0x0140: /* AAR1 */
106     case 0x0180: /* AAR2 */
107     case 0x01c0: /* AAR3 */
108         /* AAR: Array Address Register.  */
109         /* All sorts of information about DRAM.  */
110         break;
111 
112     case 0x0200:
113         /* DIM0: Device Interrupt Mask Register, CPU0.  */
114         ret = s->cchip.dim[0];
115         break;
116     case 0x0240:
117         /* DIM1: Device Interrupt Mask Register, CPU1.  */
118         ret = s->cchip.dim[1];
119         break;
120     case 0x0280:
121         /* DIR0: Device Interrupt Request Register, CPU0.  */
122         ret = s->cchip.dim[0] & s->cchip.drir;
123         break;
124     case 0x02c0:
125         /* DIR1: Device Interrupt Request Register, CPU1.  */
126         ret = s->cchip.dim[1] & s->cchip.drir;
127         break;
128     case 0x0300:
129         /* DRIR: Device Raw Interrupt Request Register.  */
130         ret = s->cchip.drir;
131         break;
132 
133     case 0x0340:
134         /* PRBEN: Probe Enable Register.  */
135         break;
136 
137     case 0x0380:
138         /* IIC0: Interval Ignore Count Register, CPU0.  */
139         ret = s->cchip.iic[0];
140         break;
141     case 0x03c0:
142         /* IIC1: Interval Ignore Count Register, CPU1.  */
143         ret = s->cchip.iic[1];
144         break;
145 
146     case 0x0400: /* MPR0 */
147     case 0x0440: /* MPR1 */
148     case 0x0480: /* MPR2 */
149     case 0x04c0: /* MPR3 */
150         /* MPR: Memory Programming Register.  */
151         break;
152 
153     case 0x0580:
154         /* TTR: TIGbus Timing Register.  */
155         /* All sorts of stuff related to interrupt delivery timings.  */
156         break;
157     case 0x05c0:
158         /* TDR: TIGbug Device Timing Register.  */
159         break;
160 
161     case 0x0600:
162         /* DIM2: Device Interrupt Mask Register, CPU2.  */
163         ret = s->cchip.dim[2];
164         break;
165     case 0x0640:
166         /* DIM3: Device Interrupt Mask Register, CPU3.  */
167         ret = s->cchip.dim[3];
168         break;
169     case 0x0680:
170         /* DIR2: Device Interrupt Request Register, CPU2.  */
171         ret = s->cchip.dim[2] & s->cchip.drir;
172         break;
173     case 0x06c0:
174         /* DIR3: Device Interrupt Request Register, CPU3.  */
175         ret = s->cchip.dim[3] & s->cchip.drir;
176         break;
177 
178     case 0x0700:
179         /* IIC2: Interval Ignore Count Register, CPU2.  */
180         ret = s->cchip.iic[2];
181         break;
182     case 0x0740:
183         /* IIC3: Interval Ignore Count Register, CPU3.  */
184         ret = s->cchip.iic[3];
185         break;
186 
187     case 0x0780:
188         /* PWR: Power Management Control.   */
189         break;
190 
191     case 0x0c00: /* CMONCTLA */
192     case 0x0c40: /* CMONCTLB */
193     case 0x0c80: /* CMONCNT01 */
194     case 0x0cc0: /* CMONCNT23 */
195         break;
196 
197     default:
198         return MEMTX_ERROR;
199     }
200 
201     *data = ret;
202     return MEMTX_OK;
203 }
204 
205 static uint64_t dchip_read(void *opaque, hwaddr addr, unsigned size)
206 {
207     /* Skip this.  It's all related to DRAM timing and setup.  */
208     return 0;
209 }
210 
211 static MemTxResult pchip_read(void *opaque, hwaddr addr, uint64_t *data,
212                               unsigned size, MemTxAttrs attrs)
213 {
214     TyphoonState *s = opaque;
215     uint64_t ret = 0;
216 
217     switch (addr) {
218     case 0x0000:
219         /* WSBA0: Window Space Base Address Register.  */
220         ret = s->pchip.win[0].wba;
221         break;
222     case 0x0040:
223         /* WSBA1 */
224         ret = s->pchip.win[1].wba;
225         break;
226     case 0x0080:
227         /* WSBA2 */
228         ret = s->pchip.win[2].wba;
229         break;
230     case 0x00c0:
231         /* WSBA3 */
232         ret = s->pchip.win[3].wba;
233         break;
234 
235     case 0x0100:
236         /* WSM0: Window Space Mask Register.  */
237         ret = s->pchip.win[0].wsm;
238         break;
239     case 0x0140:
240         /* WSM1 */
241         ret = s->pchip.win[1].wsm;
242         break;
243     case 0x0180:
244         /* WSM2 */
245         ret = s->pchip.win[2].wsm;
246         break;
247     case 0x01c0:
248         /* WSM3 */
249         ret = s->pchip.win[3].wsm;
250         break;
251 
252     case 0x0200:
253         /* TBA0: Translated Base Address Register.  */
254         ret = s->pchip.win[0].tba;
255         break;
256     case 0x0240:
257         /* TBA1 */
258         ret = s->pchip.win[1].tba;
259         break;
260     case 0x0280:
261         /* TBA2 */
262         ret = s->pchip.win[2].tba;
263         break;
264     case 0x02c0:
265         /* TBA3 */
266         ret = s->pchip.win[3].tba;
267         break;
268 
269     case 0x0300:
270         /* PCTL: Pchip Control Register.  */
271         ret = s->pchip.ctl;
272         break;
273     case 0x0340:
274         /* PLAT: Pchip Master Latency Register.  */
275         break;
276     case 0x03c0:
277         /* PERROR: Pchip Error Register.  */
278         break;
279     case 0x0400:
280         /* PERRMASK: Pchip Error Mask Register.  */
281         break;
282     case 0x0440:
283         /* PERRSET: Pchip Error Set Register.  */
284         break;
285     case 0x0480:
286         /* TLBIV: Translation Buffer Invalidate Virtual Register (WO).  */
287         break;
288     case 0x04c0:
289         /* TLBIA: Translation Buffer Invalidate All Register (WO).  */
290         break;
291     case 0x0500: /* PMONCTL */
292     case 0x0540: /* PMONCNT */
293     case 0x0800: /* SPRST */
294         break;
295 
296     default:
297         return MEMTX_ERROR;
298     }
299 
300     *data = ret;
301     return MEMTX_OK;
302 }
303 
304 static MemTxResult cchip_write(void *opaque, hwaddr addr,
305                                uint64_t val, unsigned size,
306                                MemTxAttrs attrs)
307 {
308     TyphoonState *s = opaque;
309     uint64_t oldval, newval;
310 
311     switch (addr) {
312     case 0x0000:
313         /* CSC: Cchip System Configuration Register.  */
314         /* All sorts of data here; nothing relevant RW.  */
315         break;
316 
317     case 0x0040:
318         /* MTR: Memory Timing Register.  */
319         /* All sorts of stuff related to real DRAM.  */
320         break;
321 
322     case 0x0080:
323         /* MISC: Miscellaneous Register.  */
324         newval = oldval = s->cchip.misc;
325         newval &= ~(val & 0x10000ff0);     /* W1C fields */
326         if (val & 0x100000) {
327             newval &= ~0xff0000ull;        /* ACL clears ABT and ABW */
328         } else {
329             newval |= val & 0x00f00000;    /* ABT field is W1S */
330             if ((newval & 0xf0000) == 0) {
331                 newval |= val & 0xf0000;   /* ABW field is W1S iff zero */
332             }
333         }
334         newval |= (val & 0xf000) >> 4;     /* IPREQ field sets IPINTR.  */
335 
336         newval &= ~0xf0000000000ull;       /* WO and RW fields */
337         newval |= val & 0xf0000000000ull;
338         s->cchip.misc = newval;
339 
340         /* Pass on changes to IPI and ITI state.  */
341         if ((newval ^ oldval) & 0xff0) {
342             int i;
343             for (i = 0; i < 4; ++i) {
344                 AlphaCPU *cpu = s->cchip.cpu[i];
345                 if (cpu != NULL) {
346                     CPUState *cs = CPU(cpu);
347                     /* IPI can be either cleared or set by the write.  */
348                     if (newval & (1 << (i + 8))) {
349                         cpu_interrupt(cs, CPU_INTERRUPT_SMP);
350                     } else {
351                         cpu_reset_interrupt(cs, CPU_INTERRUPT_SMP);
352                     }
353 
354                     /* ITI can only be cleared by the write.  */
355                     if ((newval & (1 << (i + 4))) == 0) {
356                         cpu_reset_interrupt(cs, CPU_INTERRUPT_TIMER);
357                     }
358                 }
359             }
360         }
361         break;
362 
363     case 0x00c0:
364         /* MPD: Memory Presence Detect Register.  */
365         break;
366 
367     case 0x0100: /* AAR0 */
368     case 0x0140: /* AAR1 */
369     case 0x0180: /* AAR2 */
370     case 0x01c0: /* AAR3 */
371         /* AAR: Array Address Register.  */
372         /* All sorts of information about DRAM.  */
373         break;
374 
375     case 0x0200: /* DIM0 */
376         /* DIM: Device Interrupt Mask Register, CPU0.  */
377         s->cchip.dim[0] = val;
378         cpu_irq_change(s->cchip.cpu[0], val & s->cchip.drir);
379         break;
380     case 0x0240: /* DIM1 */
381         /* DIM: Device Interrupt Mask Register, CPU1.  */
382         s->cchip.dim[1] = val;
383         cpu_irq_change(s->cchip.cpu[1], val & s->cchip.drir);
384         break;
385 
386     case 0x0280: /* DIR0 (RO) */
387     case 0x02c0: /* DIR1 (RO) */
388     case 0x0300: /* DRIR (RO) */
389         break;
390 
391     case 0x0340:
392         /* PRBEN: Probe Enable Register.  */
393         break;
394 
395     case 0x0380: /* IIC0 */
396         s->cchip.iic[0] = val & 0xffffff;
397         break;
398     case 0x03c0: /* IIC1 */
399         s->cchip.iic[1] = val & 0xffffff;
400         break;
401 
402     case 0x0400: /* MPR0 */
403     case 0x0440: /* MPR1 */
404     case 0x0480: /* MPR2 */
405     case 0x04c0: /* MPR3 */
406         /* MPR: Memory Programming Register.  */
407         break;
408 
409     case 0x0580:
410         /* TTR: TIGbus Timing Register.  */
411         /* All sorts of stuff related to interrupt delivery timings.  */
412         break;
413     case 0x05c0:
414         /* TDR: TIGbug Device Timing Register.  */
415         break;
416 
417     case 0x0600:
418         /* DIM2: Device Interrupt Mask Register, CPU2.  */
419         s->cchip.dim[2] = val;
420         cpu_irq_change(s->cchip.cpu[2], val & s->cchip.drir);
421         break;
422     case 0x0640:
423         /* DIM3: Device Interrupt Mask Register, CPU3.  */
424         s->cchip.dim[3] = val;
425         cpu_irq_change(s->cchip.cpu[3], val & s->cchip.drir);
426         break;
427 
428     case 0x0680: /* DIR2 (RO) */
429     case 0x06c0: /* DIR3 (RO) */
430         break;
431 
432     case 0x0700: /* IIC2 */
433         s->cchip.iic[2] = val & 0xffffff;
434         break;
435     case 0x0740: /* IIC3 */
436         s->cchip.iic[3] = val & 0xffffff;
437         break;
438 
439     case 0x0780:
440         /* PWR: Power Management Control.   */
441         break;
442 
443     case 0x0c00: /* CMONCTLA */
444     case 0x0c40: /* CMONCTLB */
445     case 0x0c80: /* CMONCNT01 */
446     case 0x0cc0: /* CMONCNT23 */
447         break;
448 
449     default:
450         return MEMTX_ERROR;
451     }
452 
453     return MEMTX_OK;
454 }
455 
456 static void dchip_write(void *opaque, hwaddr addr,
457                         uint64_t val, unsigned size)
458 {
459     /* Skip this.  It's all related to DRAM timing and setup.  */
460 }
461 
462 static MemTxResult pchip_write(void *opaque, hwaddr addr,
463                                uint64_t val, unsigned size,
464                                MemTxAttrs attrs)
465 {
466     TyphoonState *s = opaque;
467     uint64_t oldval;
468 
469     switch (addr) {
470     case 0x0000:
471         /* WSBA0: Window Space Base Address Register.  */
472         s->pchip.win[0].wba = val & 0xfff00003u;
473         break;
474     case 0x0040:
475         /* WSBA1 */
476         s->pchip.win[1].wba = val & 0xfff00003u;
477         break;
478     case 0x0080:
479         /* WSBA2 */
480         s->pchip.win[2].wba = val & 0xfff00003u;
481         break;
482     case 0x00c0:
483         /* WSBA3 */
484         s->pchip.win[3].wba = (val & 0x80fff00001ull) | 2;
485         break;
486 
487     case 0x0100:
488         /* WSM0: Window Space Mask Register.  */
489         s->pchip.win[0].wsm = val & 0xfff00000u;
490         break;
491     case 0x0140:
492         /* WSM1 */
493         s->pchip.win[1].wsm = val & 0xfff00000u;
494         break;
495     case 0x0180:
496         /* WSM2 */
497         s->pchip.win[2].wsm = val & 0xfff00000u;
498         break;
499     case 0x01c0:
500         /* WSM3 */
501         s->pchip.win[3].wsm = val & 0xfff00000u;
502         break;
503 
504     case 0x0200:
505         /* TBA0: Translated Base Address Register.  */
506         s->pchip.win[0].tba = val & 0x7fffffc00ull;
507         break;
508     case 0x0240:
509         /* TBA1 */
510         s->pchip.win[1].tba = val & 0x7fffffc00ull;
511         break;
512     case 0x0280:
513         /* TBA2 */
514         s->pchip.win[2].tba = val & 0x7fffffc00ull;
515         break;
516     case 0x02c0:
517         /* TBA3 */
518         s->pchip.win[3].tba = val & 0x7fffffc00ull;
519         break;
520 
521     case 0x0300:
522         /* PCTL: Pchip Control Register.  */
523         oldval = s->pchip.ctl;
524         oldval &= ~0x00001cff0fc7ffull;       /* RW fields */
525         oldval |= val & 0x00001cff0fc7ffull;
526         s->pchip.ctl = oldval;
527         break;
528 
529     case 0x0340:
530         /* PLAT: Pchip Master Latency Register.  */
531         break;
532     case 0x03c0:
533         /* PERROR: Pchip Error Register.  */
534         break;
535     case 0x0400:
536         /* PERRMASK: Pchip Error Mask Register.  */
537         break;
538     case 0x0440:
539         /* PERRSET: Pchip Error Set Register.  */
540         break;
541 
542     case 0x0480:
543         /* TLBIV: Translation Buffer Invalidate Virtual Register.  */
544         break;
545 
546     case 0x04c0:
547         /* TLBIA: Translation Buffer Invalidate All Register (WO).  */
548         break;
549 
550     case 0x0500:
551         /* PMONCTL */
552     case 0x0540:
553         /* PMONCNT */
554     case 0x0800:
555         /* SPRST */
556         break;
557 
558     default:
559         return MEMTX_ERROR;
560     }
561 
562     return MEMTX_OK;
563 }
564 
565 static const MemoryRegionOps cchip_ops = {
566     .read_with_attrs = cchip_read,
567     .write_with_attrs = cchip_write,
568     .endianness = DEVICE_LITTLE_ENDIAN,
569     .valid = {
570         .min_access_size = 8,
571         .max_access_size = 8,
572     },
573     .impl = {
574         .min_access_size = 8,
575         .max_access_size = 8,
576     },
577 };
578 
579 static const MemoryRegionOps dchip_ops = {
580     .read = dchip_read,
581     .write = dchip_write,
582     .endianness = DEVICE_LITTLE_ENDIAN,
583     .valid = {
584         .min_access_size = 8,
585         .max_access_size = 8,
586     },
587     .impl = {
588         .min_access_size = 8,
589         .max_access_size = 8,
590     },
591 };
592 
593 static const MemoryRegionOps pchip_ops = {
594     .read_with_attrs = pchip_read,
595     .write_with_attrs = pchip_write,
596     .endianness = DEVICE_LITTLE_ENDIAN,
597     .valid = {
598         .min_access_size = 8,
599         .max_access_size = 8,
600     },
601     .impl = {
602         .min_access_size = 8,
603         .max_access_size = 8,
604     },
605 };
606 
607 /* A subroutine of typhoon_translate_iommu that builds an IOMMUTLBEntry
608    using the given translated address and mask.  */
609 static bool make_iommu_tlbe(hwaddr taddr, hwaddr mask, IOMMUTLBEntry *ret)
610 {
611     *ret = (IOMMUTLBEntry) {
612         .target_as = &address_space_memory,
613         .translated_addr = taddr,
614         .addr_mask = mask,
615         .perm = IOMMU_RW,
616     };
617     return true;
618 }
619 
620 /* A subroutine of typhoon_translate_iommu that handles scatter-gather
621    translation, given the address of the PTE.  */
622 static bool pte_translate(hwaddr pte_addr, IOMMUTLBEntry *ret)
623 {
624     uint64_t pte = address_space_ldq(&address_space_memory, pte_addr,
625                                      MEMTXATTRS_UNSPECIFIED, NULL);
626 
627     /* Check valid bit.  */
628     if ((pte & 1) == 0) {
629         return false;
630     }
631 
632     return make_iommu_tlbe((pte & 0x3ffffe) << 12, 0x1fff, ret);
633 }
634 
635 /* A subroutine of typhoon_translate_iommu that handles one of the
636    four single-address-cycle translation windows.  */
637 static bool window_translate(TyphoonWindow *win, hwaddr addr,
638                              IOMMUTLBEntry *ret)
639 {
640     uint32_t wba = win->wba;
641     uint64_t wsm = win->wsm;
642     uint64_t tba = win->tba;
643     uint64_t wsm_ext = wsm | 0xfffff;
644 
645     /* Check for window disabled.  */
646     if ((wba & 1) == 0) {
647         return false;
648     }
649 
650     /* Check for window hit.  */
651     if ((addr & ~wsm_ext) != (wba & 0xfff00000u)) {
652         return false;
653     }
654 
655     if (wba & 2) {
656         /* Scatter-gather translation.  */
657         hwaddr pte_addr;
658 
659         /* See table 10-6, Generating PTE address for PCI DMA Address.  */
660         pte_addr  = tba & ~(wsm >> 10);
661         pte_addr |= (addr & (wsm | 0xfe000)) >> 10;
662         return pte_translate(pte_addr, ret);
663     } else {
664         /* Direct-mapped translation.  */
665         return make_iommu_tlbe(tba & ~wsm_ext, wsm_ext, ret);
666     }
667 }
668 
669 /* Handle PCI-to-system address translation.  */
670 /* TODO: A translation failure here ought to set PCI error codes on the
671    Pchip and generate a machine check interrupt.  */
672 static IOMMUTLBEntry typhoon_translate_iommu(IOMMUMemoryRegion *iommu,
673                                              hwaddr addr,
674                                              IOMMUAccessFlags flag,
675                                              int iommu_idx)
676 {
677     TyphoonPchip *pchip = container_of(iommu, TyphoonPchip, iommu);
678     IOMMUTLBEntry ret;
679     int i;
680 
681     if (addr <= 0xffffffffu) {
682         /* Single-address cycle.  */
683 
684         /* Check for the Window Hole, inhibiting matching.  */
685         if ((pchip->ctl & 0x20)
686             && addr >= 0x80000
687             && addr <= 0xfffff) {
688             goto failure;
689         }
690 
691         /* Check the first three windows.  */
692         for (i = 0; i < 3; ++i) {
693             if (window_translate(&pchip->win[i], addr, &ret)) {
694                 goto success;
695             }
696         }
697 
698         /* Check the fourth window for DAC disable.  */
699         if ((pchip->win[3].wba & 0x80000000000ull) == 0
700             && window_translate(&pchip->win[3], addr, &ret)) {
701             goto success;
702         }
703     } else {
704         /* Double-address cycle.  */
705 
706         if (addr >= 0x10000000000ull && addr < 0x20000000000ull) {
707             /* Check for the DMA monster window.  */
708             if (pchip->ctl & 0x40) {
709                 /* See 10.1.4.4; in particular <39:35> is ignored.  */
710                 make_iommu_tlbe(0, 0x007ffffffffull, &ret);
711                 goto success;
712             }
713         }
714 
715         if (addr >= 0x80000000000ull && addr <= 0xfffffffffffull) {
716             /* Check the fourth window for DAC enable and window enable.  */
717             if ((pchip->win[3].wba & 0x80000000001ull) == 0x80000000001ull) {
718                 uint64_t pte_addr;
719 
720                 pte_addr  = pchip->win[3].tba & 0x7ffc00000ull;
721                 pte_addr |= (addr & 0xffffe000u) >> 10;
722                 if (pte_translate(pte_addr, &ret)) {
723                         goto success;
724                 }
725             }
726         }
727     }
728 
729  failure:
730     ret = (IOMMUTLBEntry) { .perm = IOMMU_NONE };
731  success:
732     return ret;
733 }
734 
735 static AddressSpace *typhoon_pci_dma_iommu(PCIBus *bus, void *opaque, int devfn)
736 {
737     TyphoonState *s = opaque;
738     return &s->pchip.iommu_as;
739 }
740 
741 static void typhoon_set_irq(void *opaque, int irq, int level)
742 {
743     TyphoonState *s = opaque;
744     uint64_t drir;
745     int i;
746 
747     /* Set/Reset the bit in CCHIP.DRIR based on IRQ+LEVEL.  */
748     drir = s->cchip.drir;
749     if (level) {
750         drir |= 1ull << irq;
751     } else {
752         drir &= ~(1ull << irq);
753     }
754     s->cchip.drir = drir;
755 
756     for (i = 0; i < 4; ++i) {
757         cpu_irq_change(s->cchip.cpu[i], s->cchip.dim[i] & drir);
758     }
759 }
760 
761 static void typhoon_set_isa_irq(void *opaque, int irq, int level)
762 {
763     typhoon_set_irq(opaque, 55, level);
764 }
765 
766 static void typhoon_set_timer_irq(void *opaque, int irq, int level)
767 {
768     TyphoonState *s = opaque;
769     int i;
770 
771     /* Thankfully, the mc146818rtc code doesn't track the IRQ state,
772        and so we don't have to worry about missing interrupts just
773        because we never actually ACK the interrupt.  Just ignore any
774        case of the interrupt level going low.  */
775     if (level == 0) {
776         return;
777     }
778 
779     /* Deliver the interrupt to each CPU, considering each CPU's IIC.  */
780     for (i = 0; i < 4; ++i) {
781         AlphaCPU *cpu = s->cchip.cpu[i];
782         if (cpu != NULL) {
783             uint32_t iic = s->cchip.iic[i];
784 
785             /* ??? The verbage in Section 10.2.2.10 isn't 100% clear.
786                Bit 24 is the OverFlow bit, RO, and set when the count
787                decrements past 0.  When is OF cleared?  My guess is that
788                OF is actually cleared when the IIC is written, and that
789                the ICNT field always decrements.  At least, that's an
790                interpretation that makes sense, and "allows the CPU to
791                determine exactly how mant interval timer ticks were
792                skipped".  At least within the next 4M ticks...  */
793 
794             iic = ((iic - 1) & 0x1ffffff) | (iic & 0x1000000);
795             s->cchip.iic[i] = iic;
796 
797             if (iic & 0x1000000) {
798                 /* Set the ITI bit for this cpu.  */
799                 s->cchip.misc |= 1 << (i + 4);
800                 /* And signal the interrupt.  */
801                 cpu_interrupt(CPU(cpu), CPU_INTERRUPT_TIMER);
802             }
803         }
804     }
805 }
806 
807 static void typhoon_alarm_timer(void *opaque)
808 {
809     TyphoonState *s = (TyphoonState *)((uintptr_t)opaque & ~3);
810     int cpu = (uintptr_t)opaque & 3;
811 
812     /* Set the ITI bit for this cpu.  */
813     s->cchip.misc |= 1 << (cpu + 4);
814     cpu_interrupt(CPU(s->cchip.cpu[cpu]), CPU_INTERRUPT_TIMER);
815 }
816 
817 PCIBus *typhoon_init(MemoryRegion *ram, ISABus **isa_bus, qemu_irq *p_rtc_irq,
818                      AlphaCPU *cpus[4], pci_map_irq_fn sys_map_irq)
819 {
820     MemoryRegion *addr_space = get_system_memory();
821     DeviceState *dev;
822     TyphoonState *s;
823     PCIHostState *phb;
824     PCIBus *b;
825     int i;
826 
827     dev = qdev_new(TYPE_TYPHOON_PCI_HOST_BRIDGE);
828 
829     s = TYPHOON_PCI_HOST_BRIDGE(dev);
830     phb = PCI_HOST_BRIDGE(dev);
831 
832     s->cchip.misc = 0x800000000ull; /* Revision: Typhoon.  */
833     s->pchip.win[3].wba = 2;        /* Window 3 SG always enabled. */
834 
835     /* Remember the CPUs so that we can deliver interrupts to them.  */
836     for (i = 0; i < 4; i++) {
837         AlphaCPU *cpu = cpus[i];
838         s->cchip.cpu[i] = cpu;
839         if (cpu != NULL) {
840             cpu->alarm_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL,
841                                                  typhoon_alarm_timer,
842                                                  (void *)((uintptr_t)s + i));
843         }
844     }
845 
846     *p_rtc_irq = qemu_allocate_irq(typhoon_set_timer_irq, s, 0);
847 
848     /* Main memory region, 0x00.0000.0000.  Real hardware supports 32GB,
849        but the address space hole reserved at this point is 8TB.  */
850     memory_region_add_subregion(addr_space, 0, ram);
851 
852     /* TIGbus, 0x801.0000.0000, 1GB.  */
853     /* ??? The TIGbus is used for delivering interrupts, and access to
854        the flash ROM.  I'm not sure that we need to implement it at all.  */
855 
856     /* Pchip0 CSRs, 0x801.8000.0000, 256MB.  */
857     memory_region_init_io(&s->pchip.region, OBJECT(s), &pchip_ops, s, "pchip0",
858                           256 * MiB);
859     memory_region_add_subregion(addr_space, 0x80180000000ULL,
860                                 &s->pchip.region);
861 
862     /* Cchip CSRs, 0x801.A000.0000, 256MB.  */
863     memory_region_init_io(&s->cchip.region, OBJECT(s), &cchip_ops, s, "cchip0",
864                           256 * MiB);
865     memory_region_add_subregion(addr_space, 0x801a0000000ULL,
866                                 &s->cchip.region);
867 
868     /* Dchip CSRs, 0x801.B000.0000, 256MB.  */
869     memory_region_init_io(&s->dchip_region, OBJECT(s), &dchip_ops, s, "dchip0",
870                           256 * MiB);
871     memory_region_add_subregion(addr_space, 0x801b0000000ULL,
872                                 &s->dchip_region);
873 
874     /* Pchip0 PCI memory, 0x800.0000.0000, 4GB.  */
875     memory_region_init(&s->pchip.reg_mem, OBJECT(s), "pci0-mem", 4 * GiB);
876     memory_region_add_subregion(addr_space, 0x80000000000ULL,
877                                 &s->pchip.reg_mem);
878 
879     /* Pchip0 PCI I/O, 0x801.FC00.0000, 32MB.  */
880     memory_region_init_io(&s->pchip.reg_io, OBJECT(s), &alpha_pci_ignore_ops,
881                           NULL, "pci0-io", 32 * MiB);
882     memory_region_add_subregion(addr_space, 0x801fc000000ULL,
883                                 &s->pchip.reg_io);
884 
885     b = pci_register_root_bus(dev, "pci",
886                               typhoon_set_irq, sys_map_irq, s,
887                               &s->pchip.reg_mem, &s->pchip.reg_io,
888                               0, 64, TYPE_PCI_BUS);
889     phb->bus = b;
890     sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
891 
892     /* Host memory as seen from the PCI side, via the IOMMU.  */
893     memory_region_init_iommu(&s->pchip.iommu, sizeof(s->pchip.iommu),
894                              TYPE_TYPHOON_IOMMU_MEMORY_REGION, OBJECT(s),
895                              "iommu-typhoon", UINT64_MAX);
896     address_space_init(&s->pchip.iommu_as, MEMORY_REGION(&s->pchip.iommu),
897                        "pchip0-pci");
898     pci_setup_iommu(b, typhoon_pci_dma_iommu, s);
899 
900     /* Pchip0 PCI special/interrupt acknowledge, 0x801.F800.0000, 64MB.  */
901     memory_region_init_io(&s->pchip.reg_iack, OBJECT(s), &alpha_pci_iack_ops,
902                           b, "pci0-iack", 64 * MiB);
903     memory_region_add_subregion(addr_space, 0x801f8000000ULL,
904                                 &s->pchip.reg_iack);
905 
906     /* Pchip0 PCI configuration, 0x801.FE00.0000, 16MB.  */
907     memory_region_init_io(&s->pchip.reg_conf, OBJECT(s), &alpha_pci_conf1_ops,
908                           b, "pci0-conf", 16 * MiB);
909     memory_region_add_subregion(addr_space, 0x801fe000000ULL,
910                                 &s->pchip.reg_conf);
911 
912     /* For the record, these are the mappings for the second PCI bus.
913        We can get away with not implementing them because we indicate
914        via the Cchip.CSC<PIP> bit that Pchip1 is not present.  */
915     /* Pchip1 PCI memory, 0x802.0000.0000, 4GB.  */
916     /* Pchip1 CSRs, 0x802.8000.0000, 256MB.  */
917     /* Pchip1 PCI special/interrupt acknowledge, 0x802.F800.0000, 64MB.  */
918     /* Pchip1 PCI I/O, 0x802.FC00.0000, 32MB.  */
919     /* Pchip1 PCI configuration, 0x802.FE00.0000, 16MB.  */
920 
921     /* Init the ISA bus.  */
922     /* ??? Technically there should be a cy82c693ub pci-isa bridge.  */
923     {
924         qemu_irq *isa_irqs;
925 
926         *isa_bus = isa_bus_new(NULL, get_system_memory(), &s->pchip.reg_io,
927                                &error_abort);
928         isa_irqs = i8259_init(*isa_bus,
929                               qemu_allocate_irq(typhoon_set_isa_irq, s, 0));
930         isa_bus_irqs(*isa_bus, isa_irqs);
931     }
932 
933     return b;
934 }
935 
936 static const TypeInfo typhoon_pcihost_info = {
937     .name          = TYPE_TYPHOON_PCI_HOST_BRIDGE,
938     .parent        = TYPE_PCI_HOST_BRIDGE,
939     .instance_size = sizeof(TyphoonState),
940 };
941 
942 static void typhoon_iommu_memory_region_class_init(ObjectClass *klass,
943                                                    void *data)
944 {
945     IOMMUMemoryRegionClass *imrc = IOMMU_MEMORY_REGION_CLASS(klass);
946 
947     imrc->translate = typhoon_translate_iommu;
948 }
949 
950 static const TypeInfo typhoon_iommu_memory_region_info = {
951     .parent = TYPE_IOMMU_MEMORY_REGION,
952     .name = TYPE_TYPHOON_IOMMU_MEMORY_REGION,
953     .class_init = typhoon_iommu_memory_region_class_init,
954 };
955 
956 static void typhoon_register_types(void)
957 {
958     type_register_static(&typhoon_pcihost_info);
959     type_register_static(&typhoon_iommu_memory_region_info);
960 }
961 
962 type_init(typhoon_register_types)
963