xref: /openbmc/qemu/hw/intc/openpic.c (revision f7230e09b1ccfb7055b79dfee981e18d444a118a)
1 /*
2  * OpenPIC emulation
3  *
4  * Copyright (c) 2004 Jocelyn Mayer
5  *               2011 Alexander Graf
6  *
7  * Permission is hereby granted, free of charge, to any person obtaining a copy
8  * of this software and associated documentation files (the "Software"), to deal
9  * in the Software without restriction, including without limitation the rights
10  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11  * copies of the Software, and to permit persons to whom the Software is
12  * furnished to do so, subject to the following conditions:
13  *
14  * The above copyright notice and this permission notice shall be included in
15  * all copies or substantial portions of the Software.
16  *
17  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23  * THE SOFTWARE.
24  */
25 /*
26  *
27  * Based on OpenPic implementations:
28  * - Motorola MPC8245 & MPC8540 user manuals.
29  * - Motorola Harrier programmer manual
30  *
31  */
32 
33 #include "qemu/osdep.h"
34 #include "hw/irq.h"
35 #include "hw/pci/pci.h"
36 #include "hw/ppc/openpic.h"
37 #include "hw/ppc/ppc_e500.h"
38 #include "hw/qdev-properties.h"
39 #include "hw/sysbus.h"
40 #include "migration/vmstate.h"
41 #include "hw/pci/msi.h"
42 #include "qapi/error.h"
43 #include "qemu/bitops.h"
44 #include "qemu/module.h"
45 #include "qemu/timer.h"
46 #include "qemu/error-report.h"
47 
48 /* #define DEBUG_OPENPIC */
49 
50 #ifdef DEBUG_OPENPIC
51 static const int debug_openpic = 1;
52 #else
53 static const int debug_openpic = 0;
54 #endif
55 
56 static int get_current_cpu(void);
57 #define DPRINTF(fmt, ...) do { \
58         if (debug_openpic) { \
59             info_report("Core%d: " fmt, get_current_cpu(), ## __VA_ARGS__); \
60         } \
61     } while (0)
62 
63 /* OpenPIC capability flags */
64 #define OPENPIC_FLAG_IDR_CRIT     (1 << 0)
65 #define OPENPIC_FLAG_ILR          (2 << 0)
66 
67 /* OpenPIC address map */
68 #define OPENPIC_GLB_REG_START        0x0
69 #define OPENPIC_GLB_REG_SIZE         0x10F0
70 #define OPENPIC_TMR_REG_START        0x10F0
71 #define OPENPIC_TMR_REG_SIZE         0x220
72 #define OPENPIC_MSI_REG_START        0x1600
73 #define OPENPIC_MSI_REG_SIZE         0x200
74 #define OPENPIC_SUMMARY_REG_START   0x3800
75 #define OPENPIC_SUMMARY_REG_SIZE    0x800
76 #define OPENPIC_SRC_REG_START        0x10000
77 #define OPENPIC_SRC_REG_SIZE         (OPENPIC_MAX_SRC * 0x20)
78 #define OPENPIC_CPU_REG_START        0x20000
79 #define OPENPIC_CPU_REG_SIZE         0x100 + ((MAX_CPU - 1) * 0x1000)
80 
81 static FslMpicInfo fsl_mpic_20 = {
82     .max_ext = 12,
83 };
84 
85 static FslMpicInfo fsl_mpic_42 = {
86     .max_ext = 12,
87 };
88 
89 #define FRR_NIRQ_SHIFT    16
90 #define FRR_NCPU_SHIFT     8
91 #define FRR_VID_SHIFT      0
92 
93 #define VID_REVISION_1_2   2
94 #define VID_REVISION_1_3   3
95 
96 #define VIR_GENERIC      0x00000000 /* Generic Vendor ID */
97 #define VIR_MPIC2A       0x00004614 /* IBM MPIC-2A */
98 
99 #define GCR_RESET        0x80000000
100 #define GCR_MODE_PASS    0x00000000
101 #define GCR_MODE_MIXED   0x20000000
102 #define GCR_MODE_PROXY   0x60000000
103 
104 #define TBCR_CI           0x80000000 /* count inhibit */
105 #define TCCR_TOG          0x80000000 /* toggles when decrement to zero */
106 
107 #define IDR_EP_SHIFT      31
108 #define IDR_EP_MASK       (1U << IDR_EP_SHIFT)
109 #define IDR_CI0_SHIFT     30
110 #define IDR_CI1_SHIFT     29
111 #define IDR_P1_SHIFT      1
112 #define IDR_P0_SHIFT      0
113 
114 #define ILR_INTTGT_MASK   0x000000ff
115 #define ILR_INTTGT_INT    0x00
116 #define ILR_INTTGT_CINT   0x01 /* critical */
117 #define ILR_INTTGT_MCP    0x02 /* machine check */
118 
119 /*
120  * The currently supported INTTGT values happen to be the same as QEMU's
121  * openpic output codes, but don't depend on this.  The output codes
122  * could change (unlikely, but...) or support could be added for
123  * more INTTGT values.
124  */
125 static const int inttgt_output[][2] = {
126     { ILR_INTTGT_INT, OPENPIC_OUTPUT_INT },
127     { ILR_INTTGT_CINT, OPENPIC_OUTPUT_CINT },
128     { ILR_INTTGT_MCP, OPENPIC_OUTPUT_MCK },
129 };
130 
131 static int inttgt_to_output(int inttgt)
132 {
133     int i;
134 
135     for (i = 0; i < ARRAY_SIZE(inttgt_output); i++) {
136         if (inttgt_output[i][0] == inttgt) {
137             return inttgt_output[i][1];
138         }
139     }
140 
141     error_report("%s: unsupported inttgt %d", __func__, inttgt);
142     return OPENPIC_OUTPUT_INT;
143 }
144 
145 static int output_to_inttgt(int output)
146 {
147     int i;
148 
149     for (i = 0; i < ARRAY_SIZE(inttgt_output); i++) {
150         if (inttgt_output[i][1] == output) {
151             return inttgt_output[i][0];
152         }
153     }
154 
155     abort();
156 }
157 
158 #define MSIIR_OFFSET       0x140
159 #define MSIIR_SRS_SHIFT    29
160 #define MSIIR_SRS_MASK     (0x7 << MSIIR_SRS_SHIFT)
161 #define MSIIR_IBS_SHIFT    24
162 #define MSIIR_IBS_MASK     (0x1f << MSIIR_IBS_SHIFT)
163 
164 static int get_current_cpu(void)
165 {
166     if (!current_cpu) {
167         return -1;
168     }
169 
170     return current_cpu->cpu_index;
171 }
172 
173 static uint32_t openpic_cpu_read_internal(void *opaque, hwaddr addr,
174                                           int idx);
175 static void openpic_cpu_write_internal(void *opaque, hwaddr addr,
176                                        uint32_t val, int idx);
177 static void openpic_reset(DeviceState *d);
178 
179 /*
180  * Convert between openpic clock ticks and nanosecs.  In the hardware the clock
181  * frequency is driven by board inputs to the PIC which the PIC would then
182  * divide by 4 or 8.  For now hard code to 25MZ.
183  */
184 #define OPENPIC_TIMER_FREQ_MHZ 25
185 #define OPENPIC_TIMER_NS_PER_TICK (1000 / OPENPIC_TIMER_FREQ_MHZ)
186 static inline uint64_t ns_to_ticks(uint64_t ns)
187 {
188     return ns    / OPENPIC_TIMER_NS_PER_TICK;
189 }
190 static inline uint64_t ticks_to_ns(uint64_t ticks)
191 {
192     return ticks * OPENPIC_TIMER_NS_PER_TICK;
193 }
194 
195 static inline void IRQ_setbit(IRQQueue *q, int n_IRQ)
196 {
197     set_bit(n_IRQ, q->queue);
198 }
199 
200 static inline void IRQ_resetbit(IRQQueue *q, int n_IRQ)
201 {
202     clear_bit(n_IRQ, q->queue);
203 }
204 
205 static void IRQ_check(OpenPICState *opp, IRQQueue *q)
206 {
207     int irq = -1;
208     int next = -1;
209     int priority = -1;
210 
211     for (;;) {
212         irq = find_next_bit(q->queue, opp->max_irq, irq + 1);
213         if (irq == opp->max_irq) {
214             break;
215         }
216 
217         DPRINTF("IRQ_check: irq %d set ivpr_pr=%d pr=%d",
218                 irq, IVPR_PRIORITY(opp->src[irq].ivpr), priority);
219 
220         if (IVPR_PRIORITY(opp->src[irq].ivpr) > priority) {
221             next = irq;
222             priority = IVPR_PRIORITY(opp->src[irq].ivpr);
223         }
224     }
225 
226     q->next = next;
227     q->priority = priority;
228 }
229 
230 static int IRQ_get_next(OpenPICState *opp, IRQQueue *q)
231 {
232     /* XXX: optimize */
233     IRQ_check(opp, q);
234 
235     return q->next;
236 }
237 
238 static void IRQ_local_pipe(OpenPICState *opp, int n_CPU, int n_IRQ,
239                            bool active, bool was_active)
240 {
241     IRQDest *dst;
242     IRQSource *src;
243     int priority;
244 
245     dst = &opp->dst[n_CPU];
246     src = &opp->src[n_IRQ];
247 
248     DPRINTF("%s: IRQ %d active %d was %d",
249             __func__, n_IRQ, active, was_active);
250 
251     if (src->output != OPENPIC_OUTPUT_INT) {
252         DPRINTF("%s: output %d irq %d active %d was %d count %d",
253                 __func__, src->output, n_IRQ, active, was_active,
254                 dst->outputs_active[src->output]);
255 
256         /*
257          * On Freescale MPIC, critical interrupts ignore priority,
258          * IACK, EOI, etc.  Before MPIC v4.1 they also ignore
259          * masking.
260          */
261         if (active) {
262             if (!was_active && dst->outputs_active[src->output]++ == 0) {
263                 DPRINTF("%s: Raise OpenPIC output %d cpu %d irq %d",
264                         __func__, src->output, n_CPU, n_IRQ);
265                 qemu_irq_raise(dst->irqs[src->output]);
266             }
267         } else {
268             if (was_active && --dst->outputs_active[src->output] == 0) {
269                 DPRINTF("%s: Lower OpenPIC output %d cpu %d irq %d",
270                         __func__, src->output, n_CPU, n_IRQ);
271                 qemu_irq_lower(dst->irqs[src->output]);
272             }
273         }
274 
275         return;
276     }
277 
278     priority = IVPR_PRIORITY(src->ivpr);
279 
280     /*
281      * Even if the interrupt doesn't have enough priority,
282      * it is still raised, in case ctpr is lowered later.
283      */
284     if (active) {
285         IRQ_setbit(&dst->raised, n_IRQ);
286     } else {
287         IRQ_resetbit(&dst->raised, n_IRQ);
288     }
289 
290     IRQ_check(opp, &dst->raised);
291 
292     if (active && priority <= dst->ctpr) {
293         DPRINTF("%s: IRQ %d priority %d too low for ctpr %d on CPU %d",
294                 __func__, n_IRQ, priority, dst->ctpr, n_CPU);
295         active = 0;
296     }
297 
298     if (active) {
299         if (IRQ_get_next(opp, &dst->servicing) >= 0 &&
300                 priority <= dst->servicing.priority) {
301             DPRINTF("%s: IRQ %d is hidden by servicing IRQ %d on CPU %d",
302                     __func__, n_IRQ, dst->servicing.next, n_CPU);
303         } else {
304             DPRINTF("%s: Raise OpenPIC INT output cpu %d irq %d/%d",
305                     __func__, n_CPU, n_IRQ, dst->raised.next);
306             qemu_irq_raise(opp->dst[n_CPU].irqs[OPENPIC_OUTPUT_INT]);
307         }
308     } else {
309         IRQ_get_next(opp, &dst->servicing);
310         if (dst->raised.priority > dst->ctpr &&
311                 dst->raised.priority > dst->servicing.priority) {
312             DPRINTF("%s: IRQ %d inactive, IRQ %d prio %d above %d/%d, CPU %d",
313                     __func__, n_IRQ, dst->raised.next, dst->raised.priority,
314                     dst->ctpr, dst->servicing.priority, n_CPU);
315             /* IRQ line stays asserted */
316         } else {
317             DPRINTF("%s: IRQ %d inactive, current prio %d/%d, CPU %d",
318                     __func__, n_IRQ, dst->ctpr, dst->servicing.priority, n_CPU);
319             qemu_irq_lower(opp->dst[n_CPU].irqs[OPENPIC_OUTPUT_INT]);
320         }
321     }
322 }
323 
324 /* update pic state because registers for n_IRQ have changed value */
325 static void openpic_update_irq(OpenPICState *opp, int n_IRQ)
326 {
327     IRQSource *src;
328     bool active, was_active;
329     int i;
330 
331     src = &opp->src[n_IRQ];
332     active = src->pending;
333 
334     if ((src->ivpr & IVPR_MASK_MASK) && !src->nomask) {
335         /* Interrupt source is disabled */
336         DPRINTF("%s: IRQ %d is disabled", __func__, n_IRQ);
337         active = false;
338     }
339 
340     was_active = !!(src->ivpr & IVPR_ACTIVITY_MASK);
341 
342     /*
343      * We don't have a similar check for already-active because
344      * ctpr may have changed and we need to withdraw the interrupt.
345      */
346     if (!active && !was_active) {
347         DPRINTF("%s: IRQ %d is already inactive", __func__, n_IRQ);
348         return;
349     }
350 
351     if (active) {
352         src->ivpr |= IVPR_ACTIVITY_MASK;
353     } else {
354         src->ivpr &= ~IVPR_ACTIVITY_MASK;
355     }
356 
357     if (src->destmask == 0) {
358         /* No target */
359         DPRINTF("%s: IRQ %d has no target", __func__, n_IRQ);
360         return;
361     }
362 
363     if (src->destmask == (1 << src->last_cpu)) {
364         /* Only one CPU is allowed to receive this IRQ */
365         IRQ_local_pipe(opp, src->last_cpu, n_IRQ, active, was_active);
366     } else if (!(src->ivpr & IVPR_MODE_MASK)) {
367         /* Directed delivery mode */
368         for (i = 0; i < opp->nb_cpus; i++) {
369             if (src->destmask & (1 << i)) {
370                 IRQ_local_pipe(opp, i, n_IRQ, active, was_active);
371             }
372         }
373     } else {
374         /* Distributed delivery mode */
375         for (i = src->last_cpu + 1; i != src->last_cpu; i++) {
376             if (i == opp->nb_cpus) {
377                 i = 0;
378             }
379             if (src->destmask & (1 << i)) {
380                 IRQ_local_pipe(opp, i, n_IRQ, active, was_active);
381                 src->last_cpu = i;
382                 break;
383             }
384         }
385     }
386 }
387 
388 static void openpic_set_irq(void *opaque, int n_IRQ, int level)
389 {
390     OpenPICState *opp = opaque;
391     IRQSource *src;
392 
393     if (n_IRQ >= OPENPIC_MAX_IRQ) {
394         error_report("%s: IRQ %d out of range", __func__, n_IRQ);
395         abort();
396     }
397 
398     src = &opp->src[n_IRQ];
399     DPRINTF("openpic: set irq %d = %d ivpr=0x%08x",
400             n_IRQ, level, src->ivpr);
401     if (src->level) {
402         /* level-sensitive irq */
403         src->pending = level;
404         openpic_update_irq(opp, n_IRQ);
405     } else {
406         /* edge-sensitive irq */
407         if (level) {
408             src->pending = 1;
409             openpic_update_irq(opp, n_IRQ);
410         }
411 
412         if (src->output != OPENPIC_OUTPUT_INT) {
413             /*
414              * Edge-triggered interrupts shouldn't be used
415              * with non-INT delivery, but just in case,
416              * try to make it do something sane rather than
417              * cause an interrupt storm.  This is close to
418              * what you'd probably see happen in real hardware.
419              */
420             src->pending = 0;
421             openpic_update_irq(opp, n_IRQ);
422         }
423     }
424 }
425 
426 static inline uint32_t read_IRQreg_idr(OpenPICState *opp, int n_IRQ)
427 {
428     return opp->src[n_IRQ].idr;
429 }
430 
431 static inline uint32_t read_IRQreg_ilr(OpenPICState *opp, int n_IRQ)
432 {
433     if (opp->flags & OPENPIC_FLAG_ILR) {
434         return output_to_inttgt(opp->src[n_IRQ].output);
435     }
436 
437     return 0xffffffff;
438 }
439 
440 static inline uint32_t read_IRQreg_ivpr(OpenPICState *opp, int n_IRQ)
441 {
442     return opp->src[n_IRQ].ivpr;
443 }
444 
445 static inline void write_IRQreg_idr(OpenPICState *opp, int n_IRQ, uint32_t val)
446 {
447     IRQSource *src = &opp->src[n_IRQ];
448     uint32_t normal_mask = (1UL << opp->nb_cpus) - 1;
449     uint32_t crit_mask = 0;
450     uint32_t mask = normal_mask;
451     int crit_shift = IDR_EP_SHIFT - opp->nb_cpus;
452     int i;
453 
454     if (opp->flags & OPENPIC_FLAG_IDR_CRIT) {
455         crit_mask = mask << crit_shift;
456         mask |= crit_mask | IDR_EP;
457     }
458 
459     src->idr = val & mask;
460     DPRINTF("Set IDR %d to 0x%08x", n_IRQ, src->idr);
461 
462     if (opp->flags & OPENPIC_FLAG_IDR_CRIT) {
463         if (src->idr & crit_mask) {
464             if (src->idr & normal_mask) {
465                 DPRINTF("%s: IRQ configured for multiple output types, using "
466                         "critical", __func__);
467             }
468 
469             src->output = OPENPIC_OUTPUT_CINT;
470             src->nomask = true;
471             src->destmask = 0;
472 
473             for (i = 0; i < opp->nb_cpus; i++) {
474                 int n_ci = IDR_CI0_SHIFT - i;
475 
476                 if (src->idr & (1UL << n_ci)) {
477                     src->destmask |= 1UL << i;
478                 }
479             }
480         } else {
481             src->output = OPENPIC_OUTPUT_INT;
482             src->nomask = false;
483             src->destmask = src->idr & normal_mask;
484         }
485     } else {
486         src->destmask = src->idr;
487     }
488 }
489 
490 static inline void write_IRQreg_ilr(OpenPICState *opp, int n_IRQ, uint32_t val)
491 {
492     if (opp->flags & OPENPIC_FLAG_ILR) {
493         IRQSource *src = &opp->src[n_IRQ];
494 
495         src->output = inttgt_to_output(val & ILR_INTTGT_MASK);
496         DPRINTF("Set ILR %d to 0x%08x, output %d", n_IRQ, src->idr,
497                 src->output);
498 
499         /* TODO: on MPIC v4.0 only, set nomask for non-INT */
500     }
501 }
502 
503 static inline void write_IRQreg_ivpr(OpenPICState *opp, int n_IRQ, uint32_t val)
504 {
505     uint32_t mask;
506 
507     /*
508      * NOTE when implementing newer FSL MPIC models: starting with v4.0,
509      * the polarity bit is read-only on internal interrupts.
510      */
511     mask = IVPR_MASK_MASK | IVPR_PRIORITY_MASK | IVPR_SENSE_MASK |
512            IVPR_POLARITY_MASK | opp->vector_mask;
513 
514     /* ACTIVITY bit is read-only */
515     opp->src[n_IRQ].ivpr =
516         (opp->src[n_IRQ].ivpr & IVPR_ACTIVITY_MASK) | (val & mask);
517 
518     /*
519      * For FSL internal interrupts, The sense bit is reserved and zero,
520      * and the interrupt is always level-triggered.  Timers and IPIs
521      * have no sense or polarity bits, and are edge-triggered.
522      */
523     switch (opp->src[n_IRQ].type) {
524     case IRQ_TYPE_NORMAL:
525         opp->src[n_IRQ].level = !!(opp->src[n_IRQ].ivpr & IVPR_SENSE_MASK);
526         break;
527 
528     case IRQ_TYPE_FSLINT:
529         opp->src[n_IRQ].ivpr &= ~IVPR_SENSE_MASK;
530         break;
531 
532     case IRQ_TYPE_FSLSPECIAL:
533         opp->src[n_IRQ].ivpr &= ~(IVPR_POLARITY_MASK | IVPR_SENSE_MASK);
534         break;
535     }
536 
537     openpic_update_irq(opp, n_IRQ);
538     DPRINTF("Set IVPR %d to 0x%08x -> 0x%08x", n_IRQ, val,
539             opp->src[n_IRQ].ivpr);
540 }
541 
542 static void openpic_gcr_write(OpenPICState *opp, uint64_t val)
543 {
544     bool mpic_proxy = false;
545 
546     if (val & GCR_RESET) {
547         openpic_reset(DEVICE(opp));
548         return;
549     }
550 
551     opp->gcr &= ~opp->mpic_mode_mask;
552     opp->gcr |= val & opp->mpic_mode_mask;
553 
554     /* Set external proxy mode */
555     if ((val & opp->mpic_mode_mask) == GCR_MODE_PROXY) {
556         mpic_proxy = true;
557     }
558 
559     ppce500_set_mpic_proxy(mpic_proxy);
560 }
561 
562 static void openpic_gbl_write(void *opaque, hwaddr addr, uint64_t val,
563                               unsigned len)
564 {
565     OpenPICState *opp = opaque;
566     IRQDest *dst;
567     int idx;
568 
569     DPRINTF("%s: addr %#" HWADDR_PRIx " <= %08" PRIx64,
570             __func__, addr, val);
571     if (addr & 0xF) {
572         return;
573     }
574     switch (addr) {
575     case 0x00: /* Block Revision Register1 (BRR1) is Readonly */
576         break;
577     case 0x40:
578     case 0x50:
579     case 0x60:
580     case 0x70:
581     case 0x80:
582     case 0x90:
583     case 0xA0:
584     case 0xB0:
585         openpic_cpu_write_internal(opp, addr, val, get_current_cpu());
586         break;
587     case 0x1000: /* FRR */
588         break;
589     case 0x1020: /* GCR */
590         openpic_gcr_write(opp, val);
591         break;
592     case 0x1080: /* VIR */
593         break;
594     case 0x1090: /* PIR */
595         for (idx = 0; idx < opp->nb_cpus; idx++) {
596             if ((val & (1 << idx)) && !(opp->pir & (1 << idx))) {
597                 DPRINTF("Raise OpenPIC RESET output for CPU %d", idx);
598                 dst = &opp->dst[idx];
599                 qemu_irq_raise(dst->irqs[OPENPIC_OUTPUT_RESET]);
600             } else if (!(val & (1 << idx)) && (opp->pir & (1 << idx))) {
601                 DPRINTF("Lower OpenPIC RESET output for CPU %d", idx);
602                 dst = &opp->dst[idx];
603                 qemu_irq_lower(dst->irqs[OPENPIC_OUTPUT_RESET]);
604             }
605         }
606         opp->pir = val;
607         break;
608     case 0x10A0: /* IPI_IVPR */
609     case 0x10B0:
610     case 0x10C0:
611     case 0x10D0:
612         idx = (addr - 0x10A0) >> 4;
613         write_IRQreg_ivpr(opp, opp->irq_ipi0 + idx, val);
614         break;
615     case 0x10E0: /* SPVE */
616         opp->spve = val & opp->vector_mask;
617         break;
618     default:
619         break;
620     }
621 }
622 
623 static uint64_t openpic_gbl_read(void *opaque, hwaddr addr, unsigned len)
624 {
625     OpenPICState *opp = opaque;
626     uint32_t retval;
627 
628     DPRINTF("%s: addr %#" HWADDR_PRIx, __func__, addr);
629     retval = 0xFFFFFFFF;
630     if (addr & 0xF) {
631         return retval;
632     }
633     switch (addr) {
634     case 0x1000: /* FRR */
635         retval = opp->frr;
636         break;
637     case 0x1020: /* GCR */
638         retval = opp->gcr;
639         break;
640     case 0x1080: /* VIR */
641         retval = opp->vir;
642         break;
643     case 0x1090: /* PIR */
644         retval = 0x00000000;
645         break;
646     case 0x00: /* Block Revision Register1 (BRR1) */
647         retval = opp->brr1;
648         break;
649     case 0x40:
650     case 0x50:
651     case 0x60:
652     case 0x70:
653     case 0x80:
654     case 0x90:
655     case 0xA0:
656     case 0xB0:
657         retval = openpic_cpu_read_internal(opp, addr, get_current_cpu());
658         break;
659     case 0x10A0: /* IPI_IVPR */
660     case 0x10B0:
661     case 0x10C0:
662     case 0x10D0:
663         {
664             int idx;
665             idx = (addr - 0x10A0) >> 4;
666             retval = read_IRQreg_ivpr(opp, opp->irq_ipi0 + idx);
667         }
668         break;
669     case 0x10E0: /* SPVE */
670         retval = opp->spve;
671         break;
672     default:
673         break;
674     }
675     DPRINTF("%s: => 0x%08x", __func__, retval);
676 
677     return retval;
678 }
679 
680 static void openpic_tmr_set_tmr(OpenPICTimer *tmr, uint32_t val, bool enabled);
681 
682 static void qemu_timer_cb(void *opaque)
683 {
684     OpenPICTimer *tmr = opaque;
685     OpenPICState *opp = tmr->opp;
686     uint32_t    n_IRQ = tmr->n_IRQ;
687     uint32_t val =   tmr->tbcr & ~TBCR_CI;
688     uint32_t tog = ((tmr->tccr & TCCR_TOG) ^ TCCR_TOG);  /* invert toggle. */
689 
690     DPRINTF("%s n_IRQ=%d", __func__, n_IRQ);
691     /* Reload current count from base count and setup timer. */
692     tmr->tccr = val | tog;
693     openpic_tmr_set_tmr(tmr, val, /*enabled=*/true);
694     /* Raise the interrupt. */
695     opp->src[n_IRQ].destmask = read_IRQreg_idr(opp, n_IRQ);
696     openpic_set_irq(opp, n_IRQ, 1);
697     openpic_set_irq(opp, n_IRQ, 0);
698 }
699 
700 /*
701  * If enabled is true, arranges for an interrupt to be raised val clocks into
702  * the future, if enabled is false cancels the timer.
703  */
704 static void openpic_tmr_set_tmr(OpenPICTimer *tmr, uint32_t val, bool enabled)
705 {
706     uint64_t ns = ticks_to_ns(val & ~TCCR_TOG);
707     /*
708      * A count of zero causes a timer to be set to expire immediately.  This
709      * effectively stops the simulation since the timer is constantly expiring
710      * which prevents guest code execution, so we don't honor that
711      * configuration.  On real hardware, this situation would generate an
712      * interrupt on every clock cycle if the interrupt was unmasked.
713      */
714     if ((ns == 0) || !enabled) {
715         tmr->qemu_timer_active = false;
716         tmr->tccr = tmr->tccr & TCCR_TOG;
717         timer_del(tmr->qemu_timer); /* set timer to never expire. */
718     } else {
719         tmr->qemu_timer_active = true;
720         uint64_t now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
721         tmr->origin_time = now;
722         timer_mod(tmr->qemu_timer, now + ns);     /* set timer expiration. */
723     }
724 }
725 
726 /*
727  * Returns the current tccr value, i.e., timer value (in clocks) with
728  * appropriate TOG.
729  */
730 static uint64_t openpic_tmr_get_timer(OpenPICTimer *tmr)
731 {
732     uint64_t retval;
733     if (!tmr->qemu_timer_active) {
734         retval = tmr->tccr;
735     } else {
736         uint64_t now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
737         uint64_t used = now - tmr->origin_time;  /* nsecs */
738         uint32_t used_ticks = (uint32_t)ns_to_ticks(used);
739         uint32_t count = (tmr->tccr & ~TCCR_TOG) - used_ticks;
740         retval = (uint32_t)((tmr->tccr & TCCR_TOG) | (count & ~TCCR_TOG));
741     }
742     return retval;
743 }
744 
745 static void openpic_tmr_write(void *opaque, hwaddr addr, uint64_t val,
746                               unsigned len)
747 {
748     OpenPICState *opp = opaque;
749     int idx;
750 
751     DPRINTF("%s: addr %#" HWADDR_PRIx " <= %08" PRIx64,
752             __func__, (addr + 0x10f0), val);
753     if (addr & 0xF) {
754         return;
755     }
756 
757     if (addr == 0) {
758         /* TFRR */
759         opp->tfrr = val;
760         return;
761     }
762     addr -= 0x10;  /* correct for TFRR */
763     idx = (addr >> 6) & 0x3;
764 
765     switch (addr & 0x30) {
766     case 0x00: /* TCCR */
767         break;
768     case 0x10: /* TBCR */
769         /* Did the enable status change? */
770         if ((opp->timers[idx].tbcr & TBCR_CI) != (val & TBCR_CI)) {
771             /* Did "Count Inhibit" transition from 1 to 0? */
772             if ((val & TBCR_CI) == 0) {
773                 opp->timers[idx].tccr = val & ~TCCR_TOG;
774             }
775             openpic_tmr_set_tmr(&opp->timers[idx],
776                                 (val & ~TBCR_CI),
777                                 /*enabled=*/((val & TBCR_CI) == 0));
778         }
779         opp->timers[idx].tbcr = val;
780         break;
781     case 0x20: /* TVPR */
782         write_IRQreg_ivpr(opp, opp->irq_tim0 + idx, val);
783         break;
784     case 0x30: /* TDR */
785         write_IRQreg_idr(opp, opp->irq_tim0 + idx, val);
786         break;
787     }
788 }
789 
790 static uint64_t openpic_tmr_read(void *opaque, hwaddr addr, unsigned len)
791 {
792     OpenPICState *opp = opaque;
793     uint32_t retval = -1;
794     int idx;
795 
796     DPRINTF("%s: addr %#" HWADDR_PRIx, __func__, addr + 0x10f0);
797     if (addr & 0xF) {
798         goto out;
799     }
800     if (addr == 0) {
801         /* TFRR */
802         retval = opp->tfrr;
803         goto out;
804     }
805     addr -= 0x10;  /* correct for TFRR */
806     idx = (addr >> 6) & 0x3;
807     switch (addr & 0x30) {
808     case 0x00: /* TCCR */
809         retval = openpic_tmr_get_timer(&opp->timers[idx]);
810         break;
811     case 0x10: /* TBCR */
812         retval = opp->timers[idx].tbcr;
813         break;
814     case 0x20: /* TVPR */
815         retval = read_IRQreg_ivpr(opp, opp->irq_tim0 + idx);
816         break;
817     case 0x30: /* TDR */
818         retval = read_IRQreg_idr(opp, opp->irq_tim0 + idx);
819         break;
820     }
821 
822 out:
823     DPRINTF("%s: => 0x%08x", __func__, retval);
824 
825     return retval;
826 }
827 
828 static void openpic_src_write(void *opaque, hwaddr addr, uint64_t val,
829                               unsigned len)
830 {
831     OpenPICState *opp = opaque;
832     int idx;
833 
834     DPRINTF("%s: addr %#" HWADDR_PRIx " <= %08" PRIx64,
835             __func__, addr, val);
836 
837     addr = addr & 0xffff;
838     idx = addr >> 5;
839 
840     switch (addr & 0x1f) {
841     case 0x00:
842         write_IRQreg_ivpr(opp, idx, val);
843         break;
844     case 0x10:
845         write_IRQreg_idr(opp, idx, val);
846         break;
847     case 0x18:
848         write_IRQreg_ilr(opp, idx, val);
849         break;
850     }
851 }
852 
853 static uint64_t openpic_src_read(void *opaque, uint64_t addr, unsigned len)
854 {
855     OpenPICState *opp = opaque;
856     uint32_t retval;
857     int idx;
858 
859     DPRINTF("%s: addr %#" HWADDR_PRIx, __func__, addr);
860     retval = 0xFFFFFFFF;
861 
862     addr = addr & 0xffff;
863     idx = addr >> 5;
864 
865     switch (addr & 0x1f) {
866     case 0x00:
867         retval = read_IRQreg_ivpr(opp, idx);
868         break;
869     case 0x10:
870         retval = read_IRQreg_idr(opp, idx);
871         break;
872     case 0x18:
873         retval = read_IRQreg_ilr(opp, idx);
874         break;
875     }
876 
877     DPRINTF("%s: => 0x%08x", __func__, retval);
878     return retval;
879 }
880 
881 static void openpic_msi_write(void *opaque, hwaddr addr, uint64_t val,
882                               unsigned size)
883 {
884     OpenPICState *opp = opaque;
885     int idx = opp->irq_msi;
886     int srs, ibs;
887 
888     DPRINTF("%s: addr %#" HWADDR_PRIx " <= 0x%08" PRIx64,
889             __func__, addr, val);
890     if (addr & 0xF) {
891         return;
892     }
893 
894     switch (addr) {
895     case MSIIR_OFFSET:
896         srs = val >> MSIIR_SRS_SHIFT;
897         idx += srs;
898         ibs = (val & MSIIR_IBS_MASK) >> MSIIR_IBS_SHIFT;
899         opp->msi[srs].msir |= 1 << ibs;
900         openpic_set_irq(opp, idx, 1);
901         break;
902     default:
903         /* most registers are read-only, thus ignored */
904         break;
905     }
906 }
907 
908 static uint64_t openpic_msi_read(void *opaque, hwaddr addr, unsigned size)
909 {
910     OpenPICState *opp = opaque;
911     uint64_t r = 0;
912     int i, srs;
913 
914     DPRINTF("%s: addr %#" HWADDR_PRIx, __func__, addr);
915     if (addr & 0xF) {
916         return -1;
917     }
918 
919     srs = addr >> 4;
920 
921     switch (addr) {
922     case 0x00:
923     case 0x10:
924     case 0x20:
925     case 0x30:
926     case 0x40:
927     case 0x50:
928     case 0x60:
929     case 0x70: /* MSIRs */
930         r = opp->msi[srs].msir;
931         /* Clear on read */
932         opp->msi[srs].msir = 0;
933         openpic_set_irq(opp, opp->irq_msi + srs, 0);
934         break;
935     case 0x120: /* MSISR */
936         for (i = 0; i < MAX_MSI; i++) {
937             r |= (opp->msi[i].msir ? 1 : 0) << i;
938         }
939         break;
940     }
941 
942     return r;
943 }
944 
945 static uint64_t openpic_summary_read(void *opaque, hwaddr addr, unsigned size)
946 {
947     uint64_t r = 0;
948 
949     DPRINTF("%s: addr %#" HWADDR_PRIx, __func__, addr);
950 
951     /* TODO: EISR/EIMR */
952 
953     return r;
954 }
955 
956 static void openpic_summary_write(void *opaque, hwaddr addr, uint64_t val,
957                                   unsigned size)
958 {
959     DPRINTF("%s: addr %#" HWADDR_PRIx " <= 0x%08" PRIx64,
960             __func__, addr, val);
961 
962     /* TODO: EISR/EIMR */
963 }
964 
965 static void openpic_cpu_write_internal(void *opaque, hwaddr addr,
966                                        uint32_t val, int idx)
967 {
968     OpenPICState *opp = opaque;
969     IRQSource *src;
970     IRQDest *dst;
971     int s_IRQ, n_IRQ;
972 
973     DPRINTF("%s: cpu %d addr %#" HWADDR_PRIx " <= 0x%08x", __func__, idx,
974             addr, val);
975 
976     if (idx < 0 || idx >= opp->nb_cpus) {
977         return;
978     }
979 
980     if (addr & 0xF) {
981         return;
982     }
983     dst = &opp->dst[idx];
984     addr &= 0xFF0;
985     switch (addr) {
986     case 0x40: /* IPIDR */
987     case 0x50:
988     case 0x60:
989     case 0x70:
990         idx = (addr - 0x40) >> 4;
991         /* we use IDE as mask which CPUs to deliver the IPI to still. */
992         opp->src[opp->irq_ipi0 + idx].destmask |= val;
993         openpic_set_irq(opp, opp->irq_ipi0 + idx, 1);
994         openpic_set_irq(opp, opp->irq_ipi0 + idx, 0);
995         break;
996     case 0x80: /* CTPR */
997         dst->ctpr = val & 0x0000000F;
998 
999         DPRINTF("%s: set CPU %d ctpr to %d, raised %d servicing %d",
1000                 __func__, idx, dst->ctpr, dst->raised.priority,
1001                 dst->servicing.priority);
1002 
1003         if (dst->raised.priority <= dst->ctpr) {
1004             DPRINTF("%s: Lower OpenPIC INT output cpu %d due to ctpr",
1005                     __func__, idx);
1006             qemu_irq_lower(dst->irqs[OPENPIC_OUTPUT_INT]);
1007         } else if (dst->raised.priority > dst->servicing.priority) {
1008             DPRINTF("%s: Raise OpenPIC INT output cpu %d irq %d",
1009                     __func__, idx, dst->raised.next);
1010             qemu_irq_raise(dst->irqs[OPENPIC_OUTPUT_INT]);
1011         }
1012 
1013         break;
1014     case 0x90: /* WHOAMI */
1015         /* Read-only register */
1016         break;
1017     case 0xA0: /* IACK */
1018         /* Read-only register */
1019         break;
1020     case 0xB0: /* EOI */
1021         DPRINTF("EOI");
1022         s_IRQ = IRQ_get_next(opp, &dst->servicing);
1023 
1024         if (s_IRQ < 0) {
1025             DPRINTF("%s: EOI with no interrupt in service", __func__);
1026             break;
1027         }
1028 
1029         IRQ_resetbit(&dst->servicing, s_IRQ);
1030         /* Set up next servicing IRQ */
1031         s_IRQ = IRQ_get_next(opp, &dst->servicing);
1032         /* Check queued interrupts. */
1033         n_IRQ = IRQ_get_next(opp, &dst->raised);
1034         src = &opp->src[n_IRQ];
1035         if (n_IRQ != -1 &&
1036             (s_IRQ == -1 ||
1037              IVPR_PRIORITY(src->ivpr) > dst->servicing.priority)) {
1038             DPRINTF("Raise OpenPIC INT output cpu %d irq %d",
1039                     idx, n_IRQ);
1040             qemu_irq_raise(opp->dst[idx].irqs[OPENPIC_OUTPUT_INT]);
1041         }
1042         break;
1043     default:
1044         break;
1045     }
1046 }
1047 
1048 static void openpic_cpu_write(void *opaque, hwaddr addr, uint64_t val,
1049                               unsigned len)
1050 {
1051     openpic_cpu_write_internal(opaque, addr, val, (addr & 0x1f000) >> 12);
1052 }
1053 
1054 
1055 static uint32_t openpic_iack(OpenPICState *opp, IRQDest *dst, int cpu)
1056 {
1057     IRQSource *src;
1058     int retval, irq;
1059 
1060     DPRINTF("Lower OpenPIC INT output");
1061     qemu_irq_lower(dst->irqs[OPENPIC_OUTPUT_INT]);
1062 
1063     irq = IRQ_get_next(opp, &dst->raised);
1064     DPRINTF("IACK: irq=%d", irq);
1065 
1066     if (irq == -1) {
1067         /* No more interrupt pending */
1068         return opp->spve;
1069     }
1070 
1071     src = &opp->src[irq];
1072     if (!(src->ivpr & IVPR_ACTIVITY_MASK) ||
1073             !(IVPR_PRIORITY(src->ivpr) > dst->ctpr)) {
1074         error_report("%s: bad raised IRQ %d ctpr %d ivpr 0x%08x",
1075                 __func__, irq, dst->ctpr, src->ivpr);
1076         openpic_update_irq(opp, irq);
1077         retval = opp->spve;
1078     } else {
1079         /* IRQ enter servicing state */
1080         IRQ_setbit(&dst->servicing, irq);
1081         retval = IVPR_VECTOR(opp, src->ivpr);
1082     }
1083 
1084     if (!src->level) {
1085         /* edge-sensitive IRQ */
1086         src->ivpr &= ~IVPR_ACTIVITY_MASK;
1087         src->pending = 0;
1088         IRQ_resetbit(&dst->raised, irq);
1089     }
1090 
1091     /* Timers and IPIs support multicast. */
1092     if (((irq >= opp->irq_ipi0) && (irq < (opp->irq_ipi0 + OPENPIC_MAX_IPI))) ||
1093         ((irq >= opp->irq_tim0) && (irq < (opp->irq_tim0 + OPENPIC_MAX_TMR)))) {
1094         DPRINTF("irq is IPI or TMR");
1095         src->destmask &= ~(1 << cpu);
1096         if (src->destmask && !src->level) {
1097             /* trigger on CPUs that didn't know about it yet */
1098             openpic_set_irq(opp, irq, 1);
1099             openpic_set_irq(opp, irq, 0);
1100             /* if all CPUs knew about it, set active bit again */
1101             src->ivpr |= IVPR_ACTIVITY_MASK;
1102         }
1103     }
1104 
1105     return retval;
1106 }
1107 
1108 static uint32_t openpic_cpu_read_internal(void *opaque, hwaddr addr,
1109                                           int idx)
1110 {
1111     OpenPICState *opp = opaque;
1112     IRQDest *dst;
1113     uint32_t retval;
1114 
1115     DPRINTF("%s: cpu %d addr %#" HWADDR_PRIx, __func__, idx, addr);
1116     retval = 0xFFFFFFFF;
1117 
1118     if (idx < 0 || idx >= opp->nb_cpus) {
1119         return retval;
1120     }
1121 
1122     if (addr & 0xF) {
1123         return retval;
1124     }
1125     dst = &opp->dst[idx];
1126     addr &= 0xFF0;
1127     switch (addr) {
1128     case 0x80: /* CTPR */
1129         retval = dst->ctpr;
1130         break;
1131     case 0x90: /* WHOAMI */
1132         retval = idx;
1133         break;
1134     case 0xA0: /* IACK */
1135         retval = openpic_iack(opp, dst, idx);
1136         break;
1137     case 0xB0: /* EOI */
1138         retval = 0;
1139         break;
1140     default:
1141         break;
1142     }
1143     DPRINTF("%s: => 0x%08x", __func__, retval);
1144 
1145     return retval;
1146 }
1147 
1148 static uint64_t openpic_cpu_read(void *opaque, hwaddr addr, unsigned len)
1149 {
1150     return openpic_cpu_read_internal(opaque, addr, (addr & 0x1f000) >> 12);
1151 }
1152 
1153 static const MemoryRegionOps openpic_glb_ops_le = {
1154     .write = openpic_gbl_write,
1155     .read  = openpic_gbl_read,
1156     .endianness = DEVICE_LITTLE_ENDIAN,
1157     .impl = {
1158         .min_access_size = 4,
1159         .max_access_size = 4,
1160     },
1161 };
1162 
1163 static const MemoryRegionOps openpic_glb_ops_be = {
1164     .write = openpic_gbl_write,
1165     .read  = openpic_gbl_read,
1166     .endianness = DEVICE_BIG_ENDIAN,
1167     .impl = {
1168         .min_access_size = 4,
1169         .max_access_size = 4,
1170     },
1171 };
1172 
1173 static const MemoryRegionOps openpic_tmr_ops_le = {
1174     .write = openpic_tmr_write,
1175     .read  = openpic_tmr_read,
1176     .endianness = DEVICE_LITTLE_ENDIAN,
1177     .impl = {
1178         .min_access_size = 4,
1179         .max_access_size = 4,
1180     },
1181 };
1182 
1183 static const MemoryRegionOps openpic_tmr_ops_be = {
1184     .write = openpic_tmr_write,
1185     .read  = openpic_tmr_read,
1186     .endianness = DEVICE_BIG_ENDIAN,
1187     .impl = {
1188         .min_access_size = 4,
1189         .max_access_size = 4,
1190     },
1191 };
1192 
1193 static const MemoryRegionOps openpic_cpu_ops_le = {
1194     .write = openpic_cpu_write,
1195     .read  = openpic_cpu_read,
1196     .endianness = DEVICE_LITTLE_ENDIAN,
1197     .impl = {
1198         .min_access_size = 4,
1199         .max_access_size = 4,
1200     },
1201 };
1202 
1203 static const MemoryRegionOps openpic_cpu_ops_be = {
1204     .write = openpic_cpu_write,
1205     .read  = openpic_cpu_read,
1206     .endianness = DEVICE_BIG_ENDIAN,
1207     .impl = {
1208         .min_access_size = 4,
1209         .max_access_size = 4,
1210     },
1211 };
1212 
1213 static const MemoryRegionOps openpic_src_ops_le = {
1214     .write = openpic_src_write,
1215     .read  = openpic_src_read,
1216     .endianness = DEVICE_LITTLE_ENDIAN,
1217     .impl = {
1218         .min_access_size = 4,
1219         .max_access_size = 4,
1220     },
1221 };
1222 
1223 static const MemoryRegionOps openpic_src_ops_be = {
1224     .write = openpic_src_write,
1225     .read  = openpic_src_read,
1226     .endianness = DEVICE_BIG_ENDIAN,
1227     .impl = {
1228         .min_access_size = 4,
1229         .max_access_size = 4,
1230     },
1231 };
1232 
1233 static const MemoryRegionOps openpic_msi_ops_be = {
1234     .read = openpic_msi_read,
1235     .write = openpic_msi_write,
1236     .endianness = DEVICE_BIG_ENDIAN,
1237     .impl = {
1238         .min_access_size = 4,
1239         .max_access_size = 4,
1240     },
1241 };
1242 
1243 static const MemoryRegionOps openpic_summary_ops_be = {
1244     .read = openpic_summary_read,
1245     .write = openpic_summary_write,
1246     .endianness = DEVICE_BIG_ENDIAN,
1247     .impl = {
1248         .min_access_size = 4,
1249         .max_access_size = 4,
1250     },
1251 };
1252 
1253 static void openpic_reset(DeviceState *d)
1254 {
1255     OpenPICState *opp = OPENPIC(d);
1256     int i;
1257 
1258     opp->gcr = GCR_RESET;
1259     /* Initialise controller registers */
1260     opp->frr = ((opp->nb_irqs - 1) << FRR_NIRQ_SHIFT) |
1261                ((opp->nb_cpus - 1) << FRR_NCPU_SHIFT) |
1262                (opp->vid << FRR_VID_SHIFT);
1263 
1264     opp->pir = 0;
1265     opp->spve = -1 & opp->vector_mask;
1266     opp->tfrr = opp->tfrr_reset;
1267     /* Initialise IRQ sources */
1268     for (i = 0; i < opp->max_irq; i++) {
1269         opp->src[i].ivpr = opp->ivpr_reset;
1270         switch (opp->src[i].type) {
1271         case IRQ_TYPE_NORMAL:
1272             opp->src[i].level = !!(opp->ivpr_reset & IVPR_SENSE_MASK);
1273             break;
1274 
1275         case IRQ_TYPE_FSLINT:
1276             opp->src[i].ivpr |= IVPR_POLARITY_MASK;
1277             break;
1278 
1279         case IRQ_TYPE_FSLSPECIAL:
1280             break;
1281         }
1282 
1283         /* Mask all IPI interrupts for Freescale OpenPIC */
1284         if ((opp->model == OPENPIC_MODEL_FSL_MPIC_20) ||
1285             (opp->model == OPENPIC_MODEL_FSL_MPIC_42)) {
1286             if (i >= opp->irq_ipi0 && i < opp->irq_tim0) {
1287                 write_IRQreg_idr(opp, i, 0);
1288                 continue;
1289             }
1290         }
1291 
1292         write_IRQreg_idr(opp, i, opp->idr_reset);
1293     }
1294     /* Initialise IRQ destinations */
1295     for (i = 0; i < opp->nb_cpus; i++) {
1296         opp->dst[i].ctpr      = 15;
1297         opp->dst[i].raised.next = -1;
1298         opp->dst[i].raised.priority = 0;
1299         bitmap_clear(opp->dst[i].raised.queue, 0, IRQQUEUE_SIZE_BITS);
1300         opp->dst[i].servicing.next = -1;
1301         opp->dst[i].servicing.priority = 0;
1302         bitmap_clear(opp->dst[i].servicing.queue, 0, IRQQUEUE_SIZE_BITS);
1303     }
1304     /* Initialise timers */
1305     for (i = 0; i < OPENPIC_MAX_TMR; i++) {
1306         opp->timers[i].tccr = 0;
1307         opp->timers[i].tbcr = TBCR_CI;
1308         if (opp->timers[i].qemu_timer_active) {
1309             timer_del(opp->timers[i].qemu_timer);  /* Inhibit timer */
1310             opp->timers[i].qemu_timer_active = false;
1311         }
1312     }
1313     /* Go out of RESET state */
1314     opp->gcr = 0;
1315 }
1316 
1317 typedef struct MemReg {
1318     const char             *name;
1319     MemoryRegionOps const  *ops;
1320     hwaddr                  start_addr;
1321     ram_addr_t              size;
1322 } MemReg;
1323 
1324 static void fsl_common_init(OpenPICState *opp)
1325 {
1326     int i;
1327     int virq = OPENPIC_MAX_SRC;
1328 
1329     opp->vid = VID_REVISION_1_2;
1330     opp->vir = VIR_GENERIC;
1331     opp->vector_mask = 0xFFFF;
1332     opp->tfrr_reset = 0;
1333     opp->ivpr_reset = IVPR_MASK_MASK;
1334     opp->idr_reset = 1 << 0;
1335     opp->max_irq = OPENPIC_MAX_IRQ;
1336 
1337     opp->irq_ipi0 = virq;
1338     virq += OPENPIC_MAX_IPI;
1339     opp->irq_tim0 = virq;
1340     virq += OPENPIC_MAX_TMR;
1341 
1342     assert(virq <= OPENPIC_MAX_IRQ);
1343 
1344     opp->irq_msi = 224;
1345 
1346     msi_nonbroken = true;
1347     for (i = 0; i < opp->fsl->max_ext; i++) {
1348         opp->src[i].level = false;
1349     }
1350 
1351     /* Internal interrupts, including message and MSI */
1352     for (i = 16; i < OPENPIC_MAX_SRC; i++) {
1353         opp->src[i].type = IRQ_TYPE_FSLINT;
1354         opp->src[i].level = true;
1355     }
1356 
1357     /* timers and IPIs */
1358     for (i = OPENPIC_MAX_SRC; i < virq; i++) {
1359         opp->src[i].type = IRQ_TYPE_FSLSPECIAL;
1360         opp->src[i].level = false;
1361     }
1362 
1363     for (i = 0; i < OPENPIC_MAX_TMR; i++) {
1364         opp->timers[i].n_IRQ = opp->irq_tim0 + i;
1365         opp->timers[i].qemu_timer_active = false;
1366         opp->timers[i].qemu_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL,
1367                                                  &qemu_timer_cb,
1368                                                  &opp->timers[i]);
1369         opp->timers[i].opp = opp;
1370     }
1371 }
1372 
1373 static void map_list(OpenPICState *opp, const MemReg *list, int *count)
1374 {
1375     while (list->name) {
1376         assert(*count < ARRAY_SIZE(opp->sub_io_mem));
1377 
1378         memory_region_init_io(&opp->sub_io_mem[*count], OBJECT(opp), list->ops,
1379                               opp, list->name, list->size);
1380 
1381         memory_region_add_subregion(&opp->mem, list->start_addr,
1382                                     &opp->sub_io_mem[*count]);
1383 
1384         (*count)++;
1385         list++;
1386     }
1387 }
1388 
1389 static const VMStateDescription vmstate_openpic_irq_queue = {
1390     .name = "openpic_irq_queue",
1391     .version_id = 0,
1392     .minimum_version_id = 0,
1393     .fields = (const VMStateField[]) {
1394         VMSTATE_BITMAP(queue, IRQQueue, 0, queue_size),
1395         VMSTATE_INT32(next, IRQQueue),
1396         VMSTATE_INT32(priority, IRQQueue),
1397         VMSTATE_END_OF_LIST()
1398     }
1399 };
1400 
1401 static const VMStateDescription vmstate_openpic_irqdest = {
1402     .name = "openpic_irqdest",
1403     .version_id = 0,
1404     .minimum_version_id = 0,
1405     .fields = (const VMStateField[]) {
1406         VMSTATE_INT32(ctpr, IRQDest),
1407         VMSTATE_STRUCT(raised, IRQDest, 0, vmstate_openpic_irq_queue,
1408                        IRQQueue),
1409         VMSTATE_STRUCT(servicing, IRQDest, 0, vmstate_openpic_irq_queue,
1410                        IRQQueue),
1411         VMSTATE_UINT32_ARRAY(outputs_active, IRQDest, OPENPIC_OUTPUT_NB),
1412         VMSTATE_END_OF_LIST()
1413     }
1414 };
1415 
1416 static const VMStateDescription vmstate_openpic_irqsource = {
1417     .name = "openpic_irqsource",
1418     .version_id = 0,
1419     .minimum_version_id = 0,
1420     .fields = (const VMStateField[]) {
1421         VMSTATE_UINT32(ivpr, IRQSource),
1422         VMSTATE_UINT32(idr, IRQSource),
1423         VMSTATE_UINT32(destmask, IRQSource),
1424         VMSTATE_INT32(last_cpu, IRQSource),
1425         VMSTATE_INT32(pending, IRQSource),
1426         VMSTATE_END_OF_LIST()
1427     }
1428 };
1429 
1430 static const VMStateDescription vmstate_openpic_timer = {
1431     .name = "openpic_timer",
1432     .version_id = 0,
1433     .minimum_version_id = 0,
1434     .fields = (const VMStateField[]) {
1435         VMSTATE_UINT32(tccr, OpenPICTimer),
1436         VMSTATE_UINT32(tbcr, OpenPICTimer),
1437         VMSTATE_END_OF_LIST()
1438     }
1439 };
1440 
1441 static const VMStateDescription vmstate_openpic_msi = {
1442     .name = "openpic_msi",
1443     .version_id = 0,
1444     .minimum_version_id = 0,
1445     .fields = (const VMStateField[]) {
1446         VMSTATE_UINT32(msir, OpenPICMSI),
1447         VMSTATE_END_OF_LIST()
1448     }
1449 };
1450 
1451 static int openpic_post_load(void *opaque, int version_id)
1452 {
1453     OpenPICState *opp = (OpenPICState *)opaque;
1454     int i;
1455 
1456     /* Update internal ivpr and idr variables */
1457     for (i = 0; i < opp->max_irq; i++) {
1458         write_IRQreg_idr(opp, i, opp->src[i].idr);
1459         write_IRQreg_ivpr(opp, i, opp->src[i].ivpr);
1460     }
1461 
1462     return 0;
1463 }
1464 
1465 static const VMStateDescription vmstate_openpic = {
1466     .name = "openpic",
1467     .version_id = 3,
1468     .minimum_version_id = 3,
1469     .post_load = openpic_post_load,
1470     .fields = (const VMStateField[]) {
1471         VMSTATE_UINT32(gcr, OpenPICState),
1472         VMSTATE_UINT32(vir, OpenPICState),
1473         VMSTATE_UINT32(pir, OpenPICState),
1474         VMSTATE_UINT32(spve, OpenPICState),
1475         VMSTATE_UINT32(tfrr, OpenPICState),
1476         VMSTATE_UINT32(max_irq, OpenPICState),
1477         VMSTATE_STRUCT_VARRAY_UINT32(src, OpenPICState, max_irq, 0,
1478                                      vmstate_openpic_irqsource, IRQSource),
1479         VMSTATE_UINT32_EQUAL(nb_cpus, OpenPICState, NULL),
1480         VMSTATE_STRUCT_VARRAY_UINT32(dst, OpenPICState, nb_cpus, 0,
1481                                      vmstate_openpic_irqdest, IRQDest),
1482         VMSTATE_STRUCT_ARRAY(timers, OpenPICState, OPENPIC_MAX_TMR, 0,
1483                              vmstate_openpic_timer, OpenPICTimer),
1484         VMSTATE_STRUCT_ARRAY(msi, OpenPICState, MAX_MSI, 0,
1485                              vmstate_openpic_msi, OpenPICMSI),
1486         VMSTATE_UINT32(irq_ipi0, OpenPICState),
1487         VMSTATE_UINT32(irq_tim0, OpenPICState),
1488         VMSTATE_UINT32(irq_msi, OpenPICState),
1489         VMSTATE_END_OF_LIST()
1490     }
1491 };
1492 
1493 static void openpic_init(Object *obj)
1494 {
1495     OpenPICState *opp = OPENPIC(obj);
1496 
1497     memory_region_init(&opp->mem, obj, "openpic", 0x40000);
1498 }
1499 
1500 static void openpic_realize(DeviceState *dev, Error **errp)
1501 {
1502     SysBusDevice *d = SYS_BUS_DEVICE(dev);
1503     OpenPICState *opp = OPENPIC(dev);
1504     int i, j;
1505     int list_count = 0;
1506     static const MemReg list_le[] = {
1507         {"glb", &openpic_glb_ops_le,
1508                 OPENPIC_GLB_REG_START, OPENPIC_GLB_REG_SIZE},
1509         {"tmr", &openpic_tmr_ops_le,
1510                 OPENPIC_TMR_REG_START, OPENPIC_TMR_REG_SIZE},
1511         {"src", &openpic_src_ops_le,
1512                 OPENPIC_SRC_REG_START, OPENPIC_SRC_REG_SIZE},
1513         {"cpu", &openpic_cpu_ops_le,
1514                 OPENPIC_CPU_REG_START, OPENPIC_CPU_REG_SIZE},
1515         {NULL}
1516     };
1517     static const MemReg list_be[] = {
1518         {"glb", &openpic_glb_ops_be,
1519                 OPENPIC_GLB_REG_START, OPENPIC_GLB_REG_SIZE},
1520         {"tmr", &openpic_tmr_ops_be,
1521                 OPENPIC_TMR_REG_START, OPENPIC_TMR_REG_SIZE},
1522         {"src", &openpic_src_ops_be,
1523                 OPENPIC_SRC_REG_START, OPENPIC_SRC_REG_SIZE},
1524         {"cpu", &openpic_cpu_ops_be,
1525                 OPENPIC_CPU_REG_START, OPENPIC_CPU_REG_SIZE},
1526         {NULL}
1527     };
1528     static const MemReg list_fsl[] = {
1529         {"msi", &openpic_msi_ops_be,
1530                 OPENPIC_MSI_REG_START, OPENPIC_MSI_REG_SIZE},
1531         {"summary", &openpic_summary_ops_be,
1532                 OPENPIC_SUMMARY_REG_START, OPENPIC_SUMMARY_REG_SIZE},
1533         {NULL}
1534     };
1535 
1536     if (opp->nb_cpus > MAX_CPU) {
1537         error_setg(errp, "property 'nb_cpus' can be at most %d", MAX_CPU);
1538         return;
1539     }
1540 
1541     switch (opp->model) {
1542     case OPENPIC_MODEL_FSL_MPIC_20:
1543     default:
1544         opp->fsl = &fsl_mpic_20;
1545         opp->brr1 = 0x00400200;
1546         opp->flags |= OPENPIC_FLAG_IDR_CRIT;
1547         opp->nb_irqs = 80;
1548         opp->mpic_mode_mask = GCR_MODE_MIXED;
1549 
1550         fsl_common_init(opp);
1551         map_list(opp, list_be, &list_count);
1552         map_list(opp, list_fsl, &list_count);
1553 
1554         break;
1555 
1556     case OPENPIC_MODEL_FSL_MPIC_42:
1557         opp->fsl = &fsl_mpic_42;
1558         opp->brr1 = 0x00400402;
1559         opp->flags |= OPENPIC_FLAG_ILR;
1560         opp->nb_irqs = 196;
1561         opp->mpic_mode_mask = GCR_MODE_PROXY;
1562 
1563         fsl_common_init(opp);
1564         map_list(opp, list_be, &list_count);
1565         map_list(opp, list_fsl, &list_count);
1566 
1567         break;
1568 
1569     case OPENPIC_MODEL_KEYLARGO:
1570         opp->nb_irqs = KEYLARGO_MAX_EXT;
1571         opp->vid = VID_REVISION_1_2;
1572         opp->vir = VIR_GENERIC;
1573         opp->vector_mask = 0xFF;
1574         opp->tfrr_reset = 4160000;
1575         opp->ivpr_reset = IVPR_MASK_MASK | IVPR_MODE_MASK;
1576         opp->idr_reset = 0;
1577         opp->max_irq = KEYLARGO_MAX_IRQ;
1578         opp->irq_ipi0 = KEYLARGO_IPI_IRQ;
1579         opp->irq_tim0 = KEYLARGO_TMR_IRQ;
1580         opp->brr1 = -1;
1581         opp->mpic_mode_mask = GCR_MODE_MIXED;
1582 
1583         if (opp->nb_cpus != 1) {
1584             error_setg(errp, "Only UP supported today");
1585             return;
1586         }
1587 
1588         map_list(opp, list_le, &list_count);
1589         break;
1590     }
1591 
1592     for (i = 0; i < opp->nb_cpus; i++) {
1593         opp->dst[i].irqs = g_new0(qemu_irq, OPENPIC_OUTPUT_NB);
1594         for (j = 0; j < OPENPIC_OUTPUT_NB; j++) {
1595             sysbus_init_irq(d, &opp->dst[i].irqs[j]);
1596         }
1597 
1598         opp->dst[i].raised.queue_size = IRQQUEUE_SIZE_BITS;
1599         opp->dst[i].raised.queue = bitmap_new(IRQQUEUE_SIZE_BITS);
1600         opp->dst[i].servicing.queue_size = IRQQUEUE_SIZE_BITS;
1601         opp->dst[i].servicing.queue = bitmap_new(IRQQUEUE_SIZE_BITS);
1602     }
1603 
1604     sysbus_init_mmio(d, &opp->mem);
1605     qdev_init_gpio_in(dev, openpic_set_irq, opp->max_irq);
1606 }
1607 
1608 static Property openpic_properties[] = {
1609     DEFINE_PROP_UINT32("model", OpenPICState, model, OPENPIC_MODEL_FSL_MPIC_20),
1610     DEFINE_PROP_UINT32("nb_cpus", OpenPICState, nb_cpus, 1),
1611     DEFINE_PROP_END_OF_LIST(),
1612 };
1613 
1614 static void openpic_class_init(ObjectClass *oc, void *data)
1615 {
1616     DeviceClass *dc = DEVICE_CLASS(oc);
1617 
1618     dc->realize = openpic_realize;
1619     device_class_set_props(dc, openpic_properties);
1620     device_class_set_legacy_reset(dc, openpic_reset);
1621     dc->vmsd = &vmstate_openpic;
1622     set_bit(DEVICE_CATEGORY_MISC, dc->categories);
1623 }
1624 
1625 static const TypeInfo openpic_info = {
1626     .name          = TYPE_OPENPIC,
1627     .parent        = TYPE_SYS_BUS_DEVICE,
1628     .instance_size = sizeof(OpenPICState),
1629     .instance_init = openpic_init,
1630     .class_init    = openpic_class_init,
1631 };
1632 
1633 static void openpic_register_types(void)
1634 {
1635     type_register_static(&openpic_info);
1636 }
1637 
1638 type_init(openpic_register_types)
1639