1 /* 2 * DEC 21272 (TSUNAMI/TYPHOON) chipset emulation. 3 * 4 * Written by Richard Henderson. 5 * 6 * This work is licensed under the GNU GPL license version 2 or later. 7 */ 8 9 #include "qemu/osdep.h" 10 #include "qemu/module.h" 11 #include "qemu/units.h" 12 #include "qapi/error.h" 13 #include "cpu.h" 14 #include "hw/hw.h" 15 #include "hw/irq.h" 16 #include "sysemu/sysemu.h" 17 #include "alpha_sys.h" 18 #include "exec/address-spaces.h" 19 20 21 #define TYPE_TYPHOON_PCI_HOST_BRIDGE "typhoon-pcihost" 22 #define TYPE_TYPHOON_IOMMU_MEMORY_REGION "typhoon-iommu-memory-region" 23 24 typedef struct TyphoonCchip { 25 MemoryRegion region; 26 uint64_t misc; 27 uint64_t drir; 28 uint64_t dim[4]; 29 uint32_t iic[4]; 30 AlphaCPU *cpu[4]; 31 } TyphoonCchip; 32 33 typedef struct TyphoonWindow { 34 uint64_t wba; 35 uint64_t wsm; 36 uint64_t tba; 37 } TyphoonWindow; 38 39 typedef struct TyphoonPchip { 40 MemoryRegion region; 41 MemoryRegion reg_iack; 42 MemoryRegion reg_mem; 43 MemoryRegion reg_io; 44 MemoryRegion reg_conf; 45 46 AddressSpace iommu_as; 47 IOMMUMemoryRegion iommu; 48 49 uint64_t ctl; 50 TyphoonWindow win[4]; 51 } TyphoonPchip; 52 53 #define TYPHOON_PCI_HOST_BRIDGE(obj) \ 54 OBJECT_CHECK(TyphoonState, (obj), TYPE_TYPHOON_PCI_HOST_BRIDGE) 55 56 typedef struct TyphoonState { 57 PCIHostState parent_obj; 58 59 TyphoonCchip cchip; 60 TyphoonPchip pchip; 61 MemoryRegion dchip_region; 62 MemoryRegion ram_region; 63 } TyphoonState; 64 65 /* Called when one of DRIR or DIM changes. */ 66 static void cpu_irq_change(AlphaCPU *cpu, uint64_t req) 67 { 68 /* If there are any non-masked interrupts, tell the cpu. */ 69 if (cpu != NULL) { 70 CPUState *cs = CPU(cpu); 71 if (req) { 72 cpu_interrupt(cs, CPU_INTERRUPT_HARD); 73 } else { 74 cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD); 75 } 76 } 77 } 78 79 static MemTxResult cchip_read(void *opaque, hwaddr addr, 80 uint64_t *data, unsigned size, 81 MemTxAttrs attrs) 82 { 83 CPUState *cpu = current_cpu; 84 TyphoonState *s = opaque; 85 uint64_t ret = 0; 86 87 switch (addr) { 88 case 0x0000: 89 /* CSC: Cchip System Configuration Register. */ 90 /* All sorts of data here; probably the only thing relevant is 91 PIP<14> Pchip 1 Present = 0. */ 92 break; 93 94 case 0x0040: 95 /* MTR: Memory Timing Register. */ 96 /* All sorts of stuff related to real DRAM. */ 97 break; 98 99 case 0x0080: 100 /* MISC: Miscellaneous Register. */ 101 ret = s->cchip.misc | (cpu->cpu_index & 3); 102 break; 103 104 case 0x00c0: 105 /* MPD: Memory Presence Detect Register. */ 106 break; 107 108 case 0x0100: /* AAR0 */ 109 case 0x0140: /* AAR1 */ 110 case 0x0180: /* AAR2 */ 111 case 0x01c0: /* AAR3 */ 112 /* AAR: Array Address Register. */ 113 /* All sorts of information about DRAM. */ 114 break; 115 116 case 0x0200: 117 /* DIM0: Device Interrupt Mask Register, CPU0. */ 118 ret = s->cchip.dim[0]; 119 break; 120 case 0x0240: 121 /* DIM1: Device Interrupt Mask Register, CPU1. */ 122 ret = s->cchip.dim[1]; 123 break; 124 case 0x0280: 125 /* DIR0: Device Interrupt Request Register, CPU0. */ 126 ret = s->cchip.dim[0] & s->cchip.drir; 127 break; 128 case 0x02c0: 129 /* DIR1: Device Interrupt Request Register, CPU1. */ 130 ret = s->cchip.dim[1] & s->cchip.drir; 131 break; 132 case 0x0300: 133 /* DRIR: Device Raw Interrupt Request Register. */ 134 ret = s->cchip.drir; 135 break; 136 137 case 0x0340: 138 /* PRBEN: Probe Enable Register. */ 139 break; 140 141 case 0x0380: 142 /* IIC0: Interval Ignore Count Register, CPU0. */ 143 ret = s->cchip.iic[0]; 144 break; 145 case 0x03c0: 146 /* IIC1: Interval Ignore Count Register, CPU1. */ 147 ret = s->cchip.iic[1]; 148 break; 149 150 case 0x0400: /* MPR0 */ 151 case 0x0440: /* MPR1 */ 152 case 0x0480: /* MPR2 */ 153 case 0x04c0: /* MPR3 */ 154 /* MPR: Memory Programming Register. */ 155 break; 156 157 case 0x0580: 158 /* TTR: TIGbus Timing Register. */ 159 /* All sorts of stuff related to interrupt delivery timings. */ 160 break; 161 case 0x05c0: 162 /* TDR: TIGbug Device Timing Register. */ 163 break; 164 165 case 0x0600: 166 /* DIM2: Device Interrupt Mask Register, CPU2. */ 167 ret = s->cchip.dim[2]; 168 break; 169 case 0x0640: 170 /* DIM3: Device Interrupt Mask Register, CPU3. */ 171 ret = s->cchip.dim[3]; 172 break; 173 case 0x0680: 174 /* DIR2: Device Interrupt Request Register, CPU2. */ 175 ret = s->cchip.dim[2] & s->cchip.drir; 176 break; 177 case 0x06c0: 178 /* DIR3: Device Interrupt Request Register, CPU3. */ 179 ret = s->cchip.dim[3] & s->cchip.drir; 180 break; 181 182 case 0x0700: 183 /* IIC2: Interval Ignore Count Register, CPU2. */ 184 ret = s->cchip.iic[2]; 185 break; 186 case 0x0740: 187 /* IIC3: Interval Ignore Count Register, CPU3. */ 188 ret = s->cchip.iic[3]; 189 break; 190 191 case 0x0780: 192 /* PWR: Power Management Control. */ 193 break; 194 195 case 0x0c00: /* CMONCTLA */ 196 case 0x0c40: /* CMONCTLB */ 197 case 0x0c80: /* CMONCNT01 */ 198 case 0x0cc0: /* CMONCNT23 */ 199 break; 200 201 default: 202 return MEMTX_ERROR; 203 } 204 205 *data = ret; 206 return MEMTX_OK; 207 } 208 209 static uint64_t dchip_read(void *opaque, hwaddr addr, unsigned size) 210 { 211 /* Skip this. It's all related to DRAM timing and setup. */ 212 return 0; 213 } 214 215 static MemTxResult pchip_read(void *opaque, hwaddr addr, uint64_t *data, 216 unsigned size, MemTxAttrs attrs) 217 { 218 TyphoonState *s = opaque; 219 uint64_t ret = 0; 220 221 switch (addr) { 222 case 0x0000: 223 /* WSBA0: Window Space Base Address Register. */ 224 ret = s->pchip.win[0].wba; 225 break; 226 case 0x0040: 227 /* WSBA1 */ 228 ret = s->pchip.win[1].wba; 229 break; 230 case 0x0080: 231 /* WSBA2 */ 232 ret = s->pchip.win[2].wba; 233 break; 234 case 0x00c0: 235 /* WSBA3 */ 236 ret = s->pchip.win[3].wba; 237 break; 238 239 case 0x0100: 240 /* WSM0: Window Space Mask Register. */ 241 ret = s->pchip.win[0].wsm; 242 break; 243 case 0x0140: 244 /* WSM1 */ 245 ret = s->pchip.win[1].wsm; 246 break; 247 case 0x0180: 248 /* WSM2 */ 249 ret = s->pchip.win[2].wsm; 250 break; 251 case 0x01c0: 252 /* WSM3 */ 253 ret = s->pchip.win[3].wsm; 254 break; 255 256 case 0x0200: 257 /* TBA0: Translated Base Address Register. */ 258 ret = s->pchip.win[0].tba; 259 break; 260 case 0x0240: 261 /* TBA1 */ 262 ret = s->pchip.win[1].tba; 263 break; 264 case 0x0280: 265 /* TBA2 */ 266 ret = s->pchip.win[2].tba; 267 break; 268 case 0x02c0: 269 /* TBA3 */ 270 ret = s->pchip.win[3].tba; 271 break; 272 273 case 0x0300: 274 /* PCTL: Pchip Control Register. */ 275 ret = s->pchip.ctl; 276 break; 277 case 0x0340: 278 /* PLAT: Pchip Master Latency Register. */ 279 break; 280 case 0x03c0: 281 /* PERROR: Pchip Error Register. */ 282 break; 283 case 0x0400: 284 /* PERRMASK: Pchip Error Mask Register. */ 285 break; 286 case 0x0440: 287 /* PERRSET: Pchip Error Set Register. */ 288 break; 289 case 0x0480: 290 /* TLBIV: Translation Buffer Invalidate Virtual Register (WO). */ 291 break; 292 case 0x04c0: 293 /* TLBIA: Translation Buffer Invalidate All Register (WO). */ 294 break; 295 case 0x0500: /* PMONCTL */ 296 case 0x0540: /* PMONCNT */ 297 case 0x0800: /* SPRST */ 298 break; 299 300 default: 301 return MEMTX_ERROR; 302 } 303 304 *data = ret; 305 return MEMTX_OK; 306 } 307 308 static MemTxResult cchip_write(void *opaque, hwaddr addr, 309 uint64_t val, unsigned size, 310 MemTxAttrs attrs) 311 { 312 TyphoonState *s = opaque; 313 uint64_t oldval, newval; 314 315 switch (addr) { 316 case 0x0000: 317 /* CSC: Cchip System Configuration Register. */ 318 /* All sorts of data here; nothing relevant RW. */ 319 break; 320 321 case 0x0040: 322 /* MTR: Memory Timing Register. */ 323 /* All sorts of stuff related to real DRAM. */ 324 break; 325 326 case 0x0080: 327 /* MISC: Miscellaneous Register. */ 328 newval = oldval = s->cchip.misc; 329 newval &= ~(val & 0x10000ff0); /* W1C fields */ 330 if (val & 0x100000) { 331 newval &= ~0xff0000ull; /* ACL clears ABT and ABW */ 332 } else { 333 newval |= val & 0x00f00000; /* ABT field is W1S */ 334 if ((newval & 0xf0000) == 0) { 335 newval |= val & 0xf0000; /* ABW field is W1S iff zero */ 336 } 337 } 338 newval |= (val & 0xf000) >> 4; /* IPREQ field sets IPINTR. */ 339 340 newval &= ~0xf0000000000ull; /* WO and RW fields */ 341 newval |= val & 0xf0000000000ull; 342 s->cchip.misc = newval; 343 344 /* Pass on changes to IPI and ITI state. */ 345 if ((newval ^ oldval) & 0xff0) { 346 int i; 347 for (i = 0; i < 4; ++i) { 348 AlphaCPU *cpu = s->cchip.cpu[i]; 349 if (cpu != NULL) { 350 CPUState *cs = CPU(cpu); 351 /* IPI can be either cleared or set by the write. */ 352 if (newval & (1 << (i + 8))) { 353 cpu_interrupt(cs, CPU_INTERRUPT_SMP); 354 } else { 355 cpu_reset_interrupt(cs, CPU_INTERRUPT_SMP); 356 } 357 358 /* ITI can only be cleared by the write. */ 359 if ((newval & (1 << (i + 4))) == 0) { 360 cpu_reset_interrupt(cs, CPU_INTERRUPT_TIMER); 361 } 362 } 363 } 364 } 365 break; 366 367 case 0x00c0: 368 /* MPD: Memory Presence Detect Register. */ 369 break; 370 371 case 0x0100: /* AAR0 */ 372 case 0x0140: /* AAR1 */ 373 case 0x0180: /* AAR2 */ 374 case 0x01c0: /* AAR3 */ 375 /* AAR: Array Address Register. */ 376 /* All sorts of information about DRAM. */ 377 break; 378 379 case 0x0200: /* DIM0 */ 380 /* DIM: Device Interrupt Mask Register, CPU0. */ 381 s->cchip.dim[0] = val; 382 cpu_irq_change(s->cchip.cpu[0], val & s->cchip.drir); 383 break; 384 case 0x0240: /* DIM1 */ 385 /* DIM: Device Interrupt Mask Register, CPU1. */ 386 s->cchip.dim[1] = val; 387 cpu_irq_change(s->cchip.cpu[1], val & s->cchip.drir); 388 break; 389 390 case 0x0280: /* DIR0 (RO) */ 391 case 0x02c0: /* DIR1 (RO) */ 392 case 0x0300: /* DRIR (RO) */ 393 break; 394 395 case 0x0340: 396 /* PRBEN: Probe Enable Register. */ 397 break; 398 399 case 0x0380: /* IIC0 */ 400 s->cchip.iic[0] = val & 0xffffff; 401 break; 402 case 0x03c0: /* IIC1 */ 403 s->cchip.iic[1] = val & 0xffffff; 404 break; 405 406 case 0x0400: /* MPR0 */ 407 case 0x0440: /* MPR1 */ 408 case 0x0480: /* MPR2 */ 409 case 0x04c0: /* MPR3 */ 410 /* MPR: Memory Programming Register. */ 411 break; 412 413 case 0x0580: 414 /* TTR: TIGbus Timing Register. */ 415 /* All sorts of stuff related to interrupt delivery timings. */ 416 break; 417 case 0x05c0: 418 /* TDR: TIGbug Device Timing Register. */ 419 break; 420 421 case 0x0600: 422 /* DIM2: Device Interrupt Mask Register, CPU2. */ 423 s->cchip.dim[2] = val; 424 cpu_irq_change(s->cchip.cpu[2], val & s->cchip.drir); 425 break; 426 case 0x0640: 427 /* DIM3: Device Interrupt Mask Register, CPU3. */ 428 s->cchip.dim[3] = val; 429 cpu_irq_change(s->cchip.cpu[3], val & s->cchip.drir); 430 break; 431 432 case 0x0680: /* DIR2 (RO) */ 433 case 0x06c0: /* DIR3 (RO) */ 434 break; 435 436 case 0x0700: /* IIC2 */ 437 s->cchip.iic[2] = val & 0xffffff; 438 break; 439 case 0x0740: /* IIC3 */ 440 s->cchip.iic[3] = val & 0xffffff; 441 break; 442 443 case 0x0780: 444 /* PWR: Power Management Control. */ 445 break; 446 447 case 0x0c00: /* CMONCTLA */ 448 case 0x0c40: /* CMONCTLB */ 449 case 0x0c80: /* CMONCNT01 */ 450 case 0x0cc0: /* CMONCNT23 */ 451 break; 452 453 default: 454 return MEMTX_ERROR; 455 } 456 457 return MEMTX_OK; 458 } 459 460 static void dchip_write(void *opaque, hwaddr addr, 461 uint64_t val, unsigned size) 462 { 463 /* Skip this. It's all related to DRAM timing and setup. */ 464 } 465 466 static MemTxResult pchip_write(void *opaque, hwaddr addr, 467 uint64_t val, unsigned size, 468 MemTxAttrs attrs) 469 { 470 TyphoonState *s = opaque; 471 uint64_t oldval; 472 473 switch (addr) { 474 case 0x0000: 475 /* WSBA0: Window Space Base Address Register. */ 476 s->pchip.win[0].wba = val & 0xfff00003u; 477 break; 478 case 0x0040: 479 /* WSBA1 */ 480 s->pchip.win[1].wba = val & 0xfff00003u; 481 break; 482 case 0x0080: 483 /* WSBA2 */ 484 s->pchip.win[2].wba = val & 0xfff00003u; 485 break; 486 case 0x00c0: 487 /* WSBA3 */ 488 s->pchip.win[3].wba = (val & 0x80fff00001ull) | 2; 489 break; 490 491 case 0x0100: 492 /* WSM0: Window Space Mask Register. */ 493 s->pchip.win[0].wsm = val & 0xfff00000u; 494 break; 495 case 0x0140: 496 /* WSM1 */ 497 s->pchip.win[1].wsm = val & 0xfff00000u; 498 break; 499 case 0x0180: 500 /* WSM2 */ 501 s->pchip.win[2].wsm = val & 0xfff00000u; 502 break; 503 case 0x01c0: 504 /* WSM3 */ 505 s->pchip.win[3].wsm = val & 0xfff00000u; 506 break; 507 508 case 0x0200: 509 /* TBA0: Translated Base Address Register. */ 510 s->pchip.win[0].tba = val & 0x7fffffc00ull; 511 break; 512 case 0x0240: 513 /* TBA1 */ 514 s->pchip.win[1].tba = val & 0x7fffffc00ull; 515 break; 516 case 0x0280: 517 /* TBA2 */ 518 s->pchip.win[2].tba = val & 0x7fffffc00ull; 519 break; 520 case 0x02c0: 521 /* TBA3 */ 522 s->pchip.win[3].tba = val & 0x7fffffc00ull; 523 break; 524 525 case 0x0300: 526 /* PCTL: Pchip Control Register. */ 527 oldval = s->pchip.ctl; 528 oldval &= ~0x00001cff0fc7ffull; /* RW fields */ 529 oldval |= val & 0x00001cff0fc7ffull; 530 s->pchip.ctl = oldval; 531 break; 532 533 case 0x0340: 534 /* PLAT: Pchip Master Latency Register. */ 535 break; 536 case 0x03c0: 537 /* PERROR: Pchip Error Register. */ 538 break; 539 case 0x0400: 540 /* PERRMASK: Pchip Error Mask Register. */ 541 break; 542 case 0x0440: 543 /* PERRSET: Pchip Error Set Register. */ 544 break; 545 546 case 0x0480: 547 /* TLBIV: Translation Buffer Invalidate Virtual Register. */ 548 break; 549 550 case 0x04c0: 551 /* TLBIA: Translation Buffer Invalidate All Register (WO). */ 552 break; 553 554 case 0x0500: 555 /* PMONCTL */ 556 case 0x0540: 557 /* PMONCNT */ 558 case 0x0800: 559 /* SPRST */ 560 break; 561 562 default: 563 return MEMTX_ERROR; 564 } 565 566 return MEMTX_OK; 567 } 568 569 static const MemoryRegionOps cchip_ops = { 570 .read_with_attrs = cchip_read, 571 .write_with_attrs = cchip_write, 572 .endianness = DEVICE_LITTLE_ENDIAN, 573 .valid = { 574 .min_access_size = 8, 575 .max_access_size = 8, 576 }, 577 .impl = { 578 .min_access_size = 8, 579 .max_access_size = 8, 580 }, 581 }; 582 583 static const MemoryRegionOps dchip_ops = { 584 .read = dchip_read, 585 .write = dchip_write, 586 .endianness = DEVICE_LITTLE_ENDIAN, 587 .valid = { 588 .min_access_size = 8, 589 .max_access_size = 8, 590 }, 591 .impl = { 592 .min_access_size = 8, 593 .max_access_size = 8, 594 }, 595 }; 596 597 static const MemoryRegionOps pchip_ops = { 598 .read_with_attrs = pchip_read, 599 .write_with_attrs = pchip_write, 600 .endianness = DEVICE_LITTLE_ENDIAN, 601 .valid = { 602 .min_access_size = 8, 603 .max_access_size = 8, 604 }, 605 .impl = { 606 .min_access_size = 8, 607 .max_access_size = 8, 608 }, 609 }; 610 611 /* A subroutine of typhoon_translate_iommu that builds an IOMMUTLBEntry 612 using the given translated address and mask. */ 613 static bool make_iommu_tlbe(hwaddr taddr, hwaddr mask, IOMMUTLBEntry *ret) 614 { 615 *ret = (IOMMUTLBEntry) { 616 .target_as = &address_space_memory, 617 .translated_addr = taddr, 618 .addr_mask = mask, 619 .perm = IOMMU_RW, 620 }; 621 return true; 622 } 623 624 /* A subroutine of typhoon_translate_iommu that handles scatter-gather 625 translation, given the address of the PTE. */ 626 static bool pte_translate(hwaddr pte_addr, IOMMUTLBEntry *ret) 627 { 628 uint64_t pte = address_space_ldq(&address_space_memory, pte_addr, 629 MEMTXATTRS_UNSPECIFIED, NULL); 630 631 /* Check valid bit. */ 632 if ((pte & 1) == 0) { 633 return false; 634 } 635 636 return make_iommu_tlbe((pte & 0x3ffffe) << 12, 0x1fff, ret); 637 } 638 639 /* A subroutine of typhoon_translate_iommu that handles one of the 640 four single-address-cycle translation windows. */ 641 static bool window_translate(TyphoonWindow *win, hwaddr addr, 642 IOMMUTLBEntry *ret) 643 { 644 uint32_t wba = win->wba; 645 uint64_t wsm = win->wsm; 646 uint64_t tba = win->tba; 647 uint64_t wsm_ext = wsm | 0xfffff; 648 649 /* Check for window disabled. */ 650 if ((wba & 1) == 0) { 651 return false; 652 } 653 654 /* Check for window hit. */ 655 if ((addr & ~wsm_ext) != (wba & 0xfff00000u)) { 656 return false; 657 } 658 659 if (wba & 2) { 660 /* Scatter-gather translation. */ 661 hwaddr pte_addr; 662 663 /* See table 10-6, Generating PTE address for PCI DMA Address. */ 664 pte_addr = tba & ~(wsm >> 10); 665 pte_addr |= (addr & (wsm | 0xfe000)) >> 10; 666 return pte_translate(pte_addr, ret); 667 } else { 668 /* Direct-mapped translation. */ 669 return make_iommu_tlbe(tba & ~wsm_ext, wsm_ext, ret); 670 } 671 } 672 673 /* Handle PCI-to-system address translation. */ 674 /* TODO: A translation failure here ought to set PCI error codes on the 675 Pchip and generate a machine check interrupt. */ 676 static IOMMUTLBEntry typhoon_translate_iommu(IOMMUMemoryRegion *iommu, 677 hwaddr addr, 678 IOMMUAccessFlags flag, 679 int iommu_idx) 680 { 681 TyphoonPchip *pchip = container_of(iommu, TyphoonPchip, iommu); 682 IOMMUTLBEntry ret; 683 int i; 684 685 if (addr <= 0xffffffffu) { 686 /* Single-address cycle. */ 687 688 /* Check for the Window Hole, inhibiting matching. */ 689 if ((pchip->ctl & 0x20) 690 && addr >= 0x80000 691 && addr <= 0xfffff) { 692 goto failure; 693 } 694 695 /* Check the first three windows. */ 696 for (i = 0; i < 3; ++i) { 697 if (window_translate(&pchip->win[i], addr, &ret)) { 698 goto success; 699 } 700 } 701 702 /* Check the fourth window for DAC disable. */ 703 if ((pchip->win[3].wba & 0x80000000000ull) == 0 704 && window_translate(&pchip->win[3], addr, &ret)) { 705 goto success; 706 } 707 } else { 708 /* Double-address cycle. */ 709 710 if (addr >= 0x10000000000ull && addr < 0x20000000000ull) { 711 /* Check for the DMA monster window. */ 712 if (pchip->ctl & 0x40) { 713 /* See 10.1.4.4; in particular <39:35> is ignored. */ 714 make_iommu_tlbe(0, 0x007ffffffffull, &ret); 715 goto success; 716 } 717 } 718 719 if (addr >= 0x80000000000ull && addr <= 0xfffffffffffull) { 720 /* Check the fourth window for DAC enable and window enable. */ 721 if ((pchip->win[3].wba & 0x80000000001ull) == 0x80000000001ull) { 722 uint64_t pte_addr; 723 724 pte_addr = pchip->win[3].tba & 0x7ffc00000ull; 725 pte_addr |= (addr & 0xffffe000u) >> 10; 726 if (pte_translate(pte_addr, &ret)) { 727 goto success; 728 } 729 } 730 } 731 } 732 733 failure: 734 ret = (IOMMUTLBEntry) { .perm = IOMMU_NONE }; 735 success: 736 return ret; 737 } 738 739 static AddressSpace *typhoon_pci_dma_iommu(PCIBus *bus, void *opaque, int devfn) 740 { 741 TyphoonState *s = opaque; 742 return &s->pchip.iommu_as; 743 } 744 745 static void typhoon_set_irq(void *opaque, int irq, int level) 746 { 747 TyphoonState *s = opaque; 748 uint64_t drir; 749 int i; 750 751 /* Set/Reset the bit in CCHIP.DRIR based on IRQ+LEVEL. */ 752 drir = s->cchip.drir; 753 if (level) { 754 drir |= 1ull << irq; 755 } else { 756 drir &= ~(1ull << irq); 757 } 758 s->cchip.drir = drir; 759 760 for (i = 0; i < 4; ++i) { 761 cpu_irq_change(s->cchip.cpu[i], s->cchip.dim[i] & drir); 762 } 763 } 764 765 static void typhoon_set_isa_irq(void *opaque, int irq, int level) 766 { 767 typhoon_set_irq(opaque, 55, level); 768 } 769 770 static void typhoon_set_timer_irq(void *opaque, int irq, int level) 771 { 772 TyphoonState *s = opaque; 773 int i; 774 775 /* Thankfully, the mc146818rtc code doesn't track the IRQ state, 776 and so we don't have to worry about missing interrupts just 777 because we never actually ACK the interrupt. Just ignore any 778 case of the interrupt level going low. */ 779 if (level == 0) { 780 return; 781 } 782 783 /* Deliver the interrupt to each CPU, considering each CPU's IIC. */ 784 for (i = 0; i < 4; ++i) { 785 AlphaCPU *cpu = s->cchip.cpu[i]; 786 if (cpu != NULL) { 787 uint32_t iic = s->cchip.iic[i]; 788 789 /* ??? The verbage in Section 10.2.2.10 isn't 100% clear. 790 Bit 24 is the OverFlow bit, RO, and set when the count 791 decrements past 0. When is OF cleared? My guess is that 792 OF is actually cleared when the IIC is written, and that 793 the ICNT field always decrements. At least, that's an 794 interpretation that makes sense, and "allows the CPU to 795 determine exactly how mant interval timer ticks were 796 skipped". At least within the next 4M ticks... */ 797 798 iic = ((iic - 1) & 0x1ffffff) | (iic & 0x1000000); 799 s->cchip.iic[i] = iic; 800 801 if (iic & 0x1000000) { 802 /* Set the ITI bit for this cpu. */ 803 s->cchip.misc |= 1 << (i + 4); 804 /* And signal the interrupt. */ 805 cpu_interrupt(CPU(cpu), CPU_INTERRUPT_TIMER); 806 } 807 } 808 } 809 } 810 811 static void typhoon_alarm_timer(void *opaque) 812 { 813 TyphoonState *s = (TyphoonState *)((uintptr_t)opaque & ~3); 814 int cpu = (uintptr_t)opaque & 3; 815 816 /* Set the ITI bit for this cpu. */ 817 s->cchip.misc |= 1 << (cpu + 4); 818 cpu_interrupt(CPU(s->cchip.cpu[cpu]), CPU_INTERRUPT_TIMER); 819 } 820 821 PCIBus *typhoon_init(ram_addr_t ram_size, ISABus **isa_bus, 822 qemu_irq *p_rtc_irq, 823 AlphaCPU *cpus[4], pci_map_irq_fn sys_map_irq) 824 { 825 MemoryRegion *addr_space = get_system_memory(); 826 DeviceState *dev; 827 TyphoonState *s; 828 PCIHostState *phb; 829 PCIBus *b; 830 int i; 831 832 dev = qdev_create(NULL, TYPE_TYPHOON_PCI_HOST_BRIDGE); 833 834 s = TYPHOON_PCI_HOST_BRIDGE(dev); 835 phb = PCI_HOST_BRIDGE(dev); 836 837 s->cchip.misc = 0x800000000ull; /* Revision: Typhoon. */ 838 s->pchip.win[3].wba = 2; /* Window 3 SG always enabled. */ 839 840 /* Remember the CPUs so that we can deliver interrupts to them. */ 841 for (i = 0; i < 4; i++) { 842 AlphaCPU *cpu = cpus[i]; 843 s->cchip.cpu[i] = cpu; 844 if (cpu != NULL) { 845 cpu->alarm_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, 846 typhoon_alarm_timer, 847 (void *)((uintptr_t)s + i)); 848 } 849 } 850 851 *p_rtc_irq = qemu_allocate_irq(typhoon_set_timer_irq, s, 0); 852 853 /* Main memory region, 0x00.0000.0000. Real hardware supports 32GB, 854 but the address space hole reserved at this point is 8TB. */ 855 memory_region_allocate_system_memory(&s->ram_region, OBJECT(s), "ram", 856 ram_size); 857 memory_region_add_subregion(addr_space, 0, &s->ram_region); 858 859 /* TIGbus, 0x801.0000.0000, 1GB. */ 860 /* ??? The TIGbus is used for delivering interrupts, and access to 861 the flash ROM. I'm not sure that we need to implement it at all. */ 862 863 /* Pchip0 CSRs, 0x801.8000.0000, 256MB. */ 864 memory_region_init_io(&s->pchip.region, OBJECT(s), &pchip_ops, s, "pchip0", 865 256 * MiB); 866 memory_region_add_subregion(addr_space, 0x80180000000ULL, 867 &s->pchip.region); 868 869 /* Cchip CSRs, 0x801.A000.0000, 256MB. */ 870 memory_region_init_io(&s->cchip.region, OBJECT(s), &cchip_ops, s, "cchip0", 871 256 * MiB); 872 memory_region_add_subregion(addr_space, 0x801a0000000ULL, 873 &s->cchip.region); 874 875 /* Dchip CSRs, 0x801.B000.0000, 256MB. */ 876 memory_region_init_io(&s->dchip_region, OBJECT(s), &dchip_ops, s, "dchip0", 877 256 * MiB); 878 memory_region_add_subregion(addr_space, 0x801b0000000ULL, 879 &s->dchip_region); 880 881 /* Pchip0 PCI memory, 0x800.0000.0000, 4GB. */ 882 memory_region_init(&s->pchip.reg_mem, OBJECT(s), "pci0-mem", 4 * GiB); 883 memory_region_add_subregion(addr_space, 0x80000000000ULL, 884 &s->pchip.reg_mem); 885 886 /* Pchip0 PCI I/O, 0x801.FC00.0000, 32MB. */ 887 memory_region_init_io(&s->pchip.reg_io, OBJECT(s), &alpha_pci_ignore_ops, 888 NULL, "pci0-io", 32 * MiB); 889 memory_region_add_subregion(addr_space, 0x801fc000000ULL, 890 &s->pchip.reg_io); 891 892 b = pci_register_root_bus(dev, "pci", 893 typhoon_set_irq, sys_map_irq, s, 894 &s->pchip.reg_mem, &s->pchip.reg_io, 895 0, 64, TYPE_PCI_BUS); 896 phb->bus = b; 897 qdev_init_nofail(dev); 898 899 /* Host memory as seen from the PCI side, via the IOMMU. */ 900 memory_region_init_iommu(&s->pchip.iommu, sizeof(s->pchip.iommu), 901 TYPE_TYPHOON_IOMMU_MEMORY_REGION, OBJECT(s), 902 "iommu-typhoon", UINT64_MAX); 903 address_space_init(&s->pchip.iommu_as, MEMORY_REGION(&s->pchip.iommu), 904 "pchip0-pci"); 905 pci_setup_iommu(b, typhoon_pci_dma_iommu, s); 906 907 /* Pchip0 PCI special/interrupt acknowledge, 0x801.F800.0000, 64MB. */ 908 memory_region_init_io(&s->pchip.reg_iack, OBJECT(s), &alpha_pci_iack_ops, 909 b, "pci0-iack", 64 * MiB); 910 memory_region_add_subregion(addr_space, 0x801f8000000ULL, 911 &s->pchip.reg_iack); 912 913 /* Pchip0 PCI configuration, 0x801.FE00.0000, 16MB. */ 914 memory_region_init_io(&s->pchip.reg_conf, OBJECT(s), &alpha_pci_conf1_ops, 915 b, "pci0-conf", 16 * MiB); 916 memory_region_add_subregion(addr_space, 0x801fe000000ULL, 917 &s->pchip.reg_conf); 918 919 /* For the record, these are the mappings for the second PCI bus. 920 We can get away with not implementing them because we indicate 921 via the Cchip.CSC<PIP> bit that Pchip1 is not present. */ 922 /* Pchip1 PCI memory, 0x802.0000.0000, 4GB. */ 923 /* Pchip1 CSRs, 0x802.8000.0000, 256MB. */ 924 /* Pchip1 PCI special/interrupt acknowledge, 0x802.F800.0000, 64MB. */ 925 /* Pchip1 PCI I/O, 0x802.FC00.0000, 32MB. */ 926 /* Pchip1 PCI configuration, 0x802.FE00.0000, 16MB. */ 927 928 /* Init the ISA bus. */ 929 /* ??? Technically there should be a cy82c693ub pci-isa bridge. */ 930 { 931 qemu_irq *isa_irqs; 932 933 *isa_bus = isa_bus_new(NULL, get_system_memory(), &s->pchip.reg_io, 934 &error_abort); 935 isa_irqs = i8259_init(*isa_bus, 936 qemu_allocate_irq(typhoon_set_isa_irq, s, 0)); 937 isa_bus_irqs(*isa_bus, isa_irqs); 938 } 939 940 return b; 941 } 942 943 static const TypeInfo typhoon_pcihost_info = { 944 .name = TYPE_TYPHOON_PCI_HOST_BRIDGE, 945 .parent = TYPE_PCI_HOST_BRIDGE, 946 .instance_size = sizeof(TyphoonState), 947 }; 948 949 static void typhoon_iommu_memory_region_class_init(ObjectClass *klass, 950 void *data) 951 { 952 IOMMUMemoryRegionClass *imrc = IOMMU_MEMORY_REGION_CLASS(klass); 953 954 imrc->translate = typhoon_translate_iommu; 955 } 956 957 static const TypeInfo typhoon_iommu_memory_region_info = { 958 .parent = TYPE_IOMMU_MEMORY_REGION, 959 .name = TYPE_TYPHOON_IOMMU_MEMORY_REGION, 960 .class_init = typhoon_iommu_memory_region_class_init, 961 }; 962 963 static void typhoon_register_types(void) 964 { 965 type_register_static(&typhoon_pcihost_info); 966 type_register_static(&typhoon_iommu_memory_region_info); 967 } 968 969 type_init(typhoon_register_types) 970