xref: /openbmc/qemu/hw/arm/musicpal.c (revision 4c4465ff)
1 /*
2  * Marvell MV88W8618 / Freecom MusicPal emulation.
3  *
4  * Copyright (c) 2008 Jan Kiszka
5  *
6  * This code is licensed under the GNU GPL v2.
7  *
8  * Contributions after 2012-01-13 are licensed under the terms of the
9  * GNU GPL, version 2 or (at your option) any later version.
10  */
11 
12 #include "qemu/osdep.h"
13 #include "qapi/error.h"
14 #include "cpu.h"
15 #include "hw/sysbus.h"
16 #include "migration/vmstate.h"
17 #include "hw/arm/boot.h"
18 #include "net/net.h"
19 #include "sysemu/sysemu.h"
20 #include "hw/boards.h"
21 #include "hw/char/serial.h"
22 #include "hw/hw.h"
23 #include "qemu/timer.h"
24 #include "hw/ptimer.h"
25 #include "hw/qdev-properties.h"
26 #include "hw/block/flash.h"
27 #include "ui/console.h"
28 #include "hw/i2c/i2c.h"
29 #include "hw/irq.h"
30 #include "hw/or-irq.h"
31 #include "hw/audio/wm8750.h"
32 #include "sysemu/block-backend.h"
33 #include "sysemu/runstate.h"
34 #include "sysemu/dma.h"
35 #include "exec/address-spaces.h"
36 #include "ui/pixel_ops.h"
37 #include "qemu/cutils.h"
38 #include "qom/object.h"
39 
40 #define MP_MISC_BASE            0x80002000
41 #define MP_MISC_SIZE            0x00001000
42 
43 #define MP_ETH_BASE             0x80008000
44 #define MP_ETH_SIZE             0x00001000
45 
46 #define MP_WLAN_BASE            0x8000C000
47 #define MP_WLAN_SIZE            0x00000800
48 
49 #define MP_UART1_BASE           0x8000C840
50 #define MP_UART2_BASE           0x8000C940
51 
52 #define MP_GPIO_BASE            0x8000D000
53 #define MP_GPIO_SIZE            0x00001000
54 
55 #define MP_FLASHCFG_BASE        0x90006000
56 #define MP_FLASHCFG_SIZE        0x00001000
57 
58 #define MP_AUDIO_BASE           0x90007000
59 
60 #define MP_PIC_BASE             0x90008000
61 #define MP_PIC_SIZE             0x00001000
62 
63 #define MP_PIT_BASE             0x90009000
64 #define MP_PIT_SIZE             0x00001000
65 
66 #define MP_LCD_BASE             0x9000c000
67 #define MP_LCD_SIZE             0x00001000
68 
69 #define MP_SRAM_BASE            0xC0000000
70 #define MP_SRAM_SIZE            0x00020000
71 
72 #define MP_RAM_DEFAULT_SIZE     32*1024*1024
73 #define MP_FLASH_SIZE_MAX       32*1024*1024
74 
75 #define MP_TIMER1_IRQ           4
76 #define MP_TIMER2_IRQ           5
77 #define MP_TIMER3_IRQ           6
78 #define MP_TIMER4_IRQ           7
79 #define MP_EHCI_IRQ             8
80 #define MP_ETH_IRQ              9
81 #define MP_UART_SHARED_IRQ      11
82 #define MP_GPIO_IRQ             12
83 #define MP_RTC_IRQ              28
84 #define MP_AUDIO_IRQ            30
85 
86 /* Wolfson 8750 I2C address */
87 #define MP_WM_ADDR              0x1A
88 
89 /* Ethernet register offsets */
90 #define MP_ETH_SMIR             0x010
91 #define MP_ETH_PCXR             0x408
92 #define MP_ETH_SDCMR            0x448
93 #define MP_ETH_ICR              0x450
94 #define MP_ETH_IMR              0x458
95 #define MP_ETH_FRDP0            0x480
96 #define MP_ETH_FRDP1            0x484
97 #define MP_ETH_FRDP2            0x488
98 #define MP_ETH_FRDP3            0x48C
99 #define MP_ETH_CRDP0            0x4A0
100 #define MP_ETH_CRDP1            0x4A4
101 #define MP_ETH_CRDP2            0x4A8
102 #define MP_ETH_CRDP3            0x4AC
103 #define MP_ETH_CTDP0            0x4E0
104 #define MP_ETH_CTDP1            0x4E4
105 
106 /* MII PHY access */
107 #define MP_ETH_SMIR_DATA        0x0000FFFF
108 #define MP_ETH_SMIR_ADDR        0x03FF0000
109 #define MP_ETH_SMIR_OPCODE      (1 << 26) /* Read value */
110 #define MP_ETH_SMIR_RDVALID     (1 << 27)
111 
112 /* PHY registers */
113 #define MP_ETH_PHY1_BMSR        0x00210000
114 #define MP_ETH_PHY1_PHYSID1     0x00410000
115 #define MP_ETH_PHY1_PHYSID2     0x00610000
116 
117 #define MP_PHY_BMSR_LINK        0x0004
118 #define MP_PHY_BMSR_AUTONEG     0x0008
119 
120 #define MP_PHY_88E3015          0x01410E20
121 
122 /* TX descriptor status */
123 #define MP_ETH_TX_OWN           (1U << 31)
124 
125 /* RX descriptor status */
126 #define MP_ETH_RX_OWN           (1U << 31)
127 
128 /* Interrupt cause/mask bits */
129 #define MP_ETH_IRQ_RX_BIT       0
130 #define MP_ETH_IRQ_RX           (1 << MP_ETH_IRQ_RX_BIT)
131 #define MP_ETH_IRQ_TXHI_BIT     2
132 #define MP_ETH_IRQ_TXLO_BIT     3
133 
134 /* Port config bits */
135 #define MP_ETH_PCXR_2BSM_BIT    28 /* 2-byte incoming suffix */
136 
137 /* SDMA command bits */
138 #define MP_ETH_CMD_TXHI         (1 << 23)
139 #define MP_ETH_CMD_TXLO         (1 << 22)
140 
141 typedef struct mv88w8618_tx_desc {
142     uint32_t cmdstat;
143     uint16_t res;
144     uint16_t bytes;
145     uint32_t buffer;
146     uint32_t next;
147 } mv88w8618_tx_desc;
148 
149 typedef struct mv88w8618_rx_desc {
150     uint32_t cmdstat;
151     uint16_t bytes;
152     uint16_t buffer_size;
153     uint32_t buffer;
154     uint32_t next;
155 } mv88w8618_rx_desc;
156 
157 #define TYPE_MV88W8618_ETH "mv88w8618_eth"
158 OBJECT_DECLARE_SIMPLE_TYPE(mv88w8618_eth_state, MV88W8618_ETH)
159 
160 struct mv88w8618_eth_state {
161     /*< private >*/
162     SysBusDevice parent_obj;
163     /*< public >*/
164 
165     MemoryRegion iomem;
166     qemu_irq irq;
167     MemoryRegion *dma_mr;
168     AddressSpace dma_as;
169     uint32_t smir;
170     uint32_t icr;
171     uint32_t imr;
172     int mmio_index;
173     uint32_t vlan_header;
174     uint32_t tx_queue[2];
175     uint32_t rx_queue[4];
176     uint32_t frx_queue[4];
177     uint32_t cur_rx[4];
178     NICState *nic;
179     NICConf conf;
180 };
181 
182 static void eth_rx_desc_put(AddressSpace *dma_as, uint32_t addr,
183                             mv88w8618_rx_desc *desc)
184 {
185     cpu_to_le32s(&desc->cmdstat);
186     cpu_to_le16s(&desc->bytes);
187     cpu_to_le16s(&desc->buffer_size);
188     cpu_to_le32s(&desc->buffer);
189     cpu_to_le32s(&desc->next);
190     dma_memory_write(dma_as, addr, desc, sizeof(*desc));
191 }
192 
193 static void eth_rx_desc_get(AddressSpace *dma_as, uint32_t addr,
194                             mv88w8618_rx_desc *desc)
195 {
196     dma_memory_read(dma_as, addr, desc, sizeof(*desc));
197     le32_to_cpus(&desc->cmdstat);
198     le16_to_cpus(&desc->bytes);
199     le16_to_cpus(&desc->buffer_size);
200     le32_to_cpus(&desc->buffer);
201     le32_to_cpus(&desc->next);
202 }
203 
204 static ssize_t eth_receive(NetClientState *nc, const uint8_t *buf, size_t size)
205 {
206     mv88w8618_eth_state *s = qemu_get_nic_opaque(nc);
207     uint32_t desc_addr;
208     mv88w8618_rx_desc desc;
209     int i;
210 
211     for (i = 0; i < 4; i++) {
212         desc_addr = s->cur_rx[i];
213         if (!desc_addr) {
214             continue;
215         }
216         do {
217             eth_rx_desc_get(&s->dma_as, desc_addr, &desc);
218             if ((desc.cmdstat & MP_ETH_RX_OWN) && desc.buffer_size >= size) {
219                 dma_memory_write(&s->dma_as, desc.buffer + s->vlan_header,
220                                           buf, size);
221                 desc.bytes = size + s->vlan_header;
222                 desc.cmdstat &= ~MP_ETH_RX_OWN;
223                 s->cur_rx[i] = desc.next;
224 
225                 s->icr |= MP_ETH_IRQ_RX;
226                 if (s->icr & s->imr) {
227                     qemu_irq_raise(s->irq);
228                 }
229                 eth_rx_desc_put(&s->dma_as, desc_addr, &desc);
230                 return size;
231             }
232             desc_addr = desc.next;
233         } while (desc_addr != s->rx_queue[i]);
234     }
235     return size;
236 }
237 
238 static void eth_tx_desc_put(AddressSpace *dma_as, uint32_t addr,
239                             mv88w8618_tx_desc *desc)
240 {
241     cpu_to_le32s(&desc->cmdstat);
242     cpu_to_le16s(&desc->res);
243     cpu_to_le16s(&desc->bytes);
244     cpu_to_le32s(&desc->buffer);
245     cpu_to_le32s(&desc->next);
246     dma_memory_write(dma_as, addr, desc, sizeof(*desc));
247 }
248 
249 static void eth_tx_desc_get(AddressSpace *dma_as, uint32_t addr,
250                             mv88w8618_tx_desc *desc)
251 {
252     dma_memory_read(dma_as, addr, desc, sizeof(*desc));
253     le32_to_cpus(&desc->cmdstat);
254     le16_to_cpus(&desc->res);
255     le16_to_cpus(&desc->bytes);
256     le32_to_cpus(&desc->buffer);
257     le32_to_cpus(&desc->next);
258 }
259 
260 static void eth_send(mv88w8618_eth_state *s, int queue_index)
261 {
262     uint32_t desc_addr = s->tx_queue[queue_index];
263     mv88w8618_tx_desc desc;
264     uint32_t next_desc;
265     uint8_t buf[2048];
266     int len;
267 
268     do {
269         eth_tx_desc_get(&s->dma_as, desc_addr, &desc);
270         next_desc = desc.next;
271         if (desc.cmdstat & MP_ETH_TX_OWN) {
272             len = desc.bytes;
273             if (len < 2048) {
274                 dma_memory_read(&s->dma_as, desc.buffer, buf, len);
275                 qemu_send_packet(qemu_get_queue(s->nic), buf, len);
276             }
277             desc.cmdstat &= ~MP_ETH_TX_OWN;
278             s->icr |= 1 << (MP_ETH_IRQ_TXLO_BIT - queue_index);
279             eth_tx_desc_put(&s->dma_as, desc_addr, &desc);
280         }
281         desc_addr = next_desc;
282     } while (desc_addr != s->tx_queue[queue_index]);
283 }
284 
285 static uint64_t mv88w8618_eth_read(void *opaque, hwaddr offset,
286                                    unsigned size)
287 {
288     mv88w8618_eth_state *s = opaque;
289 
290     switch (offset) {
291     case MP_ETH_SMIR:
292         if (s->smir & MP_ETH_SMIR_OPCODE) {
293             switch (s->smir & MP_ETH_SMIR_ADDR) {
294             case MP_ETH_PHY1_BMSR:
295                 return MP_PHY_BMSR_LINK | MP_PHY_BMSR_AUTONEG |
296                        MP_ETH_SMIR_RDVALID;
297             case MP_ETH_PHY1_PHYSID1:
298                 return (MP_PHY_88E3015 >> 16) | MP_ETH_SMIR_RDVALID;
299             case MP_ETH_PHY1_PHYSID2:
300                 return (MP_PHY_88E3015 & 0xFFFF) | MP_ETH_SMIR_RDVALID;
301             default:
302                 return MP_ETH_SMIR_RDVALID;
303             }
304         }
305         return 0;
306 
307     case MP_ETH_ICR:
308         return s->icr;
309 
310     case MP_ETH_IMR:
311         return s->imr;
312 
313     case MP_ETH_FRDP0 ... MP_ETH_FRDP3:
314         return s->frx_queue[(offset - MP_ETH_FRDP0)/4];
315 
316     case MP_ETH_CRDP0 ... MP_ETH_CRDP3:
317         return s->rx_queue[(offset - MP_ETH_CRDP0)/4];
318 
319     case MP_ETH_CTDP0 ... MP_ETH_CTDP1:
320         return s->tx_queue[(offset - MP_ETH_CTDP0)/4];
321 
322     default:
323         return 0;
324     }
325 }
326 
327 static void mv88w8618_eth_write(void *opaque, hwaddr offset,
328                                 uint64_t value, unsigned size)
329 {
330     mv88w8618_eth_state *s = opaque;
331 
332     switch (offset) {
333     case MP_ETH_SMIR:
334         s->smir = value;
335         break;
336 
337     case MP_ETH_PCXR:
338         s->vlan_header = ((value >> MP_ETH_PCXR_2BSM_BIT) & 1) * 2;
339         break;
340 
341     case MP_ETH_SDCMR:
342         if (value & MP_ETH_CMD_TXHI) {
343             eth_send(s, 1);
344         }
345         if (value & MP_ETH_CMD_TXLO) {
346             eth_send(s, 0);
347         }
348         if (value & (MP_ETH_CMD_TXHI | MP_ETH_CMD_TXLO) && s->icr & s->imr) {
349             qemu_irq_raise(s->irq);
350         }
351         break;
352 
353     case MP_ETH_ICR:
354         s->icr &= value;
355         break;
356 
357     case MP_ETH_IMR:
358         s->imr = value;
359         if (s->icr & s->imr) {
360             qemu_irq_raise(s->irq);
361         }
362         break;
363 
364     case MP_ETH_FRDP0 ... MP_ETH_FRDP3:
365         s->frx_queue[(offset - MP_ETH_FRDP0)/4] = value;
366         break;
367 
368     case MP_ETH_CRDP0 ... MP_ETH_CRDP3:
369         s->rx_queue[(offset - MP_ETH_CRDP0)/4] =
370             s->cur_rx[(offset - MP_ETH_CRDP0)/4] = value;
371         break;
372 
373     case MP_ETH_CTDP0 ... MP_ETH_CTDP1:
374         s->tx_queue[(offset - MP_ETH_CTDP0)/4] = value;
375         break;
376     }
377 }
378 
379 static const MemoryRegionOps mv88w8618_eth_ops = {
380     .read = mv88w8618_eth_read,
381     .write = mv88w8618_eth_write,
382     .endianness = DEVICE_NATIVE_ENDIAN,
383 };
384 
385 static void eth_cleanup(NetClientState *nc)
386 {
387     mv88w8618_eth_state *s = qemu_get_nic_opaque(nc);
388 
389     s->nic = NULL;
390 }
391 
392 static NetClientInfo net_mv88w8618_info = {
393     .type = NET_CLIENT_DRIVER_NIC,
394     .size = sizeof(NICState),
395     .receive = eth_receive,
396     .cleanup = eth_cleanup,
397 };
398 
399 static void mv88w8618_eth_init(Object *obj)
400 {
401     SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
402     DeviceState *dev = DEVICE(sbd);
403     mv88w8618_eth_state *s = MV88W8618_ETH(dev);
404 
405     sysbus_init_irq(sbd, &s->irq);
406     memory_region_init_io(&s->iomem, obj, &mv88w8618_eth_ops, s,
407                           "mv88w8618-eth", MP_ETH_SIZE);
408     sysbus_init_mmio(sbd, &s->iomem);
409 }
410 
411 static void mv88w8618_eth_realize(DeviceState *dev, Error **errp)
412 {
413     mv88w8618_eth_state *s = MV88W8618_ETH(dev);
414 
415     if (!s->dma_mr) {
416         error_setg(errp, TYPE_MV88W8618_ETH " 'dma-memory' link not set");
417         return;
418     }
419 
420     address_space_init(&s->dma_as, s->dma_mr, "emac-dma");
421     s->nic = qemu_new_nic(&net_mv88w8618_info, &s->conf,
422                           object_get_typename(OBJECT(dev)), dev->id, s);
423 }
424 
425 static const VMStateDescription mv88w8618_eth_vmsd = {
426     .name = "mv88w8618_eth",
427     .version_id = 1,
428     .minimum_version_id = 1,
429     .fields = (VMStateField[]) {
430         VMSTATE_UINT32(smir, mv88w8618_eth_state),
431         VMSTATE_UINT32(icr, mv88w8618_eth_state),
432         VMSTATE_UINT32(imr, mv88w8618_eth_state),
433         VMSTATE_UINT32(vlan_header, mv88w8618_eth_state),
434         VMSTATE_UINT32_ARRAY(tx_queue, mv88w8618_eth_state, 2),
435         VMSTATE_UINT32_ARRAY(rx_queue, mv88w8618_eth_state, 4),
436         VMSTATE_UINT32_ARRAY(frx_queue, mv88w8618_eth_state, 4),
437         VMSTATE_UINT32_ARRAY(cur_rx, mv88w8618_eth_state, 4),
438         VMSTATE_END_OF_LIST()
439     }
440 };
441 
442 static Property mv88w8618_eth_properties[] = {
443     DEFINE_NIC_PROPERTIES(mv88w8618_eth_state, conf),
444     DEFINE_PROP_LINK("dma-memory", mv88w8618_eth_state, dma_mr,
445                      TYPE_MEMORY_REGION, MemoryRegion *),
446     DEFINE_PROP_END_OF_LIST(),
447 };
448 
449 static void mv88w8618_eth_class_init(ObjectClass *klass, void *data)
450 {
451     DeviceClass *dc = DEVICE_CLASS(klass);
452 
453     dc->vmsd = &mv88w8618_eth_vmsd;
454     device_class_set_props(dc, mv88w8618_eth_properties);
455     dc->realize = mv88w8618_eth_realize;
456 }
457 
458 static const TypeInfo mv88w8618_eth_info = {
459     .name          = TYPE_MV88W8618_ETH,
460     .parent        = TYPE_SYS_BUS_DEVICE,
461     .instance_size = sizeof(mv88w8618_eth_state),
462     .instance_init = mv88w8618_eth_init,
463     .class_init    = mv88w8618_eth_class_init,
464 };
465 
466 /* LCD register offsets */
467 #define MP_LCD_IRQCTRL          0x180
468 #define MP_LCD_IRQSTAT          0x184
469 #define MP_LCD_SPICTRL          0x1ac
470 #define MP_LCD_INST             0x1bc
471 #define MP_LCD_DATA             0x1c0
472 
473 /* Mode magics */
474 #define MP_LCD_SPI_DATA         0x00100011
475 #define MP_LCD_SPI_CMD          0x00104011
476 #define MP_LCD_SPI_INVALID      0x00000000
477 
478 /* Commmands */
479 #define MP_LCD_INST_SETPAGE0    0xB0
480 /* ... */
481 #define MP_LCD_INST_SETPAGE7    0xB7
482 
483 #define MP_LCD_TEXTCOLOR        0xe0e0ff /* RRGGBB */
484 
485 #define TYPE_MUSICPAL_LCD "musicpal_lcd"
486 OBJECT_DECLARE_SIMPLE_TYPE(musicpal_lcd_state, MUSICPAL_LCD)
487 
488 struct musicpal_lcd_state {
489     /*< private >*/
490     SysBusDevice parent_obj;
491     /*< public >*/
492 
493     MemoryRegion iomem;
494     uint32_t brightness;
495     uint32_t mode;
496     uint32_t irqctrl;
497     uint32_t page;
498     uint32_t page_off;
499     QemuConsole *con;
500     uint8_t video_ram[128*64/8];
501 };
502 
503 static uint8_t scale_lcd_color(musicpal_lcd_state *s, uint8_t col)
504 {
505     switch (s->brightness) {
506     case 7:
507         return col;
508     case 0:
509         return 0;
510     default:
511         return (col * s->brightness) / 7;
512     }
513 }
514 
515 #define SET_LCD_PIXEL(depth, type) \
516 static inline void glue(set_lcd_pixel, depth) \
517         (musicpal_lcd_state *s, int x, int y, type col) \
518 { \
519     int dx, dy; \
520     DisplaySurface *surface = qemu_console_surface(s->con); \
521     type *pixel = &((type *) surface_data(surface))[(y * 128 * 3 + x) * 3]; \
522 \
523     for (dy = 0; dy < 3; dy++, pixel += 127 * 3) \
524         for (dx = 0; dx < 3; dx++, pixel++) \
525             *pixel = col; \
526 }
527 SET_LCD_PIXEL(8, uint8_t)
528 SET_LCD_PIXEL(16, uint16_t)
529 SET_LCD_PIXEL(32, uint32_t)
530 
531 static void lcd_refresh(void *opaque)
532 {
533     musicpal_lcd_state *s = opaque;
534     DisplaySurface *surface = qemu_console_surface(s->con);
535     int x, y, col;
536 
537     switch (surface_bits_per_pixel(surface)) {
538     case 0:
539         return;
540 #define LCD_REFRESH(depth, func) \
541     case depth: \
542         col = func(scale_lcd_color(s, (MP_LCD_TEXTCOLOR >> 16) & 0xff), \
543                    scale_lcd_color(s, (MP_LCD_TEXTCOLOR >> 8) & 0xff), \
544                    scale_lcd_color(s, MP_LCD_TEXTCOLOR & 0xff)); \
545         for (x = 0; x < 128; x++) { \
546             for (y = 0; y < 64; y++) { \
547                 if (s->video_ram[x + (y/8)*128] & (1 << (y % 8))) { \
548                     glue(set_lcd_pixel, depth)(s, x, y, col); \
549                 } else { \
550                     glue(set_lcd_pixel, depth)(s, x, y, 0); \
551                 } \
552             } \
553         } \
554         break;
555     LCD_REFRESH(8, rgb_to_pixel8)
556     LCD_REFRESH(16, rgb_to_pixel16)
557     LCD_REFRESH(32, (is_surface_bgr(surface) ?
558                      rgb_to_pixel32bgr : rgb_to_pixel32))
559     default:
560         hw_error("unsupported colour depth %i\n",
561                  surface_bits_per_pixel(surface));
562     }
563 
564     dpy_gfx_update(s->con, 0, 0, 128*3, 64*3);
565 }
566 
567 static void lcd_invalidate(void *opaque)
568 {
569 }
570 
571 static void musicpal_lcd_gpio_brightness_in(void *opaque, int irq, int level)
572 {
573     musicpal_lcd_state *s = opaque;
574     s->brightness &= ~(1 << irq);
575     s->brightness |= level << irq;
576 }
577 
578 static uint64_t musicpal_lcd_read(void *opaque, hwaddr offset,
579                                   unsigned size)
580 {
581     musicpal_lcd_state *s = opaque;
582 
583     switch (offset) {
584     case MP_LCD_IRQCTRL:
585         return s->irqctrl;
586 
587     default:
588         return 0;
589     }
590 }
591 
592 static void musicpal_lcd_write(void *opaque, hwaddr offset,
593                                uint64_t value, unsigned size)
594 {
595     musicpal_lcd_state *s = opaque;
596 
597     switch (offset) {
598     case MP_LCD_IRQCTRL:
599         s->irqctrl = value;
600         break;
601 
602     case MP_LCD_SPICTRL:
603         if (value == MP_LCD_SPI_DATA || value == MP_LCD_SPI_CMD) {
604             s->mode = value;
605         } else {
606             s->mode = MP_LCD_SPI_INVALID;
607         }
608         break;
609 
610     case MP_LCD_INST:
611         if (value >= MP_LCD_INST_SETPAGE0 && value <= MP_LCD_INST_SETPAGE7) {
612             s->page = value - MP_LCD_INST_SETPAGE0;
613             s->page_off = 0;
614         }
615         break;
616 
617     case MP_LCD_DATA:
618         if (s->mode == MP_LCD_SPI_CMD) {
619             if (value >= MP_LCD_INST_SETPAGE0 &&
620                 value <= MP_LCD_INST_SETPAGE7) {
621                 s->page = value - MP_LCD_INST_SETPAGE0;
622                 s->page_off = 0;
623             }
624         } else if (s->mode == MP_LCD_SPI_DATA) {
625             s->video_ram[s->page*128 + s->page_off] = value;
626             s->page_off = (s->page_off + 1) & 127;
627         }
628         break;
629     }
630 }
631 
632 static const MemoryRegionOps musicpal_lcd_ops = {
633     .read = musicpal_lcd_read,
634     .write = musicpal_lcd_write,
635     .endianness = DEVICE_NATIVE_ENDIAN,
636 };
637 
638 static const GraphicHwOps musicpal_gfx_ops = {
639     .invalidate  = lcd_invalidate,
640     .gfx_update  = lcd_refresh,
641 };
642 
643 static void musicpal_lcd_realize(DeviceState *dev, Error **errp)
644 {
645     musicpal_lcd_state *s = MUSICPAL_LCD(dev);
646     s->con = graphic_console_init(dev, 0, &musicpal_gfx_ops, s);
647     qemu_console_resize(s->con, 128 * 3, 64 * 3);
648 }
649 
650 static void musicpal_lcd_init(Object *obj)
651 {
652     SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
653     DeviceState *dev = DEVICE(sbd);
654     musicpal_lcd_state *s = MUSICPAL_LCD(dev);
655 
656     s->brightness = 7;
657 
658     memory_region_init_io(&s->iomem, obj, &musicpal_lcd_ops, s,
659                           "musicpal-lcd", MP_LCD_SIZE);
660     sysbus_init_mmio(sbd, &s->iomem);
661 
662     qdev_init_gpio_in(dev, musicpal_lcd_gpio_brightness_in, 3);
663 }
664 
665 static const VMStateDescription musicpal_lcd_vmsd = {
666     .name = "musicpal_lcd",
667     .version_id = 1,
668     .minimum_version_id = 1,
669     .fields = (VMStateField[]) {
670         VMSTATE_UINT32(brightness, musicpal_lcd_state),
671         VMSTATE_UINT32(mode, musicpal_lcd_state),
672         VMSTATE_UINT32(irqctrl, musicpal_lcd_state),
673         VMSTATE_UINT32(page, musicpal_lcd_state),
674         VMSTATE_UINT32(page_off, musicpal_lcd_state),
675         VMSTATE_BUFFER(video_ram, musicpal_lcd_state),
676         VMSTATE_END_OF_LIST()
677     }
678 };
679 
680 static void musicpal_lcd_class_init(ObjectClass *klass, void *data)
681 {
682     DeviceClass *dc = DEVICE_CLASS(klass);
683 
684     dc->vmsd = &musicpal_lcd_vmsd;
685     dc->realize = musicpal_lcd_realize;
686 }
687 
688 static const TypeInfo musicpal_lcd_info = {
689     .name          = TYPE_MUSICPAL_LCD,
690     .parent        = TYPE_SYS_BUS_DEVICE,
691     .instance_size = sizeof(musicpal_lcd_state),
692     .instance_init = musicpal_lcd_init,
693     .class_init    = musicpal_lcd_class_init,
694 };
695 
696 /* PIC register offsets */
697 #define MP_PIC_STATUS           0x00
698 #define MP_PIC_ENABLE_SET       0x08
699 #define MP_PIC_ENABLE_CLR       0x0C
700 
701 #define TYPE_MV88W8618_PIC "mv88w8618_pic"
702 OBJECT_DECLARE_SIMPLE_TYPE(mv88w8618_pic_state, MV88W8618_PIC)
703 
704 struct mv88w8618_pic_state {
705     /*< private >*/
706     SysBusDevice parent_obj;
707     /*< public >*/
708 
709     MemoryRegion iomem;
710     uint32_t level;
711     uint32_t enabled;
712     qemu_irq parent_irq;
713 };
714 
715 static void mv88w8618_pic_update(mv88w8618_pic_state *s)
716 {
717     qemu_set_irq(s->parent_irq, (s->level & s->enabled));
718 }
719 
720 static void mv88w8618_pic_set_irq(void *opaque, int irq, int level)
721 {
722     mv88w8618_pic_state *s = opaque;
723 
724     if (level) {
725         s->level |= 1 << irq;
726     } else {
727         s->level &= ~(1 << irq);
728     }
729     mv88w8618_pic_update(s);
730 }
731 
732 static uint64_t mv88w8618_pic_read(void *opaque, hwaddr offset,
733                                    unsigned size)
734 {
735     mv88w8618_pic_state *s = opaque;
736 
737     switch (offset) {
738     case MP_PIC_STATUS:
739         return s->level & s->enabled;
740 
741     default:
742         return 0;
743     }
744 }
745 
746 static void mv88w8618_pic_write(void *opaque, hwaddr offset,
747                                 uint64_t value, unsigned size)
748 {
749     mv88w8618_pic_state *s = opaque;
750 
751     switch (offset) {
752     case MP_PIC_ENABLE_SET:
753         s->enabled |= value;
754         break;
755 
756     case MP_PIC_ENABLE_CLR:
757         s->enabled &= ~value;
758         s->level &= ~value;
759         break;
760     }
761     mv88w8618_pic_update(s);
762 }
763 
764 static void mv88w8618_pic_reset(DeviceState *d)
765 {
766     mv88w8618_pic_state *s = MV88W8618_PIC(d);
767 
768     s->level = 0;
769     s->enabled = 0;
770 }
771 
772 static const MemoryRegionOps mv88w8618_pic_ops = {
773     .read = mv88w8618_pic_read,
774     .write = mv88w8618_pic_write,
775     .endianness = DEVICE_NATIVE_ENDIAN,
776 };
777 
778 static void mv88w8618_pic_init(Object *obj)
779 {
780     SysBusDevice *dev = SYS_BUS_DEVICE(obj);
781     mv88w8618_pic_state *s = MV88W8618_PIC(dev);
782 
783     qdev_init_gpio_in(DEVICE(dev), mv88w8618_pic_set_irq, 32);
784     sysbus_init_irq(dev, &s->parent_irq);
785     memory_region_init_io(&s->iomem, obj, &mv88w8618_pic_ops, s,
786                           "musicpal-pic", MP_PIC_SIZE);
787     sysbus_init_mmio(dev, &s->iomem);
788 }
789 
790 static const VMStateDescription mv88w8618_pic_vmsd = {
791     .name = "mv88w8618_pic",
792     .version_id = 1,
793     .minimum_version_id = 1,
794     .fields = (VMStateField[]) {
795         VMSTATE_UINT32(level, mv88w8618_pic_state),
796         VMSTATE_UINT32(enabled, mv88w8618_pic_state),
797         VMSTATE_END_OF_LIST()
798     }
799 };
800 
801 static void mv88w8618_pic_class_init(ObjectClass *klass, void *data)
802 {
803     DeviceClass *dc = DEVICE_CLASS(klass);
804 
805     dc->reset = mv88w8618_pic_reset;
806     dc->vmsd = &mv88w8618_pic_vmsd;
807 }
808 
809 static const TypeInfo mv88w8618_pic_info = {
810     .name          = TYPE_MV88W8618_PIC,
811     .parent        = TYPE_SYS_BUS_DEVICE,
812     .instance_size = sizeof(mv88w8618_pic_state),
813     .instance_init = mv88w8618_pic_init,
814     .class_init    = mv88w8618_pic_class_init,
815 };
816 
817 /* PIT register offsets */
818 #define MP_PIT_TIMER1_LENGTH    0x00
819 /* ... */
820 #define MP_PIT_TIMER4_LENGTH    0x0C
821 #define MP_PIT_CONTROL          0x10
822 #define MP_PIT_TIMER1_VALUE     0x14
823 /* ... */
824 #define MP_PIT_TIMER4_VALUE     0x20
825 #define MP_BOARD_RESET          0x34
826 
827 /* Magic board reset value (probably some watchdog behind it) */
828 #define MP_BOARD_RESET_MAGIC    0x10000
829 
830 typedef struct mv88w8618_timer_state {
831     ptimer_state *ptimer;
832     uint32_t limit;
833     int freq;
834     qemu_irq irq;
835 } mv88w8618_timer_state;
836 
837 #define TYPE_MV88W8618_PIT "mv88w8618_pit"
838 OBJECT_DECLARE_SIMPLE_TYPE(mv88w8618_pit_state, MV88W8618_PIT)
839 
840 struct mv88w8618_pit_state {
841     /*< private >*/
842     SysBusDevice parent_obj;
843     /*< public >*/
844 
845     MemoryRegion iomem;
846     mv88w8618_timer_state timer[4];
847 };
848 
849 static void mv88w8618_timer_tick(void *opaque)
850 {
851     mv88w8618_timer_state *s = opaque;
852 
853     qemu_irq_raise(s->irq);
854 }
855 
856 static void mv88w8618_timer_init(SysBusDevice *dev, mv88w8618_timer_state *s,
857                                  uint32_t freq)
858 {
859     sysbus_init_irq(dev, &s->irq);
860     s->freq = freq;
861 
862     s->ptimer = ptimer_init(mv88w8618_timer_tick, s, PTIMER_POLICY_DEFAULT);
863 }
864 
865 static uint64_t mv88w8618_pit_read(void *opaque, hwaddr offset,
866                                    unsigned size)
867 {
868     mv88w8618_pit_state *s = opaque;
869     mv88w8618_timer_state *t;
870 
871     switch (offset) {
872     case MP_PIT_TIMER1_VALUE ... MP_PIT_TIMER4_VALUE:
873         t = &s->timer[(offset-MP_PIT_TIMER1_VALUE) >> 2];
874         return ptimer_get_count(t->ptimer);
875 
876     default:
877         return 0;
878     }
879 }
880 
881 static void mv88w8618_pit_write(void *opaque, hwaddr offset,
882                                 uint64_t value, unsigned size)
883 {
884     mv88w8618_pit_state *s = opaque;
885     mv88w8618_timer_state *t;
886     int i;
887 
888     switch (offset) {
889     case MP_PIT_TIMER1_LENGTH ... MP_PIT_TIMER4_LENGTH:
890         t = &s->timer[offset >> 2];
891         t->limit = value;
892         ptimer_transaction_begin(t->ptimer);
893         if (t->limit > 0) {
894             ptimer_set_limit(t->ptimer, t->limit, 1);
895         } else {
896             ptimer_stop(t->ptimer);
897         }
898         ptimer_transaction_commit(t->ptimer);
899         break;
900 
901     case MP_PIT_CONTROL:
902         for (i = 0; i < 4; i++) {
903             t = &s->timer[i];
904             ptimer_transaction_begin(t->ptimer);
905             if (value & 0xf && t->limit > 0) {
906                 ptimer_set_limit(t->ptimer, t->limit, 0);
907                 ptimer_set_freq(t->ptimer, t->freq);
908                 ptimer_run(t->ptimer, 0);
909             } else {
910                 ptimer_stop(t->ptimer);
911             }
912             ptimer_transaction_commit(t->ptimer);
913             value >>= 4;
914         }
915         break;
916 
917     case MP_BOARD_RESET:
918         if (value == MP_BOARD_RESET_MAGIC) {
919             qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET);
920         }
921         break;
922     }
923 }
924 
925 static void mv88w8618_pit_reset(DeviceState *d)
926 {
927     mv88w8618_pit_state *s = MV88W8618_PIT(d);
928     int i;
929 
930     for (i = 0; i < 4; i++) {
931         mv88w8618_timer_state *t = &s->timer[i];
932         ptimer_transaction_begin(t->ptimer);
933         ptimer_stop(t->ptimer);
934         ptimer_transaction_commit(t->ptimer);
935         t->limit = 0;
936     }
937 }
938 
939 static const MemoryRegionOps mv88w8618_pit_ops = {
940     .read = mv88w8618_pit_read,
941     .write = mv88w8618_pit_write,
942     .endianness = DEVICE_NATIVE_ENDIAN,
943 };
944 
945 static void mv88w8618_pit_init(Object *obj)
946 {
947     SysBusDevice *dev = SYS_BUS_DEVICE(obj);
948     mv88w8618_pit_state *s = MV88W8618_PIT(dev);
949     int i;
950 
951     /* Letting them all run at 1 MHz is likely just a pragmatic
952      * simplification. */
953     for (i = 0; i < 4; i++) {
954         mv88w8618_timer_init(dev, &s->timer[i], 1000000);
955     }
956 
957     memory_region_init_io(&s->iomem, obj, &mv88w8618_pit_ops, s,
958                           "musicpal-pit", MP_PIT_SIZE);
959     sysbus_init_mmio(dev, &s->iomem);
960 }
961 
962 static void mv88w8618_pit_finalize(Object *obj)
963 {
964     SysBusDevice *dev = SYS_BUS_DEVICE(obj);
965     mv88w8618_pit_state *s = MV88W8618_PIT(dev);
966     int i;
967 
968     for (i = 0; i < 4; i++) {
969         ptimer_free(s->timer[i].ptimer);
970     }
971 }
972 
973 static const VMStateDescription mv88w8618_timer_vmsd = {
974     .name = "timer",
975     .version_id = 1,
976     .minimum_version_id = 1,
977     .fields = (VMStateField[]) {
978         VMSTATE_PTIMER(ptimer, mv88w8618_timer_state),
979         VMSTATE_UINT32(limit, mv88w8618_timer_state),
980         VMSTATE_END_OF_LIST()
981     }
982 };
983 
984 static const VMStateDescription mv88w8618_pit_vmsd = {
985     .name = "mv88w8618_pit",
986     .version_id = 1,
987     .minimum_version_id = 1,
988     .fields = (VMStateField[]) {
989         VMSTATE_STRUCT_ARRAY(timer, mv88w8618_pit_state, 4, 1,
990                              mv88w8618_timer_vmsd, mv88w8618_timer_state),
991         VMSTATE_END_OF_LIST()
992     }
993 };
994 
995 static void mv88w8618_pit_class_init(ObjectClass *klass, void *data)
996 {
997     DeviceClass *dc = DEVICE_CLASS(klass);
998 
999     dc->reset = mv88w8618_pit_reset;
1000     dc->vmsd = &mv88w8618_pit_vmsd;
1001 }
1002 
1003 static const TypeInfo mv88w8618_pit_info = {
1004     .name          = TYPE_MV88W8618_PIT,
1005     .parent        = TYPE_SYS_BUS_DEVICE,
1006     .instance_size = sizeof(mv88w8618_pit_state),
1007     .instance_init = mv88w8618_pit_init,
1008     .instance_finalize = mv88w8618_pit_finalize,
1009     .class_init    = mv88w8618_pit_class_init,
1010 };
1011 
1012 /* Flash config register offsets */
1013 #define MP_FLASHCFG_CFGR0    0x04
1014 
1015 #define TYPE_MV88W8618_FLASHCFG "mv88w8618_flashcfg"
1016 OBJECT_DECLARE_SIMPLE_TYPE(mv88w8618_flashcfg_state, MV88W8618_FLASHCFG)
1017 
1018 struct mv88w8618_flashcfg_state {
1019     /*< private >*/
1020     SysBusDevice parent_obj;
1021     /*< public >*/
1022 
1023     MemoryRegion iomem;
1024     uint32_t cfgr0;
1025 };
1026 
1027 static uint64_t mv88w8618_flashcfg_read(void *opaque,
1028                                         hwaddr offset,
1029                                         unsigned size)
1030 {
1031     mv88w8618_flashcfg_state *s = opaque;
1032 
1033     switch (offset) {
1034     case MP_FLASHCFG_CFGR0:
1035         return s->cfgr0;
1036 
1037     default:
1038         return 0;
1039     }
1040 }
1041 
1042 static void mv88w8618_flashcfg_write(void *opaque, hwaddr offset,
1043                                      uint64_t value, unsigned size)
1044 {
1045     mv88w8618_flashcfg_state *s = opaque;
1046 
1047     switch (offset) {
1048     case MP_FLASHCFG_CFGR0:
1049         s->cfgr0 = value;
1050         break;
1051     }
1052 }
1053 
1054 static const MemoryRegionOps mv88w8618_flashcfg_ops = {
1055     .read = mv88w8618_flashcfg_read,
1056     .write = mv88w8618_flashcfg_write,
1057     .endianness = DEVICE_NATIVE_ENDIAN,
1058 };
1059 
1060 static void mv88w8618_flashcfg_init(Object *obj)
1061 {
1062     SysBusDevice *dev = SYS_BUS_DEVICE(obj);
1063     mv88w8618_flashcfg_state *s = MV88W8618_FLASHCFG(dev);
1064 
1065     s->cfgr0 = 0xfffe4285; /* Default as set by U-Boot for 8 MB flash */
1066     memory_region_init_io(&s->iomem, obj, &mv88w8618_flashcfg_ops, s,
1067                           "musicpal-flashcfg", MP_FLASHCFG_SIZE);
1068     sysbus_init_mmio(dev, &s->iomem);
1069 }
1070 
1071 static const VMStateDescription mv88w8618_flashcfg_vmsd = {
1072     .name = "mv88w8618_flashcfg",
1073     .version_id = 1,
1074     .minimum_version_id = 1,
1075     .fields = (VMStateField[]) {
1076         VMSTATE_UINT32(cfgr0, mv88w8618_flashcfg_state),
1077         VMSTATE_END_OF_LIST()
1078     }
1079 };
1080 
1081 static void mv88w8618_flashcfg_class_init(ObjectClass *klass, void *data)
1082 {
1083     DeviceClass *dc = DEVICE_CLASS(klass);
1084 
1085     dc->vmsd = &mv88w8618_flashcfg_vmsd;
1086 }
1087 
1088 static const TypeInfo mv88w8618_flashcfg_info = {
1089     .name          = TYPE_MV88W8618_FLASHCFG,
1090     .parent        = TYPE_SYS_BUS_DEVICE,
1091     .instance_size = sizeof(mv88w8618_flashcfg_state),
1092     .instance_init = mv88w8618_flashcfg_init,
1093     .class_init    = mv88w8618_flashcfg_class_init,
1094 };
1095 
1096 /* Misc register offsets */
1097 #define MP_MISC_BOARD_REVISION  0x18
1098 
1099 #define MP_BOARD_REVISION       0x31
1100 
1101 struct MusicPalMiscState {
1102     SysBusDevice parent_obj;
1103     MemoryRegion iomem;
1104 };
1105 
1106 #define TYPE_MUSICPAL_MISC "musicpal-misc"
1107 OBJECT_DECLARE_SIMPLE_TYPE(MusicPalMiscState, MUSICPAL_MISC)
1108 
1109 static uint64_t musicpal_misc_read(void *opaque, hwaddr offset,
1110                                    unsigned size)
1111 {
1112     switch (offset) {
1113     case MP_MISC_BOARD_REVISION:
1114         return MP_BOARD_REVISION;
1115 
1116     default:
1117         return 0;
1118     }
1119 }
1120 
1121 static void musicpal_misc_write(void *opaque, hwaddr offset,
1122                                 uint64_t value, unsigned size)
1123 {
1124 }
1125 
1126 static const MemoryRegionOps musicpal_misc_ops = {
1127     .read = musicpal_misc_read,
1128     .write = musicpal_misc_write,
1129     .endianness = DEVICE_NATIVE_ENDIAN,
1130 };
1131 
1132 static void musicpal_misc_init(Object *obj)
1133 {
1134     SysBusDevice *sd = SYS_BUS_DEVICE(obj);
1135     MusicPalMiscState *s = MUSICPAL_MISC(obj);
1136 
1137     memory_region_init_io(&s->iomem, OBJECT(s), &musicpal_misc_ops, NULL,
1138                           "musicpal-misc", MP_MISC_SIZE);
1139     sysbus_init_mmio(sd, &s->iomem);
1140 }
1141 
1142 static const TypeInfo musicpal_misc_info = {
1143     .name = TYPE_MUSICPAL_MISC,
1144     .parent = TYPE_SYS_BUS_DEVICE,
1145     .instance_init = musicpal_misc_init,
1146     .instance_size = sizeof(MusicPalMiscState),
1147 };
1148 
1149 /* WLAN register offsets */
1150 #define MP_WLAN_MAGIC1          0x11c
1151 #define MP_WLAN_MAGIC2          0x124
1152 
1153 static uint64_t mv88w8618_wlan_read(void *opaque, hwaddr offset,
1154                                     unsigned size)
1155 {
1156     switch (offset) {
1157     /* Workaround to allow loading the binary-only wlandrv.ko crap
1158      * from the original Freecom firmware. */
1159     case MP_WLAN_MAGIC1:
1160         return ~3;
1161     case MP_WLAN_MAGIC2:
1162         return -1;
1163 
1164     default:
1165         return 0;
1166     }
1167 }
1168 
1169 static void mv88w8618_wlan_write(void *opaque, hwaddr offset,
1170                                  uint64_t value, unsigned size)
1171 {
1172 }
1173 
1174 static const MemoryRegionOps mv88w8618_wlan_ops = {
1175     .read = mv88w8618_wlan_read,
1176     .write =mv88w8618_wlan_write,
1177     .endianness = DEVICE_NATIVE_ENDIAN,
1178 };
1179 
1180 static void mv88w8618_wlan_realize(DeviceState *dev, Error **errp)
1181 {
1182     MemoryRegion *iomem = g_new(MemoryRegion, 1);
1183 
1184     memory_region_init_io(iomem, OBJECT(dev), &mv88w8618_wlan_ops, NULL,
1185                           "musicpal-wlan", MP_WLAN_SIZE);
1186     sysbus_init_mmio(SYS_BUS_DEVICE(dev), iomem);
1187 }
1188 
1189 /* GPIO register offsets */
1190 #define MP_GPIO_OE_LO           0x008
1191 #define MP_GPIO_OUT_LO          0x00c
1192 #define MP_GPIO_IN_LO           0x010
1193 #define MP_GPIO_IER_LO          0x014
1194 #define MP_GPIO_IMR_LO          0x018
1195 #define MP_GPIO_ISR_LO          0x020
1196 #define MP_GPIO_OE_HI           0x508
1197 #define MP_GPIO_OUT_HI          0x50c
1198 #define MP_GPIO_IN_HI           0x510
1199 #define MP_GPIO_IER_HI          0x514
1200 #define MP_GPIO_IMR_HI          0x518
1201 #define MP_GPIO_ISR_HI          0x520
1202 
1203 /* GPIO bits & masks */
1204 #define MP_GPIO_LCD_BRIGHTNESS  0x00070000
1205 #define MP_GPIO_I2C_DATA_BIT    29
1206 #define MP_GPIO_I2C_CLOCK_BIT   30
1207 
1208 /* LCD brightness bits in GPIO_OE_HI */
1209 #define MP_OE_LCD_BRIGHTNESS    0x0007
1210 
1211 #define TYPE_MUSICPAL_GPIO "musicpal_gpio"
1212 OBJECT_DECLARE_SIMPLE_TYPE(musicpal_gpio_state, MUSICPAL_GPIO)
1213 
1214 struct musicpal_gpio_state {
1215     /*< private >*/
1216     SysBusDevice parent_obj;
1217     /*< public >*/
1218 
1219     MemoryRegion iomem;
1220     uint32_t lcd_brightness;
1221     uint32_t out_state;
1222     uint32_t in_state;
1223     uint32_t ier;
1224     uint32_t imr;
1225     uint32_t isr;
1226     qemu_irq irq;
1227     qemu_irq out[5]; /* 3 brightness out + 2 lcd (data and clock ) */
1228 };
1229 
1230 static void musicpal_gpio_brightness_update(musicpal_gpio_state *s) {
1231     int i;
1232     uint32_t brightness;
1233 
1234     /* compute brightness ratio */
1235     switch (s->lcd_brightness) {
1236     case 0x00000007:
1237         brightness = 0;
1238         break;
1239 
1240     case 0x00020000:
1241         brightness = 1;
1242         break;
1243 
1244     case 0x00020001:
1245         brightness = 2;
1246         break;
1247 
1248     case 0x00040000:
1249         brightness = 3;
1250         break;
1251 
1252     case 0x00010006:
1253         brightness = 4;
1254         break;
1255 
1256     case 0x00020005:
1257         brightness = 5;
1258         break;
1259 
1260     case 0x00040003:
1261         brightness = 6;
1262         break;
1263 
1264     case 0x00030004:
1265     default:
1266         brightness = 7;
1267     }
1268 
1269     /* set lcd brightness GPIOs  */
1270     for (i = 0; i <= 2; i++) {
1271         qemu_set_irq(s->out[i], (brightness >> i) & 1);
1272     }
1273 }
1274 
1275 static void musicpal_gpio_pin_event(void *opaque, int pin, int level)
1276 {
1277     musicpal_gpio_state *s = opaque;
1278     uint32_t mask = 1 << pin;
1279     uint32_t delta = level << pin;
1280     uint32_t old = s->in_state & mask;
1281 
1282     s->in_state &= ~mask;
1283     s->in_state |= delta;
1284 
1285     if ((old ^ delta) &&
1286         ((level && (s->imr & mask)) || (!level && (s->ier & mask)))) {
1287         s->isr = mask;
1288         qemu_irq_raise(s->irq);
1289     }
1290 }
1291 
1292 static uint64_t musicpal_gpio_read(void *opaque, hwaddr offset,
1293                                    unsigned size)
1294 {
1295     musicpal_gpio_state *s = opaque;
1296 
1297     switch (offset) {
1298     case MP_GPIO_OE_HI: /* used for LCD brightness control */
1299         return s->lcd_brightness & MP_OE_LCD_BRIGHTNESS;
1300 
1301     case MP_GPIO_OUT_LO:
1302         return s->out_state & 0xFFFF;
1303     case MP_GPIO_OUT_HI:
1304         return s->out_state >> 16;
1305 
1306     case MP_GPIO_IN_LO:
1307         return s->in_state & 0xFFFF;
1308     case MP_GPIO_IN_HI:
1309         return s->in_state >> 16;
1310 
1311     case MP_GPIO_IER_LO:
1312         return s->ier & 0xFFFF;
1313     case MP_GPIO_IER_HI:
1314         return s->ier >> 16;
1315 
1316     case MP_GPIO_IMR_LO:
1317         return s->imr & 0xFFFF;
1318     case MP_GPIO_IMR_HI:
1319         return s->imr >> 16;
1320 
1321     case MP_GPIO_ISR_LO:
1322         return s->isr & 0xFFFF;
1323     case MP_GPIO_ISR_HI:
1324         return s->isr >> 16;
1325 
1326     default:
1327         return 0;
1328     }
1329 }
1330 
1331 static void musicpal_gpio_write(void *opaque, hwaddr offset,
1332                                 uint64_t value, unsigned size)
1333 {
1334     musicpal_gpio_state *s = opaque;
1335     switch (offset) {
1336     case MP_GPIO_OE_HI: /* used for LCD brightness control */
1337         s->lcd_brightness = (s->lcd_brightness & MP_GPIO_LCD_BRIGHTNESS) |
1338                          (value & MP_OE_LCD_BRIGHTNESS);
1339         musicpal_gpio_brightness_update(s);
1340         break;
1341 
1342     case MP_GPIO_OUT_LO:
1343         s->out_state = (s->out_state & 0xFFFF0000) | (value & 0xFFFF);
1344         break;
1345     case MP_GPIO_OUT_HI:
1346         s->out_state = (s->out_state & 0xFFFF) | (value << 16);
1347         s->lcd_brightness = (s->lcd_brightness & 0xFFFF) |
1348                             (s->out_state & MP_GPIO_LCD_BRIGHTNESS);
1349         musicpal_gpio_brightness_update(s);
1350         qemu_set_irq(s->out[3], (s->out_state >> MP_GPIO_I2C_DATA_BIT) & 1);
1351         qemu_set_irq(s->out[4], (s->out_state >> MP_GPIO_I2C_CLOCK_BIT) & 1);
1352         break;
1353 
1354     case MP_GPIO_IER_LO:
1355         s->ier = (s->ier & 0xFFFF0000) | (value & 0xFFFF);
1356         break;
1357     case MP_GPIO_IER_HI:
1358         s->ier = (s->ier & 0xFFFF) | (value << 16);
1359         break;
1360 
1361     case MP_GPIO_IMR_LO:
1362         s->imr = (s->imr & 0xFFFF0000) | (value & 0xFFFF);
1363         break;
1364     case MP_GPIO_IMR_HI:
1365         s->imr = (s->imr & 0xFFFF) | (value << 16);
1366         break;
1367     }
1368 }
1369 
1370 static const MemoryRegionOps musicpal_gpio_ops = {
1371     .read = musicpal_gpio_read,
1372     .write = musicpal_gpio_write,
1373     .endianness = DEVICE_NATIVE_ENDIAN,
1374 };
1375 
1376 static void musicpal_gpio_reset(DeviceState *d)
1377 {
1378     musicpal_gpio_state *s = MUSICPAL_GPIO(d);
1379 
1380     s->lcd_brightness = 0;
1381     s->out_state = 0;
1382     s->in_state = 0xffffffff;
1383     s->ier = 0;
1384     s->imr = 0;
1385     s->isr = 0;
1386 }
1387 
1388 static void musicpal_gpio_init(Object *obj)
1389 {
1390     SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
1391     DeviceState *dev = DEVICE(sbd);
1392     musicpal_gpio_state *s = MUSICPAL_GPIO(dev);
1393 
1394     sysbus_init_irq(sbd, &s->irq);
1395 
1396     memory_region_init_io(&s->iomem, obj, &musicpal_gpio_ops, s,
1397                           "musicpal-gpio", MP_GPIO_SIZE);
1398     sysbus_init_mmio(sbd, &s->iomem);
1399 
1400     qdev_init_gpio_out(dev, s->out, ARRAY_SIZE(s->out));
1401 
1402     qdev_init_gpio_in(dev, musicpal_gpio_pin_event, 32);
1403 }
1404 
1405 static const VMStateDescription musicpal_gpio_vmsd = {
1406     .name = "musicpal_gpio",
1407     .version_id = 1,
1408     .minimum_version_id = 1,
1409     .fields = (VMStateField[]) {
1410         VMSTATE_UINT32(lcd_brightness, musicpal_gpio_state),
1411         VMSTATE_UINT32(out_state, musicpal_gpio_state),
1412         VMSTATE_UINT32(in_state, musicpal_gpio_state),
1413         VMSTATE_UINT32(ier, musicpal_gpio_state),
1414         VMSTATE_UINT32(imr, musicpal_gpio_state),
1415         VMSTATE_UINT32(isr, musicpal_gpio_state),
1416         VMSTATE_END_OF_LIST()
1417     }
1418 };
1419 
1420 static void musicpal_gpio_class_init(ObjectClass *klass, void *data)
1421 {
1422     DeviceClass *dc = DEVICE_CLASS(klass);
1423 
1424     dc->reset = musicpal_gpio_reset;
1425     dc->vmsd = &musicpal_gpio_vmsd;
1426 }
1427 
1428 static const TypeInfo musicpal_gpio_info = {
1429     .name          = TYPE_MUSICPAL_GPIO,
1430     .parent        = TYPE_SYS_BUS_DEVICE,
1431     .instance_size = sizeof(musicpal_gpio_state),
1432     .instance_init = musicpal_gpio_init,
1433     .class_init    = musicpal_gpio_class_init,
1434 };
1435 
1436 /* Keyboard codes & masks */
1437 #define KEY_RELEASED            0x80
1438 #define KEY_CODE                0x7f
1439 
1440 #define KEYCODE_TAB             0x0f
1441 #define KEYCODE_ENTER           0x1c
1442 #define KEYCODE_F               0x21
1443 #define KEYCODE_M               0x32
1444 
1445 #define KEYCODE_EXTENDED        0xe0
1446 #define KEYCODE_UP              0x48
1447 #define KEYCODE_DOWN            0x50
1448 #define KEYCODE_LEFT            0x4b
1449 #define KEYCODE_RIGHT           0x4d
1450 
1451 #define MP_KEY_WHEEL_VOL       (1 << 0)
1452 #define MP_KEY_WHEEL_VOL_INV   (1 << 1)
1453 #define MP_KEY_WHEEL_NAV       (1 << 2)
1454 #define MP_KEY_WHEEL_NAV_INV   (1 << 3)
1455 #define MP_KEY_BTN_FAVORITS    (1 << 4)
1456 #define MP_KEY_BTN_MENU        (1 << 5)
1457 #define MP_KEY_BTN_VOLUME      (1 << 6)
1458 #define MP_KEY_BTN_NAVIGATION  (1 << 7)
1459 
1460 #define TYPE_MUSICPAL_KEY "musicpal_key"
1461 OBJECT_DECLARE_SIMPLE_TYPE(musicpal_key_state, MUSICPAL_KEY)
1462 
1463 struct musicpal_key_state {
1464     /*< private >*/
1465     SysBusDevice parent_obj;
1466     /*< public >*/
1467 
1468     MemoryRegion iomem;
1469     uint32_t kbd_extended;
1470     uint32_t pressed_keys;
1471     qemu_irq out[8];
1472 };
1473 
1474 static void musicpal_key_event(void *opaque, int keycode)
1475 {
1476     musicpal_key_state *s = opaque;
1477     uint32_t event = 0;
1478     int i;
1479 
1480     if (keycode == KEYCODE_EXTENDED) {
1481         s->kbd_extended = 1;
1482         return;
1483     }
1484 
1485     if (s->kbd_extended) {
1486         switch (keycode & KEY_CODE) {
1487         case KEYCODE_UP:
1488             event = MP_KEY_WHEEL_NAV | MP_KEY_WHEEL_NAV_INV;
1489             break;
1490 
1491         case KEYCODE_DOWN:
1492             event = MP_KEY_WHEEL_NAV;
1493             break;
1494 
1495         case KEYCODE_LEFT:
1496             event = MP_KEY_WHEEL_VOL | MP_KEY_WHEEL_VOL_INV;
1497             break;
1498 
1499         case KEYCODE_RIGHT:
1500             event = MP_KEY_WHEEL_VOL;
1501             break;
1502         }
1503     } else {
1504         switch (keycode & KEY_CODE) {
1505         case KEYCODE_F:
1506             event = MP_KEY_BTN_FAVORITS;
1507             break;
1508 
1509         case KEYCODE_TAB:
1510             event = MP_KEY_BTN_VOLUME;
1511             break;
1512 
1513         case KEYCODE_ENTER:
1514             event = MP_KEY_BTN_NAVIGATION;
1515             break;
1516 
1517         case KEYCODE_M:
1518             event = MP_KEY_BTN_MENU;
1519             break;
1520         }
1521         /* Do not repeat already pressed buttons */
1522         if (!(keycode & KEY_RELEASED) && (s->pressed_keys & event)) {
1523             event = 0;
1524         }
1525     }
1526 
1527     if (event) {
1528         /* Raise GPIO pin first if repeating a key */
1529         if (!(keycode & KEY_RELEASED) && (s->pressed_keys & event)) {
1530             for (i = 0; i <= 7; i++) {
1531                 if (event & (1 << i)) {
1532                     qemu_set_irq(s->out[i], 1);
1533                 }
1534             }
1535         }
1536         for (i = 0; i <= 7; i++) {
1537             if (event & (1 << i)) {
1538                 qemu_set_irq(s->out[i], !!(keycode & KEY_RELEASED));
1539             }
1540         }
1541         if (keycode & KEY_RELEASED) {
1542             s->pressed_keys &= ~event;
1543         } else {
1544             s->pressed_keys |= event;
1545         }
1546     }
1547 
1548     s->kbd_extended = 0;
1549 }
1550 
1551 static void musicpal_key_init(Object *obj)
1552 {
1553     SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
1554     DeviceState *dev = DEVICE(sbd);
1555     musicpal_key_state *s = MUSICPAL_KEY(dev);
1556 
1557     memory_region_init(&s->iomem, obj, "dummy", 0);
1558     sysbus_init_mmio(sbd, &s->iomem);
1559 
1560     s->kbd_extended = 0;
1561     s->pressed_keys = 0;
1562 
1563     qdev_init_gpio_out(dev, s->out, ARRAY_SIZE(s->out));
1564 
1565     qemu_add_kbd_event_handler(musicpal_key_event, s);
1566 }
1567 
1568 static const VMStateDescription musicpal_key_vmsd = {
1569     .name = "musicpal_key",
1570     .version_id = 1,
1571     .minimum_version_id = 1,
1572     .fields = (VMStateField[]) {
1573         VMSTATE_UINT32(kbd_extended, musicpal_key_state),
1574         VMSTATE_UINT32(pressed_keys, musicpal_key_state),
1575         VMSTATE_END_OF_LIST()
1576     }
1577 };
1578 
1579 static void musicpal_key_class_init(ObjectClass *klass, void *data)
1580 {
1581     DeviceClass *dc = DEVICE_CLASS(klass);
1582 
1583     dc->vmsd = &musicpal_key_vmsd;
1584 }
1585 
1586 static const TypeInfo musicpal_key_info = {
1587     .name          = TYPE_MUSICPAL_KEY,
1588     .parent        = TYPE_SYS_BUS_DEVICE,
1589     .instance_size = sizeof(musicpal_key_state),
1590     .instance_init = musicpal_key_init,
1591     .class_init    = musicpal_key_class_init,
1592 };
1593 
1594 static struct arm_boot_info musicpal_binfo = {
1595     .loader_start = 0x0,
1596     .board_id = 0x20e,
1597 };
1598 
1599 static void musicpal_init(MachineState *machine)
1600 {
1601     ARMCPU *cpu;
1602     DeviceState *dev;
1603     DeviceState *pic;
1604     DeviceState *uart_orgate;
1605     DeviceState *i2c_dev;
1606     DeviceState *lcd_dev;
1607     DeviceState *key_dev;
1608     I2CSlave *wm8750_dev;
1609     SysBusDevice *s;
1610     I2CBus *i2c;
1611     int i;
1612     unsigned long flash_size;
1613     DriveInfo *dinfo;
1614     MachineClass *mc = MACHINE_GET_CLASS(machine);
1615     MemoryRegion *address_space_mem = get_system_memory();
1616     MemoryRegion *sram = g_new(MemoryRegion, 1);
1617 
1618     /* For now we use a fixed - the original - RAM size */
1619     if (machine->ram_size != mc->default_ram_size) {
1620         char *sz = size_to_str(mc->default_ram_size);
1621         error_report("Invalid RAM size, should be %s", sz);
1622         g_free(sz);
1623         exit(EXIT_FAILURE);
1624     }
1625 
1626     cpu = ARM_CPU(cpu_create(machine->cpu_type));
1627 
1628     memory_region_add_subregion(address_space_mem, 0, machine->ram);
1629 
1630     memory_region_init_ram(sram, NULL, "musicpal.sram", MP_SRAM_SIZE,
1631                            &error_fatal);
1632     memory_region_add_subregion(address_space_mem, MP_SRAM_BASE, sram);
1633 
1634     pic = sysbus_create_simple(TYPE_MV88W8618_PIC, MP_PIC_BASE,
1635                                qdev_get_gpio_in(DEVICE(cpu), ARM_CPU_IRQ));
1636     sysbus_create_varargs(TYPE_MV88W8618_PIT, MP_PIT_BASE,
1637                           qdev_get_gpio_in(pic, MP_TIMER1_IRQ),
1638                           qdev_get_gpio_in(pic, MP_TIMER2_IRQ),
1639                           qdev_get_gpio_in(pic, MP_TIMER3_IRQ),
1640                           qdev_get_gpio_in(pic, MP_TIMER4_IRQ), NULL);
1641 
1642     /* Logically OR both UART IRQs together */
1643     uart_orgate = DEVICE(object_new(TYPE_OR_IRQ));
1644     object_property_set_int(OBJECT(uart_orgate), "num-lines", 2, &error_fatal);
1645     qdev_realize_and_unref(uart_orgate, NULL, &error_fatal);
1646     qdev_connect_gpio_out(DEVICE(uart_orgate), 0,
1647                           qdev_get_gpio_in(pic, MP_UART_SHARED_IRQ));
1648 
1649     serial_mm_init(address_space_mem, MP_UART1_BASE, 2,
1650                    qdev_get_gpio_in(uart_orgate, 0),
1651                    1825000, serial_hd(0), DEVICE_NATIVE_ENDIAN);
1652     serial_mm_init(address_space_mem, MP_UART2_BASE, 2,
1653                    qdev_get_gpio_in(uart_orgate, 1),
1654                    1825000, serial_hd(1), DEVICE_NATIVE_ENDIAN);
1655 
1656     /* Register flash */
1657     dinfo = drive_get(IF_PFLASH, 0, 0);
1658     if (dinfo) {
1659         BlockBackend *blk = blk_by_legacy_dinfo(dinfo);
1660 
1661         flash_size = blk_getlength(blk);
1662         if (flash_size != 8*1024*1024 && flash_size != 16*1024*1024 &&
1663             flash_size != 32*1024*1024) {
1664             error_report("Invalid flash image size");
1665             exit(1);
1666         }
1667 
1668         /*
1669          * The original U-Boot accesses the flash at 0xFE000000 instead of
1670          * 0xFF800000 (if there is 8 MB flash). So remap flash access if the
1671          * image is smaller than 32 MB.
1672          */
1673         pflash_cfi02_register(0x100000000ULL - MP_FLASH_SIZE_MAX,
1674                               "musicpal.flash", flash_size,
1675                               blk, 0x10000,
1676                               MP_FLASH_SIZE_MAX / flash_size,
1677                               2, 0x00BF, 0x236D, 0x0000, 0x0000,
1678                               0x5555, 0x2AAA, 0);
1679     }
1680     sysbus_create_simple(TYPE_MV88W8618_FLASHCFG, MP_FLASHCFG_BASE, NULL);
1681 
1682     qemu_check_nic_model(&nd_table[0], "mv88w8618");
1683     dev = qdev_new(TYPE_MV88W8618_ETH);
1684     qdev_set_nic_properties(dev, &nd_table[0]);
1685     object_property_set_link(OBJECT(dev), "dma-memory",
1686                              OBJECT(get_system_memory()), &error_fatal);
1687     sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
1688     sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, MP_ETH_BASE);
1689     sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0,
1690                        qdev_get_gpio_in(pic, MP_ETH_IRQ));
1691 
1692     sysbus_create_simple("mv88w8618_wlan", MP_WLAN_BASE, NULL);
1693 
1694     sysbus_create_simple(TYPE_MUSICPAL_MISC, MP_MISC_BASE, NULL);
1695 
1696     dev = sysbus_create_simple(TYPE_MUSICPAL_GPIO, MP_GPIO_BASE,
1697                                qdev_get_gpio_in(pic, MP_GPIO_IRQ));
1698     i2c_dev = sysbus_create_simple("gpio_i2c", -1, NULL);
1699     i2c = (I2CBus *)qdev_get_child_bus(i2c_dev, "i2c");
1700 
1701     lcd_dev = sysbus_create_simple(TYPE_MUSICPAL_LCD, MP_LCD_BASE, NULL);
1702     key_dev = sysbus_create_simple(TYPE_MUSICPAL_KEY, -1, NULL);
1703 
1704     /* I2C read data */
1705     qdev_connect_gpio_out(i2c_dev, 0,
1706                           qdev_get_gpio_in(dev, MP_GPIO_I2C_DATA_BIT));
1707     /* I2C data */
1708     qdev_connect_gpio_out(dev, 3, qdev_get_gpio_in(i2c_dev, 0));
1709     /* I2C clock */
1710     qdev_connect_gpio_out(dev, 4, qdev_get_gpio_in(i2c_dev, 1));
1711 
1712     for (i = 0; i < 3; i++) {
1713         qdev_connect_gpio_out(dev, i, qdev_get_gpio_in(lcd_dev, i));
1714     }
1715     for (i = 0; i < 4; i++) {
1716         qdev_connect_gpio_out(key_dev, i, qdev_get_gpio_in(dev, i + 8));
1717     }
1718     for (i = 4; i < 8; i++) {
1719         qdev_connect_gpio_out(key_dev, i, qdev_get_gpio_in(dev, i + 15));
1720     }
1721 
1722     wm8750_dev = i2c_slave_create_simple(i2c, TYPE_WM8750, MP_WM_ADDR);
1723     dev = qdev_new(TYPE_MV88W8618_AUDIO);
1724     s = SYS_BUS_DEVICE(dev);
1725     object_property_set_link(OBJECT(dev), "wm8750", OBJECT(wm8750_dev),
1726                              NULL);
1727     sysbus_realize_and_unref(s, &error_fatal);
1728     sysbus_mmio_map(s, 0, MP_AUDIO_BASE);
1729     sysbus_connect_irq(s, 0, qdev_get_gpio_in(pic, MP_AUDIO_IRQ));
1730 
1731     musicpal_binfo.ram_size = MP_RAM_DEFAULT_SIZE;
1732     arm_load_kernel(cpu, machine, &musicpal_binfo);
1733 }
1734 
1735 static void musicpal_machine_init(MachineClass *mc)
1736 {
1737     mc->desc = "Marvell 88w8618 / MusicPal (ARM926EJ-S)";
1738     mc->init = musicpal_init;
1739     mc->ignore_memory_transaction_failures = true;
1740     mc->default_cpu_type = ARM_CPU_TYPE_NAME("arm926");
1741     mc->default_ram_size = MP_RAM_DEFAULT_SIZE;
1742     mc->default_ram_id = "musicpal.ram";
1743 }
1744 
1745 DEFINE_MACHINE("musicpal", musicpal_machine_init)
1746 
1747 static void mv88w8618_wlan_class_init(ObjectClass *klass, void *data)
1748 {
1749     DeviceClass *dc = DEVICE_CLASS(klass);
1750 
1751     dc->realize = mv88w8618_wlan_realize;
1752 }
1753 
1754 static const TypeInfo mv88w8618_wlan_info = {
1755     .name          = "mv88w8618_wlan",
1756     .parent        = TYPE_SYS_BUS_DEVICE,
1757     .instance_size = sizeof(SysBusDevice),
1758     .class_init    = mv88w8618_wlan_class_init,
1759 };
1760 
1761 static void musicpal_register_types(void)
1762 {
1763     type_register_static(&mv88w8618_pic_info);
1764     type_register_static(&mv88w8618_pit_info);
1765     type_register_static(&mv88w8618_flashcfg_info);
1766     type_register_static(&mv88w8618_eth_info);
1767     type_register_static(&mv88w8618_wlan_info);
1768     type_register_static(&musicpal_lcd_info);
1769     type_register_static(&musicpal_gpio_info);
1770     type_register_static(&musicpal_key_info);
1771     type_register_static(&musicpal_misc_info);
1772 }
1773 
1774 type_init(musicpal_register_types)
1775