xref: /openbmc/qemu/hw/arm/omap1.c (revision 52f2b8961409be834abaee5189bff2cc9e372851)
1 /*
2  * TI OMAP processors emulation.
3  *
4  * Copyright (C) 2006-2008 Andrzej Zaborowski  <balrog@zabor.org>
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License as
8  * published by the Free Software Foundation; either version 2 or
9  * (at your option) version 3 of the License.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License along
17  * with this program; if not, see <http://www.gnu.org/licenses/>.
18  */
19 
20 #include "qemu/osdep.h"
21 #include "qemu/error-report.h"
22 #include "qapi/error.h"
23 #include "qemu-common.h"
24 #include "cpu.h"
25 #include "hw/boards.h"
26 #include "hw/hw.h"
27 #include "hw/arm/boot.h"
28 #include "hw/arm/omap.h"
29 #include "sysemu/sysemu.h"
30 #include "hw/arm/soc_dma.h"
31 #include "sysemu/qtest.h"
32 #include "qemu/range.h"
33 #include "hw/sysbus.h"
34 #include "qemu/cutils.h"
35 #include "qemu/bcd.h"
36 
37 static inline void omap_log_badwidth(const char *funcname, hwaddr addr, int sz)
38 {
39     qemu_log_mask(LOG_GUEST_ERROR, "%s: %d-bit register %#08" HWADDR_PRIx "\n",
40                   funcname, 8 * sz, addr);
41 }
42 
43 /* Should signal the TCMI/GPMC */
44 uint32_t omap_badwidth_read8(void *opaque, hwaddr addr)
45 {
46     uint8_t ret;
47 
48     omap_log_badwidth(__func__, addr, 1);
49     cpu_physical_memory_read(addr, &ret, 1);
50     return ret;
51 }
52 
53 void omap_badwidth_write8(void *opaque, hwaddr addr,
54                 uint32_t value)
55 {
56     uint8_t val8 = value;
57 
58     omap_log_badwidth(__func__, addr, 1);
59     cpu_physical_memory_write(addr, &val8, 1);
60 }
61 
62 uint32_t omap_badwidth_read16(void *opaque, hwaddr addr)
63 {
64     uint16_t ret;
65 
66     omap_log_badwidth(__func__, addr, 2);
67     cpu_physical_memory_read(addr, &ret, 2);
68     return ret;
69 }
70 
71 void omap_badwidth_write16(void *opaque, hwaddr addr,
72                 uint32_t value)
73 {
74     uint16_t val16 = value;
75 
76     omap_log_badwidth(__func__, addr, 2);
77     cpu_physical_memory_write(addr, &val16, 2);
78 }
79 
80 uint32_t omap_badwidth_read32(void *opaque, hwaddr addr)
81 {
82     uint32_t ret;
83 
84     omap_log_badwidth(__func__, addr, 4);
85     cpu_physical_memory_read(addr, &ret, 4);
86     return ret;
87 }
88 
89 void omap_badwidth_write32(void *opaque, hwaddr addr,
90                 uint32_t value)
91 {
92     omap_log_badwidth(__func__, addr, 4);
93     cpu_physical_memory_write(addr, &value, 4);
94 }
95 
96 /* MPU OS timers */
97 struct omap_mpu_timer_s {
98     MemoryRegion iomem;
99     qemu_irq irq;
100     omap_clk clk;
101     uint32_t val;
102     int64_t time;
103     QEMUTimer *timer;
104     QEMUBH *tick;
105     int64_t rate;
106     int it_ena;
107 
108     int enable;
109     int ptv;
110     int ar;
111     int st;
112     uint32_t reset_val;
113 };
114 
115 static inline uint32_t omap_timer_read(struct omap_mpu_timer_s *timer)
116 {
117     uint64_t distance = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) - timer->time;
118 
119     if (timer->st && timer->enable && timer->rate)
120         return timer->val - muldiv64(distance >> (timer->ptv + 1),
121                                      timer->rate, NANOSECONDS_PER_SECOND);
122     else
123         return timer->val;
124 }
125 
126 static inline void omap_timer_sync(struct omap_mpu_timer_s *timer)
127 {
128     timer->val = omap_timer_read(timer);
129     timer->time = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
130 }
131 
132 static inline void omap_timer_update(struct omap_mpu_timer_s *timer)
133 {
134     int64_t expires;
135 
136     if (timer->enable && timer->st && timer->rate) {
137         timer->val = timer->reset_val;	/* Should skip this on clk enable */
138         expires = muldiv64((uint64_t) timer->val << (timer->ptv + 1),
139                            NANOSECONDS_PER_SECOND, timer->rate);
140 
141         /* If timer expiry would be sooner than in about 1 ms and
142          * auto-reload isn't set, then fire immediately.  This is a hack
143          * to make systems like PalmOS run in acceptable time.  PalmOS
144          * sets the interval to a very low value and polls the status bit
145          * in a busy loop when it wants to sleep just a couple of CPU
146          * ticks.  */
147         if (expires > (NANOSECONDS_PER_SECOND >> 10) || timer->ar) {
148             timer_mod(timer->timer, timer->time + expires);
149         } else {
150             qemu_bh_schedule(timer->tick);
151         }
152     } else
153         timer_del(timer->timer);
154 }
155 
156 static void omap_timer_fire(void *opaque)
157 {
158     struct omap_mpu_timer_s *timer = opaque;
159 
160     if (!timer->ar) {
161         timer->val = 0;
162         timer->st = 0;
163     }
164 
165     if (timer->it_ena)
166         /* Edge-triggered irq */
167         qemu_irq_pulse(timer->irq);
168 }
169 
170 static void omap_timer_tick(void *opaque)
171 {
172     struct omap_mpu_timer_s *timer = (struct omap_mpu_timer_s *) opaque;
173 
174     omap_timer_sync(timer);
175     omap_timer_fire(timer);
176     omap_timer_update(timer);
177 }
178 
179 static void omap_timer_clk_update(void *opaque, int line, int on)
180 {
181     struct omap_mpu_timer_s *timer = (struct omap_mpu_timer_s *) opaque;
182 
183     omap_timer_sync(timer);
184     timer->rate = on ? omap_clk_getrate(timer->clk) : 0;
185     omap_timer_update(timer);
186 }
187 
188 static void omap_timer_clk_setup(struct omap_mpu_timer_s *timer)
189 {
190     omap_clk_adduser(timer->clk,
191                     qemu_allocate_irq(omap_timer_clk_update, timer, 0));
192     timer->rate = omap_clk_getrate(timer->clk);
193 }
194 
195 static uint64_t omap_mpu_timer_read(void *opaque, hwaddr addr,
196                                     unsigned size)
197 {
198     struct omap_mpu_timer_s *s = (struct omap_mpu_timer_s *) opaque;
199 
200     if (size != 4) {
201         return omap_badwidth_read32(opaque, addr);
202     }
203 
204     switch (addr) {
205     case 0x00:	/* CNTL_TIMER */
206         return (s->enable << 5) | (s->ptv << 2) | (s->ar << 1) | s->st;
207 
208     case 0x04:	/* LOAD_TIM */
209         break;
210 
211     case 0x08:	/* READ_TIM */
212         return omap_timer_read(s);
213     }
214 
215     OMAP_BAD_REG(addr);
216     return 0;
217 }
218 
219 static void omap_mpu_timer_write(void *opaque, hwaddr addr,
220                                  uint64_t value, unsigned size)
221 {
222     struct omap_mpu_timer_s *s = (struct omap_mpu_timer_s *) opaque;
223 
224     if (size != 4) {
225         omap_badwidth_write32(opaque, addr, value);
226         return;
227     }
228 
229     switch (addr) {
230     case 0x00:	/* CNTL_TIMER */
231         omap_timer_sync(s);
232         s->enable = (value >> 5) & 1;
233         s->ptv = (value >> 2) & 7;
234         s->ar = (value >> 1) & 1;
235         s->st = value & 1;
236         omap_timer_update(s);
237         return;
238 
239     case 0x04:	/* LOAD_TIM */
240         s->reset_val = value;
241         return;
242 
243     case 0x08:	/* READ_TIM */
244         OMAP_RO_REG(addr);
245         break;
246 
247     default:
248         OMAP_BAD_REG(addr);
249     }
250 }
251 
252 static const MemoryRegionOps omap_mpu_timer_ops = {
253     .read = omap_mpu_timer_read,
254     .write = omap_mpu_timer_write,
255     .endianness = DEVICE_LITTLE_ENDIAN,
256 };
257 
258 static void omap_mpu_timer_reset(struct omap_mpu_timer_s *s)
259 {
260     timer_del(s->timer);
261     s->enable = 0;
262     s->reset_val = 31337;
263     s->val = 0;
264     s->ptv = 0;
265     s->ar = 0;
266     s->st = 0;
267     s->it_ena = 1;
268 }
269 
270 static struct omap_mpu_timer_s *omap_mpu_timer_init(MemoryRegion *system_memory,
271                 hwaddr base,
272                 qemu_irq irq, omap_clk clk)
273 {
274     struct omap_mpu_timer_s *s = g_new0(struct omap_mpu_timer_s, 1);
275 
276     s->irq = irq;
277     s->clk = clk;
278     s->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, omap_timer_tick, s);
279     s->tick = qemu_bh_new(omap_timer_fire, s);
280     omap_mpu_timer_reset(s);
281     omap_timer_clk_setup(s);
282 
283     memory_region_init_io(&s->iomem, NULL, &omap_mpu_timer_ops, s,
284                           "omap-mpu-timer", 0x100);
285 
286     memory_region_add_subregion(system_memory, base, &s->iomem);
287 
288     return s;
289 }
290 
291 /* Watchdog timer */
292 struct omap_watchdog_timer_s {
293     struct omap_mpu_timer_s timer;
294     MemoryRegion iomem;
295     uint8_t last_wr;
296     int mode;
297     int free;
298     int reset;
299 };
300 
301 static uint64_t omap_wd_timer_read(void *opaque, hwaddr addr,
302                                    unsigned size)
303 {
304     struct omap_watchdog_timer_s *s = (struct omap_watchdog_timer_s *) opaque;
305 
306     if (size != 2) {
307         return omap_badwidth_read16(opaque, addr);
308     }
309 
310     switch (addr) {
311     case 0x00:	/* CNTL_TIMER */
312         return (s->timer.ptv << 9) | (s->timer.ar << 8) |
313                 (s->timer.st << 7) | (s->free << 1);
314 
315     case 0x04:	/* READ_TIMER */
316         return omap_timer_read(&s->timer);
317 
318     case 0x08:	/* TIMER_MODE */
319         return s->mode << 15;
320     }
321 
322     OMAP_BAD_REG(addr);
323     return 0;
324 }
325 
326 static void omap_wd_timer_write(void *opaque, hwaddr addr,
327                                 uint64_t value, unsigned size)
328 {
329     struct omap_watchdog_timer_s *s = (struct omap_watchdog_timer_s *) opaque;
330 
331     if (size != 2) {
332         omap_badwidth_write16(opaque, addr, value);
333         return;
334     }
335 
336     switch (addr) {
337     case 0x00:	/* CNTL_TIMER */
338         omap_timer_sync(&s->timer);
339         s->timer.ptv = (value >> 9) & 7;
340         s->timer.ar = (value >> 8) & 1;
341         s->timer.st = (value >> 7) & 1;
342         s->free = (value >> 1) & 1;
343         omap_timer_update(&s->timer);
344         break;
345 
346     case 0x04:	/* LOAD_TIMER */
347         s->timer.reset_val = value & 0xffff;
348         break;
349 
350     case 0x08:	/* TIMER_MODE */
351         if (!s->mode && ((value >> 15) & 1))
352             omap_clk_get(s->timer.clk);
353         s->mode |= (value >> 15) & 1;
354         if (s->last_wr == 0xf5) {
355             if ((value & 0xff) == 0xa0) {
356                 if (s->mode) {
357                     s->mode = 0;
358                     omap_clk_put(s->timer.clk);
359                 }
360             } else {
361                 /* XXX: on T|E hardware somehow this has no effect,
362                  * on Zire 71 it works as specified.  */
363                 s->reset = 1;
364                 qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET);
365             }
366         }
367         s->last_wr = value & 0xff;
368         break;
369 
370     default:
371         OMAP_BAD_REG(addr);
372     }
373 }
374 
375 static const MemoryRegionOps omap_wd_timer_ops = {
376     .read = omap_wd_timer_read,
377     .write = omap_wd_timer_write,
378     .endianness = DEVICE_NATIVE_ENDIAN,
379 };
380 
381 static void omap_wd_timer_reset(struct omap_watchdog_timer_s *s)
382 {
383     timer_del(s->timer.timer);
384     if (!s->mode)
385         omap_clk_get(s->timer.clk);
386     s->mode = 1;
387     s->free = 1;
388     s->reset = 0;
389     s->timer.enable = 1;
390     s->timer.it_ena = 1;
391     s->timer.reset_val = 0xffff;
392     s->timer.val = 0;
393     s->timer.st = 0;
394     s->timer.ptv = 0;
395     s->timer.ar = 0;
396     omap_timer_update(&s->timer);
397 }
398 
399 static struct omap_watchdog_timer_s *omap_wd_timer_init(MemoryRegion *memory,
400                 hwaddr base,
401                 qemu_irq irq, omap_clk clk)
402 {
403     struct omap_watchdog_timer_s *s = g_new0(struct omap_watchdog_timer_s, 1);
404 
405     s->timer.irq = irq;
406     s->timer.clk = clk;
407     s->timer.timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, omap_timer_tick, &s->timer);
408     omap_wd_timer_reset(s);
409     omap_timer_clk_setup(&s->timer);
410 
411     memory_region_init_io(&s->iomem, NULL, &omap_wd_timer_ops, s,
412                           "omap-wd-timer", 0x100);
413     memory_region_add_subregion(memory, base, &s->iomem);
414 
415     return s;
416 }
417 
418 /* 32-kHz timer */
419 struct omap_32khz_timer_s {
420     struct omap_mpu_timer_s timer;
421     MemoryRegion iomem;
422 };
423 
424 static uint64_t omap_os_timer_read(void *opaque, hwaddr addr,
425                                    unsigned size)
426 {
427     struct omap_32khz_timer_s *s = (struct omap_32khz_timer_s *) opaque;
428     int offset = addr & OMAP_MPUI_REG_MASK;
429 
430     if (size != 4) {
431         return omap_badwidth_read32(opaque, addr);
432     }
433 
434     switch (offset) {
435     case 0x00:	/* TVR */
436         return s->timer.reset_val;
437 
438     case 0x04:	/* TCR */
439         return omap_timer_read(&s->timer);
440 
441     case 0x08:	/* CR */
442         return (s->timer.ar << 3) | (s->timer.it_ena << 2) | s->timer.st;
443 
444     default:
445         break;
446     }
447     OMAP_BAD_REG(addr);
448     return 0;
449 }
450 
451 static void omap_os_timer_write(void *opaque, hwaddr addr,
452                                 uint64_t value, unsigned size)
453 {
454     struct omap_32khz_timer_s *s = (struct omap_32khz_timer_s *) opaque;
455     int offset = addr & OMAP_MPUI_REG_MASK;
456 
457     if (size != 4) {
458         omap_badwidth_write32(opaque, addr, value);
459         return;
460     }
461 
462     switch (offset) {
463     case 0x00:	/* TVR */
464         s->timer.reset_val = value & 0x00ffffff;
465         break;
466 
467     case 0x04:	/* TCR */
468         OMAP_RO_REG(addr);
469         break;
470 
471     case 0x08:	/* CR */
472         s->timer.ar = (value >> 3) & 1;
473         s->timer.it_ena = (value >> 2) & 1;
474         if (s->timer.st != (value & 1) || (value & 2)) {
475             omap_timer_sync(&s->timer);
476             s->timer.enable = value & 1;
477             s->timer.st = value & 1;
478             omap_timer_update(&s->timer);
479         }
480         break;
481 
482     default:
483         OMAP_BAD_REG(addr);
484     }
485 }
486 
487 static const MemoryRegionOps omap_os_timer_ops = {
488     .read = omap_os_timer_read,
489     .write = omap_os_timer_write,
490     .endianness = DEVICE_NATIVE_ENDIAN,
491 };
492 
493 static void omap_os_timer_reset(struct omap_32khz_timer_s *s)
494 {
495     timer_del(s->timer.timer);
496     s->timer.enable = 0;
497     s->timer.it_ena = 0;
498     s->timer.reset_val = 0x00ffffff;
499     s->timer.val = 0;
500     s->timer.st = 0;
501     s->timer.ptv = 0;
502     s->timer.ar = 1;
503 }
504 
505 static struct omap_32khz_timer_s *omap_os_timer_init(MemoryRegion *memory,
506                 hwaddr base,
507                 qemu_irq irq, omap_clk clk)
508 {
509     struct omap_32khz_timer_s *s = g_new0(struct omap_32khz_timer_s, 1);
510 
511     s->timer.irq = irq;
512     s->timer.clk = clk;
513     s->timer.timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, omap_timer_tick, &s->timer);
514     omap_os_timer_reset(s);
515     omap_timer_clk_setup(&s->timer);
516 
517     memory_region_init_io(&s->iomem, NULL, &omap_os_timer_ops, s,
518                           "omap-os-timer", 0x800);
519     memory_region_add_subregion(memory, base, &s->iomem);
520 
521     return s;
522 }
523 
524 /* Ultra Low-Power Device Module */
525 static uint64_t omap_ulpd_pm_read(void *opaque, hwaddr addr,
526                                   unsigned size)
527 {
528     struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
529     uint16_t ret;
530 
531     if (size != 2) {
532         return omap_badwidth_read16(opaque, addr);
533     }
534 
535     switch (addr) {
536     case 0x14:	/* IT_STATUS */
537         ret = s->ulpd_pm_regs[addr >> 2];
538         s->ulpd_pm_regs[addr >> 2] = 0;
539         qemu_irq_lower(qdev_get_gpio_in(s->ih[1], OMAP_INT_GAUGE_32K));
540         return ret;
541 
542     case 0x18:	/* Reserved */
543     case 0x1c:	/* Reserved */
544     case 0x20:	/* Reserved */
545     case 0x28:	/* Reserved */
546     case 0x2c:	/* Reserved */
547         OMAP_BAD_REG(addr);
548         /* fall through */
549     case 0x00:	/* COUNTER_32_LSB */
550     case 0x04:	/* COUNTER_32_MSB */
551     case 0x08:	/* COUNTER_HIGH_FREQ_LSB */
552     case 0x0c:	/* COUNTER_HIGH_FREQ_MSB */
553     case 0x10:	/* GAUGING_CTRL */
554     case 0x24:	/* SETUP_ANALOG_CELL3_ULPD1 */
555     case 0x30:	/* CLOCK_CTRL */
556     case 0x34:	/* SOFT_REQ */
557     case 0x38:	/* COUNTER_32_FIQ */
558     case 0x3c:	/* DPLL_CTRL */
559     case 0x40:	/* STATUS_REQ */
560         /* XXX: check clk::usecount state for every clock */
561     case 0x48:	/* LOCL_TIME */
562     case 0x4c:	/* APLL_CTRL */
563     case 0x50:	/* POWER_CTRL */
564         return s->ulpd_pm_regs[addr >> 2];
565     }
566 
567     OMAP_BAD_REG(addr);
568     return 0;
569 }
570 
571 static inline void omap_ulpd_clk_update(struct omap_mpu_state_s *s,
572                 uint16_t diff, uint16_t value)
573 {
574     if (diff & (1 << 4))				/* USB_MCLK_EN */
575         omap_clk_onoff(omap_findclk(s, "usb_clk0"), (value >> 4) & 1);
576     if (diff & (1 << 5))				/* DIS_USB_PVCI_CLK */
577         omap_clk_onoff(omap_findclk(s, "usb_w2fc_ck"), (~value >> 5) & 1);
578 }
579 
580 static inline void omap_ulpd_req_update(struct omap_mpu_state_s *s,
581                 uint16_t diff, uint16_t value)
582 {
583     if (diff & (1 << 0))				/* SOFT_DPLL_REQ */
584         omap_clk_canidle(omap_findclk(s, "dpll4"), (~value >> 0) & 1);
585     if (diff & (1 << 1))				/* SOFT_COM_REQ */
586         omap_clk_canidle(omap_findclk(s, "com_mclk_out"), (~value >> 1) & 1);
587     if (diff & (1 << 2))				/* SOFT_SDW_REQ */
588         omap_clk_canidle(omap_findclk(s, "bt_mclk_out"), (~value >> 2) & 1);
589     if (diff & (1 << 3))				/* SOFT_USB_REQ */
590         omap_clk_canidle(omap_findclk(s, "usb_clk0"), (~value >> 3) & 1);
591 }
592 
593 static void omap_ulpd_pm_write(void *opaque, hwaddr addr,
594                                uint64_t value, unsigned size)
595 {
596     struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
597     int64_t now, ticks;
598     int div, mult;
599     static const int bypass_div[4] = { 1, 2, 4, 4 };
600     uint16_t diff;
601 
602     if (size != 2) {
603         omap_badwidth_write16(opaque, addr, value);
604         return;
605     }
606 
607     switch (addr) {
608     case 0x00:	/* COUNTER_32_LSB */
609     case 0x04:	/* COUNTER_32_MSB */
610     case 0x08:	/* COUNTER_HIGH_FREQ_LSB */
611     case 0x0c:	/* COUNTER_HIGH_FREQ_MSB */
612     case 0x14:	/* IT_STATUS */
613     case 0x40:	/* STATUS_REQ */
614         OMAP_RO_REG(addr);
615         break;
616 
617     case 0x10:	/* GAUGING_CTRL */
618         /* Bits 0 and 1 seem to be confused in the OMAP 310 TRM */
619         if ((s->ulpd_pm_regs[addr >> 2] ^ value) & 1) {
620             now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
621 
622             if (value & 1)
623                 s->ulpd_gauge_start = now;
624             else {
625                 now -= s->ulpd_gauge_start;
626 
627                 /* 32-kHz ticks */
628                 ticks = muldiv64(now, 32768, NANOSECONDS_PER_SECOND);
629                 s->ulpd_pm_regs[0x00 >> 2] = (ticks >>  0) & 0xffff;
630                 s->ulpd_pm_regs[0x04 >> 2] = (ticks >> 16) & 0xffff;
631                 if (ticks >> 32)	/* OVERFLOW_32K */
632                     s->ulpd_pm_regs[0x14 >> 2] |= 1 << 2;
633 
634                 /* High frequency ticks */
635                 ticks = muldiv64(now, 12000000, NANOSECONDS_PER_SECOND);
636                 s->ulpd_pm_regs[0x08 >> 2] = (ticks >>  0) & 0xffff;
637                 s->ulpd_pm_regs[0x0c >> 2] = (ticks >> 16) & 0xffff;
638                 if (ticks >> 32)	/* OVERFLOW_HI_FREQ */
639                     s->ulpd_pm_regs[0x14 >> 2] |= 1 << 1;
640 
641                 s->ulpd_pm_regs[0x14 >> 2] |= 1 << 0;	/* IT_GAUGING */
642                 qemu_irq_raise(qdev_get_gpio_in(s->ih[1], OMAP_INT_GAUGE_32K));
643             }
644         }
645         s->ulpd_pm_regs[addr >> 2] = value;
646         break;
647 
648     case 0x18:	/* Reserved */
649     case 0x1c:	/* Reserved */
650     case 0x20:	/* Reserved */
651     case 0x28:	/* Reserved */
652     case 0x2c:	/* Reserved */
653         OMAP_BAD_REG(addr);
654         /* fall through */
655     case 0x24:	/* SETUP_ANALOG_CELL3_ULPD1 */
656     case 0x38:	/* COUNTER_32_FIQ */
657     case 0x48:	/* LOCL_TIME */
658     case 0x50:	/* POWER_CTRL */
659         s->ulpd_pm_regs[addr >> 2] = value;
660         break;
661 
662     case 0x30:	/* CLOCK_CTRL */
663         diff = s->ulpd_pm_regs[addr >> 2] ^ value;
664         s->ulpd_pm_regs[addr >> 2] = value & 0x3f;
665         omap_ulpd_clk_update(s, diff, value);
666         break;
667 
668     case 0x34:	/* SOFT_REQ */
669         diff = s->ulpd_pm_regs[addr >> 2] ^ value;
670         s->ulpd_pm_regs[addr >> 2] = value & 0x1f;
671         omap_ulpd_req_update(s, diff, value);
672         break;
673 
674     case 0x3c:	/* DPLL_CTRL */
675         /* XXX: OMAP310 TRM claims bit 3 is PLL_ENABLE, and bit 4 is
676          * omitted altogether, probably a typo.  */
677         /* This register has identical semantics with DPLL(1:3) control
678          * registers, see omap_dpll_write() */
679         diff = s->ulpd_pm_regs[addr >> 2] & value;
680         s->ulpd_pm_regs[addr >> 2] = value & 0x2fff;
681         if (diff & (0x3ff << 2)) {
682             if (value & (1 << 4)) {			/* PLL_ENABLE */
683                 div = ((value >> 5) & 3) + 1;		/* PLL_DIV */
684                 mult = MIN((value >> 7) & 0x1f, 1);	/* PLL_MULT */
685             } else {
686                 div = bypass_div[((value >> 2) & 3)];	/* BYPASS_DIV */
687                 mult = 1;
688             }
689             omap_clk_setrate(omap_findclk(s, "dpll4"), div, mult);
690         }
691 
692         /* Enter the desired mode.  */
693         s->ulpd_pm_regs[addr >> 2] =
694                 (s->ulpd_pm_regs[addr >> 2] & 0xfffe) |
695                 ((s->ulpd_pm_regs[addr >> 2] >> 4) & 1);
696 
697         /* Act as if the lock is restored.  */
698         s->ulpd_pm_regs[addr >> 2] |= 2;
699         break;
700 
701     case 0x4c:	/* APLL_CTRL */
702         diff = s->ulpd_pm_regs[addr >> 2] & value;
703         s->ulpd_pm_regs[addr >> 2] = value & 0xf;
704         if (diff & (1 << 0))				/* APLL_NDPLL_SWITCH */
705             omap_clk_reparent(omap_findclk(s, "ck_48m"), omap_findclk(s,
706                                     (value & (1 << 0)) ? "apll" : "dpll4"));
707         break;
708 
709     default:
710         OMAP_BAD_REG(addr);
711     }
712 }
713 
714 static const MemoryRegionOps omap_ulpd_pm_ops = {
715     .read = omap_ulpd_pm_read,
716     .write = omap_ulpd_pm_write,
717     .endianness = DEVICE_NATIVE_ENDIAN,
718 };
719 
720 static void omap_ulpd_pm_reset(struct omap_mpu_state_s *mpu)
721 {
722     mpu->ulpd_pm_regs[0x00 >> 2] = 0x0001;
723     mpu->ulpd_pm_regs[0x04 >> 2] = 0x0000;
724     mpu->ulpd_pm_regs[0x08 >> 2] = 0x0001;
725     mpu->ulpd_pm_regs[0x0c >> 2] = 0x0000;
726     mpu->ulpd_pm_regs[0x10 >> 2] = 0x0000;
727     mpu->ulpd_pm_regs[0x18 >> 2] = 0x01;
728     mpu->ulpd_pm_regs[0x1c >> 2] = 0x01;
729     mpu->ulpd_pm_regs[0x20 >> 2] = 0x01;
730     mpu->ulpd_pm_regs[0x24 >> 2] = 0x03ff;
731     mpu->ulpd_pm_regs[0x28 >> 2] = 0x01;
732     mpu->ulpd_pm_regs[0x2c >> 2] = 0x01;
733     omap_ulpd_clk_update(mpu, mpu->ulpd_pm_regs[0x30 >> 2], 0x0000);
734     mpu->ulpd_pm_regs[0x30 >> 2] = 0x0000;
735     omap_ulpd_req_update(mpu, mpu->ulpd_pm_regs[0x34 >> 2], 0x0000);
736     mpu->ulpd_pm_regs[0x34 >> 2] = 0x0000;
737     mpu->ulpd_pm_regs[0x38 >> 2] = 0x0001;
738     mpu->ulpd_pm_regs[0x3c >> 2] = 0x2211;
739     mpu->ulpd_pm_regs[0x40 >> 2] = 0x0000; /* FIXME: dump a real STATUS_REQ */
740     mpu->ulpd_pm_regs[0x48 >> 2] = 0x960;
741     mpu->ulpd_pm_regs[0x4c >> 2] = 0x08;
742     mpu->ulpd_pm_regs[0x50 >> 2] = 0x08;
743     omap_clk_setrate(omap_findclk(mpu, "dpll4"), 1, 4);
744     omap_clk_reparent(omap_findclk(mpu, "ck_48m"), omap_findclk(mpu, "dpll4"));
745 }
746 
747 static void omap_ulpd_pm_init(MemoryRegion *system_memory,
748                 hwaddr base,
749                 struct omap_mpu_state_s *mpu)
750 {
751     memory_region_init_io(&mpu->ulpd_pm_iomem, NULL, &omap_ulpd_pm_ops, mpu,
752                           "omap-ulpd-pm", 0x800);
753     memory_region_add_subregion(system_memory, base, &mpu->ulpd_pm_iomem);
754     omap_ulpd_pm_reset(mpu);
755 }
756 
757 /* OMAP Pin Configuration */
758 static uint64_t omap_pin_cfg_read(void *opaque, hwaddr addr,
759                                   unsigned size)
760 {
761     struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
762 
763     if (size != 4) {
764         return omap_badwidth_read32(opaque, addr);
765     }
766 
767     switch (addr) {
768     case 0x00:	/* FUNC_MUX_CTRL_0 */
769     case 0x04:	/* FUNC_MUX_CTRL_1 */
770     case 0x08:	/* FUNC_MUX_CTRL_2 */
771         return s->func_mux_ctrl[addr >> 2];
772 
773     case 0x0c:	/* COMP_MODE_CTRL_0 */
774         return s->comp_mode_ctrl[0];
775 
776     case 0x10:	/* FUNC_MUX_CTRL_3 */
777     case 0x14:	/* FUNC_MUX_CTRL_4 */
778     case 0x18:	/* FUNC_MUX_CTRL_5 */
779     case 0x1c:	/* FUNC_MUX_CTRL_6 */
780     case 0x20:	/* FUNC_MUX_CTRL_7 */
781     case 0x24:	/* FUNC_MUX_CTRL_8 */
782     case 0x28:	/* FUNC_MUX_CTRL_9 */
783     case 0x2c:	/* FUNC_MUX_CTRL_A */
784     case 0x30:	/* FUNC_MUX_CTRL_B */
785     case 0x34:	/* FUNC_MUX_CTRL_C */
786     case 0x38:	/* FUNC_MUX_CTRL_D */
787         return s->func_mux_ctrl[(addr >> 2) - 1];
788 
789     case 0x40:	/* PULL_DWN_CTRL_0 */
790     case 0x44:	/* PULL_DWN_CTRL_1 */
791     case 0x48:	/* PULL_DWN_CTRL_2 */
792     case 0x4c:	/* PULL_DWN_CTRL_3 */
793         return s->pull_dwn_ctrl[(addr & 0xf) >> 2];
794 
795     case 0x50:	/* GATE_INH_CTRL_0 */
796         return s->gate_inh_ctrl[0];
797 
798     case 0x60:	/* VOLTAGE_CTRL_0 */
799         return s->voltage_ctrl[0];
800 
801     case 0x70:	/* TEST_DBG_CTRL_0 */
802         return s->test_dbg_ctrl[0];
803 
804     case 0x80:	/* MOD_CONF_CTRL_0 */
805         return s->mod_conf_ctrl[0];
806     }
807 
808     OMAP_BAD_REG(addr);
809     return 0;
810 }
811 
812 static inline void omap_pin_funcmux0_update(struct omap_mpu_state_s *s,
813                 uint32_t diff, uint32_t value)
814 {
815     if (s->compat1509) {
816         if (diff & (1 << 9))			/* BLUETOOTH */
817             omap_clk_onoff(omap_findclk(s, "bt_mclk_out"),
818                             (~value >> 9) & 1);
819         if (diff & (1 << 7))			/* USB.CLKO */
820             omap_clk_onoff(omap_findclk(s, "usb.clko"),
821                             (value >> 7) & 1);
822     }
823 }
824 
825 static inline void omap_pin_funcmux1_update(struct omap_mpu_state_s *s,
826                 uint32_t diff, uint32_t value)
827 {
828     if (s->compat1509) {
829         if (diff & (1U << 31)) {
830             /* MCBSP3_CLK_HIZ_DI */
831             omap_clk_onoff(omap_findclk(s, "mcbsp3.clkx"), (value >> 31) & 1);
832         }
833         if (diff & (1 << 1)) {
834             /* CLK32K */
835             omap_clk_onoff(omap_findclk(s, "clk32k_out"), (~value >> 1) & 1);
836         }
837     }
838 }
839 
840 static inline void omap_pin_modconf1_update(struct omap_mpu_state_s *s,
841                 uint32_t diff, uint32_t value)
842 {
843     if (diff & (1U << 31)) {
844         /* CONF_MOD_UART3_CLK_MODE_R */
845         omap_clk_reparent(omap_findclk(s, "uart3_ck"),
846                           omap_findclk(s, ((value >> 31) & 1) ?
847                                        "ck_48m" : "armper_ck"));
848     }
849     if (diff & (1 << 30))			/* CONF_MOD_UART2_CLK_MODE_R */
850          omap_clk_reparent(omap_findclk(s, "uart2_ck"),
851                          omap_findclk(s, ((value >> 30) & 1) ?
852                                  "ck_48m" : "armper_ck"));
853     if (diff & (1 << 29))			/* CONF_MOD_UART1_CLK_MODE_R */
854          omap_clk_reparent(omap_findclk(s, "uart1_ck"),
855                          omap_findclk(s, ((value >> 29) & 1) ?
856                                  "ck_48m" : "armper_ck"));
857     if (diff & (1 << 23))			/* CONF_MOD_MMC_SD_CLK_REQ_R */
858          omap_clk_reparent(omap_findclk(s, "mmc_ck"),
859                          omap_findclk(s, ((value >> 23) & 1) ?
860                                  "ck_48m" : "armper_ck"));
861     if (diff & (1 << 12))			/* CONF_MOD_COM_MCLK_12_48_S */
862          omap_clk_reparent(omap_findclk(s, "com_mclk_out"),
863                          omap_findclk(s, ((value >> 12) & 1) ?
864                                  "ck_48m" : "armper_ck"));
865     if (diff & (1 << 9))			/* CONF_MOD_USB_HOST_HHC_UHO */
866          omap_clk_onoff(omap_findclk(s, "usb_hhc_ck"), (value >> 9) & 1);
867 }
868 
869 static void omap_pin_cfg_write(void *opaque, hwaddr addr,
870                                uint64_t value, unsigned size)
871 {
872     struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
873     uint32_t diff;
874 
875     if (size != 4) {
876         omap_badwidth_write32(opaque, addr, value);
877         return;
878     }
879 
880     switch (addr) {
881     case 0x00:	/* FUNC_MUX_CTRL_0 */
882         diff = s->func_mux_ctrl[addr >> 2] ^ value;
883         s->func_mux_ctrl[addr >> 2] = value;
884         omap_pin_funcmux0_update(s, diff, value);
885         return;
886 
887     case 0x04:	/* FUNC_MUX_CTRL_1 */
888         diff = s->func_mux_ctrl[addr >> 2] ^ value;
889         s->func_mux_ctrl[addr >> 2] = value;
890         omap_pin_funcmux1_update(s, diff, value);
891         return;
892 
893     case 0x08:	/* FUNC_MUX_CTRL_2 */
894         s->func_mux_ctrl[addr >> 2] = value;
895         return;
896 
897     case 0x0c:	/* COMP_MODE_CTRL_0 */
898         s->comp_mode_ctrl[0] = value;
899         s->compat1509 = (value != 0x0000eaef);
900         omap_pin_funcmux0_update(s, ~0, s->func_mux_ctrl[0]);
901         omap_pin_funcmux1_update(s, ~0, s->func_mux_ctrl[1]);
902         return;
903 
904     case 0x10:	/* FUNC_MUX_CTRL_3 */
905     case 0x14:	/* FUNC_MUX_CTRL_4 */
906     case 0x18:	/* FUNC_MUX_CTRL_5 */
907     case 0x1c:	/* FUNC_MUX_CTRL_6 */
908     case 0x20:	/* FUNC_MUX_CTRL_7 */
909     case 0x24:	/* FUNC_MUX_CTRL_8 */
910     case 0x28:	/* FUNC_MUX_CTRL_9 */
911     case 0x2c:	/* FUNC_MUX_CTRL_A */
912     case 0x30:	/* FUNC_MUX_CTRL_B */
913     case 0x34:	/* FUNC_MUX_CTRL_C */
914     case 0x38:	/* FUNC_MUX_CTRL_D */
915         s->func_mux_ctrl[(addr >> 2) - 1] = value;
916         return;
917 
918     case 0x40:	/* PULL_DWN_CTRL_0 */
919     case 0x44:	/* PULL_DWN_CTRL_1 */
920     case 0x48:	/* PULL_DWN_CTRL_2 */
921     case 0x4c:	/* PULL_DWN_CTRL_3 */
922         s->pull_dwn_ctrl[(addr & 0xf) >> 2] = value;
923         return;
924 
925     case 0x50:	/* GATE_INH_CTRL_0 */
926         s->gate_inh_ctrl[0] = value;
927         return;
928 
929     case 0x60:	/* VOLTAGE_CTRL_0 */
930         s->voltage_ctrl[0] = value;
931         return;
932 
933     case 0x70:	/* TEST_DBG_CTRL_0 */
934         s->test_dbg_ctrl[0] = value;
935         return;
936 
937     case 0x80:	/* MOD_CONF_CTRL_0 */
938         diff = s->mod_conf_ctrl[0] ^ value;
939         s->mod_conf_ctrl[0] = value;
940         omap_pin_modconf1_update(s, diff, value);
941         return;
942 
943     default:
944         OMAP_BAD_REG(addr);
945     }
946 }
947 
948 static const MemoryRegionOps omap_pin_cfg_ops = {
949     .read = omap_pin_cfg_read,
950     .write = omap_pin_cfg_write,
951     .endianness = DEVICE_NATIVE_ENDIAN,
952 };
953 
954 static void omap_pin_cfg_reset(struct omap_mpu_state_s *mpu)
955 {
956     /* Start in Compatibility Mode.  */
957     mpu->compat1509 = 1;
958     omap_pin_funcmux0_update(mpu, mpu->func_mux_ctrl[0], 0);
959     omap_pin_funcmux1_update(mpu, mpu->func_mux_ctrl[1], 0);
960     omap_pin_modconf1_update(mpu, mpu->mod_conf_ctrl[0], 0);
961     memset(mpu->func_mux_ctrl, 0, sizeof(mpu->func_mux_ctrl));
962     memset(mpu->comp_mode_ctrl, 0, sizeof(mpu->comp_mode_ctrl));
963     memset(mpu->pull_dwn_ctrl, 0, sizeof(mpu->pull_dwn_ctrl));
964     memset(mpu->gate_inh_ctrl, 0, sizeof(mpu->gate_inh_ctrl));
965     memset(mpu->voltage_ctrl, 0, sizeof(mpu->voltage_ctrl));
966     memset(mpu->test_dbg_ctrl, 0, sizeof(mpu->test_dbg_ctrl));
967     memset(mpu->mod_conf_ctrl, 0, sizeof(mpu->mod_conf_ctrl));
968 }
969 
970 static void omap_pin_cfg_init(MemoryRegion *system_memory,
971                 hwaddr base,
972                 struct omap_mpu_state_s *mpu)
973 {
974     memory_region_init_io(&mpu->pin_cfg_iomem, NULL, &omap_pin_cfg_ops, mpu,
975                           "omap-pin-cfg", 0x800);
976     memory_region_add_subregion(system_memory, base, &mpu->pin_cfg_iomem);
977     omap_pin_cfg_reset(mpu);
978 }
979 
980 /* Device Identification, Die Identification */
981 static uint64_t omap_id_read(void *opaque, hwaddr addr,
982                              unsigned size)
983 {
984     struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
985 
986     if (size != 4) {
987         return omap_badwidth_read32(opaque, addr);
988     }
989 
990     switch (addr) {
991     case 0xfffe1800:	/* DIE_ID_LSB */
992         return 0xc9581f0e;
993     case 0xfffe1804:	/* DIE_ID_MSB */
994         return 0xa8858bfa;
995 
996     case 0xfffe2000:	/* PRODUCT_ID_LSB */
997         return 0x00aaaafc;
998     case 0xfffe2004:	/* PRODUCT_ID_MSB */
999         return 0xcafeb574;
1000 
1001     case 0xfffed400:	/* JTAG_ID_LSB */
1002         switch (s->mpu_model) {
1003         case omap310:
1004             return 0x03310315;
1005         case omap1510:
1006             return 0x03310115;
1007         default:
1008             hw_error("%s: bad mpu model\n", __func__);
1009         }
1010         break;
1011 
1012     case 0xfffed404:	/* JTAG_ID_MSB */
1013         switch (s->mpu_model) {
1014         case omap310:
1015             return 0xfb57402f;
1016         case omap1510:
1017             return 0xfb47002f;
1018         default:
1019             hw_error("%s: bad mpu model\n", __func__);
1020         }
1021         break;
1022     }
1023 
1024     OMAP_BAD_REG(addr);
1025     return 0;
1026 }
1027 
1028 static void omap_id_write(void *opaque, hwaddr addr,
1029                           uint64_t value, unsigned size)
1030 {
1031     if (size != 4) {
1032         omap_badwidth_write32(opaque, addr, value);
1033         return;
1034     }
1035 
1036     OMAP_BAD_REG(addr);
1037 }
1038 
1039 static const MemoryRegionOps omap_id_ops = {
1040     .read = omap_id_read,
1041     .write = omap_id_write,
1042     .endianness = DEVICE_NATIVE_ENDIAN,
1043 };
1044 
1045 static void omap_id_init(MemoryRegion *memory, struct omap_mpu_state_s *mpu)
1046 {
1047     memory_region_init_io(&mpu->id_iomem, NULL, &omap_id_ops, mpu,
1048                           "omap-id", 0x100000000ULL);
1049     memory_region_init_alias(&mpu->id_iomem_e18, NULL, "omap-id-e18", &mpu->id_iomem,
1050                              0xfffe1800, 0x800);
1051     memory_region_add_subregion(memory, 0xfffe1800, &mpu->id_iomem_e18);
1052     memory_region_init_alias(&mpu->id_iomem_ed4, NULL, "omap-id-ed4", &mpu->id_iomem,
1053                              0xfffed400, 0x100);
1054     memory_region_add_subregion(memory, 0xfffed400, &mpu->id_iomem_ed4);
1055     if (!cpu_is_omap15xx(mpu)) {
1056         memory_region_init_alias(&mpu->id_iomem_ed4, NULL, "omap-id-e20",
1057                                  &mpu->id_iomem, 0xfffe2000, 0x800);
1058         memory_region_add_subregion(memory, 0xfffe2000, &mpu->id_iomem_e20);
1059     }
1060 }
1061 
1062 /* MPUI Control (Dummy) */
1063 static uint64_t omap_mpui_read(void *opaque, hwaddr addr,
1064                                unsigned size)
1065 {
1066     struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
1067 
1068     if (size != 4) {
1069         return omap_badwidth_read32(opaque, addr);
1070     }
1071 
1072     switch (addr) {
1073     case 0x00:	/* CTRL */
1074         return s->mpui_ctrl;
1075     case 0x04:	/* DEBUG_ADDR */
1076         return 0x01ffffff;
1077     case 0x08:	/* DEBUG_DATA */
1078         return 0xffffffff;
1079     case 0x0c:	/* DEBUG_FLAG */
1080         return 0x00000800;
1081     case 0x10:	/* STATUS */
1082         return 0x00000000;
1083 
1084     /* Not in OMAP310 */
1085     case 0x14:	/* DSP_STATUS */
1086     case 0x18:	/* DSP_BOOT_CONFIG */
1087         return 0x00000000;
1088     case 0x1c:	/* DSP_MPUI_CONFIG */
1089         return 0x0000ffff;
1090     }
1091 
1092     OMAP_BAD_REG(addr);
1093     return 0;
1094 }
1095 
1096 static void omap_mpui_write(void *opaque, hwaddr addr,
1097                             uint64_t value, unsigned size)
1098 {
1099     struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
1100 
1101     if (size != 4) {
1102         omap_badwidth_write32(opaque, addr, value);
1103         return;
1104     }
1105 
1106     switch (addr) {
1107     case 0x00:	/* CTRL */
1108         s->mpui_ctrl = value & 0x007fffff;
1109         break;
1110 
1111     case 0x04:	/* DEBUG_ADDR */
1112     case 0x08:	/* DEBUG_DATA */
1113     case 0x0c:	/* DEBUG_FLAG */
1114     case 0x10:	/* STATUS */
1115     /* Not in OMAP310 */
1116     case 0x14:	/* DSP_STATUS */
1117         OMAP_RO_REG(addr);
1118         break;
1119     case 0x18:	/* DSP_BOOT_CONFIG */
1120     case 0x1c:	/* DSP_MPUI_CONFIG */
1121         break;
1122 
1123     default:
1124         OMAP_BAD_REG(addr);
1125     }
1126 }
1127 
1128 static const MemoryRegionOps omap_mpui_ops = {
1129     .read = omap_mpui_read,
1130     .write = omap_mpui_write,
1131     .endianness = DEVICE_NATIVE_ENDIAN,
1132 };
1133 
1134 static void omap_mpui_reset(struct omap_mpu_state_s *s)
1135 {
1136     s->mpui_ctrl = 0x0003ff1b;
1137 }
1138 
1139 static void omap_mpui_init(MemoryRegion *memory, hwaddr base,
1140                 struct omap_mpu_state_s *mpu)
1141 {
1142     memory_region_init_io(&mpu->mpui_iomem, NULL, &omap_mpui_ops, mpu,
1143                           "omap-mpui", 0x100);
1144     memory_region_add_subregion(memory, base, &mpu->mpui_iomem);
1145 
1146     omap_mpui_reset(mpu);
1147 }
1148 
1149 /* TIPB Bridges */
1150 struct omap_tipb_bridge_s {
1151     qemu_irq abort;
1152     MemoryRegion iomem;
1153 
1154     int width_intr;
1155     uint16_t control;
1156     uint16_t alloc;
1157     uint16_t buffer;
1158     uint16_t enh_control;
1159 };
1160 
1161 static uint64_t omap_tipb_bridge_read(void *opaque, hwaddr addr,
1162                                       unsigned size)
1163 {
1164     struct omap_tipb_bridge_s *s = (struct omap_tipb_bridge_s *) opaque;
1165 
1166     if (size < 2) {
1167         return omap_badwidth_read16(opaque, addr);
1168     }
1169 
1170     switch (addr) {
1171     case 0x00:	/* TIPB_CNTL */
1172         return s->control;
1173     case 0x04:	/* TIPB_BUS_ALLOC */
1174         return s->alloc;
1175     case 0x08:	/* MPU_TIPB_CNTL */
1176         return s->buffer;
1177     case 0x0c:	/* ENHANCED_TIPB_CNTL */
1178         return s->enh_control;
1179     case 0x10:	/* ADDRESS_DBG */
1180     case 0x14:	/* DATA_DEBUG_LOW */
1181     case 0x18:	/* DATA_DEBUG_HIGH */
1182         return 0xffff;
1183     case 0x1c:	/* DEBUG_CNTR_SIG */
1184         return 0x00f8;
1185     }
1186 
1187     OMAP_BAD_REG(addr);
1188     return 0;
1189 }
1190 
1191 static void omap_tipb_bridge_write(void *opaque, hwaddr addr,
1192                                    uint64_t value, unsigned size)
1193 {
1194     struct omap_tipb_bridge_s *s = (struct omap_tipb_bridge_s *) opaque;
1195 
1196     if (size < 2) {
1197         omap_badwidth_write16(opaque, addr, value);
1198         return;
1199     }
1200 
1201     switch (addr) {
1202     case 0x00:	/* TIPB_CNTL */
1203         s->control = value & 0xffff;
1204         break;
1205 
1206     case 0x04:	/* TIPB_BUS_ALLOC */
1207         s->alloc = value & 0x003f;
1208         break;
1209 
1210     case 0x08:	/* MPU_TIPB_CNTL */
1211         s->buffer = value & 0x0003;
1212         break;
1213 
1214     case 0x0c:	/* ENHANCED_TIPB_CNTL */
1215         s->width_intr = !(value & 2);
1216         s->enh_control = value & 0x000f;
1217         break;
1218 
1219     case 0x10:	/* ADDRESS_DBG */
1220     case 0x14:	/* DATA_DEBUG_LOW */
1221     case 0x18:	/* DATA_DEBUG_HIGH */
1222     case 0x1c:	/* DEBUG_CNTR_SIG */
1223         OMAP_RO_REG(addr);
1224         break;
1225 
1226     default:
1227         OMAP_BAD_REG(addr);
1228     }
1229 }
1230 
1231 static const MemoryRegionOps omap_tipb_bridge_ops = {
1232     .read = omap_tipb_bridge_read,
1233     .write = omap_tipb_bridge_write,
1234     .endianness = DEVICE_NATIVE_ENDIAN,
1235 };
1236 
1237 static void omap_tipb_bridge_reset(struct omap_tipb_bridge_s *s)
1238 {
1239     s->control = 0xffff;
1240     s->alloc = 0x0009;
1241     s->buffer = 0x0000;
1242     s->enh_control = 0x000f;
1243 }
1244 
1245 static struct omap_tipb_bridge_s *omap_tipb_bridge_init(
1246     MemoryRegion *memory, hwaddr base,
1247     qemu_irq abort_irq, omap_clk clk)
1248 {
1249     struct omap_tipb_bridge_s *s = g_new0(struct omap_tipb_bridge_s, 1);
1250 
1251     s->abort = abort_irq;
1252     omap_tipb_bridge_reset(s);
1253 
1254     memory_region_init_io(&s->iomem, NULL, &omap_tipb_bridge_ops, s,
1255                           "omap-tipb-bridge", 0x100);
1256     memory_region_add_subregion(memory, base, &s->iomem);
1257 
1258     return s;
1259 }
1260 
1261 /* Dummy Traffic Controller's Memory Interface */
1262 static uint64_t omap_tcmi_read(void *opaque, hwaddr addr,
1263                                unsigned size)
1264 {
1265     struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
1266     uint32_t ret;
1267 
1268     if (size != 4) {
1269         return omap_badwidth_read32(opaque, addr);
1270     }
1271 
1272     switch (addr) {
1273     case 0x00:	/* IMIF_PRIO */
1274     case 0x04:	/* EMIFS_PRIO */
1275     case 0x08:	/* EMIFF_PRIO */
1276     case 0x0c:	/* EMIFS_CONFIG */
1277     case 0x10:	/* EMIFS_CS0_CONFIG */
1278     case 0x14:	/* EMIFS_CS1_CONFIG */
1279     case 0x18:	/* EMIFS_CS2_CONFIG */
1280     case 0x1c:	/* EMIFS_CS3_CONFIG */
1281     case 0x24:	/* EMIFF_MRS */
1282     case 0x28:	/* TIMEOUT1 */
1283     case 0x2c:	/* TIMEOUT2 */
1284     case 0x30:	/* TIMEOUT3 */
1285     case 0x3c:	/* EMIFF_SDRAM_CONFIG_2 */
1286     case 0x40:	/* EMIFS_CFG_DYN_WAIT */
1287         return s->tcmi_regs[addr >> 2];
1288 
1289     case 0x20:	/* EMIFF_SDRAM_CONFIG */
1290         ret = s->tcmi_regs[addr >> 2];
1291         s->tcmi_regs[addr >> 2] &= ~1; /* XXX: Clear SLRF on SDRAM access */
1292         /* XXX: We can try using the VGA_DIRTY flag for this */
1293         return ret;
1294     }
1295 
1296     OMAP_BAD_REG(addr);
1297     return 0;
1298 }
1299 
1300 static void omap_tcmi_write(void *opaque, hwaddr addr,
1301                             uint64_t value, unsigned size)
1302 {
1303     struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
1304 
1305     if (size != 4) {
1306         omap_badwidth_write32(opaque, addr, value);
1307         return;
1308     }
1309 
1310     switch (addr) {
1311     case 0x00:	/* IMIF_PRIO */
1312     case 0x04:	/* EMIFS_PRIO */
1313     case 0x08:	/* EMIFF_PRIO */
1314     case 0x10:	/* EMIFS_CS0_CONFIG */
1315     case 0x14:	/* EMIFS_CS1_CONFIG */
1316     case 0x18:	/* EMIFS_CS2_CONFIG */
1317     case 0x1c:	/* EMIFS_CS3_CONFIG */
1318     case 0x20:	/* EMIFF_SDRAM_CONFIG */
1319     case 0x24:	/* EMIFF_MRS */
1320     case 0x28:	/* TIMEOUT1 */
1321     case 0x2c:	/* TIMEOUT2 */
1322     case 0x30:	/* TIMEOUT3 */
1323     case 0x3c:	/* EMIFF_SDRAM_CONFIG_2 */
1324     case 0x40:	/* EMIFS_CFG_DYN_WAIT */
1325         s->tcmi_regs[addr >> 2] = value;
1326         break;
1327     case 0x0c:	/* EMIFS_CONFIG */
1328         s->tcmi_regs[addr >> 2] = (value & 0xf) | (1 << 4);
1329         break;
1330 
1331     default:
1332         OMAP_BAD_REG(addr);
1333     }
1334 }
1335 
1336 static const MemoryRegionOps omap_tcmi_ops = {
1337     .read = omap_tcmi_read,
1338     .write = omap_tcmi_write,
1339     .endianness = DEVICE_NATIVE_ENDIAN,
1340 };
1341 
1342 static void omap_tcmi_reset(struct omap_mpu_state_s *mpu)
1343 {
1344     mpu->tcmi_regs[0x00 >> 2] = 0x00000000;
1345     mpu->tcmi_regs[0x04 >> 2] = 0x00000000;
1346     mpu->tcmi_regs[0x08 >> 2] = 0x00000000;
1347     mpu->tcmi_regs[0x0c >> 2] = 0x00000010;
1348     mpu->tcmi_regs[0x10 >> 2] = 0x0010fffb;
1349     mpu->tcmi_regs[0x14 >> 2] = 0x0010fffb;
1350     mpu->tcmi_regs[0x18 >> 2] = 0x0010fffb;
1351     mpu->tcmi_regs[0x1c >> 2] = 0x0010fffb;
1352     mpu->tcmi_regs[0x20 >> 2] = 0x00618800;
1353     mpu->tcmi_regs[0x24 >> 2] = 0x00000037;
1354     mpu->tcmi_regs[0x28 >> 2] = 0x00000000;
1355     mpu->tcmi_regs[0x2c >> 2] = 0x00000000;
1356     mpu->tcmi_regs[0x30 >> 2] = 0x00000000;
1357     mpu->tcmi_regs[0x3c >> 2] = 0x00000003;
1358     mpu->tcmi_regs[0x40 >> 2] = 0x00000000;
1359 }
1360 
1361 static void omap_tcmi_init(MemoryRegion *memory, hwaddr base,
1362                 struct omap_mpu_state_s *mpu)
1363 {
1364     memory_region_init_io(&mpu->tcmi_iomem, NULL, &omap_tcmi_ops, mpu,
1365                           "omap-tcmi", 0x100);
1366     memory_region_add_subregion(memory, base, &mpu->tcmi_iomem);
1367     omap_tcmi_reset(mpu);
1368 }
1369 
1370 /* Digital phase-locked loops control */
1371 struct dpll_ctl_s {
1372     MemoryRegion iomem;
1373     uint16_t mode;
1374     omap_clk dpll;
1375 };
1376 
1377 static uint64_t omap_dpll_read(void *opaque, hwaddr addr,
1378                                unsigned size)
1379 {
1380     struct dpll_ctl_s *s = (struct dpll_ctl_s *) opaque;
1381 
1382     if (size != 2) {
1383         return omap_badwidth_read16(opaque, addr);
1384     }
1385 
1386     if (addr == 0x00)	/* CTL_REG */
1387         return s->mode;
1388 
1389     OMAP_BAD_REG(addr);
1390     return 0;
1391 }
1392 
1393 static void omap_dpll_write(void *opaque, hwaddr addr,
1394                             uint64_t value, unsigned size)
1395 {
1396     struct dpll_ctl_s *s = (struct dpll_ctl_s *) opaque;
1397     uint16_t diff;
1398     static const int bypass_div[4] = { 1, 2, 4, 4 };
1399     int div, mult;
1400 
1401     if (size != 2) {
1402         omap_badwidth_write16(opaque, addr, value);
1403         return;
1404     }
1405 
1406     if (addr == 0x00) {	/* CTL_REG */
1407         /* See omap_ulpd_pm_write() too */
1408         diff = s->mode & value;
1409         s->mode = value & 0x2fff;
1410         if (diff & (0x3ff << 2)) {
1411             if (value & (1 << 4)) {			/* PLL_ENABLE */
1412                 div = ((value >> 5) & 3) + 1;		/* PLL_DIV */
1413                 mult = MIN((value >> 7) & 0x1f, 1);	/* PLL_MULT */
1414             } else {
1415                 div = bypass_div[((value >> 2) & 3)];	/* BYPASS_DIV */
1416                 mult = 1;
1417             }
1418             omap_clk_setrate(s->dpll, div, mult);
1419         }
1420 
1421         /* Enter the desired mode.  */
1422         s->mode = (s->mode & 0xfffe) | ((s->mode >> 4) & 1);
1423 
1424         /* Act as if the lock is restored.  */
1425         s->mode |= 2;
1426     } else {
1427         OMAP_BAD_REG(addr);
1428     }
1429 }
1430 
1431 static const MemoryRegionOps omap_dpll_ops = {
1432     .read = omap_dpll_read,
1433     .write = omap_dpll_write,
1434     .endianness = DEVICE_NATIVE_ENDIAN,
1435 };
1436 
1437 static void omap_dpll_reset(struct dpll_ctl_s *s)
1438 {
1439     s->mode = 0x2002;
1440     omap_clk_setrate(s->dpll, 1, 1);
1441 }
1442 
1443 static struct dpll_ctl_s  *omap_dpll_init(MemoryRegion *memory,
1444                            hwaddr base, omap_clk clk)
1445 {
1446     struct dpll_ctl_s *s = g_malloc0(sizeof(*s));
1447     memory_region_init_io(&s->iomem, NULL, &omap_dpll_ops, s, "omap-dpll", 0x100);
1448 
1449     s->dpll = clk;
1450     omap_dpll_reset(s);
1451 
1452     memory_region_add_subregion(memory, base, &s->iomem);
1453     return s;
1454 }
1455 
1456 /* MPU Clock/Reset/Power Mode Control */
1457 static uint64_t omap_clkm_read(void *opaque, hwaddr addr,
1458                                unsigned size)
1459 {
1460     struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
1461 
1462     if (size != 2) {
1463         return omap_badwidth_read16(opaque, addr);
1464     }
1465 
1466     switch (addr) {
1467     case 0x00:	/* ARM_CKCTL */
1468         return s->clkm.arm_ckctl;
1469 
1470     case 0x04:	/* ARM_IDLECT1 */
1471         return s->clkm.arm_idlect1;
1472 
1473     case 0x08:	/* ARM_IDLECT2 */
1474         return s->clkm.arm_idlect2;
1475 
1476     case 0x0c:	/* ARM_EWUPCT */
1477         return s->clkm.arm_ewupct;
1478 
1479     case 0x10:	/* ARM_RSTCT1 */
1480         return s->clkm.arm_rstct1;
1481 
1482     case 0x14:	/* ARM_RSTCT2 */
1483         return s->clkm.arm_rstct2;
1484 
1485     case 0x18:	/* ARM_SYSST */
1486         return (s->clkm.clocking_scheme << 11) | s->clkm.cold_start;
1487 
1488     case 0x1c:	/* ARM_CKOUT1 */
1489         return s->clkm.arm_ckout1;
1490 
1491     case 0x20:	/* ARM_CKOUT2 */
1492         break;
1493     }
1494 
1495     OMAP_BAD_REG(addr);
1496     return 0;
1497 }
1498 
1499 static inline void omap_clkm_ckctl_update(struct omap_mpu_state_s *s,
1500                 uint16_t diff, uint16_t value)
1501 {
1502     omap_clk clk;
1503 
1504     if (diff & (1 << 14)) {				/* ARM_INTHCK_SEL */
1505         if (value & (1 << 14))
1506             /* Reserved */;
1507         else {
1508             clk = omap_findclk(s, "arminth_ck");
1509             omap_clk_reparent(clk, omap_findclk(s, "tc_ck"));
1510         }
1511     }
1512     if (diff & (1 << 12)) {				/* ARM_TIMXO */
1513         clk = omap_findclk(s, "armtim_ck");
1514         if (value & (1 << 12))
1515             omap_clk_reparent(clk, omap_findclk(s, "clkin"));
1516         else
1517             omap_clk_reparent(clk, omap_findclk(s, "ck_gen1"));
1518     }
1519     /* XXX: en_dspck */
1520     if (diff & (3 << 10)) {				/* DSPMMUDIV */
1521         clk = omap_findclk(s, "dspmmu_ck");
1522         omap_clk_setrate(clk, 1 << ((value >> 10) & 3), 1);
1523     }
1524     if (diff & (3 << 8)) {				/* TCDIV */
1525         clk = omap_findclk(s, "tc_ck");
1526         omap_clk_setrate(clk, 1 << ((value >> 8) & 3), 1);
1527     }
1528     if (diff & (3 << 6)) {				/* DSPDIV */
1529         clk = omap_findclk(s, "dsp_ck");
1530         omap_clk_setrate(clk, 1 << ((value >> 6) & 3), 1);
1531     }
1532     if (diff & (3 << 4)) {				/* ARMDIV */
1533         clk = omap_findclk(s, "arm_ck");
1534         omap_clk_setrate(clk, 1 << ((value >> 4) & 3), 1);
1535     }
1536     if (diff & (3 << 2)) {				/* LCDDIV */
1537         clk = omap_findclk(s, "lcd_ck");
1538         omap_clk_setrate(clk, 1 << ((value >> 2) & 3), 1);
1539     }
1540     if (diff & (3 << 0)) {				/* PERDIV */
1541         clk = omap_findclk(s, "armper_ck");
1542         omap_clk_setrate(clk, 1 << ((value >> 0) & 3), 1);
1543     }
1544 }
1545 
1546 static inline void omap_clkm_idlect1_update(struct omap_mpu_state_s *s,
1547                 uint16_t diff, uint16_t value)
1548 {
1549     omap_clk clk;
1550 
1551     if (value & (1 << 11)) {                            /* SETARM_IDLE */
1552         cpu_interrupt(CPU(s->cpu), CPU_INTERRUPT_HALT);
1553     }
1554     if (!(value & (1 << 10))) {                         /* WKUP_MODE */
1555         /* XXX: disable wakeup from IRQ */
1556         qemu_system_shutdown_request(SHUTDOWN_CAUSE_GUEST_SHUTDOWN);
1557     }
1558 
1559 #define SET_CANIDLE(clock, bit)				\
1560     if (diff & (1 << bit)) {				\
1561         clk = omap_findclk(s, clock);			\
1562         omap_clk_canidle(clk, (value >> bit) & 1);	\
1563     }
1564     SET_CANIDLE("mpuwd_ck", 0)				/* IDLWDT_ARM */
1565     SET_CANIDLE("armxor_ck", 1)				/* IDLXORP_ARM */
1566     SET_CANIDLE("mpuper_ck", 2)				/* IDLPER_ARM */
1567     SET_CANIDLE("lcd_ck", 3)				/* IDLLCD_ARM */
1568     SET_CANIDLE("lb_ck", 4)				/* IDLLB_ARM */
1569     SET_CANIDLE("hsab_ck", 5)				/* IDLHSAB_ARM */
1570     SET_CANIDLE("tipb_ck", 6)				/* IDLIF_ARM */
1571     SET_CANIDLE("dma_ck", 6)				/* IDLIF_ARM */
1572     SET_CANIDLE("tc_ck", 6)				/* IDLIF_ARM */
1573     SET_CANIDLE("dpll1", 7)				/* IDLDPLL_ARM */
1574     SET_CANIDLE("dpll2", 7)				/* IDLDPLL_ARM */
1575     SET_CANIDLE("dpll3", 7)				/* IDLDPLL_ARM */
1576     SET_CANIDLE("mpui_ck", 8)				/* IDLAPI_ARM */
1577     SET_CANIDLE("armtim_ck", 9)				/* IDLTIM_ARM */
1578 }
1579 
1580 static inline void omap_clkm_idlect2_update(struct omap_mpu_state_s *s,
1581                 uint16_t diff, uint16_t value)
1582 {
1583     omap_clk clk;
1584 
1585 #define SET_ONOFF(clock, bit)				\
1586     if (diff & (1 << bit)) {				\
1587         clk = omap_findclk(s, clock);			\
1588         omap_clk_onoff(clk, (value >> bit) & 1);	\
1589     }
1590     SET_ONOFF("mpuwd_ck", 0)				/* EN_WDTCK */
1591     SET_ONOFF("armxor_ck", 1)				/* EN_XORPCK */
1592     SET_ONOFF("mpuper_ck", 2)				/* EN_PERCK */
1593     SET_ONOFF("lcd_ck", 3)				/* EN_LCDCK */
1594     SET_ONOFF("lb_ck", 4)				/* EN_LBCK */
1595     SET_ONOFF("hsab_ck", 5)				/* EN_HSABCK */
1596     SET_ONOFF("mpui_ck", 6)				/* EN_APICK */
1597     SET_ONOFF("armtim_ck", 7)				/* EN_TIMCK */
1598     SET_CANIDLE("dma_ck", 8)				/* DMACK_REQ */
1599     SET_ONOFF("arm_gpio_ck", 9)				/* EN_GPIOCK */
1600     SET_ONOFF("lbfree_ck", 10)				/* EN_LBFREECK */
1601 }
1602 
1603 static inline void omap_clkm_ckout1_update(struct omap_mpu_state_s *s,
1604                 uint16_t diff, uint16_t value)
1605 {
1606     omap_clk clk;
1607 
1608     if (diff & (3 << 4)) {				/* TCLKOUT */
1609         clk = omap_findclk(s, "tclk_out");
1610         switch ((value >> 4) & 3) {
1611         case 1:
1612             omap_clk_reparent(clk, omap_findclk(s, "ck_gen3"));
1613             omap_clk_onoff(clk, 1);
1614             break;
1615         case 2:
1616             omap_clk_reparent(clk, omap_findclk(s, "tc_ck"));
1617             omap_clk_onoff(clk, 1);
1618             break;
1619         default:
1620             omap_clk_onoff(clk, 0);
1621         }
1622     }
1623     if (diff & (3 << 2)) {				/* DCLKOUT */
1624         clk = omap_findclk(s, "dclk_out");
1625         switch ((value >> 2) & 3) {
1626         case 0:
1627             omap_clk_reparent(clk, omap_findclk(s, "dspmmu_ck"));
1628             break;
1629         case 1:
1630             omap_clk_reparent(clk, omap_findclk(s, "ck_gen2"));
1631             break;
1632         case 2:
1633             omap_clk_reparent(clk, omap_findclk(s, "dsp_ck"));
1634             break;
1635         case 3:
1636             omap_clk_reparent(clk, omap_findclk(s, "ck_ref14"));
1637             break;
1638         }
1639     }
1640     if (diff & (3 << 0)) {				/* ACLKOUT */
1641         clk = omap_findclk(s, "aclk_out");
1642         switch ((value >> 0) & 3) {
1643         case 1:
1644             omap_clk_reparent(clk, omap_findclk(s, "ck_gen1"));
1645             omap_clk_onoff(clk, 1);
1646             break;
1647         case 2:
1648             omap_clk_reparent(clk, omap_findclk(s, "arm_ck"));
1649             omap_clk_onoff(clk, 1);
1650             break;
1651         case 3:
1652             omap_clk_reparent(clk, omap_findclk(s, "ck_ref14"));
1653             omap_clk_onoff(clk, 1);
1654             break;
1655         default:
1656             omap_clk_onoff(clk, 0);
1657         }
1658     }
1659 }
1660 
1661 static void omap_clkm_write(void *opaque, hwaddr addr,
1662                             uint64_t value, unsigned size)
1663 {
1664     struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
1665     uint16_t diff;
1666     omap_clk clk;
1667     static const char *clkschemename[8] = {
1668         "fully synchronous", "fully asynchronous", "synchronous scalable",
1669         "mix mode 1", "mix mode 2", "bypass mode", "mix mode 3", "mix mode 4",
1670     };
1671 
1672     if (size != 2) {
1673         omap_badwidth_write16(opaque, addr, value);
1674         return;
1675     }
1676 
1677     switch (addr) {
1678     case 0x00:	/* ARM_CKCTL */
1679         diff = s->clkm.arm_ckctl ^ value;
1680         s->clkm.arm_ckctl = value & 0x7fff;
1681         omap_clkm_ckctl_update(s, diff, value);
1682         return;
1683 
1684     case 0x04:	/* ARM_IDLECT1 */
1685         diff = s->clkm.arm_idlect1 ^ value;
1686         s->clkm.arm_idlect1 = value & 0x0fff;
1687         omap_clkm_idlect1_update(s, diff, value);
1688         return;
1689 
1690     case 0x08:	/* ARM_IDLECT2 */
1691         diff = s->clkm.arm_idlect2 ^ value;
1692         s->clkm.arm_idlect2 = value & 0x07ff;
1693         omap_clkm_idlect2_update(s, diff, value);
1694         return;
1695 
1696     case 0x0c:	/* ARM_EWUPCT */
1697         s->clkm.arm_ewupct = value & 0x003f;
1698         return;
1699 
1700     case 0x10:	/* ARM_RSTCT1 */
1701         diff = s->clkm.arm_rstct1 ^ value;
1702         s->clkm.arm_rstct1 = value & 0x0007;
1703         if (value & 9) {
1704             qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET);
1705             s->clkm.cold_start = 0xa;
1706         }
1707         if (diff & ~value & 4) {				/* DSP_RST */
1708             omap_mpui_reset(s);
1709             omap_tipb_bridge_reset(s->private_tipb);
1710             omap_tipb_bridge_reset(s->public_tipb);
1711         }
1712         if (diff & 2) {						/* DSP_EN */
1713             clk = omap_findclk(s, "dsp_ck");
1714             omap_clk_canidle(clk, (~value >> 1) & 1);
1715         }
1716         return;
1717 
1718     case 0x14:	/* ARM_RSTCT2 */
1719         s->clkm.arm_rstct2 = value & 0x0001;
1720         return;
1721 
1722     case 0x18:	/* ARM_SYSST */
1723         if ((s->clkm.clocking_scheme ^ (value >> 11)) & 7) {
1724             s->clkm.clocking_scheme = (value >> 11) & 7;
1725             printf("%s: clocking scheme set to %s\n", __func__,
1726                    clkschemename[s->clkm.clocking_scheme]);
1727         }
1728         s->clkm.cold_start &= value & 0x3f;
1729         return;
1730 
1731     case 0x1c:	/* ARM_CKOUT1 */
1732         diff = s->clkm.arm_ckout1 ^ value;
1733         s->clkm.arm_ckout1 = value & 0x003f;
1734         omap_clkm_ckout1_update(s, diff, value);
1735         return;
1736 
1737     case 0x20:	/* ARM_CKOUT2 */
1738     default:
1739         OMAP_BAD_REG(addr);
1740     }
1741 }
1742 
1743 static const MemoryRegionOps omap_clkm_ops = {
1744     .read = omap_clkm_read,
1745     .write = omap_clkm_write,
1746     .endianness = DEVICE_NATIVE_ENDIAN,
1747 };
1748 
1749 static uint64_t omap_clkdsp_read(void *opaque, hwaddr addr,
1750                                  unsigned size)
1751 {
1752     struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
1753     CPUState *cpu = CPU(s->cpu);
1754 
1755     if (size != 2) {
1756         return omap_badwidth_read16(opaque, addr);
1757     }
1758 
1759     switch (addr) {
1760     case 0x04:	/* DSP_IDLECT1 */
1761         return s->clkm.dsp_idlect1;
1762 
1763     case 0x08:	/* DSP_IDLECT2 */
1764         return s->clkm.dsp_idlect2;
1765 
1766     case 0x14:	/* DSP_RSTCT2 */
1767         return s->clkm.dsp_rstct2;
1768 
1769     case 0x18:	/* DSP_SYSST */
1770         cpu = CPU(s->cpu);
1771         return (s->clkm.clocking_scheme << 11) | s->clkm.cold_start |
1772                 (cpu->halted << 6);      /* Quite useless... */
1773     }
1774 
1775     OMAP_BAD_REG(addr);
1776     return 0;
1777 }
1778 
1779 static inline void omap_clkdsp_idlect1_update(struct omap_mpu_state_s *s,
1780                 uint16_t diff, uint16_t value)
1781 {
1782     omap_clk clk;
1783 
1784     SET_CANIDLE("dspxor_ck", 1);			/* IDLXORP_DSP */
1785 }
1786 
1787 static inline void omap_clkdsp_idlect2_update(struct omap_mpu_state_s *s,
1788                 uint16_t diff, uint16_t value)
1789 {
1790     omap_clk clk;
1791 
1792     SET_ONOFF("dspxor_ck", 1);				/* EN_XORPCK */
1793 }
1794 
1795 static void omap_clkdsp_write(void *opaque, hwaddr addr,
1796                               uint64_t value, unsigned size)
1797 {
1798     struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
1799     uint16_t diff;
1800 
1801     if (size != 2) {
1802         omap_badwidth_write16(opaque, addr, value);
1803         return;
1804     }
1805 
1806     switch (addr) {
1807     case 0x04:	/* DSP_IDLECT1 */
1808         diff = s->clkm.dsp_idlect1 ^ value;
1809         s->clkm.dsp_idlect1 = value & 0x01f7;
1810         omap_clkdsp_idlect1_update(s, diff, value);
1811         break;
1812 
1813     case 0x08:	/* DSP_IDLECT2 */
1814         s->clkm.dsp_idlect2 = value & 0x0037;
1815         diff = s->clkm.dsp_idlect1 ^ value;
1816         omap_clkdsp_idlect2_update(s, diff, value);
1817         break;
1818 
1819     case 0x14:	/* DSP_RSTCT2 */
1820         s->clkm.dsp_rstct2 = value & 0x0001;
1821         break;
1822 
1823     case 0x18:	/* DSP_SYSST */
1824         s->clkm.cold_start &= value & 0x3f;
1825         break;
1826 
1827     default:
1828         OMAP_BAD_REG(addr);
1829     }
1830 }
1831 
1832 static const MemoryRegionOps omap_clkdsp_ops = {
1833     .read = omap_clkdsp_read,
1834     .write = omap_clkdsp_write,
1835     .endianness = DEVICE_NATIVE_ENDIAN,
1836 };
1837 
1838 static void omap_clkm_reset(struct omap_mpu_state_s *s)
1839 {
1840     if (s->wdt && s->wdt->reset)
1841         s->clkm.cold_start = 0x6;
1842     s->clkm.clocking_scheme = 0;
1843     omap_clkm_ckctl_update(s, ~0, 0x3000);
1844     s->clkm.arm_ckctl = 0x3000;
1845     omap_clkm_idlect1_update(s, s->clkm.arm_idlect1 ^ 0x0400, 0x0400);
1846     s->clkm.arm_idlect1 = 0x0400;
1847     omap_clkm_idlect2_update(s, s->clkm.arm_idlect2 ^ 0x0100, 0x0100);
1848     s->clkm.arm_idlect2 = 0x0100;
1849     s->clkm.arm_ewupct = 0x003f;
1850     s->clkm.arm_rstct1 = 0x0000;
1851     s->clkm.arm_rstct2 = 0x0000;
1852     s->clkm.arm_ckout1 = 0x0015;
1853     s->clkm.dpll1_mode = 0x2002;
1854     omap_clkdsp_idlect1_update(s, s->clkm.dsp_idlect1 ^ 0x0040, 0x0040);
1855     s->clkm.dsp_idlect1 = 0x0040;
1856     omap_clkdsp_idlect2_update(s, ~0, 0x0000);
1857     s->clkm.dsp_idlect2 = 0x0000;
1858     s->clkm.dsp_rstct2 = 0x0000;
1859 }
1860 
1861 static void omap_clkm_init(MemoryRegion *memory, hwaddr mpu_base,
1862                 hwaddr dsp_base, struct omap_mpu_state_s *s)
1863 {
1864     memory_region_init_io(&s->clkm_iomem, NULL, &omap_clkm_ops, s,
1865                           "omap-clkm", 0x100);
1866     memory_region_init_io(&s->clkdsp_iomem, NULL, &omap_clkdsp_ops, s,
1867                           "omap-clkdsp", 0x1000);
1868 
1869     s->clkm.arm_idlect1 = 0x03ff;
1870     s->clkm.arm_idlect2 = 0x0100;
1871     s->clkm.dsp_idlect1 = 0x0002;
1872     omap_clkm_reset(s);
1873     s->clkm.cold_start = 0x3a;
1874 
1875     memory_region_add_subregion(memory, mpu_base, &s->clkm_iomem);
1876     memory_region_add_subregion(memory, dsp_base, &s->clkdsp_iomem);
1877 }
1878 
1879 /* MPU I/O */
1880 struct omap_mpuio_s {
1881     qemu_irq irq;
1882     qemu_irq kbd_irq;
1883     qemu_irq *in;
1884     qemu_irq handler[16];
1885     qemu_irq wakeup;
1886     MemoryRegion iomem;
1887 
1888     uint16_t inputs;
1889     uint16_t outputs;
1890     uint16_t dir;
1891     uint16_t edge;
1892     uint16_t mask;
1893     uint16_t ints;
1894 
1895     uint16_t debounce;
1896     uint16_t latch;
1897     uint8_t event;
1898 
1899     uint8_t buttons[5];
1900     uint8_t row_latch;
1901     uint8_t cols;
1902     int kbd_mask;
1903     int clk;
1904 };
1905 
1906 static void omap_mpuio_set(void *opaque, int line, int level)
1907 {
1908     struct omap_mpuio_s *s = (struct omap_mpuio_s *) opaque;
1909     uint16_t prev = s->inputs;
1910 
1911     if (level)
1912         s->inputs |= 1 << line;
1913     else
1914         s->inputs &= ~(1 << line);
1915 
1916     if (((1 << line) & s->dir & ~s->mask) && s->clk) {
1917         if ((s->edge & s->inputs & ~prev) | (~s->edge & ~s->inputs & prev)) {
1918             s->ints |= 1 << line;
1919             qemu_irq_raise(s->irq);
1920             /* TODO: wakeup */
1921         }
1922         if ((s->event & (1 << 0)) &&		/* SET_GPIO_EVENT_MODE */
1923                 (s->event >> 1) == line)	/* PIN_SELECT */
1924             s->latch = s->inputs;
1925     }
1926 }
1927 
1928 static void omap_mpuio_kbd_update(struct omap_mpuio_s *s)
1929 {
1930     int i;
1931     uint8_t *row, rows = 0, cols = ~s->cols;
1932 
1933     for (row = s->buttons + 4, i = 1 << 4; i; row --, i >>= 1)
1934         if (*row & cols)
1935             rows |= i;
1936 
1937     qemu_set_irq(s->kbd_irq, rows && !s->kbd_mask && s->clk);
1938     s->row_latch = ~rows;
1939 }
1940 
1941 static uint64_t omap_mpuio_read(void *opaque, hwaddr addr,
1942                                 unsigned size)
1943 {
1944     struct omap_mpuio_s *s = (struct omap_mpuio_s *) opaque;
1945     int offset = addr & OMAP_MPUI_REG_MASK;
1946     uint16_t ret;
1947 
1948     if (size != 2) {
1949         return omap_badwidth_read16(opaque, addr);
1950     }
1951 
1952     switch (offset) {
1953     case 0x00:	/* INPUT_LATCH */
1954         return s->inputs;
1955 
1956     case 0x04:	/* OUTPUT_REG */
1957         return s->outputs;
1958 
1959     case 0x08:	/* IO_CNTL */
1960         return s->dir;
1961 
1962     case 0x10:	/* KBR_LATCH */
1963         return s->row_latch;
1964 
1965     case 0x14:	/* KBC_REG */
1966         return s->cols;
1967 
1968     case 0x18:	/* GPIO_EVENT_MODE_REG */
1969         return s->event;
1970 
1971     case 0x1c:	/* GPIO_INT_EDGE_REG */
1972         return s->edge;
1973 
1974     case 0x20:	/* KBD_INT */
1975         return (~s->row_latch & 0x1f) && !s->kbd_mask;
1976 
1977     case 0x24:	/* GPIO_INT */
1978         ret = s->ints;
1979         s->ints &= s->mask;
1980         if (ret)
1981             qemu_irq_lower(s->irq);
1982         return ret;
1983 
1984     case 0x28:	/* KBD_MASKIT */
1985         return s->kbd_mask;
1986 
1987     case 0x2c:	/* GPIO_MASKIT */
1988         return s->mask;
1989 
1990     case 0x30:	/* GPIO_DEBOUNCING_REG */
1991         return s->debounce;
1992 
1993     case 0x34:	/* GPIO_LATCH_REG */
1994         return s->latch;
1995     }
1996 
1997     OMAP_BAD_REG(addr);
1998     return 0;
1999 }
2000 
2001 static void omap_mpuio_write(void *opaque, hwaddr addr,
2002                              uint64_t value, unsigned size)
2003 {
2004     struct omap_mpuio_s *s = (struct omap_mpuio_s *) opaque;
2005     int offset = addr & OMAP_MPUI_REG_MASK;
2006     uint16_t diff;
2007     int ln;
2008 
2009     if (size != 2) {
2010         omap_badwidth_write16(opaque, addr, value);
2011         return;
2012     }
2013 
2014     switch (offset) {
2015     case 0x04:	/* OUTPUT_REG */
2016         diff = (s->outputs ^ value) & ~s->dir;
2017         s->outputs = value;
2018         while ((ln = ctz32(diff)) != 32) {
2019             if (s->handler[ln])
2020                 qemu_set_irq(s->handler[ln], (value >> ln) & 1);
2021             diff &= ~(1 << ln);
2022         }
2023         break;
2024 
2025     case 0x08:	/* IO_CNTL */
2026         diff = s->outputs & (s->dir ^ value);
2027         s->dir = value;
2028 
2029         value = s->outputs & ~s->dir;
2030         while ((ln = ctz32(diff)) != 32) {
2031             if (s->handler[ln])
2032                 qemu_set_irq(s->handler[ln], (value >> ln) & 1);
2033             diff &= ~(1 << ln);
2034         }
2035         break;
2036 
2037     case 0x14:	/* KBC_REG */
2038         s->cols = value;
2039         omap_mpuio_kbd_update(s);
2040         break;
2041 
2042     case 0x18:	/* GPIO_EVENT_MODE_REG */
2043         s->event = value & 0x1f;
2044         break;
2045 
2046     case 0x1c:	/* GPIO_INT_EDGE_REG */
2047         s->edge = value;
2048         break;
2049 
2050     case 0x28:	/* KBD_MASKIT */
2051         s->kbd_mask = value & 1;
2052         omap_mpuio_kbd_update(s);
2053         break;
2054 
2055     case 0x2c:	/* GPIO_MASKIT */
2056         s->mask = value;
2057         break;
2058 
2059     case 0x30:	/* GPIO_DEBOUNCING_REG */
2060         s->debounce = value & 0x1ff;
2061         break;
2062 
2063     case 0x00:	/* INPUT_LATCH */
2064     case 0x10:	/* KBR_LATCH */
2065     case 0x20:	/* KBD_INT */
2066     case 0x24:	/* GPIO_INT */
2067     case 0x34:	/* GPIO_LATCH_REG */
2068         OMAP_RO_REG(addr);
2069         return;
2070 
2071     default:
2072         OMAP_BAD_REG(addr);
2073         return;
2074     }
2075 }
2076 
2077 static const MemoryRegionOps omap_mpuio_ops  = {
2078     .read = omap_mpuio_read,
2079     .write = omap_mpuio_write,
2080     .endianness = DEVICE_NATIVE_ENDIAN,
2081 };
2082 
2083 static void omap_mpuio_reset(struct omap_mpuio_s *s)
2084 {
2085     s->inputs = 0;
2086     s->outputs = 0;
2087     s->dir = ~0;
2088     s->event = 0;
2089     s->edge = 0;
2090     s->kbd_mask = 0;
2091     s->mask = 0;
2092     s->debounce = 0;
2093     s->latch = 0;
2094     s->ints = 0;
2095     s->row_latch = 0x1f;
2096     s->clk = 1;
2097 }
2098 
2099 static void omap_mpuio_onoff(void *opaque, int line, int on)
2100 {
2101     struct omap_mpuio_s *s = (struct omap_mpuio_s *) opaque;
2102 
2103     s->clk = on;
2104     if (on)
2105         omap_mpuio_kbd_update(s);
2106 }
2107 
2108 static struct omap_mpuio_s *omap_mpuio_init(MemoryRegion *memory,
2109                 hwaddr base,
2110                 qemu_irq kbd_int, qemu_irq gpio_int, qemu_irq wakeup,
2111                 omap_clk clk)
2112 {
2113     struct omap_mpuio_s *s = g_new0(struct omap_mpuio_s, 1);
2114 
2115     s->irq = gpio_int;
2116     s->kbd_irq = kbd_int;
2117     s->wakeup = wakeup;
2118     s->in = qemu_allocate_irqs(omap_mpuio_set, s, 16);
2119     omap_mpuio_reset(s);
2120 
2121     memory_region_init_io(&s->iomem, NULL, &omap_mpuio_ops, s,
2122                           "omap-mpuio", 0x800);
2123     memory_region_add_subregion(memory, base, &s->iomem);
2124 
2125     omap_clk_adduser(clk, qemu_allocate_irq(omap_mpuio_onoff, s, 0));
2126 
2127     return s;
2128 }
2129 
2130 qemu_irq *omap_mpuio_in_get(struct omap_mpuio_s *s)
2131 {
2132     return s->in;
2133 }
2134 
2135 void omap_mpuio_out_set(struct omap_mpuio_s *s, int line, qemu_irq handler)
2136 {
2137     if (line >= 16 || line < 0)
2138         hw_error("%s: No GPIO line %i\n", __func__, line);
2139     s->handler[line] = handler;
2140 }
2141 
2142 void omap_mpuio_key(struct omap_mpuio_s *s, int row, int col, int down)
2143 {
2144     if (row >= 5 || row < 0)
2145         hw_error("%s: No key %i-%i\n", __func__, col, row);
2146 
2147     if (down)
2148         s->buttons[row] |= 1 << col;
2149     else
2150         s->buttons[row] &= ~(1 << col);
2151 
2152     omap_mpuio_kbd_update(s);
2153 }
2154 
2155 /* MicroWire Interface */
2156 struct omap_uwire_s {
2157     MemoryRegion iomem;
2158     qemu_irq txirq;
2159     qemu_irq rxirq;
2160     qemu_irq txdrq;
2161 
2162     uint16_t txbuf;
2163     uint16_t rxbuf;
2164     uint16_t control;
2165     uint16_t setup[5];
2166 
2167     uWireSlave *chip[4];
2168 };
2169 
2170 static void omap_uwire_transfer_start(struct omap_uwire_s *s)
2171 {
2172     int chipselect = (s->control >> 10) & 3;		/* INDEX */
2173     uWireSlave *slave = s->chip[chipselect];
2174 
2175     if ((s->control >> 5) & 0x1f) {			/* NB_BITS_WR */
2176         if (s->control & (1 << 12))			/* CS_CMD */
2177             if (slave && slave->send)
2178                 slave->send(slave->opaque,
2179                                 s->txbuf >> (16 - ((s->control >> 5) & 0x1f)));
2180         s->control &= ~(1 << 14);			/* CSRB */
2181         /* TODO: depending on s->setup[4] bits [1:0] assert an IRQ or
2182          * a DRQ.  When is the level IRQ supposed to be reset?  */
2183     }
2184 
2185     if ((s->control >> 0) & 0x1f) {			/* NB_BITS_RD */
2186         if (s->control & (1 << 12))			/* CS_CMD */
2187             if (slave && slave->receive)
2188                 s->rxbuf = slave->receive(slave->opaque);
2189         s->control |= 1 << 15;				/* RDRB */
2190         /* TODO: depending on s->setup[4] bits [1:0] assert an IRQ or
2191          * a DRQ.  When is the level IRQ supposed to be reset?  */
2192     }
2193 }
2194 
2195 static uint64_t omap_uwire_read(void *opaque, hwaddr addr,
2196                                 unsigned size)
2197 {
2198     struct omap_uwire_s *s = (struct omap_uwire_s *) opaque;
2199     int offset = addr & OMAP_MPUI_REG_MASK;
2200 
2201     if (size != 2) {
2202         return omap_badwidth_read16(opaque, addr);
2203     }
2204 
2205     switch (offset) {
2206     case 0x00:	/* RDR */
2207         s->control &= ~(1 << 15);			/* RDRB */
2208         return s->rxbuf;
2209 
2210     case 0x04:	/* CSR */
2211         return s->control;
2212 
2213     case 0x08:	/* SR1 */
2214         return s->setup[0];
2215     case 0x0c:	/* SR2 */
2216         return s->setup[1];
2217     case 0x10:	/* SR3 */
2218         return s->setup[2];
2219     case 0x14:	/* SR4 */
2220         return s->setup[3];
2221     case 0x18:	/* SR5 */
2222         return s->setup[4];
2223     }
2224 
2225     OMAP_BAD_REG(addr);
2226     return 0;
2227 }
2228 
2229 static void omap_uwire_write(void *opaque, hwaddr addr,
2230                              uint64_t value, unsigned size)
2231 {
2232     struct omap_uwire_s *s = (struct omap_uwire_s *) opaque;
2233     int offset = addr & OMAP_MPUI_REG_MASK;
2234 
2235     if (size != 2) {
2236         omap_badwidth_write16(opaque, addr, value);
2237         return;
2238     }
2239 
2240     switch (offset) {
2241     case 0x00:	/* TDR */
2242         s->txbuf = value;				/* TD */
2243         if ((s->setup[4] & (1 << 2)) &&			/* AUTO_TX_EN */
2244                         ((s->setup[4] & (1 << 3)) ||	/* CS_TOGGLE_TX_EN */
2245                          (s->control & (1 << 12)))) {	/* CS_CMD */
2246             s->control |= 1 << 14;			/* CSRB */
2247             omap_uwire_transfer_start(s);
2248         }
2249         break;
2250 
2251     case 0x04:	/* CSR */
2252         s->control = value & 0x1fff;
2253         if (value & (1 << 13))				/* START */
2254             omap_uwire_transfer_start(s);
2255         break;
2256 
2257     case 0x08:	/* SR1 */
2258         s->setup[0] = value & 0x003f;
2259         break;
2260 
2261     case 0x0c:	/* SR2 */
2262         s->setup[1] = value & 0x0fc0;
2263         break;
2264 
2265     case 0x10:	/* SR3 */
2266         s->setup[2] = value & 0x0003;
2267         break;
2268 
2269     case 0x14:	/* SR4 */
2270         s->setup[3] = value & 0x0001;
2271         break;
2272 
2273     case 0x18:	/* SR5 */
2274         s->setup[4] = value & 0x000f;
2275         break;
2276 
2277     default:
2278         OMAP_BAD_REG(addr);
2279         return;
2280     }
2281 }
2282 
2283 static const MemoryRegionOps omap_uwire_ops = {
2284     .read = omap_uwire_read,
2285     .write = omap_uwire_write,
2286     .endianness = DEVICE_NATIVE_ENDIAN,
2287 };
2288 
2289 static void omap_uwire_reset(struct omap_uwire_s *s)
2290 {
2291     s->control = 0;
2292     s->setup[0] = 0;
2293     s->setup[1] = 0;
2294     s->setup[2] = 0;
2295     s->setup[3] = 0;
2296     s->setup[4] = 0;
2297 }
2298 
2299 static struct omap_uwire_s *omap_uwire_init(MemoryRegion *system_memory,
2300                                             hwaddr base,
2301                                             qemu_irq txirq, qemu_irq rxirq,
2302                                             qemu_irq dma,
2303                                             omap_clk clk)
2304 {
2305     struct omap_uwire_s *s = g_new0(struct omap_uwire_s, 1);
2306 
2307     s->txirq = txirq;
2308     s->rxirq = rxirq;
2309     s->txdrq = dma;
2310     omap_uwire_reset(s);
2311 
2312     memory_region_init_io(&s->iomem, NULL, &omap_uwire_ops, s, "omap-uwire", 0x800);
2313     memory_region_add_subregion(system_memory, base, &s->iomem);
2314 
2315     return s;
2316 }
2317 
2318 void omap_uwire_attach(struct omap_uwire_s *s,
2319                 uWireSlave *slave, int chipselect)
2320 {
2321     if (chipselect < 0 || chipselect > 3) {
2322         error_report("%s: Bad chipselect %i", __func__, chipselect);
2323         exit(-1);
2324     }
2325 
2326     s->chip[chipselect] = slave;
2327 }
2328 
2329 /* Pseudonoise Pulse-Width Light Modulator */
2330 struct omap_pwl_s {
2331     MemoryRegion iomem;
2332     uint8_t output;
2333     uint8_t level;
2334     uint8_t enable;
2335     int clk;
2336 };
2337 
2338 static void omap_pwl_update(struct omap_pwl_s *s)
2339 {
2340     int output = (s->clk && s->enable) ? s->level : 0;
2341 
2342     if (output != s->output) {
2343         s->output = output;
2344         printf("%s: Backlight now at %i/256\n", __func__, output);
2345     }
2346 }
2347 
2348 static uint64_t omap_pwl_read(void *opaque, hwaddr addr,
2349                               unsigned size)
2350 {
2351     struct omap_pwl_s *s = (struct omap_pwl_s *) opaque;
2352     int offset = addr & OMAP_MPUI_REG_MASK;
2353 
2354     if (size != 1) {
2355         return omap_badwidth_read8(opaque, addr);
2356     }
2357 
2358     switch (offset) {
2359     case 0x00:	/* PWL_LEVEL */
2360         return s->level;
2361     case 0x04:	/* PWL_CTRL */
2362         return s->enable;
2363     }
2364     OMAP_BAD_REG(addr);
2365     return 0;
2366 }
2367 
2368 static void omap_pwl_write(void *opaque, hwaddr addr,
2369                            uint64_t value, unsigned size)
2370 {
2371     struct omap_pwl_s *s = (struct omap_pwl_s *) opaque;
2372     int offset = addr & OMAP_MPUI_REG_MASK;
2373 
2374     if (size != 1) {
2375         omap_badwidth_write8(opaque, addr, value);
2376         return;
2377     }
2378 
2379     switch (offset) {
2380     case 0x00:	/* PWL_LEVEL */
2381         s->level = value;
2382         omap_pwl_update(s);
2383         break;
2384     case 0x04:	/* PWL_CTRL */
2385         s->enable = value & 1;
2386         omap_pwl_update(s);
2387         break;
2388     default:
2389         OMAP_BAD_REG(addr);
2390         return;
2391     }
2392 }
2393 
2394 static const MemoryRegionOps omap_pwl_ops = {
2395     .read = omap_pwl_read,
2396     .write = omap_pwl_write,
2397     .endianness = DEVICE_NATIVE_ENDIAN,
2398 };
2399 
2400 static void omap_pwl_reset(struct omap_pwl_s *s)
2401 {
2402     s->output = 0;
2403     s->level = 0;
2404     s->enable = 0;
2405     s->clk = 1;
2406     omap_pwl_update(s);
2407 }
2408 
2409 static void omap_pwl_clk_update(void *opaque, int line, int on)
2410 {
2411     struct omap_pwl_s *s = (struct omap_pwl_s *) opaque;
2412 
2413     s->clk = on;
2414     omap_pwl_update(s);
2415 }
2416 
2417 static struct omap_pwl_s *omap_pwl_init(MemoryRegion *system_memory,
2418                                         hwaddr base,
2419                                         omap_clk clk)
2420 {
2421     struct omap_pwl_s *s = g_malloc0(sizeof(*s));
2422 
2423     omap_pwl_reset(s);
2424 
2425     memory_region_init_io(&s->iomem, NULL, &omap_pwl_ops, s,
2426                           "omap-pwl", 0x800);
2427     memory_region_add_subregion(system_memory, base, &s->iomem);
2428 
2429     omap_clk_adduser(clk, qemu_allocate_irq(omap_pwl_clk_update, s, 0));
2430     return s;
2431 }
2432 
2433 /* Pulse-Width Tone module */
2434 struct omap_pwt_s {
2435     MemoryRegion iomem;
2436     uint8_t frc;
2437     uint8_t vrc;
2438     uint8_t gcr;
2439     omap_clk clk;
2440 };
2441 
2442 static uint64_t omap_pwt_read(void *opaque, hwaddr addr,
2443                               unsigned size)
2444 {
2445     struct omap_pwt_s *s = (struct omap_pwt_s *) opaque;
2446     int offset = addr & OMAP_MPUI_REG_MASK;
2447 
2448     if (size != 1) {
2449         return omap_badwidth_read8(opaque, addr);
2450     }
2451 
2452     switch (offset) {
2453     case 0x00:	/* FRC */
2454         return s->frc;
2455     case 0x04:	/* VCR */
2456         return s->vrc;
2457     case 0x08:	/* GCR */
2458         return s->gcr;
2459     }
2460     OMAP_BAD_REG(addr);
2461     return 0;
2462 }
2463 
2464 static void omap_pwt_write(void *opaque, hwaddr addr,
2465                            uint64_t value, unsigned size)
2466 {
2467     struct omap_pwt_s *s = (struct omap_pwt_s *) opaque;
2468     int offset = addr & OMAP_MPUI_REG_MASK;
2469 
2470     if (size != 1) {
2471         omap_badwidth_write8(opaque, addr, value);
2472         return;
2473     }
2474 
2475     switch (offset) {
2476     case 0x00:	/* FRC */
2477         s->frc = value & 0x3f;
2478         break;
2479     case 0x04:	/* VRC */
2480         if ((value ^ s->vrc) & 1) {
2481             if (value & 1)
2482                 printf("%s: %iHz buzz on\n", __func__, (int)
2483                                 /* 1.5 MHz from a 12-MHz or 13-MHz PWT_CLK */
2484                                 ((omap_clk_getrate(s->clk) >> 3) /
2485                                  /* Pre-multiplexer divider */
2486                                  ((s->gcr & 2) ? 1 : 154) /
2487                                  /* Octave multiplexer */
2488                                  (2 << (value & 3)) *
2489                                  /* 101/107 divider */
2490                                  ((value & (1 << 2)) ? 101 : 107) *
2491                                  /*  49/55 divider */
2492                                  ((value & (1 << 3)) ?  49 : 55) *
2493                                  /*  50/63 divider */
2494                                  ((value & (1 << 4)) ?  50 : 63) *
2495                                  /*  80/127 divider */
2496                                  ((value & (1 << 5)) ?  80 : 127) /
2497                                  (107 * 55 * 63 * 127)));
2498             else
2499                 printf("%s: silence!\n", __func__);
2500         }
2501         s->vrc = value & 0x7f;
2502         break;
2503     case 0x08:	/* GCR */
2504         s->gcr = value & 3;
2505         break;
2506     default:
2507         OMAP_BAD_REG(addr);
2508         return;
2509     }
2510 }
2511 
2512 static const MemoryRegionOps omap_pwt_ops = {
2513     .read =omap_pwt_read,
2514     .write = omap_pwt_write,
2515     .endianness = DEVICE_NATIVE_ENDIAN,
2516 };
2517 
2518 static void omap_pwt_reset(struct omap_pwt_s *s)
2519 {
2520     s->frc = 0;
2521     s->vrc = 0;
2522     s->gcr = 0;
2523 }
2524 
2525 static struct omap_pwt_s *omap_pwt_init(MemoryRegion *system_memory,
2526                                         hwaddr base,
2527                                         omap_clk clk)
2528 {
2529     struct omap_pwt_s *s = g_malloc0(sizeof(*s));
2530     s->clk = clk;
2531     omap_pwt_reset(s);
2532 
2533     memory_region_init_io(&s->iomem, NULL, &omap_pwt_ops, s,
2534                           "omap-pwt", 0x800);
2535     memory_region_add_subregion(system_memory, base, &s->iomem);
2536     return s;
2537 }
2538 
2539 /* Real-time Clock module */
2540 struct omap_rtc_s {
2541     MemoryRegion iomem;
2542     qemu_irq irq;
2543     qemu_irq alarm;
2544     QEMUTimer *clk;
2545 
2546     uint8_t interrupts;
2547     uint8_t status;
2548     int16_t comp_reg;
2549     int running;
2550     int pm_am;
2551     int auto_comp;
2552     int round;
2553     struct tm alarm_tm;
2554     time_t alarm_ti;
2555 
2556     struct tm current_tm;
2557     time_t ti;
2558     uint64_t tick;
2559 };
2560 
2561 static void omap_rtc_interrupts_update(struct omap_rtc_s *s)
2562 {
2563     /* s->alarm is level-triggered */
2564     qemu_set_irq(s->alarm, (s->status >> 6) & 1);
2565 }
2566 
2567 static void omap_rtc_alarm_update(struct omap_rtc_s *s)
2568 {
2569     s->alarm_ti = mktimegm(&s->alarm_tm);
2570     if (s->alarm_ti == -1)
2571         printf("%s: conversion failed\n", __func__);
2572 }
2573 
2574 static uint64_t omap_rtc_read(void *opaque, hwaddr addr,
2575                               unsigned size)
2576 {
2577     struct omap_rtc_s *s = (struct omap_rtc_s *) opaque;
2578     int offset = addr & OMAP_MPUI_REG_MASK;
2579     uint8_t i;
2580 
2581     if (size != 1) {
2582         return omap_badwidth_read8(opaque, addr);
2583     }
2584 
2585     switch (offset) {
2586     case 0x00:	/* SECONDS_REG */
2587         return to_bcd(s->current_tm.tm_sec);
2588 
2589     case 0x04:	/* MINUTES_REG */
2590         return to_bcd(s->current_tm.tm_min);
2591 
2592     case 0x08:	/* HOURS_REG */
2593         if (s->pm_am)
2594             return ((s->current_tm.tm_hour > 11) << 7) |
2595                     to_bcd(((s->current_tm.tm_hour - 1) % 12) + 1);
2596         else
2597             return to_bcd(s->current_tm.tm_hour);
2598 
2599     case 0x0c:	/* DAYS_REG */
2600         return to_bcd(s->current_tm.tm_mday);
2601 
2602     case 0x10:	/* MONTHS_REG */
2603         return to_bcd(s->current_tm.tm_mon + 1);
2604 
2605     case 0x14:	/* YEARS_REG */
2606         return to_bcd(s->current_tm.tm_year % 100);
2607 
2608     case 0x18:	/* WEEK_REG */
2609         return s->current_tm.tm_wday;
2610 
2611     case 0x20:	/* ALARM_SECONDS_REG */
2612         return to_bcd(s->alarm_tm.tm_sec);
2613 
2614     case 0x24:	/* ALARM_MINUTES_REG */
2615         return to_bcd(s->alarm_tm.tm_min);
2616 
2617     case 0x28:	/* ALARM_HOURS_REG */
2618         if (s->pm_am)
2619             return ((s->alarm_tm.tm_hour > 11) << 7) |
2620                     to_bcd(((s->alarm_tm.tm_hour - 1) % 12) + 1);
2621         else
2622             return to_bcd(s->alarm_tm.tm_hour);
2623 
2624     case 0x2c:	/* ALARM_DAYS_REG */
2625         return to_bcd(s->alarm_tm.tm_mday);
2626 
2627     case 0x30:	/* ALARM_MONTHS_REG */
2628         return to_bcd(s->alarm_tm.tm_mon + 1);
2629 
2630     case 0x34:	/* ALARM_YEARS_REG */
2631         return to_bcd(s->alarm_tm.tm_year % 100);
2632 
2633     case 0x40:	/* RTC_CTRL_REG */
2634         return (s->pm_am << 3) | (s->auto_comp << 2) |
2635                 (s->round << 1) | s->running;
2636 
2637     case 0x44:	/* RTC_STATUS_REG */
2638         i = s->status;
2639         s->status &= ~0x3d;
2640         return i;
2641 
2642     case 0x48:	/* RTC_INTERRUPTS_REG */
2643         return s->interrupts;
2644 
2645     case 0x4c:	/* RTC_COMP_LSB_REG */
2646         return ((uint16_t) s->comp_reg) & 0xff;
2647 
2648     case 0x50:	/* RTC_COMP_MSB_REG */
2649         return ((uint16_t) s->comp_reg) >> 8;
2650     }
2651 
2652     OMAP_BAD_REG(addr);
2653     return 0;
2654 }
2655 
2656 static void omap_rtc_write(void *opaque, hwaddr addr,
2657                            uint64_t value, unsigned size)
2658 {
2659     struct omap_rtc_s *s = (struct omap_rtc_s *) opaque;
2660     int offset = addr & OMAP_MPUI_REG_MASK;
2661     struct tm new_tm;
2662     time_t ti[2];
2663 
2664     if (size != 1) {
2665         omap_badwidth_write8(opaque, addr, value);
2666         return;
2667     }
2668 
2669     switch (offset) {
2670     case 0x00:	/* SECONDS_REG */
2671 #ifdef ALMDEBUG
2672         printf("RTC SEC_REG <-- %02x\n", value);
2673 #endif
2674         s->ti -= s->current_tm.tm_sec;
2675         s->ti += from_bcd(value);
2676         return;
2677 
2678     case 0x04:	/* MINUTES_REG */
2679 #ifdef ALMDEBUG
2680         printf("RTC MIN_REG <-- %02x\n", value);
2681 #endif
2682         s->ti -= s->current_tm.tm_min * 60;
2683         s->ti += from_bcd(value) * 60;
2684         return;
2685 
2686     case 0x08:	/* HOURS_REG */
2687 #ifdef ALMDEBUG
2688         printf("RTC HRS_REG <-- %02x\n", value);
2689 #endif
2690         s->ti -= s->current_tm.tm_hour * 3600;
2691         if (s->pm_am) {
2692             s->ti += (from_bcd(value & 0x3f) & 12) * 3600;
2693             s->ti += ((value >> 7) & 1) * 43200;
2694         } else
2695             s->ti += from_bcd(value & 0x3f) * 3600;
2696         return;
2697 
2698     case 0x0c:	/* DAYS_REG */
2699 #ifdef ALMDEBUG
2700         printf("RTC DAY_REG <-- %02x\n", value);
2701 #endif
2702         s->ti -= s->current_tm.tm_mday * 86400;
2703         s->ti += from_bcd(value) * 86400;
2704         return;
2705 
2706     case 0x10:	/* MONTHS_REG */
2707 #ifdef ALMDEBUG
2708         printf("RTC MTH_REG <-- %02x\n", value);
2709 #endif
2710         memcpy(&new_tm, &s->current_tm, sizeof(new_tm));
2711         new_tm.tm_mon = from_bcd(value);
2712         ti[0] = mktimegm(&s->current_tm);
2713         ti[1] = mktimegm(&new_tm);
2714 
2715         if (ti[0] != -1 && ti[1] != -1) {
2716             s->ti -= ti[0];
2717             s->ti += ti[1];
2718         } else {
2719             /* A less accurate version */
2720             s->ti -= s->current_tm.tm_mon * 2592000;
2721             s->ti += from_bcd(value) * 2592000;
2722         }
2723         return;
2724 
2725     case 0x14:	/* YEARS_REG */
2726 #ifdef ALMDEBUG
2727         printf("RTC YRS_REG <-- %02x\n", value);
2728 #endif
2729         memcpy(&new_tm, &s->current_tm, sizeof(new_tm));
2730         new_tm.tm_year += from_bcd(value) - (new_tm.tm_year % 100);
2731         ti[0] = mktimegm(&s->current_tm);
2732         ti[1] = mktimegm(&new_tm);
2733 
2734         if (ti[0] != -1 && ti[1] != -1) {
2735             s->ti -= ti[0];
2736             s->ti += ti[1];
2737         } else {
2738             /* A less accurate version */
2739             s->ti -= (time_t)(s->current_tm.tm_year % 100) * 31536000;
2740             s->ti += (time_t)from_bcd(value) * 31536000;
2741         }
2742         return;
2743 
2744     case 0x18:	/* WEEK_REG */
2745         return;	/* Ignored */
2746 
2747     case 0x20:	/* ALARM_SECONDS_REG */
2748 #ifdef ALMDEBUG
2749         printf("ALM SEC_REG <-- %02x\n", value);
2750 #endif
2751         s->alarm_tm.tm_sec = from_bcd(value);
2752         omap_rtc_alarm_update(s);
2753         return;
2754 
2755     case 0x24:	/* ALARM_MINUTES_REG */
2756 #ifdef ALMDEBUG
2757         printf("ALM MIN_REG <-- %02x\n", value);
2758 #endif
2759         s->alarm_tm.tm_min = from_bcd(value);
2760         omap_rtc_alarm_update(s);
2761         return;
2762 
2763     case 0x28:	/* ALARM_HOURS_REG */
2764 #ifdef ALMDEBUG
2765         printf("ALM HRS_REG <-- %02x\n", value);
2766 #endif
2767         if (s->pm_am)
2768             s->alarm_tm.tm_hour =
2769                     ((from_bcd(value & 0x3f)) % 12) +
2770                     ((value >> 7) & 1) * 12;
2771         else
2772             s->alarm_tm.tm_hour = from_bcd(value);
2773         omap_rtc_alarm_update(s);
2774         return;
2775 
2776     case 0x2c:	/* ALARM_DAYS_REG */
2777 #ifdef ALMDEBUG
2778         printf("ALM DAY_REG <-- %02x\n", value);
2779 #endif
2780         s->alarm_tm.tm_mday = from_bcd(value);
2781         omap_rtc_alarm_update(s);
2782         return;
2783 
2784     case 0x30:	/* ALARM_MONTHS_REG */
2785 #ifdef ALMDEBUG
2786         printf("ALM MON_REG <-- %02x\n", value);
2787 #endif
2788         s->alarm_tm.tm_mon = from_bcd(value);
2789         omap_rtc_alarm_update(s);
2790         return;
2791 
2792     case 0x34:	/* ALARM_YEARS_REG */
2793 #ifdef ALMDEBUG
2794         printf("ALM YRS_REG <-- %02x\n", value);
2795 #endif
2796         s->alarm_tm.tm_year = from_bcd(value);
2797         omap_rtc_alarm_update(s);
2798         return;
2799 
2800     case 0x40:	/* RTC_CTRL_REG */
2801 #ifdef ALMDEBUG
2802         printf("RTC CONTROL <-- %02x\n", value);
2803 #endif
2804         s->pm_am = (value >> 3) & 1;
2805         s->auto_comp = (value >> 2) & 1;
2806         s->round = (value >> 1) & 1;
2807         s->running = value & 1;
2808         s->status &= 0xfd;
2809         s->status |= s->running << 1;
2810         return;
2811 
2812     case 0x44:	/* RTC_STATUS_REG */
2813 #ifdef ALMDEBUG
2814         printf("RTC STATUSL <-- %02x\n", value);
2815 #endif
2816         s->status &= ~((value & 0xc0) ^ 0x80);
2817         omap_rtc_interrupts_update(s);
2818         return;
2819 
2820     case 0x48:	/* RTC_INTERRUPTS_REG */
2821 #ifdef ALMDEBUG
2822         printf("RTC INTRS <-- %02x\n", value);
2823 #endif
2824         s->interrupts = value;
2825         return;
2826 
2827     case 0x4c:	/* RTC_COMP_LSB_REG */
2828 #ifdef ALMDEBUG
2829         printf("RTC COMPLSB <-- %02x\n", value);
2830 #endif
2831         s->comp_reg &= 0xff00;
2832         s->comp_reg |= 0x00ff & value;
2833         return;
2834 
2835     case 0x50:	/* RTC_COMP_MSB_REG */
2836 #ifdef ALMDEBUG
2837         printf("RTC COMPMSB <-- %02x\n", value);
2838 #endif
2839         s->comp_reg &= 0x00ff;
2840         s->comp_reg |= 0xff00 & (value << 8);
2841         return;
2842 
2843     default:
2844         OMAP_BAD_REG(addr);
2845         return;
2846     }
2847 }
2848 
2849 static const MemoryRegionOps omap_rtc_ops = {
2850     .read = omap_rtc_read,
2851     .write = omap_rtc_write,
2852     .endianness = DEVICE_NATIVE_ENDIAN,
2853 };
2854 
2855 static void omap_rtc_tick(void *opaque)
2856 {
2857     struct omap_rtc_s *s = opaque;
2858 
2859     if (s->round) {
2860         /* Round to nearest full minute.  */
2861         if (s->current_tm.tm_sec < 30)
2862             s->ti -= s->current_tm.tm_sec;
2863         else
2864             s->ti += 60 - s->current_tm.tm_sec;
2865 
2866         s->round = 0;
2867     }
2868 
2869     localtime_r(&s->ti, &s->current_tm);
2870 
2871     if ((s->interrupts & 0x08) && s->ti == s->alarm_ti) {
2872         s->status |= 0x40;
2873         omap_rtc_interrupts_update(s);
2874     }
2875 
2876     if (s->interrupts & 0x04)
2877         switch (s->interrupts & 3) {
2878         case 0:
2879             s->status |= 0x04;
2880             qemu_irq_pulse(s->irq);
2881             break;
2882         case 1:
2883             if (s->current_tm.tm_sec)
2884                 break;
2885             s->status |= 0x08;
2886             qemu_irq_pulse(s->irq);
2887             break;
2888         case 2:
2889             if (s->current_tm.tm_sec || s->current_tm.tm_min)
2890                 break;
2891             s->status |= 0x10;
2892             qemu_irq_pulse(s->irq);
2893             break;
2894         case 3:
2895             if (s->current_tm.tm_sec ||
2896                             s->current_tm.tm_min || s->current_tm.tm_hour)
2897                 break;
2898             s->status |= 0x20;
2899             qemu_irq_pulse(s->irq);
2900             break;
2901         }
2902 
2903     /* Move on */
2904     if (s->running)
2905         s->ti ++;
2906     s->tick += 1000;
2907 
2908     /*
2909      * Every full hour add a rough approximation of the compensation
2910      * register to the 32kHz Timer (which drives the RTC) value.
2911      */
2912     if (s->auto_comp && !s->current_tm.tm_sec && !s->current_tm.tm_min)
2913         s->tick += s->comp_reg * 1000 / 32768;
2914 
2915     timer_mod(s->clk, s->tick);
2916 }
2917 
2918 static void omap_rtc_reset(struct omap_rtc_s *s)
2919 {
2920     struct tm tm;
2921 
2922     s->interrupts = 0;
2923     s->comp_reg = 0;
2924     s->running = 0;
2925     s->pm_am = 0;
2926     s->auto_comp = 0;
2927     s->round = 0;
2928     s->tick = qemu_clock_get_ms(rtc_clock);
2929     memset(&s->alarm_tm, 0, sizeof(s->alarm_tm));
2930     s->alarm_tm.tm_mday = 0x01;
2931     s->status = 1 << 7;
2932     qemu_get_timedate(&tm, 0);
2933     s->ti = mktimegm(&tm);
2934 
2935     omap_rtc_alarm_update(s);
2936     omap_rtc_tick(s);
2937 }
2938 
2939 static struct omap_rtc_s *omap_rtc_init(MemoryRegion *system_memory,
2940                                         hwaddr base,
2941                                         qemu_irq timerirq, qemu_irq alarmirq,
2942                                         omap_clk clk)
2943 {
2944     struct omap_rtc_s *s = g_new0(struct omap_rtc_s, 1);
2945 
2946     s->irq = timerirq;
2947     s->alarm = alarmirq;
2948     s->clk = timer_new_ms(rtc_clock, omap_rtc_tick, s);
2949 
2950     omap_rtc_reset(s);
2951 
2952     memory_region_init_io(&s->iomem, NULL, &omap_rtc_ops, s,
2953                           "omap-rtc", 0x800);
2954     memory_region_add_subregion(system_memory, base, &s->iomem);
2955 
2956     return s;
2957 }
2958 
2959 /* Multi-channel Buffered Serial Port interfaces */
2960 struct omap_mcbsp_s {
2961     MemoryRegion iomem;
2962     qemu_irq txirq;
2963     qemu_irq rxirq;
2964     qemu_irq txdrq;
2965     qemu_irq rxdrq;
2966 
2967     uint16_t spcr[2];
2968     uint16_t rcr[2];
2969     uint16_t xcr[2];
2970     uint16_t srgr[2];
2971     uint16_t mcr[2];
2972     uint16_t pcr;
2973     uint16_t rcer[8];
2974     uint16_t xcer[8];
2975     int tx_rate;
2976     int rx_rate;
2977     int tx_req;
2978     int rx_req;
2979 
2980     I2SCodec *codec;
2981     QEMUTimer *source_timer;
2982     QEMUTimer *sink_timer;
2983 };
2984 
2985 static void omap_mcbsp_intr_update(struct omap_mcbsp_s *s)
2986 {
2987     int irq;
2988 
2989     switch ((s->spcr[0] >> 4) & 3) {			/* RINTM */
2990     case 0:
2991         irq = (s->spcr[0] >> 1) & 1;			/* RRDY */
2992         break;
2993     case 3:
2994         irq = (s->spcr[0] >> 3) & 1;			/* RSYNCERR */
2995         break;
2996     default:
2997         irq = 0;
2998         break;
2999     }
3000 
3001     if (irq)
3002         qemu_irq_pulse(s->rxirq);
3003 
3004     switch ((s->spcr[1] >> 4) & 3) {			/* XINTM */
3005     case 0:
3006         irq = (s->spcr[1] >> 1) & 1;			/* XRDY */
3007         break;
3008     case 3:
3009         irq = (s->spcr[1] >> 3) & 1;			/* XSYNCERR */
3010         break;
3011     default:
3012         irq = 0;
3013         break;
3014     }
3015 
3016     if (irq)
3017         qemu_irq_pulse(s->txirq);
3018 }
3019 
3020 static void omap_mcbsp_rx_newdata(struct omap_mcbsp_s *s)
3021 {
3022     if ((s->spcr[0] >> 1) & 1)				/* RRDY */
3023         s->spcr[0] |= 1 << 2;				/* RFULL */
3024     s->spcr[0] |= 1 << 1;				/* RRDY */
3025     qemu_irq_raise(s->rxdrq);
3026     omap_mcbsp_intr_update(s);
3027 }
3028 
3029 static void omap_mcbsp_source_tick(void *opaque)
3030 {
3031     struct omap_mcbsp_s *s = (struct omap_mcbsp_s *) opaque;
3032     static const int bps[8] = { 0, 1, 1, 2, 2, 2, -255, -255 };
3033 
3034     if (!s->rx_rate)
3035         return;
3036     if (s->rx_req)
3037         printf("%s: Rx FIFO overrun\n", __func__);
3038 
3039     s->rx_req = s->rx_rate << bps[(s->rcr[0] >> 5) & 7];
3040 
3041     omap_mcbsp_rx_newdata(s);
3042     timer_mod(s->source_timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
3043                    NANOSECONDS_PER_SECOND);
3044 }
3045 
3046 static void omap_mcbsp_rx_start(struct omap_mcbsp_s *s)
3047 {
3048     if (!s->codec || !s->codec->rts)
3049         omap_mcbsp_source_tick(s);
3050     else if (s->codec->in.len) {
3051         s->rx_req = s->codec->in.len;
3052         omap_mcbsp_rx_newdata(s);
3053     }
3054 }
3055 
3056 static void omap_mcbsp_rx_stop(struct omap_mcbsp_s *s)
3057 {
3058     timer_del(s->source_timer);
3059 }
3060 
3061 static void omap_mcbsp_rx_done(struct omap_mcbsp_s *s)
3062 {
3063     s->spcr[0] &= ~(1 << 1);				/* RRDY */
3064     qemu_irq_lower(s->rxdrq);
3065     omap_mcbsp_intr_update(s);
3066 }
3067 
3068 static void omap_mcbsp_tx_newdata(struct omap_mcbsp_s *s)
3069 {
3070     s->spcr[1] |= 1 << 1;				/* XRDY */
3071     qemu_irq_raise(s->txdrq);
3072     omap_mcbsp_intr_update(s);
3073 }
3074 
3075 static void omap_mcbsp_sink_tick(void *opaque)
3076 {
3077     struct omap_mcbsp_s *s = (struct omap_mcbsp_s *) opaque;
3078     static const int bps[8] = { 0, 1, 1, 2, 2, 2, -255, -255 };
3079 
3080     if (!s->tx_rate)
3081         return;
3082     if (s->tx_req)
3083         printf("%s: Tx FIFO underrun\n", __func__);
3084 
3085     s->tx_req = s->tx_rate << bps[(s->xcr[0] >> 5) & 7];
3086 
3087     omap_mcbsp_tx_newdata(s);
3088     timer_mod(s->sink_timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
3089                    NANOSECONDS_PER_SECOND);
3090 }
3091 
3092 static void omap_mcbsp_tx_start(struct omap_mcbsp_s *s)
3093 {
3094     if (!s->codec || !s->codec->cts)
3095         omap_mcbsp_sink_tick(s);
3096     else if (s->codec->out.size) {
3097         s->tx_req = s->codec->out.size;
3098         omap_mcbsp_tx_newdata(s);
3099     }
3100 }
3101 
3102 static void omap_mcbsp_tx_done(struct omap_mcbsp_s *s)
3103 {
3104     s->spcr[1] &= ~(1 << 1);				/* XRDY */
3105     qemu_irq_lower(s->txdrq);
3106     omap_mcbsp_intr_update(s);
3107     if (s->codec && s->codec->cts)
3108         s->codec->tx_swallow(s->codec->opaque);
3109 }
3110 
3111 static void omap_mcbsp_tx_stop(struct omap_mcbsp_s *s)
3112 {
3113     s->tx_req = 0;
3114     omap_mcbsp_tx_done(s);
3115     timer_del(s->sink_timer);
3116 }
3117 
3118 static void omap_mcbsp_req_update(struct omap_mcbsp_s *s)
3119 {
3120     int prev_rx_rate, prev_tx_rate;
3121     int rx_rate = 0, tx_rate = 0;
3122     int cpu_rate = 1500000;	/* XXX */
3123 
3124     /* TODO: check CLKSTP bit */
3125     if (s->spcr[1] & (1 << 6)) {			/* GRST */
3126         if (s->spcr[0] & (1 << 0)) {			/* RRST */
3127             if ((s->srgr[1] & (1 << 13)) &&		/* CLKSM */
3128                             (s->pcr & (1 << 8))) {	/* CLKRM */
3129                 if (~s->pcr & (1 << 7))			/* SCLKME */
3130                     rx_rate = cpu_rate /
3131                             ((s->srgr[0] & 0xff) + 1);	/* CLKGDV */
3132             } else
3133                 if (s->codec)
3134                     rx_rate = s->codec->rx_rate;
3135         }
3136 
3137         if (s->spcr[1] & (1 << 0)) {			/* XRST */
3138             if ((s->srgr[1] & (1 << 13)) &&		/* CLKSM */
3139                             (s->pcr & (1 << 9))) {	/* CLKXM */
3140                 if (~s->pcr & (1 << 7))			/* SCLKME */
3141                     tx_rate = cpu_rate /
3142                             ((s->srgr[0] & 0xff) + 1);	/* CLKGDV */
3143             } else
3144                 if (s->codec)
3145                     tx_rate = s->codec->tx_rate;
3146         }
3147     }
3148     prev_tx_rate = s->tx_rate;
3149     prev_rx_rate = s->rx_rate;
3150     s->tx_rate = tx_rate;
3151     s->rx_rate = rx_rate;
3152 
3153     if (s->codec)
3154         s->codec->set_rate(s->codec->opaque, rx_rate, tx_rate);
3155 
3156     if (!prev_tx_rate && tx_rate)
3157         omap_mcbsp_tx_start(s);
3158     else if (s->tx_rate && !tx_rate)
3159         omap_mcbsp_tx_stop(s);
3160 
3161     if (!prev_rx_rate && rx_rate)
3162         omap_mcbsp_rx_start(s);
3163     else if (prev_tx_rate && !tx_rate)
3164         omap_mcbsp_rx_stop(s);
3165 }
3166 
3167 static uint64_t omap_mcbsp_read(void *opaque, hwaddr addr,
3168                                 unsigned size)
3169 {
3170     struct omap_mcbsp_s *s = (struct omap_mcbsp_s *) opaque;
3171     int offset = addr & OMAP_MPUI_REG_MASK;
3172     uint16_t ret;
3173 
3174     if (size != 2) {
3175         return omap_badwidth_read16(opaque, addr);
3176     }
3177 
3178     switch (offset) {
3179     case 0x00:	/* DRR2 */
3180         if (((s->rcr[0] >> 5) & 7) < 3)			/* RWDLEN1 */
3181             return 0x0000;
3182         /* Fall through.  */
3183     case 0x02:	/* DRR1 */
3184         if (s->rx_req < 2) {
3185             printf("%s: Rx FIFO underrun\n", __func__);
3186             omap_mcbsp_rx_done(s);
3187         } else {
3188             s->tx_req -= 2;
3189             if (s->codec && s->codec->in.len >= 2) {
3190                 ret = s->codec->in.fifo[s->codec->in.start ++] << 8;
3191                 ret |= s->codec->in.fifo[s->codec->in.start ++];
3192                 s->codec->in.len -= 2;
3193             } else
3194                 ret = 0x0000;
3195             if (!s->tx_req)
3196                 omap_mcbsp_rx_done(s);
3197             return ret;
3198         }
3199         return 0x0000;
3200 
3201     case 0x04:	/* DXR2 */
3202     case 0x06:	/* DXR1 */
3203         return 0x0000;
3204 
3205     case 0x08:	/* SPCR2 */
3206         return s->spcr[1];
3207     case 0x0a:	/* SPCR1 */
3208         return s->spcr[0];
3209     case 0x0c:	/* RCR2 */
3210         return s->rcr[1];
3211     case 0x0e:	/* RCR1 */
3212         return s->rcr[0];
3213     case 0x10:	/* XCR2 */
3214         return s->xcr[1];
3215     case 0x12:	/* XCR1 */
3216         return s->xcr[0];
3217     case 0x14:	/* SRGR2 */
3218         return s->srgr[1];
3219     case 0x16:	/* SRGR1 */
3220         return s->srgr[0];
3221     case 0x18:	/* MCR2 */
3222         return s->mcr[1];
3223     case 0x1a:	/* MCR1 */
3224         return s->mcr[0];
3225     case 0x1c:	/* RCERA */
3226         return s->rcer[0];
3227     case 0x1e:	/* RCERB */
3228         return s->rcer[1];
3229     case 0x20:	/* XCERA */
3230         return s->xcer[0];
3231     case 0x22:	/* XCERB */
3232         return s->xcer[1];
3233     case 0x24:	/* PCR0 */
3234         return s->pcr;
3235     case 0x26:	/* RCERC */
3236         return s->rcer[2];
3237     case 0x28:	/* RCERD */
3238         return s->rcer[3];
3239     case 0x2a:	/* XCERC */
3240         return s->xcer[2];
3241     case 0x2c:	/* XCERD */
3242         return s->xcer[3];
3243     case 0x2e:	/* RCERE */
3244         return s->rcer[4];
3245     case 0x30:	/* RCERF */
3246         return s->rcer[5];
3247     case 0x32:	/* XCERE */
3248         return s->xcer[4];
3249     case 0x34:	/* XCERF */
3250         return s->xcer[5];
3251     case 0x36:	/* RCERG */
3252         return s->rcer[6];
3253     case 0x38:	/* RCERH */
3254         return s->rcer[7];
3255     case 0x3a:	/* XCERG */
3256         return s->xcer[6];
3257     case 0x3c:	/* XCERH */
3258         return s->xcer[7];
3259     }
3260 
3261     OMAP_BAD_REG(addr);
3262     return 0;
3263 }
3264 
3265 static void omap_mcbsp_writeh(void *opaque, hwaddr addr,
3266                 uint32_t value)
3267 {
3268     struct omap_mcbsp_s *s = (struct omap_mcbsp_s *) opaque;
3269     int offset = addr & OMAP_MPUI_REG_MASK;
3270 
3271     switch (offset) {
3272     case 0x00:	/* DRR2 */
3273     case 0x02:	/* DRR1 */
3274         OMAP_RO_REG(addr);
3275         return;
3276 
3277     case 0x04:	/* DXR2 */
3278         if (((s->xcr[0] >> 5) & 7) < 3)			/* XWDLEN1 */
3279             return;
3280         /* Fall through.  */
3281     case 0x06:	/* DXR1 */
3282         if (s->tx_req > 1) {
3283             s->tx_req -= 2;
3284             if (s->codec && s->codec->cts) {
3285                 s->codec->out.fifo[s->codec->out.len ++] = (value >> 8) & 0xff;
3286                 s->codec->out.fifo[s->codec->out.len ++] = (value >> 0) & 0xff;
3287             }
3288             if (s->tx_req < 2)
3289                 omap_mcbsp_tx_done(s);
3290         } else
3291             printf("%s: Tx FIFO overrun\n", __func__);
3292         return;
3293 
3294     case 0x08:	/* SPCR2 */
3295         s->spcr[1] &= 0x0002;
3296         s->spcr[1] |= 0x03f9 & value;
3297         s->spcr[1] |= 0x0004 & (value << 2);		/* XEMPTY := XRST */
3298         if (~value & 1)					/* XRST */
3299             s->spcr[1] &= ~6;
3300         omap_mcbsp_req_update(s);
3301         return;
3302     case 0x0a:	/* SPCR1 */
3303         s->spcr[0] &= 0x0006;
3304         s->spcr[0] |= 0xf8f9 & value;
3305         if (value & (1 << 15))				/* DLB */
3306             printf("%s: Digital Loopback mode enable attempt\n", __func__);
3307         if (~value & 1) {				/* RRST */
3308             s->spcr[0] &= ~6;
3309             s->rx_req = 0;
3310             omap_mcbsp_rx_done(s);
3311         }
3312         omap_mcbsp_req_update(s);
3313         return;
3314 
3315     case 0x0c:	/* RCR2 */
3316         s->rcr[1] = value & 0xffff;
3317         return;
3318     case 0x0e:	/* RCR1 */
3319         s->rcr[0] = value & 0x7fe0;
3320         return;
3321     case 0x10:	/* XCR2 */
3322         s->xcr[1] = value & 0xffff;
3323         return;
3324     case 0x12:	/* XCR1 */
3325         s->xcr[0] = value & 0x7fe0;
3326         return;
3327     case 0x14:	/* SRGR2 */
3328         s->srgr[1] = value & 0xffff;
3329         omap_mcbsp_req_update(s);
3330         return;
3331     case 0x16:	/* SRGR1 */
3332         s->srgr[0] = value & 0xffff;
3333         omap_mcbsp_req_update(s);
3334         return;
3335     case 0x18:	/* MCR2 */
3336         s->mcr[1] = value & 0x03e3;
3337         if (value & 3)					/* XMCM */
3338             printf("%s: Tx channel selection mode enable attempt\n", __func__);
3339         return;
3340     case 0x1a:	/* MCR1 */
3341         s->mcr[0] = value & 0x03e1;
3342         if (value & 1)					/* RMCM */
3343             printf("%s: Rx channel selection mode enable attempt\n", __func__);
3344         return;
3345     case 0x1c:	/* RCERA */
3346         s->rcer[0] = value & 0xffff;
3347         return;
3348     case 0x1e:	/* RCERB */
3349         s->rcer[1] = value & 0xffff;
3350         return;
3351     case 0x20:	/* XCERA */
3352         s->xcer[0] = value & 0xffff;
3353         return;
3354     case 0x22:	/* XCERB */
3355         s->xcer[1] = value & 0xffff;
3356         return;
3357     case 0x24:	/* PCR0 */
3358         s->pcr = value & 0x7faf;
3359         return;
3360     case 0x26:	/* RCERC */
3361         s->rcer[2] = value & 0xffff;
3362         return;
3363     case 0x28:	/* RCERD */
3364         s->rcer[3] = value & 0xffff;
3365         return;
3366     case 0x2a:	/* XCERC */
3367         s->xcer[2] = value & 0xffff;
3368         return;
3369     case 0x2c:	/* XCERD */
3370         s->xcer[3] = value & 0xffff;
3371         return;
3372     case 0x2e:	/* RCERE */
3373         s->rcer[4] = value & 0xffff;
3374         return;
3375     case 0x30:	/* RCERF */
3376         s->rcer[5] = value & 0xffff;
3377         return;
3378     case 0x32:	/* XCERE */
3379         s->xcer[4] = value & 0xffff;
3380         return;
3381     case 0x34:	/* XCERF */
3382         s->xcer[5] = value & 0xffff;
3383         return;
3384     case 0x36:	/* RCERG */
3385         s->rcer[6] = value & 0xffff;
3386         return;
3387     case 0x38:	/* RCERH */
3388         s->rcer[7] = value & 0xffff;
3389         return;
3390     case 0x3a:	/* XCERG */
3391         s->xcer[6] = value & 0xffff;
3392         return;
3393     case 0x3c:	/* XCERH */
3394         s->xcer[7] = value & 0xffff;
3395         return;
3396     }
3397 
3398     OMAP_BAD_REG(addr);
3399 }
3400 
3401 static void omap_mcbsp_writew(void *opaque, hwaddr addr,
3402                 uint32_t value)
3403 {
3404     struct omap_mcbsp_s *s = (struct omap_mcbsp_s *) opaque;
3405     int offset = addr & OMAP_MPUI_REG_MASK;
3406 
3407     if (offset == 0x04) {				/* DXR */
3408         if (((s->xcr[0] >> 5) & 7) < 3)			/* XWDLEN1 */
3409             return;
3410         if (s->tx_req > 3) {
3411             s->tx_req -= 4;
3412             if (s->codec && s->codec->cts) {
3413                 s->codec->out.fifo[s->codec->out.len ++] =
3414                         (value >> 24) & 0xff;
3415                 s->codec->out.fifo[s->codec->out.len ++] =
3416                         (value >> 16) & 0xff;
3417                 s->codec->out.fifo[s->codec->out.len ++] =
3418                         (value >> 8) & 0xff;
3419                 s->codec->out.fifo[s->codec->out.len ++] =
3420                         (value >> 0) & 0xff;
3421             }
3422             if (s->tx_req < 4)
3423                 omap_mcbsp_tx_done(s);
3424         } else
3425             printf("%s: Tx FIFO overrun\n", __func__);
3426         return;
3427     }
3428 
3429     omap_badwidth_write16(opaque, addr, value);
3430 }
3431 
3432 static void omap_mcbsp_write(void *opaque, hwaddr addr,
3433                              uint64_t value, unsigned size)
3434 {
3435     switch (size) {
3436     case 2:
3437         omap_mcbsp_writeh(opaque, addr, value);
3438         break;
3439     case 4:
3440         omap_mcbsp_writew(opaque, addr, value);
3441         break;
3442     default:
3443         omap_badwidth_write16(opaque, addr, value);
3444     }
3445 }
3446 
3447 static const MemoryRegionOps omap_mcbsp_ops = {
3448     .read = omap_mcbsp_read,
3449     .write = omap_mcbsp_write,
3450     .endianness = DEVICE_NATIVE_ENDIAN,
3451 };
3452 
3453 static void omap_mcbsp_reset(struct omap_mcbsp_s *s)
3454 {
3455     memset(&s->spcr, 0, sizeof(s->spcr));
3456     memset(&s->rcr, 0, sizeof(s->rcr));
3457     memset(&s->xcr, 0, sizeof(s->xcr));
3458     s->srgr[0] = 0x0001;
3459     s->srgr[1] = 0x2000;
3460     memset(&s->mcr, 0, sizeof(s->mcr));
3461     memset(&s->pcr, 0, sizeof(s->pcr));
3462     memset(&s->rcer, 0, sizeof(s->rcer));
3463     memset(&s->xcer, 0, sizeof(s->xcer));
3464     s->tx_req = 0;
3465     s->rx_req = 0;
3466     s->tx_rate = 0;
3467     s->rx_rate = 0;
3468     timer_del(s->source_timer);
3469     timer_del(s->sink_timer);
3470 }
3471 
3472 static struct omap_mcbsp_s *omap_mcbsp_init(MemoryRegion *system_memory,
3473                                             hwaddr base,
3474                                             qemu_irq txirq, qemu_irq rxirq,
3475                                             qemu_irq *dma, omap_clk clk)
3476 {
3477     struct omap_mcbsp_s *s = g_new0(struct omap_mcbsp_s, 1);
3478 
3479     s->txirq = txirq;
3480     s->rxirq = rxirq;
3481     s->txdrq = dma[0];
3482     s->rxdrq = dma[1];
3483     s->sink_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, omap_mcbsp_sink_tick, s);
3484     s->source_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, omap_mcbsp_source_tick, s);
3485     omap_mcbsp_reset(s);
3486 
3487     memory_region_init_io(&s->iomem, NULL, &omap_mcbsp_ops, s, "omap-mcbsp", 0x800);
3488     memory_region_add_subregion(system_memory, base, &s->iomem);
3489 
3490     return s;
3491 }
3492 
3493 static void omap_mcbsp_i2s_swallow(void *opaque, int line, int level)
3494 {
3495     struct omap_mcbsp_s *s = (struct omap_mcbsp_s *) opaque;
3496 
3497     if (s->rx_rate) {
3498         s->rx_req = s->codec->in.len;
3499         omap_mcbsp_rx_newdata(s);
3500     }
3501 }
3502 
3503 static void omap_mcbsp_i2s_start(void *opaque, int line, int level)
3504 {
3505     struct omap_mcbsp_s *s = (struct omap_mcbsp_s *) opaque;
3506 
3507     if (s->tx_rate) {
3508         s->tx_req = s->codec->out.size;
3509         omap_mcbsp_tx_newdata(s);
3510     }
3511 }
3512 
3513 void omap_mcbsp_i2s_attach(struct omap_mcbsp_s *s, I2SCodec *slave)
3514 {
3515     s->codec = slave;
3516     slave->rx_swallow = qemu_allocate_irq(omap_mcbsp_i2s_swallow, s, 0);
3517     slave->tx_start = qemu_allocate_irq(omap_mcbsp_i2s_start, s, 0);
3518 }
3519 
3520 /* LED Pulse Generators */
3521 struct omap_lpg_s {
3522     MemoryRegion iomem;
3523     QEMUTimer *tm;
3524 
3525     uint8_t control;
3526     uint8_t power;
3527     int64_t on;
3528     int64_t period;
3529     int clk;
3530     int cycle;
3531 };
3532 
3533 static void omap_lpg_tick(void *opaque)
3534 {
3535     struct omap_lpg_s *s = opaque;
3536 
3537     if (s->cycle)
3538         timer_mod(s->tm, qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) + s->period - s->on);
3539     else
3540         timer_mod(s->tm, qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) + s->on);
3541 
3542     s->cycle = !s->cycle;
3543     printf("%s: LED is %s\n", __func__, s->cycle ? "on" : "off");
3544 }
3545 
3546 static void omap_lpg_update(struct omap_lpg_s *s)
3547 {
3548     int64_t on, period = 1, ticks = 1000;
3549     static const int per[8] = { 1, 2, 4, 8, 12, 16, 20, 24 };
3550 
3551     if (~s->control & (1 << 6))					/* LPGRES */
3552         on = 0;
3553     else if (s->control & (1 << 7))				/* PERM_ON */
3554         on = period;
3555     else {
3556         period = muldiv64(ticks, per[s->control & 7],		/* PERCTRL */
3557                         256 / 32);
3558         on = (s->clk && s->power) ? muldiv64(ticks,
3559                         per[(s->control >> 3) & 7], 256) : 0;	/* ONCTRL */
3560     }
3561 
3562     timer_del(s->tm);
3563     if (on == period && s->on < s->period)
3564         printf("%s: LED is on\n", __func__);
3565     else if (on == 0 && s->on)
3566         printf("%s: LED is off\n", __func__);
3567     else if (on && (on != s->on || period != s->period)) {
3568         s->cycle = 0;
3569         s->on = on;
3570         s->period = period;
3571         omap_lpg_tick(s);
3572         return;
3573     }
3574 
3575     s->on = on;
3576     s->period = period;
3577 }
3578 
3579 static void omap_lpg_reset(struct omap_lpg_s *s)
3580 {
3581     s->control = 0x00;
3582     s->power = 0x00;
3583     s->clk = 1;
3584     omap_lpg_update(s);
3585 }
3586 
3587 static uint64_t omap_lpg_read(void *opaque, hwaddr addr,
3588                               unsigned size)
3589 {
3590     struct omap_lpg_s *s = (struct omap_lpg_s *) opaque;
3591     int offset = addr & OMAP_MPUI_REG_MASK;
3592 
3593     if (size != 1) {
3594         return omap_badwidth_read8(opaque, addr);
3595     }
3596 
3597     switch (offset) {
3598     case 0x00:	/* LCR */
3599         return s->control;
3600 
3601     case 0x04:	/* PMR */
3602         return s->power;
3603     }
3604 
3605     OMAP_BAD_REG(addr);
3606     return 0;
3607 }
3608 
3609 static void omap_lpg_write(void *opaque, hwaddr addr,
3610                            uint64_t value, unsigned size)
3611 {
3612     struct omap_lpg_s *s = (struct omap_lpg_s *) opaque;
3613     int offset = addr & OMAP_MPUI_REG_MASK;
3614 
3615     if (size != 1) {
3616         omap_badwidth_write8(opaque, addr, value);
3617         return;
3618     }
3619 
3620     switch (offset) {
3621     case 0x00:	/* LCR */
3622         if (~value & (1 << 6))					/* LPGRES */
3623             omap_lpg_reset(s);
3624         s->control = value & 0xff;
3625         omap_lpg_update(s);
3626         return;
3627 
3628     case 0x04:	/* PMR */
3629         s->power = value & 0x01;
3630         omap_lpg_update(s);
3631         return;
3632 
3633     default:
3634         OMAP_BAD_REG(addr);
3635         return;
3636     }
3637 }
3638 
3639 static const MemoryRegionOps omap_lpg_ops = {
3640     .read = omap_lpg_read,
3641     .write = omap_lpg_write,
3642     .endianness = DEVICE_NATIVE_ENDIAN,
3643 };
3644 
3645 static void omap_lpg_clk_update(void *opaque, int line, int on)
3646 {
3647     struct omap_lpg_s *s = (struct omap_lpg_s *) opaque;
3648 
3649     s->clk = on;
3650     omap_lpg_update(s);
3651 }
3652 
3653 static struct omap_lpg_s *omap_lpg_init(MemoryRegion *system_memory,
3654                                         hwaddr base, omap_clk clk)
3655 {
3656     struct omap_lpg_s *s = g_new0(struct omap_lpg_s, 1);
3657 
3658     s->tm = timer_new_ms(QEMU_CLOCK_VIRTUAL, omap_lpg_tick, s);
3659 
3660     omap_lpg_reset(s);
3661 
3662     memory_region_init_io(&s->iomem, NULL, &omap_lpg_ops, s, "omap-lpg", 0x800);
3663     memory_region_add_subregion(system_memory, base, &s->iomem);
3664 
3665     omap_clk_adduser(clk, qemu_allocate_irq(omap_lpg_clk_update, s, 0));
3666 
3667     return s;
3668 }
3669 
3670 /* MPUI Peripheral Bridge configuration */
3671 static uint64_t omap_mpui_io_read(void *opaque, hwaddr addr,
3672                                   unsigned size)
3673 {
3674     if (size != 2) {
3675         return omap_badwidth_read16(opaque, addr);
3676     }
3677 
3678     if (addr == OMAP_MPUI_BASE)	/* CMR */
3679         return 0xfe4d;
3680 
3681     OMAP_BAD_REG(addr);
3682     return 0;
3683 }
3684 
3685 static void omap_mpui_io_write(void *opaque, hwaddr addr,
3686                                uint64_t value, unsigned size)
3687 {
3688     /* FIXME: infinite loop */
3689     omap_badwidth_write16(opaque, addr, value);
3690 }
3691 
3692 static const MemoryRegionOps omap_mpui_io_ops = {
3693     .read = omap_mpui_io_read,
3694     .write = omap_mpui_io_write,
3695     .endianness = DEVICE_NATIVE_ENDIAN,
3696 };
3697 
3698 static void omap_setup_mpui_io(MemoryRegion *system_memory,
3699                                struct omap_mpu_state_s *mpu)
3700 {
3701     memory_region_init_io(&mpu->mpui_io_iomem, NULL, &omap_mpui_io_ops, mpu,
3702                           "omap-mpui-io", 0x7fff);
3703     memory_region_add_subregion(system_memory, OMAP_MPUI_BASE,
3704                                 &mpu->mpui_io_iomem);
3705 }
3706 
3707 /* General chip reset */
3708 static void omap1_mpu_reset(void *opaque)
3709 {
3710     struct omap_mpu_state_s *mpu = (struct omap_mpu_state_s *) opaque;
3711 
3712     omap_dma_reset(mpu->dma);
3713     omap_mpu_timer_reset(mpu->timer[0]);
3714     omap_mpu_timer_reset(mpu->timer[1]);
3715     omap_mpu_timer_reset(mpu->timer[2]);
3716     omap_wd_timer_reset(mpu->wdt);
3717     omap_os_timer_reset(mpu->os_timer);
3718     omap_lcdc_reset(mpu->lcd);
3719     omap_ulpd_pm_reset(mpu);
3720     omap_pin_cfg_reset(mpu);
3721     omap_mpui_reset(mpu);
3722     omap_tipb_bridge_reset(mpu->private_tipb);
3723     omap_tipb_bridge_reset(mpu->public_tipb);
3724     omap_dpll_reset(mpu->dpll[0]);
3725     omap_dpll_reset(mpu->dpll[1]);
3726     omap_dpll_reset(mpu->dpll[2]);
3727     omap_uart_reset(mpu->uart[0]);
3728     omap_uart_reset(mpu->uart[1]);
3729     omap_uart_reset(mpu->uart[2]);
3730     omap_mmc_reset(mpu->mmc);
3731     omap_mpuio_reset(mpu->mpuio);
3732     omap_uwire_reset(mpu->microwire);
3733     omap_pwl_reset(mpu->pwl);
3734     omap_pwt_reset(mpu->pwt);
3735     omap_rtc_reset(mpu->rtc);
3736     omap_mcbsp_reset(mpu->mcbsp1);
3737     omap_mcbsp_reset(mpu->mcbsp2);
3738     omap_mcbsp_reset(mpu->mcbsp3);
3739     omap_lpg_reset(mpu->led[0]);
3740     omap_lpg_reset(mpu->led[1]);
3741     omap_clkm_reset(mpu);
3742     cpu_reset(CPU(mpu->cpu));
3743 }
3744 
3745 static const struct omap_map_s {
3746     hwaddr phys_dsp;
3747     hwaddr phys_mpu;
3748     uint32_t size;
3749     const char *name;
3750 } omap15xx_dsp_mm[] = {
3751     /* Strobe 0 */
3752     { 0xe1010000, 0xfffb0000, 0x800, "UART1 BT" },		/* CS0 */
3753     { 0xe1010800, 0xfffb0800, 0x800, "UART2 COM" },		/* CS1 */
3754     { 0xe1011800, 0xfffb1800, 0x800, "McBSP1 audio" },		/* CS3 */
3755     { 0xe1012000, 0xfffb2000, 0x800, "MCSI2 communication" },	/* CS4 */
3756     { 0xe1012800, 0xfffb2800, 0x800, "MCSI1 BT u-Law" },	/* CS5 */
3757     { 0xe1013000, 0xfffb3000, 0x800, "uWire" },			/* CS6 */
3758     { 0xe1013800, 0xfffb3800, 0x800, "I^2C" },			/* CS7 */
3759     { 0xe1014000, 0xfffb4000, 0x800, "USB W2FC" },		/* CS8 */
3760     { 0xe1014800, 0xfffb4800, 0x800, "RTC" },			/* CS9 */
3761     { 0xe1015000, 0xfffb5000, 0x800, "MPUIO" },			/* CS10 */
3762     { 0xe1015800, 0xfffb5800, 0x800, "PWL" },			/* CS11 */
3763     { 0xe1016000, 0xfffb6000, 0x800, "PWT" },			/* CS12 */
3764     { 0xe1017000, 0xfffb7000, 0x800, "McBSP3" },		/* CS14 */
3765     { 0xe1017800, 0xfffb7800, 0x800, "MMC" },			/* CS15 */
3766     { 0xe1019000, 0xfffb9000, 0x800, "32-kHz timer" },		/* CS18 */
3767     { 0xe1019800, 0xfffb9800, 0x800, "UART3" },			/* CS19 */
3768     { 0xe101c800, 0xfffbc800, 0x800, "TIPB switches" },		/* CS25 */
3769     /* Strobe 1 */
3770     { 0xe101e000, 0xfffce000, 0x800, "GPIOs" },			/* CS28 */
3771 
3772     { 0 }
3773 };
3774 
3775 static void omap_setup_dsp_mapping(MemoryRegion *system_memory,
3776                                    const struct omap_map_s *map)
3777 {
3778     MemoryRegion *io;
3779 
3780     for (; map->phys_dsp; map ++) {
3781         io = g_new(MemoryRegion, 1);
3782         memory_region_init_alias(io, NULL, map->name,
3783                                  system_memory, map->phys_mpu, map->size);
3784         memory_region_add_subregion(system_memory, map->phys_dsp, io);
3785     }
3786 }
3787 
3788 void omap_mpu_wakeup(void *opaque, int irq, int req)
3789 {
3790     struct omap_mpu_state_s *mpu = (struct omap_mpu_state_s *) opaque;
3791     CPUState *cpu = CPU(mpu->cpu);
3792 
3793     if (cpu->halted) {
3794         cpu_interrupt(cpu, CPU_INTERRUPT_EXITTB);
3795     }
3796 }
3797 
3798 static const struct dma_irq_map omap1_dma_irq_map[] = {
3799     { 0, OMAP_INT_DMA_CH0_6 },
3800     { 0, OMAP_INT_DMA_CH1_7 },
3801     { 0, OMAP_INT_DMA_CH2_8 },
3802     { 0, OMAP_INT_DMA_CH3 },
3803     { 0, OMAP_INT_DMA_CH4 },
3804     { 0, OMAP_INT_DMA_CH5 },
3805     { 1, OMAP_INT_1610_DMA_CH6 },
3806     { 1, OMAP_INT_1610_DMA_CH7 },
3807     { 1, OMAP_INT_1610_DMA_CH8 },
3808     { 1, OMAP_INT_1610_DMA_CH9 },
3809     { 1, OMAP_INT_1610_DMA_CH10 },
3810     { 1, OMAP_INT_1610_DMA_CH11 },
3811     { 1, OMAP_INT_1610_DMA_CH12 },
3812     { 1, OMAP_INT_1610_DMA_CH13 },
3813     { 1, OMAP_INT_1610_DMA_CH14 },
3814     { 1, OMAP_INT_1610_DMA_CH15 }
3815 };
3816 
3817 /* DMA ports for OMAP1 */
3818 static int omap_validate_emiff_addr(struct omap_mpu_state_s *s,
3819                 hwaddr addr)
3820 {
3821     return range_covers_byte(OMAP_EMIFF_BASE, s->sdram_size, addr);
3822 }
3823 
3824 static int omap_validate_emifs_addr(struct omap_mpu_state_s *s,
3825                 hwaddr addr)
3826 {
3827     return range_covers_byte(OMAP_EMIFS_BASE, OMAP_EMIFF_BASE - OMAP_EMIFS_BASE,
3828                              addr);
3829 }
3830 
3831 static int omap_validate_imif_addr(struct omap_mpu_state_s *s,
3832                 hwaddr addr)
3833 {
3834     return range_covers_byte(OMAP_IMIF_BASE, s->sram_size, addr);
3835 }
3836 
3837 static int omap_validate_tipb_addr(struct omap_mpu_state_s *s,
3838                 hwaddr addr)
3839 {
3840     return range_covers_byte(0xfffb0000, 0xffff0000 - 0xfffb0000, addr);
3841 }
3842 
3843 static int omap_validate_local_addr(struct omap_mpu_state_s *s,
3844                 hwaddr addr)
3845 {
3846     return range_covers_byte(OMAP_LOCALBUS_BASE, 0x1000000, addr);
3847 }
3848 
3849 static int omap_validate_tipb_mpui_addr(struct omap_mpu_state_s *s,
3850                 hwaddr addr)
3851 {
3852     return range_covers_byte(0xe1010000, 0xe1020004 - 0xe1010000, addr);
3853 }
3854 
3855 struct omap_mpu_state_s *omap310_mpu_init(MemoryRegion *system_memory,
3856                 unsigned long sdram_size,
3857                 const char *cpu_type)
3858 {
3859     int i;
3860     struct omap_mpu_state_s *s = g_new0(struct omap_mpu_state_s, 1);
3861     qemu_irq dma_irqs[6];
3862     DriveInfo *dinfo;
3863     SysBusDevice *busdev;
3864 
3865     /* Core */
3866     s->mpu_model = omap310;
3867     s->cpu = ARM_CPU(cpu_create(cpu_type));
3868     s->sdram_size = sdram_size;
3869     s->sram_size = OMAP15XX_SRAM_SIZE;
3870 
3871     s->wakeup = qemu_allocate_irq(omap_mpu_wakeup, s, 0);
3872 
3873     /* Clocks */
3874     omap_clk_init(s);
3875 
3876     /* Memory-mapped stuff */
3877     memory_region_allocate_system_memory(&s->emiff_ram, NULL, "omap1.dram",
3878                                          s->sdram_size);
3879     memory_region_add_subregion(system_memory, OMAP_EMIFF_BASE, &s->emiff_ram);
3880     memory_region_init_ram(&s->imif_ram, NULL, "omap1.sram", s->sram_size,
3881                            &error_fatal);
3882     memory_region_add_subregion(system_memory, OMAP_IMIF_BASE, &s->imif_ram);
3883 
3884     omap_clkm_init(system_memory, 0xfffece00, 0xe1008000, s);
3885 
3886     s->ih[0] = qdev_create(NULL, "omap-intc");
3887     qdev_prop_set_uint32(s->ih[0], "size", 0x100);
3888     qdev_prop_set_ptr(s->ih[0], "clk", omap_findclk(s, "arminth_ck"));
3889     qdev_init_nofail(s->ih[0]);
3890     busdev = SYS_BUS_DEVICE(s->ih[0]);
3891     sysbus_connect_irq(busdev, 0,
3892                        qdev_get_gpio_in(DEVICE(s->cpu), ARM_CPU_IRQ));
3893     sysbus_connect_irq(busdev, 1,
3894                        qdev_get_gpio_in(DEVICE(s->cpu), ARM_CPU_FIQ));
3895     sysbus_mmio_map(busdev, 0, 0xfffecb00);
3896     s->ih[1] = qdev_create(NULL, "omap-intc");
3897     qdev_prop_set_uint32(s->ih[1], "size", 0x800);
3898     qdev_prop_set_ptr(s->ih[1], "clk", omap_findclk(s, "arminth_ck"));
3899     qdev_init_nofail(s->ih[1]);
3900     busdev = SYS_BUS_DEVICE(s->ih[1]);
3901     sysbus_connect_irq(busdev, 0,
3902                        qdev_get_gpio_in(s->ih[0], OMAP_INT_15XX_IH2_IRQ));
3903     /* The second interrupt controller's FIQ output is not wired up */
3904     sysbus_mmio_map(busdev, 0, 0xfffe0000);
3905 
3906     for (i = 0; i < 6; i++) {
3907         dma_irqs[i] = qdev_get_gpio_in(s->ih[omap1_dma_irq_map[i].ih],
3908                                        omap1_dma_irq_map[i].intr);
3909     }
3910     s->dma = omap_dma_init(0xfffed800, dma_irqs, system_memory,
3911                            qdev_get_gpio_in(s->ih[0], OMAP_INT_DMA_LCD),
3912                            s, omap_findclk(s, "dma_ck"), omap_dma_3_1);
3913 
3914     s->port[emiff    ].addr_valid = omap_validate_emiff_addr;
3915     s->port[emifs    ].addr_valid = omap_validate_emifs_addr;
3916     s->port[imif     ].addr_valid = omap_validate_imif_addr;
3917     s->port[tipb     ].addr_valid = omap_validate_tipb_addr;
3918     s->port[local    ].addr_valid = omap_validate_local_addr;
3919     s->port[tipb_mpui].addr_valid = omap_validate_tipb_mpui_addr;
3920 
3921     /* Register SDRAM and SRAM DMA ports for fast transfers.  */
3922     soc_dma_port_add_mem(s->dma, memory_region_get_ram_ptr(&s->emiff_ram),
3923                          OMAP_EMIFF_BASE, s->sdram_size);
3924     soc_dma_port_add_mem(s->dma, memory_region_get_ram_ptr(&s->imif_ram),
3925                          OMAP_IMIF_BASE, s->sram_size);
3926 
3927     s->timer[0] = omap_mpu_timer_init(system_memory, 0xfffec500,
3928                     qdev_get_gpio_in(s->ih[0], OMAP_INT_TIMER1),
3929                     omap_findclk(s, "mputim_ck"));
3930     s->timer[1] = omap_mpu_timer_init(system_memory, 0xfffec600,
3931                     qdev_get_gpio_in(s->ih[0], OMAP_INT_TIMER2),
3932                     omap_findclk(s, "mputim_ck"));
3933     s->timer[2] = omap_mpu_timer_init(system_memory, 0xfffec700,
3934                     qdev_get_gpio_in(s->ih[0], OMAP_INT_TIMER3),
3935                     omap_findclk(s, "mputim_ck"));
3936 
3937     s->wdt = omap_wd_timer_init(system_memory, 0xfffec800,
3938                     qdev_get_gpio_in(s->ih[0], OMAP_INT_WD_TIMER),
3939                     omap_findclk(s, "armwdt_ck"));
3940 
3941     s->os_timer = omap_os_timer_init(system_memory, 0xfffb9000,
3942                     qdev_get_gpio_in(s->ih[1], OMAP_INT_OS_TIMER),
3943                     omap_findclk(s, "clk32-kHz"));
3944 
3945     s->lcd = omap_lcdc_init(system_memory, 0xfffec000,
3946                             qdev_get_gpio_in(s->ih[0], OMAP_INT_LCD_CTRL),
3947                             omap_dma_get_lcdch(s->dma),
3948                             omap_findclk(s, "lcd_ck"));
3949 
3950     omap_ulpd_pm_init(system_memory, 0xfffe0800, s);
3951     omap_pin_cfg_init(system_memory, 0xfffe1000, s);
3952     omap_id_init(system_memory, s);
3953 
3954     omap_mpui_init(system_memory, 0xfffec900, s);
3955 
3956     s->private_tipb = omap_tipb_bridge_init(system_memory, 0xfffeca00,
3957                     qdev_get_gpio_in(s->ih[0], OMAP_INT_BRIDGE_PRIV),
3958                     omap_findclk(s, "tipb_ck"));
3959     s->public_tipb = omap_tipb_bridge_init(system_memory, 0xfffed300,
3960                     qdev_get_gpio_in(s->ih[0], OMAP_INT_BRIDGE_PUB),
3961                     omap_findclk(s, "tipb_ck"));
3962 
3963     omap_tcmi_init(system_memory, 0xfffecc00, s);
3964 
3965     s->uart[0] = omap_uart_init(0xfffb0000,
3966                                 qdev_get_gpio_in(s->ih[1], OMAP_INT_UART1),
3967                     omap_findclk(s, "uart1_ck"),
3968                     omap_findclk(s, "uart1_ck"),
3969                     s->drq[OMAP_DMA_UART1_TX], s->drq[OMAP_DMA_UART1_RX],
3970                     "uart1",
3971                     serial_hd(0));
3972     s->uart[1] = omap_uart_init(0xfffb0800,
3973                                 qdev_get_gpio_in(s->ih[1], OMAP_INT_UART2),
3974                     omap_findclk(s, "uart2_ck"),
3975                     omap_findclk(s, "uart2_ck"),
3976                     s->drq[OMAP_DMA_UART2_TX], s->drq[OMAP_DMA_UART2_RX],
3977                     "uart2",
3978                     serial_hd(0) ? serial_hd(1) : NULL);
3979     s->uart[2] = omap_uart_init(0xfffb9800,
3980                                 qdev_get_gpio_in(s->ih[0], OMAP_INT_UART3),
3981                     omap_findclk(s, "uart3_ck"),
3982                     omap_findclk(s, "uart3_ck"),
3983                     s->drq[OMAP_DMA_UART3_TX], s->drq[OMAP_DMA_UART3_RX],
3984                     "uart3",
3985                     serial_hd(0) && serial_hd(1) ? serial_hd(2) : NULL);
3986 
3987     s->dpll[0] = omap_dpll_init(system_memory, 0xfffecf00,
3988                                 omap_findclk(s, "dpll1"));
3989     s->dpll[1] = omap_dpll_init(system_memory, 0xfffed000,
3990                                 omap_findclk(s, "dpll2"));
3991     s->dpll[2] = omap_dpll_init(system_memory, 0xfffed100,
3992                                 omap_findclk(s, "dpll3"));
3993 
3994     dinfo = drive_get(IF_SD, 0, 0);
3995     if (!dinfo && !qtest_enabled()) {
3996         warn_report("missing SecureDigital device");
3997     }
3998     s->mmc = omap_mmc_init(0xfffb7800, system_memory,
3999                            dinfo ? blk_by_legacy_dinfo(dinfo) : NULL,
4000                            qdev_get_gpio_in(s->ih[1], OMAP_INT_OQN),
4001                            &s->drq[OMAP_DMA_MMC_TX],
4002                     omap_findclk(s, "mmc_ck"));
4003 
4004     s->mpuio = omap_mpuio_init(system_memory, 0xfffb5000,
4005                                qdev_get_gpio_in(s->ih[1], OMAP_INT_KEYBOARD),
4006                                qdev_get_gpio_in(s->ih[1], OMAP_INT_MPUIO),
4007                                s->wakeup, omap_findclk(s, "clk32-kHz"));
4008 
4009     s->gpio = qdev_create(NULL, "omap-gpio");
4010     qdev_prop_set_int32(s->gpio, "mpu_model", s->mpu_model);
4011     qdev_prop_set_ptr(s->gpio, "clk", omap_findclk(s, "arm_gpio_ck"));
4012     qdev_init_nofail(s->gpio);
4013     sysbus_connect_irq(SYS_BUS_DEVICE(s->gpio), 0,
4014                        qdev_get_gpio_in(s->ih[0], OMAP_INT_GPIO_BANK1));
4015     sysbus_mmio_map(SYS_BUS_DEVICE(s->gpio), 0, 0xfffce000);
4016 
4017     s->microwire = omap_uwire_init(system_memory, 0xfffb3000,
4018                                    qdev_get_gpio_in(s->ih[1], OMAP_INT_uWireTX),
4019                                    qdev_get_gpio_in(s->ih[1], OMAP_INT_uWireRX),
4020                     s->drq[OMAP_DMA_UWIRE_TX], omap_findclk(s, "mpuper_ck"));
4021 
4022     s->pwl = omap_pwl_init(system_memory, 0xfffb5800,
4023                            omap_findclk(s, "armxor_ck"));
4024     s->pwt = omap_pwt_init(system_memory, 0xfffb6000,
4025                            omap_findclk(s, "armxor_ck"));
4026 
4027     s->i2c[0] = qdev_create(NULL, "omap_i2c");
4028     qdev_prop_set_uint8(s->i2c[0], "revision", 0x11);
4029     qdev_prop_set_ptr(s->i2c[0], "fclk", omap_findclk(s, "mpuper_ck"));
4030     qdev_init_nofail(s->i2c[0]);
4031     busdev = SYS_BUS_DEVICE(s->i2c[0]);
4032     sysbus_connect_irq(busdev, 0, qdev_get_gpio_in(s->ih[1], OMAP_INT_I2C));
4033     sysbus_connect_irq(busdev, 1, s->drq[OMAP_DMA_I2C_TX]);
4034     sysbus_connect_irq(busdev, 2, s->drq[OMAP_DMA_I2C_RX]);
4035     sysbus_mmio_map(busdev, 0, 0xfffb3800);
4036 
4037     s->rtc = omap_rtc_init(system_memory, 0xfffb4800,
4038                            qdev_get_gpio_in(s->ih[1], OMAP_INT_RTC_TIMER),
4039                            qdev_get_gpio_in(s->ih[1], OMAP_INT_RTC_ALARM),
4040                     omap_findclk(s, "clk32-kHz"));
4041 
4042     s->mcbsp1 = omap_mcbsp_init(system_memory, 0xfffb1800,
4043                                 qdev_get_gpio_in(s->ih[1], OMAP_INT_McBSP1TX),
4044                                 qdev_get_gpio_in(s->ih[1], OMAP_INT_McBSP1RX),
4045                     &s->drq[OMAP_DMA_MCBSP1_TX], omap_findclk(s, "dspxor_ck"));
4046     s->mcbsp2 = omap_mcbsp_init(system_memory, 0xfffb1000,
4047                                 qdev_get_gpio_in(s->ih[0],
4048                                                  OMAP_INT_310_McBSP2_TX),
4049                                 qdev_get_gpio_in(s->ih[0],
4050                                                  OMAP_INT_310_McBSP2_RX),
4051                     &s->drq[OMAP_DMA_MCBSP2_TX], omap_findclk(s, "mpuper_ck"));
4052     s->mcbsp3 = omap_mcbsp_init(system_memory, 0xfffb7000,
4053                                 qdev_get_gpio_in(s->ih[1], OMAP_INT_McBSP3TX),
4054                                 qdev_get_gpio_in(s->ih[1], OMAP_INT_McBSP3RX),
4055                     &s->drq[OMAP_DMA_MCBSP3_TX], omap_findclk(s, "dspxor_ck"));
4056 
4057     s->led[0] = omap_lpg_init(system_memory,
4058                               0xfffbd000, omap_findclk(s, "clk32-kHz"));
4059     s->led[1] = omap_lpg_init(system_memory,
4060                               0xfffbd800, omap_findclk(s, "clk32-kHz"));
4061 
4062     /* Register mappings not currenlty implemented:
4063      * MCSI2 Comm	fffb2000 - fffb27ff (not mapped on OMAP310)
4064      * MCSI1 Bluetooth	fffb2800 - fffb2fff (not mapped on OMAP310)
4065      * USB W2FC		fffb4000 - fffb47ff
4066      * Camera Interface	fffb6800 - fffb6fff
4067      * USB Host		fffba000 - fffba7ff
4068      * FAC		fffba800 - fffbafff
4069      * HDQ/1-Wire	fffbc000 - fffbc7ff
4070      * TIPB switches	fffbc800 - fffbcfff
4071      * Mailbox		fffcf000 - fffcf7ff
4072      * Local bus IF	fffec100 - fffec1ff
4073      * Local bus MMU	fffec200 - fffec2ff
4074      * DSP MMU		fffed200 - fffed2ff
4075      */
4076 
4077     omap_setup_dsp_mapping(system_memory, omap15xx_dsp_mm);
4078     omap_setup_mpui_io(system_memory, s);
4079 
4080     qemu_register_reset(omap1_mpu_reset, s);
4081 
4082     return s;
4083 }
4084