xref: /openbmc/qemu/hw/arm/omap1.c (revision d0f0cd5b)
1 /*
2  * TI OMAP processors emulation.
3  *
4  * Copyright (C) 2006-2008 Andrzej Zaborowski  <balrog@zabor.org>
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License as
8  * published by the Free Software Foundation; either version 2 or
9  * (at your option) version 3 of the License.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License along
17  * with this program; if not, see <http://www.gnu.org/licenses/>.
18  */
19 
20 #include "qemu/osdep.h"
21 #include "qemu/log.h"
22 #include "qemu/error-report.h"
23 #include "qemu/main-loop.h"
24 #include "qapi/error.h"
25 #include "cpu.h"
26 #include "exec/address-spaces.h"
27 #include "hw/hw.h"
28 #include "hw/irq.h"
29 #include "hw/qdev-properties.h"
30 #include "hw/arm/boot.h"
31 #include "hw/arm/omap.h"
32 #include "sysemu/blockdev.h"
33 #include "sysemu/sysemu.h"
34 #include "hw/arm/soc_dma.h"
35 #include "sysemu/qtest.h"
36 #include "sysemu/reset.h"
37 #include "sysemu/runstate.h"
38 #include "sysemu/rtc.h"
39 #include "qemu/range.h"
40 #include "hw/sysbus.h"
41 #include "qemu/cutils.h"
42 #include "qemu/bcd.h"
43 #include "target/arm/cpu-qom.h"
44 
45 static inline void omap_log_badwidth(const char *funcname, hwaddr addr, int sz)
46 {
47     qemu_log_mask(LOG_GUEST_ERROR, "%s: %d-bit register %#08" HWADDR_PRIx "\n",
48                   funcname, 8 * sz, addr);
49 }
50 
51 /* Should signal the TCMI/GPMC */
52 uint32_t omap_badwidth_read8(void *opaque, hwaddr addr)
53 {
54     uint8_t ret;
55 
56     omap_log_badwidth(__func__, addr, 1);
57     cpu_physical_memory_read(addr, &ret, 1);
58     return ret;
59 }
60 
61 void omap_badwidth_write8(void *opaque, hwaddr addr,
62                 uint32_t value)
63 {
64     uint8_t val8 = value;
65 
66     omap_log_badwidth(__func__, addr, 1);
67     cpu_physical_memory_write(addr, &val8, 1);
68 }
69 
70 uint32_t omap_badwidth_read16(void *opaque, hwaddr addr)
71 {
72     uint16_t ret;
73 
74     omap_log_badwidth(__func__, addr, 2);
75     cpu_physical_memory_read(addr, &ret, 2);
76     return ret;
77 }
78 
79 void omap_badwidth_write16(void *opaque, hwaddr addr,
80                 uint32_t value)
81 {
82     uint16_t val16 = value;
83 
84     omap_log_badwidth(__func__, addr, 2);
85     cpu_physical_memory_write(addr, &val16, 2);
86 }
87 
88 uint32_t omap_badwidth_read32(void *opaque, hwaddr addr)
89 {
90     uint32_t ret;
91 
92     omap_log_badwidth(__func__, addr, 4);
93     cpu_physical_memory_read(addr, &ret, 4);
94     return ret;
95 }
96 
97 void omap_badwidth_write32(void *opaque, hwaddr addr,
98                 uint32_t value)
99 {
100     omap_log_badwidth(__func__, addr, 4);
101     cpu_physical_memory_write(addr, &value, 4);
102 }
103 
104 /* MPU OS timers */
105 struct omap_mpu_timer_s {
106     MemoryRegion iomem;
107     qemu_irq irq;
108     omap_clk clk;
109     uint32_t val;
110     int64_t time;
111     QEMUTimer *timer;
112     QEMUBH *tick;
113     int64_t rate;
114     int it_ena;
115 
116     int enable;
117     int ptv;
118     int ar;
119     int st;
120     uint32_t reset_val;
121 };
122 
123 static inline uint32_t omap_timer_read(struct omap_mpu_timer_s *timer)
124 {
125     uint64_t distance = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) - timer->time;
126 
127     if (timer->st && timer->enable && timer->rate)
128         return timer->val - muldiv64(distance >> (timer->ptv + 1),
129                                      timer->rate, NANOSECONDS_PER_SECOND);
130     else
131         return timer->val;
132 }
133 
134 static inline void omap_timer_sync(struct omap_mpu_timer_s *timer)
135 {
136     timer->val = omap_timer_read(timer);
137     timer->time = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
138 }
139 
140 static inline void omap_timer_update(struct omap_mpu_timer_s *timer)
141 {
142     int64_t expires;
143 
144     if (timer->enable && timer->st && timer->rate) {
145         timer->val = timer->reset_val;	/* Should skip this on clk enable */
146         expires = muldiv64((uint64_t) timer->val << (timer->ptv + 1),
147                            NANOSECONDS_PER_SECOND, timer->rate);
148 
149         /* If timer expiry would be sooner than in about 1 ms and
150          * auto-reload isn't set, then fire immediately.  This is a hack
151          * to make systems like PalmOS run in acceptable time.  PalmOS
152          * sets the interval to a very low value and polls the status bit
153          * in a busy loop when it wants to sleep just a couple of CPU
154          * ticks.  */
155         if (expires > (NANOSECONDS_PER_SECOND >> 10) || timer->ar) {
156             timer_mod(timer->timer, timer->time + expires);
157         } else {
158             qemu_bh_schedule(timer->tick);
159         }
160     } else
161         timer_del(timer->timer);
162 }
163 
164 static void omap_timer_fire(void *opaque)
165 {
166     struct omap_mpu_timer_s *timer = opaque;
167 
168     if (!timer->ar) {
169         timer->val = 0;
170         timer->st = 0;
171     }
172 
173     if (timer->it_ena)
174         /* Edge-triggered irq */
175         qemu_irq_pulse(timer->irq);
176 }
177 
178 static void omap_timer_tick(void *opaque)
179 {
180     struct omap_mpu_timer_s *timer = opaque;
181 
182     omap_timer_sync(timer);
183     omap_timer_fire(timer);
184     omap_timer_update(timer);
185 }
186 
187 static void omap_timer_clk_update(void *opaque, int line, int on)
188 {
189     struct omap_mpu_timer_s *timer = opaque;
190 
191     omap_timer_sync(timer);
192     timer->rate = on ? omap_clk_getrate(timer->clk) : 0;
193     omap_timer_update(timer);
194 }
195 
196 static void omap_timer_clk_setup(struct omap_mpu_timer_s *timer)
197 {
198     omap_clk_adduser(timer->clk,
199                     qemu_allocate_irq(omap_timer_clk_update, timer, 0));
200     timer->rate = omap_clk_getrate(timer->clk);
201 }
202 
203 static uint64_t omap_mpu_timer_read(void *opaque, hwaddr addr,
204                                     unsigned size)
205 {
206     struct omap_mpu_timer_s *s = opaque;
207 
208     if (size != 4) {
209         return omap_badwidth_read32(opaque, addr);
210     }
211 
212     switch (addr) {
213     case 0x00:	/* CNTL_TIMER */
214         return (s->enable << 5) | (s->ptv << 2) | (s->ar << 1) | s->st;
215 
216     case 0x04:	/* LOAD_TIM */
217         break;
218 
219     case 0x08:	/* READ_TIM */
220         return omap_timer_read(s);
221     }
222 
223     OMAP_BAD_REG(addr);
224     return 0;
225 }
226 
227 static void omap_mpu_timer_write(void *opaque, hwaddr addr,
228                                  uint64_t value, unsigned size)
229 {
230     struct omap_mpu_timer_s *s = opaque;
231 
232     if (size != 4) {
233         omap_badwidth_write32(opaque, addr, value);
234         return;
235     }
236 
237     switch (addr) {
238     case 0x00:	/* CNTL_TIMER */
239         omap_timer_sync(s);
240         s->enable = (value >> 5) & 1;
241         s->ptv = (value >> 2) & 7;
242         s->ar = (value >> 1) & 1;
243         s->st = value & 1;
244         omap_timer_update(s);
245         return;
246 
247     case 0x04:	/* LOAD_TIM */
248         s->reset_val = value;
249         return;
250 
251     case 0x08:	/* READ_TIM */
252         OMAP_RO_REG(addr);
253         break;
254 
255     default:
256         OMAP_BAD_REG(addr);
257     }
258 }
259 
260 static const MemoryRegionOps omap_mpu_timer_ops = {
261     .read = omap_mpu_timer_read,
262     .write = omap_mpu_timer_write,
263     .endianness = DEVICE_LITTLE_ENDIAN,
264 };
265 
266 static void omap_mpu_timer_reset(struct omap_mpu_timer_s *s)
267 {
268     timer_del(s->timer);
269     s->enable = 0;
270     s->reset_val = 31337;
271     s->val = 0;
272     s->ptv = 0;
273     s->ar = 0;
274     s->st = 0;
275     s->it_ena = 1;
276 }
277 
278 static struct omap_mpu_timer_s *omap_mpu_timer_init(MemoryRegion *system_memory,
279                 hwaddr base,
280                 qemu_irq irq, omap_clk clk)
281 {
282     struct omap_mpu_timer_s *s = g_new0(struct omap_mpu_timer_s, 1);
283 
284     s->irq = irq;
285     s->clk = clk;
286     s->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, omap_timer_tick, s);
287     s->tick = qemu_bh_new(omap_timer_fire, s);
288     omap_mpu_timer_reset(s);
289     omap_timer_clk_setup(s);
290 
291     memory_region_init_io(&s->iomem, NULL, &omap_mpu_timer_ops, s,
292                           "omap-mpu-timer", 0x100);
293 
294     memory_region_add_subregion(system_memory, base, &s->iomem);
295 
296     return s;
297 }
298 
299 /* Watchdog timer */
300 struct omap_watchdog_timer_s {
301     struct omap_mpu_timer_s timer;
302     MemoryRegion iomem;
303     uint8_t last_wr;
304     int mode;
305     int free;
306     int reset;
307 };
308 
309 static uint64_t omap_wd_timer_read(void *opaque, hwaddr addr,
310                                    unsigned size)
311 {
312     struct omap_watchdog_timer_s *s = opaque;
313 
314     if (size != 2) {
315         return omap_badwidth_read16(opaque, addr);
316     }
317 
318     switch (addr) {
319     case 0x00:	/* CNTL_TIMER */
320         return (s->timer.ptv << 9) | (s->timer.ar << 8) |
321                 (s->timer.st << 7) | (s->free << 1);
322 
323     case 0x04:	/* READ_TIMER */
324         return omap_timer_read(&s->timer);
325 
326     case 0x08:	/* TIMER_MODE */
327         return s->mode << 15;
328     }
329 
330     OMAP_BAD_REG(addr);
331     return 0;
332 }
333 
334 static void omap_wd_timer_write(void *opaque, hwaddr addr,
335                                 uint64_t value, unsigned size)
336 {
337     struct omap_watchdog_timer_s *s = opaque;
338 
339     if (size != 2) {
340         omap_badwidth_write16(opaque, addr, value);
341         return;
342     }
343 
344     switch (addr) {
345     case 0x00:	/* CNTL_TIMER */
346         omap_timer_sync(&s->timer);
347         s->timer.ptv = (value >> 9) & 7;
348         s->timer.ar = (value >> 8) & 1;
349         s->timer.st = (value >> 7) & 1;
350         s->free = (value >> 1) & 1;
351         omap_timer_update(&s->timer);
352         break;
353 
354     case 0x04:	/* LOAD_TIMER */
355         s->timer.reset_val = value & 0xffff;
356         break;
357 
358     case 0x08:	/* TIMER_MODE */
359         if (!s->mode && ((value >> 15) & 1))
360             omap_clk_get(s->timer.clk);
361         s->mode |= (value >> 15) & 1;
362         if (s->last_wr == 0xf5) {
363             if ((value & 0xff) == 0xa0) {
364                 if (s->mode) {
365                     s->mode = 0;
366                     omap_clk_put(s->timer.clk);
367                 }
368             } else {
369                 /* XXX: on T|E hardware somehow this has no effect,
370                  * on Zire 71 it works as specified.  */
371                 s->reset = 1;
372                 qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET);
373             }
374         }
375         s->last_wr = value & 0xff;
376         break;
377 
378     default:
379         OMAP_BAD_REG(addr);
380     }
381 }
382 
383 static const MemoryRegionOps omap_wd_timer_ops = {
384     .read = omap_wd_timer_read,
385     .write = omap_wd_timer_write,
386     .endianness = DEVICE_NATIVE_ENDIAN,
387 };
388 
389 static void omap_wd_timer_reset(struct omap_watchdog_timer_s *s)
390 {
391     timer_del(s->timer.timer);
392     if (!s->mode)
393         omap_clk_get(s->timer.clk);
394     s->mode = 1;
395     s->free = 1;
396     s->reset = 0;
397     s->timer.enable = 1;
398     s->timer.it_ena = 1;
399     s->timer.reset_val = 0xffff;
400     s->timer.val = 0;
401     s->timer.st = 0;
402     s->timer.ptv = 0;
403     s->timer.ar = 0;
404     omap_timer_update(&s->timer);
405 }
406 
407 static struct omap_watchdog_timer_s *omap_wd_timer_init(MemoryRegion *memory,
408                 hwaddr base,
409                 qemu_irq irq, omap_clk clk)
410 {
411     struct omap_watchdog_timer_s *s = g_new0(struct omap_watchdog_timer_s, 1);
412 
413     s->timer.irq = irq;
414     s->timer.clk = clk;
415     s->timer.timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, omap_timer_tick, &s->timer);
416     omap_wd_timer_reset(s);
417     omap_timer_clk_setup(&s->timer);
418 
419     memory_region_init_io(&s->iomem, NULL, &omap_wd_timer_ops, s,
420                           "omap-wd-timer", 0x100);
421     memory_region_add_subregion(memory, base, &s->iomem);
422 
423     return s;
424 }
425 
426 /* 32-kHz timer */
427 struct omap_32khz_timer_s {
428     struct omap_mpu_timer_s timer;
429     MemoryRegion iomem;
430 };
431 
432 static uint64_t omap_os_timer_read(void *opaque, hwaddr addr,
433                                    unsigned size)
434 {
435     struct omap_32khz_timer_s *s = opaque;
436     int offset = addr & OMAP_MPUI_REG_MASK;
437 
438     if (size != 4) {
439         return omap_badwidth_read32(opaque, addr);
440     }
441 
442     switch (offset) {
443     case 0x00:	/* TVR */
444         return s->timer.reset_val;
445 
446     case 0x04:	/* TCR */
447         return omap_timer_read(&s->timer);
448 
449     case 0x08:	/* CR */
450         return (s->timer.ar << 3) | (s->timer.it_ena << 2) | s->timer.st;
451 
452     default:
453         break;
454     }
455     OMAP_BAD_REG(addr);
456     return 0;
457 }
458 
459 static void omap_os_timer_write(void *opaque, hwaddr addr,
460                                 uint64_t value, unsigned size)
461 {
462     struct omap_32khz_timer_s *s = opaque;
463     int offset = addr & OMAP_MPUI_REG_MASK;
464 
465     if (size != 4) {
466         omap_badwidth_write32(opaque, addr, value);
467         return;
468     }
469 
470     switch (offset) {
471     case 0x00:	/* TVR */
472         s->timer.reset_val = value & 0x00ffffff;
473         break;
474 
475     case 0x04:	/* TCR */
476         OMAP_RO_REG(addr);
477         break;
478 
479     case 0x08:	/* CR */
480         s->timer.ar = (value >> 3) & 1;
481         s->timer.it_ena = (value >> 2) & 1;
482         if (s->timer.st != (value & 1) || (value & 2)) {
483             omap_timer_sync(&s->timer);
484             s->timer.enable = value & 1;
485             s->timer.st = value & 1;
486             omap_timer_update(&s->timer);
487         }
488         break;
489 
490     default:
491         OMAP_BAD_REG(addr);
492     }
493 }
494 
495 static const MemoryRegionOps omap_os_timer_ops = {
496     .read = omap_os_timer_read,
497     .write = omap_os_timer_write,
498     .endianness = DEVICE_NATIVE_ENDIAN,
499 };
500 
501 static void omap_os_timer_reset(struct omap_32khz_timer_s *s)
502 {
503     timer_del(s->timer.timer);
504     s->timer.enable = 0;
505     s->timer.it_ena = 0;
506     s->timer.reset_val = 0x00ffffff;
507     s->timer.val = 0;
508     s->timer.st = 0;
509     s->timer.ptv = 0;
510     s->timer.ar = 1;
511 }
512 
513 static struct omap_32khz_timer_s *omap_os_timer_init(MemoryRegion *memory,
514                 hwaddr base,
515                 qemu_irq irq, omap_clk clk)
516 {
517     struct omap_32khz_timer_s *s = g_new0(struct omap_32khz_timer_s, 1);
518 
519     s->timer.irq = irq;
520     s->timer.clk = clk;
521     s->timer.timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, omap_timer_tick, &s->timer);
522     omap_os_timer_reset(s);
523     omap_timer_clk_setup(&s->timer);
524 
525     memory_region_init_io(&s->iomem, NULL, &omap_os_timer_ops, s,
526                           "omap-os-timer", 0x800);
527     memory_region_add_subregion(memory, base, &s->iomem);
528 
529     return s;
530 }
531 
532 /* Ultra Low-Power Device Module */
533 static uint64_t omap_ulpd_pm_read(void *opaque, hwaddr addr,
534                                   unsigned size)
535 {
536     struct omap_mpu_state_s *s = opaque;
537     uint16_t ret;
538 
539     if (size != 2) {
540         return omap_badwidth_read16(opaque, addr);
541     }
542 
543     switch (addr) {
544     case 0x14:	/* IT_STATUS */
545         ret = s->ulpd_pm_regs[addr >> 2];
546         s->ulpd_pm_regs[addr >> 2] = 0;
547         qemu_irq_lower(qdev_get_gpio_in(s->ih[1], OMAP_INT_GAUGE_32K));
548         return ret;
549 
550     case 0x18:	/* Reserved */
551     case 0x1c:	/* Reserved */
552     case 0x20:	/* Reserved */
553     case 0x28:	/* Reserved */
554     case 0x2c:	/* Reserved */
555         OMAP_BAD_REG(addr);
556         /* fall through */
557     case 0x00:	/* COUNTER_32_LSB */
558     case 0x04:	/* COUNTER_32_MSB */
559     case 0x08:	/* COUNTER_HIGH_FREQ_LSB */
560     case 0x0c:	/* COUNTER_HIGH_FREQ_MSB */
561     case 0x10:	/* GAUGING_CTRL */
562     case 0x24:	/* SETUP_ANALOG_CELL3_ULPD1 */
563     case 0x30:	/* CLOCK_CTRL */
564     case 0x34:	/* SOFT_REQ */
565     case 0x38:	/* COUNTER_32_FIQ */
566     case 0x3c:	/* DPLL_CTRL */
567     case 0x40:	/* STATUS_REQ */
568         /* XXX: check clk::usecount state for every clock */
569     case 0x48:	/* LOCL_TIME */
570     case 0x4c:	/* APLL_CTRL */
571     case 0x50:	/* POWER_CTRL */
572         return s->ulpd_pm_regs[addr >> 2];
573     }
574 
575     OMAP_BAD_REG(addr);
576     return 0;
577 }
578 
579 static inline void omap_ulpd_clk_update(struct omap_mpu_state_s *s,
580                 uint16_t diff, uint16_t value)
581 {
582     if (diff & (1 << 4))				/* USB_MCLK_EN */
583         omap_clk_onoff(omap_findclk(s, "usb_clk0"), (value >> 4) & 1);
584     if (diff & (1 << 5))				/* DIS_USB_PVCI_CLK */
585         omap_clk_onoff(omap_findclk(s, "usb_w2fc_ck"), (~value >> 5) & 1);
586 }
587 
588 static inline void omap_ulpd_req_update(struct omap_mpu_state_s *s,
589                 uint16_t diff, uint16_t value)
590 {
591     if (diff & (1 << 0))				/* SOFT_DPLL_REQ */
592         omap_clk_canidle(omap_findclk(s, "dpll4"), (~value >> 0) & 1);
593     if (diff & (1 << 1))				/* SOFT_COM_REQ */
594         omap_clk_canidle(omap_findclk(s, "com_mclk_out"), (~value >> 1) & 1);
595     if (diff & (1 << 2))				/* SOFT_SDW_REQ */
596         omap_clk_canidle(omap_findclk(s, "bt_mclk_out"), (~value >> 2) & 1);
597     if (diff & (1 << 3))				/* SOFT_USB_REQ */
598         omap_clk_canidle(omap_findclk(s, "usb_clk0"), (~value >> 3) & 1);
599 }
600 
601 static void omap_ulpd_pm_write(void *opaque, hwaddr addr,
602                                uint64_t value, unsigned size)
603 {
604     struct omap_mpu_state_s *s = opaque;
605     int64_t now, ticks;
606     int div, mult;
607     static const int bypass_div[4] = { 1, 2, 4, 4 };
608     uint16_t diff;
609 
610     if (size != 2) {
611         omap_badwidth_write16(opaque, addr, value);
612         return;
613     }
614 
615     switch (addr) {
616     case 0x00:	/* COUNTER_32_LSB */
617     case 0x04:	/* COUNTER_32_MSB */
618     case 0x08:	/* COUNTER_HIGH_FREQ_LSB */
619     case 0x0c:	/* COUNTER_HIGH_FREQ_MSB */
620     case 0x14:	/* IT_STATUS */
621     case 0x40:	/* STATUS_REQ */
622         OMAP_RO_REG(addr);
623         break;
624 
625     case 0x10:	/* GAUGING_CTRL */
626         /* Bits 0 and 1 seem to be confused in the OMAP 310 TRM */
627         if ((s->ulpd_pm_regs[addr >> 2] ^ value) & 1) {
628             now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
629 
630             if (value & 1)
631                 s->ulpd_gauge_start = now;
632             else {
633                 now -= s->ulpd_gauge_start;
634 
635                 /* 32-kHz ticks */
636                 ticks = muldiv64(now, 32768, NANOSECONDS_PER_SECOND);
637                 s->ulpd_pm_regs[0x00 >> 2] = (ticks >>  0) & 0xffff;
638                 s->ulpd_pm_regs[0x04 >> 2] = (ticks >> 16) & 0xffff;
639                 if (ticks >> 32)	/* OVERFLOW_32K */
640                     s->ulpd_pm_regs[0x14 >> 2] |= 1 << 2;
641 
642                 /* High frequency ticks */
643                 ticks = muldiv64(now, 12000000, NANOSECONDS_PER_SECOND);
644                 s->ulpd_pm_regs[0x08 >> 2] = (ticks >>  0) & 0xffff;
645                 s->ulpd_pm_regs[0x0c >> 2] = (ticks >> 16) & 0xffff;
646                 if (ticks >> 32)	/* OVERFLOW_HI_FREQ */
647                     s->ulpd_pm_regs[0x14 >> 2] |= 1 << 1;
648 
649                 s->ulpd_pm_regs[0x14 >> 2] |= 1 << 0;	/* IT_GAUGING */
650                 qemu_irq_raise(qdev_get_gpio_in(s->ih[1], OMAP_INT_GAUGE_32K));
651             }
652         }
653         s->ulpd_pm_regs[addr >> 2] = value;
654         break;
655 
656     case 0x18:	/* Reserved */
657     case 0x1c:	/* Reserved */
658     case 0x20:	/* Reserved */
659     case 0x28:	/* Reserved */
660     case 0x2c:	/* Reserved */
661         OMAP_BAD_REG(addr);
662         /* fall through */
663     case 0x24:	/* SETUP_ANALOG_CELL3_ULPD1 */
664     case 0x38:	/* COUNTER_32_FIQ */
665     case 0x48:	/* LOCL_TIME */
666     case 0x50:	/* POWER_CTRL */
667         s->ulpd_pm_regs[addr >> 2] = value;
668         break;
669 
670     case 0x30:	/* CLOCK_CTRL */
671         diff = s->ulpd_pm_regs[addr >> 2] ^ value;
672         s->ulpd_pm_regs[addr >> 2] = value & 0x3f;
673         omap_ulpd_clk_update(s, diff, value);
674         break;
675 
676     case 0x34:	/* SOFT_REQ */
677         diff = s->ulpd_pm_regs[addr >> 2] ^ value;
678         s->ulpd_pm_regs[addr >> 2] = value & 0x1f;
679         omap_ulpd_req_update(s, diff, value);
680         break;
681 
682     case 0x3c:	/* DPLL_CTRL */
683         /* XXX: OMAP310 TRM claims bit 3 is PLL_ENABLE, and bit 4 is
684          * omitted altogether, probably a typo.  */
685         /* This register has identical semantics with DPLL(1:3) control
686          * registers, see omap_dpll_write() */
687         diff = s->ulpd_pm_regs[addr >> 2] & value;
688         s->ulpd_pm_regs[addr >> 2] = value & 0x2fff;
689         if (diff & (0x3ff << 2)) {
690             if (value & (1 << 4)) {			/* PLL_ENABLE */
691                 div = ((value >> 5) & 3) + 1;		/* PLL_DIV */
692                 mult = MIN((value >> 7) & 0x1f, 1);	/* PLL_MULT */
693             } else {
694                 div = bypass_div[((value >> 2) & 3)];	/* BYPASS_DIV */
695                 mult = 1;
696             }
697             omap_clk_setrate(omap_findclk(s, "dpll4"), div, mult);
698         }
699 
700         /* Enter the desired mode.  */
701         s->ulpd_pm_regs[addr >> 2] =
702                 (s->ulpd_pm_regs[addr >> 2] & 0xfffe) |
703                 ((s->ulpd_pm_regs[addr >> 2] >> 4) & 1);
704 
705         /* Act as if the lock is restored.  */
706         s->ulpd_pm_regs[addr >> 2] |= 2;
707         break;
708 
709     case 0x4c:	/* APLL_CTRL */
710         diff = s->ulpd_pm_regs[addr >> 2] & value;
711         s->ulpd_pm_regs[addr >> 2] = value & 0xf;
712         if (diff & (1 << 0))				/* APLL_NDPLL_SWITCH */
713             omap_clk_reparent(omap_findclk(s, "ck_48m"), omap_findclk(s,
714                                     (value & (1 << 0)) ? "apll" : "dpll4"));
715         break;
716 
717     default:
718         OMAP_BAD_REG(addr);
719     }
720 }
721 
722 static const MemoryRegionOps omap_ulpd_pm_ops = {
723     .read = omap_ulpd_pm_read,
724     .write = omap_ulpd_pm_write,
725     .endianness = DEVICE_NATIVE_ENDIAN,
726 };
727 
728 static void omap_ulpd_pm_reset(struct omap_mpu_state_s *mpu)
729 {
730     mpu->ulpd_pm_regs[0x00 >> 2] = 0x0001;
731     mpu->ulpd_pm_regs[0x04 >> 2] = 0x0000;
732     mpu->ulpd_pm_regs[0x08 >> 2] = 0x0001;
733     mpu->ulpd_pm_regs[0x0c >> 2] = 0x0000;
734     mpu->ulpd_pm_regs[0x10 >> 2] = 0x0000;
735     mpu->ulpd_pm_regs[0x18 >> 2] = 0x01;
736     mpu->ulpd_pm_regs[0x1c >> 2] = 0x01;
737     mpu->ulpd_pm_regs[0x20 >> 2] = 0x01;
738     mpu->ulpd_pm_regs[0x24 >> 2] = 0x03ff;
739     mpu->ulpd_pm_regs[0x28 >> 2] = 0x01;
740     mpu->ulpd_pm_regs[0x2c >> 2] = 0x01;
741     omap_ulpd_clk_update(mpu, mpu->ulpd_pm_regs[0x30 >> 2], 0x0000);
742     mpu->ulpd_pm_regs[0x30 >> 2] = 0x0000;
743     omap_ulpd_req_update(mpu, mpu->ulpd_pm_regs[0x34 >> 2], 0x0000);
744     mpu->ulpd_pm_regs[0x34 >> 2] = 0x0000;
745     mpu->ulpd_pm_regs[0x38 >> 2] = 0x0001;
746     mpu->ulpd_pm_regs[0x3c >> 2] = 0x2211;
747     mpu->ulpd_pm_regs[0x40 >> 2] = 0x0000; /* FIXME: dump a real STATUS_REQ */
748     mpu->ulpd_pm_regs[0x48 >> 2] = 0x960;
749     mpu->ulpd_pm_regs[0x4c >> 2] = 0x08;
750     mpu->ulpd_pm_regs[0x50 >> 2] = 0x08;
751     omap_clk_setrate(omap_findclk(mpu, "dpll4"), 1, 4);
752     omap_clk_reparent(omap_findclk(mpu, "ck_48m"), omap_findclk(mpu, "dpll4"));
753 }
754 
755 static void omap_ulpd_pm_init(MemoryRegion *system_memory,
756                 hwaddr base,
757                 struct omap_mpu_state_s *mpu)
758 {
759     memory_region_init_io(&mpu->ulpd_pm_iomem, NULL, &omap_ulpd_pm_ops, mpu,
760                           "omap-ulpd-pm", 0x800);
761     memory_region_add_subregion(system_memory, base, &mpu->ulpd_pm_iomem);
762     omap_ulpd_pm_reset(mpu);
763 }
764 
765 /* OMAP Pin Configuration */
766 static uint64_t omap_pin_cfg_read(void *opaque, hwaddr addr,
767                                   unsigned size)
768 {
769     struct omap_mpu_state_s *s = opaque;
770 
771     if (size != 4) {
772         return omap_badwidth_read32(opaque, addr);
773     }
774 
775     switch (addr) {
776     case 0x00:	/* FUNC_MUX_CTRL_0 */
777     case 0x04:	/* FUNC_MUX_CTRL_1 */
778     case 0x08:	/* FUNC_MUX_CTRL_2 */
779         return s->func_mux_ctrl[addr >> 2];
780 
781     case 0x0c:	/* COMP_MODE_CTRL_0 */
782         return s->comp_mode_ctrl[0];
783 
784     case 0x10:	/* FUNC_MUX_CTRL_3 */
785     case 0x14:	/* FUNC_MUX_CTRL_4 */
786     case 0x18:	/* FUNC_MUX_CTRL_5 */
787     case 0x1c:	/* FUNC_MUX_CTRL_6 */
788     case 0x20:	/* FUNC_MUX_CTRL_7 */
789     case 0x24:	/* FUNC_MUX_CTRL_8 */
790     case 0x28:	/* FUNC_MUX_CTRL_9 */
791     case 0x2c:	/* FUNC_MUX_CTRL_A */
792     case 0x30:	/* FUNC_MUX_CTRL_B */
793     case 0x34:	/* FUNC_MUX_CTRL_C */
794     case 0x38:	/* FUNC_MUX_CTRL_D */
795         return s->func_mux_ctrl[(addr >> 2) - 1];
796 
797     case 0x40:	/* PULL_DWN_CTRL_0 */
798     case 0x44:	/* PULL_DWN_CTRL_1 */
799     case 0x48:	/* PULL_DWN_CTRL_2 */
800     case 0x4c:	/* PULL_DWN_CTRL_3 */
801         return s->pull_dwn_ctrl[(addr & 0xf) >> 2];
802 
803     case 0x50:	/* GATE_INH_CTRL_0 */
804         return s->gate_inh_ctrl[0];
805 
806     case 0x60:	/* VOLTAGE_CTRL_0 */
807         return s->voltage_ctrl[0];
808 
809     case 0x70:	/* TEST_DBG_CTRL_0 */
810         return s->test_dbg_ctrl[0];
811 
812     case 0x80:	/* MOD_CONF_CTRL_0 */
813         return s->mod_conf_ctrl[0];
814     }
815 
816     OMAP_BAD_REG(addr);
817     return 0;
818 }
819 
820 static inline void omap_pin_funcmux0_update(struct omap_mpu_state_s *s,
821                 uint32_t diff, uint32_t value)
822 {
823     if (s->compat1509) {
824         if (diff & (1 << 9))			/* BLUETOOTH */
825             omap_clk_onoff(omap_findclk(s, "bt_mclk_out"),
826                             (~value >> 9) & 1);
827         if (diff & (1 << 7))			/* USB.CLKO */
828             omap_clk_onoff(omap_findclk(s, "usb.clko"),
829                             (value >> 7) & 1);
830     }
831 }
832 
833 static inline void omap_pin_funcmux1_update(struct omap_mpu_state_s *s,
834                 uint32_t diff, uint32_t value)
835 {
836     if (s->compat1509) {
837         if (diff & (1U << 31)) {
838             /* MCBSP3_CLK_HIZ_DI */
839             omap_clk_onoff(omap_findclk(s, "mcbsp3.clkx"), (value >> 31) & 1);
840         }
841         if (diff & (1 << 1)) {
842             /* CLK32K */
843             omap_clk_onoff(omap_findclk(s, "clk32k_out"), (~value >> 1) & 1);
844         }
845     }
846 }
847 
848 static inline void omap_pin_modconf1_update(struct omap_mpu_state_s *s,
849                 uint32_t diff, uint32_t value)
850 {
851     if (diff & (1U << 31)) {
852         /* CONF_MOD_UART3_CLK_MODE_R */
853         omap_clk_reparent(omap_findclk(s, "uart3_ck"),
854                           omap_findclk(s, ((value >> 31) & 1) ?
855                                        "ck_48m" : "armper_ck"));
856     }
857     if (diff & (1 << 30))			/* CONF_MOD_UART2_CLK_MODE_R */
858          omap_clk_reparent(omap_findclk(s, "uart2_ck"),
859                          omap_findclk(s, ((value >> 30) & 1) ?
860                                  "ck_48m" : "armper_ck"));
861     if (diff & (1 << 29))			/* CONF_MOD_UART1_CLK_MODE_R */
862          omap_clk_reparent(omap_findclk(s, "uart1_ck"),
863                          omap_findclk(s, ((value >> 29) & 1) ?
864                                  "ck_48m" : "armper_ck"));
865     if (diff & (1 << 23))			/* CONF_MOD_MMC_SD_CLK_REQ_R */
866          omap_clk_reparent(omap_findclk(s, "mmc_ck"),
867                          omap_findclk(s, ((value >> 23) & 1) ?
868                                  "ck_48m" : "armper_ck"));
869     if (diff & (1 << 12))			/* CONF_MOD_COM_MCLK_12_48_S */
870          omap_clk_reparent(omap_findclk(s, "com_mclk_out"),
871                          omap_findclk(s, ((value >> 12) & 1) ?
872                                  "ck_48m" : "armper_ck"));
873     if (diff & (1 << 9))			/* CONF_MOD_USB_HOST_HHC_UHO */
874          omap_clk_onoff(omap_findclk(s, "usb_hhc_ck"), (value >> 9) & 1);
875 }
876 
877 static void omap_pin_cfg_write(void *opaque, hwaddr addr,
878                                uint64_t value, unsigned size)
879 {
880     struct omap_mpu_state_s *s = opaque;
881     uint32_t diff;
882 
883     if (size != 4) {
884         omap_badwidth_write32(opaque, addr, value);
885         return;
886     }
887 
888     switch (addr) {
889     case 0x00:	/* FUNC_MUX_CTRL_0 */
890         diff = s->func_mux_ctrl[addr >> 2] ^ value;
891         s->func_mux_ctrl[addr >> 2] = value;
892         omap_pin_funcmux0_update(s, diff, value);
893         return;
894 
895     case 0x04:	/* FUNC_MUX_CTRL_1 */
896         diff = s->func_mux_ctrl[addr >> 2] ^ value;
897         s->func_mux_ctrl[addr >> 2] = value;
898         omap_pin_funcmux1_update(s, diff, value);
899         return;
900 
901     case 0x08:	/* FUNC_MUX_CTRL_2 */
902         s->func_mux_ctrl[addr >> 2] = value;
903         return;
904 
905     case 0x0c:	/* COMP_MODE_CTRL_0 */
906         s->comp_mode_ctrl[0] = value;
907         s->compat1509 = (value != 0x0000eaef);
908         omap_pin_funcmux0_update(s, ~0, s->func_mux_ctrl[0]);
909         omap_pin_funcmux1_update(s, ~0, s->func_mux_ctrl[1]);
910         return;
911 
912     case 0x10:	/* FUNC_MUX_CTRL_3 */
913     case 0x14:	/* FUNC_MUX_CTRL_4 */
914     case 0x18:	/* FUNC_MUX_CTRL_5 */
915     case 0x1c:	/* FUNC_MUX_CTRL_6 */
916     case 0x20:	/* FUNC_MUX_CTRL_7 */
917     case 0x24:	/* FUNC_MUX_CTRL_8 */
918     case 0x28:	/* FUNC_MUX_CTRL_9 */
919     case 0x2c:	/* FUNC_MUX_CTRL_A */
920     case 0x30:	/* FUNC_MUX_CTRL_B */
921     case 0x34:	/* FUNC_MUX_CTRL_C */
922     case 0x38:	/* FUNC_MUX_CTRL_D */
923         s->func_mux_ctrl[(addr >> 2) - 1] = value;
924         return;
925 
926     case 0x40:	/* PULL_DWN_CTRL_0 */
927     case 0x44:	/* PULL_DWN_CTRL_1 */
928     case 0x48:	/* PULL_DWN_CTRL_2 */
929     case 0x4c:	/* PULL_DWN_CTRL_3 */
930         s->pull_dwn_ctrl[(addr & 0xf) >> 2] = value;
931         return;
932 
933     case 0x50:	/* GATE_INH_CTRL_0 */
934         s->gate_inh_ctrl[0] = value;
935         return;
936 
937     case 0x60:	/* VOLTAGE_CTRL_0 */
938         s->voltage_ctrl[0] = value;
939         return;
940 
941     case 0x70:	/* TEST_DBG_CTRL_0 */
942         s->test_dbg_ctrl[0] = value;
943         return;
944 
945     case 0x80:	/* MOD_CONF_CTRL_0 */
946         diff = s->mod_conf_ctrl[0] ^ value;
947         s->mod_conf_ctrl[0] = value;
948         omap_pin_modconf1_update(s, diff, value);
949         return;
950 
951     default:
952         OMAP_BAD_REG(addr);
953     }
954 }
955 
956 static const MemoryRegionOps omap_pin_cfg_ops = {
957     .read = omap_pin_cfg_read,
958     .write = omap_pin_cfg_write,
959     .endianness = DEVICE_NATIVE_ENDIAN,
960 };
961 
962 static void omap_pin_cfg_reset(struct omap_mpu_state_s *mpu)
963 {
964     /* Start in Compatibility Mode.  */
965     mpu->compat1509 = 1;
966     omap_pin_funcmux0_update(mpu, mpu->func_mux_ctrl[0], 0);
967     omap_pin_funcmux1_update(mpu, mpu->func_mux_ctrl[1], 0);
968     omap_pin_modconf1_update(mpu, mpu->mod_conf_ctrl[0], 0);
969     memset(mpu->func_mux_ctrl, 0, sizeof(mpu->func_mux_ctrl));
970     memset(mpu->comp_mode_ctrl, 0, sizeof(mpu->comp_mode_ctrl));
971     memset(mpu->pull_dwn_ctrl, 0, sizeof(mpu->pull_dwn_ctrl));
972     memset(mpu->gate_inh_ctrl, 0, sizeof(mpu->gate_inh_ctrl));
973     memset(mpu->voltage_ctrl, 0, sizeof(mpu->voltage_ctrl));
974     memset(mpu->test_dbg_ctrl, 0, sizeof(mpu->test_dbg_ctrl));
975     memset(mpu->mod_conf_ctrl, 0, sizeof(mpu->mod_conf_ctrl));
976 }
977 
978 static void omap_pin_cfg_init(MemoryRegion *system_memory,
979                 hwaddr base,
980                 struct omap_mpu_state_s *mpu)
981 {
982     memory_region_init_io(&mpu->pin_cfg_iomem, NULL, &omap_pin_cfg_ops, mpu,
983                           "omap-pin-cfg", 0x800);
984     memory_region_add_subregion(system_memory, base, &mpu->pin_cfg_iomem);
985     omap_pin_cfg_reset(mpu);
986 }
987 
988 /* Device Identification, Die Identification */
989 static uint64_t omap_id_read(void *opaque, hwaddr addr,
990                              unsigned size)
991 {
992     struct omap_mpu_state_s *s = opaque;
993 
994     if (size != 4) {
995         return omap_badwidth_read32(opaque, addr);
996     }
997 
998     switch (addr) {
999     case 0xfffe1800:	/* DIE_ID_LSB */
1000         return 0xc9581f0e;
1001     case 0xfffe1804:	/* DIE_ID_MSB */
1002         return 0xa8858bfa;
1003 
1004     case 0xfffe2000:	/* PRODUCT_ID_LSB */
1005         return 0x00aaaafc;
1006     case 0xfffe2004:	/* PRODUCT_ID_MSB */
1007         return 0xcafeb574;
1008 
1009     case 0xfffed400:	/* JTAG_ID_LSB */
1010         switch (s->mpu_model) {
1011         case omap310:
1012             return 0x03310315;
1013         case omap1510:
1014             return 0x03310115;
1015         default:
1016             hw_error("%s: bad mpu model\n", __func__);
1017         }
1018         break;
1019 
1020     case 0xfffed404:	/* JTAG_ID_MSB */
1021         switch (s->mpu_model) {
1022         case omap310:
1023             return 0xfb57402f;
1024         case omap1510:
1025             return 0xfb47002f;
1026         default:
1027             hw_error("%s: bad mpu model\n", __func__);
1028         }
1029         break;
1030     }
1031 
1032     OMAP_BAD_REG(addr);
1033     return 0;
1034 }
1035 
1036 static void omap_id_write(void *opaque, hwaddr addr,
1037                           uint64_t value, unsigned size)
1038 {
1039     if (size != 4) {
1040         omap_badwidth_write32(opaque, addr, value);
1041         return;
1042     }
1043 
1044     OMAP_BAD_REG(addr);
1045 }
1046 
1047 static const MemoryRegionOps omap_id_ops = {
1048     .read = omap_id_read,
1049     .write = omap_id_write,
1050     .endianness = DEVICE_NATIVE_ENDIAN,
1051 };
1052 
1053 static void omap_id_init(MemoryRegion *memory, struct omap_mpu_state_s *mpu)
1054 {
1055     memory_region_init_io(&mpu->id_iomem, NULL, &omap_id_ops, mpu,
1056                           "omap-id", 0x100000000ULL);
1057     memory_region_init_alias(&mpu->id_iomem_e18, NULL, "omap-id-e18", &mpu->id_iomem,
1058                              0xfffe1800, 0x800);
1059     memory_region_add_subregion(memory, 0xfffe1800, &mpu->id_iomem_e18);
1060     memory_region_init_alias(&mpu->id_iomem_ed4, NULL, "omap-id-ed4", &mpu->id_iomem,
1061                              0xfffed400, 0x100);
1062     memory_region_add_subregion(memory, 0xfffed400, &mpu->id_iomem_ed4);
1063     if (!cpu_is_omap15xx(mpu)) {
1064         memory_region_init_alias(&mpu->id_iomem_ed4, NULL, "omap-id-e20",
1065                                  &mpu->id_iomem, 0xfffe2000, 0x800);
1066         memory_region_add_subregion(memory, 0xfffe2000, &mpu->id_iomem_e20);
1067     }
1068 }
1069 
1070 /* MPUI Control (Dummy) */
1071 static uint64_t omap_mpui_read(void *opaque, hwaddr addr,
1072                                unsigned size)
1073 {
1074     struct omap_mpu_state_s *s = opaque;
1075 
1076     if (size != 4) {
1077         return omap_badwidth_read32(opaque, addr);
1078     }
1079 
1080     switch (addr) {
1081     case 0x00:	/* CTRL */
1082         return s->mpui_ctrl;
1083     case 0x04:	/* DEBUG_ADDR */
1084         return 0x01ffffff;
1085     case 0x08:	/* DEBUG_DATA */
1086         return 0xffffffff;
1087     case 0x0c:	/* DEBUG_FLAG */
1088         return 0x00000800;
1089     case 0x10:	/* STATUS */
1090         return 0x00000000;
1091 
1092     /* Not in OMAP310 */
1093     case 0x14:	/* DSP_STATUS */
1094     case 0x18:	/* DSP_BOOT_CONFIG */
1095         return 0x00000000;
1096     case 0x1c:	/* DSP_MPUI_CONFIG */
1097         return 0x0000ffff;
1098     }
1099 
1100     OMAP_BAD_REG(addr);
1101     return 0;
1102 }
1103 
1104 static void omap_mpui_write(void *opaque, hwaddr addr,
1105                             uint64_t value, unsigned size)
1106 {
1107     struct omap_mpu_state_s *s = opaque;
1108 
1109     if (size != 4) {
1110         omap_badwidth_write32(opaque, addr, value);
1111         return;
1112     }
1113 
1114     switch (addr) {
1115     case 0x00:	/* CTRL */
1116         s->mpui_ctrl = value & 0x007fffff;
1117         break;
1118 
1119     case 0x04:	/* DEBUG_ADDR */
1120     case 0x08:	/* DEBUG_DATA */
1121     case 0x0c:	/* DEBUG_FLAG */
1122     case 0x10:	/* STATUS */
1123     /* Not in OMAP310 */
1124     case 0x14:	/* DSP_STATUS */
1125         OMAP_RO_REG(addr);
1126         break;
1127     case 0x18:	/* DSP_BOOT_CONFIG */
1128     case 0x1c:	/* DSP_MPUI_CONFIG */
1129         break;
1130 
1131     default:
1132         OMAP_BAD_REG(addr);
1133     }
1134 }
1135 
1136 static const MemoryRegionOps omap_mpui_ops = {
1137     .read = omap_mpui_read,
1138     .write = omap_mpui_write,
1139     .endianness = DEVICE_NATIVE_ENDIAN,
1140 };
1141 
1142 static void omap_mpui_reset(struct omap_mpu_state_s *s)
1143 {
1144     s->mpui_ctrl = 0x0003ff1b;
1145 }
1146 
1147 static void omap_mpui_init(MemoryRegion *memory, hwaddr base,
1148                 struct omap_mpu_state_s *mpu)
1149 {
1150     memory_region_init_io(&mpu->mpui_iomem, NULL, &omap_mpui_ops, mpu,
1151                           "omap-mpui", 0x100);
1152     memory_region_add_subregion(memory, base, &mpu->mpui_iomem);
1153 
1154     omap_mpui_reset(mpu);
1155 }
1156 
1157 /* TIPB Bridges */
1158 struct omap_tipb_bridge_s {
1159     qemu_irq abort;
1160     MemoryRegion iomem;
1161 
1162     int width_intr;
1163     uint16_t control;
1164     uint16_t alloc;
1165     uint16_t buffer;
1166     uint16_t enh_control;
1167 };
1168 
1169 static uint64_t omap_tipb_bridge_read(void *opaque, hwaddr addr,
1170                                       unsigned size)
1171 {
1172     struct omap_tipb_bridge_s *s = opaque;
1173 
1174     if (size < 2) {
1175         return omap_badwidth_read16(opaque, addr);
1176     }
1177 
1178     switch (addr) {
1179     case 0x00:	/* TIPB_CNTL */
1180         return s->control;
1181     case 0x04:	/* TIPB_BUS_ALLOC */
1182         return s->alloc;
1183     case 0x08:	/* MPU_TIPB_CNTL */
1184         return s->buffer;
1185     case 0x0c:	/* ENHANCED_TIPB_CNTL */
1186         return s->enh_control;
1187     case 0x10:	/* ADDRESS_DBG */
1188     case 0x14:	/* DATA_DEBUG_LOW */
1189     case 0x18:	/* DATA_DEBUG_HIGH */
1190         return 0xffff;
1191     case 0x1c:	/* DEBUG_CNTR_SIG */
1192         return 0x00f8;
1193     }
1194 
1195     OMAP_BAD_REG(addr);
1196     return 0;
1197 }
1198 
1199 static void omap_tipb_bridge_write(void *opaque, hwaddr addr,
1200                                    uint64_t value, unsigned size)
1201 {
1202     struct omap_tipb_bridge_s *s = opaque;
1203 
1204     if (size < 2) {
1205         omap_badwidth_write16(opaque, addr, value);
1206         return;
1207     }
1208 
1209     switch (addr) {
1210     case 0x00:	/* TIPB_CNTL */
1211         s->control = value & 0xffff;
1212         break;
1213 
1214     case 0x04:	/* TIPB_BUS_ALLOC */
1215         s->alloc = value & 0x003f;
1216         break;
1217 
1218     case 0x08:	/* MPU_TIPB_CNTL */
1219         s->buffer = value & 0x0003;
1220         break;
1221 
1222     case 0x0c:	/* ENHANCED_TIPB_CNTL */
1223         s->width_intr = !(value & 2);
1224         s->enh_control = value & 0x000f;
1225         break;
1226 
1227     case 0x10:	/* ADDRESS_DBG */
1228     case 0x14:	/* DATA_DEBUG_LOW */
1229     case 0x18:	/* DATA_DEBUG_HIGH */
1230     case 0x1c:	/* DEBUG_CNTR_SIG */
1231         OMAP_RO_REG(addr);
1232         break;
1233 
1234     default:
1235         OMAP_BAD_REG(addr);
1236     }
1237 }
1238 
1239 static const MemoryRegionOps omap_tipb_bridge_ops = {
1240     .read = omap_tipb_bridge_read,
1241     .write = omap_tipb_bridge_write,
1242     .endianness = DEVICE_NATIVE_ENDIAN,
1243 };
1244 
1245 static void omap_tipb_bridge_reset(struct omap_tipb_bridge_s *s)
1246 {
1247     s->control = 0xffff;
1248     s->alloc = 0x0009;
1249     s->buffer = 0x0000;
1250     s->enh_control = 0x000f;
1251 }
1252 
1253 static struct omap_tipb_bridge_s *omap_tipb_bridge_init(
1254     MemoryRegion *memory, hwaddr base,
1255     qemu_irq abort_irq, omap_clk clk)
1256 {
1257     struct omap_tipb_bridge_s *s = g_new0(struct omap_tipb_bridge_s, 1);
1258 
1259     s->abort = abort_irq;
1260     omap_tipb_bridge_reset(s);
1261 
1262     memory_region_init_io(&s->iomem, NULL, &omap_tipb_bridge_ops, s,
1263                           "omap-tipb-bridge", 0x100);
1264     memory_region_add_subregion(memory, base, &s->iomem);
1265 
1266     return s;
1267 }
1268 
1269 /* Dummy Traffic Controller's Memory Interface */
1270 static uint64_t omap_tcmi_read(void *opaque, hwaddr addr,
1271                                unsigned size)
1272 {
1273     struct omap_mpu_state_s *s = opaque;
1274     uint32_t ret;
1275 
1276     if (size != 4) {
1277         return omap_badwidth_read32(opaque, addr);
1278     }
1279 
1280     switch (addr) {
1281     case 0x00:	/* IMIF_PRIO */
1282     case 0x04:	/* EMIFS_PRIO */
1283     case 0x08:	/* EMIFF_PRIO */
1284     case 0x0c:	/* EMIFS_CONFIG */
1285     case 0x10:	/* EMIFS_CS0_CONFIG */
1286     case 0x14:	/* EMIFS_CS1_CONFIG */
1287     case 0x18:	/* EMIFS_CS2_CONFIG */
1288     case 0x1c:	/* EMIFS_CS3_CONFIG */
1289     case 0x24:	/* EMIFF_MRS */
1290     case 0x28:	/* TIMEOUT1 */
1291     case 0x2c:	/* TIMEOUT2 */
1292     case 0x30:	/* TIMEOUT3 */
1293     case 0x3c:	/* EMIFF_SDRAM_CONFIG_2 */
1294     case 0x40:	/* EMIFS_CFG_DYN_WAIT */
1295         return s->tcmi_regs[addr >> 2];
1296 
1297     case 0x20:	/* EMIFF_SDRAM_CONFIG */
1298         ret = s->tcmi_regs[addr >> 2];
1299         s->tcmi_regs[addr >> 2] &= ~1; /* XXX: Clear SLRF on SDRAM access */
1300         /* XXX: We can try using the VGA_DIRTY flag for this */
1301         return ret;
1302     }
1303 
1304     OMAP_BAD_REG(addr);
1305     return 0;
1306 }
1307 
1308 static void omap_tcmi_write(void *opaque, hwaddr addr,
1309                             uint64_t value, unsigned size)
1310 {
1311     struct omap_mpu_state_s *s = opaque;
1312 
1313     if (size != 4) {
1314         omap_badwidth_write32(opaque, addr, value);
1315         return;
1316     }
1317 
1318     switch (addr) {
1319     case 0x00:	/* IMIF_PRIO */
1320     case 0x04:	/* EMIFS_PRIO */
1321     case 0x08:	/* EMIFF_PRIO */
1322     case 0x10:	/* EMIFS_CS0_CONFIG */
1323     case 0x14:	/* EMIFS_CS1_CONFIG */
1324     case 0x18:	/* EMIFS_CS2_CONFIG */
1325     case 0x1c:	/* EMIFS_CS3_CONFIG */
1326     case 0x20:	/* EMIFF_SDRAM_CONFIG */
1327     case 0x24:	/* EMIFF_MRS */
1328     case 0x28:	/* TIMEOUT1 */
1329     case 0x2c:	/* TIMEOUT2 */
1330     case 0x30:	/* TIMEOUT3 */
1331     case 0x3c:	/* EMIFF_SDRAM_CONFIG_2 */
1332     case 0x40:	/* EMIFS_CFG_DYN_WAIT */
1333         s->tcmi_regs[addr >> 2] = value;
1334         break;
1335     case 0x0c:	/* EMIFS_CONFIG */
1336         s->tcmi_regs[addr >> 2] = (value & 0xf) | (1 << 4);
1337         break;
1338 
1339     default:
1340         OMAP_BAD_REG(addr);
1341     }
1342 }
1343 
1344 static const MemoryRegionOps omap_tcmi_ops = {
1345     .read = omap_tcmi_read,
1346     .write = omap_tcmi_write,
1347     .endianness = DEVICE_NATIVE_ENDIAN,
1348 };
1349 
1350 static void omap_tcmi_reset(struct omap_mpu_state_s *mpu)
1351 {
1352     mpu->tcmi_regs[0x00 >> 2] = 0x00000000;
1353     mpu->tcmi_regs[0x04 >> 2] = 0x00000000;
1354     mpu->tcmi_regs[0x08 >> 2] = 0x00000000;
1355     mpu->tcmi_regs[0x0c >> 2] = 0x00000010;
1356     mpu->tcmi_regs[0x10 >> 2] = 0x0010fffb;
1357     mpu->tcmi_regs[0x14 >> 2] = 0x0010fffb;
1358     mpu->tcmi_regs[0x18 >> 2] = 0x0010fffb;
1359     mpu->tcmi_regs[0x1c >> 2] = 0x0010fffb;
1360     mpu->tcmi_regs[0x20 >> 2] = 0x00618800;
1361     mpu->tcmi_regs[0x24 >> 2] = 0x00000037;
1362     mpu->tcmi_regs[0x28 >> 2] = 0x00000000;
1363     mpu->tcmi_regs[0x2c >> 2] = 0x00000000;
1364     mpu->tcmi_regs[0x30 >> 2] = 0x00000000;
1365     mpu->tcmi_regs[0x3c >> 2] = 0x00000003;
1366     mpu->tcmi_regs[0x40 >> 2] = 0x00000000;
1367 }
1368 
1369 static void omap_tcmi_init(MemoryRegion *memory, hwaddr base,
1370                 struct omap_mpu_state_s *mpu)
1371 {
1372     memory_region_init_io(&mpu->tcmi_iomem, NULL, &omap_tcmi_ops, mpu,
1373                           "omap-tcmi", 0x100);
1374     memory_region_add_subregion(memory, base, &mpu->tcmi_iomem);
1375     omap_tcmi_reset(mpu);
1376 }
1377 
1378 /* Digital phase-locked loops control */
1379 struct dpll_ctl_s {
1380     MemoryRegion iomem;
1381     uint16_t mode;
1382     omap_clk dpll;
1383 };
1384 
1385 static uint64_t omap_dpll_read(void *opaque, hwaddr addr,
1386                                unsigned size)
1387 {
1388     struct dpll_ctl_s *s = opaque;
1389 
1390     if (size != 2) {
1391         return omap_badwidth_read16(opaque, addr);
1392     }
1393 
1394     if (addr == 0x00)	/* CTL_REG */
1395         return s->mode;
1396 
1397     OMAP_BAD_REG(addr);
1398     return 0;
1399 }
1400 
1401 static void omap_dpll_write(void *opaque, hwaddr addr,
1402                             uint64_t value, unsigned size)
1403 {
1404     struct dpll_ctl_s *s = opaque;
1405     uint16_t diff;
1406     static const int bypass_div[4] = { 1, 2, 4, 4 };
1407     int div, mult;
1408 
1409     if (size != 2) {
1410         omap_badwidth_write16(opaque, addr, value);
1411         return;
1412     }
1413 
1414     if (addr == 0x00) {	/* CTL_REG */
1415         /* See omap_ulpd_pm_write() too */
1416         diff = s->mode & value;
1417         s->mode = value & 0x2fff;
1418         if (diff & (0x3ff << 2)) {
1419             if (value & (1 << 4)) {			/* PLL_ENABLE */
1420                 div = ((value >> 5) & 3) + 1;		/* PLL_DIV */
1421                 mult = MIN((value >> 7) & 0x1f, 1);	/* PLL_MULT */
1422             } else {
1423                 div = bypass_div[((value >> 2) & 3)];	/* BYPASS_DIV */
1424                 mult = 1;
1425             }
1426             omap_clk_setrate(s->dpll, div, mult);
1427         }
1428 
1429         /* Enter the desired mode.  */
1430         s->mode = (s->mode & 0xfffe) | ((s->mode >> 4) & 1);
1431 
1432         /* Act as if the lock is restored.  */
1433         s->mode |= 2;
1434     } else {
1435         OMAP_BAD_REG(addr);
1436     }
1437 }
1438 
1439 static const MemoryRegionOps omap_dpll_ops = {
1440     .read = omap_dpll_read,
1441     .write = omap_dpll_write,
1442     .endianness = DEVICE_NATIVE_ENDIAN,
1443 };
1444 
1445 static void omap_dpll_reset(struct dpll_ctl_s *s)
1446 {
1447     s->mode = 0x2002;
1448     omap_clk_setrate(s->dpll, 1, 1);
1449 }
1450 
1451 static struct dpll_ctl_s  *omap_dpll_init(MemoryRegion *memory,
1452                            hwaddr base, omap_clk clk)
1453 {
1454     struct dpll_ctl_s *s = g_malloc0(sizeof(*s));
1455     memory_region_init_io(&s->iomem, NULL, &omap_dpll_ops, s, "omap-dpll", 0x100);
1456 
1457     s->dpll = clk;
1458     omap_dpll_reset(s);
1459 
1460     memory_region_add_subregion(memory, base, &s->iomem);
1461     return s;
1462 }
1463 
1464 /* MPU Clock/Reset/Power Mode Control */
1465 static uint64_t omap_clkm_read(void *opaque, hwaddr addr,
1466                                unsigned size)
1467 {
1468     struct omap_mpu_state_s *s = opaque;
1469 
1470     if (size != 2) {
1471         return omap_badwidth_read16(opaque, addr);
1472     }
1473 
1474     switch (addr) {
1475     case 0x00:	/* ARM_CKCTL */
1476         return s->clkm.arm_ckctl;
1477 
1478     case 0x04:	/* ARM_IDLECT1 */
1479         return s->clkm.arm_idlect1;
1480 
1481     case 0x08:	/* ARM_IDLECT2 */
1482         return s->clkm.arm_idlect2;
1483 
1484     case 0x0c:	/* ARM_EWUPCT */
1485         return s->clkm.arm_ewupct;
1486 
1487     case 0x10:	/* ARM_RSTCT1 */
1488         return s->clkm.arm_rstct1;
1489 
1490     case 0x14:	/* ARM_RSTCT2 */
1491         return s->clkm.arm_rstct2;
1492 
1493     case 0x18:	/* ARM_SYSST */
1494         return (s->clkm.clocking_scheme << 11) | s->clkm.cold_start;
1495 
1496     case 0x1c:	/* ARM_CKOUT1 */
1497         return s->clkm.arm_ckout1;
1498 
1499     case 0x20:	/* ARM_CKOUT2 */
1500         break;
1501     }
1502 
1503     OMAP_BAD_REG(addr);
1504     return 0;
1505 }
1506 
1507 static inline void omap_clkm_ckctl_update(struct omap_mpu_state_s *s,
1508                 uint16_t diff, uint16_t value)
1509 {
1510     omap_clk clk;
1511 
1512     if (diff & (1 << 14)) {				/* ARM_INTHCK_SEL */
1513         if (value & (1 << 14))
1514             /* Reserved */;
1515         else {
1516             clk = omap_findclk(s, "arminth_ck");
1517             omap_clk_reparent(clk, omap_findclk(s, "tc_ck"));
1518         }
1519     }
1520     if (diff & (1 << 12)) {				/* ARM_TIMXO */
1521         clk = omap_findclk(s, "armtim_ck");
1522         if (value & (1 << 12))
1523             omap_clk_reparent(clk, omap_findclk(s, "clkin"));
1524         else
1525             omap_clk_reparent(clk, omap_findclk(s, "ck_gen1"));
1526     }
1527     /* XXX: en_dspck */
1528     if (diff & (3 << 10)) {				/* DSPMMUDIV */
1529         clk = omap_findclk(s, "dspmmu_ck");
1530         omap_clk_setrate(clk, 1 << ((value >> 10) & 3), 1);
1531     }
1532     if (diff & (3 << 8)) {				/* TCDIV */
1533         clk = omap_findclk(s, "tc_ck");
1534         omap_clk_setrate(clk, 1 << ((value >> 8) & 3), 1);
1535     }
1536     if (diff & (3 << 6)) {				/* DSPDIV */
1537         clk = omap_findclk(s, "dsp_ck");
1538         omap_clk_setrate(clk, 1 << ((value >> 6) & 3), 1);
1539     }
1540     if (diff & (3 << 4)) {				/* ARMDIV */
1541         clk = omap_findclk(s, "arm_ck");
1542         omap_clk_setrate(clk, 1 << ((value >> 4) & 3), 1);
1543     }
1544     if (diff & (3 << 2)) {				/* LCDDIV */
1545         clk = omap_findclk(s, "lcd_ck");
1546         omap_clk_setrate(clk, 1 << ((value >> 2) & 3), 1);
1547     }
1548     if (diff & (3 << 0)) {				/* PERDIV */
1549         clk = omap_findclk(s, "armper_ck");
1550         omap_clk_setrate(clk, 1 << ((value >> 0) & 3), 1);
1551     }
1552 }
1553 
1554 static inline void omap_clkm_idlect1_update(struct omap_mpu_state_s *s,
1555                 uint16_t diff, uint16_t value)
1556 {
1557     omap_clk clk;
1558 
1559     if (value & (1 << 11)) {                            /* SETARM_IDLE */
1560         cpu_interrupt(CPU(s->cpu), CPU_INTERRUPT_HALT);
1561     }
1562     if (!(value & (1 << 10))) {                         /* WKUP_MODE */
1563         /* XXX: disable wakeup from IRQ */
1564         qemu_system_shutdown_request(SHUTDOWN_CAUSE_GUEST_SHUTDOWN);
1565     }
1566 
1567 #define SET_CANIDLE(clock, bit)				\
1568     if (diff & (1 << bit)) {				\
1569         clk = omap_findclk(s, clock);			\
1570         omap_clk_canidle(clk, (value >> bit) & 1);	\
1571     }
1572     SET_CANIDLE("mpuwd_ck", 0)				/* IDLWDT_ARM */
1573     SET_CANIDLE("armxor_ck", 1)				/* IDLXORP_ARM */
1574     SET_CANIDLE("mpuper_ck", 2)				/* IDLPER_ARM */
1575     SET_CANIDLE("lcd_ck", 3)				/* IDLLCD_ARM */
1576     SET_CANIDLE("lb_ck", 4)				/* IDLLB_ARM */
1577     SET_CANIDLE("hsab_ck", 5)				/* IDLHSAB_ARM */
1578     SET_CANIDLE("tipb_ck", 6)				/* IDLIF_ARM */
1579     SET_CANIDLE("dma_ck", 6)				/* IDLIF_ARM */
1580     SET_CANIDLE("tc_ck", 6)				/* IDLIF_ARM */
1581     SET_CANIDLE("dpll1", 7)				/* IDLDPLL_ARM */
1582     SET_CANIDLE("dpll2", 7)				/* IDLDPLL_ARM */
1583     SET_CANIDLE("dpll3", 7)				/* IDLDPLL_ARM */
1584     SET_CANIDLE("mpui_ck", 8)				/* IDLAPI_ARM */
1585     SET_CANIDLE("armtim_ck", 9)				/* IDLTIM_ARM */
1586 }
1587 
1588 static inline void omap_clkm_idlect2_update(struct omap_mpu_state_s *s,
1589                 uint16_t diff, uint16_t value)
1590 {
1591     omap_clk clk;
1592 
1593 #define SET_ONOFF(clock, bit)				\
1594     if (diff & (1 << bit)) {				\
1595         clk = omap_findclk(s, clock);			\
1596         omap_clk_onoff(clk, (value >> bit) & 1);	\
1597     }
1598     SET_ONOFF("mpuwd_ck", 0)				/* EN_WDTCK */
1599     SET_ONOFF("armxor_ck", 1)				/* EN_XORPCK */
1600     SET_ONOFF("mpuper_ck", 2)				/* EN_PERCK */
1601     SET_ONOFF("lcd_ck", 3)				/* EN_LCDCK */
1602     SET_ONOFF("lb_ck", 4)				/* EN_LBCK */
1603     SET_ONOFF("hsab_ck", 5)				/* EN_HSABCK */
1604     SET_ONOFF("mpui_ck", 6)				/* EN_APICK */
1605     SET_ONOFF("armtim_ck", 7)				/* EN_TIMCK */
1606     SET_CANIDLE("dma_ck", 8)				/* DMACK_REQ */
1607     SET_ONOFF("arm_gpio_ck", 9)				/* EN_GPIOCK */
1608     SET_ONOFF("lbfree_ck", 10)				/* EN_LBFREECK */
1609 }
1610 
1611 static inline void omap_clkm_ckout1_update(struct omap_mpu_state_s *s,
1612                 uint16_t diff, uint16_t value)
1613 {
1614     omap_clk clk;
1615 
1616     if (diff & (3 << 4)) {				/* TCLKOUT */
1617         clk = omap_findclk(s, "tclk_out");
1618         switch ((value >> 4) & 3) {
1619         case 1:
1620             omap_clk_reparent(clk, omap_findclk(s, "ck_gen3"));
1621             omap_clk_onoff(clk, 1);
1622             break;
1623         case 2:
1624             omap_clk_reparent(clk, omap_findclk(s, "tc_ck"));
1625             omap_clk_onoff(clk, 1);
1626             break;
1627         default:
1628             omap_clk_onoff(clk, 0);
1629         }
1630     }
1631     if (diff & (3 << 2)) {				/* DCLKOUT */
1632         clk = omap_findclk(s, "dclk_out");
1633         switch ((value >> 2) & 3) {
1634         case 0:
1635             omap_clk_reparent(clk, omap_findclk(s, "dspmmu_ck"));
1636             break;
1637         case 1:
1638             omap_clk_reparent(clk, omap_findclk(s, "ck_gen2"));
1639             break;
1640         case 2:
1641             omap_clk_reparent(clk, omap_findclk(s, "dsp_ck"));
1642             break;
1643         case 3:
1644             omap_clk_reparent(clk, omap_findclk(s, "ck_ref14"));
1645             break;
1646         }
1647     }
1648     if (diff & (3 << 0)) {				/* ACLKOUT */
1649         clk = omap_findclk(s, "aclk_out");
1650         switch ((value >> 0) & 3) {
1651         case 1:
1652             omap_clk_reparent(clk, omap_findclk(s, "ck_gen1"));
1653             omap_clk_onoff(clk, 1);
1654             break;
1655         case 2:
1656             omap_clk_reparent(clk, omap_findclk(s, "arm_ck"));
1657             omap_clk_onoff(clk, 1);
1658             break;
1659         case 3:
1660             omap_clk_reparent(clk, omap_findclk(s, "ck_ref14"));
1661             omap_clk_onoff(clk, 1);
1662             break;
1663         default:
1664             omap_clk_onoff(clk, 0);
1665         }
1666     }
1667 }
1668 
1669 static void omap_clkm_write(void *opaque, hwaddr addr,
1670                             uint64_t value, unsigned size)
1671 {
1672     struct omap_mpu_state_s *s = opaque;
1673     uint16_t diff;
1674     omap_clk clk;
1675     static const char *clkschemename[8] = {
1676         "fully synchronous", "fully asynchronous", "synchronous scalable",
1677         "mix mode 1", "mix mode 2", "bypass mode", "mix mode 3", "mix mode 4",
1678     };
1679 
1680     if (size != 2) {
1681         omap_badwidth_write16(opaque, addr, value);
1682         return;
1683     }
1684 
1685     switch (addr) {
1686     case 0x00:	/* ARM_CKCTL */
1687         diff = s->clkm.arm_ckctl ^ value;
1688         s->clkm.arm_ckctl = value & 0x7fff;
1689         omap_clkm_ckctl_update(s, diff, value);
1690         return;
1691 
1692     case 0x04:	/* ARM_IDLECT1 */
1693         diff = s->clkm.arm_idlect1 ^ value;
1694         s->clkm.arm_idlect1 = value & 0x0fff;
1695         omap_clkm_idlect1_update(s, diff, value);
1696         return;
1697 
1698     case 0x08:	/* ARM_IDLECT2 */
1699         diff = s->clkm.arm_idlect2 ^ value;
1700         s->clkm.arm_idlect2 = value & 0x07ff;
1701         omap_clkm_idlect2_update(s, diff, value);
1702         return;
1703 
1704     case 0x0c:	/* ARM_EWUPCT */
1705         s->clkm.arm_ewupct = value & 0x003f;
1706         return;
1707 
1708     case 0x10:	/* ARM_RSTCT1 */
1709         diff = s->clkm.arm_rstct1 ^ value;
1710         s->clkm.arm_rstct1 = value & 0x0007;
1711         if (value & 9) {
1712             qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET);
1713             s->clkm.cold_start = 0xa;
1714         }
1715         if (diff & ~value & 4) {				/* DSP_RST */
1716             omap_mpui_reset(s);
1717             omap_tipb_bridge_reset(s->private_tipb);
1718             omap_tipb_bridge_reset(s->public_tipb);
1719         }
1720         if (diff & 2) {						/* DSP_EN */
1721             clk = omap_findclk(s, "dsp_ck");
1722             omap_clk_canidle(clk, (~value >> 1) & 1);
1723         }
1724         return;
1725 
1726     case 0x14:	/* ARM_RSTCT2 */
1727         s->clkm.arm_rstct2 = value & 0x0001;
1728         return;
1729 
1730     case 0x18:	/* ARM_SYSST */
1731         if ((s->clkm.clocking_scheme ^ (value >> 11)) & 7) {
1732             s->clkm.clocking_scheme = (value >> 11) & 7;
1733             printf("%s: clocking scheme set to %s\n", __func__,
1734                    clkschemename[s->clkm.clocking_scheme]);
1735         }
1736         s->clkm.cold_start &= value & 0x3f;
1737         return;
1738 
1739     case 0x1c:	/* ARM_CKOUT1 */
1740         diff = s->clkm.arm_ckout1 ^ value;
1741         s->clkm.arm_ckout1 = value & 0x003f;
1742         omap_clkm_ckout1_update(s, diff, value);
1743         return;
1744 
1745     case 0x20:	/* ARM_CKOUT2 */
1746     default:
1747         OMAP_BAD_REG(addr);
1748     }
1749 }
1750 
1751 static const MemoryRegionOps omap_clkm_ops = {
1752     .read = omap_clkm_read,
1753     .write = omap_clkm_write,
1754     .endianness = DEVICE_NATIVE_ENDIAN,
1755 };
1756 
1757 static uint64_t omap_clkdsp_read(void *opaque, hwaddr addr,
1758                                  unsigned size)
1759 {
1760     struct omap_mpu_state_s *s = opaque;
1761     CPUState *cpu = CPU(s->cpu);
1762 
1763     if (size != 2) {
1764         return omap_badwidth_read16(opaque, addr);
1765     }
1766 
1767     switch (addr) {
1768     case 0x04:	/* DSP_IDLECT1 */
1769         return s->clkm.dsp_idlect1;
1770 
1771     case 0x08:	/* DSP_IDLECT2 */
1772         return s->clkm.dsp_idlect2;
1773 
1774     case 0x14:	/* DSP_RSTCT2 */
1775         return s->clkm.dsp_rstct2;
1776 
1777     case 0x18:	/* DSP_SYSST */
1778         return (s->clkm.clocking_scheme << 11) | s->clkm.cold_start |
1779                 (cpu->halted << 6);      /* Quite useless... */
1780     }
1781 
1782     OMAP_BAD_REG(addr);
1783     return 0;
1784 }
1785 
1786 static inline void omap_clkdsp_idlect1_update(struct omap_mpu_state_s *s,
1787                 uint16_t diff, uint16_t value)
1788 {
1789     omap_clk clk;
1790 
1791     SET_CANIDLE("dspxor_ck", 1);			/* IDLXORP_DSP */
1792 }
1793 
1794 static inline void omap_clkdsp_idlect2_update(struct omap_mpu_state_s *s,
1795                 uint16_t diff, uint16_t value)
1796 {
1797     omap_clk clk;
1798 
1799     SET_ONOFF("dspxor_ck", 1);				/* EN_XORPCK */
1800 }
1801 
1802 static void omap_clkdsp_write(void *opaque, hwaddr addr,
1803                               uint64_t value, unsigned size)
1804 {
1805     struct omap_mpu_state_s *s = opaque;
1806     uint16_t diff;
1807 
1808     if (size != 2) {
1809         omap_badwidth_write16(opaque, addr, value);
1810         return;
1811     }
1812 
1813     switch (addr) {
1814     case 0x04:	/* DSP_IDLECT1 */
1815         diff = s->clkm.dsp_idlect1 ^ value;
1816         s->clkm.dsp_idlect1 = value & 0x01f7;
1817         omap_clkdsp_idlect1_update(s, diff, value);
1818         break;
1819 
1820     case 0x08:	/* DSP_IDLECT2 */
1821         s->clkm.dsp_idlect2 = value & 0x0037;
1822         diff = s->clkm.dsp_idlect1 ^ value;
1823         omap_clkdsp_idlect2_update(s, diff, value);
1824         break;
1825 
1826     case 0x14:	/* DSP_RSTCT2 */
1827         s->clkm.dsp_rstct2 = value & 0x0001;
1828         break;
1829 
1830     case 0x18:	/* DSP_SYSST */
1831         s->clkm.cold_start &= value & 0x3f;
1832         break;
1833 
1834     default:
1835         OMAP_BAD_REG(addr);
1836     }
1837 }
1838 
1839 static const MemoryRegionOps omap_clkdsp_ops = {
1840     .read = omap_clkdsp_read,
1841     .write = omap_clkdsp_write,
1842     .endianness = DEVICE_NATIVE_ENDIAN,
1843 };
1844 
1845 static void omap_clkm_reset(struct omap_mpu_state_s *s)
1846 {
1847     if (s->wdt && s->wdt->reset)
1848         s->clkm.cold_start = 0x6;
1849     s->clkm.clocking_scheme = 0;
1850     omap_clkm_ckctl_update(s, ~0, 0x3000);
1851     s->clkm.arm_ckctl = 0x3000;
1852     omap_clkm_idlect1_update(s, s->clkm.arm_idlect1 ^ 0x0400, 0x0400);
1853     s->clkm.arm_idlect1 = 0x0400;
1854     omap_clkm_idlect2_update(s, s->clkm.arm_idlect2 ^ 0x0100, 0x0100);
1855     s->clkm.arm_idlect2 = 0x0100;
1856     s->clkm.arm_ewupct = 0x003f;
1857     s->clkm.arm_rstct1 = 0x0000;
1858     s->clkm.arm_rstct2 = 0x0000;
1859     s->clkm.arm_ckout1 = 0x0015;
1860     s->clkm.dpll1_mode = 0x2002;
1861     omap_clkdsp_idlect1_update(s, s->clkm.dsp_idlect1 ^ 0x0040, 0x0040);
1862     s->clkm.dsp_idlect1 = 0x0040;
1863     omap_clkdsp_idlect2_update(s, ~0, 0x0000);
1864     s->clkm.dsp_idlect2 = 0x0000;
1865     s->clkm.dsp_rstct2 = 0x0000;
1866 }
1867 
1868 static void omap_clkm_init(MemoryRegion *memory, hwaddr mpu_base,
1869                 hwaddr dsp_base, struct omap_mpu_state_s *s)
1870 {
1871     memory_region_init_io(&s->clkm_iomem, NULL, &omap_clkm_ops, s,
1872                           "omap-clkm", 0x100);
1873     memory_region_init_io(&s->clkdsp_iomem, NULL, &omap_clkdsp_ops, s,
1874                           "omap-clkdsp", 0x1000);
1875 
1876     s->clkm.arm_idlect1 = 0x03ff;
1877     s->clkm.arm_idlect2 = 0x0100;
1878     s->clkm.dsp_idlect1 = 0x0002;
1879     omap_clkm_reset(s);
1880     s->clkm.cold_start = 0x3a;
1881 
1882     memory_region_add_subregion(memory, mpu_base, &s->clkm_iomem);
1883     memory_region_add_subregion(memory, dsp_base, &s->clkdsp_iomem);
1884 }
1885 
1886 /* MPU I/O */
1887 struct omap_mpuio_s {
1888     qemu_irq irq;
1889     qemu_irq kbd_irq;
1890     qemu_irq *in;
1891     qemu_irq handler[16];
1892     qemu_irq wakeup;
1893     MemoryRegion iomem;
1894 
1895     uint16_t inputs;
1896     uint16_t outputs;
1897     uint16_t dir;
1898     uint16_t edge;
1899     uint16_t mask;
1900     uint16_t ints;
1901 
1902     uint16_t debounce;
1903     uint16_t latch;
1904     uint8_t event;
1905 
1906     uint8_t buttons[5];
1907     uint8_t row_latch;
1908     uint8_t cols;
1909     int kbd_mask;
1910     int clk;
1911 };
1912 
1913 static void omap_mpuio_set(void *opaque, int line, int level)
1914 {
1915     struct omap_mpuio_s *s = opaque;
1916     uint16_t prev = s->inputs;
1917 
1918     if (level)
1919         s->inputs |= 1 << line;
1920     else
1921         s->inputs &= ~(1 << line);
1922 
1923     if (((1 << line) & s->dir & ~s->mask) && s->clk) {
1924         if ((s->edge & s->inputs & ~prev) | (~s->edge & ~s->inputs & prev)) {
1925             s->ints |= 1 << line;
1926             qemu_irq_raise(s->irq);
1927             /* TODO: wakeup */
1928         }
1929         if ((s->event & (1 << 0)) &&		/* SET_GPIO_EVENT_MODE */
1930                 (s->event >> 1) == line)	/* PIN_SELECT */
1931             s->latch = s->inputs;
1932     }
1933 }
1934 
1935 static void omap_mpuio_kbd_update(struct omap_mpuio_s *s)
1936 {
1937     int i;
1938     uint8_t *row, rows = 0, cols = ~s->cols;
1939 
1940     for (row = s->buttons + 4, i = 1 << 4; i; row --, i >>= 1)
1941         if (*row & cols)
1942             rows |= i;
1943 
1944     qemu_set_irq(s->kbd_irq, rows && !s->kbd_mask && s->clk);
1945     s->row_latch = ~rows;
1946 }
1947 
1948 static uint64_t omap_mpuio_read(void *opaque, hwaddr addr,
1949                                 unsigned size)
1950 {
1951     struct omap_mpuio_s *s = opaque;
1952     int offset = addr & OMAP_MPUI_REG_MASK;
1953     uint16_t ret;
1954 
1955     if (size != 2) {
1956         return omap_badwidth_read16(opaque, addr);
1957     }
1958 
1959     switch (offset) {
1960     case 0x00:	/* INPUT_LATCH */
1961         return s->inputs;
1962 
1963     case 0x04:	/* OUTPUT_REG */
1964         return s->outputs;
1965 
1966     case 0x08:	/* IO_CNTL */
1967         return s->dir;
1968 
1969     case 0x10:	/* KBR_LATCH */
1970         return s->row_latch;
1971 
1972     case 0x14:	/* KBC_REG */
1973         return s->cols;
1974 
1975     case 0x18:	/* GPIO_EVENT_MODE_REG */
1976         return s->event;
1977 
1978     case 0x1c:	/* GPIO_INT_EDGE_REG */
1979         return s->edge;
1980 
1981     case 0x20:	/* KBD_INT */
1982         return (~s->row_latch & 0x1f) && !s->kbd_mask;
1983 
1984     case 0x24:	/* GPIO_INT */
1985         ret = s->ints;
1986         s->ints &= s->mask;
1987         if (ret)
1988             qemu_irq_lower(s->irq);
1989         return ret;
1990 
1991     case 0x28:	/* KBD_MASKIT */
1992         return s->kbd_mask;
1993 
1994     case 0x2c:	/* GPIO_MASKIT */
1995         return s->mask;
1996 
1997     case 0x30:	/* GPIO_DEBOUNCING_REG */
1998         return s->debounce;
1999 
2000     case 0x34:	/* GPIO_LATCH_REG */
2001         return s->latch;
2002     }
2003 
2004     OMAP_BAD_REG(addr);
2005     return 0;
2006 }
2007 
2008 static void omap_mpuio_write(void *opaque, hwaddr addr,
2009                              uint64_t value, unsigned size)
2010 {
2011     struct omap_mpuio_s *s = opaque;
2012     int offset = addr & OMAP_MPUI_REG_MASK;
2013     uint16_t diff;
2014     int ln;
2015 
2016     if (size != 2) {
2017         omap_badwidth_write16(opaque, addr, value);
2018         return;
2019     }
2020 
2021     switch (offset) {
2022     case 0x04:	/* OUTPUT_REG */
2023         diff = (s->outputs ^ value) & ~s->dir;
2024         s->outputs = value;
2025         while ((ln = ctz32(diff)) != 32) {
2026             if (s->handler[ln])
2027                 qemu_set_irq(s->handler[ln], (value >> ln) & 1);
2028             diff &= ~(1 << ln);
2029         }
2030         break;
2031 
2032     case 0x08:	/* IO_CNTL */
2033         diff = s->outputs & (s->dir ^ value);
2034         s->dir = value;
2035 
2036         value = s->outputs & ~s->dir;
2037         while ((ln = ctz32(diff)) != 32) {
2038             if (s->handler[ln])
2039                 qemu_set_irq(s->handler[ln], (value >> ln) & 1);
2040             diff &= ~(1 << ln);
2041         }
2042         break;
2043 
2044     case 0x14:	/* KBC_REG */
2045         s->cols = value;
2046         omap_mpuio_kbd_update(s);
2047         break;
2048 
2049     case 0x18:	/* GPIO_EVENT_MODE_REG */
2050         s->event = value & 0x1f;
2051         break;
2052 
2053     case 0x1c:	/* GPIO_INT_EDGE_REG */
2054         s->edge = value;
2055         break;
2056 
2057     case 0x28:	/* KBD_MASKIT */
2058         s->kbd_mask = value & 1;
2059         omap_mpuio_kbd_update(s);
2060         break;
2061 
2062     case 0x2c:	/* GPIO_MASKIT */
2063         s->mask = value;
2064         break;
2065 
2066     case 0x30:	/* GPIO_DEBOUNCING_REG */
2067         s->debounce = value & 0x1ff;
2068         break;
2069 
2070     case 0x00:	/* INPUT_LATCH */
2071     case 0x10:	/* KBR_LATCH */
2072     case 0x20:	/* KBD_INT */
2073     case 0x24:	/* GPIO_INT */
2074     case 0x34:	/* GPIO_LATCH_REG */
2075         OMAP_RO_REG(addr);
2076         return;
2077 
2078     default:
2079         OMAP_BAD_REG(addr);
2080         return;
2081     }
2082 }
2083 
2084 static const MemoryRegionOps omap_mpuio_ops  = {
2085     .read = omap_mpuio_read,
2086     .write = omap_mpuio_write,
2087     .endianness = DEVICE_NATIVE_ENDIAN,
2088 };
2089 
2090 static void omap_mpuio_reset(struct omap_mpuio_s *s)
2091 {
2092     s->inputs = 0;
2093     s->outputs = 0;
2094     s->dir = ~0;
2095     s->event = 0;
2096     s->edge = 0;
2097     s->kbd_mask = 0;
2098     s->mask = 0;
2099     s->debounce = 0;
2100     s->latch = 0;
2101     s->ints = 0;
2102     s->row_latch = 0x1f;
2103     s->clk = 1;
2104 }
2105 
2106 static void omap_mpuio_onoff(void *opaque, int line, int on)
2107 {
2108     struct omap_mpuio_s *s = opaque;
2109 
2110     s->clk = on;
2111     if (on)
2112         omap_mpuio_kbd_update(s);
2113 }
2114 
2115 static struct omap_mpuio_s *omap_mpuio_init(MemoryRegion *memory,
2116                 hwaddr base,
2117                 qemu_irq kbd_int, qemu_irq gpio_int, qemu_irq wakeup,
2118                 omap_clk clk)
2119 {
2120     struct omap_mpuio_s *s = g_new0(struct omap_mpuio_s, 1);
2121 
2122     s->irq = gpio_int;
2123     s->kbd_irq = kbd_int;
2124     s->wakeup = wakeup;
2125     s->in = qemu_allocate_irqs(omap_mpuio_set, s, 16);
2126     omap_mpuio_reset(s);
2127 
2128     memory_region_init_io(&s->iomem, NULL, &omap_mpuio_ops, s,
2129                           "omap-mpuio", 0x800);
2130     memory_region_add_subregion(memory, base, &s->iomem);
2131 
2132     omap_clk_adduser(clk, qemu_allocate_irq(omap_mpuio_onoff, s, 0));
2133 
2134     return s;
2135 }
2136 
2137 qemu_irq *omap_mpuio_in_get(struct omap_mpuio_s *s)
2138 {
2139     return s->in;
2140 }
2141 
2142 void omap_mpuio_out_set(struct omap_mpuio_s *s, int line, qemu_irq handler)
2143 {
2144     if (line >= 16 || line < 0)
2145         hw_error("%s: No GPIO line %i\n", __func__, line);
2146     s->handler[line] = handler;
2147 }
2148 
2149 void omap_mpuio_key(struct omap_mpuio_s *s, int row, int col, int down)
2150 {
2151     if (row >= 5 || row < 0)
2152         hw_error("%s: No key %i-%i\n", __func__, col, row);
2153 
2154     if (down)
2155         s->buttons[row] |= 1 << col;
2156     else
2157         s->buttons[row] &= ~(1 << col);
2158 
2159     omap_mpuio_kbd_update(s);
2160 }
2161 
2162 /* MicroWire Interface */
2163 struct omap_uwire_s {
2164     MemoryRegion iomem;
2165     qemu_irq txirq;
2166     qemu_irq rxirq;
2167     qemu_irq txdrq;
2168 
2169     uint16_t txbuf;
2170     uint16_t rxbuf;
2171     uint16_t control;
2172     uint16_t setup[5];
2173 
2174     uWireSlave *chip[4];
2175 };
2176 
2177 static void omap_uwire_transfer_start(struct omap_uwire_s *s)
2178 {
2179     int chipselect = (s->control >> 10) & 3;		/* INDEX */
2180     uWireSlave *slave = s->chip[chipselect];
2181 
2182     if ((s->control >> 5) & 0x1f) {			/* NB_BITS_WR */
2183         if (s->control & (1 << 12))			/* CS_CMD */
2184             if (slave && slave->send)
2185                 slave->send(slave->opaque,
2186                                 s->txbuf >> (16 - ((s->control >> 5) & 0x1f)));
2187         s->control &= ~(1 << 14);			/* CSRB */
2188         /* TODO: depending on s->setup[4] bits [1:0] assert an IRQ or
2189          * a DRQ.  When is the level IRQ supposed to be reset?  */
2190     }
2191 
2192     if ((s->control >> 0) & 0x1f) {			/* NB_BITS_RD */
2193         if (s->control & (1 << 12))			/* CS_CMD */
2194             if (slave && slave->receive)
2195                 s->rxbuf = slave->receive(slave->opaque);
2196         s->control |= 1 << 15;				/* RDRB */
2197         /* TODO: depending on s->setup[4] bits [1:0] assert an IRQ or
2198          * a DRQ.  When is the level IRQ supposed to be reset?  */
2199     }
2200 }
2201 
2202 static uint64_t omap_uwire_read(void *opaque, hwaddr addr, unsigned size)
2203 {
2204     struct omap_uwire_s *s = opaque;
2205     int offset = addr & OMAP_MPUI_REG_MASK;
2206 
2207     if (size != 2) {
2208         return omap_badwidth_read16(opaque, addr);
2209     }
2210 
2211     switch (offset) {
2212     case 0x00:	/* RDR */
2213         s->control &= ~(1 << 15);			/* RDRB */
2214         return s->rxbuf;
2215 
2216     case 0x04:	/* CSR */
2217         return s->control;
2218 
2219     case 0x08:	/* SR1 */
2220         return s->setup[0];
2221     case 0x0c:	/* SR2 */
2222         return s->setup[1];
2223     case 0x10:	/* SR3 */
2224         return s->setup[2];
2225     case 0x14:	/* SR4 */
2226         return s->setup[3];
2227     case 0x18:	/* SR5 */
2228         return s->setup[4];
2229     }
2230 
2231     OMAP_BAD_REG(addr);
2232     return 0;
2233 }
2234 
2235 static void omap_uwire_write(void *opaque, hwaddr addr,
2236                              uint64_t value, unsigned size)
2237 {
2238     struct omap_uwire_s *s = opaque;
2239     int offset = addr & OMAP_MPUI_REG_MASK;
2240 
2241     if (size != 2) {
2242         omap_badwidth_write16(opaque, addr, value);
2243         return;
2244     }
2245 
2246     switch (offset) {
2247     case 0x00:	/* TDR */
2248         s->txbuf = value;				/* TD */
2249         if ((s->setup[4] & (1 << 2)) &&			/* AUTO_TX_EN */
2250                         ((s->setup[4] & (1 << 3)) ||	/* CS_TOGGLE_TX_EN */
2251                          (s->control & (1 << 12)))) {	/* CS_CMD */
2252             s->control |= 1 << 14;			/* CSRB */
2253             omap_uwire_transfer_start(s);
2254         }
2255         break;
2256 
2257     case 0x04:	/* CSR */
2258         s->control = value & 0x1fff;
2259         if (value & (1 << 13))				/* START */
2260             omap_uwire_transfer_start(s);
2261         break;
2262 
2263     case 0x08:	/* SR1 */
2264         s->setup[0] = value & 0x003f;
2265         break;
2266 
2267     case 0x0c:	/* SR2 */
2268         s->setup[1] = value & 0x0fc0;
2269         break;
2270 
2271     case 0x10:	/* SR3 */
2272         s->setup[2] = value & 0x0003;
2273         break;
2274 
2275     case 0x14:	/* SR4 */
2276         s->setup[3] = value & 0x0001;
2277         break;
2278 
2279     case 0x18:	/* SR5 */
2280         s->setup[4] = value & 0x000f;
2281         break;
2282 
2283     default:
2284         OMAP_BAD_REG(addr);
2285         return;
2286     }
2287 }
2288 
2289 static const MemoryRegionOps omap_uwire_ops = {
2290     .read = omap_uwire_read,
2291     .write = omap_uwire_write,
2292     .endianness = DEVICE_NATIVE_ENDIAN,
2293 };
2294 
2295 static void omap_uwire_reset(struct omap_uwire_s *s)
2296 {
2297     s->control = 0;
2298     s->setup[0] = 0;
2299     s->setup[1] = 0;
2300     s->setup[2] = 0;
2301     s->setup[3] = 0;
2302     s->setup[4] = 0;
2303 }
2304 
2305 static struct omap_uwire_s *omap_uwire_init(MemoryRegion *system_memory,
2306                                             hwaddr base,
2307                                             qemu_irq txirq, qemu_irq rxirq,
2308                                             qemu_irq dma,
2309                                             omap_clk clk)
2310 {
2311     struct omap_uwire_s *s = g_new0(struct omap_uwire_s, 1);
2312 
2313     s->txirq = txirq;
2314     s->rxirq = rxirq;
2315     s->txdrq = dma;
2316     omap_uwire_reset(s);
2317 
2318     memory_region_init_io(&s->iomem, NULL, &omap_uwire_ops, s, "omap-uwire", 0x800);
2319     memory_region_add_subregion(system_memory, base, &s->iomem);
2320 
2321     return s;
2322 }
2323 
2324 void omap_uwire_attach(struct omap_uwire_s *s,
2325                 uWireSlave *slave, int chipselect)
2326 {
2327     if (chipselect < 0 || chipselect > 3) {
2328         error_report("%s: Bad chipselect %i", __func__, chipselect);
2329         exit(-1);
2330     }
2331 
2332     s->chip[chipselect] = slave;
2333 }
2334 
2335 /* Pseudonoise Pulse-Width Light Modulator */
2336 struct omap_pwl_s {
2337     MemoryRegion iomem;
2338     uint8_t output;
2339     uint8_t level;
2340     uint8_t enable;
2341     int clk;
2342 };
2343 
2344 static void omap_pwl_update(struct omap_pwl_s *s)
2345 {
2346     int output = (s->clk && s->enable) ? s->level : 0;
2347 
2348     if (output != s->output) {
2349         s->output = output;
2350         printf("%s: Backlight now at %i/256\n", __func__, output);
2351     }
2352 }
2353 
2354 static uint64_t omap_pwl_read(void *opaque, hwaddr addr, unsigned size)
2355 {
2356     struct omap_pwl_s *s = opaque;
2357     int offset = addr & OMAP_MPUI_REG_MASK;
2358 
2359     if (size != 1) {
2360         return omap_badwidth_read8(opaque, addr);
2361     }
2362 
2363     switch (offset) {
2364     case 0x00:	/* PWL_LEVEL */
2365         return s->level;
2366     case 0x04:	/* PWL_CTRL */
2367         return s->enable;
2368     }
2369     OMAP_BAD_REG(addr);
2370     return 0;
2371 }
2372 
2373 static void omap_pwl_write(void *opaque, hwaddr addr,
2374                            uint64_t value, unsigned size)
2375 {
2376     struct omap_pwl_s *s = opaque;
2377     int offset = addr & OMAP_MPUI_REG_MASK;
2378 
2379     if (size != 1) {
2380         omap_badwidth_write8(opaque, addr, value);
2381         return;
2382     }
2383 
2384     switch (offset) {
2385     case 0x00:	/* PWL_LEVEL */
2386         s->level = value;
2387         omap_pwl_update(s);
2388         break;
2389     case 0x04:	/* PWL_CTRL */
2390         s->enable = value & 1;
2391         omap_pwl_update(s);
2392         break;
2393     default:
2394         OMAP_BAD_REG(addr);
2395         return;
2396     }
2397 }
2398 
2399 static const MemoryRegionOps omap_pwl_ops = {
2400     .read = omap_pwl_read,
2401     .write = omap_pwl_write,
2402     .endianness = DEVICE_NATIVE_ENDIAN,
2403 };
2404 
2405 static void omap_pwl_reset(struct omap_pwl_s *s)
2406 {
2407     s->output = 0;
2408     s->level = 0;
2409     s->enable = 0;
2410     s->clk = 1;
2411     omap_pwl_update(s);
2412 }
2413 
2414 static void omap_pwl_clk_update(void *opaque, int line, int on)
2415 {
2416     struct omap_pwl_s *s = opaque;
2417 
2418     s->clk = on;
2419     omap_pwl_update(s);
2420 }
2421 
2422 static struct omap_pwl_s *omap_pwl_init(MemoryRegion *system_memory,
2423                                         hwaddr base,
2424                                         omap_clk clk)
2425 {
2426     struct omap_pwl_s *s = g_malloc0(sizeof(*s));
2427 
2428     omap_pwl_reset(s);
2429 
2430     memory_region_init_io(&s->iomem, NULL, &omap_pwl_ops, s,
2431                           "omap-pwl", 0x800);
2432     memory_region_add_subregion(system_memory, base, &s->iomem);
2433 
2434     omap_clk_adduser(clk, qemu_allocate_irq(omap_pwl_clk_update, s, 0));
2435     return s;
2436 }
2437 
2438 /* Pulse-Width Tone module */
2439 struct omap_pwt_s {
2440     MemoryRegion iomem;
2441     uint8_t frc;
2442     uint8_t vrc;
2443     uint8_t gcr;
2444     omap_clk clk;
2445 };
2446 
2447 static uint64_t omap_pwt_read(void *opaque, hwaddr addr, unsigned size)
2448 {
2449     struct omap_pwt_s *s = opaque;
2450     int offset = addr & OMAP_MPUI_REG_MASK;
2451 
2452     if (size != 1) {
2453         return omap_badwidth_read8(opaque, addr);
2454     }
2455 
2456     switch (offset) {
2457     case 0x00:	/* FRC */
2458         return s->frc;
2459     case 0x04:	/* VCR */
2460         return s->vrc;
2461     case 0x08:	/* GCR */
2462         return s->gcr;
2463     }
2464     OMAP_BAD_REG(addr);
2465     return 0;
2466 }
2467 
2468 static void omap_pwt_write(void *opaque, hwaddr addr,
2469                            uint64_t value, unsigned size)
2470 {
2471     struct omap_pwt_s *s = opaque;
2472     int offset = addr & OMAP_MPUI_REG_MASK;
2473 
2474     if (size != 1) {
2475         omap_badwidth_write8(opaque, addr, value);
2476         return;
2477     }
2478 
2479     switch (offset) {
2480     case 0x00:	/* FRC */
2481         s->frc = value & 0x3f;
2482         break;
2483     case 0x04:	/* VRC */
2484         if ((value ^ s->vrc) & 1) {
2485             if (value & 1)
2486                 printf("%s: %iHz buzz on\n", __func__, (int)
2487                                 /* 1.5 MHz from a 12-MHz or 13-MHz PWT_CLK */
2488                                 ((omap_clk_getrate(s->clk) >> 3) /
2489                                  /* Pre-multiplexer divider */
2490                                  ((s->gcr & 2) ? 1 : 154) /
2491                                  /* Octave multiplexer */
2492                                  (2 << (value & 3)) *
2493                                  /* 101/107 divider */
2494                                  ((value & (1 << 2)) ? 101 : 107) *
2495                                  /*  49/55 divider */
2496                                  ((value & (1 << 3)) ?  49 : 55) *
2497                                  /*  50/63 divider */
2498                                  ((value & (1 << 4)) ?  50 : 63) *
2499                                  /*  80/127 divider */
2500                                  ((value & (1 << 5)) ?  80 : 127) /
2501                                  (107 * 55 * 63 * 127)));
2502             else
2503                 printf("%s: silence!\n", __func__);
2504         }
2505         s->vrc = value & 0x7f;
2506         break;
2507     case 0x08:	/* GCR */
2508         s->gcr = value & 3;
2509         break;
2510     default:
2511         OMAP_BAD_REG(addr);
2512         return;
2513     }
2514 }
2515 
2516 static const MemoryRegionOps omap_pwt_ops = {
2517     .read =omap_pwt_read,
2518     .write = omap_pwt_write,
2519     .endianness = DEVICE_NATIVE_ENDIAN,
2520 };
2521 
2522 static void omap_pwt_reset(struct omap_pwt_s *s)
2523 {
2524     s->frc = 0;
2525     s->vrc = 0;
2526     s->gcr = 0;
2527 }
2528 
2529 static struct omap_pwt_s *omap_pwt_init(MemoryRegion *system_memory,
2530                                         hwaddr base,
2531                                         omap_clk clk)
2532 {
2533     struct omap_pwt_s *s = g_malloc0(sizeof(*s));
2534     s->clk = clk;
2535     omap_pwt_reset(s);
2536 
2537     memory_region_init_io(&s->iomem, NULL, &omap_pwt_ops, s,
2538                           "omap-pwt", 0x800);
2539     memory_region_add_subregion(system_memory, base, &s->iomem);
2540     return s;
2541 }
2542 
2543 /* Real-time Clock module */
2544 struct omap_rtc_s {
2545     MemoryRegion iomem;
2546     qemu_irq irq;
2547     qemu_irq alarm;
2548     QEMUTimer *clk;
2549 
2550     uint8_t interrupts;
2551     uint8_t status;
2552     int16_t comp_reg;
2553     int running;
2554     int pm_am;
2555     int auto_comp;
2556     int round;
2557     struct tm alarm_tm;
2558     time_t alarm_ti;
2559 
2560     struct tm current_tm;
2561     time_t ti;
2562     uint64_t tick;
2563 };
2564 
2565 static void omap_rtc_interrupts_update(struct omap_rtc_s *s)
2566 {
2567     /* s->alarm is level-triggered */
2568     qemu_set_irq(s->alarm, (s->status >> 6) & 1);
2569 }
2570 
2571 static void omap_rtc_alarm_update(struct omap_rtc_s *s)
2572 {
2573     s->alarm_ti = mktimegm(&s->alarm_tm);
2574     if (s->alarm_ti == -1)
2575         printf("%s: conversion failed\n", __func__);
2576 }
2577 
2578 static uint64_t omap_rtc_read(void *opaque, hwaddr addr, unsigned size)
2579 {
2580     struct omap_rtc_s *s = opaque;
2581     int offset = addr & OMAP_MPUI_REG_MASK;
2582     uint8_t i;
2583 
2584     if (size != 1) {
2585         return omap_badwidth_read8(opaque, addr);
2586     }
2587 
2588     switch (offset) {
2589     case 0x00:	/* SECONDS_REG */
2590         return to_bcd(s->current_tm.tm_sec);
2591 
2592     case 0x04:	/* MINUTES_REG */
2593         return to_bcd(s->current_tm.tm_min);
2594 
2595     case 0x08:	/* HOURS_REG */
2596         if (s->pm_am)
2597             return ((s->current_tm.tm_hour > 11) << 7) |
2598                     to_bcd(((s->current_tm.tm_hour - 1) % 12) + 1);
2599         else
2600             return to_bcd(s->current_tm.tm_hour);
2601 
2602     case 0x0c:	/* DAYS_REG */
2603         return to_bcd(s->current_tm.tm_mday);
2604 
2605     case 0x10:	/* MONTHS_REG */
2606         return to_bcd(s->current_tm.tm_mon + 1);
2607 
2608     case 0x14:	/* YEARS_REG */
2609         return to_bcd(s->current_tm.tm_year % 100);
2610 
2611     case 0x18:	/* WEEK_REG */
2612         return s->current_tm.tm_wday;
2613 
2614     case 0x20:	/* ALARM_SECONDS_REG */
2615         return to_bcd(s->alarm_tm.tm_sec);
2616 
2617     case 0x24:	/* ALARM_MINUTES_REG */
2618         return to_bcd(s->alarm_tm.tm_min);
2619 
2620     case 0x28:	/* ALARM_HOURS_REG */
2621         if (s->pm_am)
2622             return ((s->alarm_tm.tm_hour > 11) << 7) |
2623                     to_bcd(((s->alarm_tm.tm_hour - 1) % 12) + 1);
2624         else
2625             return to_bcd(s->alarm_tm.tm_hour);
2626 
2627     case 0x2c:	/* ALARM_DAYS_REG */
2628         return to_bcd(s->alarm_tm.tm_mday);
2629 
2630     case 0x30:	/* ALARM_MONTHS_REG */
2631         return to_bcd(s->alarm_tm.tm_mon + 1);
2632 
2633     case 0x34:	/* ALARM_YEARS_REG */
2634         return to_bcd(s->alarm_tm.tm_year % 100);
2635 
2636     case 0x40:	/* RTC_CTRL_REG */
2637         return (s->pm_am << 3) | (s->auto_comp << 2) |
2638                 (s->round << 1) | s->running;
2639 
2640     case 0x44:	/* RTC_STATUS_REG */
2641         i = s->status;
2642         s->status &= ~0x3d;
2643         return i;
2644 
2645     case 0x48:	/* RTC_INTERRUPTS_REG */
2646         return s->interrupts;
2647 
2648     case 0x4c:	/* RTC_COMP_LSB_REG */
2649         return ((uint16_t) s->comp_reg) & 0xff;
2650 
2651     case 0x50:	/* RTC_COMP_MSB_REG */
2652         return ((uint16_t) s->comp_reg) >> 8;
2653     }
2654 
2655     OMAP_BAD_REG(addr);
2656     return 0;
2657 }
2658 
2659 static void omap_rtc_write(void *opaque, hwaddr addr,
2660                            uint64_t value, unsigned size)
2661 {
2662     struct omap_rtc_s *s = opaque;
2663     int offset = addr & OMAP_MPUI_REG_MASK;
2664     struct tm new_tm;
2665     time_t ti[2];
2666 
2667     if (size != 1) {
2668         omap_badwidth_write8(opaque, addr, value);
2669         return;
2670     }
2671 
2672     switch (offset) {
2673     case 0x00:	/* SECONDS_REG */
2674 #ifdef ALMDEBUG
2675         printf("RTC SEC_REG <-- %02x\n", value);
2676 #endif
2677         s->ti -= s->current_tm.tm_sec;
2678         s->ti += from_bcd(value);
2679         return;
2680 
2681     case 0x04:	/* MINUTES_REG */
2682 #ifdef ALMDEBUG
2683         printf("RTC MIN_REG <-- %02x\n", value);
2684 #endif
2685         s->ti -= s->current_tm.tm_min * 60;
2686         s->ti += from_bcd(value) * 60;
2687         return;
2688 
2689     case 0x08:	/* HOURS_REG */
2690 #ifdef ALMDEBUG
2691         printf("RTC HRS_REG <-- %02x\n", value);
2692 #endif
2693         s->ti -= s->current_tm.tm_hour * 3600;
2694         if (s->pm_am) {
2695             s->ti += (from_bcd(value & 0x3f) & 12) * 3600;
2696             s->ti += ((value >> 7) & 1) * 43200;
2697         } else
2698             s->ti += from_bcd(value & 0x3f) * 3600;
2699         return;
2700 
2701     case 0x0c:	/* DAYS_REG */
2702 #ifdef ALMDEBUG
2703         printf("RTC DAY_REG <-- %02x\n", value);
2704 #endif
2705         s->ti -= s->current_tm.tm_mday * 86400;
2706         s->ti += from_bcd(value) * 86400;
2707         return;
2708 
2709     case 0x10:	/* MONTHS_REG */
2710 #ifdef ALMDEBUG
2711         printf("RTC MTH_REG <-- %02x\n", value);
2712 #endif
2713         memcpy(&new_tm, &s->current_tm, sizeof(new_tm));
2714         new_tm.tm_mon = from_bcd(value);
2715         ti[0] = mktimegm(&s->current_tm);
2716         ti[1] = mktimegm(&new_tm);
2717 
2718         if (ti[0] != -1 && ti[1] != -1) {
2719             s->ti -= ti[0];
2720             s->ti += ti[1];
2721         } else {
2722             /* A less accurate version */
2723             s->ti -= s->current_tm.tm_mon * 2592000;
2724             s->ti += from_bcd(value) * 2592000;
2725         }
2726         return;
2727 
2728     case 0x14:	/* YEARS_REG */
2729 #ifdef ALMDEBUG
2730         printf("RTC YRS_REG <-- %02x\n", value);
2731 #endif
2732         memcpy(&new_tm, &s->current_tm, sizeof(new_tm));
2733         new_tm.tm_year += from_bcd(value) - (new_tm.tm_year % 100);
2734         ti[0] = mktimegm(&s->current_tm);
2735         ti[1] = mktimegm(&new_tm);
2736 
2737         if (ti[0] != -1 && ti[1] != -1) {
2738             s->ti -= ti[0];
2739             s->ti += ti[1];
2740         } else {
2741             /* A less accurate version */
2742             s->ti -= (time_t)(s->current_tm.tm_year % 100) * 31536000;
2743             s->ti += (time_t)from_bcd(value) * 31536000;
2744         }
2745         return;
2746 
2747     case 0x18:	/* WEEK_REG */
2748         return;	/* Ignored */
2749 
2750     case 0x20:	/* ALARM_SECONDS_REG */
2751 #ifdef ALMDEBUG
2752         printf("ALM SEC_REG <-- %02x\n", value);
2753 #endif
2754         s->alarm_tm.tm_sec = from_bcd(value);
2755         omap_rtc_alarm_update(s);
2756         return;
2757 
2758     case 0x24:	/* ALARM_MINUTES_REG */
2759 #ifdef ALMDEBUG
2760         printf("ALM MIN_REG <-- %02x\n", value);
2761 #endif
2762         s->alarm_tm.tm_min = from_bcd(value);
2763         omap_rtc_alarm_update(s);
2764         return;
2765 
2766     case 0x28:	/* ALARM_HOURS_REG */
2767 #ifdef ALMDEBUG
2768         printf("ALM HRS_REG <-- %02x\n", value);
2769 #endif
2770         if (s->pm_am)
2771             s->alarm_tm.tm_hour =
2772                     ((from_bcd(value & 0x3f)) % 12) +
2773                     ((value >> 7) & 1) * 12;
2774         else
2775             s->alarm_tm.tm_hour = from_bcd(value);
2776         omap_rtc_alarm_update(s);
2777         return;
2778 
2779     case 0x2c:	/* ALARM_DAYS_REG */
2780 #ifdef ALMDEBUG
2781         printf("ALM DAY_REG <-- %02x\n", value);
2782 #endif
2783         s->alarm_tm.tm_mday = from_bcd(value);
2784         omap_rtc_alarm_update(s);
2785         return;
2786 
2787     case 0x30:	/* ALARM_MONTHS_REG */
2788 #ifdef ALMDEBUG
2789         printf("ALM MON_REG <-- %02x\n", value);
2790 #endif
2791         s->alarm_tm.tm_mon = from_bcd(value);
2792         omap_rtc_alarm_update(s);
2793         return;
2794 
2795     case 0x34:	/* ALARM_YEARS_REG */
2796 #ifdef ALMDEBUG
2797         printf("ALM YRS_REG <-- %02x\n", value);
2798 #endif
2799         s->alarm_tm.tm_year = from_bcd(value);
2800         omap_rtc_alarm_update(s);
2801         return;
2802 
2803     case 0x40:	/* RTC_CTRL_REG */
2804 #ifdef ALMDEBUG
2805         printf("RTC CONTROL <-- %02x\n", value);
2806 #endif
2807         s->pm_am = (value >> 3) & 1;
2808         s->auto_comp = (value >> 2) & 1;
2809         s->round = (value >> 1) & 1;
2810         s->running = value & 1;
2811         s->status &= 0xfd;
2812         s->status |= s->running << 1;
2813         return;
2814 
2815     case 0x44:	/* RTC_STATUS_REG */
2816 #ifdef ALMDEBUG
2817         printf("RTC STATUSL <-- %02x\n", value);
2818 #endif
2819         s->status &= ~((value & 0xc0) ^ 0x80);
2820         omap_rtc_interrupts_update(s);
2821         return;
2822 
2823     case 0x48:	/* RTC_INTERRUPTS_REG */
2824 #ifdef ALMDEBUG
2825         printf("RTC INTRS <-- %02x\n", value);
2826 #endif
2827         s->interrupts = value;
2828         return;
2829 
2830     case 0x4c:	/* RTC_COMP_LSB_REG */
2831 #ifdef ALMDEBUG
2832         printf("RTC COMPLSB <-- %02x\n", value);
2833 #endif
2834         s->comp_reg &= 0xff00;
2835         s->comp_reg |= 0x00ff & value;
2836         return;
2837 
2838     case 0x50:	/* RTC_COMP_MSB_REG */
2839 #ifdef ALMDEBUG
2840         printf("RTC COMPMSB <-- %02x\n", value);
2841 #endif
2842         s->comp_reg &= 0x00ff;
2843         s->comp_reg |= 0xff00 & (value << 8);
2844         return;
2845 
2846     default:
2847         OMAP_BAD_REG(addr);
2848         return;
2849     }
2850 }
2851 
2852 static const MemoryRegionOps omap_rtc_ops = {
2853     .read = omap_rtc_read,
2854     .write = omap_rtc_write,
2855     .endianness = DEVICE_NATIVE_ENDIAN,
2856 };
2857 
2858 static void omap_rtc_tick(void *opaque)
2859 {
2860     struct omap_rtc_s *s = opaque;
2861 
2862     if (s->round) {
2863         /* Round to nearest full minute.  */
2864         if (s->current_tm.tm_sec < 30)
2865             s->ti -= s->current_tm.tm_sec;
2866         else
2867             s->ti += 60 - s->current_tm.tm_sec;
2868 
2869         s->round = 0;
2870     }
2871 
2872     localtime_r(&s->ti, &s->current_tm);
2873 
2874     if ((s->interrupts & 0x08) && s->ti == s->alarm_ti) {
2875         s->status |= 0x40;
2876         omap_rtc_interrupts_update(s);
2877     }
2878 
2879     if (s->interrupts & 0x04)
2880         switch (s->interrupts & 3) {
2881         case 0:
2882             s->status |= 0x04;
2883             qemu_irq_pulse(s->irq);
2884             break;
2885         case 1:
2886             if (s->current_tm.tm_sec)
2887                 break;
2888             s->status |= 0x08;
2889             qemu_irq_pulse(s->irq);
2890             break;
2891         case 2:
2892             if (s->current_tm.tm_sec || s->current_tm.tm_min)
2893                 break;
2894             s->status |= 0x10;
2895             qemu_irq_pulse(s->irq);
2896             break;
2897         case 3:
2898             if (s->current_tm.tm_sec ||
2899                             s->current_tm.tm_min || s->current_tm.tm_hour)
2900                 break;
2901             s->status |= 0x20;
2902             qemu_irq_pulse(s->irq);
2903             break;
2904         }
2905 
2906     /* Move on */
2907     if (s->running)
2908         s->ti ++;
2909     s->tick += 1000;
2910 
2911     /*
2912      * Every full hour add a rough approximation of the compensation
2913      * register to the 32kHz Timer (which drives the RTC) value.
2914      */
2915     if (s->auto_comp && !s->current_tm.tm_sec && !s->current_tm.tm_min)
2916         s->tick += s->comp_reg * 1000 / 32768;
2917 
2918     timer_mod(s->clk, s->tick);
2919 }
2920 
2921 static void omap_rtc_reset(struct omap_rtc_s *s)
2922 {
2923     struct tm tm;
2924 
2925     s->interrupts = 0;
2926     s->comp_reg = 0;
2927     s->running = 0;
2928     s->pm_am = 0;
2929     s->auto_comp = 0;
2930     s->round = 0;
2931     s->tick = qemu_clock_get_ms(rtc_clock);
2932     memset(&s->alarm_tm, 0, sizeof(s->alarm_tm));
2933     s->alarm_tm.tm_mday = 0x01;
2934     s->status = 1 << 7;
2935     qemu_get_timedate(&tm, 0);
2936     s->ti = mktimegm(&tm);
2937 
2938     omap_rtc_alarm_update(s);
2939     omap_rtc_tick(s);
2940 }
2941 
2942 static struct omap_rtc_s *omap_rtc_init(MemoryRegion *system_memory,
2943                                         hwaddr base,
2944                                         qemu_irq timerirq, qemu_irq alarmirq,
2945                                         omap_clk clk)
2946 {
2947     struct omap_rtc_s *s = g_new0(struct omap_rtc_s, 1);
2948 
2949     s->irq = timerirq;
2950     s->alarm = alarmirq;
2951     s->clk = timer_new_ms(rtc_clock, omap_rtc_tick, s);
2952 
2953     omap_rtc_reset(s);
2954 
2955     memory_region_init_io(&s->iomem, NULL, &omap_rtc_ops, s,
2956                           "omap-rtc", 0x800);
2957     memory_region_add_subregion(system_memory, base, &s->iomem);
2958 
2959     return s;
2960 }
2961 
2962 /* Multi-channel Buffered Serial Port interfaces */
2963 struct omap_mcbsp_s {
2964     MemoryRegion iomem;
2965     qemu_irq txirq;
2966     qemu_irq rxirq;
2967     qemu_irq txdrq;
2968     qemu_irq rxdrq;
2969 
2970     uint16_t spcr[2];
2971     uint16_t rcr[2];
2972     uint16_t xcr[2];
2973     uint16_t srgr[2];
2974     uint16_t mcr[2];
2975     uint16_t pcr;
2976     uint16_t rcer[8];
2977     uint16_t xcer[8];
2978     int tx_rate;
2979     int rx_rate;
2980     int tx_req;
2981     int rx_req;
2982 
2983     I2SCodec *codec;
2984     QEMUTimer *source_timer;
2985     QEMUTimer *sink_timer;
2986 };
2987 
2988 static void omap_mcbsp_intr_update(struct omap_mcbsp_s *s)
2989 {
2990     int irq;
2991 
2992     switch ((s->spcr[0] >> 4) & 3) {			/* RINTM */
2993     case 0:
2994         irq = (s->spcr[0] >> 1) & 1;			/* RRDY */
2995         break;
2996     case 3:
2997         irq = (s->spcr[0] >> 3) & 1;			/* RSYNCERR */
2998         break;
2999     default:
3000         irq = 0;
3001         break;
3002     }
3003 
3004     if (irq)
3005         qemu_irq_pulse(s->rxirq);
3006 
3007     switch ((s->spcr[1] >> 4) & 3) {			/* XINTM */
3008     case 0:
3009         irq = (s->spcr[1] >> 1) & 1;			/* XRDY */
3010         break;
3011     case 3:
3012         irq = (s->spcr[1] >> 3) & 1;			/* XSYNCERR */
3013         break;
3014     default:
3015         irq = 0;
3016         break;
3017     }
3018 
3019     if (irq)
3020         qemu_irq_pulse(s->txirq);
3021 }
3022 
3023 static void omap_mcbsp_rx_newdata(struct omap_mcbsp_s *s)
3024 {
3025     if ((s->spcr[0] >> 1) & 1)				/* RRDY */
3026         s->spcr[0] |= 1 << 2;				/* RFULL */
3027     s->spcr[0] |= 1 << 1;				/* RRDY */
3028     qemu_irq_raise(s->rxdrq);
3029     omap_mcbsp_intr_update(s);
3030 }
3031 
3032 static void omap_mcbsp_source_tick(void *opaque)
3033 {
3034     struct omap_mcbsp_s *s = opaque;
3035     static const int bps[8] = { 0, 1, 1, 2, 2, 2, -255, -255 };
3036 
3037     if (!s->rx_rate)
3038         return;
3039     if (s->rx_req)
3040         printf("%s: Rx FIFO overrun\n", __func__);
3041 
3042     s->rx_req = s->rx_rate << bps[(s->rcr[0] >> 5) & 7];
3043 
3044     omap_mcbsp_rx_newdata(s);
3045     timer_mod(s->source_timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
3046                    NANOSECONDS_PER_SECOND);
3047 }
3048 
3049 static void omap_mcbsp_rx_start(struct omap_mcbsp_s *s)
3050 {
3051     if (!s->codec || !s->codec->rts)
3052         omap_mcbsp_source_tick(s);
3053     else if (s->codec->in.len) {
3054         s->rx_req = s->codec->in.len;
3055         omap_mcbsp_rx_newdata(s);
3056     }
3057 }
3058 
3059 static void omap_mcbsp_rx_stop(struct omap_mcbsp_s *s)
3060 {
3061     timer_del(s->source_timer);
3062 }
3063 
3064 static void omap_mcbsp_rx_done(struct omap_mcbsp_s *s)
3065 {
3066     s->spcr[0] &= ~(1 << 1);				/* RRDY */
3067     qemu_irq_lower(s->rxdrq);
3068     omap_mcbsp_intr_update(s);
3069 }
3070 
3071 static void omap_mcbsp_tx_newdata(struct omap_mcbsp_s *s)
3072 {
3073     s->spcr[1] |= 1 << 1;				/* XRDY */
3074     qemu_irq_raise(s->txdrq);
3075     omap_mcbsp_intr_update(s);
3076 }
3077 
3078 static void omap_mcbsp_sink_tick(void *opaque)
3079 {
3080     struct omap_mcbsp_s *s = opaque;
3081     static const int bps[8] = { 0, 1, 1, 2, 2, 2, -255, -255 };
3082 
3083     if (!s->tx_rate)
3084         return;
3085     if (s->tx_req)
3086         printf("%s: Tx FIFO underrun\n", __func__);
3087 
3088     s->tx_req = s->tx_rate << bps[(s->xcr[0] >> 5) & 7];
3089 
3090     omap_mcbsp_tx_newdata(s);
3091     timer_mod(s->sink_timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
3092                    NANOSECONDS_PER_SECOND);
3093 }
3094 
3095 static void omap_mcbsp_tx_start(struct omap_mcbsp_s *s)
3096 {
3097     if (!s->codec || !s->codec->cts)
3098         omap_mcbsp_sink_tick(s);
3099     else if (s->codec->out.size) {
3100         s->tx_req = s->codec->out.size;
3101         omap_mcbsp_tx_newdata(s);
3102     }
3103 }
3104 
3105 static void omap_mcbsp_tx_done(struct omap_mcbsp_s *s)
3106 {
3107     s->spcr[1] &= ~(1 << 1);				/* XRDY */
3108     qemu_irq_lower(s->txdrq);
3109     omap_mcbsp_intr_update(s);
3110     if (s->codec && s->codec->cts)
3111         s->codec->tx_swallow(s->codec->opaque);
3112 }
3113 
3114 static void omap_mcbsp_tx_stop(struct omap_mcbsp_s *s)
3115 {
3116     s->tx_req = 0;
3117     omap_mcbsp_tx_done(s);
3118     timer_del(s->sink_timer);
3119 }
3120 
3121 static void omap_mcbsp_req_update(struct omap_mcbsp_s *s)
3122 {
3123     int prev_rx_rate, prev_tx_rate;
3124     int rx_rate = 0, tx_rate = 0;
3125     int cpu_rate = 1500000;	/* XXX */
3126 
3127     /* TODO: check CLKSTP bit */
3128     if (s->spcr[1] & (1 << 6)) {			/* GRST */
3129         if (s->spcr[0] & (1 << 0)) {			/* RRST */
3130             if ((s->srgr[1] & (1 << 13)) &&		/* CLKSM */
3131                             (s->pcr & (1 << 8))) {	/* CLKRM */
3132                 if (~s->pcr & (1 << 7))			/* SCLKME */
3133                     rx_rate = cpu_rate /
3134                             ((s->srgr[0] & 0xff) + 1);	/* CLKGDV */
3135             } else
3136                 if (s->codec)
3137                     rx_rate = s->codec->rx_rate;
3138         }
3139 
3140         if (s->spcr[1] & (1 << 0)) {			/* XRST */
3141             if ((s->srgr[1] & (1 << 13)) &&		/* CLKSM */
3142                             (s->pcr & (1 << 9))) {	/* CLKXM */
3143                 if (~s->pcr & (1 << 7))			/* SCLKME */
3144                     tx_rate = cpu_rate /
3145                             ((s->srgr[0] & 0xff) + 1);	/* CLKGDV */
3146             } else
3147                 if (s->codec)
3148                     tx_rate = s->codec->tx_rate;
3149         }
3150     }
3151     prev_tx_rate = s->tx_rate;
3152     prev_rx_rate = s->rx_rate;
3153     s->tx_rate = tx_rate;
3154     s->rx_rate = rx_rate;
3155 
3156     if (s->codec)
3157         s->codec->set_rate(s->codec->opaque, rx_rate, tx_rate);
3158 
3159     if (!prev_tx_rate && tx_rate)
3160         omap_mcbsp_tx_start(s);
3161     else if (s->tx_rate && !tx_rate)
3162         omap_mcbsp_tx_stop(s);
3163 
3164     if (!prev_rx_rate && rx_rate)
3165         omap_mcbsp_rx_start(s);
3166     else if (prev_tx_rate && !tx_rate)
3167         omap_mcbsp_rx_stop(s);
3168 }
3169 
3170 static uint64_t omap_mcbsp_read(void *opaque, hwaddr addr,
3171                                 unsigned size)
3172 {
3173     struct omap_mcbsp_s *s = opaque;
3174     int offset = addr & OMAP_MPUI_REG_MASK;
3175     uint16_t ret;
3176 
3177     if (size != 2) {
3178         return omap_badwidth_read16(opaque, addr);
3179     }
3180 
3181     switch (offset) {
3182     case 0x00:	/* DRR2 */
3183         if (((s->rcr[0] >> 5) & 7) < 3)			/* RWDLEN1 */
3184             return 0x0000;
3185         /* Fall through.  */
3186     case 0x02:	/* DRR1 */
3187         if (s->rx_req < 2) {
3188             printf("%s: Rx FIFO underrun\n", __func__);
3189             omap_mcbsp_rx_done(s);
3190         } else {
3191             s->tx_req -= 2;
3192             if (s->codec && s->codec->in.len >= 2) {
3193                 ret = s->codec->in.fifo[s->codec->in.start ++] << 8;
3194                 ret |= s->codec->in.fifo[s->codec->in.start ++];
3195                 s->codec->in.len -= 2;
3196             } else
3197                 ret = 0x0000;
3198             if (!s->tx_req)
3199                 omap_mcbsp_rx_done(s);
3200             return ret;
3201         }
3202         return 0x0000;
3203 
3204     case 0x04:	/* DXR2 */
3205     case 0x06:	/* DXR1 */
3206         return 0x0000;
3207 
3208     case 0x08:	/* SPCR2 */
3209         return s->spcr[1];
3210     case 0x0a:	/* SPCR1 */
3211         return s->spcr[0];
3212     case 0x0c:	/* RCR2 */
3213         return s->rcr[1];
3214     case 0x0e:	/* RCR1 */
3215         return s->rcr[0];
3216     case 0x10:	/* XCR2 */
3217         return s->xcr[1];
3218     case 0x12:	/* XCR1 */
3219         return s->xcr[0];
3220     case 0x14:	/* SRGR2 */
3221         return s->srgr[1];
3222     case 0x16:	/* SRGR1 */
3223         return s->srgr[0];
3224     case 0x18:	/* MCR2 */
3225         return s->mcr[1];
3226     case 0x1a:	/* MCR1 */
3227         return s->mcr[0];
3228     case 0x1c:	/* RCERA */
3229         return s->rcer[0];
3230     case 0x1e:	/* RCERB */
3231         return s->rcer[1];
3232     case 0x20:	/* XCERA */
3233         return s->xcer[0];
3234     case 0x22:	/* XCERB */
3235         return s->xcer[1];
3236     case 0x24:	/* PCR0 */
3237         return s->pcr;
3238     case 0x26:	/* RCERC */
3239         return s->rcer[2];
3240     case 0x28:	/* RCERD */
3241         return s->rcer[3];
3242     case 0x2a:	/* XCERC */
3243         return s->xcer[2];
3244     case 0x2c:	/* XCERD */
3245         return s->xcer[3];
3246     case 0x2e:	/* RCERE */
3247         return s->rcer[4];
3248     case 0x30:	/* RCERF */
3249         return s->rcer[5];
3250     case 0x32:	/* XCERE */
3251         return s->xcer[4];
3252     case 0x34:	/* XCERF */
3253         return s->xcer[5];
3254     case 0x36:	/* RCERG */
3255         return s->rcer[6];
3256     case 0x38:	/* RCERH */
3257         return s->rcer[7];
3258     case 0x3a:	/* XCERG */
3259         return s->xcer[6];
3260     case 0x3c:	/* XCERH */
3261         return s->xcer[7];
3262     }
3263 
3264     OMAP_BAD_REG(addr);
3265     return 0;
3266 }
3267 
3268 static void omap_mcbsp_writeh(void *opaque, hwaddr addr,
3269                 uint32_t value)
3270 {
3271     struct omap_mcbsp_s *s = opaque;
3272     int offset = addr & OMAP_MPUI_REG_MASK;
3273 
3274     switch (offset) {
3275     case 0x00:	/* DRR2 */
3276     case 0x02:	/* DRR1 */
3277         OMAP_RO_REG(addr);
3278         return;
3279 
3280     case 0x04:	/* DXR2 */
3281         if (((s->xcr[0] >> 5) & 7) < 3)			/* XWDLEN1 */
3282             return;
3283         /* Fall through.  */
3284     case 0x06:	/* DXR1 */
3285         if (s->tx_req > 1) {
3286             s->tx_req -= 2;
3287             if (s->codec && s->codec->cts) {
3288                 s->codec->out.fifo[s->codec->out.len ++] = (value >> 8) & 0xff;
3289                 s->codec->out.fifo[s->codec->out.len ++] = (value >> 0) & 0xff;
3290             }
3291             if (s->tx_req < 2)
3292                 omap_mcbsp_tx_done(s);
3293         } else
3294             printf("%s: Tx FIFO overrun\n", __func__);
3295         return;
3296 
3297     case 0x08:	/* SPCR2 */
3298         s->spcr[1] &= 0x0002;
3299         s->spcr[1] |= 0x03f9 & value;
3300         s->spcr[1] |= 0x0004 & (value << 2);		/* XEMPTY := XRST */
3301         if (~value & 1)					/* XRST */
3302             s->spcr[1] &= ~6;
3303         omap_mcbsp_req_update(s);
3304         return;
3305     case 0x0a:	/* SPCR1 */
3306         s->spcr[0] &= 0x0006;
3307         s->spcr[0] |= 0xf8f9 & value;
3308         if (value & (1 << 15))				/* DLB */
3309             printf("%s: Digital Loopback mode enable attempt\n", __func__);
3310         if (~value & 1) {				/* RRST */
3311             s->spcr[0] &= ~6;
3312             s->rx_req = 0;
3313             omap_mcbsp_rx_done(s);
3314         }
3315         omap_mcbsp_req_update(s);
3316         return;
3317 
3318     case 0x0c:	/* RCR2 */
3319         s->rcr[1] = value & 0xffff;
3320         return;
3321     case 0x0e:	/* RCR1 */
3322         s->rcr[0] = value & 0x7fe0;
3323         return;
3324     case 0x10:	/* XCR2 */
3325         s->xcr[1] = value & 0xffff;
3326         return;
3327     case 0x12:	/* XCR1 */
3328         s->xcr[0] = value & 0x7fe0;
3329         return;
3330     case 0x14:	/* SRGR2 */
3331         s->srgr[1] = value & 0xffff;
3332         omap_mcbsp_req_update(s);
3333         return;
3334     case 0x16:	/* SRGR1 */
3335         s->srgr[0] = value & 0xffff;
3336         omap_mcbsp_req_update(s);
3337         return;
3338     case 0x18:	/* MCR2 */
3339         s->mcr[1] = value & 0x03e3;
3340         if (value & 3)					/* XMCM */
3341             printf("%s: Tx channel selection mode enable attempt\n", __func__);
3342         return;
3343     case 0x1a:	/* MCR1 */
3344         s->mcr[0] = value & 0x03e1;
3345         if (value & 1)					/* RMCM */
3346             printf("%s: Rx channel selection mode enable attempt\n", __func__);
3347         return;
3348     case 0x1c:	/* RCERA */
3349         s->rcer[0] = value & 0xffff;
3350         return;
3351     case 0x1e:	/* RCERB */
3352         s->rcer[1] = value & 0xffff;
3353         return;
3354     case 0x20:	/* XCERA */
3355         s->xcer[0] = value & 0xffff;
3356         return;
3357     case 0x22:	/* XCERB */
3358         s->xcer[1] = value & 0xffff;
3359         return;
3360     case 0x24:	/* PCR0 */
3361         s->pcr = value & 0x7faf;
3362         return;
3363     case 0x26:	/* RCERC */
3364         s->rcer[2] = value & 0xffff;
3365         return;
3366     case 0x28:	/* RCERD */
3367         s->rcer[3] = value & 0xffff;
3368         return;
3369     case 0x2a:	/* XCERC */
3370         s->xcer[2] = value & 0xffff;
3371         return;
3372     case 0x2c:	/* XCERD */
3373         s->xcer[3] = value & 0xffff;
3374         return;
3375     case 0x2e:	/* RCERE */
3376         s->rcer[4] = value & 0xffff;
3377         return;
3378     case 0x30:	/* RCERF */
3379         s->rcer[5] = value & 0xffff;
3380         return;
3381     case 0x32:	/* XCERE */
3382         s->xcer[4] = value & 0xffff;
3383         return;
3384     case 0x34:	/* XCERF */
3385         s->xcer[5] = value & 0xffff;
3386         return;
3387     case 0x36:	/* RCERG */
3388         s->rcer[6] = value & 0xffff;
3389         return;
3390     case 0x38:	/* RCERH */
3391         s->rcer[7] = value & 0xffff;
3392         return;
3393     case 0x3a:	/* XCERG */
3394         s->xcer[6] = value & 0xffff;
3395         return;
3396     case 0x3c:	/* XCERH */
3397         s->xcer[7] = value & 0xffff;
3398         return;
3399     }
3400 
3401     OMAP_BAD_REG(addr);
3402 }
3403 
3404 static void omap_mcbsp_writew(void *opaque, hwaddr addr,
3405                 uint32_t value)
3406 {
3407     struct omap_mcbsp_s *s = opaque;
3408     int offset = addr & OMAP_MPUI_REG_MASK;
3409 
3410     if (offset == 0x04) {				/* DXR */
3411         if (((s->xcr[0] >> 5) & 7) < 3)			/* XWDLEN1 */
3412             return;
3413         if (s->tx_req > 3) {
3414             s->tx_req -= 4;
3415             if (s->codec && s->codec->cts) {
3416                 s->codec->out.fifo[s->codec->out.len ++] =
3417                         (value >> 24) & 0xff;
3418                 s->codec->out.fifo[s->codec->out.len ++] =
3419                         (value >> 16) & 0xff;
3420                 s->codec->out.fifo[s->codec->out.len ++] =
3421                         (value >> 8) & 0xff;
3422                 s->codec->out.fifo[s->codec->out.len ++] =
3423                         (value >> 0) & 0xff;
3424             }
3425             if (s->tx_req < 4)
3426                 omap_mcbsp_tx_done(s);
3427         } else
3428             printf("%s: Tx FIFO overrun\n", __func__);
3429         return;
3430     }
3431 
3432     omap_badwidth_write16(opaque, addr, value);
3433 }
3434 
3435 static void omap_mcbsp_write(void *opaque, hwaddr addr,
3436                              uint64_t value, unsigned size)
3437 {
3438     switch (size) {
3439     case 2:
3440         omap_mcbsp_writeh(opaque, addr, value);
3441         break;
3442     case 4:
3443         omap_mcbsp_writew(opaque, addr, value);
3444         break;
3445     default:
3446         omap_badwidth_write16(opaque, addr, value);
3447     }
3448 }
3449 
3450 static const MemoryRegionOps omap_mcbsp_ops = {
3451     .read = omap_mcbsp_read,
3452     .write = omap_mcbsp_write,
3453     .endianness = DEVICE_NATIVE_ENDIAN,
3454 };
3455 
3456 static void omap_mcbsp_reset(struct omap_mcbsp_s *s)
3457 {
3458     memset(&s->spcr, 0, sizeof(s->spcr));
3459     memset(&s->rcr, 0, sizeof(s->rcr));
3460     memset(&s->xcr, 0, sizeof(s->xcr));
3461     s->srgr[0] = 0x0001;
3462     s->srgr[1] = 0x2000;
3463     memset(&s->mcr, 0, sizeof(s->mcr));
3464     memset(&s->pcr, 0, sizeof(s->pcr));
3465     memset(&s->rcer, 0, sizeof(s->rcer));
3466     memset(&s->xcer, 0, sizeof(s->xcer));
3467     s->tx_req = 0;
3468     s->rx_req = 0;
3469     s->tx_rate = 0;
3470     s->rx_rate = 0;
3471     timer_del(s->source_timer);
3472     timer_del(s->sink_timer);
3473 }
3474 
3475 static struct omap_mcbsp_s *omap_mcbsp_init(MemoryRegion *system_memory,
3476                                             hwaddr base,
3477                                             qemu_irq txirq, qemu_irq rxirq,
3478                                             qemu_irq *dma, omap_clk clk)
3479 {
3480     struct omap_mcbsp_s *s = g_new0(struct omap_mcbsp_s, 1);
3481 
3482     s->txirq = txirq;
3483     s->rxirq = rxirq;
3484     s->txdrq = dma[0];
3485     s->rxdrq = dma[1];
3486     s->sink_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, omap_mcbsp_sink_tick, s);
3487     s->source_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, omap_mcbsp_source_tick, s);
3488     omap_mcbsp_reset(s);
3489 
3490     memory_region_init_io(&s->iomem, NULL, &omap_mcbsp_ops, s, "omap-mcbsp", 0x800);
3491     memory_region_add_subregion(system_memory, base, &s->iomem);
3492 
3493     return s;
3494 }
3495 
3496 static void omap_mcbsp_i2s_swallow(void *opaque, int line, int level)
3497 {
3498     struct omap_mcbsp_s *s = opaque;
3499 
3500     if (s->rx_rate) {
3501         s->rx_req = s->codec->in.len;
3502         omap_mcbsp_rx_newdata(s);
3503     }
3504 }
3505 
3506 static void omap_mcbsp_i2s_start(void *opaque, int line, int level)
3507 {
3508     struct omap_mcbsp_s *s = opaque;
3509 
3510     if (s->tx_rate) {
3511         s->tx_req = s->codec->out.size;
3512         omap_mcbsp_tx_newdata(s);
3513     }
3514 }
3515 
3516 void omap_mcbsp_i2s_attach(struct omap_mcbsp_s *s, I2SCodec *slave)
3517 {
3518     s->codec = slave;
3519     slave->rx_swallow = qemu_allocate_irq(omap_mcbsp_i2s_swallow, s, 0);
3520     slave->tx_start = qemu_allocate_irq(omap_mcbsp_i2s_start, s, 0);
3521 }
3522 
3523 /* LED Pulse Generators */
3524 struct omap_lpg_s {
3525     MemoryRegion iomem;
3526     QEMUTimer *tm;
3527 
3528     uint8_t control;
3529     uint8_t power;
3530     int64_t on;
3531     int64_t period;
3532     int clk;
3533     int cycle;
3534 };
3535 
3536 static void omap_lpg_tick(void *opaque)
3537 {
3538     struct omap_lpg_s *s = opaque;
3539 
3540     if (s->cycle)
3541         timer_mod(s->tm, qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) + s->period - s->on);
3542     else
3543         timer_mod(s->tm, qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) + s->on);
3544 
3545     s->cycle = !s->cycle;
3546     printf("%s: LED is %s\n", __func__, s->cycle ? "on" : "off");
3547 }
3548 
3549 static void omap_lpg_update(struct omap_lpg_s *s)
3550 {
3551     int64_t on, period = 1, ticks = 1000;
3552     static const int per[8] = { 1, 2, 4, 8, 12, 16, 20, 24 };
3553 
3554     if (~s->control & (1 << 6))					/* LPGRES */
3555         on = 0;
3556     else if (s->control & (1 << 7))				/* PERM_ON */
3557         on = period;
3558     else {
3559         period = muldiv64(ticks, per[s->control & 7],		/* PERCTRL */
3560                         256 / 32);
3561         on = (s->clk && s->power) ? muldiv64(ticks,
3562                         per[(s->control >> 3) & 7], 256) : 0;	/* ONCTRL */
3563     }
3564 
3565     timer_del(s->tm);
3566     if (on == period && s->on < s->period)
3567         printf("%s: LED is on\n", __func__);
3568     else if (on == 0 && s->on)
3569         printf("%s: LED is off\n", __func__);
3570     else if (on && (on != s->on || period != s->period)) {
3571         s->cycle = 0;
3572         s->on = on;
3573         s->period = period;
3574         omap_lpg_tick(s);
3575         return;
3576     }
3577 
3578     s->on = on;
3579     s->period = period;
3580 }
3581 
3582 static void omap_lpg_reset(struct omap_lpg_s *s)
3583 {
3584     s->control = 0x00;
3585     s->power = 0x00;
3586     s->clk = 1;
3587     omap_lpg_update(s);
3588 }
3589 
3590 static uint64_t omap_lpg_read(void *opaque, hwaddr addr, unsigned size)
3591 {
3592     struct omap_lpg_s *s = opaque;
3593     int offset = addr & OMAP_MPUI_REG_MASK;
3594 
3595     if (size != 1) {
3596         return omap_badwidth_read8(opaque, addr);
3597     }
3598 
3599     switch (offset) {
3600     case 0x00:	/* LCR */
3601         return s->control;
3602 
3603     case 0x04:	/* PMR */
3604         return s->power;
3605     }
3606 
3607     OMAP_BAD_REG(addr);
3608     return 0;
3609 }
3610 
3611 static void omap_lpg_write(void *opaque, hwaddr addr,
3612                            uint64_t value, unsigned size)
3613 {
3614     struct omap_lpg_s *s = opaque;
3615     int offset = addr & OMAP_MPUI_REG_MASK;
3616 
3617     if (size != 1) {
3618         omap_badwidth_write8(opaque, addr, value);
3619         return;
3620     }
3621 
3622     switch (offset) {
3623     case 0x00:	/* LCR */
3624         if (~value & (1 << 6))					/* LPGRES */
3625             omap_lpg_reset(s);
3626         s->control = value & 0xff;
3627         omap_lpg_update(s);
3628         return;
3629 
3630     case 0x04:	/* PMR */
3631         s->power = value & 0x01;
3632         omap_lpg_update(s);
3633         return;
3634 
3635     default:
3636         OMAP_BAD_REG(addr);
3637         return;
3638     }
3639 }
3640 
3641 static const MemoryRegionOps omap_lpg_ops = {
3642     .read = omap_lpg_read,
3643     .write = omap_lpg_write,
3644     .endianness = DEVICE_NATIVE_ENDIAN,
3645 };
3646 
3647 static void omap_lpg_clk_update(void *opaque, int line, int on)
3648 {
3649     struct omap_lpg_s *s = opaque;
3650 
3651     s->clk = on;
3652     omap_lpg_update(s);
3653 }
3654 
3655 static struct omap_lpg_s *omap_lpg_init(MemoryRegion *system_memory,
3656                                         hwaddr base, omap_clk clk)
3657 {
3658     struct omap_lpg_s *s = g_new0(struct omap_lpg_s, 1);
3659 
3660     s->tm = timer_new_ms(QEMU_CLOCK_VIRTUAL, omap_lpg_tick, s);
3661 
3662     omap_lpg_reset(s);
3663 
3664     memory_region_init_io(&s->iomem, NULL, &omap_lpg_ops, s, "omap-lpg", 0x800);
3665     memory_region_add_subregion(system_memory, base, &s->iomem);
3666 
3667     omap_clk_adduser(clk, qemu_allocate_irq(omap_lpg_clk_update, s, 0));
3668 
3669     return s;
3670 }
3671 
3672 /* MPUI Peripheral Bridge configuration */
3673 static uint64_t omap_mpui_io_read(void *opaque, hwaddr addr,
3674                                   unsigned size)
3675 {
3676     if (size != 2) {
3677         return omap_badwidth_read16(opaque, addr);
3678     }
3679 
3680     if (addr == OMAP_MPUI_BASE)	/* CMR */
3681         return 0xfe4d;
3682 
3683     OMAP_BAD_REG(addr);
3684     return 0;
3685 }
3686 
3687 static void omap_mpui_io_write(void *opaque, hwaddr addr,
3688                                uint64_t value, unsigned size)
3689 {
3690     /* FIXME: infinite loop */
3691     omap_badwidth_write16(opaque, addr, value);
3692 }
3693 
3694 static const MemoryRegionOps omap_mpui_io_ops = {
3695     .read = omap_mpui_io_read,
3696     .write = omap_mpui_io_write,
3697     .endianness = DEVICE_NATIVE_ENDIAN,
3698 };
3699 
3700 static void omap_setup_mpui_io(MemoryRegion *system_memory,
3701                                struct omap_mpu_state_s *mpu)
3702 {
3703     memory_region_init_io(&mpu->mpui_io_iomem, NULL, &omap_mpui_io_ops, mpu,
3704                           "omap-mpui-io", 0x7fff);
3705     memory_region_add_subregion(system_memory, OMAP_MPUI_BASE,
3706                                 &mpu->mpui_io_iomem);
3707 }
3708 
3709 /* General chip reset */
3710 static void omap1_mpu_reset(void *opaque)
3711 {
3712     struct omap_mpu_state_s *mpu = opaque;
3713 
3714     omap_dma_reset(mpu->dma);
3715     omap_mpu_timer_reset(mpu->timer[0]);
3716     omap_mpu_timer_reset(mpu->timer[1]);
3717     omap_mpu_timer_reset(mpu->timer[2]);
3718     omap_wd_timer_reset(mpu->wdt);
3719     omap_os_timer_reset(mpu->os_timer);
3720     omap_lcdc_reset(mpu->lcd);
3721     omap_ulpd_pm_reset(mpu);
3722     omap_pin_cfg_reset(mpu);
3723     omap_mpui_reset(mpu);
3724     omap_tipb_bridge_reset(mpu->private_tipb);
3725     omap_tipb_bridge_reset(mpu->public_tipb);
3726     omap_dpll_reset(mpu->dpll[0]);
3727     omap_dpll_reset(mpu->dpll[1]);
3728     omap_dpll_reset(mpu->dpll[2]);
3729     omap_uart_reset(mpu->uart[0]);
3730     omap_uart_reset(mpu->uart[1]);
3731     omap_uart_reset(mpu->uart[2]);
3732     omap_mmc_reset(mpu->mmc);
3733     omap_mpuio_reset(mpu->mpuio);
3734     omap_uwire_reset(mpu->microwire);
3735     omap_pwl_reset(mpu->pwl);
3736     omap_pwt_reset(mpu->pwt);
3737     omap_rtc_reset(mpu->rtc);
3738     omap_mcbsp_reset(mpu->mcbsp1);
3739     omap_mcbsp_reset(mpu->mcbsp2);
3740     omap_mcbsp_reset(mpu->mcbsp3);
3741     omap_lpg_reset(mpu->led[0]);
3742     omap_lpg_reset(mpu->led[1]);
3743     omap_clkm_reset(mpu);
3744     cpu_reset(CPU(mpu->cpu));
3745 }
3746 
3747 static const struct omap_map_s {
3748     hwaddr phys_dsp;
3749     hwaddr phys_mpu;
3750     uint32_t size;
3751     const char *name;
3752 } omap15xx_dsp_mm[] = {
3753     /* Strobe 0 */
3754     { 0xe1010000, 0xfffb0000, 0x800, "UART1 BT" },		/* CS0 */
3755     { 0xe1010800, 0xfffb0800, 0x800, "UART2 COM" },		/* CS1 */
3756     { 0xe1011800, 0xfffb1800, 0x800, "McBSP1 audio" },		/* CS3 */
3757     { 0xe1012000, 0xfffb2000, 0x800, "MCSI2 communication" },	/* CS4 */
3758     { 0xe1012800, 0xfffb2800, 0x800, "MCSI1 BT u-Law" },	/* CS5 */
3759     { 0xe1013000, 0xfffb3000, 0x800, "uWire" },			/* CS6 */
3760     { 0xe1013800, 0xfffb3800, 0x800, "I^2C" },			/* CS7 */
3761     { 0xe1014000, 0xfffb4000, 0x800, "USB W2FC" },		/* CS8 */
3762     { 0xe1014800, 0xfffb4800, 0x800, "RTC" },			/* CS9 */
3763     { 0xe1015000, 0xfffb5000, 0x800, "MPUIO" },			/* CS10 */
3764     { 0xe1015800, 0xfffb5800, 0x800, "PWL" },			/* CS11 */
3765     { 0xe1016000, 0xfffb6000, 0x800, "PWT" },			/* CS12 */
3766     { 0xe1017000, 0xfffb7000, 0x800, "McBSP3" },		/* CS14 */
3767     { 0xe1017800, 0xfffb7800, 0x800, "MMC" },			/* CS15 */
3768     { 0xe1019000, 0xfffb9000, 0x800, "32-kHz timer" },		/* CS18 */
3769     { 0xe1019800, 0xfffb9800, 0x800, "UART3" },			/* CS19 */
3770     { 0xe101c800, 0xfffbc800, 0x800, "TIPB switches" },		/* CS25 */
3771     /* Strobe 1 */
3772     { 0xe101e000, 0xfffce000, 0x800, "GPIOs" },			/* CS28 */
3773 
3774     { 0 }
3775 };
3776 
3777 static void omap_setup_dsp_mapping(MemoryRegion *system_memory,
3778                                    const struct omap_map_s *map)
3779 {
3780     MemoryRegion *io;
3781 
3782     for (; map->phys_dsp; map ++) {
3783         io = g_new(MemoryRegion, 1);
3784         memory_region_init_alias(io, NULL, map->name,
3785                                  system_memory, map->phys_mpu, map->size);
3786         memory_region_add_subregion(system_memory, map->phys_dsp, io);
3787     }
3788 }
3789 
3790 void omap_mpu_wakeup(void *opaque, int irq, int req)
3791 {
3792     struct omap_mpu_state_s *mpu = opaque;
3793     CPUState *cpu = CPU(mpu->cpu);
3794 
3795     if (cpu->halted) {
3796         cpu_interrupt(cpu, CPU_INTERRUPT_EXITTB);
3797     }
3798 }
3799 
3800 static const struct dma_irq_map omap1_dma_irq_map[] = {
3801     { 0, OMAP_INT_DMA_CH0_6 },
3802     { 0, OMAP_INT_DMA_CH1_7 },
3803     { 0, OMAP_INT_DMA_CH2_8 },
3804     { 0, OMAP_INT_DMA_CH3 },
3805     { 0, OMAP_INT_DMA_CH4 },
3806     { 0, OMAP_INT_DMA_CH5 },
3807     { 1, OMAP_INT_1610_DMA_CH6 },
3808     { 1, OMAP_INT_1610_DMA_CH7 },
3809     { 1, OMAP_INT_1610_DMA_CH8 },
3810     { 1, OMAP_INT_1610_DMA_CH9 },
3811     { 1, OMAP_INT_1610_DMA_CH10 },
3812     { 1, OMAP_INT_1610_DMA_CH11 },
3813     { 1, OMAP_INT_1610_DMA_CH12 },
3814     { 1, OMAP_INT_1610_DMA_CH13 },
3815     { 1, OMAP_INT_1610_DMA_CH14 },
3816     { 1, OMAP_INT_1610_DMA_CH15 }
3817 };
3818 
3819 /* DMA ports for OMAP1 */
3820 static int omap_validate_emiff_addr(struct omap_mpu_state_s *s,
3821                 hwaddr addr)
3822 {
3823     return range_covers_byte(OMAP_EMIFF_BASE, s->sdram_size, addr);
3824 }
3825 
3826 static int omap_validate_emifs_addr(struct omap_mpu_state_s *s,
3827                 hwaddr addr)
3828 {
3829     return range_covers_byte(OMAP_EMIFS_BASE, OMAP_EMIFF_BASE - OMAP_EMIFS_BASE,
3830                              addr);
3831 }
3832 
3833 static int omap_validate_imif_addr(struct omap_mpu_state_s *s,
3834                 hwaddr addr)
3835 {
3836     return range_covers_byte(OMAP_IMIF_BASE, s->sram_size, addr);
3837 }
3838 
3839 static int omap_validate_tipb_addr(struct omap_mpu_state_s *s,
3840                 hwaddr addr)
3841 {
3842     return range_covers_byte(0xfffb0000, 0xffff0000 - 0xfffb0000, addr);
3843 }
3844 
3845 static int omap_validate_local_addr(struct omap_mpu_state_s *s,
3846                 hwaddr addr)
3847 {
3848     return range_covers_byte(OMAP_LOCALBUS_BASE, 0x1000000, addr);
3849 }
3850 
3851 static int omap_validate_tipb_mpui_addr(struct omap_mpu_state_s *s,
3852                 hwaddr addr)
3853 {
3854     return range_covers_byte(0xe1010000, 0xe1020004 - 0xe1010000, addr);
3855 }
3856 
3857 struct omap_mpu_state_s *omap310_mpu_init(MemoryRegion *dram,
3858                 const char *cpu_type)
3859 {
3860     int i;
3861     struct omap_mpu_state_s *s = g_new0(struct omap_mpu_state_s, 1);
3862     qemu_irq dma_irqs[6];
3863     DriveInfo *dinfo;
3864     SysBusDevice *busdev;
3865     MemoryRegion *system_memory = get_system_memory();
3866 
3867     /* Core */
3868     s->mpu_model = omap310;
3869     s->cpu = ARM_CPU(cpu_create(cpu_type));
3870     s->sdram_size = memory_region_size(dram);
3871     s->sram_size = OMAP15XX_SRAM_SIZE;
3872 
3873     s->wakeup = qemu_allocate_irq(omap_mpu_wakeup, s, 0);
3874 
3875     /* Clocks */
3876     omap_clk_init(s);
3877 
3878     /* Memory-mapped stuff */
3879     memory_region_init_ram(&s->imif_ram, NULL, "omap1.sram", s->sram_size,
3880                            &error_fatal);
3881     memory_region_add_subregion(system_memory, OMAP_IMIF_BASE, &s->imif_ram);
3882 
3883     omap_clkm_init(system_memory, 0xfffece00, 0xe1008000, s);
3884 
3885     s->ih[0] = qdev_new("omap-intc");
3886     qdev_prop_set_uint32(s->ih[0], "size", 0x100);
3887     omap_intc_set_iclk(OMAP_INTC(s->ih[0]), omap_findclk(s, "arminth_ck"));
3888     busdev = SYS_BUS_DEVICE(s->ih[0]);
3889     sysbus_realize_and_unref(busdev, &error_fatal);
3890     sysbus_connect_irq(busdev, 0,
3891                        qdev_get_gpio_in(DEVICE(s->cpu), ARM_CPU_IRQ));
3892     sysbus_connect_irq(busdev, 1,
3893                        qdev_get_gpio_in(DEVICE(s->cpu), ARM_CPU_FIQ));
3894     sysbus_mmio_map(busdev, 0, 0xfffecb00);
3895     s->ih[1] = qdev_new("omap-intc");
3896     qdev_prop_set_uint32(s->ih[1], "size", 0x800);
3897     omap_intc_set_iclk(OMAP_INTC(s->ih[1]), omap_findclk(s, "arminth_ck"));
3898     busdev = SYS_BUS_DEVICE(s->ih[1]);
3899     sysbus_realize_and_unref(busdev, &error_fatal);
3900     sysbus_connect_irq(busdev, 0,
3901                        qdev_get_gpio_in(s->ih[0], OMAP_INT_15XX_IH2_IRQ));
3902     /* The second interrupt controller's FIQ output is not wired up */
3903     sysbus_mmio_map(busdev, 0, 0xfffe0000);
3904 
3905     for (i = 0; i < 6; i++) {
3906         dma_irqs[i] = qdev_get_gpio_in(s->ih[omap1_dma_irq_map[i].ih],
3907                                        omap1_dma_irq_map[i].intr);
3908     }
3909     s->dma = omap_dma_init(0xfffed800, dma_irqs, system_memory,
3910                            qdev_get_gpio_in(s->ih[0], OMAP_INT_DMA_LCD),
3911                            s, omap_findclk(s, "dma_ck"), omap_dma_3_1);
3912 
3913     s->port[emiff    ].addr_valid = omap_validate_emiff_addr;
3914     s->port[emifs    ].addr_valid = omap_validate_emifs_addr;
3915     s->port[imif     ].addr_valid = omap_validate_imif_addr;
3916     s->port[tipb     ].addr_valid = omap_validate_tipb_addr;
3917     s->port[local    ].addr_valid = omap_validate_local_addr;
3918     s->port[tipb_mpui].addr_valid = omap_validate_tipb_mpui_addr;
3919 
3920     /* Register SDRAM and SRAM DMA ports for fast transfers.  */
3921     soc_dma_port_add_mem(s->dma, memory_region_get_ram_ptr(dram),
3922                          OMAP_EMIFF_BASE, s->sdram_size);
3923     soc_dma_port_add_mem(s->dma, memory_region_get_ram_ptr(&s->imif_ram),
3924                          OMAP_IMIF_BASE, s->sram_size);
3925 
3926     s->timer[0] = omap_mpu_timer_init(system_memory, 0xfffec500,
3927                     qdev_get_gpio_in(s->ih[0], OMAP_INT_TIMER1),
3928                     omap_findclk(s, "mputim_ck"));
3929     s->timer[1] = omap_mpu_timer_init(system_memory, 0xfffec600,
3930                     qdev_get_gpio_in(s->ih[0], OMAP_INT_TIMER2),
3931                     omap_findclk(s, "mputim_ck"));
3932     s->timer[2] = omap_mpu_timer_init(system_memory, 0xfffec700,
3933                     qdev_get_gpio_in(s->ih[0], OMAP_INT_TIMER3),
3934                     omap_findclk(s, "mputim_ck"));
3935 
3936     s->wdt = omap_wd_timer_init(system_memory, 0xfffec800,
3937                     qdev_get_gpio_in(s->ih[0], OMAP_INT_WD_TIMER),
3938                     omap_findclk(s, "armwdt_ck"));
3939 
3940     s->os_timer = omap_os_timer_init(system_memory, 0xfffb9000,
3941                     qdev_get_gpio_in(s->ih[1], OMAP_INT_OS_TIMER),
3942                     omap_findclk(s, "clk32-kHz"));
3943 
3944     s->lcd = omap_lcdc_init(system_memory, 0xfffec000,
3945                             qdev_get_gpio_in(s->ih[0], OMAP_INT_LCD_CTRL),
3946                             omap_dma_get_lcdch(s->dma),
3947                             omap_findclk(s, "lcd_ck"));
3948 
3949     omap_ulpd_pm_init(system_memory, 0xfffe0800, s);
3950     omap_pin_cfg_init(system_memory, 0xfffe1000, s);
3951     omap_id_init(system_memory, s);
3952 
3953     omap_mpui_init(system_memory, 0xfffec900, s);
3954 
3955     s->private_tipb = omap_tipb_bridge_init(system_memory, 0xfffeca00,
3956                     qdev_get_gpio_in(s->ih[0], OMAP_INT_BRIDGE_PRIV),
3957                     omap_findclk(s, "tipb_ck"));
3958     s->public_tipb = omap_tipb_bridge_init(system_memory, 0xfffed300,
3959                     qdev_get_gpio_in(s->ih[0], OMAP_INT_BRIDGE_PUB),
3960                     omap_findclk(s, "tipb_ck"));
3961 
3962     omap_tcmi_init(system_memory, 0xfffecc00, s);
3963 
3964     s->uart[0] = omap_uart_init(0xfffb0000,
3965                                 qdev_get_gpio_in(s->ih[1], OMAP_INT_UART1),
3966                     omap_findclk(s, "uart1_ck"),
3967                     omap_findclk(s, "uart1_ck"),
3968                     s->drq[OMAP_DMA_UART1_TX], s->drq[OMAP_DMA_UART1_RX],
3969                     "uart1",
3970                     serial_hd(0));
3971     s->uart[1] = omap_uart_init(0xfffb0800,
3972                                 qdev_get_gpio_in(s->ih[1], OMAP_INT_UART2),
3973                     omap_findclk(s, "uart2_ck"),
3974                     omap_findclk(s, "uart2_ck"),
3975                     s->drq[OMAP_DMA_UART2_TX], s->drq[OMAP_DMA_UART2_RX],
3976                     "uart2",
3977                     serial_hd(0) ? serial_hd(1) : NULL);
3978     s->uart[2] = omap_uart_init(0xfffb9800,
3979                                 qdev_get_gpio_in(s->ih[0], OMAP_INT_UART3),
3980                     omap_findclk(s, "uart3_ck"),
3981                     omap_findclk(s, "uart3_ck"),
3982                     s->drq[OMAP_DMA_UART3_TX], s->drq[OMAP_DMA_UART3_RX],
3983                     "uart3",
3984                     serial_hd(0) && serial_hd(1) ? serial_hd(2) : NULL);
3985 
3986     s->dpll[0] = omap_dpll_init(system_memory, 0xfffecf00,
3987                                 omap_findclk(s, "dpll1"));
3988     s->dpll[1] = omap_dpll_init(system_memory, 0xfffed000,
3989                                 omap_findclk(s, "dpll2"));
3990     s->dpll[2] = omap_dpll_init(system_memory, 0xfffed100,
3991                                 omap_findclk(s, "dpll3"));
3992 
3993     dinfo = drive_get(IF_SD, 0, 0);
3994     if (!dinfo && !qtest_enabled()) {
3995         warn_report("missing SecureDigital device");
3996     }
3997     s->mmc = omap_mmc_init(0xfffb7800, system_memory,
3998                            dinfo ? blk_by_legacy_dinfo(dinfo) : NULL,
3999                            qdev_get_gpio_in(s->ih[1], OMAP_INT_OQN),
4000                            &s->drq[OMAP_DMA_MMC_TX],
4001                     omap_findclk(s, "mmc_ck"));
4002 
4003     s->mpuio = omap_mpuio_init(system_memory, 0xfffb5000,
4004                                qdev_get_gpio_in(s->ih[1], OMAP_INT_KEYBOARD),
4005                                qdev_get_gpio_in(s->ih[1], OMAP_INT_MPUIO),
4006                                s->wakeup, omap_findclk(s, "clk32-kHz"));
4007 
4008     s->gpio = qdev_new("omap-gpio");
4009     qdev_prop_set_int32(s->gpio, "mpu_model", s->mpu_model);
4010     omap_gpio_set_clk(OMAP1_GPIO(s->gpio), omap_findclk(s, "arm_gpio_ck"));
4011     sysbus_realize_and_unref(SYS_BUS_DEVICE(s->gpio), &error_fatal);
4012     sysbus_connect_irq(SYS_BUS_DEVICE(s->gpio), 0,
4013                        qdev_get_gpio_in(s->ih[0], OMAP_INT_GPIO_BANK1));
4014     sysbus_mmio_map(SYS_BUS_DEVICE(s->gpio), 0, 0xfffce000);
4015 
4016     s->microwire = omap_uwire_init(system_memory, 0xfffb3000,
4017                                    qdev_get_gpio_in(s->ih[1], OMAP_INT_uWireTX),
4018                                    qdev_get_gpio_in(s->ih[1], OMAP_INT_uWireRX),
4019                     s->drq[OMAP_DMA_UWIRE_TX], omap_findclk(s, "mpuper_ck"));
4020 
4021     s->pwl = omap_pwl_init(system_memory, 0xfffb5800,
4022                            omap_findclk(s, "armxor_ck"));
4023     s->pwt = omap_pwt_init(system_memory, 0xfffb6000,
4024                            omap_findclk(s, "armxor_ck"));
4025 
4026     s->i2c[0] = qdev_new("omap_i2c");
4027     qdev_prop_set_uint8(s->i2c[0], "revision", 0x11);
4028     omap_i2c_set_fclk(OMAP_I2C(s->i2c[0]), omap_findclk(s, "mpuper_ck"));
4029     busdev = SYS_BUS_DEVICE(s->i2c[0]);
4030     sysbus_realize_and_unref(busdev, &error_fatal);
4031     sysbus_connect_irq(busdev, 0, qdev_get_gpio_in(s->ih[1], OMAP_INT_I2C));
4032     sysbus_connect_irq(busdev, 1, s->drq[OMAP_DMA_I2C_TX]);
4033     sysbus_connect_irq(busdev, 2, s->drq[OMAP_DMA_I2C_RX]);
4034     sysbus_mmio_map(busdev, 0, 0xfffb3800);
4035 
4036     s->rtc = omap_rtc_init(system_memory, 0xfffb4800,
4037                            qdev_get_gpio_in(s->ih[1], OMAP_INT_RTC_TIMER),
4038                            qdev_get_gpio_in(s->ih[1], OMAP_INT_RTC_ALARM),
4039                     omap_findclk(s, "clk32-kHz"));
4040 
4041     s->mcbsp1 = omap_mcbsp_init(system_memory, 0xfffb1800,
4042                                 qdev_get_gpio_in(s->ih[1], OMAP_INT_McBSP1TX),
4043                                 qdev_get_gpio_in(s->ih[1], OMAP_INT_McBSP1RX),
4044                     &s->drq[OMAP_DMA_MCBSP1_TX], omap_findclk(s, "dspxor_ck"));
4045     s->mcbsp2 = omap_mcbsp_init(system_memory, 0xfffb1000,
4046                                 qdev_get_gpio_in(s->ih[0],
4047                                                  OMAP_INT_310_McBSP2_TX),
4048                                 qdev_get_gpio_in(s->ih[0],
4049                                                  OMAP_INT_310_McBSP2_RX),
4050                     &s->drq[OMAP_DMA_MCBSP2_TX], omap_findclk(s, "mpuper_ck"));
4051     s->mcbsp3 = omap_mcbsp_init(system_memory, 0xfffb7000,
4052                                 qdev_get_gpio_in(s->ih[1], OMAP_INT_McBSP3TX),
4053                                 qdev_get_gpio_in(s->ih[1], OMAP_INT_McBSP3RX),
4054                     &s->drq[OMAP_DMA_MCBSP3_TX], omap_findclk(s, "dspxor_ck"));
4055 
4056     s->led[0] = omap_lpg_init(system_memory,
4057                               0xfffbd000, omap_findclk(s, "clk32-kHz"));
4058     s->led[1] = omap_lpg_init(system_memory,
4059                               0xfffbd800, omap_findclk(s, "clk32-kHz"));
4060 
4061     /* Register mappings not currently implemented:
4062      * MCSI2 Comm	fffb2000 - fffb27ff (not mapped on OMAP310)
4063      * MCSI1 Bluetooth	fffb2800 - fffb2fff (not mapped on OMAP310)
4064      * USB W2FC		fffb4000 - fffb47ff
4065      * Camera Interface	fffb6800 - fffb6fff
4066      * USB Host		fffba000 - fffba7ff
4067      * FAC		fffba800 - fffbafff
4068      * HDQ/1-Wire	fffbc000 - fffbc7ff
4069      * TIPB switches	fffbc800 - fffbcfff
4070      * Mailbox		fffcf000 - fffcf7ff
4071      * Local bus IF	fffec100 - fffec1ff
4072      * Local bus MMU	fffec200 - fffec2ff
4073      * DSP MMU		fffed200 - fffed2ff
4074      */
4075 
4076     omap_setup_dsp_mapping(system_memory, omap15xx_dsp_mm);
4077     omap_setup_mpui_io(system_memory, s);
4078 
4079     qemu_register_reset(omap1_mpu_reset, s);
4080 
4081     return s;
4082 }
4083