xref: /openbmc/qemu/hw/arm/omap1.c (revision f7160f32)
1 /*
2  * TI OMAP processors emulation.
3  *
4  * Copyright (C) 2006-2008 Andrzej Zaborowski  <balrog@zabor.org>
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License as
8  * published by the Free Software Foundation; either version 2 or
9  * (at your option) version 3 of the License.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License along
17  * with this program; if not, see <http://www.gnu.org/licenses/>.
18  */
19 
20 #include "qemu/osdep.h"
21 #include "qemu/error-report.h"
22 #include "qemu/main-loop.h"
23 #include "qapi/error.h"
24 #include "qemu-common.h"
25 #include "cpu.h"
26 #include "exec/address-spaces.h"
27 #include "hw/boards.h"
28 #include "hw/hw.h"
29 #include "hw/irq.h"
30 #include "hw/qdev-properties.h"
31 #include "hw/arm/boot.h"
32 #include "hw/arm/omap.h"
33 #include "sysemu/blockdev.h"
34 #include "sysemu/sysemu.h"
35 #include "hw/arm/soc_dma.h"
36 #include "sysemu/qtest.h"
37 #include "sysemu/reset.h"
38 #include "sysemu/runstate.h"
39 #include "qemu/range.h"
40 #include "hw/sysbus.h"
41 #include "qemu/cutils.h"
42 #include "qemu/bcd.h"
43 
44 static inline void omap_log_badwidth(const char *funcname, hwaddr addr, int sz)
45 {
46     qemu_log_mask(LOG_GUEST_ERROR, "%s: %d-bit register %#08" HWADDR_PRIx "\n",
47                   funcname, 8 * sz, addr);
48 }
49 
50 /* Should signal the TCMI/GPMC */
51 uint32_t omap_badwidth_read8(void *opaque, hwaddr addr)
52 {
53     uint8_t ret;
54 
55     omap_log_badwidth(__func__, addr, 1);
56     cpu_physical_memory_read(addr, &ret, 1);
57     return ret;
58 }
59 
60 void omap_badwidth_write8(void *opaque, hwaddr addr,
61                 uint32_t value)
62 {
63     uint8_t val8 = value;
64 
65     omap_log_badwidth(__func__, addr, 1);
66     cpu_physical_memory_write(addr, &val8, 1);
67 }
68 
69 uint32_t omap_badwidth_read16(void *opaque, hwaddr addr)
70 {
71     uint16_t ret;
72 
73     omap_log_badwidth(__func__, addr, 2);
74     cpu_physical_memory_read(addr, &ret, 2);
75     return ret;
76 }
77 
78 void omap_badwidth_write16(void *opaque, hwaddr addr,
79                 uint32_t value)
80 {
81     uint16_t val16 = value;
82 
83     omap_log_badwidth(__func__, addr, 2);
84     cpu_physical_memory_write(addr, &val16, 2);
85 }
86 
87 uint32_t omap_badwidth_read32(void *opaque, hwaddr addr)
88 {
89     uint32_t ret;
90 
91     omap_log_badwidth(__func__, addr, 4);
92     cpu_physical_memory_read(addr, &ret, 4);
93     return ret;
94 }
95 
96 void omap_badwidth_write32(void *opaque, hwaddr addr,
97                 uint32_t value)
98 {
99     omap_log_badwidth(__func__, addr, 4);
100     cpu_physical_memory_write(addr, &value, 4);
101 }
102 
103 /* MPU OS timers */
104 struct omap_mpu_timer_s {
105     MemoryRegion iomem;
106     qemu_irq irq;
107     omap_clk clk;
108     uint32_t val;
109     int64_t time;
110     QEMUTimer *timer;
111     QEMUBH *tick;
112     int64_t rate;
113     int it_ena;
114 
115     int enable;
116     int ptv;
117     int ar;
118     int st;
119     uint32_t reset_val;
120 };
121 
122 static inline uint32_t omap_timer_read(struct omap_mpu_timer_s *timer)
123 {
124     uint64_t distance = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) - timer->time;
125 
126     if (timer->st && timer->enable && timer->rate)
127         return timer->val - muldiv64(distance >> (timer->ptv + 1),
128                                      timer->rate, NANOSECONDS_PER_SECOND);
129     else
130         return timer->val;
131 }
132 
133 static inline void omap_timer_sync(struct omap_mpu_timer_s *timer)
134 {
135     timer->val = omap_timer_read(timer);
136     timer->time = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
137 }
138 
139 static inline void omap_timer_update(struct omap_mpu_timer_s *timer)
140 {
141     int64_t expires;
142 
143     if (timer->enable && timer->st && timer->rate) {
144         timer->val = timer->reset_val;	/* Should skip this on clk enable */
145         expires = muldiv64((uint64_t) timer->val << (timer->ptv + 1),
146                            NANOSECONDS_PER_SECOND, timer->rate);
147 
148         /* If timer expiry would be sooner than in about 1 ms and
149          * auto-reload isn't set, then fire immediately.  This is a hack
150          * to make systems like PalmOS run in acceptable time.  PalmOS
151          * sets the interval to a very low value and polls the status bit
152          * in a busy loop when it wants to sleep just a couple of CPU
153          * ticks.  */
154         if (expires > (NANOSECONDS_PER_SECOND >> 10) || timer->ar) {
155             timer_mod(timer->timer, timer->time + expires);
156         } else {
157             qemu_bh_schedule(timer->tick);
158         }
159     } else
160         timer_del(timer->timer);
161 }
162 
163 static void omap_timer_fire(void *opaque)
164 {
165     struct omap_mpu_timer_s *timer = opaque;
166 
167     if (!timer->ar) {
168         timer->val = 0;
169         timer->st = 0;
170     }
171 
172     if (timer->it_ena)
173         /* Edge-triggered irq */
174         qemu_irq_pulse(timer->irq);
175 }
176 
177 static void omap_timer_tick(void *opaque)
178 {
179     struct omap_mpu_timer_s *timer = (struct omap_mpu_timer_s *) opaque;
180 
181     omap_timer_sync(timer);
182     omap_timer_fire(timer);
183     omap_timer_update(timer);
184 }
185 
186 static void omap_timer_clk_update(void *opaque, int line, int on)
187 {
188     struct omap_mpu_timer_s *timer = (struct omap_mpu_timer_s *) opaque;
189 
190     omap_timer_sync(timer);
191     timer->rate = on ? omap_clk_getrate(timer->clk) : 0;
192     omap_timer_update(timer);
193 }
194 
195 static void omap_timer_clk_setup(struct omap_mpu_timer_s *timer)
196 {
197     omap_clk_adduser(timer->clk,
198                     qemu_allocate_irq(omap_timer_clk_update, timer, 0));
199     timer->rate = omap_clk_getrate(timer->clk);
200 }
201 
202 static uint64_t omap_mpu_timer_read(void *opaque, hwaddr addr,
203                                     unsigned size)
204 {
205     struct omap_mpu_timer_s *s = (struct omap_mpu_timer_s *) opaque;
206 
207     if (size != 4) {
208         return omap_badwidth_read32(opaque, addr);
209     }
210 
211     switch (addr) {
212     case 0x00:	/* CNTL_TIMER */
213         return (s->enable << 5) | (s->ptv << 2) | (s->ar << 1) | s->st;
214 
215     case 0x04:	/* LOAD_TIM */
216         break;
217 
218     case 0x08:	/* READ_TIM */
219         return omap_timer_read(s);
220     }
221 
222     OMAP_BAD_REG(addr);
223     return 0;
224 }
225 
226 static void omap_mpu_timer_write(void *opaque, hwaddr addr,
227                                  uint64_t value, unsigned size)
228 {
229     struct omap_mpu_timer_s *s = (struct omap_mpu_timer_s *) opaque;
230 
231     if (size != 4) {
232         omap_badwidth_write32(opaque, addr, value);
233         return;
234     }
235 
236     switch (addr) {
237     case 0x00:	/* CNTL_TIMER */
238         omap_timer_sync(s);
239         s->enable = (value >> 5) & 1;
240         s->ptv = (value >> 2) & 7;
241         s->ar = (value >> 1) & 1;
242         s->st = value & 1;
243         omap_timer_update(s);
244         return;
245 
246     case 0x04:	/* LOAD_TIM */
247         s->reset_val = value;
248         return;
249 
250     case 0x08:	/* READ_TIM */
251         OMAP_RO_REG(addr);
252         break;
253 
254     default:
255         OMAP_BAD_REG(addr);
256     }
257 }
258 
259 static const MemoryRegionOps omap_mpu_timer_ops = {
260     .read = omap_mpu_timer_read,
261     .write = omap_mpu_timer_write,
262     .endianness = DEVICE_LITTLE_ENDIAN,
263 };
264 
265 static void omap_mpu_timer_reset(struct omap_mpu_timer_s *s)
266 {
267     timer_del(s->timer);
268     s->enable = 0;
269     s->reset_val = 31337;
270     s->val = 0;
271     s->ptv = 0;
272     s->ar = 0;
273     s->st = 0;
274     s->it_ena = 1;
275 }
276 
277 static struct omap_mpu_timer_s *omap_mpu_timer_init(MemoryRegion *system_memory,
278                 hwaddr base,
279                 qemu_irq irq, omap_clk clk)
280 {
281     struct omap_mpu_timer_s *s = g_new0(struct omap_mpu_timer_s, 1);
282 
283     s->irq = irq;
284     s->clk = clk;
285     s->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, omap_timer_tick, s);
286     s->tick = qemu_bh_new(omap_timer_fire, s);
287     omap_mpu_timer_reset(s);
288     omap_timer_clk_setup(s);
289 
290     memory_region_init_io(&s->iomem, NULL, &omap_mpu_timer_ops, s,
291                           "omap-mpu-timer", 0x100);
292 
293     memory_region_add_subregion(system_memory, base, &s->iomem);
294 
295     return s;
296 }
297 
298 /* Watchdog timer */
299 struct omap_watchdog_timer_s {
300     struct omap_mpu_timer_s timer;
301     MemoryRegion iomem;
302     uint8_t last_wr;
303     int mode;
304     int free;
305     int reset;
306 };
307 
308 static uint64_t omap_wd_timer_read(void *opaque, hwaddr addr,
309                                    unsigned size)
310 {
311     struct omap_watchdog_timer_s *s = (struct omap_watchdog_timer_s *) opaque;
312 
313     if (size != 2) {
314         return omap_badwidth_read16(opaque, addr);
315     }
316 
317     switch (addr) {
318     case 0x00:	/* CNTL_TIMER */
319         return (s->timer.ptv << 9) | (s->timer.ar << 8) |
320                 (s->timer.st << 7) | (s->free << 1);
321 
322     case 0x04:	/* READ_TIMER */
323         return omap_timer_read(&s->timer);
324 
325     case 0x08:	/* TIMER_MODE */
326         return s->mode << 15;
327     }
328 
329     OMAP_BAD_REG(addr);
330     return 0;
331 }
332 
333 static void omap_wd_timer_write(void *opaque, hwaddr addr,
334                                 uint64_t value, unsigned size)
335 {
336     struct omap_watchdog_timer_s *s = (struct omap_watchdog_timer_s *) opaque;
337 
338     if (size != 2) {
339         omap_badwidth_write16(opaque, addr, value);
340         return;
341     }
342 
343     switch (addr) {
344     case 0x00:	/* CNTL_TIMER */
345         omap_timer_sync(&s->timer);
346         s->timer.ptv = (value >> 9) & 7;
347         s->timer.ar = (value >> 8) & 1;
348         s->timer.st = (value >> 7) & 1;
349         s->free = (value >> 1) & 1;
350         omap_timer_update(&s->timer);
351         break;
352 
353     case 0x04:	/* LOAD_TIMER */
354         s->timer.reset_val = value & 0xffff;
355         break;
356 
357     case 0x08:	/* TIMER_MODE */
358         if (!s->mode && ((value >> 15) & 1))
359             omap_clk_get(s->timer.clk);
360         s->mode |= (value >> 15) & 1;
361         if (s->last_wr == 0xf5) {
362             if ((value & 0xff) == 0xa0) {
363                 if (s->mode) {
364                     s->mode = 0;
365                     omap_clk_put(s->timer.clk);
366                 }
367             } else {
368                 /* XXX: on T|E hardware somehow this has no effect,
369                  * on Zire 71 it works as specified.  */
370                 s->reset = 1;
371                 qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET);
372             }
373         }
374         s->last_wr = value & 0xff;
375         break;
376 
377     default:
378         OMAP_BAD_REG(addr);
379     }
380 }
381 
382 static const MemoryRegionOps omap_wd_timer_ops = {
383     .read = omap_wd_timer_read,
384     .write = omap_wd_timer_write,
385     .endianness = DEVICE_NATIVE_ENDIAN,
386 };
387 
388 static void omap_wd_timer_reset(struct omap_watchdog_timer_s *s)
389 {
390     timer_del(s->timer.timer);
391     if (!s->mode)
392         omap_clk_get(s->timer.clk);
393     s->mode = 1;
394     s->free = 1;
395     s->reset = 0;
396     s->timer.enable = 1;
397     s->timer.it_ena = 1;
398     s->timer.reset_val = 0xffff;
399     s->timer.val = 0;
400     s->timer.st = 0;
401     s->timer.ptv = 0;
402     s->timer.ar = 0;
403     omap_timer_update(&s->timer);
404 }
405 
406 static struct omap_watchdog_timer_s *omap_wd_timer_init(MemoryRegion *memory,
407                 hwaddr base,
408                 qemu_irq irq, omap_clk clk)
409 {
410     struct omap_watchdog_timer_s *s = g_new0(struct omap_watchdog_timer_s, 1);
411 
412     s->timer.irq = irq;
413     s->timer.clk = clk;
414     s->timer.timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, omap_timer_tick, &s->timer);
415     omap_wd_timer_reset(s);
416     omap_timer_clk_setup(&s->timer);
417 
418     memory_region_init_io(&s->iomem, NULL, &omap_wd_timer_ops, s,
419                           "omap-wd-timer", 0x100);
420     memory_region_add_subregion(memory, base, &s->iomem);
421 
422     return s;
423 }
424 
425 /* 32-kHz timer */
426 struct omap_32khz_timer_s {
427     struct omap_mpu_timer_s timer;
428     MemoryRegion iomem;
429 };
430 
431 static uint64_t omap_os_timer_read(void *opaque, hwaddr addr,
432                                    unsigned size)
433 {
434     struct omap_32khz_timer_s *s = (struct omap_32khz_timer_s *) opaque;
435     int offset = addr & OMAP_MPUI_REG_MASK;
436 
437     if (size != 4) {
438         return omap_badwidth_read32(opaque, addr);
439     }
440 
441     switch (offset) {
442     case 0x00:	/* TVR */
443         return s->timer.reset_val;
444 
445     case 0x04:	/* TCR */
446         return omap_timer_read(&s->timer);
447 
448     case 0x08:	/* CR */
449         return (s->timer.ar << 3) | (s->timer.it_ena << 2) | s->timer.st;
450 
451     default:
452         break;
453     }
454     OMAP_BAD_REG(addr);
455     return 0;
456 }
457 
458 static void omap_os_timer_write(void *opaque, hwaddr addr,
459                                 uint64_t value, unsigned size)
460 {
461     struct omap_32khz_timer_s *s = (struct omap_32khz_timer_s *) opaque;
462     int offset = addr & OMAP_MPUI_REG_MASK;
463 
464     if (size != 4) {
465         omap_badwidth_write32(opaque, addr, value);
466         return;
467     }
468 
469     switch (offset) {
470     case 0x00:	/* TVR */
471         s->timer.reset_val = value & 0x00ffffff;
472         break;
473 
474     case 0x04:	/* TCR */
475         OMAP_RO_REG(addr);
476         break;
477 
478     case 0x08:	/* CR */
479         s->timer.ar = (value >> 3) & 1;
480         s->timer.it_ena = (value >> 2) & 1;
481         if (s->timer.st != (value & 1) || (value & 2)) {
482             omap_timer_sync(&s->timer);
483             s->timer.enable = value & 1;
484             s->timer.st = value & 1;
485             omap_timer_update(&s->timer);
486         }
487         break;
488 
489     default:
490         OMAP_BAD_REG(addr);
491     }
492 }
493 
494 static const MemoryRegionOps omap_os_timer_ops = {
495     .read = omap_os_timer_read,
496     .write = omap_os_timer_write,
497     .endianness = DEVICE_NATIVE_ENDIAN,
498 };
499 
500 static void omap_os_timer_reset(struct omap_32khz_timer_s *s)
501 {
502     timer_del(s->timer.timer);
503     s->timer.enable = 0;
504     s->timer.it_ena = 0;
505     s->timer.reset_val = 0x00ffffff;
506     s->timer.val = 0;
507     s->timer.st = 0;
508     s->timer.ptv = 0;
509     s->timer.ar = 1;
510 }
511 
512 static struct omap_32khz_timer_s *omap_os_timer_init(MemoryRegion *memory,
513                 hwaddr base,
514                 qemu_irq irq, omap_clk clk)
515 {
516     struct omap_32khz_timer_s *s = g_new0(struct omap_32khz_timer_s, 1);
517 
518     s->timer.irq = irq;
519     s->timer.clk = clk;
520     s->timer.timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, omap_timer_tick, &s->timer);
521     omap_os_timer_reset(s);
522     omap_timer_clk_setup(&s->timer);
523 
524     memory_region_init_io(&s->iomem, NULL, &omap_os_timer_ops, s,
525                           "omap-os-timer", 0x800);
526     memory_region_add_subregion(memory, base, &s->iomem);
527 
528     return s;
529 }
530 
531 /* Ultra Low-Power Device Module */
532 static uint64_t omap_ulpd_pm_read(void *opaque, hwaddr addr,
533                                   unsigned size)
534 {
535     struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
536     uint16_t ret;
537 
538     if (size != 2) {
539         return omap_badwidth_read16(opaque, addr);
540     }
541 
542     switch (addr) {
543     case 0x14:	/* IT_STATUS */
544         ret = s->ulpd_pm_regs[addr >> 2];
545         s->ulpd_pm_regs[addr >> 2] = 0;
546         qemu_irq_lower(qdev_get_gpio_in(s->ih[1], OMAP_INT_GAUGE_32K));
547         return ret;
548 
549     case 0x18:	/* Reserved */
550     case 0x1c:	/* Reserved */
551     case 0x20:	/* Reserved */
552     case 0x28:	/* Reserved */
553     case 0x2c:	/* Reserved */
554         OMAP_BAD_REG(addr);
555         /* fall through */
556     case 0x00:	/* COUNTER_32_LSB */
557     case 0x04:	/* COUNTER_32_MSB */
558     case 0x08:	/* COUNTER_HIGH_FREQ_LSB */
559     case 0x0c:	/* COUNTER_HIGH_FREQ_MSB */
560     case 0x10:	/* GAUGING_CTRL */
561     case 0x24:	/* SETUP_ANALOG_CELL3_ULPD1 */
562     case 0x30:	/* CLOCK_CTRL */
563     case 0x34:	/* SOFT_REQ */
564     case 0x38:	/* COUNTER_32_FIQ */
565     case 0x3c:	/* DPLL_CTRL */
566     case 0x40:	/* STATUS_REQ */
567         /* XXX: check clk::usecount state for every clock */
568     case 0x48:	/* LOCL_TIME */
569     case 0x4c:	/* APLL_CTRL */
570     case 0x50:	/* POWER_CTRL */
571         return s->ulpd_pm_regs[addr >> 2];
572     }
573 
574     OMAP_BAD_REG(addr);
575     return 0;
576 }
577 
578 static inline void omap_ulpd_clk_update(struct omap_mpu_state_s *s,
579                 uint16_t diff, uint16_t value)
580 {
581     if (diff & (1 << 4))				/* USB_MCLK_EN */
582         omap_clk_onoff(omap_findclk(s, "usb_clk0"), (value >> 4) & 1);
583     if (diff & (1 << 5))				/* DIS_USB_PVCI_CLK */
584         omap_clk_onoff(omap_findclk(s, "usb_w2fc_ck"), (~value >> 5) & 1);
585 }
586 
587 static inline void omap_ulpd_req_update(struct omap_mpu_state_s *s,
588                 uint16_t diff, uint16_t value)
589 {
590     if (diff & (1 << 0))				/* SOFT_DPLL_REQ */
591         omap_clk_canidle(omap_findclk(s, "dpll4"), (~value >> 0) & 1);
592     if (diff & (1 << 1))				/* SOFT_COM_REQ */
593         omap_clk_canidle(omap_findclk(s, "com_mclk_out"), (~value >> 1) & 1);
594     if (diff & (1 << 2))				/* SOFT_SDW_REQ */
595         omap_clk_canidle(omap_findclk(s, "bt_mclk_out"), (~value >> 2) & 1);
596     if (diff & (1 << 3))				/* SOFT_USB_REQ */
597         omap_clk_canidle(omap_findclk(s, "usb_clk0"), (~value >> 3) & 1);
598 }
599 
600 static void omap_ulpd_pm_write(void *opaque, hwaddr addr,
601                                uint64_t value, unsigned size)
602 {
603     struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
604     int64_t now, ticks;
605     int div, mult;
606     static const int bypass_div[4] = { 1, 2, 4, 4 };
607     uint16_t diff;
608 
609     if (size != 2) {
610         omap_badwidth_write16(opaque, addr, value);
611         return;
612     }
613 
614     switch (addr) {
615     case 0x00:	/* COUNTER_32_LSB */
616     case 0x04:	/* COUNTER_32_MSB */
617     case 0x08:	/* COUNTER_HIGH_FREQ_LSB */
618     case 0x0c:	/* COUNTER_HIGH_FREQ_MSB */
619     case 0x14:	/* IT_STATUS */
620     case 0x40:	/* STATUS_REQ */
621         OMAP_RO_REG(addr);
622         break;
623 
624     case 0x10:	/* GAUGING_CTRL */
625         /* Bits 0 and 1 seem to be confused in the OMAP 310 TRM */
626         if ((s->ulpd_pm_regs[addr >> 2] ^ value) & 1) {
627             now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
628 
629             if (value & 1)
630                 s->ulpd_gauge_start = now;
631             else {
632                 now -= s->ulpd_gauge_start;
633 
634                 /* 32-kHz ticks */
635                 ticks = muldiv64(now, 32768, NANOSECONDS_PER_SECOND);
636                 s->ulpd_pm_regs[0x00 >> 2] = (ticks >>  0) & 0xffff;
637                 s->ulpd_pm_regs[0x04 >> 2] = (ticks >> 16) & 0xffff;
638                 if (ticks >> 32)	/* OVERFLOW_32K */
639                     s->ulpd_pm_regs[0x14 >> 2] |= 1 << 2;
640 
641                 /* High frequency ticks */
642                 ticks = muldiv64(now, 12000000, NANOSECONDS_PER_SECOND);
643                 s->ulpd_pm_regs[0x08 >> 2] = (ticks >>  0) & 0xffff;
644                 s->ulpd_pm_regs[0x0c >> 2] = (ticks >> 16) & 0xffff;
645                 if (ticks >> 32)	/* OVERFLOW_HI_FREQ */
646                     s->ulpd_pm_regs[0x14 >> 2] |= 1 << 1;
647 
648                 s->ulpd_pm_regs[0x14 >> 2] |= 1 << 0;	/* IT_GAUGING */
649                 qemu_irq_raise(qdev_get_gpio_in(s->ih[1], OMAP_INT_GAUGE_32K));
650             }
651         }
652         s->ulpd_pm_regs[addr >> 2] = value;
653         break;
654 
655     case 0x18:	/* Reserved */
656     case 0x1c:	/* Reserved */
657     case 0x20:	/* Reserved */
658     case 0x28:	/* Reserved */
659     case 0x2c:	/* Reserved */
660         OMAP_BAD_REG(addr);
661         /* fall through */
662     case 0x24:	/* SETUP_ANALOG_CELL3_ULPD1 */
663     case 0x38:	/* COUNTER_32_FIQ */
664     case 0x48:	/* LOCL_TIME */
665     case 0x50:	/* POWER_CTRL */
666         s->ulpd_pm_regs[addr >> 2] = value;
667         break;
668 
669     case 0x30:	/* CLOCK_CTRL */
670         diff = s->ulpd_pm_regs[addr >> 2] ^ value;
671         s->ulpd_pm_regs[addr >> 2] = value & 0x3f;
672         omap_ulpd_clk_update(s, diff, value);
673         break;
674 
675     case 0x34:	/* SOFT_REQ */
676         diff = s->ulpd_pm_regs[addr >> 2] ^ value;
677         s->ulpd_pm_regs[addr >> 2] = value & 0x1f;
678         omap_ulpd_req_update(s, diff, value);
679         break;
680 
681     case 0x3c:	/* DPLL_CTRL */
682         /* XXX: OMAP310 TRM claims bit 3 is PLL_ENABLE, and bit 4 is
683          * omitted altogether, probably a typo.  */
684         /* This register has identical semantics with DPLL(1:3) control
685          * registers, see omap_dpll_write() */
686         diff = s->ulpd_pm_regs[addr >> 2] & value;
687         s->ulpd_pm_regs[addr >> 2] = value & 0x2fff;
688         if (diff & (0x3ff << 2)) {
689             if (value & (1 << 4)) {			/* PLL_ENABLE */
690                 div = ((value >> 5) & 3) + 1;		/* PLL_DIV */
691                 mult = MIN((value >> 7) & 0x1f, 1);	/* PLL_MULT */
692             } else {
693                 div = bypass_div[((value >> 2) & 3)];	/* BYPASS_DIV */
694                 mult = 1;
695             }
696             omap_clk_setrate(omap_findclk(s, "dpll4"), div, mult);
697         }
698 
699         /* Enter the desired mode.  */
700         s->ulpd_pm_regs[addr >> 2] =
701                 (s->ulpd_pm_regs[addr >> 2] & 0xfffe) |
702                 ((s->ulpd_pm_regs[addr >> 2] >> 4) & 1);
703 
704         /* Act as if the lock is restored.  */
705         s->ulpd_pm_regs[addr >> 2] |= 2;
706         break;
707 
708     case 0x4c:	/* APLL_CTRL */
709         diff = s->ulpd_pm_regs[addr >> 2] & value;
710         s->ulpd_pm_regs[addr >> 2] = value & 0xf;
711         if (diff & (1 << 0))				/* APLL_NDPLL_SWITCH */
712             omap_clk_reparent(omap_findclk(s, "ck_48m"), omap_findclk(s,
713                                     (value & (1 << 0)) ? "apll" : "dpll4"));
714         break;
715 
716     default:
717         OMAP_BAD_REG(addr);
718     }
719 }
720 
721 static const MemoryRegionOps omap_ulpd_pm_ops = {
722     .read = omap_ulpd_pm_read,
723     .write = omap_ulpd_pm_write,
724     .endianness = DEVICE_NATIVE_ENDIAN,
725 };
726 
727 static void omap_ulpd_pm_reset(struct omap_mpu_state_s *mpu)
728 {
729     mpu->ulpd_pm_regs[0x00 >> 2] = 0x0001;
730     mpu->ulpd_pm_regs[0x04 >> 2] = 0x0000;
731     mpu->ulpd_pm_regs[0x08 >> 2] = 0x0001;
732     mpu->ulpd_pm_regs[0x0c >> 2] = 0x0000;
733     mpu->ulpd_pm_regs[0x10 >> 2] = 0x0000;
734     mpu->ulpd_pm_regs[0x18 >> 2] = 0x01;
735     mpu->ulpd_pm_regs[0x1c >> 2] = 0x01;
736     mpu->ulpd_pm_regs[0x20 >> 2] = 0x01;
737     mpu->ulpd_pm_regs[0x24 >> 2] = 0x03ff;
738     mpu->ulpd_pm_regs[0x28 >> 2] = 0x01;
739     mpu->ulpd_pm_regs[0x2c >> 2] = 0x01;
740     omap_ulpd_clk_update(mpu, mpu->ulpd_pm_regs[0x30 >> 2], 0x0000);
741     mpu->ulpd_pm_regs[0x30 >> 2] = 0x0000;
742     omap_ulpd_req_update(mpu, mpu->ulpd_pm_regs[0x34 >> 2], 0x0000);
743     mpu->ulpd_pm_regs[0x34 >> 2] = 0x0000;
744     mpu->ulpd_pm_regs[0x38 >> 2] = 0x0001;
745     mpu->ulpd_pm_regs[0x3c >> 2] = 0x2211;
746     mpu->ulpd_pm_regs[0x40 >> 2] = 0x0000; /* FIXME: dump a real STATUS_REQ */
747     mpu->ulpd_pm_regs[0x48 >> 2] = 0x960;
748     mpu->ulpd_pm_regs[0x4c >> 2] = 0x08;
749     mpu->ulpd_pm_regs[0x50 >> 2] = 0x08;
750     omap_clk_setrate(omap_findclk(mpu, "dpll4"), 1, 4);
751     omap_clk_reparent(omap_findclk(mpu, "ck_48m"), omap_findclk(mpu, "dpll4"));
752 }
753 
754 static void omap_ulpd_pm_init(MemoryRegion *system_memory,
755                 hwaddr base,
756                 struct omap_mpu_state_s *mpu)
757 {
758     memory_region_init_io(&mpu->ulpd_pm_iomem, NULL, &omap_ulpd_pm_ops, mpu,
759                           "omap-ulpd-pm", 0x800);
760     memory_region_add_subregion(system_memory, base, &mpu->ulpd_pm_iomem);
761     omap_ulpd_pm_reset(mpu);
762 }
763 
764 /* OMAP Pin Configuration */
765 static uint64_t omap_pin_cfg_read(void *opaque, hwaddr addr,
766                                   unsigned size)
767 {
768     struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
769 
770     if (size != 4) {
771         return omap_badwidth_read32(opaque, addr);
772     }
773 
774     switch (addr) {
775     case 0x00:	/* FUNC_MUX_CTRL_0 */
776     case 0x04:	/* FUNC_MUX_CTRL_1 */
777     case 0x08:	/* FUNC_MUX_CTRL_2 */
778         return s->func_mux_ctrl[addr >> 2];
779 
780     case 0x0c:	/* COMP_MODE_CTRL_0 */
781         return s->comp_mode_ctrl[0];
782 
783     case 0x10:	/* FUNC_MUX_CTRL_3 */
784     case 0x14:	/* FUNC_MUX_CTRL_4 */
785     case 0x18:	/* FUNC_MUX_CTRL_5 */
786     case 0x1c:	/* FUNC_MUX_CTRL_6 */
787     case 0x20:	/* FUNC_MUX_CTRL_7 */
788     case 0x24:	/* FUNC_MUX_CTRL_8 */
789     case 0x28:	/* FUNC_MUX_CTRL_9 */
790     case 0x2c:	/* FUNC_MUX_CTRL_A */
791     case 0x30:	/* FUNC_MUX_CTRL_B */
792     case 0x34:	/* FUNC_MUX_CTRL_C */
793     case 0x38:	/* FUNC_MUX_CTRL_D */
794         return s->func_mux_ctrl[(addr >> 2) - 1];
795 
796     case 0x40:	/* PULL_DWN_CTRL_0 */
797     case 0x44:	/* PULL_DWN_CTRL_1 */
798     case 0x48:	/* PULL_DWN_CTRL_2 */
799     case 0x4c:	/* PULL_DWN_CTRL_3 */
800         return s->pull_dwn_ctrl[(addr & 0xf) >> 2];
801 
802     case 0x50:	/* GATE_INH_CTRL_0 */
803         return s->gate_inh_ctrl[0];
804 
805     case 0x60:	/* VOLTAGE_CTRL_0 */
806         return s->voltage_ctrl[0];
807 
808     case 0x70:	/* TEST_DBG_CTRL_0 */
809         return s->test_dbg_ctrl[0];
810 
811     case 0x80:	/* MOD_CONF_CTRL_0 */
812         return s->mod_conf_ctrl[0];
813     }
814 
815     OMAP_BAD_REG(addr);
816     return 0;
817 }
818 
819 static inline void omap_pin_funcmux0_update(struct omap_mpu_state_s *s,
820                 uint32_t diff, uint32_t value)
821 {
822     if (s->compat1509) {
823         if (diff & (1 << 9))			/* BLUETOOTH */
824             omap_clk_onoff(omap_findclk(s, "bt_mclk_out"),
825                             (~value >> 9) & 1);
826         if (diff & (1 << 7))			/* USB.CLKO */
827             omap_clk_onoff(omap_findclk(s, "usb.clko"),
828                             (value >> 7) & 1);
829     }
830 }
831 
832 static inline void omap_pin_funcmux1_update(struct omap_mpu_state_s *s,
833                 uint32_t diff, uint32_t value)
834 {
835     if (s->compat1509) {
836         if (diff & (1U << 31)) {
837             /* MCBSP3_CLK_HIZ_DI */
838             omap_clk_onoff(omap_findclk(s, "mcbsp3.clkx"), (value >> 31) & 1);
839         }
840         if (diff & (1 << 1)) {
841             /* CLK32K */
842             omap_clk_onoff(omap_findclk(s, "clk32k_out"), (~value >> 1) & 1);
843         }
844     }
845 }
846 
847 static inline void omap_pin_modconf1_update(struct omap_mpu_state_s *s,
848                 uint32_t diff, uint32_t value)
849 {
850     if (diff & (1U << 31)) {
851         /* CONF_MOD_UART3_CLK_MODE_R */
852         omap_clk_reparent(omap_findclk(s, "uart3_ck"),
853                           omap_findclk(s, ((value >> 31) & 1) ?
854                                        "ck_48m" : "armper_ck"));
855     }
856     if (diff & (1 << 30))			/* CONF_MOD_UART2_CLK_MODE_R */
857          omap_clk_reparent(omap_findclk(s, "uart2_ck"),
858                          omap_findclk(s, ((value >> 30) & 1) ?
859                                  "ck_48m" : "armper_ck"));
860     if (diff & (1 << 29))			/* CONF_MOD_UART1_CLK_MODE_R */
861          omap_clk_reparent(omap_findclk(s, "uart1_ck"),
862                          omap_findclk(s, ((value >> 29) & 1) ?
863                                  "ck_48m" : "armper_ck"));
864     if (diff & (1 << 23))			/* CONF_MOD_MMC_SD_CLK_REQ_R */
865          omap_clk_reparent(omap_findclk(s, "mmc_ck"),
866                          omap_findclk(s, ((value >> 23) & 1) ?
867                                  "ck_48m" : "armper_ck"));
868     if (diff & (1 << 12))			/* CONF_MOD_COM_MCLK_12_48_S */
869          omap_clk_reparent(omap_findclk(s, "com_mclk_out"),
870                          omap_findclk(s, ((value >> 12) & 1) ?
871                                  "ck_48m" : "armper_ck"));
872     if (diff & (1 << 9))			/* CONF_MOD_USB_HOST_HHC_UHO */
873          omap_clk_onoff(omap_findclk(s, "usb_hhc_ck"), (value >> 9) & 1);
874 }
875 
876 static void omap_pin_cfg_write(void *opaque, hwaddr addr,
877                                uint64_t value, unsigned size)
878 {
879     struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
880     uint32_t diff;
881 
882     if (size != 4) {
883         omap_badwidth_write32(opaque, addr, value);
884         return;
885     }
886 
887     switch (addr) {
888     case 0x00:	/* FUNC_MUX_CTRL_0 */
889         diff = s->func_mux_ctrl[addr >> 2] ^ value;
890         s->func_mux_ctrl[addr >> 2] = value;
891         omap_pin_funcmux0_update(s, diff, value);
892         return;
893 
894     case 0x04:	/* FUNC_MUX_CTRL_1 */
895         diff = s->func_mux_ctrl[addr >> 2] ^ value;
896         s->func_mux_ctrl[addr >> 2] = value;
897         omap_pin_funcmux1_update(s, diff, value);
898         return;
899 
900     case 0x08:	/* FUNC_MUX_CTRL_2 */
901         s->func_mux_ctrl[addr >> 2] = value;
902         return;
903 
904     case 0x0c:	/* COMP_MODE_CTRL_0 */
905         s->comp_mode_ctrl[0] = value;
906         s->compat1509 = (value != 0x0000eaef);
907         omap_pin_funcmux0_update(s, ~0, s->func_mux_ctrl[0]);
908         omap_pin_funcmux1_update(s, ~0, s->func_mux_ctrl[1]);
909         return;
910 
911     case 0x10:	/* FUNC_MUX_CTRL_3 */
912     case 0x14:	/* FUNC_MUX_CTRL_4 */
913     case 0x18:	/* FUNC_MUX_CTRL_5 */
914     case 0x1c:	/* FUNC_MUX_CTRL_6 */
915     case 0x20:	/* FUNC_MUX_CTRL_7 */
916     case 0x24:	/* FUNC_MUX_CTRL_8 */
917     case 0x28:	/* FUNC_MUX_CTRL_9 */
918     case 0x2c:	/* FUNC_MUX_CTRL_A */
919     case 0x30:	/* FUNC_MUX_CTRL_B */
920     case 0x34:	/* FUNC_MUX_CTRL_C */
921     case 0x38:	/* FUNC_MUX_CTRL_D */
922         s->func_mux_ctrl[(addr >> 2) - 1] = value;
923         return;
924 
925     case 0x40:	/* PULL_DWN_CTRL_0 */
926     case 0x44:	/* PULL_DWN_CTRL_1 */
927     case 0x48:	/* PULL_DWN_CTRL_2 */
928     case 0x4c:	/* PULL_DWN_CTRL_3 */
929         s->pull_dwn_ctrl[(addr & 0xf) >> 2] = value;
930         return;
931 
932     case 0x50:	/* GATE_INH_CTRL_0 */
933         s->gate_inh_ctrl[0] = value;
934         return;
935 
936     case 0x60:	/* VOLTAGE_CTRL_0 */
937         s->voltage_ctrl[0] = value;
938         return;
939 
940     case 0x70:	/* TEST_DBG_CTRL_0 */
941         s->test_dbg_ctrl[0] = value;
942         return;
943 
944     case 0x80:	/* MOD_CONF_CTRL_0 */
945         diff = s->mod_conf_ctrl[0] ^ value;
946         s->mod_conf_ctrl[0] = value;
947         omap_pin_modconf1_update(s, diff, value);
948         return;
949 
950     default:
951         OMAP_BAD_REG(addr);
952     }
953 }
954 
955 static const MemoryRegionOps omap_pin_cfg_ops = {
956     .read = omap_pin_cfg_read,
957     .write = omap_pin_cfg_write,
958     .endianness = DEVICE_NATIVE_ENDIAN,
959 };
960 
961 static void omap_pin_cfg_reset(struct omap_mpu_state_s *mpu)
962 {
963     /* Start in Compatibility Mode.  */
964     mpu->compat1509 = 1;
965     omap_pin_funcmux0_update(mpu, mpu->func_mux_ctrl[0], 0);
966     omap_pin_funcmux1_update(mpu, mpu->func_mux_ctrl[1], 0);
967     omap_pin_modconf1_update(mpu, mpu->mod_conf_ctrl[0], 0);
968     memset(mpu->func_mux_ctrl, 0, sizeof(mpu->func_mux_ctrl));
969     memset(mpu->comp_mode_ctrl, 0, sizeof(mpu->comp_mode_ctrl));
970     memset(mpu->pull_dwn_ctrl, 0, sizeof(mpu->pull_dwn_ctrl));
971     memset(mpu->gate_inh_ctrl, 0, sizeof(mpu->gate_inh_ctrl));
972     memset(mpu->voltage_ctrl, 0, sizeof(mpu->voltage_ctrl));
973     memset(mpu->test_dbg_ctrl, 0, sizeof(mpu->test_dbg_ctrl));
974     memset(mpu->mod_conf_ctrl, 0, sizeof(mpu->mod_conf_ctrl));
975 }
976 
977 static void omap_pin_cfg_init(MemoryRegion *system_memory,
978                 hwaddr base,
979                 struct omap_mpu_state_s *mpu)
980 {
981     memory_region_init_io(&mpu->pin_cfg_iomem, NULL, &omap_pin_cfg_ops, mpu,
982                           "omap-pin-cfg", 0x800);
983     memory_region_add_subregion(system_memory, base, &mpu->pin_cfg_iomem);
984     omap_pin_cfg_reset(mpu);
985 }
986 
987 /* Device Identification, Die Identification */
988 static uint64_t omap_id_read(void *opaque, hwaddr addr,
989                              unsigned size)
990 {
991     struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
992 
993     if (size != 4) {
994         return omap_badwidth_read32(opaque, addr);
995     }
996 
997     switch (addr) {
998     case 0xfffe1800:	/* DIE_ID_LSB */
999         return 0xc9581f0e;
1000     case 0xfffe1804:	/* DIE_ID_MSB */
1001         return 0xa8858bfa;
1002 
1003     case 0xfffe2000:	/* PRODUCT_ID_LSB */
1004         return 0x00aaaafc;
1005     case 0xfffe2004:	/* PRODUCT_ID_MSB */
1006         return 0xcafeb574;
1007 
1008     case 0xfffed400:	/* JTAG_ID_LSB */
1009         switch (s->mpu_model) {
1010         case omap310:
1011             return 0x03310315;
1012         case omap1510:
1013             return 0x03310115;
1014         default:
1015             hw_error("%s: bad mpu model\n", __func__);
1016         }
1017         break;
1018 
1019     case 0xfffed404:	/* JTAG_ID_MSB */
1020         switch (s->mpu_model) {
1021         case omap310:
1022             return 0xfb57402f;
1023         case omap1510:
1024             return 0xfb47002f;
1025         default:
1026             hw_error("%s: bad mpu model\n", __func__);
1027         }
1028         break;
1029     }
1030 
1031     OMAP_BAD_REG(addr);
1032     return 0;
1033 }
1034 
1035 static void omap_id_write(void *opaque, hwaddr addr,
1036                           uint64_t value, unsigned size)
1037 {
1038     if (size != 4) {
1039         omap_badwidth_write32(opaque, addr, value);
1040         return;
1041     }
1042 
1043     OMAP_BAD_REG(addr);
1044 }
1045 
1046 static const MemoryRegionOps omap_id_ops = {
1047     .read = omap_id_read,
1048     .write = omap_id_write,
1049     .endianness = DEVICE_NATIVE_ENDIAN,
1050 };
1051 
1052 static void omap_id_init(MemoryRegion *memory, struct omap_mpu_state_s *mpu)
1053 {
1054     memory_region_init_io(&mpu->id_iomem, NULL, &omap_id_ops, mpu,
1055                           "omap-id", 0x100000000ULL);
1056     memory_region_init_alias(&mpu->id_iomem_e18, NULL, "omap-id-e18", &mpu->id_iomem,
1057                              0xfffe1800, 0x800);
1058     memory_region_add_subregion(memory, 0xfffe1800, &mpu->id_iomem_e18);
1059     memory_region_init_alias(&mpu->id_iomem_ed4, NULL, "omap-id-ed4", &mpu->id_iomem,
1060                              0xfffed400, 0x100);
1061     memory_region_add_subregion(memory, 0xfffed400, &mpu->id_iomem_ed4);
1062     if (!cpu_is_omap15xx(mpu)) {
1063         memory_region_init_alias(&mpu->id_iomem_ed4, NULL, "omap-id-e20",
1064                                  &mpu->id_iomem, 0xfffe2000, 0x800);
1065         memory_region_add_subregion(memory, 0xfffe2000, &mpu->id_iomem_e20);
1066     }
1067 }
1068 
1069 /* MPUI Control (Dummy) */
1070 static uint64_t omap_mpui_read(void *opaque, hwaddr addr,
1071                                unsigned size)
1072 {
1073     struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
1074 
1075     if (size != 4) {
1076         return omap_badwidth_read32(opaque, addr);
1077     }
1078 
1079     switch (addr) {
1080     case 0x00:	/* CTRL */
1081         return s->mpui_ctrl;
1082     case 0x04:	/* DEBUG_ADDR */
1083         return 0x01ffffff;
1084     case 0x08:	/* DEBUG_DATA */
1085         return 0xffffffff;
1086     case 0x0c:	/* DEBUG_FLAG */
1087         return 0x00000800;
1088     case 0x10:	/* STATUS */
1089         return 0x00000000;
1090 
1091     /* Not in OMAP310 */
1092     case 0x14:	/* DSP_STATUS */
1093     case 0x18:	/* DSP_BOOT_CONFIG */
1094         return 0x00000000;
1095     case 0x1c:	/* DSP_MPUI_CONFIG */
1096         return 0x0000ffff;
1097     }
1098 
1099     OMAP_BAD_REG(addr);
1100     return 0;
1101 }
1102 
1103 static void omap_mpui_write(void *opaque, hwaddr addr,
1104                             uint64_t value, unsigned size)
1105 {
1106     struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
1107 
1108     if (size != 4) {
1109         omap_badwidth_write32(opaque, addr, value);
1110         return;
1111     }
1112 
1113     switch (addr) {
1114     case 0x00:	/* CTRL */
1115         s->mpui_ctrl = value & 0x007fffff;
1116         break;
1117 
1118     case 0x04:	/* DEBUG_ADDR */
1119     case 0x08:	/* DEBUG_DATA */
1120     case 0x0c:	/* DEBUG_FLAG */
1121     case 0x10:	/* STATUS */
1122     /* Not in OMAP310 */
1123     case 0x14:	/* DSP_STATUS */
1124         OMAP_RO_REG(addr);
1125         break;
1126     case 0x18:	/* DSP_BOOT_CONFIG */
1127     case 0x1c:	/* DSP_MPUI_CONFIG */
1128         break;
1129 
1130     default:
1131         OMAP_BAD_REG(addr);
1132     }
1133 }
1134 
1135 static const MemoryRegionOps omap_mpui_ops = {
1136     .read = omap_mpui_read,
1137     .write = omap_mpui_write,
1138     .endianness = DEVICE_NATIVE_ENDIAN,
1139 };
1140 
1141 static void omap_mpui_reset(struct omap_mpu_state_s *s)
1142 {
1143     s->mpui_ctrl = 0x0003ff1b;
1144 }
1145 
1146 static void omap_mpui_init(MemoryRegion *memory, hwaddr base,
1147                 struct omap_mpu_state_s *mpu)
1148 {
1149     memory_region_init_io(&mpu->mpui_iomem, NULL, &omap_mpui_ops, mpu,
1150                           "omap-mpui", 0x100);
1151     memory_region_add_subregion(memory, base, &mpu->mpui_iomem);
1152 
1153     omap_mpui_reset(mpu);
1154 }
1155 
1156 /* TIPB Bridges */
1157 struct omap_tipb_bridge_s {
1158     qemu_irq abort;
1159     MemoryRegion iomem;
1160 
1161     int width_intr;
1162     uint16_t control;
1163     uint16_t alloc;
1164     uint16_t buffer;
1165     uint16_t enh_control;
1166 };
1167 
1168 static uint64_t omap_tipb_bridge_read(void *opaque, hwaddr addr,
1169                                       unsigned size)
1170 {
1171     struct omap_tipb_bridge_s *s = (struct omap_tipb_bridge_s *) opaque;
1172 
1173     if (size < 2) {
1174         return omap_badwidth_read16(opaque, addr);
1175     }
1176 
1177     switch (addr) {
1178     case 0x00:	/* TIPB_CNTL */
1179         return s->control;
1180     case 0x04:	/* TIPB_BUS_ALLOC */
1181         return s->alloc;
1182     case 0x08:	/* MPU_TIPB_CNTL */
1183         return s->buffer;
1184     case 0x0c:	/* ENHANCED_TIPB_CNTL */
1185         return s->enh_control;
1186     case 0x10:	/* ADDRESS_DBG */
1187     case 0x14:	/* DATA_DEBUG_LOW */
1188     case 0x18:	/* DATA_DEBUG_HIGH */
1189         return 0xffff;
1190     case 0x1c:	/* DEBUG_CNTR_SIG */
1191         return 0x00f8;
1192     }
1193 
1194     OMAP_BAD_REG(addr);
1195     return 0;
1196 }
1197 
1198 static void omap_tipb_bridge_write(void *opaque, hwaddr addr,
1199                                    uint64_t value, unsigned size)
1200 {
1201     struct omap_tipb_bridge_s *s = (struct omap_tipb_bridge_s *) opaque;
1202 
1203     if (size < 2) {
1204         omap_badwidth_write16(opaque, addr, value);
1205         return;
1206     }
1207 
1208     switch (addr) {
1209     case 0x00:	/* TIPB_CNTL */
1210         s->control = value & 0xffff;
1211         break;
1212 
1213     case 0x04:	/* TIPB_BUS_ALLOC */
1214         s->alloc = value & 0x003f;
1215         break;
1216 
1217     case 0x08:	/* MPU_TIPB_CNTL */
1218         s->buffer = value & 0x0003;
1219         break;
1220 
1221     case 0x0c:	/* ENHANCED_TIPB_CNTL */
1222         s->width_intr = !(value & 2);
1223         s->enh_control = value & 0x000f;
1224         break;
1225 
1226     case 0x10:	/* ADDRESS_DBG */
1227     case 0x14:	/* DATA_DEBUG_LOW */
1228     case 0x18:	/* DATA_DEBUG_HIGH */
1229     case 0x1c:	/* DEBUG_CNTR_SIG */
1230         OMAP_RO_REG(addr);
1231         break;
1232 
1233     default:
1234         OMAP_BAD_REG(addr);
1235     }
1236 }
1237 
1238 static const MemoryRegionOps omap_tipb_bridge_ops = {
1239     .read = omap_tipb_bridge_read,
1240     .write = omap_tipb_bridge_write,
1241     .endianness = DEVICE_NATIVE_ENDIAN,
1242 };
1243 
1244 static void omap_tipb_bridge_reset(struct omap_tipb_bridge_s *s)
1245 {
1246     s->control = 0xffff;
1247     s->alloc = 0x0009;
1248     s->buffer = 0x0000;
1249     s->enh_control = 0x000f;
1250 }
1251 
1252 static struct omap_tipb_bridge_s *omap_tipb_bridge_init(
1253     MemoryRegion *memory, hwaddr base,
1254     qemu_irq abort_irq, omap_clk clk)
1255 {
1256     struct omap_tipb_bridge_s *s = g_new0(struct omap_tipb_bridge_s, 1);
1257 
1258     s->abort = abort_irq;
1259     omap_tipb_bridge_reset(s);
1260 
1261     memory_region_init_io(&s->iomem, NULL, &omap_tipb_bridge_ops, s,
1262                           "omap-tipb-bridge", 0x100);
1263     memory_region_add_subregion(memory, base, &s->iomem);
1264 
1265     return s;
1266 }
1267 
1268 /* Dummy Traffic Controller's Memory Interface */
1269 static uint64_t omap_tcmi_read(void *opaque, hwaddr addr,
1270                                unsigned size)
1271 {
1272     struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
1273     uint32_t ret;
1274 
1275     if (size != 4) {
1276         return omap_badwidth_read32(opaque, addr);
1277     }
1278 
1279     switch (addr) {
1280     case 0x00:	/* IMIF_PRIO */
1281     case 0x04:	/* EMIFS_PRIO */
1282     case 0x08:	/* EMIFF_PRIO */
1283     case 0x0c:	/* EMIFS_CONFIG */
1284     case 0x10:	/* EMIFS_CS0_CONFIG */
1285     case 0x14:	/* EMIFS_CS1_CONFIG */
1286     case 0x18:	/* EMIFS_CS2_CONFIG */
1287     case 0x1c:	/* EMIFS_CS3_CONFIG */
1288     case 0x24:	/* EMIFF_MRS */
1289     case 0x28:	/* TIMEOUT1 */
1290     case 0x2c:	/* TIMEOUT2 */
1291     case 0x30:	/* TIMEOUT3 */
1292     case 0x3c:	/* EMIFF_SDRAM_CONFIG_2 */
1293     case 0x40:	/* EMIFS_CFG_DYN_WAIT */
1294         return s->tcmi_regs[addr >> 2];
1295 
1296     case 0x20:	/* EMIFF_SDRAM_CONFIG */
1297         ret = s->tcmi_regs[addr >> 2];
1298         s->tcmi_regs[addr >> 2] &= ~1; /* XXX: Clear SLRF on SDRAM access */
1299         /* XXX: We can try using the VGA_DIRTY flag for this */
1300         return ret;
1301     }
1302 
1303     OMAP_BAD_REG(addr);
1304     return 0;
1305 }
1306 
1307 static void omap_tcmi_write(void *opaque, hwaddr addr,
1308                             uint64_t value, unsigned size)
1309 {
1310     struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
1311 
1312     if (size != 4) {
1313         omap_badwidth_write32(opaque, addr, value);
1314         return;
1315     }
1316 
1317     switch (addr) {
1318     case 0x00:	/* IMIF_PRIO */
1319     case 0x04:	/* EMIFS_PRIO */
1320     case 0x08:	/* EMIFF_PRIO */
1321     case 0x10:	/* EMIFS_CS0_CONFIG */
1322     case 0x14:	/* EMIFS_CS1_CONFIG */
1323     case 0x18:	/* EMIFS_CS2_CONFIG */
1324     case 0x1c:	/* EMIFS_CS3_CONFIG */
1325     case 0x20:	/* EMIFF_SDRAM_CONFIG */
1326     case 0x24:	/* EMIFF_MRS */
1327     case 0x28:	/* TIMEOUT1 */
1328     case 0x2c:	/* TIMEOUT2 */
1329     case 0x30:	/* TIMEOUT3 */
1330     case 0x3c:	/* EMIFF_SDRAM_CONFIG_2 */
1331     case 0x40:	/* EMIFS_CFG_DYN_WAIT */
1332         s->tcmi_regs[addr >> 2] = value;
1333         break;
1334     case 0x0c:	/* EMIFS_CONFIG */
1335         s->tcmi_regs[addr >> 2] = (value & 0xf) | (1 << 4);
1336         break;
1337 
1338     default:
1339         OMAP_BAD_REG(addr);
1340     }
1341 }
1342 
1343 static const MemoryRegionOps omap_tcmi_ops = {
1344     .read = omap_tcmi_read,
1345     .write = omap_tcmi_write,
1346     .endianness = DEVICE_NATIVE_ENDIAN,
1347 };
1348 
1349 static void omap_tcmi_reset(struct omap_mpu_state_s *mpu)
1350 {
1351     mpu->tcmi_regs[0x00 >> 2] = 0x00000000;
1352     mpu->tcmi_regs[0x04 >> 2] = 0x00000000;
1353     mpu->tcmi_regs[0x08 >> 2] = 0x00000000;
1354     mpu->tcmi_regs[0x0c >> 2] = 0x00000010;
1355     mpu->tcmi_regs[0x10 >> 2] = 0x0010fffb;
1356     mpu->tcmi_regs[0x14 >> 2] = 0x0010fffb;
1357     mpu->tcmi_regs[0x18 >> 2] = 0x0010fffb;
1358     mpu->tcmi_regs[0x1c >> 2] = 0x0010fffb;
1359     mpu->tcmi_regs[0x20 >> 2] = 0x00618800;
1360     mpu->tcmi_regs[0x24 >> 2] = 0x00000037;
1361     mpu->tcmi_regs[0x28 >> 2] = 0x00000000;
1362     mpu->tcmi_regs[0x2c >> 2] = 0x00000000;
1363     mpu->tcmi_regs[0x30 >> 2] = 0x00000000;
1364     mpu->tcmi_regs[0x3c >> 2] = 0x00000003;
1365     mpu->tcmi_regs[0x40 >> 2] = 0x00000000;
1366 }
1367 
1368 static void omap_tcmi_init(MemoryRegion *memory, hwaddr base,
1369                 struct omap_mpu_state_s *mpu)
1370 {
1371     memory_region_init_io(&mpu->tcmi_iomem, NULL, &omap_tcmi_ops, mpu,
1372                           "omap-tcmi", 0x100);
1373     memory_region_add_subregion(memory, base, &mpu->tcmi_iomem);
1374     omap_tcmi_reset(mpu);
1375 }
1376 
1377 /* Digital phase-locked loops control */
1378 struct dpll_ctl_s {
1379     MemoryRegion iomem;
1380     uint16_t mode;
1381     omap_clk dpll;
1382 };
1383 
1384 static uint64_t omap_dpll_read(void *opaque, hwaddr addr,
1385                                unsigned size)
1386 {
1387     struct dpll_ctl_s *s = (struct dpll_ctl_s *) opaque;
1388 
1389     if (size != 2) {
1390         return omap_badwidth_read16(opaque, addr);
1391     }
1392 
1393     if (addr == 0x00)	/* CTL_REG */
1394         return s->mode;
1395 
1396     OMAP_BAD_REG(addr);
1397     return 0;
1398 }
1399 
1400 static void omap_dpll_write(void *opaque, hwaddr addr,
1401                             uint64_t value, unsigned size)
1402 {
1403     struct dpll_ctl_s *s = (struct dpll_ctl_s *) opaque;
1404     uint16_t diff;
1405     static const int bypass_div[4] = { 1, 2, 4, 4 };
1406     int div, mult;
1407 
1408     if (size != 2) {
1409         omap_badwidth_write16(opaque, addr, value);
1410         return;
1411     }
1412 
1413     if (addr == 0x00) {	/* CTL_REG */
1414         /* See omap_ulpd_pm_write() too */
1415         diff = s->mode & value;
1416         s->mode = value & 0x2fff;
1417         if (diff & (0x3ff << 2)) {
1418             if (value & (1 << 4)) {			/* PLL_ENABLE */
1419                 div = ((value >> 5) & 3) + 1;		/* PLL_DIV */
1420                 mult = MIN((value >> 7) & 0x1f, 1);	/* PLL_MULT */
1421             } else {
1422                 div = bypass_div[((value >> 2) & 3)];	/* BYPASS_DIV */
1423                 mult = 1;
1424             }
1425             omap_clk_setrate(s->dpll, div, mult);
1426         }
1427 
1428         /* Enter the desired mode.  */
1429         s->mode = (s->mode & 0xfffe) | ((s->mode >> 4) & 1);
1430 
1431         /* Act as if the lock is restored.  */
1432         s->mode |= 2;
1433     } else {
1434         OMAP_BAD_REG(addr);
1435     }
1436 }
1437 
1438 static const MemoryRegionOps omap_dpll_ops = {
1439     .read = omap_dpll_read,
1440     .write = omap_dpll_write,
1441     .endianness = DEVICE_NATIVE_ENDIAN,
1442 };
1443 
1444 static void omap_dpll_reset(struct dpll_ctl_s *s)
1445 {
1446     s->mode = 0x2002;
1447     omap_clk_setrate(s->dpll, 1, 1);
1448 }
1449 
1450 static struct dpll_ctl_s  *omap_dpll_init(MemoryRegion *memory,
1451                            hwaddr base, omap_clk clk)
1452 {
1453     struct dpll_ctl_s *s = g_malloc0(sizeof(*s));
1454     memory_region_init_io(&s->iomem, NULL, &omap_dpll_ops, s, "omap-dpll", 0x100);
1455 
1456     s->dpll = clk;
1457     omap_dpll_reset(s);
1458 
1459     memory_region_add_subregion(memory, base, &s->iomem);
1460     return s;
1461 }
1462 
1463 /* MPU Clock/Reset/Power Mode Control */
1464 static uint64_t omap_clkm_read(void *opaque, hwaddr addr,
1465                                unsigned size)
1466 {
1467     struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
1468 
1469     if (size != 2) {
1470         return omap_badwidth_read16(opaque, addr);
1471     }
1472 
1473     switch (addr) {
1474     case 0x00:	/* ARM_CKCTL */
1475         return s->clkm.arm_ckctl;
1476 
1477     case 0x04:	/* ARM_IDLECT1 */
1478         return s->clkm.arm_idlect1;
1479 
1480     case 0x08:	/* ARM_IDLECT2 */
1481         return s->clkm.arm_idlect2;
1482 
1483     case 0x0c:	/* ARM_EWUPCT */
1484         return s->clkm.arm_ewupct;
1485 
1486     case 0x10:	/* ARM_RSTCT1 */
1487         return s->clkm.arm_rstct1;
1488 
1489     case 0x14:	/* ARM_RSTCT2 */
1490         return s->clkm.arm_rstct2;
1491 
1492     case 0x18:	/* ARM_SYSST */
1493         return (s->clkm.clocking_scheme << 11) | s->clkm.cold_start;
1494 
1495     case 0x1c:	/* ARM_CKOUT1 */
1496         return s->clkm.arm_ckout1;
1497 
1498     case 0x20:	/* ARM_CKOUT2 */
1499         break;
1500     }
1501 
1502     OMAP_BAD_REG(addr);
1503     return 0;
1504 }
1505 
1506 static inline void omap_clkm_ckctl_update(struct omap_mpu_state_s *s,
1507                 uint16_t diff, uint16_t value)
1508 {
1509     omap_clk clk;
1510 
1511     if (diff & (1 << 14)) {				/* ARM_INTHCK_SEL */
1512         if (value & (1 << 14))
1513             /* Reserved */;
1514         else {
1515             clk = omap_findclk(s, "arminth_ck");
1516             omap_clk_reparent(clk, omap_findclk(s, "tc_ck"));
1517         }
1518     }
1519     if (diff & (1 << 12)) {				/* ARM_TIMXO */
1520         clk = omap_findclk(s, "armtim_ck");
1521         if (value & (1 << 12))
1522             omap_clk_reparent(clk, omap_findclk(s, "clkin"));
1523         else
1524             omap_clk_reparent(clk, omap_findclk(s, "ck_gen1"));
1525     }
1526     /* XXX: en_dspck */
1527     if (diff & (3 << 10)) {				/* DSPMMUDIV */
1528         clk = omap_findclk(s, "dspmmu_ck");
1529         omap_clk_setrate(clk, 1 << ((value >> 10) & 3), 1);
1530     }
1531     if (diff & (3 << 8)) {				/* TCDIV */
1532         clk = omap_findclk(s, "tc_ck");
1533         omap_clk_setrate(clk, 1 << ((value >> 8) & 3), 1);
1534     }
1535     if (diff & (3 << 6)) {				/* DSPDIV */
1536         clk = omap_findclk(s, "dsp_ck");
1537         omap_clk_setrate(clk, 1 << ((value >> 6) & 3), 1);
1538     }
1539     if (diff & (3 << 4)) {				/* ARMDIV */
1540         clk = omap_findclk(s, "arm_ck");
1541         omap_clk_setrate(clk, 1 << ((value >> 4) & 3), 1);
1542     }
1543     if (diff & (3 << 2)) {				/* LCDDIV */
1544         clk = omap_findclk(s, "lcd_ck");
1545         omap_clk_setrate(clk, 1 << ((value >> 2) & 3), 1);
1546     }
1547     if (diff & (3 << 0)) {				/* PERDIV */
1548         clk = omap_findclk(s, "armper_ck");
1549         omap_clk_setrate(clk, 1 << ((value >> 0) & 3), 1);
1550     }
1551 }
1552 
1553 static inline void omap_clkm_idlect1_update(struct omap_mpu_state_s *s,
1554                 uint16_t diff, uint16_t value)
1555 {
1556     omap_clk clk;
1557 
1558     if (value & (1 << 11)) {                            /* SETARM_IDLE */
1559         cpu_interrupt(CPU(s->cpu), CPU_INTERRUPT_HALT);
1560     }
1561     if (!(value & (1 << 10))) {                         /* WKUP_MODE */
1562         /* XXX: disable wakeup from IRQ */
1563         qemu_system_shutdown_request(SHUTDOWN_CAUSE_GUEST_SHUTDOWN);
1564     }
1565 
1566 #define SET_CANIDLE(clock, bit)				\
1567     if (diff & (1 << bit)) {				\
1568         clk = omap_findclk(s, clock);			\
1569         omap_clk_canidle(clk, (value >> bit) & 1);	\
1570     }
1571     SET_CANIDLE("mpuwd_ck", 0)				/* IDLWDT_ARM */
1572     SET_CANIDLE("armxor_ck", 1)				/* IDLXORP_ARM */
1573     SET_CANIDLE("mpuper_ck", 2)				/* IDLPER_ARM */
1574     SET_CANIDLE("lcd_ck", 3)				/* IDLLCD_ARM */
1575     SET_CANIDLE("lb_ck", 4)				/* IDLLB_ARM */
1576     SET_CANIDLE("hsab_ck", 5)				/* IDLHSAB_ARM */
1577     SET_CANIDLE("tipb_ck", 6)				/* IDLIF_ARM */
1578     SET_CANIDLE("dma_ck", 6)				/* IDLIF_ARM */
1579     SET_CANIDLE("tc_ck", 6)				/* IDLIF_ARM */
1580     SET_CANIDLE("dpll1", 7)				/* IDLDPLL_ARM */
1581     SET_CANIDLE("dpll2", 7)				/* IDLDPLL_ARM */
1582     SET_CANIDLE("dpll3", 7)				/* IDLDPLL_ARM */
1583     SET_CANIDLE("mpui_ck", 8)				/* IDLAPI_ARM */
1584     SET_CANIDLE("armtim_ck", 9)				/* IDLTIM_ARM */
1585 }
1586 
1587 static inline void omap_clkm_idlect2_update(struct omap_mpu_state_s *s,
1588                 uint16_t diff, uint16_t value)
1589 {
1590     omap_clk clk;
1591 
1592 #define SET_ONOFF(clock, bit)				\
1593     if (diff & (1 << bit)) {				\
1594         clk = omap_findclk(s, clock);			\
1595         omap_clk_onoff(clk, (value >> bit) & 1);	\
1596     }
1597     SET_ONOFF("mpuwd_ck", 0)				/* EN_WDTCK */
1598     SET_ONOFF("armxor_ck", 1)				/* EN_XORPCK */
1599     SET_ONOFF("mpuper_ck", 2)				/* EN_PERCK */
1600     SET_ONOFF("lcd_ck", 3)				/* EN_LCDCK */
1601     SET_ONOFF("lb_ck", 4)				/* EN_LBCK */
1602     SET_ONOFF("hsab_ck", 5)				/* EN_HSABCK */
1603     SET_ONOFF("mpui_ck", 6)				/* EN_APICK */
1604     SET_ONOFF("armtim_ck", 7)				/* EN_TIMCK */
1605     SET_CANIDLE("dma_ck", 8)				/* DMACK_REQ */
1606     SET_ONOFF("arm_gpio_ck", 9)				/* EN_GPIOCK */
1607     SET_ONOFF("lbfree_ck", 10)				/* EN_LBFREECK */
1608 }
1609 
1610 static inline void omap_clkm_ckout1_update(struct omap_mpu_state_s *s,
1611                 uint16_t diff, uint16_t value)
1612 {
1613     omap_clk clk;
1614 
1615     if (diff & (3 << 4)) {				/* TCLKOUT */
1616         clk = omap_findclk(s, "tclk_out");
1617         switch ((value >> 4) & 3) {
1618         case 1:
1619             omap_clk_reparent(clk, omap_findclk(s, "ck_gen3"));
1620             omap_clk_onoff(clk, 1);
1621             break;
1622         case 2:
1623             omap_clk_reparent(clk, omap_findclk(s, "tc_ck"));
1624             omap_clk_onoff(clk, 1);
1625             break;
1626         default:
1627             omap_clk_onoff(clk, 0);
1628         }
1629     }
1630     if (diff & (3 << 2)) {				/* DCLKOUT */
1631         clk = omap_findclk(s, "dclk_out");
1632         switch ((value >> 2) & 3) {
1633         case 0:
1634             omap_clk_reparent(clk, omap_findclk(s, "dspmmu_ck"));
1635             break;
1636         case 1:
1637             omap_clk_reparent(clk, omap_findclk(s, "ck_gen2"));
1638             break;
1639         case 2:
1640             omap_clk_reparent(clk, omap_findclk(s, "dsp_ck"));
1641             break;
1642         case 3:
1643             omap_clk_reparent(clk, omap_findclk(s, "ck_ref14"));
1644             break;
1645         }
1646     }
1647     if (diff & (3 << 0)) {				/* ACLKOUT */
1648         clk = omap_findclk(s, "aclk_out");
1649         switch ((value >> 0) & 3) {
1650         case 1:
1651             omap_clk_reparent(clk, omap_findclk(s, "ck_gen1"));
1652             omap_clk_onoff(clk, 1);
1653             break;
1654         case 2:
1655             omap_clk_reparent(clk, omap_findclk(s, "arm_ck"));
1656             omap_clk_onoff(clk, 1);
1657             break;
1658         case 3:
1659             omap_clk_reparent(clk, omap_findclk(s, "ck_ref14"));
1660             omap_clk_onoff(clk, 1);
1661             break;
1662         default:
1663             omap_clk_onoff(clk, 0);
1664         }
1665     }
1666 }
1667 
1668 static void omap_clkm_write(void *opaque, hwaddr addr,
1669                             uint64_t value, unsigned size)
1670 {
1671     struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
1672     uint16_t diff;
1673     omap_clk clk;
1674     static const char *clkschemename[8] = {
1675         "fully synchronous", "fully asynchronous", "synchronous scalable",
1676         "mix mode 1", "mix mode 2", "bypass mode", "mix mode 3", "mix mode 4",
1677     };
1678 
1679     if (size != 2) {
1680         omap_badwidth_write16(opaque, addr, value);
1681         return;
1682     }
1683 
1684     switch (addr) {
1685     case 0x00:	/* ARM_CKCTL */
1686         diff = s->clkm.arm_ckctl ^ value;
1687         s->clkm.arm_ckctl = value & 0x7fff;
1688         omap_clkm_ckctl_update(s, diff, value);
1689         return;
1690 
1691     case 0x04:	/* ARM_IDLECT1 */
1692         diff = s->clkm.arm_idlect1 ^ value;
1693         s->clkm.arm_idlect1 = value & 0x0fff;
1694         omap_clkm_idlect1_update(s, diff, value);
1695         return;
1696 
1697     case 0x08:	/* ARM_IDLECT2 */
1698         diff = s->clkm.arm_idlect2 ^ value;
1699         s->clkm.arm_idlect2 = value & 0x07ff;
1700         omap_clkm_idlect2_update(s, diff, value);
1701         return;
1702 
1703     case 0x0c:	/* ARM_EWUPCT */
1704         s->clkm.arm_ewupct = value & 0x003f;
1705         return;
1706 
1707     case 0x10:	/* ARM_RSTCT1 */
1708         diff = s->clkm.arm_rstct1 ^ value;
1709         s->clkm.arm_rstct1 = value & 0x0007;
1710         if (value & 9) {
1711             qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET);
1712             s->clkm.cold_start = 0xa;
1713         }
1714         if (diff & ~value & 4) {				/* DSP_RST */
1715             omap_mpui_reset(s);
1716             omap_tipb_bridge_reset(s->private_tipb);
1717             omap_tipb_bridge_reset(s->public_tipb);
1718         }
1719         if (diff & 2) {						/* DSP_EN */
1720             clk = omap_findclk(s, "dsp_ck");
1721             omap_clk_canidle(clk, (~value >> 1) & 1);
1722         }
1723         return;
1724 
1725     case 0x14:	/* ARM_RSTCT2 */
1726         s->clkm.arm_rstct2 = value & 0x0001;
1727         return;
1728 
1729     case 0x18:	/* ARM_SYSST */
1730         if ((s->clkm.clocking_scheme ^ (value >> 11)) & 7) {
1731             s->clkm.clocking_scheme = (value >> 11) & 7;
1732             printf("%s: clocking scheme set to %s\n", __func__,
1733                    clkschemename[s->clkm.clocking_scheme]);
1734         }
1735         s->clkm.cold_start &= value & 0x3f;
1736         return;
1737 
1738     case 0x1c:	/* ARM_CKOUT1 */
1739         diff = s->clkm.arm_ckout1 ^ value;
1740         s->clkm.arm_ckout1 = value & 0x003f;
1741         omap_clkm_ckout1_update(s, diff, value);
1742         return;
1743 
1744     case 0x20:	/* ARM_CKOUT2 */
1745     default:
1746         OMAP_BAD_REG(addr);
1747     }
1748 }
1749 
1750 static const MemoryRegionOps omap_clkm_ops = {
1751     .read = omap_clkm_read,
1752     .write = omap_clkm_write,
1753     .endianness = DEVICE_NATIVE_ENDIAN,
1754 };
1755 
1756 static uint64_t omap_clkdsp_read(void *opaque, hwaddr addr,
1757                                  unsigned size)
1758 {
1759     struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
1760     CPUState *cpu = CPU(s->cpu);
1761 
1762     if (size != 2) {
1763         return omap_badwidth_read16(opaque, addr);
1764     }
1765 
1766     switch (addr) {
1767     case 0x04:	/* DSP_IDLECT1 */
1768         return s->clkm.dsp_idlect1;
1769 
1770     case 0x08:	/* DSP_IDLECT2 */
1771         return s->clkm.dsp_idlect2;
1772 
1773     case 0x14:	/* DSP_RSTCT2 */
1774         return s->clkm.dsp_rstct2;
1775 
1776     case 0x18:	/* DSP_SYSST */
1777         cpu = CPU(s->cpu);
1778         return (s->clkm.clocking_scheme << 11) | s->clkm.cold_start |
1779                 (cpu->halted << 6);      /* Quite useless... */
1780     }
1781 
1782     OMAP_BAD_REG(addr);
1783     return 0;
1784 }
1785 
1786 static inline void omap_clkdsp_idlect1_update(struct omap_mpu_state_s *s,
1787                 uint16_t diff, uint16_t value)
1788 {
1789     omap_clk clk;
1790 
1791     SET_CANIDLE("dspxor_ck", 1);			/* IDLXORP_DSP */
1792 }
1793 
1794 static inline void omap_clkdsp_idlect2_update(struct omap_mpu_state_s *s,
1795                 uint16_t diff, uint16_t value)
1796 {
1797     omap_clk clk;
1798 
1799     SET_ONOFF("dspxor_ck", 1);				/* EN_XORPCK */
1800 }
1801 
1802 static void omap_clkdsp_write(void *opaque, hwaddr addr,
1803                               uint64_t value, unsigned size)
1804 {
1805     struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
1806     uint16_t diff;
1807 
1808     if (size != 2) {
1809         omap_badwidth_write16(opaque, addr, value);
1810         return;
1811     }
1812 
1813     switch (addr) {
1814     case 0x04:	/* DSP_IDLECT1 */
1815         diff = s->clkm.dsp_idlect1 ^ value;
1816         s->clkm.dsp_idlect1 = value & 0x01f7;
1817         omap_clkdsp_idlect1_update(s, diff, value);
1818         break;
1819 
1820     case 0x08:	/* DSP_IDLECT2 */
1821         s->clkm.dsp_idlect2 = value & 0x0037;
1822         diff = s->clkm.dsp_idlect1 ^ value;
1823         omap_clkdsp_idlect2_update(s, diff, value);
1824         break;
1825 
1826     case 0x14:	/* DSP_RSTCT2 */
1827         s->clkm.dsp_rstct2 = value & 0x0001;
1828         break;
1829 
1830     case 0x18:	/* DSP_SYSST */
1831         s->clkm.cold_start &= value & 0x3f;
1832         break;
1833 
1834     default:
1835         OMAP_BAD_REG(addr);
1836     }
1837 }
1838 
1839 static const MemoryRegionOps omap_clkdsp_ops = {
1840     .read = omap_clkdsp_read,
1841     .write = omap_clkdsp_write,
1842     .endianness = DEVICE_NATIVE_ENDIAN,
1843 };
1844 
1845 static void omap_clkm_reset(struct omap_mpu_state_s *s)
1846 {
1847     if (s->wdt && s->wdt->reset)
1848         s->clkm.cold_start = 0x6;
1849     s->clkm.clocking_scheme = 0;
1850     omap_clkm_ckctl_update(s, ~0, 0x3000);
1851     s->clkm.arm_ckctl = 0x3000;
1852     omap_clkm_idlect1_update(s, s->clkm.arm_idlect1 ^ 0x0400, 0x0400);
1853     s->clkm.arm_idlect1 = 0x0400;
1854     omap_clkm_idlect2_update(s, s->clkm.arm_idlect2 ^ 0x0100, 0x0100);
1855     s->clkm.arm_idlect2 = 0x0100;
1856     s->clkm.arm_ewupct = 0x003f;
1857     s->clkm.arm_rstct1 = 0x0000;
1858     s->clkm.arm_rstct2 = 0x0000;
1859     s->clkm.arm_ckout1 = 0x0015;
1860     s->clkm.dpll1_mode = 0x2002;
1861     omap_clkdsp_idlect1_update(s, s->clkm.dsp_idlect1 ^ 0x0040, 0x0040);
1862     s->clkm.dsp_idlect1 = 0x0040;
1863     omap_clkdsp_idlect2_update(s, ~0, 0x0000);
1864     s->clkm.dsp_idlect2 = 0x0000;
1865     s->clkm.dsp_rstct2 = 0x0000;
1866 }
1867 
1868 static void omap_clkm_init(MemoryRegion *memory, hwaddr mpu_base,
1869                 hwaddr dsp_base, struct omap_mpu_state_s *s)
1870 {
1871     memory_region_init_io(&s->clkm_iomem, NULL, &omap_clkm_ops, s,
1872                           "omap-clkm", 0x100);
1873     memory_region_init_io(&s->clkdsp_iomem, NULL, &omap_clkdsp_ops, s,
1874                           "omap-clkdsp", 0x1000);
1875 
1876     s->clkm.arm_idlect1 = 0x03ff;
1877     s->clkm.arm_idlect2 = 0x0100;
1878     s->clkm.dsp_idlect1 = 0x0002;
1879     omap_clkm_reset(s);
1880     s->clkm.cold_start = 0x3a;
1881 
1882     memory_region_add_subregion(memory, mpu_base, &s->clkm_iomem);
1883     memory_region_add_subregion(memory, dsp_base, &s->clkdsp_iomem);
1884 }
1885 
1886 /* MPU I/O */
1887 struct omap_mpuio_s {
1888     qemu_irq irq;
1889     qemu_irq kbd_irq;
1890     qemu_irq *in;
1891     qemu_irq handler[16];
1892     qemu_irq wakeup;
1893     MemoryRegion iomem;
1894 
1895     uint16_t inputs;
1896     uint16_t outputs;
1897     uint16_t dir;
1898     uint16_t edge;
1899     uint16_t mask;
1900     uint16_t ints;
1901 
1902     uint16_t debounce;
1903     uint16_t latch;
1904     uint8_t event;
1905 
1906     uint8_t buttons[5];
1907     uint8_t row_latch;
1908     uint8_t cols;
1909     int kbd_mask;
1910     int clk;
1911 };
1912 
1913 static void omap_mpuio_set(void *opaque, int line, int level)
1914 {
1915     struct omap_mpuio_s *s = (struct omap_mpuio_s *) opaque;
1916     uint16_t prev = s->inputs;
1917 
1918     if (level)
1919         s->inputs |= 1 << line;
1920     else
1921         s->inputs &= ~(1 << line);
1922 
1923     if (((1 << line) & s->dir & ~s->mask) && s->clk) {
1924         if ((s->edge & s->inputs & ~prev) | (~s->edge & ~s->inputs & prev)) {
1925             s->ints |= 1 << line;
1926             qemu_irq_raise(s->irq);
1927             /* TODO: wakeup */
1928         }
1929         if ((s->event & (1 << 0)) &&		/* SET_GPIO_EVENT_MODE */
1930                 (s->event >> 1) == line)	/* PIN_SELECT */
1931             s->latch = s->inputs;
1932     }
1933 }
1934 
1935 static void omap_mpuio_kbd_update(struct omap_mpuio_s *s)
1936 {
1937     int i;
1938     uint8_t *row, rows = 0, cols = ~s->cols;
1939 
1940     for (row = s->buttons + 4, i = 1 << 4; i; row --, i >>= 1)
1941         if (*row & cols)
1942             rows |= i;
1943 
1944     qemu_set_irq(s->kbd_irq, rows && !s->kbd_mask && s->clk);
1945     s->row_latch = ~rows;
1946 }
1947 
1948 static uint64_t omap_mpuio_read(void *opaque, hwaddr addr,
1949                                 unsigned size)
1950 {
1951     struct omap_mpuio_s *s = (struct omap_mpuio_s *) opaque;
1952     int offset = addr & OMAP_MPUI_REG_MASK;
1953     uint16_t ret;
1954 
1955     if (size != 2) {
1956         return omap_badwidth_read16(opaque, addr);
1957     }
1958 
1959     switch (offset) {
1960     case 0x00:	/* INPUT_LATCH */
1961         return s->inputs;
1962 
1963     case 0x04:	/* OUTPUT_REG */
1964         return s->outputs;
1965 
1966     case 0x08:	/* IO_CNTL */
1967         return s->dir;
1968 
1969     case 0x10:	/* KBR_LATCH */
1970         return s->row_latch;
1971 
1972     case 0x14:	/* KBC_REG */
1973         return s->cols;
1974 
1975     case 0x18:	/* GPIO_EVENT_MODE_REG */
1976         return s->event;
1977 
1978     case 0x1c:	/* GPIO_INT_EDGE_REG */
1979         return s->edge;
1980 
1981     case 0x20:	/* KBD_INT */
1982         return (~s->row_latch & 0x1f) && !s->kbd_mask;
1983 
1984     case 0x24:	/* GPIO_INT */
1985         ret = s->ints;
1986         s->ints &= s->mask;
1987         if (ret)
1988             qemu_irq_lower(s->irq);
1989         return ret;
1990 
1991     case 0x28:	/* KBD_MASKIT */
1992         return s->kbd_mask;
1993 
1994     case 0x2c:	/* GPIO_MASKIT */
1995         return s->mask;
1996 
1997     case 0x30:	/* GPIO_DEBOUNCING_REG */
1998         return s->debounce;
1999 
2000     case 0x34:	/* GPIO_LATCH_REG */
2001         return s->latch;
2002     }
2003 
2004     OMAP_BAD_REG(addr);
2005     return 0;
2006 }
2007 
2008 static void omap_mpuio_write(void *opaque, hwaddr addr,
2009                              uint64_t value, unsigned size)
2010 {
2011     struct omap_mpuio_s *s = (struct omap_mpuio_s *) opaque;
2012     int offset = addr & OMAP_MPUI_REG_MASK;
2013     uint16_t diff;
2014     int ln;
2015 
2016     if (size != 2) {
2017         omap_badwidth_write16(opaque, addr, value);
2018         return;
2019     }
2020 
2021     switch (offset) {
2022     case 0x04:	/* OUTPUT_REG */
2023         diff = (s->outputs ^ value) & ~s->dir;
2024         s->outputs = value;
2025         while ((ln = ctz32(diff)) != 32) {
2026             if (s->handler[ln])
2027                 qemu_set_irq(s->handler[ln], (value >> ln) & 1);
2028             diff &= ~(1 << ln);
2029         }
2030         break;
2031 
2032     case 0x08:	/* IO_CNTL */
2033         diff = s->outputs & (s->dir ^ value);
2034         s->dir = value;
2035 
2036         value = s->outputs & ~s->dir;
2037         while ((ln = ctz32(diff)) != 32) {
2038             if (s->handler[ln])
2039                 qemu_set_irq(s->handler[ln], (value >> ln) & 1);
2040             diff &= ~(1 << ln);
2041         }
2042         break;
2043 
2044     case 0x14:	/* KBC_REG */
2045         s->cols = value;
2046         omap_mpuio_kbd_update(s);
2047         break;
2048 
2049     case 0x18:	/* GPIO_EVENT_MODE_REG */
2050         s->event = value & 0x1f;
2051         break;
2052 
2053     case 0x1c:	/* GPIO_INT_EDGE_REG */
2054         s->edge = value;
2055         break;
2056 
2057     case 0x28:	/* KBD_MASKIT */
2058         s->kbd_mask = value & 1;
2059         omap_mpuio_kbd_update(s);
2060         break;
2061 
2062     case 0x2c:	/* GPIO_MASKIT */
2063         s->mask = value;
2064         break;
2065 
2066     case 0x30:	/* GPIO_DEBOUNCING_REG */
2067         s->debounce = value & 0x1ff;
2068         break;
2069 
2070     case 0x00:	/* INPUT_LATCH */
2071     case 0x10:	/* KBR_LATCH */
2072     case 0x20:	/* KBD_INT */
2073     case 0x24:	/* GPIO_INT */
2074     case 0x34:	/* GPIO_LATCH_REG */
2075         OMAP_RO_REG(addr);
2076         return;
2077 
2078     default:
2079         OMAP_BAD_REG(addr);
2080         return;
2081     }
2082 }
2083 
2084 static const MemoryRegionOps omap_mpuio_ops  = {
2085     .read = omap_mpuio_read,
2086     .write = omap_mpuio_write,
2087     .endianness = DEVICE_NATIVE_ENDIAN,
2088 };
2089 
2090 static void omap_mpuio_reset(struct omap_mpuio_s *s)
2091 {
2092     s->inputs = 0;
2093     s->outputs = 0;
2094     s->dir = ~0;
2095     s->event = 0;
2096     s->edge = 0;
2097     s->kbd_mask = 0;
2098     s->mask = 0;
2099     s->debounce = 0;
2100     s->latch = 0;
2101     s->ints = 0;
2102     s->row_latch = 0x1f;
2103     s->clk = 1;
2104 }
2105 
2106 static void omap_mpuio_onoff(void *opaque, int line, int on)
2107 {
2108     struct omap_mpuio_s *s = (struct omap_mpuio_s *) opaque;
2109 
2110     s->clk = on;
2111     if (on)
2112         omap_mpuio_kbd_update(s);
2113 }
2114 
2115 static struct omap_mpuio_s *omap_mpuio_init(MemoryRegion *memory,
2116                 hwaddr base,
2117                 qemu_irq kbd_int, qemu_irq gpio_int, qemu_irq wakeup,
2118                 omap_clk clk)
2119 {
2120     struct omap_mpuio_s *s = g_new0(struct omap_mpuio_s, 1);
2121 
2122     s->irq = gpio_int;
2123     s->kbd_irq = kbd_int;
2124     s->wakeup = wakeup;
2125     s->in = qemu_allocate_irqs(omap_mpuio_set, s, 16);
2126     omap_mpuio_reset(s);
2127 
2128     memory_region_init_io(&s->iomem, NULL, &omap_mpuio_ops, s,
2129                           "omap-mpuio", 0x800);
2130     memory_region_add_subregion(memory, base, &s->iomem);
2131 
2132     omap_clk_adduser(clk, qemu_allocate_irq(omap_mpuio_onoff, s, 0));
2133 
2134     return s;
2135 }
2136 
2137 qemu_irq *omap_mpuio_in_get(struct omap_mpuio_s *s)
2138 {
2139     return s->in;
2140 }
2141 
2142 void omap_mpuio_out_set(struct omap_mpuio_s *s, int line, qemu_irq handler)
2143 {
2144     if (line >= 16 || line < 0)
2145         hw_error("%s: No GPIO line %i\n", __func__, line);
2146     s->handler[line] = handler;
2147 }
2148 
2149 void omap_mpuio_key(struct omap_mpuio_s *s, int row, int col, int down)
2150 {
2151     if (row >= 5 || row < 0)
2152         hw_error("%s: No key %i-%i\n", __func__, col, row);
2153 
2154     if (down)
2155         s->buttons[row] |= 1 << col;
2156     else
2157         s->buttons[row] &= ~(1 << col);
2158 
2159     omap_mpuio_kbd_update(s);
2160 }
2161 
2162 /* MicroWire Interface */
2163 struct omap_uwire_s {
2164     MemoryRegion iomem;
2165     qemu_irq txirq;
2166     qemu_irq rxirq;
2167     qemu_irq txdrq;
2168 
2169     uint16_t txbuf;
2170     uint16_t rxbuf;
2171     uint16_t control;
2172     uint16_t setup[5];
2173 
2174     uWireSlave *chip[4];
2175 };
2176 
2177 static void omap_uwire_transfer_start(struct omap_uwire_s *s)
2178 {
2179     int chipselect = (s->control >> 10) & 3;		/* INDEX */
2180     uWireSlave *slave = s->chip[chipselect];
2181 
2182     if ((s->control >> 5) & 0x1f) {			/* NB_BITS_WR */
2183         if (s->control & (1 << 12))			/* CS_CMD */
2184             if (slave && slave->send)
2185                 slave->send(slave->opaque,
2186                                 s->txbuf >> (16 - ((s->control >> 5) & 0x1f)));
2187         s->control &= ~(1 << 14);			/* CSRB */
2188         /* TODO: depending on s->setup[4] bits [1:0] assert an IRQ or
2189          * a DRQ.  When is the level IRQ supposed to be reset?  */
2190     }
2191 
2192     if ((s->control >> 0) & 0x1f) {			/* NB_BITS_RD */
2193         if (s->control & (1 << 12))			/* CS_CMD */
2194             if (slave && slave->receive)
2195                 s->rxbuf = slave->receive(slave->opaque);
2196         s->control |= 1 << 15;				/* RDRB */
2197         /* TODO: depending on s->setup[4] bits [1:0] assert an IRQ or
2198          * a DRQ.  When is the level IRQ supposed to be reset?  */
2199     }
2200 }
2201 
2202 static uint64_t omap_uwire_read(void *opaque, hwaddr addr,
2203                                 unsigned size)
2204 {
2205     struct omap_uwire_s *s = (struct omap_uwire_s *) opaque;
2206     int offset = addr & OMAP_MPUI_REG_MASK;
2207 
2208     if (size != 2) {
2209         return omap_badwidth_read16(opaque, addr);
2210     }
2211 
2212     switch (offset) {
2213     case 0x00:	/* RDR */
2214         s->control &= ~(1 << 15);			/* RDRB */
2215         return s->rxbuf;
2216 
2217     case 0x04:	/* CSR */
2218         return s->control;
2219 
2220     case 0x08:	/* SR1 */
2221         return s->setup[0];
2222     case 0x0c:	/* SR2 */
2223         return s->setup[1];
2224     case 0x10:	/* SR3 */
2225         return s->setup[2];
2226     case 0x14:	/* SR4 */
2227         return s->setup[3];
2228     case 0x18:	/* SR5 */
2229         return s->setup[4];
2230     }
2231 
2232     OMAP_BAD_REG(addr);
2233     return 0;
2234 }
2235 
2236 static void omap_uwire_write(void *opaque, hwaddr addr,
2237                              uint64_t value, unsigned size)
2238 {
2239     struct omap_uwire_s *s = (struct omap_uwire_s *) opaque;
2240     int offset = addr & OMAP_MPUI_REG_MASK;
2241 
2242     if (size != 2) {
2243         omap_badwidth_write16(opaque, addr, value);
2244         return;
2245     }
2246 
2247     switch (offset) {
2248     case 0x00:	/* TDR */
2249         s->txbuf = value;				/* TD */
2250         if ((s->setup[4] & (1 << 2)) &&			/* AUTO_TX_EN */
2251                         ((s->setup[4] & (1 << 3)) ||	/* CS_TOGGLE_TX_EN */
2252                          (s->control & (1 << 12)))) {	/* CS_CMD */
2253             s->control |= 1 << 14;			/* CSRB */
2254             omap_uwire_transfer_start(s);
2255         }
2256         break;
2257 
2258     case 0x04:	/* CSR */
2259         s->control = value & 0x1fff;
2260         if (value & (1 << 13))				/* START */
2261             omap_uwire_transfer_start(s);
2262         break;
2263 
2264     case 0x08:	/* SR1 */
2265         s->setup[0] = value & 0x003f;
2266         break;
2267 
2268     case 0x0c:	/* SR2 */
2269         s->setup[1] = value & 0x0fc0;
2270         break;
2271 
2272     case 0x10:	/* SR3 */
2273         s->setup[2] = value & 0x0003;
2274         break;
2275 
2276     case 0x14:	/* SR4 */
2277         s->setup[3] = value & 0x0001;
2278         break;
2279 
2280     case 0x18:	/* SR5 */
2281         s->setup[4] = value & 0x000f;
2282         break;
2283 
2284     default:
2285         OMAP_BAD_REG(addr);
2286         return;
2287     }
2288 }
2289 
2290 static const MemoryRegionOps omap_uwire_ops = {
2291     .read = omap_uwire_read,
2292     .write = omap_uwire_write,
2293     .endianness = DEVICE_NATIVE_ENDIAN,
2294 };
2295 
2296 static void omap_uwire_reset(struct omap_uwire_s *s)
2297 {
2298     s->control = 0;
2299     s->setup[0] = 0;
2300     s->setup[1] = 0;
2301     s->setup[2] = 0;
2302     s->setup[3] = 0;
2303     s->setup[4] = 0;
2304 }
2305 
2306 static struct omap_uwire_s *omap_uwire_init(MemoryRegion *system_memory,
2307                                             hwaddr base,
2308                                             qemu_irq txirq, qemu_irq rxirq,
2309                                             qemu_irq dma,
2310                                             omap_clk clk)
2311 {
2312     struct omap_uwire_s *s = g_new0(struct omap_uwire_s, 1);
2313 
2314     s->txirq = txirq;
2315     s->rxirq = rxirq;
2316     s->txdrq = dma;
2317     omap_uwire_reset(s);
2318 
2319     memory_region_init_io(&s->iomem, NULL, &omap_uwire_ops, s, "omap-uwire", 0x800);
2320     memory_region_add_subregion(system_memory, base, &s->iomem);
2321 
2322     return s;
2323 }
2324 
2325 void omap_uwire_attach(struct omap_uwire_s *s,
2326                 uWireSlave *slave, int chipselect)
2327 {
2328     if (chipselect < 0 || chipselect > 3) {
2329         error_report("%s: Bad chipselect %i", __func__, chipselect);
2330         exit(-1);
2331     }
2332 
2333     s->chip[chipselect] = slave;
2334 }
2335 
2336 /* Pseudonoise Pulse-Width Light Modulator */
2337 struct omap_pwl_s {
2338     MemoryRegion iomem;
2339     uint8_t output;
2340     uint8_t level;
2341     uint8_t enable;
2342     int clk;
2343 };
2344 
2345 static void omap_pwl_update(struct omap_pwl_s *s)
2346 {
2347     int output = (s->clk && s->enable) ? s->level : 0;
2348 
2349     if (output != s->output) {
2350         s->output = output;
2351         printf("%s: Backlight now at %i/256\n", __func__, output);
2352     }
2353 }
2354 
2355 static uint64_t omap_pwl_read(void *opaque, hwaddr addr,
2356                               unsigned size)
2357 {
2358     struct omap_pwl_s *s = (struct omap_pwl_s *) opaque;
2359     int offset = addr & OMAP_MPUI_REG_MASK;
2360 
2361     if (size != 1) {
2362         return omap_badwidth_read8(opaque, addr);
2363     }
2364 
2365     switch (offset) {
2366     case 0x00:	/* PWL_LEVEL */
2367         return s->level;
2368     case 0x04:	/* PWL_CTRL */
2369         return s->enable;
2370     }
2371     OMAP_BAD_REG(addr);
2372     return 0;
2373 }
2374 
2375 static void omap_pwl_write(void *opaque, hwaddr addr,
2376                            uint64_t value, unsigned size)
2377 {
2378     struct omap_pwl_s *s = (struct omap_pwl_s *) opaque;
2379     int offset = addr & OMAP_MPUI_REG_MASK;
2380 
2381     if (size != 1) {
2382         omap_badwidth_write8(opaque, addr, value);
2383         return;
2384     }
2385 
2386     switch (offset) {
2387     case 0x00:	/* PWL_LEVEL */
2388         s->level = value;
2389         omap_pwl_update(s);
2390         break;
2391     case 0x04:	/* PWL_CTRL */
2392         s->enable = value & 1;
2393         omap_pwl_update(s);
2394         break;
2395     default:
2396         OMAP_BAD_REG(addr);
2397         return;
2398     }
2399 }
2400 
2401 static const MemoryRegionOps omap_pwl_ops = {
2402     .read = omap_pwl_read,
2403     .write = omap_pwl_write,
2404     .endianness = DEVICE_NATIVE_ENDIAN,
2405 };
2406 
2407 static void omap_pwl_reset(struct omap_pwl_s *s)
2408 {
2409     s->output = 0;
2410     s->level = 0;
2411     s->enable = 0;
2412     s->clk = 1;
2413     omap_pwl_update(s);
2414 }
2415 
2416 static void omap_pwl_clk_update(void *opaque, int line, int on)
2417 {
2418     struct omap_pwl_s *s = (struct omap_pwl_s *) opaque;
2419 
2420     s->clk = on;
2421     omap_pwl_update(s);
2422 }
2423 
2424 static struct omap_pwl_s *omap_pwl_init(MemoryRegion *system_memory,
2425                                         hwaddr base,
2426                                         omap_clk clk)
2427 {
2428     struct omap_pwl_s *s = g_malloc0(sizeof(*s));
2429 
2430     omap_pwl_reset(s);
2431 
2432     memory_region_init_io(&s->iomem, NULL, &omap_pwl_ops, s,
2433                           "omap-pwl", 0x800);
2434     memory_region_add_subregion(system_memory, base, &s->iomem);
2435 
2436     omap_clk_adduser(clk, qemu_allocate_irq(omap_pwl_clk_update, s, 0));
2437     return s;
2438 }
2439 
2440 /* Pulse-Width Tone module */
2441 struct omap_pwt_s {
2442     MemoryRegion iomem;
2443     uint8_t frc;
2444     uint8_t vrc;
2445     uint8_t gcr;
2446     omap_clk clk;
2447 };
2448 
2449 static uint64_t omap_pwt_read(void *opaque, hwaddr addr,
2450                               unsigned size)
2451 {
2452     struct omap_pwt_s *s = (struct omap_pwt_s *) opaque;
2453     int offset = addr & OMAP_MPUI_REG_MASK;
2454 
2455     if (size != 1) {
2456         return omap_badwidth_read8(opaque, addr);
2457     }
2458 
2459     switch (offset) {
2460     case 0x00:	/* FRC */
2461         return s->frc;
2462     case 0x04:	/* VCR */
2463         return s->vrc;
2464     case 0x08:	/* GCR */
2465         return s->gcr;
2466     }
2467     OMAP_BAD_REG(addr);
2468     return 0;
2469 }
2470 
2471 static void omap_pwt_write(void *opaque, hwaddr addr,
2472                            uint64_t value, unsigned size)
2473 {
2474     struct omap_pwt_s *s = (struct omap_pwt_s *) opaque;
2475     int offset = addr & OMAP_MPUI_REG_MASK;
2476 
2477     if (size != 1) {
2478         omap_badwidth_write8(opaque, addr, value);
2479         return;
2480     }
2481 
2482     switch (offset) {
2483     case 0x00:	/* FRC */
2484         s->frc = value & 0x3f;
2485         break;
2486     case 0x04:	/* VRC */
2487         if ((value ^ s->vrc) & 1) {
2488             if (value & 1)
2489                 printf("%s: %iHz buzz on\n", __func__, (int)
2490                                 /* 1.5 MHz from a 12-MHz or 13-MHz PWT_CLK */
2491                                 ((omap_clk_getrate(s->clk) >> 3) /
2492                                  /* Pre-multiplexer divider */
2493                                  ((s->gcr & 2) ? 1 : 154) /
2494                                  /* Octave multiplexer */
2495                                  (2 << (value & 3)) *
2496                                  /* 101/107 divider */
2497                                  ((value & (1 << 2)) ? 101 : 107) *
2498                                  /*  49/55 divider */
2499                                  ((value & (1 << 3)) ?  49 : 55) *
2500                                  /*  50/63 divider */
2501                                  ((value & (1 << 4)) ?  50 : 63) *
2502                                  /*  80/127 divider */
2503                                  ((value & (1 << 5)) ?  80 : 127) /
2504                                  (107 * 55 * 63 * 127)));
2505             else
2506                 printf("%s: silence!\n", __func__);
2507         }
2508         s->vrc = value & 0x7f;
2509         break;
2510     case 0x08:	/* GCR */
2511         s->gcr = value & 3;
2512         break;
2513     default:
2514         OMAP_BAD_REG(addr);
2515         return;
2516     }
2517 }
2518 
2519 static const MemoryRegionOps omap_pwt_ops = {
2520     .read =omap_pwt_read,
2521     .write = omap_pwt_write,
2522     .endianness = DEVICE_NATIVE_ENDIAN,
2523 };
2524 
2525 static void omap_pwt_reset(struct omap_pwt_s *s)
2526 {
2527     s->frc = 0;
2528     s->vrc = 0;
2529     s->gcr = 0;
2530 }
2531 
2532 static struct omap_pwt_s *omap_pwt_init(MemoryRegion *system_memory,
2533                                         hwaddr base,
2534                                         omap_clk clk)
2535 {
2536     struct omap_pwt_s *s = g_malloc0(sizeof(*s));
2537     s->clk = clk;
2538     omap_pwt_reset(s);
2539 
2540     memory_region_init_io(&s->iomem, NULL, &omap_pwt_ops, s,
2541                           "omap-pwt", 0x800);
2542     memory_region_add_subregion(system_memory, base, &s->iomem);
2543     return s;
2544 }
2545 
2546 /* Real-time Clock module */
2547 struct omap_rtc_s {
2548     MemoryRegion iomem;
2549     qemu_irq irq;
2550     qemu_irq alarm;
2551     QEMUTimer *clk;
2552 
2553     uint8_t interrupts;
2554     uint8_t status;
2555     int16_t comp_reg;
2556     int running;
2557     int pm_am;
2558     int auto_comp;
2559     int round;
2560     struct tm alarm_tm;
2561     time_t alarm_ti;
2562 
2563     struct tm current_tm;
2564     time_t ti;
2565     uint64_t tick;
2566 };
2567 
2568 static void omap_rtc_interrupts_update(struct omap_rtc_s *s)
2569 {
2570     /* s->alarm is level-triggered */
2571     qemu_set_irq(s->alarm, (s->status >> 6) & 1);
2572 }
2573 
2574 static void omap_rtc_alarm_update(struct omap_rtc_s *s)
2575 {
2576     s->alarm_ti = mktimegm(&s->alarm_tm);
2577     if (s->alarm_ti == -1)
2578         printf("%s: conversion failed\n", __func__);
2579 }
2580 
2581 static uint64_t omap_rtc_read(void *opaque, hwaddr addr,
2582                               unsigned size)
2583 {
2584     struct omap_rtc_s *s = (struct omap_rtc_s *) opaque;
2585     int offset = addr & OMAP_MPUI_REG_MASK;
2586     uint8_t i;
2587 
2588     if (size != 1) {
2589         return omap_badwidth_read8(opaque, addr);
2590     }
2591 
2592     switch (offset) {
2593     case 0x00:	/* SECONDS_REG */
2594         return to_bcd(s->current_tm.tm_sec);
2595 
2596     case 0x04:	/* MINUTES_REG */
2597         return to_bcd(s->current_tm.tm_min);
2598 
2599     case 0x08:	/* HOURS_REG */
2600         if (s->pm_am)
2601             return ((s->current_tm.tm_hour > 11) << 7) |
2602                     to_bcd(((s->current_tm.tm_hour - 1) % 12) + 1);
2603         else
2604             return to_bcd(s->current_tm.tm_hour);
2605 
2606     case 0x0c:	/* DAYS_REG */
2607         return to_bcd(s->current_tm.tm_mday);
2608 
2609     case 0x10:	/* MONTHS_REG */
2610         return to_bcd(s->current_tm.tm_mon + 1);
2611 
2612     case 0x14:	/* YEARS_REG */
2613         return to_bcd(s->current_tm.tm_year % 100);
2614 
2615     case 0x18:	/* WEEK_REG */
2616         return s->current_tm.tm_wday;
2617 
2618     case 0x20:	/* ALARM_SECONDS_REG */
2619         return to_bcd(s->alarm_tm.tm_sec);
2620 
2621     case 0x24:	/* ALARM_MINUTES_REG */
2622         return to_bcd(s->alarm_tm.tm_min);
2623 
2624     case 0x28:	/* ALARM_HOURS_REG */
2625         if (s->pm_am)
2626             return ((s->alarm_tm.tm_hour > 11) << 7) |
2627                     to_bcd(((s->alarm_tm.tm_hour - 1) % 12) + 1);
2628         else
2629             return to_bcd(s->alarm_tm.tm_hour);
2630 
2631     case 0x2c:	/* ALARM_DAYS_REG */
2632         return to_bcd(s->alarm_tm.tm_mday);
2633 
2634     case 0x30:	/* ALARM_MONTHS_REG */
2635         return to_bcd(s->alarm_tm.tm_mon + 1);
2636 
2637     case 0x34:	/* ALARM_YEARS_REG */
2638         return to_bcd(s->alarm_tm.tm_year % 100);
2639 
2640     case 0x40:	/* RTC_CTRL_REG */
2641         return (s->pm_am << 3) | (s->auto_comp << 2) |
2642                 (s->round << 1) | s->running;
2643 
2644     case 0x44:	/* RTC_STATUS_REG */
2645         i = s->status;
2646         s->status &= ~0x3d;
2647         return i;
2648 
2649     case 0x48:	/* RTC_INTERRUPTS_REG */
2650         return s->interrupts;
2651 
2652     case 0x4c:	/* RTC_COMP_LSB_REG */
2653         return ((uint16_t) s->comp_reg) & 0xff;
2654 
2655     case 0x50:	/* RTC_COMP_MSB_REG */
2656         return ((uint16_t) s->comp_reg) >> 8;
2657     }
2658 
2659     OMAP_BAD_REG(addr);
2660     return 0;
2661 }
2662 
2663 static void omap_rtc_write(void *opaque, hwaddr addr,
2664                            uint64_t value, unsigned size)
2665 {
2666     struct omap_rtc_s *s = (struct omap_rtc_s *) opaque;
2667     int offset = addr & OMAP_MPUI_REG_MASK;
2668     struct tm new_tm;
2669     time_t ti[2];
2670 
2671     if (size != 1) {
2672         omap_badwidth_write8(opaque, addr, value);
2673         return;
2674     }
2675 
2676     switch (offset) {
2677     case 0x00:	/* SECONDS_REG */
2678 #ifdef ALMDEBUG
2679         printf("RTC SEC_REG <-- %02x\n", value);
2680 #endif
2681         s->ti -= s->current_tm.tm_sec;
2682         s->ti += from_bcd(value);
2683         return;
2684 
2685     case 0x04:	/* MINUTES_REG */
2686 #ifdef ALMDEBUG
2687         printf("RTC MIN_REG <-- %02x\n", value);
2688 #endif
2689         s->ti -= s->current_tm.tm_min * 60;
2690         s->ti += from_bcd(value) * 60;
2691         return;
2692 
2693     case 0x08:	/* HOURS_REG */
2694 #ifdef ALMDEBUG
2695         printf("RTC HRS_REG <-- %02x\n", value);
2696 #endif
2697         s->ti -= s->current_tm.tm_hour * 3600;
2698         if (s->pm_am) {
2699             s->ti += (from_bcd(value & 0x3f) & 12) * 3600;
2700             s->ti += ((value >> 7) & 1) * 43200;
2701         } else
2702             s->ti += from_bcd(value & 0x3f) * 3600;
2703         return;
2704 
2705     case 0x0c:	/* DAYS_REG */
2706 #ifdef ALMDEBUG
2707         printf("RTC DAY_REG <-- %02x\n", value);
2708 #endif
2709         s->ti -= s->current_tm.tm_mday * 86400;
2710         s->ti += from_bcd(value) * 86400;
2711         return;
2712 
2713     case 0x10:	/* MONTHS_REG */
2714 #ifdef ALMDEBUG
2715         printf("RTC MTH_REG <-- %02x\n", value);
2716 #endif
2717         memcpy(&new_tm, &s->current_tm, sizeof(new_tm));
2718         new_tm.tm_mon = from_bcd(value);
2719         ti[0] = mktimegm(&s->current_tm);
2720         ti[1] = mktimegm(&new_tm);
2721 
2722         if (ti[0] != -1 && ti[1] != -1) {
2723             s->ti -= ti[0];
2724             s->ti += ti[1];
2725         } else {
2726             /* A less accurate version */
2727             s->ti -= s->current_tm.tm_mon * 2592000;
2728             s->ti += from_bcd(value) * 2592000;
2729         }
2730         return;
2731 
2732     case 0x14:	/* YEARS_REG */
2733 #ifdef ALMDEBUG
2734         printf("RTC YRS_REG <-- %02x\n", value);
2735 #endif
2736         memcpy(&new_tm, &s->current_tm, sizeof(new_tm));
2737         new_tm.tm_year += from_bcd(value) - (new_tm.tm_year % 100);
2738         ti[0] = mktimegm(&s->current_tm);
2739         ti[1] = mktimegm(&new_tm);
2740 
2741         if (ti[0] != -1 && ti[1] != -1) {
2742             s->ti -= ti[0];
2743             s->ti += ti[1];
2744         } else {
2745             /* A less accurate version */
2746             s->ti -= (time_t)(s->current_tm.tm_year % 100) * 31536000;
2747             s->ti += (time_t)from_bcd(value) * 31536000;
2748         }
2749         return;
2750 
2751     case 0x18:	/* WEEK_REG */
2752         return;	/* Ignored */
2753 
2754     case 0x20:	/* ALARM_SECONDS_REG */
2755 #ifdef ALMDEBUG
2756         printf("ALM SEC_REG <-- %02x\n", value);
2757 #endif
2758         s->alarm_tm.tm_sec = from_bcd(value);
2759         omap_rtc_alarm_update(s);
2760         return;
2761 
2762     case 0x24:	/* ALARM_MINUTES_REG */
2763 #ifdef ALMDEBUG
2764         printf("ALM MIN_REG <-- %02x\n", value);
2765 #endif
2766         s->alarm_tm.tm_min = from_bcd(value);
2767         omap_rtc_alarm_update(s);
2768         return;
2769 
2770     case 0x28:	/* ALARM_HOURS_REG */
2771 #ifdef ALMDEBUG
2772         printf("ALM HRS_REG <-- %02x\n", value);
2773 #endif
2774         if (s->pm_am)
2775             s->alarm_tm.tm_hour =
2776                     ((from_bcd(value & 0x3f)) % 12) +
2777                     ((value >> 7) & 1) * 12;
2778         else
2779             s->alarm_tm.tm_hour = from_bcd(value);
2780         omap_rtc_alarm_update(s);
2781         return;
2782 
2783     case 0x2c:	/* ALARM_DAYS_REG */
2784 #ifdef ALMDEBUG
2785         printf("ALM DAY_REG <-- %02x\n", value);
2786 #endif
2787         s->alarm_tm.tm_mday = from_bcd(value);
2788         omap_rtc_alarm_update(s);
2789         return;
2790 
2791     case 0x30:	/* ALARM_MONTHS_REG */
2792 #ifdef ALMDEBUG
2793         printf("ALM MON_REG <-- %02x\n", value);
2794 #endif
2795         s->alarm_tm.tm_mon = from_bcd(value);
2796         omap_rtc_alarm_update(s);
2797         return;
2798 
2799     case 0x34:	/* ALARM_YEARS_REG */
2800 #ifdef ALMDEBUG
2801         printf("ALM YRS_REG <-- %02x\n", value);
2802 #endif
2803         s->alarm_tm.tm_year = from_bcd(value);
2804         omap_rtc_alarm_update(s);
2805         return;
2806 
2807     case 0x40:	/* RTC_CTRL_REG */
2808 #ifdef ALMDEBUG
2809         printf("RTC CONTROL <-- %02x\n", value);
2810 #endif
2811         s->pm_am = (value >> 3) & 1;
2812         s->auto_comp = (value >> 2) & 1;
2813         s->round = (value >> 1) & 1;
2814         s->running = value & 1;
2815         s->status &= 0xfd;
2816         s->status |= s->running << 1;
2817         return;
2818 
2819     case 0x44:	/* RTC_STATUS_REG */
2820 #ifdef ALMDEBUG
2821         printf("RTC STATUSL <-- %02x\n", value);
2822 #endif
2823         s->status &= ~((value & 0xc0) ^ 0x80);
2824         omap_rtc_interrupts_update(s);
2825         return;
2826 
2827     case 0x48:	/* RTC_INTERRUPTS_REG */
2828 #ifdef ALMDEBUG
2829         printf("RTC INTRS <-- %02x\n", value);
2830 #endif
2831         s->interrupts = value;
2832         return;
2833 
2834     case 0x4c:	/* RTC_COMP_LSB_REG */
2835 #ifdef ALMDEBUG
2836         printf("RTC COMPLSB <-- %02x\n", value);
2837 #endif
2838         s->comp_reg &= 0xff00;
2839         s->comp_reg |= 0x00ff & value;
2840         return;
2841 
2842     case 0x50:	/* RTC_COMP_MSB_REG */
2843 #ifdef ALMDEBUG
2844         printf("RTC COMPMSB <-- %02x\n", value);
2845 #endif
2846         s->comp_reg &= 0x00ff;
2847         s->comp_reg |= 0xff00 & (value << 8);
2848         return;
2849 
2850     default:
2851         OMAP_BAD_REG(addr);
2852         return;
2853     }
2854 }
2855 
2856 static const MemoryRegionOps omap_rtc_ops = {
2857     .read = omap_rtc_read,
2858     .write = omap_rtc_write,
2859     .endianness = DEVICE_NATIVE_ENDIAN,
2860 };
2861 
2862 static void omap_rtc_tick(void *opaque)
2863 {
2864     struct omap_rtc_s *s = opaque;
2865 
2866     if (s->round) {
2867         /* Round to nearest full minute.  */
2868         if (s->current_tm.tm_sec < 30)
2869             s->ti -= s->current_tm.tm_sec;
2870         else
2871             s->ti += 60 - s->current_tm.tm_sec;
2872 
2873         s->round = 0;
2874     }
2875 
2876     localtime_r(&s->ti, &s->current_tm);
2877 
2878     if ((s->interrupts & 0x08) && s->ti == s->alarm_ti) {
2879         s->status |= 0x40;
2880         omap_rtc_interrupts_update(s);
2881     }
2882 
2883     if (s->interrupts & 0x04)
2884         switch (s->interrupts & 3) {
2885         case 0:
2886             s->status |= 0x04;
2887             qemu_irq_pulse(s->irq);
2888             break;
2889         case 1:
2890             if (s->current_tm.tm_sec)
2891                 break;
2892             s->status |= 0x08;
2893             qemu_irq_pulse(s->irq);
2894             break;
2895         case 2:
2896             if (s->current_tm.tm_sec || s->current_tm.tm_min)
2897                 break;
2898             s->status |= 0x10;
2899             qemu_irq_pulse(s->irq);
2900             break;
2901         case 3:
2902             if (s->current_tm.tm_sec ||
2903                             s->current_tm.tm_min || s->current_tm.tm_hour)
2904                 break;
2905             s->status |= 0x20;
2906             qemu_irq_pulse(s->irq);
2907             break;
2908         }
2909 
2910     /* Move on */
2911     if (s->running)
2912         s->ti ++;
2913     s->tick += 1000;
2914 
2915     /*
2916      * Every full hour add a rough approximation of the compensation
2917      * register to the 32kHz Timer (which drives the RTC) value.
2918      */
2919     if (s->auto_comp && !s->current_tm.tm_sec && !s->current_tm.tm_min)
2920         s->tick += s->comp_reg * 1000 / 32768;
2921 
2922     timer_mod(s->clk, s->tick);
2923 }
2924 
2925 static void omap_rtc_reset(struct omap_rtc_s *s)
2926 {
2927     struct tm tm;
2928 
2929     s->interrupts = 0;
2930     s->comp_reg = 0;
2931     s->running = 0;
2932     s->pm_am = 0;
2933     s->auto_comp = 0;
2934     s->round = 0;
2935     s->tick = qemu_clock_get_ms(rtc_clock);
2936     memset(&s->alarm_tm, 0, sizeof(s->alarm_tm));
2937     s->alarm_tm.tm_mday = 0x01;
2938     s->status = 1 << 7;
2939     qemu_get_timedate(&tm, 0);
2940     s->ti = mktimegm(&tm);
2941 
2942     omap_rtc_alarm_update(s);
2943     omap_rtc_tick(s);
2944 }
2945 
2946 static struct omap_rtc_s *omap_rtc_init(MemoryRegion *system_memory,
2947                                         hwaddr base,
2948                                         qemu_irq timerirq, qemu_irq alarmirq,
2949                                         omap_clk clk)
2950 {
2951     struct omap_rtc_s *s = g_new0(struct omap_rtc_s, 1);
2952 
2953     s->irq = timerirq;
2954     s->alarm = alarmirq;
2955     s->clk = timer_new_ms(rtc_clock, omap_rtc_tick, s);
2956 
2957     omap_rtc_reset(s);
2958 
2959     memory_region_init_io(&s->iomem, NULL, &omap_rtc_ops, s,
2960                           "omap-rtc", 0x800);
2961     memory_region_add_subregion(system_memory, base, &s->iomem);
2962 
2963     return s;
2964 }
2965 
2966 /* Multi-channel Buffered Serial Port interfaces */
2967 struct omap_mcbsp_s {
2968     MemoryRegion iomem;
2969     qemu_irq txirq;
2970     qemu_irq rxirq;
2971     qemu_irq txdrq;
2972     qemu_irq rxdrq;
2973 
2974     uint16_t spcr[2];
2975     uint16_t rcr[2];
2976     uint16_t xcr[2];
2977     uint16_t srgr[2];
2978     uint16_t mcr[2];
2979     uint16_t pcr;
2980     uint16_t rcer[8];
2981     uint16_t xcer[8];
2982     int tx_rate;
2983     int rx_rate;
2984     int tx_req;
2985     int rx_req;
2986 
2987     I2SCodec *codec;
2988     QEMUTimer *source_timer;
2989     QEMUTimer *sink_timer;
2990 };
2991 
2992 static void omap_mcbsp_intr_update(struct omap_mcbsp_s *s)
2993 {
2994     int irq;
2995 
2996     switch ((s->spcr[0] >> 4) & 3) {			/* RINTM */
2997     case 0:
2998         irq = (s->spcr[0] >> 1) & 1;			/* RRDY */
2999         break;
3000     case 3:
3001         irq = (s->spcr[0] >> 3) & 1;			/* RSYNCERR */
3002         break;
3003     default:
3004         irq = 0;
3005         break;
3006     }
3007 
3008     if (irq)
3009         qemu_irq_pulse(s->rxirq);
3010 
3011     switch ((s->spcr[1] >> 4) & 3) {			/* XINTM */
3012     case 0:
3013         irq = (s->spcr[1] >> 1) & 1;			/* XRDY */
3014         break;
3015     case 3:
3016         irq = (s->spcr[1] >> 3) & 1;			/* XSYNCERR */
3017         break;
3018     default:
3019         irq = 0;
3020         break;
3021     }
3022 
3023     if (irq)
3024         qemu_irq_pulse(s->txirq);
3025 }
3026 
3027 static void omap_mcbsp_rx_newdata(struct omap_mcbsp_s *s)
3028 {
3029     if ((s->spcr[0] >> 1) & 1)				/* RRDY */
3030         s->spcr[0] |= 1 << 2;				/* RFULL */
3031     s->spcr[0] |= 1 << 1;				/* RRDY */
3032     qemu_irq_raise(s->rxdrq);
3033     omap_mcbsp_intr_update(s);
3034 }
3035 
3036 static void omap_mcbsp_source_tick(void *opaque)
3037 {
3038     struct omap_mcbsp_s *s = (struct omap_mcbsp_s *) opaque;
3039     static const int bps[8] = { 0, 1, 1, 2, 2, 2, -255, -255 };
3040 
3041     if (!s->rx_rate)
3042         return;
3043     if (s->rx_req)
3044         printf("%s: Rx FIFO overrun\n", __func__);
3045 
3046     s->rx_req = s->rx_rate << bps[(s->rcr[0] >> 5) & 7];
3047 
3048     omap_mcbsp_rx_newdata(s);
3049     timer_mod(s->source_timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
3050                    NANOSECONDS_PER_SECOND);
3051 }
3052 
3053 static void omap_mcbsp_rx_start(struct omap_mcbsp_s *s)
3054 {
3055     if (!s->codec || !s->codec->rts)
3056         omap_mcbsp_source_tick(s);
3057     else if (s->codec->in.len) {
3058         s->rx_req = s->codec->in.len;
3059         omap_mcbsp_rx_newdata(s);
3060     }
3061 }
3062 
3063 static void omap_mcbsp_rx_stop(struct omap_mcbsp_s *s)
3064 {
3065     timer_del(s->source_timer);
3066 }
3067 
3068 static void omap_mcbsp_rx_done(struct omap_mcbsp_s *s)
3069 {
3070     s->spcr[0] &= ~(1 << 1);				/* RRDY */
3071     qemu_irq_lower(s->rxdrq);
3072     omap_mcbsp_intr_update(s);
3073 }
3074 
3075 static void omap_mcbsp_tx_newdata(struct omap_mcbsp_s *s)
3076 {
3077     s->spcr[1] |= 1 << 1;				/* XRDY */
3078     qemu_irq_raise(s->txdrq);
3079     omap_mcbsp_intr_update(s);
3080 }
3081 
3082 static void omap_mcbsp_sink_tick(void *opaque)
3083 {
3084     struct omap_mcbsp_s *s = (struct omap_mcbsp_s *) opaque;
3085     static const int bps[8] = { 0, 1, 1, 2, 2, 2, -255, -255 };
3086 
3087     if (!s->tx_rate)
3088         return;
3089     if (s->tx_req)
3090         printf("%s: Tx FIFO underrun\n", __func__);
3091 
3092     s->tx_req = s->tx_rate << bps[(s->xcr[0] >> 5) & 7];
3093 
3094     omap_mcbsp_tx_newdata(s);
3095     timer_mod(s->sink_timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
3096                    NANOSECONDS_PER_SECOND);
3097 }
3098 
3099 static void omap_mcbsp_tx_start(struct omap_mcbsp_s *s)
3100 {
3101     if (!s->codec || !s->codec->cts)
3102         omap_mcbsp_sink_tick(s);
3103     else if (s->codec->out.size) {
3104         s->tx_req = s->codec->out.size;
3105         omap_mcbsp_tx_newdata(s);
3106     }
3107 }
3108 
3109 static void omap_mcbsp_tx_done(struct omap_mcbsp_s *s)
3110 {
3111     s->spcr[1] &= ~(1 << 1);				/* XRDY */
3112     qemu_irq_lower(s->txdrq);
3113     omap_mcbsp_intr_update(s);
3114     if (s->codec && s->codec->cts)
3115         s->codec->tx_swallow(s->codec->opaque);
3116 }
3117 
3118 static void omap_mcbsp_tx_stop(struct omap_mcbsp_s *s)
3119 {
3120     s->tx_req = 0;
3121     omap_mcbsp_tx_done(s);
3122     timer_del(s->sink_timer);
3123 }
3124 
3125 static void omap_mcbsp_req_update(struct omap_mcbsp_s *s)
3126 {
3127     int prev_rx_rate, prev_tx_rate;
3128     int rx_rate = 0, tx_rate = 0;
3129     int cpu_rate = 1500000;	/* XXX */
3130 
3131     /* TODO: check CLKSTP bit */
3132     if (s->spcr[1] & (1 << 6)) {			/* GRST */
3133         if (s->spcr[0] & (1 << 0)) {			/* RRST */
3134             if ((s->srgr[1] & (1 << 13)) &&		/* CLKSM */
3135                             (s->pcr & (1 << 8))) {	/* CLKRM */
3136                 if (~s->pcr & (1 << 7))			/* SCLKME */
3137                     rx_rate = cpu_rate /
3138                             ((s->srgr[0] & 0xff) + 1);	/* CLKGDV */
3139             } else
3140                 if (s->codec)
3141                     rx_rate = s->codec->rx_rate;
3142         }
3143 
3144         if (s->spcr[1] & (1 << 0)) {			/* XRST */
3145             if ((s->srgr[1] & (1 << 13)) &&		/* CLKSM */
3146                             (s->pcr & (1 << 9))) {	/* CLKXM */
3147                 if (~s->pcr & (1 << 7))			/* SCLKME */
3148                     tx_rate = cpu_rate /
3149                             ((s->srgr[0] & 0xff) + 1);	/* CLKGDV */
3150             } else
3151                 if (s->codec)
3152                     tx_rate = s->codec->tx_rate;
3153         }
3154     }
3155     prev_tx_rate = s->tx_rate;
3156     prev_rx_rate = s->rx_rate;
3157     s->tx_rate = tx_rate;
3158     s->rx_rate = rx_rate;
3159 
3160     if (s->codec)
3161         s->codec->set_rate(s->codec->opaque, rx_rate, tx_rate);
3162 
3163     if (!prev_tx_rate && tx_rate)
3164         omap_mcbsp_tx_start(s);
3165     else if (s->tx_rate && !tx_rate)
3166         omap_mcbsp_tx_stop(s);
3167 
3168     if (!prev_rx_rate && rx_rate)
3169         omap_mcbsp_rx_start(s);
3170     else if (prev_tx_rate && !tx_rate)
3171         omap_mcbsp_rx_stop(s);
3172 }
3173 
3174 static uint64_t omap_mcbsp_read(void *opaque, hwaddr addr,
3175                                 unsigned size)
3176 {
3177     struct omap_mcbsp_s *s = (struct omap_mcbsp_s *) opaque;
3178     int offset = addr & OMAP_MPUI_REG_MASK;
3179     uint16_t ret;
3180 
3181     if (size != 2) {
3182         return omap_badwidth_read16(opaque, addr);
3183     }
3184 
3185     switch (offset) {
3186     case 0x00:	/* DRR2 */
3187         if (((s->rcr[0] >> 5) & 7) < 3)			/* RWDLEN1 */
3188             return 0x0000;
3189         /* Fall through.  */
3190     case 0x02:	/* DRR1 */
3191         if (s->rx_req < 2) {
3192             printf("%s: Rx FIFO underrun\n", __func__);
3193             omap_mcbsp_rx_done(s);
3194         } else {
3195             s->tx_req -= 2;
3196             if (s->codec && s->codec->in.len >= 2) {
3197                 ret = s->codec->in.fifo[s->codec->in.start ++] << 8;
3198                 ret |= s->codec->in.fifo[s->codec->in.start ++];
3199                 s->codec->in.len -= 2;
3200             } else
3201                 ret = 0x0000;
3202             if (!s->tx_req)
3203                 omap_mcbsp_rx_done(s);
3204             return ret;
3205         }
3206         return 0x0000;
3207 
3208     case 0x04:	/* DXR2 */
3209     case 0x06:	/* DXR1 */
3210         return 0x0000;
3211 
3212     case 0x08:	/* SPCR2 */
3213         return s->spcr[1];
3214     case 0x0a:	/* SPCR1 */
3215         return s->spcr[0];
3216     case 0x0c:	/* RCR2 */
3217         return s->rcr[1];
3218     case 0x0e:	/* RCR1 */
3219         return s->rcr[0];
3220     case 0x10:	/* XCR2 */
3221         return s->xcr[1];
3222     case 0x12:	/* XCR1 */
3223         return s->xcr[0];
3224     case 0x14:	/* SRGR2 */
3225         return s->srgr[1];
3226     case 0x16:	/* SRGR1 */
3227         return s->srgr[0];
3228     case 0x18:	/* MCR2 */
3229         return s->mcr[1];
3230     case 0x1a:	/* MCR1 */
3231         return s->mcr[0];
3232     case 0x1c:	/* RCERA */
3233         return s->rcer[0];
3234     case 0x1e:	/* RCERB */
3235         return s->rcer[1];
3236     case 0x20:	/* XCERA */
3237         return s->xcer[0];
3238     case 0x22:	/* XCERB */
3239         return s->xcer[1];
3240     case 0x24:	/* PCR0 */
3241         return s->pcr;
3242     case 0x26:	/* RCERC */
3243         return s->rcer[2];
3244     case 0x28:	/* RCERD */
3245         return s->rcer[3];
3246     case 0x2a:	/* XCERC */
3247         return s->xcer[2];
3248     case 0x2c:	/* XCERD */
3249         return s->xcer[3];
3250     case 0x2e:	/* RCERE */
3251         return s->rcer[4];
3252     case 0x30:	/* RCERF */
3253         return s->rcer[5];
3254     case 0x32:	/* XCERE */
3255         return s->xcer[4];
3256     case 0x34:	/* XCERF */
3257         return s->xcer[5];
3258     case 0x36:	/* RCERG */
3259         return s->rcer[6];
3260     case 0x38:	/* RCERH */
3261         return s->rcer[7];
3262     case 0x3a:	/* XCERG */
3263         return s->xcer[6];
3264     case 0x3c:	/* XCERH */
3265         return s->xcer[7];
3266     }
3267 
3268     OMAP_BAD_REG(addr);
3269     return 0;
3270 }
3271 
3272 static void omap_mcbsp_writeh(void *opaque, hwaddr addr,
3273                 uint32_t value)
3274 {
3275     struct omap_mcbsp_s *s = (struct omap_mcbsp_s *) opaque;
3276     int offset = addr & OMAP_MPUI_REG_MASK;
3277 
3278     switch (offset) {
3279     case 0x00:	/* DRR2 */
3280     case 0x02:	/* DRR1 */
3281         OMAP_RO_REG(addr);
3282         return;
3283 
3284     case 0x04:	/* DXR2 */
3285         if (((s->xcr[0] >> 5) & 7) < 3)			/* XWDLEN1 */
3286             return;
3287         /* Fall through.  */
3288     case 0x06:	/* DXR1 */
3289         if (s->tx_req > 1) {
3290             s->tx_req -= 2;
3291             if (s->codec && s->codec->cts) {
3292                 s->codec->out.fifo[s->codec->out.len ++] = (value >> 8) & 0xff;
3293                 s->codec->out.fifo[s->codec->out.len ++] = (value >> 0) & 0xff;
3294             }
3295             if (s->tx_req < 2)
3296                 omap_mcbsp_tx_done(s);
3297         } else
3298             printf("%s: Tx FIFO overrun\n", __func__);
3299         return;
3300 
3301     case 0x08:	/* SPCR2 */
3302         s->spcr[1] &= 0x0002;
3303         s->spcr[1] |= 0x03f9 & value;
3304         s->spcr[1] |= 0x0004 & (value << 2);		/* XEMPTY := XRST */
3305         if (~value & 1)					/* XRST */
3306             s->spcr[1] &= ~6;
3307         omap_mcbsp_req_update(s);
3308         return;
3309     case 0x0a:	/* SPCR1 */
3310         s->spcr[0] &= 0x0006;
3311         s->spcr[0] |= 0xf8f9 & value;
3312         if (value & (1 << 15))				/* DLB */
3313             printf("%s: Digital Loopback mode enable attempt\n", __func__);
3314         if (~value & 1) {				/* RRST */
3315             s->spcr[0] &= ~6;
3316             s->rx_req = 0;
3317             omap_mcbsp_rx_done(s);
3318         }
3319         omap_mcbsp_req_update(s);
3320         return;
3321 
3322     case 0x0c:	/* RCR2 */
3323         s->rcr[1] = value & 0xffff;
3324         return;
3325     case 0x0e:	/* RCR1 */
3326         s->rcr[0] = value & 0x7fe0;
3327         return;
3328     case 0x10:	/* XCR2 */
3329         s->xcr[1] = value & 0xffff;
3330         return;
3331     case 0x12:	/* XCR1 */
3332         s->xcr[0] = value & 0x7fe0;
3333         return;
3334     case 0x14:	/* SRGR2 */
3335         s->srgr[1] = value & 0xffff;
3336         omap_mcbsp_req_update(s);
3337         return;
3338     case 0x16:	/* SRGR1 */
3339         s->srgr[0] = value & 0xffff;
3340         omap_mcbsp_req_update(s);
3341         return;
3342     case 0x18:	/* MCR2 */
3343         s->mcr[1] = value & 0x03e3;
3344         if (value & 3)					/* XMCM */
3345             printf("%s: Tx channel selection mode enable attempt\n", __func__);
3346         return;
3347     case 0x1a:	/* MCR1 */
3348         s->mcr[0] = value & 0x03e1;
3349         if (value & 1)					/* RMCM */
3350             printf("%s: Rx channel selection mode enable attempt\n", __func__);
3351         return;
3352     case 0x1c:	/* RCERA */
3353         s->rcer[0] = value & 0xffff;
3354         return;
3355     case 0x1e:	/* RCERB */
3356         s->rcer[1] = value & 0xffff;
3357         return;
3358     case 0x20:	/* XCERA */
3359         s->xcer[0] = value & 0xffff;
3360         return;
3361     case 0x22:	/* XCERB */
3362         s->xcer[1] = value & 0xffff;
3363         return;
3364     case 0x24:	/* PCR0 */
3365         s->pcr = value & 0x7faf;
3366         return;
3367     case 0x26:	/* RCERC */
3368         s->rcer[2] = value & 0xffff;
3369         return;
3370     case 0x28:	/* RCERD */
3371         s->rcer[3] = value & 0xffff;
3372         return;
3373     case 0x2a:	/* XCERC */
3374         s->xcer[2] = value & 0xffff;
3375         return;
3376     case 0x2c:	/* XCERD */
3377         s->xcer[3] = value & 0xffff;
3378         return;
3379     case 0x2e:	/* RCERE */
3380         s->rcer[4] = value & 0xffff;
3381         return;
3382     case 0x30:	/* RCERF */
3383         s->rcer[5] = value & 0xffff;
3384         return;
3385     case 0x32:	/* XCERE */
3386         s->xcer[4] = value & 0xffff;
3387         return;
3388     case 0x34:	/* XCERF */
3389         s->xcer[5] = value & 0xffff;
3390         return;
3391     case 0x36:	/* RCERG */
3392         s->rcer[6] = value & 0xffff;
3393         return;
3394     case 0x38:	/* RCERH */
3395         s->rcer[7] = value & 0xffff;
3396         return;
3397     case 0x3a:	/* XCERG */
3398         s->xcer[6] = value & 0xffff;
3399         return;
3400     case 0x3c:	/* XCERH */
3401         s->xcer[7] = value & 0xffff;
3402         return;
3403     }
3404 
3405     OMAP_BAD_REG(addr);
3406 }
3407 
3408 static void omap_mcbsp_writew(void *opaque, hwaddr addr,
3409                 uint32_t value)
3410 {
3411     struct omap_mcbsp_s *s = (struct omap_mcbsp_s *) opaque;
3412     int offset = addr & OMAP_MPUI_REG_MASK;
3413 
3414     if (offset == 0x04) {				/* DXR */
3415         if (((s->xcr[0] >> 5) & 7) < 3)			/* XWDLEN1 */
3416             return;
3417         if (s->tx_req > 3) {
3418             s->tx_req -= 4;
3419             if (s->codec && s->codec->cts) {
3420                 s->codec->out.fifo[s->codec->out.len ++] =
3421                         (value >> 24) & 0xff;
3422                 s->codec->out.fifo[s->codec->out.len ++] =
3423                         (value >> 16) & 0xff;
3424                 s->codec->out.fifo[s->codec->out.len ++] =
3425                         (value >> 8) & 0xff;
3426                 s->codec->out.fifo[s->codec->out.len ++] =
3427                         (value >> 0) & 0xff;
3428             }
3429             if (s->tx_req < 4)
3430                 omap_mcbsp_tx_done(s);
3431         } else
3432             printf("%s: Tx FIFO overrun\n", __func__);
3433         return;
3434     }
3435 
3436     omap_badwidth_write16(opaque, addr, value);
3437 }
3438 
3439 static void omap_mcbsp_write(void *opaque, hwaddr addr,
3440                              uint64_t value, unsigned size)
3441 {
3442     switch (size) {
3443     case 2:
3444         omap_mcbsp_writeh(opaque, addr, value);
3445         break;
3446     case 4:
3447         omap_mcbsp_writew(opaque, addr, value);
3448         break;
3449     default:
3450         omap_badwidth_write16(opaque, addr, value);
3451     }
3452 }
3453 
3454 static const MemoryRegionOps omap_mcbsp_ops = {
3455     .read = omap_mcbsp_read,
3456     .write = omap_mcbsp_write,
3457     .endianness = DEVICE_NATIVE_ENDIAN,
3458 };
3459 
3460 static void omap_mcbsp_reset(struct omap_mcbsp_s *s)
3461 {
3462     memset(&s->spcr, 0, sizeof(s->spcr));
3463     memset(&s->rcr, 0, sizeof(s->rcr));
3464     memset(&s->xcr, 0, sizeof(s->xcr));
3465     s->srgr[0] = 0x0001;
3466     s->srgr[1] = 0x2000;
3467     memset(&s->mcr, 0, sizeof(s->mcr));
3468     memset(&s->pcr, 0, sizeof(s->pcr));
3469     memset(&s->rcer, 0, sizeof(s->rcer));
3470     memset(&s->xcer, 0, sizeof(s->xcer));
3471     s->tx_req = 0;
3472     s->rx_req = 0;
3473     s->tx_rate = 0;
3474     s->rx_rate = 0;
3475     timer_del(s->source_timer);
3476     timer_del(s->sink_timer);
3477 }
3478 
3479 static struct omap_mcbsp_s *omap_mcbsp_init(MemoryRegion *system_memory,
3480                                             hwaddr base,
3481                                             qemu_irq txirq, qemu_irq rxirq,
3482                                             qemu_irq *dma, omap_clk clk)
3483 {
3484     struct omap_mcbsp_s *s = g_new0(struct omap_mcbsp_s, 1);
3485 
3486     s->txirq = txirq;
3487     s->rxirq = rxirq;
3488     s->txdrq = dma[0];
3489     s->rxdrq = dma[1];
3490     s->sink_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, omap_mcbsp_sink_tick, s);
3491     s->source_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, omap_mcbsp_source_tick, s);
3492     omap_mcbsp_reset(s);
3493 
3494     memory_region_init_io(&s->iomem, NULL, &omap_mcbsp_ops, s, "omap-mcbsp", 0x800);
3495     memory_region_add_subregion(system_memory, base, &s->iomem);
3496 
3497     return s;
3498 }
3499 
3500 static void omap_mcbsp_i2s_swallow(void *opaque, int line, int level)
3501 {
3502     struct omap_mcbsp_s *s = (struct omap_mcbsp_s *) opaque;
3503 
3504     if (s->rx_rate) {
3505         s->rx_req = s->codec->in.len;
3506         omap_mcbsp_rx_newdata(s);
3507     }
3508 }
3509 
3510 static void omap_mcbsp_i2s_start(void *opaque, int line, int level)
3511 {
3512     struct omap_mcbsp_s *s = (struct omap_mcbsp_s *) opaque;
3513 
3514     if (s->tx_rate) {
3515         s->tx_req = s->codec->out.size;
3516         omap_mcbsp_tx_newdata(s);
3517     }
3518 }
3519 
3520 void omap_mcbsp_i2s_attach(struct omap_mcbsp_s *s, I2SCodec *slave)
3521 {
3522     s->codec = slave;
3523     slave->rx_swallow = qemu_allocate_irq(omap_mcbsp_i2s_swallow, s, 0);
3524     slave->tx_start = qemu_allocate_irq(omap_mcbsp_i2s_start, s, 0);
3525 }
3526 
3527 /* LED Pulse Generators */
3528 struct omap_lpg_s {
3529     MemoryRegion iomem;
3530     QEMUTimer *tm;
3531 
3532     uint8_t control;
3533     uint8_t power;
3534     int64_t on;
3535     int64_t period;
3536     int clk;
3537     int cycle;
3538 };
3539 
3540 static void omap_lpg_tick(void *opaque)
3541 {
3542     struct omap_lpg_s *s = opaque;
3543 
3544     if (s->cycle)
3545         timer_mod(s->tm, qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) + s->period - s->on);
3546     else
3547         timer_mod(s->tm, qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) + s->on);
3548 
3549     s->cycle = !s->cycle;
3550     printf("%s: LED is %s\n", __func__, s->cycle ? "on" : "off");
3551 }
3552 
3553 static void omap_lpg_update(struct omap_lpg_s *s)
3554 {
3555     int64_t on, period = 1, ticks = 1000;
3556     static const int per[8] = { 1, 2, 4, 8, 12, 16, 20, 24 };
3557 
3558     if (~s->control & (1 << 6))					/* LPGRES */
3559         on = 0;
3560     else if (s->control & (1 << 7))				/* PERM_ON */
3561         on = period;
3562     else {
3563         period = muldiv64(ticks, per[s->control & 7],		/* PERCTRL */
3564                         256 / 32);
3565         on = (s->clk && s->power) ? muldiv64(ticks,
3566                         per[(s->control >> 3) & 7], 256) : 0;	/* ONCTRL */
3567     }
3568 
3569     timer_del(s->tm);
3570     if (on == period && s->on < s->period)
3571         printf("%s: LED is on\n", __func__);
3572     else if (on == 0 && s->on)
3573         printf("%s: LED is off\n", __func__);
3574     else if (on && (on != s->on || period != s->period)) {
3575         s->cycle = 0;
3576         s->on = on;
3577         s->period = period;
3578         omap_lpg_tick(s);
3579         return;
3580     }
3581 
3582     s->on = on;
3583     s->period = period;
3584 }
3585 
3586 static void omap_lpg_reset(struct omap_lpg_s *s)
3587 {
3588     s->control = 0x00;
3589     s->power = 0x00;
3590     s->clk = 1;
3591     omap_lpg_update(s);
3592 }
3593 
3594 static uint64_t omap_lpg_read(void *opaque, hwaddr addr,
3595                               unsigned size)
3596 {
3597     struct omap_lpg_s *s = (struct omap_lpg_s *) opaque;
3598     int offset = addr & OMAP_MPUI_REG_MASK;
3599 
3600     if (size != 1) {
3601         return omap_badwidth_read8(opaque, addr);
3602     }
3603 
3604     switch (offset) {
3605     case 0x00:	/* LCR */
3606         return s->control;
3607 
3608     case 0x04:	/* PMR */
3609         return s->power;
3610     }
3611 
3612     OMAP_BAD_REG(addr);
3613     return 0;
3614 }
3615 
3616 static void omap_lpg_write(void *opaque, hwaddr addr,
3617                            uint64_t value, unsigned size)
3618 {
3619     struct omap_lpg_s *s = (struct omap_lpg_s *) opaque;
3620     int offset = addr & OMAP_MPUI_REG_MASK;
3621 
3622     if (size != 1) {
3623         omap_badwidth_write8(opaque, addr, value);
3624         return;
3625     }
3626 
3627     switch (offset) {
3628     case 0x00:	/* LCR */
3629         if (~value & (1 << 6))					/* LPGRES */
3630             omap_lpg_reset(s);
3631         s->control = value & 0xff;
3632         omap_lpg_update(s);
3633         return;
3634 
3635     case 0x04:	/* PMR */
3636         s->power = value & 0x01;
3637         omap_lpg_update(s);
3638         return;
3639 
3640     default:
3641         OMAP_BAD_REG(addr);
3642         return;
3643     }
3644 }
3645 
3646 static const MemoryRegionOps omap_lpg_ops = {
3647     .read = omap_lpg_read,
3648     .write = omap_lpg_write,
3649     .endianness = DEVICE_NATIVE_ENDIAN,
3650 };
3651 
3652 static void omap_lpg_clk_update(void *opaque, int line, int on)
3653 {
3654     struct omap_lpg_s *s = (struct omap_lpg_s *) opaque;
3655 
3656     s->clk = on;
3657     omap_lpg_update(s);
3658 }
3659 
3660 static struct omap_lpg_s *omap_lpg_init(MemoryRegion *system_memory,
3661                                         hwaddr base, omap_clk clk)
3662 {
3663     struct omap_lpg_s *s = g_new0(struct omap_lpg_s, 1);
3664 
3665     s->tm = timer_new_ms(QEMU_CLOCK_VIRTUAL, omap_lpg_tick, s);
3666 
3667     omap_lpg_reset(s);
3668 
3669     memory_region_init_io(&s->iomem, NULL, &omap_lpg_ops, s, "omap-lpg", 0x800);
3670     memory_region_add_subregion(system_memory, base, &s->iomem);
3671 
3672     omap_clk_adduser(clk, qemu_allocate_irq(omap_lpg_clk_update, s, 0));
3673 
3674     return s;
3675 }
3676 
3677 /* MPUI Peripheral Bridge configuration */
3678 static uint64_t omap_mpui_io_read(void *opaque, hwaddr addr,
3679                                   unsigned size)
3680 {
3681     if (size != 2) {
3682         return omap_badwidth_read16(opaque, addr);
3683     }
3684 
3685     if (addr == OMAP_MPUI_BASE)	/* CMR */
3686         return 0xfe4d;
3687 
3688     OMAP_BAD_REG(addr);
3689     return 0;
3690 }
3691 
3692 static void omap_mpui_io_write(void *opaque, hwaddr addr,
3693                                uint64_t value, unsigned size)
3694 {
3695     /* FIXME: infinite loop */
3696     omap_badwidth_write16(opaque, addr, value);
3697 }
3698 
3699 static const MemoryRegionOps omap_mpui_io_ops = {
3700     .read = omap_mpui_io_read,
3701     .write = omap_mpui_io_write,
3702     .endianness = DEVICE_NATIVE_ENDIAN,
3703 };
3704 
3705 static void omap_setup_mpui_io(MemoryRegion *system_memory,
3706                                struct omap_mpu_state_s *mpu)
3707 {
3708     memory_region_init_io(&mpu->mpui_io_iomem, NULL, &omap_mpui_io_ops, mpu,
3709                           "omap-mpui-io", 0x7fff);
3710     memory_region_add_subregion(system_memory, OMAP_MPUI_BASE,
3711                                 &mpu->mpui_io_iomem);
3712 }
3713 
3714 /* General chip reset */
3715 static void omap1_mpu_reset(void *opaque)
3716 {
3717     struct omap_mpu_state_s *mpu = (struct omap_mpu_state_s *) opaque;
3718 
3719     omap_dma_reset(mpu->dma);
3720     omap_mpu_timer_reset(mpu->timer[0]);
3721     omap_mpu_timer_reset(mpu->timer[1]);
3722     omap_mpu_timer_reset(mpu->timer[2]);
3723     omap_wd_timer_reset(mpu->wdt);
3724     omap_os_timer_reset(mpu->os_timer);
3725     omap_lcdc_reset(mpu->lcd);
3726     omap_ulpd_pm_reset(mpu);
3727     omap_pin_cfg_reset(mpu);
3728     omap_mpui_reset(mpu);
3729     omap_tipb_bridge_reset(mpu->private_tipb);
3730     omap_tipb_bridge_reset(mpu->public_tipb);
3731     omap_dpll_reset(mpu->dpll[0]);
3732     omap_dpll_reset(mpu->dpll[1]);
3733     omap_dpll_reset(mpu->dpll[2]);
3734     omap_uart_reset(mpu->uart[0]);
3735     omap_uart_reset(mpu->uart[1]);
3736     omap_uart_reset(mpu->uart[2]);
3737     omap_mmc_reset(mpu->mmc);
3738     omap_mpuio_reset(mpu->mpuio);
3739     omap_uwire_reset(mpu->microwire);
3740     omap_pwl_reset(mpu->pwl);
3741     omap_pwt_reset(mpu->pwt);
3742     omap_rtc_reset(mpu->rtc);
3743     omap_mcbsp_reset(mpu->mcbsp1);
3744     omap_mcbsp_reset(mpu->mcbsp2);
3745     omap_mcbsp_reset(mpu->mcbsp3);
3746     omap_lpg_reset(mpu->led[0]);
3747     omap_lpg_reset(mpu->led[1]);
3748     omap_clkm_reset(mpu);
3749     cpu_reset(CPU(mpu->cpu));
3750 }
3751 
3752 static const struct omap_map_s {
3753     hwaddr phys_dsp;
3754     hwaddr phys_mpu;
3755     uint32_t size;
3756     const char *name;
3757 } omap15xx_dsp_mm[] = {
3758     /* Strobe 0 */
3759     { 0xe1010000, 0xfffb0000, 0x800, "UART1 BT" },		/* CS0 */
3760     { 0xe1010800, 0xfffb0800, 0x800, "UART2 COM" },		/* CS1 */
3761     { 0xe1011800, 0xfffb1800, 0x800, "McBSP1 audio" },		/* CS3 */
3762     { 0xe1012000, 0xfffb2000, 0x800, "MCSI2 communication" },	/* CS4 */
3763     { 0xe1012800, 0xfffb2800, 0x800, "MCSI1 BT u-Law" },	/* CS5 */
3764     { 0xe1013000, 0xfffb3000, 0x800, "uWire" },			/* CS6 */
3765     { 0xe1013800, 0xfffb3800, 0x800, "I^2C" },			/* CS7 */
3766     { 0xe1014000, 0xfffb4000, 0x800, "USB W2FC" },		/* CS8 */
3767     { 0xe1014800, 0xfffb4800, 0x800, "RTC" },			/* CS9 */
3768     { 0xe1015000, 0xfffb5000, 0x800, "MPUIO" },			/* CS10 */
3769     { 0xe1015800, 0xfffb5800, 0x800, "PWL" },			/* CS11 */
3770     { 0xe1016000, 0xfffb6000, 0x800, "PWT" },			/* CS12 */
3771     { 0xe1017000, 0xfffb7000, 0x800, "McBSP3" },		/* CS14 */
3772     { 0xe1017800, 0xfffb7800, 0x800, "MMC" },			/* CS15 */
3773     { 0xe1019000, 0xfffb9000, 0x800, "32-kHz timer" },		/* CS18 */
3774     { 0xe1019800, 0xfffb9800, 0x800, "UART3" },			/* CS19 */
3775     { 0xe101c800, 0xfffbc800, 0x800, "TIPB switches" },		/* CS25 */
3776     /* Strobe 1 */
3777     { 0xe101e000, 0xfffce000, 0x800, "GPIOs" },			/* CS28 */
3778 
3779     { 0 }
3780 };
3781 
3782 static void omap_setup_dsp_mapping(MemoryRegion *system_memory,
3783                                    const struct omap_map_s *map)
3784 {
3785     MemoryRegion *io;
3786 
3787     for (; map->phys_dsp; map ++) {
3788         io = g_new(MemoryRegion, 1);
3789         memory_region_init_alias(io, NULL, map->name,
3790                                  system_memory, map->phys_mpu, map->size);
3791         memory_region_add_subregion(system_memory, map->phys_dsp, io);
3792     }
3793 }
3794 
3795 void omap_mpu_wakeup(void *opaque, int irq, int req)
3796 {
3797     struct omap_mpu_state_s *mpu = (struct omap_mpu_state_s *) opaque;
3798     CPUState *cpu = CPU(mpu->cpu);
3799 
3800     if (cpu->halted) {
3801         cpu_interrupt(cpu, CPU_INTERRUPT_EXITTB);
3802     }
3803 }
3804 
3805 static const struct dma_irq_map omap1_dma_irq_map[] = {
3806     { 0, OMAP_INT_DMA_CH0_6 },
3807     { 0, OMAP_INT_DMA_CH1_7 },
3808     { 0, OMAP_INT_DMA_CH2_8 },
3809     { 0, OMAP_INT_DMA_CH3 },
3810     { 0, OMAP_INT_DMA_CH4 },
3811     { 0, OMAP_INT_DMA_CH5 },
3812     { 1, OMAP_INT_1610_DMA_CH6 },
3813     { 1, OMAP_INT_1610_DMA_CH7 },
3814     { 1, OMAP_INT_1610_DMA_CH8 },
3815     { 1, OMAP_INT_1610_DMA_CH9 },
3816     { 1, OMAP_INT_1610_DMA_CH10 },
3817     { 1, OMAP_INT_1610_DMA_CH11 },
3818     { 1, OMAP_INT_1610_DMA_CH12 },
3819     { 1, OMAP_INT_1610_DMA_CH13 },
3820     { 1, OMAP_INT_1610_DMA_CH14 },
3821     { 1, OMAP_INT_1610_DMA_CH15 }
3822 };
3823 
3824 /* DMA ports for OMAP1 */
3825 static int omap_validate_emiff_addr(struct omap_mpu_state_s *s,
3826                 hwaddr addr)
3827 {
3828     return range_covers_byte(OMAP_EMIFF_BASE, s->sdram_size, addr);
3829 }
3830 
3831 static int omap_validate_emifs_addr(struct omap_mpu_state_s *s,
3832                 hwaddr addr)
3833 {
3834     return range_covers_byte(OMAP_EMIFS_BASE, OMAP_EMIFF_BASE - OMAP_EMIFS_BASE,
3835                              addr);
3836 }
3837 
3838 static int omap_validate_imif_addr(struct omap_mpu_state_s *s,
3839                 hwaddr addr)
3840 {
3841     return range_covers_byte(OMAP_IMIF_BASE, s->sram_size, addr);
3842 }
3843 
3844 static int omap_validate_tipb_addr(struct omap_mpu_state_s *s,
3845                 hwaddr addr)
3846 {
3847     return range_covers_byte(0xfffb0000, 0xffff0000 - 0xfffb0000, addr);
3848 }
3849 
3850 static int omap_validate_local_addr(struct omap_mpu_state_s *s,
3851                 hwaddr addr)
3852 {
3853     return range_covers_byte(OMAP_LOCALBUS_BASE, 0x1000000, addr);
3854 }
3855 
3856 static int omap_validate_tipb_mpui_addr(struct omap_mpu_state_s *s,
3857                 hwaddr addr)
3858 {
3859     return range_covers_byte(0xe1010000, 0xe1020004 - 0xe1010000, addr);
3860 }
3861 
3862 struct omap_mpu_state_s *omap310_mpu_init(MemoryRegion *dram,
3863                 const char *cpu_type)
3864 {
3865     int i;
3866     struct omap_mpu_state_s *s = g_new0(struct omap_mpu_state_s, 1);
3867     qemu_irq dma_irqs[6];
3868     DriveInfo *dinfo;
3869     SysBusDevice *busdev;
3870     MemoryRegion *system_memory = get_system_memory();
3871 
3872     /* Core */
3873     s->mpu_model = omap310;
3874     s->cpu = ARM_CPU(cpu_create(cpu_type));
3875     s->sdram_size = memory_region_size(dram);
3876     s->sram_size = OMAP15XX_SRAM_SIZE;
3877 
3878     s->wakeup = qemu_allocate_irq(omap_mpu_wakeup, s, 0);
3879 
3880     /* Clocks */
3881     omap_clk_init(s);
3882 
3883     /* Memory-mapped stuff */
3884     memory_region_init_ram(&s->imif_ram, NULL, "omap1.sram", s->sram_size,
3885                            &error_fatal);
3886     memory_region_add_subregion(system_memory, OMAP_IMIF_BASE, &s->imif_ram);
3887 
3888     omap_clkm_init(system_memory, 0xfffece00, 0xe1008000, s);
3889 
3890     s->ih[0] = qdev_new("omap-intc");
3891     qdev_prop_set_uint32(s->ih[0], "size", 0x100);
3892     omap_intc_set_iclk(OMAP_INTC(s->ih[0]), omap_findclk(s, "arminth_ck"));
3893     busdev = SYS_BUS_DEVICE(s->ih[0]);
3894     sysbus_realize_and_unref(busdev, &error_fatal);
3895     sysbus_connect_irq(busdev, 0,
3896                        qdev_get_gpio_in(DEVICE(s->cpu), ARM_CPU_IRQ));
3897     sysbus_connect_irq(busdev, 1,
3898                        qdev_get_gpio_in(DEVICE(s->cpu), ARM_CPU_FIQ));
3899     sysbus_mmio_map(busdev, 0, 0xfffecb00);
3900     s->ih[1] = qdev_new("omap-intc");
3901     qdev_prop_set_uint32(s->ih[1], "size", 0x800);
3902     omap_intc_set_iclk(OMAP_INTC(s->ih[1]), omap_findclk(s, "arminth_ck"));
3903     busdev = SYS_BUS_DEVICE(s->ih[1]);
3904     sysbus_realize_and_unref(busdev, &error_fatal);
3905     sysbus_connect_irq(busdev, 0,
3906                        qdev_get_gpio_in(s->ih[0], OMAP_INT_15XX_IH2_IRQ));
3907     /* The second interrupt controller's FIQ output is not wired up */
3908     sysbus_mmio_map(busdev, 0, 0xfffe0000);
3909 
3910     for (i = 0; i < 6; i++) {
3911         dma_irqs[i] = qdev_get_gpio_in(s->ih[omap1_dma_irq_map[i].ih],
3912                                        omap1_dma_irq_map[i].intr);
3913     }
3914     s->dma = omap_dma_init(0xfffed800, dma_irqs, system_memory,
3915                            qdev_get_gpio_in(s->ih[0], OMAP_INT_DMA_LCD),
3916                            s, omap_findclk(s, "dma_ck"), omap_dma_3_1);
3917 
3918     s->port[emiff    ].addr_valid = omap_validate_emiff_addr;
3919     s->port[emifs    ].addr_valid = omap_validate_emifs_addr;
3920     s->port[imif     ].addr_valid = omap_validate_imif_addr;
3921     s->port[tipb     ].addr_valid = omap_validate_tipb_addr;
3922     s->port[local    ].addr_valid = omap_validate_local_addr;
3923     s->port[tipb_mpui].addr_valid = omap_validate_tipb_mpui_addr;
3924 
3925     /* Register SDRAM and SRAM DMA ports for fast transfers.  */
3926     soc_dma_port_add_mem(s->dma, memory_region_get_ram_ptr(dram),
3927                          OMAP_EMIFF_BASE, s->sdram_size);
3928     soc_dma_port_add_mem(s->dma, memory_region_get_ram_ptr(&s->imif_ram),
3929                          OMAP_IMIF_BASE, s->sram_size);
3930 
3931     s->timer[0] = omap_mpu_timer_init(system_memory, 0xfffec500,
3932                     qdev_get_gpio_in(s->ih[0], OMAP_INT_TIMER1),
3933                     omap_findclk(s, "mputim_ck"));
3934     s->timer[1] = omap_mpu_timer_init(system_memory, 0xfffec600,
3935                     qdev_get_gpio_in(s->ih[0], OMAP_INT_TIMER2),
3936                     omap_findclk(s, "mputim_ck"));
3937     s->timer[2] = omap_mpu_timer_init(system_memory, 0xfffec700,
3938                     qdev_get_gpio_in(s->ih[0], OMAP_INT_TIMER3),
3939                     omap_findclk(s, "mputim_ck"));
3940 
3941     s->wdt = omap_wd_timer_init(system_memory, 0xfffec800,
3942                     qdev_get_gpio_in(s->ih[0], OMAP_INT_WD_TIMER),
3943                     omap_findclk(s, "armwdt_ck"));
3944 
3945     s->os_timer = omap_os_timer_init(system_memory, 0xfffb9000,
3946                     qdev_get_gpio_in(s->ih[1], OMAP_INT_OS_TIMER),
3947                     omap_findclk(s, "clk32-kHz"));
3948 
3949     s->lcd = omap_lcdc_init(system_memory, 0xfffec000,
3950                             qdev_get_gpio_in(s->ih[0], OMAP_INT_LCD_CTRL),
3951                             omap_dma_get_lcdch(s->dma),
3952                             omap_findclk(s, "lcd_ck"));
3953 
3954     omap_ulpd_pm_init(system_memory, 0xfffe0800, s);
3955     omap_pin_cfg_init(system_memory, 0xfffe1000, s);
3956     omap_id_init(system_memory, s);
3957 
3958     omap_mpui_init(system_memory, 0xfffec900, s);
3959 
3960     s->private_tipb = omap_tipb_bridge_init(system_memory, 0xfffeca00,
3961                     qdev_get_gpio_in(s->ih[0], OMAP_INT_BRIDGE_PRIV),
3962                     omap_findclk(s, "tipb_ck"));
3963     s->public_tipb = omap_tipb_bridge_init(system_memory, 0xfffed300,
3964                     qdev_get_gpio_in(s->ih[0], OMAP_INT_BRIDGE_PUB),
3965                     omap_findclk(s, "tipb_ck"));
3966 
3967     omap_tcmi_init(system_memory, 0xfffecc00, s);
3968 
3969     s->uart[0] = omap_uart_init(0xfffb0000,
3970                                 qdev_get_gpio_in(s->ih[1], OMAP_INT_UART1),
3971                     omap_findclk(s, "uart1_ck"),
3972                     omap_findclk(s, "uart1_ck"),
3973                     s->drq[OMAP_DMA_UART1_TX], s->drq[OMAP_DMA_UART1_RX],
3974                     "uart1",
3975                     serial_hd(0));
3976     s->uart[1] = omap_uart_init(0xfffb0800,
3977                                 qdev_get_gpio_in(s->ih[1], OMAP_INT_UART2),
3978                     omap_findclk(s, "uart2_ck"),
3979                     omap_findclk(s, "uart2_ck"),
3980                     s->drq[OMAP_DMA_UART2_TX], s->drq[OMAP_DMA_UART2_RX],
3981                     "uart2",
3982                     serial_hd(0) ? serial_hd(1) : NULL);
3983     s->uart[2] = omap_uart_init(0xfffb9800,
3984                                 qdev_get_gpio_in(s->ih[0], OMAP_INT_UART3),
3985                     omap_findclk(s, "uart3_ck"),
3986                     omap_findclk(s, "uart3_ck"),
3987                     s->drq[OMAP_DMA_UART3_TX], s->drq[OMAP_DMA_UART3_RX],
3988                     "uart3",
3989                     serial_hd(0) && serial_hd(1) ? serial_hd(2) : NULL);
3990 
3991     s->dpll[0] = omap_dpll_init(system_memory, 0xfffecf00,
3992                                 omap_findclk(s, "dpll1"));
3993     s->dpll[1] = omap_dpll_init(system_memory, 0xfffed000,
3994                                 omap_findclk(s, "dpll2"));
3995     s->dpll[2] = omap_dpll_init(system_memory, 0xfffed100,
3996                                 omap_findclk(s, "dpll3"));
3997 
3998     dinfo = drive_get(IF_SD, 0, 0);
3999     if (!dinfo && !qtest_enabled()) {
4000         warn_report("missing SecureDigital device");
4001     }
4002     s->mmc = omap_mmc_init(0xfffb7800, system_memory,
4003                            dinfo ? blk_by_legacy_dinfo(dinfo) : NULL,
4004                            qdev_get_gpio_in(s->ih[1], OMAP_INT_OQN),
4005                            &s->drq[OMAP_DMA_MMC_TX],
4006                     omap_findclk(s, "mmc_ck"));
4007 
4008     s->mpuio = omap_mpuio_init(system_memory, 0xfffb5000,
4009                                qdev_get_gpio_in(s->ih[1], OMAP_INT_KEYBOARD),
4010                                qdev_get_gpio_in(s->ih[1], OMAP_INT_MPUIO),
4011                                s->wakeup, omap_findclk(s, "clk32-kHz"));
4012 
4013     s->gpio = qdev_new("omap-gpio");
4014     qdev_prop_set_int32(s->gpio, "mpu_model", s->mpu_model);
4015     omap_gpio_set_clk(OMAP1_GPIO(s->gpio), omap_findclk(s, "arm_gpio_ck"));
4016     sysbus_realize_and_unref(SYS_BUS_DEVICE(s->gpio), &error_fatal);
4017     sysbus_connect_irq(SYS_BUS_DEVICE(s->gpio), 0,
4018                        qdev_get_gpio_in(s->ih[0], OMAP_INT_GPIO_BANK1));
4019     sysbus_mmio_map(SYS_BUS_DEVICE(s->gpio), 0, 0xfffce000);
4020 
4021     s->microwire = omap_uwire_init(system_memory, 0xfffb3000,
4022                                    qdev_get_gpio_in(s->ih[1], OMAP_INT_uWireTX),
4023                                    qdev_get_gpio_in(s->ih[1], OMAP_INT_uWireRX),
4024                     s->drq[OMAP_DMA_UWIRE_TX], omap_findclk(s, "mpuper_ck"));
4025 
4026     s->pwl = omap_pwl_init(system_memory, 0xfffb5800,
4027                            omap_findclk(s, "armxor_ck"));
4028     s->pwt = omap_pwt_init(system_memory, 0xfffb6000,
4029                            omap_findclk(s, "armxor_ck"));
4030 
4031     s->i2c[0] = qdev_new("omap_i2c");
4032     qdev_prop_set_uint8(s->i2c[0], "revision", 0x11);
4033     omap_i2c_set_fclk(OMAP_I2C(s->i2c[0]), omap_findclk(s, "mpuper_ck"));
4034     busdev = SYS_BUS_DEVICE(s->i2c[0]);
4035     sysbus_realize_and_unref(busdev, &error_fatal);
4036     sysbus_connect_irq(busdev, 0, qdev_get_gpio_in(s->ih[1], OMAP_INT_I2C));
4037     sysbus_connect_irq(busdev, 1, s->drq[OMAP_DMA_I2C_TX]);
4038     sysbus_connect_irq(busdev, 2, s->drq[OMAP_DMA_I2C_RX]);
4039     sysbus_mmio_map(busdev, 0, 0xfffb3800);
4040 
4041     s->rtc = omap_rtc_init(system_memory, 0xfffb4800,
4042                            qdev_get_gpio_in(s->ih[1], OMAP_INT_RTC_TIMER),
4043                            qdev_get_gpio_in(s->ih[1], OMAP_INT_RTC_ALARM),
4044                     omap_findclk(s, "clk32-kHz"));
4045 
4046     s->mcbsp1 = omap_mcbsp_init(system_memory, 0xfffb1800,
4047                                 qdev_get_gpio_in(s->ih[1], OMAP_INT_McBSP1TX),
4048                                 qdev_get_gpio_in(s->ih[1], OMAP_INT_McBSP1RX),
4049                     &s->drq[OMAP_DMA_MCBSP1_TX], omap_findclk(s, "dspxor_ck"));
4050     s->mcbsp2 = omap_mcbsp_init(system_memory, 0xfffb1000,
4051                                 qdev_get_gpio_in(s->ih[0],
4052                                                  OMAP_INT_310_McBSP2_TX),
4053                                 qdev_get_gpio_in(s->ih[0],
4054                                                  OMAP_INT_310_McBSP2_RX),
4055                     &s->drq[OMAP_DMA_MCBSP2_TX], omap_findclk(s, "mpuper_ck"));
4056     s->mcbsp3 = omap_mcbsp_init(system_memory, 0xfffb7000,
4057                                 qdev_get_gpio_in(s->ih[1], OMAP_INT_McBSP3TX),
4058                                 qdev_get_gpio_in(s->ih[1], OMAP_INT_McBSP3RX),
4059                     &s->drq[OMAP_DMA_MCBSP3_TX], omap_findclk(s, "dspxor_ck"));
4060 
4061     s->led[0] = omap_lpg_init(system_memory,
4062                               0xfffbd000, omap_findclk(s, "clk32-kHz"));
4063     s->led[1] = omap_lpg_init(system_memory,
4064                               0xfffbd800, omap_findclk(s, "clk32-kHz"));
4065 
4066     /* Register mappings not currenlty implemented:
4067      * MCSI2 Comm	fffb2000 - fffb27ff (not mapped on OMAP310)
4068      * MCSI1 Bluetooth	fffb2800 - fffb2fff (not mapped on OMAP310)
4069      * USB W2FC		fffb4000 - fffb47ff
4070      * Camera Interface	fffb6800 - fffb6fff
4071      * USB Host		fffba000 - fffba7ff
4072      * FAC		fffba800 - fffbafff
4073      * HDQ/1-Wire	fffbc000 - fffbc7ff
4074      * TIPB switches	fffbc800 - fffbcfff
4075      * Mailbox		fffcf000 - fffcf7ff
4076      * Local bus IF	fffec100 - fffec1ff
4077      * Local bus MMU	fffec200 - fffec2ff
4078      * DSP MMU		fffed200 - fffed2ff
4079      */
4080 
4081     omap_setup_dsp_mapping(system_memory, omap15xx_dsp_mm);
4082     omap_setup_mpui_io(system_memory, s);
4083 
4084     qemu_register_reset(omap1_mpu_reset, s);
4085 
4086     return s;
4087 }
4088