xref: /openbmc/qemu/hw/arm/strongarm.c (revision 2b74dd918007d91f5fee94ad0034b5e7a30ed777)
1 /*
2  * StrongARM SA-1100/SA-1110 emulation
3  *
4  * Copyright (C) 2011 Dmitry Eremin-Solenikov
5  *
6  * Largely based on StrongARM emulation:
7  * Copyright (c) 2006 Openedhand Ltd.
8  * Written by Andrzej Zaborowski <balrog@zabor.org>
9  *
10  * UART code based on QEMU 16550A UART emulation
11  * Copyright (c) 2003-2004 Fabrice Bellard
12  * Copyright (c) 2008 Citrix Systems, Inc.
13  *
14  *  This program is free software; you can redistribute it and/or modify
15  *  it under the terms of the GNU General Public License version 2 as
16  *  published by the Free Software Foundation.
17  *
18  *  This program is distributed in the hope that it will be useful,
19  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
20  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
21  *  GNU General Public License for more details.
22  *
23  *  You should have received a copy of the GNU General Public License along
24  *  with this program; if not, see <http://www.gnu.org/licenses/>.
25  *
26  *  Contributions after 2012-01-13 are licensed under the terms of the
27  *  GNU GPL, version 2 or (at your option) any later version.
28  */
29 
30 #include "qemu/osdep.h"
31 #include "hw/irq.h"
32 #include "hw/qdev-properties.h"
33 #include "hw/qdev-properties-system.h"
34 #include "hw/sysbus.h"
35 #include "migration/vmstate.h"
36 #include "strongarm.h"
37 #include "qemu/error-report.h"
38 #include "hw/arm/boot.h"
39 #include "chardev/char-fe.h"
40 #include "chardev/char-serial.h"
41 #include "sysemu/sysemu.h"
42 #include "sysemu/rtc.h"
43 #include "hw/ssi/ssi.h"
44 #include "qapi/error.h"
45 #include "qemu/cutils.h"
46 #include "qemu/log.h"
47 #include "qom/object.h"
48 #include "target/arm/cpu-qom.h"
49 #include "trace.h"
50 
51 /*
52  TODO
53  - Implement cp15, c14 ?
54  - Implement cp15, c15 !!! (idle used in L)
55  - Implement idle mode handling/DIM
56  - Implement sleep mode/Wake sources
57  - Implement reset control
58  - Implement memory control regs
59  - PCMCIA handling
60  - Maybe support MBGNT/MBREQ
61  - DMA channels
62  - GPCLK
63  - IrDA
64  - MCP
65  - Enhance UART with modem signals
66  */
67 
68 static struct {
69     hwaddr io_base;
70     int irq;
71 } sa_serial[] = {
72     { 0x80010000, SA_PIC_UART1 },
73     { 0x80030000, SA_PIC_UART2 },
74     { 0x80050000, SA_PIC_UART3 },
75     { 0, 0 }
76 };
77 
78 /* Interrupt Controller */
79 
80 #define TYPE_STRONGARM_PIC "strongarm_pic"
81 OBJECT_DECLARE_SIMPLE_TYPE(StrongARMPICState, STRONGARM_PIC)
82 
83 struct StrongARMPICState {
84     SysBusDevice parent_obj;
85 
86     MemoryRegion iomem;
87     qemu_irq    irq;
88     qemu_irq    fiq;
89 
90     uint32_t pending;
91     uint32_t enabled;
92     uint32_t is_fiq;
93     uint32_t int_idle;
94 };
95 
96 #define ICIP    0x00
97 #define ICMR    0x04
98 #define ICLR    0x08
99 #define ICFP    0x10
100 #define ICPR    0x20
101 #define ICCR    0x0c
102 
103 #define SA_PIC_SRCS     32
104 
105 
106 static void strongarm_pic_update(void *opaque)
107 {
108     StrongARMPICState *s = opaque;
109 
110     /* FIXME: reflect DIM */
111     qemu_set_irq(s->fiq, s->pending & s->enabled &  s->is_fiq);
112     qemu_set_irq(s->irq, s->pending & s->enabled & ~s->is_fiq);
113 }
114 
115 static void strongarm_pic_set_irq(void *opaque, int irq, int level)
116 {
117     StrongARMPICState *s = opaque;
118 
119     if (level) {
120         s->pending |= 1 << irq;
121     } else {
122         s->pending &= ~(1 << irq);
123     }
124 
125     strongarm_pic_update(s);
126 }
127 
128 static uint64_t strongarm_pic_mem_read(void *opaque, hwaddr offset,
129                                        unsigned size)
130 {
131     StrongARMPICState *s = opaque;
132 
133     switch (offset) {
134     case ICIP:
135         return s->pending & ~s->is_fiq & s->enabled;
136     case ICMR:
137         return s->enabled;
138     case ICLR:
139         return s->is_fiq;
140     case ICCR:
141         return s->int_idle == 0;
142     case ICFP:
143         return s->pending & s->is_fiq & s->enabled;
144     case ICPR:
145         return s->pending;
146     default:
147         qemu_log_mask(LOG_GUEST_ERROR,
148                       "%s: Bad register offset 0x"HWADDR_FMT_plx"\n",
149                       __func__, offset);
150         return 0;
151     }
152 }
153 
154 static void strongarm_pic_mem_write(void *opaque, hwaddr offset,
155                                     uint64_t value, unsigned size)
156 {
157     StrongARMPICState *s = opaque;
158 
159     switch (offset) {
160     case ICMR:
161         s->enabled = value;
162         break;
163     case ICLR:
164         s->is_fiq = value;
165         break;
166     case ICCR:
167         s->int_idle = (value & 1) ? 0 : ~0;
168         break;
169     default:
170         qemu_log_mask(LOG_GUEST_ERROR,
171                      "%s: Bad register offset 0x"HWADDR_FMT_plx"\n",
172                      __func__, offset);
173         break;
174     }
175     strongarm_pic_update(s);
176 }
177 
178 static const MemoryRegionOps strongarm_pic_ops = {
179     .read = strongarm_pic_mem_read,
180     .write = strongarm_pic_mem_write,
181     .endianness = DEVICE_NATIVE_ENDIAN,
182 };
183 
184 static void strongarm_pic_initfn(Object *obj)
185 {
186     DeviceState *dev = DEVICE(obj);
187     StrongARMPICState *s = STRONGARM_PIC(obj);
188     SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
189 
190     qdev_init_gpio_in(dev, strongarm_pic_set_irq, SA_PIC_SRCS);
191     memory_region_init_io(&s->iomem, obj, &strongarm_pic_ops, s,
192                           "pic", 0x1000);
193     sysbus_init_mmio(sbd, &s->iomem);
194     sysbus_init_irq(sbd, &s->irq);
195     sysbus_init_irq(sbd, &s->fiq);
196 }
197 
198 static int strongarm_pic_post_load(void *opaque, int version_id)
199 {
200     strongarm_pic_update(opaque);
201     return 0;
202 }
203 
204 static const VMStateDescription vmstate_strongarm_pic_regs = {
205     .name = "strongarm_pic",
206     .version_id = 0,
207     .minimum_version_id = 0,
208     .post_load = strongarm_pic_post_load,
209     .fields = (const VMStateField[]) {
210         VMSTATE_UINT32(pending, StrongARMPICState),
211         VMSTATE_UINT32(enabled, StrongARMPICState),
212         VMSTATE_UINT32(is_fiq, StrongARMPICState),
213         VMSTATE_UINT32(int_idle, StrongARMPICState),
214         VMSTATE_END_OF_LIST(),
215     },
216 };
217 
218 static void strongarm_pic_class_init(ObjectClass *klass, void *data)
219 {
220     DeviceClass *dc = DEVICE_CLASS(klass);
221 
222     dc->desc = "StrongARM PIC";
223     dc->vmsd = &vmstate_strongarm_pic_regs;
224 }
225 
226 static const TypeInfo strongarm_pic_info = {
227     .name          = TYPE_STRONGARM_PIC,
228     .parent        = TYPE_SYS_BUS_DEVICE,
229     .instance_size = sizeof(StrongARMPICState),
230     .instance_init = strongarm_pic_initfn,
231     .class_init    = strongarm_pic_class_init,
232 };
233 
234 /* Real-Time Clock */
235 #define RTAR 0x00 /* RTC Alarm register */
236 #define RCNR 0x04 /* RTC Counter register */
237 #define RTTR 0x08 /* RTC Timer Trim register */
238 #define RTSR 0x10 /* RTC Status register */
239 
240 #define RTSR_AL (1 << 0) /* RTC Alarm detected */
241 #define RTSR_HZ (1 << 1) /* RTC 1Hz detected */
242 #define RTSR_ALE (1 << 2) /* RTC Alarm enable */
243 #define RTSR_HZE (1 << 3) /* RTC 1Hz enable */
244 
245 /* 16 LSB of RTTR are clockdiv for internal trim logic,
246  * trim delete isn't emulated, so
247  * f = 32 768 / (RTTR_trim + 1) */
248 
249 #define TYPE_STRONGARM_RTC "strongarm-rtc"
250 OBJECT_DECLARE_SIMPLE_TYPE(StrongARMRTCState, STRONGARM_RTC)
251 
252 struct StrongARMRTCState {
253     SysBusDevice parent_obj;
254 
255     MemoryRegion iomem;
256     uint32_t rttr;
257     uint32_t rtsr;
258     uint32_t rtar;
259     uint32_t last_rcnr;
260     int64_t last_hz;
261     QEMUTimer *rtc_alarm;
262     QEMUTimer *rtc_hz;
263     qemu_irq rtc_irq;
264     qemu_irq rtc_hz_irq;
265 };
266 
267 static inline void strongarm_rtc_int_update(StrongARMRTCState *s)
268 {
269     qemu_set_irq(s->rtc_irq, s->rtsr & RTSR_AL);
270     qemu_set_irq(s->rtc_hz_irq, s->rtsr & RTSR_HZ);
271 }
272 
273 static void strongarm_rtc_hzupdate(StrongARMRTCState *s)
274 {
275     int64_t rt = qemu_clock_get_ms(rtc_clock);
276     s->last_rcnr += ((rt - s->last_hz) << 15) /
277             (1000 * ((s->rttr & 0xffff) + 1));
278     s->last_hz = rt;
279 }
280 
281 static inline void strongarm_rtc_timer_update(StrongARMRTCState *s)
282 {
283     if ((s->rtsr & RTSR_HZE) && !(s->rtsr & RTSR_HZ)) {
284         timer_mod(s->rtc_hz, s->last_hz + 1000);
285     } else {
286         timer_del(s->rtc_hz);
287     }
288 
289     if ((s->rtsr & RTSR_ALE) && !(s->rtsr & RTSR_AL)) {
290         timer_mod(s->rtc_alarm, s->last_hz +
291                 (((s->rtar - s->last_rcnr) * 1000 *
292                   ((s->rttr & 0xffff) + 1)) >> 15));
293     } else {
294         timer_del(s->rtc_alarm);
295     }
296 }
297 
298 static inline void strongarm_rtc_alarm_tick(void *opaque)
299 {
300     StrongARMRTCState *s = opaque;
301     s->rtsr |= RTSR_AL;
302     strongarm_rtc_timer_update(s);
303     strongarm_rtc_int_update(s);
304 }
305 
306 static inline void strongarm_rtc_hz_tick(void *opaque)
307 {
308     StrongARMRTCState *s = opaque;
309     s->rtsr |= RTSR_HZ;
310     strongarm_rtc_timer_update(s);
311     strongarm_rtc_int_update(s);
312 }
313 
314 static uint64_t strongarm_rtc_read(void *opaque, hwaddr addr,
315                                    unsigned size)
316 {
317     StrongARMRTCState *s = opaque;
318 
319     switch (addr) {
320     case RTTR:
321         return s->rttr;
322     case RTSR:
323         return s->rtsr;
324     case RTAR:
325         return s->rtar;
326     case RCNR:
327         return s->last_rcnr +
328                 ((qemu_clock_get_ms(rtc_clock) - s->last_hz) << 15) /
329                 (1000 * ((s->rttr & 0xffff) + 1));
330     default:
331         qemu_log_mask(LOG_GUEST_ERROR,
332                       "%s: Bad rtc register read 0x"HWADDR_FMT_plx"\n",
333                       __func__, addr);
334         return 0;
335     }
336 }
337 
338 static void strongarm_rtc_write(void *opaque, hwaddr addr,
339                                 uint64_t value, unsigned size)
340 {
341     StrongARMRTCState *s = opaque;
342     uint32_t old_rtsr;
343 
344     switch (addr) {
345     case RTTR:
346         strongarm_rtc_hzupdate(s);
347         s->rttr = value;
348         strongarm_rtc_timer_update(s);
349         break;
350 
351     case RTSR:
352         old_rtsr = s->rtsr;
353         s->rtsr = (value & (RTSR_ALE | RTSR_HZE)) |
354                   (s->rtsr & ~(value & (RTSR_AL | RTSR_HZ)));
355 
356         if (s->rtsr != old_rtsr) {
357             strongarm_rtc_timer_update(s);
358         }
359 
360         strongarm_rtc_int_update(s);
361         break;
362 
363     case RTAR:
364         s->rtar = value;
365         strongarm_rtc_timer_update(s);
366         break;
367 
368     case RCNR:
369         strongarm_rtc_hzupdate(s);
370         s->last_rcnr = value;
371         strongarm_rtc_timer_update(s);
372         break;
373 
374     default:
375         qemu_log_mask(LOG_GUEST_ERROR,
376                       "%s: Bad rtc register write 0x"HWADDR_FMT_plx"\n",
377                       __func__, addr);
378     }
379 }
380 
381 static const MemoryRegionOps strongarm_rtc_ops = {
382     .read = strongarm_rtc_read,
383     .write = strongarm_rtc_write,
384     .endianness = DEVICE_NATIVE_ENDIAN,
385 };
386 
387 static void strongarm_rtc_init(Object *obj)
388 {
389     StrongARMRTCState *s = STRONGARM_RTC(obj);
390     SysBusDevice *dev = SYS_BUS_DEVICE(obj);
391     struct tm tm;
392 
393     s->rttr = 0x0;
394     s->rtsr = 0;
395 
396     qemu_get_timedate(&tm, 0);
397 
398     s->last_rcnr = (uint32_t) mktimegm(&tm);
399     s->last_hz = qemu_clock_get_ms(rtc_clock);
400 
401     sysbus_init_irq(dev, &s->rtc_irq);
402     sysbus_init_irq(dev, &s->rtc_hz_irq);
403 
404     memory_region_init_io(&s->iomem, obj, &strongarm_rtc_ops, s,
405                           "rtc", 0x10000);
406     sysbus_init_mmio(dev, &s->iomem);
407 }
408 
409 static void strongarm_rtc_realize(DeviceState *dev, Error **errp)
410 {
411     StrongARMRTCState *s = STRONGARM_RTC(dev);
412     s->rtc_alarm = timer_new_ms(rtc_clock, strongarm_rtc_alarm_tick, s);
413     s->rtc_hz = timer_new_ms(rtc_clock, strongarm_rtc_hz_tick, s);
414 }
415 
416 static int strongarm_rtc_pre_save(void *opaque)
417 {
418     StrongARMRTCState *s = opaque;
419 
420     strongarm_rtc_hzupdate(s);
421 
422     return 0;
423 }
424 
425 static int strongarm_rtc_post_load(void *opaque, int version_id)
426 {
427     StrongARMRTCState *s = opaque;
428 
429     strongarm_rtc_timer_update(s);
430     strongarm_rtc_int_update(s);
431 
432     return 0;
433 }
434 
435 static const VMStateDescription vmstate_strongarm_rtc_regs = {
436     .name = "strongarm-rtc",
437     .version_id = 0,
438     .minimum_version_id = 0,
439     .pre_save = strongarm_rtc_pre_save,
440     .post_load = strongarm_rtc_post_load,
441     .fields = (const VMStateField[]) {
442         VMSTATE_UINT32(rttr, StrongARMRTCState),
443         VMSTATE_UINT32(rtsr, StrongARMRTCState),
444         VMSTATE_UINT32(rtar, StrongARMRTCState),
445         VMSTATE_UINT32(last_rcnr, StrongARMRTCState),
446         VMSTATE_INT64(last_hz, StrongARMRTCState),
447         VMSTATE_END_OF_LIST(),
448     },
449 };
450 
451 static void strongarm_rtc_sysbus_class_init(ObjectClass *klass, void *data)
452 {
453     DeviceClass *dc = DEVICE_CLASS(klass);
454 
455     dc->desc = "StrongARM RTC Controller";
456     dc->vmsd = &vmstate_strongarm_rtc_regs;
457     dc->realize = strongarm_rtc_realize;
458 }
459 
460 static const TypeInfo strongarm_rtc_sysbus_info = {
461     .name          = TYPE_STRONGARM_RTC,
462     .parent        = TYPE_SYS_BUS_DEVICE,
463     .instance_size = sizeof(StrongARMRTCState),
464     .instance_init = strongarm_rtc_init,
465     .class_init    = strongarm_rtc_sysbus_class_init,
466 };
467 
468 /* GPIO */
469 #define GPLR 0x00
470 #define GPDR 0x04
471 #define GPSR 0x08
472 #define GPCR 0x0c
473 #define GRER 0x10
474 #define GFER 0x14
475 #define GEDR 0x18
476 #define GAFR 0x1c
477 
478 #define TYPE_STRONGARM_GPIO "strongarm-gpio"
479 OBJECT_DECLARE_SIMPLE_TYPE(StrongARMGPIOInfo, STRONGARM_GPIO)
480 
481 struct StrongARMGPIOInfo {
482     SysBusDevice busdev;
483     MemoryRegion iomem;
484     qemu_irq handler[28];
485     qemu_irq irqs[11];
486     qemu_irq irqX;
487 
488     uint32_t ilevel;
489     uint32_t olevel;
490     uint32_t dir;
491     uint32_t rising;
492     uint32_t falling;
493     uint32_t status;
494     uint32_t gafr;
495 
496     uint32_t prev_level;
497 };
498 
499 
500 static void strongarm_gpio_irq_update(StrongARMGPIOInfo *s)
501 {
502     int i;
503     for (i = 0; i < 11; i++) {
504         qemu_set_irq(s->irqs[i], s->status & (1 << i));
505     }
506 
507     qemu_set_irq(s->irqX, (s->status & ~0x7ff));
508 }
509 
510 static void strongarm_gpio_set(void *opaque, int line, int level)
511 {
512     StrongARMGPIOInfo *s = opaque;
513     uint32_t mask;
514 
515     mask = 1 << line;
516 
517     if (level) {
518         s->status |= s->rising & mask &
519                 ~s->ilevel & ~s->dir;
520         s->ilevel |= mask;
521     } else {
522         s->status |= s->falling & mask &
523                 s->ilevel & ~s->dir;
524         s->ilevel &= ~mask;
525     }
526 
527     if (s->status & mask) {
528         strongarm_gpio_irq_update(s);
529     }
530 }
531 
532 static void strongarm_gpio_handler_update(StrongARMGPIOInfo *s)
533 {
534     uint32_t level, diff;
535     int bit;
536 
537     level = s->olevel & s->dir;
538 
539     for (diff = s->prev_level ^ level; diff; diff ^= 1 << bit) {
540         bit = ctz32(diff);
541         qemu_set_irq(s->handler[bit], (level >> bit) & 1);
542     }
543 
544     s->prev_level = level;
545 }
546 
547 static uint64_t strongarm_gpio_read(void *opaque, hwaddr offset,
548                                     unsigned size)
549 {
550     StrongARMGPIOInfo *s = opaque;
551 
552     switch (offset) {
553     case GPDR:        /* GPIO Pin-Direction registers */
554         return s->dir;
555 
556     case GPSR:        /* GPIO Pin-Output Set registers */
557         qemu_log_mask(LOG_GUEST_ERROR,
558                       "%s: read from write only register GPSR\n", __func__);
559         return 0;
560 
561     case GPCR:        /* GPIO Pin-Output Clear registers */
562         qemu_log_mask(LOG_GUEST_ERROR,
563                       "%s: read from write only register GPCR\n", __func__);
564         return 0;
565 
566     case GRER:        /* GPIO Rising-Edge Detect Enable registers */
567         return s->rising;
568 
569     case GFER:        /* GPIO Falling-Edge Detect Enable registers */
570         return s->falling;
571 
572     case GAFR:        /* GPIO Alternate Function registers */
573         return s->gafr;
574 
575     case GPLR:        /* GPIO Pin-Level registers */
576         return (s->olevel & s->dir) |
577                (s->ilevel & ~s->dir);
578 
579     case GEDR:        /* GPIO Edge Detect Status registers */
580         return s->status;
581 
582     default:
583         qemu_log_mask(LOG_GUEST_ERROR,
584                       "%s: Bad gpio read offset 0x"HWADDR_FMT_plx"\n",
585                       __func__, offset);
586     }
587 
588     return 0;
589 }
590 
591 static void strongarm_gpio_write(void *opaque, hwaddr offset,
592                                  uint64_t value, unsigned size)
593 {
594     StrongARMGPIOInfo *s = opaque;
595 
596     switch (offset) {
597     case GPDR:        /* GPIO Pin-Direction registers */
598         s->dir = value & 0x0fffffff;
599         strongarm_gpio_handler_update(s);
600         break;
601 
602     case GPSR:        /* GPIO Pin-Output Set registers */
603         s->olevel |= value & 0x0fffffff;
604         strongarm_gpio_handler_update(s);
605         break;
606 
607     case GPCR:        /* GPIO Pin-Output Clear registers */
608         s->olevel &= ~value;
609         strongarm_gpio_handler_update(s);
610         break;
611 
612     case GRER:        /* GPIO Rising-Edge Detect Enable registers */
613         s->rising = value;
614         break;
615 
616     case GFER:        /* GPIO Falling-Edge Detect Enable registers */
617         s->falling = value;
618         break;
619 
620     case GAFR:        /* GPIO Alternate Function registers */
621         s->gafr = value;
622         break;
623 
624     case GEDR:        /* GPIO Edge Detect Status registers */
625         s->status &= ~value;
626         strongarm_gpio_irq_update(s);
627         break;
628 
629     default:
630         qemu_log_mask(LOG_GUEST_ERROR,
631                       "%s: Bad write offset 0x"HWADDR_FMT_plx"\n",
632                       __func__, offset);
633     }
634 }
635 
636 static const MemoryRegionOps strongarm_gpio_ops = {
637     .read = strongarm_gpio_read,
638     .write = strongarm_gpio_write,
639     .endianness = DEVICE_NATIVE_ENDIAN,
640 };
641 
642 static DeviceState *strongarm_gpio_init(hwaddr base,
643                 DeviceState *pic)
644 {
645     DeviceState *dev;
646     int i;
647 
648     dev = qdev_new(TYPE_STRONGARM_GPIO);
649     sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
650 
651     sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);
652     for (i = 0; i < 12; i++)
653         sysbus_connect_irq(SYS_BUS_DEVICE(dev), i,
654                     qdev_get_gpio_in(pic, SA_PIC_GPIO0_EDGE + i));
655 
656     return dev;
657 }
658 
659 static void strongarm_gpio_initfn(Object *obj)
660 {
661     DeviceState *dev = DEVICE(obj);
662     StrongARMGPIOInfo *s = STRONGARM_GPIO(obj);
663     SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
664     int i;
665 
666     qdev_init_gpio_in(dev, strongarm_gpio_set, 28);
667     qdev_init_gpio_out(dev, s->handler, 28);
668 
669     memory_region_init_io(&s->iomem, obj, &strongarm_gpio_ops, s,
670                           "gpio", 0x1000);
671 
672     sysbus_init_mmio(sbd, &s->iomem);
673     for (i = 0; i < 11; i++) {
674         sysbus_init_irq(sbd, &s->irqs[i]);
675     }
676     sysbus_init_irq(sbd, &s->irqX);
677 }
678 
679 static const VMStateDescription vmstate_strongarm_gpio_regs = {
680     .name = "strongarm-gpio",
681     .version_id = 0,
682     .minimum_version_id = 0,
683     .fields = (const VMStateField[]) {
684         VMSTATE_UINT32(ilevel, StrongARMGPIOInfo),
685         VMSTATE_UINT32(olevel, StrongARMGPIOInfo),
686         VMSTATE_UINT32(dir, StrongARMGPIOInfo),
687         VMSTATE_UINT32(rising, StrongARMGPIOInfo),
688         VMSTATE_UINT32(falling, StrongARMGPIOInfo),
689         VMSTATE_UINT32(status, StrongARMGPIOInfo),
690         VMSTATE_UINT32(gafr, StrongARMGPIOInfo),
691         VMSTATE_UINT32(prev_level, StrongARMGPIOInfo),
692         VMSTATE_END_OF_LIST(),
693     },
694 };
695 
696 static void strongarm_gpio_class_init(ObjectClass *klass, void *data)
697 {
698     DeviceClass *dc = DEVICE_CLASS(klass);
699 
700     dc->desc = "StrongARM GPIO controller";
701     dc->vmsd = &vmstate_strongarm_gpio_regs;
702 }
703 
704 static const TypeInfo strongarm_gpio_info = {
705     .name          = TYPE_STRONGARM_GPIO,
706     .parent        = TYPE_SYS_BUS_DEVICE,
707     .instance_size = sizeof(StrongARMGPIOInfo),
708     .instance_init = strongarm_gpio_initfn,
709     .class_init    = strongarm_gpio_class_init,
710 };
711 
712 /* Peripheral Pin Controller */
713 #define PPDR 0x00
714 #define PPSR 0x04
715 #define PPAR 0x08
716 #define PSDR 0x0c
717 #define PPFR 0x10
718 
719 #define TYPE_STRONGARM_PPC "strongarm-ppc"
720 OBJECT_DECLARE_SIMPLE_TYPE(StrongARMPPCInfo, STRONGARM_PPC)
721 
722 struct StrongARMPPCInfo {
723     SysBusDevice parent_obj;
724 
725     MemoryRegion iomem;
726     qemu_irq handler[28];
727 
728     uint32_t ilevel;
729     uint32_t olevel;
730     uint32_t dir;
731     uint32_t ppar;
732     uint32_t psdr;
733     uint32_t ppfr;
734 
735     uint32_t prev_level;
736 };
737 
738 static void strongarm_ppc_set(void *opaque, int line, int level)
739 {
740     StrongARMPPCInfo *s = opaque;
741 
742     if (level) {
743         s->ilevel |= 1 << line;
744     } else {
745         s->ilevel &= ~(1 << line);
746     }
747 }
748 
749 static void strongarm_ppc_handler_update(StrongARMPPCInfo *s)
750 {
751     uint32_t level, diff;
752     int bit;
753 
754     level = s->olevel & s->dir;
755 
756     for (diff = s->prev_level ^ level; diff; diff ^= 1 << bit) {
757         bit = ctz32(diff);
758         qemu_set_irq(s->handler[bit], (level >> bit) & 1);
759     }
760 
761     s->prev_level = level;
762 }
763 
764 static uint64_t strongarm_ppc_read(void *opaque, hwaddr offset,
765                                    unsigned size)
766 {
767     StrongARMPPCInfo *s = opaque;
768 
769     switch (offset) {
770     case PPDR:        /* PPC Pin Direction registers */
771         return s->dir | ~0x3fffff;
772 
773     case PPSR:        /* PPC Pin State registers */
774         return (s->olevel & s->dir) |
775                (s->ilevel & ~s->dir) |
776                ~0x3fffff;
777 
778     case PPAR:
779         return s->ppar | ~0x41000;
780 
781     case PSDR:
782         return s->psdr;
783 
784     case PPFR:
785         return s->ppfr | ~0x7f001;
786 
787     default:
788         qemu_log_mask(LOG_GUEST_ERROR,
789                       "%s: Bad ppc read offset 0x"HWADDR_FMT_plx "\n",
790                       __func__, offset);
791     }
792 
793     return 0;
794 }
795 
796 static void strongarm_ppc_write(void *opaque, hwaddr offset,
797                                 uint64_t value, unsigned size)
798 {
799     StrongARMPPCInfo *s = opaque;
800 
801     switch (offset) {
802     case PPDR:        /* PPC Pin Direction registers */
803         s->dir = value & 0x3fffff;
804         strongarm_ppc_handler_update(s);
805         break;
806 
807     case PPSR:        /* PPC Pin State registers */
808         s->olevel = value & s->dir & 0x3fffff;
809         strongarm_ppc_handler_update(s);
810         break;
811 
812     case PPAR:
813         s->ppar = value & 0x41000;
814         break;
815 
816     case PSDR:
817         s->psdr = value & 0x3fffff;
818         break;
819 
820     case PPFR:
821         s->ppfr = value & 0x7f001;
822         break;
823 
824     default:
825         qemu_log_mask(LOG_GUEST_ERROR,
826                       "%s: Bad ppc write offset 0x"HWADDR_FMT_plx"\n",
827                       __func__, offset);
828     }
829 }
830 
831 static const MemoryRegionOps strongarm_ppc_ops = {
832     .read = strongarm_ppc_read,
833     .write = strongarm_ppc_write,
834     .endianness = DEVICE_NATIVE_ENDIAN,
835 };
836 
837 static void strongarm_ppc_init(Object *obj)
838 {
839     DeviceState *dev = DEVICE(obj);
840     StrongARMPPCInfo *s = STRONGARM_PPC(obj);
841     SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
842 
843     qdev_init_gpio_in(dev, strongarm_ppc_set, 22);
844     qdev_init_gpio_out(dev, s->handler, 22);
845 
846     memory_region_init_io(&s->iomem, obj, &strongarm_ppc_ops, s,
847                           "ppc", 0x1000);
848 
849     sysbus_init_mmio(sbd, &s->iomem);
850 }
851 
852 static const VMStateDescription vmstate_strongarm_ppc_regs = {
853     .name = "strongarm-ppc",
854     .version_id = 0,
855     .minimum_version_id = 0,
856     .fields = (const VMStateField[]) {
857         VMSTATE_UINT32(ilevel, StrongARMPPCInfo),
858         VMSTATE_UINT32(olevel, StrongARMPPCInfo),
859         VMSTATE_UINT32(dir, StrongARMPPCInfo),
860         VMSTATE_UINT32(ppar, StrongARMPPCInfo),
861         VMSTATE_UINT32(psdr, StrongARMPPCInfo),
862         VMSTATE_UINT32(ppfr, StrongARMPPCInfo),
863         VMSTATE_UINT32(prev_level, StrongARMPPCInfo),
864         VMSTATE_END_OF_LIST(),
865     },
866 };
867 
868 static void strongarm_ppc_class_init(ObjectClass *klass, void *data)
869 {
870     DeviceClass *dc = DEVICE_CLASS(klass);
871 
872     dc->desc = "StrongARM PPC controller";
873     dc->vmsd = &vmstate_strongarm_ppc_regs;
874 }
875 
876 static const TypeInfo strongarm_ppc_info = {
877     .name          = TYPE_STRONGARM_PPC,
878     .parent        = TYPE_SYS_BUS_DEVICE,
879     .instance_size = sizeof(StrongARMPPCInfo),
880     .instance_init = strongarm_ppc_init,
881     .class_init    = strongarm_ppc_class_init,
882 };
883 
884 /* UART Ports */
885 #define UTCR0 0x00
886 #define UTCR1 0x04
887 #define UTCR2 0x08
888 #define UTCR3 0x0c
889 #define UTDR  0x14
890 #define UTSR0 0x1c
891 #define UTSR1 0x20
892 
893 #define UTCR0_PE  (1 << 0) /* Parity enable */
894 #define UTCR0_OES (1 << 1) /* Even parity */
895 #define UTCR0_SBS (1 << 2) /* 2 stop bits */
896 #define UTCR0_DSS (1 << 3) /* 8-bit data */
897 
898 #define UTCR3_RXE (1 << 0) /* Rx enable */
899 #define UTCR3_TXE (1 << 1) /* Tx enable */
900 #define UTCR3_BRK (1 << 2) /* Force Break */
901 #define UTCR3_RIE (1 << 3) /* Rx int enable */
902 #define UTCR3_TIE (1 << 4) /* Tx int enable */
903 #define UTCR3_LBM (1 << 5) /* Loopback */
904 
905 #define UTSR0_TFS (1 << 0) /* Tx FIFO nearly empty */
906 #define UTSR0_RFS (1 << 1) /* Rx FIFO nearly full */
907 #define UTSR0_RID (1 << 2) /* Receiver Idle */
908 #define UTSR0_RBB (1 << 3) /* Receiver begin break */
909 #define UTSR0_REB (1 << 4) /* Receiver end break */
910 #define UTSR0_EIF (1 << 5) /* Error in FIFO */
911 
912 #define UTSR1_RNE (1 << 1) /* Receive FIFO not empty */
913 #define UTSR1_TNF (1 << 2) /* Transmit FIFO not full */
914 #define UTSR1_PRE (1 << 3) /* Parity error */
915 #define UTSR1_FRE (1 << 4) /* Frame error */
916 #define UTSR1_ROR (1 << 5) /* Receive Over Run */
917 
918 #define RX_FIFO_PRE (1 << 8)
919 #define RX_FIFO_FRE (1 << 9)
920 #define RX_FIFO_ROR (1 << 10)
921 
922 #define TYPE_STRONGARM_UART "strongarm-uart"
923 OBJECT_DECLARE_SIMPLE_TYPE(StrongARMUARTState, STRONGARM_UART)
924 
925 struct StrongARMUARTState {
926     SysBusDevice parent_obj;
927 
928     MemoryRegion iomem;
929     CharBackend chr;
930     qemu_irq irq;
931 
932     uint8_t utcr0;
933     uint16_t brd;
934     uint8_t utcr3;
935     uint8_t utsr0;
936     uint8_t utsr1;
937 
938     uint8_t tx_fifo[8];
939     uint8_t tx_start;
940     uint8_t tx_len;
941     uint16_t rx_fifo[12]; /* value + error flags in high bits */
942     uint8_t rx_start;
943     uint8_t rx_len;
944 
945     uint64_t char_transmit_time; /* time to transmit a char in nanoseconds */
946     bool wait_break_end;
947     QEMUTimer *rx_timeout_timer;
948     QEMUTimer *tx_timer;
949 };
950 
951 static void strongarm_uart_update_status(StrongARMUARTState *s)
952 {
953     uint16_t utsr1 = 0;
954 
955     if (s->tx_len != 8) {
956         utsr1 |= UTSR1_TNF;
957     }
958 
959     if (s->rx_len != 0) {
960         uint16_t ent = s->rx_fifo[s->rx_start];
961 
962         utsr1 |= UTSR1_RNE;
963         if (ent & RX_FIFO_PRE) {
964             s->utsr1 |= UTSR1_PRE;
965         }
966         if (ent & RX_FIFO_FRE) {
967             s->utsr1 |= UTSR1_FRE;
968         }
969         if (ent & RX_FIFO_ROR) {
970             s->utsr1 |= UTSR1_ROR;
971         }
972     }
973 
974     s->utsr1 = utsr1;
975 }
976 
977 static void strongarm_uart_update_int_status(StrongARMUARTState *s)
978 {
979     uint16_t utsr0 = s->utsr0 &
980             (UTSR0_REB | UTSR0_RBB | UTSR0_RID);
981     int i;
982 
983     if ((s->utcr3 & UTCR3_TXE) &&
984                 (s->utcr3 & UTCR3_TIE) &&
985                 s->tx_len <= 4) {
986         utsr0 |= UTSR0_TFS;
987     }
988 
989     if ((s->utcr3 & UTCR3_RXE) &&
990                 (s->utcr3 & UTCR3_RIE) &&
991                 s->rx_len > 4) {
992         utsr0 |= UTSR0_RFS;
993     }
994 
995     for (i = 0; i < s->rx_len && i < 4; i++)
996         if (s->rx_fifo[(s->rx_start + i) % 12] & ~0xff) {
997             utsr0 |= UTSR0_EIF;
998             break;
999         }
1000 
1001     s->utsr0 = utsr0;
1002     qemu_set_irq(s->irq, utsr0);
1003 }
1004 
1005 static void strongarm_uart_update_parameters(StrongARMUARTState *s)
1006 {
1007     int speed, parity, data_bits, stop_bits, frame_size;
1008     QEMUSerialSetParams ssp;
1009 
1010     /* Start bit. */
1011     frame_size = 1;
1012     if (s->utcr0 & UTCR0_PE) {
1013         /* Parity bit. */
1014         frame_size++;
1015         if (s->utcr0 & UTCR0_OES) {
1016             parity = 'E';
1017         } else {
1018             parity = 'O';
1019         }
1020     } else {
1021             parity = 'N';
1022     }
1023     if (s->utcr0 & UTCR0_SBS) {
1024         stop_bits = 2;
1025     } else {
1026         stop_bits = 1;
1027     }
1028 
1029     data_bits = (s->utcr0 & UTCR0_DSS) ? 8 : 7;
1030     frame_size += data_bits + stop_bits;
1031     speed = 3686400 / 16 / (s->brd + 1);
1032     ssp.speed = speed;
1033     ssp.parity = parity;
1034     ssp.data_bits = data_bits;
1035     ssp.stop_bits = stop_bits;
1036     s->char_transmit_time =  (NANOSECONDS_PER_SECOND / speed) * frame_size;
1037     qemu_chr_fe_ioctl(&s->chr, CHR_IOCTL_SERIAL_SET_PARAMS, &ssp);
1038 
1039     trace_strongarm_uart_update_parameters((s->chr.chr ?
1040                                            s->chr.chr->label : "NULL") ?:
1041                                            "NULL",
1042                                            speed,
1043                                            parity,
1044                                            data_bits,
1045                                            stop_bits);
1046 }
1047 
1048 static void strongarm_uart_rx_to(void *opaque)
1049 {
1050     StrongARMUARTState *s = opaque;
1051 
1052     if (s->rx_len) {
1053         s->utsr0 |= UTSR0_RID;
1054         strongarm_uart_update_int_status(s);
1055     }
1056 }
1057 
1058 static void strongarm_uart_rx_push(StrongARMUARTState *s, uint16_t c)
1059 {
1060     if ((s->utcr3 & UTCR3_RXE) == 0) {
1061         /* rx disabled */
1062         return;
1063     }
1064 
1065     if (s->wait_break_end) {
1066         s->utsr0 |= UTSR0_REB;
1067         s->wait_break_end = false;
1068     }
1069 
1070     if (s->rx_len < 12) {
1071         s->rx_fifo[(s->rx_start + s->rx_len) % 12] = c;
1072         s->rx_len++;
1073     } else
1074         s->rx_fifo[(s->rx_start + 11) % 12] |= RX_FIFO_ROR;
1075 }
1076 
1077 static int strongarm_uart_can_receive(void *opaque)
1078 {
1079     StrongARMUARTState *s = opaque;
1080 
1081     if (s->rx_len == 12) {
1082         return 0;
1083     }
1084     /* It's best not to get more than 2/3 of RX FIFO, so advertise that much */
1085     if (s->rx_len < 8) {
1086         return 8 - s->rx_len;
1087     }
1088     return 1;
1089 }
1090 
1091 static void strongarm_uart_receive(void *opaque, const uint8_t *buf, int size)
1092 {
1093     StrongARMUARTState *s = opaque;
1094     int i;
1095 
1096     for (i = 0; i < size; i++) {
1097         strongarm_uart_rx_push(s, buf[i]);
1098     }
1099 
1100     /* call the timeout receive callback in 3 char transmit time */
1101     timer_mod(s->rx_timeout_timer,
1102                     qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + s->char_transmit_time * 3);
1103 
1104     strongarm_uart_update_status(s);
1105     strongarm_uart_update_int_status(s);
1106 }
1107 
1108 static void strongarm_uart_event(void *opaque, QEMUChrEvent event)
1109 {
1110     StrongARMUARTState *s = opaque;
1111     if (event == CHR_EVENT_BREAK) {
1112         s->utsr0 |= UTSR0_RBB;
1113         strongarm_uart_rx_push(s, RX_FIFO_FRE);
1114         s->wait_break_end = true;
1115         strongarm_uart_update_status(s);
1116         strongarm_uart_update_int_status(s);
1117     }
1118 }
1119 
1120 static void strongarm_uart_tx(void *opaque)
1121 {
1122     StrongARMUARTState *s = opaque;
1123     uint64_t new_xmit_ts = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
1124 
1125     if (s->utcr3 & UTCR3_LBM) /* loopback */ {
1126         strongarm_uart_receive(s, &s->tx_fifo[s->tx_start], 1);
1127     } else if (qemu_chr_fe_backend_connected(&s->chr)) {
1128         /* XXX this blocks entire thread. Rewrite to use
1129          * qemu_chr_fe_write and background I/O callbacks */
1130         qemu_chr_fe_write_all(&s->chr, &s->tx_fifo[s->tx_start], 1);
1131     }
1132 
1133     s->tx_start = (s->tx_start + 1) % 8;
1134     s->tx_len--;
1135     if (s->tx_len) {
1136         timer_mod(s->tx_timer, new_xmit_ts + s->char_transmit_time);
1137     }
1138     strongarm_uart_update_status(s);
1139     strongarm_uart_update_int_status(s);
1140 }
1141 
1142 static uint64_t strongarm_uart_read(void *opaque, hwaddr addr,
1143                                     unsigned size)
1144 {
1145     StrongARMUARTState *s = opaque;
1146     uint16_t ret;
1147 
1148     switch (addr) {
1149     case UTCR0:
1150         return s->utcr0;
1151 
1152     case UTCR1:
1153         return s->brd >> 8;
1154 
1155     case UTCR2:
1156         return s->brd & 0xff;
1157 
1158     case UTCR3:
1159         return s->utcr3;
1160 
1161     case UTDR:
1162         if (s->rx_len != 0) {
1163             ret = s->rx_fifo[s->rx_start];
1164             s->rx_start = (s->rx_start + 1) % 12;
1165             s->rx_len--;
1166             strongarm_uart_update_status(s);
1167             strongarm_uart_update_int_status(s);
1168             return ret;
1169         }
1170         return 0;
1171 
1172     case UTSR0:
1173         return s->utsr0;
1174 
1175     case UTSR1:
1176         return s->utsr1;
1177 
1178     default:
1179         qemu_log_mask(LOG_GUEST_ERROR,
1180                       "%s: Bad uart register read 0x"HWADDR_FMT_plx"\n",
1181                       __func__, addr);
1182         return 0;
1183     }
1184 }
1185 
1186 static void strongarm_uart_write(void *opaque, hwaddr addr,
1187                                  uint64_t value, unsigned size)
1188 {
1189     StrongARMUARTState *s = opaque;
1190 
1191     switch (addr) {
1192     case UTCR0:
1193         s->utcr0 = value & 0x7f;
1194         strongarm_uart_update_parameters(s);
1195         break;
1196 
1197     case UTCR1:
1198         s->brd = (s->brd & 0xff) | ((value & 0xf) << 8);
1199         strongarm_uart_update_parameters(s);
1200         break;
1201 
1202     case UTCR2:
1203         s->brd = (s->brd & 0xf00) | (value & 0xff);
1204         strongarm_uart_update_parameters(s);
1205         break;
1206 
1207     case UTCR3:
1208         s->utcr3 = value & 0x3f;
1209         if ((s->utcr3 & UTCR3_RXE) == 0) {
1210             s->rx_len = 0;
1211         }
1212         if ((s->utcr3 & UTCR3_TXE) == 0) {
1213             s->tx_len = 0;
1214         }
1215         strongarm_uart_update_status(s);
1216         strongarm_uart_update_int_status(s);
1217         break;
1218 
1219     case UTDR:
1220         if ((s->utcr3 & UTCR3_TXE) && s->tx_len != 8) {
1221             s->tx_fifo[(s->tx_start + s->tx_len) % 8] = value;
1222             s->tx_len++;
1223             strongarm_uart_update_status(s);
1224             strongarm_uart_update_int_status(s);
1225             if (s->tx_len == 1) {
1226                 strongarm_uart_tx(s);
1227             }
1228         }
1229         break;
1230 
1231     case UTSR0:
1232         s->utsr0 = s->utsr0 & ~(value &
1233                 (UTSR0_REB | UTSR0_RBB | UTSR0_RID));
1234         strongarm_uart_update_int_status(s);
1235         break;
1236 
1237     default:
1238         qemu_log_mask(LOG_GUEST_ERROR,
1239                       "%s: Bad uart register write 0x"HWADDR_FMT_plx"\n",
1240                       __func__, addr);
1241     }
1242 }
1243 
1244 static const MemoryRegionOps strongarm_uart_ops = {
1245     .read = strongarm_uart_read,
1246     .write = strongarm_uart_write,
1247     .endianness = DEVICE_NATIVE_ENDIAN,
1248 };
1249 
1250 static void strongarm_uart_init(Object *obj)
1251 {
1252     StrongARMUARTState *s = STRONGARM_UART(obj);
1253     SysBusDevice *dev = SYS_BUS_DEVICE(obj);
1254 
1255     memory_region_init_io(&s->iomem, obj, &strongarm_uart_ops, s,
1256                           "uart", 0x10000);
1257     sysbus_init_mmio(dev, &s->iomem);
1258     sysbus_init_irq(dev, &s->irq);
1259 }
1260 
1261 static void strongarm_uart_realize(DeviceState *dev, Error **errp)
1262 {
1263     StrongARMUARTState *s = STRONGARM_UART(dev);
1264 
1265     s->rx_timeout_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL,
1266                                        strongarm_uart_rx_to,
1267                                        s);
1268     s->tx_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, strongarm_uart_tx, s);
1269     qemu_chr_fe_set_handlers(&s->chr,
1270                              strongarm_uart_can_receive,
1271                              strongarm_uart_receive,
1272                              strongarm_uart_event,
1273                              NULL, s, NULL, true);
1274 }
1275 
1276 static void strongarm_uart_reset(DeviceState *dev)
1277 {
1278     StrongARMUARTState *s = STRONGARM_UART(dev);
1279 
1280     s->utcr0 = UTCR0_DSS; /* 8 data, no parity */
1281     s->brd = 23;    /* 9600 */
1282     /* enable send & recv - this actually violates spec */
1283     s->utcr3 = UTCR3_TXE | UTCR3_RXE;
1284 
1285     s->rx_len = s->tx_len = 0;
1286 
1287     strongarm_uart_update_parameters(s);
1288     strongarm_uart_update_status(s);
1289     strongarm_uart_update_int_status(s);
1290 }
1291 
1292 static int strongarm_uart_post_load(void *opaque, int version_id)
1293 {
1294     StrongARMUARTState *s = opaque;
1295 
1296     strongarm_uart_update_parameters(s);
1297     strongarm_uart_update_status(s);
1298     strongarm_uart_update_int_status(s);
1299 
1300     /* tx and restart timer */
1301     if (s->tx_len) {
1302         strongarm_uart_tx(s);
1303     }
1304 
1305     /* restart rx timeout timer */
1306     if (s->rx_len) {
1307         timer_mod(s->rx_timeout_timer,
1308                 qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + s->char_transmit_time * 3);
1309     }
1310 
1311     return 0;
1312 }
1313 
1314 static const VMStateDescription vmstate_strongarm_uart_regs = {
1315     .name = "strongarm-uart",
1316     .version_id = 0,
1317     .minimum_version_id = 0,
1318     .post_load = strongarm_uart_post_load,
1319     .fields = (const VMStateField[]) {
1320         VMSTATE_UINT8(utcr0, StrongARMUARTState),
1321         VMSTATE_UINT16(brd, StrongARMUARTState),
1322         VMSTATE_UINT8(utcr3, StrongARMUARTState),
1323         VMSTATE_UINT8(utsr0, StrongARMUARTState),
1324         VMSTATE_UINT8_ARRAY(tx_fifo, StrongARMUARTState, 8),
1325         VMSTATE_UINT8(tx_start, StrongARMUARTState),
1326         VMSTATE_UINT8(tx_len, StrongARMUARTState),
1327         VMSTATE_UINT16_ARRAY(rx_fifo, StrongARMUARTState, 12),
1328         VMSTATE_UINT8(rx_start, StrongARMUARTState),
1329         VMSTATE_UINT8(rx_len, StrongARMUARTState),
1330         VMSTATE_BOOL(wait_break_end, StrongARMUARTState),
1331         VMSTATE_END_OF_LIST(),
1332     },
1333 };
1334 
1335 static Property strongarm_uart_properties[] = {
1336     DEFINE_PROP_CHR("chardev", StrongARMUARTState, chr),
1337     DEFINE_PROP_END_OF_LIST(),
1338 };
1339 
1340 static void strongarm_uart_class_init(ObjectClass *klass, void *data)
1341 {
1342     DeviceClass *dc = DEVICE_CLASS(klass);
1343 
1344     dc->desc = "StrongARM UART controller";
1345     device_class_set_legacy_reset(dc, strongarm_uart_reset);
1346     dc->vmsd = &vmstate_strongarm_uart_regs;
1347     device_class_set_props(dc, strongarm_uart_properties);
1348     dc->realize = strongarm_uart_realize;
1349 }
1350 
1351 static const TypeInfo strongarm_uart_info = {
1352     .name          = TYPE_STRONGARM_UART,
1353     .parent        = TYPE_SYS_BUS_DEVICE,
1354     .instance_size = sizeof(StrongARMUARTState),
1355     .instance_init = strongarm_uart_init,
1356     .class_init    = strongarm_uart_class_init,
1357 };
1358 
1359 /* Synchronous Serial Ports */
1360 
1361 #define TYPE_STRONGARM_SSP "strongarm-ssp"
1362 OBJECT_DECLARE_SIMPLE_TYPE(StrongARMSSPState, STRONGARM_SSP)
1363 
1364 struct StrongARMSSPState {
1365     SysBusDevice parent_obj;
1366 
1367     MemoryRegion iomem;
1368     qemu_irq irq;
1369     SSIBus *bus;
1370 
1371     uint16_t sscr[2];
1372     uint16_t sssr;
1373 
1374     uint16_t rx_fifo[8];
1375     uint8_t rx_level;
1376     uint8_t rx_start;
1377 };
1378 
1379 #define SSCR0 0x60 /* SSP Control register 0 */
1380 #define SSCR1 0x64 /* SSP Control register 1 */
1381 #define SSDR  0x6c /* SSP Data register */
1382 #define SSSR  0x74 /* SSP Status register */
1383 
1384 /* Bitfields for above registers */
1385 #define SSCR0_SPI(x)    (((x) & 0x30) == 0x00)
1386 #define SSCR0_SSP(x)    (((x) & 0x30) == 0x10)
1387 #define SSCR0_UWIRE(x)  (((x) & 0x30) == 0x20)
1388 #define SSCR0_PSP(x)    (((x) & 0x30) == 0x30)
1389 #define SSCR0_SSE       (1 << 7)
1390 #define SSCR0_DSS(x)    (((x) & 0xf) + 1)
1391 #define SSCR1_RIE       (1 << 0)
1392 #define SSCR1_TIE       (1 << 1)
1393 #define SSCR1_LBM       (1 << 2)
1394 #define SSSR_TNF        (1 << 2)
1395 #define SSSR_RNE        (1 << 3)
1396 #define SSSR_TFS        (1 << 5)
1397 #define SSSR_RFS        (1 << 6)
1398 #define SSSR_ROR        (1 << 7)
1399 #define SSSR_RW         0x0080
1400 
1401 static void strongarm_ssp_int_update(StrongARMSSPState *s)
1402 {
1403     int level = 0;
1404 
1405     level |= (s->sssr & SSSR_ROR);
1406     level |= (s->sssr & SSSR_RFS)  &&  (s->sscr[1] & SSCR1_RIE);
1407     level |= (s->sssr & SSSR_TFS)  &&  (s->sscr[1] & SSCR1_TIE);
1408     qemu_set_irq(s->irq, level);
1409 }
1410 
1411 static void strongarm_ssp_fifo_update(StrongARMSSPState *s)
1412 {
1413     s->sssr &= ~SSSR_TFS;
1414     s->sssr &= ~SSSR_TNF;
1415     if (s->sscr[0] & SSCR0_SSE) {
1416         if (s->rx_level >= 4) {
1417             s->sssr |= SSSR_RFS;
1418         } else {
1419             s->sssr &= ~SSSR_RFS;
1420         }
1421         if (s->rx_level) {
1422             s->sssr |= SSSR_RNE;
1423         } else {
1424             s->sssr &= ~SSSR_RNE;
1425         }
1426         /* TX FIFO is never filled, so it is always in underrun
1427            condition if SSP is enabled */
1428         s->sssr |= SSSR_TFS;
1429         s->sssr |= SSSR_TNF;
1430     }
1431 
1432     strongarm_ssp_int_update(s);
1433 }
1434 
1435 static uint64_t strongarm_ssp_read(void *opaque, hwaddr addr,
1436                                    unsigned size)
1437 {
1438     StrongARMSSPState *s = opaque;
1439     uint32_t retval;
1440 
1441     switch (addr) {
1442     case SSCR0:
1443         return s->sscr[0];
1444     case SSCR1:
1445         return s->sscr[1];
1446     case SSSR:
1447         return s->sssr;
1448     case SSDR:
1449         if (~s->sscr[0] & SSCR0_SSE) {
1450             return 0xffffffff;
1451         }
1452         if (s->rx_level < 1) {
1453             trace_strongarm_ssp_read_underrun();
1454             return 0xffffffff;
1455         }
1456         s->rx_level--;
1457         retval = s->rx_fifo[s->rx_start++];
1458         s->rx_start &= 0x7;
1459         strongarm_ssp_fifo_update(s);
1460         return retval;
1461     default:
1462         qemu_log_mask(LOG_GUEST_ERROR,
1463                       "%s: Bad ssp register read 0x"HWADDR_FMT_plx"\n",
1464                       __func__, addr);
1465         break;
1466     }
1467     return 0;
1468 }
1469 
1470 static void strongarm_ssp_write(void *opaque, hwaddr addr,
1471                                 uint64_t value, unsigned size)
1472 {
1473     StrongARMSSPState *s = opaque;
1474 
1475     switch (addr) {
1476     case SSCR0:
1477         s->sscr[0] = value & 0xffbf;
1478         if ((s->sscr[0] & SSCR0_SSE) && SSCR0_DSS(value) < 4) {
1479             qemu_log_mask(LOG_GUEST_ERROR, "%s: Wrong data size: %i bits\n",
1480                           __func__, (int)SSCR0_DSS(value));
1481         }
1482         if (!(value & SSCR0_SSE)) {
1483             s->sssr = 0;
1484             s->rx_level = 0;
1485         }
1486         strongarm_ssp_fifo_update(s);
1487         break;
1488 
1489     case SSCR1:
1490         s->sscr[1] = value & 0x2f;
1491         if (value & SSCR1_LBM) {
1492             qemu_log_mask(LOG_GUEST_ERROR,
1493                           "%s: Attempt to use SSP LBM mode\n",
1494                           __func__);
1495         }
1496         strongarm_ssp_fifo_update(s);
1497         break;
1498 
1499     case SSSR:
1500         s->sssr &= ~(value & SSSR_RW);
1501         strongarm_ssp_int_update(s);
1502         break;
1503 
1504     case SSDR:
1505         if (SSCR0_UWIRE(s->sscr[0])) {
1506             value &= 0xff;
1507         } else
1508             /* Note how 32bits overflow does no harm here */
1509             value &= (1 << SSCR0_DSS(s->sscr[0])) - 1;
1510 
1511         /* Data goes from here to the Tx FIFO and is shifted out from
1512          * there directly to the slave, no need to buffer it.
1513          */
1514         if (s->sscr[0] & SSCR0_SSE) {
1515             uint32_t readval;
1516             if (s->sscr[1] & SSCR1_LBM) {
1517                 readval = value;
1518             } else {
1519                 readval = ssi_transfer(s->bus, value);
1520             }
1521 
1522             if (s->rx_level < 0x08) {
1523                 s->rx_fifo[(s->rx_start + s->rx_level++) & 0x7] = readval;
1524             } else {
1525                 s->sssr |= SSSR_ROR;
1526             }
1527         }
1528         strongarm_ssp_fifo_update(s);
1529         break;
1530 
1531     default:
1532         qemu_log_mask(LOG_GUEST_ERROR,
1533                       "%s: Bad ssp register write 0x"HWADDR_FMT_plx"\n",
1534                       __func__,  addr);
1535         break;
1536     }
1537 }
1538 
1539 static const MemoryRegionOps strongarm_ssp_ops = {
1540     .read = strongarm_ssp_read,
1541     .write = strongarm_ssp_write,
1542     .endianness = DEVICE_NATIVE_ENDIAN,
1543 };
1544 
1545 static int strongarm_ssp_post_load(void *opaque, int version_id)
1546 {
1547     StrongARMSSPState *s = opaque;
1548 
1549     strongarm_ssp_fifo_update(s);
1550 
1551     return 0;
1552 }
1553 
1554 static void strongarm_ssp_init(Object *obj)
1555 {
1556     SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
1557     DeviceState *dev = DEVICE(sbd);
1558     StrongARMSSPState *s = STRONGARM_SSP(dev);
1559 
1560     sysbus_init_irq(sbd, &s->irq);
1561 
1562     memory_region_init_io(&s->iomem, obj, &strongarm_ssp_ops, s,
1563                           "ssp", 0x1000);
1564     sysbus_init_mmio(sbd, &s->iomem);
1565 
1566     s->bus = ssi_create_bus(dev, "ssi");
1567 }
1568 
1569 static void strongarm_ssp_reset(DeviceState *dev)
1570 {
1571     StrongARMSSPState *s = STRONGARM_SSP(dev);
1572 
1573     s->sssr = 0x03; /* 3 bit data, SPI, disabled */
1574     s->rx_start = 0;
1575     s->rx_level = 0;
1576 }
1577 
1578 static const VMStateDescription vmstate_strongarm_ssp_regs = {
1579     .name = "strongarm-ssp",
1580     .version_id = 0,
1581     .minimum_version_id = 0,
1582     .post_load = strongarm_ssp_post_load,
1583     .fields = (const VMStateField[]) {
1584         VMSTATE_UINT16_ARRAY(sscr, StrongARMSSPState, 2),
1585         VMSTATE_UINT16(sssr, StrongARMSSPState),
1586         VMSTATE_UINT16_ARRAY(rx_fifo, StrongARMSSPState, 8),
1587         VMSTATE_UINT8(rx_start, StrongARMSSPState),
1588         VMSTATE_UINT8(rx_level, StrongARMSSPState),
1589         VMSTATE_END_OF_LIST(),
1590     },
1591 };
1592 
1593 static void strongarm_ssp_class_init(ObjectClass *klass, void *data)
1594 {
1595     DeviceClass *dc = DEVICE_CLASS(klass);
1596 
1597     dc->desc = "StrongARM SSP controller";
1598     device_class_set_legacy_reset(dc, strongarm_ssp_reset);
1599     dc->vmsd = &vmstate_strongarm_ssp_regs;
1600 }
1601 
1602 static const TypeInfo strongarm_ssp_info = {
1603     .name          = TYPE_STRONGARM_SSP,
1604     .parent        = TYPE_SYS_BUS_DEVICE,
1605     .instance_size = sizeof(StrongARMSSPState),
1606     .instance_init = strongarm_ssp_init,
1607     .class_init    = strongarm_ssp_class_init,
1608 };
1609 
1610 /* Main CPU functions */
1611 StrongARMState *sa1110_init(const char *cpu_type)
1612 {
1613     StrongARMState *s;
1614     int i;
1615 
1616     s = g_new0(StrongARMState, 1);
1617 
1618     if (strncmp(cpu_type, "sa1110", 6)) {
1619         error_report("Machine requires a SA1110 processor.");
1620         exit(1);
1621     }
1622 
1623     s->cpu = ARM_CPU(cpu_create(cpu_type));
1624 
1625     s->pic = sysbus_create_varargs("strongarm_pic", 0x90050000,
1626                     qdev_get_gpio_in(DEVICE(s->cpu), ARM_CPU_IRQ),
1627                     qdev_get_gpio_in(DEVICE(s->cpu), ARM_CPU_FIQ),
1628                     NULL);
1629 
1630     sysbus_create_varargs("pxa25x-timer", 0x90000000,
1631                     qdev_get_gpio_in(s->pic, SA_PIC_OSTC0),
1632                     qdev_get_gpio_in(s->pic, SA_PIC_OSTC1),
1633                     qdev_get_gpio_in(s->pic, SA_PIC_OSTC2),
1634                     qdev_get_gpio_in(s->pic, SA_PIC_OSTC3),
1635                     NULL);
1636 
1637     sysbus_create_simple(TYPE_STRONGARM_RTC, 0x90010000,
1638                     qdev_get_gpio_in(s->pic, SA_PIC_RTC_ALARM));
1639 
1640     s->gpio = strongarm_gpio_init(0x90040000, s->pic);
1641 
1642     s->ppc = sysbus_create_varargs(TYPE_STRONGARM_PPC, 0x90060000, NULL);
1643 
1644     for (i = 0; sa_serial[i].io_base; i++) {
1645         DeviceState *dev = qdev_new(TYPE_STRONGARM_UART);
1646         qdev_prop_set_chr(dev, "chardev", serial_hd(i));
1647         sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
1648         sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0,
1649                 sa_serial[i].io_base);
1650         sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0,
1651                 qdev_get_gpio_in(s->pic, sa_serial[i].irq));
1652     }
1653 
1654     s->ssp = sysbus_create_varargs(TYPE_STRONGARM_SSP, 0x80070000,
1655                 qdev_get_gpio_in(s->pic, SA_PIC_SSP), NULL);
1656     s->ssp_bus = (SSIBus *)qdev_get_child_bus(s->ssp, "ssi");
1657 
1658     return s;
1659 }
1660 
1661 static void strongarm_register_types(void)
1662 {
1663     type_register_static(&strongarm_pic_info);
1664     type_register_static(&strongarm_rtc_sysbus_info);
1665     type_register_static(&strongarm_gpio_info);
1666     type_register_static(&strongarm_ppc_info);
1667     type_register_static(&strongarm_uart_info);
1668     type_register_static(&strongarm_ssp_info);
1669 }
1670 
1671 type_init(strongarm_register_types)
1672