1 /*
2  * Rasperry Pi 2 emulation ARM control logic module.
3  * Copyright (c) 2015, Microsoft
4  * Written by Andrew Baumann
5  *
6  * Based on bcm2835_ic.c (Raspberry Pi emulation) (c) 2012 Gregory Estrade
7  *
8  * At present, only implements interrupt routing, and mailboxes (i.e.,
9  * not PMU interrupt, or AXI counters).
10  *
11  * ARM Local Timer IRQ Copyright (c) 2019. Zoltán Baldaszti
12  *
13  * Ref:
14  * https://www.raspberrypi.org/documentation/hardware/raspberrypi/bcm2836/QA7_rev3.4.pdf
15  *
16  * This work is licensed under the terms of the GNU GPL, version 2 or later.
17  * See the COPYING file in the top-level directory.
18  */
19 
20 #include "qemu/osdep.h"
21 #include "hw/intc/bcm2836_control.h"
22 #include "hw/irq.h"
23 #include "migration/vmstate.h"
24 #include "qemu/log.h"
25 #include "qemu/module.h"
26 
27 #define REG_GPU_ROUTE           0x0c
28 #define REG_LOCALTIMERROUTING   0x24
29 #define REG_LOCALTIMERCONTROL   0x34
30 #define REG_LOCALTIMERACK       0x38
31 #define REG_TIMERCONTROL        0x40
32 #define REG_MBOXCONTROL         0x50
33 #define REG_IRQSRC              0x60
34 #define REG_FIQSRC              0x70
35 #define REG_MBOX0_WR            0x80
36 #define REG_MBOX0_RDCLR         0xc0
37 #define REG_LIMIT              0x100
38 
39 #define IRQ_BIT(cntrl, num) (((cntrl) & (1 << (num))) != 0)
40 #define FIQ_BIT(cntrl, num) (((cntrl) & (1 << ((num) + 4))) != 0)
41 
42 #define IRQ_CNTPSIRQ    0
43 #define IRQ_CNTPNSIRQ   1
44 #define IRQ_CNTHPIRQ    2
45 #define IRQ_CNTVIRQ     3
46 #define IRQ_MAILBOX0    4
47 #define IRQ_MAILBOX1    5
48 #define IRQ_MAILBOX2    6
49 #define IRQ_MAILBOX3    7
50 #define IRQ_GPU         8
51 #define IRQ_PMU         9
52 #define IRQ_AXI         10
53 #define IRQ_TIMER       11
54 #define IRQ_MAX         IRQ_TIMER
55 
56 #define LOCALTIMER_FREQ      38400000
57 #define LOCALTIMER_INTFLAG   (1 << 31)
58 #define LOCALTIMER_RELOAD    (1 << 30)
59 #define LOCALTIMER_INTENABLE (1 << 29)
60 #define LOCALTIMER_ENABLE    (1 << 28)
61 #define LOCALTIMER_VALUE(x)  ((x) & 0xfffffff)
62 
deliver_local(BCM2836ControlState * s,uint8_t core,uint8_t irq,uint32_t controlreg,uint8_t controlidx)63 static void deliver_local(BCM2836ControlState *s, uint8_t core, uint8_t irq,
64                           uint32_t controlreg, uint8_t controlidx)
65 {
66     if (FIQ_BIT(controlreg, controlidx)) {
67         /* deliver a FIQ */
68         s->fiqsrc[core] |= (uint32_t)1 << irq;
69     } else if (IRQ_BIT(controlreg, controlidx)) {
70         /* deliver an IRQ */
71         s->irqsrc[core] |= (uint32_t)1 << irq;
72     } else {
73         /* the interrupt is masked */
74     }
75 }
76 
77 /* Update interrupts.  */
bcm2836_control_update(BCM2836ControlState * s)78 static void bcm2836_control_update(BCM2836ControlState *s)
79 {
80     int i, j;
81 
82     /* reset pending IRQs/FIQs */
83     for (i = 0; i < BCM2836_NCORES; i++) {
84         s->irqsrc[i] = s->fiqsrc[i] = 0;
85     }
86 
87     /* apply routing logic, update status regs */
88     if (s->gpu_irq) {
89         assert(s->route_gpu_irq < BCM2836_NCORES);
90         s->irqsrc[s->route_gpu_irq] |= (uint32_t)1 << IRQ_GPU;
91     }
92 
93     if (s->gpu_fiq) {
94         assert(s->route_gpu_fiq < BCM2836_NCORES);
95         s->fiqsrc[s->route_gpu_fiq] |= (uint32_t)1 << IRQ_GPU;
96     }
97 
98     /*
99      * handle the control module 'local timer' interrupt for one of the
100      * cores' IRQ/FIQ;  this is distinct from the per-CPU timer
101      * interrupts handled below.
102      */
103     if ((s->local_timer_control & LOCALTIMER_INTENABLE) &&
104         (s->local_timer_control & LOCALTIMER_INTFLAG)) {
105         if (s->route_localtimer & 4) {
106             s->fiqsrc[(s->route_localtimer & 3)] |= (uint32_t)1 << IRQ_TIMER;
107         } else {
108             s->irqsrc[(s->route_localtimer & 3)] |= (uint32_t)1 << IRQ_TIMER;
109         }
110     }
111 
112     for (i = 0; i < BCM2836_NCORES; i++) {
113         /* handle local timer interrupts for this core */
114         if (s->timerirqs[i]) {
115             assert(s->timerirqs[i] < (1 << (IRQ_CNTVIRQ + 1))); /* sane mask? */
116             for (j = 0; j <= IRQ_CNTVIRQ; j++) {
117                 if ((s->timerirqs[i] & (1 << j)) != 0) {
118                     /* local interrupt j is set */
119                     deliver_local(s, i, j, s->timercontrol[i], j);
120                 }
121             }
122         }
123 
124         /* handle mailboxes for this core */
125         for (j = 0; j < BCM2836_MBPERCORE; j++) {
126             if (s->mailboxes[i * BCM2836_MBPERCORE + j] != 0) {
127                 /* mailbox j is set */
128                 deliver_local(s, i, j + IRQ_MAILBOX0, s->mailboxcontrol[i], j);
129             }
130         }
131     }
132 
133     /* call set_irq appropriately for each output */
134     for (i = 0; i < BCM2836_NCORES; i++) {
135         qemu_set_irq(s->irq[i], s->irqsrc[i] != 0);
136         qemu_set_irq(s->fiq[i], s->fiqsrc[i] != 0);
137     }
138 }
139 
bcm2836_control_set_local_irq(void * opaque,int core,int local_irq,int level)140 static void bcm2836_control_set_local_irq(void *opaque, int core, int local_irq,
141                                           int level)
142 {
143     BCM2836ControlState *s = opaque;
144 
145     assert(core >= 0 && core < BCM2836_NCORES);
146     assert(local_irq >= 0 && local_irq <= IRQ_CNTVIRQ);
147 
148     s->timerirqs[core] = deposit32(s->timerirqs[core], local_irq, 1, !!level);
149 
150     bcm2836_control_update(s);
151 }
152 
153 /* XXX: the following wrapper functions are a kludgy workaround,
154  * needed because I can't seem to pass useful information in the "irq"
155  * parameter when using named interrupts. Feel free to clean this up!
156  */
157 
bcm2836_control_set_local_irq0(void * opaque,int core,int level)158 static void bcm2836_control_set_local_irq0(void *opaque, int core, int level)
159 {
160     bcm2836_control_set_local_irq(opaque, core, IRQ_CNTPSIRQ, level);
161 }
162 
bcm2836_control_set_local_irq1(void * opaque,int core,int level)163 static void bcm2836_control_set_local_irq1(void *opaque, int core, int level)
164 {
165     bcm2836_control_set_local_irq(opaque, core, IRQ_CNTPNSIRQ, level);
166 }
167 
bcm2836_control_set_local_irq2(void * opaque,int core,int level)168 static void bcm2836_control_set_local_irq2(void *opaque, int core, int level)
169 {
170     bcm2836_control_set_local_irq(opaque, core, IRQ_CNTHPIRQ, level);
171 }
172 
bcm2836_control_set_local_irq3(void * opaque,int core,int level)173 static void bcm2836_control_set_local_irq3(void *opaque, int core, int level)
174 {
175     bcm2836_control_set_local_irq(opaque, core, IRQ_CNTVIRQ, level);
176 }
177 
bcm2836_control_set_gpu_irq(void * opaque,int irq,int level)178 static void bcm2836_control_set_gpu_irq(void *opaque, int irq, int level)
179 {
180     BCM2836ControlState *s = opaque;
181 
182     s->gpu_irq = level;
183 
184     bcm2836_control_update(s);
185 }
186 
bcm2836_control_set_gpu_fiq(void * opaque,int irq,int level)187 static void bcm2836_control_set_gpu_fiq(void *opaque, int irq, int level)
188 {
189     BCM2836ControlState *s = opaque;
190 
191     s->gpu_fiq = level;
192 
193     bcm2836_control_update(s);
194 }
195 
bcm2836_control_local_timer_set_next(void * opaque)196 static void bcm2836_control_local_timer_set_next(void *opaque)
197 {
198     BCM2836ControlState *s = opaque;
199     uint64_t next_event;
200 
201     assert(LOCALTIMER_VALUE(s->local_timer_control) > 0);
202 
203     next_event = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
204         muldiv64(LOCALTIMER_VALUE(s->local_timer_control),
205             NANOSECONDS_PER_SECOND, LOCALTIMER_FREQ);
206     timer_mod(&s->timer, next_event);
207 }
208 
bcm2836_control_local_timer_tick(void * opaque)209 static void bcm2836_control_local_timer_tick(void *opaque)
210 {
211     BCM2836ControlState *s = opaque;
212 
213     bcm2836_control_local_timer_set_next(s);
214 
215     s->local_timer_control |= LOCALTIMER_INTFLAG;
216     bcm2836_control_update(s);
217 }
218 
bcm2836_control_local_timer_control(void * opaque,uint32_t val)219 static void bcm2836_control_local_timer_control(void *opaque, uint32_t val)
220 {
221     BCM2836ControlState *s = opaque;
222 
223     s->local_timer_control = val;
224     if (val & LOCALTIMER_ENABLE) {
225         bcm2836_control_local_timer_set_next(s);
226     } else {
227         timer_del(&s->timer);
228     }
229 }
230 
bcm2836_control_local_timer_ack(void * opaque,uint32_t val)231 static void bcm2836_control_local_timer_ack(void *opaque, uint32_t val)
232 {
233     BCM2836ControlState *s = opaque;
234 
235     if (val & LOCALTIMER_INTFLAG) {
236         s->local_timer_control &= ~LOCALTIMER_INTFLAG;
237     }
238     if ((val & LOCALTIMER_RELOAD) &&
239         (s->local_timer_control & LOCALTIMER_ENABLE)) {
240             bcm2836_control_local_timer_set_next(s);
241     }
242 }
243 
bcm2836_control_read(void * opaque,hwaddr offset,unsigned size)244 static uint64_t bcm2836_control_read(void *opaque, hwaddr offset, unsigned size)
245 {
246     BCM2836ControlState *s = opaque;
247 
248     if (offset == REG_GPU_ROUTE) {
249         assert(s->route_gpu_fiq < BCM2836_NCORES
250                && s->route_gpu_irq < BCM2836_NCORES);
251         return ((uint32_t)s->route_gpu_fiq << 2) | s->route_gpu_irq;
252     } else if (offset == REG_LOCALTIMERROUTING) {
253         return s->route_localtimer;
254     } else if (offset == REG_LOCALTIMERCONTROL) {
255         return s->local_timer_control;
256     } else if (offset == REG_LOCALTIMERACK) {
257         return 0;
258     } else if (offset >= REG_TIMERCONTROL && offset < REG_MBOXCONTROL) {
259         return s->timercontrol[(offset - REG_TIMERCONTROL) >> 2];
260     } else if (offset >= REG_MBOXCONTROL && offset < REG_IRQSRC) {
261         return s->mailboxcontrol[(offset - REG_MBOXCONTROL) >> 2];
262     } else if (offset >= REG_IRQSRC && offset < REG_FIQSRC) {
263         return s->irqsrc[(offset - REG_IRQSRC) >> 2];
264     } else if (offset >= REG_FIQSRC && offset < REG_MBOX0_WR) {
265         return s->fiqsrc[(offset - REG_FIQSRC) >> 2];
266     } else if (offset >= REG_MBOX0_RDCLR && offset < REG_LIMIT) {
267         return s->mailboxes[(offset - REG_MBOX0_RDCLR) >> 2];
268     } else {
269         qemu_log_mask(LOG_UNIMP, "%s: Unsupported offset 0x%"HWADDR_PRIx"\n",
270                       __func__, offset);
271         return 0;
272     }
273 }
274 
bcm2836_control_write(void * opaque,hwaddr offset,uint64_t val,unsigned size)275 static void bcm2836_control_write(void *opaque, hwaddr offset,
276                                   uint64_t val, unsigned size)
277 {
278     BCM2836ControlState *s = opaque;
279 
280     if (offset == REG_GPU_ROUTE) {
281         s->route_gpu_irq = val & 0x3;
282         s->route_gpu_fiq = (val >> 2) & 0x3;
283     } else if (offset == REG_LOCALTIMERROUTING) {
284         s->route_localtimer = val & 7;
285     } else if (offset == REG_LOCALTIMERCONTROL) {
286         bcm2836_control_local_timer_control(s, val);
287     } else if (offset == REG_LOCALTIMERACK) {
288         bcm2836_control_local_timer_ack(s, val);
289     } else if (offset >= REG_TIMERCONTROL && offset < REG_MBOXCONTROL) {
290         s->timercontrol[(offset - REG_TIMERCONTROL) >> 2] = val & 0xff;
291     } else if (offset >= REG_MBOXCONTROL && offset < REG_IRQSRC) {
292         s->mailboxcontrol[(offset - REG_MBOXCONTROL) >> 2] = val & 0xff;
293     } else if (offset >= REG_MBOX0_WR && offset < REG_MBOX0_RDCLR) {
294         s->mailboxes[(offset - REG_MBOX0_WR) >> 2] |= val;
295     } else if (offset >= REG_MBOX0_RDCLR && offset < REG_LIMIT) {
296         s->mailboxes[(offset - REG_MBOX0_RDCLR) >> 2] &= ~val;
297     } else {
298         qemu_log_mask(LOG_UNIMP, "%s: Unsupported offset 0x%"HWADDR_PRIx
299                                  " value 0x%"PRIx64"\n",
300                       __func__, offset, val);
301         return;
302     }
303 
304     bcm2836_control_update(s);
305 }
306 
307 static const MemoryRegionOps bcm2836_control_ops = {
308     .read = bcm2836_control_read,
309     .write = bcm2836_control_write,
310     .endianness = DEVICE_NATIVE_ENDIAN,
311     .valid.min_access_size = 4,
312     .valid.max_access_size = 4,
313 };
314 
bcm2836_control_reset(DeviceState * d)315 static void bcm2836_control_reset(DeviceState *d)
316 {
317     BCM2836ControlState *s = BCM2836_CONTROL(d);
318     int i;
319 
320     s->route_gpu_irq = s->route_gpu_fiq = 0;
321 
322     timer_del(&s->timer);
323     s->route_localtimer = 0;
324     s->local_timer_control = 0;
325 
326     for (i = 0; i < BCM2836_NCORES; i++) {
327         s->timercontrol[i] = 0;
328         s->mailboxcontrol[i] = 0;
329     }
330 
331     for (i = 0; i < BCM2836_NCORES * BCM2836_MBPERCORE; i++) {
332         s->mailboxes[i] = 0;
333     }
334 }
335 
bcm2836_control_init(Object * obj)336 static void bcm2836_control_init(Object *obj)
337 {
338     BCM2836ControlState *s = BCM2836_CONTROL(obj);
339     DeviceState *dev = DEVICE(obj);
340 
341     memory_region_init_io(&s->iomem, obj, &bcm2836_control_ops, s,
342                           TYPE_BCM2836_CONTROL, REG_LIMIT);
343     sysbus_init_mmio(SYS_BUS_DEVICE(s), &s->iomem);
344 
345     /* inputs from each CPU core */
346     qdev_init_gpio_in_named(dev, bcm2836_control_set_local_irq0, "cntpsirq",
347                             BCM2836_NCORES);
348     qdev_init_gpio_in_named(dev, bcm2836_control_set_local_irq1, "cntpnsirq",
349                             BCM2836_NCORES);
350     qdev_init_gpio_in_named(dev, bcm2836_control_set_local_irq2, "cnthpirq",
351                             BCM2836_NCORES);
352     qdev_init_gpio_in_named(dev, bcm2836_control_set_local_irq3, "cntvirq",
353                             BCM2836_NCORES);
354 
355     /* IRQ and FIQ inputs from upstream bcm2835 controller */
356     qdev_init_gpio_in_named(dev, bcm2836_control_set_gpu_irq, "gpu-irq", 1);
357     qdev_init_gpio_in_named(dev, bcm2836_control_set_gpu_fiq, "gpu-fiq", 1);
358 
359     /* outputs to CPU cores */
360     qdev_init_gpio_out_named(dev, s->irq, "irq", BCM2836_NCORES);
361     qdev_init_gpio_out_named(dev, s->fiq, "fiq", BCM2836_NCORES);
362 
363     /* create a qemu virtual timer */
364     timer_init_ns(&s->timer, QEMU_CLOCK_VIRTUAL,
365                   bcm2836_control_local_timer_tick, s);
366 }
367 
368 static const VMStateDescription vmstate_bcm2836_control = {
369     .name = TYPE_BCM2836_CONTROL,
370     .version_id = 2,
371     .minimum_version_id = 1,
372     .fields = (const VMStateField[]) {
373         VMSTATE_UINT32_ARRAY(mailboxes, BCM2836ControlState,
374                              BCM2836_NCORES * BCM2836_MBPERCORE),
375         VMSTATE_UINT8(route_gpu_irq, BCM2836ControlState),
376         VMSTATE_UINT8(route_gpu_fiq, BCM2836ControlState),
377         VMSTATE_UINT32_ARRAY(timercontrol, BCM2836ControlState, BCM2836_NCORES),
378         VMSTATE_UINT32_ARRAY(mailboxcontrol, BCM2836ControlState,
379                              BCM2836_NCORES),
380         VMSTATE_TIMER_V(timer, BCM2836ControlState, 2),
381         VMSTATE_UINT32_V(local_timer_control, BCM2836ControlState, 2),
382         VMSTATE_UINT8_V(route_localtimer, BCM2836ControlState, 2),
383         VMSTATE_END_OF_LIST()
384     }
385 };
386 
bcm2836_control_class_init(ObjectClass * klass,const void * data)387 static void bcm2836_control_class_init(ObjectClass *klass, const void *data)
388 {
389     DeviceClass *dc = DEVICE_CLASS(klass);
390 
391     device_class_set_legacy_reset(dc, bcm2836_control_reset);
392     dc->vmsd = &vmstate_bcm2836_control;
393 }
394 
395 static const TypeInfo bcm2836_control_info = {
396     .name          = TYPE_BCM2836_CONTROL,
397     .parent        = TYPE_SYS_BUS_DEVICE,
398     .instance_size = sizeof(BCM2836ControlState),
399     .class_init    = bcm2836_control_class_init,
400     .instance_init = bcm2836_control_init,
401 };
402 
bcm2836_control_register_types(void)403 static void bcm2836_control_register_types(void)
404 {
405     type_register_static(&bcm2836_control_info);
406 }
407 
408 type_init(bcm2836_control_register_types)
409