1 /* 2 * Rasperry Pi 2 emulation ARM control logic module. 3 * Copyright (c) 2015, Microsoft 4 * Written by Andrew Baumann 5 * 6 * Based on bcm2835_ic.c (Raspberry Pi emulation) (c) 2012 Gregory Estrade 7 * This code is licensed under the GNU GPLv2 and later. 8 * 9 * At present, only implements interrupt routing, and mailboxes (i.e., 10 * not PMU interrupt, or AXI counters). 11 * 12 * ARM Local Timer IRQ Copyright (c) 2019. Zoltán Baldaszti 13 * 14 * Ref: 15 * https://www.raspberrypi.org/documentation/hardware/raspberrypi/bcm2836/QA7_rev3.4.pdf 16 */ 17 18 #include "qemu/osdep.h" 19 #include "hw/intc/bcm2836_control.h" 20 #include "qemu/log.h" 21 22 #define REG_GPU_ROUTE 0x0c 23 #define REG_LOCALTIMERROUTING 0x24 24 #define REG_LOCALTIMERCONTROL 0x34 25 #define REG_LOCALTIMERACK 0x38 26 #define REG_TIMERCONTROL 0x40 27 #define REG_MBOXCONTROL 0x50 28 #define REG_IRQSRC 0x60 29 #define REG_FIQSRC 0x70 30 #define REG_MBOX0_WR 0x80 31 #define REG_MBOX0_RDCLR 0xc0 32 #define REG_LIMIT 0x100 33 34 #define IRQ_BIT(cntrl, num) (((cntrl) & (1 << (num))) != 0) 35 #define FIQ_BIT(cntrl, num) (((cntrl) & (1 << ((num) + 4))) != 0) 36 37 #define IRQ_CNTPSIRQ 0 38 #define IRQ_CNTPNSIRQ 1 39 #define IRQ_CNTHPIRQ 2 40 #define IRQ_CNTVIRQ 3 41 #define IRQ_MAILBOX0 4 42 #define IRQ_MAILBOX1 5 43 #define IRQ_MAILBOX2 6 44 #define IRQ_MAILBOX3 7 45 #define IRQ_GPU 8 46 #define IRQ_PMU 9 47 #define IRQ_AXI 10 48 #define IRQ_TIMER 11 49 #define IRQ_MAX IRQ_TIMER 50 51 #define LOCALTIMER_FREQ 38400000 52 #define LOCALTIMER_INTFLAG (1 << 31) 53 #define LOCALTIMER_RELOAD (1 << 30) 54 #define LOCALTIMER_INTENABLE (1 << 29) 55 #define LOCALTIMER_ENABLE (1 << 28) 56 #define LOCALTIMER_VALUE(x) ((x) & 0xfffffff) 57 58 static void deliver_local(BCM2836ControlState *s, uint8_t core, uint8_t irq, 59 uint32_t controlreg, uint8_t controlidx) 60 { 61 if (FIQ_BIT(controlreg, controlidx)) { 62 /* deliver a FIQ */ 63 s->fiqsrc[core] |= (uint32_t)1 << irq; 64 } else if (IRQ_BIT(controlreg, controlidx)) { 65 /* deliver an IRQ */ 66 s->irqsrc[core] |= (uint32_t)1 << irq; 67 } else { 68 /* the interrupt is masked */ 69 } 70 } 71 72 /* Update interrupts. */ 73 static void bcm2836_control_update(BCM2836ControlState *s) 74 { 75 int i, j; 76 77 /* reset pending IRQs/FIQs */ 78 for (i = 0; i < BCM2836_NCORES; i++) { 79 s->irqsrc[i] = s->fiqsrc[i] = 0; 80 } 81 82 /* apply routing logic, update status regs */ 83 if (s->gpu_irq) { 84 assert(s->route_gpu_irq < BCM2836_NCORES); 85 s->irqsrc[s->route_gpu_irq] |= (uint32_t)1 << IRQ_GPU; 86 } 87 88 if (s->gpu_fiq) { 89 assert(s->route_gpu_fiq < BCM2836_NCORES); 90 s->fiqsrc[s->route_gpu_fiq] |= (uint32_t)1 << IRQ_GPU; 91 } 92 93 /* 94 * handle the control module 'local timer' interrupt for one of the 95 * cores' IRQ/FIQ; this is distinct from the per-CPU timer 96 * interrupts handled below. 97 */ 98 if ((s->local_timer_control & LOCALTIMER_INTENABLE) && 99 (s->local_timer_control & LOCALTIMER_INTFLAG)) { 100 if (s->route_localtimer & 4) { 101 s->fiqsrc[(s->route_localtimer & 3)] |= (uint32_t)1 << IRQ_TIMER; 102 } else { 103 s->irqsrc[(s->route_localtimer & 3)] |= (uint32_t)1 << IRQ_TIMER; 104 } 105 } 106 107 for (i = 0; i < BCM2836_NCORES; i++) { 108 /* handle local timer interrupts for this core */ 109 if (s->timerirqs[i]) { 110 assert(s->timerirqs[i] < (1 << (IRQ_CNTVIRQ + 1))); /* sane mask? */ 111 for (j = 0; j <= IRQ_CNTVIRQ; j++) { 112 if ((s->timerirqs[i] & (1 << j)) != 0) { 113 /* local interrupt j is set */ 114 deliver_local(s, i, j, s->timercontrol[i], j); 115 } 116 } 117 } 118 119 /* handle mailboxes for this core */ 120 for (j = 0; j < BCM2836_MBPERCORE; j++) { 121 if (s->mailboxes[i * BCM2836_MBPERCORE + j] != 0) { 122 /* mailbox j is set */ 123 deliver_local(s, i, j + IRQ_MAILBOX0, s->mailboxcontrol[i], j); 124 } 125 } 126 } 127 128 /* call set_irq appropriately for each output */ 129 for (i = 0; i < BCM2836_NCORES; i++) { 130 qemu_set_irq(s->irq[i], s->irqsrc[i] != 0); 131 qemu_set_irq(s->fiq[i], s->fiqsrc[i] != 0); 132 } 133 } 134 135 static void bcm2836_control_set_local_irq(void *opaque, int core, int local_irq, 136 int level) 137 { 138 BCM2836ControlState *s = opaque; 139 140 assert(core >= 0 && core < BCM2836_NCORES); 141 assert(local_irq >= 0 && local_irq <= IRQ_CNTVIRQ); 142 143 s->timerirqs[core] = deposit32(s->timerirqs[core], local_irq, 1, !!level); 144 145 bcm2836_control_update(s); 146 } 147 148 /* XXX: the following wrapper functions are a kludgy workaround, 149 * needed because I can't seem to pass useful information in the "irq" 150 * parameter when using named interrupts. Feel free to clean this up! 151 */ 152 153 static void bcm2836_control_set_local_irq0(void *opaque, int core, int level) 154 { 155 bcm2836_control_set_local_irq(opaque, core, 0, level); 156 } 157 158 static void bcm2836_control_set_local_irq1(void *opaque, int core, int level) 159 { 160 bcm2836_control_set_local_irq(opaque, core, 1, level); 161 } 162 163 static void bcm2836_control_set_local_irq2(void *opaque, int core, int level) 164 { 165 bcm2836_control_set_local_irq(opaque, core, 2, level); 166 } 167 168 static void bcm2836_control_set_local_irq3(void *opaque, int core, int level) 169 { 170 bcm2836_control_set_local_irq(opaque, core, 3, level); 171 } 172 173 static void bcm2836_control_set_gpu_irq(void *opaque, int irq, int level) 174 { 175 BCM2836ControlState *s = opaque; 176 177 s->gpu_irq = level; 178 179 bcm2836_control_update(s); 180 } 181 182 static void bcm2836_control_set_gpu_fiq(void *opaque, int irq, int level) 183 { 184 BCM2836ControlState *s = opaque; 185 186 s->gpu_fiq = level; 187 188 bcm2836_control_update(s); 189 } 190 191 static void bcm2836_control_local_timer_set_next(void *opaque) 192 { 193 BCM2836ControlState *s = opaque; 194 uint64_t next_event; 195 196 assert(LOCALTIMER_VALUE(s->local_timer_control) > 0); 197 198 next_event = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 199 muldiv64(LOCALTIMER_VALUE(s->local_timer_control), 200 NANOSECONDS_PER_SECOND, LOCALTIMER_FREQ); 201 timer_mod(&s->timer, next_event); 202 } 203 204 static void bcm2836_control_local_timer_tick(void *opaque) 205 { 206 BCM2836ControlState *s = opaque; 207 208 bcm2836_control_local_timer_set_next(s); 209 210 s->local_timer_control |= LOCALTIMER_INTFLAG; 211 bcm2836_control_update(s); 212 } 213 214 static void bcm2836_control_local_timer_control(void *opaque, uint32_t val) 215 { 216 BCM2836ControlState *s = opaque; 217 218 s->local_timer_control = val; 219 if (val & LOCALTIMER_ENABLE) { 220 bcm2836_control_local_timer_set_next(s); 221 } else { 222 timer_del(&s->timer); 223 } 224 } 225 226 static void bcm2836_control_local_timer_ack(void *opaque, uint32_t val) 227 { 228 BCM2836ControlState *s = opaque; 229 230 if (val & LOCALTIMER_INTFLAG) { 231 s->local_timer_control &= ~LOCALTIMER_INTFLAG; 232 } 233 if ((val & LOCALTIMER_RELOAD) && 234 (s->local_timer_control & LOCALTIMER_ENABLE)) { 235 bcm2836_control_local_timer_set_next(s); 236 } 237 } 238 239 static uint64_t bcm2836_control_read(void *opaque, hwaddr offset, unsigned size) 240 { 241 BCM2836ControlState *s = opaque; 242 243 if (offset == REG_GPU_ROUTE) { 244 assert(s->route_gpu_fiq < BCM2836_NCORES 245 && s->route_gpu_irq < BCM2836_NCORES); 246 return ((uint32_t)s->route_gpu_fiq << 2) | s->route_gpu_irq; 247 } else if (offset == REG_LOCALTIMERROUTING) { 248 return s->route_localtimer; 249 } else if (offset == REG_LOCALTIMERCONTROL) { 250 return s->local_timer_control; 251 } else if (offset == REG_LOCALTIMERACK) { 252 return 0; 253 } else if (offset >= REG_TIMERCONTROL && offset < REG_MBOXCONTROL) { 254 return s->timercontrol[(offset - REG_TIMERCONTROL) >> 2]; 255 } else if (offset >= REG_MBOXCONTROL && offset < REG_IRQSRC) { 256 return s->mailboxcontrol[(offset - REG_MBOXCONTROL) >> 2]; 257 } else if (offset >= REG_IRQSRC && offset < REG_FIQSRC) { 258 return s->irqsrc[(offset - REG_IRQSRC) >> 2]; 259 } else if (offset >= REG_FIQSRC && offset < REG_MBOX0_WR) { 260 return s->fiqsrc[(offset - REG_FIQSRC) >> 2]; 261 } else if (offset >= REG_MBOX0_RDCLR && offset < REG_LIMIT) { 262 return s->mailboxes[(offset - REG_MBOX0_RDCLR) >> 2]; 263 } else { 264 qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset %"HWADDR_PRIx"\n", 265 __func__, offset); 266 return 0; 267 } 268 } 269 270 static void bcm2836_control_write(void *opaque, hwaddr offset, 271 uint64_t val, unsigned size) 272 { 273 BCM2836ControlState *s = opaque; 274 275 if (offset == REG_GPU_ROUTE) { 276 s->route_gpu_irq = val & 0x3; 277 s->route_gpu_fiq = (val >> 2) & 0x3; 278 } else if (offset == REG_LOCALTIMERROUTING) { 279 s->route_localtimer = val & 7; 280 } else if (offset == REG_LOCALTIMERCONTROL) { 281 bcm2836_control_local_timer_control(s, val); 282 } else if (offset == REG_LOCALTIMERACK) { 283 bcm2836_control_local_timer_ack(s, val); 284 } else if (offset >= REG_TIMERCONTROL && offset < REG_MBOXCONTROL) { 285 s->timercontrol[(offset - REG_TIMERCONTROL) >> 2] = val & 0xff; 286 } else if (offset >= REG_MBOXCONTROL && offset < REG_IRQSRC) { 287 s->mailboxcontrol[(offset - REG_MBOXCONTROL) >> 2] = val & 0xff; 288 } else if (offset >= REG_MBOX0_WR && offset < REG_MBOX0_RDCLR) { 289 s->mailboxes[(offset - REG_MBOX0_WR) >> 2] |= val; 290 } else if (offset >= REG_MBOX0_RDCLR && offset < REG_LIMIT) { 291 s->mailboxes[(offset - REG_MBOX0_RDCLR) >> 2] &= ~val; 292 } else { 293 qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset %"HWADDR_PRIx"\n", 294 __func__, offset); 295 return; 296 } 297 298 bcm2836_control_update(s); 299 } 300 301 static const MemoryRegionOps bcm2836_control_ops = { 302 .read = bcm2836_control_read, 303 .write = bcm2836_control_write, 304 .endianness = DEVICE_NATIVE_ENDIAN, 305 .valid.min_access_size = 4, 306 .valid.max_access_size = 4, 307 }; 308 309 static void bcm2836_control_reset(DeviceState *d) 310 { 311 BCM2836ControlState *s = BCM2836_CONTROL(d); 312 int i; 313 314 s->route_gpu_irq = s->route_gpu_fiq = 0; 315 316 timer_del(&s->timer); 317 s->route_localtimer = 0; 318 s->local_timer_control = 0; 319 320 for (i = 0; i < BCM2836_NCORES; i++) { 321 s->timercontrol[i] = 0; 322 s->mailboxcontrol[i] = 0; 323 } 324 325 for (i = 0; i < BCM2836_NCORES * BCM2836_MBPERCORE; i++) { 326 s->mailboxes[i] = 0; 327 } 328 } 329 330 static void bcm2836_control_init(Object *obj) 331 { 332 BCM2836ControlState *s = BCM2836_CONTROL(obj); 333 DeviceState *dev = DEVICE(obj); 334 335 memory_region_init_io(&s->iomem, obj, &bcm2836_control_ops, s, 336 TYPE_BCM2836_CONTROL, REG_LIMIT); 337 sysbus_init_mmio(SYS_BUS_DEVICE(s), &s->iomem); 338 339 /* inputs from each CPU core */ 340 qdev_init_gpio_in_named(dev, bcm2836_control_set_local_irq0, "cntpsirq", 341 BCM2836_NCORES); 342 qdev_init_gpio_in_named(dev, bcm2836_control_set_local_irq1, "cntpnsirq", 343 BCM2836_NCORES); 344 qdev_init_gpio_in_named(dev, bcm2836_control_set_local_irq2, "cnthpirq", 345 BCM2836_NCORES); 346 qdev_init_gpio_in_named(dev, bcm2836_control_set_local_irq3, "cntvirq", 347 BCM2836_NCORES); 348 349 /* IRQ and FIQ inputs from upstream bcm2835 controller */ 350 qdev_init_gpio_in_named(dev, bcm2836_control_set_gpu_irq, "gpu-irq", 1); 351 qdev_init_gpio_in_named(dev, bcm2836_control_set_gpu_fiq, "gpu-fiq", 1); 352 353 /* outputs to CPU cores */ 354 qdev_init_gpio_out_named(dev, s->irq, "irq", BCM2836_NCORES); 355 qdev_init_gpio_out_named(dev, s->fiq, "fiq", BCM2836_NCORES); 356 357 /* create a qemu virtual timer */ 358 timer_init_ns(&s->timer, QEMU_CLOCK_VIRTUAL, 359 bcm2836_control_local_timer_tick, s); 360 } 361 362 static const VMStateDescription vmstate_bcm2836_control = { 363 .name = TYPE_BCM2836_CONTROL, 364 .version_id = 2, 365 .minimum_version_id = 1, 366 .fields = (VMStateField[]) { 367 VMSTATE_UINT32_ARRAY(mailboxes, BCM2836ControlState, 368 BCM2836_NCORES * BCM2836_MBPERCORE), 369 VMSTATE_UINT8(route_gpu_irq, BCM2836ControlState), 370 VMSTATE_UINT8(route_gpu_fiq, BCM2836ControlState), 371 VMSTATE_UINT32_ARRAY(timercontrol, BCM2836ControlState, BCM2836_NCORES), 372 VMSTATE_UINT32_ARRAY(mailboxcontrol, BCM2836ControlState, 373 BCM2836_NCORES), 374 VMSTATE_TIMER_V(timer, BCM2836ControlState, 2), 375 VMSTATE_UINT32_V(local_timer_control, BCM2836ControlState, 2), 376 VMSTATE_UINT8_V(route_localtimer, BCM2836ControlState, 2), 377 VMSTATE_END_OF_LIST() 378 } 379 }; 380 381 static void bcm2836_control_class_init(ObjectClass *klass, void *data) 382 { 383 DeviceClass *dc = DEVICE_CLASS(klass); 384 385 dc->reset = bcm2836_control_reset; 386 dc->vmsd = &vmstate_bcm2836_control; 387 } 388 389 static TypeInfo bcm2836_control_info = { 390 .name = TYPE_BCM2836_CONTROL, 391 .parent = TYPE_SYS_BUS_DEVICE, 392 .instance_size = sizeof(BCM2836ControlState), 393 .class_init = bcm2836_control_class_init, 394 .instance_init = bcm2836_control_init, 395 }; 396 397 static void bcm2836_control_register_types(void) 398 { 399 type_register_static(&bcm2836_control_info); 400 } 401 402 type_init(bcm2836_control_register_types) 403