xref: /openbmc/qemu/hw/ppc/ppc.c (revision 61d9f32b)
1 /*
2  * QEMU generic PowerPC hardware System Emulator
3  *
4  * Copyright (c) 2003-2007 Jocelyn Mayer
5  *
6  * Permission is hereby granted, free of charge, to any person obtaining a copy
7  * of this software and associated documentation files (the "Software"), to deal
8  * in the Software without restriction, including without limitation the rights
9  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10  * copies of the Software, and to permit persons to whom the Software is
11  * furnished to do so, subject to the following conditions:
12  *
13  * The above copyright notice and this permission notice shall be included in
14  * all copies or substantial portions of the Software.
15  *
16  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22  * THE SOFTWARE.
23  */
24 #include "qemu/osdep.h"
25 #include "hw/hw.h"
26 #include "hw/ppc/ppc.h"
27 #include "hw/ppc/ppc_e500.h"
28 #include "qemu/timer.h"
29 #include "sysemu/sysemu.h"
30 #include "sysemu/cpus.h"
31 #include "hw/timer/m48t59.h"
32 #include "qemu/log.h"
33 #include "qemu/error-report.h"
34 #include "hw/loader.h"
35 #include "sysemu/kvm.h"
36 #include "kvm_ppc.h"
37 #include "trace.h"
38 
39 //#define PPC_DEBUG_IRQ
40 //#define PPC_DEBUG_TB
41 
42 #ifdef PPC_DEBUG_IRQ
43 #  define LOG_IRQ(...) qemu_log_mask(CPU_LOG_INT, ## __VA_ARGS__)
44 #else
45 #  define LOG_IRQ(...) do { } while (0)
46 #endif
47 
48 
49 #ifdef PPC_DEBUG_TB
50 #  define LOG_TB(...) qemu_log(__VA_ARGS__)
51 #else
52 #  define LOG_TB(...) do { } while (0)
53 #endif
54 
55 static void cpu_ppc_tb_stop (CPUPPCState *env);
56 static void cpu_ppc_tb_start (CPUPPCState *env);
57 
58 void ppc_set_irq(PowerPCCPU *cpu, int n_IRQ, int level)
59 {
60     CPUState *cs = CPU(cpu);
61     CPUPPCState *env = &cpu->env;
62     unsigned int old_pending = env->pending_interrupts;
63 
64     if (level) {
65         env->pending_interrupts |= 1 << n_IRQ;
66         cpu_interrupt(cs, CPU_INTERRUPT_HARD);
67     } else {
68         env->pending_interrupts &= ~(1 << n_IRQ);
69         if (env->pending_interrupts == 0) {
70             cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD);
71         }
72     }
73 
74     if (old_pending != env->pending_interrupts) {
75 #ifdef CONFIG_KVM
76         kvmppc_set_interrupt(cpu, n_IRQ, level);
77 #endif
78     }
79 
80     LOG_IRQ("%s: %p n_IRQ %d level %d => pending %08" PRIx32
81                 "req %08x\n", __func__, env, n_IRQ, level,
82                 env->pending_interrupts, CPU(cpu)->interrupt_request);
83 }
84 
85 /* PowerPC 6xx / 7xx internal IRQ controller */
86 static void ppc6xx_set_irq(void *opaque, int pin, int level)
87 {
88     PowerPCCPU *cpu = opaque;
89     CPUPPCState *env = &cpu->env;
90     int cur_level;
91 
92     LOG_IRQ("%s: env %p pin %d level %d\n", __func__,
93                 env, pin, level);
94     cur_level = (env->irq_input_state >> pin) & 1;
95     /* Don't generate spurious events */
96     if ((cur_level == 1 && level == 0) || (cur_level == 0 && level != 0)) {
97         CPUState *cs = CPU(cpu);
98 
99         switch (pin) {
100         case PPC6xx_INPUT_TBEN:
101             /* Level sensitive - active high */
102             LOG_IRQ("%s: %s the time base\n",
103                         __func__, level ? "start" : "stop");
104             if (level) {
105                 cpu_ppc_tb_start(env);
106             } else {
107                 cpu_ppc_tb_stop(env);
108             }
109         case PPC6xx_INPUT_INT:
110             /* Level sensitive - active high */
111             LOG_IRQ("%s: set the external IRQ state to %d\n",
112                         __func__, level);
113             ppc_set_irq(cpu, PPC_INTERRUPT_EXT, level);
114             break;
115         case PPC6xx_INPUT_SMI:
116             /* Level sensitive - active high */
117             LOG_IRQ("%s: set the SMI IRQ state to %d\n",
118                         __func__, level);
119             ppc_set_irq(cpu, PPC_INTERRUPT_SMI, level);
120             break;
121         case PPC6xx_INPUT_MCP:
122             /* Negative edge sensitive */
123             /* XXX: TODO: actual reaction may depends on HID0 status
124              *            603/604/740/750: check HID0[EMCP]
125              */
126             if (cur_level == 1 && level == 0) {
127                 LOG_IRQ("%s: raise machine check state\n",
128                             __func__);
129                 ppc_set_irq(cpu, PPC_INTERRUPT_MCK, 1);
130             }
131             break;
132         case PPC6xx_INPUT_CKSTP_IN:
133             /* Level sensitive - active low */
134             /* XXX: TODO: relay the signal to CKSTP_OUT pin */
135             /* XXX: Note that the only way to restart the CPU is to reset it */
136             if (level) {
137                 LOG_IRQ("%s: stop the CPU\n", __func__);
138                 cs->halted = 1;
139             }
140             break;
141         case PPC6xx_INPUT_HRESET:
142             /* Level sensitive - active low */
143             if (level) {
144                 LOG_IRQ("%s: reset the CPU\n", __func__);
145                 cpu_interrupt(cs, CPU_INTERRUPT_RESET);
146             }
147             break;
148         case PPC6xx_INPUT_SRESET:
149             LOG_IRQ("%s: set the RESET IRQ state to %d\n",
150                         __func__, level);
151             ppc_set_irq(cpu, PPC_INTERRUPT_RESET, level);
152             break;
153         default:
154             /* Unknown pin - do nothing */
155             LOG_IRQ("%s: unknown IRQ pin %d\n", __func__, pin);
156             return;
157         }
158         if (level)
159             env->irq_input_state |= 1 << pin;
160         else
161             env->irq_input_state &= ~(1 << pin);
162     }
163 }
164 
165 void ppc6xx_irq_init(CPUPPCState *env)
166 {
167     PowerPCCPU *cpu = ppc_env_get_cpu(env);
168 
169     env->irq_inputs = (void **)qemu_allocate_irqs(&ppc6xx_set_irq, cpu,
170                                                   PPC6xx_INPUT_NB);
171 }
172 
173 #if defined(TARGET_PPC64)
174 /* PowerPC 970 internal IRQ controller */
175 static void ppc970_set_irq(void *opaque, int pin, int level)
176 {
177     PowerPCCPU *cpu = opaque;
178     CPUPPCState *env = &cpu->env;
179     int cur_level;
180 
181     LOG_IRQ("%s: env %p pin %d level %d\n", __func__,
182                 env, pin, level);
183     cur_level = (env->irq_input_state >> pin) & 1;
184     /* Don't generate spurious events */
185     if ((cur_level == 1 && level == 0) || (cur_level == 0 && level != 0)) {
186         CPUState *cs = CPU(cpu);
187 
188         switch (pin) {
189         case PPC970_INPUT_INT:
190             /* Level sensitive - active high */
191             LOG_IRQ("%s: set the external IRQ state to %d\n",
192                         __func__, level);
193             ppc_set_irq(cpu, PPC_INTERRUPT_EXT, level);
194             break;
195         case PPC970_INPUT_THINT:
196             /* Level sensitive - active high */
197             LOG_IRQ("%s: set the SMI IRQ state to %d\n", __func__,
198                         level);
199             ppc_set_irq(cpu, PPC_INTERRUPT_THERM, level);
200             break;
201         case PPC970_INPUT_MCP:
202             /* Negative edge sensitive */
203             /* XXX: TODO: actual reaction may depends on HID0 status
204              *            603/604/740/750: check HID0[EMCP]
205              */
206             if (cur_level == 1 && level == 0) {
207                 LOG_IRQ("%s: raise machine check state\n",
208                             __func__);
209                 ppc_set_irq(cpu, PPC_INTERRUPT_MCK, 1);
210             }
211             break;
212         case PPC970_INPUT_CKSTP:
213             /* Level sensitive - active low */
214             /* XXX: TODO: relay the signal to CKSTP_OUT pin */
215             if (level) {
216                 LOG_IRQ("%s: stop the CPU\n", __func__);
217                 cs->halted = 1;
218             } else {
219                 LOG_IRQ("%s: restart the CPU\n", __func__);
220                 cs->halted = 0;
221                 qemu_cpu_kick(cs);
222             }
223             break;
224         case PPC970_INPUT_HRESET:
225             /* Level sensitive - active low */
226             if (level) {
227                 cpu_interrupt(cs, CPU_INTERRUPT_RESET);
228             }
229             break;
230         case PPC970_INPUT_SRESET:
231             LOG_IRQ("%s: set the RESET IRQ state to %d\n",
232                         __func__, level);
233             ppc_set_irq(cpu, PPC_INTERRUPT_RESET, level);
234             break;
235         case PPC970_INPUT_TBEN:
236             LOG_IRQ("%s: set the TBEN state to %d\n", __func__,
237                         level);
238             /* XXX: TODO */
239             break;
240         default:
241             /* Unknown pin - do nothing */
242             LOG_IRQ("%s: unknown IRQ pin %d\n", __func__, pin);
243             return;
244         }
245         if (level)
246             env->irq_input_state |= 1 << pin;
247         else
248             env->irq_input_state &= ~(1 << pin);
249     }
250 }
251 
252 void ppc970_irq_init(CPUPPCState *env)
253 {
254     PowerPCCPU *cpu = ppc_env_get_cpu(env);
255 
256     env->irq_inputs = (void **)qemu_allocate_irqs(&ppc970_set_irq, cpu,
257                                                   PPC970_INPUT_NB);
258 }
259 
260 /* POWER7 internal IRQ controller */
261 static void power7_set_irq(void *opaque, int pin, int level)
262 {
263     PowerPCCPU *cpu = opaque;
264     CPUPPCState *env = &cpu->env;
265 
266     LOG_IRQ("%s: env %p pin %d level %d\n", __func__,
267                 env, pin, level);
268 
269     switch (pin) {
270     case POWER7_INPUT_INT:
271         /* Level sensitive - active high */
272         LOG_IRQ("%s: set the external IRQ state to %d\n",
273                 __func__, level);
274         ppc_set_irq(cpu, PPC_INTERRUPT_EXT, level);
275         break;
276     default:
277         /* Unknown pin - do nothing */
278         LOG_IRQ("%s: unknown IRQ pin %d\n", __func__, pin);
279         return;
280     }
281     if (level) {
282         env->irq_input_state |= 1 << pin;
283     } else {
284         env->irq_input_state &= ~(1 << pin);
285     }
286 }
287 
288 void ppcPOWER7_irq_init(CPUPPCState *env)
289 {
290     PowerPCCPU *cpu = ppc_env_get_cpu(env);
291 
292     env->irq_inputs = (void **)qemu_allocate_irqs(&power7_set_irq, cpu,
293                                                   POWER7_INPUT_NB);
294 }
295 #endif /* defined(TARGET_PPC64) */
296 
297 /* PowerPC 40x internal IRQ controller */
298 static void ppc40x_set_irq(void *opaque, int pin, int level)
299 {
300     PowerPCCPU *cpu = opaque;
301     CPUPPCState *env = &cpu->env;
302     int cur_level;
303 
304     LOG_IRQ("%s: env %p pin %d level %d\n", __func__,
305                 env, pin, level);
306     cur_level = (env->irq_input_state >> pin) & 1;
307     /* Don't generate spurious events */
308     if ((cur_level == 1 && level == 0) || (cur_level == 0 && level != 0)) {
309         CPUState *cs = CPU(cpu);
310 
311         switch (pin) {
312         case PPC40x_INPUT_RESET_SYS:
313             if (level) {
314                 LOG_IRQ("%s: reset the PowerPC system\n",
315                             __func__);
316                 ppc40x_system_reset(cpu);
317             }
318             break;
319         case PPC40x_INPUT_RESET_CHIP:
320             if (level) {
321                 LOG_IRQ("%s: reset the PowerPC chip\n", __func__);
322                 ppc40x_chip_reset(cpu);
323             }
324             break;
325         case PPC40x_INPUT_RESET_CORE:
326             /* XXX: TODO: update DBSR[MRR] */
327             if (level) {
328                 LOG_IRQ("%s: reset the PowerPC core\n", __func__);
329                 ppc40x_core_reset(cpu);
330             }
331             break;
332         case PPC40x_INPUT_CINT:
333             /* Level sensitive - active high */
334             LOG_IRQ("%s: set the critical IRQ state to %d\n",
335                         __func__, level);
336             ppc_set_irq(cpu, PPC_INTERRUPT_CEXT, level);
337             break;
338         case PPC40x_INPUT_INT:
339             /* Level sensitive - active high */
340             LOG_IRQ("%s: set the external IRQ state to %d\n",
341                         __func__, level);
342             ppc_set_irq(cpu, PPC_INTERRUPT_EXT, level);
343             break;
344         case PPC40x_INPUT_HALT:
345             /* Level sensitive - active low */
346             if (level) {
347                 LOG_IRQ("%s: stop the CPU\n", __func__);
348                 cs->halted = 1;
349             } else {
350                 LOG_IRQ("%s: restart the CPU\n", __func__);
351                 cs->halted = 0;
352                 qemu_cpu_kick(cs);
353             }
354             break;
355         case PPC40x_INPUT_DEBUG:
356             /* Level sensitive - active high */
357             LOG_IRQ("%s: set the debug pin state to %d\n",
358                         __func__, level);
359             ppc_set_irq(cpu, PPC_INTERRUPT_DEBUG, level);
360             break;
361         default:
362             /* Unknown pin - do nothing */
363             LOG_IRQ("%s: unknown IRQ pin %d\n", __func__, pin);
364             return;
365         }
366         if (level)
367             env->irq_input_state |= 1 << pin;
368         else
369             env->irq_input_state &= ~(1 << pin);
370     }
371 }
372 
373 void ppc40x_irq_init(CPUPPCState *env)
374 {
375     PowerPCCPU *cpu = ppc_env_get_cpu(env);
376 
377     env->irq_inputs = (void **)qemu_allocate_irqs(&ppc40x_set_irq,
378                                                   cpu, PPC40x_INPUT_NB);
379 }
380 
381 /* PowerPC E500 internal IRQ controller */
382 static void ppce500_set_irq(void *opaque, int pin, int level)
383 {
384     PowerPCCPU *cpu = opaque;
385     CPUPPCState *env = &cpu->env;
386     int cur_level;
387 
388     LOG_IRQ("%s: env %p pin %d level %d\n", __func__,
389                 env, pin, level);
390     cur_level = (env->irq_input_state >> pin) & 1;
391     /* Don't generate spurious events */
392     if ((cur_level == 1 && level == 0) || (cur_level == 0 && level != 0)) {
393         switch (pin) {
394         case PPCE500_INPUT_MCK:
395             if (level) {
396                 LOG_IRQ("%s: reset the PowerPC system\n",
397                             __func__);
398                 qemu_system_reset_request();
399             }
400             break;
401         case PPCE500_INPUT_RESET_CORE:
402             if (level) {
403                 LOG_IRQ("%s: reset the PowerPC core\n", __func__);
404                 ppc_set_irq(cpu, PPC_INTERRUPT_MCK, level);
405             }
406             break;
407         case PPCE500_INPUT_CINT:
408             /* Level sensitive - active high */
409             LOG_IRQ("%s: set the critical IRQ state to %d\n",
410                         __func__, level);
411             ppc_set_irq(cpu, PPC_INTERRUPT_CEXT, level);
412             break;
413         case PPCE500_INPUT_INT:
414             /* Level sensitive - active high */
415             LOG_IRQ("%s: set the core IRQ state to %d\n",
416                         __func__, level);
417             ppc_set_irq(cpu, PPC_INTERRUPT_EXT, level);
418             break;
419         case PPCE500_INPUT_DEBUG:
420             /* Level sensitive - active high */
421             LOG_IRQ("%s: set the debug pin state to %d\n",
422                         __func__, level);
423             ppc_set_irq(cpu, PPC_INTERRUPT_DEBUG, level);
424             break;
425         default:
426             /* Unknown pin - do nothing */
427             LOG_IRQ("%s: unknown IRQ pin %d\n", __func__, pin);
428             return;
429         }
430         if (level)
431             env->irq_input_state |= 1 << pin;
432         else
433             env->irq_input_state &= ~(1 << pin);
434     }
435 }
436 
437 void ppce500_irq_init(CPUPPCState *env)
438 {
439     PowerPCCPU *cpu = ppc_env_get_cpu(env);
440 
441     env->irq_inputs = (void **)qemu_allocate_irqs(&ppce500_set_irq,
442                                                   cpu, PPCE500_INPUT_NB);
443 }
444 
445 /* Enable or Disable the E500 EPR capability */
446 void ppce500_set_mpic_proxy(bool enabled)
447 {
448     CPUState *cs;
449 
450     CPU_FOREACH(cs) {
451         PowerPCCPU *cpu = POWERPC_CPU(cs);
452 
453         cpu->env.mpic_proxy = enabled;
454         if (kvm_enabled()) {
455             kvmppc_set_mpic_proxy(cpu, enabled);
456         }
457     }
458 }
459 
460 /*****************************************************************************/
461 /* PowerPC time base and decrementer emulation */
462 
463 uint64_t cpu_ppc_get_tb(ppc_tb_t *tb_env, uint64_t vmclk, int64_t tb_offset)
464 {
465     /* TB time in tb periods */
466     return muldiv64(vmclk, tb_env->tb_freq, get_ticks_per_sec()) + tb_offset;
467 }
468 
469 uint64_t cpu_ppc_load_tbl (CPUPPCState *env)
470 {
471     ppc_tb_t *tb_env = env->tb_env;
472     uint64_t tb;
473 
474     if (kvm_enabled()) {
475         return env->spr[SPR_TBL];
476     }
477 
478     tb = cpu_ppc_get_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), tb_env->tb_offset);
479     LOG_TB("%s: tb %016" PRIx64 "\n", __func__, tb);
480 
481     return tb;
482 }
483 
484 static inline uint32_t _cpu_ppc_load_tbu(CPUPPCState *env)
485 {
486     ppc_tb_t *tb_env = env->tb_env;
487     uint64_t tb;
488 
489     tb = cpu_ppc_get_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), tb_env->tb_offset);
490     LOG_TB("%s: tb %016" PRIx64 "\n", __func__, tb);
491 
492     return tb >> 32;
493 }
494 
495 uint32_t cpu_ppc_load_tbu (CPUPPCState *env)
496 {
497     if (kvm_enabled()) {
498         return env->spr[SPR_TBU];
499     }
500 
501     return _cpu_ppc_load_tbu(env);
502 }
503 
504 static inline void cpu_ppc_store_tb(ppc_tb_t *tb_env, uint64_t vmclk,
505                                     int64_t *tb_offsetp, uint64_t value)
506 {
507     *tb_offsetp = value - muldiv64(vmclk, tb_env->tb_freq, get_ticks_per_sec());
508     LOG_TB("%s: tb %016" PRIx64 " offset %08" PRIx64 "\n",
509                 __func__, value, *tb_offsetp);
510 }
511 
512 void cpu_ppc_store_tbl (CPUPPCState *env, uint32_t value)
513 {
514     ppc_tb_t *tb_env = env->tb_env;
515     uint64_t tb;
516 
517     tb = cpu_ppc_get_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), tb_env->tb_offset);
518     tb &= 0xFFFFFFFF00000000ULL;
519     cpu_ppc_store_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL),
520                      &tb_env->tb_offset, tb | (uint64_t)value);
521 }
522 
523 static inline void _cpu_ppc_store_tbu(CPUPPCState *env, uint32_t value)
524 {
525     ppc_tb_t *tb_env = env->tb_env;
526     uint64_t tb;
527 
528     tb = cpu_ppc_get_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), tb_env->tb_offset);
529     tb &= 0x00000000FFFFFFFFULL;
530     cpu_ppc_store_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL),
531                      &tb_env->tb_offset, ((uint64_t)value << 32) | tb);
532 }
533 
534 void cpu_ppc_store_tbu (CPUPPCState *env, uint32_t value)
535 {
536     _cpu_ppc_store_tbu(env, value);
537 }
538 
539 uint64_t cpu_ppc_load_atbl (CPUPPCState *env)
540 {
541     ppc_tb_t *tb_env = env->tb_env;
542     uint64_t tb;
543 
544     tb = cpu_ppc_get_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), tb_env->atb_offset);
545     LOG_TB("%s: tb %016" PRIx64 "\n", __func__, tb);
546 
547     return tb;
548 }
549 
550 uint32_t cpu_ppc_load_atbu (CPUPPCState *env)
551 {
552     ppc_tb_t *tb_env = env->tb_env;
553     uint64_t tb;
554 
555     tb = cpu_ppc_get_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), tb_env->atb_offset);
556     LOG_TB("%s: tb %016" PRIx64 "\n", __func__, tb);
557 
558     return tb >> 32;
559 }
560 
561 void cpu_ppc_store_atbl (CPUPPCState *env, uint32_t value)
562 {
563     ppc_tb_t *tb_env = env->tb_env;
564     uint64_t tb;
565 
566     tb = cpu_ppc_get_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), tb_env->atb_offset);
567     tb &= 0xFFFFFFFF00000000ULL;
568     cpu_ppc_store_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL),
569                      &tb_env->atb_offset, tb | (uint64_t)value);
570 }
571 
572 void cpu_ppc_store_atbu (CPUPPCState *env, uint32_t value)
573 {
574     ppc_tb_t *tb_env = env->tb_env;
575     uint64_t tb;
576 
577     tb = cpu_ppc_get_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), tb_env->atb_offset);
578     tb &= 0x00000000FFFFFFFFULL;
579     cpu_ppc_store_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL),
580                      &tb_env->atb_offset, ((uint64_t)value << 32) | tb);
581 }
582 
583 static void cpu_ppc_tb_stop (CPUPPCState *env)
584 {
585     ppc_tb_t *tb_env = env->tb_env;
586     uint64_t tb, atb, vmclk;
587 
588     /* If the time base is already frozen, do nothing */
589     if (tb_env->tb_freq != 0) {
590         vmclk = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
591         /* Get the time base */
592         tb = cpu_ppc_get_tb(tb_env, vmclk, tb_env->tb_offset);
593         /* Get the alternate time base */
594         atb = cpu_ppc_get_tb(tb_env, vmclk, tb_env->atb_offset);
595         /* Store the time base value (ie compute the current offset) */
596         cpu_ppc_store_tb(tb_env, vmclk, &tb_env->tb_offset, tb);
597         /* Store the alternate time base value (compute the current offset) */
598         cpu_ppc_store_tb(tb_env, vmclk, &tb_env->atb_offset, atb);
599         /* Set the time base frequency to zero */
600         tb_env->tb_freq = 0;
601         /* Now, the time bases are frozen to tb_offset / atb_offset value */
602     }
603 }
604 
605 static void cpu_ppc_tb_start (CPUPPCState *env)
606 {
607     ppc_tb_t *tb_env = env->tb_env;
608     uint64_t tb, atb, vmclk;
609 
610     /* If the time base is not frozen, do nothing */
611     if (tb_env->tb_freq == 0) {
612         vmclk = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
613         /* Get the time base from tb_offset */
614         tb = tb_env->tb_offset;
615         /* Get the alternate time base from atb_offset */
616         atb = tb_env->atb_offset;
617         /* Restore the tb frequency from the decrementer frequency */
618         tb_env->tb_freq = tb_env->decr_freq;
619         /* Store the time base value */
620         cpu_ppc_store_tb(tb_env, vmclk, &tb_env->tb_offset, tb);
621         /* Store the alternate time base value */
622         cpu_ppc_store_tb(tb_env, vmclk, &tb_env->atb_offset, atb);
623     }
624 }
625 
626 bool ppc_decr_clear_on_delivery(CPUPPCState *env)
627 {
628     ppc_tb_t *tb_env = env->tb_env;
629     int flags = PPC_DECR_UNDERFLOW_TRIGGERED | PPC_DECR_UNDERFLOW_LEVEL;
630     return ((tb_env->flags & flags) == PPC_DECR_UNDERFLOW_TRIGGERED);
631 }
632 
633 static inline uint32_t _cpu_ppc_load_decr(CPUPPCState *env, uint64_t next)
634 {
635     ppc_tb_t *tb_env = env->tb_env;
636     uint32_t decr;
637     int64_t diff;
638 
639     diff = next - qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
640     if (diff >= 0) {
641         decr = muldiv64(diff, tb_env->decr_freq, get_ticks_per_sec());
642     } else if (tb_env->flags & PPC_TIMER_BOOKE) {
643         decr = 0;
644     }  else {
645         decr = -muldiv64(-diff, tb_env->decr_freq, get_ticks_per_sec());
646     }
647     LOG_TB("%s: %08" PRIx32 "\n", __func__, decr);
648 
649     return decr;
650 }
651 
652 uint32_t cpu_ppc_load_decr (CPUPPCState *env)
653 {
654     ppc_tb_t *tb_env = env->tb_env;
655 
656     if (kvm_enabled()) {
657         return env->spr[SPR_DECR];
658     }
659 
660     return _cpu_ppc_load_decr(env, tb_env->decr_next);
661 }
662 
663 uint32_t cpu_ppc_load_hdecr (CPUPPCState *env)
664 {
665     ppc_tb_t *tb_env = env->tb_env;
666 
667     return _cpu_ppc_load_decr(env, tb_env->hdecr_next);
668 }
669 
670 uint64_t cpu_ppc_load_purr (CPUPPCState *env)
671 {
672     ppc_tb_t *tb_env = env->tb_env;
673     uint64_t diff;
674 
675     diff = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) - tb_env->purr_start;
676 
677     return tb_env->purr_load + muldiv64(diff, tb_env->tb_freq, get_ticks_per_sec());
678 }
679 
680 /* When decrementer expires,
681  * all we need to do is generate or queue a CPU exception
682  */
683 static inline void cpu_ppc_decr_excp(PowerPCCPU *cpu)
684 {
685     /* Raise it */
686     LOG_TB("raise decrementer exception\n");
687     ppc_set_irq(cpu, PPC_INTERRUPT_DECR, 1);
688 }
689 
690 static inline void cpu_ppc_decr_lower(PowerPCCPU *cpu)
691 {
692     ppc_set_irq(cpu, PPC_INTERRUPT_DECR, 0);
693 }
694 
695 static inline void cpu_ppc_hdecr_excp(PowerPCCPU *cpu)
696 {
697     /* Raise it */
698     LOG_TB("raise decrementer exception\n");
699     ppc_set_irq(cpu, PPC_INTERRUPT_HDECR, 1);
700 }
701 
702 static inline void cpu_ppc_hdecr_lower(PowerPCCPU *cpu)
703 {
704     ppc_set_irq(cpu, PPC_INTERRUPT_HDECR, 0);
705 }
706 
707 static void __cpu_ppc_store_decr(PowerPCCPU *cpu, uint64_t *nextp,
708                                  QEMUTimer *timer,
709                                  void (*raise_excp)(void *),
710                                  void (*lower_excp)(PowerPCCPU *),
711                                  uint32_t decr, uint32_t value)
712 {
713     CPUPPCState *env = &cpu->env;
714     ppc_tb_t *tb_env = env->tb_env;
715     uint64_t now, next;
716 
717     LOG_TB("%s: %08" PRIx32 " => %08" PRIx32 "\n", __func__,
718                 decr, value);
719 
720     if (kvm_enabled()) {
721         /* KVM handles decrementer exceptions, we don't need our own timer */
722         return;
723     }
724 
725     /*
726      * Going from 2 -> 1, 1 -> 0 or 0 -> -1 is the event to generate a DEC
727      * interrupt.
728      *
729      * If we get a really small DEC value, we can assume that by the time we
730      * handled it we should inject an interrupt already.
731      *
732      * On MSB level based DEC implementations the MSB always means the interrupt
733      * is pending, so raise it on those.
734      *
735      * On MSB edge based DEC implementations the MSB going from 0 -> 1 triggers
736      * an edge interrupt, so raise it here too.
737      */
738     if ((value < 3) ||
739         ((tb_env->flags & PPC_DECR_UNDERFLOW_LEVEL) && (value & 0x80000000)) ||
740         ((tb_env->flags & PPC_DECR_UNDERFLOW_TRIGGERED) && (value & 0x80000000)
741           && !(decr & 0x80000000))) {
742         (*raise_excp)(cpu);
743         return;
744     }
745 
746     /* On MSB level based systems a 0 for the MSB stops interrupt delivery */
747     if (!(value & 0x80000000) && (tb_env->flags & PPC_DECR_UNDERFLOW_LEVEL)) {
748         (*lower_excp)(cpu);
749     }
750 
751     /* Calculate the next timer event */
752     now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
753     next = now + muldiv64(value, get_ticks_per_sec(), tb_env->decr_freq);
754     *nextp = next;
755 
756     /* Adjust timer */
757     timer_mod(timer, next);
758 }
759 
760 static inline void _cpu_ppc_store_decr(PowerPCCPU *cpu, uint32_t decr,
761                                        uint32_t value)
762 {
763     ppc_tb_t *tb_env = cpu->env.tb_env;
764 
765     __cpu_ppc_store_decr(cpu, &tb_env->decr_next, tb_env->decr_timer,
766                          tb_env->decr_timer->cb, &cpu_ppc_decr_lower, decr,
767                          value);
768 }
769 
770 void cpu_ppc_store_decr (CPUPPCState *env, uint32_t value)
771 {
772     PowerPCCPU *cpu = ppc_env_get_cpu(env);
773 
774     _cpu_ppc_store_decr(cpu, cpu_ppc_load_decr(env), value);
775 }
776 
777 static void cpu_ppc_decr_cb(void *opaque)
778 {
779     PowerPCCPU *cpu = opaque;
780 
781     cpu_ppc_decr_excp(cpu);
782 }
783 
784 static inline void _cpu_ppc_store_hdecr(PowerPCCPU *cpu, uint32_t hdecr,
785                                         uint32_t value)
786 {
787     ppc_tb_t *tb_env = cpu->env.tb_env;
788 
789     if (tb_env->hdecr_timer != NULL) {
790         __cpu_ppc_store_decr(cpu, &tb_env->hdecr_next, tb_env->hdecr_timer,
791                              tb_env->hdecr_timer->cb, &cpu_ppc_hdecr_lower,
792                              hdecr, value);
793     }
794 }
795 
796 void cpu_ppc_store_hdecr (CPUPPCState *env, uint32_t value)
797 {
798     PowerPCCPU *cpu = ppc_env_get_cpu(env);
799 
800     _cpu_ppc_store_hdecr(cpu, cpu_ppc_load_hdecr(env), value);
801 }
802 
803 static void cpu_ppc_hdecr_cb(void *opaque)
804 {
805     PowerPCCPU *cpu = opaque;
806 
807     cpu_ppc_hdecr_excp(cpu);
808 }
809 
810 static void cpu_ppc_store_purr(PowerPCCPU *cpu, uint64_t value)
811 {
812     ppc_tb_t *tb_env = cpu->env.tb_env;
813 
814     tb_env->purr_load = value;
815     tb_env->purr_start = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
816 }
817 
818 static void cpu_ppc_set_tb_clk (void *opaque, uint32_t freq)
819 {
820     CPUPPCState *env = opaque;
821     PowerPCCPU *cpu = ppc_env_get_cpu(env);
822     ppc_tb_t *tb_env = env->tb_env;
823 
824     tb_env->tb_freq = freq;
825     tb_env->decr_freq = freq;
826     /* There is a bug in Linux 2.4 kernels:
827      * if a decrementer exception is pending when it enables msr_ee at startup,
828      * it's not ready to handle it...
829      */
830     _cpu_ppc_store_decr(cpu, 0xFFFFFFFF, 0xFFFFFFFF);
831     _cpu_ppc_store_hdecr(cpu, 0xFFFFFFFF, 0xFFFFFFFF);
832     cpu_ppc_store_purr(cpu, 0x0000000000000000ULL);
833 }
834 
835 static void timebase_pre_save(void *opaque)
836 {
837     PPCTimebase *tb = opaque;
838     uint64_t ticks = cpu_get_host_ticks();
839     PowerPCCPU *first_ppc_cpu = POWERPC_CPU(first_cpu);
840 
841     if (!first_ppc_cpu->env.tb_env) {
842         error_report("No timebase object");
843         return;
844     }
845 
846     tb->time_of_the_day_ns = qemu_clock_get_ns(QEMU_CLOCK_HOST);
847     /*
848      * tb_offset is only expected to be changed by migration so
849      * there is no need to update it from KVM here
850      */
851     tb->guest_timebase = ticks + first_ppc_cpu->env.tb_env->tb_offset;
852 }
853 
854 static int timebase_post_load(void *opaque, int version_id)
855 {
856     PPCTimebase *tb_remote = opaque;
857     CPUState *cpu;
858     PowerPCCPU *first_ppc_cpu = POWERPC_CPU(first_cpu);
859     int64_t tb_off_adj, tb_off, ns_diff;
860     int64_t migration_duration_ns, migration_duration_tb, guest_tb, host_ns;
861     unsigned long freq;
862 
863     if (!first_ppc_cpu->env.tb_env) {
864         error_report("No timebase object");
865         return -1;
866     }
867 
868     freq = first_ppc_cpu->env.tb_env->tb_freq;
869     /*
870      * Calculate timebase on the destination side of migration.
871      * The destination timebase must be not less than the source timebase.
872      * We try to adjust timebase by downtime if host clocks are not
873      * too much out of sync (1 second for now).
874      */
875     host_ns = qemu_clock_get_ns(QEMU_CLOCK_HOST);
876     ns_diff = MAX(0, host_ns - tb_remote->time_of_the_day_ns);
877     migration_duration_ns = MIN(NANOSECONDS_PER_SECOND, ns_diff);
878     migration_duration_tb = muldiv64(migration_duration_ns, freq,
879                                      NANOSECONDS_PER_SECOND);
880     guest_tb = tb_remote->guest_timebase + MIN(0, migration_duration_tb);
881 
882     tb_off_adj = guest_tb - cpu_get_host_ticks();
883 
884     tb_off = first_ppc_cpu->env.tb_env->tb_offset;
885     trace_ppc_tb_adjust(tb_off, tb_off_adj, tb_off_adj - tb_off,
886                         (tb_off_adj - tb_off) / freq);
887 
888     /* Set new offset to all CPUs */
889     CPU_FOREACH(cpu) {
890         PowerPCCPU *pcpu = POWERPC_CPU(cpu);
891         pcpu->env.tb_env->tb_offset = tb_off_adj;
892     }
893 
894     return 0;
895 }
896 
897 const VMStateDescription vmstate_ppc_timebase = {
898     .name = "timebase",
899     .version_id = 1,
900     .minimum_version_id = 1,
901     .minimum_version_id_old = 1,
902     .pre_save = timebase_pre_save,
903     .post_load = timebase_post_load,
904     .fields      = (VMStateField []) {
905         VMSTATE_UINT64(guest_timebase, PPCTimebase),
906         VMSTATE_INT64(time_of_the_day_ns, PPCTimebase),
907         VMSTATE_END_OF_LIST()
908     },
909 };
910 
911 /* Set up (once) timebase frequency (in Hz) */
912 clk_setup_cb cpu_ppc_tb_init (CPUPPCState *env, uint32_t freq)
913 {
914     PowerPCCPU *cpu = ppc_env_get_cpu(env);
915     ppc_tb_t *tb_env;
916 
917     tb_env = g_malloc0(sizeof(ppc_tb_t));
918     env->tb_env = tb_env;
919     tb_env->flags = PPC_DECR_UNDERFLOW_TRIGGERED;
920     if (env->insns_flags & PPC_SEGMENT_64B) {
921         /* All Book3S 64bit CPUs implement level based DEC logic */
922         tb_env->flags |= PPC_DECR_UNDERFLOW_LEVEL;
923     }
924     /* Create new timer */
925     tb_env->decr_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, &cpu_ppc_decr_cb, cpu);
926     if (0) {
927         /* XXX: find a suitable condition to enable the hypervisor decrementer
928          */
929         tb_env->hdecr_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, &cpu_ppc_hdecr_cb,
930                                                 cpu);
931     } else {
932         tb_env->hdecr_timer = NULL;
933     }
934     cpu_ppc_set_tb_clk(env, freq);
935 
936     return &cpu_ppc_set_tb_clk;
937 }
938 
939 /* Specific helpers for POWER & PowerPC 601 RTC */
940 #if 0
941 static clk_setup_cb cpu_ppc601_rtc_init (CPUPPCState *env)
942 {
943     return cpu_ppc_tb_init(env, 7812500);
944 }
945 #endif
946 
947 void cpu_ppc601_store_rtcu (CPUPPCState *env, uint32_t value)
948 {
949     _cpu_ppc_store_tbu(env, value);
950 }
951 
952 uint32_t cpu_ppc601_load_rtcu (CPUPPCState *env)
953 {
954     return _cpu_ppc_load_tbu(env);
955 }
956 
957 void cpu_ppc601_store_rtcl (CPUPPCState *env, uint32_t value)
958 {
959     cpu_ppc_store_tbl(env, value & 0x3FFFFF80);
960 }
961 
962 uint32_t cpu_ppc601_load_rtcl (CPUPPCState *env)
963 {
964     return cpu_ppc_load_tbl(env) & 0x3FFFFF80;
965 }
966 
967 /*****************************************************************************/
968 /* PowerPC 40x timers */
969 
970 /* PIT, FIT & WDT */
971 typedef struct ppc40x_timer_t ppc40x_timer_t;
972 struct ppc40x_timer_t {
973     uint64_t pit_reload;  /* PIT auto-reload value        */
974     uint64_t fit_next;    /* Tick for next FIT interrupt  */
975     QEMUTimer *fit_timer;
976     uint64_t wdt_next;    /* Tick for next WDT interrupt  */
977     QEMUTimer *wdt_timer;
978 
979     /* 405 have the PIT, 440 have a DECR.  */
980     unsigned int decr_excp;
981 };
982 
983 /* Fixed interval timer */
984 static void cpu_4xx_fit_cb (void *opaque)
985 {
986     PowerPCCPU *cpu;
987     CPUPPCState *env;
988     ppc_tb_t *tb_env;
989     ppc40x_timer_t *ppc40x_timer;
990     uint64_t now, next;
991 
992     env = opaque;
993     cpu = ppc_env_get_cpu(env);
994     tb_env = env->tb_env;
995     ppc40x_timer = tb_env->opaque;
996     now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
997     switch ((env->spr[SPR_40x_TCR] >> 24) & 0x3) {
998     case 0:
999         next = 1 << 9;
1000         break;
1001     case 1:
1002         next = 1 << 13;
1003         break;
1004     case 2:
1005         next = 1 << 17;
1006         break;
1007     case 3:
1008         next = 1 << 21;
1009         break;
1010     default:
1011         /* Cannot occur, but makes gcc happy */
1012         return;
1013     }
1014     next = now + muldiv64(next, get_ticks_per_sec(), tb_env->tb_freq);
1015     if (next == now)
1016         next++;
1017     timer_mod(ppc40x_timer->fit_timer, next);
1018     env->spr[SPR_40x_TSR] |= 1 << 26;
1019     if ((env->spr[SPR_40x_TCR] >> 23) & 0x1) {
1020         ppc_set_irq(cpu, PPC_INTERRUPT_FIT, 1);
1021     }
1022     LOG_TB("%s: ir %d TCR " TARGET_FMT_lx " TSR " TARGET_FMT_lx "\n", __func__,
1023            (int)((env->spr[SPR_40x_TCR] >> 23) & 0x1),
1024            env->spr[SPR_40x_TCR], env->spr[SPR_40x_TSR]);
1025 }
1026 
1027 /* Programmable interval timer */
1028 static void start_stop_pit (CPUPPCState *env, ppc_tb_t *tb_env, int is_excp)
1029 {
1030     ppc40x_timer_t *ppc40x_timer;
1031     uint64_t now, next;
1032 
1033     ppc40x_timer = tb_env->opaque;
1034     if (ppc40x_timer->pit_reload <= 1 ||
1035         !((env->spr[SPR_40x_TCR] >> 26) & 0x1) ||
1036         (is_excp && !((env->spr[SPR_40x_TCR] >> 22) & 0x1))) {
1037         /* Stop PIT */
1038         LOG_TB("%s: stop PIT\n", __func__);
1039         timer_del(tb_env->decr_timer);
1040     } else {
1041         LOG_TB("%s: start PIT %016" PRIx64 "\n",
1042                     __func__, ppc40x_timer->pit_reload);
1043         now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
1044         next = now + muldiv64(ppc40x_timer->pit_reload,
1045                               get_ticks_per_sec(), tb_env->decr_freq);
1046         if (is_excp)
1047             next += tb_env->decr_next - now;
1048         if (next == now)
1049             next++;
1050         timer_mod(tb_env->decr_timer, next);
1051         tb_env->decr_next = next;
1052     }
1053 }
1054 
1055 static void cpu_4xx_pit_cb (void *opaque)
1056 {
1057     PowerPCCPU *cpu;
1058     CPUPPCState *env;
1059     ppc_tb_t *tb_env;
1060     ppc40x_timer_t *ppc40x_timer;
1061 
1062     env = opaque;
1063     cpu = ppc_env_get_cpu(env);
1064     tb_env = env->tb_env;
1065     ppc40x_timer = tb_env->opaque;
1066     env->spr[SPR_40x_TSR] |= 1 << 27;
1067     if ((env->spr[SPR_40x_TCR] >> 26) & 0x1) {
1068         ppc_set_irq(cpu, ppc40x_timer->decr_excp, 1);
1069     }
1070     start_stop_pit(env, tb_env, 1);
1071     LOG_TB("%s: ar %d ir %d TCR " TARGET_FMT_lx " TSR " TARGET_FMT_lx " "
1072            "%016" PRIx64 "\n", __func__,
1073            (int)((env->spr[SPR_40x_TCR] >> 22) & 0x1),
1074            (int)((env->spr[SPR_40x_TCR] >> 26) & 0x1),
1075            env->spr[SPR_40x_TCR], env->spr[SPR_40x_TSR],
1076            ppc40x_timer->pit_reload);
1077 }
1078 
1079 /* Watchdog timer */
1080 static void cpu_4xx_wdt_cb (void *opaque)
1081 {
1082     PowerPCCPU *cpu;
1083     CPUPPCState *env;
1084     ppc_tb_t *tb_env;
1085     ppc40x_timer_t *ppc40x_timer;
1086     uint64_t now, next;
1087 
1088     env = opaque;
1089     cpu = ppc_env_get_cpu(env);
1090     tb_env = env->tb_env;
1091     ppc40x_timer = tb_env->opaque;
1092     now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
1093     switch ((env->spr[SPR_40x_TCR] >> 30) & 0x3) {
1094     case 0:
1095         next = 1 << 17;
1096         break;
1097     case 1:
1098         next = 1 << 21;
1099         break;
1100     case 2:
1101         next = 1 << 25;
1102         break;
1103     case 3:
1104         next = 1 << 29;
1105         break;
1106     default:
1107         /* Cannot occur, but makes gcc happy */
1108         return;
1109     }
1110     next = now + muldiv64(next, get_ticks_per_sec(), tb_env->decr_freq);
1111     if (next == now)
1112         next++;
1113     LOG_TB("%s: TCR " TARGET_FMT_lx " TSR " TARGET_FMT_lx "\n", __func__,
1114            env->spr[SPR_40x_TCR], env->spr[SPR_40x_TSR]);
1115     switch ((env->spr[SPR_40x_TSR] >> 30) & 0x3) {
1116     case 0x0:
1117     case 0x1:
1118         timer_mod(ppc40x_timer->wdt_timer, next);
1119         ppc40x_timer->wdt_next = next;
1120         env->spr[SPR_40x_TSR] |= 1U << 31;
1121         break;
1122     case 0x2:
1123         timer_mod(ppc40x_timer->wdt_timer, next);
1124         ppc40x_timer->wdt_next = next;
1125         env->spr[SPR_40x_TSR] |= 1 << 30;
1126         if ((env->spr[SPR_40x_TCR] >> 27) & 0x1) {
1127             ppc_set_irq(cpu, PPC_INTERRUPT_WDT, 1);
1128         }
1129         break;
1130     case 0x3:
1131         env->spr[SPR_40x_TSR] &= ~0x30000000;
1132         env->spr[SPR_40x_TSR] |= env->spr[SPR_40x_TCR] & 0x30000000;
1133         switch ((env->spr[SPR_40x_TCR] >> 28) & 0x3) {
1134         case 0x0:
1135             /* No reset */
1136             break;
1137         case 0x1: /* Core reset */
1138             ppc40x_core_reset(cpu);
1139             break;
1140         case 0x2: /* Chip reset */
1141             ppc40x_chip_reset(cpu);
1142             break;
1143         case 0x3: /* System reset */
1144             ppc40x_system_reset(cpu);
1145             break;
1146         }
1147     }
1148 }
1149 
1150 void store_40x_pit (CPUPPCState *env, target_ulong val)
1151 {
1152     ppc_tb_t *tb_env;
1153     ppc40x_timer_t *ppc40x_timer;
1154 
1155     tb_env = env->tb_env;
1156     ppc40x_timer = tb_env->opaque;
1157     LOG_TB("%s val" TARGET_FMT_lx "\n", __func__, val);
1158     ppc40x_timer->pit_reload = val;
1159     start_stop_pit(env, tb_env, 0);
1160 }
1161 
1162 target_ulong load_40x_pit (CPUPPCState *env)
1163 {
1164     return cpu_ppc_load_decr(env);
1165 }
1166 
1167 static void ppc_40x_set_tb_clk (void *opaque, uint32_t freq)
1168 {
1169     CPUPPCState *env = opaque;
1170     ppc_tb_t *tb_env = env->tb_env;
1171 
1172     LOG_TB("%s set new frequency to %" PRIu32 "\n", __func__,
1173                 freq);
1174     tb_env->tb_freq = freq;
1175     tb_env->decr_freq = freq;
1176     /* XXX: we should also update all timers */
1177 }
1178 
1179 clk_setup_cb ppc_40x_timers_init (CPUPPCState *env, uint32_t freq,
1180                                   unsigned int decr_excp)
1181 {
1182     ppc_tb_t *tb_env;
1183     ppc40x_timer_t *ppc40x_timer;
1184 
1185     tb_env = g_malloc0(sizeof(ppc_tb_t));
1186     env->tb_env = tb_env;
1187     tb_env->flags = PPC_DECR_UNDERFLOW_TRIGGERED;
1188     ppc40x_timer = g_malloc0(sizeof(ppc40x_timer_t));
1189     tb_env->tb_freq = freq;
1190     tb_env->decr_freq = freq;
1191     tb_env->opaque = ppc40x_timer;
1192     LOG_TB("%s freq %" PRIu32 "\n", __func__, freq);
1193     if (ppc40x_timer != NULL) {
1194         /* We use decr timer for PIT */
1195         tb_env->decr_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, &cpu_4xx_pit_cb, env);
1196         ppc40x_timer->fit_timer =
1197             timer_new_ns(QEMU_CLOCK_VIRTUAL, &cpu_4xx_fit_cb, env);
1198         ppc40x_timer->wdt_timer =
1199             timer_new_ns(QEMU_CLOCK_VIRTUAL, &cpu_4xx_wdt_cb, env);
1200         ppc40x_timer->decr_excp = decr_excp;
1201     }
1202 
1203     return &ppc_40x_set_tb_clk;
1204 }
1205 
1206 /*****************************************************************************/
1207 /* Embedded PowerPC Device Control Registers */
1208 typedef struct ppc_dcrn_t ppc_dcrn_t;
1209 struct ppc_dcrn_t {
1210     dcr_read_cb dcr_read;
1211     dcr_write_cb dcr_write;
1212     void *opaque;
1213 };
1214 
1215 /* XXX: on 460, DCR addresses are 32 bits wide,
1216  *      using DCRIPR to get the 22 upper bits of the DCR address
1217  */
1218 #define DCRN_NB 1024
1219 struct ppc_dcr_t {
1220     ppc_dcrn_t dcrn[DCRN_NB];
1221     int (*read_error)(int dcrn);
1222     int (*write_error)(int dcrn);
1223 };
1224 
1225 int ppc_dcr_read (ppc_dcr_t *dcr_env, int dcrn, uint32_t *valp)
1226 {
1227     ppc_dcrn_t *dcr;
1228 
1229     if (dcrn < 0 || dcrn >= DCRN_NB)
1230         goto error;
1231     dcr = &dcr_env->dcrn[dcrn];
1232     if (dcr->dcr_read == NULL)
1233         goto error;
1234     *valp = (*dcr->dcr_read)(dcr->opaque, dcrn);
1235 
1236     return 0;
1237 
1238  error:
1239     if (dcr_env->read_error != NULL)
1240         return (*dcr_env->read_error)(dcrn);
1241 
1242     return -1;
1243 }
1244 
1245 int ppc_dcr_write (ppc_dcr_t *dcr_env, int dcrn, uint32_t val)
1246 {
1247     ppc_dcrn_t *dcr;
1248 
1249     if (dcrn < 0 || dcrn >= DCRN_NB)
1250         goto error;
1251     dcr = &dcr_env->dcrn[dcrn];
1252     if (dcr->dcr_write == NULL)
1253         goto error;
1254     (*dcr->dcr_write)(dcr->opaque, dcrn, val);
1255 
1256     return 0;
1257 
1258  error:
1259     if (dcr_env->write_error != NULL)
1260         return (*dcr_env->write_error)(dcrn);
1261 
1262     return -1;
1263 }
1264 
1265 int ppc_dcr_register (CPUPPCState *env, int dcrn, void *opaque,
1266                       dcr_read_cb dcr_read, dcr_write_cb dcr_write)
1267 {
1268     ppc_dcr_t *dcr_env;
1269     ppc_dcrn_t *dcr;
1270 
1271     dcr_env = env->dcr_env;
1272     if (dcr_env == NULL)
1273         return -1;
1274     if (dcrn < 0 || dcrn >= DCRN_NB)
1275         return -1;
1276     dcr = &dcr_env->dcrn[dcrn];
1277     if (dcr->opaque != NULL ||
1278         dcr->dcr_read != NULL ||
1279         dcr->dcr_write != NULL)
1280         return -1;
1281     dcr->opaque = opaque;
1282     dcr->dcr_read = dcr_read;
1283     dcr->dcr_write = dcr_write;
1284 
1285     return 0;
1286 }
1287 
1288 int ppc_dcr_init (CPUPPCState *env, int (*read_error)(int dcrn),
1289                   int (*write_error)(int dcrn))
1290 {
1291     ppc_dcr_t *dcr_env;
1292 
1293     dcr_env = g_malloc0(sizeof(ppc_dcr_t));
1294     dcr_env->read_error = read_error;
1295     dcr_env->write_error = write_error;
1296     env->dcr_env = dcr_env;
1297 
1298     return 0;
1299 }
1300 
1301 /*****************************************************************************/
1302 /* Debug port */
1303 void PPC_debug_write (void *opaque, uint32_t addr, uint32_t val)
1304 {
1305     addr &= 0xF;
1306     switch (addr) {
1307     case 0:
1308         printf("%c", val);
1309         break;
1310     case 1:
1311         printf("\n");
1312         fflush(stdout);
1313         break;
1314     case 2:
1315         printf("Set loglevel to %04" PRIx32 "\n", val);
1316         qemu_set_log(val | 0x100);
1317         break;
1318     }
1319 }
1320 
1321 /* CPU device-tree ID helpers */
1322 int ppc_get_vcpu_dt_id(PowerPCCPU *cpu)
1323 {
1324     return cpu->cpu_dt_id;
1325 }
1326 
1327 PowerPCCPU *ppc_get_vcpu_by_dt_id(int cpu_dt_id)
1328 {
1329     CPUState *cs;
1330 
1331     CPU_FOREACH(cs) {
1332         PowerPCCPU *cpu = POWERPC_CPU(cs);
1333 
1334         if (cpu->cpu_dt_id == cpu_dt_id) {
1335             return cpu;
1336         }
1337     }
1338 
1339     return NULL;
1340 }
1341