1 /* 2 * QEMU generic PowerPC hardware System Emulator 3 * 4 * Copyright (c) 2003-2007 Jocelyn Mayer 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a copy 7 * of this software and associated documentation files (the "Software"), to deal 8 * in the Software without restriction, including without limitation the rights 9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 * copies of the Software, and to permit persons to whom the Software is 11 * furnished to do so, subject to the following conditions: 12 * 13 * The above copyright notice and this permission notice shall be included in 14 * all copies or substantial portions of the Software. 15 * 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 * THE SOFTWARE. 23 */ 24 25 #include "qemu/osdep.h" 26 #include "cpu.h" 27 #include "hw/hw.h" 28 #include "hw/irq.h" 29 #include "hw/ppc/ppc.h" 30 #include "hw/ppc/ppc_e500.h" 31 #include "qemu/timer.h" 32 #include "sysemu/sysemu.h" 33 #include "sysemu/cpus.h" 34 #include "qemu/log.h" 35 #include "qemu/error-report.h" 36 #include "sysemu/kvm.h" 37 #include "kvm_ppc.h" 38 #include "trace.h" 39 40 //#define PPC_DEBUG_IRQ 41 //#define PPC_DEBUG_TB 42 43 #ifdef PPC_DEBUG_IRQ 44 # define LOG_IRQ(...) qemu_log_mask(CPU_LOG_INT, ## __VA_ARGS__) 45 #else 46 # define LOG_IRQ(...) do { } while (0) 47 #endif 48 49 50 #ifdef PPC_DEBUG_TB 51 # define LOG_TB(...) qemu_log(__VA_ARGS__) 52 #else 53 # define LOG_TB(...) do { } while (0) 54 #endif 55 56 static void cpu_ppc_tb_stop (CPUPPCState *env); 57 static void cpu_ppc_tb_start (CPUPPCState *env); 58 59 void ppc_set_irq(PowerPCCPU *cpu, int n_IRQ, int level) 60 { 61 CPUState *cs = CPU(cpu); 62 CPUPPCState *env = &cpu->env; 63 unsigned int old_pending; 64 bool locked = false; 65 66 /* We may already have the BQL if coming from the reset path */ 67 if (!qemu_mutex_iothread_locked()) { 68 locked = true; 69 qemu_mutex_lock_iothread(); 70 } 71 72 old_pending = env->pending_interrupts; 73 74 if (level) { 75 env->pending_interrupts |= 1 << n_IRQ; 76 cpu_interrupt(cs, CPU_INTERRUPT_HARD); 77 } else { 78 env->pending_interrupts &= ~(1 << n_IRQ); 79 if (env->pending_interrupts == 0) { 80 cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD); 81 } 82 } 83 84 if (old_pending != env->pending_interrupts) { 85 kvmppc_set_interrupt(cpu, n_IRQ, level); 86 } 87 88 89 LOG_IRQ("%s: %p n_IRQ %d level %d => pending %08" PRIx32 90 "req %08x\n", __func__, env, n_IRQ, level, 91 env->pending_interrupts, CPU(cpu)->interrupt_request); 92 93 if (locked) { 94 qemu_mutex_unlock_iothread(); 95 } 96 } 97 98 /* PowerPC 6xx / 7xx internal IRQ controller */ 99 static void ppc6xx_set_irq(void *opaque, int pin, int level) 100 { 101 PowerPCCPU *cpu = opaque; 102 CPUPPCState *env = &cpu->env; 103 int cur_level; 104 105 LOG_IRQ("%s: env %p pin %d level %d\n", __func__, 106 env, pin, level); 107 cur_level = (env->irq_input_state >> pin) & 1; 108 /* Don't generate spurious events */ 109 if ((cur_level == 1 && level == 0) || (cur_level == 0 && level != 0)) { 110 CPUState *cs = CPU(cpu); 111 112 switch (pin) { 113 case PPC6xx_INPUT_TBEN: 114 /* Level sensitive - active high */ 115 LOG_IRQ("%s: %s the time base\n", 116 __func__, level ? "start" : "stop"); 117 if (level) { 118 cpu_ppc_tb_start(env); 119 } else { 120 cpu_ppc_tb_stop(env); 121 } 122 case PPC6xx_INPUT_INT: 123 /* Level sensitive - active high */ 124 LOG_IRQ("%s: set the external IRQ state to %d\n", 125 __func__, level); 126 ppc_set_irq(cpu, PPC_INTERRUPT_EXT, level); 127 break; 128 case PPC6xx_INPUT_SMI: 129 /* Level sensitive - active high */ 130 LOG_IRQ("%s: set the SMI IRQ state to %d\n", 131 __func__, level); 132 ppc_set_irq(cpu, PPC_INTERRUPT_SMI, level); 133 break; 134 case PPC6xx_INPUT_MCP: 135 /* Negative edge sensitive */ 136 /* XXX: TODO: actual reaction may depends on HID0 status 137 * 603/604/740/750: check HID0[EMCP] 138 */ 139 if (cur_level == 1 && level == 0) { 140 LOG_IRQ("%s: raise machine check state\n", 141 __func__); 142 ppc_set_irq(cpu, PPC_INTERRUPT_MCK, 1); 143 } 144 break; 145 case PPC6xx_INPUT_CKSTP_IN: 146 /* Level sensitive - active low */ 147 /* XXX: TODO: relay the signal to CKSTP_OUT pin */ 148 /* XXX: Note that the only way to restart the CPU is to reset it */ 149 if (level) { 150 LOG_IRQ("%s: stop the CPU\n", __func__); 151 cs->halted = 1; 152 } 153 break; 154 case PPC6xx_INPUT_HRESET: 155 /* Level sensitive - active low */ 156 if (level) { 157 LOG_IRQ("%s: reset the CPU\n", __func__); 158 cpu_interrupt(cs, CPU_INTERRUPT_RESET); 159 } 160 break; 161 case PPC6xx_INPUT_SRESET: 162 LOG_IRQ("%s: set the RESET IRQ state to %d\n", 163 __func__, level); 164 ppc_set_irq(cpu, PPC_INTERRUPT_RESET, level); 165 break; 166 default: 167 /* Unknown pin - do nothing */ 168 LOG_IRQ("%s: unknown IRQ pin %d\n", __func__, pin); 169 return; 170 } 171 if (level) 172 env->irq_input_state |= 1 << pin; 173 else 174 env->irq_input_state &= ~(1 << pin); 175 } 176 } 177 178 void ppc6xx_irq_init(PowerPCCPU *cpu) 179 { 180 CPUPPCState *env = &cpu->env; 181 182 env->irq_inputs = (void **)qemu_allocate_irqs(&ppc6xx_set_irq, cpu, 183 PPC6xx_INPUT_NB); 184 } 185 186 #if defined(TARGET_PPC64) 187 /* PowerPC 970 internal IRQ controller */ 188 static void ppc970_set_irq(void *opaque, int pin, int level) 189 { 190 PowerPCCPU *cpu = opaque; 191 CPUPPCState *env = &cpu->env; 192 int cur_level; 193 194 LOG_IRQ("%s: env %p pin %d level %d\n", __func__, 195 env, pin, level); 196 cur_level = (env->irq_input_state >> pin) & 1; 197 /* Don't generate spurious events */ 198 if ((cur_level == 1 && level == 0) || (cur_level == 0 && level != 0)) { 199 CPUState *cs = CPU(cpu); 200 201 switch (pin) { 202 case PPC970_INPUT_INT: 203 /* Level sensitive - active high */ 204 LOG_IRQ("%s: set the external IRQ state to %d\n", 205 __func__, level); 206 ppc_set_irq(cpu, PPC_INTERRUPT_EXT, level); 207 break; 208 case PPC970_INPUT_THINT: 209 /* Level sensitive - active high */ 210 LOG_IRQ("%s: set the SMI IRQ state to %d\n", __func__, 211 level); 212 ppc_set_irq(cpu, PPC_INTERRUPT_THERM, level); 213 break; 214 case PPC970_INPUT_MCP: 215 /* Negative edge sensitive */ 216 /* XXX: TODO: actual reaction may depends on HID0 status 217 * 603/604/740/750: check HID0[EMCP] 218 */ 219 if (cur_level == 1 && level == 0) { 220 LOG_IRQ("%s: raise machine check state\n", 221 __func__); 222 ppc_set_irq(cpu, PPC_INTERRUPT_MCK, 1); 223 } 224 break; 225 case PPC970_INPUT_CKSTP: 226 /* Level sensitive - active low */ 227 /* XXX: TODO: relay the signal to CKSTP_OUT pin */ 228 if (level) { 229 LOG_IRQ("%s: stop the CPU\n", __func__); 230 cs->halted = 1; 231 } else { 232 LOG_IRQ("%s: restart the CPU\n", __func__); 233 cs->halted = 0; 234 qemu_cpu_kick(cs); 235 } 236 break; 237 case PPC970_INPUT_HRESET: 238 /* Level sensitive - active low */ 239 if (level) { 240 cpu_interrupt(cs, CPU_INTERRUPT_RESET); 241 } 242 break; 243 case PPC970_INPUT_SRESET: 244 LOG_IRQ("%s: set the RESET IRQ state to %d\n", 245 __func__, level); 246 ppc_set_irq(cpu, PPC_INTERRUPT_RESET, level); 247 break; 248 case PPC970_INPUT_TBEN: 249 LOG_IRQ("%s: set the TBEN state to %d\n", __func__, 250 level); 251 /* XXX: TODO */ 252 break; 253 default: 254 /* Unknown pin - do nothing */ 255 LOG_IRQ("%s: unknown IRQ pin %d\n", __func__, pin); 256 return; 257 } 258 if (level) 259 env->irq_input_state |= 1 << pin; 260 else 261 env->irq_input_state &= ~(1 << pin); 262 } 263 } 264 265 void ppc970_irq_init(PowerPCCPU *cpu) 266 { 267 CPUPPCState *env = &cpu->env; 268 269 env->irq_inputs = (void **)qemu_allocate_irqs(&ppc970_set_irq, cpu, 270 PPC970_INPUT_NB); 271 } 272 273 /* POWER7 internal IRQ controller */ 274 static void power7_set_irq(void *opaque, int pin, int level) 275 { 276 PowerPCCPU *cpu = opaque; 277 CPUPPCState *env = &cpu->env; 278 279 LOG_IRQ("%s: env %p pin %d level %d\n", __func__, 280 env, pin, level); 281 282 switch (pin) { 283 case POWER7_INPUT_INT: 284 /* Level sensitive - active high */ 285 LOG_IRQ("%s: set the external IRQ state to %d\n", 286 __func__, level); 287 ppc_set_irq(cpu, PPC_INTERRUPT_EXT, level); 288 break; 289 default: 290 /* Unknown pin - do nothing */ 291 LOG_IRQ("%s: unknown IRQ pin %d\n", __func__, pin); 292 return; 293 } 294 if (level) { 295 env->irq_input_state |= 1 << pin; 296 } else { 297 env->irq_input_state &= ~(1 << pin); 298 } 299 } 300 301 void ppcPOWER7_irq_init(PowerPCCPU *cpu) 302 { 303 CPUPPCState *env = &cpu->env; 304 305 env->irq_inputs = (void **)qemu_allocate_irqs(&power7_set_irq, cpu, 306 POWER7_INPUT_NB); 307 } 308 309 /* POWER9 internal IRQ controller */ 310 static void power9_set_irq(void *opaque, int pin, int level) 311 { 312 PowerPCCPU *cpu = opaque; 313 CPUPPCState *env = &cpu->env; 314 315 LOG_IRQ("%s: env %p pin %d level %d\n", __func__, 316 env, pin, level); 317 318 switch (pin) { 319 case POWER9_INPUT_INT: 320 /* Level sensitive - active high */ 321 LOG_IRQ("%s: set the external IRQ state to %d\n", 322 __func__, level); 323 ppc_set_irq(cpu, PPC_INTERRUPT_EXT, level); 324 break; 325 case POWER9_INPUT_HINT: 326 /* Level sensitive - active high */ 327 LOG_IRQ("%s: set the external IRQ state to %d\n", 328 __func__, level); 329 ppc_set_irq(cpu, PPC_INTERRUPT_HVIRT, level); 330 break; 331 default: 332 /* Unknown pin - do nothing */ 333 LOG_IRQ("%s: unknown IRQ pin %d\n", __func__, pin); 334 return; 335 } 336 if (level) { 337 env->irq_input_state |= 1 << pin; 338 } else { 339 env->irq_input_state &= ~(1 << pin); 340 } 341 } 342 343 void ppcPOWER9_irq_init(PowerPCCPU *cpu) 344 { 345 CPUPPCState *env = &cpu->env; 346 347 env->irq_inputs = (void **)qemu_allocate_irqs(&power9_set_irq, cpu, 348 POWER9_INPUT_NB); 349 } 350 #endif /* defined(TARGET_PPC64) */ 351 352 void ppc40x_core_reset(PowerPCCPU *cpu) 353 { 354 CPUPPCState *env = &cpu->env; 355 target_ulong dbsr; 356 357 qemu_log_mask(CPU_LOG_RESET, "Reset PowerPC core\n"); 358 cpu_interrupt(CPU(cpu), CPU_INTERRUPT_RESET); 359 dbsr = env->spr[SPR_40x_DBSR]; 360 dbsr &= ~0x00000300; 361 dbsr |= 0x00000100; 362 env->spr[SPR_40x_DBSR] = dbsr; 363 } 364 365 void ppc40x_chip_reset(PowerPCCPU *cpu) 366 { 367 CPUPPCState *env = &cpu->env; 368 target_ulong dbsr; 369 370 qemu_log_mask(CPU_LOG_RESET, "Reset PowerPC chip\n"); 371 cpu_interrupt(CPU(cpu), CPU_INTERRUPT_RESET); 372 /* XXX: TODO reset all internal peripherals */ 373 dbsr = env->spr[SPR_40x_DBSR]; 374 dbsr &= ~0x00000300; 375 dbsr |= 0x00000200; 376 env->spr[SPR_40x_DBSR] = dbsr; 377 } 378 379 void ppc40x_system_reset(PowerPCCPU *cpu) 380 { 381 qemu_log_mask(CPU_LOG_RESET, "Reset PowerPC system\n"); 382 qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET); 383 } 384 385 void store_40x_dbcr0(CPUPPCState *env, uint32_t val) 386 { 387 PowerPCCPU *cpu = env_archcpu(env); 388 389 switch ((val >> 28) & 0x3) { 390 case 0x0: 391 /* No action */ 392 break; 393 case 0x1: 394 /* Core reset */ 395 ppc40x_core_reset(cpu); 396 break; 397 case 0x2: 398 /* Chip reset */ 399 ppc40x_chip_reset(cpu); 400 break; 401 case 0x3: 402 /* System reset */ 403 ppc40x_system_reset(cpu); 404 break; 405 } 406 } 407 408 /* PowerPC 40x internal IRQ controller */ 409 static void ppc40x_set_irq(void *opaque, int pin, int level) 410 { 411 PowerPCCPU *cpu = opaque; 412 CPUPPCState *env = &cpu->env; 413 int cur_level; 414 415 LOG_IRQ("%s: env %p pin %d level %d\n", __func__, 416 env, pin, level); 417 cur_level = (env->irq_input_state >> pin) & 1; 418 /* Don't generate spurious events */ 419 if ((cur_level == 1 && level == 0) || (cur_level == 0 && level != 0)) { 420 CPUState *cs = CPU(cpu); 421 422 switch (pin) { 423 case PPC40x_INPUT_RESET_SYS: 424 if (level) { 425 LOG_IRQ("%s: reset the PowerPC system\n", 426 __func__); 427 ppc40x_system_reset(cpu); 428 } 429 break; 430 case PPC40x_INPUT_RESET_CHIP: 431 if (level) { 432 LOG_IRQ("%s: reset the PowerPC chip\n", __func__); 433 ppc40x_chip_reset(cpu); 434 } 435 break; 436 case PPC40x_INPUT_RESET_CORE: 437 /* XXX: TODO: update DBSR[MRR] */ 438 if (level) { 439 LOG_IRQ("%s: reset the PowerPC core\n", __func__); 440 ppc40x_core_reset(cpu); 441 } 442 break; 443 case PPC40x_INPUT_CINT: 444 /* Level sensitive - active high */ 445 LOG_IRQ("%s: set the critical IRQ state to %d\n", 446 __func__, level); 447 ppc_set_irq(cpu, PPC_INTERRUPT_CEXT, level); 448 break; 449 case PPC40x_INPUT_INT: 450 /* Level sensitive - active high */ 451 LOG_IRQ("%s: set the external IRQ state to %d\n", 452 __func__, level); 453 ppc_set_irq(cpu, PPC_INTERRUPT_EXT, level); 454 break; 455 case PPC40x_INPUT_HALT: 456 /* Level sensitive - active low */ 457 if (level) { 458 LOG_IRQ("%s: stop the CPU\n", __func__); 459 cs->halted = 1; 460 } else { 461 LOG_IRQ("%s: restart the CPU\n", __func__); 462 cs->halted = 0; 463 qemu_cpu_kick(cs); 464 } 465 break; 466 case PPC40x_INPUT_DEBUG: 467 /* Level sensitive - active high */ 468 LOG_IRQ("%s: set the debug pin state to %d\n", 469 __func__, level); 470 ppc_set_irq(cpu, PPC_INTERRUPT_DEBUG, level); 471 break; 472 default: 473 /* Unknown pin - do nothing */ 474 LOG_IRQ("%s: unknown IRQ pin %d\n", __func__, pin); 475 return; 476 } 477 if (level) 478 env->irq_input_state |= 1 << pin; 479 else 480 env->irq_input_state &= ~(1 << pin); 481 } 482 } 483 484 void ppc40x_irq_init(PowerPCCPU *cpu) 485 { 486 CPUPPCState *env = &cpu->env; 487 488 env->irq_inputs = (void **)qemu_allocate_irqs(&ppc40x_set_irq, 489 cpu, PPC40x_INPUT_NB); 490 } 491 492 /* PowerPC E500 internal IRQ controller */ 493 static void ppce500_set_irq(void *opaque, int pin, int level) 494 { 495 PowerPCCPU *cpu = opaque; 496 CPUPPCState *env = &cpu->env; 497 int cur_level; 498 499 LOG_IRQ("%s: env %p pin %d level %d\n", __func__, 500 env, pin, level); 501 cur_level = (env->irq_input_state >> pin) & 1; 502 /* Don't generate spurious events */ 503 if ((cur_level == 1 && level == 0) || (cur_level == 0 && level != 0)) { 504 switch (pin) { 505 case PPCE500_INPUT_MCK: 506 if (level) { 507 LOG_IRQ("%s: reset the PowerPC system\n", 508 __func__); 509 qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET); 510 } 511 break; 512 case PPCE500_INPUT_RESET_CORE: 513 if (level) { 514 LOG_IRQ("%s: reset the PowerPC core\n", __func__); 515 ppc_set_irq(cpu, PPC_INTERRUPT_MCK, level); 516 } 517 break; 518 case PPCE500_INPUT_CINT: 519 /* Level sensitive - active high */ 520 LOG_IRQ("%s: set the critical IRQ state to %d\n", 521 __func__, level); 522 ppc_set_irq(cpu, PPC_INTERRUPT_CEXT, level); 523 break; 524 case PPCE500_INPUT_INT: 525 /* Level sensitive - active high */ 526 LOG_IRQ("%s: set the core IRQ state to %d\n", 527 __func__, level); 528 ppc_set_irq(cpu, PPC_INTERRUPT_EXT, level); 529 break; 530 case PPCE500_INPUT_DEBUG: 531 /* Level sensitive - active high */ 532 LOG_IRQ("%s: set the debug pin state to %d\n", 533 __func__, level); 534 ppc_set_irq(cpu, PPC_INTERRUPT_DEBUG, level); 535 break; 536 default: 537 /* Unknown pin - do nothing */ 538 LOG_IRQ("%s: unknown IRQ pin %d\n", __func__, pin); 539 return; 540 } 541 if (level) 542 env->irq_input_state |= 1 << pin; 543 else 544 env->irq_input_state &= ~(1 << pin); 545 } 546 } 547 548 void ppce500_irq_init(PowerPCCPU *cpu) 549 { 550 CPUPPCState *env = &cpu->env; 551 552 env->irq_inputs = (void **)qemu_allocate_irqs(&ppce500_set_irq, 553 cpu, PPCE500_INPUT_NB); 554 } 555 556 /* Enable or Disable the E500 EPR capability */ 557 void ppce500_set_mpic_proxy(bool enabled) 558 { 559 CPUState *cs; 560 561 CPU_FOREACH(cs) { 562 PowerPCCPU *cpu = POWERPC_CPU(cs); 563 564 cpu->env.mpic_proxy = enabled; 565 if (kvm_enabled()) { 566 kvmppc_set_mpic_proxy(cpu, enabled); 567 } 568 } 569 } 570 571 /*****************************************************************************/ 572 /* PowerPC time base and decrementer emulation */ 573 574 uint64_t cpu_ppc_get_tb(ppc_tb_t *tb_env, uint64_t vmclk, int64_t tb_offset) 575 { 576 /* TB time in tb periods */ 577 return muldiv64(vmclk, tb_env->tb_freq, NANOSECONDS_PER_SECOND) + tb_offset; 578 } 579 580 uint64_t cpu_ppc_load_tbl (CPUPPCState *env) 581 { 582 ppc_tb_t *tb_env = env->tb_env; 583 uint64_t tb; 584 585 if (kvm_enabled()) { 586 return env->spr[SPR_TBL]; 587 } 588 589 tb = cpu_ppc_get_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), tb_env->tb_offset); 590 LOG_TB("%s: tb %016" PRIx64 "\n", __func__, tb); 591 592 return tb; 593 } 594 595 static inline uint32_t _cpu_ppc_load_tbu(CPUPPCState *env) 596 { 597 ppc_tb_t *tb_env = env->tb_env; 598 uint64_t tb; 599 600 tb = cpu_ppc_get_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), tb_env->tb_offset); 601 LOG_TB("%s: tb %016" PRIx64 "\n", __func__, tb); 602 603 return tb >> 32; 604 } 605 606 uint32_t cpu_ppc_load_tbu (CPUPPCState *env) 607 { 608 if (kvm_enabled()) { 609 return env->spr[SPR_TBU]; 610 } 611 612 return _cpu_ppc_load_tbu(env); 613 } 614 615 static inline void cpu_ppc_store_tb(ppc_tb_t *tb_env, uint64_t vmclk, 616 int64_t *tb_offsetp, uint64_t value) 617 { 618 *tb_offsetp = value - 619 muldiv64(vmclk, tb_env->tb_freq, NANOSECONDS_PER_SECOND); 620 621 LOG_TB("%s: tb %016" PRIx64 " offset %08" PRIx64 "\n", 622 __func__, value, *tb_offsetp); 623 } 624 625 void cpu_ppc_store_tbl (CPUPPCState *env, uint32_t value) 626 { 627 ppc_tb_t *tb_env = env->tb_env; 628 uint64_t tb; 629 630 tb = cpu_ppc_get_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), tb_env->tb_offset); 631 tb &= 0xFFFFFFFF00000000ULL; 632 cpu_ppc_store_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), 633 &tb_env->tb_offset, tb | (uint64_t)value); 634 } 635 636 static inline void _cpu_ppc_store_tbu(CPUPPCState *env, uint32_t value) 637 { 638 ppc_tb_t *tb_env = env->tb_env; 639 uint64_t tb; 640 641 tb = cpu_ppc_get_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), tb_env->tb_offset); 642 tb &= 0x00000000FFFFFFFFULL; 643 cpu_ppc_store_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), 644 &tb_env->tb_offset, ((uint64_t)value << 32) | tb); 645 } 646 647 void cpu_ppc_store_tbu (CPUPPCState *env, uint32_t value) 648 { 649 _cpu_ppc_store_tbu(env, value); 650 } 651 652 uint64_t cpu_ppc_load_atbl (CPUPPCState *env) 653 { 654 ppc_tb_t *tb_env = env->tb_env; 655 uint64_t tb; 656 657 tb = cpu_ppc_get_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), tb_env->atb_offset); 658 LOG_TB("%s: tb %016" PRIx64 "\n", __func__, tb); 659 660 return tb; 661 } 662 663 uint32_t cpu_ppc_load_atbu (CPUPPCState *env) 664 { 665 ppc_tb_t *tb_env = env->tb_env; 666 uint64_t tb; 667 668 tb = cpu_ppc_get_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), tb_env->atb_offset); 669 LOG_TB("%s: tb %016" PRIx64 "\n", __func__, tb); 670 671 return tb >> 32; 672 } 673 674 void cpu_ppc_store_atbl (CPUPPCState *env, uint32_t value) 675 { 676 ppc_tb_t *tb_env = env->tb_env; 677 uint64_t tb; 678 679 tb = cpu_ppc_get_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), tb_env->atb_offset); 680 tb &= 0xFFFFFFFF00000000ULL; 681 cpu_ppc_store_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), 682 &tb_env->atb_offset, tb | (uint64_t)value); 683 } 684 685 void cpu_ppc_store_atbu (CPUPPCState *env, uint32_t value) 686 { 687 ppc_tb_t *tb_env = env->tb_env; 688 uint64_t tb; 689 690 tb = cpu_ppc_get_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), tb_env->atb_offset); 691 tb &= 0x00000000FFFFFFFFULL; 692 cpu_ppc_store_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), 693 &tb_env->atb_offset, ((uint64_t)value << 32) | tb); 694 } 695 696 static void cpu_ppc_tb_stop (CPUPPCState *env) 697 { 698 ppc_tb_t *tb_env = env->tb_env; 699 uint64_t tb, atb, vmclk; 700 701 /* If the time base is already frozen, do nothing */ 702 if (tb_env->tb_freq != 0) { 703 vmclk = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL); 704 /* Get the time base */ 705 tb = cpu_ppc_get_tb(tb_env, vmclk, tb_env->tb_offset); 706 /* Get the alternate time base */ 707 atb = cpu_ppc_get_tb(tb_env, vmclk, tb_env->atb_offset); 708 /* Store the time base value (ie compute the current offset) */ 709 cpu_ppc_store_tb(tb_env, vmclk, &tb_env->tb_offset, tb); 710 /* Store the alternate time base value (compute the current offset) */ 711 cpu_ppc_store_tb(tb_env, vmclk, &tb_env->atb_offset, atb); 712 /* Set the time base frequency to zero */ 713 tb_env->tb_freq = 0; 714 /* Now, the time bases are frozen to tb_offset / atb_offset value */ 715 } 716 } 717 718 static void cpu_ppc_tb_start (CPUPPCState *env) 719 { 720 ppc_tb_t *tb_env = env->tb_env; 721 uint64_t tb, atb, vmclk; 722 723 /* If the time base is not frozen, do nothing */ 724 if (tb_env->tb_freq == 0) { 725 vmclk = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL); 726 /* Get the time base from tb_offset */ 727 tb = tb_env->tb_offset; 728 /* Get the alternate time base from atb_offset */ 729 atb = tb_env->atb_offset; 730 /* Restore the tb frequency from the decrementer frequency */ 731 tb_env->tb_freq = tb_env->decr_freq; 732 /* Store the time base value */ 733 cpu_ppc_store_tb(tb_env, vmclk, &tb_env->tb_offset, tb); 734 /* Store the alternate time base value */ 735 cpu_ppc_store_tb(tb_env, vmclk, &tb_env->atb_offset, atb); 736 } 737 } 738 739 bool ppc_decr_clear_on_delivery(CPUPPCState *env) 740 { 741 ppc_tb_t *tb_env = env->tb_env; 742 int flags = PPC_DECR_UNDERFLOW_TRIGGERED | PPC_DECR_UNDERFLOW_LEVEL; 743 return ((tb_env->flags & flags) == PPC_DECR_UNDERFLOW_TRIGGERED); 744 } 745 746 static inline int64_t _cpu_ppc_load_decr(CPUPPCState *env, uint64_t next) 747 { 748 ppc_tb_t *tb_env = env->tb_env; 749 int64_t decr, diff; 750 751 diff = next - qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL); 752 if (diff >= 0) { 753 decr = muldiv64(diff, tb_env->decr_freq, NANOSECONDS_PER_SECOND); 754 } else if (tb_env->flags & PPC_TIMER_BOOKE) { 755 decr = 0; 756 } else { 757 decr = -muldiv64(-diff, tb_env->decr_freq, NANOSECONDS_PER_SECOND); 758 } 759 LOG_TB("%s: %016" PRIx64 "\n", __func__, decr); 760 761 return decr; 762 } 763 764 target_ulong cpu_ppc_load_decr(CPUPPCState *env) 765 { 766 ppc_tb_t *tb_env = env->tb_env; 767 uint64_t decr; 768 769 if (kvm_enabled()) { 770 return env->spr[SPR_DECR]; 771 } 772 773 decr = _cpu_ppc_load_decr(env, tb_env->decr_next); 774 775 /* 776 * If large decrementer is enabled then the decrementer is signed extened 777 * to 64 bits, otherwise it is a 32 bit value. 778 */ 779 if (env->spr[SPR_LPCR] & LPCR_LD) { 780 return decr; 781 } 782 return (uint32_t) decr; 783 } 784 785 target_ulong cpu_ppc_load_hdecr(CPUPPCState *env) 786 { 787 PowerPCCPU *cpu = env_archcpu(env); 788 PowerPCCPUClass *pcc = POWERPC_CPU_GET_CLASS(cpu); 789 ppc_tb_t *tb_env = env->tb_env; 790 uint64_t hdecr; 791 792 hdecr = _cpu_ppc_load_decr(env, tb_env->hdecr_next); 793 794 /* 795 * If we have a large decrementer (POWER9 or later) then hdecr is sign 796 * extended to 64 bits, otherwise it is 32 bits. 797 */ 798 if (pcc->lrg_decr_bits > 32) { 799 return hdecr; 800 } 801 return (uint32_t) hdecr; 802 } 803 804 uint64_t cpu_ppc_load_purr (CPUPPCState *env) 805 { 806 ppc_tb_t *tb_env = env->tb_env; 807 uint64_t diff; 808 809 diff = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) - tb_env->purr_start; 810 811 return tb_env->purr_load + 812 muldiv64(diff, tb_env->tb_freq, NANOSECONDS_PER_SECOND); 813 } 814 815 /* When decrementer expires, 816 * all we need to do is generate or queue a CPU exception 817 */ 818 static inline void cpu_ppc_decr_excp(PowerPCCPU *cpu) 819 { 820 /* Raise it */ 821 LOG_TB("raise decrementer exception\n"); 822 ppc_set_irq(cpu, PPC_INTERRUPT_DECR, 1); 823 } 824 825 static inline void cpu_ppc_decr_lower(PowerPCCPU *cpu) 826 { 827 ppc_set_irq(cpu, PPC_INTERRUPT_DECR, 0); 828 } 829 830 static inline void cpu_ppc_hdecr_excp(PowerPCCPU *cpu) 831 { 832 CPUPPCState *env = &cpu->env; 833 834 /* Raise it */ 835 LOG_TB("raise hv decrementer exception\n"); 836 837 /* The architecture specifies that we don't deliver HDEC 838 * interrupts in a PM state. Not only they don't cause a 839 * wakeup but they also get effectively discarded. 840 */ 841 if (!env->resume_as_sreset) { 842 ppc_set_irq(cpu, PPC_INTERRUPT_HDECR, 1); 843 } 844 } 845 846 static inline void cpu_ppc_hdecr_lower(PowerPCCPU *cpu) 847 { 848 ppc_set_irq(cpu, PPC_INTERRUPT_HDECR, 0); 849 } 850 851 static void __cpu_ppc_store_decr(PowerPCCPU *cpu, uint64_t *nextp, 852 QEMUTimer *timer, 853 void (*raise_excp)(void *), 854 void (*lower_excp)(PowerPCCPU *), 855 target_ulong decr, target_ulong value, 856 int nr_bits) 857 { 858 CPUPPCState *env = &cpu->env; 859 ppc_tb_t *tb_env = env->tb_env; 860 uint64_t now, next; 861 bool negative; 862 863 /* Truncate value to decr_width and sign extend for simplicity */ 864 value &= ((1ULL << nr_bits) - 1); 865 negative = !!(value & (1ULL << (nr_bits - 1))); 866 if (negative) { 867 value |= (0xFFFFFFFFULL << nr_bits); 868 } 869 870 LOG_TB("%s: " TARGET_FMT_lx " => " TARGET_FMT_lx "\n", __func__, 871 decr, value); 872 873 if (kvm_enabled()) { 874 /* KVM handles decrementer exceptions, we don't need our own timer */ 875 return; 876 } 877 878 /* 879 * Going from 2 -> 1, 1 -> 0 or 0 -> -1 is the event to generate a DEC 880 * interrupt. 881 * 882 * If we get a really small DEC value, we can assume that by the time we 883 * handled it we should inject an interrupt already. 884 * 885 * On MSB level based DEC implementations the MSB always means the interrupt 886 * is pending, so raise it on those. 887 * 888 * On MSB edge based DEC implementations the MSB going from 0 -> 1 triggers 889 * an edge interrupt, so raise it here too. 890 */ 891 if ((value < 3) || 892 ((tb_env->flags & PPC_DECR_UNDERFLOW_LEVEL) && negative) || 893 ((tb_env->flags & PPC_DECR_UNDERFLOW_TRIGGERED) && negative 894 && !(decr & (1ULL << (nr_bits - 1))))) { 895 (*raise_excp)(cpu); 896 return; 897 } 898 899 /* On MSB level based systems a 0 for the MSB stops interrupt delivery */ 900 if (!negative && (tb_env->flags & PPC_DECR_UNDERFLOW_LEVEL)) { 901 (*lower_excp)(cpu); 902 } 903 904 /* Calculate the next timer event */ 905 now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL); 906 next = now + muldiv64(value, NANOSECONDS_PER_SECOND, tb_env->decr_freq); 907 *nextp = next; 908 909 /* Adjust timer */ 910 timer_mod(timer, next); 911 } 912 913 static inline void _cpu_ppc_store_decr(PowerPCCPU *cpu, target_ulong decr, 914 target_ulong value, int nr_bits) 915 { 916 ppc_tb_t *tb_env = cpu->env.tb_env; 917 918 __cpu_ppc_store_decr(cpu, &tb_env->decr_next, tb_env->decr_timer, 919 tb_env->decr_timer->cb, &cpu_ppc_decr_lower, decr, 920 value, nr_bits); 921 } 922 923 void cpu_ppc_store_decr(CPUPPCState *env, target_ulong value) 924 { 925 PowerPCCPU *cpu = env_archcpu(env); 926 PowerPCCPUClass *pcc = POWERPC_CPU_GET_CLASS(cpu); 927 int nr_bits = 32; 928 929 if (env->spr[SPR_LPCR] & LPCR_LD) { 930 nr_bits = pcc->lrg_decr_bits; 931 } 932 933 _cpu_ppc_store_decr(cpu, cpu_ppc_load_decr(env), value, nr_bits); 934 } 935 936 static void cpu_ppc_decr_cb(void *opaque) 937 { 938 PowerPCCPU *cpu = opaque; 939 940 cpu_ppc_decr_excp(cpu); 941 } 942 943 static inline void _cpu_ppc_store_hdecr(PowerPCCPU *cpu, target_ulong hdecr, 944 target_ulong value, int nr_bits) 945 { 946 ppc_tb_t *tb_env = cpu->env.tb_env; 947 948 if (tb_env->hdecr_timer != NULL) { 949 __cpu_ppc_store_decr(cpu, &tb_env->hdecr_next, tb_env->hdecr_timer, 950 tb_env->hdecr_timer->cb, &cpu_ppc_hdecr_lower, 951 hdecr, value, nr_bits); 952 } 953 } 954 955 void cpu_ppc_store_hdecr(CPUPPCState *env, target_ulong value) 956 { 957 PowerPCCPU *cpu = env_archcpu(env); 958 PowerPCCPUClass *pcc = POWERPC_CPU_GET_CLASS(cpu); 959 960 _cpu_ppc_store_hdecr(cpu, cpu_ppc_load_hdecr(env), value, 961 pcc->lrg_decr_bits); 962 } 963 964 static void cpu_ppc_hdecr_cb(void *opaque) 965 { 966 PowerPCCPU *cpu = opaque; 967 968 cpu_ppc_hdecr_excp(cpu); 969 } 970 971 static void cpu_ppc_store_purr(PowerPCCPU *cpu, uint64_t value) 972 { 973 ppc_tb_t *tb_env = cpu->env.tb_env; 974 975 tb_env->purr_load = value; 976 tb_env->purr_start = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL); 977 } 978 979 static void cpu_ppc_set_tb_clk (void *opaque, uint32_t freq) 980 { 981 CPUPPCState *env = opaque; 982 PowerPCCPU *cpu = env_archcpu(env); 983 ppc_tb_t *tb_env = env->tb_env; 984 985 tb_env->tb_freq = freq; 986 tb_env->decr_freq = freq; 987 /* There is a bug in Linux 2.4 kernels: 988 * if a decrementer exception is pending when it enables msr_ee at startup, 989 * it's not ready to handle it... 990 */ 991 _cpu_ppc_store_decr(cpu, 0xFFFFFFFF, 0xFFFFFFFF, 32); 992 _cpu_ppc_store_hdecr(cpu, 0xFFFFFFFF, 0xFFFFFFFF, 32); 993 cpu_ppc_store_purr(cpu, 0x0000000000000000ULL); 994 } 995 996 static void timebase_save(PPCTimebase *tb) 997 { 998 uint64_t ticks = cpu_get_host_ticks(); 999 PowerPCCPU *first_ppc_cpu = POWERPC_CPU(first_cpu); 1000 1001 if (!first_ppc_cpu->env.tb_env) { 1002 error_report("No timebase object"); 1003 return; 1004 } 1005 1006 /* not used anymore, we keep it for compatibility */ 1007 tb->time_of_the_day_ns = qemu_clock_get_ns(QEMU_CLOCK_HOST); 1008 /* 1009 * tb_offset is only expected to be changed by QEMU so 1010 * there is no need to update it from KVM here 1011 */ 1012 tb->guest_timebase = ticks + first_ppc_cpu->env.tb_env->tb_offset; 1013 } 1014 1015 static void timebase_load(PPCTimebase *tb) 1016 { 1017 CPUState *cpu; 1018 PowerPCCPU *first_ppc_cpu = POWERPC_CPU(first_cpu); 1019 int64_t tb_off_adj, tb_off; 1020 unsigned long freq; 1021 1022 if (!first_ppc_cpu->env.tb_env) { 1023 error_report("No timebase object"); 1024 return; 1025 } 1026 1027 freq = first_ppc_cpu->env.tb_env->tb_freq; 1028 1029 tb_off_adj = tb->guest_timebase - cpu_get_host_ticks(); 1030 1031 tb_off = first_ppc_cpu->env.tb_env->tb_offset; 1032 trace_ppc_tb_adjust(tb_off, tb_off_adj, tb_off_adj - tb_off, 1033 (tb_off_adj - tb_off) / freq); 1034 1035 /* Set new offset to all CPUs */ 1036 CPU_FOREACH(cpu) { 1037 PowerPCCPU *pcpu = POWERPC_CPU(cpu); 1038 pcpu->env.tb_env->tb_offset = tb_off_adj; 1039 kvmppc_set_reg_tb_offset(pcpu, pcpu->env.tb_env->tb_offset); 1040 } 1041 } 1042 1043 void cpu_ppc_clock_vm_state_change(void *opaque, int running, 1044 RunState state) 1045 { 1046 PPCTimebase *tb = opaque; 1047 1048 if (running) { 1049 timebase_load(tb); 1050 } else { 1051 timebase_save(tb); 1052 } 1053 } 1054 1055 /* 1056 * When migrating, read the clock just before migration, 1057 * so that the guest clock counts during the events 1058 * between: 1059 * 1060 * * vm_stop() 1061 * * 1062 * * pre_save() 1063 * 1064 * This reduces clock difference on migration from 5s 1065 * to 0.1s (when max_downtime == 5s), because sending the 1066 * final pages of memory (which happens between vm_stop() 1067 * and pre_save()) takes max_downtime. 1068 */ 1069 static int timebase_pre_save(void *opaque) 1070 { 1071 PPCTimebase *tb = opaque; 1072 1073 timebase_save(tb); 1074 1075 return 0; 1076 } 1077 1078 const VMStateDescription vmstate_ppc_timebase = { 1079 .name = "timebase", 1080 .version_id = 1, 1081 .minimum_version_id = 1, 1082 .minimum_version_id_old = 1, 1083 .pre_save = timebase_pre_save, 1084 .fields = (VMStateField []) { 1085 VMSTATE_UINT64(guest_timebase, PPCTimebase), 1086 VMSTATE_INT64(time_of_the_day_ns, PPCTimebase), 1087 VMSTATE_END_OF_LIST() 1088 }, 1089 }; 1090 1091 /* Set up (once) timebase frequency (in Hz) */ 1092 clk_setup_cb cpu_ppc_tb_init (CPUPPCState *env, uint32_t freq) 1093 { 1094 PowerPCCPU *cpu = env_archcpu(env); 1095 ppc_tb_t *tb_env; 1096 1097 tb_env = g_malloc0(sizeof(ppc_tb_t)); 1098 env->tb_env = tb_env; 1099 tb_env->flags = PPC_DECR_UNDERFLOW_TRIGGERED; 1100 if (is_book3s_arch2x(env)) { 1101 /* All Book3S 64bit CPUs implement level based DEC logic */ 1102 tb_env->flags |= PPC_DECR_UNDERFLOW_LEVEL; 1103 } 1104 /* Create new timer */ 1105 tb_env->decr_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, &cpu_ppc_decr_cb, cpu); 1106 if (env->has_hv_mode) { 1107 tb_env->hdecr_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, &cpu_ppc_hdecr_cb, 1108 cpu); 1109 } else { 1110 tb_env->hdecr_timer = NULL; 1111 } 1112 cpu_ppc_set_tb_clk(env, freq); 1113 1114 return &cpu_ppc_set_tb_clk; 1115 } 1116 1117 /* Specific helpers for POWER & PowerPC 601 RTC */ 1118 void cpu_ppc601_store_rtcu (CPUPPCState *env, uint32_t value) 1119 { 1120 _cpu_ppc_store_tbu(env, value); 1121 } 1122 1123 uint32_t cpu_ppc601_load_rtcu (CPUPPCState *env) 1124 { 1125 return _cpu_ppc_load_tbu(env); 1126 } 1127 1128 void cpu_ppc601_store_rtcl (CPUPPCState *env, uint32_t value) 1129 { 1130 cpu_ppc_store_tbl(env, value & 0x3FFFFF80); 1131 } 1132 1133 uint32_t cpu_ppc601_load_rtcl (CPUPPCState *env) 1134 { 1135 return cpu_ppc_load_tbl(env) & 0x3FFFFF80; 1136 } 1137 1138 /*****************************************************************************/ 1139 /* PowerPC 40x timers */ 1140 1141 /* PIT, FIT & WDT */ 1142 typedef struct ppc40x_timer_t ppc40x_timer_t; 1143 struct ppc40x_timer_t { 1144 uint64_t pit_reload; /* PIT auto-reload value */ 1145 uint64_t fit_next; /* Tick for next FIT interrupt */ 1146 QEMUTimer *fit_timer; 1147 uint64_t wdt_next; /* Tick for next WDT interrupt */ 1148 QEMUTimer *wdt_timer; 1149 1150 /* 405 have the PIT, 440 have a DECR. */ 1151 unsigned int decr_excp; 1152 }; 1153 1154 /* Fixed interval timer */ 1155 static void cpu_4xx_fit_cb (void *opaque) 1156 { 1157 PowerPCCPU *cpu; 1158 CPUPPCState *env; 1159 ppc_tb_t *tb_env; 1160 ppc40x_timer_t *ppc40x_timer; 1161 uint64_t now, next; 1162 1163 env = opaque; 1164 cpu = env_archcpu(env); 1165 tb_env = env->tb_env; 1166 ppc40x_timer = tb_env->opaque; 1167 now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL); 1168 switch ((env->spr[SPR_40x_TCR] >> 24) & 0x3) { 1169 case 0: 1170 next = 1 << 9; 1171 break; 1172 case 1: 1173 next = 1 << 13; 1174 break; 1175 case 2: 1176 next = 1 << 17; 1177 break; 1178 case 3: 1179 next = 1 << 21; 1180 break; 1181 default: 1182 /* Cannot occur, but makes gcc happy */ 1183 return; 1184 } 1185 next = now + muldiv64(next, NANOSECONDS_PER_SECOND, tb_env->tb_freq); 1186 if (next == now) 1187 next++; 1188 timer_mod(ppc40x_timer->fit_timer, next); 1189 env->spr[SPR_40x_TSR] |= 1 << 26; 1190 if ((env->spr[SPR_40x_TCR] >> 23) & 0x1) { 1191 ppc_set_irq(cpu, PPC_INTERRUPT_FIT, 1); 1192 } 1193 LOG_TB("%s: ir %d TCR " TARGET_FMT_lx " TSR " TARGET_FMT_lx "\n", __func__, 1194 (int)((env->spr[SPR_40x_TCR] >> 23) & 0x1), 1195 env->spr[SPR_40x_TCR], env->spr[SPR_40x_TSR]); 1196 } 1197 1198 /* Programmable interval timer */ 1199 static void start_stop_pit (CPUPPCState *env, ppc_tb_t *tb_env, int is_excp) 1200 { 1201 ppc40x_timer_t *ppc40x_timer; 1202 uint64_t now, next; 1203 1204 ppc40x_timer = tb_env->opaque; 1205 if (ppc40x_timer->pit_reload <= 1 || 1206 !((env->spr[SPR_40x_TCR] >> 26) & 0x1) || 1207 (is_excp && !((env->spr[SPR_40x_TCR] >> 22) & 0x1))) { 1208 /* Stop PIT */ 1209 LOG_TB("%s: stop PIT\n", __func__); 1210 timer_del(tb_env->decr_timer); 1211 } else { 1212 LOG_TB("%s: start PIT %016" PRIx64 "\n", 1213 __func__, ppc40x_timer->pit_reload); 1214 now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL); 1215 next = now + muldiv64(ppc40x_timer->pit_reload, 1216 NANOSECONDS_PER_SECOND, tb_env->decr_freq); 1217 if (is_excp) 1218 next += tb_env->decr_next - now; 1219 if (next == now) 1220 next++; 1221 timer_mod(tb_env->decr_timer, next); 1222 tb_env->decr_next = next; 1223 } 1224 } 1225 1226 static void cpu_4xx_pit_cb (void *opaque) 1227 { 1228 PowerPCCPU *cpu; 1229 CPUPPCState *env; 1230 ppc_tb_t *tb_env; 1231 ppc40x_timer_t *ppc40x_timer; 1232 1233 env = opaque; 1234 cpu = env_archcpu(env); 1235 tb_env = env->tb_env; 1236 ppc40x_timer = tb_env->opaque; 1237 env->spr[SPR_40x_TSR] |= 1 << 27; 1238 if ((env->spr[SPR_40x_TCR] >> 26) & 0x1) { 1239 ppc_set_irq(cpu, ppc40x_timer->decr_excp, 1); 1240 } 1241 start_stop_pit(env, tb_env, 1); 1242 LOG_TB("%s: ar %d ir %d TCR " TARGET_FMT_lx " TSR " TARGET_FMT_lx " " 1243 "%016" PRIx64 "\n", __func__, 1244 (int)((env->spr[SPR_40x_TCR] >> 22) & 0x1), 1245 (int)((env->spr[SPR_40x_TCR] >> 26) & 0x1), 1246 env->spr[SPR_40x_TCR], env->spr[SPR_40x_TSR], 1247 ppc40x_timer->pit_reload); 1248 } 1249 1250 /* Watchdog timer */ 1251 static void cpu_4xx_wdt_cb (void *opaque) 1252 { 1253 PowerPCCPU *cpu; 1254 CPUPPCState *env; 1255 ppc_tb_t *tb_env; 1256 ppc40x_timer_t *ppc40x_timer; 1257 uint64_t now, next; 1258 1259 env = opaque; 1260 cpu = env_archcpu(env); 1261 tb_env = env->tb_env; 1262 ppc40x_timer = tb_env->opaque; 1263 now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL); 1264 switch ((env->spr[SPR_40x_TCR] >> 30) & 0x3) { 1265 case 0: 1266 next = 1 << 17; 1267 break; 1268 case 1: 1269 next = 1 << 21; 1270 break; 1271 case 2: 1272 next = 1 << 25; 1273 break; 1274 case 3: 1275 next = 1 << 29; 1276 break; 1277 default: 1278 /* Cannot occur, but makes gcc happy */ 1279 return; 1280 } 1281 next = now + muldiv64(next, NANOSECONDS_PER_SECOND, tb_env->decr_freq); 1282 if (next == now) 1283 next++; 1284 LOG_TB("%s: TCR " TARGET_FMT_lx " TSR " TARGET_FMT_lx "\n", __func__, 1285 env->spr[SPR_40x_TCR], env->spr[SPR_40x_TSR]); 1286 switch ((env->spr[SPR_40x_TSR] >> 30) & 0x3) { 1287 case 0x0: 1288 case 0x1: 1289 timer_mod(ppc40x_timer->wdt_timer, next); 1290 ppc40x_timer->wdt_next = next; 1291 env->spr[SPR_40x_TSR] |= 1U << 31; 1292 break; 1293 case 0x2: 1294 timer_mod(ppc40x_timer->wdt_timer, next); 1295 ppc40x_timer->wdt_next = next; 1296 env->spr[SPR_40x_TSR] |= 1 << 30; 1297 if ((env->spr[SPR_40x_TCR] >> 27) & 0x1) { 1298 ppc_set_irq(cpu, PPC_INTERRUPT_WDT, 1); 1299 } 1300 break; 1301 case 0x3: 1302 env->spr[SPR_40x_TSR] &= ~0x30000000; 1303 env->spr[SPR_40x_TSR] |= env->spr[SPR_40x_TCR] & 0x30000000; 1304 switch ((env->spr[SPR_40x_TCR] >> 28) & 0x3) { 1305 case 0x0: 1306 /* No reset */ 1307 break; 1308 case 0x1: /* Core reset */ 1309 ppc40x_core_reset(cpu); 1310 break; 1311 case 0x2: /* Chip reset */ 1312 ppc40x_chip_reset(cpu); 1313 break; 1314 case 0x3: /* System reset */ 1315 ppc40x_system_reset(cpu); 1316 break; 1317 } 1318 } 1319 } 1320 1321 void store_40x_pit (CPUPPCState *env, target_ulong val) 1322 { 1323 ppc_tb_t *tb_env; 1324 ppc40x_timer_t *ppc40x_timer; 1325 1326 tb_env = env->tb_env; 1327 ppc40x_timer = tb_env->opaque; 1328 LOG_TB("%s val" TARGET_FMT_lx "\n", __func__, val); 1329 ppc40x_timer->pit_reload = val; 1330 start_stop_pit(env, tb_env, 0); 1331 } 1332 1333 target_ulong load_40x_pit (CPUPPCState *env) 1334 { 1335 return cpu_ppc_load_decr(env); 1336 } 1337 1338 static void ppc_40x_set_tb_clk (void *opaque, uint32_t freq) 1339 { 1340 CPUPPCState *env = opaque; 1341 ppc_tb_t *tb_env = env->tb_env; 1342 1343 LOG_TB("%s set new frequency to %" PRIu32 "\n", __func__, 1344 freq); 1345 tb_env->tb_freq = freq; 1346 tb_env->decr_freq = freq; 1347 /* XXX: we should also update all timers */ 1348 } 1349 1350 clk_setup_cb ppc_40x_timers_init (CPUPPCState *env, uint32_t freq, 1351 unsigned int decr_excp) 1352 { 1353 ppc_tb_t *tb_env; 1354 ppc40x_timer_t *ppc40x_timer; 1355 1356 tb_env = g_malloc0(sizeof(ppc_tb_t)); 1357 env->tb_env = tb_env; 1358 tb_env->flags = PPC_DECR_UNDERFLOW_TRIGGERED; 1359 ppc40x_timer = g_malloc0(sizeof(ppc40x_timer_t)); 1360 tb_env->tb_freq = freq; 1361 tb_env->decr_freq = freq; 1362 tb_env->opaque = ppc40x_timer; 1363 LOG_TB("%s freq %" PRIu32 "\n", __func__, freq); 1364 if (ppc40x_timer != NULL) { 1365 /* We use decr timer for PIT */ 1366 tb_env->decr_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, &cpu_4xx_pit_cb, env); 1367 ppc40x_timer->fit_timer = 1368 timer_new_ns(QEMU_CLOCK_VIRTUAL, &cpu_4xx_fit_cb, env); 1369 ppc40x_timer->wdt_timer = 1370 timer_new_ns(QEMU_CLOCK_VIRTUAL, &cpu_4xx_wdt_cb, env); 1371 ppc40x_timer->decr_excp = decr_excp; 1372 } 1373 1374 return &ppc_40x_set_tb_clk; 1375 } 1376 1377 /*****************************************************************************/ 1378 /* Embedded PowerPC Device Control Registers */ 1379 typedef struct ppc_dcrn_t ppc_dcrn_t; 1380 struct ppc_dcrn_t { 1381 dcr_read_cb dcr_read; 1382 dcr_write_cb dcr_write; 1383 void *opaque; 1384 }; 1385 1386 /* XXX: on 460, DCR addresses are 32 bits wide, 1387 * using DCRIPR to get the 22 upper bits of the DCR address 1388 */ 1389 #define DCRN_NB 1024 1390 struct ppc_dcr_t { 1391 ppc_dcrn_t dcrn[DCRN_NB]; 1392 int (*read_error)(int dcrn); 1393 int (*write_error)(int dcrn); 1394 }; 1395 1396 int ppc_dcr_read (ppc_dcr_t *dcr_env, int dcrn, uint32_t *valp) 1397 { 1398 ppc_dcrn_t *dcr; 1399 1400 if (dcrn < 0 || dcrn >= DCRN_NB) 1401 goto error; 1402 dcr = &dcr_env->dcrn[dcrn]; 1403 if (dcr->dcr_read == NULL) 1404 goto error; 1405 *valp = (*dcr->dcr_read)(dcr->opaque, dcrn); 1406 1407 return 0; 1408 1409 error: 1410 if (dcr_env->read_error != NULL) 1411 return (*dcr_env->read_error)(dcrn); 1412 1413 return -1; 1414 } 1415 1416 int ppc_dcr_write (ppc_dcr_t *dcr_env, int dcrn, uint32_t val) 1417 { 1418 ppc_dcrn_t *dcr; 1419 1420 if (dcrn < 0 || dcrn >= DCRN_NB) 1421 goto error; 1422 dcr = &dcr_env->dcrn[dcrn]; 1423 if (dcr->dcr_write == NULL) 1424 goto error; 1425 (*dcr->dcr_write)(dcr->opaque, dcrn, val); 1426 1427 return 0; 1428 1429 error: 1430 if (dcr_env->write_error != NULL) 1431 return (*dcr_env->write_error)(dcrn); 1432 1433 return -1; 1434 } 1435 1436 int ppc_dcr_register (CPUPPCState *env, int dcrn, void *opaque, 1437 dcr_read_cb dcr_read, dcr_write_cb dcr_write) 1438 { 1439 ppc_dcr_t *dcr_env; 1440 ppc_dcrn_t *dcr; 1441 1442 dcr_env = env->dcr_env; 1443 if (dcr_env == NULL) 1444 return -1; 1445 if (dcrn < 0 || dcrn >= DCRN_NB) 1446 return -1; 1447 dcr = &dcr_env->dcrn[dcrn]; 1448 if (dcr->opaque != NULL || 1449 dcr->dcr_read != NULL || 1450 dcr->dcr_write != NULL) 1451 return -1; 1452 dcr->opaque = opaque; 1453 dcr->dcr_read = dcr_read; 1454 dcr->dcr_write = dcr_write; 1455 1456 return 0; 1457 } 1458 1459 int ppc_dcr_init (CPUPPCState *env, int (*read_error)(int dcrn), 1460 int (*write_error)(int dcrn)) 1461 { 1462 ppc_dcr_t *dcr_env; 1463 1464 dcr_env = g_malloc0(sizeof(ppc_dcr_t)); 1465 dcr_env->read_error = read_error; 1466 dcr_env->write_error = write_error; 1467 env->dcr_env = dcr_env; 1468 1469 return 0; 1470 } 1471 1472 /*****************************************************************************/ 1473 /* Debug port */ 1474 void PPC_debug_write (void *opaque, uint32_t addr, uint32_t val) 1475 { 1476 addr &= 0xF; 1477 switch (addr) { 1478 case 0: 1479 printf("%c", val); 1480 break; 1481 case 1: 1482 printf("\n"); 1483 fflush(stdout); 1484 break; 1485 case 2: 1486 printf("Set loglevel to %04" PRIx32 "\n", val); 1487 qemu_set_log(val | 0x100); 1488 break; 1489 } 1490 } 1491 1492 PowerPCCPU *ppc_get_vcpu_by_pir(int pir) 1493 { 1494 CPUState *cs; 1495 1496 CPU_FOREACH(cs) { 1497 PowerPCCPU *cpu = POWERPC_CPU(cs); 1498 CPUPPCState *env = &cpu->env; 1499 1500 if (env->spr_cb[SPR_PIR].default_value == pir) { 1501 return cpu; 1502 } 1503 } 1504 1505 return NULL; 1506 } 1507