xref: /openbmc/qemu/hw/ppc/ppc440_uc.c (revision b86c6ba6)
1 /*
2  * QEMU PowerPC 440 embedded processors emulation
3  *
4  * Copyright (c) 2012 François Revol
5  * Copyright (c) 2016-2019 BALATON Zoltan
6  *
7  * This work is licensed under the GNU GPL license version 2 or later.
8  *
9  */
10 
11 #include "qemu/osdep.h"
12 #include "qemu/units.h"
13 #include "qapi/error.h"
14 #include "qemu/log.h"
15 #include "hw/irq.h"
16 #include "hw/ppc/ppc4xx.h"
17 #include "hw/pci-host/ppc4xx.h"
18 #include "hw/qdev-properties.h"
19 #include "hw/pci/pci.h"
20 #include "sysemu/reset.h"
21 #include "cpu.h"
22 #include "ppc440.h"
23 
24 /*****************************************************************************/
25 /* L2 Cache as SRAM */
26 /* FIXME:fix names */
27 enum {
28     DCR_L2CACHE_BASE  = 0x30,
29     DCR_L2CACHE_CFG   = DCR_L2CACHE_BASE,
30     DCR_L2CACHE_CMD,
31     DCR_L2CACHE_ADDR,
32     DCR_L2CACHE_DATA,
33     DCR_L2CACHE_STAT,
34     DCR_L2CACHE_CVER,
35     DCR_L2CACHE_SNP0,
36     DCR_L2CACHE_SNP1,
37     DCR_L2CACHE_END   = DCR_L2CACHE_SNP1,
38 };
39 
40 /* base is 460ex-specific, cf. U-Boot, ppc4xx-isram.h */
41 enum {
42     DCR_ISRAM0_BASE   = 0x20,
43     DCR_ISRAM0_SB0CR  = DCR_ISRAM0_BASE,
44     DCR_ISRAM0_SB1CR,
45     DCR_ISRAM0_SB2CR,
46     DCR_ISRAM0_SB3CR,
47     DCR_ISRAM0_BEAR,
48     DCR_ISRAM0_BESR0,
49     DCR_ISRAM0_BESR1,
50     DCR_ISRAM0_PMEG,
51     DCR_ISRAM0_CID,
52     DCR_ISRAM0_REVID,
53     DCR_ISRAM0_DPC,
54     DCR_ISRAM0_END    = DCR_ISRAM0_DPC
55 };
56 
57 enum {
58     DCR_ISRAM1_BASE   = 0xb0,
59     DCR_ISRAM1_SB0CR  = DCR_ISRAM1_BASE,
60     /* single bank */
61     DCR_ISRAM1_BEAR   = DCR_ISRAM1_BASE + 0x04,
62     DCR_ISRAM1_BESR0,
63     DCR_ISRAM1_BESR1,
64     DCR_ISRAM1_PMEG,
65     DCR_ISRAM1_CID,
66     DCR_ISRAM1_REVID,
67     DCR_ISRAM1_DPC,
68     DCR_ISRAM1_END    = DCR_ISRAM1_DPC
69 };
70 
71 typedef struct ppc4xx_l2sram_t {
72     MemoryRegion bank[4];
73     uint32_t l2cache[8];
74     uint32_t isram0[11];
75 } ppc4xx_l2sram_t;
76 
77 static uint32_t dcr_read_l2sram(void *opaque, int dcrn)
78 {
79     ppc4xx_l2sram_t *l2sram = opaque;
80     uint32_t ret = 0;
81 
82     switch (dcrn) {
83     case DCR_L2CACHE_CFG:
84     case DCR_L2CACHE_CMD:
85     case DCR_L2CACHE_ADDR:
86     case DCR_L2CACHE_DATA:
87     case DCR_L2CACHE_STAT:
88     case DCR_L2CACHE_CVER:
89     case DCR_L2CACHE_SNP0:
90     case DCR_L2CACHE_SNP1:
91         ret = l2sram->l2cache[dcrn - DCR_L2CACHE_BASE];
92         break;
93 
94     case DCR_ISRAM0_SB0CR:
95     case DCR_ISRAM0_SB1CR:
96     case DCR_ISRAM0_SB2CR:
97     case DCR_ISRAM0_SB3CR:
98     case DCR_ISRAM0_BEAR:
99     case DCR_ISRAM0_BESR0:
100     case DCR_ISRAM0_BESR1:
101     case DCR_ISRAM0_PMEG:
102     case DCR_ISRAM0_CID:
103     case DCR_ISRAM0_REVID:
104     case DCR_ISRAM0_DPC:
105         ret = l2sram->isram0[dcrn - DCR_ISRAM0_BASE];
106         break;
107 
108     default:
109         break;
110     }
111 
112     return ret;
113 }
114 
115 static void dcr_write_l2sram(void *opaque, int dcrn, uint32_t val)
116 {
117     /*ppc4xx_l2sram_t *l2sram = opaque;*/
118     /* FIXME: Actually handle L2 cache mapping */
119 
120     switch (dcrn) {
121     case DCR_L2CACHE_CFG:
122     case DCR_L2CACHE_CMD:
123     case DCR_L2CACHE_ADDR:
124     case DCR_L2CACHE_DATA:
125     case DCR_L2CACHE_STAT:
126     case DCR_L2CACHE_CVER:
127     case DCR_L2CACHE_SNP0:
128     case DCR_L2CACHE_SNP1:
129         /*l2sram->l2cache[dcrn - DCR_L2CACHE_BASE] = val;*/
130         break;
131 
132     case DCR_ISRAM0_SB0CR:
133     case DCR_ISRAM0_SB1CR:
134     case DCR_ISRAM0_SB2CR:
135     case DCR_ISRAM0_SB3CR:
136     case DCR_ISRAM0_BEAR:
137     case DCR_ISRAM0_BESR0:
138     case DCR_ISRAM0_BESR1:
139     case DCR_ISRAM0_PMEG:
140     case DCR_ISRAM0_CID:
141     case DCR_ISRAM0_REVID:
142     case DCR_ISRAM0_DPC:
143         /*l2sram->isram0[dcrn - DCR_L2CACHE_BASE] = val;*/
144         break;
145 
146     case DCR_ISRAM1_SB0CR:
147     case DCR_ISRAM1_BEAR:
148     case DCR_ISRAM1_BESR0:
149     case DCR_ISRAM1_BESR1:
150     case DCR_ISRAM1_PMEG:
151     case DCR_ISRAM1_CID:
152     case DCR_ISRAM1_REVID:
153     case DCR_ISRAM1_DPC:
154         /*l2sram->isram1[dcrn - DCR_L2CACHE_BASE] = val;*/
155         break;
156     }
157 }
158 
159 static void l2sram_reset(void *opaque)
160 {
161     ppc4xx_l2sram_t *l2sram = opaque;
162 
163     memset(l2sram->l2cache, 0, sizeof(l2sram->l2cache));
164     l2sram->l2cache[DCR_L2CACHE_STAT - DCR_L2CACHE_BASE] = 0x80000000;
165     memset(l2sram->isram0, 0, sizeof(l2sram->isram0));
166 }
167 
168 void ppc4xx_l2sram_init(CPUPPCState *env)
169 {
170     ppc4xx_l2sram_t *l2sram;
171 
172     l2sram = g_malloc0(sizeof(*l2sram));
173     /* XXX: Size is 4*64kB for 460ex, cf. U-Boot, ppc4xx-isram.h */
174     memory_region_init_ram(&l2sram->bank[0], NULL, "ppc4xx.l2sram_bank0",
175                            64 * KiB, &error_abort);
176     memory_region_init_ram(&l2sram->bank[1], NULL, "ppc4xx.l2sram_bank1",
177                            64 * KiB, &error_abort);
178     memory_region_init_ram(&l2sram->bank[2], NULL, "ppc4xx.l2sram_bank2",
179                            64 * KiB, &error_abort);
180     memory_region_init_ram(&l2sram->bank[3], NULL, "ppc4xx.l2sram_bank3",
181                            64 * KiB, &error_abort);
182     qemu_register_reset(&l2sram_reset, l2sram);
183     ppc_dcr_register(env, DCR_L2CACHE_CFG,
184                      l2sram, &dcr_read_l2sram, &dcr_write_l2sram);
185     ppc_dcr_register(env, DCR_L2CACHE_CMD,
186                      l2sram, &dcr_read_l2sram, &dcr_write_l2sram);
187     ppc_dcr_register(env, DCR_L2CACHE_ADDR,
188                      l2sram, &dcr_read_l2sram, &dcr_write_l2sram);
189     ppc_dcr_register(env, DCR_L2CACHE_DATA,
190                      l2sram, &dcr_read_l2sram, &dcr_write_l2sram);
191     ppc_dcr_register(env, DCR_L2CACHE_STAT,
192                      l2sram, &dcr_read_l2sram, &dcr_write_l2sram);
193     ppc_dcr_register(env, DCR_L2CACHE_CVER,
194                      l2sram, &dcr_read_l2sram, &dcr_write_l2sram);
195     ppc_dcr_register(env, DCR_L2CACHE_SNP0,
196                      l2sram, &dcr_read_l2sram, &dcr_write_l2sram);
197     ppc_dcr_register(env, DCR_L2CACHE_SNP1,
198                      l2sram, &dcr_read_l2sram, &dcr_write_l2sram);
199 
200     ppc_dcr_register(env, DCR_ISRAM0_SB0CR,
201                      l2sram, &dcr_read_l2sram, &dcr_write_l2sram);
202     ppc_dcr_register(env, DCR_ISRAM0_SB1CR,
203                      l2sram, &dcr_read_l2sram, &dcr_write_l2sram);
204     ppc_dcr_register(env, DCR_ISRAM0_SB2CR,
205                      l2sram, &dcr_read_l2sram, &dcr_write_l2sram);
206     ppc_dcr_register(env, DCR_ISRAM0_SB3CR,
207                      l2sram, &dcr_read_l2sram, &dcr_write_l2sram);
208     ppc_dcr_register(env, DCR_ISRAM0_PMEG,
209                      l2sram, &dcr_read_l2sram, &dcr_write_l2sram);
210     ppc_dcr_register(env, DCR_ISRAM0_DPC,
211                      l2sram, &dcr_read_l2sram, &dcr_write_l2sram);
212 
213     ppc_dcr_register(env, DCR_ISRAM1_SB0CR,
214                      l2sram, &dcr_read_l2sram, &dcr_write_l2sram);
215     ppc_dcr_register(env, DCR_ISRAM1_PMEG,
216                      l2sram, &dcr_read_l2sram, &dcr_write_l2sram);
217     ppc_dcr_register(env, DCR_ISRAM1_DPC,
218                      l2sram, &dcr_read_l2sram, &dcr_write_l2sram);
219 }
220 
221 /*****************************************************************************/
222 /* Clocking Power on Reset */
223 enum {
224     CPR0_CFGADDR = 0xC,
225     CPR0_CFGDATA = 0xD,
226 
227     CPR0_PLLD = 0x060,
228     CPR0_PLBED = 0x080,
229     CPR0_OPBD = 0x0C0,
230     CPR0_PERD = 0x0E0,
231     CPR0_AHBD = 0x100,
232 };
233 
234 typedef struct ppc4xx_cpr_t {
235     uint32_t addr;
236 } ppc4xx_cpr_t;
237 
238 static uint32_t dcr_read_cpr(void *opaque, int dcrn)
239 {
240     ppc4xx_cpr_t *cpr = opaque;
241     uint32_t ret = 0;
242 
243     switch (dcrn) {
244     case CPR0_CFGADDR:
245         ret = cpr->addr;
246         break;
247     case CPR0_CFGDATA:
248         switch (cpr->addr) {
249         case CPR0_PLLD:
250             ret = (0xb5 << 24) | (1 << 16) | (9 << 8);
251             break;
252         case CPR0_PLBED:
253             ret = (5 << 24);
254             break;
255         case CPR0_OPBD:
256             ret = (2 << 24);
257             break;
258         case CPR0_PERD:
259         case CPR0_AHBD:
260             ret = (1 << 24);
261             break;
262         default:
263             break;
264         }
265         break;
266     default:
267         break;
268     }
269 
270     return ret;
271 }
272 
273 static void dcr_write_cpr(void *opaque, int dcrn, uint32_t val)
274 {
275     ppc4xx_cpr_t *cpr = opaque;
276 
277     switch (dcrn) {
278     case CPR0_CFGADDR:
279         cpr->addr = val;
280         break;
281     case CPR0_CFGDATA:
282         break;
283     default:
284         break;
285     }
286 }
287 
288 static void ppc4xx_cpr_reset(void *opaque)
289 {
290     ppc4xx_cpr_t *cpr = opaque;
291 
292     cpr->addr = 0;
293 }
294 
295 void ppc4xx_cpr_init(CPUPPCState *env)
296 {
297     ppc4xx_cpr_t *cpr;
298 
299     cpr = g_malloc0(sizeof(*cpr));
300     ppc_dcr_register(env, CPR0_CFGADDR, cpr, &dcr_read_cpr, &dcr_write_cpr);
301     ppc_dcr_register(env, CPR0_CFGDATA, cpr, &dcr_read_cpr, &dcr_write_cpr);
302     qemu_register_reset(ppc4xx_cpr_reset, cpr);
303 }
304 
305 /*****************************************************************************/
306 /* System DCRs */
307 typedef struct ppc4xx_sdr_t ppc4xx_sdr_t;
308 struct ppc4xx_sdr_t {
309     uint32_t addr;
310 };
311 
312 enum {
313     SDR0_CFGADDR = 0x00e,
314     SDR0_CFGDATA,
315     SDR0_STRP0 = 0x020,
316     SDR0_STRP1,
317     SDR0_102 = 0x66,
318     SDR0_103,
319     SDR0_128 = 0x80,
320     SDR0_ECID3 = 0x083,
321     SDR0_DDR0 = 0x0e1,
322     SDR0_USB0 = 0x320,
323 };
324 
325 enum {
326     PESDR0_LOOP = 0x303,
327     PESDR0_RCSSET,
328     PESDR0_RCSSTS,
329     PESDR0_RSTSTA = 0x310,
330     PESDR1_LOOP = 0x343,
331     PESDR1_RCSSET,
332     PESDR1_RCSSTS,
333     PESDR1_RSTSTA = 0x365,
334 };
335 
336 static uint32_t dcr_read_sdr(void *opaque, int dcrn)
337 {
338     ppc4xx_sdr_t *sdr = opaque;
339     uint32_t ret = 0;
340 
341     switch (dcrn) {
342     case SDR0_CFGADDR:
343         ret = sdr->addr;
344         break;
345     case SDR0_CFGDATA:
346         switch (sdr->addr) {
347         case SDR0_STRP0:
348             ret = (0xb5 << 8) | (1 << 4) | 9;
349             break;
350         case SDR0_STRP1:
351             ret = (5 << 29) | (2 << 26) | (1 << 24);
352             break;
353         case SDR0_ECID3:
354             ret = 1 << 20; /* No Security/Kasumi support */
355             break;
356         case SDR0_DDR0:
357             ret = SDR0_DDR0_DDRM_ENCODE(1) | SDR0_DDR0_DDRM_DDR1;
358             break;
359         case PESDR0_RCSSET:
360         case PESDR1_RCSSET:
361             ret = (1 << 24) | (1 << 16);
362             break;
363         case PESDR0_RCSSTS:
364         case PESDR1_RCSSTS:
365             ret = (1 << 16) | (1 << 12);
366             break;
367         case PESDR0_RSTSTA:
368         case PESDR1_RSTSTA:
369             ret = 1;
370             break;
371         case PESDR0_LOOP:
372         case PESDR1_LOOP:
373             ret = 1 << 12;
374             break;
375         default:
376             break;
377         }
378         break;
379     default:
380         break;
381     }
382 
383     return ret;
384 }
385 
386 static void dcr_write_sdr(void *opaque, int dcrn, uint32_t val)
387 {
388     ppc4xx_sdr_t *sdr = opaque;
389 
390     switch (dcrn) {
391     case SDR0_CFGADDR:
392         sdr->addr = val;
393         break;
394     case SDR0_CFGDATA:
395         switch (sdr->addr) {
396         case 0x00: /* B0CR */
397             break;
398         default:
399             break;
400         }
401         break;
402     default:
403         break;
404     }
405 }
406 
407 static void sdr_reset(void *opaque)
408 {
409     ppc4xx_sdr_t *sdr = opaque;
410 
411     sdr->addr = 0;
412 }
413 
414 void ppc4xx_sdr_init(CPUPPCState *env)
415 {
416     ppc4xx_sdr_t *sdr;
417 
418     sdr = g_malloc0(sizeof(*sdr));
419     qemu_register_reset(&sdr_reset, sdr);
420     ppc_dcr_register(env, SDR0_CFGADDR,
421                      sdr, &dcr_read_sdr, &dcr_write_sdr);
422     ppc_dcr_register(env, SDR0_CFGDATA,
423                      sdr, &dcr_read_sdr, &dcr_write_sdr);
424     ppc_dcr_register(env, SDR0_102,
425                      sdr, &dcr_read_sdr, &dcr_write_sdr);
426     ppc_dcr_register(env, SDR0_103,
427                      sdr, &dcr_read_sdr, &dcr_write_sdr);
428     ppc_dcr_register(env, SDR0_128,
429                      sdr, &dcr_read_sdr, &dcr_write_sdr);
430     ppc_dcr_register(env, SDR0_USB0,
431                      sdr, &dcr_read_sdr, &dcr_write_sdr);
432 }
433 
434 /*****************************************************************************/
435 /* PLB to AHB bridge */
436 enum {
437     AHB_TOP    = 0xA4,
438     AHB_BOT    = 0xA5,
439 };
440 
441 typedef struct ppc4xx_ahb_t {
442     uint32_t top;
443     uint32_t bot;
444 } ppc4xx_ahb_t;
445 
446 static uint32_t dcr_read_ahb(void *opaque, int dcrn)
447 {
448     ppc4xx_ahb_t *ahb = opaque;
449     uint32_t ret = 0;
450 
451     switch (dcrn) {
452     case AHB_TOP:
453         ret = ahb->top;
454         break;
455     case AHB_BOT:
456         ret = ahb->bot;
457         break;
458     default:
459         break;
460     }
461 
462     return ret;
463 }
464 
465 static void dcr_write_ahb(void *opaque, int dcrn, uint32_t val)
466 {
467     ppc4xx_ahb_t *ahb = opaque;
468 
469     switch (dcrn) {
470     case AHB_TOP:
471         ahb->top = val;
472         break;
473     case AHB_BOT:
474         ahb->bot = val;
475         break;
476     }
477 }
478 
479 static void ppc4xx_ahb_reset(void *opaque)
480 {
481     ppc4xx_ahb_t *ahb = opaque;
482 
483     /* No error */
484     ahb->top = 0;
485     ahb->bot = 0;
486 }
487 
488 void ppc4xx_ahb_init(CPUPPCState *env)
489 {
490     ppc4xx_ahb_t *ahb;
491 
492     ahb = g_malloc0(sizeof(*ahb));
493     ppc_dcr_register(env, AHB_TOP, ahb, &dcr_read_ahb, &dcr_write_ahb);
494     ppc_dcr_register(env, AHB_BOT, ahb, &dcr_read_ahb, &dcr_write_ahb);
495     qemu_register_reset(ppc4xx_ahb_reset, ahb);
496 }
497 
498 /*****************************************************************************/
499 /* DMA controller */
500 
501 #define DMA0_CR_CE  (1 << 31)
502 #define DMA0_CR_PW  (1 << 26 | 1 << 25)
503 #define DMA0_CR_DAI (1 << 24)
504 #define DMA0_CR_SAI (1 << 23)
505 #define DMA0_CR_DEC (1 << 2)
506 
507 enum {
508     DMA0_CR  = 0x00,
509     DMA0_CT,
510     DMA0_SAH,
511     DMA0_SAL,
512     DMA0_DAH,
513     DMA0_DAL,
514     DMA0_SGH,
515     DMA0_SGL,
516 
517     DMA0_SR  = 0x20,
518     DMA0_SGC = 0x23,
519     DMA0_SLP = 0x25,
520     DMA0_POL = 0x26,
521 };
522 
523 typedef struct {
524     uint32_t cr;
525     uint32_t ct;
526     uint64_t sa;
527     uint64_t da;
528     uint64_t sg;
529 } PPC4xxDmaChnl;
530 
531 typedef struct {
532     int base;
533     PPC4xxDmaChnl ch[4];
534     uint32_t sr;
535 } PPC4xxDmaState;
536 
537 static uint32_t dcr_read_dma(void *opaque, int dcrn)
538 {
539     PPC4xxDmaState *dma = opaque;
540     uint32_t val = 0;
541     int addr = dcrn - dma->base;
542     int chnl = addr / 8;
543 
544     switch (addr) {
545     case 0x00 ... 0x1f:
546         switch (addr % 8) {
547         case DMA0_CR:
548             val = dma->ch[chnl].cr;
549             break;
550         case DMA0_CT:
551             val = dma->ch[chnl].ct;
552             break;
553         case DMA0_SAH:
554             val = dma->ch[chnl].sa >> 32;
555             break;
556         case DMA0_SAL:
557             val = dma->ch[chnl].sa;
558             break;
559         case DMA0_DAH:
560             val = dma->ch[chnl].da >> 32;
561             break;
562         case DMA0_DAL:
563             val = dma->ch[chnl].da;
564             break;
565         case DMA0_SGH:
566             val = dma->ch[chnl].sg >> 32;
567             break;
568         case DMA0_SGL:
569             val = dma->ch[chnl].sg;
570             break;
571         }
572         break;
573     case DMA0_SR:
574         val = dma->sr;
575         break;
576     default:
577         qemu_log_mask(LOG_UNIMP, "%s: unimplemented register %x (%d, %x)\n",
578                       __func__, dcrn, chnl, addr);
579     }
580 
581     return val;
582 }
583 
584 static void dcr_write_dma(void *opaque, int dcrn, uint32_t val)
585 {
586     PPC4xxDmaState *dma = opaque;
587     int addr = dcrn - dma->base;
588     int chnl = addr / 8;
589 
590     switch (addr) {
591     case 0x00 ... 0x1f:
592         switch (addr % 8) {
593         case DMA0_CR:
594             dma->ch[chnl].cr = val;
595             if (val & DMA0_CR_CE) {
596                 int count = dma->ch[chnl].ct & 0xffff;
597 
598                 if (count) {
599                     int width, i, sidx, didx;
600                     uint8_t *rptr, *wptr;
601                     hwaddr rlen, wlen;
602                     hwaddr xferlen;
603 
604                     sidx = didx = 0;
605                     width = 1 << ((val & DMA0_CR_PW) >> 25);
606                     xferlen = count * width;
607                     wlen = rlen = xferlen;
608                     rptr = cpu_physical_memory_map(dma->ch[chnl].sa, &rlen,
609                                                    false);
610                     wptr = cpu_physical_memory_map(dma->ch[chnl].da, &wlen,
611                                                    true);
612                     if (rptr && rlen == xferlen && wptr && wlen == xferlen) {
613                         if (!(val & DMA0_CR_DEC) &&
614                             val & DMA0_CR_SAI && val & DMA0_CR_DAI) {
615                             /* optimise common case */
616                             memmove(wptr, rptr, count * width);
617                             sidx = didx = count * width;
618                         } else {
619                             /* do it the slow way */
620                             for (sidx = didx = i = 0; i < count; i++) {
621                                 uint64_t v = ldn_le_p(rptr + sidx, width);
622                                 stn_le_p(wptr + didx, width, v);
623                                 if (val & DMA0_CR_SAI) {
624                                     sidx += width;
625                                 }
626                                 if (val & DMA0_CR_DAI) {
627                                     didx += width;
628                                 }
629                             }
630                         }
631                     }
632                     if (wptr) {
633                         cpu_physical_memory_unmap(wptr, wlen, 1, didx);
634                     }
635                     if (rptr) {
636                         cpu_physical_memory_unmap(rptr, rlen, 0, sidx);
637                     }
638                 }
639             }
640             break;
641         case DMA0_CT:
642             dma->ch[chnl].ct = val;
643             break;
644         case DMA0_SAH:
645             dma->ch[chnl].sa &= 0xffffffffULL;
646             dma->ch[chnl].sa |= (uint64_t)val << 32;
647             break;
648         case DMA0_SAL:
649             dma->ch[chnl].sa &= 0xffffffff00000000ULL;
650             dma->ch[chnl].sa |= val;
651             break;
652         case DMA0_DAH:
653             dma->ch[chnl].da &= 0xffffffffULL;
654             dma->ch[chnl].da |= (uint64_t)val << 32;
655             break;
656         case DMA0_DAL:
657             dma->ch[chnl].da &= 0xffffffff00000000ULL;
658             dma->ch[chnl].da |= val;
659             break;
660         case DMA0_SGH:
661             dma->ch[chnl].sg &= 0xffffffffULL;
662             dma->ch[chnl].sg |= (uint64_t)val << 32;
663             break;
664         case DMA0_SGL:
665             dma->ch[chnl].sg &= 0xffffffff00000000ULL;
666             dma->ch[chnl].sg |= val;
667             break;
668         }
669         break;
670     case DMA0_SR:
671         dma->sr &= ~val;
672         break;
673     default:
674         qemu_log_mask(LOG_UNIMP, "%s: unimplemented register %x (%d, %x)\n",
675                       __func__, dcrn, chnl, addr);
676     }
677 }
678 
679 static void ppc4xx_dma_reset(void *opaque)
680 {
681     PPC4xxDmaState *dma = opaque;
682     int dma_base = dma->base;
683 
684     memset(dma, 0, sizeof(*dma));
685     dma->base = dma_base;
686 }
687 
688 void ppc4xx_dma_init(CPUPPCState *env, int dcr_base)
689 {
690     PPC4xxDmaState *dma;
691     int i;
692 
693     dma = g_malloc0(sizeof(*dma));
694     dma->base = dcr_base;
695     qemu_register_reset(&ppc4xx_dma_reset, dma);
696     for (i = 0; i < 4; i++) {
697         ppc_dcr_register(env, dcr_base + i * 8 + DMA0_CR,
698                          dma, &dcr_read_dma, &dcr_write_dma);
699         ppc_dcr_register(env, dcr_base + i * 8 + DMA0_CT,
700                          dma, &dcr_read_dma, &dcr_write_dma);
701         ppc_dcr_register(env, dcr_base + i * 8 + DMA0_SAH,
702                          dma, &dcr_read_dma, &dcr_write_dma);
703         ppc_dcr_register(env, dcr_base + i * 8 + DMA0_SAL,
704                          dma, &dcr_read_dma, &dcr_write_dma);
705         ppc_dcr_register(env, dcr_base + i * 8 + DMA0_DAH,
706                          dma, &dcr_read_dma, &dcr_write_dma);
707         ppc_dcr_register(env, dcr_base + i * 8 + DMA0_DAL,
708                          dma, &dcr_read_dma, &dcr_write_dma);
709         ppc_dcr_register(env, dcr_base + i * 8 + DMA0_SGH,
710                          dma, &dcr_read_dma, &dcr_write_dma);
711         ppc_dcr_register(env, dcr_base + i * 8 + DMA0_SGL,
712                          dma, &dcr_read_dma, &dcr_write_dma);
713     }
714     ppc_dcr_register(env, dcr_base + DMA0_SR,
715                      dma, &dcr_read_dma, &dcr_write_dma);
716     ppc_dcr_register(env, dcr_base + DMA0_SGC,
717                      dma, &dcr_read_dma, &dcr_write_dma);
718     ppc_dcr_register(env, dcr_base + DMA0_SLP,
719                      dma, &dcr_read_dma, &dcr_write_dma);
720     ppc_dcr_register(env, dcr_base + DMA0_POL,
721                      dma, &dcr_read_dma, &dcr_write_dma);
722 }
723 
724 /*****************************************************************************/
725 /* PCI Express controller */
726 /*
727  * FIXME: This is not complete and does not work, only implemented partially
728  * to allow firmware and guests to find an empty bus. Cards should use PCI.
729  */
730 #include "hw/pci/pcie_host.h"
731 
732 OBJECT_DECLARE_SIMPLE_TYPE(PPC460EXPCIEState, PPC460EX_PCIE_HOST)
733 
734 struct PPC460EXPCIEState {
735     PCIExpressHost parent_obj;
736 
737     MemoryRegion busmem;
738     MemoryRegion iomem;
739     qemu_irq irq[4];
740     int32_t num;
741     int32_t dcrn_base;
742     PowerPCCPU *cpu;
743 
744     uint64_t cfg_base;
745     uint32_t cfg_mask;
746     uint64_t msg_base;
747     uint32_t msg_mask;
748     uint64_t omr1_base;
749     uint64_t omr1_mask;
750     uint64_t omr2_base;
751     uint64_t omr2_mask;
752     uint64_t omr3_base;
753     uint64_t omr3_mask;
754     uint64_t reg_base;
755     uint32_t reg_mask;
756     uint32_t special;
757     uint32_t cfg;
758 };
759 
760 enum {
761     PEGPL_CFGBAH = 0x0,
762     PEGPL_CFGBAL,
763     PEGPL_CFGMSK,
764     PEGPL_MSGBAH,
765     PEGPL_MSGBAL,
766     PEGPL_MSGMSK,
767     PEGPL_OMR1BAH,
768     PEGPL_OMR1BAL,
769     PEGPL_OMR1MSKH,
770     PEGPL_OMR1MSKL,
771     PEGPL_OMR2BAH,
772     PEGPL_OMR2BAL,
773     PEGPL_OMR2MSKH,
774     PEGPL_OMR2MSKL,
775     PEGPL_OMR3BAH,
776     PEGPL_OMR3BAL,
777     PEGPL_OMR3MSKH,
778     PEGPL_OMR3MSKL,
779     PEGPL_REGBAH,
780     PEGPL_REGBAL,
781     PEGPL_REGMSK,
782     PEGPL_SPECIAL,
783     PEGPL_CFG,
784 };
785 
786 static uint32_t dcr_read_pcie(void *opaque, int dcrn)
787 {
788     PPC460EXPCIEState *s = opaque;
789     uint32_t ret = 0;
790 
791     switch (dcrn - s->dcrn_base) {
792     case PEGPL_CFGBAH:
793         ret = s->cfg_base >> 32;
794         break;
795     case PEGPL_CFGBAL:
796         ret = s->cfg_base;
797         break;
798     case PEGPL_CFGMSK:
799         ret = s->cfg_mask;
800         break;
801     case PEGPL_MSGBAH:
802         ret = s->msg_base >> 32;
803         break;
804     case PEGPL_MSGBAL:
805         ret = s->msg_base;
806         break;
807     case PEGPL_MSGMSK:
808         ret = s->msg_mask;
809         break;
810     case PEGPL_OMR1BAH:
811         ret = s->omr1_base >> 32;
812         break;
813     case PEGPL_OMR1BAL:
814         ret = s->omr1_base;
815         break;
816     case PEGPL_OMR1MSKH:
817         ret = s->omr1_mask >> 32;
818         break;
819     case PEGPL_OMR1MSKL:
820         ret = s->omr1_mask;
821         break;
822     case PEGPL_OMR2BAH:
823         ret = s->omr2_base >> 32;
824         break;
825     case PEGPL_OMR2BAL:
826         ret = s->omr2_base;
827         break;
828     case PEGPL_OMR2MSKH:
829         ret = s->omr2_mask >> 32;
830         break;
831     case PEGPL_OMR2MSKL:
832         ret = s->omr3_mask;
833         break;
834     case PEGPL_OMR3BAH:
835         ret = s->omr3_base >> 32;
836         break;
837     case PEGPL_OMR3BAL:
838         ret = s->omr3_base;
839         break;
840     case PEGPL_OMR3MSKH:
841         ret = s->omr3_mask >> 32;
842         break;
843     case PEGPL_OMR3MSKL:
844         ret = s->omr3_mask;
845         break;
846     case PEGPL_REGBAH:
847         ret = s->reg_base >> 32;
848         break;
849     case PEGPL_REGBAL:
850         ret = s->reg_base;
851         break;
852     case PEGPL_REGMSK:
853         ret = s->reg_mask;
854         break;
855     case PEGPL_SPECIAL:
856         ret = s->special;
857         break;
858     case PEGPL_CFG:
859         ret = s->cfg;
860         break;
861     }
862 
863     return ret;
864 }
865 
866 static void dcr_write_pcie(void *opaque, int dcrn, uint32_t val)
867 {
868     PPC460EXPCIEState *s = opaque;
869     uint64_t size;
870 
871     switch (dcrn - s->dcrn_base) {
872     case PEGPL_CFGBAH:
873         s->cfg_base = ((uint64_t)val << 32) | (s->cfg_base & 0xffffffff);
874         break;
875     case PEGPL_CFGBAL:
876         s->cfg_base = (s->cfg_base & 0xffffffff00000000ULL) | val;
877         break;
878     case PEGPL_CFGMSK:
879         s->cfg_mask = val;
880         size = ~(val & 0xfffffffe) + 1;
881         /*
882          * Firmware sets this register to E0000001. Why we are not sure,
883          * but the current guess is anything above PCIE_MMCFG_SIZE_MAX is
884          * ignored.
885          */
886         if (size > PCIE_MMCFG_SIZE_MAX) {
887             size = PCIE_MMCFG_SIZE_MAX;
888         }
889         pcie_host_mmcfg_update(PCIE_HOST_BRIDGE(s), val & 1, s->cfg_base, size);
890         break;
891     case PEGPL_MSGBAH:
892         s->msg_base = ((uint64_t)val << 32) | (s->msg_base & 0xffffffff);
893         break;
894     case PEGPL_MSGBAL:
895         s->msg_base = (s->msg_base & 0xffffffff00000000ULL) | val;
896         break;
897     case PEGPL_MSGMSK:
898         s->msg_mask = val;
899         break;
900     case PEGPL_OMR1BAH:
901         s->omr1_base = ((uint64_t)val << 32) | (s->omr1_base & 0xffffffff);
902         break;
903     case PEGPL_OMR1BAL:
904         s->omr1_base = (s->omr1_base & 0xffffffff00000000ULL) | val;
905         break;
906     case PEGPL_OMR1MSKH:
907         s->omr1_mask = ((uint64_t)val << 32) | (s->omr1_mask & 0xffffffff);
908         break;
909     case PEGPL_OMR1MSKL:
910         s->omr1_mask = (s->omr1_mask & 0xffffffff00000000ULL) | val;
911         break;
912     case PEGPL_OMR2BAH:
913         s->omr2_base = ((uint64_t)val << 32) | (s->omr2_base & 0xffffffff);
914         break;
915     case PEGPL_OMR2BAL:
916         s->omr2_base = (s->omr2_base & 0xffffffff00000000ULL) | val;
917         break;
918     case PEGPL_OMR2MSKH:
919         s->omr2_mask = ((uint64_t)val << 32) | (s->omr2_mask & 0xffffffff);
920         break;
921     case PEGPL_OMR2MSKL:
922         s->omr2_mask = (s->omr2_mask & 0xffffffff00000000ULL) | val;
923         break;
924     case PEGPL_OMR3BAH:
925         s->omr3_base = ((uint64_t)val << 32) | (s->omr3_base & 0xffffffff);
926         break;
927     case PEGPL_OMR3BAL:
928         s->omr3_base = (s->omr3_base & 0xffffffff00000000ULL) | val;
929         break;
930     case PEGPL_OMR3MSKH:
931         s->omr3_mask = ((uint64_t)val << 32) | (s->omr3_mask & 0xffffffff);
932         break;
933     case PEGPL_OMR3MSKL:
934         s->omr3_mask = (s->omr3_mask & 0xffffffff00000000ULL) | val;
935         break;
936     case PEGPL_REGBAH:
937         s->reg_base = ((uint64_t)val << 32) | (s->reg_base & 0xffffffff);
938         break;
939     case PEGPL_REGBAL:
940         s->reg_base = (s->reg_base & 0xffffffff00000000ULL) | val;
941         break;
942     case PEGPL_REGMSK:
943         s->reg_mask = val;
944         /* FIXME: how is size encoded? */
945         size = (val == 0x7001 ? 4096 : ~(val & 0xfffffffe) + 1);
946         break;
947     case PEGPL_SPECIAL:
948         s->special = val;
949         break;
950     case PEGPL_CFG:
951         s->cfg = val;
952         break;
953     }
954 }
955 
956 static void ppc460ex_set_irq(void *opaque, int irq_num, int level)
957 {
958        PPC460EXPCIEState *s = opaque;
959        qemu_set_irq(s->irq[irq_num], level);
960 }
961 
962 #define PPC440_PCIE_DCR(s, dcrn) \
963     ppc_dcr_register(&(s)->cpu->env, (s)->dcrn_base + (dcrn), (s), \
964                      &dcr_read_pcie, &dcr_write_pcie)
965 
966 
967 static void ppc460ex_pcie_register_dcrs(PPC460EXPCIEState *s)
968 {
969     PPC440_PCIE_DCR(s, PEGPL_CFGBAH);
970     PPC440_PCIE_DCR(s, PEGPL_CFGBAL);
971     PPC440_PCIE_DCR(s, PEGPL_CFGMSK);
972     PPC440_PCIE_DCR(s, PEGPL_MSGBAH);
973     PPC440_PCIE_DCR(s, PEGPL_MSGBAL);
974     PPC440_PCIE_DCR(s, PEGPL_MSGMSK);
975     PPC440_PCIE_DCR(s, PEGPL_OMR1BAH);
976     PPC440_PCIE_DCR(s, PEGPL_OMR1BAL);
977     PPC440_PCIE_DCR(s, PEGPL_OMR1MSKH);
978     PPC440_PCIE_DCR(s, PEGPL_OMR1MSKL);
979     PPC440_PCIE_DCR(s, PEGPL_OMR2BAH);
980     PPC440_PCIE_DCR(s, PEGPL_OMR2BAL);
981     PPC440_PCIE_DCR(s, PEGPL_OMR2MSKH);
982     PPC440_PCIE_DCR(s, PEGPL_OMR2MSKL);
983     PPC440_PCIE_DCR(s, PEGPL_OMR3BAH);
984     PPC440_PCIE_DCR(s, PEGPL_OMR3BAL);
985     PPC440_PCIE_DCR(s, PEGPL_OMR3MSKH);
986     PPC440_PCIE_DCR(s, PEGPL_OMR3MSKL);
987     PPC440_PCIE_DCR(s, PEGPL_REGBAH);
988     PPC440_PCIE_DCR(s, PEGPL_REGBAL);
989     PPC440_PCIE_DCR(s, PEGPL_REGMSK);
990     PPC440_PCIE_DCR(s, PEGPL_SPECIAL);
991     PPC440_PCIE_DCR(s, PEGPL_CFG);
992 }
993 
994 static void ppc460ex_pcie_realize(DeviceState *dev, Error **errp)
995 {
996     PPC460EXPCIEState *s = PPC460EX_PCIE_HOST(dev);
997     PCIHostState *pci = PCI_HOST_BRIDGE(dev);
998     int i;
999     char buf[20];
1000 
1001     if (!s->cpu) {
1002         error_setg(errp, "cpu link property must be set");
1003         return;
1004     }
1005     if (s->num < 0 || s->dcrn_base < 0) {
1006         error_setg(errp, "busnum and dcrn-base properties must be set");
1007         return;
1008     }
1009     snprintf(buf, sizeof(buf), "pcie%d-mem", s->num);
1010     memory_region_init(&s->busmem, OBJECT(s), buf, UINT64_MAX);
1011     snprintf(buf, sizeof(buf), "pcie%d-io", s->num);
1012     memory_region_init(&s->iomem, OBJECT(s), buf, 64 * KiB);
1013     for (i = 0; i < 4; i++) {
1014         sysbus_init_irq(SYS_BUS_DEVICE(dev), &s->irq[i]);
1015     }
1016     snprintf(buf, sizeof(buf), "pcie.%d", s->num);
1017     pci->bus = pci_register_root_bus(DEVICE(s), buf, ppc460ex_set_irq,
1018                                 pci_swizzle_map_irq_fn, s, &s->busmem,
1019                                 &s->iomem, 0, 4, TYPE_PCIE_BUS);
1020     ppc460ex_pcie_register_dcrs(s);
1021 }
1022 
1023 static Property ppc460ex_pcie_props[] = {
1024     DEFINE_PROP_INT32("busnum", PPC460EXPCIEState, num, -1),
1025     DEFINE_PROP_INT32("dcrn-base", PPC460EXPCIEState, dcrn_base, -1),
1026     DEFINE_PROP_LINK("cpu", PPC460EXPCIEState, cpu, TYPE_POWERPC_CPU,
1027                      PowerPCCPU *),
1028     DEFINE_PROP_END_OF_LIST(),
1029 };
1030 
1031 static void ppc460ex_pcie_class_init(ObjectClass *klass, void *data)
1032 {
1033     DeviceClass *dc = DEVICE_CLASS(klass);
1034 
1035     set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
1036     dc->realize = ppc460ex_pcie_realize;
1037     device_class_set_props(dc, ppc460ex_pcie_props);
1038     dc->hotpluggable = false;
1039 }
1040 
1041 static const TypeInfo ppc460ex_pcie_host_info = {
1042     .name = TYPE_PPC460EX_PCIE_HOST,
1043     .parent = TYPE_PCIE_HOST_BRIDGE,
1044     .instance_size = sizeof(PPC460EXPCIEState),
1045     .class_init = ppc460ex_pcie_class_init,
1046 };
1047 
1048 static void ppc460ex_pcie_register(void)
1049 {
1050     type_register_static(&ppc460ex_pcie_host_info);
1051 }
1052 
1053 type_init(ppc460ex_pcie_register)
1054