typhoon.c (27940B)
1/* 2 * DEC 21272 (TSUNAMI/TYPHOON) chipset emulation. 3 * 4 * Written by Richard Henderson. 5 * 6 * This work is licensed under the GNU GPL license version 2 or later. 7 */ 8 9#include "qemu/osdep.h" 10#include "qemu/module.h" 11#include "qemu/units.h" 12#include "qapi/error.h" 13#include "cpu.h" 14#include "hw/irq.h" 15#include "alpha_sys.h" 16#include "qom/object.h" 17 18 19#define TYPE_TYPHOON_PCI_HOST_BRIDGE "typhoon-pcihost" 20#define TYPE_TYPHOON_IOMMU_MEMORY_REGION "typhoon-iommu-memory-region" 21 22typedef struct TyphoonCchip { 23 MemoryRegion region; 24 uint64_t misc; 25 uint64_t drir; 26 uint64_t dim[4]; 27 uint32_t iic[4]; 28 AlphaCPU *cpu[4]; 29} TyphoonCchip; 30 31typedef struct TyphoonWindow { 32 uint64_t wba; 33 uint64_t wsm; 34 uint64_t tba; 35} TyphoonWindow; 36 37typedef struct TyphoonPchip { 38 MemoryRegion region; 39 MemoryRegion reg_iack; 40 MemoryRegion reg_mem; 41 MemoryRegion reg_io; 42 MemoryRegion reg_conf; 43 44 AddressSpace iommu_as; 45 IOMMUMemoryRegion iommu; 46 47 uint64_t ctl; 48 TyphoonWindow win[4]; 49} TyphoonPchip; 50 51OBJECT_DECLARE_SIMPLE_TYPE(TyphoonState, TYPHOON_PCI_HOST_BRIDGE) 52 53struct TyphoonState { 54 PCIHostState parent_obj; 55 56 TyphoonCchip cchip; 57 TyphoonPchip pchip; 58 MemoryRegion dchip_region; 59}; 60 61/* Called when one of DRIR or DIM changes. */ 62static void cpu_irq_change(AlphaCPU *cpu, uint64_t req) 63{ 64 /* If there are any non-masked interrupts, tell the cpu. */ 65 if (cpu != NULL) { 66 CPUState *cs = CPU(cpu); 67 if (req) { 68 cpu_interrupt(cs, CPU_INTERRUPT_HARD); 69 } else { 70 cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD); 71 } 72 } 73} 74 75static MemTxResult cchip_read(void *opaque, hwaddr addr, 76 uint64_t *data, unsigned size, 77 MemTxAttrs attrs) 78{ 79 CPUState *cpu = current_cpu; 80 TyphoonState *s = opaque; 81 uint64_t ret = 0; 82 83 switch (addr) { 84 case 0x0000: 85 /* CSC: Cchip System Configuration Register. */ 86 /* All sorts of data here; probably the only thing relevant is 87 PIP<14> Pchip 1 Present = 0. */ 88 break; 89 90 case 0x0040: 91 /* MTR: Memory Timing Register. */ 92 /* All sorts of stuff related to real DRAM. */ 93 break; 94 95 case 0x0080: 96 /* MISC: Miscellaneous Register. */ 97 ret = s->cchip.misc | (cpu->cpu_index & 3); 98 break; 99 100 case 0x00c0: 101 /* MPD: Memory Presence Detect Register. */ 102 break; 103 104 case 0x0100: /* AAR0 */ 105 case 0x0140: /* AAR1 */ 106 case 0x0180: /* AAR2 */ 107 case 0x01c0: /* AAR3 */ 108 /* AAR: Array Address Register. */ 109 /* All sorts of information about DRAM. */ 110 break; 111 112 case 0x0200: 113 /* DIM0: Device Interrupt Mask Register, CPU0. */ 114 ret = s->cchip.dim[0]; 115 break; 116 case 0x0240: 117 /* DIM1: Device Interrupt Mask Register, CPU1. */ 118 ret = s->cchip.dim[1]; 119 break; 120 case 0x0280: 121 /* DIR0: Device Interrupt Request Register, CPU0. */ 122 ret = s->cchip.dim[0] & s->cchip.drir; 123 break; 124 case 0x02c0: 125 /* DIR1: Device Interrupt Request Register, CPU1. */ 126 ret = s->cchip.dim[1] & s->cchip.drir; 127 break; 128 case 0x0300: 129 /* DRIR: Device Raw Interrupt Request Register. */ 130 ret = s->cchip.drir; 131 break; 132 133 case 0x0340: 134 /* PRBEN: Probe Enable Register. */ 135 break; 136 137 case 0x0380: 138 /* IIC0: Interval Ignore Count Register, CPU0. */ 139 ret = s->cchip.iic[0]; 140 break; 141 case 0x03c0: 142 /* IIC1: Interval Ignore Count Register, CPU1. */ 143 ret = s->cchip.iic[1]; 144 break; 145 146 case 0x0400: /* MPR0 */ 147 case 0x0440: /* MPR1 */ 148 case 0x0480: /* MPR2 */ 149 case 0x04c0: /* MPR3 */ 150 /* MPR: Memory Programming Register. */ 151 break; 152 153 case 0x0580: 154 /* TTR: TIGbus Timing Register. */ 155 /* All sorts of stuff related to interrupt delivery timings. */ 156 break; 157 case 0x05c0: 158 /* TDR: TIGbug Device Timing Register. */ 159 break; 160 161 case 0x0600: 162 /* DIM2: Device Interrupt Mask Register, CPU2. */ 163 ret = s->cchip.dim[2]; 164 break; 165 case 0x0640: 166 /* DIM3: Device Interrupt Mask Register, CPU3. */ 167 ret = s->cchip.dim[3]; 168 break; 169 case 0x0680: 170 /* DIR2: Device Interrupt Request Register, CPU2. */ 171 ret = s->cchip.dim[2] & s->cchip.drir; 172 break; 173 case 0x06c0: 174 /* DIR3: Device Interrupt Request Register, CPU3. */ 175 ret = s->cchip.dim[3] & s->cchip.drir; 176 break; 177 178 case 0x0700: 179 /* IIC2: Interval Ignore Count Register, CPU2. */ 180 ret = s->cchip.iic[2]; 181 break; 182 case 0x0740: 183 /* IIC3: Interval Ignore Count Register, CPU3. */ 184 ret = s->cchip.iic[3]; 185 break; 186 187 case 0x0780: 188 /* PWR: Power Management Control. */ 189 break; 190 191 case 0x0c00: /* CMONCTLA */ 192 case 0x0c40: /* CMONCTLB */ 193 case 0x0c80: /* CMONCNT01 */ 194 case 0x0cc0: /* CMONCNT23 */ 195 break; 196 197 default: 198 return MEMTX_ERROR; 199 } 200 201 *data = ret; 202 return MEMTX_OK; 203} 204 205static uint64_t dchip_read(void *opaque, hwaddr addr, unsigned size) 206{ 207 /* Skip this. It's all related to DRAM timing and setup. */ 208 return 0; 209} 210 211static MemTxResult pchip_read(void *opaque, hwaddr addr, uint64_t *data, 212 unsigned size, MemTxAttrs attrs) 213{ 214 TyphoonState *s = opaque; 215 uint64_t ret = 0; 216 217 switch (addr) { 218 case 0x0000: 219 /* WSBA0: Window Space Base Address Register. */ 220 ret = s->pchip.win[0].wba; 221 break; 222 case 0x0040: 223 /* WSBA1 */ 224 ret = s->pchip.win[1].wba; 225 break; 226 case 0x0080: 227 /* WSBA2 */ 228 ret = s->pchip.win[2].wba; 229 break; 230 case 0x00c0: 231 /* WSBA3 */ 232 ret = s->pchip.win[3].wba; 233 break; 234 235 case 0x0100: 236 /* WSM0: Window Space Mask Register. */ 237 ret = s->pchip.win[0].wsm; 238 break; 239 case 0x0140: 240 /* WSM1 */ 241 ret = s->pchip.win[1].wsm; 242 break; 243 case 0x0180: 244 /* WSM2 */ 245 ret = s->pchip.win[2].wsm; 246 break; 247 case 0x01c0: 248 /* WSM3 */ 249 ret = s->pchip.win[3].wsm; 250 break; 251 252 case 0x0200: 253 /* TBA0: Translated Base Address Register. */ 254 ret = s->pchip.win[0].tba; 255 break; 256 case 0x0240: 257 /* TBA1 */ 258 ret = s->pchip.win[1].tba; 259 break; 260 case 0x0280: 261 /* TBA2 */ 262 ret = s->pchip.win[2].tba; 263 break; 264 case 0x02c0: 265 /* TBA3 */ 266 ret = s->pchip.win[3].tba; 267 break; 268 269 case 0x0300: 270 /* PCTL: Pchip Control Register. */ 271 ret = s->pchip.ctl; 272 break; 273 case 0x0340: 274 /* PLAT: Pchip Master Latency Register. */ 275 break; 276 case 0x03c0: 277 /* PERROR: Pchip Error Register. */ 278 break; 279 case 0x0400: 280 /* PERRMASK: Pchip Error Mask Register. */ 281 break; 282 case 0x0440: 283 /* PERRSET: Pchip Error Set Register. */ 284 break; 285 case 0x0480: 286 /* TLBIV: Translation Buffer Invalidate Virtual Register (WO). */ 287 break; 288 case 0x04c0: 289 /* TLBIA: Translation Buffer Invalidate All Register (WO). */ 290 break; 291 case 0x0500: /* PMONCTL */ 292 case 0x0540: /* PMONCNT */ 293 case 0x0800: /* SPRST */ 294 break; 295 296 default: 297 return MEMTX_ERROR; 298 } 299 300 *data = ret; 301 return MEMTX_OK; 302} 303 304static MemTxResult cchip_write(void *opaque, hwaddr addr, 305 uint64_t val, unsigned size, 306 MemTxAttrs attrs) 307{ 308 TyphoonState *s = opaque; 309 uint64_t oldval, newval; 310 311 switch (addr) { 312 case 0x0000: 313 /* CSC: Cchip System Configuration Register. */ 314 /* All sorts of data here; nothing relevant RW. */ 315 break; 316 317 case 0x0040: 318 /* MTR: Memory Timing Register. */ 319 /* All sorts of stuff related to real DRAM. */ 320 break; 321 322 case 0x0080: 323 /* MISC: Miscellaneous Register. */ 324 newval = oldval = s->cchip.misc; 325 newval &= ~(val & 0x10000ff0); /* W1C fields */ 326 if (val & 0x100000) { 327 newval &= ~0xff0000ull; /* ACL clears ABT and ABW */ 328 } else { 329 newval |= val & 0x00f00000; /* ABT field is W1S */ 330 if ((newval & 0xf0000) == 0) { 331 newval |= val & 0xf0000; /* ABW field is W1S iff zero */ 332 } 333 } 334 newval |= (val & 0xf000) >> 4; /* IPREQ field sets IPINTR. */ 335 336 newval &= ~0xf0000000000ull; /* WO and RW fields */ 337 newval |= val & 0xf0000000000ull; 338 s->cchip.misc = newval; 339 340 /* Pass on changes to IPI and ITI state. */ 341 if ((newval ^ oldval) & 0xff0) { 342 int i; 343 for (i = 0; i < 4; ++i) { 344 AlphaCPU *cpu = s->cchip.cpu[i]; 345 if (cpu != NULL) { 346 CPUState *cs = CPU(cpu); 347 /* IPI can be either cleared or set by the write. */ 348 if (newval & (1 << (i + 8))) { 349 cpu_interrupt(cs, CPU_INTERRUPT_SMP); 350 } else { 351 cpu_reset_interrupt(cs, CPU_INTERRUPT_SMP); 352 } 353 354 /* ITI can only be cleared by the write. */ 355 if ((newval & (1 << (i + 4))) == 0) { 356 cpu_reset_interrupt(cs, CPU_INTERRUPT_TIMER); 357 } 358 } 359 } 360 } 361 break; 362 363 case 0x00c0: 364 /* MPD: Memory Presence Detect Register. */ 365 break; 366 367 case 0x0100: /* AAR0 */ 368 case 0x0140: /* AAR1 */ 369 case 0x0180: /* AAR2 */ 370 case 0x01c0: /* AAR3 */ 371 /* AAR: Array Address Register. */ 372 /* All sorts of information about DRAM. */ 373 break; 374 375 case 0x0200: /* DIM0 */ 376 /* DIM: Device Interrupt Mask Register, CPU0. */ 377 s->cchip.dim[0] = val; 378 cpu_irq_change(s->cchip.cpu[0], val & s->cchip.drir); 379 break; 380 case 0x0240: /* DIM1 */ 381 /* DIM: Device Interrupt Mask Register, CPU1. */ 382 s->cchip.dim[1] = val; 383 cpu_irq_change(s->cchip.cpu[1], val & s->cchip.drir); 384 break; 385 386 case 0x0280: /* DIR0 (RO) */ 387 case 0x02c0: /* DIR1 (RO) */ 388 case 0x0300: /* DRIR (RO) */ 389 break; 390 391 case 0x0340: 392 /* PRBEN: Probe Enable Register. */ 393 break; 394 395 case 0x0380: /* IIC0 */ 396 s->cchip.iic[0] = val & 0xffffff; 397 break; 398 case 0x03c0: /* IIC1 */ 399 s->cchip.iic[1] = val & 0xffffff; 400 break; 401 402 case 0x0400: /* MPR0 */ 403 case 0x0440: /* MPR1 */ 404 case 0x0480: /* MPR2 */ 405 case 0x04c0: /* MPR3 */ 406 /* MPR: Memory Programming Register. */ 407 break; 408 409 case 0x0580: 410 /* TTR: TIGbus Timing Register. */ 411 /* All sorts of stuff related to interrupt delivery timings. */ 412 break; 413 case 0x05c0: 414 /* TDR: TIGbug Device Timing Register. */ 415 break; 416 417 case 0x0600: 418 /* DIM2: Device Interrupt Mask Register, CPU2. */ 419 s->cchip.dim[2] = val; 420 cpu_irq_change(s->cchip.cpu[2], val & s->cchip.drir); 421 break; 422 case 0x0640: 423 /* DIM3: Device Interrupt Mask Register, CPU3. */ 424 s->cchip.dim[3] = val; 425 cpu_irq_change(s->cchip.cpu[3], val & s->cchip.drir); 426 break; 427 428 case 0x0680: /* DIR2 (RO) */ 429 case 0x06c0: /* DIR3 (RO) */ 430 break; 431 432 case 0x0700: /* IIC2 */ 433 s->cchip.iic[2] = val & 0xffffff; 434 break; 435 case 0x0740: /* IIC3 */ 436 s->cchip.iic[3] = val & 0xffffff; 437 break; 438 439 case 0x0780: 440 /* PWR: Power Management Control. */ 441 break; 442 443 case 0x0c00: /* CMONCTLA */ 444 case 0x0c40: /* CMONCTLB */ 445 case 0x0c80: /* CMONCNT01 */ 446 case 0x0cc0: /* CMONCNT23 */ 447 break; 448 449 default: 450 return MEMTX_ERROR; 451 } 452 453 return MEMTX_OK; 454} 455 456static void dchip_write(void *opaque, hwaddr addr, 457 uint64_t val, unsigned size) 458{ 459 /* Skip this. It's all related to DRAM timing and setup. */ 460} 461 462static MemTxResult pchip_write(void *opaque, hwaddr addr, 463 uint64_t val, unsigned size, 464 MemTxAttrs attrs) 465{ 466 TyphoonState *s = opaque; 467 uint64_t oldval; 468 469 switch (addr) { 470 case 0x0000: 471 /* WSBA0: Window Space Base Address Register. */ 472 s->pchip.win[0].wba = val & 0xfff00003u; 473 break; 474 case 0x0040: 475 /* WSBA1 */ 476 s->pchip.win[1].wba = val & 0xfff00003u; 477 break; 478 case 0x0080: 479 /* WSBA2 */ 480 s->pchip.win[2].wba = val & 0xfff00003u; 481 break; 482 case 0x00c0: 483 /* WSBA3 */ 484 s->pchip.win[3].wba = (val & 0x80fff00001ull) | 2; 485 break; 486 487 case 0x0100: 488 /* WSM0: Window Space Mask Register. */ 489 s->pchip.win[0].wsm = val & 0xfff00000u; 490 break; 491 case 0x0140: 492 /* WSM1 */ 493 s->pchip.win[1].wsm = val & 0xfff00000u; 494 break; 495 case 0x0180: 496 /* WSM2 */ 497 s->pchip.win[2].wsm = val & 0xfff00000u; 498 break; 499 case 0x01c0: 500 /* WSM3 */ 501 s->pchip.win[3].wsm = val & 0xfff00000u; 502 break; 503 504 case 0x0200: 505 /* TBA0: Translated Base Address Register. */ 506 s->pchip.win[0].tba = val & 0x7fffffc00ull; 507 break; 508 case 0x0240: 509 /* TBA1 */ 510 s->pchip.win[1].tba = val & 0x7fffffc00ull; 511 break; 512 case 0x0280: 513 /* TBA2 */ 514 s->pchip.win[2].tba = val & 0x7fffffc00ull; 515 break; 516 case 0x02c0: 517 /* TBA3 */ 518 s->pchip.win[3].tba = val & 0x7fffffc00ull; 519 break; 520 521 case 0x0300: 522 /* PCTL: Pchip Control Register. */ 523 oldval = s->pchip.ctl; 524 oldval &= ~0x00001cff0fc7ffull; /* RW fields */ 525 oldval |= val & 0x00001cff0fc7ffull; 526 s->pchip.ctl = oldval; 527 break; 528 529 case 0x0340: 530 /* PLAT: Pchip Master Latency Register. */ 531 break; 532 case 0x03c0: 533 /* PERROR: Pchip Error Register. */ 534 break; 535 case 0x0400: 536 /* PERRMASK: Pchip Error Mask Register. */ 537 break; 538 case 0x0440: 539 /* PERRSET: Pchip Error Set Register. */ 540 break; 541 542 case 0x0480: 543 /* TLBIV: Translation Buffer Invalidate Virtual Register. */ 544 break; 545 546 case 0x04c0: 547 /* TLBIA: Translation Buffer Invalidate All Register (WO). */ 548 break; 549 550 case 0x0500: 551 /* PMONCTL */ 552 case 0x0540: 553 /* PMONCNT */ 554 case 0x0800: 555 /* SPRST */ 556 break; 557 558 default: 559 return MEMTX_ERROR; 560 } 561 562 return MEMTX_OK; 563} 564 565static const MemoryRegionOps cchip_ops = { 566 .read_with_attrs = cchip_read, 567 .write_with_attrs = cchip_write, 568 .endianness = DEVICE_LITTLE_ENDIAN, 569 .valid = { 570 .min_access_size = 8, 571 .max_access_size = 8, 572 }, 573 .impl = { 574 .min_access_size = 8, 575 .max_access_size = 8, 576 }, 577}; 578 579static const MemoryRegionOps dchip_ops = { 580 .read = dchip_read, 581 .write = dchip_write, 582 .endianness = DEVICE_LITTLE_ENDIAN, 583 .valid = { 584 .min_access_size = 8, 585 .max_access_size = 8, 586 }, 587 .impl = { 588 .min_access_size = 8, 589 .max_access_size = 8, 590 }, 591}; 592 593static const MemoryRegionOps pchip_ops = { 594 .read_with_attrs = pchip_read, 595 .write_with_attrs = pchip_write, 596 .endianness = DEVICE_LITTLE_ENDIAN, 597 .valid = { 598 .min_access_size = 8, 599 .max_access_size = 8, 600 }, 601 .impl = { 602 .min_access_size = 8, 603 .max_access_size = 8, 604 }, 605}; 606 607/* A subroutine of typhoon_translate_iommu that builds an IOMMUTLBEntry 608 using the given translated address and mask. */ 609static bool make_iommu_tlbe(hwaddr taddr, hwaddr mask, IOMMUTLBEntry *ret) 610{ 611 *ret = (IOMMUTLBEntry) { 612 .target_as = &address_space_memory, 613 .translated_addr = taddr, 614 .addr_mask = mask, 615 .perm = IOMMU_RW, 616 }; 617 return true; 618} 619 620/* A subroutine of typhoon_translate_iommu that handles scatter-gather 621 translation, given the address of the PTE. */ 622static bool pte_translate(hwaddr pte_addr, IOMMUTLBEntry *ret) 623{ 624 uint64_t pte = address_space_ldq(&address_space_memory, pte_addr, 625 MEMTXATTRS_UNSPECIFIED, NULL); 626 627 /* Check valid bit. */ 628 if ((pte & 1) == 0) { 629 return false; 630 } 631 632 return make_iommu_tlbe((pte & 0x3ffffe) << 12, 0x1fff, ret); 633} 634 635/* A subroutine of typhoon_translate_iommu that handles one of the 636 four single-address-cycle translation windows. */ 637static bool window_translate(TyphoonWindow *win, hwaddr addr, 638 IOMMUTLBEntry *ret) 639{ 640 uint32_t wba = win->wba; 641 uint64_t wsm = win->wsm; 642 uint64_t tba = win->tba; 643 uint64_t wsm_ext = wsm | 0xfffff; 644 645 /* Check for window disabled. */ 646 if ((wba & 1) == 0) { 647 return false; 648 } 649 650 /* Check for window hit. */ 651 if ((addr & ~wsm_ext) != (wba & 0xfff00000u)) { 652 return false; 653 } 654 655 if (wba & 2) { 656 /* Scatter-gather translation. */ 657 hwaddr pte_addr; 658 659 /* See table 10-6, Generating PTE address for PCI DMA Address. */ 660 pte_addr = tba & ~(wsm >> 10); 661 pte_addr |= (addr & (wsm | 0xfe000)) >> 10; 662 return pte_translate(pte_addr, ret); 663 } else { 664 /* Direct-mapped translation. */ 665 return make_iommu_tlbe(tba & ~wsm_ext, wsm_ext, ret); 666 } 667} 668 669/* Handle PCI-to-system address translation. */ 670/* TODO: A translation failure here ought to set PCI error codes on the 671 Pchip and generate a machine check interrupt. */ 672static IOMMUTLBEntry typhoon_translate_iommu(IOMMUMemoryRegion *iommu, 673 hwaddr addr, 674 IOMMUAccessFlags flag, 675 int iommu_idx) 676{ 677 TyphoonPchip *pchip = container_of(iommu, TyphoonPchip, iommu); 678 IOMMUTLBEntry ret; 679 int i; 680 681 if (addr <= 0xffffffffu) { 682 /* Single-address cycle. */ 683 684 /* Check for the Window Hole, inhibiting matching. */ 685 if ((pchip->ctl & 0x20) 686 && addr >= 0x80000 687 && addr <= 0xfffff) { 688 goto failure; 689 } 690 691 /* Check the first three windows. */ 692 for (i = 0; i < 3; ++i) { 693 if (window_translate(&pchip->win[i], addr, &ret)) { 694 goto success; 695 } 696 } 697 698 /* Check the fourth window for DAC disable. */ 699 if ((pchip->win[3].wba & 0x80000000000ull) == 0 700 && window_translate(&pchip->win[3], addr, &ret)) { 701 goto success; 702 } 703 } else { 704 /* Double-address cycle. */ 705 706 if (addr >= 0x10000000000ull && addr < 0x20000000000ull) { 707 /* Check for the DMA monster window. */ 708 if (pchip->ctl & 0x40) { 709 /* See 10.1.4.4; in particular <39:35> is ignored. */ 710 make_iommu_tlbe(0, 0x007ffffffffull, &ret); 711 goto success; 712 } 713 } 714 715 if (addr >= 0x80000000000ull && addr <= 0xfffffffffffull) { 716 /* Check the fourth window for DAC enable and window enable. */ 717 if ((pchip->win[3].wba & 0x80000000001ull) == 0x80000000001ull) { 718 uint64_t pte_addr; 719 720 pte_addr = pchip->win[3].tba & 0x7ffc00000ull; 721 pte_addr |= (addr & 0xffffe000u) >> 10; 722 if (pte_translate(pte_addr, &ret)) { 723 goto success; 724 } 725 } 726 } 727 } 728 729 failure: 730 ret = (IOMMUTLBEntry) { .perm = IOMMU_NONE }; 731 success: 732 return ret; 733} 734 735static AddressSpace *typhoon_pci_dma_iommu(PCIBus *bus, void *opaque, int devfn) 736{ 737 TyphoonState *s = opaque; 738 return &s->pchip.iommu_as; 739} 740 741static void typhoon_set_irq(void *opaque, int irq, int level) 742{ 743 TyphoonState *s = opaque; 744 uint64_t drir; 745 int i; 746 747 /* Set/Reset the bit in CCHIP.DRIR based on IRQ+LEVEL. */ 748 drir = s->cchip.drir; 749 if (level) { 750 drir |= 1ull << irq; 751 } else { 752 drir &= ~(1ull << irq); 753 } 754 s->cchip.drir = drir; 755 756 for (i = 0; i < 4; ++i) { 757 cpu_irq_change(s->cchip.cpu[i], s->cchip.dim[i] & drir); 758 } 759} 760 761static void typhoon_set_isa_irq(void *opaque, int irq, int level) 762{ 763 typhoon_set_irq(opaque, 55, level); 764} 765 766static void typhoon_set_timer_irq(void *opaque, int irq, int level) 767{ 768 TyphoonState *s = opaque; 769 int i; 770 771 /* Thankfully, the mc146818rtc code doesn't track the IRQ state, 772 and so we don't have to worry about missing interrupts just 773 because we never actually ACK the interrupt. Just ignore any 774 case of the interrupt level going low. */ 775 if (level == 0) { 776 return; 777 } 778 779 /* Deliver the interrupt to each CPU, considering each CPU's IIC. */ 780 for (i = 0; i < 4; ++i) { 781 AlphaCPU *cpu = s->cchip.cpu[i]; 782 if (cpu != NULL) { 783 uint32_t iic = s->cchip.iic[i]; 784 785 /* ??? The verbage in Section 10.2.2.10 isn't 100% clear. 786 Bit 24 is the OverFlow bit, RO, and set when the count 787 decrements past 0. When is OF cleared? My guess is that 788 OF is actually cleared when the IIC is written, and that 789 the ICNT field always decrements. At least, that's an 790 interpretation that makes sense, and "allows the CPU to 791 determine exactly how mant interval timer ticks were 792 skipped". At least within the next 4M ticks... */ 793 794 iic = ((iic - 1) & 0x1ffffff) | (iic & 0x1000000); 795 s->cchip.iic[i] = iic; 796 797 if (iic & 0x1000000) { 798 /* Set the ITI bit for this cpu. */ 799 s->cchip.misc |= 1 << (i + 4); 800 /* And signal the interrupt. */ 801 cpu_interrupt(CPU(cpu), CPU_INTERRUPT_TIMER); 802 } 803 } 804 } 805} 806 807static void typhoon_alarm_timer(void *opaque) 808{ 809 TyphoonState *s = (TyphoonState *)((uintptr_t)opaque & ~3); 810 int cpu = (uintptr_t)opaque & 3; 811 812 /* Set the ITI bit for this cpu. */ 813 s->cchip.misc |= 1 << (cpu + 4); 814 cpu_interrupt(CPU(s->cchip.cpu[cpu]), CPU_INTERRUPT_TIMER); 815} 816 817PCIBus *typhoon_init(MemoryRegion *ram, qemu_irq *p_isa_irq, 818 qemu_irq *p_rtc_irq, AlphaCPU *cpus[4], 819 pci_map_irq_fn sys_map_irq, uint8_t devfn_min) 820{ 821 MemoryRegion *addr_space = get_system_memory(); 822 DeviceState *dev; 823 TyphoonState *s; 824 PCIHostState *phb; 825 PCIBus *b; 826 int i; 827 828 dev = qdev_new(TYPE_TYPHOON_PCI_HOST_BRIDGE); 829 830 s = TYPHOON_PCI_HOST_BRIDGE(dev); 831 phb = PCI_HOST_BRIDGE(dev); 832 833 s->cchip.misc = 0x800000000ull; /* Revision: Typhoon. */ 834 s->pchip.win[3].wba = 2; /* Window 3 SG always enabled. */ 835 836 /* Remember the CPUs so that we can deliver interrupts to them. */ 837 for (i = 0; i < 4; i++) { 838 AlphaCPU *cpu = cpus[i]; 839 s->cchip.cpu[i] = cpu; 840 if (cpu != NULL) { 841 cpu->alarm_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, 842 typhoon_alarm_timer, 843 (void *)((uintptr_t)s + i)); 844 } 845 } 846 847 *p_isa_irq = qemu_allocate_irq(typhoon_set_isa_irq, s, 0); 848 *p_rtc_irq = qemu_allocate_irq(typhoon_set_timer_irq, s, 0); 849 850 /* Main memory region, 0x00.0000.0000. Real hardware supports 32GB, 851 but the address space hole reserved at this point is 8TB. */ 852 memory_region_add_subregion(addr_space, 0, ram); 853 854 /* TIGbus, 0x801.0000.0000, 1GB. */ 855 /* ??? The TIGbus is used for delivering interrupts, and access to 856 the flash ROM. I'm not sure that we need to implement it at all. */ 857 858 /* Pchip0 CSRs, 0x801.8000.0000, 256MB. */ 859 memory_region_init_io(&s->pchip.region, OBJECT(s), &pchip_ops, s, "pchip0", 860 256 * MiB); 861 memory_region_add_subregion(addr_space, 0x80180000000ULL, 862 &s->pchip.region); 863 864 /* Cchip CSRs, 0x801.A000.0000, 256MB. */ 865 memory_region_init_io(&s->cchip.region, OBJECT(s), &cchip_ops, s, "cchip0", 866 256 * MiB); 867 memory_region_add_subregion(addr_space, 0x801a0000000ULL, 868 &s->cchip.region); 869 870 /* Dchip CSRs, 0x801.B000.0000, 256MB. */ 871 memory_region_init_io(&s->dchip_region, OBJECT(s), &dchip_ops, s, "dchip0", 872 256 * MiB); 873 memory_region_add_subregion(addr_space, 0x801b0000000ULL, 874 &s->dchip_region); 875 876 /* Pchip0 PCI memory, 0x800.0000.0000, 4GB. */ 877 memory_region_init(&s->pchip.reg_mem, OBJECT(s), "pci0-mem", 4 * GiB); 878 memory_region_add_subregion(addr_space, 0x80000000000ULL, 879 &s->pchip.reg_mem); 880 881 /* Pchip0 PCI I/O, 0x801.FC00.0000, 32MB. */ 882 memory_region_init_io(&s->pchip.reg_io, OBJECT(s), &alpha_pci_ignore_ops, 883 NULL, "pci0-io", 32 * MiB); 884 memory_region_add_subregion(addr_space, 0x801fc000000ULL, 885 &s->pchip.reg_io); 886 887 b = pci_register_root_bus(dev, "pci", 888 typhoon_set_irq, sys_map_irq, s, 889 &s->pchip.reg_mem, &s->pchip.reg_io, 890 devfn_min, 64, TYPE_PCI_BUS); 891 phb->bus = b; 892 sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal); 893 894 /* Host memory as seen from the PCI side, via the IOMMU. */ 895 memory_region_init_iommu(&s->pchip.iommu, sizeof(s->pchip.iommu), 896 TYPE_TYPHOON_IOMMU_MEMORY_REGION, OBJECT(s), 897 "iommu-typhoon", UINT64_MAX); 898 address_space_init(&s->pchip.iommu_as, MEMORY_REGION(&s->pchip.iommu), 899 "pchip0-pci"); 900 pci_setup_iommu(b, typhoon_pci_dma_iommu, s); 901 902 /* Pchip0 PCI special/interrupt acknowledge, 0x801.F800.0000, 64MB. */ 903 memory_region_init_io(&s->pchip.reg_iack, OBJECT(s), &alpha_pci_iack_ops, 904 b, "pci0-iack", 64 * MiB); 905 memory_region_add_subregion(addr_space, 0x801f8000000ULL, 906 &s->pchip.reg_iack); 907 908 /* Pchip0 PCI configuration, 0x801.FE00.0000, 16MB. */ 909 memory_region_init_io(&s->pchip.reg_conf, OBJECT(s), &alpha_pci_conf1_ops, 910 b, "pci0-conf", 16 * MiB); 911 memory_region_add_subregion(addr_space, 0x801fe000000ULL, 912 &s->pchip.reg_conf); 913 914 /* For the record, these are the mappings for the second PCI bus. 915 We can get away with not implementing them because we indicate 916 via the Cchip.CSC<PIP> bit that Pchip1 is not present. */ 917 /* Pchip1 PCI memory, 0x802.0000.0000, 4GB. */ 918 /* Pchip1 CSRs, 0x802.8000.0000, 256MB. */ 919 /* Pchip1 PCI special/interrupt acknowledge, 0x802.F800.0000, 64MB. */ 920 /* Pchip1 PCI I/O, 0x802.FC00.0000, 32MB. */ 921 /* Pchip1 PCI configuration, 0x802.FE00.0000, 16MB. */ 922 923 return b; 924} 925 926static const TypeInfo typhoon_pcihost_info = { 927 .name = TYPE_TYPHOON_PCI_HOST_BRIDGE, 928 .parent = TYPE_PCI_HOST_BRIDGE, 929 .instance_size = sizeof(TyphoonState), 930}; 931 932static void typhoon_iommu_memory_region_class_init(ObjectClass *klass, 933 void *data) 934{ 935 IOMMUMemoryRegionClass *imrc = IOMMU_MEMORY_REGION_CLASS(klass); 936 937 imrc->translate = typhoon_translate_iommu; 938} 939 940static const TypeInfo typhoon_iommu_memory_region_info = { 941 .parent = TYPE_IOMMU_MEMORY_REGION, 942 .name = TYPE_TYPHOON_IOMMU_MEMORY_REGION, 943 .class_init = typhoon_iommu_memory_region_class_init, 944}; 945 946static void typhoon_register_types(void) 947{ 948 type_register_static(&typhoon_pcihost_info); 949 type_register_static(&typhoon_iommu_memory_region_info); 950} 951 952type_init(typhoon_register_types)