LXR qemu/hw/intc/bcm2836

   1/*
   2 * Rasperry Pi 2 emulation ARM control logic module.
   3 * Copyright (c) 2015, Microsoft
   4 * Written by Andrew Baumann
   5 *
   6 * Based on bcm2835_ic.c (Raspberry Pi emulation) (c) 2012 Gregory Estrade
   7 * This code is licensed under the GNU GPLv2 and later.
   8 *
   9 * At present, only implements interrupt routing, and mailboxes (i.e.,
  10 * not PMU interrupt, or AXI counters).
  11 *
  12 * ARM Local Timer IRQ Copyright (c) 2019. Zoltán Baldaszti
  13 *
  14 * Ref:
  15 * https://www.raspberrypi.org/documentation/hardware/raspberrypi/bcm2836/QA7_rev3.4.pdf
  16 */
  17
  18#include "qemu/osdep.h"
  19#include "hw/intc/bcm2836_control.h"
  20#include "qemu/log.h"
  21
  22#define REG_GPU_ROUTE           0x0c
  23#define REG_LOCALTIMERROUTING   0x24
  24#define REG_LOCALTIMERCONTROL   0x34
  25#define REG_LOCALTIMERACK       0x38
  26#define REG_TIMERCONTROL        0x40
  27#define REG_MBOXCONTROL         0x50
  28#define REG_IRQSRC              0x60
  29#define REG_FIQSRC              0x70
  30#define REG_MBOX0_WR            0x80
  31#define REG_MBOX0_RDCLR         0xc0
  32#define REG_LIMIT              0x100
  33
  34#define IRQ_BIT(cntrl, num) (((cntrl) & (1 << (num))) != 0)
  35#define FIQ_BIT(cntrl, num) (((cntrl) & (1 << ((num) + 4))) != 0)
  36
  37#define IRQ_CNTPSIRQ    0
  38#define IRQ_CNTPNSIRQ   1
  39#define IRQ_CNTHPIRQ    2
  40#define IRQ_CNTVIRQ     3
  41#define IRQ_MAILBOX0    4
  42#define IRQ_MAILBOX1    5
  43#define IRQ_MAILBOX2    6
  44#define IRQ_MAILBOX3    7
  45#define IRQ_GPU         8
  46#define IRQ_PMU         9
  47#define IRQ_AXI         10
  48#define IRQ_TIMER       11
  49#define IRQ_MAX         IRQ_TIMER
  50
  51#define LOCALTIMER_FREQ      38400000
  52#define LOCALTIMER_INTFLAG   (1 << 31)
  53#define LOCALTIMER_RELOAD    (1 << 30)
  54#define LOCALTIMER_INTENABLE (1 << 29)
  55#define LOCALTIMER_ENABLE    (1 << 28)
  56#define LOCALTIMER_VALUE(x)  ((x) & 0xfffffff)
  57
  58static void deliver_local(BCM2836ControlState *s, uint8_t core, uint8_t irq,
  59                          uint32_t controlreg, uint8_t controlidx)
  60{
  61    if (FIQ_BIT(controlreg, controlidx)) {
  62        /* deliver a FIQ */
  63        s->fiqsrc[core] |= (uint32_t)1 << irq;
  64    } else if (IRQ_BIT(controlreg, controlidx)) {
  65        /* deliver an IRQ */
  66        s->irqsrc[core] |= (uint32_t)1 << irq;
  67    } else {
  68        /* the interrupt is masked */
  69    }
  70}
  71
  72/* Update interrupts.  */
  73static void bcm2836_control_update(BCM2836ControlState *s)
  74{
  75    int i, j;
  76
  77    /* reset pending IRQs/FIQs */
  78    for (i = 0; i < BCM2836_NCORES; i++) {
  79        s->irqsrc[i] = s->fiqsrc[i] = 0;
  80    }
  81
  82    /* apply routing logic, update status regs */
  83    if (s->gpu_irq) {
  84        assert(s->route_gpu_irq < BCM2836_NCORES);
  85        s->irqsrc[s->route_gpu_irq] |= (uint32_t)1 << IRQ_GPU;
  86    }
  87
  88    if (s->gpu_fiq) {
  89        assert(s->route_gpu_fiq < BCM2836_NCORES);
  90        s->fiqsrc[s->route_gpu_fiq] |= (uint32_t)1 << IRQ_GPU;
  91    }
  92
  93    /*
  94     * handle the control module 'local timer' interrupt for one of the
  95     * cores' IRQ/FIQ;  this is distinct from the per-CPU timer
  96     * interrupts handled below.
  97     */
  98    if ((s->local_timer_control & LOCALTIMER_INTENABLE) &&
  99        (s->local_timer_control & LOCALTIMER_INTFLAG)) {
 100        if (s->route_localtimer & 4) {
 101            s->fiqsrc[(s->route_localtimer & 3)] |= (uint32_t)1 << IRQ_TIMER;
 102        } else {
 103            s->irqsrc[(s->route_localtimer & 3)] |= (uint32_t)1 << IRQ_TIMER;
 104        }
 105    }
 106
 107    for (i = 0; i < BCM2836_NCORES; i++) {
 108        /* handle local timer interrupts for this core */
 109        if (s->timerirqs[i]) {
 110            assert(s->timerirqs[i] < (1 << (IRQ_CNTVIRQ + 1))); /* sane mask? */
 111            for (j = 0; j <= IRQ_CNTVIRQ; j++) {
 112                if ((s->timerirqs[i] & (1 << j)) != 0) {
 113                    /* local interrupt j is set */
 114                    deliver_local(s, i, j, s->timercontrol[i], j);
 115                }
 116            }
 117        }
 118
 119        /* handle mailboxes for this core */
 120        for (j = 0; j < BCM2836_MBPERCORE; j++) {
 121            if (s->mailboxes[i * BCM2836_MBPERCORE + j] != 0) {
 122                /* mailbox j is set */
 123                deliver_local(s, i, j + IRQ_MAILBOX0, s->mailboxcontrol[i], j);
 124            }
 125        }
 126    }
 127
 128    /* call set_irq appropriately for each output */
 129    for (i = 0; i < BCM2836_NCORES; i++) {
 130        qemu_set_irq(s->irq[i], s->irqsrc[i] != 0);
 131        qemu_set_irq(s->fiq[i], s->fiqsrc[i] != 0);
 132    }
 133}
 134
 135static void bcm2836_control_set_local_irq(void *opaque, int core, int local_irq,
 136                                          int level)
 137{
 138    BCM2836ControlState *s = opaque;
 139
 140    assert(core >= 0 && core < BCM2836_NCORES);
 141    assert(local_irq >= 0 && local_irq <= IRQ_CNTVIRQ);
 142
 143    s->timerirqs[core] = deposit32(s->timerirqs[core], local_irq, 1, !!level);
 144
 145    bcm2836_control_update(s);
 146}
 147
 148/* XXX: the following wrapper functions are a kludgy workaround,
 149 * needed because I can't seem to pass useful information in the "irq"
 150 * parameter when using named interrupts. Feel free to clean this up!
 151 */
 152
 153static void bcm2836_control_set_local_irq0(void *opaque, int core, int level)
 154{
 155    bcm2836_control_set_local_irq(opaque, core, 0, level);
 156}
 157
 158static void bcm2836_control_set_local_irq1(void *opaque, int core, int level)
 159{
 160    bcm2836_control_set_local_irq(opaque, core, 1, level);
 161}
 162
 163static void bcm2836_control_set_local_irq2(void *opaque, int core, int level)
 164{
 165    bcm2836_control_set_local_irq(opaque, core, 2, level);
 166}
 167
 168static void bcm2836_control_set_local_irq3(void *opaque, int core, int level)
 169{
 170    bcm2836_control_set_local_irq(opaque, core, 3, level);
 171}
 172
 173static void bcm2836_control_set_gpu_irq(void *opaque, int irq, int level)
 174{
 175    BCM2836ControlState *s = opaque;
 176
 177    s->gpu_irq = level;
 178
 179    bcm2836_control_update(s);
 180}
 181
 182static void bcm2836_control_set_gpu_fiq(void *opaque, int irq, int level)
 183{
 184    BCM2836ControlState *s = opaque;
 185
 186    s->gpu_fiq = level;
 187
 188    bcm2836_control_update(s);
 189}
 190
 191static void bcm2836_control_local_timer_set_next(void *opaque)
 192{
 193    BCM2836ControlState *s = opaque;
 194    uint64_t next_event;
 195
 196    assert(LOCALTIMER_VALUE(s->local_timer_control) > 0);
 197
 198    next_event = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
 199        muldiv64(LOCALTIMER_VALUE(s->local_timer_control),
 200            NANOSECONDS_PER_SECOND, LOCALTIMER_FREQ);
 201    timer_mod(&s->timer, next_event);
 202}
 203
 204static void bcm2836_control_local_timer_tick(void *opaque)
 205{
 206    BCM2836ControlState *s = opaque;
 207
 208    bcm2836_control_local_timer_set_next(s);
 209
 210    s->local_timer_control |= LOCALTIMER_INTFLAG;
 211    bcm2836_control_update(s);
 212}
 213
 214static void bcm2836_control_local_timer_control(void *opaque, uint32_t val)
 215{
 216    BCM2836ControlState *s = opaque;
 217
 218    s->local_timer_control = val;
 219    if (val & LOCALTIMER_ENABLE) {
 220        bcm2836_control_local_timer_set_next(s);
 221    } else {
 222        timer_del(&s->timer);
 223    }
 224}
 225
 226static void bcm2836_control_local_timer_ack(void *opaque, uint32_t val)
 227{
 228    BCM2836ControlState *s = opaque;
 229
 230    if (val & LOCALTIMER_INTFLAG) {
 231        s->local_timer_control &= ~LOCALTIMER_INTFLAG;
 232    }
 233    if ((val & LOCALTIMER_RELOAD) &&
 234        (s->local_timer_control & LOCALTIMER_ENABLE)) {
 235            bcm2836_control_local_timer_set_next(s);
 236    }
 237}
 238
 239static uint64_t bcm2836_control_read(void *opaque, hwaddr offset, unsigned size)
 240{
 241    BCM2836ControlState *s = opaque;
 242
 243    if (offset == REG_GPU_ROUTE) {
 244        assert(s->route_gpu_fiq < BCM2836_NCORES
 245               && s->route_gpu_irq < BCM2836_NCORES);
 246        return ((uint32_t)s->route_gpu_fiq << 2) | s->route_gpu_irq;
 247    } else if (offset == REG_LOCALTIMERROUTING) {
 248        return s->route_localtimer;
 249    } else if (offset == REG_LOCALTIMERCONTROL) {
 250        return s->local_timer_control;
 251    } else if (offset == REG_LOCALTIMERACK) {
 252        return 0;
 253    } else if (offset >= REG_TIMERCONTROL && offset < REG_MBOXCONTROL) {
 254        return s->timercontrol[(offset - REG_TIMERCONTROL) >> 2];
 255    } else if (offset >= REG_MBOXCONTROL && offset < REG_IRQSRC) {
 256        return s->mailboxcontrol[(offset - REG_MBOXCONTROL) >> 2];
 257    } else if (offset >= REG_IRQSRC && offset < REG_FIQSRC) {
 258        return s->irqsrc[(offset - REG_IRQSRC) >> 2];
 259    } else if (offset >= REG_FIQSRC && offset < REG_MBOX0_WR) {
 260        return s->fiqsrc[(offset - REG_FIQSRC) >> 2];
 261    } else if (offset >= REG_MBOX0_RDCLR && offset < REG_LIMIT) {
 262        return s->mailboxes[(offset - REG_MBOX0_RDCLR) >> 2];
 263    } else {
 264        qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset %"HWADDR_PRIx"\n",
 265                      __func__, offset);
 266        return 0;
 267    }
 268}
 269
 270static void bcm2836_control_write(void *opaque, hwaddr offset,
 271                                  uint64_t val, unsigned size)
 272{
 273    BCM2836ControlState *s = opaque;
 274
 275    if (offset == REG_GPU_ROUTE) {
 276        s->route_gpu_irq = val & 0x3;
 277        s->route_gpu_fiq = (val >> 2) & 0x3;
 278    } else if (offset == REG_LOCALTIMERROUTING) {
 279        s->route_localtimer = val & 7;
 280    } else if (offset == REG_LOCALTIMERCONTROL) {
 281        bcm2836_control_local_timer_control(s, val);
 282    } else if (offset == REG_LOCALTIMERACK) {
 283        bcm2836_control_local_timer_ack(s, val);
 284    } else if (offset >= REG_TIMERCONTROL && offset < REG_MBOXCONTROL) {
 285        s->timercontrol[(offset - REG_TIMERCONTROL) >> 2] = val & 0xff;
 286    } else if (offset >= REG_MBOXCONTROL && offset < REG_IRQSRC) {
 287        s->mailboxcontrol[(offset - REG_MBOXCONTROL) >> 2] = val & 0xff;
 288    } else if (offset >= REG_MBOX0_WR && offset < REG_MBOX0_RDCLR) {
 289        s->mailboxes[(offset - REG_MBOX0_WR) >> 2] |= val;
 290    } else if (offset >= REG_MBOX0_RDCLR && offset < REG_LIMIT) {
 291        s->mailboxes[(offset - REG_MBOX0_RDCLR) >> 2] &= ~val;
 292    } else {
 293        qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset %"HWADDR_PRIx"\n",
 294                      __func__, offset);
 295        return;
 296    }
 297
 298    bcm2836_control_update(s);
 299}
 300
 301static const MemoryRegionOps bcm2836_control_ops = {
 302    .read = bcm2836_control_read,
 303    .write = bcm2836_control_write,
 304    .endianness = DEVICE_NATIVE_ENDIAN,
 305    .valid.min_access_size = 4,
 306    .valid.max_access_size = 4,
 307};
 308
 309static void bcm2836_control_reset(DeviceState *d)
 310{
 311    BCM2836ControlState *s = BCM2836_CONTROL(d);
 312    int i;
 313
 314    s->route_gpu_irq = s->route_gpu_fiq = 0;
 315
 316    timer_del(&s->timer);
 317    s->route_localtimer = 0;
 318    s->local_timer_control = 0;
 319
 320    for (i = 0; i < BCM2836_NCORES; i++) {
 321        s->timercontrol[i] = 0;
 322        s->mailboxcontrol[i] = 0;
 323    }
 324
 325    for (i = 0; i < BCM2836_NCORES * BCM2836_MBPERCORE; i++) {
 326        s->mailboxes[i] = 0;
 327    }
 328}
 329
 330static void bcm2836_control_init(Object *obj)
 331{
 332    BCM2836ControlState *s = BCM2836_CONTROL(obj);
 333    DeviceState *dev = DEVICE(obj);
 334
 335    memory_region_init_io(&s->iomem, obj, &bcm2836_control_ops, s,
 336                          TYPE_BCM2836_CONTROL, REG_LIMIT);
 337    sysbus_init_mmio(SYS_BUS_DEVICE(s), &s->iomem);
 338
 339    /* inputs from each CPU core */
 340    qdev_init_gpio_in_named(dev, bcm2836_control_set_local_irq0, "cntpsirq",
 341                            BCM2836_NCORES);
 342    qdev_init_gpio_in_named(dev, bcm2836_control_set_local_irq1, "cntpnsirq",
 343                            BCM2836_NCORES);
 344    qdev_init_gpio_in_named(dev, bcm2836_control_set_local_irq2, "cnthpirq",
 345                            BCM2836_NCORES);
 346    qdev_init_gpio_in_named(dev, bcm2836_control_set_local_irq3, "cntvirq",
 347                            BCM2836_NCORES);
 348
 349    /* IRQ and FIQ inputs from upstream bcm2835 controller */
 350    qdev_init_gpio_in_named(dev, bcm2836_control_set_gpu_irq, "gpu-irq", 1);
 351    qdev_init_gpio_in_named(dev, bcm2836_control_set_gpu_fiq, "gpu-fiq", 1);
 352
 353    /* outputs to CPU cores */
 354    qdev_init_gpio_out_named(dev, s->irq, "irq", BCM2836_NCORES);
 355    qdev_init_gpio_out_named(dev, s->fiq, "fiq", BCM2836_NCORES);
 356
 357    /* create a qemu virtual timer */
 358    timer_init_ns(&s->timer, QEMU_CLOCK_VIRTUAL,
 359                  bcm2836_control_local_timer_tick, s);
 360}
 361
 362static const VMStateDescription vmstate_bcm2836_control = {
 363    .name = TYPE_BCM2836_CONTROL,
 364    .version_id = 2,
 365    .minimum_version_id = 1,
 366    .fields = (VMStateField[]) {
 367        VMSTATE_UINT32_ARRAY(mailboxes, BCM2836ControlState,
 368                             BCM2836_NCORES * BCM2836_MBPERCORE),
 369        VMSTATE_UINT8(route_gpu_irq, BCM2836ControlState),
 370        VMSTATE_UINT8(route_gpu_fiq, BCM2836ControlState),
 371        VMSTATE_UINT32_ARRAY(timercontrol, BCM2836ControlState, BCM2836_NCORES),
 372        VMSTATE_UINT32_ARRAY(mailboxcontrol, BCM2836ControlState,
 373                             BCM2836_NCORES),
 374        VMSTATE_TIMER_V(timer, BCM2836ControlState, 2),
 375        VMSTATE_UINT32_V(local_timer_control, BCM2836ControlState, 2),
 376        VMSTATE_UINT8_V(route_localtimer, BCM2836ControlState, 2),
 377        VMSTATE_END_OF_LIST()
 378    }
 379};
 380
 381static void bcm2836_control_class_init(ObjectClass *klass, void *data)
 382{
 383    DeviceClass *dc = DEVICE_CLASS(klass);
 384
 385    dc->reset = bcm2836_control_reset;
 386    dc->vmsd = &vmstate_bcm2836_control;
 387}
 388
 389static TypeInfo bcm2836_control_info = {
 390    .name          = TYPE_BCM2836_CONTROL,
 391    .parent        = TYPE_SYS_BUS_DEVICE,
 392    .instance_size = sizeof(BCM2836ControlState),
 393    .class_init    = bcm2836_control_class_init,
 394    .instance_init = bcm2836_control_init,
 395};
 396
 397static void bcm2836_control_register_types(void)
 398{
 399    type_register_static(&bcm2836_control_info);
 400}
 401
 402type_init(bcm2836_control_register_types)
 403