LXR qemu/hw/ppc/ppc.c

   1/*
   2 * QEMU generic PowerPC hardware System Emulator
   3 *
   4 * Copyright (c) 2003-2007 Jocelyn Mayer
   5 *
   6 * Permission is hereby granted, free of charge, to any person obtaining a copy
   7 * of this software and associated documentation files (the "Software"), to deal
   8 * in the Software without restriction, including without limitation the rights
   9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  10 * copies of the Software, and to permit persons to whom the Software is
  11 * furnished to do so, subject to the following conditions:
  12 *
  13 * The above copyright notice and this permission notice shall be included in
  14 * all copies or substantial portions of the Software.
  15 *
  16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
  19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  22 * THE SOFTWARE.
  23 */
  24
  25#include "qemu/osdep.h"
  26#include "hw/irq.h"
  27#include "hw/ppc/ppc.h"
  28#include "hw/ppc/ppc_e500.h"
  29#include "qemu/timer.h"
  30#include "sysemu/cpus.h"
  31#include "qemu/log.h"
  32#include "qemu/main-loop.h"
  33#include "qemu/error-report.h"
  34#include "sysemu/kvm.h"
  35#include "sysemu/runstate.h"
  36#include "kvm_ppc.h"
  37#include "migration/vmstate.h"
  38#include "trace.h"
  39
  40static void cpu_ppc_tb_stop (CPUPPCState *env);
  41static void cpu_ppc_tb_start (CPUPPCState *env);
  42
  43void ppc_set_irq(PowerPCCPU *cpu, int n_IRQ, int level)
  44{
  45    CPUState *cs = CPU(cpu);
  46    CPUPPCState *env = &cpu->env;
  47    unsigned int old_pending;
  48    bool locked = false;
  49
  50    /* We may already have the BQL if coming from the reset path */
  51    if (!qemu_mutex_iothread_locked()) {
  52        locked = true;
  53        qemu_mutex_lock_iothread();
  54    }
  55
  56    old_pending = env->pending_interrupts;
  57
  58    if (level) {
  59        env->pending_interrupts |= 1 << n_IRQ;
  60        cpu_interrupt(cs, CPU_INTERRUPT_HARD);
  61    } else {
  62        env->pending_interrupts &= ~(1 << n_IRQ);
  63        if (env->pending_interrupts == 0) {
  64            cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD);
  65        }
  66    }
  67
  68    if (old_pending != env->pending_interrupts) {
  69        kvmppc_set_interrupt(cpu, n_IRQ, level);
  70    }
  71
  72
  73    trace_ppc_irq_set_exit(env, n_IRQ, level, env->pending_interrupts,
  74                           CPU(cpu)->interrupt_request);
  75
  76    if (locked) {
  77        qemu_mutex_unlock_iothread();
  78    }
  79}
  80
  81/* PowerPC 6xx / 7xx internal IRQ controller */
  82static void ppc6xx_set_irq(void *opaque, int pin, int level)
  83{
  84    PowerPCCPU *cpu = opaque;
  85    CPUPPCState *env = &cpu->env;
  86    int cur_level;
  87
  88    trace_ppc_irq_set(env, pin, level);
  89
  90    cur_level = (env->irq_input_state >> pin) & 1;
  91    /* Don't generate spurious events */
  92    if ((cur_level == 1 && level == 0) || (cur_level == 0 && level != 0)) {
  93        CPUState *cs = CPU(cpu);
  94
  95        switch (pin) {
  96        case PPC6xx_INPUT_TBEN:
  97            /* Level sensitive - active high */
  98            trace_ppc_irq_set_state("time base", level);
  99            if (level) {
 100                cpu_ppc_tb_start(env);
 101            } else {
 102                cpu_ppc_tb_stop(env);
 103            }
 104            break;
 105        case PPC6xx_INPUT_INT:
 106            /* Level sensitive - active high */
 107            trace_ppc_irq_set_state("external IRQ", level);
 108            ppc_set_irq(cpu, PPC_INTERRUPT_EXT, level);
 109            break;
 110        case PPC6xx_INPUT_SMI:
 111            /* Level sensitive - active high */
 112            trace_ppc_irq_set_state("SMI IRQ", level);
 113            ppc_set_irq(cpu, PPC_INTERRUPT_SMI, level);
 114            break;
 115        case PPC6xx_INPUT_MCP:
 116            /* Negative edge sensitive */
 117            /* XXX: TODO: actual reaction may depends on HID0 status
 118             *            603/604/740/750: check HID0[EMCP]
 119             */
 120            if (cur_level == 1 && level == 0) {
 121                trace_ppc_irq_set_state("machine check", 1);
 122                ppc_set_irq(cpu, PPC_INTERRUPT_MCK, 1);
 123            }
 124            break;
 125        case PPC6xx_INPUT_CKSTP_IN:
 126            /* Level sensitive - active low */
 127            /* XXX: TODO: relay the signal to CKSTP_OUT pin */
 128            /* XXX: Note that the only way to restart the CPU is to reset it */
 129            if (level) {
 130                trace_ppc_irq_cpu("stop");
 131                cs->halted = 1;
 132            }
 133            break;
 134        case PPC6xx_INPUT_HRESET:
 135            /* Level sensitive - active low */
 136            if (level) {
 137                trace_ppc_irq_reset("CPU");
 138                cpu_interrupt(cs, CPU_INTERRUPT_RESET);
 139            }
 140            break;
 141        case PPC6xx_INPUT_SRESET:
 142            trace_ppc_irq_set_state("RESET IRQ", level);
 143            ppc_set_irq(cpu, PPC_INTERRUPT_RESET, level);
 144            break;
 145        default:
 146            g_assert_not_reached();
 147        }
 148        if (level)
 149            env->irq_input_state |= 1 << pin;
 150        else
 151            env->irq_input_state &= ~(1 << pin);
 152    }
 153}
 154
 155void ppc6xx_irq_init(PowerPCCPU *cpu)
 156{
 157    CPUPPCState *env = &cpu->env;
 158
 159    env->irq_inputs = (void **)qemu_allocate_irqs(&ppc6xx_set_irq, cpu,
 160                                                  PPC6xx_INPUT_NB);
 161}
 162
 163#if defined(TARGET_PPC64)
 164/* PowerPC 970 internal IRQ controller */
 165static void ppc970_set_irq(void *opaque, int pin, int level)
 166{
 167    PowerPCCPU *cpu = opaque;
 168    CPUPPCState *env = &cpu->env;
 169    int cur_level;
 170
 171    trace_ppc_irq_set(env, pin, level);
 172
 173    cur_level = (env->irq_input_state >> pin) & 1;
 174    /* Don't generate spurious events */
 175    if ((cur_level == 1 && level == 0) || (cur_level == 0 && level != 0)) {
 176        CPUState *cs = CPU(cpu);
 177
 178        switch (pin) {
 179        case PPC970_INPUT_INT:
 180            /* Level sensitive - active high */
 181            trace_ppc_irq_set_state("external IRQ", level);
 182            ppc_set_irq(cpu, PPC_INTERRUPT_EXT, level);
 183            break;
 184        case PPC970_INPUT_THINT:
 185            /* Level sensitive - active high */
 186            trace_ppc_irq_set_state("SMI IRQ", level);
 187            ppc_set_irq(cpu, PPC_INTERRUPT_THERM, level);
 188            break;
 189        case PPC970_INPUT_MCP:
 190            /* Negative edge sensitive */
 191            /* XXX: TODO: actual reaction may depends on HID0 status
 192             *            603/604/740/750: check HID0[EMCP]
 193             */
 194            if (cur_level == 1 && level == 0) {
 195                trace_ppc_irq_set_state("machine check", 1);
 196                ppc_set_irq(cpu, PPC_INTERRUPT_MCK, 1);
 197            }
 198            break;
 199        case PPC970_INPUT_CKSTP:
 200            /* Level sensitive - active low */
 201            /* XXX: TODO: relay the signal to CKSTP_OUT pin */
 202            if (level) {
 203                trace_ppc_irq_cpu("stop");
 204                cs->halted = 1;
 205            } else {
 206                trace_ppc_irq_cpu("restart");
 207                cs->halted = 0;
 208                qemu_cpu_kick(cs);
 209            }
 210            break;
 211        case PPC970_INPUT_HRESET:
 212            /* Level sensitive - active low */
 213            if (level) {
 214                cpu_interrupt(cs, CPU_INTERRUPT_RESET);
 215            }
 216            break;
 217        case PPC970_INPUT_SRESET:
 218            trace_ppc_irq_set_state("RESET IRQ", level);
 219            ppc_set_irq(cpu, PPC_INTERRUPT_RESET, level);
 220            break;
 221        case PPC970_INPUT_TBEN:
 222            trace_ppc_irq_set_state("TBEN IRQ", level);
 223            /* XXX: TODO */
 224            break;
 225        default:
 226            g_assert_not_reached();
 227        }
 228        if (level)
 229            env->irq_input_state |= 1 << pin;
 230        else
 231            env->irq_input_state &= ~(1 << pin);
 232    }
 233}
 234
 235void ppc970_irq_init(PowerPCCPU *cpu)
 236{
 237    CPUPPCState *env = &cpu->env;
 238
 239    env->irq_inputs = (void **)qemu_allocate_irqs(&ppc970_set_irq, cpu,
 240                                                  PPC970_INPUT_NB);
 241}
 242
 243/* POWER7 internal IRQ controller */
 244static void power7_set_irq(void *opaque, int pin, int level)
 245{
 246    PowerPCCPU *cpu = opaque;
 247
 248    trace_ppc_irq_set(&cpu->env, pin, level);
 249
 250    switch (pin) {
 251    case POWER7_INPUT_INT:
 252        /* Level sensitive - active high */
 253        trace_ppc_irq_set_state("external IRQ", level);
 254        ppc_set_irq(cpu, PPC_INTERRUPT_EXT, level);
 255        break;
 256    default:
 257        g_assert_not_reached();
 258    }
 259}
 260
 261void ppcPOWER7_irq_init(PowerPCCPU *cpu)
 262{
 263    CPUPPCState *env = &cpu->env;
 264
 265    env->irq_inputs = (void **)qemu_allocate_irqs(&power7_set_irq, cpu,
 266                                                  POWER7_INPUT_NB);
 267}
 268
 269/* POWER9 internal IRQ controller */
 270static void power9_set_irq(void *opaque, int pin, int level)
 271{
 272    PowerPCCPU *cpu = opaque;
 273
 274    trace_ppc_irq_set(&cpu->env, pin, level);
 275
 276    switch (pin) {
 277    case POWER9_INPUT_INT:
 278        /* Level sensitive - active high */
 279        trace_ppc_irq_set_state("external IRQ", level);
 280        ppc_set_irq(cpu, PPC_INTERRUPT_EXT, level);
 281        break;
 282    case POWER9_INPUT_HINT:
 283        /* Level sensitive - active high */
 284        trace_ppc_irq_set_state("HV external IRQ", level);
 285        ppc_set_irq(cpu, PPC_INTERRUPT_HVIRT, level);
 286        break;
 287    default:
 288        g_assert_not_reached();
 289        return;
 290    }
 291}
 292
 293void ppcPOWER9_irq_init(PowerPCCPU *cpu)
 294{
 295    CPUPPCState *env = &cpu->env;
 296
 297    env->irq_inputs = (void **)qemu_allocate_irqs(&power9_set_irq, cpu,
 298                                                  POWER9_INPUT_NB);
 299}
 300#endif /* defined(TARGET_PPC64) */
 301
 302void ppc40x_core_reset(PowerPCCPU *cpu)
 303{
 304    CPUPPCState *env = &cpu->env;
 305    target_ulong dbsr;
 306
 307    qemu_log_mask(CPU_LOG_RESET, "Reset PowerPC core\n");
 308    cpu_interrupt(CPU(cpu), CPU_INTERRUPT_RESET);
 309    dbsr = env->spr[SPR_40x_DBSR];
 310    dbsr &= ~0x00000300;
 311    dbsr |= 0x00000100;
 312    env->spr[SPR_40x_DBSR] = dbsr;
 313}
 314
 315void ppc40x_chip_reset(PowerPCCPU *cpu)
 316{
 317    CPUPPCState *env = &cpu->env;
 318    target_ulong dbsr;
 319
 320    qemu_log_mask(CPU_LOG_RESET, "Reset PowerPC chip\n");
 321    cpu_interrupt(CPU(cpu), CPU_INTERRUPT_RESET);
 322    /* XXX: TODO reset all internal peripherals */
 323    dbsr = env->spr[SPR_40x_DBSR];
 324    dbsr &= ~0x00000300;
 325    dbsr |= 0x00000200;
 326    env->spr[SPR_40x_DBSR] = dbsr;
 327}
 328
 329void ppc40x_system_reset(PowerPCCPU *cpu)
 330{
 331    qemu_log_mask(CPU_LOG_RESET, "Reset PowerPC system\n");
 332    qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET);
 333}
 334
 335void store_40x_dbcr0(CPUPPCState *env, uint32_t val)
 336{
 337    PowerPCCPU *cpu = env_archcpu(env);
 338
 339    qemu_mutex_lock_iothread();
 340
 341    switch ((val >> 28) & 0x3) {
 342    case 0x0:
 343        /* No action */
 344        break;
 345    case 0x1:
 346        /* Core reset */
 347        ppc40x_core_reset(cpu);
 348        break;
 349    case 0x2:
 350        /* Chip reset */
 351        ppc40x_chip_reset(cpu);
 352        break;
 353    case 0x3:
 354        /* System reset */
 355        ppc40x_system_reset(cpu);
 356        break;
 357    }
 358
 359    qemu_mutex_unlock_iothread();
 360}
 361
 362/* PowerPC 40x internal IRQ controller */
 363static void ppc40x_set_irq(void *opaque, int pin, int level)
 364{
 365    PowerPCCPU *cpu = opaque;
 366    CPUPPCState *env = &cpu->env;
 367    int cur_level;
 368
 369    trace_ppc_irq_set(env, pin, level);
 370
 371    cur_level = (env->irq_input_state >> pin) & 1;
 372    /* Don't generate spurious events */
 373    if ((cur_level == 1 && level == 0) || (cur_level == 0 && level != 0)) {
 374        CPUState *cs = CPU(cpu);
 375
 376        switch (pin) {
 377        case PPC40x_INPUT_RESET_SYS:
 378            if (level) {
 379                trace_ppc_irq_reset("system");
 380                ppc40x_system_reset(cpu);
 381            }
 382            break;
 383        case PPC40x_INPUT_RESET_CHIP:
 384            if (level) {
 385                trace_ppc_irq_reset("chip");
 386                ppc40x_chip_reset(cpu);
 387            }
 388            break;
 389        case PPC40x_INPUT_RESET_CORE:
 390            /* XXX: TODO: update DBSR[MRR] */
 391            if (level) {
 392                trace_ppc_irq_reset("core");
 393                ppc40x_core_reset(cpu);
 394            }
 395            break;
 396        case PPC40x_INPUT_CINT:
 397            /* Level sensitive - active high */
 398            trace_ppc_irq_set_state("critical IRQ", level);
 399            ppc_set_irq(cpu, PPC_INTERRUPT_CEXT, level);
 400            break;
 401        case PPC40x_INPUT_INT:
 402            /* Level sensitive - active high */
 403            trace_ppc_irq_set_state("external IRQ", level);
 404            ppc_set_irq(cpu, PPC_INTERRUPT_EXT, level);
 405            break;
 406        case PPC40x_INPUT_HALT:
 407            /* Level sensitive - active low */
 408            if (level) {
 409                trace_ppc_irq_cpu("stop");
 410                cs->halted = 1;
 411            } else {
 412                trace_ppc_irq_cpu("restart");
 413                cs->halted = 0;
 414                qemu_cpu_kick(cs);
 415            }
 416            break;
 417        case PPC40x_INPUT_DEBUG:
 418            /* Level sensitive - active high */
 419            trace_ppc_irq_set_state("debug pin", level);
 420            ppc_set_irq(cpu, PPC_INTERRUPT_DEBUG, level);
 421            break;
 422        default:
 423            g_assert_not_reached();
 424        }
 425        if (level)
 426            env->irq_input_state |= 1 << pin;
 427        else
 428            env->irq_input_state &= ~(1 << pin);
 429    }
 430}
 431
 432void ppc40x_irq_init(PowerPCCPU *cpu)
 433{
 434    CPUPPCState *env = &cpu->env;
 435
 436    env->irq_inputs = (void **)qemu_allocate_irqs(&ppc40x_set_irq,
 437                                                  cpu, PPC40x_INPUT_NB);
 438}
 439
 440/* PowerPC E500 internal IRQ controller */
 441static void ppce500_set_irq(void *opaque, int pin, int level)
 442{
 443    PowerPCCPU *cpu = opaque;
 444    CPUPPCState *env = &cpu->env;
 445    int cur_level;
 446
 447    trace_ppc_irq_set(env, pin, level);
 448
 449    cur_level = (env->irq_input_state >> pin) & 1;
 450    /* Don't generate spurious events */
 451    if ((cur_level == 1 && level == 0) || (cur_level == 0 && level != 0)) {
 452        switch (pin) {
 453        case PPCE500_INPUT_MCK:
 454            if (level) {
 455                trace_ppc_irq_reset("system");
 456                qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET);
 457            }
 458            break;
 459        case PPCE500_INPUT_RESET_CORE:
 460            if (level) {
 461                trace_ppc_irq_reset("core");
 462                ppc_set_irq(cpu, PPC_INTERRUPT_MCK, level);
 463            }
 464            break;
 465        case PPCE500_INPUT_CINT:
 466            /* Level sensitive - active high */
 467            trace_ppc_irq_set_state("critical IRQ", level);
 468            ppc_set_irq(cpu, PPC_INTERRUPT_CEXT, level);
 469            break;
 470        case PPCE500_INPUT_INT:
 471            /* Level sensitive - active high */
 472            trace_ppc_irq_set_state("core IRQ", level);
 473            ppc_set_irq(cpu, PPC_INTERRUPT_EXT, level);
 474            break;
 475        case PPCE500_INPUT_DEBUG:
 476            /* Level sensitive - active high */
 477            trace_ppc_irq_set_state("debug pin", level);
 478            ppc_set_irq(cpu, PPC_INTERRUPT_DEBUG, level);
 479            break;
 480        default:
 481            g_assert_not_reached();
 482        }
 483        if (level)
 484            env->irq_input_state |= 1 << pin;
 485        else
 486            env->irq_input_state &= ~(1 << pin);
 487    }
 488}
 489
 490void ppce500_irq_init(PowerPCCPU *cpu)
 491{
 492    CPUPPCState *env = &cpu->env;
 493
 494    env->irq_inputs = (void **)qemu_allocate_irqs(&ppce500_set_irq,
 495                                                  cpu, PPCE500_INPUT_NB);
 496}
 497
 498/* Enable or Disable the E500 EPR capability */
 499void ppce500_set_mpic_proxy(bool enabled)
 500{
 501    CPUState *cs;
 502
 503    CPU_FOREACH(cs) {
 504        PowerPCCPU *cpu = POWERPC_CPU(cs);
 505
 506        cpu->env.mpic_proxy = enabled;
 507        if (kvm_enabled()) {
 508            kvmppc_set_mpic_proxy(cpu, enabled);
 509        }
 510    }
 511}
 512
 513/*****************************************************************************/
 514/* PowerPC time base and decrementer emulation */
 515
 516uint64_t cpu_ppc_get_tb(ppc_tb_t *tb_env, uint64_t vmclk, int64_t tb_offset)
 517{
 518    /* TB time in tb periods */
 519    return muldiv64(vmclk, tb_env->tb_freq, NANOSECONDS_PER_SECOND) + tb_offset;
 520}
 521
 522uint64_t cpu_ppc_load_tbl (CPUPPCState *env)
 523{
 524    ppc_tb_t *tb_env = env->tb_env;
 525    uint64_t tb;
 526
 527    if (kvm_enabled()) {
 528        return env->spr[SPR_TBL];
 529    }
 530
 531    tb = cpu_ppc_get_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), tb_env->tb_offset);
 532    trace_ppc_tb_load(tb);
 533
 534    return tb;
 535}
 536
 537static inline uint32_t _cpu_ppc_load_tbu(CPUPPCState *env)
 538{
 539    ppc_tb_t *tb_env = env->tb_env;
 540    uint64_t tb;
 541
 542    tb = cpu_ppc_get_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), tb_env->tb_offset);
 543    trace_ppc_tb_load(tb);
 544
 545    return tb >> 32;
 546}
 547
 548uint32_t cpu_ppc_load_tbu (CPUPPCState *env)
 549{
 550    if (kvm_enabled()) {
 551        return env->spr[SPR_TBU];
 552    }
 553
 554    return _cpu_ppc_load_tbu(env);
 555}
 556
 557static inline void cpu_ppc_store_tb(ppc_tb_t *tb_env, uint64_t vmclk,
 558                                    int64_t *tb_offsetp, uint64_t value)
 559{
 560    *tb_offsetp = value -
 561        muldiv64(vmclk, tb_env->tb_freq, NANOSECONDS_PER_SECOND);
 562
 563    trace_ppc_tb_store(value, *tb_offsetp);
 564}
 565
 566void cpu_ppc_store_tbl (CPUPPCState *env, uint32_t value)
 567{
 568    ppc_tb_t *tb_env = env->tb_env;
 569    uint64_t tb;
 570
 571    tb = cpu_ppc_get_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), tb_env->tb_offset);
 572    tb &= 0xFFFFFFFF00000000ULL;
 573    cpu_ppc_store_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL),
 574                     &tb_env->tb_offset, tb | (uint64_t)value);
 575}
 576
 577static inline void _cpu_ppc_store_tbu(CPUPPCState *env, uint32_t value)
 578{
 579    ppc_tb_t *tb_env = env->tb_env;
 580    uint64_t tb;
 581
 582    tb = cpu_ppc_get_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), tb_env->tb_offset);
 583    tb &= 0x00000000FFFFFFFFULL;
 584    cpu_ppc_store_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL),
 585                     &tb_env->tb_offset, ((uint64_t)value << 32) | tb);
 586}
 587
 588void cpu_ppc_store_tbu (CPUPPCState *env, uint32_t value)
 589{
 590    _cpu_ppc_store_tbu(env, value);
 591}
 592
 593uint64_t cpu_ppc_load_atbl (CPUPPCState *env)
 594{
 595    ppc_tb_t *tb_env = env->tb_env;
 596    uint64_t tb;
 597
 598    tb = cpu_ppc_get_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), tb_env->atb_offset);
 599    trace_ppc_tb_load(tb);
 600
 601    return tb;
 602}
 603
 604uint32_t cpu_ppc_load_atbu (CPUPPCState *env)
 605{
 606    ppc_tb_t *tb_env = env->tb_env;
 607    uint64_t tb;
 608
 609    tb = cpu_ppc_get_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), tb_env->atb_offset);
 610    trace_ppc_tb_load(tb);
 611
 612    return tb >> 32;
 613}
 614
 615void cpu_ppc_store_atbl (CPUPPCState *env, uint32_t value)
 616{
 617    ppc_tb_t *tb_env = env->tb_env;
 618    uint64_t tb;
 619
 620    tb = cpu_ppc_get_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), tb_env->atb_offset);
 621    tb &= 0xFFFFFFFF00000000ULL;
 622    cpu_ppc_store_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL),
 623                     &tb_env->atb_offset, tb | (uint64_t)value);
 624}
 625
 626void cpu_ppc_store_atbu (CPUPPCState *env, uint32_t value)
 627{
 628    ppc_tb_t *tb_env = env->tb_env;
 629    uint64_t tb;
 630
 631    tb = cpu_ppc_get_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), tb_env->atb_offset);
 632    tb &= 0x00000000FFFFFFFFULL;
 633    cpu_ppc_store_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL),
 634                     &tb_env->atb_offset, ((uint64_t)value << 32) | tb);
 635}
 636
 637uint64_t cpu_ppc_load_vtb(CPUPPCState *env)
 638{
 639    ppc_tb_t *tb_env = env->tb_env;
 640
 641    return cpu_ppc_get_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL),
 642                          tb_env->vtb_offset);
 643}
 644
 645void cpu_ppc_store_vtb(CPUPPCState *env, uint64_t value)
 646{
 647    ppc_tb_t *tb_env = env->tb_env;
 648
 649    cpu_ppc_store_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL),
 650                     &tb_env->vtb_offset, value);
 651}
 652
 653void cpu_ppc_store_tbu40(CPUPPCState *env, uint64_t value)
 654{
 655    ppc_tb_t *tb_env = env->tb_env;
 656    uint64_t tb;
 657
 658    tb = cpu_ppc_get_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL),
 659                        tb_env->tb_offset);
 660    tb &= 0xFFFFFFUL;
 661    tb |= (value & ~0xFFFFFFUL);
 662    cpu_ppc_store_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL),
 663                     &tb_env->tb_offset, tb);
 664}
 665
 666static void cpu_ppc_tb_stop (CPUPPCState *env)
 667{
 668    ppc_tb_t *tb_env = env->tb_env;
 669    uint64_t tb, atb, vmclk;
 670
 671    /* If the time base is already frozen, do nothing */
 672    if (tb_env->tb_freq != 0) {
 673        vmclk = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
 674        /* Get the time base */
 675        tb = cpu_ppc_get_tb(tb_env, vmclk, tb_env->tb_offset);
 676        /* Get the alternate time base */
 677        atb = cpu_ppc_get_tb(tb_env, vmclk, tb_env->atb_offset);
 678        /* Store the time base value (ie compute the current offset) */
 679        cpu_ppc_store_tb(tb_env, vmclk, &tb_env->tb_offset, tb);
 680        /* Store the alternate time base value (compute the current offset) */
 681        cpu_ppc_store_tb(tb_env, vmclk, &tb_env->atb_offset, atb);
 682        /* Set the time base frequency to zero */
 683        tb_env->tb_freq = 0;
 684        /* Now, the time bases are frozen to tb_offset / atb_offset value */
 685    }
 686}
 687
 688static void cpu_ppc_tb_start (CPUPPCState *env)
 689{
 690    ppc_tb_t *tb_env = env->tb_env;
 691    uint64_t tb, atb, vmclk;
 692
 693    /* If the time base is not frozen, do nothing */
 694    if (tb_env->tb_freq == 0) {
 695        vmclk = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
 696        /* Get the time base from tb_offset */
 697        tb = tb_env->tb_offset;
 698        /* Get the alternate time base from atb_offset */
 699        atb = tb_env->atb_offset;
 700        /* Restore the tb frequency from the decrementer frequency */
 701        tb_env->tb_freq = tb_env->decr_freq;
 702        /* Store the time base value */
 703        cpu_ppc_store_tb(tb_env, vmclk, &tb_env->tb_offset, tb);
 704        /* Store the alternate time base value */
 705        cpu_ppc_store_tb(tb_env, vmclk, &tb_env->atb_offset, atb);
 706    }
 707}
 708
 709bool ppc_decr_clear_on_delivery(CPUPPCState *env)
 710{
 711    ppc_tb_t *tb_env = env->tb_env;
 712    int flags = PPC_DECR_UNDERFLOW_TRIGGERED | PPC_DECR_UNDERFLOW_LEVEL;
 713    return ((tb_env->flags & flags) == PPC_DECR_UNDERFLOW_TRIGGERED);
 714}
 715
 716static inline int64_t _cpu_ppc_load_decr(CPUPPCState *env, uint64_t next)
 717{
 718    ppc_tb_t *tb_env = env->tb_env;
 719    int64_t decr, diff;
 720
 721    diff = next - qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
 722    if (diff >= 0) {
 723        decr = muldiv64(diff, tb_env->decr_freq, NANOSECONDS_PER_SECOND);
 724    } else if (tb_env->flags & PPC_TIMER_BOOKE) {
 725        decr = 0;
 726    }  else {
 727        decr = -muldiv64(-diff, tb_env->decr_freq, NANOSECONDS_PER_SECOND);
 728    }
 729    trace_ppc_decr_load(decr);
 730
 731    return decr;
 732}
 733
 734target_ulong cpu_ppc_load_decr(CPUPPCState *env)
 735{
 736    ppc_tb_t *tb_env = env->tb_env;
 737    uint64_t decr;
 738
 739    if (kvm_enabled()) {
 740        return env->spr[SPR_DECR];
 741    }
 742
 743    decr = _cpu_ppc_load_decr(env, tb_env->decr_next);
 744
 745    /*
 746     * If large decrementer is enabled then the decrementer is signed extened
 747     * to 64 bits, otherwise it is a 32 bit value.
 748     */
 749    if (env->spr[SPR_LPCR] & LPCR_LD) {
 750        return decr;
 751    }
 752    return (uint32_t) decr;
 753}
 754
 755target_ulong cpu_ppc_load_hdecr(CPUPPCState *env)
 756{
 757    PowerPCCPU *cpu = env_archcpu(env);
 758    PowerPCCPUClass *pcc = POWERPC_CPU_GET_CLASS(cpu);
 759    ppc_tb_t *tb_env = env->tb_env;
 760    uint64_t hdecr;
 761
 762    hdecr =  _cpu_ppc_load_decr(env, tb_env->hdecr_next);
 763
 764    /*
 765     * If we have a large decrementer (POWER9 or later) then hdecr is sign
 766     * extended to 64 bits, otherwise it is 32 bits.
 767     */
 768    if (pcc->lrg_decr_bits > 32) {
 769        return hdecr;
 770    }
 771    return (uint32_t) hdecr;
 772}
 773
 774uint64_t cpu_ppc_load_purr (CPUPPCState *env)
 775{
 776    ppc_tb_t *tb_env = env->tb_env;
 777
 778    return cpu_ppc_get_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL),
 779                          tb_env->purr_offset);
 780}
 781
 782/* When decrementer expires,
 783 * all we need to do is generate or queue a CPU exception
 784 */
 785static inline void cpu_ppc_decr_excp(PowerPCCPU *cpu)
 786{
 787    /* Raise it */
 788    trace_ppc_decr_excp("raise");
 789    ppc_set_irq(cpu, PPC_INTERRUPT_DECR, 1);
 790}
 791
 792static inline void cpu_ppc_decr_lower(PowerPCCPU *cpu)
 793{
 794    ppc_set_irq(cpu, PPC_INTERRUPT_DECR, 0);
 795}
 796
 797static inline void cpu_ppc_hdecr_excp(PowerPCCPU *cpu)
 798{
 799    CPUPPCState *env = &cpu->env;
 800
 801    /* Raise it */
 802    trace_ppc_decr_excp("raise HV");
 803
 804    /* The architecture specifies that we don't deliver HDEC
 805     * interrupts in a PM state. Not only they don't cause a
 806     * wakeup but they also get effectively discarded.
 807     */
 808    if (!env->resume_as_sreset) {
 809        ppc_set_irq(cpu, PPC_INTERRUPT_HDECR, 1);
 810    }
 811}
 812
 813static inline void cpu_ppc_hdecr_lower(PowerPCCPU *cpu)
 814{
 815    ppc_set_irq(cpu, PPC_INTERRUPT_HDECR, 0);
 816}
 817
 818static void __cpu_ppc_store_decr(PowerPCCPU *cpu, uint64_t *nextp,
 819                                 QEMUTimer *timer,
 820                                 void (*raise_excp)(void *),
 821                                 void (*lower_excp)(PowerPCCPU *),
 822                                 target_ulong decr, target_ulong value,
 823                                 int nr_bits)
 824{
 825    CPUPPCState *env = &cpu->env;
 826    ppc_tb_t *tb_env = env->tb_env;
 827    uint64_t now, next;
 828    int64_t signed_value;
 829    int64_t signed_decr;
 830
 831    /* Truncate value to decr_width and sign extend for simplicity */
 832    signed_value = sextract64(value, 0, nr_bits);
 833    signed_decr = sextract64(decr, 0, nr_bits);
 834
 835    trace_ppc_decr_store(nr_bits, decr, value);
 836
 837    if (kvm_enabled()) {
 838        /* KVM handles decrementer exceptions, we don't need our own timer */
 839        return;
 840    }
 841
 842    /*
 843     * Going from 2 -> 1, 1 -> 0 or 0 -> -1 is the event to generate a DEC
 844     * interrupt.
 845     *
 846     * If we get a really small DEC value, we can assume that by the time we
 847     * handled it we should inject an interrupt already.
 848     *
 849     * On MSB level based DEC implementations the MSB always means the interrupt
 850     * is pending, so raise it on those.
 851     *
 852     * On MSB edge based DEC implementations the MSB going from 0 -> 1 triggers
 853     * an edge interrupt, so raise it here too.
 854     */
 855    if ((value < 3) ||
 856        ((tb_env->flags & PPC_DECR_UNDERFLOW_LEVEL) && signed_value < 0) ||
 857        ((tb_env->flags & PPC_DECR_UNDERFLOW_TRIGGERED) && signed_value < 0
 858          && signed_decr >= 0)) {
 859        (*raise_excp)(cpu);
 860        return;
 861    }
 862
 863    /* On MSB level based systems a 0 for the MSB stops interrupt delivery */
 864    if (signed_value >= 0 && (tb_env->flags & PPC_DECR_UNDERFLOW_LEVEL)) {
 865        (*lower_excp)(cpu);
 866    }
 867
 868    /* Calculate the next timer event */
 869    now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
 870    next = now + muldiv64(value, NANOSECONDS_PER_SECOND, tb_env->decr_freq);
 871    *nextp = next;
 872
 873    /* Adjust timer */
 874    timer_mod(timer, next);
 875}
 876
 877static inline void _cpu_ppc_store_decr(PowerPCCPU *cpu, target_ulong decr,
 878                                       target_ulong value, int nr_bits)
 879{
 880    ppc_tb_t *tb_env = cpu->env.tb_env;
 881
 882    __cpu_ppc_store_decr(cpu, &tb_env->decr_next, tb_env->decr_timer,
 883                         tb_env->decr_timer->cb, &cpu_ppc_decr_lower, decr,
 884                         value, nr_bits);
 885}
 886
 887void cpu_ppc_store_decr(CPUPPCState *env, target_ulong value)
 888{
 889    PowerPCCPU *cpu = env_archcpu(env);
 890    PowerPCCPUClass *pcc = POWERPC_CPU_GET_CLASS(cpu);
 891    int nr_bits = 32;
 892
 893    if (env->spr[SPR_LPCR] & LPCR_LD) {
 894        nr_bits = pcc->lrg_decr_bits;
 895    }
 896
 897    _cpu_ppc_store_decr(cpu, cpu_ppc_load_decr(env), value, nr_bits);
 898}
 899
 900static void cpu_ppc_decr_cb(void *opaque)
 901{
 902    PowerPCCPU *cpu = opaque;
 903
 904    cpu_ppc_decr_excp(cpu);
 905}
 906
 907static inline void _cpu_ppc_store_hdecr(PowerPCCPU *cpu, target_ulong hdecr,
 908                                        target_ulong value, int nr_bits)
 909{
 910    ppc_tb_t *tb_env = cpu->env.tb_env;
 911
 912    if (tb_env->hdecr_timer != NULL) {
 913        __cpu_ppc_store_decr(cpu, &tb_env->hdecr_next, tb_env->hdecr_timer,
 914                             tb_env->hdecr_timer->cb, &cpu_ppc_hdecr_lower,
 915                             hdecr, value, nr_bits);
 916    }
 917}
 918
 919void cpu_ppc_store_hdecr(CPUPPCState *env, target_ulong value)
 920{
 921    PowerPCCPU *cpu = env_archcpu(env);
 922    PowerPCCPUClass *pcc = POWERPC_CPU_GET_CLASS(cpu);
 923
 924    _cpu_ppc_store_hdecr(cpu, cpu_ppc_load_hdecr(env), value,
 925                         pcc->lrg_decr_bits);
 926}
 927
 928static void cpu_ppc_hdecr_cb(void *opaque)
 929{
 930    PowerPCCPU *cpu = opaque;
 931
 932    cpu_ppc_hdecr_excp(cpu);
 933}
 934
 935void cpu_ppc_store_purr(CPUPPCState *env, uint64_t value)
 936{
 937    ppc_tb_t *tb_env = env->tb_env;
 938
 939    cpu_ppc_store_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL),
 940                     &tb_env->purr_offset, value);
 941}
 942
 943static void cpu_ppc_set_tb_clk (void *opaque, uint32_t freq)
 944{
 945    CPUPPCState *env = opaque;
 946    PowerPCCPU *cpu = env_archcpu(env);
 947    ppc_tb_t *tb_env = env->tb_env;
 948
 949    tb_env->tb_freq = freq;
 950    tb_env->decr_freq = freq;
 951    /* There is a bug in Linux 2.4 kernels:
 952     * if a decrementer exception is pending when it enables msr_ee at startup,
 953     * it's not ready to handle it...
 954     */
 955    _cpu_ppc_store_decr(cpu, 0xFFFFFFFF, 0xFFFFFFFF, 32);
 956    _cpu_ppc_store_hdecr(cpu, 0xFFFFFFFF, 0xFFFFFFFF, 32);
 957    cpu_ppc_store_purr(env, 0x0000000000000000ULL);
 958}
 959
 960static void timebase_save(PPCTimebase *tb)
 961{
 962    uint64_t ticks = cpu_get_host_ticks();
 963    PowerPCCPU *first_ppc_cpu = POWERPC_CPU(first_cpu);
 964
 965    if (!first_ppc_cpu->env.tb_env) {
 966        error_report("No timebase object");
 967        return;
 968    }
 969
 970    /* not used anymore, we keep it for compatibility */
 971    tb->time_of_the_day_ns = qemu_clock_get_ns(QEMU_CLOCK_HOST);
 972    /*
 973     * tb_offset is only expected to be changed by QEMU so
 974     * there is no need to update it from KVM here
 975     */
 976    tb->guest_timebase = ticks + first_ppc_cpu->env.tb_env->tb_offset;
 977
 978    tb->runstate_paused =
 979        runstate_check(RUN_STATE_PAUSED) || runstate_check(RUN_STATE_SAVE_VM);
 980}
 981
 982static void timebase_load(PPCTimebase *tb)
 983{
 984    CPUState *cpu;
 985    PowerPCCPU *first_ppc_cpu = POWERPC_CPU(first_cpu);
 986    int64_t tb_off_adj, tb_off;
 987    unsigned long freq;
 988
 989    if (!first_ppc_cpu->env.tb_env) {
 990        error_report("No timebase object");
 991        return;
 992    }
 993
 994    freq = first_ppc_cpu->env.tb_env->tb_freq;
 995
 996    tb_off_adj = tb->guest_timebase - cpu_get_host_ticks();
 997
 998    tb_off = first_ppc_cpu->env.tb_env->tb_offset;
 999    trace_ppc_tb_adjust(tb_off, tb_off_adj, tb_off_adj - tb_off,
1000                        (tb_off_adj - tb_off) / freq);

1001
1002    /* Set new offset to all CPUs */
1003    CPU_FOREACH(cpu) {
1004        PowerPCCPU *pcpu = POWERPC_CPU(cpu);
1005        pcpu->env.tb_env->tb_offset = tb_off_adj;
1006        kvmppc_set_reg_tb_offset(pcpu, pcpu->env.tb_env->tb_offset);
1007    }
1008}
1009
1010void cpu_ppc_clock_vm_state_change(void *opaque, bool running,
1011                                   RunState state)
1012{
1013    PPCTimebase *tb = opaque;
1014
1015    if (running) {
1016        timebase_load(tb);
1017    } else {
1018        timebase_save(tb);
1019    }
1020}
1021
1022/*
1023 * When migrating a running guest, read the clock just
1024 * before migration, so that the guest clock counts
1025 * during the events between:
1026 *
1027 *  * vm_stop()
1028 *  *
1029 *  * pre_save()
1030 *
1031 *  This reduces clock difference on migration from 5s
1032 *  to 0.1s (when max_downtime == 5s), because sending the
1033 *  final pages of memory (which happens between vm_stop()
1034 *  and pre_save()) takes max_downtime.
1035 */
1036static int timebase_pre_save(void *opaque)
1037{
1038    PPCTimebase *tb = opaque;
1039
1040    /* guest_timebase won't be overridden in case of paused guest or savevm */
1041    if (!tb->runstate_paused) {
1042        timebase_save(tb);
1043    }
1044
1045    return 0;
1046}
1047
1048const VMStateDescription vmstate_ppc_timebase = {
1049    .name = "timebase",
1050    .version_id = 1,
1051    .minimum_version_id = 1,
1052    .minimum_version_id_old = 1,
1053    .pre_save = timebase_pre_save,
1054    .fields      = (VMStateField []) {
1055        VMSTATE_UINT64(guest_timebase, PPCTimebase),
1056        VMSTATE_INT64(time_of_the_day_ns, PPCTimebase),
1057        VMSTATE_END_OF_LIST()
1058    },
1059};
1060
1061/* Set up (once) timebase frequency (in Hz) */
1062clk_setup_cb cpu_ppc_tb_init (CPUPPCState *env, uint32_t freq)
1063{
1064    PowerPCCPU *cpu = env_archcpu(env);
1065    ppc_tb_t *tb_env;
1066
1067    tb_env = g_malloc0(sizeof(ppc_tb_t));
1068    env->tb_env = tb_env;
1069    tb_env->flags = PPC_DECR_UNDERFLOW_TRIGGERED;
1070    if (is_book3s_arch2x(env)) {
1071        /* All Book3S 64bit CPUs implement level based DEC logic */
1072        tb_env->flags |= PPC_DECR_UNDERFLOW_LEVEL;
1073    }
1074    /* Create new timer */
1075    tb_env->decr_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, &cpu_ppc_decr_cb, cpu);
1076    if (env->has_hv_mode) {
1077        tb_env->hdecr_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, &cpu_ppc_hdecr_cb,
1078                                                cpu);
1079    } else {
1080        tb_env->hdecr_timer = NULL;
1081    }
1082    cpu_ppc_set_tb_clk(env, freq);
1083
1084    return &cpu_ppc_set_tb_clk;
1085}
1086
1087/* Specific helpers for POWER & PowerPC 601 RTC */
1088void cpu_ppc601_store_rtcu (CPUPPCState *env, uint32_t value)
1089{
1090    _cpu_ppc_store_tbu(env, value);
1091}
1092
1093uint32_t cpu_ppc601_load_rtcu (CPUPPCState *env)
1094{
1095    return _cpu_ppc_load_tbu(env);
1096}
1097
1098void cpu_ppc601_store_rtcl (CPUPPCState *env, uint32_t value)
1099{
1100    cpu_ppc_store_tbl(env, value & 0x3FFFFF80);
1101}
1102
1103uint32_t cpu_ppc601_load_rtcl (CPUPPCState *env)
1104{
1105    return cpu_ppc_load_tbl(env) & 0x3FFFFF80;
1106}
1107
1108/*****************************************************************************/
1109/* PowerPC 40x timers */
1110
1111/* PIT, FIT & WDT */
1112typedef struct ppc40x_timer_t ppc40x_timer_t;
1113struct ppc40x_timer_t {
1114    uint64_t pit_reload;  /* PIT auto-reload value        */
1115    uint64_t fit_next;    /* Tick for next FIT interrupt  */
1116    QEMUTimer *fit_timer;
1117    uint64_t wdt_next;    /* Tick for next WDT interrupt  */
1118    QEMUTimer *wdt_timer;
1119
1120    /* 405 have the PIT, 440 have a DECR.  */
1121    unsigned int decr_excp;
1122};
1123
1124/* Fixed interval timer */
1125static void cpu_4xx_fit_cb (void *opaque)
1126{
1127    PowerPCCPU *cpu;
1128    CPUPPCState *env;
1129    ppc_tb_t *tb_env;
1130    ppc40x_timer_t *ppc40x_timer;
1131    uint64_t now, next;
1132
1133    env = opaque;
1134    cpu = env_archcpu(env);
1135    tb_env = env->tb_env;
1136    ppc40x_timer = tb_env->opaque;
1137    now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
1138    switch ((env->spr[SPR_40x_TCR] >> 24) & 0x3) {
1139    case 0:
1140        next = 1 << 9;
1141        break;
1142    case 1:
1143        next = 1 << 13;
1144        break;
1145    case 2:
1146        next = 1 << 17;
1147        break;
1148    case 3:
1149        next = 1 << 21;
1150        break;
1151    default:
1152        /* Cannot occur, but makes gcc happy */
1153        return;
1154    }
1155    next = now + muldiv64(next, NANOSECONDS_PER_SECOND, tb_env->tb_freq);
1156    if (next == now)
1157        next++;
1158    timer_mod(ppc40x_timer->fit_timer, next);
1159    env->spr[SPR_40x_TSR] |= 1 << 26;
1160    if ((env->spr[SPR_40x_TCR] >> 23) & 0x1) {
1161        ppc_set_irq(cpu, PPC_INTERRUPT_FIT, 1);
1162    }
1163    trace_ppc4xx_fit((int)((env->spr[SPR_40x_TCR] >> 23) & 0x1),
1164                         env->spr[SPR_40x_TCR], env->spr[SPR_40x_TSR]);
1165}
1166
1167/* Programmable interval timer */
1168static void start_stop_pit (CPUPPCState *env, ppc_tb_t *tb_env, int is_excp)
1169{
1170    ppc40x_timer_t *ppc40x_timer;
1171    uint64_t now, next;
1172
1173    ppc40x_timer = tb_env->opaque;
1174    if (ppc40x_timer->pit_reload <= 1 ||
1175        !((env->spr[SPR_40x_TCR] >> 26) & 0x1) ||
1176        (is_excp && !((env->spr[SPR_40x_TCR] >> 22) & 0x1))) {
1177        /* Stop PIT */
1178        trace_ppc4xx_pit_stop();
1179        timer_del(tb_env->decr_timer);
1180    } else {
1181        trace_ppc4xx_pit_start(ppc40x_timer->pit_reload);
1182        now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
1183        next = now + muldiv64(ppc40x_timer->pit_reload,
1184                              NANOSECONDS_PER_SECOND, tb_env->decr_freq);
1185        if (is_excp)
1186            next += tb_env->decr_next - now;
1187        if (next == now)
1188            next++;
1189        timer_mod(tb_env->decr_timer, next);
1190        tb_env->decr_next = next;
1191    }
1192}
1193
1194static void cpu_4xx_pit_cb (void *opaque)
1195{
1196    PowerPCCPU *cpu;
1197    CPUPPCState *env;
1198    ppc_tb_t *tb_env;
1199    ppc40x_timer_t *ppc40x_timer;
1200
1201    env = opaque;
1202    cpu = env_archcpu(env);
1203    tb_env = env->tb_env;
1204    ppc40x_timer = tb_env->opaque;
1205    env->spr[SPR_40x_TSR] |= 1 << 27;
1206    if ((env->spr[SPR_40x_TCR] >> 26) & 0x1) {
1207        ppc_set_irq(cpu, ppc40x_timer->decr_excp, 1);
1208    }
1209    start_stop_pit(env, tb_env, 1);
1210    trace_ppc4xx_pit((int)((env->spr[SPR_40x_TCR] >> 22) & 0x1),
1211           (int)((env->spr[SPR_40x_TCR] >> 26) & 0x1),
1212           env->spr[SPR_40x_TCR], env->spr[SPR_40x_TSR],
1213           ppc40x_timer->pit_reload);
1214}
1215
1216/* Watchdog timer */
1217static void cpu_4xx_wdt_cb (void *opaque)
1218{
1219    PowerPCCPU *cpu;
1220    CPUPPCState *env;
1221    ppc_tb_t *tb_env;
1222    ppc40x_timer_t *ppc40x_timer;
1223    uint64_t now, next;
1224
1225    env = opaque;
1226    cpu = env_archcpu(env);
1227    tb_env = env->tb_env;
1228    ppc40x_timer = tb_env->opaque;
1229    now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
1230    switch ((env->spr[SPR_40x_TCR] >> 30) & 0x3) {
1231    case 0:
1232        next = 1 << 17;
1233        break;
1234    case 1:
1235        next = 1 << 21;
1236        break;
1237    case 2:
1238        next = 1 << 25;
1239        break;
1240    case 3:
1241        next = 1 << 29;
1242        break;
1243    default:
1244        /* Cannot occur, but makes gcc happy */
1245        return;
1246    }
1247    next = now + muldiv64(next, NANOSECONDS_PER_SECOND, tb_env->decr_freq);
1248    if (next == now)
1249        next++;
1250    trace_ppc4xx_wdt(env->spr[SPR_40x_TCR], env->spr[SPR_40x_TSR]);
1251    switch ((env->spr[SPR_40x_TSR] >> 30) & 0x3) {
1252    case 0x0:
1253    case 0x1:
1254        timer_mod(ppc40x_timer->wdt_timer, next);
1255        ppc40x_timer->wdt_next = next;
1256        env->spr[SPR_40x_TSR] |= 1U << 31;
1257        break;
1258    case 0x2:
1259        timer_mod(ppc40x_timer->wdt_timer, next);
1260        ppc40x_timer->wdt_next = next;
1261        env->spr[SPR_40x_TSR] |= 1 << 30;
1262        if ((env->spr[SPR_40x_TCR] >> 27) & 0x1) {
1263            ppc_set_irq(cpu, PPC_INTERRUPT_WDT, 1);
1264        }
1265        break;
1266    case 0x3:
1267        env->spr[SPR_40x_TSR] &= ~0x30000000;
1268        env->spr[SPR_40x_TSR] |= env->spr[SPR_40x_TCR] & 0x30000000;
1269        switch ((env->spr[SPR_40x_TCR] >> 28) & 0x3) {
1270        case 0x0:
1271            /* No reset */
1272            break;
1273        case 0x1: /* Core reset */
1274            ppc40x_core_reset(cpu);
1275            break;
1276        case 0x2: /* Chip reset */
1277            ppc40x_chip_reset(cpu);
1278            break;
1279        case 0x3: /* System reset */
1280            ppc40x_system_reset(cpu);
1281            break;
1282        }
1283    }
1284}
1285
1286void store_40x_pit (CPUPPCState *env, target_ulong val)
1287{
1288    ppc_tb_t *tb_env;
1289    ppc40x_timer_t *ppc40x_timer;
1290
1291    tb_env = env->tb_env;
1292    ppc40x_timer = tb_env->opaque;
1293    trace_ppc40x_store_pit(val);
1294    ppc40x_timer->pit_reload = val;
1295    start_stop_pit(env, tb_env, 0);
1296}
1297
1298target_ulong load_40x_pit (CPUPPCState *env)
1299{
1300    return cpu_ppc_load_decr(env);
1301}
1302
1303static void ppc_40x_set_tb_clk (void *opaque, uint32_t freq)
1304{
1305    CPUPPCState *env = opaque;
1306    ppc_tb_t *tb_env = env->tb_env;
1307
1308    trace_ppc40x_set_tb_clk(freq);
1309    tb_env->tb_freq = freq;
1310    tb_env->decr_freq = freq;
1311    /* XXX: we should also update all timers */
1312}
1313
1314clk_setup_cb ppc_40x_timers_init (CPUPPCState *env, uint32_t freq,
1315                                  unsigned int decr_excp)
1316{
1317    ppc_tb_t *tb_env;
1318    ppc40x_timer_t *ppc40x_timer;
1319
1320    tb_env = g_malloc0(sizeof(ppc_tb_t));
1321    env->tb_env = tb_env;
1322    tb_env->flags = PPC_DECR_UNDERFLOW_TRIGGERED;
1323    ppc40x_timer = g_malloc0(sizeof(ppc40x_timer_t));
1324    tb_env->tb_freq = freq;
1325    tb_env->decr_freq = freq;
1326    tb_env->opaque = ppc40x_timer;
1327    trace_ppc40x_timers_init(freq);
1328    if (ppc40x_timer != NULL) {
1329        /* We use decr timer for PIT */
1330        tb_env->decr_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, &cpu_4xx_pit_cb, env);
1331        ppc40x_timer->fit_timer =
1332            timer_new_ns(QEMU_CLOCK_VIRTUAL, &cpu_4xx_fit_cb, env);
1333        ppc40x_timer->wdt_timer =
1334            timer_new_ns(QEMU_CLOCK_VIRTUAL, &cpu_4xx_wdt_cb, env);
1335        ppc40x_timer->decr_excp = decr_excp;
1336    }
1337
1338    return &ppc_40x_set_tb_clk;
1339}
1340
1341/*****************************************************************************/
1342/* Embedded PowerPC Device Control Registers */
1343typedef struct ppc_dcrn_t ppc_dcrn_t;
1344struct ppc_dcrn_t {
1345    dcr_read_cb dcr_read;
1346    dcr_write_cb dcr_write;
1347    void *opaque;
1348};
1349
1350/* XXX: on 460, DCR addresses are 32 bits wide,
1351 *      using DCRIPR to get the 22 upper bits of the DCR address
1352 */
1353#define DCRN_NB 1024
1354struct ppc_dcr_t {
1355    ppc_dcrn_t dcrn[DCRN_NB];
1356    int (*read_error)(int dcrn);
1357    int (*write_error)(int dcrn);
1358};
1359
1360int ppc_dcr_read (ppc_dcr_t *dcr_env, int dcrn, uint32_t *valp)
1361{
1362    ppc_dcrn_t *dcr;
1363
1364    if (dcrn < 0 || dcrn >= DCRN_NB)
1365        goto error;
1366    dcr = &dcr_env->dcrn[dcrn];
1367    if (dcr->dcr_read == NULL)
1368        goto error;
1369    *valp = (*dcr->dcr_read)(dcr->opaque, dcrn);
1370
1371    return 0;
1372
1373 error:
1374    if (dcr_env->read_error != NULL)
1375        return (*dcr_env->read_error)(dcrn);
1376
1377    return -1;
1378}
1379
1380int ppc_dcr_write (ppc_dcr_t *dcr_env, int dcrn, uint32_t val)
1381{
1382    ppc_dcrn_t *dcr;
1383
1384    if (dcrn < 0 || dcrn >= DCRN_NB)
1385        goto error;
1386    dcr = &dcr_env->dcrn[dcrn];
1387    if (dcr->dcr_write == NULL)
1388        goto error;
1389    (*dcr->dcr_write)(dcr->opaque, dcrn, val);
1390
1391    return 0;
1392
1393 error:
1394    if (dcr_env->write_error != NULL)
1395        return (*dcr_env->write_error)(dcrn);
1396
1397    return -1;
1398}
1399
1400int ppc_dcr_register (CPUPPCState *env, int dcrn, void *opaque,
1401                      dcr_read_cb dcr_read, dcr_write_cb dcr_write)
1402{
1403    ppc_dcr_t *dcr_env;
1404    ppc_dcrn_t *dcr;
1405
1406    dcr_env = env->dcr_env;
1407    if (dcr_env == NULL)
1408        return -1;
1409    if (dcrn < 0 || dcrn >= DCRN_NB)
1410        return -1;
1411    dcr = &dcr_env->dcrn[dcrn];
1412    if (dcr->opaque != NULL ||
1413        dcr->dcr_read != NULL ||
1414        dcr->dcr_write != NULL)
1415        return -1;
1416    dcr->opaque = opaque;
1417    dcr->dcr_read = dcr_read;
1418    dcr->dcr_write = dcr_write;
1419
1420    return 0;
1421}
1422
1423int ppc_dcr_init (CPUPPCState *env, int (*read_error)(int dcrn),
1424                  int (*write_error)(int dcrn))
1425{
1426    ppc_dcr_t *dcr_env;
1427
1428    dcr_env = g_malloc0(sizeof(ppc_dcr_t));
1429    dcr_env->read_error = read_error;
1430    dcr_env->write_error = write_error;
1431    env->dcr_env = dcr_env;
1432
1433    return 0;
1434}
1435
1436/*****************************************************************************/
1437
1438int ppc_cpu_pir(PowerPCCPU *cpu)
1439{
1440    CPUPPCState *env = &cpu->env;
1441    return env->spr_cb[SPR_PIR].default_value;
1442}
1443
1444PowerPCCPU *ppc_get_vcpu_by_pir(int pir)
1445{
1446    CPUState *cs;
1447
1448    CPU_FOREACH(cs) {
1449        PowerPCCPU *cpu = POWERPC_CPU(cs);
1450
1451        if (ppc_cpu_pir(cpu) == pir) {
1452            return cpu;
1453        }
1454    }
1455
1456    return NULL;
1457}
1458
1459void ppc_irq_reset(PowerPCCPU *cpu)
1460{
1461    CPUPPCState *env = &cpu->env;
1462
1463    env->irq_input_state = 0;
1464    kvmppc_set_interrupt(cpu, PPC_INTERRUPT_EXT, 0);
1465}
1466