1 /*
2 * DEC 21272 (TSUNAMI/TYPHOON) chipset emulation.
3 *
4 * Written by Richard Henderson.
5 *
6 * This work is licensed under the GNU GPL license version 2 or later.
7 */
8
9 #include "qemu/osdep.h"
10 #include "qemu/module.h"
11 #include "qemu/units.h"
12 #include "exec/cpu-interrupt.h"
13 #include "qapi/error.h"
14 #include "hw/pci/pci_host.h"
15 #include "cpu.h"
16 #include "hw/irq.h"
17 #include "alpha_sys.h"
18
19
20 #define TYPE_TYPHOON_PCI_HOST_BRIDGE "typhoon-pcihost"
21 #define TYPE_TYPHOON_IOMMU_MEMORY_REGION "typhoon-iommu-memory-region"
22
23 typedef struct TyphoonCchip {
24 MemoryRegion region;
25 uint64_t misc;
26 uint64_t drir;
27 uint64_t dim[4];
28 uint32_t iic[4];
29 AlphaCPU *cpu[4];
30 } TyphoonCchip;
31
32 typedef struct TyphoonWindow {
33 uint64_t wba;
34 uint64_t wsm;
35 uint64_t tba;
36 } TyphoonWindow;
37
38 typedef struct TyphoonPchip {
39 MemoryRegion region;
40 MemoryRegion reg_iack;
41 MemoryRegion reg_mem;
42 MemoryRegion reg_io;
43 MemoryRegion reg_conf;
44
45 AddressSpace iommu_as;
46 IOMMUMemoryRegion iommu;
47
48 uint64_t ctl;
49 TyphoonWindow win[4];
50 } TyphoonPchip;
51
52 OBJECT_DECLARE_SIMPLE_TYPE(TyphoonState, TYPHOON_PCI_HOST_BRIDGE)
53
54 struct TyphoonState {
55 PCIHostState parent_obj;
56
57 TyphoonCchip cchip;
58 TyphoonPchip pchip;
59 MemoryRegion dchip_region;
60 };
61
62 /* Called when one of DRIR or DIM changes. */
cpu_irq_change(AlphaCPU * cpu,uint64_t req)63 static void cpu_irq_change(AlphaCPU *cpu, uint64_t req)
64 {
65 /* If there are any non-masked interrupts, tell the cpu. */
66 if (cpu != NULL) {
67 CPUState *cs = CPU(cpu);
68 if (req) {
69 cpu_interrupt(cs, CPU_INTERRUPT_HARD);
70 } else {
71 cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD);
72 }
73 }
74 }
75
cchip_read(void * opaque,hwaddr addr,uint64_t * data,unsigned size,MemTxAttrs attrs)76 static MemTxResult cchip_read(void *opaque, hwaddr addr,
77 uint64_t *data, unsigned size,
78 MemTxAttrs attrs)
79 {
80 CPUState *cpu = current_cpu;
81 TyphoonState *s = opaque;
82 uint64_t ret = 0;
83
84 switch (addr) {
85 case 0x0000:
86 /* CSC: Cchip System Configuration Register. */
87 /* All sorts of data here; probably the only thing relevant is
88 PIP<14> Pchip 1 Present = 0. */
89 break;
90
91 case 0x0040:
92 /* MTR: Memory Timing Register. */
93 /* All sorts of stuff related to real DRAM. */
94 break;
95
96 case 0x0080:
97 /* MISC: Miscellaneous Register. */
98 ret = s->cchip.misc | (cpu->cpu_index & 3);
99 break;
100
101 case 0x00c0:
102 /* MPD: Memory Presence Detect Register. */
103 break;
104
105 case 0x0100: /* AAR0 */
106 case 0x0140: /* AAR1 */
107 case 0x0180: /* AAR2 */
108 case 0x01c0: /* AAR3 */
109 /* AAR: Array Address Register. */
110 /* All sorts of information about DRAM. */
111 break;
112
113 case 0x0200:
114 /* DIM0: Device Interrupt Mask Register, CPU0. */
115 ret = s->cchip.dim[0];
116 break;
117 case 0x0240:
118 /* DIM1: Device Interrupt Mask Register, CPU1. */
119 ret = s->cchip.dim[1];
120 break;
121 case 0x0280:
122 /* DIR0: Device Interrupt Request Register, CPU0. */
123 ret = s->cchip.dim[0] & s->cchip.drir;
124 break;
125 case 0x02c0:
126 /* DIR1: Device Interrupt Request Register, CPU1. */
127 ret = s->cchip.dim[1] & s->cchip.drir;
128 break;
129 case 0x0300:
130 /* DRIR: Device Raw Interrupt Request Register. */
131 ret = s->cchip.drir;
132 break;
133
134 case 0x0340:
135 /* PRBEN: Probe Enable Register. */
136 break;
137
138 case 0x0380:
139 /* IIC0: Interval Ignore Count Register, CPU0. */
140 ret = s->cchip.iic[0];
141 break;
142 case 0x03c0:
143 /* IIC1: Interval Ignore Count Register, CPU1. */
144 ret = s->cchip.iic[1];
145 break;
146
147 case 0x0400: /* MPR0 */
148 case 0x0440: /* MPR1 */
149 case 0x0480: /* MPR2 */
150 case 0x04c0: /* MPR3 */
151 /* MPR: Memory Programming Register. */
152 break;
153
154 case 0x0580:
155 /* TTR: TIGbus Timing Register. */
156 /* All sorts of stuff related to interrupt delivery timings. */
157 break;
158 case 0x05c0:
159 /* TDR: TIGbug Device Timing Register. */
160 break;
161
162 case 0x0600:
163 /* DIM2: Device Interrupt Mask Register, CPU2. */
164 ret = s->cchip.dim[2];
165 break;
166 case 0x0640:
167 /* DIM3: Device Interrupt Mask Register, CPU3. */
168 ret = s->cchip.dim[3];
169 break;
170 case 0x0680:
171 /* DIR2: Device Interrupt Request Register, CPU2. */
172 ret = s->cchip.dim[2] & s->cchip.drir;
173 break;
174 case 0x06c0:
175 /* DIR3: Device Interrupt Request Register, CPU3. */
176 ret = s->cchip.dim[3] & s->cchip.drir;
177 break;
178
179 case 0x0700:
180 /* IIC2: Interval Ignore Count Register, CPU2. */
181 ret = s->cchip.iic[2];
182 break;
183 case 0x0740:
184 /* IIC3: Interval Ignore Count Register, CPU3. */
185 ret = s->cchip.iic[3];
186 break;
187
188 case 0x0780:
189 /* PWR: Power Management Control. */
190 break;
191
192 case 0x0c00: /* CMONCTLA */
193 case 0x0c40: /* CMONCTLB */
194 case 0x0c80: /* CMONCNT01 */
195 case 0x0cc0: /* CMONCNT23 */
196 break;
197
198 default:
199 return MEMTX_ERROR;
200 }
201
202 *data = ret;
203 return MEMTX_OK;
204 }
205
dchip_read(void * opaque,hwaddr addr,unsigned size)206 static uint64_t dchip_read(void *opaque, hwaddr addr, unsigned size)
207 {
208 /* Skip this. It's all related to DRAM timing and setup. */
209 return 0;
210 }
211
pchip_read(void * opaque,hwaddr addr,uint64_t * data,unsigned size,MemTxAttrs attrs)212 static MemTxResult pchip_read(void *opaque, hwaddr addr, uint64_t *data,
213 unsigned size, MemTxAttrs attrs)
214 {
215 TyphoonState *s = opaque;
216 uint64_t ret = 0;
217
218 switch (addr) {
219 case 0x0000:
220 /* WSBA0: Window Space Base Address Register. */
221 ret = s->pchip.win[0].wba;
222 break;
223 case 0x0040:
224 /* WSBA1 */
225 ret = s->pchip.win[1].wba;
226 break;
227 case 0x0080:
228 /* WSBA2 */
229 ret = s->pchip.win[2].wba;
230 break;
231 case 0x00c0:
232 /* WSBA3 */
233 ret = s->pchip.win[3].wba;
234 break;
235
236 case 0x0100:
237 /* WSM0: Window Space Mask Register. */
238 ret = s->pchip.win[0].wsm;
239 break;
240 case 0x0140:
241 /* WSM1 */
242 ret = s->pchip.win[1].wsm;
243 break;
244 case 0x0180:
245 /* WSM2 */
246 ret = s->pchip.win[2].wsm;
247 break;
248 case 0x01c0:
249 /* WSM3 */
250 ret = s->pchip.win[3].wsm;
251 break;
252
253 case 0x0200:
254 /* TBA0: Translated Base Address Register. */
255 ret = s->pchip.win[0].tba;
256 break;
257 case 0x0240:
258 /* TBA1 */
259 ret = s->pchip.win[1].tba;
260 break;
261 case 0x0280:
262 /* TBA2 */
263 ret = s->pchip.win[2].tba;
264 break;
265 case 0x02c0:
266 /* TBA3 */
267 ret = s->pchip.win[3].tba;
268 break;
269
270 case 0x0300:
271 /* PCTL: Pchip Control Register. */
272 ret = s->pchip.ctl;
273 break;
274 case 0x0340:
275 /* PLAT: Pchip Master Latency Register. */
276 break;
277 case 0x03c0:
278 /* PERROR: Pchip Error Register. */
279 break;
280 case 0x0400:
281 /* PERRMASK: Pchip Error Mask Register. */
282 break;
283 case 0x0440:
284 /* PERRSET: Pchip Error Set Register. */
285 break;
286 case 0x0480:
287 /* TLBIV: Translation Buffer Invalidate Virtual Register (WO). */
288 break;
289 case 0x04c0:
290 /* TLBIA: Translation Buffer Invalidate All Register (WO). */
291 break;
292 case 0x0500: /* PMONCTL */
293 case 0x0540: /* PMONCNT */
294 case 0x0800: /* SPRST */
295 break;
296
297 default:
298 return MEMTX_ERROR;
299 }
300
301 *data = ret;
302 return MEMTX_OK;
303 }
304
cchip_write(void * opaque,hwaddr addr,uint64_t val,unsigned size,MemTxAttrs attrs)305 static MemTxResult cchip_write(void *opaque, hwaddr addr,
306 uint64_t val, unsigned size,
307 MemTxAttrs attrs)
308 {
309 TyphoonState *s = opaque;
310 uint64_t oldval, newval;
311
312 switch (addr) {
313 case 0x0000:
314 /* CSC: Cchip System Configuration Register. */
315 /* All sorts of data here; nothing relevant RW. */
316 break;
317
318 case 0x0040:
319 /* MTR: Memory Timing Register. */
320 /* All sorts of stuff related to real DRAM. */
321 break;
322
323 case 0x0080:
324 /* MISC: Miscellaneous Register. */
325 newval = oldval = s->cchip.misc;
326 newval &= ~(val & 0x10000ff0); /* W1C fields */
327 if (val & 0x100000) {
328 newval &= ~0xff0000ull; /* ACL clears ABT and ABW */
329 } else {
330 newval |= val & 0x00f00000; /* ABT field is W1S */
331 if ((newval & 0xf0000) == 0) {
332 newval |= val & 0xf0000; /* ABW field is W1S iff zero */
333 }
334 }
335 newval |= (val & 0xf000) >> 4; /* IPREQ field sets IPINTR. */
336
337 newval &= ~0xf0000000000ull; /* WO and RW fields */
338 newval |= val & 0xf0000000000ull;
339 s->cchip.misc = newval;
340
341 /* Pass on changes to IPI and ITI state. */
342 if ((newval ^ oldval) & 0xff0) {
343 int i;
344 for (i = 0; i < 4; ++i) {
345 AlphaCPU *cpu = s->cchip.cpu[i];
346 if (cpu != NULL) {
347 CPUState *cs = CPU(cpu);
348 /* IPI can be either cleared or set by the write. */
349 if (newval & (1 << (i + 8))) {
350 cpu_interrupt(cs, CPU_INTERRUPT_SMP);
351 } else {
352 cpu_reset_interrupt(cs, CPU_INTERRUPT_SMP);
353 }
354
355 /* ITI can only be cleared by the write. */
356 if ((newval & (1 << (i + 4))) == 0) {
357 cpu_reset_interrupt(cs, CPU_INTERRUPT_TIMER);
358 }
359 }
360 }
361 }
362 break;
363
364 case 0x00c0:
365 /* MPD: Memory Presence Detect Register. */
366 break;
367
368 case 0x0100: /* AAR0 */
369 case 0x0140: /* AAR1 */
370 case 0x0180: /* AAR2 */
371 case 0x01c0: /* AAR3 */
372 /* AAR: Array Address Register. */
373 /* All sorts of information about DRAM. */
374 break;
375
376 case 0x0200: /* DIM0 */
377 /* DIM: Device Interrupt Mask Register, CPU0. */
378 s->cchip.dim[0] = val;
379 cpu_irq_change(s->cchip.cpu[0], val & s->cchip.drir);
380 break;
381 case 0x0240: /* DIM1 */
382 /* DIM: Device Interrupt Mask Register, CPU1. */
383 s->cchip.dim[1] = val;
384 cpu_irq_change(s->cchip.cpu[1], val & s->cchip.drir);
385 break;
386
387 case 0x0280: /* DIR0 (RO) */
388 case 0x02c0: /* DIR1 (RO) */
389 case 0x0300: /* DRIR (RO) */
390 break;
391
392 case 0x0340:
393 /* PRBEN: Probe Enable Register. */
394 break;
395
396 case 0x0380: /* IIC0 */
397 s->cchip.iic[0] = val & 0xffffff;
398 break;
399 case 0x03c0: /* IIC1 */
400 s->cchip.iic[1] = val & 0xffffff;
401 break;
402
403 case 0x0400: /* MPR0 */
404 case 0x0440: /* MPR1 */
405 case 0x0480: /* MPR2 */
406 case 0x04c0: /* MPR3 */
407 /* MPR: Memory Programming Register. */
408 break;
409
410 case 0x0580:
411 /* TTR: TIGbus Timing Register. */
412 /* All sorts of stuff related to interrupt delivery timings. */
413 break;
414 case 0x05c0:
415 /* TDR: TIGbug Device Timing Register. */
416 break;
417
418 case 0x0600:
419 /* DIM2: Device Interrupt Mask Register, CPU2. */
420 s->cchip.dim[2] = val;
421 cpu_irq_change(s->cchip.cpu[2], val & s->cchip.drir);
422 break;
423 case 0x0640:
424 /* DIM3: Device Interrupt Mask Register, CPU3. */
425 s->cchip.dim[3] = val;
426 cpu_irq_change(s->cchip.cpu[3], val & s->cchip.drir);
427 break;
428
429 case 0x0680: /* DIR2 (RO) */
430 case 0x06c0: /* DIR3 (RO) */
431 break;
432
433 case 0x0700: /* IIC2 */
434 s->cchip.iic[2] = val & 0xffffff;
435 break;
436 case 0x0740: /* IIC3 */
437 s->cchip.iic[3] = val & 0xffffff;
438 break;
439
440 case 0x0780:
441 /* PWR: Power Management Control. */
442 break;
443
444 case 0x0c00: /* CMONCTLA */
445 case 0x0c40: /* CMONCTLB */
446 case 0x0c80: /* CMONCNT01 */
447 case 0x0cc0: /* CMONCNT23 */
448 break;
449
450 default:
451 return MEMTX_ERROR;
452 }
453
454 return MEMTX_OK;
455 }
456
dchip_write(void * opaque,hwaddr addr,uint64_t val,unsigned size)457 static void dchip_write(void *opaque, hwaddr addr,
458 uint64_t val, unsigned size)
459 {
460 /* Skip this. It's all related to DRAM timing and setup. */
461 }
462
pchip_write(void * opaque,hwaddr addr,uint64_t val,unsigned size,MemTxAttrs attrs)463 static MemTxResult pchip_write(void *opaque, hwaddr addr,
464 uint64_t val, unsigned size,
465 MemTxAttrs attrs)
466 {
467 TyphoonState *s = opaque;
468 uint64_t oldval;
469
470 switch (addr) {
471 case 0x0000:
472 /* WSBA0: Window Space Base Address Register. */
473 s->pchip.win[0].wba = val & 0xfff00003u;
474 break;
475 case 0x0040:
476 /* WSBA1 */
477 s->pchip.win[1].wba = val & 0xfff00003u;
478 break;
479 case 0x0080:
480 /* WSBA2 */
481 s->pchip.win[2].wba = val & 0xfff00003u;
482 break;
483 case 0x00c0:
484 /* WSBA3 */
485 s->pchip.win[3].wba = (val & 0x80fff00001ull) | 2;
486 break;
487
488 case 0x0100:
489 /* WSM0: Window Space Mask Register. */
490 s->pchip.win[0].wsm = val & 0xfff00000u;
491 break;
492 case 0x0140:
493 /* WSM1 */
494 s->pchip.win[1].wsm = val & 0xfff00000u;
495 break;
496 case 0x0180:
497 /* WSM2 */
498 s->pchip.win[2].wsm = val & 0xfff00000u;
499 break;
500 case 0x01c0:
501 /* WSM3 */
502 s->pchip.win[3].wsm = val & 0xfff00000u;
503 break;
504
505 case 0x0200:
506 /* TBA0: Translated Base Address Register. */
507 s->pchip.win[0].tba = val & 0x7fffffc00ull;
508 break;
509 case 0x0240:
510 /* TBA1 */
511 s->pchip.win[1].tba = val & 0x7fffffc00ull;
512 break;
513 case 0x0280:
514 /* TBA2 */
515 s->pchip.win[2].tba = val & 0x7fffffc00ull;
516 break;
517 case 0x02c0:
518 /* TBA3 */
519 s->pchip.win[3].tba = val & 0x7fffffc00ull;
520 break;
521
522 case 0x0300:
523 /* PCTL: Pchip Control Register. */
524 oldval = s->pchip.ctl;
525 oldval &= ~0x00001cff0fc7ffull; /* RW fields */
526 oldval |= val & 0x00001cff0fc7ffull;
527 s->pchip.ctl = oldval;
528 break;
529
530 case 0x0340:
531 /* PLAT: Pchip Master Latency Register. */
532 break;
533 case 0x03c0:
534 /* PERROR: Pchip Error Register. */
535 break;
536 case 0x0400:
537 /* PERRMASK: Pchip Error Mask Register. */
538 break;
539 case 0x0440:
540 /* PERRSET: Pchip Error Set Register. */
541 break;
542
543 case 0x0480:
544 /* TLBIV: Translation Buffer Invalidate Virtual Register. */
545 break;
546
547 case 0x04c0:
548 /* TLBIA: Translation Buffer Invalidate All Register (WO). */
549 break;
550
551 case 0x0500:
552 /* PMONCTL */
553 case 0x0540:
554 /* PMONCNT */
555 case 0x0800:
556 /* SPRST */
557 break;
558
559 default:
560 return MEMTX_ERROR;
561 }
562
563 return MEMTX_OK;
564 }
565
566 static const MemoryRegionOps cchip_ops = {
567 .read_with_attrs = cchip_read,
568 .write_with_attrs = cchip_write,
569 .endianness = DEVICE_LITTLE_ENDIAN,
570 .valid = {
571 .min_access_size = 8,
572 .max_access_size = 8,
573 },
574 .impl = {
575 .min_access_size = 8,
576 .max_access_size = 8,
577 },
578 };
579
580 static const MemoryRegionOps dchip_ops = {
581 .read = dchip_read,
582 .write = dchip_write,
583 .endianness = DEVICE_LITTLE_ENDIAN,
584 .valid = {
585 .min_access_size = 8,
586 .max_access_size = 8,
587 },
588 .impl = {
589 .min_access_size = 8,
590 .max_access_size = 8,
591 },
592 };
593
594 static const MemoryRegionOps pchip_ops = {
595 .read_with_attrs = pchip_read,
596 .write_with_attrs = pchip_write,
597 .endianness = DEVICE_LITTLE_ENDIAN,
598 .valid = {
599 .min_access_size = 8,
600 .max_access_size = 8,
601 },
602 .impl = {
603 .min_access_size = 8,
604 .max_access_size = 8,
605 },
606 };
607
608 /* A subroutine of typhoon_translate_iommu that builds an IOMMUTLBEntry
609 using the given translated address and mask. */
make_iommu_tlbe(hwaddr taddr,hwaddr mask,IOMMUTLBEntry * ret)610 static bool make_iommu_tlbe(hwaddr taddr, hwaddr mask, IOMMUTLBEntry *ret)
611 {
612 *ret = (IOMMUTLBEntry) {
613 .target_as = &address_space_memory,
614 .translated_addr = taddr,
615 .addr_mask = mask,
616 .perm = IOMMU_RW,
617 };
618 return true;
619 }
620
621 /* A subroutine of typhoon_translate_iommu that handles scatter-gather
622 translation, given the address of the PTE. */
pte_translate(hwaddr pte_addr,IOMMUTLBEntry * ret)623 static bool pte_translate(hwaddr pte_addr, IOMMUTLBEntry *ret)
624 {
625 uint64_t pte = address_space_ldq(&address_space_memory, pte_addr,
626 MEMTXATTRS_UNSPECIFIED, NULL);
627
628 /* Check valid bit. */
629 if ((pte & 1) == 0) {
630 return false;
631 }
632
633 return make_iommu_tlbe((pte & 0x3ffffe) << 12, 0x1fff, ret);
634 }
635
636 /* A subroutine of typhoon_translate_iommu that handles one of the
637 four single-address-cycle translation windows. */
window_translate(TyphoonWindow * win,hwaddr addr,IOMMUTLBEntry * ret)638 static bool window_translate(TyphoonWindow *win, hwaddr addr,
639 IOMMUTLBEntry *ret)
640 {
641 uint32_t wba = win->wba;
642 uint64_t wsm = win->wsm;
643 uint64_t tba = win->tba;
644 uint64_t wsm_ext = wsm | 0xfffff;
645
646 /* Check for window disabled. */
647 if ((wba & 1) == 0) {
648 return false;
649 }
650
651 /* Check for window hit. */
652 if ((addr & ~wsm_ext) != (wba & 0xfff00000u)) {
653 return false;
654 }
655
656 if (wba & 2) {
657 /* Scatter-gather translation. */
658 hwaddr pte_addr;
659
660 /* See table 10-6, Generating PTE address for PCI DMA Address. */
661 pte_addr = tba & ~(wsm >> 10);
662 pte_addr |= (addr & (wsm | 0xfe000)) >> 10;
663 return pte_translate(pte_addr, ret);
664 } else {
665 /* Direct-mapped translation. */
666 return make_iommu_tlbe(tba & ~wsm_ext, wsm_ext, ret);
667 }
668 }
669
670 /* Handle PCI-to-system address translation. */
671 /* TODO: A translation failure here ought to set PCI error codes on the
672 Pchip and generate a machine check interrupt. */
typhoon_translate_iommu(IOMMUMemoryRegion * iommu,hwaddr addr,IOMMUAccessFlags flag,int iommu_idx)673 static IOMMUTLBEntry typhoon_translate_iommu(IOMMUMemoryRegion *iommu,
674 hwaddr addr,
675 IOMMUAccessFlags flag,
676 int iommu_idx)
677 {
678 TyphoonPchip *pchip = container_of(iommu, TyphoonPchip, iommu);
679 IOMMUTLBEntry ret;
680 int i;
681
682 if (addr <= 0xffffffffu) {
683 /* Single-address cycle. */
684
685 /* Check for the Window Hole, inhibiting matching. */
686 if ((pchip->ctl & 0x20)
687 && addr >= 0x80000
688 && addr <= 0xfffff) {
689 goto failure;
690 }
691
692 /* Check the first three windows. */
693 for (i = 0; i < 3; ++i) {
694 if (window_translate(&pchip->win[i], addr, &ret)) {
695 goto success;
696 }
697 }
698
699 /* Check the fourth window for DAC disable. */
700 if ((pchip->win[3].wba & 0x80000000000ull) == 0
701 && window_translate(&pchip->win[3], addr, &ret)) {
702 goto success;
703 }
704 } else {
705 /* Double-address cycle. */
706
707 if (addr >= 0x10000000000ull && addr < 0x20000000000ull) {
708 /* Check for the DMA monster window. */
709 if (pchip->ctl & 0x40) {
710 /* See 10.1.4.4; in particular <39:35> is ignored. */
711 make_iommu_tlbe(0, 0x007ffffffffull, &ret);
712 goto success;
713 }
714 }
715
716 if (addr >= 0x80000000000ull && addr <= 0xfffffffffffull) {
717 /* Check the fourth window for DAC enable and window enable. */
718 if ((pchip->win[3].wba & 0x80000000001ull) == 0x80000000001ull) {
719 uint64_t pte_addr;
720
721 pte_addr = pchip->win[3].tba & 0x7ffc00000ull;
722 pte_addr |= (addr & 0xffffe000u) >> 10;
723 if (pte_translate(pte_addr, &ret)) {
724 goto success;
725 }
726 }
727 }
728 }
729
730 failure:
731 ret = (IOMMUTLBEntry) { .perm = IOMMU_NONE };
732 success:
733 return ret;
734 }
735
typhoon_pci_dma_iommu(PCIBus * bus,void * opaque,int devfn)736 static AddressSpace *typhoon_pci_dma_iommu(PCIBus *bus, void *opaque, int devfn)
737 {
738 TyphoonState *s = opaque;
739 return &s->pchip.iommu_as;
740 }
741
742 static const PCIIOMMUOps typhoon_iommu_ops = {
743 .get_address_space = typhoon_pci_dma_iommu,
744 };
745
typhoon_set_irq(void * opaque,int irq,int level)746 static void typhoon_set_irq(void *opaque, int irq, int level)
747 {
748 TyphoonState *s = opaque;
749 uint64_t drir;
750 int i;
751
752 /* Set/Reset the bit in CCHIP.DRIR based on IRQ+LEVEL. */
753 drir = s->cchip.drir;
754 if (level) {
755 drir |= 1ull << irq;
756 } else {
757 drir &= ~(1ull << irq);
758 }
759 s->cchip.drir = drir;
760
761 for (i = 0; i < 4; ++i) {
762 cpu_irq_change(s->cchip.cpu[i], s->cchip.dim[i] & drir);
763 }
764 }
765
typhoon_set_isa_irq(void * opaque,int irq,int level)766 static void typhoon_set_isa_irq(void *opaque, int irq, int level)
767 {
768 typhoon_set_irq(opaque, 55, level);
769 }
770
typhoon_set_timer_irq(void * opaque,int irq,int level)771 static void typhoon_set_timer_irq(void *opaque, int irq, int level)
772 {
773 TyphoonState *s = opaque;
774 int i;
775
776 /* Thankfully, the mc146818rtc code doesn't track the IRQ state,
777 and so we don't have to worry about missing interrupts just
778 because we never actually ACK the interrupt. Just ignore any
779 case of the interrupt level going low. */
780 if (level == 0) {
781 return;
782 }
783
784 /* Deliver the interrupt to each CPU, considering each CPU's IIC. */
785 for (i = 0; i < 4; ++i) {
786 AlphaCPU *cpu = s->cchip.cpu[i];
787 if (cpu != NULL) {
788 uint32_t iic = s->cchip.iic[i];
789
790 /* ??? The verbage in Section 10.2.2.10 isn't 100% clear.
791 Bit 24 is the OverFlow bit, RO, and set when the count
792 decrements past 0. When is OF cleared? My guess is that
793 OF is actually cleared when the IIC is written, and that
794 the ICNT field always decrements. At least, that's an
795 interpretation that makes sense, and "allows the CPU to
796 determine exactly how mant interval timer ticks were
797 skipped". At least within the next 4M ticks... */
798
799 iic = ((iic - 1) & 0x1ffffff) | (iic & 0x1000000);
800 s->cchip.iic[i] = iic;
801
802 if (iic & 0x1000000) {
803 /* Set the ITI bit for this cpu. */
804 s->cchip.misc |= 1 << (i + 4);
805 /* And signal the interrupt. */
806 cpu_interrupt(CPU(cpu), CPU_INTERRUPT_TIMER);
807 }
808 }
809 }
810 }
811
typhoon_alarm_timer(void * opaque)812 static void typhoon_alarm_timer(void *opaque)
813 {
814 TyphoonState *s = (TyphoonState *)((uintptr_t)opaque & ~3);
815 int cpu = (uintptr_t)opaque & 3;
816
817 /* Set the ITI bit for this cpu. */
818 s->cchip.misc |= 1 << (cpu + 4);
819 cpu_interrupt(CPU(s->cchip.cpu[cpu]), CPU_INTERRUPT_TIMER);
820 }
821
typhoon_init(MemoryRegion * ram,qemu_irq * p_isa_irq,qemu_irq * p_rtc_irq,AlphaCPU * cpus[4],pci_map_irq_fn sys_map_irq,uint8_t devfn_min)822 PCIBus *typhoon_init(MemoryRegion *ram, qemu_irq *p_isa_irq,
823 qemu_irq *p_rtc_irq, AlphaCPU *cpus[4],
824 pci_map_irq_fn sys_map_irq, uint8_t devfn_min)
825 {
826 MemoryRegion *addr_space = get_system_memory();
827 DeviceState *dev;
828 TyphoonState *s;
829 PCIHostState *phb;
830 PCIBus *b;
831 int i;
832
833 dev = qdev_new(TYPE_TYPHOON_PCI_HOST_BRIDGE);
834
835 s = TYPHOON_PCI_HOST_BRIDGE(dev);
836 phb = PCI_HOST_BRIDGE(dev);
837
838 s->cchip.misc = 0x800000000ull; /* Revision: Typhoon. */
839 s->pchip.win[3].wba = 2; /* Window 3 SG always enabled. */
840
841 /* Remember the CPUs so that we can deliver interrupts to them. */
842 for (i = 0; i < 4; i++) {
843 AlphaCPU *cpu = cpus[i];
844 s->cchip.cpu[i] = cpu;
845 if (cpu != NULL) {
846 cpu->alarm_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL,
847 typhoon_alarm_timer,
848 (void *)((uintptr_t)s + i));
849 }
850 }
851
852 *p_isa_irq = qemu_allocate_irq(typhoon_set_isa_irq, s, 0);
853 *p_rtc_irq = qemu_allocate_irq(typhoon_set_timer_irq, s, 0);
854
855 /* Main memory region, 0x00.0000.0000. Real hardware supports 32GB,
856 but the address space hole reserved at this point is 8TB. */
857 memory_region_add_subregion(addr_space, 0, ram);
858
859 /* TIGbus, 0x801.0000.0000, 1GB. */
860 /* ??? The TIGbus is used for delivering interrupts, and access to
861 the flash ROM. I'm not sure that we need to implement it at all. */
862
863 /* Pchip0 CSRs, 0x801.8000.0000, 256MB. */
864 memory_region_init_io(&s->pchip.region, OBJECT(s), &pchip_ops, s, "pchip0",
865 256 * MiB);
866 memory_region_add_subregion(addr_space, 0x80180000000ULL,
867 &s->pchip.region);
868
869 /* Cchip CSRs, 0x801.A000.0000, 256MB. */
870 memory_region_init_io(&s->cchip.region, OBJECT(s), &cchip_ops, s, "cchip0",
871 256 * MiB);
872 memory_region_add_subregion(addr_space, 0x801a0000000ULL,
873 &s->cchip.region);
874
875 /* Dchip CSRs, 0x801.B000.0000, 256MB. */
876 memory_region_init_io(&s->dchip_region, OBJECT(s), &dchip_ops, s, "dchip0",
877 256 * MiB);
878 memory_region_add_subregion(addr_space, 0x801b0000000ULL,
879 &s->dchip_region);
880
881 /* Pchip0 PCI memory, 0x800.0000.0000, 4GB. */
882 memory_region_init(&s->pchip.reg_mem, OBJECT(s), "pci0-mem", 4 * GiB);
883 memory_region_add_subregion(addr_space, 0x80000000000ULL,
884 &s->pchip.reg_mem);
885
886 /* Pchip0 PCI I/O, 0x801.FC00.0000, 32MB. */
887 memory_region_init_io(&s->pchip.reg_io, OBJECT(s), &alpha_pci_ignore_ops,
888 NULL, "pci0-io", 32 * MiB);
889 memory_region_add_subregion(addr_space, 0x801fc000000ULL,
890 &s->pchip.reg_io);
891
892 b = pci_register_root_bus(dev, "pci",
893 typhoon_set_irq, sys_map_irq, s,
894 &s->pchip.reg_mem, &s->pchip.reg_io,
895 devfn_min, 64, TYPE_PCI_BUS);
896 phb->bus = b;
897 sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
898
899 /* Host memory as seen from the PCI side, via the IOMMU. */
900 memory_region_init_iommu(&s->pchip.iommu, sizeof(s->pchip.iommu),
901 TYPE_TYPHOON_IOMMU_MEMORY_REGION, OBJECT(s),
902 "iommu-typhoon", UINT64_MAX);
903 address_space_init(&s->pchip.iommu_as, MEMORY_REGION(&s->pchip.iommu),
904 "pchip0-pci");
905 pci_setup_iommu(b, &typhoon_iommu_ops, s);
906
907 /* Pchip0 PCI special/interrupt acknowledge, 0x801.F800.0000, 64MB. */
908 memory_region_init_io(&s->pchip.reg_iack, OBJECT(s), &alpha_pci_iack_ops,
909 b, "pci0-iack", 64 * MiB);
910 memory_region_add_subregion(addr_space, 0x801f8000000ULL,
911 &s->pchip.reg_iack);
912
913 /* Pchip0 PCI configuration, 0x801.FE00.0000, 16MB. */
914 memory_region_init_io(&s->pchip.reg_conf, OBJECT(s), &alpha_pci_conf1_ops,
915 b, "pci0-conf", 16 * MiB);
916 memory_region_add_subregion(addr_space, 0x801fe000000ULL,
917 &s->pchip.reg_conf);
918
919 /* For the record, these are the mappings for the second PCI bus.
920 We can get away with not implementing them because we indicate
921 via the Cchip.CSC<PIP> bit that Pchip1 is not present. */
922 /* Pchip1 PCI memory, 0x802.0000.0000, 4GB. */
923 /* Pchip1 CSRs, 0x802.8000.0000, 256MB. */
924 /* Pchip1 PCI special/interrupt acknowledge, 0x802.F800.0000, 64MB. */
925 /* Pchip1 PCI I/O, 0x802.FC00.0000, 32MB. */
926 /* Pchip1 PCI configuration, 0x802.FE00.0000, 16MB. */
927
928 return b;
929 }
930
931 static const TypeInfo typhoon_pcihost_info = {
932 .name = TYPE_TYPHOON_PCI_HOST_BRIDGE,
933 .parent = TYPE_PCI_HOST_BRIDGE,
934 .instance_size = sizeof(TyphoonState),
935 };
936
typhoon_iommu_memory_region_class_init(ObjectClass * klass,const void * data)937 static void typhoon_iommu_memory_region_class_init(ObjectClass *klass,
938 const void *data)
939 {
940 IOMMUMemoryRegionClass *imrc = IOMMU_MEMORY_REGION_CLASS(klass);
941
942 imrc->translate = typhoon_translate_iommu;
943 }
944
945 static const TypeInfo typhoon_iommu_memory_region_info = {
946 .parent = TYPE_IOMMU_MEMORY_REGION,
947 .name = TYPE_TYPHOON_IOMMU_MEMORY_REGION,
948 .class_init = typhoon_iommu_memory_region_class_init,
949 };
950
typhoon_register_types(void)951 static void typhoon_register_types(void)
952 {
953 type_register_static(&typhoon_pcihost_info);
954 type_register_static(&typhoon_iommu_memory_region_info);
955 }
956
957 type_init(typhoon_register_types)
958