2 * QEMU generic PowerPC hardware System Emulator
4 * Copyright (c) 2003-2007 Jocelyn Mayer
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 #include "qemu/osdep.h"
25 #include "qemu-common.h"
28 #include "hw/ppc/ppc.h"
29 #include "hw/ppc/ppc_e500.h"
30 #include "qemu/timer.h"
31 #include "sysemu/sysemu.h"
32 #include "sysemu/cpus.h"
33 #include "hw/timer/m48t59.h"
35 #include "qemu/error-report.h"
36 #include "hw/loader.h"
37 #include "sysemu/kvm.h"
41 //#define PPC_DEBUG_IRQ
42 //#define PPC_DEBUG_TB
45 # define LOG_IRQ(...) qemu_log_mask(CPU_LOG_INT, ## __VA_ARGS__)
47 # define LOG_IRQ(...) do { } while (0)
52 # define LOG_TB(...) qemu_log(__VA_ARGS__)
54 # define LOG_TB(...) do { } while (0)
57 static void cpu_ppc_tb_stop (CPUPPCState *env);
58 static void cpu_ppc_tb_start (CPUPPCState *env);
60 void ppc_set_irq(PowerPCCPU *cpu, int n_IRQ, int level)
62 CPUState *cs = CPU(cpu);
63 CPUPPCState *env = &cpu->env;
64 unsigned int old_pending = env->pending_interrupts;
67 env->pending_interrupts |= 1 << n_IRQ;
68 cpu_interrupt(cs, CPU_INTERRUPT_HARD);
70 env->pending_interrupts &= ~(1 << n_IRQ);
71 if (env->pending_interrupts == 0) {
72 cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD);
76 if (old_pending != env->pending_interrupts) {
78 kvmppc_set_interrupt(cpu, n_IRQ, level);
82 LOG_IRQ("%s: %p n_IRQ %d level %d => pending %08" PRIx32
83 "req %08x\n", __func__, env, n_IRQ, level,
84 env->pending_interrupts, CPU(cpu)->interrupt_request);
87 /* PowerPC 6xx / 7xx internal IRQ controller */
88 static void ppc6xx_set_irq(void *opaque, int pin, int level)
90 PowerPCCPU *cpu = opaque;
91 CPUPPCState *env = &cpu->env;
94 LOG_IRQ("%s: env %p pin %d level %d\n", __func__,
96 cur_level = (env->irq_input_state >> pin) & 1;
97 /* Don't generate spurious events */
98 if ((cur_level == 1 && level == 0) || (cur_level == 0 && level != 0)) {
99 CPUState *cs = CPU(cpu);
102 case PPC6xx_INPUT_TBEN:
103 /* Level sensitive - active high */
104 LOG_IRQ("%s: %s the time base\n",
105 __func__, level ? "start" : "stop");
107 cpu_ppc_tb_start(env);
109 cpu_ppc_tb_stop(env);
111 case PPC6xx_INPUT_INT:
112 /* Level sensitive - active high */
113 LOG_IRQ("%s: set the external IRQ state to %d\n",
115 ppc_set_irq(cpu, PPC_INTERRUPT_EXT, level);
117 case PPC6xx_INPUT_SMI:
118 /* Level sensitive - active high */
119 LOG_IRQ("%s: set the SMI IRQ state to %d\n",
121 ppc_set_irq(cpu, PPC_INTERRUPT_SMI, level);
123 case PPC6xx_INPUT_MCP:
124 /* Negative edge sensitive */
125 /* XXX: TODO: actual reaction may depends on HID0 status
126 * 603/604/740/750: check HID0[EMCP]
128 if (cur_level == 1 && level == 0) {
129 LOG_IRQ("%s: raise machine check state\n",
131 ppc_set_irq(cpu, PPC_INTERRUPT_MCK, 1);
134 case PPC6xx_INPUT_CKSTP_IN:
135 /* Level sensitive - active low */
136 /* XXX: TODO: relay the signal to CKSTP_OUT pin */
137 /* XXX: Note that the only way to restart the CPU is to reset it */
139 LOG_IRQ("%s: stop the CPU\n", __func__);
143 case PPC6xx_INPUT_HRESET:
144 /* Level sensitive - active low */
146 LOG_IRQ("%s: reset the CPU\n", __func__);
147 cpu_interrupt(cs, CPU_INTERRUPT_RESET);
150 case PPC6xx_INPUT_SRESET:
151 LOG_IRQ("%s: set the RESET IRQ state to %d\n",
153 ppc_set_irq(cpu, PPC_INTERRUPT_RESET, level);
156 /* Unknown pin - do nothing */
157 LOG_IRQ("%s: unknown IRQ pin %d\n", __func__, pin);
161 env->irq_input_state |= 1 << pin;
163 env->irq_input_state &= ~(1 << pin);
167 void ppc6xx_irq_init(CPUPPCState *env)
169 PowerPCCPU *cpu = ppc_env_get_cpu(env);
171 env->irq_inputs = (void **)qemu_allocate_irqs(&ppc6xx_set_irq, cpu,
175 #if defined(TARGET_PPC64)
176 /* PowerPC 970 internal IRQ controller */
177 static void ppc970_set_irq(void *opaque, int pin, int level)
179 PowerPCCPU *cpu = opaque;
180 CPUPPCState *env = &cpu->env;
183 LOG_IRQ("%s: env %p pin %d level %d\n", __func__,
185 cur_level = (env->irq_input_state >> pin) & 1;
186 /* Don't generate spurious events */
187 if ((cur_level == 1 && level == 0) || (cur_level == 0 && level != 0)) {
188 CPUState *cs = CPU(cpu);
191 case PPC970_INPUT_INT:
192 /* Level sensitive - active high */
193 LOG_IRQ("%s: set the external IRQ state to %d\n",
195 ppc_set_irq(cpu, PPC_INTERRUPT_EXT, level);
197 case PPC970_INPUT_THINT:
198 /* Level sensitive - active high */
199 LOG_IRQ("%s: set the SMI IRQ state to %d\n", __func__,
201 ppc_set_irq(cpu, PPC_INTERRUPT_THERM, level);
203 case PPC970_INPUT_MCP:
204 /* Negative edge sensitive */
205 /* XXX: TODO: actual reaction may depends on HID0 status
206 * 603/604/740/750: check HID0[EMCP]
208 if (cur_level == 1 && level == 0) {
209 LOG_IRQ("%s: raise machine check state\n",
211 ppc_set_irq(cpu, PPC_INTERRUPT_MCK, 1);
214 case PPC970_INPUT_CKSTP:
215 /* Level sensitive - active low */
216 /* XXX: TODO: relay the signal to CKSTP_OUT pin */
218 LOG_IRQ("%s: stop the CPU\n", __func__);
221 LOG_IRQ("%s: restart the CPU\n", __func__);
226 case PPC970_INPUT_HRESET:
227 /* Level sensitive - active low */
229 cpu_interrupt(cs, CPU_INTERRUPT_RESET);
232 case PPC970_INPUT_SRESET:
233 LOG_IRQ("%s: set the RESET IRQ state to %d\n",
235 ppc_set_irq(cpu, PPC_INTERRUPT_RESET, level);
237 case PPC970_INPUT_TBEN:
238 LOG_IRQ("%s: set the TBEN state to %d\n", __func__,
243 /* Unknown pin - do nothing */
244 LOG_IRQ("%s: unknown IRQ pin %d\n", __func__, pin);
248 env->irq_input_state |= 1 << pin;
250 env->irq_input_state &= ~(1 << pin);
254 void ppc970_irq_init(CPUPPCState *env)
256 PowerPCCPU *cpu = ppc_env_get_cpu(env);
258 env->irq_inputs = (void **)qemu_allocate_irqs(&ppc970_set_irq, cpu,
262 /* POWER7 internal IRQ controller */
263 static void power7_set_irq(void *opaque, int pin, int level)
265 PowerPCCPU *cpu = opaque;
266 CPUPPCState *env = &cpu->env;
268 LOG_IRQ("%s: env %p pin %d level %d\n", __func__,
272 case POWER7_INPUT_INT:
273 /* Level sensitive - active high */
274 LOG_IRQ("%s: set the external IRQ state to %d\n",
276 ppc_set_irq(cpu, PPC_INTERRUPT_EXT, level);
279 /* Unknown pin - do nothing */
280 LOG_IRQ("%s: unknown IRQ pin %d\n", __func__, pin);
284 env->irq_input_state |= 1 << pin;
286 env->irq_input_state &= ~(1 << pin);
290 void ppcPOWER7_irq_init(CPUPPCState *env)
292 PowerPCCPU *cpu = ppc_env_get_cpu(env);
294 env->irq_inputs = (void **)qemu_allocate_irqs(&power7_set_irq, cpu,
297 #endif /* defined(TARGET_PPC64) */
299 /* PowerPC 40x internal IRQ controller */
300 static void ppc40x_set_irq(void *opaque, int pin, int level)
302 PowerPCCPU *cpu = opaque;
303 CPUPPCState *env = &cpu->env;
306 LOG_IRQ("%s: env %p pin %d level %d\n", __func__,
308 cur_level = (env->irq_input_state >> pin) & 1;
309 /* Don't generate spurious events */
310 if ((cur_level == 1 && level == 0) || (cur_level == 0 && level != 0)) {
311 CPUState *cs = CPU(cpu);
314 case PPC40x_INPUT_RESET_SYS:
316 LOG_IRQ("%s: reset the PowerPC system\n",
318 ppc40x_system_reset(cpu);
321 case PPC40x_INPUT_RESET_CHIP:
323 LOG_IRQ("%s: reset the PowerPC chip\n", __func__);
324 ppc40x_chip_reset(cpu);
327 case PPC40x_INPUT_RESET_CORE:
328 /* XXX: TODO: update DBSR[MRR] */
330 LOG_IRQ("%s: reset the PowerPC core\n", __func__);
331 ppc40x_core_reset(cpu);
334 case PPC40x_INPUT_CINT:
335 /* Level sensitive - active high */
336 LOG_IRQ("%s: set the critical IRQ state to %d\n",
338 ppc_set_irq(cpu, PPC_INTERRUPT_CEXT, level);
340 case PPC40x_INPUT_INT:
341 /* Level sensitive - active high */
342 LOG_IRQ("%s: set the external IRQ state to %d\n",
344 ppc_set_irq(cpu, PPC_INTERRUPT_EXT, level);
346 case PPC40x_INPUT_HALT:
347 /* Level sensitive - active low */
349 LOG_IRQ("%s: stop the CPU\n", __func__);
352 LOG_IRQ("%s: restart the CPU\n", __func__);
357 case PPC40x_INPUT_DEBUG:
358 /* Level sensitive - active high */
359 LOG_IRQ("%s: set the debug pin state to %d\n",
361 ppc_set_irq(cpu, PPC_INTERRUPT_DEBUG, level);
364 /* Unknown pin - do nothing */
365 LOG_IRQ("%s: unknown IRQ pin %d\n", __func__, pin);
369 env->irq_input_state |= 1 << pin;
371 env->irq_input_state &= ~(1 << pin);
375 void ppc40x_irq_init(CPUPPCState *env)
377 PowerPCCPU *cpu = ppc_env_get_cpu(env);
379 env->irq_inputs = (void **)qemu_allocate_irqs(&ppc40x_set_irq,
380 cpu, PPC40x_INPUT_NB);
383 /* PowerPC E500 internal IRQ controller */
384 static void ppce500_set_irq(void *opaque, int pin, int level)
386 PowerPCCPU *cpu = opaque;
387 CPUPPCState *env = &cpu->env;
390 LOG_IRQ("%s: env %p pin %d level %d\n", __func__,
392 cur_level = (env->irq_input_state >> pin) & 1;
393 /* Don't generate spurious events */
394 if ((cur_level == 1 && level == 0) || (cur_level == 0 && level != 0)) {
396 case PPCE500_INPUT_MCK:
398 LOG_IRQ("%s: reset the PowerPC system\n",
400 qemu_system_reset_request();
403 case PPCE500_INPUT_RESET_CORE:
405 LOG_IRQ("%s: reset the PowerPC core\n", __func__);
406 ppc_set_irq(cpu, PPC_INTERRUPT_MCK, level);
409 case PPCE500_INPUT_CINT:
410 /* Level sensitive - active high */
411 LOG_IRQ("%s: set the critical IRQ state to %d\n",
413 ppc_set_irq(cpu, PPC_INTERRUPT_CEXT, level);
415 case PPCE500_INPUT_INT:
416 /* Level sensitive - active high */
417 LOG_IRQ("%s: set the core IRQ state to %d\n",
419 ppc_set_irq(cpu, PPC_INTERRUPT_EXT, level);
421 case PPCE500_INPUT_DEBUG:
422 /* Level sensitive - active high */
423 LOG_IRQ("%s: set the debug pin state to %d\n",
425 ppc_set_irq(cpu, PPC_INTERRUPT_DEBUG, level);
428 /* Unknown pin - do nothing */
429 LOG_IRQ("%s: unknown IRQ pin %d\n", __func__, pin);
433 env->irq_input_state |= 1 << pin;
435 env->irq_input_state &= ~(1 << pin);
439 void ppce500_irq_init(CPUPPCState *env)
441 PowerPCCPU *cpu = ppc_env_get_cpu(env);
443 env->irq_inputs = (void **)qemu_allocate_irqs(&ppce500_set_irq,
444 cpu, PPCE500_INPUT_NB);
447 /* Enable or Disable the E500 EPR capability */
448 void ppce500_set_mpic_proxy(bool enabled)
453 PowerPCCPU *cpu = POWERPC_CPU(cs);
455 cpu->env.mpic_proxy = enabled;
457 kvmppc_set_mpic_proxy(cpu, enabled);
462 /*****************************************************************************/
463 /* PowerPC time base and decrementer emulation */
465 uint64_t cpu_ppc_get_tb(ppc_tb_t *tb_env, uint64_t vmclk, int64_t tb_offset)
467 /* TB time in tb periods */
468 return muldiv64(vmclk, tb_env->tb_freq, NANOSECONDS_PER_SECOND) + tb_offset;
471 uint64_t cpu_ppc_load_tbl (CPUPPCState *env)
473 ppc_tb_t *tb_env = env->tb_env;
477 return env->spr[SPR_TBL];
480 tb = cpu_ppc_get_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), tb_env->tb_offset);
481 LOG_TB("%s: tb %016" PRIx64 "\n", __func__, tb);
486 static inline uint32_t _cpu_ppc_load_tbu(CPUPPCState *env)
488 ppc_tb_t *tb_env = env->tb_env;
491 tb = cpu_ppc_get_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), tb_env->tb_offset);
492 LOG_TB("%s: tb %016" PRIx64 "\n", __func__, tb);
497 uint32_t cpu_ppc_load_tbu (CPUPPCState *env)
500 return env->spr[SPR_TBU];
503 return _cpu_ppc_load_tbu(env);
506 static inline void cpu_ppc_store_tb(ppc_tb_t *tb_env, uint64_t vmclk,
507 int64_t *tb_offsetp, uint64_t value)
509 *tb_offsetp = value -
510 muldiv64(vmclk, tb_env->tb_freq, NANOSECONDS_PER_SECOND);
512 LOG_TB("%s: tb %016" PRIx64 " offset %08" PRIx64 "\n",
513 __func__, value, *tb_offsetp);
516 void cpu_ppc_store_tbl (CPUPPCState *env, uint32_t value)
518 ppc_tb_t *tb_env = env->tb_env;
521 tb = cpu_ppc_get_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), tb_env->tb_offset);
522 tb &= 0xFFFFFFFF00000000ULL;
523 cpu_ppc_store_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL),
524 &tb_env->tb_offset, tb | (uint64_t)value);
527 static inline void _cpu_ppc_store_tbu(CPUPPCState *env, uint32_t value)
529 ppc_tb_t *tb_env = env->tb_env;
532 tb = cpu_ppc_get_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), tb_env->tb_offset);
533 tb &= 0x00000000FFFFFFFFULL;
534 cpu_ppc_store_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL),
535 &tb_env->tb_offset, ((uint64_t)value << 32) | tb);
538 void cpu_ppc_store_tbu (CPUPPCState *env, uint32_t value)
540 _cpu_ppc_store_tbu(env, value);
543 uint64_t cpu_ppc_load_atbl (CPUPPCState *env)
545 ppc_tb_t *tb_env = env->tb_env;
548 tb = cpu_ppc_get_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), tb_env->atb_offset);
549 LOG_TB("%s: tb %016" PRIx64 "\n", __func__, tb);
554 uint32_t cpu_ppc_load_atbu (CPUPPCState *env)
556 ppc_tb_t *tb_env = env->tb_env;
559 tb = cpu_ppc_get_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), tb_env->atb_offset);
560 LOG_TB("%s: tb %016" PRIx64 "\n", __func__, tb);
565 void cpu_ppc_store_atbl (CPUPPCState *env, uint32_t value)
567 ppc_tb_t *tb_env = env->tb_env;
570 tb = cpu_ppc_get_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), tb_env->atb_offset);
571 tb &= 0xFFFFFFFF00000000ULL;
572 cpu_ppc_store_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL),
573 &tb_env->atb_offset, tb | (uint64_t)value);
576 void cpu_ppc_store_atbu (CPUPPCState *env, uint32_t value)
578 ppc_tb_t *tb_env = env->tb_env;
581 tb = cpu_ppc_get_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), tb_env->atb_offset);
582 tb &= 0x00000000FFFFFFFFULL;
583 cpu_ppc_store_tb(tb_env, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL),
584 &tb_env->atb_offset, ((uint64_t)value << 32) | tb);
587 static void cpu_ppc_tb_stop (CPUPPCState *env)
589 ppc_tb_t *tb_env = env->tb_env;
590 uint64_t tb, atb, vmclk;
592 /* If the time base is already frozen, do nothing */
593 if (tb_env->tb_freq != 0) {
594 vmclk = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
595 /* Get the time base */
596 tb = cpu_ppc_get_tb(tb_env, vmclk, tb_env->tb_offset);
597 /* Get the alternate time base */
598 atb = cpu_ppc_get_tb(tb_env, vmclk, tb_env->atb_offset);
599 /* Store the time base value (ie compute the current offset) */
600 cpu_ppc_store_tb(tb_env, vmclk, &tb_env->tb_offset, tb);
601 /* Store the alternate time base value (compute the current offset) */
602 cpu_ppc_store_tb(tb_env, vmclk, &tb_env->atb_offset, atb);
603 /* Set the time base frequency to zero */
605 /* Now, the time bases are frozen to tb_offset / atb_offset value */
609 static void cpu_ppc_tb_start (CPUPPCState *env)
611 ppc_tb_t *tb_env = env->tb_env;
612 uint64_t tb, atb, vmclk;
614 /* If the time base is not frozen, do nothing */
615 if (tb_env->tb_freq == 0) {
616 vmclk = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
617 /* Get the time base from tb_offset */
618 tb = tb_env->tb_offset;
619 /* Get the alternate time base from atb_offset */
620 atb = tb_env->atb_offset;
621 /* Restore the tb frequency from the decrementer frequency */
622 tb_env->tb_freq = tb_env->decr_freq;
623 /* Store the time base value */
624 cpu_ppc_store_tb(tb_env, vmclk, &tb_env->tb_offset, tb);
625 /* Store the alternate time base value */
626 cpu_ppc_store_tb(tb_env, vmclk, &tb_env->atb_offset, atb);
630 bool ppc_decr_clear_on_delivery(CPUPPCState *env)
632 ppc_tb_t *tb_env = env->tb_env;
633 int flags = PPC_DECR_UNDERFLOW_TRIGGERED | PPC_DECR_UNDERFLOW_LEVEL;
634 return ((tb_env->flags & flags) == PPC_DECR_UNDERFLOW_TRIGGERED);
637 static inline uint32_t _cpu_ppc_load_decr(CPUPPCState *env, uint64_t next)
639 ppc_tb_t *tb_env = env->tb_env;
643 diff = next - qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
645 decr = muldiv64(diff, tb_env->decr_freq, NANOSECONDS_PER_SECOND);
646 } else if (tb_env->flags & PPC_TIMER_BOOKE) {
649 decr = -muldiv64(-diff, tb_env->decr_freq, NANOSECONDS_PER_SECOND);
651 LOG_TB("%s: %08" PRIx32 "\n", __func__, decr);
656 uint32_t cpu_ppc_load_decr (CPUPPCState *env)
658 ppc_tb_t *tb_env = env->tb_env;
661 return env->spr[SPR_DECR];
664 return _cpu_ppc_load_decr(env, tb_env->decr_next);
667 uint32_t cpu_ppc_load_hdecr (CPUPPCState *env)
669 ppc_tb_t *tb_env = env->tb_env;
671 return _cpu_ppc_load_decr(env, tb_env->hdecr_next);
674 uint64_t cpu_ppc_load_purr (CPUPPCState *env)
676 ppc_tb_t *tb_env = env->tb_env;
679 diff = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) - tb_env->purr_start;
681 return tb_env->purr_load +
682 muldiv64(diff, tb_env->tb_freq, NANOSECONDS_PER_SECOND);
685 /* When decrementer expires,
686 * all we need to do is generate or queue a CPU exception
688 static inline void cpu_ppc_decr_excp(PowerPCCPU *cpu)
691 LOG_TB("raise decrementer exception\n");
692 ppc_set_irq(cpu, PPC_INTERRUPT_DECR, 1);
695 static inline void cpu_ppc_decr_lower(PowerPCCPU *cpu)
697 ppc_set_irq(cpu, PPC_INTERRUPT_DECR, 0);
700 static inline void cpu_ppc_hdecr_excp(PowerPCCPU *cpu)
703 LOG_TB("raise decrementer exception\n");
704 ppc_set_irq(cpu, PPC_INTERRUPT_HDECR, 1);
707 static inline void cpu_ppc_hdecr_lower(PowerPCCPU *cpu)
709 ppc_set_irq(cpu, PPC_INTERRUPT_HDECR, 0);
712 static void __cpu_ppc_store_decr(PowerPCCPU *cpu, uint64_t *nextp,
714 void (*raise_excp)(void *),
715 void (*lower_excp)(PowerPCCPU *),
716 uint32_t decr, uint32_t value)
718 CPUPPCState *env = &cpu->env;
719 ppc_tb_t *tb_env = env->tb_env;
722 LOG_TB("%s: %08" PRIx32 " => %08" PRIx32 "\n", __func__,
726 /* KVM handles decrementer exceptions, we don't need our own timer */
731 * Going from 2 -> 1, 1 -> 0 or 0 -> -1 is the event to generate a DEC
734 * If we get a really small DEC value, we can assume that by the time we
735 * handled it we should inject an interrupt already.
737 * On MSB level based DEC implementations the MSB always means the interrupt
738 * is pending, so raise it on those.
740 * On MSB edge based DEC implementations the MSB going from 0 -> 1 triggers
741 * an edge interrupt, so raise it here too.
744 ((tb_env->flags & PPC_DECR_UNDERFLOW_LEVEL) && (value & 0x80000000)) ||
745 ((tb_env->flags & PPC_DECR_UNDERFLOW_TRIGGERED) && (value & 0x80000000)
746 && !(decr & 0x80000000))) {
751 /* On MSB level based systems a 0 for the MSB stops interrupt delivery */
752 if (!(value & 0x80000000) && (tb_env->flags & PPC_DECR_UNDERFLOW_LEVEL)) {
756 /* Calculate the next timer event */
757 now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
758 next = now + muldiv64(value, NANOSECONDS_PER_SECOND, tb_env->decr_freq);
762 timer_mod(timer, next);
765 static inline void _cpu_ppc_store_decr(PowerPCCPU *cpu, uint32_t decr,
768 ppc_tb_t *tb_env = cpu->env.tb_env;
770 __cpu_ppc_store_decr(cpu, &tb_env->decr_next, tb_env->decr_timer,
771 tb_env->decr_timer->cb, &cpu_ppc_decr_lower, decr,
775 void cpu_ppc_store_decr (CPUPPCState *env, uint32_t value)
777 PowerPCCPU *cpu = ppc_env_get_cpu(env);
779 _cpu_ppc_store_decr(cpu, cpu_ppc_load_decr(env), value);
782 static void cpu_ppc_decr_cb(void *opaque)
784 PowerPCCPU *cpu = opaque;
786 cpu_ppc_decr_excp(cpu);
789 static inline void _cpu_ppc_store_hdecr(PowerPCCPU *cpu, uint32_t hdecr,
792 ppc_tb_t *tb_env = cpu->env.tb_env;
794 if (tb_env->hdecr_timer != NULL) {
795 __cpu_ppc_store_decr(cpu, &tb_env->hdecr_next, tb_env->hdecr_timer,
796 tb_env->hdecr_timer->cb, &cpu_ppc_hdecr_lower,
801 void cpu_ppc_store_hdecr (CPUPPCState *env, uint32_t value)
803 PowerPCCPU *cpu = ppc_env_get_cpu(env);
805 _cpu_ppc_store_hdecr(cpu, cpu_ppc_load_hdecr(env), value);
808 static void cpu_ppc_hdecr_cb(void *opaque)
810 PowerPCCPU *cpu = opaque;
812 cpu_ppc_hdecr_excp(cpu);
815 static void cpu_ppc_store_purr(PowerPCCPU *cpu, uint64_t value)
817 ppc_tb_t *tb_env = cpu->env.tb_env;
819 tb_env->purr_load = value;
820 tb_env->purr_start = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
823 static void cpu_ppc_set_tb_clk (void *opaque, uint32_t freq)
825 CPUPPCState *env = opaque;
826 PowerPCCPU *cpu = ppc_env_get_cpu(env);
827 ppc_tb_t *tb_env = env->tb_env;
829 tb_env->tb_freq = freq;
830 tb_env->decr_freq = freq;
831 /* There is a bug in Linux 2.4 kernels:
832 * if a decrementer exception is pending when it enables msr_ee at startup,
833 * it's not ready to handle it...
835 _cpu_ppc_store_decr(cpu, 0xFFFFFFFF, 0xFFFFFFFF);
836 _cpu_ppc_store_hdecr(cpu, 0xFFFFFFFF, 0xFFFFFFFF);
837 cpu_ppc_store_purr(cpu, 0x0000000000000000ULL);
840 static void timebase_pre_save(void *opaque)
842 PPCTimebase *tb = opaque;
843 uint64_t ticks = cpu_get_host_ticks();
844 PowerPCCPU *first_ppc_cpu = POWERPC_CPU(first_cpu);
846 if (!first_ppc_cpu->env.tb_env) {
847 error_report("No timebase object");
851 tb->time_of_the_day_ns = qemu_clock_get_ns(QEMU_CLOCK_HOST);
853 * tb_offset is only expected to be changed by migration so
854 * there is no need to update it from KVM here
856 tb->guest_timebase = ticks + first_ppc_cpu->env.tb_env->tb_offset;
859 static int timebase_post_load(void *opaque, int version_id)
861 PPCTimebase *tb_remote = opaque;
863 PowerPCCPU *first_ppc_cpu = POWERPC_CPU(first_cpu);
864 int64_t tb_off_adj, tb_off, ns_diff;
865 int64_t migration_duration_ns, migration_duration_tb, guest_tb, host_ns;
868 if (!first_ppc_cpu->env.tb_env) {
869 error_report("No timebase object");
873 freq = first_ppc_cpu->env.tb_env->tb_freq;
875 * Calculate timebase on the destination side of migration.
876 * The destination timebase must be not less than the source timebase.
877 * We try to adjust timebase by downtime if host clocks are not
878 * too much out of sync (1 second for now).
880 host_ns = qemu_clock_get_ns(QEMU_CLOCK_HOST);
881 ns_diff = MAX(0, host_ns - tb_remote->time_of_the_day_ns);
882 migration_duration_ns = MIN(NANOSECONDS_PER_SECOND, ns_diff);
883 migration_duration_tb = muldiv64(migration_duration_ns, freq,
884 NANOSECONDS_PER_SECOND);
885 guest_tb = tb_remote->guest_timebase + MIN(0, migration_duration_tb);
887 tb_off_adj = guest_tb - cpu_get_host_ticks();
889 tb_off = first_ppc_cpu->env.tb_env->tb_offset;
890 trace_ppc_tb_adjust(tb_off, tb_off_adj, tb_off_adj - tb_off,
891 (tb_off_adj - tb_off) / freq);
893 /* Set new offset to all CPUs */
895 PowerPCCPU *pcpu = POWERPC_CPU(cpu);
896 pcpu->env.tb_env->tb_offset = tb_off_adj;
902 const VMStateDescription vmstate_ppc_timebase = {
905 .minimum_version_id = 1,
906 .minimum_version_id_old = 1,
907 .pre_save = timebase_pre_save,
908 .post_load = timebase_post_load,
909 .fields = (VMStateField []) {
910 VMSTATE_UINT64(guest_timebase, PPCTimebase),
911 VMSTATE_INT64(time_of_the_day_ns, PPCTimebase),
912 VMSTATE_END_OF_LIST()
916 /* Set up (once) timebase frequency (in Hz) */
917 clk_setup_cb cpu_ppc_tb_init (CPUPPCState *env, uint32_t freq)
919 PowerPCCPU *cpu = ppc_env_get_cpu(env);
922 tb_env = g_malloc0(sizeof(ppc_tb_t));
923 env->tb_env = tb_env;
924 tb_env->flags = PPC_DECR_UNDERFLOW_TRIGGERED;
925 if (env->insns_flags & PPC_SEGMENT_64B) {
926 /* All Book3S 64bit CPUs implement level based DEC logic */
927 tb_env->flags |= PPC_DECR_UNDERFLOW_LEVEL;
929 /* Create new timer */
930 tb_env->decr_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, &cpu_ppc_decr_cb, cpu);
932 /* XXX: find a suitable condition to enable the hypervisor decrementer
934 tb_env->hdecr_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, &cpu_ppc_hdecr_cb,
937 tb_env->hdecr_timer = NULL;
939 cpu_ppc_set_tb_clk(env, freq);
941 return &cpu_ppc_set_tb_clk;
944 /* Specific helpers for POWER & PowerPC 601 RTC */
946 static clk_setup_cb cpu_ppc601_rtc_init (CPUPPCState *env)
948 return cpu_ppc_tb_init(env, 7812500);
952 void cpu_ppc601_store_rtcu (CPUPPCState *env, uint32_t value)
954 _cpu_ppc_store_tbu(env, value);
957 uint32_t cpu_ppc601_load_rtcu (CPUPPCState *env)
959 return _cpu_ppc_load_tbu(env);
962 void cpu_ppc601_store_rtcl (CPUPPCState *env, uint32_t value)
964 cpu_ppc_store_tbl(env, value & 0x3FFFFF80);
967 uint32_t cpu_ppc601_load_rtcl (CPUPPCState *env)
969 return cpu_ppc_load_tbl(env) & 0x3FFFFF80;
972 /*****************************************************************************/
973 /* PowerPC 40x timers */
976 typedef struct ppc40x_timer_t ppc40x_timer_t;
977 struct ppc40x_timer_t {
978 uint64_t pit_reload; /* PIT auto-reload value */
979 uint64_t fit_next; /* Tick for next FIT interrupt */
980 QEMUTimer *fit_timer;
981 uint64_t wdt_next; /* Tick for next WDT interrupt */
982 QEMUTimer *wdt_timer;
984 /* 405 have the PIT, 440 have a DECR. */
985 unsigned int decr_excp;
988 /* Fixed interval timer */
989 static void cpu_4xx_fit_cb (void *opaque)
994 ppc40x_timer_t *ppc40x_timer;
998 cpu = ppc_env_get_cpu(env);
999 tb_env = env->tb_env;
1000 ppc40x_timer = tb_env->opaque;
1001 now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
1002 switch ((env->spr[SPR_40x_TCR] >> 24) & 0x3) {
1016 /* Cannot occur, but makes gcc happy */
1019 next = now + muldiv64(next, NANOSECONDS_PER_SECOND, tb_env->tb_freq);
1022 timer_mod(ppc40x_timer->fit_timer, next);
1023 env->spr[SPR_40x_TSR] |= 1 << 26;
1024 if ((env->spr[SPR_40x_TCR] >> 23) & 0x1) {
1025 ppc_set_irq(cpu, PPC_INTERRUPT_FIT, 1);
1027 LOG_TB("%s: ir %d TCR " TARGET_FMT_lx " TSR " TARGET_FMT_lx "\n", __func__,
1028 (int)((env->spr[SPR_40x_TCR] >> 23) & 0x1),
1029 env->spr[SPR_40x_TCR], env->spr[SPR_40x_TSR]);
1032 /* Programmable interval timer */
1033 static void start_stop_pit (CPUPPCState *env, ppc_tb_t *tb_env, int is_excp)
1035 ppc40x_timer_t *ppc40x_timer;
1038 ppc40x_timer = tb_env->opaque;
1039 if (ppc40x_timer->pit_reload <= 1 ||
1040 !((env->spr[SPR_40x_TCR] >> 26) & 0x1) ||
1041 (is_excp && !((env->spr[SPR_40x_TCR] >> 22) & 0x1))) {
1043 LOG_TB("%s: stop PIT\n", __func__);
1044 timer_del(tb_env->decr_timer);
1046 LOG_TB("%s: start PIT %016" PRIx64 "\n",
1047 __func__, ppc40x_timer->pit_reload);
1048 now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
1049 next = now + muldiv64(ppc40x_timer->pit_reload,
1050 NANOSECONDS_PER_SECOND, tb_env->decr_freq);
1052 next += tb_env->decr_next - now;
1055 timer_mod(tb_env->decr_timer, next);
1056 tb_env->decr_next = next;
1060 static void cpu_4xx_pit_cb (void *opaque)
1065 ppc40x_timer_t *ppc40x_timer;
1068 cpu = ppc_env_get_cpu(env);
1069 tb_env = env->tb_env;
1070 ppc40x_timer = tb_env->opaque;
1071 env->spr[SPR_40x_TSR] |= 1 << 27;
1072 if ((env->spr[SPR_40x_TCR] >> 26) & 0x1) {
1073 ppc_set_irq(cpu, ppc40x_timer->decr_excp, 1);
1075 start_stop_pit(env, tb_env, 1);
1076 LOG_TB("%s: ar %d ir %d TCR " TARGET_FMT_lx " TSR " TARGET_FMT_lx " "
1077 "%016" PRIx64 "\n", __func__,
1078 (int)((env->spr[SPR_40x_TCR] >> 22) & 0x1),
1079 (int)((env->spr[SPR_40x_TCR] >> 26) & 0x1),
1080 env->spr[SPR_40x_TCR], env->spr[SPR_40x_TSR],
1081 ppc40x_timer->pit_reload);
1084 /* Watchdog timer */
1085 static void cpu_4xx_wdt_cb (void *opaque)
1090 ppc40x_timer_t *ppc40x_timer;
1094 cpu = ppc_env_get_cpu(env);
1095 tb_env = env->tb_env;
1096 ppc40x_timer = tb_env->opaque;
1097 now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
1098 switch ((env->spr[SPR_40x_TCR] >> 30) & 0x3) {
1112 /* Cannot occur, but makes gcc happy */
1115 next = now + muldiv64(next, NANOSECONDS_PER_SECOND, tb_env->decr_freq);
1118 LOG_TB("%s: TCR " TARGET_FMT_lx " TSR " TARGET_FMT_lx "\n", __func__,
1119 env->spr[SPR_40x_TCR], env->spr[SPR_40x_TSR]);
1120 switch ((env->spr[SPR_40x_TSR] >> 30) & 0x3) {
1123 timer_mod(ppc40x_timer->wdt_timer, next);
1124 ppc40x_timer->wdt_next = next;
1125 env->spr[SPR_40x_TSR] |= 1U << 31;
1128 timer_mod(ppc40x_timer->wdt_timer, next);
1129 ppc40x_timer->wdt_next = next;
1130 env->spr[SPR_40x_TSR] |= 1 << 30;
1131 if ((env->spr[SPR_40x_TCR] >> 27) & 0x1) {
1132 ppc_set_irq(cpu, PPC_INTERRUPT_WDT, 1);
1136 env->spr[SPR_40x_TSR] &= ~0x30000000;
1137 env->spr[SPR_40x_TSR] |= env->spr[SPR_40x_TCR] & 0x30000000;
1138 switch ((env->spr[SPR_40x_TCR] >> 28) & 0x3) {
1142 case 0x1: /* Core reset */
1143 ppc40x_core_reset(cpu);
1145 case 0x2: /* Chip reset */
1146 ppc40x_chip_reset(cpu);
1148 case 0x3: /* System reset */
1149 ppc40x_system_reset(cpu);
1155 void store_40x_pit (CPUPPCState *env, target_ulong val)
1158 ppc40x_timer_t *ppc40x_timer;
1160 tb_env = env->tb_env;
1161 ppc40x_timer = tb_env->opaque;
1162 LOG_TB("%s val" TARGET_FMT_lx "\n", __func__, val);
1163 ppc40x_timer->pit_reload = val;
1164 start_stop_pit(env, tb_env, 0);
1167 target_ulong load_40x_pit (CPUPPCState *env)
1169 return cpu_ppc_load_decr(env);
1172 static void ppc_40x_set_tb_clk (void *opaque, uint32_t freq)
1174 CPUPPCState *env = opaque;
1175 ppc_tb_t *tb_env = env->tb_env;
1177 LOG_TB("%s set new frequency to %" PRIu32 "\n", __func__,
1179 tb_env->tb_freq = freq;
1180 tb_env->decr_freq = freq;
1181 /* XXX: we should also update all timers */
1184 clk_setup_cb ppc_40x_timers_init (CPUPPCState *env, uint32_t freq,
1185 unsigned int decr_excp)
1188 ppc40x_timer_t *ppc40x_timer;
1190 tb_env = g_malloc0(sizeof(ppc_tb_t));
1191 env->tb_env = tb_env;
1192 tb_env->flags = PPC_DECR_UNDERFLOW_TRIGGERED;
1193 ppc40x_timer = g_malloc0(sizeof(ppc40x_timer_t));
1194 tb_env->tb_freq = freq;
1195 tb_env->decr_freq = freq;
1196 tb_env->opaque = ppc40x_timer;
1197 LOG_TB("%s freq %" PRIu32 "\n", __func__, freq);
1198 if (ppc40x_timer != NULL) {
1199 /* We use decr timer for PIT */
1200 tb_env->decr_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, &cpu_4xx_pit_cb, env);
1201 ppc40x_timer->fit_timer =
1202 timer_new_ns(QEMU_CLOCK_VIRTUAL, &cpu_4xx_fit_cb, env);
1203 ppc40x_timer->wdt_timer =
1204 timer_new_ns(QEMU_CLOCK_VIRTUAL, &cpu_4xx_wdt_cb, env);
1205 ppc40x_timer->decr_excp = decr_excp;
1208 return &ppc_40x_set_tb_clk;
1211 /*****************************************************************************/
1212 /* Embedded PowerPC Device Control Registers */
1213 typedef struct ppc_dcrn_t ppc_dcrn_t;
1215 dcr_read_cb dcr_read;
1216 dcr_write_cb dcr_write;
1220 /* XXX: on 460, DCR addresses are 32 bits wide,
1221 * using DCRIPR to get the 22 upper bits of the DCR address
1223 #define DCRN_NB 1024
1225 ppc_dcrn_t dcrn[DCRN_NB];
1226 int (*read_error)(int dcrn);
1227 int (*write_error)(int dcrn);
1230 int ppc_dcr_read (ppc_dcr_t *dcr_env, int dcrn, uint32_t *valp)
1234 if (dcrn < 0 || dcrn >= DCRN_NB)
1236 dcr = &dcr_env->dcrn[dcrn];
1237 if (dcr->dcr_read == NULL)
1239 *valp = (*dcr->dcr_read)(dcr->opaque, dcrn);
1244 if (dcr_env->read_error != NULL)
1245 return (*dcr_env->read_error)(dcrn);
1250 int ppc_dcr_write (ppc_dcr_t *dcr_env, int dcrn, uint32_t val)
1254 if (dcrn < 0 || dcrn >= DCRN_NB)
1256 dcr = &dcr_env->dcrn[dcrn];
1257 if (dcr->dcr_write == NULL)
1259 (*dcr->dcr_write)(dcr->opaque, dcrn, val);
1264 if (dcr_env->write_error != NULL)
1265 return (*dcr_env->write_error)(dcrn);
1270 int ppc_dcr_register (CPUPPCState *env, int dcrn, void *opaque,
1271 dcr_read_cb dcr_read, dcr_write_cb dcr_write)
1276 dcr_env = env->dcr_env;
1277 if (dcr_env == NULL)
1279 if (dcrn < 0 || dcrn >= DCRN_NB)
1281 dcr = &dcr_env->dcrn[dcrn];
1282 if (dcr->opaque != NULL ||
1283 dcr->dcr_read != NULL ||
1284 dcr->dcr_write != NULL)
1286 dcr->opaque = opaque;
1287 dcr->dcr_read = dcr_read;
1288 dcr->dcr_write = dcr_write;
1293 int ppc_dcr_init (CPUPPCState *env, int (*read_error)(int dcrn),
1294 int (*write_error)(int dcrn))
1298 dcr_env = g_malloc0(sizeof(ppc_dcr_t));
1299 dcr_env->read_error = read_error;
1300 dcr_env->write_error = write_error;
1301 env->dcr_env = dcr_env;
1306 /*****************************************************************************/
1308 void PPC_debug_write (void *opaque, uint32_t addr, uint32_t val)
1320 printf("Set loglevel to %04" PRIx32 "\n", val);
1321 qemu_set_log(val | 0x100);
1326 /* CPU device-tree ID helpers */
1327 int ppc_get_vcpu_dt_id(PowerPCCPU *cpu)
1329 return cpu->cpu_dt_id;
1332 PowerPCCPU *ppc_get_vcpu_by_dt_id(int cpu_dt_id)
1337 PowerPCCPU *cpu = POWERPC_CPU(cs);
1339 if (cpu->cpu_dt_id == cpu_dt_id) {
Code Review / kvmfornfv.git / blob