diff mbox

[V3,3/4] Implement the FreeSCALE i.MX31 advanced vectored interrupt controller, at least to the extent it is used by Linux 3.0.x

Message ID 20111130034234.724291144@nicta.com.au
State New
Headers show

Commit Message

Peter Chubb Nov. 30, 2011, 3:36 a.m. UTC 
Signed-off-by: Hans Jang <hsjang@ok-labs.com>
Signed-off-by: Adam Clench <adamc@ok-labs.com>
Signed-off-by: Peter Chubb <peter.chubb@nicta.com.au>
---
 Makefile.target |    2 
 hw/imx_avic.c   |  378 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 379 insertions(+), 1 deletion(-)
 create mode 100644 hw/imx_avic.c

Comments

Peter Maydell Dec. 1, 2011, 5:26 p.m. UTC | #1 
On 30 November 2011 03:36, Peter Chubb <peter.chubb@nicta.com.au> wrote:
> Signed-off-by: Hans Jang <hsjang@ok-labs.com>
> Signed-off-by: Adam Clench <adamc@ok-labs.com>
> Signed-off-by: Peter Chubb <peter.chubb@nicta.com.au>
> ---
>  Makefile.target |    2
>  hw/imx_avic.c   |  378 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 379 insertions(+), 1 deletion(-)
>  create mode 100644 hw/imx_avic.c
>
> Index: qemu-working/hw/imx_avic.c
> ===================================================================
> --- /dev/null   1970-01-01 00:00:00.000000000 +0000
> +++ qemu-working/hw/imx_avic.c  2011-11-30 13:38:27.070791665 +1100
> @@ -0,0 +1,378 @@
> +/*
> + * IMX31 Vectored Interrupt Controller
> + *
> + * Note this is NOT the PL192 provided by ARM, but
> + * a custom implementation by FreeScale.
> + *
> + * Copyright (c) 2008 OKL
> + * Copyright (c) 2011 NICTA Pty Ltd
> + * Originally Written by Hans Jiang
> + *
> + * This code is licenced under the GPL version 2 or later.  See
> + * the COPYING file in the top-level directory.
> + *
> + * TODO: implement vectors and priorities.

Vectors are harder (they require support from the target-arm
core implementation which isn't there) but I think you should
implement priorities. That should be purely internal to this
device, and it would be good not to have yet another interrupt
controller in the tree which doesn't get interrupt priorities
right (the NVIC being our other).

Mostly looks ok otherwise though I haven't prodded it too closely.

> + */
> +
> +#include "hw.h"
> +#include "sysbus.h"
> +#include "host-utils.h"
> +
> +#define DEBUG_INT 1
> +#undef DEBUG_INT /* comment out for debugging */
> +
> +#ifdef DEBUG_INT
> +#define DPRINTF(fmt, args...) \
> +do { printf("imx_avic: " fmt , ##args); } while (0)
> +#else
> +#define DPRINTF(fmt, args...) do {} while (0)
> +#endif
> +
> +/*
> + * Define to 1 for messages about attempts to
> + * access unimplemented registers or similar.
> + */
> +#define DEBUG_IMPLEMENTATION 1
> +#if DEBUG_IMPLEMENTATION
> +#  define IPRINTF(fmt, args...) \
> +    do  { fprintf(stderr, "imx_avic: " fmt, ##args); } while (0)
> +#else
> +#  define IPRINTF(fmt, args...) do {} while (0)
> +#endif
> +
> +#define IMX_INT_NUM_IRQS 64
> +
> +/* Interrupt Control Bits */
> +#define ABFLAG (1<<25)
> +#define ABFEN (1<<24)
> +#define NIDIS (1<<22) /* Normal Interrupt disable */
> +#define FIDIS (1<<21) /* Fast interrupt disable */
> +#define NIAD  (1<<20) /* Normal Interrupt Arbiter Rise ARM level */
> +#define FIAD  (1<<19) /* Fast Interrupt Arbiter Rise ARM level */
> +#define NM    (1<<18) /* Normal interrupt mode */
> +
> +
> +#define PRIO_PER_WORD (sizeof(uint32_t) * 8 / 4)
> +#define PRIO_WORDS (IMX_INT_NUM_IRQS/PRIO_PER_WORD)
> +
> +typedef struct {
> +    SysBusDevice busdev;
> +    MemoryRegion iomem;
> +    uint64_t pending;
> +    uint64_t enabled;
> +    uint64_t is_fiq;
> +    uint32_t intcntl;
> +    uint32_t intmask;
> +    qemu_irq irq;
> +    qemu_irq fiq;
> +    uint32_t prio[PRIO_WORDS]; /* Priorities are 4-bits each */
> +} imx_int_state;
> +
> +static const VMStateDescription vmstate_imx_avic = {
> +    .name = "imx-avic",
> +    .version_id = 1,
> +    .minimum_version_id = 1,
> +    .minimum_version_id_old = 1,
> +    .fields = (VMStateField[]) {
> +        VMSTATE_UINT64(pending, imx_int_state),
> +        VMSTATE_UINT64(enabled, imx_int_state),
> +        VMSTATE_UINT64(is_fiq, imx_int_state),
> +        VMSTATE_UINT32(intcntl, imx_int_state),
> +        VMSTATE_UINT32(intmask, imx_int_state),
> +        VMSTATE_UINT32_ARRAY(prio, imx_int_state, PRIO_WORDS),
> +        VMSTATE_END_OF_LIST()
> +    },
> +};
> +
> +
> +
> +static inline int imx_int_prio(imx_int_state *s, int irq)
> +{
> +    uint32_t word = irq / PRIO_PER_WORD;
> +    uint32_t part = 4 * (irq % PRIO_PER_WORD);
> +    return 0xf & (s->prio[word] >> part);
> +}
> +
> +static inline void imx_int_set_prio(imx_int_state *s, int irq, int prio)
> +{
> +    uint32_t word = irq / PRIO_PER_WORD;
> +    uint32_t part = 4 * (irq % PRIO_PER_WORD);
> +    uint32_t mask = ~(0xf << part);
> +    s->prio[word] &= mask;
> +    s->prio[word] |= prio << part;
> +}
> +
> +/* Update interrupts.  */
> +static void imx_int_update(imx_int_state *s)
> +{
> +    int i;
> +    uint64_t new = s->pending;
> +    uint64_t flags;
> +
> +    flags = new & s->enabled & s->is_fiq;
> +    qemu_set_irq(s->fiq, !!flags);
> +
> +    flags = new & s->enabled & ~s->is_fiq;
> +    if (!flags || (s->intmask == 0x1f)) {
> +        qemu_set_irq(s->irq, !!flags);
> +        return;
> +    }
> +
> +    /*
> +     * Take interrupt if prio lower than the value of intmask
> +     * (should really take highest priority interrupt here,
> +     * but that would involve processing interrupt sources
> +     * in priority order)
> +     */
> +    for (i = 0; i < IMX_INT_NUM_IRQS; i++) {
> +        if (flags & (1UL << i)) {
> +            if (imx_int_prio(s, i) > s->intmask) {
> +                qemu_set_irq(s->irq, 1);
> +                return;
> +            }
> +        }
> +    }
> +    qemu_set_irq(s->irq, 0);
> +}
> +
> +static void imx_int_set_irq(void *opaque, int irq, int level)
> +{
> +    imx_int_state *s = (imx_int_state *)opaque;
> +
> +    if (level) {
> +        s->pending |= (1ULL << irq);
> +    } else {
> +        s->pending &= ~(1ULL << irq);
> +    }
> +
> +    imx_int_update(s);
> +}
> +
> +
> +static uint64_t imx_int_read(void *opaque,
> +                             target_phys_addr_t offset, unsigned size)
> +{
> +    imx_int_state *s = (imx_int_state *)opaque;
> +
> +
> +    DPRINTF("read(offset = 0x%x)\n", offset >> 2);
> +    switch (offset >> 2) {
> +    case 0: /* INTCNTL */
> +        return s->intcntl;
> +
> +    case 1: /* Normal Interrupt Mask Register, NIMASK */
> +        return s->intmask;
> +
> +    case 2: /* Interrupt Enable Number Register, INTENNUM */
> +    case 3: /* Interrupt Disable Number Register, INTDISNUM */
> +        return 0;
> +
> +    case 4: /* Interrupt Enabled Number Register High */
> +        return s->enabled >> 32;
> +
> +    case 5: /* Interrupt Enabled Number Register Low */
> +        return s->enabled & 0xffffffffULL;
> +
> +    case 6: /* Interrupt Type Register High */
> +        return s->is_fiq >> 32;
> +
> +    case 7: /* Interrupt Type Register Low */
> +        return s->is_fiq & 0xffffffffULL;
> +
> +    case 8: /* Normal Interrupt Priority Register 7 */
> +    case 9: /* Normal Interrupt Priority Register 6 */
> +    case 10:/* Normal Interrupt Priority Register 5 */
> +    case 11:/* Normal Interrupt Priority Register 4 */
> +    case 12:/* Normal Interrupt Priority Register 3 */
> +    case 13:/* Normal Interrupt Priority Register 2 */
> +    case 14:/* Normal Interrupt Priority Register 1 */
> +    case 15:/* Normal Interrupt Priority Register 0 */
> +        return s->prio[15-(offset>>2)];
> +
> +    case 16: /* Normal interrupt vector and status register */
> +    {
> +        /*
> +         * Note: this is supposed to return highest priority
> +         * outstanding interrupt
> +         */
> +        uint64_t flags = s->pending & s->enabled & ~s->is_fiq;
> +        int i = ctz64(flags);
> +        if (i < 64) {
> +            imx_int_set_irq(opaque, i, 0);
> +            return i << 16 | imx_int_prio(s, i);
> +        }
> +        return 0xffffffffULL;
> +    }
> +    case 17:/* Fast Interrupt vector and status register */
> +    {
> +        uint64_t flags = s->pending & s->enabled & s->is_fiq;
> +        int i = ctz64(flags);
> +        if (i < 64) {
> +            imx_int_set_irq(opaque, i, 0);
> +            return i;
> +        }
> +        return 0xffffffffULL;
> +    }
> +    case 18:/* Interrupt source register high */
> +        return s->pending >> 32;
> +
> +    case 19:/* Interrupt source register low */
> +        return s->pending & 0xffffffffULL;
> +
> +    case 20:/* Interrupt Force Register high */
> +    case 21:/* Interrupt Force Register low */
> +        return 0;
> +
> +    case 22:/* Normal Interrupt Pending Register High */
> +        return (s->pending & s->enabled & ~s->is_fiq) >> 32;
> +
> +    case 23:/* Normal Interrupt Pending Register Low */
> +        return (s->pending & s->enabled & ~s->is_fiq) & 0xffffffffULL;
> +
> +    case 24: /* Fast Interrupt Pending Register High  */
> +        return (s->pending & s->enabled & s->is_fiq) >> 32;
> +
> +    case 25: /* Fast Interrupt Pending Register Low  */
> +        return (s->pending & s->enabled & s->is_fiq) & 0xffffffffULL;
> +
> +    case 0x40:            /* AVIC vector 0, use for WFI WAR */
> +        return 0x4;
> +
> +    default:
> +        IPRINTF("imx_int_read: Bad offset 0x%x\n", (int)offset);
> +        return 0;
> +    }
> +}
> +
> +static void imx_int_write(void *opaque, target_phys_addr_t offset,
> +                          uint64_t val, unsigned size)
> +{
> +    imx_int_state *s = (imx_int_state *)opaque;
> +
> +    /* Vector Registers not yet supported */
> +    if (offset >= 0x100 && offset <= 0x2fc) {
> +        DPRINTF("imx_int_write to vector register %d\n",
> +                (offset - 0x100) >> 2);
> +        return;
> +    }
> +
> +    DPRINTF("imx_int_write(0x%x) = %x\n",
> +            (unsigned int)offset>>2, (unsigned int)val);
> +    switch (offset >> 2) {
> +    case 0: /* Interrupt Control Register, INTCNTL */
> +        s->intcntl = val & (ABFLAG | ABFEN | NIDIS | FIDIS | NIAD | FIAD | NM);

ABFLAG is write-one-to-clear if ABFEN is set.

> +        break;
> +
> +    case 1: /* Normal Interrupt Mask Register, NIMASK */
> +        s->intmask = val & 0x1f;
> +        break;
> +
> +    case 2: /* Interrupt Enable Number Register, INTENNUM */
> +        DPRINTF("enable(%d)\n", (int)val);
> +        val &= 0x3f;
> +        s->enabled |= (1ULL << val);
> +        break;
> +
> +    case 3: /* Interrupt Disable Number Register, INTDISNUM */
> +        DPRINTF("disable(%d)\n", (int)val);
> +        val &= 0x3f;
> +        s->enabled &= ~(1ULL << val);
> +        break;
> +
> +    case 4: /* Interrupt Enable Number Register High */
> +        s->enabled = (s->enabled & 0xffffffffULL) | (val << 32);
> +        break;
> +
> +    case 5: /* Interrupt Enable Number Register Low */
> +        s->enabled = (s->enabled & 0xffffffff00000000ULL) | val;
> +        break;
> +
> +    case 6: /* Interrupt Type Register High */
> +        s->is_fiq = (s->is_fiq & 0xffffffffULL) | (val << 32);
> +        break;
> +
> +    case 7: /* Interrupt Type Register Low */
> +        s->is_fiq = (s->is_fiq & 0xffffffff00000000ULL) | val;
> +        break;
> +
> +    case 8: /* Normal Interrupt Priority Register 7 */
> +    case 9: /* Normal Interrupt Priority Register 6 */
> +    case 10:/* Normal Interrupt Priority Register 5 */
> +    case 11:/* Normal Interrupt Priority Register 4 */
> +    case 12:/* Normal Interrupt Priority Register 3 */
> +    case 13:/* Normal Interrupt Priority Register 2 */
> +    case 14:/* Normal Interrupt Priority Register 1 */
> +    case 15:/* Normal Interrupt Priority Register 0 */
> +        s->prio[15-(offset>>2)] = val;
> +        break;
> +
> +        /* Read-only registers, writes ignored */
> +    case 16:/* Normal Interrupt Vector and Status register */
> +    case 17:/* Fast Interrupt vector and status register */
> +    case 18:/* Interrupt source register high */
> +    case 19:/* Interrupt source register low */
> +        return;
> +
> +    case 20:/* Interrupt Force Register high */
> +        s->pending = (s->pending & 0xffffffffULL) | (val << 32);
> +        break;
> +
> +    case 21:/* Interrupt Force Register low */
> +        s->pending = (s->pending & 0xffffffff00000000ULL) | val;
> +        break;
> +
> +    case 22:/* Normal Interrupt Pending Register High */
> +    case 23:/* Normal Interrupt Pending Register Low */
> +    case 24: /* Fast Interrupt Pending Register High  */
> +    case 25: /* Fast Interrupt Pending Register Low  */
> +        return;
> +
> +    default:
> +        IPRINTF("imx_int_write: Bad offset %x\n", (int)offset);
> +    }
> +    imx_int_update(s);
> +}
> +
> +static const MemoryRegionOps imx_int_ops = {
> +    .read = imx_int_read,
> +    .write = imx_int_write,
> +    .endianness = DEVICE_NATIVE_ENDIAN,
> +};
> +
> +static void imx_int_reset(DeviceState *dev)
> +{
> +    imx_int_state *s = container_of(dev, imx_int_state, busdev.qdev);
> +    s->intmask = 0x1f;
> +    s->enabled = 0;

Shouldn't this be resetting more fields than this?

> +}
> +
> +static int imx_int_init(SysBusDevice *dev)
> +{
> +    imx_int_state *s = FROM_SYSBUS(imx_int_state, dev);;
> +
> +    memory_region_init_io(&s->iomem, &imx_int_ops, s, "imx_int", 0x1000);
> +    sysbus_init_mmio_region(dev, &s->iomem);
> +
> +    qdev_init_gpio_in(&dev->qdev, imx_int_set_irq, IMX_INT_NUM_IRQS);
> +    sysbus_init_irq(dev, &s->irq);
> +    sysbus_init_irq(dev, &s->fiq);
> +
> +    return 0;
> +}
> +
> +static SysBusDeviceInfo imx_int_info = {
> +    .qdev.name = "imx_int",
> +    .qdev.desc = "i.MX Advanced Vector Interrupt Controller",
> +    .qdev.size = sizeof (imx_int_state),
> +    .qdev.reset = imx_int_reset,
> +    .qdev.vmsd = &vmstate_imx_avic,
> +    .init = imx_int_init,
> +};
> +
> +static void imx_int_register_devices(void)
> +{
> +    sysbus_register_withprop(&imx_int_info);
> +}
> +
> +device_init(imx_int_register_devices)
> +
> Index: qemu-working/Makefile.target
> ===================================================================
> --- qemu-working.orig/Makefile.target   2011-11-30 13:38:26.170787074 +1100
> +++ qemu-working/Makefile.target        2011-11-30 13:38:27.070791665 +1100
> @@ -361,21 +361,21 @@ obj-arm-y += mst_fpga.o mainstone.o
>  obj-arm-y += z2.o
>  obj-arm-y += musicpal.o bitbang_i2c.o marvell_88w8618_audio.o
>  obj-arm-y += framebuffer.o
>  obj-arm-y += syborg.o syborg_fb.o syborg_interrupt.o syborg_keyboard.o
>  obj-arm-y += syborg_serial.o syborg_timer.o syborg_pointer.o syborg_rtc.o
>  obj-arm-y += syborg_virtio.o
>  obj-arm-y += vexpress.o
>  obj-arm-y += strongarm.o
>  obj-arm-y += collie.o
>  obj-arm-y += pl041.o lm4549.o
> -obj-arm-y += imx_serial.o imx_timer.o
> +obj-arm-y += imx_serial.o imx_timer.o imx_avic.o
>
>  obj-sh4-y = shix.o r2d.o sh7750.o sh7750_regnames.o tc58128.o
>  obj-sh4-y += sh_timer.o sh_serial.o sh_intc.o sh_pci.o sm501.o
>  obj-sh4-y += ide/mmio.o
>
>  obj-m68k-y = an5206.o mcf5206.o mcf_uart.o mcf_intc.o mcf5208.o mcf_fec.o
>  obj-m68k-y += m68k-semi.o dummy_m68k.o
>
>  obj-s390x-y = s390-virtio-bus.o s390-virtio.o
Peter Chubb Dec. 6, 2011, 1:05 a.m. UTC | #2 
>>>>> "Peter" == Peter Maydell <peter.maydell@linaro.org> writes:

Peter> On 30 November 2011 03:36, Peter Chubb
Peter> <peter.chubb@nicta.com.au> wrote:
>> Signed-off-by: Hans Jang <hsjang@ok-labs.com> Signed-off-by: Adam
>> Clench <adamc@ok-labs.com> Signed-off-by: Peter Chubb
>> <peter.chubb@nicta.com.au>
>> ---
>>  Makefile.target |    2  hw/imx_avic.c   |  378
>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++  2 files
>> changed, 379 insertions(+), 1 deletion(-)  create mode 100644
>> hw/imx_avic.c
>> 
>> Index: qemu-working/hw/imx_avic.c
>> ===================================================================
>> --- /dev/null   1970-01-01 00:00:00.000000000 +0000 +++
>> qemu-working/hw/imx_avic.c  2011-11-30 13:38:27.070791665 +1100 @@
>> -0,0 +1,378 @@ +/* + * IMX31 Vectored Interrupt Controller + * + *
>> Note this is NOT the PL192 provided by ARM, but + * a custom
>> implementation by FreeScale.  + * + * Copyright (c) 2008 OKL + *
>> Copyright (c) 2011 NICTA Pty Ltd + * Originally Written by Hans
>> Jiang + * + * This code is licenced under the GPL version 2 or
>> later.  See + * the COPYING file in the top-level directory.  + * +
>> * TODO: implement vectors and priorities.

Peter> Vectors are harder (they require support from the target-arm
Peter> core implementation which isn't there) but I think you should
Peter> implement priorities. That should be purely internal to this
Peter> device, and it would be good not to have yet another interrupt
Peter> controller in the tree which doesn't get interrupt priorities
Peter> right (the NVIC being our other).


OK, I've implemented them, but have no way to test them (because Linux
doesn't use them!)

Peter C
diff mbox

Patch

Index: qemu-working/hw/imx_avic.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ qemu-working/hw/imx_avic.c	2011-11-30 13:38:27.070791665 +1100
@@ -0,0 +1,378 @@ 
+/*
+ * IMX31 Vectored Interrupt Controller
+ *
+ * Note this is NOT the PL192 provided by ARM, but
+ * a custom implementation by FreeScale.
+ *
+ * Copyright (c) 2008 OKL
+ * Copyright (c) 2011 NICTA Pty Ltd
+ * Originally Written by Hans Jiang
+ *
+ * This code is licenced under the GPL version 2 or later.  See
+ * the COPYING file in the top-level directory.
+ *
+ * TODO: implement vectors and priorities.
+ */
+
+#include "hw.h"
+#include "sysbus.h"
+#include "host-utils.h"
+
+#define DEBUG_INT 1
+#undef DEBUG_INT /* comment out for debugging */
+
+#ifdef DEBUG_INT
+#define DPRINTF(fmt, args...) \
+do { printf("imx_avic: " fmt , ##args); } while (0)
+#else
+#define DPRINTF(fmt, args...) do {} while (0)
+#endif
+
+/*
+ * Define to 1 for messages about attempts to
+ * access unimplemented registers or similar.
+ */
+#define DEBUG_IMPLEMENTATION 1
+#if DEBUG_IMPLEMENTATION
+#  define IPRINTF(fmt, args...) \
+    do  { fprintf(stderr, "imx_avic: " fmt, ##args); } while (0)
+#else
+#  define IPRINTF(fmt, args...) do {} while (0)
+#endif
+
+#define IMX_INT_NUM_IRQS 64
+
+/* Interrupt Control Bits */
+#define ABFLAG (1<<25)
+#define ABFEN (1<<24)
+#define NIDIS (1<<22) /* Normal Interrupt disable */
+#define FIDIS (1<<21) /* Fast interrupt disable */
+#define NIAD  (1<<20) /* Normal Interrupt Arbiter Rise ARM level */
+#define FIAD  (1<<19) /* Fast Interrupt Arbiter Rise ARM level */
+#define NM    (1<<18) /* Normal interrupt mode */
+
+
+#define PRIO_PER_WORD (sizeof(uint32_t) * 8 / 4)
+#define PRIO_WORDS (IMX_INT_NUM_IRQS/PRIO_PER_WORD)
+
+typedef struct {
+    SysBusDevice busdev;
+    MemoryRegion iomem;
+    uint64_t pending;
+    uint64_t enabled;
+    uint64_t is_fiq;
+    uint32_t intcntl;
+    uint32_t intmask;
+    qemu_irq irq;
+    qemu_irq fiq;
+    uint32_t prio[PRIO_WORDS]; /* Priorities are 4-bits each */
+} imx_int_state;
+
+static const VMStateDescription vmstate_imx_avic = {
+    .name = "imx-avic",
+    .version_id = 1,
+    .minimum_version_id = 1,
+    .minimum_version_id_old = 1,
+    .fields = (VMStateField[]) {
+        VMSTATE_UINT64(pending, imx_int_state),
+        VMSTATE_UINT64(enabled, imx_int_state),
+        VMSTATE_UINT64(is_fiq, imx_int_state),
+        VMSTATE_UINT32(intcntl, imx_int_state),
+        VMSTATE_UINT32(intmask, imx_int_state),
+        VMSTATE_UINT32_ARRAY(prio, imx_int_state, PRIO_WORDS),
+        VMSTATE_END_OF_LIST()
+    },
+};
+
+
+
+static inline int imx_int_prio(imx_int_state *s, int irq)
+{
+    uint32_t word = irq / PRIO_PER_WORD;
+    uint32_t part = 4 * (irq % PRIO_PER_WORD);
+    return 0xf & (s->prio[word] >> part);
+}
+
+static inline void imx_int_set_prio(imx_int_state *s, int irq, int prio)
+{
+    uint32_t word = irq / PRIO_PER_WORD;
+    uint32_t part = 4 * (irq % PRIO_PER_WORD);
+    uint32_t mask = ~(0xf << part);
+    s->prio[word] &= mask;
+    s->prio[word] |= prio << part;
+}
+
+/* Update interrupts.  */
+static void imx_int_update(imx_int_state *s)
+{
+    int i;
+    uint64_t new = s->pending;
+    uint64_t flags;
+
+    flags = new & s->enabled & s->is_fiq;
+    qemu_set_irq(s->fiq, !!flags);
+
+    flags = new & s->enabled & ~s->is_fiq;
+    if (!flags || (s->intmask == 0x1f)) {
+        qemu_set_irq(s->irq, !!flags);
+        return;
+    }
+
+    /*
+     * Take interrupt if prio lower than the value of intmask
+     * (should really take highest priority interrupt here,
+     * but that would involve processing interrupt sources
+     * in priority order)
+     */
+    for (i = 0; i < IMX_INT_NUM_IRQS; i++) {
+        if (flags & (1UL << i)) {
+            if (imx_int_prio(s, i) > s->intmask) {
+                qemu_set_irq(s->irq, 1);
+                return;
+            }
+        }
+    }
+    qemu_set_irq(s->irq, 0);
+}
+
+static void imx_int_set_irq(void *opaque, int irq, int level)
+{
+    imx_int_state *s = (imx_int_state *)opaque;
+
+    if (level) {
+        s->pending |= (1ULL << irq);
+    } else {
+        s->pending &= ~(1ULL << irq);
+    }
+
+    imx_int_update(s);
+}
+
+
+static uint64_t imx_int_read(void *opaque,
+                             target_phys_addr_t offset, unsigned size)
+{
+    imx_int_state *s = (imx_int_state *)opaque;
+
+
+    DPRINTF("read(offset = 0x%x)\n", offset >> 2);
+    switch (offset >> 2) {
+    case 0: /* INTCNTL */
+        return s->intcntl;
+
+    case 1: /* Normal Interrupt Mask Register, NIMASK */
+        return s->intmask;
+
+    case 2: /* Interrupt Enable Number Register, INTENNUM */
+    case 3: /* Interrupt Disable Number Register, INTDISNUM */
+        return 0;
+
+    case 4: /* Interrupt Enabled Number Register High */
+        return s->enabled >> 32;
+
+    case 5: /* Interrupt Enabled Number Register Low */
+        return s->enabled & 0xffffffffULL;
+
+    case 6: /* Interrupt Type Register High */
+        return s->is_fiq >> 32;
+
+    case 7: /* Interrupt Type Register Low */
+        return s->is_fiq & 0xffffffffULL;
+
+    case 8: /* Normal Interrupt Priority Register 7 */
+    case 9: /* Normal Interrupt Priority Register 6 */
+    case 10:/* Normal Interrupt Priority Register 5 */
+    case 11:/* Normal Interrupt Priority Register 4 */
+    case 12:/* Normal Interrupt Priority Register 3 */
+    case 13:/* Normal Interrupt Priority Register 2 */
+    case 14:/* Normal Interrupt Priority Register 1 */
+    case 15:/* Normal Interrupt Priority Register 0 */
+        return s->prio[15-(offset>>2)];
+
+    case 16: /* Normal interrupt vector and status register */
+    {
+        /*
+         * Note: this is supposed to return highest priority
+         * outstanding interrupt
+         */
+        uint64_t flags = s->pending & s->enabled & ~s->is_fiq;
+        int i = ctz64(flags);
+        if (i < 64) {
+            imx_int_set_irq(opaque, i, 0);
+            return i << 16 | imx_int_prio(s, i);
+        }
+        return 0xffffffffULL;
+    }
+    case 17:/* Fast Interrupt vector and status register */
+    {
+        uint64_t flags = s->pending & s->enabled & s->is_fiq;
+        int i = ctz64(flags);
+        if (i < 64) {
+            imx_int_set_irq(opaque, i, 0);
+            return i;
+        }
+        return 0xffffffffULL;
+    }
+    case 18:/* Interrupt source register high */
+        return s->pending >> 32;
+
+    case 19:/* Interrupt source register low */
+        return s->pending & 0xffffffffULL;
+
+    case 20:/* Interrupt Force Register high */
+    case 21:/* Interrupt Force Register low */
+        return 0;
+
+    case 22:/* Normal Interrupt Pending Register High */
+        return (s->pending & s->enabled & ~s->is_fiq) >> 32;
+
+    case 23:/* Normal Interrupt Pending Register Low */
+        return (s->pending & s->enabled & ~s->is_fiq) & 0xffffffffULL;
+
+    case 24: /* Fast Interrupt Pending Register High  */
+        return (s->pending & s->enabled & s->is_fiq) >> 32;
+
+    case 25: /* Fast Interrupt Pending Register Low  */
+        return (s->pending & s->enabled & s->is_fiq) & 0xffffffffULL;
+
+    case 0x40:            /* AVIC vector 0, use for WFI WAR */
+        return 0x4;
+
+    default:
+        IPRINTF("imx_int_read: Bad offset 0x%x\n", (int)offset);
+        return 0;
+    }
+}
+
+static void imx_int_write(void *opaque, target_phys_addr_t offset,
+                          uint64_t val, unsigned size)
+{
+    imx_int_state *s = (imx_int_state *)opaque;
+
+    /* Vector Registers not yet supported */
+    if (offset >= 0x100 && offset <= 0x2fc) {
+        DPRINTF("imx_int_write to vector register %d\n",
+                (offset - 0x100) >> 2);
+        return;
+    }
+
+    DPRINTF("imx_int_write(0x%x) = %x\n",
+            (unsigned int)offset>>2, (unsigned int)val);
+    switch (offset >> 2) {
+    case 0: /* Interrupt Control Register, INTCNTL */
+        s->intcntl = val & (ABFLAG | ABFEN | NIDIS | FIDIS | NIAD | FIAD | NM);
+        break;
+
+    case 1: /* Normal Interrupt Mask Register, NIMASK */
+        s->intmask = val & 0x1f;
+        break;
+
+    case 2: /* Interrupt Enable Number Register, INTENNUM */
+        DPRINTF("enable(%d)\n", (int)val);
+        val &= 0x3f;
+        s->enabled |= (1ULL << val);
+        break;
+
+    case 3: /* Interrupt Disable Number Register, INTDISNUM */
+        DPRINTF("disable(%d)\n", (int)val);
+        val &= 0x3f;
+        s->enabled &= ~(1ULL << val);
+        break;
+
+    case 4: /* Interrupt Enable Number Register High */
+        s->enabled = (s->enabled & 0xffffffffULL) | (val << 32);
+        break;
+
+    case 5: /* Interrupt Enable Number Register Low */
+        s->enabled = (s->enabled & 0xffffffff00000000ULL) | val;
+        break;
+
+    case 6: /* Interrupt Type Register High */
+        s->is_fiq = (s->is_fiq & 0xffffffffULL) | (val << 32);
+        break;
+
+    case 7: /* Interrupt Type Register Low */
+        s->is_fiq = (s->is_fiq & 0xffffffff00000000ULL) | val;
+        break;
+
+    case 8: /* Normal Interrupt Priority Register 7 */
+    case 9: /* Normal Interrupt Priority Register 6 */
+    case 10:/* Normal Interrupt Priority Register 5 */
+    case 11:/* Normal Interrupt Priority Register 4 */
+    case 12:/* Normal Interrupt Priority Register 3 */
+    case 13:/* Normal Interrupt Priority Register 2 */
+    case 14:/* Normal Interrupt Priority Register 1 */
+    case 15:/* Normal Interrupt Priority Register 0 */
+        s->prio[15-(offset>>2)] = val;
+        break;
+
+        /* Read-only registers, writes ignored */
+    case 16:/* Normal Interrupt Vector and Status register */
+    case 17:/* Fast Interrupt vector and status register */
+    case 18:/* Interrupt source register high */
+    case 19:/* Interrupt source register low */
+        return;
+
+    case 20:/* Interrupt Force Register high */
+        s->pending = (s->pending & 0xffffffffULL) | (val << 32);
+        break;
+
+    case 21:/* Interrupt Force Register low */
+        s->pending = (s->pending & 0xffffffff00000000ULL) | val;
+        break;
+
+    case 22:/* Normal Interrupt Pending Register High */
+    case 23:/* Normal Interrupt Pending Register Low */
+    case 24: /* Fast Interrupt Pending Register High  */
+    case 25: /* Fast Interrupt Pending Register Low  */
+        return;
+
+    default:
+        IPRINTF("imx_int_write: Bad offset %x\n", (int)offset);
+    }
+    imx_int_update(s);
+}
+
+static const MemoryRegionOps imx_int_ops = {
+    .read = imx_int_read,
+    .write = imx_int_write,
+    .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void imx_int_reset(DeviceState *dev)
+{
+    imx_int_state *s = container_of(dev, imx_int_state, busdev.qdev);
+    s->intmask = 0x1f;
+    s->enabled = 0;
+}
+
+static int imx_int_init(SysBusDevice *dev)
+{
+    imx_int_state *s = FROM_SYSBUS(imx_int_state, dev);;
+
+    memory_region_init_io(&s->iomem, &imx_int_ops, s, "imx_int", 0x1000);
+    sysbus_init_mmio_region(dev, &s->iomem);
+
+    qdev_init_gpio_in(&dev->qdev, imx_int_set_irq, IMX_INT_NUM_IRQS);
+    sysbus_init_irq(dev, &s->irq);
+    sysbus_init_irq(dev, &s->fiq);
+
+    return 0;
+}
+
+static SysBusDeviceInfo imx_int_info = {
+    .qdev.name = "imx_int",
+    .qdev.desc = "i.MX Advanced Vector Interrupt Controller",
+    .qdev.size = sizeof (imx_int_state),
+    .qdev.reset = imx_int_reset,
+    .qdev.vmsd = &vmstate_imx_avic,
+    .init = imx_int_init,
+};
+
+static void imx_int_register_devices(void)
+{
+    sysbus_register_withprop(&imx_int_info);
+}
+
+device_init(imx_int_register_devices)
+
Index: qemu-working/Makefile.target
===================================================================
--- qemu-working.orig/Makefile.target	2011-11-30 13:38:26.170787074 +1100
+++ qemu-working/Makefile.target	2011-11-30 13:38:27.070791665 +1100
@@ -361,21 +361,21 @@  obj-arm-y += mst_fpga.o mainstone.o
 obj-arm-y += z2.o
 obj-arm-y += musicpal.o bitbang_i2c.o marvell_88w8618_audio.o
 obj-arm-y += framebuffer.o
 obj-arm-y += syborg.o syborg_fb.o syborg_interrupt.o syborg_keyboard.o
 obj-arm-y += syborg_serial.o syborg_timer.o syborg_pointer.o syborg_rtc.o
 obj-arm-y += syborg_virtio.o
 obj-arm-y += vexpress.o
 obj-arm-y += strongarm.o
 obj-arm-y += collie.o
 obj-arm-y += pl041.o lm4549.o
-obj-arm-y += imx_serial.o imx_timer.o
+obj-arm-y += imx_serial.o imx_timer.o imx_avic.o
 
 obj-sh4-y = shix.o r2d.o sh7750.o sh7750_regnames.o tc58128.o
 obj-sh4-y += sh_timer.o sh_serial.o sh_intc.o sh_pci.o sm501.o
 obj-sh4-y += ide/mmio.o
 
 obj-m68k-y = an5206.o mcf5206.o mcf_uart.o mcf_intc.o mcf5208.o mcf_fec.o
 obj-m68k-y += m68k-semi.o dummy_m68k.o
 
 obj-s390x-y = s390-virtio-bus.o s390-virtio.o