[qemu.git] / hw / misc / edu.c

/*
 * QEMU educational PCI device
 *
 * Copyright (c) 2012-2015 Jiri Slaby
 *
 * Permission is hereby granted, free of charge, to any person obtaining a
 * copy of this software and associated documentation files (the "Software"),
 * to deal in the Software without restriction, including without limitation
 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
 * and/or sell copies of the Software, and to permit persons to whom the
 * Software is furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
 * DEALINGS IN THE SOFTWARE.
 */

#include "qemu/osdep.h"
#include "qemu/units.h"
#include "hw/pci/pci.h"
#include "hw/pci/msi.h"
#include "qemu/timer.h"
#include "qemu/main-loop.h" /* iothread mutex */
#include "qapi/visitor.h"

#define TYPE_PCI_EDU_DEVICE "edu"
#define EDU(obj)        OBJECT_CHECK(EduState, obj, TYPE_PCI_EDU_DEVICE)

#define FACT_IRQ        0x00000001
#define DMA_IRQ         0x00000100

#define DMA_START       0x40000
#define DMA_SIZE        4096

typedef struct {
    PCIDevice pdev;
    MemoryRegion mmio;

    QemuThread thread;
    QemuMutex thr_mutex;
    QemuCond thr_cond;
    bool stopping;

    uint32_t addr4;
    uint32_t fact;
#define EDU_STATUS_COMPUTING    0x01
#define EDU_STATUS_IRQFACT      0x80
    uint32_t status;

    uint32_t irq_status;

#define EDU_DMA_RUN             0x1
#define EDU_DMA_DIR(cmd)        (((cmd) & 0x2) >> 1)
# define EDU_DMA_FROM_PCI       0
# define EDU_DMA_TO_PCI         1
#define EDU_DMA_IRQ             0x4
    struct dma_state {
        dma_addr_t src;
        dma_addr_t dst;
        dma_addr_t cnt;
        dma_addr_t cmd;
    } dma;
    QEMUTimer dma_timer;
    char dma_buf[DMA_SIZE];
    uint64_t dma_mask;
} EduState;

static bool edu_msi_enabled(EduState *edu)
{
    return msi_enabled(&edu->pdev);
}

static void edu_raise_irq(EduState *edu, uint32_t val)
{
    edu->irq_status |= val;
    if (edu->irq_status) {
        if (edu_msi_enabled(edu)) {
            msi_notify(&edu->pdev, 0);
        } else {
            pci_set_irq(&edu->pdev, 1);
        }
    }
}

static void edu_lower_irq(EduState *edu, uint32_t val)
{
    edu->irq_status &= ~val;

    if (!edu->irq_status && !edu_msi_enabled(edu)) {
        pci_set_irq(&edu->pdev, 0);
    }
}

static bool within(uint32_t addr, uint32_t start, uint32_t end)
{
    return start <= addr && addr < end;
}

static void edu_check_range(uint32_t addr, uint32_t size1, uint32_t start,
                uint32_t size2)
{
    uint32_t end1 = addr + size1;
    uint32_t end2 = start + size2;

    if (within(addr, start, end2) &&
            end1 > addr && within(end1, start, end2)) {
        return;
    }

    hw_error("EDU: DMA range 0x%.8x-0x%.8x out of bounds (0x%.8x-0x%.8x)!",
            addr, end1 - 1, start, end2 - 1);
}

static dma_addr_t edu_clamp_addr(const EduState *edu, dma_addr_t addr)
{
    dma_addr_t res = addr & edu->dma_mask;

    if (addr != res) {
        printf("EDU: clamping DMA %#.16"PRIx64" to %#.16"PRIx64"!\n", addr, res);
    }

    return res;
}

static void edu_dma_timer(void *opaque)
{
    EduState *edu = opaque;
    bool raise_irq = false;

    if (!(edu->dma.cmd & EDU_DMA_RUN)) {
        return;
    }

    if (EDU_DMA_DIR(edu->dma.cmd) == EDU_DMA_FROM_PCI) {
        uint32_t dst = edu->dma.dst;
        edu_check_range(dst, edu->dma.cnt, DMA_START, DMA_SIZE);
        dst -= DMA_START;
        pci_dma_read(&edu->pdev, edu_clamp_addr(edu, edu->dma.src),
                edu->dma_buf + dst, edu->dma.cnt);
    } else {
        uint32_t src = edu->dma.src;
        edu_check_range(src, edu->dma.cnt, DMA_START, DMA_SIZE);
        src -= DMA_START;
        pci_dma_write(&edu->pdev, edu_clamp_addr(edu, edu->dma.dst),
                edu->dma_buf + src, edu->dma.cnt);
    }

    edu->dma.cmd &= ~EDU_DMA_RUN;
    if (edu->dma.cmd & EDU_DMA_IRQ) {
        raise_irq = true;
    }

    if (raise_irq) {
        edu_raise_irq(edu, DMA_IRQ);
    }
}

static void dma_rw(EduState *edu, bool write, dma_addr_t *val, dma_addr_t *dma,
                bool timer)
{
    if (write && (edu->dma.cmd & EDU_DMA_RUN)) {
        return;
    }

    if (write) {
        *dma = *val;
    } else {
        *val = *dma;
    }

    if (timer) {
        timer_mod(&edu->dma_timer, qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) + 100);
    }
}

static uint64_t edu_mmio_read(void *opaque, hwaddr addr, unsigned size)
{
    EduState *edu = opaque;
    uint64_t val = ~0ULL;

    if (size != 4) {
        return val;
    }

    switch (addr) {
    case 0x00:
        val = 0x010000edu;
        break;
    case 0x04:
        val = edu->addr4;
        break;
    case 0x08:
        qemu_mutex_lock(&edu->thr_mutex);
        val = edu->fact;
        qemu_mutex_unlock(&edu->thr_mutex);
        break;
    case 0x20:
        val = atomic_read(&edu->status);
        break;
    case 0x24:
        val = edu->irq_status;
        break;
    case 0x80:
        dma_rw(edu, false, &val, &edu->dma.src, false);
        break;
    case 0x88:
        dma_rw(edu, false, &val, &edu->dma.dst, false);
        break;
    case 0x90:
        dma_rw(edu, false, &val, &edu->dma.cnt, false);
        break;
    case 0x98:
        dma_rw(edu, false, &val, &edu->dma.cmd, false);
        break;
    }

    return val;
}

static void edu_mmio_write(void *opaque, hwaddr addr, uint64_t val,
                unsigned size)
{
    EduState *edu = opaque;

    if (addr < 0x80 && size != 4) {
        return;
    }

    if (addr >= 0x80 && size != 4 && size != 8) {
        return;
    }

    switch (addr) {
    case 0x04:
        edu->addr4 = ~val;
        break;
    case 0x08:
        if (atomic_read(&edu->status) & EDU_STATUS_COMPUTING) {
            break;
        }
        /* EDU_STATUS_COMPUTING cannot go 0->1 concurrently, because it is only
         * set in this function and it is under the iothread mutex.
         */
        qemu_mutex_lock(&edu->thr_mutex);
        edu->fact = val;
        atomic_or(&edu->status, EDU_STATUS_COMPUTING);
        qemu_cond_signal(&edu->thr_cond);
        qemu_mutex_unlock(&edu->thr_mutex);
        break;
    case 0x20:
        if (val & EDU_STATUS_IRQFACT) {
            atomic_or(&edu->status, EDU_STATUS_IRQFACT);
        } else {
            atomic_and(&edu->status, ~EDU_STATUS_IRQFACT);
        }
        break;
    case 0x60:
        edu_raise_irq(edu, val);
        break;
    case 0x64:
        edu_lower_irq(edu, val);
        break;
    case 0x80:
        dma_rw(edu, true, &val, &edu->dma.src, false);
        break;
    case 0x88:
        dma_rw(edu, true, &val, &edu->dma.dst, false);
        break;
    case 0x90:
        dma_rw(edu, true, &val, &edu->dma.cnt, false);
        break;
    case 0x98:
        if (!(val & EDU_DMA_RUN)) {
            break;
        }
        dma_rw(edu, true, &val, &edu->dma.cmd, true);
        break;
    }
}

static const MemoryRegionOps edu_mmio_ops = {
    .read = edu_mmio_read,
    .write = edu_mmio_write,
    .endianness = DEVICE_NATIVE_ENDIAN,
};

/*
 * We purposely use a thread, so that users are forced to wait for the status
 * register.
 */
static void *edu_fact_thread(void *opaque)
{
    EduState *edu = opaque;

    while (1) {
        uint32_t val, ret = 1;

        qemu_mutex_lock(&edu->thr_mutex);
        while ((atomic_read(&edu->status) & EDU_STATUS_COMPUTING) == 0 &&
                        !edu->stopping) {
            qemu_cond_wait(&edu->thr_cond, &edu->thr_mutex);
        }

        if (edu->stopping) {
            qemu_mutex_unlock(&edu->thr_mutex);
            break;
        }

        val = edu->fact;
        qemu_mutex_unlock(&edu->thr_mutex);

        while (val > 0) {
            ret *= val--;
        }

        /*
         * We should sleep for a random period here, so that students are
         * forced to check the status properly.
         */

        qemu_mutex_lock(&edu->thr_mutex);
        edu->fact = ret;
        qemu_mutex_unlock(&edu->thr_mutex);
        atomic_and(&edu->status, ~EDU_STATUS_COMPUTING);

        if (atomic_read(&edu->status) & EDU_STATUS_IRQFACT) {
            qemu_mutex_lock_iothread();
            edu_raise_irq(edu, FACT_IRQ);
            qemu_mutex_unlock_iothread();
        }
    }

    return NULL;
}

static void pci_edu_realize(PCIDevice *pdev, Error **errp)
{
    EduState *edu = DO_UPCAST(EduState, pdev, pdev);
    uint8_t *pci_conf = pdev->config;

    pci_config_set_interrupt_pin(pci_conf, 1);

    if (msi_init(pdev, 0, 1, true, false, errp)) {
        return;
    }

    timer_init_ms(&edu->dma_timer, QEMU_CLOCK_VIRTUAL, edu_dma_timer, edu);

    qemu_mutex_init(&edu->thr_mutex);
    qemu_cond_init(&edu->thr_cond);
    qemu_thread_create(&edu->thread, "edu", edu_fact_thread,
                       edu, QEMU_THREAD_JOINABLE);

    memory_region_init_io(&edu->mmio, OBJECT(edu), &edu_mmio_ops, edu,
                    "edu-mmio", 1 * MiB);
    pci_register_bar(pdev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, &edu->mmio);
}

static void pci_edu_uninit(PCIDevice *pdev)
{
    EduState *edu = DO_UPCAST(EduState, pdev, pdev);

    qemu_mutex_lock(&edu->thr_mutex);
    edu->stopping = true;
    qemu_mutex_unlock(&edu->thr_mutex);
    qemu_cond_signal(&edu->thr_cond);
    qemu_thread_join(&edu->thread);

    qemu_cond_destroy(&edu->thr_cond);
    qemu_mutex_destroy(&edu->thr_mutex);

    timer_del(&edu->dma_timer);
}

static void edu_obj_uint64(Object *obj, Visitor *v, const char *name,
                           void *opaque, Error **errp)
{
    uint64_t *val = opaque;

    visit_type_uint64(v, name, val, errp);
}

static void edu_instance_init(Object *obj)
{
    EduState *edu = EDU(obj);

    edu->dma_mask = (1UL << 28) - 1;
    object_property_add(obj, "dma_mask", "uint64", edu_obj_uint64,
                    edu_obj_uint64, NULL, &edu->dma_mask, NULL);
}

static void edu_class_init(ObjectClass *class, void *data)
{
    PCIDeviceClass *k = PCI_DEVICE_CLASS(class);

    k->realize = pci_edu_realize;
    k->exit = pci_edu_uninit;
    k->vendor_id = PCI_VENDOR_ID_QEMU;
    k->device_id = 0x11e8;
    k->revision = 0x10;
    k->class_id = PCI_CLASS_OTHERS;
}

static void pci_edu_register_types(void)
{
    static InterfaceInfo interfaces[] = {
        { INTERFACE_CONVENTIONAL_PCI_DEVICE },
        { },
    };
    static const TypeInfo edu_info = {
        .name          = TYPE_PCI_EDU_DEVICE,
        .parent        = TYPE_PCI_DEVICE,
        .instance_size = sizeof(EduState),
        .instance_init = edu_instance_init,
        .class_init    = edu_class_init,
        .interfaces = interfaces,
    };

    type_register_static(&edu_info);
}
type_init(pci_edu_register_types)
Commit	Line	Data
b30934cb JS	1	/*
	2	* QEMU educational PCI device
	3	*
	4	* Copyright (c) 2012-2015 Jiri Slaby
	5	*
	6	* Permission is hereby granted, free of charge, to any person obtaining a
	7	* copy of this software and associated documentation files (the "Software"),
	8	* to deal in the Software without restriction, including without limitation
	9	* the rights to use, copy, modify, merge, publish, distribute, sublicense,
	10	* and/or sell copies of the Software, and to permit persons to whom the
	11	* Software is furnished to do so, subject to the following conditions:
	12	*
	13	* The above copyright notice and this permission notice shall be included in
	14	* all copies or substantial portions of the Software.
	15	*
	16	* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
	17	* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	18	* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
	19	* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
	20	* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
	21	* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
	22	* DEALINGS IN THE SOFTWARE.
	23	*/
	24
0d1c9782	25	#include "qemu/osdep.h"
de9b602e	26	#include "qemu/units.h"
b30934cb	27	#include "hw/pci/pci.h"
eabb5782	28	#include "hw/pci/msi.h"
b30934cb JS	29	#include "qemu/timer.h"
	30	#include "qemu/main-loop.h" /* iothread mutex */
	31	#include "qapi/visitor.h"
	32
8371158b LQ	33	#define TYPE_PCI_EDU_DEVICE "edu"
8371158b LQ	34	#define EDU(obj) OBJECT_CHECK(EduState, obj, TYPE_PCI_EDU_DEVICE)
b30934cb JS	35
	36	#define FACT_IRQ 0x00000001
	37	#define DMA_IRQ 0x00000100
	38
	39	#define DMA_START 0x40000
	40	#define DMA_SIZE 4096
	41
	42	typedef struct {
	43	PCIDevice pdev;
	44	MemoryRegion mmio;
	45
	46	QemuThread thread;
	47	QemuMutex thr_mutex;
	48	QemuCond thr_cond;
	49	bool stopping;
	50
	51	uint32_t addr4;
	52	uint32_t fact;
	53	#define EDU_STATUS_COMPUTING 0x01
	54	#define EDU_STATUS_IRQFACT 0x80
	55	uint32_t status;
	56
	57	uint32_t irq_status;
	58
	59	#define EDU_DMA_RUN 0x1
	60	#define EDU_DMA_DIR(cmd) (((cmd) & 0x2) >> 1)
	61	# define EDU_DMA_FROM_PCI 0
	62	# define EDU_DMA_TO_PCI 1
	63	#define EDU_DMA_IRQ 0x4
	64	struct dma_state {
	65	dma_addr_t src;
	66	dma_addr_t dst;
	67	dma_addr_t cnt;
	68	dma_addr_t cmd;
	69	} dma;
	70	QEMUTimer dma_timer;
	71	char dma_buf[DMA_SIZE];
	72	uint64_t dma_mask;
	73	} EduState;
	74
eabb5782 PX	75	static bool edu_msi_enabled(EduState *edu)
	76	{
	77	return msi_enabled(&edu->pdev);
	78	}
	79
b30934cb JS	80	static void edu_raise_irq(EduState *edu, uint32_t val)
	81	{
	82	edu->irq_status \|= val;
	83	if (edu->irq_status) {
eabb5782 PX	84	if (edu_msi_enabled(edu)) {
	85	msi_notify(&edu->pdev, 0);
	86	} else {
	87	pci_set_irq(&edu->pdev, 1);
	88	}
b30934cb JS	89	}
	90	}
	91
	92	static void edu_lower_irq(EduState *edu, uint32_t val)
	93	{
	94	edu->irq_status &= ~val;
	95
eabb5782	96	if (!edu->irq_status && !edu_msi_enabled(edu)) {
b30934cb JS	97	pci_set_irq(&edu->pdev, 0);
	98	}
	99	}
	100
	101	static bool within(uint32_t addr, uint32_t start, uint32_t end)
	102	{
	103	return start <= addr && addr < end;
	104	}
	105
	106	static void edu_check_range(uint32_t addr, uint32_t size1, uint32_t start,
	107	uint32_t size2)
	108	{
	109	uint32_t end1 = addr + size1;
	110	uint32_t end2 = start + size2;
	111
	112	if (within(addr, start, end2) &&
	113	end1 > addr && within(end1, start, end2)) {
	114	return;
	115	}
	116
	117	hw_error("EDU: DMA range 0x%.8x-0x%.8x out of bounds (0x%.8x-0x%.8x)!",
	118	addr, end1 - 1, start, end2 - 1);
	119	}
	120
	121	static dma_addr_t edu_clamp_addr(const EduState *edu, dma_addr_t addr)
	122	{
	123	dma_addr_t res = addr & edu->dma_mask;
	124
	125	if (addr != res) {
	126	printf("EDU: clamping DMA %#.16"PRIx64" to %#.16"PRIx64"!\n", addr, res);
	127	}
	128
	129	return res;
	130	}
	131
	132	static void edu_dma_timer(void *opaque)
	133	{
	134	EduState *edu = opaque;
	135	bool raise_irq = false;
	136
	137	if (!(edu->dma.cmd & EDU_DMA_RUN)) {
	138	return;
	139	}
	140
	141	if (EDU_DMA_DIR(edu->dma.cmd) == EDU_DMA_FROM_PCI) {
	142	uint32_t dst = edu->dma.dst;
	143	edu_check_range(dst, edu->dma.cnt, DMA_START, DMA_SIZE);
	144	dst -= DMA_START;
	145	pci_dma_read(&edu->pdev, edu_clamp_addr(edu, edu->dma.src),
	146	edu->dma_buf + dst, edu->dma.cnt);
	147	} else {
	148	uint32_t src = edu->dma.src;
	149	edu_check_range(src, edu->dma.cnt, DMA_START, DMA_SIZE);
	150	src -= DMA_START;
	151	pci_dma_write(&edu->pdev, edu_clamp_addr(edu, edu->dma.dst),
	152	edu->dma_buf + src, edu->dma.cnt);
	153	}
	154
	155	edu->dma.cmd &= ~EDU_DMA_RUN;
	156	if (edu->dma.cmd & EDU_DMA_IRQ) {
	157	raise_irq = true;
	158	}
	159
	160	if (raise_irq) {
161	edu_raise_irq(edu, DMA_IRQ);
162	}
163	}
164
165	static void dma_rw(EduState edu, bool write, dma_addr_t val, dma_addr_t *dma,
166	bool timer)
167	{
168	if (write && (edu->dma.cmd & EDU_DMA_RUN)) {
169	return;
170	}
171
172	if (write) {
173	dma = val;
174	} else {
175	val = dma;
176	}
177
178	if (timer) {
179	timer_mod(&edu->dma_timer, qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) + 100);
180	}
181	}
182
183	static uint64_t edu_mmio_read(void *opaque, hwaddr addr, unsigned size)
184	{
185	EduState *edu = opaque;
186	uint64_t val = ~0ULL;
187
188	if (size != 4) {
189	return val;
190	}
191
192	switch (addr) {
193	case 0x00:
194	val = 0x010000edu;
195	break;
196	case 0x04:
197	val = edu->addr4;
198	break;
199	case 0x08:
200	qemu_mutex_lock(&edu->thr_mutex);
201	val = edu->fact;
202	qemu_mutex_unlock(&edu->thr_mutex);
203	break;
204	case 0x20:
205	val = atomic_read(&edu->status);
206	break;
207	case 0x24:
208	val = edu->irq_status;
209	break;
210	case 0x80:
211	dma_rw(edu, false, &val, &edu->dma.src, false);
212	break;
213	case 0x88:
214	dma_rw(edu, false, &val, &edu->dma.dst, false);
215	break;
216	case 0x90:
217	dma_rw(edu, false, &val, &edu->dma.cnt, false);
218	break;
219	case 0x98:
220	dma_rw(edu, false, &val, &edu->dma.cmd, false);
221	break;
222	}
223
224	return val;
225	}
226
227	static void edu_mmio_write(void *opaque, hwaddr addr, uint64_t val,
228	unsigned size)
229	{
230	EduState *edu = opaque;
231
232	if (addr < 0x80 && size != 4) {
233	return;
234	}
235
236	if (addr >= 0x80 && size != 4 && size != 8) {
237	return;
238	}
239
240	switch (addr) {
241	case 0x04:
242	edu->addr4 = ~val;
243	break;
244	case 0x08:
245	if (atomic_read(&edu->status) & EDU_STATUS_COMPUTING) {
246	break;
247	}
248	/* EDU_STATUS_COMPUTING cannot go 0->1 concurrently, because it is only
249	* set in this function and it is under the iothread mutex.
250	*/
251	qemu_mutex_lock(&edu->thr_mutex);
252	edu->fact = val;
253	atomic_or(&edu->status, EDU_STATUS_COMPUTING);
254	qemu_cond_signal(&edu->thr_cond);
255	qemu_mutex_unlock(&edu->thr_mutex);
256	break;
257	case 0x20:
258	if (val & EDU_STATUS_IRQFACT) {
259	atomic_or(&edu->status, EDU_STATUS_IRQFACT);
260	} else {
261	atomic_and(&edu->status, ~EDU_STATUS_IRQFACT);
262	}
263	break;
264	case 0x60:
265	edu_raise_irq(edu, val);
266	break;
267	case 0x64:
268	edu_lower_irq(edu, val);
269	break;
270	case 0x80:
271	dma_rw(edu, true, &val, &edu->dma.src, false);
272	break;
273	case 0x88:
274	dma_rw(edu, true, &val, &edu->dma.dst, false);
275	break;
276	case 0x90:
277	dma_rw(edu, true, &val, &edu->dma.cnt, false);
278	break;
279	case 0x98:
280	if (!(val & EDU_DMA_RUN)) {
281	break;
282	}
283	dma_rw(edu, true, &val, &edu->dma.cmd, true);
284	break;
285	}
286	}
287
288	static const MemoryRegionOps edu_mmio_ops = {
289	.read = edu_mmio_read,
290	.write = edu_mmio_write,
291	.endianness = DEVICE_NATIVE_ENDIAN,
292	};
293
294	/*
631b22ea	295	* We purposely use a thread, so that users are forced to wait for the status
b30934cb JS	296	* register.
	297	*/
	298	static void edu_fact_thread(void opaque)
	299	{
	300	EduState *edu = opaque;
	301
	302	while (1) {
	303	uint32_t val, ret = 1;
	304
	305	qemu_mutex_lock(&edu->thr_mutex);
	306	while ((atomic_read(&edu->status) & EDU_STATUS_COMPUTING) == 0 &&
	307	!edu->stopping) {
	308	qemu_cond_wait(&edu->thr_cond, &edu->thr_mutex);
	309	}
	310
	311	if (edu->stopping) {
	312	qemu_mutex_unlock(&edu->thr_mutex);
	313	break;
	314	}
	315
	316	val = edu->fact;
	317	qemu_mutex_unlock(&edu->thr_mutex);
	318
	319	while (val > 0) {
	320	ret *= val--;
	321	}
	322
	323	/*
	324	* We should sleep for a random period here, so that students are
	325	* forced to check the status properly.
	326	*/
	327
	328	qemu_mutex_lock(&edu->thr_mutex);
	329	edu->fact = ret;
	330	qemu_mutex_unlock(&edu->thr_mutex);
	331	atomic_and(&edu->status, ~EDU_STATUS_COMPUTING);
	332
	333	if (atomic_read(&edu->status) & EDU_STATUS_IRQFACT) {
	334	qemu_mutex_lock_iothread();
	335	edu_raise_irq(edu, FACT_IRQ);
	336	qemu_mutex_unlock_iothread();
	337	}
	338	}
	339
	340	return NULL;
	341	}
	342
f922254c	343	static void pci_edu_realize(PCIDevice pdev, Error *errp)
b30934cb JS	344	{
	345	EduState *edu = DO_UPCAST(EduState, pdev, pdev);
	346	uint8_t *pci_conf = pdev->config;
	347
c25a67f0 PB	348	pci_config_set_interrupt_pin(pci_conf, 1);
	349
	350	if (msi_init(pdev, 0, 1, true, false, errp)) {
	351	return;
	352	}
	353
b30934cb JS	354	timer_init_ms(&edu->dma_timer, QEMU_CLOCK_VIRTUAL, edu_dma_timer, edu);
	355
	356	qemu_mutex_init(&edu->thr_mutex);
	357	qemu_cond_init(&edu->thr_cond);
	358	qemu_thread_create(&edu->thread, "edu", edu_fact_thread,
	359	edu, QEMU_THREAD_JOINABLE);
	360
b30934cb	361	memory_region_init_io(&edu->mmio, OBJECT(edu), &edu_mmio_ops, edu,
de9b602e	362	"edu-mmio", 1 * MiB);
b30934cb	363	pci_register_bar(pdev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, &edu->mmio);
b30934cb JS	364	}
	365
	366	static void pci_edu_uninit(PCIDevice *pdev)
	367	{
	368	EduState *edu = DO_UPCAST(EduState, pdev, pdev);
	369
	370	qemu_mutex_lock(&edu->thr_mutex);
	371	edu->stopping = true;
	372	qemu_mutex_unlock(&edu->thr_mutex);
	373	qemu_cond_signal(&edu->thr_cond);
	374	qemu_thread_join(&edu->thread);
	375
	376	qemu_cond_destroy(&edu->thr_cond);
	377	qemu_mutex_destroy(&edu->thr_mutex);
	378
	379	timer_del(&edu->dma_timer);
	380	}
	381
d7bce999 EB	382	static void edu_obj_uint64(Object obj, Visitor v, const char *name,
d7bce999 EB	383	void opaque, Error *errp)
b30934cb JS	384	{
	385	uint64_t *val = opaque;
	386
51e72bc1	387	visit_type_uint64(v, name, val, errp);
b30934cb JS	388	}
	389
	390	static void edu_instance_init(Object *obj)
	391	{
	392	EduState *edu = EDU(obj);
	393
	394	edu->dma_mask = (1UL << 28) - 1;
	395	object_property_add(obj, "dma_mask", "uint64", edu_obj_uint64,
	396	edu_obj_uint64, NULL, &edu->dma_mask, NULL);
	397	}
	398
	399	static void edu_class_init(ObjectClass class, void data)
	400	{
	401	PCIDeviceClass *k = PCI_DEVICE_CLASS(class);
	402
f922254c	403	k->realize = pci_edu_realize;
b30934cb JS	404	k->exit = pci_edu_uninit;
	405	k->vendor_id = PCI_VENDOR_ID_QEMU;
	406	k->device_id = 0x11e8;
	407	k->revision = 0x10;
	408	k->class_id = PCI_CLASS_OTHERS;
	409	}
	410
	411	static void pci_edu_register_types(void)
	412	{
fd3b02c8 EH	413	static InterfaceInfo interfaces[] = {
	414	{ INTERFACE_CONVENTIONAL_PCI_DEVICE },
	415	{ },
	416	};
b30934cb	417	static const TypeInfo edu_info = {
8371158b	418	.name = TYPE_PCI_EDU_DEVICE,
b30934cb JS	419	.parent = TYPE_PCI_DEVICE,
	420	.instance_size = sizeof(EduState),
	421	.instance_init = edu_instance_init,
	422	.class_init = edu_class_init,
fd3b02c8	423	.interfaces = interfaces,
b30934cb JS	424	};
	425
	426	type_register_static(&edu_info);
	427	}
	428	type_init(pci_edu_register_types)