From bf471f7950e9dc9416747b2774eb712f63afe5a7 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 11 Dec 2012 11:30:37 +0000 Subject: [PATCH 01/12] hw/arm_boot, exynos4210, highbank: Fix secondary boot GIC init Fix the code in the secondary CPU boot stubs so that it correctly initialises the GIC rather than relying on bugs or implementation dependent aspects of the QEMU GIC implementation: * set the GIC_PMR.Priority field to all-ones, so that all interrupts are passed through. The default of all-zeroes means all interrupts are masked, and QEMU only booted because of a bug in the priority masking in our GIC implementation. * add a barrier after GIC setup and before WFI to ensure that GIC config is complete before we go into a possible low power state. This isn't needed with the software GIC model but could be required when using KVM and executing this code on the real hardware CPU. Note that of the three secondary stub implementations, only the common generic one needs to support both v6 and v7 DSB encodings; highbank and exynos4210 will always be v7 CPUs. Signed-off-by: Peter Maydell Reviewed-by: Igor Mitsyanko --- hw/arm_boot.c | 17 ++++++++++++++--- hw/exynos4210.c | 10 +++++++--- hw/highbank.c | 7 +++++-- 3 files changed, 26 insertions(+), 8 deletions(-) diff --git a/hw/arm_boot.c b/hw/arm_boot.c index 92e2cab476..ec3b8d5d12 100644 --- a/hw/arm_boot.c +++ b/hw/arm_boot.c @@ -44,11 +44,17 @@ static uint32_t bootloader[] = { * for an interprocessor interrupt and polling a configurable * location for the kernel secondary CPU entry point. */ +#define DSB_INSN 0xf57ff04f +#define CP15_DSB_INSN 0xee070f9a /* mcr cp15, 0, r0, c7, c10, 4 */ + static uint32_t smpboot[] = { - 0xe59f201c, /* ldr r2, gic_cpu_if */ - 0xe59f001c, /* ldr r0, startaddr */ + 0xe59f2028, /* ldr r2, gic_cpu_if */ + 0xe59f0028, /* ldr r0, startaddr */ 0xe3a01001, /* mov r1, #1 */ - 0xe5821000, /* str r1, [r2] */ + 0xe5821000, /* str r1, [r2] - set GICC_CTLR.Enable */ + 0xe3a010ff, /* mov r1, #0xff */ + 0xe5821004, /* str r1, [r2, 4] - set GIC_PMR.Priority to 0xff */ + DSB_INSN, /* dsb */ 0xe320f003, /* wfi */ 0xe5901000, /* ldr r1, [r0] */ 0xe1110001, /* tst r1, r1 */ @@ -65,6 +71,11 @@ static void default_write_secondary(ARMCPU *cpu, smpboot[ARRAY_SIZE(smpboot) - 1] = info->smp_bootreg_addr; smpboot[ARRAY_SIZE(smpboot) - 2] = info->gic_cpu_if_addr; for (n = 0; n < ARRAY_SIZE(smpboot); n++) { + /* Replace DSB with the pre-v7 DSB if necessary. */ + if (!arm_feature(&cpu->env, ARM_FEATURE_V7) && + smpboot[n] == DSB_INSN) { + smpboot[n] = CP15_DSB_INSN; + } smpboot[n] = tswap32(smpboot[n]); } rom_add_blob_fixed("smpboot", smpboot, sizeof(smpboot), diff --git a/hw/exynos4210.c b/hw/exynos4210.c index 00d4db8871..22148cd946 100644 --- a/hw/exynos4210.c +++ b/hw/exynos4210.c @@ -80,12 +80,16 @@ void exynos4210_write_secondary(ARMCPU *cpu, { int n; uint32_t smpboot[] = { - 0xe59f3024, /* ldr r3, External gic_cpu_if */ - 0xe59f2024, /* ldr r2, Internal gic_cpu_if */ - 0xe59f0024, /* ldr r0, startaddr */ + 0xe59f3034, /* ldr r3, External gic_cpu_if */ + 0xe59f2034, /* ldr r2, Internal gic_cpu_if */ + 0xe59f0034, /* ldr r0, startaddr */ 0xe3a01001, /* mov r1, #1 */ 0xe5821000, /* str r1, [r2] */ 0xe5831000, /* str r1, [r3] */ + 0xe3a010ff, /* mov r1, #0xff */ + 0xe5821004, /* str r1, [r2, #4] */ + 0xe5831004, /* str r1, [r3, #4] */ + 0xf57ff04f, /* dsb */ 0xe320f003, /* wfi */ 0xe5901000, /* ldr r1, [r0] */ 0xe1110001, /* tst r1, r1 */ diff --git a/hw/highbank.c b/hw/highbank.c index afbb005422..447e57d758 100644 --- a/hw/highbank.c +++ b/hw/highbank.c @@ -44,9 +44,12 @@ static void hb_write_secondary(ARMCPU *cpu, const struct arm_boot_info *info) 0xe210000f, /* ands r0, r0, #0x0f */ 0xe3a03040, /* mov r3, #0x40 - jump address is 0x40 + 0x10 * core id */ 0xe0830200, /* add r0, r3, r0, lsl #4 */ - 0xe59f2018, /* ldr r2, privbase */ + 0xe59f2024, /* ldr r2, privbase */ 0xe3a01001, /* mov r1, #1 */ - 0xe5821100, /* str r1, [r2, #256] */ + 0xe5821100, /* str r1, [r2, #256] - set GICC_CTLR.Enable */ + 0xe3a010ff, /* mov r1, #0xff */ + 0xe5821104, /* str r1, [r2, #260] - set GICC_PMR.Priority to 0xff */ + 0xf57ff04f, /* dsb */ 0xe320f003, /* wfi */ 0xe5901000, /* ldr r1, [r0] */ 0xe1110001, /* tst r1, r1 */ From cad065f18e1ca7694385f42f560da637d4e651b6 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 11 Dec 2012 11:30:37 +0000 Subject: [PATCH 02/12] hw/arm_gic: Fix comparison with priority mask register The GIC spec states that only interrupts with higher priority than the value in the GICC_PMR priority mask register are passed through to the processor. We were incorrectly allowing through interrupts with a priority equal to the specified value: correct the comparison operation to match the spec. Signed-off-by: Peter Maydell Reviewed-by: Igor Mitsyanko --- hw/arm_gic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/arm_gic.c b/hw/arm_gic.c index f9e423f152..672d539996 100644 --- a/hw/arm_gic.c +++ b/hw/arm_gic.c @@ -73,7 +73,7 @@ void gic_update(GICState *s) } } level = 0; - if (best_prio <= s->priority_mask[cpu]) { + if (best_prio < s->priority_mask[cpu]) { s->current_pending[cpu] = best_irq; if (best_prio < s->running_priority[cpu]) { DPRINTF("Raised pending IRQ %d\n", best_irq); From ee3f095680e4f578f4f1371a90acc20375b48966 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 11 Dec 2012 11:30:37 +0000 Subject: [PATCH 03/12] hw/arm_gic_common: Correct GICC_PMR reset value for newer GICs The GIC architecture specification for v1 and v2 GICs (as found on the Cortex-A9 and newer) states that the GICC_PMR reset value is zero; this differs from the 0xf0 reset value used on 11MPCore. The NVIC is different again in not having a CPU interface; since we share the GIC code we must force the priority mask field to allow through all interrupts. Signed-off-by: Peter Maydell Reviewed-by: Igor Mitsyanko --- hw/arm_gic_common.c | 6 +++++- hw/armv7m_nvic.c | 4 +++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/hw/arm_gic_common.c b/hw/arm_gic_common.c index 8369309d21..73ae331807 100644 --- a/hw/arm_gic_common.c +++ b/hw/arm_gic_common.c @@ -127,7 +127,11 @@ static void arm_gic_common_reset(DeviceState *dev) int i; memset(s->irq_state, 0, GIC_MAXIRQ * sizeof(gic_irq_state)); for (i = 0 ; i < s->num_cpu; i++) { - s->priority_mask[i] = 0xf0; + if (s->revision == REV_11MPCORE) { + s->priority_mask[i] = 0xf0; + } else { + s->priority_mask[i] = 0; + } s->current_pending[i] = 1023; s->running_irq[i] = 1023; s->running_priority[i] = 0x100; diff --git a/hw/armv7m_nvic.c b/hw/armv7m_nvic.c index f0a2e7b5d2..4963678bf1 100644 --- a/hw/armv7m_nvic.c +++ b/hw/armv7m_nvic.c @@ -455,9 +455,11 @@ static void armv7m_nvic_reset(DeviceState *dev) nc->parent_reset(dev); /* Common GIC reset resets to disabled; the NVIC doesn't have * per-CPU interfaces so mark our non-existent CPU interface - * as enabled by default. + * as enabled by default, and with a priority mask which allows + * all interrupts through. */ s->gic.cpu_enabled[0] = 1; + s->gic.priority_mask[0] = 0x100; /* The NVIC as a whole is always enabled. */ s->gic.enabled = 1; systick_reset(s); From 79f5d67e9db35d53b478699393590392f7be03ac Mon Sep 17 00:00:00 2001 From: walimis Date: Tue, 11 Dec 2012 11:30:37 +0000 Subject: [PATCH 04/12] xilinx_zynq: Add one variable to avoid overwriting QSPI bus commit 7b482bcf xilinx_zynq: added QSPI controller Adds one QSPI controller, which has two spi buses, one is for spi0, and another is for spi1. But when initializing the spi1 bus, "dev" has been overwrited by the ssi_create_slave_no_init() function, so that qdev_get_child_bus() returns NULL and the last two m25p80 flashes won't be attached to the spi1 bus, but to main-system-bus. Here we add one variable to avoid overwriting. Signed-off-by: Liming Wang Reviewed-by: Peter Crosthwaite Signed-off-by: Peter Maydell --- hw/xilinx_zynq.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/hw/xilinx_zynq.c b/hw/xilinx_zynq.c index 1f12a3d1ad..49233d8e2e 100644 --- a/hw/xilinx_zynq.c +++ b/hw/xilinx_zynq.c @@ -57,6 +57,7 @@ static inline void zynq_init_spi_flashes(uint32_t base_addr, qemu_irq irq, DeviceState *dev; SysBusDevice *busdev; SSIBus *spi; + DeviceState *flash_dev; int i, j; int num_busses = is_qspi ? NUM_QSPI_BUSSES : 1; int num_ss = is_qspi ? NUM_QSPI_FLASHES : NUM_SPI_FLASHES; @@ -81,11 +82,11 @@ static inline void zynq_init_spi_flashes(uint32_t base_addr, qemu_irq irq, spi = (SSIBus *)qdev_get_child_bus(dev, bus_name); for (j = 0; j < num_ss; ++j) { - dev = ssi_create_slave_no_init(spi, "m25p80"); - qdev_prop_set_string(dev, "partname", "n25q128"); - qdev_init_nofail(dev); + flash_dev = ssi_create_slave_no_init(spi, "m25p80"); + qdev_prop_set_string(flash_dev, "partname", "n25q128"); + qdev_init_nofail(flash_dev); - cs_line = qdev_get_gpio_in(dev, 0); + cs_line = qdev_get_gpio_in(flash_dev, 0); sysbus_connect_irq(busdev, i * num_ss + j + 1, cs_line); } } From f47b48fb678581d6ee369cfe26b3513100b7d53e Mon Sep 17 00:00:00 2001 From: Daniel Sangorrin Date: Tue, 11 Dec 2012 11:30:38 +0000 Subject: [PATCH 05/12] hw/arm_gic: fix target CPUs affected by set enable/pending ops Fix a bug on the ARM GIC model where interrupts are not set pending on the correct target CPUs when they are triggered by writes to the Interrupt Set Enable or Set Pending registers. Signed-off-by: Daniel Sangorrin Signed-off-by: Peter Maydell --- hw/arm_gic.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/hw/arm_gic.c b/hw/arm_gic.c index 672d539996..8d769de4f5 100644 --- a/hw/arm_gic.c +++ b/hw/arm_gic.c @@ -374,7 +374,8 @@ static void gic_dist_writeb(void *opaque, hwaddr offset, value = 0xff; for (i = 0; i < 8; i++) { if (value & (1 << i)) { - int mask = (irq < GIC_INTERNAL) ? (1 << cpu) : GIC_TARGET(irq); + int mask = + (irq < GIC_INTERNAL) ? (1 << cpu) : GIC_TARGET(irq + i); int cm = (irq < GIC_INTERNAL) ? (1 << cpu) : ALL_CPU_MASK; if (!GIC_TEST_ENABLED(irq + i, cm)) { @@ -417,7 +418,7 @@ static void gic_dist_writeb(void *opaque, hwaddr offset, for (i = 0; i < 8; i++) { if (value & (1 << i)) { - GIC_SET_PENDING(irq + i, GIC_TARGET(irq)); + GIC_SET_PENDING(irq + i, GIC_TARGET(irq + i)); } } } else if (offset < 0x300) { From 97331270e50f5858c82a0c6d146da81f5b776535 Mon Sep 17 00:00:00 2001 From: Jean-Christophe DUBOIS Date: Mon, 3 Dec 2012 12:55:57 +0000 Subject: [PATCH 06/12] exynos4210/mct: Avoid infinite loop on non incremental timers Check for a 0 "distance" value to avoid infinite loop when the expired FCR timer was not programed with auto-increment. With this change the behavior is coherent with the same type of code in the exynos4210_gfrc_restart() function in the same file. Linux seems to mostly use this timer with auto-increment which explain why it is not a problem most of the time. However other OS might have a problem with this if they don't use the auto-increment feature. Signed-off-by: Jean-Christophe DUBOIS Reviewed-by: Evgeny Voevodin Signed-off-by: Peter Maydell --- hw/exynos4210_mct.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/exynos4210_mct.c b/hw/exynos4210_mct.c index e79cd6ac01..37dbda92df 100644 --- a/hw/exynos4210_mct.c +++ b/hw/exynos4210_mct.c @@ -568,7 +568,7 @@ static void exynos4210_gfrc_event(void *opaque) /* Reload FRC to reach nearest comparator */ s->g_timer.curr_comp = exynos4210_gcomp_find(s); distance = exynos4210_gcomp_get_distance(s, s->g_timer.curr_comp); - if (distance > MCT_GT_COUNTER_STEP) { + if (distance > MCT_GT_COUNTER_STEP || !distance) { distance = MCT_GT_COUNTER_STEP; } exynos4210_gfrc_set_count(&s->g_timer, distance); From 580f5c000809108f51a77ae74709100d32be6ea5 Mon Sep 17 00:00:00 2001 From: Antoine Mathys Date: Thu, 13 Dec 2012 14:05:27 +0000 Subject: [PATCH 07/12] hw/ds1338.c: Correct bug in conversion to BCD. Signed-off-by: Antoine Mathys Signed-off-by: Peter Maydell --- hw/ds1338.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/ds1338.c b/hw/ds1338.c index b576d56438..faaa4a0a93 100644 --- a/hw/ds1338.c +++ b/hw/ds1338.c @@ -57,9 +57,9 @@ static void capture_current_time(DS1338State *s) } else { s->nvram[2] = to_bcd(now.tm_hour); } - s->nvram[3] = to_bcd(now.tm_wday) + 1; + s->nvram[3] = to_bcd(now.tm_wday + 1); s->nvram[4] = to_bcd(now.tm_mday); - s->nvram[5] = to_bcd(now.tm_mon) + 1; + s->nvram[5] = to_bcd(now.tm_mon + 1); s->nvram[6] = to_bcd(now.tm_year - 100); } From 95c9361598e66de42facdac64e614e3de85186f5 Mon Sep 17 00:00:00 2001 From: Antoine Mathys Date: Thu, 13 Dec 2012 14:05:27 +0000 Subject: [PATCH 08/12] hw/ds1338.c: Add definitions for various flags in the RTC registers. Signed-off-by: Antoine Mathys Signed-off-by: Peter Maydell --- hw/ds1338.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hw/ds1338.c b/hw/ds1338.c index faaa4a0a93..69018bc966 100644 --- a/hw/ds1338.c +++ b/hw/ds1338.c @@ -17,6 +17,12 @@ */ #define NVRAM_SIZE 64 +/* Flags definitions */ +#define SECONDS_CH 0x80 +#define HOURS_12 0x40 +#define HOURS_PM 0x20 +#define CTRL_OSF 0x20 + typedef struct { I2CSlave i2c; int64_t offset; From 59dda8e05b015471d456177141a7c2eeda3dab14 Mon Sep 17 00:00:00 2001 From: Antoine Mathys Date: Thu, 13 Dec 2012 14:05:27 +0000 Subject: [PATCH 09/12] hw/ds1338.c: Fix handling of HOURS register. Per the datasheet, the mapping between 12 and 24 hours modes is: 0 <-> 12 PM 1-12 <-> 1-12 AM 13-23 <-> 1-11 PM Signed-off-by: Antoine Mathys Signed-off-by: Peter Maydell --- hw/ds1338.c | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/hw/ds1338.c b/hw/ds1338.c index 69018bc966..0f887200f3 100644 --- a/hw/ds1338.c +++ b/hw/ds1338.c @@ -55,10 +55,15 @@ static void capture_current_time(DS1338State *s) qemu_get_timedate(&now, s->offset); s->nvram[0] = to_bcd(now.tm_sec); s->nvram[1] = to_bcd(now.tm_min); - if (s->nvram[2] & 0x40) { - s->nvram[2] = (to_bcd((now.tm_hour % 12)) + 1) | 0x40; - if (now.tm_hour >= 12) { - s->nvram[2] |= 0x20; + if (s->nvram[2] & HOURS_12) { + int tmp = now.tm_hour; + if (tmp == 0) { + tmp = 24; + } + if (tmp <= 12) { + s->nvram[2] = HOURS_12 | to_bcd(tmp); + } else { + s->nvram[2] = HOURS_12 | HOURS_PM | to_bcd(tmp - 12); } } else { s->nvram[2] = to_bcd(now.tm_hour); @@ -132,16 +137,18 @@ static int ds1338_send(I2CSlave *i2c, uint8_t data) now.tm_min = from_bcd(data & 0x7f); break; case 2: - if (data & 0x40) { - if (data & 0x20) { - data = from_bcd(data & 0x4f) + 11; - } else { - data = from_bcd(data & 0x1f) - 1; + if (data & HOURS_12) { + int tmp = from_bcd(data & (HOURS_PM - 1)); + if (data & HOURS_PM) { + tmp += 12; } + if (tmp == 24) { + tmp = 0; + } + now.tm_hour = tmp; } else { - data = from_bcd(data); + now.tm_hour = from_bcd(data & (HOURS_12 - 1)); } - now.tm_hour = data; break; case 3: now.tm_wday = from_bcd(data & 7) - 1; From ed3d37d287300b7bcdb4605b921e5ec593afd214 Mon Sep 17 00:00:00 2001 From: Antoine Mathys Date: Thu, 13 Dec 2012 14:05:28 +0000 Subject: [PATCH 10/12] hw/ds1338.c: Ensure state is properly initialized. Signed-off-by: Antoine Mathys Signed-off-by: Peter Maydell --- hw/ds1338.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/hw/ds1338.c b/hw/ds1338.c index 0f887200f3..d2f52fcbed 100644 --- a/hw/ds1338.c +++ b/hw/ds1338.c @@ -179,6 +179,17 @@ static int ds1338_init(I2CSlave *i2c) return 0; } +static void ds1338_reset(DeviceState *dev) +{ + DS1338State *s = FROM_I2C_SLAVE(DS1338State, I2C_SLAVE_FROM_QDEV(dev)); + + /* The clock is running and synchronized with the host */ + s->offset = 0; + memset(s->nvram, 0, NVRAM_SIZE); + s->ptr = 0; + s->addr_byte = false; +} + static void ds1338_class_init(ObjectClass *klass, void *data) { DeviceClass *dc = DEVICE_CLASS(klass); @@ -188,6 +199,7 @@ static void ds1338_class_init(ObjectClass *klass, void *data) k->event = ds1338_event; k->recv = ds1338_recv; k->send = ds1338_send; + dc->reset = ds1338_reset; dc->vmsd = &vmstate_ds1338; } From 996e91f04b9cc55cf246052856abe9189a5a0f28 Mon Sep 17 00:00:00 2001 From: Antoine Mathys Date: Thu, 13 Dec 2012 14:05:28 +0000 Subject: [PATCH 11/12] hw/ds1338.c: Implement support for the control register. Signed-off-by: Antoine Mathys Signed-off-by: Peter Maydell --- hw/ds1338.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/hw/ds1338.c b/hw/ds1338.c index d2f52fcbed..94a2f549e4 100644 --- a/hw/ds1338.c +++ b/hw/ds1338.c @@ -125,7 +125,8 @@ static int ds1338_send(I2CSlave *i2c, uint8_t data) s->addr_byte = false; return 0; } - if (s->ptr < 8) { + if (s->ptr < 7) { + /* Time register. */ struct tm now; qemu_get_timedate(&now, s->offset); switch(s->ptr) { @@ -162,11 +163,19 @@ static int ds1338_send(I2CSlave *i2c, uint8_t data) case 6: now.tm_year = from_bcd(data) + 100; break; - case 7: - /* Control register. Currently ignored. */ - break; } s->offset = qemu_timedate_diff(&now); + } else if (s->ptr == 7) { + /* Control register. */ + + /* Ensure bits 2, 3 and 6 will read back as zero. */ + data &= 0xB3; + + /* Attempting to write the OSF flag to logic 1 leaves the + value unchanged. */ + data = (data & ~CTRL_OSF) | (data & s->nvram[s->ptr] & CTRL_OSF); + + s->nvram[s->ptr] = data; } else { s->nvram[s->ptr] = data; } From 871edc5fdba884929102b89d28ff363c94f0822d Mon Sep 17 00:00:00 2001 From: Antoine Mathys Date: Thu, 13 Dec 2012 14:05:28 +0000 Subject: [PATCH 12/12] hw/ds1338.c: Fix handling of DAY (wday) register. Per the datasheet, the DAY (wday) register is user defined. Implement this. Signed-off-by: Antoine Mathys Signed-off-by: Peter Maydell --- hw/ds1338.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/hw/ds1338.c b/hw/ds1338.c index 94a2f549e4..1aefa3ba04 100644 --- a/hw/ds1338.c +++ b/hw/ds1338.c @@ -26,6 +26,7 @@ typedef struct { I2CSlave i2c; int64_t offset; + uint8_t wday_offset; uint8_t nvram[NVRAM_SIZE]; int32_t ptr; bool addr_byte; @@ -33,12 +34,13 @@ typedef struct { static const VMStateDescription vmstate_ds1338 = { .name = "ds1338", - .version_id = 1, + .version_id = 2, .minimum_version_id = 1, .minimum_version_id_old = 1, .fields = (VMStateField[]) { VMSTATE_I2C_SLAVE(i2c, DS1338State), VMSTATE_INT64(offset, DS1338State), + VMSTATE_UINT8_V(wday_offset, DS1338State, 2), VMSTATE_UINT8_ARRAY(nvram, DS1338State, NVRAM_SIZE), VMSTATE_INT32(ptr, DS1338State), VMSTATE_BOOL(addr_byte, DS1338State), @@ -68,7 +70,7 @@ static void capture_current_time(DS1338State *s) } else { s->nvram[2] = to_bcd(now.tm_hour); } - s->nvram[3] = to_bcd(now.tm_wday + 1); + s->nvram[3] = (now.tm_wday + s->wday_offset) % 7 + 1; s->nvram[4] = to_bcd(now.tm_mday); s->nvram[5] = to_bcd(now.tm_mon + 1); s->nvram[6] = to_bcd(now.tm_year - 100); @@ -152,7 +154,13 @@ static int ds1338_send(I2CSlave *i2c, uint8_t data) } break; case 3: - now.tm_wday = from_bcd(data & 7) - 1; + { + /* The day field is supposed to contain a value in + the range 1-7. Otherwise behavior is undefined. + */ + int user_wday = (data & 7) - 1; + s->wday_offset = (user_wday - now.tm_wday + 7) % 7; + } break; case 4: now.tm_mday = from_bcd(data & 0x3f); @@ -194,6 +202,7 @@ static void ds1338_reset(DeviceState *dev) /* The clock is running and synchronized with the host */ s->offset = 0; + s->wday_offset = 0; memset(s->nvram, 0, NVRAM_SIZE); s->ptr = 0; s->addr_byte = false;