1 /* 2 * Raspberry Pi emulation (c) 2012 Gregory Estrade 3 * Upstreaming code cleanup [including bcm2835_*] (c) 2013 Jan Petrous 4 * 5 * Rasperry Pi 2 emulation Copyright (c) 2015, Microsoft 6 * Written by Andrew Baumann 7 * 8 * Raspberry Pi 3 emulation Copyright (c) 2018 Zoltán Baldaszti 9 * Upstream code cleanup (c) 2018 Pekka Enberg 10 * 11 * This code is licensed under the GNU GPLv2 and later. 12 */ 13 14 #include "qemu/osdep.h" 15 #include "qemu/units.h" 16 #include "qapi/error.h" 17 #include "qemu-common.h" 18 #include "cpu.h" 19 #include "hw/arm/bcm2836.h" 20 #include "qemu/error-report.h" 21 #include "hw/boards.h" 22 #include "hw/loader.h" 23 #include "hw/arm/arm.h" 24 #include "sysemu/sysemu.h" 25 26 #define SMPBOOT_ADDR 0x300 /* this should leave enough space for ATAGS */ 27 #define MVBAR_ADDR 0x400 /* secure vectors */ 28 #define BOARDSETUP_ADDR (MVBAR_ADDR + 0x20) /* board setup code */ 29 #define FIRMWARE_ADDR_2 0x8000 /* Pi 2 loads kernel.img here by default */ 30 #define FIRMWARE_ADDR_3 0x80000 /* Pi 3 loads kernel.img here by default */ 31 #define SPINTABLE_ADDR 0xd8 /* Pi 3 bootloader spintable */ 32 33 /* Table of Linux board IDs for different Pi versions */ 34 static const int raspi_boardid[] = {[1] = 0xc42, [2] = 0xc43, [3] = 0xc44}; 35 36 typedef struct RasPiState { 37 BCM283XState soc; 38 MemoryRegion ram; 39 } RasPiState; 40 41 static void write_smpboot(ARMCPU *cpu, const struct arm_boot_info *info) 42 { 43 static const uint32_t smpboot[] = { 44 0xe1a0e00f, /* mov lr, pc */ 45 0xe3a0fe00 + (BOARDSETUP_ADDR >> 4), /* mov pc, BOARDSETUP_ADDR */ 46 0xee100fb0, /* mrc p15, 0, r0, c0, c0, 5;get core ID */ 47 0xe7e10050, /* ubfx r0, r0, #0, #2 ;extract LSB */ 48 0xe59f5014, /* ldr r5, =0x400000CC ;load mbox base */ 49 0xe320f001, /* 1: yield */ 50 0xe7953200, /* ldr r3, [r5, r0, lsl #4] ;read mbox for our core*/ 51 0xe3530000, /* cmp r3, #0 ;spin while zero */ 52 0x0afffffb, /* beq 1b */ 53 0xe7853200, /* str r3, [r5, r0, lsl #4] ;clear mbox */ 54 0xe12fff13, /* bx r3 ;jump to target */ 55 0x400000cc, /* (constant: mailbox 3 read/clear base) */ 56 }; 57 58 /* check that we don't overrun board setup vectors */ 59 QEMU_BUILD_BUG_ON(SMPBOOT_ADDR + sizeof(smpboot) > MVBAR_ADDR); 60 /* check that board setup address is correctly relocated */ 61 QEMU_BUILD_BUG_ON((BOARDSETUP_ADDR & 0xf) != 0 62 || (BOARDSETUP_ADDR >> 4) >= 0x100); 63 64 rom_add_blob_fixed("raspi_smpboot", smpboot, sizeof(smpboot), 65 info->smp_loader_start); 66 } 67 68 static void write_smpboot64(ARMCPU *cpu, const struct arm_boot_info *info) 69 { 70 /* Unlike the AArch32 version we don't need to call the board setup hook. 71 * The mechanism for doing the spin-table is also entirely different. 72 * We must have four 64-bit fields at absolute addresses 73 * 0xd8, 0xe0, 0xe8, 0xf0 in RAM, which are the flag variables for 74 * our CPUs, and which we must ensure are zero initialized before 75 * the primary CPU goes into the kernel. We put these variables inside 76 * a rom blob, so that the reset for ROM contents zeroes them for us. 77 */ 78 static const uint32_t smpboot[] = { 79 0xd2801b05, /* mov x5, 0xd8 */ 80 0xd53800a6, /* mrs x6, mpidr_el1 */ 81 0x924004c6, /* and x6, x6, #0x3 */ 82 0xd503205f, /* spin: wfe */ 83 0xf86678a4, /* ldr x4, [x5,x6,lsl #3] */ 84 0xb4ffffc4, /* cbz x4, spin */ 85 0xd2800000, /* mov x0, #0x0 */ 86 0xd2800001, /* mov x1, #0x0 */ 87 0xd2800002, /* mov x2, #0x0 */ 88 0xd2800003, /* mov x3, #0x0 */ 89 0xd61f0080, /* br x4 */ 90 }; 91 92 static const uint64_t spintables[] = { 93 0, 0, 0, 0 94 }; 95 96 rom_add_blob_fixed("raspi_smpboot", smpboot, sizeof(smpboot), 97 info->smp_loader_start); 98 rom_add_blob_fixed("raspi_spintables", spintables, sizeof(spintables), 99 SPINTABLE_ADDR); 100 } 101 102 static void write_board_setup(ARMCPU *cpu, const struct arm_boot_info *info) 103 { 104 arm_write_secure_board_setup_dummy_smc(cpu, info, MVBAR_ADDR); 105 } 106 107 static void reset_secondary(ARMCPU *cpu, const struct arm_boot_info *info) 108 { 109 CPUState *cs = CPU(cpu); 110 cpu_set_pc(cs, info->smp_loader_start); 111 } 112 113 static void setup_boot(MachineState *machine, int version, size_t ram_size) 114 { 115 static struct arm_boot_info binfo; 116 int r; 117 118 binfo.board_id = raspi_boardid[version]; 119 binfo.ram_size = ram_size; 120 binfo.nb_cpus = smp_cpus; 121 122 if (version <= 2) { 123 /* The rpi1 and 2 require some custom setup code to run in Secure 124 * mode before booting a kernel (to set up the SMC vectors so 125 * that we get a no-op SMC; this is used by Linux to call the 126 * firmware for some cache maintenance operations. 127 * The rpi3 doesn't need this. 128 */ 129 binfo.board_setup_addr = BOARDSETUP_ADDR; 130 binfo.write_board_setup = write_board_setup; 131 binfo.secure_board_setup = true; 132 binfo.secure_boot = true; 133 } 134 135 /* Pi2 and Pi3 requires SMP setup */ 136 if (version >= 2) { 137 binfo.smp_loader_start = SMPBOOT_ADDR; 138 if (version == 2) { 139 binfo.write_secondary_boot = write_smpboot; 140 } else { 141 binfo.write_secondary_boot = write_smpboot64; 142 } 143 binfo.secondary_cpu_reset_hook = reset_secondary; 144 } 145 146 /* If the user specified a "firmware" image (e.g. UEFI), we bypass 147 * the normal Linux boot process 148 */ 149 if (machine->firmware) { 150 hwaddr firmware_addr = version == 3 ? FIRMWARE_ADDR_3 : FIRMWARE_ADDR_2; 151 /* load the firmware image (typically kernel.img) */ 152 r = load_image_targphys(machine->firmware, firmware_addr, 153 ram_size - firmware_addr); 154 if (r < 0) { 155 error_report("Failed to load firmware from %s", machine->firmware); 156 exit(1); 157 } 158 159 binfo.entry = firmware_addr; 160 binfo.firmware_loaded = true; 161 } else { 162 binfo.kernel_filename = machine->kernel_filename; 163 binfo.kernel_cmdline = machine->kernel_cmdline; 164 binfo.initrd_filename = machine->initrd_filename; 165 } 166 167 arm_load_kernel(ARM_CPU(first_cpu), &binfo); 168 } 169 170 static void raspi_init(MachineState *machine, int version) 171 { 172 RasPiState *s = g_new0(RasPiState, 1); 173 uint32_t vcram_size; 174 DriveInfo *di; 175 BlockBackend *blk; 176 BusState *bus; 177 DeviceState *carddev; 178 179 if (machine->ram_size > 1 * GiB) { 180 error_report("Requested ram size is too large for this machine: " 181 "maximum is 1GB"); 182 exit(1); 183 } 184 185 object_initialize(&s->soc, sizeof(s->soc), 186 version == 3 ? TYPE_BCM2837 : TYPE_BCM2836); 187 object_property_add_child(OBJECT(machine), "soc", OBJECT(&s->soc), 188 &error_abort); 189 190 /* Allocate and map RAM */ 191 memory_region_allocate_system_memory(&s->ram, OBJECT(machine), "ram", 192 machine->ram_size); 193 /* FIXME: Remove when we have custom CPU address space support */ 194 memory_region_add_subregion_overlap(get_system_memory(), 0, &s->ram, 0); 195 196 /* Setup the SOC */ 197 object_property_add_const_link(OBJECT(&s->soc), "ram", OBJECT(&s->ram), 198 &error_abort); 199 object_property_set_int(OBJECT(&s->soc), smp_cpus, "enabled-cpus", 200 &error_abort); 201 int board_rev = version == 3 ? 0xa02082 : 0xa21041; 202 object_property_set_int(OBJECT(&s->soc), board_rev, "board-rev", 203 &error_abort); 204 object_property_set_bool(OBJECT(&s->soc), true, "realized", &error_abort); 205 206 /* Create and plug in the SD cards */ 207 di = drive_get_next(IF_SD); 208 blk = di ? blk_by_legacy_dinfo(di) : NULL; 209 bus = qdev_get_child_bus(DEVICE(&s->soc), "sd-bus"); 210 if (bus == NULL) { 211 error_report("No SD bus found in SOC object"); 212 exit(1); 213 } 214 carddev = qdev_create(bus, TYPE_SD_CARD); 215 qdev_prop_set_drive(carddev, "drive", blk, &error_fatal); 216 object_property_set_bool(OBJECT(carddev), true, "realized", &error_fatal); 217 218 vcram_size = object_property_get_uint(OBJECT(&s->soc), "vcram-size", 219 &error_abort); 220 setup_boot(machine, version, machine->ram_size - vcram_size); 221 } 222 223 static void raspi2_init(MachineState *machine) 224 { 225 raspi_init(machine, 2); 226 } 227 228 static void raspi2_machine_init(MachineClass *mc) 229 { 230 mc->desc = "Raspberry Pi 2"; 231 mc->init = raspi2_init; 232 mc->block_default_type = IF_SD; 233 mc->no_parallel = 1; 234 mc->no_floppy = 1; 235 mc->no_cdrom = 1; 236 mc->max_cpus = BCM283X_NCPUS; 237 mc->min_cpus = BCM283X_NCPUS; 238 mc->default_cpus = BCM283X_NCPUS; 239 mc->default_ram_size = 1024 * 1024 * 1024; 240 mc->ignore_memory_transaction_failures = true; 241 }; 242 DEFINE_MACHINE("raspi2", raspi2_machine_init) 243 244 #ifdef TARGET_AARCH64 245 static void raspi3_init(MachineState *machine) 246 { 247 raspi_init(machine, 3); 248 } 249 250 static void raspi3_machine_init(MachineClass *mc) 251 { 252 mc->desc = "Raspberry Pi 3"; 253 mc->init = raspi3_init; 254 mc->block_default_type = IF_SD; 255 mc->no_parallel = 1; 256 mc->no_floppy = 1; 257 mc->no_cdrom = 1; 258 mc->max_cpus = BCM283X_NCPUS; 259 mc->min_cpus = BCM283X_NCPUS; 260 mc->default_cpus = BCM283X_NCPUS; 261 mc->default_ram_size = 1024 * 1024 * 1024; 262 } 263 DEFINE_MACHINE("raspi3", raspi3_machine_init) 264 #endif 265