1 /* 2 * Motorola ColdFire MCF5208 SoC emulation. 3 * 4 * Copyright (c) 2007 CodeSourcery. 5 * 6 * This code is licensed under the GPL 7 */ 8 9 #include "qemu/osdep.h" 10 #include "qemu/units.h" 11 #include "qemu/error-report.h" 12 #include "qemu/log.h" 13 #include "qapi/error.h" 14 #include "qemu-common.h" 15 #include "qemu/datadir.h" 16 #include "cpu.h" 17 #include "hw/irq.h" 18 #include "hw/m68k/mcf.h" 19 #include "hw/m68k/mcf_fec.h" 20 #include "qemu/timer.h" 21 #include "hw/ptimer.h" 22 #include "sysemu/sysemu.h" 23 #include "sysemu/qtest.h" 24 #include "net/net.h" 25 #include "hw/boards.h" 26 #include "hw/loader.h" 27 #include "hw/sysbus.h" 28 #include "elf.h" 29 30 #define SYS_FREQ 166666666 31 32 #define ROM_SIZE 0x200000 33 34 #define PCSR_EN 0x0001 35 #define PCSR_RLD 0x0002 36 #define PCSR_PIF 0x0004 37 #define PCSR_PIE 0x0008 38 #define PCSR_OVW 0x0010 39 #define PCSR_DBG 0x0020 40 #define PCSR_DOZE 0x0040 41 #define PCSR_PRE_SHIFT 8 42 #define PCSR_PRE_MASK 0x0f00 43 44 typedef struct { 45 MemoryRegion iomem; 46 qemu_irq irq; 47 ptimer_state *timer; 48 uint16_t pcsr; 49 uint16_t pmr; 50 uint16_t pcntr; 51 } m5208_timer_state; 52 53 static void m5208_timer_update(m5208_timer_state *s) 54 { 55 if ((s->pcsr & (PCSR_PIE | PCSR_PIF)) == (PCSR_PIE | PCSR_PIF)) 56 qemu_irq_raise(s->irq); 57 else 58 qemu_irq_lower(s->irq); 59 } 60 61 static void m5208_timer_write(void *opaque, hwaddr offset, 62 uint64_t value, unsigned size) 63 { 64 m5208_timer_state *s = (m5208_timer_state *)opaque; 65 int prescale; 66 int limit; 67 switch (offset) { 68 case 0: 69 /* The PIF bit is set-to-clear. */ 70 if (value & PCSR_PIF) { 71 s->pcsr &= ~PCSR_PIF; 72 value &= ~PCSR_PIF; 73 } 74 /* Avoid frobbing the timer if we're just twiddling IRQ bits. */ 75 if (((s->pcsr ^ value) & ~PCSR_PIE) == 0) { 76 s->pcsr = value; 77 m5208_timer_update(s); 78 return; 79 } 80 81 ptimer_transaction_begin(s->timer); 82 if (s->pcsr & PCSR_EN) 83 ptimer_stop(s->timer); 84 85 s->pcsr = value; 86 87 prescale = 1 << ((s->pcsr & PCSR_PRE_MASK) >> PCSR_PRE_SHIFT); 88 ptimer_set_freq(s->timer, (SYS_FREQ / 2) / prescale); 89 if (s->pcsr & PCSR_RLD) 90 limit = s->pmr; 91 else 92 limit = 0xffff; 93 ptimer_set_limit(s->timer, limit, 0); 94 95 if (s->pcsr & PCSR_EN) 96 ptimer_run(s->timer, 0); 97 ptimer_transaction_commit(s->timer); 98 break; 99 case 2: 100 ptimer_transaction_begin(s->timer); 101 s->pmr = value; 102 s->pcsr &= ~PCSR_PIF; 103 if ((s->pcsr & PCSR_RLD) == 0) { 104 if (s->pcsr & PCSR_OVW) 105 ptimer_set_count(s->timer, value); 106 } else { 107 ptimer_set_limit(s->timer, value, s->pcsr & PCSR_OVW); 108 } 109 ptimer_transaction_commit(s->timer); 110 break; 111 case 4: 112 break; 113 default: 114 qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n", 115 __func__, offset); 116 return; 117 } 118 m5208_timer_update(s); 119 } 120 121 static void m5208_timer_trigger(void *opaque) 122 { 123 m5208_timer_state *s = (m5208_timer_state *)opaque; 124 s->pcsr |= PCSR_PIF; 125 m5208_timer_update(s); 126 } 127 128 static uint64_t m5208_timer_read(void *opaque, hwaddr addr, 129 unsigned size) 130 { 131 m5208_timer_state *s = (m5208_timer_state *)opaque; 132 switch (addr) { 133 case 0: 134 return s->pcsr; 135 case 2: 136 return s->pmr; 137 case 4: 138 return ptimer_get_count(s->timer); 139 default: 140 qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n", 141 __func__, addr); 142 return 0; 143 } 144 } 145 146 static const MemoryRegionOps m5208_timer_ops = { 147 .read = m5208_timer_read, 148 .write = m5208_timer_write, 149 .endianness = DEVICE_NATIVE_ENDIAN, 150 }; 151 152 static uint64_t m5208_sys_read(void *opaque, hwaddr addr, 153 unsigned size) 154 { 155 switch (addr) { 156 case 0x110: /* SDCS0 */ 157 { 158 int n; 159 for (n = 0; n < 32; n++) { 160 if (current_machine->ram_size < (2u << n)) { 161 break; 162 } 163 } 164 return (n - 1) | 0x40000000; 165 } 166 case 0x114: /* SDCS1 */ 167 return 0; 168 169 default: 170 qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n", 171 __func__, addr); 172 return 0; 173 } 174 } 175 176 static void m5208_sys_write(void *opaque, hwaddr addr, 177 uint64_t value, unsigned size) 178 { 179 qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n", 180 __func__, addr); 181 } 182 183 static const MemoryRegionOps m5208_sys_ops = { 184 .read = m5208_sys_read, 185 .write = m5208_sys_write, 186 .endianness = DEVICE_NATIVE_ENDIAN, 187 }; 188 189 static void mcf5208_sys_init(MemoryRegion *address_space, qemu_irq *pic) 190 { 191 MemoryRegion *iomem = g_new(MemoryRegion, 1); 192 m5208_timer_state *s; 193 int i; 194 195 /* SDRAMC. */ 196 memory_region_init_io(iomem, NULL, &m5208_sys_ops, NULL, "m5208-sys", 0x00004000); 197 memory_region_add_subregion(address_space, 0xfc0a8000, iomem); 198 /* Timers. */ 199 for (i = 0; i < 2; i++) { 200 s = g_new0(m5208_timer_state, 1); 201 s->timer = ptimer_init(m5208_timer_trigger, s, PTIMER_POLICY_DEFAULT); 202 memory_region_init_io(&s->iomem, NULL, &m5208_timer_ops, s, 203 "m5208-timer", 0x00004000); 204 memory_region_add_subregion(address_space, 0xfc080000 + 0x4000 * i, 205 &s->iomem); 206 s->irq = pic[4 + i]; 207 } 208 } 209 210 static void mcf_fec_init(MemoryRegion *sysmem, NICInfo *nd, hwaddr base, 211 qemu_irq *irqs) 212 { 213 DeviceState *dev; 214 SysBusDevice *s; 215 int i; 216 217 qemu_check_nic_model(nd, TYPE_MCF_FEC_NET); 218 dev = qdev_new(TYPE_MCF_FEC_NET); 219 qdev_set_nic_properties(dev, nd); 220 221 s = SYS_BUS_DEVICE(dev); 222 sysbus_realize_and_unref(s, &error_fatal); 223 for (i = 0; i < FEC_NUM_IRQ; i++) { 224 sysbus_connect_irq(s, i, irqs[i]); 225 } 226 227 memory_region_add_subregion(sysmem, base, sysbus_mmio_get_region(s, 0)); 228 } 229 230 static void mcf5208evb_init(MachineState *machine) 231 { 232 ram_addr_t ram_size = machine->ram_size; 233 const char *kernel_filename = machine->kernel_filename; 234 M68kCPU *cpu; 235 CPUM68KState *env; 236 int kernel_size; 237 uint64_t elf_entry; 238 hwaddr entry; 239 qemu_irq *pic; 240 MemoryRegion *address_space_mem = get_system_memory(); 241 MemoryRegion *rom = g_new(MemoryRegion, 1); 242 MemoryRegion *sram = g_new(MemoryRegion, 1); 243 244 cpu = M68K_CPU(cpu_create(machine->cpu_type)); 245 env = &cpu->env; 246 247 /* Initialize CPU registers. */ 248 env->vbr = 0; 249 /* TODO: Configure BARs. */ 250 251 /* ROM at 0x00000000 */ 252 memory_region_init_rom(rom, NULL, "mcf5208.rom", ROM_SIZE, &error_fatal); 253 memory_region_add_subregion(address_space_mem, 0x00000000, rom); 254 255 /* DRAM at 0x40000000 */ 256 memory_region_add_subregion(address_space_mem, 0x40000000, machine->ram); 257 258 /* Internal SRAM. */ 259 memory_region_init_ram(sram, NULL, "mcf5208.sram", 16 * KiB, &error_fatal); 260 memory_region_add_subregion(address_space_mem, 0x80000000, sram); 261 262 /* Internal peripherals. */ 263 pic = mcf_intc_init(address_space_mem, 0xfc048000, cpu); 264 265 mcf_uart_mm_init(0xfc060000, pic[26], serial_hd(0)); 266 mcf_uart_mm_init(0xfc064000, pic[27], serial_hd(1)); 267 mcf_uart_mm_init(0xfc068000, pic[28], serial_hd(2)); 268 269 mcf5208_sys_init(address_space_mem, pic); 270 271 if (nb_nics > 1) { 272 error_report("Too many NICs"); 273 exit(1); 274 } 275 if (nd_table[0].used) { 276 mcf_fec_init(address_space_mem, &nd_table[0], 277 0xfc030000, pic + 36); 278 } 279 280 g_free(pic); 281 282 /* 0xfc000000 SCM. */ 283 /* 0xfc004000 XBS. */ 284 /* 0xfc008000 FlexBus CS. */ 285 /* 0xfc030000 FEC. */ 286 /* 0xfc040000 SCM + Power management. */ 287 /* 0xfc044000 eDMA. */ 288 /* 0xfc048000 INTC. */ 289 /* 0xfc058000 I2C. */ 290 /* 0xfc05c000 QSPI. */ 291 /* 0xfc060000 UART0. */ 292 /* 0xfc064000 UART0. */ 293 /* 0xfc068000 UART0. */ 294 /* 0xfc070000 DMA timers. */ 295 /* 0xfc080000 PIT0. */ 296 /* 0xfc084000 PIT1. */ 297 /* 0xfc088000 EPORT. */ 298 /* 0xfc08c000 Watchdog. */ 299 /* 0xfc090000 clock module. */ 300 /* 0xfc0a0000 CCM + reset. */ 301 /* 0xfc0a4000 GPIO. */ 302 /* 0xfc0a8000 SDRAM controller. */ 303 304 /* Load firmware */ 305 if (machine->firmware) { 306 char *fn; 307 uint8_t *ptr; 308 309 fn = qemu_find_file(QEMU_FILE_TYPE_BIOS, machine->firmware); 310 if (!fn) { 311 error_report("Could not find ROM image '%s'", machine->firmware); 312 exit(1); 313 } 314 if (load_image_targphys(fn, 0x0, ROM_SIZE) < 8) { 315 error_report("Could not load ROM image '%s'", machine->firmware); 316 exit(1); 317 } 318 g_free(fn); 319 /* Initial PC is always at offset 4 in firmware binaries */ 320 ptr = rom_ptr(0x4, 4); 321 assert(ptr != NULL); 322 env->pc = ldl_p(ptr); 323 } 324 325 /* Load kernel. */ 326 if (!kernel_filename) { 327 if (qtest_enabled() || machine->firmware) { 328 return; 329 } 330 error_report("Kernel image must be specified"); 331 exit(1); 332 } 333 334 kernel_size = load_elf(kernel_filename, NULL, NULL, NULL, &elf_entry, 335 NULL, NULL, NULL, 1, EM_68K, 0, 0); 336 entry = elf_entry; 337 if (kernel_size < 0) { 338 kernel_size = load_uimage(kernel_filename, &entry, NULL, NULL, 339 NULL, NULL); 340 } 341 if (kernel_size < 0) { 342 kernel_size = load_image_targphys(kernel_filename, 0x40000000, 343 ram_size); 344 entry = 0x40000000; 345 } 346 if (kernel_size < 0) { 347 error_report("Could not load kernel '%s'", kernel_filename); 348 exit(1); 349 } 350 351 env->pc = entry; 352 } 353 354 static void mcf5208evb_machine_init(MachineClass *mc) 355 { 356 mc->desc = "MCF5208EVB"; 357 mc->init = mcf5208evb_init; 358 mc->is_default = true; 359 mc->default_cpu_type = M68K_CPU_TYPE_NAME("m5208"); 360 mc->default_ram_id = "mcf5208.ram"; 361 } 362 363 DEFINE_MACHINE("mcf5208evb", mcf5208evb_machine_init) 364