1 /* 2 * Motorola ColdFire MCF5208 SoC emulation. 3 * 4 * Copyright (c) 2007 CodeSourcery. 5 * 6 * This code is licensed under the GPL 7 * 8 * This file models both the MCF5208 SoC, and the 9 * MCF5208EVB evaluation board. For details see 10 * 11 * "MCF5208 Reference Manual" 12 * https://www.nxp.com/docs/en/reference-manual/MCF5208RM.pdf 13 * "M5208EVB-RevB 32-bit Microcontroller User Manual" 14 * https://www.nxp.com/docs/en/reference-manual/M5208EVBUM.pdf 15 */ 16 17 #include "qemu/osdep.h" 18 #include "qemu/units.h" 19 #include "qemu/error-report.h" 20 #include "qemu/log.h" 21 #include "qapi/error.h" 22 #include "qemu/datadir.h" 23 #include "cpu.h" 24 #include "hw/irq.h" 25 #include "hw/m68k/mcf.h" 26 #include "hw/m68k/mcf_fec.h" 27 #include "qemu/timer.h" 28 #include "hw/ptimer.h" 29 #include "sysemu/sysemu.h" 30 #include "sysemu/qtest.h" 31 #include "net/net.h" 32 #include "hw/boards.h" 33 #include "hw/loader.h" 34 #include "hw/sysbus.h" 35 #include "elf.h" 36 37 #define SYS_FREQ 166666666 38 39 #define ROM_SIZE 0x200000 40 41 #define PCSR_EN 0x0001 42 #define PCSR_RLD 0x0002 43 #define PCSR_PIF 0x0004 44 #define PCSR_PIE 0x0008 45 #define PCSR_OVW 0x0010 46 #define PCSR_DBG 0x0020 47 #define PCSR_DOZE 0x0040 48 #define PCSR_PRE_SHIFT 8 49 #define PCSR_PRE_MASK 0x0f00 50 51 #define RCR_SOFTRST 0x80 52 53 typedef struct { 54 MemoryRegion iomem; 55 qemu_irq irq; 56 ptimer_state *timer; 57 uint16_t pcsr; 58 uint16_t pmr; 59 uint16_t pcntr; 60 } m5208_timer_state; 61 62 static void m5208_timer_update(m5208_timer_state *s) 63 { 64 if ((s->pcsr & (PCSR_PIE | PCSR_PIF)) == (PCSR_PIE | PCSR_PIF)) 65 qemu_irq_raise(s->irq); 66 else 67 qemu_irq_lower(s->irq); 68 } 69 70 static void m5208_timer_write(void *opaque, hwaddr offset, 71 uint64_t value, unsigned size) 72 { 73 m5208_timer_state *s = (m5208_timer_state *)opaque; 74 int prescale; 75 int limit; 76 switch (offset) { 77 case 0: 78 /* The PIF bit is set-to-clear. */ 79 if (value & PCSR_PIF) { 80 s->pcsr &= ~PCSR_PIF; 81 value &= ~PCSR_PIF; 82 } 83 /* Avoid frobbing the timer if we're just twiddling IRQ bits. */ 84 if (((s->pcsr ^ value) & ~PCSR_PIE) == 0) { 85 s->pcsr = value; 86 m5208_timer_update(s); 87 return; 88 } 89 90 ptimer_transaction_begin(s->timer); 91 if (s->pcsr & PCSR_EN) 92 ptimer_stop(s->timer); 93 94 s->pcsr = value; 95 96 prescale = 1 << ((s->pcsr & PCSR_PRE_MASK) >> PCSR_PRE_SHIFT); 97 ptimer_set_freq(s->timer, (SYS_FREQ / 2) / prescale); 98 if (s->pcsr & PCSR_RLD) 99 limit = s->pmr; 100 else 101 limit = 0xffff; 102 ptimer_set_limit(s->timer, limit, 0); 103 104 if (s->pcsr & PCSR_EN) 105 ptimer_run(s->timer, 0); 106 ptimer_transaction_commit(s->timer); 107 break; 108 case 2: 109 ptimer_transaction_begin(s->timer); 110 s->pmr = value; 111 s->pcsr &= ~PCSR_PIF; 112 if ((s->pcsr & PCSR_RLD) == 0) { 113 if (s->pcsr & PCSR_OVW) 114 ptimer_set_count(s->timer, value); 115 } else { 116 ptimer_set_limit(s->timer, value, s->pcsr & PCSR_OVW); 117 } 118 ptimer_transaction_commit(s->timer); 119 break; 120 case 4: 121 break; 122 default: 123 qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n", 124 __func__, offset); 125 return; 126 } 127 m5208_timer_update(s); 128 } 129 130 static void m5208_timer_trigger(void *opaque) 131 { 132 m5208_timer_state *s = (m5208_timer_state *)opaque; 133 s->pcsr |= PCSR_PIF; 134 m5208_timer_update(s); 135 } 136 137 static uint64_t m5208_timer_read(void *opaque, hwaddr addr, 138 unsigned size) 139 { 140 m5208_timer_state *s = (m5208_timer_state *)opaque; 141 switch (addr) { 142 case 0: 143 return s->pcsr; 144 case 2: 145 return s->pmr; 146 case 4: 147 return ptimer_get_count(s->timer); 148 default: 149 qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n", 150 __func__, addr); 151 return 0; 152 } 153 } 154 155 static const MemoryRegionOps m5208_timer_ops = { 156 .read = m5208_timer_read, 157 .write = m5208_timer_write, 158 .endianness = DEVICE_NATIVE_ENDIAN, 159 }; 160 161 static uint64_t m5208_sys_read(void *opaque, hwaddr addr, 162 unsigned size) 163 { 164 switch (addr) { 165 case 0x110: /* SDCS0 */ 166 { 167 int n; 168 for (n = 0; n < 32; n++) { 169 if (current_machine->ram_size < (2ULL << n)) { 170 break; 171 } 172 } 173 return (n - 1) | 0x40000000; 174 } 175 case 0x114: /* SDCS1 */ 176 return 0; 177 178 default: 179 qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n", 180 __func__, addr); 181 return 0; 182 } 183 } 184 185 static void m5208_sys_write(void *opaque, hwaddr addr, 186 uint64_t value, unsigned size) 187 { 188 qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n", 189 __func__, addr); 190 } 191 192 static const MemoryRegionOps m5208_sys_ops = { 193 .read = m5208_sys_read, 194 .write = m5208_sys_write, 195 .endianness = DEVICE_NATIVE_ENDIAN, 196 }; 197 198 static uint64_t m5208_rcm_read(void *opaque, hwaddr addr, 199 unsigned size) 200 { 201 return 0; 202 } 203 204 static void m5208_rcm_write(void *opaque, hwaddr addr, 205 uint64_t value, unsigned size) 206 { 207 M68kCPU *cpu = opaque; 208 CPUState *cs = CPU(cpu); 209 switch (addr) { 210 case 0x0: /* RCR */ 211 if (value & RCR_SOFTRST) { 212 cpu_reset(cs); 213 cpu->env.aregs[7] = ldl_phys(cs->as, 0); 214 cpu->env.pc = ldl_phys(cs->as, 4); 215 } 216 break; 217 default: 218 qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n", 219 __func__, addr); 220 break; 221 } 222 } 223 224 static const MemoryRegionOps m5208_rcm_ops = { 225 .read = m5208_rcm_read, 226 .write = m5208_rcm_write, 227 .endianness = DEVICE_NATIVE_ENDIAN, 228 }; 229 230 static void mcf5208_sys_init(MemoryRegion *address_space, qemu_irq *pic, 231 M68kCPU *cpu) 232 { 233 MemoryRegion *iomem = g_new(MemoryRegion, 1); 234 MemoryRegion *iomem_rcm = g_new(MemoryRegion, 1); 235 m5208_timer_state *s; 236 int i; 237 238 /* RCM */ 239 memory_region_init_io(iomem_rcm, NULL, &m5208_rcm_ops, cpu, 240 "m5208-rcm", 0x00000080); 241 memory_region_add_subregion(address_space, 0xfc0a0000, iomem_rcm); 242 /* SDRAMC. */ 243 memory_region_init_io(iomem, NULL, &m5208_sys_ops, NULL, "m5208-sys", 0x00004000); 244 memory_region_add_subregion(address_space, 0xfc0a8000, iomem); 245 /* Timers. */ 246 for (i = 0; i < 2; i++) { 247 s = g_new0(m5208_timer_state, 1); 248 s->timer = ptimer_init(m5208_timer_trigger, s, PTIMER_POLICY_LEGACY); 249 memory_region_init_io(&s->iomem, NULL, &m5208_timer_ops, s, 250 "m5208-timer", 0x00004000); 251 memory_region_add_subregion(address_space, 0xfc080000 + 0x4000 * i, 252 &s->iomem); 253 s->irq = pic[4 + i]; 254 } 255 } 256 257 static void mcf_fec_init(MemoryRegion *sysmem, hwaddr base, qemu_irq *irqs) 258 { 259 DeviceState *dev; 260 SysBusDevice *s; 261 int i; 262 263 dev = qemu_create_nic_device(TYPE_MCF_FEC_NET, true, NULL); 264 if (!dev) { 265 return; 266 } 267 268 s = SYS_BUS_DEVICE(dev); 269 sysbus_realize_and_unref(s, &error_fatal); 270 for (i = 0; i < FEC_NUM_IRQ; i++) { 271 sysbus_connect_irq(s, i, irqs[i]); 272 } 273 274 memory_region_add_subregion(sysmem, base, sysbus_mmio_get_region(s, 0)); 275 } 276 277 static void mcf5208evb_init(MachineState *machine) 278 { 279 ram_addr_t ram_size = machine->ram_size; 280 const char *kernel_filename = machine->kernel_filename; 281 M68kCPU *cpu; 282 CPUM68KState *env; 283 int kernel_size; 284 uint64_t elf_entry; 285 hwaddr entry; 286 qemu_irq *pic; 287 MemoryRegion *address_space_mem = get_system_memory(); 288 MemoryRegion *rom = g_new(MemoryRegion, 1); 289 MemoryRegion *sram = g_new(MemoryRegion, 1); 290 291 cpu = M68K_CPU(cpu_create(machine->cpu_type)); 292 env = &cpu->env; 293 294 /* Initialize CPU registers. */ 295 env->vbr = 0; 296 /* TODO: Configure BARs. */ 297 298 /* ROM at 0x00000000 */ 299 memory_region_init_rom(rom, NULL, "mcf5208.rom", ROM_SIZE, &error_fatal); 300 memory_region_add_subregion(address_space_mem, 0x00000000, rom); 301 302 /* DRAM at 0x40000000 */ 303 memory_region_add_subregion(address_space_mem, 0x40000000, machine->ram); 304 305 /* Internal SRAM. */ 306 memory_region_init_ram(sram, NULL, "mcf5208.sram", 16 * KiB, &error_fatal); 307 memory_region_add_subregion(address_space_mem, 0x80000000, sram); 308 309 /* Internal peripherals. */ 310 pic = mcf_intc_init(address_space_mem, 0xfc048000, cpu); 311 312 mcf_uart_create_mmap(0xfc060000, pic[26], serial_hd(0)); 313 mcf_uart_create_mmap(0xfc064000, pic[27], serial_hd(1)); 314 mcf_uart_create_mmap(0xfc068000, pic[28], serial_hd(2)); 315 316 mcf5208_sys_init(address_space_mem, pic, cpu); 317 318 mcf_fec_init(address_space_mem, 0xfc030000, pic + 36); 319 320 g_free(pic); 321 322 /* 0xfc000000 SCM. */ 323 /* 0xfc004000 XBS. */ 324 /* 0xfc008000 FlexBus CS. */ 325 /* 0xfc030000 FEC. */ 326 /* 0xfc040000 SCM + Power management. */ 327 /* 0xfc044000 eDMA. */ 328 /* 0xfc048000 INTC. */ 329 /* 0xfc058000 I2C. */ 330 /* 0xfc05c000 QSPI. */ 331 /* 0xfc060000 UART0. */ 332 /* 0xfc064000 UART0. */ 333 /* 0xfc068000 UART0. */ 334 /* 0xfc070000 DMA timers. */ 335 /* 0xfc080000 PIT0. */ 336 /* 0xfc084000 PIT1. */ 337 /* 0xfc088000 EPORT. */ 338 /* 0xfc08c000 Watchdog. */ 339 /* 0xfc090000 clock module. */ 340 /* 0xfc0a0000 CCM + reset. */ 341 /* 0xfc0a4000 GPIO. */ 342 /* 0xfc0a8000 SDRAM controller. */ 343 344 /* Load firmware */ 345 if (machine->firmware) { 346 char *fn; 347 uint8_t *ptr; 348 349 fn = qemu_find_file(QEMU_FILE_TYPE_BIOS, machine->firmware); 350 if (!fn) { 351 error_report("Could not find ROM image '%s'", machine->firmware); 352 exit(1); 353 } 354 if (load_image_targphys(fn, 0x0, ROM_SIZE) < 8) { 355 error_report("Could not load ROM image '%s'", machine->firmware); 356 exit(1); 357 } 358 g_free(fn); 359 /* Initial PC is always at offset 4 in firmware binaries */ 360 ptr = rom_ptr(0x4, 4); 361 assert(ptr != NULL); 362 env->pc = ldl_p(ptr); 363 } 364 365 /* Load kernel. */ 366 if (!kernel_filename) { 367 if (qtest_enabled() || machine->firmware) { 368 return; 369 } 370 error_report("Kernel image must be specified"); 371 exit(1); 372 } 373 374 kernel_size = load_elf(kernel_filename, NULL, NULL, NULL, &elf_entry, 375 NULL, NULL, NULL, 1, EM_68K, 0, 0); 376 entry = elf_entry; 377 if (kernel_size < 0) { 378 kernel_size = load_uimage(kernel_filename, &entry, NULL, NULL, 379 NULL, NULL); 380 } 381 if (kernel_size < 0) { 382 kernel_size = load_image_targphys(kernel_filename, 0x40000000, 383 ram_size); 384 entry = 0x40000000; 385 } 386 if (kernel_size < 0) { 387 error_report("Could not load kernel '%s'", kernel_filename); 388 exit(1); 389 } 390 391 env->pc = entry; 392 } 393 394 static void mcf5208evb_machine_init(MachineClass *mc) 395 { 396 mc->desc = "MCF5208EVB"; 397 mc->init = mcf5208evb_init; 398 mc->is_default = true; 399 mc->default_cpu_type = M68K_CPU_TYPE_NAME("m5208"); 400 mc->default_ram_id = "mcf5208.ram"; 401 } 402 403 DEFINE_MACHINE("mcf5208evb", mcf5208evb_machine_init) 404