1 /* 2 * QEMU MIPS Jazz support 3 * 4 * Copyright (c) 2007-2008 Hervé Poussineau 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a copy 7 * of this software and associated documentation files (the "Software"), to deal 8 * in the Software without restriction, including without limitation the rights 9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 * copies of the Software, and to permit persons to whom the Software is 11 * furnished to do so, subject to the following conditions: 12 * 13 * The above copyright notice and this permission notice shall be included in 14 * all copies or substantial portions of the Software. 15 * 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 * THE SOFTWARE. 23 */ 24 25 #include "qemu/osdep.h" 26 #include "qemu-common.h" 27 #include "hw/mips/mips.h" 28 #include "hw/mips/cpudevs.h" 29 #include "hw/intc/i8259.h" 30 #include "hw/dma/i8257.h" 31 #include "hw/char/serial.h" 32 #include "hw/char/parallel.h" 33 #include "hw/isa/isa.h" 34 #include "hw/block/fdc.h" 35 #include "sysemu/sysemu.h" 36 #include "sysemu/arch_init.h" 37 #include "hw/boards.h" 38 #include "net/net.h" 39 #include "hw/scsi/esp.h" 40 #include "hw/mips/bios.h" 41 #include "hw/loader.h" 42 #include "hw/rtc/mc146818rtc.h" 43 #include "hw/timer/i8254.h" 44 #include "hw/display/vga.h" 45 #include "hw/audio/pcspk.h" 46 #include "hw/input/i8042.h" 47 #include "hw/sysbus.h" 48 #include "exec/address-spaces.h" 49 #include "sysemu/qtest.h" 50 #include "sysemu/reset.h" 51 #include "qapi/error.h" 52 #include "qemu/error-report.h" 53 #include "qemu/help_option.h" 54 55 enum jazz_model_e { 56 JAZZ_MAGNUM, 57 JAZZ_PICA61, 58 }; 59 60 static void main_cpu_reset(void *opaque) 61 { 62 MIPSCPU *cpu = opaque; 63 64 cpu_reset(CPU(cpu)); 65 } 66 67 static uint64_t rtc_read(void *opaque, hwaddr addr, unsigned size) 68 { 69 uint8_t val; 70 address_space_read(&address_space_memory, 0x90000071, 71 MEMTXATTRS_UNSPECIFIED, &val, 1); 72 return val; 73 } 74 75 static void rtc_write(void *opaque, hwaddr addr, 76 uint64_t val, unsigned size) 77 { 78 uint8_t buf = val & 0xff; 79 address_space_write(&address_space_memory, 0x90000071, 80 MEMTXATTRS_UNSPECIFIED, &buf, 1); 81 } 82 83 static const MemoryRegionOps rtc_ops = { 84 .read = rtc_read, 85 .write = rtc_write, 86 .endianness = DEVICE_NATIVE_ENDIAN, 87 }; 88 89 static uint64_t dma_dummy_read(void *opaque, hwaddr addr, 90 unsigned size) 91 { 92 /* 93 * Nothing to do. That is only to ensure that 94 * the current DMA acknowledge cycle is completed. 95 */ 96 return 0xff; 97 } 98 99 static void dma_dummy_write(void *opaque, hwaddr addr, 100 uint64_t val, unsigned size) 101 { 102 /* 103 * Nothing to do. That is only to ensure that 104 * the current DMA acknowledge cycle is completed. 105 */ 106 } 107 108 static const MemoryRegionOps dma_dummy_ops = { 109 .read = dma_dummy_read, 110 .write = dma_dummy_write, 111 .endianness = DEVICE_NATIVE_ENDIAN, 112 }; 113 114 #define MAGNUM_BIOS_SIZE_MAX 0x7e000 115 #define MAGNUM_BIOS_SIZE \ 116 (BIOS_SIZE < MAGNUM_BIOS_SIZE_MAX ? BIOS_SIZE : MAGNUM_BIOS_SIZE_MAX) 117 static void (*real_do_transaction_failed)(CPUState *cpu, hwaddr physaddr, 118 vaddr addr, unsigned size, 119 MMUAccessType access_type, 120 int mmu_idx, MemTxAttrs attrs, 121 MemTxResult response, 122 uintptr_t retaddr); 123 124 static void mips_jazz_do_transaction_failed(CPUState *cs, hwaddr physaddr, 125 vaddr addr, unsigned size, 126 MMUAccessType access_type, 127 int mmu_idx, MemTxAttrs attrs, 128 MemTxResult response, 129 uintptr_t retaddr) 130 { 131 if (access_type != MMU_INST_FETCH) { 132 /* ignore invalid access (ie do not raise exception) */ 133 return; 134 } 135 (*real_do_transaction_failed)(cs, physaddr, addr, size, access_type, 136 mmu_idx, attrs, response, retaddr); 137 } 138 139 static void mips_jazz_init(MachineState *machine, 140 enum jazz_model_e jazz_model) 141 { 142 MemoryRegion *address_space = get_system_memory(); 143 char *filename; 144 int bios_size, n; 145 MIPSCPU *cpu; 146 CPUClass *cc; 147 CPUMIPSState *env; 148 qemu_irq *i8259; 149 rc4030_dma *dmas; 150 IOMMUMemoryRegion *rc4030_dma_mr; 151 MemoryRegion *isa_mem = g_new(MemoryRegion, 1); 152 MemoryRegion *isa_io = g_new(MemoryRegion, 1); 153 MemoryRegion *rtc = g_new(MemoryRegion, 1); 154 MemoryRegion *i8042 = g_new(MemoryRegion, 1); 155 MemoryRegion *dma_dummy = g_new(MemoryRegion, 1); 156 NICInfo *nd; 157 DeviceState *dev, *rc4030; 158 SysBusDevice *sysbus; 159 ISABus *isa_bus; 160 ISADevice *pit; 161 DriveInfo *fds[MAX_FD]; 162 MemoryRegion *bios = g_new(MemoryRegion, 1); 163 MemoryRegion *bios2 = g_new(MemoryRegion, 1); 164 SysBusESPState *sysbus_esp; 165 ESPState *esp; 166 167 if (machine->ram_size > 256 * MiB) { 168 error_report("RAM size more than 256Mb is not supported"); 169 exit(EXIT_FAILURE); 170 } 171 172 /* init CPUs */ 173 cpu = MIPS_CPU(cpu_create(machine->cpu_type)); 174 env = &cpu->env; 175 qemu_register_reset(main_cpu_reset, cpu); 176 177 /* 178 * Chipset returns 0 in invalid reads and do not raise data exceptions. 179 * However, we can't simply add a global memory region to catch 180 * everything, as this would make all accesses including instruction 181 * accesses be ignored and not raise exceptions. 182 * So instead we hijack the do_transaction_failed method on the CPU, and 183 * do not raise exceptions for data access. 184 * 185 * NOTE: this behaviour of raising exceptions for bad instruction 186 * fetches but not bad data accesses was added in commit 54e755588cf1e9 187 * to restore behaviour broken by c658b94f6e8c206, but it is not clear 188 * whether the real hardware behaves this way. It is possible that 189 * real hardware ignores bad instruction fetches as well -- if so then 190 * we could replace this hijacking of CPU methods with a simple global 191 * memory region that catches all memory accesses, as we do on Malta. 192 */ 193 cc = CPU_GET_CLASS(cpu); 194 real_do_transaction_failed = cc->do_transaction_failed; 195 cc->do_transaction_failed = mips_jazz_do_transaction_failed; 196 197 /* allocate RAM */ 198 memory_region_add_subregion(address_space, 0, machine->ram); 199 200 memory_region_init_rom(bios, NULL, "mips_jazz.bios", MAGNUM_BIOS_SIZE, 201 &error_fatal); 202 memory_region_init_alias(bios2, NULL, "mips_jazz.bios", bios, 203 0, MAGNUM_BIOS_SIZE); 204 memory_region_add_subregion(address_space, 0x1fc00000LL, bios); 205 memory_region_add_subregion(address_space, 0xfff00000LL, bios2); 206 207 /* load the BIOS image. */ 208 if (bios_name == NULL) { 209 bios_name = BIOS_FILENAME; 210 } 211 filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name); 212 if (filename) { 213 bios_size = load_image_targphys(filename, 0xfff00000LL, 214 MAGNUM_BIOS_SIZE); 215 g_free(filename); 216 } else { 217 bios_size = -1; 218 } 219 if ((bios_size < 0 || bios_size > MAGNUM_BIOS_SIZE) && !qtest_enabled()) { 220 error_report("Could not load MIPS bios '%s'", bios_name); 221 exit(1); 222 } 223 224 /* Init CPU internal devices */ 225 cpu_mips_irq_init_cpu(cpu); 226 cpu_mips_clock_init(cpu); 227 228 /* Chipset */ 229 rc4030 = rc4030_init(&dmas, &rc4030_dma_mr); 230 sysbus = SYS_BUS_DEVICE(rc4030); 231 sysbus_connect_irq(sysbus, 0, env->irq[6]); 232 sysbus_connect_irq(sysbus, 1, env->irq[3]); 233 memory_region_add_subregion(address_space, 0x80000000, 234 sysbus_mmio_get_region(sysbus, 0)); 235 memory_region_add_subregion(address_space, 0xf0000000, 236 sysbus_mmio_get_region(sysbus, 1)); 237 memory_region_init_io(dma_dummy, NULL, &dma_dummy_ops, 238 NULL, "dummy_dma", 0x1000); 239 memory_region_add_subregion(address_space, 0x8000d000, dma_dummy); 240 241 /* ISA bus: IO space at 0x90000000, mem space at 0x91000000 */ 242 memory_region_init(isa_io, NULL, "isa-io", 0x00010000); 243 memory_region_init(isa_mem, NULL, "isa-mem", 0x01000000); 244 memory_region_add_subregion(address_space, 0x90000000, isa_io); 245 memory_region_add_subregion(address_space, 0x91000000, isa_mem); 246 isa_bus = isa_bus_new(NULL, isa_mem, isa_io, &error_abort); 247 248 /* ISA devices */ 249 i8259 = i8259_init(isa_bus, env->irq[4]); 250 isa_bus_irqs(isa_bus, i8259); 251 i8257_dma_init(isa_bus, 0); 252 pit = i8254_pit_init(isa_bus, 0x40, 0, NULL); 253 pcspk_init(isa_bus, pit); 254 255 /* Video card */ 256 switch (jazz_model) { 257 case JAZZ_MAGNUM: 258 dev = qdev_new("sysbus-g364"); 259 sysbus = SYS_BUS_DEVICE(dev); 260 sysbus_realize_and_unref(sysbus, &error_fatal); 261 sysbus_mmio_map(sysbus, 0, 0x60080000); 262 sysbus_mmio_map(sysbus, 1, 0x40000000); 263 sysbus_connect_irq(sysbus, 0, qdev_get_gpio_in(rc4030, 3)); 264 { 265 /* Simple ROM, so user doesn't have to provide one */ 266 MemoryRegion *rom_mr = g_new(MemoryRegion, 1); 267 memory_region_init_rom(rom_mr, NULL, "g364fb.rom", 0x80000, 268 &error_fatal); 269 uint8_t *rom = memory_region_get_ram_ptr(rom_mr); 270 memory_region_add_subregion(address_space, 0x60000000, rom_mr); 271 rom[0] = 0x10; /* Mips G364 */ 272 } 273 break; 274 case JAZZ_PICA61: 275 isa_vga_mm_init(0x40000000, 0x60000000, 0, get_system_memory()); 276 break; 277 default: 278 break; 279 } 280 281 /* Network controller */ 282 for (n = 0; n < nb_nics; n++) { 283 nd = &nd_table[n]; 284 if (!nd->model) { 285 nd->model = g_strdup("dp83932"); 286 } 287 if (strcmp(nd->model, "dp83932") == 0) { 288 qemu_check_nic_model(nd, "dp83932"); 289 290 dev = qdev_new("dp8393x"); 291 qdev_set_nic_properties(dev, nd); 292 qdev_prop_set_uint8(dev, "it_shift", 2); 293 object_property_set_link(OBJECT(dev), OBJECT(rc4030_dma_mr), 294 "dma_mr", &error_abort); 295 sysbus = SYS_BUS_DEVICE(dev); 296 sysbus_realize_and_unref(sysbus, &error_fatal); 297 sysbus_mmio_map(sysbus, 0, 0x80001000); 298 sysbus_mmio_map(sysbus, 1, 0x8000b000); 299 sysbus_connect_irq(sysbus, 0, qdev_get_gpio_in(rc4030, 4)); 300 break; 301 } else if (is_help_option(nd->model)) { 302 error_report("Supported NICs: dp83932"); 303 exit(1); 304 } else { 305 error_report("Unsupported NIC: %s", nd->model); 306 exit(1); 307 } 308 } 309 310 /* SCSI adapter */ 311 dev = qdev_new(TYPE_ESP); 312 sysbus_esp = ESP_STATE(dev); 313 esp = &sysbus_esp->esp; 314 esp->dma_memory_read = rc4030_dma_read; 315 esp->dma_memory_write = rc4030_dma_write; 316 esp->dma_opaque = dmas[0]; 317 sysbus_esp->it_shift = 0; 318 /* XXX for now until rc4030 has been changed to use DMA enable signal */ 319 esp->dma_enabled = 1; 320 321 sysbus = SYS_BUS_DEVICE(dev); 322 sysbus_realize_and_unref(sysbus, &error_fatal); 323 sysbus_connect_irq(sysbus, 0, qdev_get_gpio_in(rc4030, 5)); 324 sysbus_mmio_map(sysbus, 0, 0x80002000); 325 326 scsi_bus_legacy_handle_cmdline(&esp->bus); 327 328 /* Floppy */ 329 for (n = 0; n < MAX_FD; n++) { 330 fds[n] = drive_get(IF_FLOPPY, 0, n); 331 } 332 /* FIXME: we should enable DMA with a custom IsaDma device */ 333 fdctrl_init_sysbus(qdev_get_gpio_in(rc4030, 1), -1, 0x80003000, fds); 334 335 /* Real time clock */ 336 mc146818_rtc_init(isa_bus, 1980, NULL); 337 memory_region_init_io(rtc, NULL, &rtc_ops, NULL, "rtc", 0x1000); 338 memory_region_add_subregion(address_space, 0x80004000, rtc); 339 340 /* Keyboard (i8042) */ 341 i8042_mm_init(qdev_get_gpio_in(rc4030, 6), qdev_get_gpio_in(rc4030, 7), 342 i8042, 0x1000, 0x1); 343 memory_region_add_subregion(address_space, 0x80005000, i8042); 344 345 /* Serial ports */ 346 if (serial_hd(0)) { 347 serial_mm_init(address_space, 0x80006000, 0, 348 qdev_get_gpio_in(rc4030, 8), 8000000 / 16, 349 serial_hd(0), DEVICE_NATIVE_ENDIAN); 350 } 351 if (serial_hd(1)) { 352 serial_mm_init(address_space, 0x80007000, 0, 353 qdev_get_gpio_in(rc4030, 9), 8000000 / 16, 354 serial_hd(1), DEVICE_NATIVE_ENDIAN); 355 } 356 357 /* Parallel port */ 358 if (parallel_hds[0]) 359 parallel_mm_init(address_space, 0x80008000, 0, 360 qdev_get_gpio_in(rc4030, 0), parallel_hds[0]); 361 362 /* FIXME: missing Jazz sound at 0x8000c000, rc4030[2] */ 363 364 /* NVRAM */ 365 dev = qdev_new("ds1225y"); 366 sysbus = SYS_BUS_DEVICE(dev); 367 sysbus_realize_and_unref(sysbus, &error_fatal); 368 sysbus_mmio_map(sysbus, 0, 0x80009000); 369 370 /* LED indicator */ 371 sysbus_create_simple("jazz-led", 0x8000f000, NULL); 372 373 g_free(dmas); 374 } 375 376 static 377 void mips_magnum_init(MachineState *machine) 378 { 379 mips_jazz_init(machine, JAZZ_MAGNUM); 380 } 381 382 static 383 void mips_pica61_init(MachineState *machine) 384 { 385 mips_jazz_init(machine, JAZZ_PICA61); 386 } 387 388 static void mips_magnum_class_init(ObjectClass *oc, void *data) 389 { 390 MachineClass *mc = MACHINE_CLASS(oc); 391 392 mc->desc = "MIPS Magnum"; 393 mc->init = mips_magnum_init; 394 mc->block_default_type = IF_SCSI; 395 mc->default_cpu_type = MIPS_CPU_TYPE_NAME("R4000"); 396 mc->default_ram_id = "mips_jazz.ram"; 397 } 398 399 static const TypeInfo mips_magnum_type = { 400 .name = MACHINE_TYPE_NAME("magnum"), 401 .parent = TYPE_MACHINE, 402 .class_init = mips_magnum_class_init, 403 }; 404 405 static void mips_pica61_class_init(ObjectClass *oc, void *data) 406 { 407 MachineClass *mc = MACHINE_CLASS(oc); 408 409 mc->desc = "Acer Pica 61"; 410 mc->init = mips_pica61_init; 411 mc->block_default_type = IF_SCSI; 412 mc->default_cpu_type = MIPS_CPU_TYPE_NAME("R4000"); 413 mc->default_ram_id = "mips_jazz.ram"; 414 } 415 416 static const TypeInfo mips_pica61_type = { 417 .name = MACHINE_TYPE_NAME("pica61"), 418 .parent = TYPE_MACHINE, 419 .class_init = mips_pica61_class_init, 420 }; 421 422 static void mips_jazz_machine_init(void) 423 { 424 type_register_static(&mips_magnum_type); 425 type_register_static(&mips_pica61_type); 426 } 427 428 type_init(mips_jazz_machine_init) 429