1 /* 2 * QEMU MIPS Jazz support 3 * 4 * Copyright (c) 2007-2008 Hervé Poussineau 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a copy 7 * of this software and associated documentation files (the "Software"), to deal 8 * in the Software without restriction, including without limitation the rights 9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 * copies of the Software, and to permit persons to whom the Software is 11 * furnished to do so, subject to the following conditions: 12 * 13 * The above copyright notice and this permission notice shall be included in 14 * all copies or substantial portions of the Software. 15 * 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 * THE SOFTWARE. 23 */ 24 25 #include "qemu/osdep.h" 26 #include "qemu-common.h" 27 #include "qemu/datadir.h" 28 #include "hw/clock.h" 29 #include "hw/mips/mips.h" 30 #include "hw/mips/cpudevs.h" 31 #include "hw/intc/i8259.h" 32 #include "hw/dma/i8257.h" 33 #include "hw/char/serial.h" 34 #include "hw/char/parallel.h" 35 #include "hw/isa/isa.h" 36 #include "hw/block/fdc.h" 37 #include "sysemu/sysemu.h" 38 #include "sysemu/arch_init.h" 39 #include "hw/boards.h" 40 #include "net/net.h" 41 #include "hw/scsi/esp.h" 42 #include "hw/mips/bios.h" 43 #include "hw/loader.h" 44 #include "hw/rtc/mc146818rtc.h" 45 #include "hw/timer/i8254.h" 46 #include "hw/display/vga.h" 47 #include "hw/audio/pcspk.h" 48 #include "hw/input/i8042.h" 49 #include "hw/sysbus.h" 50 #include "exec/address-spaces.h" 51 #include "sysemu/qtest.h" 52 #include "sysemu/reset.h" 53 #include "qapi/error.h" 54 #include "qemu/error-report.h" 55 #include "qemu/help_option.h" 56 #ifdef CONFIG_TCG 57 #include "hw/core/tcg-cpu-ops.h" 58 #endif /* CONFIG_TCG */ 59 60 enum jazz_model_e { 61 JAZZ_MAGNUM, 62 JAZZ_PICA61, 63 }; 64 65 static void main_cpu_reset(void *opaque) 66 { 67 MIPSCPU *cpu = opaque; 68 69 cpu_reset(CPU(cpu)); 70 } 71 72 static uint64_t rtc_read(void *opaque, hwaddr addr, unsigned size) 73 { 74 uint8_t val; 75 address_space_read(&address_space_memory, 0x90000071, 76 MEMTXATTRS_UNSPECIFIED, &val, 1); 77 return val; 78 } 79 80 static void rtc_write(void *opaque, hwaddr addr, 81 uint64_t val, unsigned size) 82 { 83 uint8_t buf = val & 0xff; 84 address_space_write(&address_space_memory, 0x90000071, 85 MEMTXATTRS_UNSPECIFIED, &buf, 1); 86 } 87 88 static const MemoryRegionOps rtc_ops = { 89 .read = rtc_read, 90 .write = rtc_write, 91 .endianness = DEVICE_NATIVE_ENDIAN, 92 }; 93 94 static uint64_t dma_dummy_read(void *opaque, hwaddr addr, 95 unsigned size) 96 { 97 /* 98 * Nothing to do. That is only to ensure that 99 * the current DMA acknowledge cycle is completed. 100 */ 101 return 0xff; 102 } 103 104 static void dma_dummy_write(void *opaque, hwaddr addr, 105 uint64_t val, unsigned size) 106 { 107 /* 108 * Nothing to do. That is only to ensure that 109 * the current DMA acknowledge cycle is completed. 110 */ 111 } 112 113 static const MemoryRegionOps dma_dummy_ops = { 114 .read = dma_dummy_read, 115 .write = dma_dummy_write, 116 .endianness = DEVICE_NATIVE_ENDIAN, 117 }; 118 119 #define MAGNUM_BIOS_SIZE_MAX 0x7e000 120 #define MAGNUM_BIOS_SIZE \ 121 (BIOS_SIZE < MAGNUM_BIOS_SIZE_MAX ? BIOS_SIZE : MAGNUM_BIOS_SIZE_MAX) 122 123 #if defined(CONFIG_TCG) && !defined(CONFIG_USER_ONLY) 124 static void (*real_do_transaction_failed)(CPUState *cpu, hwaddr physaddr, 125 vaddr addr, unsigned size, 126 MMUAccessType access_type, 127 int mmu_idx, MemTxAttrs attrs, 128 MemTxResult response, 129 uintptr_t retaddr); 130 131 static void mips_jazz_do_transaction_failed(CPUState *cs, hwaddr physaddr, 132 vaddr addr, unsigned size, 133 MMUAccessType access_type, 134 int mmu_idx, MemTxAttrs attrs, 135 MemTxResult response, 136 uintptr_t retaddr) 137 { 138 if (access_type != MMU_INST_FETCH) { 139 /* ignore invalid access (ie do not raise exception) */ 140 return; 141 } 142 (*real_do_transaction_failed)(cs, physaddr, addr, size, access_type, 143 mmu_idx, attrs, response, retaddr); 144 } 145 #endif /* CONFIG_TCG && !CONFIG_USER_ONLY */ 146 147 static void mips_jazz_init(MachineState *machine, 148 enum jazz_model_e jazz_model) 149 { 150 MemoryRegion *address_space = get_system_memory(); 151 char *filename; 152 int bios_size, n; 153 Clock *cpuclk; 154 MIPSCPU *cpu; 155 CPUClass *cc; 156 CPUMIPSState *env; 157 qemu_irq *i8259; 158 rc4030_dma *dmas; 159 IOMMUMemoryRegion *rc4030_dma_mr; 160 MemoryRegion *isa_mem = g_new(MemoryRegion, 1); 161 MemoryRegion *isa_io = g_new(MemoryRegion, 1); 162 MemoryRegion *rtc = g_new(MemoryRegion, 1); 163 MemoryRegion *i8042 = g_new(MemoryRegion, 1); 164 MemoryRegion *dma_dummy = g_new(MemoryRegion, 1); 165 NICInfo *nd; 166 DeviceState *dev, *rc4030; 167 SysBusDevice *sysbus; 168 ISABus *isa_bus; 169 ISADevice *pit; 170 DriveInfo *fds[MAX_FD]; 171 MemoryRegion *bios = g_new(MemoryRegion, 1); 172 MemoryRegion *bios2 = g_new(MemoryRegion, 1); 173 SysBusESPState *sysbus_esp; 174 ESPState *esp; 175 static const struct { 176 unsigned freq_hz; 177 unsigned pll_mult; 178 } ext_clk[] = { 179 [JAZZ_MAGNUM] = {50000000, 2}, 180 [JAZZ_PICA61] = {33333333, 4}, 181 }; 182 183 if (machine->ram_size > 256 * MiB) { 184 error_report("RAM size more than 256Mb is not supported"); 185 exit(EXIT_FAILURE); 186 } 187 188 cpuclk = clock_new(OBJECT(machine), "cpu-refclk"); 189 clock_set_hz(cpuclk, ext_clk[jazz_model].freq_hz 190 * ext_clk[jazz_model].pll_mult); 191 192 /* init CPUs */ 193 cpu = mips_cpu_create_with_clock(machine->cpu_type, cpuclk); 194 env = &cpu->env; 195 qemu_register_reset(main_cpu_reset, cpu); 196 197 /* 198 * Chipset returns 0 in invalid reads and do not raise data exceptions. 199 * However, we can't simply add a global memory region to catch 200 * everything, as this would make all accesses including instruction 201 * accesses be ignored and not raise exceptions. 202 * So instead we hijack the do_transaction_failed method on the CPU, and 203 * do not raise exceptions for data access. 204 * 205 * NOTE: this behaviour of raising exceptions for bad instruction 206 * fetches but not bad data accesses was added in commit 54e755588cf1e9 207 * to restore behaviour broken by c658b94f6e8c206, but it is not clear 208 * whether the real hardware behaves this way. It is possible that 209 * real hardware ignores bad instruction fetches as well -- if so then 210 * we could replace this hijacking of CPU methods with a simple global 211 * memory region that catches all memory accesses, as we do on Malta. 212 */ 213 cc = CPU_GET_CLASS(cpu); 214 #if defined(CONFIG_TCG) && !defined(CONFIG_USER_ONLY) 215 real_do_transaction_failed = cc->tcg_ops->do_transaction_failed; 216 cc->tcg_ops->do_transaction_failed = mips_jazz_do_transaction_failed; 217 #endif /* CONFIG_TCG && !CONFIG_USER_ONLY */ 218 219 /* allocate RAM */ 220 memory_region_add_subregion(address_space, 0, machine->ram); 221 222 memory_region_init_rom(bios, NULL, "mips_jazz.bios", MAGNUM_BIOS_SIZE, 223 &error_fatal); 224 memory_region_init_alias(bios2, NULL, "mips_jazz.bios", bios, 225 0, MAGNUM_BIOS_SIZE); 226 memory_region_add_subregion(address_space, 0x1fc00000LL, bios); 227 memory_region_add_subregion(address_space, 0xfff00000LL, bios2); 228 229 /* load the BIOS image. */ 230 filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, machine->firmware ?: BIOS_FILENAME); 231 if (filename) { 232 bios_size = load_image_targphys(filename, 0xfff00000LL, 233 MAGNUM_BIOS_SIZE); 234 g_free(filename); 235 } else { 236 bios_size = -1; 237 } 238 if ((bios_size < 0 || bios_size > MAGNUM_BIOS_SIZE) 239 && machine->firmware && !qtest_enabled()) { 240 error_report("Could not load MIPS bios '%s'", machine->firmware); 241 exit(1); 242 } 243 244 /* Init CPU internal devices */ 245 cpu_mips_irq_init_cpu(cpu); 246 cpu_mips_clock_init(cpu); 247 248 /* Chipset */ 249 rc4030 = rc4030_init(&dmas, &rc4030_dma_mr); 250 sysbus = SYS_BUS_DEVICE(rc4030); 251 sysbus_connect_irq(sysbus, 0, env->irq[6]); 252 sysbus_connect_irq(sysbus, 1, env->irq[3]); 253 memory_region_add_subregion(address_space, 0x80000000, 254 sysbus_mmio_get_region(sysbus, 0)); 255 memory_region_add_subregion(address_space, 0xf0000000, 256 sysbus_mmio_get_region(sysbus, 1)); 257 memory_region_init_io(dma_dummy, NULL, &dma_dummy_ops, 258 NULL, "dummy_dma", 0x1000); 259 memory_region_add_subregion(address_space, 0x8000d000, dma_dummy); 260 261 /* ISA bus: IO space at 0x90000000, mem space at 0x91000000 */ 262 memory_region_init(isa_io, NULL, "isa-io", 0x00010000); 263 memory_region_init(isa_mem, NULL, "isa-mem", 0x01000000); 264 memory_region_add_subregion(address_space, 0x90000000, isa_io); 265 memory_region_add_subregion(address_space, 0x91000000, isa_mem); 266 isa_bus = isa_bus_new(NULL, isa_mem, isa_io, &error_abort); 267 268 /* ISA devices */ 269 i8259 = i8259_init(isa_bus, env->irq[4]); 270 isa_bus_irqs(isa_bus, i8259); 271 i8257_dma_init(isa_bus, 0); 272 pit = i8254_pit_init(isa_bus, 0x40, 0, NULL); 273 pcspk_init(isa_new(TYPE_PC_SPEAKER), isa_bus, pit); 274 275 /* Video card */ 276 switch (jazz_model) { 277 case JAZZ_MAGNUM: 278 dev = qdev_new("sysbus-g364"); 279 sysbus = SYS_BUS_DEVICE(dev); 280 sysbus_realize_and_unref(sysbus, &error_fatal); 281 sysbus_mmio_map(sysbus, 0, 0x60080000); 282 sysbus_mmio_map(sysbus, 1, 0x40000000); 283 sysbus_connect_irq(sysbus, 0, qdev_get_gpio_in(rc4030, 3)); 284 { 285 /* Simple ROM, so user doesn't have to provide one */ 286 MemoryRegion *rom_mr = g_new(MemoryRegion, 1); 287 memory_region_init_rom(rom_mr, NULL, "g364fb.rom", 0x80000, 288 &error_fatal); 289 uint8_t *rom = memory_region_get_ram_ptr(rom_mr); 290 memory_region_add_subregion(address_space, 0x60000000, rom_mr); 291 rom[0] = 0x10; /* Mips G364 */ 292 } 293 break; 294 case JAZZ_PICA61: 295 isa_vga_mm_init(0x40000000, 0x60000000, 0, get_system_memory()); 296 break; 297 default: 298 break; 299 } 300 301 /* Network controller */ 302 for (n = 0; n < nb_nics; n++) { 303 nd = &nd_table[n]; 304 if (!nd->model) { 305 nd->model = g_strdup("dp83932"); 306 } 307 if (strcmp(nd->model, "dp83932") == 0) { 308 qemu_check_nic_model(nd, "dp83932"); 309 310 dev = qdev_new("dp8393x"); 311 qdev_set_nic_properties(dev, nd); 312 qdev_prop_set_uint8(dev, "it_shift", 2); 313 object_property_set_link(OBJECT(dev), "dma_mr", 314 OBJECT(rc4030_dma_mr), &error_abort); 315 sysbus = SYS_BUS_DEVICE(dev); 316 sysbus_realize_and_unref(sysbus, &error_fatal); 317 sysbus_mmio_map(sysbus, 0, 0x80001000); 318 sysbus_mmio_map(sysbus, 1, 0x8000b000); 319 sysbus_connect_irq(sysbus, 0, qdev_get_gpio_in(rc4030, 4)); 320 break; 321 } else if (is_help_option(nd->model)) { 322 error_report("Supported NICs: dp83932"); 323 exit(1); 324 } else { 325 error_report("Unsupported NIC: %s", nd->model); 326 exit(1); 327 } 328 } 329 330 /* SCSI adapter */ 331 dev = qdev_new(TYPE_ESP); 332 sysbus_esp = ESP(dev); 333 esp = &sysbus_esp->esp; 334 esp->dma_memory_read = rc4030_dma_read; 335 esp->dma_memory_write = rc4030_dma_write; 336 esp->dma_opaque = dmas[0]; 337 sysbus_esp->it_shift = 0; 338 /* XXX for now until rc4030 has been changed to use DMA enable signal */ 339 esp->dma_enabled = 1; 340 341 sysbus = SYS_BUS_DEVICE(dev); 342 sysbus_realize_and_unref(sysbus, &error_fatal); 343 sysbus_connect_irq(sysbus, 0, qdev_get_gpio_in(rc4030, 5)); 344 sysbus_mmio_map(sysbus, 0, 0x80002000); 345 346 scsi_bus_legacy_handle_cmdline(&esp->bus); 347 348 /* Floppy */ 349 for (n = 0; n < MAX_FD; n++) { 350 fds[n] = drive_get(IF_FLOPPY, 0, n); 351 } 352 /* FIXME: we should enable DMA with a custom IsaDma device */ 353 fdctrl_init_sysbus(qdev_get_gpio_in(rc4030, 1), -1, 0x80003000, fds); 354 355 /* Real time clock */ 356 mc146818_rtc_init(isa_bus, 1980, NULL); 357 memory_region_init_io(rtc, NULL, &rtc_ops, NULL, "rtc", 0x1000); 358 memory_region_add_subregion(address_space, 0x80004000, rtc); 359 360 /* Keyboard (i8042) */ 361 i8042_mm_init(qdev_get_gpio_in(rc4030, 6), qdev_get_gpio_in(rc4030, 7), 362 i8042, 0x1000, 0x1); 363 memory_region_add_subregion(address_space, 0x80005000, i8042); 364 365 /* Serial ports */ 366 if (serial_hd(0)) { 367 serial_mm_init(address_space, 0x80006000, 0, 368 qdev_get_gpio_in(rc4030, 8), 8000000 / 16, 369 serial_hd(0), DEVICE_NATIVE_ENDIAN); 370 } 371 if (serial_hd(1)) { 372 serial_mm_init(address_space, 0x80007000, 0, 373 qdev_get_gpio_in(rc4030, 9), 8000000 / 16, 374 serial_hd(1), DEVICE_NATIVE_ENDIAN); 375 } 376 377 /* Parallel port */ 378 if (parallel_hds[0]) 379 parallel_mm_init(address_space, 0x80008000, 0, 380 qdev_get_gpio_in(rc4030, 0), parallel_hds[0]); 381 382 /* FIXME: missing Jazz sound at 0x8000c000, rc4030[2] */ 383 384 /* NVRAM */ 385 dev = qdev_new("ds1225y"); 386 sysbus = SYS_BUS_DEVICE(dev); 387 sysbus_realize_and_unref(sysbus, &error_fatal); 388 sysbus_mmio_map(sysbus, 0, 0x80009000); 389 390 /* LED indicator */ 391 sysbus_create_simple("jazz-led", 0x8000f000, NULL); 392 393 g_free(dmas); 394 } 395 396 static 397 void mips_magnum_init(MachineState *machine) 398 { 399 mips_jazz_init(machine, JAZZ_MAGNUM); 400 } 401 402 static 403 void mips_pica61_init(MachineState *machine) 404 { 405 mips_jazz_init(machine, JAZZ_PICA61); 406 } 407 408 static void mips_magnum_class_init(ObjectClass *oc, void *data) 409 { 410 MachineClass *mc = MACHINE_CLASS(oc); 411 412 mc->desc = "MIPS Magnum"; 413 mc->init = mips_magnum_init; 414 mc->block_default_type = IF_SCSI; 415 mc->default_cpu_type = MIPS_CPU_TYPE_NAME("R4000"); 416 mc->default_ram_id = "mips_jazz.ram"; 417 } 418 419 static const TypeInfo mips_magnum_type = { 420 .name = MACHINE_TYPE_NAME("magnum"), 421 .parent = TYPE_MACHINE, 422 .class_init = mips_magnum_class_init, 423 }; 424 425 static void mips_pica61_class_init(ObjectClass *oc, void *data) 426 { 427 MachineClass *mc = MACHINE_CLASS(oc); 428 429 mc->desc = "Acer Pica 61"; 430 mc->init = mips_pica61_init; 431 mc->block_default_type = IF_SCSI; 432 mc->default_cpu_type = MIPS_CPU_TYPE_NAME("R4000"); 433 mc->default_ram_id = "mips_jazz.ram"; 434 } 435 436 static const TypeInfo mips_pica61_type = { 437 .name = MACHINE_TYPE_NAME("pica61"), 438 .parent = TYPE_MACHINE, 439 .class_init = mips_pica61_class_init, 440 }; 441 442 static void mips_jazz_machine_init(void) 443 { 444 type_register_static(&mips_magnum_type); 445 type_register_static(&mips_pica61_type); 446 } 447 448 type_init(mips_jazz_machine_init) 449