1 /* 2 * QEMU MIPS Jazz support 3 * 4 * Copyright (c) 2007-2008 Hervé Poussineau 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a copy 7 * of this software and associated documentation files (the "Software"), to deal 8 * in the Software without restriction, including without limitation the rights 9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 * copies of the Software, and to permit persons to whom the Software is 11 * furnished to do so, subject to the following conditions: 12 * 13 * The above copyright notice and this permission notice shall be included in 14 * all copies or substantial portions of the Software. 15 * 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 * THE SOFTWARE. 23 */ 24 25 #include "qemu/osdep.h" 26 #include "qemu-common.h" 27 #include "qemu/datadir.h" 28 #include "hw/clock.h" 29 #include "hw/mips/mips.h" 30 #include "hw/mips/cpudevs.h" 31 #include "hw/intc/i8259.h" 32 #include "hw/dma/i8257.h" 33 #include "hw/char/serial.h" 34 #include "hw/char/parallel.h" 35 #include "hw/isa/isa.h" 36 #include "hw/block/fdc.h" 37 #include "sysemu/sysemu.h" 38 #include "sysemu/arch_init.h" 39 #include "hw/boards.h" 40 #include "net/net.h" 41 #include "hw/scsi/esp.h" 42 #include "hw/mips/bios.h" 43 #include "hw/loader.h" 44 #include "hw/rtc/mc146818rtc.h" 45 #include "hw/timer/i8254.h" 46 #include "hw/display/vga.h" 47 #include "hw/audio/pcspk.h" 48 #include "hw/input/i8042.h" 49 #include "hw/sysbus.h" 50 #include "sysemu/qtest.h" 51 #include "sysemu/reset.h" 52 #include "qapi/error.h" 53 #include "qemu/error-report.h" 54 #include "qemu/help_option.h" 55 #ifdef CONFIG_TCG 56 #include "hw/core/tcg-cpu-ops.h" 57 #endif /* CONFIG_TCG */ 58 59 enum jazz_model_e { 60 JAZZ_MAGNUM, 61 JAZZ_PICA61, 62 }; 63 64 static void main_cpu_reset(void *opaque) 65 { 66 MIPSCPU *cpu = opaque; 67 68 cpu_reset(CPU(cpu)); 69 } 70 71 static uint64_t rtc_read(void *opaque, hwaddr addr, unsigned size) 72 { 73 uint8_t val; 74 address_space_read(&address_space_memory, 0x90000071, 75 MEMTXATTRS_UNSPECIFIED, &val, 1); 76 return val; 77 } 78 79 static void rtc_write(void *opaque, hwaddr addr, 80 uint64_t val, unsigned size) 81 { 82 uint8_t buf = val & 0xff; 83 address_space_write(&address_space_memory, 0x90000071, 84 MEMTXATTRS_UNSPECIFIED, &buf, 1); 85 } 86 87 static const MemoryRegionOps rtc_ops = { 88 .read = rtc_read, 89 .write = rtc_write, 90 .endianness = DEVICE_NATIVE_ENDIAN, 91 }; 92 93 static uint64_t dma_dummy_read(void *opaque, hwaddr addr, 94 unsigned size) 95 { 96 /* 97 * Nothing to do. That is only to ensure that 98 * the current DMA acknowledge cycle is completed. 99 */ 100 return 0xff; 101 } 102 103 static void dma_dummy_write(void *opaque, hwaddr addr, 104 uint64_t val, unsigned size) 105 { 106 /* 107 * Nothing to do. That is only to ensure that 108 * the current DMA acknowledge cycle is completed. 109 */ 110 } 111 112 static const MemoryRegionOps dma_dummy_ops = { 113 .read = dma_dummy_read, 114 .write = dma_dummy_write, 115 .endianness = DEVICE_NATIVE_ENDIAN, 116 }; 117 118 #define MAGNUM_BIOS_SIZE_MAX 0x7e000 119 #define MAGNUM_BIOS_SIZE \ 120 (BIOS_SIZE < MAGNUM_BIOS_SIZE_MAX ? BIOS_SIZE : MAGNUM_BIOS_SIZE_MAX) 121 122 #if defined(CONFIG_TCG) && !defined(CONFIG_USER_ONLY) 123 static void (*real_do_transaction_failed)(CPUState *cpu, hwaddr physaddr, 124 vaddr addr, unsigned size, 125 MMUAccessType access_type, 126 int mmu_idx, MemTxAttrs attrs, 127 MemTxResult response, 128 uintptr_t retaddr); 129 130 static void mips_jazz_do_transaction_failed(CPUState *cs, hwaddr physaddr, 131 vaddr addr, unsigned size, 132 MMUAccessType access_type, 133 int mmu_idx, MemTxAttrs attrs, 134 MemTxResult response, 135 uintptr_t retaddr) 136 { 137 if (access_type != MMU_INST_FETCH) { 138 /* ignore invalid access (ie do not raise exception) */ 139 return; 140 } 141 (*real_do_transaction_failed)(cs, physaddr, addr, size, access_type, 142 mmu_idx, attrs, response, retaddr); 143 } 144 #endif /* CONFIG_TCG && !CONFIG_USER_ONLY */ 145 146 static void mips_jazz_init(MachineState *machine, 147 enum jazz_model_e jazz_model) 148 { 149 MemoryRegion *address_space = get_system_memory(); 150 char *filename; 151 int bios_size, n; 152 Clock *cpuclk; 153 MIPSCPU *cpu; 154 CPUClass *cc; 155 CPUMIPSState *env; 156 qemu_irq *i8259; 157 rc4030_dma *dmas; 158 IOMMUMemoryRegion *rc4030_dma_mr; 159 MemoryRegion *isa_mem = g_new(MemoryRegion, 1); 160 MemoryRegion *isa_io = g_new(MemoryRegion, 1); 161 MemoryRegion *rtc = g_new(MemoryRegion, 1); 162 MemoryRegion *i8042 = g_new(MemoryRegion, 1); 163 MemoryRegion *dma_dummy = g_new(MemoryRegion, 1); 164 NICInfo *nd; 165 DeviceState *dev, *rc4030; 166 SysBusDevice *sysbus; 167 ISABus *isa_bus; 168 ISADevice *pit; 169 DriveInfo *fds[MAX_FD]; 170 MemoryRegion *bios = g_new(MemoryRegion, 1); 171 MemoryRegion *bios2 = g_new(MemoryRegion, 1); 172 SysBusESPState *sysbus_esp; 173 ESPState *esp; 174 static const struct { 175 unsigned freq_hz; 176 unsigned pll_mult; 177 } ext_clk[] = { 178 [JAZZ_MAGNUM] = {50000000, 2}, 179 [JAZZ_PICA61] = {33333333, 4}, 180 }; 181 182 if (machine->ram_size > 256 * MiB) { 183 error_report("RAM size more than 256Mb is not supported"); 184 exit(EXIT_FAILURE); 185 } 186 187 cpuclk = clock_new(OBJECT(machine), "cpu-refclk"); 188 clock_set_hz(cpuclk, ext_clk[jazz_model].freq_hz 189 * ext_clk[jazz_model].pll_mult); 190 191 /* init CPUs */ 192 cpu = mips_cpu_create_with_clock(machine->cpu_type, cpuclk); 193 env = &cpu->env; 194 qemu_register_reset(main_cpu_reset, cpu); 195 196 /* 197 * Chipset returns 0 in invalid reads and do not raise data exceptions. 198 * However, we can't simply add a global memory region to catch 199 * everything, as this would make all accesses including instruction 200 * accesses be ignored and not raise exceptions. 201 * So instead we hijack the do_transaction_failed method on the CPU, and 202 * do not raise exceptions for data access. 203 * 204 * NOTE: this behaviour of raising exceptions for bad instruction 205 * fetches but not bad data accesses was added in commit 54e755588cf1e9 206 * to restore behaviour broken by c658b94f6e8c206, but it is not clear 207 * whether the real hardware behaves this way. It is possible that 208 * real hardware ignores bad instruction fetches as well -- if so then 209 * we could replace this hijacking of CPU methods with a simple global 210 * memory region that catches all memory accesses, as we do on Malta. 211 */ 212 cc = CPU_GET_CLASS(cpu); 213 #if defined(CONFIG_TCG) && !defined(CONFIG_USER_ONLY) 214 real_do_transaction_failed = cc->tcg_ops->do_transaction_failed; 215 cc->tcg_ops->do_transaction_failed = mips_jazz_do_transaction_failed; 216 #endif /* CONFIG_TCG && !CONFIG_USER_ONLY */ 217 218 /* allocate RAM */ 219 memory_region_add_subregion(address_space, 0, machine->ram); 220 221 memory_region_init_rom(bios, NULL, "mips_jazz.bios", MAGNUM_BIOS_SIZE, 222 &error_fatal); 223 memory_region_init_alias(bios2, NULL, "mips_jazz.bios", bios, 224 0, MAGNUM_BIOS_SIZE); 225 memory_region_add_subregion(address_space, 0x1fc00000LL, bios); 226 memory_region_add_subregion(address_space, 0xfff00000LL, bios2); 227 228 /* load the BIOS image. */ 229 filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, machine->firmware ?: BIOS_FILENAME); 230 if (filename) { 231 bios_size = load_image_targphys(filename, 0xfff00000LL, 232 MAGNUM_BIOS_SIZE); 233 g_free(filename); 234 } else { 235 bios_size = -1; 236 } 237 if ((bios_size < 0 || bios_size > MAGNUM_BIOS_SIZE) 238 && machine->firmware && !qtest_enabled()) { 239 error_report("Could not load MIPS bios '%s'", machine->firmware); 240 exit(1); 241 } 242 243 /* Init CPU internal devices */ 244 cpu_mips_irq_init_cpu(cpu); 245 cpu_mips_clock_init(cpu); 246 247 /* Chipset */ 248 rc4030 = rc4030_init(&dmas, &rc4030_dma_mr); 249 sysbus = SYS_BUS_DEVICE(rc4030); 250 sysbus_connect_irq(sysbus, 0, env->irq[6]); 251 sysbus_connect_irq(sysbus, 1, env->irq[3]); 252 memory_region_add_subregion(address_space, 0x80000000, 253 sysbus_mmio_get_region(sysbus, 0)); 254 memory_region_add_subregion(address_space, 0xf0000000, 255 sysbus_mmio_get_region(sysbus, 1)); 256 memory_region_init_io(dma_dummy, NULL, &dma_dummy_ops, 257 NULL, "dummy_dma", 0x1000); 258 memory_region_add_subregion(address_space, 0x8000d000, dma_dummy); 259 260 /* ISA bus: IO space at 0x90000000, mem space at 0x91000000 */ 261 memory_region_init(isa_io, NULL, "isa-io", 0x00010000); 262 memory_region_init(isa_mem, NULL, "isa-mem", 0x01000000); 263 memory_region_add_subregion(address_space, 0x90000000, isa_io); 264 memory_region_add_subregion(address_space, 0x91000000, isa_mem); 265 isa_bus = isa_bus_new(NULL, isa_mem, isa_io, &error_abort); 266 267 /* ISA devices */ 268 i8259 = i8259_init(isa_bus, env->irq[4]); 269 isa_bus_irqs(isa_bus, i8259); 270 i8257_dma_init(isa_bus, 0); 271 pit = i8254_pit_init(isa_bus, 0x40, 0, NULL); 272 pcspk_init(isa_new(TYPE_PC_SPEAKER), isa_bus, pit); 273 274 /* Video card */ 275 switch (jazz_model) { 276 case JAZZ_MAGNUM: 277 dev = qdev_new("sysbus-g364"); 278 sysbus = SYS_BUS_DEVICE(dev); 279 sysbus_realize_and_unref(sysbus, &error_fatal); 280 sysbus_mmio_map(sysbus, 0, 0x60080000); 281 sysbus_mmio_map(sysbus, 1, 0x40000000); 282 sysbus_connect_irq(sysbus, 0, qdev_get_gpio_in(rc4030, 3)); 283 { 284 /* Simple ROM, so user doesn't have to provide one */ 285 MemoryRegion *rom_mr = g_new(MemoryRegion, 1); 286 memory_region_init_rom(rom_mr, NULL, "g364fb.rom", 0x80000, 287 &error_fatal); 288 uint8_t *rom = memory_region_get_ram_ptr(rom_mr); 289 memory_region_add_subregion(address_space, 0x60000000, rom_mr); 290 rom[0] = 0x10; /* Mips G364 */ 291 } 292 break; 293 case JAZZ_PICA61: 294 isa_vga_mm_init(0x40000000, 0x60000000, 0, get_system_memory()); 295 break; 296 default: 297 break; 298 } 299 300 /* Network controller */ 301 for (n = 0; n < nb_nics; n++) { 302 nd = &nd_table[n]; 303 if (!nd->model) { 304 nd->model = g_strdup("dp83932"); 305 } 306 if (strcmp(nd->model, "dp83932") == 0) { 307 qemu_check_nic_model(nd, "dp83932"); 308 309 dev = qdev_new("dp8393x"); 310 qdev_set_nic_properties(dev, nd); 311 qdev_prop_set_uint8(dev, "it_shift", 2); 312 object_property_set_link(OBJECT(dev), "dma_mr", 313 OBJECT(rc4030_dma_mr), &error_abort); 314 sysbus = SYS_BUS_DEVICE(dev); 315 sysbus_realize_and_unref(sysbus, &error_fatal); 316 sysbus_mmio_map(sysbus, 0, 0x80001000); 317 sysbus_mmio_map(sysbus, 1, 0x8000b000); 318 sysbus_connect_irq(sysbus, 0, qdev_get_gpio_in(rc4030, 4)); 319 break; 320 } else if (is_help_option(nd->model)) { 321 error_report("Supported NICs: dp83932"); 322 exit(1); 323 } else { 324 error_report("Unsupported NIC: %s", nd->model); 325 exit(1); 326 } 327 } 328 329 /* SCSI adapter */ 330 dev = qdev_new(TYPE_SYSBUS_ESP); 331 sysbus_esp = SYSBUS_ESP(dev); 332 esp = &sysbus_esp->esp; 333 esp->dma_memory_read = rc4030_dma_read; 334 esp->dma_memory_write = rc4030_dma_write; 335 esp->dma_opaque = dmas[0]; 336 sysbus_esp->it_shift = 0; 337 /* XXX for now until rc4030 has been changed to use DMA enable signal */ 338 esp->dma_enabled = 1; 339 340 sysbus = SYS_BUS_DEVICE(dev); 341 sysbus_realize_and_unref(sysbus, &error_fatal); 342 sysbus_connect_irq(sysbus, 0, qdev_get_gpio_in(rc4030, 5)); 343 sysbus_mmio_map(sysbus, 0, 0x80002000); 344 345 scsi_bus_legacy_handle_cmdline(&esp->bus); 346 347 /* Floppy */ 348 for (n = 0; n < MAX_FD; n++) { 349 fds[n] = drive_get(IF_FLOPPY, 0, n); 350 } 351 /* FIXME: we should enable DMA with a custom IsaDma device */ 352 fdctrl_init_sysbus(qdev_get_gpio_in(rc4030, 1), -1, 0x80003000, fds); 353 354 /* Real time clock */ 355 mc146818_rtc_init(isa_bus, 1980, NULL); 356 memory_region_init_io(rtc, NULL, &rtc_ops, NULL, "rtc", 0x1000); 357 memory_region_add_subregion(address_space, 0x80004000, rtc); 358 359 /* Keyboard (i8042) */ 360 i8042_mm_init(qdev_get_gpio_in(rc4030, 6), qdev_get_gpio_in(rc4030, 7), 361 i8042, 0x1000, 0x1); 362 memory_region_add_subregion(address_space, 0x80005000, i8042); 363 364 /* Serial ports */ 365 if (serial_hd(0)) { 366 serial_mm_init(address_space, 0x80006000, 0, 367 qdev_get_gpio_in(rc4030, 8), 8000000 / 16, 368 serial_hd(0), DEVICE_NATIVE_ENDIAN); 369 } 370 if (serial_hd(1)) { 371 serial_mm_init(address_space, 0x80007000, 0, 372 qdev_get_gpio_in(rc4030, 9), 8000000 / 16, 373 serial_hd(1), DEVICE_NATIVE_ENDIAN); 374 } 375 376 /* Parallel port */ 377 if (parallel_hds[0]) 378 parallel_mm_init(address_space, 0x80008000, 0, 379 qdev_get_gpio_in(rc4030, 0), parallel_hds[0]); 380 381 /* FIXME: missing Jazz sound at 0x8000c000, rc4030[2] */ 382 383 /* NVRAM */ 384 dev = qdev_new("ds1225y"); 385 sysbus = SYS_BUS_DEVICE(dev); 386 sysbus_realize_and_unref(sysbus, &error_fatal); 387 sysbus_mmio_map(sysbus, 0, 0x80009000); 388 389 /* LED indicator */ 390 sysbus_create_simple("jazz-led", 0x8000f000, NULL); 391 392 g_free(dmas); 393 } 394 395 static 396 void mips_magnum_init(MachineState *machine) 397 { 398 mips_jazz_init(machine, JAZZ_MAGNUM); 399 } 400 401 static 402 void mips_pica61_init(MachineState *machine) 403 { 404 mips_jazz_init(machine, JAZZ_PICA61); 405 } 406 407 static void mips_magnum_class_init(ObjectClass *oc, void *data) 408 { 409 MachineClass *mc = MACHINE_CLASS(oc); 410 411 mc->desc = "MIPS Magnum"; 412 mc->init = mips_magnum_init; 413 mc->block_default_type = IF_SCSI; 414 mc->default_cpu_type = MIPS_CPU_TYPE_NAME("R4000"); 415 mc->default_ram_id = "mips_jazz.ram"; 416 } 417 418 static const TypeInfo mips_magnum_type = { 419 .name = MACHINE_TYPE_NAME("magnum"), 420 .parent = TYPE_MACHINE, 421 .class_init = mips_magnum_class_init, 422 }; 423 424 static void mips_pica61_class_init(ObjectClass *oc, void *data) 425 { 426 MachineClass *mc = MACHINE_CLASS(oc); 427 428 mc->desc = "Acer Pica 61"; 429 mc->init = mips_pica61_init; 430 mc->block_default_type = IF_SCSI; 431 mc->default_cpu_type = MIPS_CPU_TYPE_NAME("R4000"); 432 mc->default_ram_id = "mips_jazz.ram"; 433 } 434 435 static const TypeInfo mips_pica61_type = { 436 .name = MACHINE_TYPE_NAME("pica61"), 437 .parent = TYPE_MACHINE, 438 .class_init = mips_pica61_class_init, 439 }; 440 441 static void mips_jazz_machine_init(void) 442 { 443 type_register_static(&mips_magnum_type); 444 type_register_static(&mips_pica61_type); 445 } 446 447 type_init(mips_jazz_machine_init) 448