1 /* 2 * QEMU MIPS Jazz support 3 * 4 * Copyright (c) 2007-2008 Hervé Poussineau 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a copy 7 * of this software and associated documentation files (the "Software"), to deal 8 * in the Software without restriction, including without limitation the rights 9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 * copies of the Software, and to permit persons to whom the Software is 11 * furnished to do so, subject to the following conditions: 12 * 13 * The above copyright notice and this permission notice shall be included in 14 * all copies or substantial portions of the Software. 15 * 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 * THE SOFTWARE. 23 */ 24 25 #include "qemu/osdep.h" 26 #include "qemu-common.h" 27 #include "hw/clock.h" 28 #include "hw/mips/mips.h" 29 #include "hw/mips/cpudevs.h" 30 #include "hw/intc/i8259.h" 31 #include "hw/dma/i8257.h" 32 #include "hw/char/serial.h" 33 #include "hw/char/parallel.h" 34 #include "hw/isa/isa.h" 35 #include "hw/block/fdc.h" 36 #include "sysemu/sysemu.h" 37 #include "sysemu/arch_init.h" 38 #include "hw/boards.h" 39 #include "net/net.h" 40 #include "hw/scsi/esp.h" 41 #include "hw/mips/bios.h" 42 #include "hw/loader.h" 43 #include "hw/rtc/mc146818rtc.h" 44 #include "hw/timer/i8254.h" 45 #include "hw/display/vga.h" 46 #include "hw/audio/pcspk.h" 47 #include "hw/input/i8042.h" 48 #include "hw/sysbus.h" 49 #include "exec/address-spaces.h" 50 #include "sysemu/qtest.h" 51 #include "sysemu/reset.h" 52 #include "qapi/error.h" 53 #include "qemu/error-report.h" 54 #include "qemu/help_option.h" 55 56 enum jazz_model_e { 57 JAZZ_MAGNUM, 58 JAZZ_PICA61, 59 }; 60 61 static void main_cpu_reset(void *opaque) 62 { 63 MIPSCPU *cpu = opaque; 64 65 cpu_reset(CPU(cpu)); 66 } 67 68 static uint64_t rtc_read(void *opaque, hwaddr addr, unsigned size) 69 { 70 uint8_t val; 71 address_space_read(&address_space_memory, 0x90000071, 72 MEMTXATTRS_UNSPECIFIED, &val, 1); 73 return val; 74 } 75 76 static void rtc_write(void *opaque, hwaddr addr, 77 uint64_t val, unsigned size) 78 { 79 uint8_t buf = val & 0xff; 80 address_space_write(&address_space_memory, 0x90000071, 81 MEMTXATTRS_UNSPECIFIED, &buf, 1); 82 } 83 84 static const MemoryRegionOps rtc_ops = { 85 .read = rtc_read, 86 .write = rtc_write, 87 .endianness = DEVICE_NATIVE_ENDIAN, 88 }; 89 90 static uint64_t dma_dummy_read(void *opaque, hwaddr addr, 91 unsigned size) 92 { 93 /* 94 * Nothing to do. That is only to ensure that 95 * the current DMA acknowledge cycle is completed. 96 */ 97 return 0xff; 98 } 99 100 static void dma_dummy_write(void *opaque, hwaddr addr, 101 uint64_t val, unsigned size) 102 { 103 /* 104 * Nothing to do. That is only to ensure that 105 * the current DMA acknowledge cycle is completed. 106 */ 107 } 108 109 static const MemoryRegionOps dma_dummy_ops = { 110 .read = dma_dummy_read, 111 .write = dma_dummy_write, 112 .endianness = DEVICE_NATIVE_ENDIAN, 113 }; 114 115 #define MAGNUM_BIOS_SIZE_MAX 0x7e000 116 #define MAGNUM_BIOS_SIZE \ 117 (BIOS_SIZE < MAGNUM_BIOS_SIZE_MAX ? BIOS_SIZE : MAGNUM_BIOS_SIZE_MAX) 118 static void (*real_do_transaction_failed)(CPUState *cpu, hwaddr physaddr, 119 vaddr addr, unsigned size, 120 MMUAccessType access_type, 121 int mmu_idx, MemTxAttrs attrs, 122 MemTxResult response, 123 uintptr_t retaddr); 124 125 static void mips_jazz_do_transaction_failed(CPUState *cs, hwaddr physaddr, 126 vaddr addr, unsigned size, 127 MMUAccessType access_type, 128 int mmu_idx, MemTxAttrs attrs, 129 MemTxResult response, 130 uintptr_t retaddr) 131 { 132 if (access_type != MMU_INST_FETCH) { 133 /* ignore invalid access (ie do not raise exception) */ 134 return; 135 } 136 (*real_do_transaction_failed)(cs, physaddr, addr, size, access_type, 137 mmu_idx, attrs, response, retaddr); 138 } 139 140 static void mips_jazz_init(MachineState *machine, 141 enum jazz_model_e jazz_model) 142 { 143 MemoryRegion *address_space = get_system_memory(); 144 char *filename; 145 int bios_size, n; 146 Clock *cpuclk; 147 MIPSCPU *cpu; 148 CPUClass *cc; 149 CPUMIPSState *env; 150 qemu_irq *i8259; 151 rc4030_dma *dmas; 152 IOMMUMemoryRegion *rc4030_dma_mr; 153 MemoryRegion *isa_mem = g_new(MemoryRegion, 1); 154 MemoryRegion *isa_io = g_new(MemoryRegion, 1); 155 MemoryRegion *rtc = g_new(MemoryRegion, 1); 156 MemoryRegion *i8042 = g_new(MemoryRegion, 1); 157 MemoryRegion *dma_dummy = g_new(MemoryRegion, 1); 158 NICInfo *nd; 159 DeviceState *dev, *rc4030; 160 SysBusDevice *sysbus; 161 ISABus *isa_bus; 162 ISADevice *pit; 163 DriveInfo *fds[MAX_FD]; 164 MemoryRegion *bios = g_new(MemoryRegion, 1); 165 MemoryRegion *bios2 = g_new(MemoryRegion, 1); 166 SysBusESPState *sysbus_esp; 167 ESPState *esp; 168 static const struct { 169 unsigned freq_hz; 170 unsigned pll_mult; 171 } ext_clk[] = { 172 [JAZZ_MAGNUM] = {50000000, 2}, 173 [JAZZ_PICA61] = {33333333, 4}, 174 }; 175 176 if (machine->ram_size > 256 * MiB) { 177 error_report("RAM size more than 256Mb is not supported"); 178 exit(EXIT_FAILURE); 179 } 180 181 cpuclk = clock_new(OBJECT(machine), "cpu-refclk"); 182 clock_set_hz(cpuclk, ext_clk[jazz_model].freq_hz 183 * ext_clk[jazz_model].pll_mult); 184 185 /* init CPUs */ 186 cpu = mips_cpu_create_with_clock(machine->cpu_type, cpuclk); 187 env = &cpu->env; 188 qemu_register_reset(main_cpu_reset, cpu); 189 190 /* 191 * Chipset returns 0 in invalid reads and do not raise data exceptions. 192 * However, we can't simply add a global memory region to catch 193 * everything, as this would make all accesses including instruction 194 * accesses be ignored and not raise exceptions. 195 * So instead we hijack the do_transaction_failed method on the CPU, and 196 * do not raise exceptions for data access. 197 * 198 * NOTE: this behaviour of raising exceptions for bad instruction 199 * fetches but not bad data accesses was added in commit 54e755588cf1e9 200 * to restore behaviour broken by c658b94f6e8c206, but it is not clear 201 * whether the real hardware behaves this way. It is possible that 202 * real hardware ignores bad instruction fetches as well -- if so then 203 * we could replace this hijacking of CPU methods with a simple global 204 * memory region that catches all memory accesses, as we do on Malta. 205 */ 206 cc = CPU_GET_CLASS(cpu); 207 real_do_transaction_failed = cc->do_transaction_failed; 208 cc->do_transaction_failed = mips_jazz_do_transaction_failed; 209 210 /* allocate RAM */ 211 memory_region_add_subregion(address_space, 0, machine->ram); 212 213 memory_region_init_rom(bios, NULL, "mips_jazz.bios", MAGNUM_BIOS_SIZE, 214 &error_fatal); 215 memory_region_init_alias(bios2, NULL, "mips_jazz.bios", bios, 216 0, MAGNUM_BIOS_SIZE); 217 memory_region_add_subregion(address_space, 0x1fc00000LL, bios); 218 memory_region_add_subregion(address_space, 0xfff00000LL, bios2); 219 220 /* load the BIOS image. */ 221 filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, machine->firmware ?: BIOS_FILENAME); 222 if (filename) { 223 bios_size = load_image_targphys(filename, 0xfff00000LL, 224 MAGNUM_BIOS_SIZE); 225 g_free(filename); 226 } else { 227 bios_size = -1; 228 } 229 if ((bios_size < 0 || bios_size > MAGNUM_BIOS_SIZE) 230 && machine->firmware && !qtest_enabled()) { 231 error_report("Could not load MIPS bios '%s'", machine->firmware); 232 exit(1); 233 } 234 235 /* Init CPU internal devices */ 236 cpu_mips_irq_init_cpu(cpu); 237 cpu_mips_clock_init(cpu); 238 239 /* Chipset */ 240 rc4030 = rc4030_init(&dmas, &rc4030_dma_mr); 241 sysbus = SYS_BUS_DEVICE(rc4030); 242 sysbus_connect_irq(sysbus, 0, env->irq[6]); 243 sysbus_connect_irq(sysbus, 1, env->irq[3]); 244 memory_region_add_subregion(address_space, 0x80000000, 245 sysbus_mmio_get_region(sysbus, 0)); 246 memory_region_add_subregion(address_space, 0xf0000000, 247 sysbus_mmio_get_region(sysbus, 1)); 248 memory_region_init_io(dma_dummy, NULL, &dma_dummy_ops, 249 NULL, "dummy_dma", 0x1000); 250 memory_region_add_subregion(address_space, 0x8000d000, dma_dummy); 251 252 /* ISA bus: IO space at 0x90000000, mem space at 0x91000000 */ 253 memory_region_init(isa_io, NULL, "isa-io", 0x00010000); 254 memory_region_init(isa_mem, NULL, "isa-mem", 0x01000000); 255 memory_region_add_subregion(address_space, 0x90000000, isa_io); 256 memory_region_add_subregion(address_space, 0x91000000, isa_mem); 257 isa_bus = isa_bus_new(NULL, isa_mem, isa_io, &error_abort); 258 259 /* ISA devices */ 260 i8259 = i8259_init(isa_bus, env->irq[4]); 261 isa_bus_irqs(isa_bus, i8259); 262 i8257_dma_init(isa_bus, 0); 263 pit = i8254_pit_init(isa_bus, 0x40, 0, NULL); 264 pcspk_init(isa_new(TYPE_PC_SPEAKER), isa_bus, pit); 265 266 /* Video card */ 267 switch (jazz_model) { 268 case JAZZ_MAGNUM: 269 dev = qdev_new("sysbus-g364"); 270 sysbus = SYS_BUS_DEVICE(dev); 271 sysbus_realize_and_unref(sysbus, &error_fatal); 272 sysbus_mmio_map(sysbus, 0, 0x60080000); 273 sysbus_mmio_map(sysbus, 1, 0x40000000); 274 sysbus_connect_irq(sysbus, 0, qdev_get_gpio_in(rc4030, 3)); 275 { 276 /* Simple ROM, so user doesn't have to provide one */ 277 MemoryRegion *rom_mr = g_new(MemoryRegion, 1); 278 memory_region_init_rom(rom_mr, NULL, "g364fb.rom", 0x80000, 279 &error_fatal); 280 uint8_t *rom = memory_region_get_ram_ptr(rom_mr); 281 memory_region_add_subregion(address_space, 0x60000000, rom_mr); 282 rom[0] = 0x10; /* Mips G364 */ 283 } 284 break; 285 case JAZZ_PICA61: 286 isa_vga_mm_init(0x40000000, 0x60000000, 0, get_system_memory()); 287 break; 288 default: 289 break; 290 } 291 292 /* Network controller */ 293 for (n = 0; n < nb_nics; n++) { 294 nd = &nd_table[n]; 295 if (!nd->model) { 296 nd->model = g_strdup("dp83932"); 297 } 298 if (strcmp(nd->model, "dp83932") == 0) { 299 qemu_check_nic_model(nd, "dp83932"); 300 301 dev = qdev_new("dp8393x"); 302 qdev_set_nic_properties(dev, nd); 303 qdev_prop_set_uint8(dev, "it_shift", 2); 304 object_property_set_link(OBJECT(dev), "dma_mr", 305 OBJECT(rc4030_dma_mr), &error_abort); 306 sysbus = SYS_BUS_DEVICE(dev); 307 sysbus_realize_and_unref(sysbus, &error_fatal); 308 sysbus_mmio_map(sysbus, 0, 0x80001000); 309 sysbus_mmio_map(sysbus, 1, 0x8000b000); 310 sysbus_connect_irq(sysbus, 0, qdev_get_gpio_in(rc4030, 4)); 311 break; 312 } else if (is_help_option(nd->model)) { 313 error_report("Supported NICs: dp83932"); 314 exit(1); 315 } else { 316 error_report("Unsupported NIC: %s", nd->model); 317 exit(1); 318 } 319 } 320 321 /* SCSI adapter */ 322 dev = qdev_new(TYPE_ESP); 323 sysbus_esp = ESP(dev); 324 esp = &sysbus_esp->esp; 325 esp->dma_memory_read = rc4030_dma_read; 326 esp->dma_memory_write = rc4030_dma_write; 327 esp->dma_opaque = dmas[0]; 328 sysbus_esp->it_shift = 0; 329 /* XXX for now until rc4030 has been changed to use DMA enable signal */ 330 esp->dma_enabled = 1; 331 332 sysbus = SYS_BUS_DEVICE(dev); 333 sysbus_realize_and_unref(sysbus, &error_fatal); 334 sysbus_connect_irq(sysbus, 0, qdev_get_gpio_in(rc4030, 5)); 335 sysbus_mmio_map(sysbus, 0, 0x80002000); 336 337 scsi_bus_legacy_handle_cmdline(&esp->bus); 338 339 /* Floppy */ 340 for (n = 0; n < MAX_FD; n++) { 341 fds[n] = drive_get(IF_FLOPPY, 0, n); 342 } 343 /* FIXME: we should enable DMA with a custom IsaDma device */ 344 fdctrl_init_sysbus(qdev_get_gpio_in(rc4030, 1), -1, 0x80003000, fds); 345 346 /* Real time clock */ 347 mc146818_rtc_init(isa_bus, 1980, NULL); 348 memory_region_init_io(rtc, NULL, &rtc_ops, NULL, "rtc", 0x1000); 349 memory_region_add_subregion(address_space, 0x80004000, rtc); 350 351 /* Keyboard (i8042) */ 352 i8042_mm_init(qdev_get_gpio_in(rc4030, 6), qdev_get_gpio_in(rc4030, 7), 353 i8042, 0x1000, 0x1); 354 memory_region_add_subregion(address_space, 0x80005000, i8042); 355 356 /* Serial ports */ 357 if (serial_hd(0)) { 358 serial_mm_init(address_space, 0x80006000, 0, 359 qdev_get_gpio_in(rc4030, 8), 8000000 / 16, 360 serial_hd(0), DEVICE_NATIVE_ENDIAN); 361 } 362 if (serial_hd(1)) { 363 serial_mm_init(address_space, 0x80007000, 0, 364 qdev_get_gpio_in(rc4030, 9), 8000000 / 16, 365 serial_hd(1), DEVICE_NATIVE_ENDIAN); 366 } 367 368 /* Parallel port */ 369 if (parallel_hds[0]) 370 parallel_mm_init(address_space, 0x80008000, 0, 371 qdev_get_gpio_in(rc4030, 0), parallel_hds[0]); 372 373 /* FIXME: missing Jazz sound at 0x8000c000, rc4030[2] */ 374 375 /* NVRAM */ 376 dev = qdev_new("ds1225y"); 377 sysbus = SYS_BUS_DEVICE(dev); 378 sysbus_realize_and_unref(sysbus, &error_fatal); 379 sysbus_mmio_map(sysbus, 0, 0x80009000); 380 381 /* LED indicator */ 382 sysbus_create_simple("jazz-led", 0x8000f000, NULL); 383 384 g_free(dmas); 385 } 386 387 static 388 void mips_magnum_init(MachineState *machine) 389 { 390 mips_jazz_init(machine, JAZZ_MAGNUM); 391 } 392 393 static 394 void mips_pica61_init(MachineState *machine) 395 { 396 mips_jazz_init(machine, JAZZ_PICA61); 397 } 398 399 static void mips_magnum_class_init(ObjectClass *oc, void *data) 400 { 401 MachineClass *mc = MACHINE_CLASS(oc); 402 403 mc->desc = "MIPS Magnum"; 404 mc->init = mips_magnum_init; 405 mc->block_default_type = IF_SCSI; 406 mc->default_cpu_type = MIPS_CPU_TYPE_NAME("R4000"); 407 mc->default_ram_id = "mips_jazz.ram"; 408 } 409 410 static const TypeInfo mips_magnum_type = { 411 .name = MACHINE_TYPE_NAME("magnum"), 412 .parent = TYPE_MACHINE, 413 .class_init = mips_magnum_class_init, 414 }; 415 416 static void mips_pica61_class_init(ObjectClass *oc, void *data) 417 { 418 MachineClass *mc = MACHINE_CLASS(oc); 419 420 mc->desc = "Acer Pica 61"; 421 mc->init = mips_pica61_init; 422 mc->block_default_type = IF_SCSI; 423 mc->default_cpu_type = MIPS_CPU_TYPE_NAME("R4000"); 424 mc->default_ram_id = "mips_jazz.ram"; 425 } 426 427 static const TypeInfo mips_pica61_type = { 428 .name = MACHINE_TYPE_NAME("pica61"), 429 .parent = TYPE_MACHINE, 430 .class_init = mips_pica61_class_init, 431 }; 432 433 static void mips_jazz_machine_init(void) 434 { 435 type_register_static(&mips_magnum_type); 436 type_register_static(&mips_pica61_type); 437 } 438 439 type_init(mips_jazz_machine_init) 440