1 /* 2 * QEMU MIPS Jazz support 3 * 4 * Copyright (c) 2007-2008 Hervé Poussineau 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a copy 7 * of this software and associated documentation files (the "Software"), to deal 8 * in the Software without restriction, including without limitation the rights 9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 * copies of the Software, and to permit persons to whom the Software is 11 * furnished to do so, subject to the following conditions: 12 * 13 * The above copyright notice and this permission notice shall be included in 14 * all copies or substantial portions of the Software. 15 * 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 * THE SOFTWARE. 23 */ 24 25 #include "qemu/osdep.h" 26 #include "qemu-common.h" 27 #include "qemu/datadir.h" 28 #include "hw/clock.h" 29 #include "hw/mips/mips.h" 30 #include "hw/mips/cpudevs.h" 31 #include "hw/intc/i8259.h" 32 #include "hw/dma/i8257.h" 33 #include "hw/char/serial.h" 34 #include "hw/char/parallel.h" 35 #include "hw/isa/isa.h" 36 #include "hw/block/fdc.h" 37 #include "sysemu/sysemu.h" 38 #include "sysemu/arch_init.h" 39 #include "hw/boards.h" 40 #include "net/net.h" 41 #include "hw/scsi/esp.h" 42 #include "hw/mips/bios.h" 43 #include "hw/loader.h" 44 #include "hw/rtc/mc146818rtc.h" 45 #include "hw/timer/i8254.h" 46 #include "hw/display/vga.h" 47 #include "hw/audio/pcspk.h" 48 #include "hw/input/i8042.h" 49 #include "hw/sysbus.h" 50 #include "exec/address-spaces.h" 51 #include "sysemu/qtest.h" 52 #include "sysemu/reset.h" 53 #include "qapi/error.h" 54 #include "qemu/error-report.h" 55 #include "qemu/help_option.h" 56 57 enum jazz_model_e { 58 JAZZ_MAGNUM, 59 JAZZ_PICA61, 60 }; 61 62 static void main_cpu_reset(void *opaque) 63 { 64 MIPSCPU *cpu = opaque; 65 66 cpu_reset(CPU(cpu)); 67 } 68 69 static uint64_t rtc_read(void *opaque, hwaddr addr, unsigned size) 70 { 71 uint8_t val; 72 address_space_read(&address_space_memory, 0x90000071, 73 MEMTXATTRS_UNSPECIFIED, &val, 1); 74 return val; 75 } 76 77 static void rtc_write(void *opaque, hwaddr addr, 78 uint64_t val, unsigned size) 79 { 80 uint8_t buf = val & 0xff; 81 address_space_write(&address_space_memory, 0x90000071, 82 MEMTXATTRS_UNSPECIFIED, &buf, 1); 83 } 84 85 static const MemoryRegionOps rtc_ops = { 86 .read = rtc_read, 87 .write = rtc_write, 88 .endianness = DEVICE_NATIVE_ENDIAN, 89 }; 90 91 static uint64_t dma_dummy_read(void *opaque, hwaddr addr, 92 unsigned size) 93 { 94 /* 95 * Nothing to do. That is only to ensure that 96 * the current DMA acknowledge cycle is completed. 97 */ 98 return 0xff; 99 } 100 101 static void dma_dummy_write(void *opaque, hwaddr addr, 102 uint64_t val, unsigned size) 103 { 104 /* 105 * Nothing to do. That is only to ensure that 106 * the current DMA acknowledge cycle is completed. 107 */ 108 } 109 110 static const MemoryRegionOps dma_dummy_ops = { 111 .read = dma_dummy_read, 112 .write = dma_dummy_write, 113 .endianness = DEVICE_NATIVE_ENDIAN, 114 }; 115 116 #define MAGNUM_BIOS_SIZE_MAX 0x7e000 117 #define MAGNUM_BIOS_SIZE \ 118 (BIOS_SIZE < MAGNUM_BIOS_SIZE_MAX ? BIOS_SIZE : MAGNUM_BIOS_SIZE_MAX) 119 static void (*real_do_transaction_failed)(CPUState *cpu, hwaddr physaddr, 120 vaddr addr, unsigned size, 121 MMUAccessType access_type, 122 int mmu_idx, MemTxAttrs attrs, 123 MemTxResult response, 124 uintptr_t retaddr); 125 126 static void mips_jazz_do_transaction_failed(CPUState *cs, hwaddr physaddr, 127 vaddr addr, unsigned size, 128 MMUAccessType access_type, 129 int mmu_idx, MemTxAttrs attrs, 130 MemTxResult response, 131 uintptr_t retaddr) 132 { 133 if (access_type != MMU_INST_FETCH) { 134 /* ignore invalid access (ie do not raise exception) */ 135 return; 136 } 137 (*real_do_transaction_failed)(cs, physaddr, addr, size, access_type, 138 mmu_idx, attrs, response, retaddr); 139 } 140 141 static void mips_jazz_init(MachineState *machine, 142 enum jazz_model_e jazz_model) 143 { 144 MemoryRegion *address_space = get_system_memory(); 145 char *filename; 146 int bios_size, n; 147 Clock *cpuclk; 148 MIPSCPU *cpu; 149 CPUClass *cc; 150 CPUMIPSState *env; 151 qemu_irq *i8259; 152 rc4030_dma *dmas; 153 IOMMUMemoryRegion *rc4030_dma_mr; 154 MemoryRegion *isa_mem = g_new(MemoryRegion, 1); 155 MemoryRegion *isa_io = g_new(MemoryRegion, 1); 156 MemoryRegion *rtc = g_new(MemoryRegion, 1); 157 MemoryRegion *i8042 = g_new(MemoryRegion, 1); 158 MemoryRegion *dma_dummy = g_new(MemoryRegion, 1); 159 NICInfo *nd; 160 DeviceState *dev, *rc4030; 161 SysBusDevice *sysbus; 162 ISABus *isa_bus; 163 ISADevice *pit; 164 DriveInfo *fds[MAX_FD]; 165 MemoryRegion *bios = g_new(MemoryRegion, 1); 166 MemoryRegion *bios2 = g_new(MemoryRegion, 1); 167 SysBusESPState *sysbus_esp; 168 ESPState *esp; 169 static const struct { 170 unsigned freq_hz; 171 unsigned pll_mult; 172 } ext_clk[] = { 173 [JAZZ_MAGNUM] = {50000000, 2}, 174 [JAZZ_PICA61] = {33333333, 4}, 175 }; 176 177 if (machine->ram_size > 256 * MiB) { 178 error_report("RAM size more than 256Mb is not supported"); 179 exit(EXIT_FAILURE); 180 } 181 182 cpuclk = clock_new(OBJECT(machine), "cpu-refclk"); 183 clock_set_hz(cpuclk, ext_clk[jazz_model].freq_hz 184 * ext_clk[jazz_model].pll_mult); 185 186 /* init CPUs */ 187 cpu = mips_cpu_create_with_clock(machine->cpu_type, cpuclk); 188 env = &cpu->env; 189 qemu_register_reset(main_cpu_reset, cpu); 190 191 /* 192 * Chipset returns 0 in invalid reads and do not raise data exceptions. 193 * However, we can't simply add a global memory region to catch 194 * everything, as this would make all accesses including instruction 195 * accesses be ignored and not raise exceptions. 196 * So instead we hijack the do_transaction_failed method on the CPU, and 197 * do not raise exceptions for data access. 198 * 199 * NOTE: this behaviour of raising exceptions for bad instruction 200 * fetches but not bad data accesses was added in commit 54e755588cf1e9 201 * to restore behaviour broken by c658b94f6e8c206, but it is not clear 202 * whether the real hardware behaves this way. It is possible that 203 * real hardware ignores bad instruction fetches as well -- if so then 204 * we could replace this hijacking of CPU methods with a simple global 205 * memory region that catches all memory accesses, as we do on Malta. 206 */ 207 cc = CPU_GET_CLASS(cpu); 208 real_do_transaction_failed = cc->do_transaction_failed; 209 cc->do_transaction_failed = mips_jazz_do_transaction_failed; 210 211 /* allocate RAM */ 212 memory_region_add_subregion(address_space, 0, machine->ram); 213 214 memory_region_init_rom(bios, NULL, "mips_jazz.bios", MAGNUM_BIOS_SIZE, 215 &error_fatal); 216 memory_region_init_alias(bios2, NULL, "mips_jazz.bios", bios, 217 0, MAGNUM_BIOS_SIZE); 218 memory_region_add_subregion(address_space, 0x1fc00000LL, bios); 219 memory_region_add_subregion(address_space, 0xfff00000LL, bios2); 220 221 /* load the BIOS image. */ 222 filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, machine->firmware ?: BIOS_FILENAME); 223 if (filename) { 224 bios_size = load_image_targphys(filename, 0xfff00000LL, 225 MAGNUM_BIOS_SIZE); 226 g_free(filename); 227 } else { 228 bios_size = -1; 229 } 230 if ((bios_size < 0 || bios_size > MAGNUM_BIOS_SIZE) 231 && machine->firmware && !qtest_enabled()) { 232 error_report("Could not load MIPS bios '%s'", machine->firmware); 233 exit(1); 234 } 235 236 /* Init CPU internal devices */ 237 cpu_mips_irq_init_cpu(cpu); 238 cpu_mips_clock_init(cpu); 239 240 /* Chipset */ 241 rc4030 = rc4030_init(&dmas, &rc4030_dma_mr); 242 sysbus = SYS_BUS_DEVICE(rc4030); 243 sysbus_connect_irq(sysbus, 0, env->irq[6]); 244 sysbus_connect_irq(sysbus, 1, env->irq[3]); 245 memory_region_add_subregion(address_space, 0x80000000, 246 sysbus_mmio_get_region(sysbus, 0)); 247 memory_region_add_subregion(address_space, 0xf0000000, 248 sysbus_mmio_get_region(sysbus, 1)); 249 memory_region_init_io(dma_dummy, NULL, &dma_dummy_ops, 250 NULL, "dummy_dma", 0x1000); 251 memory_region_add_subregion(address_space, 0x8000d000, dma_dummy); 252 253 /* ISA bus: IO space at 0x90000000, mem space at 0x91000000 */ 254 memory_region_init(isa_io, NULL, "isa-io", 0x00010000); 255 memory_region_init(isa_mem, NULL, "isa-mem", 0x01000000); 256 memory_region_add_subregion(address_space, 0x90000000, isa_io); 257 memory_region_add_subregion(address_space, 0x91000000, isa_mem); 258 isa_bus = isa_bus_new(NULL, isa_mem, isa_io, &error_abort); 259 260 /* ISA devices */ 261 i8259 = i8259_init(isa_bus, env->irq[4]); 262 isa_bus_irqs(isa_bus, i8259); 263 i8257_dma_init(isa_bus, 0); 264 pit = i8254_pit_init(isa_bus, 0x40, 0, NULL); 265 pcspk_init(isa_new(TYPE_PC_SPEAKER), isa_bus, pit); 266 267 /* Video card */ 268 switch (jazz_model) { 269 case JAZZ_MAGNUM: 270 dev = qdev_new("sysbus-g364"); 271 sysbus = SYS_BUS_DEVICE(dev); 272 sysbus_realize_and_unref(sysbus, &error_fatal); 273 sysbus_mmio_map(sysbus, 0, 0x60080000); 274 sysbus_mmio_map(sysbus, 1, 0x40000000); 275 sysbus_connect_irq(sysbus, 0, qdev_get_gpio_in(rc4030, 3)); 276 { 277 /* Simple ROM, so user doesn't have to provide one */ 278 MemoryRegion *rom_mr = g_new(MemoryRegion, 1); 279 memory_region_init_rom(rom_mr, NULL, "g364fb.rom", 0x80000, 280 &error_fatal); 281 uint8_t *rom = memory_region_get_ram_ptr(rom_mr); 282 memory_region_add_subregion(address_space, 0x60000000, rom_mr); 283 rom[0] = 0x10; /* Mips G364 */ 284 } 285 break; 286 case JAZZ_PICA61: 287 isa_vga_mm_init(0x40000000, 0x60000000, 0, get_system_memory()); 288 break; 289 default: 290 break; 291 } 292 293 /* Network controller */ 294 for (n = 0; n < nb_nics; n++) { 295 nd = &nd_table[n]; 296 if (!nd->model) { 297 nd->model = g_strdup("dp83932"); 298 } 299 if (strcmp(nd->model, "dp83932") == 0) { 300 qemu_check_nic_model(nd, "dp83932"); 301 302 dev = qdev_new("dp8393x"); 303 qdev_set_nic_properties(dev, nd); 304 qdev_prop_set_uint8(dev, "it_shift", 2); 305 object_property_set_link(OBJECT(dev), "dma_mr", 306 OBJECT(rc4030_dma_mr), &error_abort); 307 sysbus = SYS_BUS_DEVICE(dev); 308 sysbus_realize_and_unref(sysbus, &error_fatal); 309 sysbus_mmio_map(sysbus, 0, 0x80001000); 310 sysbus_mmio_map(sysbus, 1, 0x8000b000); 311 sysbus_connect_irq(sysbus, 0, qdev_get_gpio_in(rc4030, 4)); 312 break; 313 } else if (is_help_option(nd->model)) { 314 error_report("Supported NICs: dp83932"); 315 exit(1); 316 } else { 317 error_report("Unsupported NIC: %s", nd->model); 318 exit(1); 319 } 320 } 321 322 /* SCSI adapter */ 323 dev = qdev_new(TYPE_ESP); 324 sysbus_esp = ESP(dev); 325 esp = &sysbus_esp->esp; 326 esp->dma_memory_read = rc4030_dma_read; 327 esp->dma_memory_write = rc4030_dma_write; 328 esp->dma_opaque = dmas[0]; 329 sysbus_esp->it_shift = 0; 330 /* XXX for now until rc4030 has been changed to use DMA enable signal */ 331 esp->dma_enabled = 1; 332 333 sysbus = SYS_BUS_DEVICE(dev); 334 sysbus_realize_and_unref(sysbus, &error_fatal); 335 sysbus_connect_irq(sysbus, 0, qdev_get_gpio_in(rc4030, 5)); 336 sysbus_mmio_map(sysbus, 0, 0x80002000); 337 338 scsi_bus_legacy_handle_cmdline(&esp->bus); 339 340 /* Floppy */ 341 for (n = 0; n < MAX_FD; n++) { 342 fds[n] = drive_get(IF_FLOPPY, 0, n); 343 } 344 /* FIXME: we should enable DMA with a custom IsaDma device */ 345 fdctrl_init_sysbus(qdev_get_gpio_in(rc4030, 1), -1, 0x80003000, fds); 346 347 /* Real time clock */ 348 mc146818_rtc_init(isa_bus, 1980, NULL); 349 memory_region_init_io(rtc, NULL, &rtc_ops, NULL, "rtc", 0x1000); 350 memory_region_add_subregion(address_space, 0x80004000, rtc); 351 352 /* Keyboard (i8042) */ 353 i8042_mm_init(qdev_get_gpio_in(rc4030, 6), qdev_get_gpio_in(rc4030, 7), 354 i8042, 0x1000, 0x1); 355 memory_region_add_subregion(address_space, 0x80005000, i8042); 356 357 /* Serial ports */ 358 if (serial_hd(0)) { 359 serial_mm_init(address_space, 0x80006000, 0, 360 qdev_get_gpio_in(rc4030, 8), 8000000 / 16, 361 serial_hd(0), DEVICE_NATIVE_ENDIAN); 362 } 363 if (serial_hd(1)) { 364 serial_mm_init(address_space, 0x80007000, 0, 365 qdev_get_gpio_in(rc4030, 9), 8000000 / 16, 366 serial_hd(1), DEVICE_NATIVE_ENDIAN); 367 } 368 369 /* Parallel port */ 370 if (parallel_hds[0]) 371 parallel_mm_init(address_space, 0x80008000, 0, 372 qdev_get_gpio_in(rc4030, 0), parallel_hds[0]); 373 374 /* FIXME: missing Jazz sound at 0x8000c000, rc4030[2] */ 375 376 /* NVRAM */ 377 dev = qdev_new("ds1225y"); 378 sysbus = SYS_BUS_DEVICE(dev); 379 sysbus_realize_and_unref(sysbus, &error_fatal); 380 sysbus_mmio_map(sysbus, 0, 0x80009000); 381 382 /* LED indicator */ 383 sysbus_create_simple("jazz-led", 0x8000f000, NULL); 384 385 g_free(dmas); 386 } 387 388 static 389 void mips_magnum_init(MachineState *machine) 390 { 391 mips_jazz_init(machine, JAZZ_MAGNUM); 392 } 393 394 static 395 void mips_pica61_init(MachineState *machine) 396 { 397 mips_jazz_init(machine, JAZZ_PICA61); 398 } 399 400 static void mips_magnum_class_init(ObjectClass *oc, void *data) 401 { 402 MachineClass *mc = MACHINE_CLASS(oc); 403 404 mc->desc = "MIPS Magnum"; 405 mc->init = mips_magnum_init; 406 mc->block_default_type = IF_SCSI; 407 mc->default_cpu_type = MIPS_CPU_TYPE_NAME("R4000"); 408 mc->default_ram_id = "mips_jazz.ram"; 409 } 410 411 static const TypeInfo mips_magnum_type = { 412 .name = MACHINE_TYPE_NAME("magnum"), 413 .parent = TYPE_MACHINE, 414 .class_init = mips_magnum_class_init, 415 }; 416 417 static void mips_pica61_class_init(ObjectClass *oc, void *data) 418 { 419 MachineClass *mc = MACHINE_CLASS(oc); 420 421 mc->desc = "Acer Pica 61"; 422 mc->init = mips_pica61_init; 423 mc->block_default_type = IF_SCSI; 424 mc->default_cpu_type = MIPS_CPU_TYPE_NAME("R4000"); 425 mc->default_ram_id = "mips_jazz.ram"; 426 } 427 428 static const TypeInfo mips_pica61_type = { 429 .name = MACHINE_TYPE_NAME("pica61"), 430 .parent = TYPE_MACHINE, 431 .class_init = mips_pica61_class_init, 432 }; 433 434 static void mips_jazz_machine_init(void) 435 { 436 type_register_static(&mips_magnum_type); 437 type_register_static(&mips_pica61_type); 438 } 439 440 type_init(mips_jazz_machine_init) 441