1 /* 2 * QEMU MIPS Jazz support 3 * 4 * Copyright (c) 2007-2008 Hervé Poussineau 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a copy 7 * of this software and associated documentation files (the "Software"), to deal 8 * in the Software without restriction, including without limitation the rights 9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 * copies of the Software, and to permit persons to whom the Software is 11 * furnished to do so, subject to the following conditions: 12 * 13 * The above copyright notice and this permission notice shall be included in 14 * all copies or substantial portions of the Software. 15 * 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 * THE SOFTWARE. 23 */ 24 25 #include "qemu/osdep.h" 26 #include "qemu-common.h" 27 #include "qemu/datadir.h" 28 #include "hw/clock.h" 29 #include "hw/mips/mips.h" 30 #include "hw/mips/cpudevs.h" 31 #include "hw/intc/i8259.h" 32 #include "hw/dma/i8257.h" 33 #include "hw/char/serial.h" 34 #include "hw/char/parallel.h" 35 #include "hw/isa/isa.h" 36 #include "hw/block/fdc.h" 37 #include "sysemu/sysemu.h" 38 #include "sysemu/arch_init.h" 39 #include "hw/boards.h" 40 #include "net/net.h" 41 #include "hw/scsi/esp.h" 42 #include "hw/mips/bios.h" 43 #include "hw/loader.h" 44 #include "hw/rtc/mc146818rtc.h" 45 #include "hw/timer/i8254.h" 46 #include "hw/display/vga.h" 47 #include "hw/audio/pcspk.h" 48 #include "hw/input/i8042.h" 49 #include "hw/sysbus.h" 50 #include "exec/address-spaces.h" 51 #include "sysemu/qtest.h" 52 #include "sysemu/reset.h" 53 #include "qapi/error.h" 54 #include "qemu/error-report.h" 55 #include "qemu/help_option.h" 56 57 enum jazz_model_e { 58 JAZZ_MAGNUM, 59 JAZZ_PICA61, 60 }; 61 62 static void main_cpu_reset(void *opaque) 63 { 64 MIPSCPU *cpu = opaque; 65 66 cpu_reset(CPU(cpu)); 67 } 68 69 static uint64_t rtc_read(void *opaque, hwaddr addr, unsigned size) 70 { 71 uint8_t val; 72 address_space_read(&address_space_memory, 0x90000071, 73 MEMTXATTRS_UNSPECIFIED, &val, 1); 74 return val; 75 } 76 77 static void rtc_write(void *opaque, hwaddr addr, 78 uint64_t val, unsigned size) 79 { 80 uint8_t buf = val & 0xff; 81 address_space_write(&address_space_memory, 0x90000071, 82 MEMTXATTRS_UNSPECIFIED, &buf, 1); 83 } 84 85 static const MemoryRegionOps rtc_ops = { 86 .read = rtc_read, 87 .write = rtc_write, 88 .endianness = DEVICE_NATIVE_ENDIAN, 89 }; 90 91 static uint64_t dma_dummy_read(void *opaque, hwaddr addr, 92 unsigned size) 93 { 94 /* 95 * Nothing to do. That is only to ensure that 96 * the current DMA acknowledge cycle is completed. 97 */ 98 return 0xff; 99 } 100 101 static void dma_dummy_write(void *opaque, hwaddr addr, 102 uint64_t val, unsigned size) 103 { 104 /* 105 * Nothing to do. That is only to ensure that 106 * the current DMA acknowledge cycle is completed. 107 */ 108 } 109 110 static const MemoryRegionOps dma_dummy_ops = { 111 .read = dma_dummy_read, 112 .write = dma_dummy_write, 113 .endianness = DEVICE_NATIVE_ENDIAN, 114 }; 115 116 #define MAGNUM_BIOS_SIZE_MAX 0x7e000 117 #define MAGNUM_BIOS_SIZE \ 118 (BIOS_SIZE < MAGNUM_BIOS_SIZE_MAX ? BIOS_SIZE : MAGNUM_BIOS_SIZE_MAX) 119 120 #if defined(CONFIG_TCG) && !defined(CONFIG_USER_ONLY) 121 static void (*real_do_transaction_failed)(CPUState *cpu, hwaddr physaddr, 122 vaddr addr, unsigned size, 123 MMUAccessType access_type, 124 int mmu_idx, MemTxAttrs attrs, 125 MemTxResult response, 126 uintptr_t retaddr); 127 128 static void mips_jazz_do_transaction_failed(CPUState *cs, hwaddr physaddr, 129 vaddr addr, unsigned size, 130 MMUAccessType access_type, 131 int mmu_idx, MemTxAttrs attrs, 132 MemTxResult response, 133 uintptr_t retaddr) 134 { 135 if (access_type != MMU_INST_FETCH) { 136 /* ignore invalid access (ie do not raise exception) */ 137 return; 138 } 139 (*real_do_transaction_failed)(cs, physaddr, addr, size, access_type, 140 mmu_idx, attrs, response, retaddr); 141 } 142 #endif /* CONFIG_TCG && !CONFIG_USER_ONLY */ 143 144 static void mips_jazz_init(MachineState *machine, 145 enum jazz_model_e jazz_model) 146 { 147 MemoryRegion *address_space = get_system_memory(); 148 char *filename; 149 int bios_size, n; 150 Clock *cpuclk; 151 MIPSCPU *cpu; 152 CPUClass *cc; 153 CPUMIPSState *env; 154 qemu_irq *i8259; 155 rc4030_dma *dmas; 156 IOMMUMemoryRegion *rc4030_dma_mr; 157 MemoryRegion *isa_mem = g_new(MemoryRegion, 1); 158 MemoryRegion *isa_io = g_new(MemoryRegion, 1); 159 MemoryRegion *rtc = g_new(MemoryRegion, 1); 160 MemoryRegion *i8042 = g_new(MemoryRegion, 1); 161 MemoryRegion *dma_dummy = g_new(MemoryRegion, 1); 162 NICInfo *nd; 163 DeviceState *dev, *rc4030; 164 SysBusDevice *sysbus; 165 ISABus *isa_bus; 166 ISADevice *pit; 167 DriveInfo *fds[MAX_FD]; 168 MemoryRegion *bios = g_new(MemoryRegion, 1); 169 MemoryRegion *bios2 = g_new(MemoryRegion, 1); 170 SysBusESPState *sysbus_esp; 171 ESPState *esp; 172 static const struct { 173 unsigned freq_hz; 174 unsigned pll_mult; 175 } ext_clk[] = { 176 [JAZZ_MAGNUM] = {50000000, 2}, 177 [JAZZ_PICA61] = {33333333, 4}, 178 }; 179 180 if (machine->ram_size > 256 * MiB) { 181 error_report("RAM size more than 256Mb is not supported"); 182 exit(EXIT_FAILURE); 183 } 184 185 cpuclk = clock_new(OBJECT(machine), "cpu-refclk"); 186 clock_set_hz(cpuclk, ext_clk[jazz_model].freq_hz 187 * ext_clk[jazz_model].pll_mult); 188 189 /* init CPUs */ 190 cpu = mips_cpu_create_with_clock(machine->cpu_type, cpuclk); 191 env = &cpu->env; 192 qemu_register_reset(main_cpu_reset, cpu); 193 194 /* 195 * Chipset returns 0 in invalid reads and do not raise data exceptions. 196 * However, we can't simply add a global memory region to catch 197 * everything, as this would make all accesses including instruction 198 * accesses be ignored and not raise exceptions. 199 * So instead we hijack the do_transaction_failed method on the CPU, and 200 * do not raise exceptions for data access. 201 * 202 * NOTE: this behaviour of raising exceptions for bad instruction 203 * fetches but not bad data accesses was added in commit 54e755588cf1e9 204 * to restore behaviour broken by c658b94f6e8c206, but it is not clear 205 * whether the real hardware behaves this way. It is possible that 206 * real hardware ignores bad instruction fetches as well -- if so then 207 * we could replace this hijacking of CPU methods with a simple global 208 * memory region that catches all memory accesses, as we do on Malta. 209 */ 210 cc = CPU_GET_CLASS(cpu); 211 #if defined(CONFIG_TCG) && !defined(CONFIG_USER_ONLY) 212 real_do_transaction_failed = cc->tcg_ops.do_transaction_failed; 213 cc->tcg_ops.do_transaction_failed = mips_jazz_do_transaction_failed; 214 #endif /* CONFIG_TCG && !CONFIG_USER_ONLY */ 215 216 /* allocate RAM */ 217 memory_region_add_subregion(address_space, 0, machine->ram); 218 219 memory_region_init_rom(bios, NULL, "mips_jazz.bios", MAGNUM_BIOS_SIZE, 220 &error_fatal); 221 memory_region_init_alias(bios2, NULL, "mips_jazz.bios", bios, 222 0, MAGNUM_BIOS_SIZE); 223 memory_region_add_subregion(address_space, 0x1fc00000LL, bios); 224 memory_region_add_subregion(address_space, 0xfff00000LL, bios2); 225 226 /* load the BIOS image. */ 227 filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, machine->firmware ?: BIOS_FILENAME); 228 if (filename) { 229 bios_size = load_image_targphys(filename, 0xfff00000LL, 230 MAGNUM_BIOS_SIZE); 231 g_free(filename); 232 } else { 233 bios_size = -1; 234 } 235 if ((bios_size < 0 || bios_size > MAGNUM_BIOS_SIZE) 236 && machine->firmware && !qtest_enabled()) { 237 error_report("Could not load MIPS bios '%s'", machine->firmware); 238 exit(1); 239 } 240 241 /* Init CPU internal devices */ 242 cpu_mips_irq_init_cpu(cpu); 243 cpu_mips_clock_init(cpu); 244 245 /* Chipset */ 246 rc4030 = rc4030_init(&dmas, &rc4030_dma_mr); 247 sysbus = SYS_BUS_DEVICE(rc4030); 248 sysbus_connect_irq(sysbus, 0, env->irq[6]); 249 sysbus_connect_irq(sysbus, 1, env->irq[3]); 250 memory_region_add_subregion(address_space, 0x80000000, 251 sysbus_mmio_get_region(sysbus, 0)); 252 memory_region_add_subregion(address_space, 0xf0000000, 253 sysbus_mmio_get_region(sysbus, 1)); 254 memory_region_init_io(dma_dummy, NULL, &dma_dummy_ops, 255 NULL, "dummy_dma", 0x1000); 256 memory_region_add_subregion(address_space, 0x8000d000, dma_dummy); 257 258 /* ISA bus: IO space at 0x90000000, mem space at 0x91000000 */ 259 memory_region_init(isa_io, NULL, "isa-io", 0x00010000); 260 memory_region_init(isa_mem, NULL, "isa-mem", 0x01000000); 261 memory_region_add_subregion(address_space, 0x90000000, isa_io); 262 memory_region_add_subregion(address_space, 0x91000000, isa_mem); 263 isa_bus = isa_bus_new(NULL, isa_mem, isa_io, &error_abort); 264 265 /* ISA devices */ 266 i8259 = i8259_init(isa_bus, env->irq[4]); 267 isa_bus_irqs(isa_bus, i8259); 268 i8257_dma_init(isa_bus, 0); 269 pit = i8254_pit_init(isa_bus, 0x40, 0, NULL); 270 pcspk_init(isa_new(TYPE_PC_SPEAKER), isa_bus, pit); 271 272 /* Video card */ 273 switch (jazz_model) { 274 case JAZZ_MAGNUM: 275 dev = qdev_new("sysbus-g364"); 276 sysbus = SYS_BUS_DEVICE(dev); 277 sysbus_realize_and_unref(sysbus, &error_fatal); 278 sysbus_mmio_map(sysbus, 0, 0x60080000); 279 sysbus_mmio_map(sysbus, 1, 0x40000000); 280 sysbus_connect_irq(sysbus, 0, qdev_get_gpio_in(rc4030, 3)); 281 { 282 /* Simple ROM, so user doesn't have to provide one */ 283 MemoryRegion *rom_mr = g_new(MemoryRegion, 1); 284 memory_region_init_rom(rom_mr, NULL, "g364fb.rom", 0x80000, 285 &error_fatal); 286 uint8_t *rom = memory_region_get_ram_ptr(rom_mr); 287 memory_region_add_subregion(address_space, 0x60000000, rom_mr); 288 rom[0] = 0x10; /* Mips G364 */ 289 } 290 break; 291 case JAZZ_PICA61: 292 isa_vga_mm_init(0x40000000, 0x60000000, 0, get_system_memory()); 293 break; 294 default: 295 break; 296 } 297 298 /* Network controller */ 299 for (n = 0; n < nb_nics; n++) { 300 nd = &nd_table[n]; 301 if (!nd->model) { 302 nd->model = g_strdup("dp83932"); 303 } 304 if (strcmp(nd->model, "dp83932") == 0) { 305 qemu_check_nic_model(nd, "dp83932"); 306 307 dev = qdev_new("dp8393x"); 308 qdev_set_nic_properties(dev, nd); 309 qdev_prop_set_uint8(dev, "it_shift", 2); 310 object_property_set_link(OBJECT(dev), "dma_mr", 311 OBJECT(rc4030_dma_mr), &error_abort); 312 sysbus = SYS_BUS_DEVICE(dev); 313 sysbus_realize_and_unref(sysbus, &error_fatal); 314 sysbus_mmio_map(sysbus, 0, 0x80001000); 315 sysbus_mmio_map(sysbus, 1, 0x8000b000); 316 sysbus_connect_irq(sysbus, 0, qdev_get_gpio_in(rc4030, 4)); 317 break; 318 } else if (is_help_option(nd->model)) { 319 error_report("Supported NICs: dp83932"); 320 exit(1); 321 } else { 322 error_report("Unsupported NIC: %s", nd->model); 323 exit(1); 324 } 325 } 326 327 /* SCSI adapter */ 328 dev = qdev_new(TYPE_ESP); 329 sysbus_esp = ESP(dev); 330 esp = &sysbus_esp->esp; 331 esp->dma_memory_read = rc4030_dma_read; 332 esp->dma_memory_write = rc4030_dma_write; 333 esp->dma_opaque = dmas[0]; 334 sysbus_esp->it_shift = 0; 335 /* XXX for now until rc4030 has been changed to use DMA enable signal */ 336 esp->dma_enabled = 1; 337 338 sysbus = SYS_BUS_DEVICE(dev); 339 sysbus_realize_and_unref(sysbus, &error_fatal); 340 sysbus_connect_irq(sysbus, 0, qdev_get_gpio_in(rc4030, 5)); 341 sysbus_mmio_map(sysbus, 0, 0x80002000); 342 343 scsi_bus_legacy_handle_cmdline(&esp->bus); 344 345 /* Floppy */ 346 for (n = 0; n < MAX_FD; n++) { 347 fds[n] = drive_get(IF_FLOPPY, 0, n); 348 } 349 /* FIXME: we should enable DMA with a custom IsaDma device */ 350 fdctrl_init_sysbus(qdev_get_gpio_in(rc4030, 1), -1, 0x80003000, fds); 351 352 /* Real time clock */ 353 mc146818_rtc_init(isa_bus, 1980, NULL); 354 memory_region_init_io(rtc, NULL, &rtc_ops, NULL, "rtc", 0x1000); 355 memory_region_add_subregion(address_space, 0x80004000, rtc); 356 357 /* Keyboard (i8042) */ 358 i8042_mm_init(qdev_get_gpio_in(rc4030, 6), qdev_get_gpio_in(rc4030, 7), 359 i8042, 0x1000, 0x1); 360 memory_region_add_subregion(address_space, 0x80005000, i8042); 361 362 /* Serial ports */ 363 if (serial_hd(0)) { 364 serial_mm_init(address_space, 0x80006000, 0, 365 qdev_get_gpio_in(rc4030, 8), 8000000 / 16, 366 serial_hd(0), DEVICE_NATIVE_ENDIAN); 367 } 368 if (serial_hd(1)) { 369 serial_mm_init(address_space, 0x80007000, 0, 370 qdev_get_gpio_in(rc4030, 9), 8000000 / 16, 371 serial_hd(1), DEVICE_NATIVE_ENDIAN); 372 } 373 374 /* Parallel port */ 375 if (parallel_hds[0]) 376 parallel_mm_init(address_space, 0x80008000, 0, 377 qdev_get_gpio_in(rc4030, 0), parallel_hds[0]); 378 379 /* FIXME: missing Jazz sound at 0x8000c000, rc4030[2] */ 380 381 /* NVRAM */ 382 dev = qdev_new("ds1225y"); 383 sysbus = SYS_BUS_DEVICE(dev); 384 sysbus_realize_and_unref(sysbus, &error_fatal); 385 sysbus_mmio_map(sysbus, 0, 0x80009000); 386 387 /* LED indicator */ 388 sysbus_create_simple("jazz-led", 0x8000f000, NULL); 389 390 g_free(dmas); 391 } 392 393 static 394 void mips_magnum_init(MachineState *machine) 395 { 396 mips_jazz_init(machine, JAZZ_MAGNUM); 397 } 398 399 static 400 void mips_pica61_init(MachineState *machine) 401 { 402 mips_jazz_init(machine, JAZZ_PICA61); 403 } 404 405 static void mips_magnum_class_init(ObjectClass *oc, void *data) 406 { 407 MachineClass *mc = MACHINE_CLASS(oc); 408 409 mc->desc = "MIPS Magnum"; 410 mc->init = mips_magnum_init; 411 mc->block_default_type = IF_SCSI; 412 mc->default_cpu_type = MIPS_CPU_TYPE_NAME("R4000"); 413 mc->default_ram_id = "mips_jazz.ram"; 414 } 415 416 static const TypeInfo mips_magnum_type = { 417 .name = MACHINE_TYPE_NAME("magnum"), 418 .parent = TYPE_MACHINE, 419 .class_init = mips_magnum_class_init, 420 }; 421 422 static void mips_pica61_class_init(ObjectClass *oc, void *data) 423 { 424 MachineClass *mc = MACHINE_CLASS(oc); 425 426 mc->desc = "Acer Pica 61"; 427 mc->init = mips_pica61_init; 428 mc->block_default_type = IF_SCSI; 429 mc->default_cpu_type = MIPS_CPU_TYPE_NAME("R4000"); 430 mc->default_ram_id = "mips_jazz.ram"; 431 } 432 433 static const TypeInfo mips_pica61_type = { 434 .name = MACHINE_TYPE_NAME("pica61"), 435 .parent = TYPE_MACHINE, 436 .class_init = mips_pica61_class_init, 437 }; 438 439 static void mips_jazz_machine_init(void) 440 { 441 type_register_static(&mips_magnum_type); 442 type_register_static(&mips_pica61_type); 443 } 444 445 type_init(mips_jazz_machine_init) 446