1 /* 2 * QEMU PowerPC CHRP (currently NewWorld PowerMac) hardware System Emulator 3 * 4 * Copyright (c) 2004-2007 Fabrice Bellard 5 * Copyright (c) 2007 Jocelyn Mayer 6 * 7 * Permission is hereby granted, free of charge, to any person obtaining a copy 8 * of this software and associated documentation files (the "Software"), to deal 9 * in the Software without restriction, including without limitation the rights 10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 * copies of the Software, and to permit persons to whom the Software is 12 * furnished to do so, subject to the following conditions: 13 * 14 * The above copyright notice and this permission notice shall be included in 15 * all copies or substantial portions of the Software. 16 * 17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 23 * THE SOFTWARE. 24 * 25 * PCI bus layout on a real G5 (U3 based): 26 * 27 * 0000:f0:0b.0 Host bridge [0600]: Apple Computer Inc. U3 AGP [106b:004b] 28 * 0000:f0:10.0 VGA compatible controller [0300]: ATI Technologies Inc RV350 AP [Radeon 9600] [1002:4150] 29 * 0001:00:00.0 Host bridge [0600]: Apple Computer Inc. CPC945 HT Bridge [106b:004a] 30 * 0001:00:01.0 PCI bridge [0604]: Advanced Micro Devices [AMD] AMD-8131 PCI-X Bridge [1022:7450] (rev 12) 31 * 0001:00:02.0 PCI bridge [0604]: Advanced Micro Devices [AMD] AMD-8131 PCI-X Bridge [1022:7450] (rev 12) 32 * 0001:00:03.0 PCI bridge [0604]: Apple Computer Inc. K2 HT-PCI Bridge [106b:0045] 33 * 0001:00:04.0 PCI bridge [0604]: Apple Computer Inc. K2 HT-PCI Bridge [106b:0046] 34 * 0001:00:05.0 PCI bridge [0604]: Apple Computer Inc. K2 HT-PCI Bridge [106b:0047] 35 * 0001:00:06.0 PCI bridge [0604]: Apple Computer Inc. K2 HT-PCI Bridge [106b:0048] 36 * 0001:00:07.0 PCI bridge [0604]: Apple Computer Inc. K2 HT-PCI Bridge [106b:0049] 37 * 0001:01:07.0 Class [ff00]: Apple Computer Inc. K2 KeyLargo Mac/IO [106b:0041] (rev 20) 38 * 0001:01:08.0 USB Controller [0c03]: Apple Computer Inc. K2 KeyLargo USB [106b:0040] 39 * 0001:01:09.0 USB Controller [0c03]: Apple Computer Inc. K2 KeyLargo USB [106b:0040] 40 * 0001:02:0b.0 USB Controller [0c03]: NEC Corporation USB [1033:0035] (rev 43) 41 * 0001:02:0b.1 USB Controller [0c03]: NEC Corporation USB [1033:0035] (rev 43) 42 * 0001:02:0b.2 USB Controller [0c03]: NEC Corporation USB 2.0 [1033:00e0] (rev 04) 43 * 0001:03:0d.0 Class [ff00]: Apple Computer Inc. K2 ATA/100 [106b:0043] 44 * 0001:03:0e.0 FireWire (IEEE 1394) [0c00]: Apple Computer Inc. K2 FireWire [106b:0042] 45 * 0001:04:0f.0 Ethernet controller [0200]: Apple Computer Inc. K2 GMAC (Sun GEM) [106b:004c] 46 * 0001:05:0c.0 IDE interface [0101]: Broadcom K2 SATA [1166:0240] 47 * 48 */ 49 #include "hw/hw.h" 50 #include "hw/ppc/ppc.h" 51 #include "hw/ppc/mac.h" 52 #include "hw/input/adb.h" 53 #include "hw/ppc/mac_dbdma.h" 54 #include "hw/timer/m48t59.h" 55 #include "hw/pci/pci.h" 56 #include "net/net.h" 57 #include "sysemu/sysemu.h" 58 #include "hw/boards.h" 59 #include "hw/nvram/fw_cfg.h" 60 #include "hw/char/escc.h" 61 #include "hw/ppc/openpic.h" 62 #include "hw/ide.h" 63 #include "hw/loader.h" 64 #include "elf.h" 65 #include "sysemu/kvm.h" 66 #include "kvm_ppc.h" 67 #include "hw/usb.h" 68 #include "sysemu/blockdev.h" 69 #include "exec/address-spaces.h" 70 #include "hw/sysbus.h" 71 72 #define MAX_IDE_BUS 2 73 #define CFG_ADDR 0xf0000510 74 #define TBFREQ (100UL * 1000UL * 1000UL) 75 76 /* debug UniNorth */ 77 //#define DEBUG_UNIN 78 79 #ifdef DEBUG_UNIN 80 #define UNIN_DPRINTF(fmt, ...) \ 81 do { printf("UNIN: " fmt , ## __VA_ARGS__); } while (0) 82 #else 83 #define UNIN_DPRINTF(fmt, ...) 84 #endif 85 86 /* UniN device */ 87 static void unin_write(void *opaque, hwaddr addr, uint64_t value, 88 unsigned size) 89 { 90 UNIN_DPRINTF("write addr " TARGET_FMT_plx " val %"PRIx64"\n", addr, value); 91 if (addr == 0x0) { 92 *(int*)opaque = value; 93 } 94 } 95 96 static uint64_t unin_read(void *opaque, hwaddr addr, unsigned size) 97 { 98 uint32_t value; 99 100 value = 0; 101 switch (addr) { 102 case 0: 103 value = *(int*)opaque; 104 } 105 106 UNIN_DPRINTF("readl addr " TARGET_FMT_plx " val %x\n", addr, value); 107 108 return value; 109 } 110 111 static const MemoryRegionOps unin_ops = { 112 .read = unin_read, 113 .write = unin_write, 114 .endianness = DEVICE_NATIVE_ENDIAN, 115 }; 116 117 static int fw_cfg_boot_set(void *opaque, const char *boot_device) 118 { 119 fw_cfg_add_i16(opaque, FW_CFG_BOOT_DEVICE, boot_device[0]); 120 return 0; 121 } 122 123 static uint64_t translate_kernel_address(void *opaque, uint64_t addr) 124 { 125 return (addr & 0x0fffffff) + KERNEL_LOAD_ADDR; 126 } 127 128 static hwaddr round_page(hwaddr addr) 129 { 130 return (addr + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK; 131 } 132 133 static void ppc_core99_reset(void *opaque) 134 { 135 PowerPCCPU *cpu = opaque; 136 137 cpu_reset(CPU(cpu)); 138 /* 970 CPUs want to get their initial IP as part of their boot protocol */ 139 cpu->env.nip = PROM_ADDR + 0x100; 140 } 141 142 /* PowerPC Mac99 hardware initialisation */ 143 static void ppc_core99_init(QEMUMachineInitArgs *args) 144 { 145 ram_addr_t ram_size = args->ram_size; 146 const char *cpu_model = args->cpu_model; 147 const char *kernel_filename = args->kernel_filename; 148 const char *kernel_cmdline = args->kernel_cmdline; 149 const char *initrd_filename = args->initrd_filename; 150 const char *boot_device = args->boot_device; 151 PowerPCCPU *cpu = NULL; 152 CPUPPCState *env = NULL; 153 char *filename; 154 qemu_irq *pic, **openpic_irqs; 155 MemoryRegion *unin_memory = g_new(MemoryRegion, 1); 156 MemoryRegion *unin2_memory = g_new(MemoryRegion, 1); 157 int linux_boot, i, j, k; 158 MemoryRegion *ram = g_new(MemoryRegion, 1), *bios = g_new(MemoryRegion, 1); 159 hwaddr kernel_base, initrd_base, cmdline_base = 0; 160 long kernel_size, initrd_size; 161 PCIBus *pci_bus; 162 PCIDevice *macio; 163 MACIOIDEState *macio_ide; 164 BusState *adb_bus; 165 MacIONVRAMState *nvr; 166 int bios_size; 167 MemoryRegion *pic_mem, *escc_mem; 168 MemoryRegion *escc_bar = g_new(MemoryRegion, 1); 169 int ppc_boot_device; 170 DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS]; 171 void *fw_cfg; 172 int machine_arch; 173 SysBusDevice *s; 174 DeviceState *dev; 175 int *token = g_new(int, 1); 176 177 linux_boot = (kernel_filename != NULL); 178 179 /* init CPUs */ 180 if (cpu_model == NULL) 181 #ifdef TARGET_PPC64 182 cpu_model = "970fx"; 183 #else 184 cpu_model = "G4"; 185 #endif 186 for (i = 0; i < smp_cpus; i++) { 187 cpu = cpu_ppc_init(cpu_model); 188 if (cpu == NULL) { 189 fprintf(stderr, "Unable to find PowerPC CPU definition\n"); 190 exit(1); 191 } 192 env = &cpu->env; 193 194 /* Set time-base frequency to 100 Mhz */ 195 cpu_ppc_tb_init(env, TBFREQ); 196 qemu_register_reset(ppc_core99_reset, cpu); 197 } 198 199 /* allocate RAM */ 200 memory_region_init_ram(ram, NULL, "ppc_core99.ram", ram_size); 201 vmstate_register_ram_global(ram); 202 memory_region_add_subregion(get_system_memory(), 0, ram); 203 204 /* allocate and load BIOS */ 205 memory_region_init_ram(bios, NULL, "ppc_core99.bios", BIOS_SIZE); 206 vmstate_register_ram_global(bios); 207 if (bios_name == NULL) 208 bios_name = PROM_FILENAME; 209 filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name); 210 memory_region_set_readonly(bios, true); 211 memory_region_add_subregion(get_system_memory(), PROM_ADDR, bios); 212 213 /* Load OpenBIOS (ELF) */ 214 if (filename) { 215 bios_size = load_elf(filename, NULL, NULL, NULL, 216 NULL, NULL, 1, ELF_MACHINE, 0); 217 218 g_free(filename); 219 } else { 220 bios_size = -1; 221 } 222 if (bios_size < 0 || bios_size > BIOS_SIZE) { 223 hw_error("qemu: could not load PowerPC bios '%s'\n", bios_name); 224 exit(1); 225 } 226 227 if (linux_boot) { 228 uint64_t lowaddr = 0; 229 int bswap_needed; 230 231 #ifdef BSWAP_NEEDED 232 bswap_needed = 1; 233 #else 234 bswap_needed = 0; 235 #endif 236 kernel_base = KERNEL_LOAD_ADDR; 237 238 kernel_size = load_elf(kernel_filename, translate_kernel_address, NULL, 239 NULL, &lowaddr, NULL, 1, ELF_MACHINE, 0); 240 if (kernel_size < 0) 241 kernel_size = load_aout(kernel_filename, kernel_base, 242 ram_size - kernel_base, bswap_needed, 243 TARGET_PAGE_SIZE); 244 if (kernel_size < 0) 245 kernel_size = load_image_targphys(kernel_filename, 246 kernel_base, 247 ram_size - kernel_base); 248 if (kernel_size < 0) { 249 hw_error("qemu: could not load kernel '%s'\n", kernel_filename); 250 exit(1); 251 } 252 /* load initrd */ 253 if (initrd_filename) { 254 initrd_base = round_page(kernel_base + kernel_size + KERNEL_GAP); 255 initrd_size = load_image_targphys(initrd_filename, initrd_base, 256 ram_size - initrd_base); 257 if (initrd_size < 0) { 258 hw_error("qemu: could not load initial ram disk '%s'\n", 259 initrd_filename); 260 exit(1); 261 } 262 cmdline_base = round_page(initrd_base + initrd_size); 263 } else { 264 initrd_base = 0; 265 initrd_size = 0; 266 cmdline_base = round_page(kernel_base + kernel_size + KERNEL_GAP); 267 } 268 ppc_boot_device = 'm'; 269 } else { 270 kernel_base = 0; 271 kernel_size = 0; 272 initrd_base = 0; 273 initrd_size = 0; 274 ppc_boot_device = '\0'; 275 /* We consider that NewWorld PowerMac never have any floppy drive 276 * For now, OHW cannot boot from the network. 277 */ 278 for (i = 0; boot_device[i] != '\0'; i++) { 279 if (boot_device[i] >= 'c' && boot_device[i] <= 'f') { 280 ppc_boot_device = boot_device[i]; 281 break; 282 } 283 } 284 if (ppc_boot_device == '\0') { 285 fprintf(stderr, "No valid boot device for Mac99 machine\n"); 286 exit(1); 287 } 288 } 289 290 /* Register 8 MB of ISA IO space */ 291 isa_mmio_init(0xf2000000, 0x00800000); 292 293 /* UniN init: XXX should be a real device */ 294 memory_region_init_io(unin_memory, NULL, &unin_ops, token, "unin", 0x1000); 295 memory_region_add_subregion(get_system_memory(), 0xf8000000, unin_memory); 296 297 memory_region_init_io(unin2_memory, NULL, &unin_ops, token, "unin", 0x1000); 298 memory_region_add_subregion(get_system_memory(), 0xf3000000, unin2_memory); 299 300 openpic_irqs = g_malloc0(smp_cpus * sizeof(qemu_irq *)); 301 openpic_irqs[0] = 302 g_malloc0(smp_cpus * sizeof(qemu_irq) * OPENPIC_OUTPUT_NB); 303 for (i = 0; i < smp_cpus; i++) { 304 /* Mac99 IRQ connection between OpenPIC outputs pins 305 * and PowerPC input pins 306 */ 307 switch (PPC_INPUT(env)) { 308 case PPC_FLAGS_INPUT_6xx: 309 openpic_irqs[i] = openpic_irqs[0] + (i * OPENPIC_OUTPUT_NB); 310 openpic_irqs[i][OPENPIC_OUTPUT_INT] = 311 ((qemu_irq *)env->irq_inputs)[PPC6xx_INPUT_INT]; 312 openpic_irqs[i][OPENPIC_OUTPUT_CINT] = 313 ((qemu_irq *)env->irq_inputs)[PPC6xx_INPUT_INT]; 314 openpic_irqs[i][OPENPIC_OUTPUT_MCK] = 315 ((qemu_irq *)env->irq_inputs)[PPC6xx_INPUT_MCP]; 316 /* Not connected ? */ 317 openpic_irqs[i][OPENPIC_OUTPUT_DEBUG] = NULL; 318 /* Check this */ 319 openpic_irqs[i][OPENPIC_OUTPUT_RESET] = 320 ((qemu_irq *)env->irq_inputs)[PPC6xx_INPUT_HRESET]; 321 break; 322 #if defined(TARGET_PPC64) 323 case PPC_FLAGS_INPUT_970: 324 openpic_irqs[i] = openpic_irqs[0] + (i * OPENPIC_OUTPUT_NB); 325 openpic_irqs[i][OPENPIC_OUTPUT_INT] = 326 ((qemu_irq *)env->irq_inputs)[PPC970_INPUT_INT]; 327 openpic_irqs[i][OPENPIC_OUTPUT_CINT] = 328 ((qemu_irq *)env->irq_inputs)[PPC970_INPUT_INT]; 329 openpic_irqs[i][OPENPIC_OUTPUT_MCK] = 330 ((qemu_irq *)env->irq_inputs)[PPC970_INPUT_MCP]; 331 /* Not connected ? */ 332 openpic_irqs[i][OPENPIC_OUTPUT_DEBUG] = NULL; 333 /* Check this */ 334 openpic_irqs[i][OPENPIC_OUTPUT_RESET] = 335 ((qemu_irq *)env->irq_inputs)[PPC970_INPUT_HRESET]; 336 break; 337 #endif /* defined(TARGET_PPC64) */ 338 default: 339 hw_error("Bus model not supported on mac99 machine\n"); 340 exit(1); 341 } 342 } 343 344 pic = g_new(qemu_irq, 64); 345 346 dev = qdev_create(NULL, TYPE_OPENPIC); 347 qdev_prop_set_uint32(dev, "model", OPENPIC_MODEL_RAVEN); 348 qdev_init_nofail(dev); 349 s = SYS_BUS_DEVICE(dev); 350 pic_mem = s->mmio[0].memory; 351 k = 0; 352 for (i = 0; i < smp_cpus; i++) { 353 for (j = 0; j < OPENPIC_OUTPUT_NB; j++) { 354 sysbus_connect_irq(s, k++, openpic_irqs[i][j]); 355 } 356 } 357 358 for (i = 0; i < 64; i++) { 359 pic[i] = qdev_get_gpio_in(dev, i); 360 } 361 362 if (PPC_INPUT(env) == PPC_FLAGS_INPUT_970) { 363 /* 970 gets a U3 bus */ 364 pci_bus = pci_pmac_u3_init(pic, get_system_memory(), get_system_io()); 365 machine_arch = ARCH_MAC99_U3; 366 } else { 367 pci_bus = pci_pmac_init(pic, get_system_memory(), get_system_io()); 368 machine_arch = ARCH_MAC99; 369 } 370 /* init basic PC hardware */ 371 pci_vga_init(pci_bus); 372 373 escc_mem = escc_init(0, pic[0x25], pic[0x24], 374 serial_hds[0], serial_hds[1], ESCC_CLOCK, 4); 375 memory_region_init_alias(escc_bar, NULL, "escc-bar", 376 escc_mem, 0, memory_region_size(escc_mem)); 377 378 for(i = 0; i < nb_nics; i++) 379 pci_nic_init_nofail(&nd_table[i], pci_bus, "ne2k_pci", NULL); 380 381 ide_drive_get(hd, MAX_IDE_BUS); 382 383 macio = pci_create(pci_bus, -1, TYPE_NEWWORLD_MACIO); 384 dev = DEVICE(macio); 385 qdev_connect_gpio_out(dev, 0, pic[0x19]); /* CUDA */ 386 qdev_connect_gpio_out(dev, 1, pic[0x0d]); /* IDE */ 387 qdev_connect_gpio_out(dev, 2, pic[0x02]); /* IDE DMA */ 388 qdev_connect_gpio_out(dev, 3, pic[0x0e]); /* IDE */ 389 qdev_connect_gpio_out(dev, 4, pic[0x03]); /* IDE DMA */ 390 macio_init(macio, pic_mem, escc_bar); 391 392 /* We only emulate 2 out of 3 IDE controllers for now */ 393 macio_ide = MACIO_IDE(object_resolve_path_component(OBJECT(macio), 394 "ide[0]")); 395 macio_ide_init_drives(macio_ide, hd); 396 397 macio_ide = MACIO_IDE(object_resolve_path_component(OBJECT(macio), 398 "ide[1]")); 399 macio_ide_init_drives(macio_ide, &hd[MAX_IDE_DEVS]); 400 401 dev = DEVICE(object_resolve_path_component(OBJECT(macio), "cuda")); 402 adb_bus = qdev_get_child_bus(dev, "adb.0"); 403 dev = qdev_create(adb_bus, TYPE_ADB_KEYBOARD); 404 qdev_init_nofail(dev); 405 dev = qdev_create(adb_bus, TYPE_ADB_MOUSE); 406 qdev_init_nofail(dev); 407 408 if (usb_enabled(machine_arch == ARCH_MAC99_U3)) { 409 pci_create_simple(pci_bus, -1, "pci-ohci"); 410 /* U3 needs to use USB for input because Linux doesn't support via-cuda 411 on PPC64 */ 412 if (machine_arch == ARCH_MAC99_U3) { 413 usbdevice_create("keyboard"); 414 usbdevice_create("mouse"); 415 } 416 } 417 418 if (graphic_depth != 15 && graphic_depth != 32 && graphic_depth != 8) 419 graphic_depth = 15; 420 421 /* The NewWorld NVRAM is not located in the MacIO device */ 422 dev = qdev_create(NULL, TYPE_MACIO_NVRAM); 423 qdev_prop_set_uint32(dev, "size", 0x2000); 424 qdev_prop_set_uint32(dev, "it_shift", 1); 425 qdev_init_nofail(dev); 426 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, 0xFFF04000); 427 nvr = MACIO_NVRAM(dev); 428 pmac_format_nvram_partition(nvr, 0x2000); 429 /* No PCI init: the BIOS will do it */ 430 431 fw_cfg = fw_cfg_init(0, 0, CFG_ADDR, CFG_ADDR + 2); 432 fw_cfg_add_i16(fw_cfg, FW_CFG_MAX_CPUS, (uint16_t)max_cpus); 433 fw_cfg_add_i32(fw_cfg, FW_CFG_ID, 1); 434 fw_cfg_add_i64(fw_cfg, FW_CFG_RAM_SIZE, (uint64_t)ram_size); 435 fw_cfg_add_i16(fw_cfg, FW_CFG_MACHINE_ID, machine_arch); 436 fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ADDR, kernel_base); 437 fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_SIZE, kernel_size); 438 if (kernel_cmdline) { 439 fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_CMDLINE, cmdline_base); 440 pstrcpy_targphys("cmdline", cmdline_base, TARGET_PAGE_SIZE, kernel_cmdline); 441 } else { 442 fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_CMDLINE, 0); 443 } 444 fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_ADDR, initrd_base); 445 fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_SIZE, initrd_size); 446 fw_cfg_add_i16(fw_cfg, FW_CFG_BOOT_DEVICE, ppc_boot_device); 447 448 fw_cfg_add_i16(fw_cfg, FW_CFG_PPC_WIDTH, graphic_width); 449 fw_cfg_add_i16(fw_cfg, FW_CFG_PPC_HEIGHT, graphic_height); 450 fw_cfg_add_i16(fw_cfg, FW_CFG_PPC_DEPTH, graphic_depth); 451 452 fw_cfg_add_i32(fw_cfg, FW_CFG_PPC_IS_KVM, kvm_enabled()); 453 if (kvm_enabled()) { 454 #ifdef CONFIG_KVM 455 uint8_t *hypercall; 456 457 fw_cfg_add_i32(fw_cfg, FW_CFG_PPC_TBFREQ, kvmppc_get_tbfreq()); 458 hypercall = g_malloc(16); 459 kvmppc_get_hypercall(env, hypercall, 16); 460 fw_cfg_add_bytes(fw_cfg, FW_CFG_PPC_KVM_HC, hypercall, 16); 461 fw_cfg_add_i32(fw_cfg, FW_CFG_PPC_KVM_PID, getpid()); 462 #endif 463 } else { 464 fw_cfg_add_i32(fw_cfg, FW_CFG_PPC_TBFREQ, TBFREQ); 465 } 466 /* Mac OS X requires a "known good" clock-frequency value; pass it one. */ 467 fw_cfg_add_i32(fw_cfg, FW_CFG_PPC_CLOCKFREQ, 266000000); 468 469 qemu_register_boot_set(fw_cfg_boot_set, fw_cfg); 470 } 471 472 static QEMUMachine core99_machine = { 473 .name = "mac99", 474 .desc = "Mac99 based PowerMAC", 475 .init = ppc_core99_init, 476 .max_cpus = MAX_CPUS, 477 DEFAULT_MACHINE_OPTIONS, 478 }; 479 480 static void core99_machine_init(void) 481 { 482 qemu_register_machine(&core99_machine); 483 } 484 485 machine_init(core99_machine_init); 486