1 /* 2 * QEMU PowerPC CHRP (Genesi/bPlan Pegasos II) hardware System Emulator 3 * 4 * Copyright (c) 2018-2021 BALATON Zoltan 5 * 6 * This work is licensed under the GNU GPL license version 2 or later. 7 * 8 */ 9 10 #include "qemu/osdep.h" 11 #include "qemu-common.h" 12 #include "qemu/units.h" 13 #include "qapi/error.h" 14 #include "hw/hw.h" 15 #include "hw/ppc/ppc.h" 16 #include "hw/sysbus.h" 17 #include "hw/pci/pci_host.h" 18 #include "hw/irq.h" 19 #include "hw/pci-host/mv64361.h" 20 #include "hw/isa/vt82c686.h" 21 #include "hw/ide/pci.h" 22 #include "hw/i2c/smbus_eeprom.h" 23 #include "hw/qdev-properties.h" 24 #include "sysemu/reset.h" 25 #include "hw/boards.h" 26 #include "hw/loader.h" 27 #include "hw/fw-path-provider.h" 28 #include "elf.h" 29 #include "qemu/log.h" 30 #include "qemu/error-report.h" 31 #include "sysemu/kvm.h" 32 #include "kvm_ppc.h" 33 #include "exec/address-spaces.h" 34 #include "trace.h" 35 #include "qemu/datadir.h" 36 #include "sysemu/device_tree.h" 37 #include "hw/ppc/vof.h" 38 39 #include <libfdt.h> 40 41 #define PROM_FILENAME "vof.bin" 42 #define PROM_ADDR 0xfff00000 43 #define PROM_SIZE 0x80000 44 45 #define KVMPPC_HCALL_BASE 0xf000 46 #define KVMPPC_H_RTAS (KVMPPC_HCALL_BASE + 0x0) 47 #define KVMPPC_H_VOF_CLIENT (KVMPPC_HCALL_BASE + 0x5) 48 49 #define H_SUCCESS 0 50 #define H_PRIVILEGE -3 /* Caller not privileged */ 51 #define H_PARAMETER -4 /* Parameter invalid, out-of-range or conflicting */ 52 53 #define BUS_FREQ_HZ 133333333 54 55 #define PCI0_MEM_BASE 0xc0000000 56 #define PCI0_MEM_SIZE 0x20000000 57 #define PCI0_IO_BASE 0xf8000000 58 #define PCI0_IO_SIZE 0x10000 59 60 #define PCI1_MEM_BASE 0x80000000 61 #define PCI1_MEM_SIZE 0x40000000 62 #define PCI1_IO_BASE 0xfe000000 63 #define PCI1_IO_SIZE 0x10000 64 65 #define TYPE_PEGASOS2_MACHINE MACHINE_TYPE_NAME("pegasos2") 66 OBJECT_DECLARE_TYPE(Pegasos2MachineState, MachineClass, PEGASOS2_MACHINE) 67 68 struct Pegasos2MachineState { 69 MachineState parent_obj; 70 PowerPCCPU *cpu; 71 DeviceState *mv; 72 Vof *vof; 73 void *fdt_blob; 74 uint64_t kernel_addr; 75 uint64_t kernel_entry; 76 uint64_t kernel_size; 77 }; 78 79 static void *build_fdt(MachineState *machine, int *fdt_size); 80 81 static void pegasos2_cpu_reset(void *opaque) 82 { 83 PowerPCCPU *cpu = opaque; 84 Pegasos2MachineState *pm = PEGASOS2_MACHINE(current_machine); 85 86 cpu_reset(CPU(cpu)); 87 cpu->env.spr[SPR_HID1] = 7ULL << 28; 88 if (pm->vof) { 89 cpu->env.gpr[1] = 2 * VOF_STACK_SIZE - 0x20; 90 cpu->env.nip = 0x100; 91 } 92 } 93 94 static void pegasos2_init(MachineState *machine) 95 { 96 Pegasos2MachineState *pm = PEGASOS2_MACHINE(machine); 97 CPUPPCState *env; 98 MemoryRegion *rom = g_new(MemoryRegion, 1); 99 PCIBus *pci_bus; 100 PCIDevice *dev; 101 I2CBus *i2c_bus; 102 const char *fwname = machine->firmware ?: PROM_FILENAME; 103 char *filename; 104 int sz; 105 uint8_t *spd_data; 106 107 /* init CPU */ 108 pm->cpu = POWERPC_CPU(cpu_create(machine->cpu_type)); 109 env = &pm->cpu->env; 110 if (PPC_INPUT(env) != PPC_FLAGS_INPUT_6xx) { 111 error_report("Incompatible CPU, only 6xx bus supported"); 112 exit(1); 113 } 114 115 /* Set time-base frequency */ 116 cpu_ppc_tb_init(env, BUS_FREQ_HZ / 4); 117 qemu_register_reset(pegasos2_cpu_reset, pm->cpu); 118 119 /* RAM */ 120 memory_region_add_subregion(get_system_memory(), 0, machine->ram); 121 122 /* allocate and load firmware */ 123 filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, fwname); 124 if (!filename) { 125 error_report("Could not find firmware '%s'", fwname); 126 exit(1); 127 } 128 if (!machine->firmware && !pm->vof) { 129 pm->vof = g_malloc0(sizeof(*pm->vof)); 130 } 131 memory_region_init_rom(rom, NULL, "pegasos2.rom", PROM_SIZE, &error_fatal); 132 memory_region_add_subregion(get_system_memory(), PROM_ADDR, rom); 133 sz = load_elf(filename, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 1, 134 PPC_ELF_MACHINE, 0, 0); 135 if (sz <= 0) { 136 sz = load_image_targphys(filename, pm->vof ? 0 : PROM_ADDR, PROM_SIZE); 137 } 138 if (sz <= 0 || sz > PROM_SIZE) { 139 error_report("Could not load firmware '%s'", filename); 140 exit(1); 141 } 142 g_free(filename); 143 if (pm->vof) { 144 pm->vof->fw_size = sz; 145 } 146 147 /* Marvell Discovery II system controller */ 148 pm->mv = DEVICE(sysbus_create_simple(TYPE_MV64361, -1, 149 ((qemu_irq *)env->irq_inputs)[PPC6xx_INPUT_INT])); 150 pci_bus = mv64361_get_pci_bus(pm->mv, 1); 151 152 /* VIA VT8231 South Bridge (multifunction PCI device) */ 153 /* VT8231 function 0: PCI-to-ISA Bridge */ 154 dev = pci_create_simple_multifunction(pci_bus, PCI_DEVFN(12, 0), true, 155 TYPE_VT8231_ISA); 156 qdev_connect_gpio_out(DEVICE(dev), 0, 157 qdev_get_gpio_in_named(pm->mv, "gpp", 31)); 158 159 /* VT8231 function 1: IDE Controller */ 160 dev = pci_create_simple(pci_bus, PCI_DEVFN(12, 1), "via-ide"); 161 pci_ide_create_devs(dev); 162 163 /* VT8231 function 2-3: USB Ports */ 164 pci_create_simple(pci_bus, PCI_DEVFN(12, 2), "vt82c686b-usb-uhci"); 165 pci_create_simple(pci_bus, PCI_DEVFN(12, 3), "vt82c686b-usb-uhci"); 166 167 /* VT8231 function 4: Power Management Controller */ 168 dev = pci_create_simple(pci_bus, PCI_DEVFN(12, 4), TYPE_VT8231_PM); 169 i2c_bus = I2C_BUS(qdev_get_child_bus(DEVICE(dev), "i2c")); 170 spd_data = spd_data_generate(DDR, machine->ram_size); 171 smbus_eeprom_init_one(i2c_bus, 0x57, spd_data); 172 173 /* VT8231 function 5-6: AC97 Audio & Modem */ 174 pci_create_simple(pci_bus, PCI_DEVFN(12, 5), TYPE_VIA_AC97); 175 pci_create_simple(pci_bus, PCI_DEVFN(12, 6), TYPE_VIA_MC97); 176 177 /* other PC hardware */ 178 pci_vga_init(pci_bus); 179 180 if (machine->kernel_filename) { 181 sz = load_elf(machine->kernel_filename, NULL, NULL, NULL, 182 &pm->kernel_entry, &pm->kernel_addr, NULL, NULL, 1, 183 PPC_ELF_MACHINE, 0, 0); 184 if (sz <= 0) { 185 error_report("Could not load kernel '%s'", 186 machine->kernel_filename); 187 exit(1); 188 } 189 pm->kernel_size = sz; 190 if (!pm->vof) { 191 warn_report("Option -kernel may be ineffective with -bios."); 192 } 193 } 194 if (machine->kernel_cmdline && !pm->vof) { 195 warn_report("Option -append may be ineffective with -bios."); 196 } 197 } 198 199 static uint32_t pegasos2_pci_config_read(AddressSpace *as, int bus, 200 uint32_t addr, uint32_t len) 201 { 202 hwaddr pcicfg = (bus ? 0xf1000c78 : 0xf1000cf8); 203 uint32_t val = 0xffffffff; 204 205 stl_le_phys(as, pcicfg, addr | BIT(31)); 206 switch (len) { 207 case 4: 208 val = ldl_le_phys(as, pcicfg + 4); 209 break; 210 case 2: 211 val = lduw_le_phys(as, pcicfg + 4); 212 break; 213 case 1: 214 val = ldub_phys(as, pcicfg + 4); 215 break; 216 default: 217 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid length\n", __func__); 218 break; 219 } 220 return val; 221 } 222 223 static void pegasos2_pci_config_write(AddressSpace *as, int bus, uint32_t addr, 224 uint32_t len, uint32_t val) 225 { 226 hwaddr pcicfg = (bus ? 0xf1000c78 : 0xf1000cf8); 227 228 stl_le_phys(as, pcicfg, addr | BIT(31)); 229 switch (len) { 230 case 4: 231 stl_le_phys(as, pcicfg + 4, val); 232 break; 233 case 2: 234 stw_le_phys(as, pcicfg + 4, val); 235 break; 236 case 1: 237 stb_phys(as, pcicfg + 4, val); 238 break; 239 default: 240 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid length\n", __func__); 241 break; 242 } 243 } 244 245 static void pegasos2_machine_reset(MachineState *machine) 246 { 247 Pegasos2MachineState *pm = PEGASOS2_MACHINE(machine); 248 AddressSpace *as = CPU(pm->cpu)->as; 249 void *fdt; 250 uint64_t d[2]; 251 int sz; 252 253 qemu_devices_reset(); 254 if (!pm->vof) { 255 return; /* Firmware should set up machine so nothing to do */ 256 } 257 258 /* Otherwise, set up devices that board firmware would normally do */ 259 stl_le_phys(as, 0xf1000000, 0x28020ff); 260 stl_le_phys(as, 0xf1000278, 0xa31fc); 261 stl_le_phys(as, 0xf100f300, 0x11ff0400); 262 stl_le_phys(as, 0xf100f10c, 0x80000000); 263 stl_le_phys(as, 0xf100001c, 0x8000000); 264 pegasos2_pci_config_write(as, 0, PCI_COMMAND, 2, PCI_COMMAND_IO | 265 PCI_COMMAND_MEMORY | PCI_COMMAND_MASTER); 266 pegasos2_pci_config_write(as, 1, PCI_COMMAND, 2, PCI_COMMAND_IO | 267 PCI_COMMAND_MEMORY | PCI_COMMAND_MASTER); 268 269 pegasos2_pci_config_write(as, 1, (PCI_DEVFN(12, 0) << 8) | 270 PCI_INTERRUPT_LINE, 2, 0x9); 271 pegasos2_pci_config_write(as, 1, (PCI_DEVFN(12, 0) << 8) | 272 0x50, 1, 0x2); 273 274 pegasos2_pci_config_write(as, 1, (PCI_DEVFN(12, 1) << 8) | 275 PCI_INTERRUPT_LINE, 2, 0x109); 276 pegasos2_pci_config_write(as, 1, (PCI_DEVFN(12, 1) << 8) | 277 PCI_CLASS_PROG, 1, 0xf); 278 pegasos2_pci_config_write(as, 1, (PCI_DEVFN(12, 1) << 8) | 279 0x40, 1, 0xb); 280 pegasos2_pci_config_write(as, 1, (PCI_DEVFN(12, 1) << 8) | 281 0x50, 4, 0x17171717); 282 pegasos2_pci_config_write(as, 1, (PCI_DEVFN(12, 1) << 8) | 283 PCI_COMMAND, 2, 0x87); 284 285 pegasos2_pci_config_write(as, 1, (PCI_DEVFN(12, 2) << 8) | 286 PCI_INTERRUPT_LINE, 2, 0x409); 287 288 pegasos2_pci_config_write(as, 1, (PCI_DEVFN(12, 3) << 8) | 289 PCI_INTERRUPT_LINE, 2, 0x409); 290 291 pegasos2_pci_config_write(as, 1, (PCI_DEVFN(12, 4) << 8) | 292 PCI_INTERRUPT_LINE, 2, 0x9); 293 pegasos2_pci_config_write(as, 1, (PCI_DEVFN(12, 4) << 8) | 294 0x48, 4, 0xf00); 295 pegasos2_pci_config_write(as, 1, (PCI_DEVFN(12, 4) << 8) | 296 0x40, 4, 0x558020); 297 pegasos2_pci_config_write(as, 1, (PCI_DEVFN(12, 4) << 8) | 298 0x90, 4, 0xd00); 299 300 pegasos2_pci_config_write(as, 1, (PCI_DEVFN(12, 5) << 8) | 301 PCI_INTERRUPT_LINE, 2, 0x309); 302 303 pegasos2_pci_config_write(as, 1, (PCI_DEVFN(12, 6) << 8) | 304 PCI_INTERRUPT_LINE, 2, 0x309); 305 306 /* Device tree and VOF set up */ 307 vof_init(pm->vof, machine->ram_size, &error_fatal); 308 if (vof_claim(pm->vof, 0, VOF_STACK_SIZE, VOF_STACK_SIZE) == -1) { 309 error_report("Memory allocation for stack failed"); 310 exit(1); 311 } 312 if (pm->kernel_size && 313 vof_claim(pm->vof, pm->kernel_addr, pm->kernel_size, 0) == -1) { 314 error_report("Memory for kernel is in use"); 315 exit(1); 316 } 317 fdt = build_fdt(machine, &sz); 318 /* FIXME: VOF assumes entry is same as load address */ 319 d[0] = cpu_to_be64(pm->kernel_entry); 320 d[1] = cpu_to_be64(pm->kernel_size - (pm->kernel_entry - pm->kernel_addr)); 321 qemu_fdt_setprop(fdt, "/chosen", "qemu,boot-kernel", d, sizeof(d)); 322 323 qemu_fdt_dumpdtb(fdt, fdt_totalsize(fdt)); 324 g_free(pm->fdt_blob); 325 pm->fdt_blob = fdt; 326 327 vof_build_dt(fdt, pm->vof); 328 vof_client_open_store(fdt, pm->vof, "/chosen", "stdout", "/failsafe"); 329 pm->cpu->vhyp = PPC_VIRTUAL_HYPERVISOR(machine); 330 } 331 332 enum pegasos2_rtas_tokens { 333 RTAS_RESTART_RTAS = 0, 334 RTAS_NVRAM_FETCH = 1, 335 RTAS_NVRAM_STORE = 2, 336 RTAS_GET_TIME_OF_DAY = 3, 337 RTAS_SET_TIME_OF_DAY = 4, 338 RTAS_EVENT_SCAN = 6, 339 RTAS_CHECK_EXCEPTION = 7, 340 RTAS_READ_PCI_CONFIG = 8, 341 RTAS_WRITE_PCI_CONFIG = 9, 342 RTAS_DISPLAY_CHARACTER = 10, 343 RTAS_SET_INDICATOR = 11, 344 RTAS_POWER_OFF = 17, 345 RTAS_SUSPEND = 18, 346 RTAS_HIBERNATE = 19, 347 RTAS_SYSTEM_REBOOT = 20, 348 }; 349 350 static target_ulong pegasos2_rtas(PowerPCCPU *cpu, Pegasos2MachineState *pm, 351 target_ulong args_real) 352 { 353 AddressSpace *as = CPU(cpu)->as; 354 uint32_t token = ldl_be_phys(as, args_real); 355 uint32_t nargs = ldl_be_phys(as, args_real + 4); 356 uint32_t nrets = ldl_be_phys(as, args_real + 8); 357 uint32_t args = args_real + 12; 358 uint32_t rets = args_real + 12 + nargs * 4; 359 360 if (nrets < 1) { 361 qemu_log_mask(LOG_GUEST_ERROR, "Too few return values in RTAS call\n"); 362 return H_PARAMETER; 363 } 364 switch (token) { 365 case RTAS_READ_PCI_CONFIG: 366 { 367 uint32_t addr, len, val; 368 369 if (nargs != 2 || nrets != 2) { 370 stl_be_phys(as, rets, -1); 371 return H_PARAMETER; 372 } 373 addr = ldl_be_phys(as, args); 374 len = ldl_be_phys(as, args + 4); 375 val = pegasos2_pci_config_read(as, !(addr >> 24), 376 addr & 0x0fffffff, len); 377 stl_be_phys(as, rets, 0); 378 stl_be_phys(as, rets + 4, val); 379 return H_SUCCESS; 380 } 381 case RTAS_WRITE_PCI_CONFIG: 382 { 383 uint32_t addr, len, val; 384 385 if (nargs != 3 || nrets != 1) { 386 stl_be_phys(as, rets, -1); 387 return H_PARAMETER; 388 } 389 addr = ldl_be_phys(as, args); 390 len = ldl_be_phys(as, args + 4); 391 val = ldl_be_phys(as, args + 8); 392 pegasos2_pci_config_write(as, !(addr >> 24), 393 addr & 0x0fffffff, len, val); 394 stl_be_phys(as, rets, 0); 395 return H_SUCCESS; 396 } 397 case RTAS_DISPLAY_CHARACTER: 398 if (nargs != 1 || nrets != 1) { 399 stl_be_phys(as, rets, -1); 400 return H_PARAMETER; 401 } 402 qemu_log_mask(LOG_UNIMP, "%c", ldl_be_phys(as, args)); 403 stl_be_phys(as, rets, 0); 404 return H_SUCCESS; 405 default: 406 qemu_log_mask(LOG_UNIMP, "Unknown RTAS token %u (args=%u, rets=%u)\n", 407 token, nargs, nrets); 408 stl_be_phys(as, rets, 0); 409 return H_SUCCESS; 410 } 411 } 412 413 static void pegasos2_hypercall(PPCVirtualHypervisor *vhyp, PowerPCCPU *cpu) 414 { 415 Pegasos2MachineState *pm = PEGASOS2_MACHINE(vhyp); 416 CPUPPCState *env = &cpu->env; 417 418 /* The TCG path should also be holding the BQL at this point */ 419 g_assert(qemu_mutex_iothread_locked()); 420 421 if (msr_pr) { 422 qemu_log_mask(LOG_GUEST_ERROR, "Hypercall made with MSR[PR]=1\n"); 423 env->gpr[3] = H_PRIVILEGE; 424 } else if (env->gpr[3] == KVMPPC_H_RTAS) { 425 env->gpr[3] = pegasos2_rtas(cpu, pm, env->gpr[4]); 426 } else if (env->gpr[3] == KVMPPC_H_VOF_CLIENT) { 427 int ret = vof_client_call(MACHINE(pm), pm->vof, pm->fdt_blob, 428 env->gpr[4]); 429 env->gpr[3] = (ret ? H_PARAMETER : H_SUCCESS); 430 } else { 431 qemu_log_mask(LOG_GUEST_ERROR, "Unsupported hypercall " TARGET_FMT_lx 432 "\n", env->gpr[3]); 433 env->gpr[3] = -1; 434 } 435 } 436 437 static void vhyp_nop(PPCVirtualHypervisor *vhyp, PowerPCCPU *cpu) 438 { 439 } 440 441 static target_ulong vhyp_encode_hpt_for_kvm_pr(PPCVirtualHypervisor *vhyp) 442 { 443 return POWERPC_CPU(current_cpu)->env.spr[SPR_SDR1]; 444 } 445 446 static void pegasos2_machine_class_init(ObjectClass *oc, void *data) 447 { 448 MachineClass *mc = MACHINE_CLASS(oc); 449 PPCVirtualHypervisorClass *vhc = PPC_VIRTUAL_HYPERVISOR_CLASS(oc); 450 451 mc->desc = "Genesi/bPlan Pegasos II"; 452 mc->init = pegasos2_init; 453 mc->reset = pegasos2_machine_reset; 454 mc->block_default_type = IF_IDE; 455 mc->default_boot_order = "cd"; 456 mc->default_display = "std"; 457 mc->default_cpu_type = POWERPC_CPU_TYPE_NAME("7400_v2.9"); 458 mc->default_ram_id = "pegasos2.ram"; 459 mc->default_ram_size = 512 * MiB; 460 461 vhc->hypercall = pegasos2_hypercall; 462 vhc->cpu_exec_enter = vhyp_nop; 463 vhc->cpu_exec_exit = vhyp_nop; 464 vhc->encode_hpt_for_kvm_pr = vhyp_encode_hpt_for_kvm_pr; 465 } 466 467 static const TypeInfo pegasos2_machine_info = { 468 .name = TYPE_PEGASOS2_MACHINE, 469 .parent = TYPE_MACHINE, 470 .class_init = pegasos2_machine_class_init, 471 .instance_size = sizeof(Pegasos2MachineState), 472 .interfaces = (InterfaceInfo[]) { 473 { TYPE_PPC_VIRTUAL_HYPERVISOR }, 474 { } 475 }, 476 }; 477 478 static void pegasos2_machine_register_types(void) 479 { 480 type_register_static(&pegasos2_machine_info); 481 } 482 483 type_init(pegasos2_machine_register_types) 484 485 /* FDT creation for passing to firmware */ 486 487 typedef struct { 488 void *fdt; 489 const char *path; 490 } FDTInfo; 491 492 /* We do everything in reverse order so it comes out right in the tree */ 493 494 static void dt_ide(PCIBus *bus, PCIDevice *d, FDTInfo *fi) 495 { 496 qemu_fdt_setprop_string(fi->fdt, fi->path, "device_type", "spi"); 497 } 498 499 static void dt_usb(PCIBus *bus, PCIDevice *d, FDTInfo *fi) 500 { 501 qemu_fdt_setprop_cell(fi->fdt, fi->path, "#size-cells", 0); 502 qemu_fdt_setprop_cell(fi->fdt, fi->path, "#address-cells", 1); 503 qemu_fdt_setprop_string(fi->fdt, fi->path, "device_type", "usb"); 504 } 505 506 static void dt_isa(PCIBus *bus, PCIDevice *d, FDTInfo *fi) 507 { 508 GString *name = g_string_sized_new(64); 509 uint32_t cells[3]; 510 511 qemu_fdt_setprop_cell(fi->fdt, fi->path, "#size-cells", 1); 512 qemu_fdt_setprop_cell(fi->fdt, fi->path, "#address-cells", 2); 513 qemu_fdt_setprop_string(fi->fdt, fi->path, "device_type", "isa"); 514 qemu_fdt_setprop_string(fi->fdt, fi->path, "name", "isa"); 515 516 /* addional devices */ 517 g_string_printf(name, "%s/lpt@i3bc", fi->path); 518 qemu_fdt_add_subnode(fi->fdt, name->str); 519 qemu_fdt_setprop_cell(fi->fdt, name->str, "clock-frequency", 0); 520 cells[0] = cpu_to_be32(7); 521 cells[1] = 0; 522 qemu_fdt_setprop(fi->fdt, name->str, "interrupts", 523 cells, 2 * sizeof(cells[0])); 524 cells[0] = cpu_to_be32(1); 525 cells[1] = cpu_to_be32(0x3bc); 526 cells[2] = cpu_to_be32(8); 527 qemu_fdt_setprop(fi->fdt, name->str, "reg", cells, 3 * sizeof(cells[0])); 528 qemu_fdt_setprop_string(fi->fdt, name->str, "device_type", "lpt"); 529 qemu_fdt_setprop_string(fi->fdt, name->str, "name", "lpt"); 530 531 g_string_printf(name, "%s/fdc@i3f0", fi->path); 532 qemu_fdt_add_subnode(fi->fdt, name->str); 533 qemu_fdt_setprop_cell(fi->fdt, name->str, "clock-frequency", 0); 534 cells[0] = cpu_to_be32(6); 535 cells[1] = 0; 536 qemu_fdt_setprop(fi->fdt, name->str, "interrupts", 537 cells, 2 * sizeof(cells[0])); 538 cells[0] = cpu_to_be32(1); 539 cells[1] = cpu_to_be32(0x3f0); 540 cells[2] = cpu_to_be32(8); 541 qemu_fdt_setprop(fi->fdt, name->str, "reg", cells, 3 * sizeof(cells[0])); 542 qemu_fdt_setprop_string(fi->fdt, name->str, "device_type", "fdc"); 543 qemu_fdt_setprop_string(fi->fdt, name->str, "name", "fdc"); 544 545 g_string_printf(name, "%s/timer@i40", fi->path); 546 qemu_fdt_add_subnode(fi->fdt, name->str); 547 qemu_fdt_setprop_cell(fi->fdt, name->str, "clock-frequency", 0); 548 cells[0] = cpu_to_be32(1); 549 cells[1] = cpu_to_be32(0x40); 550 cells[2] = cpu_to_be32(8); 551 qemu_fdt_setprop(fi->fdt, name->str, "reg", cells, 3 * sizeof(cells[0])); 552 qemu_fdt_setprop_string(fi->fdt, name->str, "device_type", "timer"); 553 qemu_fdt_setprop_string(fi->fdt, name->str, "name", "timer"); 554 555 g_string_printf(name, "%s/rtc@i70", fi->path); 556 qemu_fdt_add_subnode(fi->fdt, name->str); 557 qemu_fdt_setprop_string(fi->fdt, name->str, "compatible", "ds1385-rtc"); 558 qemu_fdt_setprop_cell(fi->fdt, name->str, "clock-frequency", 0); 559 cells[0] = cpu_to_be32(8); 560 cells[1] = 0; 561 qemu_fdt_setprop(fi->fdt, name->str, "interrupts", 562 cells, 2 * sizeof(cells[0])); 563 cells[0] = cpu_to_be32(1); 564 cells[1] = cpu_to_be32(0x70); 565 cells[2] = cpu_to_be32(2); 566 qemu_fdt_setprop(fi->fdt, name->str, "reg", cells, 3 * sizeof(cells[0])); 567 qemu_fdt_setprop_string(fi->fdt, name->str, "device_type", "rtc"); 568 qemu_fdt_setprop_string(fi->fdt, name->str, "name", "rtc"); 569 570 g_string_printf(name, "%s/keyboard@i60", fi->path); 571 qemu_fdt_add_subnode(fi->fdt, name->str); 572 cells[0] = cpu_to_be32(1); 573 cells[1] = 0; 574 qemu_fdt_setprop(fi->fdt, name->str, "interrupts", 575 cells, 2 * sizeof(cells[0])); 576 cells[0] = cpu_to_be32(1); 577 cells[1] = cpu_to_be32(0x60); 578 cells[2] = cpu_to_be32(5); 579 qemu_fdt_setprop(fi->fdt, name->str, "reg", cells, 3 * sizeof(cells[0])); 580 qemu_fdt_setprop_string(fi->fdt, name->str, "device_type", "keyboard"); 581 qemu_fdt_setprop_string(fi->fdt, name->str, "name", "keyboard"); 582 583 g_string_printf(name, "%s/8042@i60", fi->path); 584 qemu_fdt_add_subnode(fi->fdt, name->str); 585 qemu_fdt_setprop_cell(fi->fdt, name->str, "#interrupt-cells", 2); 586 qemu_fdt_setprop_cell(fi->fdt, name->str, "#size-cells", 0); 587 qemu_fdt_setprop_cell(fi->fdt, name->str, "#address-cells", 1); 588 qemu_fdt_setprop_string(fi->fdt, name->str, "interrupt-controller", ""); 589 qemu_fdt_setprop_cell(fi->fdt, name->str, "clock-frequency", 0); 590 cells[0] = cpu_to_be32(1); 591 cells[1] = cpu_to_be32(0x60); 592 cells[2] = cpu_to_be32(5); 593 qemu_fdt_setprop(fi->fdt, name->str, "reg", cells, 3 * sizeof(cells[0])); 594 qemu_fdt_setprop_string(fi->fdt, name->str, "device_type", ""); 595 qemu_fdt_setprop_string(fi->fdt, name->str, "name", "8042"); 596 597 g_string_printf(name, "%s/serial@i2f8", fi->path); 598 qemu_fdt_add_subnode(fi->fdt, name->str); 599 qemu_fdt_setprop_cell(fi->fdt, name->str, "clock-frequency", 0); 600 cells[0] = cpu_to_be32(3); 601 cells[1] = 0; 602 qemu_fdt_setprop(fi->fdt, name->str, "interrupts", 603 cells, 2 * sizeof(cells[0])); 604 cells[0] = cpu_to_be32(1); 605 cells[1] = cpu_to_be32(0x2f8); 606 cells[2] = cpu_to_be32(8); 607 qemu_fdt_setprop(fi->fdt, name->str, "reg", cells, 3 * sizeof(cells[0])); 608 qemu_fdt_setprop_string(fi->fdt, name->str, "device_type", "serial"); 609 qemu_fdt_setprop_string(fi->fdt, name->str, "name", "serial"); 610 611 g_string_free(name, TRUE); 612 } 613 614 static struct { 615 const char *id; 616 const char *name; 617 void (*dtf)(PCIBus *bus, PCIDevice *d, FDTInfo *fi); 618 } device_map[] = { 619 { "pci11ab,6460", "host", NULL }, 620 { "pci1106,8231", "isa", dt_isa }, 621 { "pci1106,571", "ide", dt_ide }, 622 { "pci1106,3044", "firewire", NULL }, 623 { "pci1106,3038", "usb", dt_usb }, 624 { "pci1106,8235", "other", NULL }, 625 { "pci1106,3058", "sound", NULL }, 626 { NULL, NULL } 627 }; 628 629 static void add_pci_device(PCIBus *bus, PCIDevice *d, void *opaque) 630 { 631 FDTInfo *fi = opaque; 632 GString *node = g_string_new(NULL); 633 uint32_t cells[(PCI_NUM_REGIONS + 1) * 5]; 634 int i, j; 635 const char *name = NULL; 636 g_autofree const gchar *pn = g_strdup_printf("pci%x,%x", 637 pci_get_word(&d->config[PCI_VENDOR_ID]), 638 pci_get_word(&d->config[PCI_DEVICE_ID])); 639 640 for (i = 0; device_map[i].id; i++) { 641 if (!strcmp(pn, device_map[i].id)) { 642 name = device_map[i].name; 643 break; 644 } 645 } 646 g_string_printf(node, "%s/%s@%x", fi->path, (name ?: pn), 647 PCI_SLOT(d->devfn)); 648 if (PCI_FUNC(d->devfn)) { 649 g_string_append_printf(node, ",%x", PCI_FUNC(d->devfn)); 650 } 651 652 qemu_fdt_add_subnode(fi->fdt, node->str); 653 if (device_map[i].dtf) { 654 FDTInfo cfi = { fi->fdt, node->str }; 655 device_map[i].dtf(bus, d, &cfi); 656 } 657 cells[0] = cpu_to_be32(d->devfn << 8); 658 cells[1] = 0; 659 cells[2] = 0; 660 cells[3] = 0; 661 cells[4] = 0; 662 j = 5; 663 for (i = 0; i < PCI_NUM_REGIONS; i++) { 664 if (!d->io_regions[i].size) { 665 continue; 666 } 667 cells[j] = cpu_to_be32(d->devfn << 8 | (PCI_BASE_ADDRESS_0 + i * 4)); 668 if (d->io_regions[i].type & PCI_BASE_ADDRESS_SPACE_IO) { 669 cells[j] |= cpu_to_be32(1 << 24); 670 } else { 671 cells[j] |= cpu_to_be32(2 << 24); 672 if (d->io_regions[i].type & PCI_BASE_ADDRESS_MEM_PREFETCH) { 673 cells[j] |= cpu_to_be32(4 << 28); 674 } 675 } 676 cells[j + 1] = 0; 677 cells[j + 2] = 0; 678 cells[j + 3] = cpu_to_be32(d->io_regions[i].size >> 32); 679 cells[j + 4] = cpu_to_be32(d->io_regions[i].size); 680 j += 5; 681 } 682 qemu_fdt_setprop(fi->fdt, node->str, "reg", cells, j * sizeof(cells[0])); 683 qemu_fdt_setprop_string(fi->fdt, node->str, "name", name ?: pn); 684 if (pci_get_byte(&d->config[PCI_INTERRUPT_PIN])) { 685 qemu_fdt_setprop_cell(fi->fdt, node->str, "interrupts", 686 pci_get_byte(&d->config[PCI_INTERRUPT_PIN])); 687 } 688 /* Pegasos2 firmware has subsystem-id amd subsystem-vendor-id swapped */ 689 qemu_fdt_setprop_cell(fi->fdt, node->str, "subsystem-vendor-id", 690 pci_get_word(&d->config[PCI_SUBSYSTEM_ID])); 691 qemu_fdt_setprop_cell(fi->fdt, node->str, "subsystem-id", 692 pci_get_word(&d->config[PCI_SUBSYSTEM_VENDOR_ID])); 693 cells[0] = pci_get_long(&d->config[PCI_CLASS_REVISION]); 694 qemu_fdt_setprop_cell(fi->fdt, node->str, "class-code", cells[0] >> 8); 695 qemu_fdt_setprop_cell(fi->fdt, node->str, "revision-id", cells[0] & 0xff); 696 qemu_fdt_setprop_cell(fi->fdt, node->str, "device-id", 697 pci_get_word(&d->config[PCI_DEVICE_ID])); 698 qemu_fdt_setprop_cell(fi->fdt, node->str, "vendor-id", 699 pci_get_word(&d->config[PCI_VENDOR_ID])); 700 701 g_string_free(node, TRUE); 702 } 703 704 static void *build_fdt(MachineState *machine, int *fdt_size) 705 { 706 Pegasos2MachineState *pm = PEGASOS2_MACHINE(machine); 707 PowerPCCPU *cpu = pm->cpu; 708 PCIBus *pci_bus; 709 FDTInfo fi; 710 uint32_t cells[16]; 711 void *fdt = create_device_tree(fdt_size); 712 713 fi.fdt = fdt; 714 715 /* root node */ 716 qemu_fdt_setprop_string(fdt, "/", "CODEGEN,description", 717 "Pegasos CHRP PowerPC System"); 718 qemu_fdt_setprop_string(fdt, "/", "CODEGEN,board", "Pegasos2"); 719 qemu_fdt_setprop_string(fdt, "/", "CODEGEN,vendor", "bplan GmbH"); 720 qemu_fdt_setprop_string(fdt, "/", "revision", "2B"); 721 qemu_fdt_setprop_string(fdt, "/", "model", "Pegasos2"); 722 qemu_fdt_setprop_string(fdt, "/", "device_type", "chrp"); 723 qemu_fdt_setprop_cell(fdt, "/", "#address-cells", 1); 724 qemu_fdt_setprop_string(fdt, "/", "name", "bplan,Pegasos2"); 725 726 /* pci@c0000000 */ 727 qemu_fdt_add_subnode(fdt, "/pci@c0000000"); 728 cells[0] = 0; 729 cells[1] = 0; 730 qemu_fdt_setprop(fdt, "/pci@c0000000", "bus-range", 731 cells, 2 * sizeof(cells[0])); 732 qemu_fdt_setprop_cell(fdt, "/pci@c0000000", "pci-bridge-number", 1); 733 cells[0] = cpu_to_be32(PCI0_MEM_BASE); 734 cells[1] = cpu_to_be32(PCI0_MEM_SIZE); 735 qemu_fdt_setprop(fdt, "/pci@c0000000", "reg", cells, 2 * sizeof(cells[0])); 736 cells[0] = cpu_to_be32(0x01000000); 737 cells[1] = 0; 738 cells[2] = 0; 739 cells[3] = cpu_to_be32(PCI0_IO_BASE); 740 cells[4] = 0; 741 cells[5] = cpu_to_be32(PCI0_IO_SIZE); 742 cells[6] = cpu_to_be32(0x02000000); 743 cells[7] = 0; 744 cells[8] = cpu_to_be32(PCI0_MEM_BASE); 745 cells[9] = cpu_to_be32(PCI0_MEM_BASE); 746 cells[10] = 0; 747 cells[11] = cpu_to_be32(PCI0_MEM_SIZE); 748 qemu_fdt_setprop(fdt, "/pci@c0000000", "ranges", 749 cells, 12 * sizeof(cells[0])); 750 qemu_fdt_setprop_cell(fdt, "/pci@c0000000", "#size-cells", 2); 751 qemu_fdt_setprop_cell(fdt, "/pci@c0000000", "#address-cells", 3); 752 qemu_fdt_setprop_string(fdt, "/pci@c0000000", "device_type", "pci"); 753 qemu_fdt_setprop_string(fdt, "/pci@c0000000", "name", "pci"); 754 755 fi.path = "/pci@c0000000"; 756 pci_bus = mv64361_get_pci_bus(pm->mv, 0); 757 pci_for_each_device_reverse(pci_bus, 0, add_pci_device, &fi); 758 759 /* pci@80000000 */ 760 qemu_fdt_add_subnode(fdt, "/pci@80000000"); 761 cells[0] = 0; 762 cells[1] = 0; 763 qemu_fdt_setprop(fdt, "/pci@80000000", "bus-range", 764 cells, 2 * sizeof(cells[0])); 765 qemu_fdt_setprop_cell(fdt, "/pci@80000000", "pci-bridge-number", 0); 766 cells[0] = cpu_to_be32(PCI1_MEM_BASE); 767 cells[1] = cpu_to_be32(PCI1_MEM_SIZE); 768 qemu_fdt_setprop(fdt, "/pci@80000000", "reg", cells, 2 * sizeof(cells[0])); 769 qemu_fdt_setprop_cell(fdt, "/pci@80000000", "8259-interrupt-acknowledge", 770 0xf1000cb4); 771 cells[0] = cpu_to_be32(0x01000000); 772 cells[1] = 0; 773 cells[2] = 0; 774 cells[3] = cpu_to_be32(PCI1_IO_BASE); 775 cells[4] = 0; 776 cells[5] = cpu_to_be32(PCI1_IO_SIZE); 777 cells[6] = cpu_to_be32(0x02000000); 778 cells[7] = 0; 779 cells[8] = cpu_to_be32(PCI1_MEM_BASE); 780 cells[9] = cpu_to_be32(PCI1_MEM_BASE); 781 cells[10] = 0; 782 cells[11] = cpu_to_be32(PCI1_MEM_SIZE); 783 qemu_fdt_setprop(fdt, "/pci@80000000", "ranges", 784 cells, 12 * sizeof(cells[0])); 785 qemu_fdt_setprop_cell(fdt, "/pci@80000000", "#size-cells", 2); 786 qemu_fdt_setprop_cell(fdt, "/pci@80000000", "#address-cells", 3); 787 qemu_fdt_setprop_string(fdt, "/pci@80000000", "device_type", "pci"); 788 qemu_fdt_setprop_string(fdt, "/pci@80000000", "name", "pci"); 789 790 fi.path = "/pci@80000000"; 791 pci_bus = mv64361_get_pci_bus(pm->mv, 1); 792 pci_for_each_device_reverse(pci_bus, 0, add_pci_device, &fi); 793 794 qemu_fdt_add_subnode(fdt, "/failsafe"); 795 qemu_fdt_setprop_string(fdt, "/failsafe", "device_type", "serial"); 796 qemu_fdt_setprop_string(fdt, "/failsafe", "name", "failsafe"); 797 798 qemu_fdt_add_subnode(fdt, "/rtas"); 799 qemu_fdt_setprop_cell(fdt, "/rtas", "system-reboot", RTAS_SYSTEM_REBOOT); 800 qemu_fdt_setprop_cell(fdt, "/rtas", "hibernate", RTAS_HIBERNATE); 801 qemu_fdt_setprop_cell(fdt, "/rtas", "suspend", RTAS_SUSPEND); 802 qemu_fdt_setprop_cell(fdt, "/rtas", "power-off", RTAS_POWER_OFF); 803 qemu_fdt_setprop_cell(fdt, "/rtas", "set-indicator", RTAS_SET_INDICATOR); 804 qemu_fdt_setprop_cell(fdt, "/rtas", "display-character", 805 RTAS_DISPLAY_CHARACTER); 806 qemu_fdt_setprop_cell(fdt, "/rtas", "write-pci-config", 807 RTAS_WRITE_PCI_CONFIG); 808 qemu_fdt_setprop_cell(fdt, "/rtas", "read-pci-config", 809 RTAS_READ_PCI_CONFIG); 810 /* Pegasos2 firmware misspells check-exception and guests use that */ 811 qemu_fdt_setprop_cell(fdt, "/rtas", "check-execption", 812 RTAS_CHECK_EXCEPTION); 813 qemu_fdt_setprop_cell(fdt, "/rtas", "event-scan", RTAS_EVENT_SCAN); 814 qemu_fdt_setprop_cell(fdt, "/rtas", "set-time-of-day", 815 RTAS_SET_TIME_OF_DAY); 816 qemu_fdt_setprop_cell(fdt, "/rtas", "get-time-of-day", 817 RTAS_GET_TIME_OF_DAY); 818 qemu_fdt_setprop_cell(fdt, "/rtas", "nvram-store", RTAS_NVRAM_STORE); 819 qemu_fdt_setprop_cell(fdt, "/rtas", "nvram-fetch", RTAS_NVRAM_FETCH); 820 qemu_fdt_setprop_cell(fdt, "/rtas", "restart-rtas", RTAS_RESTART_RTAS); 821 qemu_fdt_setprop_cell(fdt, "/rtas", "rtas-error-log-max", 0); 822 qemu_fdt_setprop_cell(fdt, "/rtas", "rtas-event-scan-rate", 0); 823 qemu_fdt_setprop_cell(fdt, "/rtas", "rtas-display-device", 0); 824 qemu_fdt_setprop_cell(fdt, "/rtas", "rtas-size", 20); 825 qemu_fdt_setprop_cell(fdt, "/rtas", "rtas-version", 1); 826 827 /* cpus */ 828 qemu_fdt_add_subnode(fdt, "/cpus"); 829 qemu_fdt_setprop_cell(fdt, "/cpus", "#cpus", 1); 830 qemu_fdt_setprop_cell(fdt, "/cpus", "#address-cells", 1); 831 qemu_fdt_setprop_cell(fdt, "/cpus", "#size-cells", 0); 832 qemu_fdt_setprop_string(fdt, "/cpus", "name", "cpus"); 833 834 /* FIXME Get CPU name from CPU object */ 835 const char *cp = "/cpus/PowerPC,G4"; 836 qemu_fdt_add_subnode(fdt, cp); 837 qemu_fdt_setprop_cell(fdt, cp, "l2cr", 0); 838 qemu_fdt_setprop_cell(fdt, cp, "d-cache-size", 0x8000); 839 qemu_fdt_setprop_cell(fdt, cp, "d-cache-block-size", 840 cpu->env.dcache_line_size); 841 qemu_fdt_setprop_cell(fdt, cp, "d-cache-line-size", 842 cpu->env.dcache_line_size); 843 qemu_fdt_setprop_cell(fdt, cp, "i-cache-size", 0x8000); 844 qemu_fdt_setprop_cell(fdt, cp, "i-cache-block-size", 845 cpu->env.icache_line_size); 846 qemu_fdt_setprop_cell(fdt, cp, "i-cache-line-size", 847 cpu->env.icache_line_size); 848 if (cpu->env.id_tlbs) { 849 qemu_fdt_setprop_cell(fdt, cp, "i-tlb-sets", cpu->env.nb_ways); 850 qemu_fdt_setprop_cell(fdt, cp, "i-tlb-size", cpu->env.tlb_per_way); 851 qemu_fdt_setprop_cell(fdt, cp, "d-tlb-sets", cpu->env.nb_ways); 852 qemu_fdt_setprop_cell(fdt, cp, "d-tlb-size", cpu->env.tlb_per_way); 853 qemu_fdt_setprop_string(fdt, cp, "tlb-split", ""); 854 } 855 qemu_fdt_setprop_cell(fdt, cp, "tlb-sets", cpu->env.nb_ways); 856 qemu_fdt_setprop_cell(fdt, cp, "tlb-size", cpu->env.nb_tlb); 857 qemu_fdt_setprop_string(fdt, cp, "state", "running"); 858 if (cpu->env.insns_flags & PPC_ALTIVEC) { 859 qemu_fdt_setprop_string(fdt, cp, "altivec", ""); 860 qemu_fdt_setprop_string(fdt, cp, "data-streams", ""); 861 } 862 /* 863 * FIXME What flags do data-streams, external-control and 864 * performance-monitor depend on? 865 */ 866 qemu_fdt_setprop_string(fdt, cp, "external-control", ""); 867 if (cpu->env.insns_flags & PPC_FLOAT_FSQRT) { 868 qemu_fdt_setprop_string(fdt, cp, "general-purpose", ""); 869 } 870 qemu_fdt_setprop_string(fdt, cp, "performance-monitor", ""); 871 if (cpu->env.insns_flags & PPC_FLOAT_FRES) { 872 qemu_fdt_setprop_string(fdt, cp, "graphics", ""); 873 } 874 qemu_fdt_setprop_cell(fdt, cp, "reservation-granule-size", 4); 875 qemu_fdt_setprop_cell(fdt, cp, "timebase-frequency", 876 cpu->env.tb_env->tb_freq); 877 qemu_fdt_setprop_cell(fdt, cp, "bus-frequency", BUS_FREQ_HZ); 878 qemu_fdt_setprop_cell(fdt, cp, "clock-frequency", BUS_FREQ_HZ * 7.5); 879 qemu_fdt_setprop_cell(fdt, cp, "cpu-version", cpu->env.spr[SPR_PVR]); 880 cells[0] = 0; 881 cells[1] = 0; 882 qemu_fdt_setprop(fdt, cp, "reg", cells, 2 * sizeof(cells[0])); 883 qemu_fdt_setprop_string(fdt, cp, "device_type", "cpu"); 884 qemu_fdt_setprop_string(fdt, cp, "name", strrchr(cp, '/') + 1); 885 886 /* memory */ 887 qemu_fdt_add_subnode(fdt, "/memory@0"); 888 cells[0] = 0; 889 cells[1] = cpu_to_be32(machine->ram_size); 890 qemu_fdt_setprop(fdt, "/memory@0", "reg", cells, 2 * sizeof(cells[0])); 891 qemu_fdt_setprop_string(fdt, "/memory@0", "device_type", "memory"); 892 qemu_fdt_setprop_string(fdt, "/memory@0", "name", "memory"); 893 894 qemu_fdt_add_subnode(fdt, "/chosen"); 895 qemu_fdt_setprop_string(fdt, "/chosen", "bootargs", 896 machine->kernel_cmdline ?: ""); 897 qemu_fdt_setprop_string(fdt, "/chosen", "name", "chosen"); 898 899 qemu_fdt_add_subnode(fdt, "/openprom"); 900 qemu_fdt_setprop_string(fdt, "/openprom", "model", "Pegasos2,1.1"); 901 902 return fdt; 903 } 904