xref: /openbmc/qemu/hw/ppc/pegasos2.c (revision 761a9c58)
1 /*
2  * QEMU PowerPC CHRP (Genesi/bPlan Pegasos II) hardware System Emulator
3  *
4  * Copyright (c) 2018-2021 BALATON Zoltan
5  *
6  * This work is licensed under the GNU GPL license version 2 or later.
7  *
8  */
9 
10 #include "qemu/osdep.h"
11 #include "qemu/units.h"
12 #include "qapi/error.h"
13 #include "hw/ppc/ppc.h"
14 #include "hw/sysbus.h"
15 #include "hw/pci/pci_host.h"
16 #include "hw/irq.h"
17 #include "hw/pci-host/mv64361.h"
18 #include "hw/isa/vt82c686.h"
19 #include "hw/ide/pci.h"
20 #include "hw/i2c/smbus_eeprom.h"
21 #include "hw/qdev-properties.h"
22 #include "sysemu/reset.h"
23 #include "sysemu/runstate.h"
24 #include "sysemu/qtest.h"
25 #include "hw/boards.h"
26 #include "hw/loader.h"
27 #include "hw/fw-path-provider.h"
28 #include "elf.h"
29 #include "qemu/log.h"
30 #include "qemu/error-report.h"
31 #include "sysemu/kvm.h"
32 #include "kvm_ppc.h"
33 #include "exec/address-spaces.h"
34 #include "qom/qom-qobject.h"
35 #include "qapi/qmp/qdict.h"
36 #include "trace.h"
37 #include "qemu/datadir.h"
38 #include "sysemu/device_tree.h"
39 #include "hw/ppc/vof.h"
40 
41 #include <libfdt.h>
42 
43 #define PROM_FILENAME "vof.bin"
44 #define PROM_ADDR     0xfff00000
45 #define PROM_SIZE     0x80000
46 
47 #define INITRD_MIN_ADDR 0x600000
48 
49 #define KVMPPC_HCALL_BASE    0xf000
50 #define KVMPPC_H_RTAS        (KVMPPC_HCALL_BASE + 0x0)
51 #define KVMPPC_H_VOF_CLIENT  (KVMPPC_HCALL_BASE + 0x5)
52 
53 #define H_SUCCESS     0
54 #define H_PRIVILEGE  -3  /* Caller not privileged */
55 #define H_PARAMETER  -4  /* Parameter invalid, out-of-range or conflicting */
56 
57 #define BUS_FREQ_HZ 133333333
58 
59 #define PCI0_CFG_ADDR 0xcf8
60 #define PCI0_MEM_BASE 0xc0000000
61 #define PCI0_MEM_SIZE 0x20000000
62 #define PCI0_IO_BASE  0xf8000000
63 #define PCI0_IO_SIZE  0x10000
64 
65 #define PCI1_CFG_ADDR 0xc78
66 #define PCI1_MEM_BASE 0x80000000
67 #define PCI1_MEM_SIZE 0x40000000
68 #define PCI1_IO_BASE  0xfe000000
69 #define PCI1_IO_SIZE  0x10000
70 
71 #define TYPE_PEGASOS2_MACHINE  MACHINE_TYPE_NAME("pegasos2")
72 OBJECT_DECLARE_TYPE(Pegasos2MachineState, MachineClass, PEGASOS2_MACHINE)
73 
74 struct Pegasos2MachineState {
75     MachineState parent_obj;
76     PowerPCCPU *cpu;
77     DeviceState *mv;
78     qemu_irq mv_pirq[PCI_NUM_PINS];
79     qemu_irq via_pirq[PCI_NUM_PINS];
80     Vof *vof;
81     void *fdt_blob;
82     uint64_t kernel_addr;
83     uint64_t kernel_entry;
84     uint64_t kernel_size;
85     uint64_t initrd_addr;
86     uint64_t initrd_size;
87 };
88 
89 static void *build_fdt(MachineState *machine, int *fdt_size);
90 
91 static void pegasos2_cpu_reset(void *opaque)
92 {
93     PowerPCCPU *cpu = opaque;
94     Pegasos2MachineState *pm = PEGASOS2_MACHINE(current_machine);
95 
96     cpu_reset(CPU(cpu));
97     cpu->env.spr[SPR_HID1] = 7ULL << 28;
98     if (pm->vof) {
99         cpu->env.gpr[1] = 2 * VOF_STACK_SIZE - 0x20;
100         cpu->env.nip = 0x100;
101     }
102     cpu_ppc_tb_reset(&cpu->env);
103 }
104 
105 static void pegasos2_pci_irq(void *opaque, int n, int level)
106 {
107     Pegasos2MachineState *pm = opaque;
108 
109     /* PCI interrupt lines are connected to both MV64361 and VT8231 */
110     qemu_set_irq(pm->mv_pirq[n], level);
111     qemu_set_irq(pm->via_pirq[n], level);
112 }
113 
114 static void pegasos2_init(MachineState *machine)
115 {
116     Pegasos2MachineState *pm = PEGASOS2_MACHINE(machine);
117     CPUPPCState *env;
118     MemoryRegion *rom = g_new(MemoryRegion, 1);
119     PCIBus *pci_bus;
120     Object *via;
121     PCIDevice *dev;
122     I2CBus *i2c_bus;
123     const char *fwname = machine->firmware ?: PROM_FILENAME;
124     char *filename;
125     int i;
126     ssize_t sz;
127     uint8_t *spd_data;
128 
129     /* init CPU */
130     pm->cpu = POWERPC_CPU(cpu_create(machine->cpu_type));
131     env = &pm->cpu->env;
132     if (PPC_INPUT(env) != PPC_FLAGS_INPUT_6xx) {
133         error_report("Incompatible CPU, only 6xx bus supported");
134         exit(1);
135     }
136 
137     /* Set time-base frequency */
138     cpu_ppc_tb_init(env, BUS_FREQ_HZ / 4);
139     qemu_register_reset(pegasos2_cpu_reset, pm->cpu);
140 
141     /* RAM */
142     if (machine->ram_size > 2 * GiB) {
143         error_report("RAM size more than 2 GiB is not supported");
144         exit(1);
145     }
146     memory_region_add_subregion(get_system_memory(), 0, machine->ram);
147 
148     /* allocate and load firmware */
149     filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, fwname);
150     if (!filename) {
151         error_report("Could not find firmware '%s'", fwname);
152         exit(1);
153     }
154     if (!machine->firmware && !pm->vof) {
155         pm->vof = g_malloc0(sizeof(*pm->vof));
156     }
157     memory_region_init_rom(rom, NULL, "pegasos2.rom", PROM_SIZE, &error_fatal);
158     memory_region_add_subregion(get_system_memory(), PROM_ADDR, rom);
159     sz = load_elf(filename, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 1,
160                   PPC_ELF_MACHINE, 0, 0);
161     if (sz <= 0) {
162         sz = load_image_targphys(filename, pm->vof ? 0 : PROM_ADDR, PROM_SIZE);
163     }
164     if (sz <= 0 || sz > PROM_SIZE) {
165         error_report("Could not load firmware '%s'", filename);
166         exit(1);
167     }
168     g_free(filename);
169     if (pm->vof) {
170         pm->vof->fw_size = sz;
171     }
172 
173     /* Marvell Discovery II system controller */
174     pm->mv = DEVICE(sysbus_create_simple(TYPE_MV64361, -1,
175                           qdev_get_gpio_in(DEVICE(pm->cpu), PPC6xx_INPUT_INT)));
176     for (i = 0; i < PCI_NUM_PINS; i++) {
177         pm->mv_pirq[i] = qdev_get_gpio_in_named(pm->mv, "gpp", 12 + i);
178     }
179     pci_bus = mv64361_get_pci_bus(pm->mv, 1);
180     pci_bus_irqs(pci_bus, pegasos2_pci_irq, pm, PCI_NUM_PINS);
181 
182     /* VIA VT8231 South Bridge (multifunction PCI device) */
183     via = OBJECT(pci_new_multifunction(PCI_DEVFN(12, 0), TYPE_VT8231_ISA));
184 
185     /* Set properties on individual devices before realizing the south bridge */
186     if (machine->audiodev) {
187         dev = PCI_DEVICE(object_resolve_path_component(via, "ac97"));
188         qdev_prop_set_string(DEVICE(dev), "audiodev", machine->audiodev);
189     }
190 
191     pci_realize_and_unref(PCI_DEVICE(via), pci_bus, &error_abort);
192     for (i = 0; i < PCI_NUM_PINS; i++) {
193         pm->via_pirq[i] = qdev_get_gpio_in_named(DEVICE(via), "pirq", i);
194     }
195     object_property_add_alias(OBJECT(machine), "rtc-time",
196                               object_resolve_path_component(via, "rtc"),
197                               "date");
198     qdev_connect_gpio_out_named(DEVICE(via), "intr", 0,
199                                 qdev_get_gpio_in_named(pm->mv, "gpp", 31));
200 
201     dev = PCI_DEVICE(object_resolve_path_component(via, "ide"));
202     pci_ide_create_devs(dev);
203 
204     dev = PCI_DEVICE(object_resolve_path_component(via, "pm"));
205     i2c_bus = I2C_BUS(qdev_get_child_bus(DEVICE(dev), "i2c"));
206     spd_data = spd_data_generate(DDR, machine->ram_size);
207     smbus_eeprom_init_one(i2c_bus, 0x57, spd_data);
208 
209     /* other PC hardware */
210     pci_vga_init(pci_bus);
211 
212     if (machine->kernel_filename) {
213         sz = load_elf(machine->kernel_filename, NULL, NULL, NULL,
214                       &pm->kernel_entry, &pm->kernel_addr, NULL, NULL, 1,
215                       PPC_ELF_MACHINE, 0, 0);
216         if (sz <= 0) {
217             error_report("Could not load kernel '%s'",
218                          machine->kernel_filename);
219             exit(1);
220         }
221         pm->kernel_size = sz;
222         if (!pm->vof) {
223             warn_report("Option -kernel may be ineffective with -bios.");
224         }
225     } else if (pm->vof && !qtest_enabled()) {
226         warn_report("Using Virtual OpenFirmware but no -kernel option.");
227     }
228 
229     if (machine->initrd_filename) {
230         pm->initrd_addr = pm->kernel_addr + pm->kernel_size + 64 * KiB;
231         pm->initrd_addr = ROUND_UP(pm->initrd_addr, 4);
232         pm->initrd_addr = MAX(pm->initrd_addr, INITRD_MIN_ADDR);
233         sz = load_image_targphys(machine->initrd_filename, pm->initrd_addr,
234                                  machine->ram_size - pm->initrd_addr);
235         if (sz <= 0) {
236             error_report("Could not load initrd '%s'",
237                          machine->initrd_filename);
238             exit(1);
239         }
240         pm->initrd_size = sz;
241     }
242 
243     if (!pm->vof && machine->kernel_cmdline && machine->kernel_cmdline[0]) {
244         warn_report("Option -append may be ineffective with -bios.");
245     }
246 }
247 
248 static uint32_t pegasos2_mv_reg_read(Pegasos2MachineState *pm,
249                                      uint32_t addr, uint32_t len)
250 {
251     MemoryRegion *r = sysbus_mmio_get_region(SYS_BUS_DEVICE(pm->mv), 0);
252     uint64_t val = 0xffffffffULL;
253     memory_region_dispatch_read(r, addr, &val, size_memop(len) | MO_LE,
254                                 MEMTXATTRS_UNSPECIFIED);
255     return val;
256 }
257 
258 static void pegasos2_mv_reg_write(Pegasos2MachineState *pm, uint32_t addr,
259                                   uint32_t len, uint32_t val)
260 {
261     MemoryRegion *r = sysbus_mmio_get_region(SYS_BUS_DEVICE(pm->mv), 0);
262     memory_region_dispatch_write(r, addr, val, size_memop(len) | MO_LE,
263                                  MEMTXATTRS_UNSPECIFIED);
264 }
265 
266 static uint32_t pegasos2_pci_config_read(Pegasos2MachineState *pm, int bus,
267                                          uint32_t addr, uint32_t len)
268 {
269     hwaddr pcicfg = bus ? PCI1_CFG_ADDR : PCI0_CFG_ADDR;
270     uint64_t val = 0xffffffffULL;
271 
272     if (len <= 4) {
273         pegasos2_mv_reg_write(pm, pcicfg, 4, addr | BIT(31));
274         val = pegasos2_mv_reg_read(pm, pcicfg + 4, len);
275     }
276     return val;
277 }
278 
279 static void pegasos2_pci_config_write(Pegasos2MachineState *pm, int bus,
280                                       uint32_t addr, uint32_t len, uint32_t val)
281 {
282     hwaddr pcicfg = bus ? PCI1_CFG_ADDR : PCI0_CFG_ADDR;
283 
284     pegasos2_mv_reg_write(pm, pcicfg, 4, addr | BIT(31));
285     pegasos2_mv_reg_write(pm, pcicfg + 4, len, val);
286 }
287 
288 static void pegasos2_superio_write(uint8_t addr, uint8_t val)
289 {
290     cpu_physical_memory_write(PCI1_IO_BASE + 0x3f0, &addr, 1);
291     cpu_physical_memory_write(PCI1_IO_BASE + 0x3f1, &val, 1);
292 }
293 
294 static void pegasos2_machine_reset(MachineState *machine, ResetType type)
295 {
296     Pegasos2MachineState *pm = PEGASOS2_MACHINE(machine);
297     void *fdt;
298     uint64_t d[2];
299     int sz;
300 
301     qemu_devices_reset(type);
302     if (!pm->vof) {
303         return; /* Firmware should set up machine so nothing to do */
304     }
305 
306     /* Otherwise, set up devices that board firmware would normally do */
307     pegasos2_mv_reg_write(pm, 0, 4, 0x28020ff);
308     pegasos2_mv_reg_write(pm, 0x278, 4, 0xa31fc);
309     pegasos2_mv_reg_write(pm, 0xf300, 4, 0x11ff0400);
310     pegasos2_mv_reg_write(pm, 0xf10c, 4, 0x80000000);
311     pegasos2_mv_reg_write(pm, 0x1c, 4, 0x8000000);
312     pegasos2_pci_config_write(pm, 0, PCI_COMMAND, 2, PCI_COMMAND_IO |
313                               PCI_COMMAND_MEMORY | PCI_COMMAND_MASTER);
314     pegasos2_pci_config_write(pm, 1, PCI_COMMAND, 2, PCI_COMMAND_IO |
315                               PCI_COMMAND_MEMORY | PCI_COMMAND_MASTER);
316 
317     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 0) << 8) |
318                               PCI_INTERRUPT_LINE, 2, 0x9);
319     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 0) << 8) |
320                               0x50, 1, 0x6);
321     pegasos2_superio_write(0xf4, 0xbe);
322     pegasos2_superio_write(0xf6, 0xef);
323     pegasos2_superio_write(0xf7, 0xfc);
324     pegasos2_superio_write(0xf2, 0x14);
325     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 0) << 8) |
326                               0x50, 1, 0x2);
327     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 0) << 8) |
328                               0x55, 1, 0x90);
329     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 0) << 8) |
330                               0x56, 1, 0x99);
331     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 0) << 8) |
332                               0x57, 1, 0x90);
333 
334     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 1) << 8) |
335                               PCI_INTERRUPT_LINE, 2, 0x109);
336     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 1) << 8) |
337                               PCI_CLASS_PROG, 1, 0xf);
338     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 1) << 8) |
339                               0x40, 1, 0xb);
340     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 1) << 8) |
341                               0x50, 4, 0x17171717);
342     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 1) << 8) |
343                               PCI_COMMAND, 2, 0x87);
344 
345     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 2) << 8) |
346                               PCI_INTERRUPT_LINE, 2, 0x409);
347     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 2) << 8) |
348                               PCI_COMMAND, 2, 0x7);
349 
350     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 3) << 8) |
351                               PCI_INTERRUPT_LINE, 2, 0x409);
352     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 3) << 8) |
353                               PCI_COMMAND, 2, 0x7);
354 
355     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 4) << 8) |
356                               PCI_INTERRUPT_LINE, 2, 0x9);
357     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 4) << 8) |
358                               0x48, 4, 0xf00);
359     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 4) << 8) |
360                               0x40, 4, 0x558020);
361     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 4) << 8) |
362                               0x90, 4, 0xd00);
363 
364     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 5) << 8) |
365                               PCI_INTERRUPT_LINE, 2, 0x309);
366 
367     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 6) << 8) |
368                               PCI_INTERRUPT_LINE, 2, 0x309);
369 
370     /* Device tree and VOF set up */
371     vof_init(pm->vof, machine->ram_size, &error_fatal);
372     if (vof_claim(pm->vof, 0, VOF_STACK_SIZE, VOF_STACK_SIZE) == -1) {
373         error_report("Memory allocation for stack failed");
374         exit(1);
375     }
376     if (pm->kernel_size &&
377         vof_claim(pm->vof, pm->kernel_addr, pm->kernel_size, 0) == -1) {
378         error_report("Memory for kernel is in use");
379         exit(1);
380     }
381     if (pm->initrd_size &&
382         vof_claim(pm->vof, pm->initrd_addr, pm->initrd_size, 0) == -1) {
383         error_report("Memory for initrd is in use");
384         exit(1);
385     }
386     fdt = build_fdt(machine, &sz);
387     /* FIXME: VOF assumes entry is same as load address */
388     d[0] = cpu_to_be64(pm->kernel_entry);
389     d[1] = cpu_to_be64(pm->kernel_size - (pm->kernel_entry - pm->kernel_addr));
390     qemu_fdt_setprop(fdt, "/chosen", "qemu,boot-kernel", d, sizeof(d));
391 
392     qemu_fdt_dumpdtb(fdt, fdt_totalsize(fdt));
393     g_free(pm->fdt_blob);
394     pm->fdt_blob = fdt;
395 
396     vof_build_dt(fdt, pm->vof);
397     vof_client_open_store(fdt, pm->vof, "/chosen", "stdout", "/failsafe");
398 
399     /* Set machine->fdt for 'dumpdtb' QMP/HMP command */
400     machine->fdt = fdt;
401 
402     pm->cpu->vhyp = PPC_VIRTUAL_HYPERVISOR(machine);
403     pm->cpu->vhyp_class = PPC_VIRTUAL_HYPERVISOR_GET_CLASS(pm->cpu->vhyp);
404 }
405 
406 enum pegasos2_rtas_tokens {
407     RTAS_RESTART_RTAS = 0,
408     RTAS_NVRAM_FETCH = 1,
409     RTAS_NVRAM_STORE = 2,
410     RTAS_GET_TIME_OF_DAY = 3,
411     RTAS_SET_TIME_OF_DAY = 4,
412     RTAS_EVENT_SCAN = 6,
413     RTAS_CHECK_EXCEPTION = 7,
414     RTAS_READ_PCI_CONFIG = 8,
415     RTAS_WRITE_PCI_CONFIG = 9,
416     RTAS_DISPLAY_CHARACTER = 10,
417     RTAS_SET_INDICATOR = 11,
418     RTAS_POWER_OFF = 17,
419     RTAS_SUSPEND = 18,
420     RTAS_HIBERNATE = 19,
421     RTAS_SYSTEM_REBOOT = 20,
422 };
423 
424 static target_ulong pegasos2_rtas(PowerPCCPU *cpu, Pegasos2MachineState *pm,
425                                   target_ulong args_real)
426 {
427     AddressSpace *as = CPU(cpu)->as;
428     uint32_t token = ldl_be_phys(as, args_real);
429     uint32_t nargs = ldl_be_phys(as, args_real + 4);
430     uint32_t nrets = ldl_be_phys(as, args_real + 8);
431     uint32_t args = args_real + 12;
432     uint32_t rets = args_real + 12 + nargs * 4;
433 
434     if (nrets < 1) {
435         qemu_log_mask(LOG_GUEST_ERROR, "Too few return values in RTAS call\n");
436         return H_PARAMETER;
437     }
438     switch (token) {
439     case RTAS_GET_TIME_OF_DAY:
440     {
441         QObject *qo = object_property_get_qobject(qdev_get_machine(),
442                                                   "rtc-time", &error_fatal);
443         QDict *qd = qobject_to(QDict, qo);
444 
445         if (nargs != 0 || nrets != 8 || !qd) {
446             stl_be_phys(as, rets, -1);
447             qobject_unref(qo);
448             return H_PARAMETER;
449         }
450 
451         stl_be_phys(as, rets, 0);
452         stl_be_phys(as, rets + 4, qdict_get_int(qd, "tm_year") + 1900);
453         stl_be_phys(as, rets + 8, qdict_get_int(qd, "tm_mon") + 1);
454         stl_be_phys(as, rets + 12, qdict_get_int(qd, "tm_mday"));
455         stl_be_phys(as, rets + 16, qdict_get_int(qd, "tm_hour"));
456         stl_be_phys(as, rets + 20, qdict_get_int(qd, "tm_min"));
457         stl_be_phys(as, rets + 24, qdict_get_int(qd, "tm_sec"));
458         stl_be_phys(as, rets + 28, 0);
459         qobject_unref(qo);
460         return H_SUCCESS;
461     }
462     case RTAS_READ_PCI_CONFIG:
463     {
464         uint32_t addr, len, val;
465 
466         if (nargs != 2 || nrets != 2) {
467             stl_be_phys(as, rets, -1);
468             return H_PARAMETER;
469         }
470         addr = ldl_be_phys(as, args);
471         len = ldl_be_phys(as, args + 4);
472         val = pegasos2_pci_config_read(pm, !(addr >> 24),
473                                        addr & 0x0fffffff, len);
474         stl_be_phys(as, rets, 0);
475         stl_be_phys(as, rets + 4, val);
476         return H_SUCCESS;
477     }
478     case RTAS_WRITE_PCI_CONFIG:
479     {
480         uint32_t addr, len, val;
481 
482         if (nargs != 3 || nrets != 1) {
483             stl_be_phys(as, rets, -1);
484             return H_PARAMETER;
485         }
486         addr = ldl_be_phys(as, args);
487         len = ldl_be_phys(as, args + 4);
488         val = ldl_be_phys(as, args + 8);
489         pegasos2_pci_config_write(pm, !(addr >> 24),
490                                   addr & 0x0fffffff, len, val);
491         stl_be_phys(as, rets, 0);
492         return H_SUCCESS;
493     }
494     case RTAS_DISPLAY_CHARACTER:
495         if (nargs != 1 || nrets != 1) {
496             stl_be_phys(as, rets, -1);
497             return H_PARAMETER;
498         }
499         qemu_log_mask(LOG_UNIMP, "%c", ldl_be_phys(as, args));
500         stl_be_phys(as, rets, 0);
501         return H_SUCCESS;
502     case RTAS_POWER_OFF:
503     {
504         if (nargs != 2 || nrets != 1) {
505             stl_be_phys(as, rets, -1);
506             return H_PARAMETER;
507         }
508         qemu_system_shutdown_request(SHUTDOWN_CAUSE_GUEST_SHUTDOWN);
509         stl_be_phys(as, rets, 0);
510         return H_SUCCESS;
511     }
512     default:
513         qemu_log_mask(LOG_UNIMP, "Unknown RTAS token %u (args=%u, rets=%u)\n",
514                       token, nargs, nrets);
515         stl_be_phys(as, rets, 0);
516         return H_SUCCESS;
517     }
518 }
519 
520 static bool pegasos2_cpu_in_nested(PowerPCCPU *cpu)
521 {
522     return false;
523 }
524 
525 static void pegasos2_hypercall(PPCVirtualHypervisor *vhyp, PowerPCCPU *cpu)
526 {
527     Pegasos2MachineState *pm = PEGASOS2_MACHINE(vhyp);
528     CPUPPCState *env = &cpu->env;
529 
530     /* The TCG path should also be holding the BQL at this point */
531     g_assert(bql_locked());
532 
533     if (FIELD_EX64(env->msr, MSR, PR)) {
534         qemu_log_mask(LOG_GUEST_ERROR, "Hypercall made with MSR[PR]=1\n");
535         env->gpr[3] = H_PRIVILEGE;
536     } else if (env->gpr[3] == KVMPPC_H_RTAS) {
537         env->gpr[3] = pegasos2_rtas(cpu, pm, env->gpr[4]);
538     } else if (env->gpr[3] == KVMPPC_H_VOF_CLIENT) {
539         int ret = vof_client_call(MACHINE(pm), pm->vof, pm->fdt_blob,
540                                   env->gpr[4]);
541         env->gpr[3] = (ret ? H_PARAMETER : H_SUCCESS);
542     } else {
543         qemu_log_mask(LOG_GUEST_ERROR, "Unsupported hypercall " TARGET_FMT_lx
544                       "\n", env->gpr[3]);
545         env->gpr[3] = -1;
546     }
547 }
548 
549 static void vhyp_nop(PPCVirtualHypervisor *vhyp, PowerPCCPU *cpu)
550 {
551 }
552 
553 static target_ulong vhyp_encode_hpt_for_kvm_pr(PPCVirtualHypervisor *vhyp)
554 {
555     return POWERPC_CPU(current_cpu)->env.spr[SPR_SDR1];
556 }
557 
558 static bool pegasos2_setprop(MachineState *ms, const char *path,
559                              const char *propname, void *val, int vallen)
560 {
561     return true;
562 }
563 
564 static void pegasos2_machine_class_init(ObjectClass *oc, void *data)
565 {
566     MachineClass *mc = MACHINE_CLASS(oc);
567     PPCVirtualHypervisorClass *vhc = PPC_VIRTUAL_HYPERVISOR_CLASS(oc);
568     VofMachineIfClass *vmc = VOF_MACHINE_CLASS(oc);
569 
570     mc->desc = "Genesi/bPlan Pegasos II";
571     mc->init = pegasos2_init;
572     mc->reset = pegasos2_machine_reset;
573     mc->block_default_type = IF_IDE;
574     mc->default_boot_order = "cd";
575     mc->default_display = "std";
576     mc->default_cpu_type = POWERPC_CPU_TYPE_NAME("7457_v1.2");
577     mc->default_ram_id = "pegasos2.ram";
578     mc->default_ram_size = 512 * MiB;
579     machine_add_audiodev_property(mc);
580 
581     vhc->cpu_in_nested = pegasos2_cpu_in_nested;
582     vhc->hypercall = pegasos2_hypercall;
583     vhc->cpu_exec_enter = vhyp_nop;
584     vhc->cpu_exec_exit = vhyp_nop;
585     vhc->encode_hpt_for_kvm_pr = vhyp_encode_hpt_for_kvm_pr;
586 
587     vmc->setprop = pegasos2_setprop;
588 }
589 
590 static const TypeInfo pegasos2_machine_info = {
591     .name          = TYPE_PEGASOS2_MACHINE,
592     .parent        = TYPE_MACHINE,
593     .class_init    = pegasos2_machine_class_init,
594     .instance_size = sizeof(Pegasos2MachineState),
595     .interfaces = (InterfaceInfo[]) {
596         { TYPE_PPC_VIRTUAL_HYPERVISOR },
597         { TYPE_VOF_MACHINE_IF },
598         { }
599     },
600 };
601 
602 static void pegasos2_machine_register_types(void)
603 {
604     type_register_static(&pegasos2_machine_info);
605 }
606 
607 type_init(pegasos2_machine_register_types)
608 
609 /* FDT creation for passing to firmware */
610 
611 typedef struct {
612     void *fdt;
613     const char *path;
614 } FDTInfo;
615 
616 /* We do everything in reverse order so it comes out right in the tree */
617 
618 static void dt_ide(PCIBus *bus, PCIDevice *d, FDTInfo *fi)
619 {
620     qemu_fdt_setprop_string(fi->fdt, fi->path, "device_type", "spi");
621 }
622 
623 static void dt_usb(PCIBus *bus, PCIDevice *d, FDTInfo *fi)
624 {
625     qemu_fdt_setprop_cell(fi->fdt, fi->path, "#size-cells", 0);
626     qemu_fdt_setprop_cell(fi->fdt, fi->path, "#address-cells", 1);
627     qemu_fdt_setprop_string(fi->fdt, fi->path, "device_type", "usb");
628 }
629 
630 static void dt_isa(PCIBus *bus, PCIDevice *d, FDTInfo *fi)
631 {
632     GString *name = g_string_sized_new(64);
633     uint32_t cells[3];
634 
635     qemu_fdt_setprop_cell(fi->fdt, fi->path, "#size-cells", 1);
636     qemu_fdt_setprop_cell(fi->fdt, fi->path, "#address-cells", 2);
637     qemu_fdt_setprop_string(fi->fdt, fi->path, "device_type", "isa");
638     qemu_fdt_setprop_string(fi->fdt, fi->path, "name", "isa");
639 
640     /* additional devices */
641     g_string_printf(name, "%s/lpt@i3bc", fi->path);
642     qemu_fdt_add_subnode(fi->fdt, name->str);
643     qemu_fdt_setprop_cell(fi->fdt, name->str, "clock-frequency", 0);
644     cells[0] = cpu_to_be32(7);
645     cells[1] = 0;
646     qemu_fdt_setprop(fi->fdt, name->str, "interrupts",
647                      cells, 2 * sizeof(cells[0]));
648     cells[0] = cpu_to_be32(1);
649     cells[1] = cpu_to_be32(0x3bc);
650     cells[2] = cpu_to_be32(8);
651     qemu_fdt_setprop(fi->fdt, name->str, "reg", cells, 3 * sizeof(cells[0]));
652     qemu_fdt_setprop_string(fi->fdt, name->str, "device_type", "lpt");
653     qemu_fdt_setprop_string(fi->fdt, name->str, "name", "lpt");
654 
655     g_string_printf(name, "%s/fdc@i3f0", fi->path);
656     qemu_fdt_add_subnode(fi->fdt, name->str);
657     qemu_fdt_setprop_cell(fi->fdt, name->str, "clock-frequency", 0);
658     cells[0] = cpu_to_be32(6);
659     cells[1] = 0;
660     qemu_fdt_setprop(fi->fdt, name->str, "interrupts",
661                      cells, 2 * sizeof(cells[0]));
662     cells[0] = cpu_to_be32(1);
663     cells[1] = cpu_to_be32(0x3f0);
664     cells[2] = cpu_to_be32(8);
665     qemu_fdt_setprop(fi->fdt, name->str, "reg", cells, 3 * sizeof(cells[0]));
666     qemu_fdt_setprop_string(fi->fdt, name->str, "device_type", "fdc");
667     qemu_fdt_setprop_string(fi->fdt, name->str, "name", "fdc");
668 
669     g_string_printf(name, "%s/timer@i40", fi->path);
670     qemu_fdt_add_subnode(fi->fdt, name->str);
671     qemu_fdt_setprop_cell(fi->fdt, name->str, "clock-frequency", 0);
672     cells[0] = cpu_to_be32(1);
673     cells[1] = cpu_to_be32(0x40);
674     cells[2] = cpu_to_be32(8);
675     qemu_fdt_setprop(fi->fdt, name->str, "reg", cells, 3 * sizeof(cells[0]));
676     qemu_fdt_setprop_string(fi->fdt, name->str, "device_type", "timer");
677     qemu_fdt_setprop_string(fi->fdt, name->str, "name", "timer");
678 
679     g_string_printf(name, "%s/rtc@i70", fi->path);
680     qemu_fdt_add_subnode(fi->fdt, name->str);
681     qemu_fdt_setprop_string(fi->fdt, name->str, "compatible", "ds1385-rtc");
682     qemu_fdt_setprop_cell(fi->fdt, name->str, "clock-frequency", 0);
683     cells[0] = cpu_to_be32(8);
684     cells[1] = 0;
685     qemu_fdt_setprop(fi->fdt, name->str, "interrupts",
686                      cells, 2 * sizeof(cells[0]));
687     cells[0] = cpu_to_be32(1);
688     cells[1] = cpu_to_be32(0x70);
689     cells[2] = cpu_to_be32(2);
690     qemu_fdt_setprop(fi->fdt, name->str, "reg", cells, 3 * sizeof(cells[0]));
691     qemu_fdt_setprop_string(fi->fdt, name->str, "device_type", "rtc");
692     qemu_fdt_setprop_string(fi->fdt, name->str, "name", "rtc");
693 
694     g_string_printf(name, "%s/keyboard@i60", fi->path);
695     qemu_fdt_add_subnode(fi->fdt, name->str);
696     cells[0] = cpu_to_be32(1);
697     cells[1] = 0;
698     qemu_fdt_setprop(fi->fdt, name->str, "interrupts",
699                      cells, 2 * sizeof(cells[0]));
700     cells[0] = cpu_to_be32(1);
701     cells[1] = cpu_to_be32(0x60);
702     cells[2] = cpu_to_be32(5);
703     qemu_fdt_setprop(fi->fdt, name->str, "reg", cells, 3 * sizeof(cells[0]));
704     qemu_fdt_setprop_string(fi->fdt, name->str, "device_type", "keyboard");
705     qemu_fdt_setprop_string(fi->fdt, name->str, "name", "keyboard");
706 
707     g_string_printf(name, "%s/8042@i60", fi->path);
708     qemu_fdt_add_subnode(fi->fdt, name->str);
709     qemu_fdt_setprop_cell(fi->fdt, name->str, "#interrupt-cells", 2);
710     qemu_fdt_setprop_cell(fi->fdt, name->str, "#size-cells", 0);
711     qemu_fdt_setprop_cell(fi->fdt, name->str, "#address-cells", 1);
712     qemu_fdt_setprop_string(fi->fdt, name->str, "interrupt-controller", "");
713     qemu_fdt_setprop_cell(fi->fdt, name->str, "clock-frequency", 0);
714     cells[0] = cpu_to_be32(1);
715     cells[1] = cpu_to_be32(0x60);
716     cells[2] = cpu_to_be32(5);
717     qemu_fdt_setprop(fi->fdt, name->str, "reg", cells, 3 * sizeof(cells[0]));
718     qemu_fdt_setprop_string(fi->fdt, name->str, "device_type", "");
719     qemu_fdt_setprop_string(fi->fdt, name->str, "name", "8042");
720 
721     g_string_printf(name, "%s/serial@i2f8", fi->path);
722     qemu_fdt_add_subnode(fi->fdt, name->str);
723     qemu_fdt_setprop_cell(fi->fdt, name->str, "clock-frequency", 0);
724     cells[0] = cpu_to_be32(3);
725     cells[1] = 0;
726     qemu_fdt_setprop(fi->fdt, name->str, "interrupts",
727                      cells, 2 * sizeof(cells[0]));
728     cells[0] = cpu_to_be32(1);
729     cells[1] = cpu_to_be32(0x2f8);
730     cells[2] = cpu_to_be32(8);
731     qemu_fdt_setprop(fi->fdt, name->str, "reg", cells, 3 * sizeof(cells[0]));
732     qemu_fdt_setprop_string(fi->fdt, name->str, "device_type", "serial");
733     qemu_fdt_setprop_string(fi->fdt, name->str, "name", "serial");
734 
735     g_string_free(name, TRUE);
736 }
737 
738 static struct {
739     const char *id;
740     const char *name;
741     void (*dtf)(PCIBus *bus, PCIDevice *d, FDTInfo *fi);
742 } device_map[] = {
743     { "pci11ab,6460", "host", NULL },
744     { "pci1106,8231", "isa", dt_isa },
745     { "pci1106,571", "ide", dt_ide },
746     { "pci1106,3044", "firewire", NULL },
747     { "pci1106,3038", "usb", dt_usb },
748     { "pci1106,8235", "other", NULL },
749     { "pci1106,3058", "sound", NULL },
750     { NULL, NULL }
751 };
752 
753 static void add_pci_device(PCIBus *bus, PCIDevice *d, void *opaque)
754 {
755     FDTInfo *fi = opaque;
756     GString *node = g_string_new(NULL);
757     uint32_t cells[(PCI_NUM_REGIONS + 1) * 5];
758     int i, j;
759     const char *name = NULL;
760     g_autofree const gchar *pn = g_strdup_printf("pci%x,%x",
761                                      pci_get_word(&d->config[PCI_VENDOR_ID]),
762                                      pci_get_word(&d->config[PCI_DEVICE_ID]));
763 
764     if (pci_get_word(&d->config[PCI_CLASS_DEVICE])  ==
765         PCI_CLASS_NETWORK_ETHERNET) {
766         name = "ethernet";
767     } else if (pci_get_word(&d->config[PCI_CLASS_DEVICE]) >> 8 ==
768         PCI_BASE_CLASS_DISPLAY) {
769         name = "display";
770     }
771     for (i = 0; device_map[i].id; i++) {
772         if (!strcmp(pn, device_map[i].id)) {
773             name = device_map[i].name;
774             break;
775         }
776     }
777     g_string_printf(node, "%s/%s@%x", fi->path, (name ?: pn),
778                     PCI_SLOT(d->devfn));
779     if (PCI_FUNC(d->devfn)) {
780         g_string_append_printf(node, ",%x", PCI_FUNC(d->devfn));
781     }
782 
783     qemu_fdt_add_subnode(fi->fdt, node->str);
784     if (device_map[i].dtf) {
785         FDTInfo cfi = { fi->fdt, node->str };
786         device_map[i].dtf(bus, d, &cfi);
787     }
788     cells[0] = cpu_to_be32(d->devfn << 8);
789     cells[1] = 0;
790     cells[2] = 0;
791     cells[3] = 0;
792     cells[4] = 0;
793     j = 5;
794     for (i = 0; i < PCI_NUM_REGIONS; i++) {
795         if (!d->io_regions[i].size) {
796             continue;
797         }
798         cells[j] = PCI_BASE_ADDRESS_0 + i * 4;
799         if (cells[j] == 0x28) {
800             cells[j] = 0x30;
801         }
802         cells[j] = cpu_to_be32(d->devfn << 8 | cells[j]);
803         if (d->io_regions[i].type & PCI_BASE_ADDRESS_SPACE_IO) {
804             cells[j] |= cpu_to_be32(1 << 24);
805         } else {
806             if (d->io_regions[i].type & PCI_BASE_ADDRESS_MEM_TYPE_64) {
807                 cells[j] |= cpu_to_be32(3 << 24);
808             } else {
809                 cells[j] |= cpu_to_be32(2 << 24);
810             }
811             if (d->io_regions[i].type & PCI_BASE_ADDRESS_MEM_PREFETCH) {
812                 cells[j] |= cpu_to_be32(4 << 28);
813             }
814         }
815         cells[j + 1] = 0;
816         cells[j + 2] = 0;
817         cells[j + 3] = cpu_to_be32(d->io_regions[i].size >> 32);
818         cells[j + 4] = cpu_to_be32(d->io_regions[i].size);
819         j += 5;
820     }
821     qemu_fdt_setprop(fi->fdt, node->str, "reg", cells, j * sizeof(cells[0]));
822     qemu_fdt_setprop_string(fi->fdt, node->str, "name", name ?: pn);
823     if (pci_get_byte(&d->config[PCI_INTERRUPT_PIN])) {
824         qemu_fdt_setprop_cell(fi->fdt, node->str, "interrupts",
825                               pci_get_byte(&d->config[PCI_INTERRUPT_PIN]));
826     }
827     /* Pegasos2 firmware has subsystem-id amd subsystem-vendor-id swapped */
828     qemu_fdt_setprop_cell(fi->fdt, node->str, "subsystem-vendor-id",
829                           pci_get_word(&d->config[PCI_SUBSYSTEM_ID]));
830     qemu_fdt_setprop_cell(fi->fdt, node->str, "subsystem-id",
831                           pci_get_word(&d->config[PCI_SUBSYSTEM_VENDOR_ID]));
832     cells[0] = pci_get_long(&d->config[PCI_CLASS_REVISION]);
833     qemu_fdt_setprop_cell(fi->fdt, node->str, "class-code", cells[0] >> 8);
834     qemu_fdt_setprop_cell(fi->fdt, node->str, "revision-id", cells[0] & 0xff);
835     qemu_fdt_setprop_cell(fi->fdt, node->str, "device-id",
836                           pci_get_word(&d->config[PCI_DEVICE_ID]));
837     qemu_fdt_setprop_cell(fi->fdt, node->str, "vendor-id",
838                           pci_get_word(&d->config[PCI_VENDOR_ID]));
839 
840     g_string_free(node, TRUE);
841 }
842 
843 static void *build_fdt(MachineState *machine, int *fdt_size)
844 {
845     Pegasos2MachineState *pm = PEGASOS2_MACHINE(machine);
846     PowerPCCPU *cpu = pm->cpu;
847     PCIBus *pci_bus;
848     FDTInfo fi;
849     uint32_t cells[16];
850     void *fdt = create_device_tree(fdt_size);
851 
852     fi.fdt = fdt;
853 
854     /* root node */
855     qemu_fdt_setprop_string(fdt, "/", "CODEGEN,description",
856                             "Pegasos CHRP PowerPC System");
857     qemu_fdt_setprop_string(fdt, "/", "CODEGEN,board", "Pegasos2");
858     qemu_fdt_setprop_string(fdt, "/", "CODEGEN,vendor", "bplan GmbH");
859     qemu_fdt_setprop_string(fdt, "/", "revision", "2B");
860     qemu_fdt_setprop_string(fdt, "/", "model", "Pegasos2");
861     qemu_fdt_setprop_string(fdt, "/", "device_type", "chrp");
862     qemu_fdt_setprop_cell(fdt, "/", "#address-cells", 1);
863     qemu_fdt_setprop_string(fdt, "/", "name", "bplan,Pegasos2");
864 
865     /* pci@c0000000 */
866     qemu_fdt_add_subnode(fdt, "/pci@c0000000");
867     cells[0] = 0;
868     cells[1] = 0;
869     qemu_fdt_setprop(fdt, "/pci@c0000000", "bus-range",
870                      cells, 2 * sizeof(cells[0]));
871     qemu_fdt_setprop_cell(fdt, "/pci@c0000000", "pci-bridge-number", 1);
872     cells[0] = cpu_to_be32(PCI0_MEM_BASE);
873     cells[1] = cpu_to_be32(PCI0_MEM_SIZE);
874     qemu_fdt_setprop(fdt, "/pci@c0000000", "reg", cells, 2 * sizeof(cells[0]));
875     cells[0] = cpu_to_be32(0x01000000);
876     cells[1] = 0;
877     cells[2] = 0;
878     cells[3] = cpu_to_be32(PCI0_IO_BASE);
879     cells[4] = 0;
880     cells[5] = cpu_to_be32(PCI0_IO_SIZE);
881     cells[6] = cpu_to_be32(0x02000000);
882     cells[7] = 0;
883     cells[8] = cpu_to_be32(PCI0_MEM_BASE);
884     cells[9] = cpu_to_be32(PCI0_MEM_BASE);
885     cells[10] = 0;
886     cells[11] = cpu_to_be32(PCI0_MEM_SIZE);
887     qemu_fdt_setprop(fdt, "/pci@c0000000", "ranges",
888                      cells, 12 * sizeof(cells[0]));
889     qemu_fdt_setprop_cell(fdt, "/pci@c0000000", "#size-cells", 2);
890     qemu_fdt_setprop_cell(fdt, "/pci@c0000000", "#address-cells", 3);
891     qemu_fdt_setprop_string(fdt, "/pci@c0000000", "device_type", "pci");
892     qemu_fdt_setprop_string(fdt, "/pci@c0000000", "name", "pci");
893 
894     fi.path = "/pci@c0000000";
895     pci_bus = mv64361_get_pci_bus(pm->mv, 0);
896     pci_for_each_device_reverse(pci_bus, 0, add_pci_device, &fi);
897 
898     /* pci@80000000 */
899     qemu_fdt_add_subnode(fdt, "/pci@80000000");
900     cells[0] = 0;
901     cells[1] = 0;
902     qemu_fdt_setprop(fdt, "/pci@80000000", "bus-range",
903                      cells, 2 * sizeof(cells[0]));
904     qemu_fdt_setprop_cell(fdt, "/pci@80000000", "pci-bridge-number", 0);
905     cells[0] = cpu_to_be32(PCI1_MEM_BASE);
906     cells[1] = cpu_to_be32(PCI1_MEM_SIZE);
907     qemu_fdt_setprop(fdt, "/pci@80000000", "reg", cells, 2 * sizeof(cells[0]));
908     qemu_fdt_setprop_cell(fdt, "/pci@80000000", "8259-interrupt-acknowledge",
909                           0xf1000cb4);
910     cells[0] = cpu_to_be32(0x01000000);
911     cells[1] = 0;
912     cells[2] = 0;
913     cells[3] = cpu_to_be32(PCI1_IO_BASE);
914     cells[4] = 0;
915     cells[5] = cpu_to_be32(PCI1_IO_SIZE);
916     cells[6] = cpu_to_be32(0x02000000);
917     cells[7] = 0;
918     cells[8] = cpu_to_be32(PCI1_MEM_BASE);
919     cells[9] = cpu_to_be32(PCI1_MEM_BASE);
920     cells[10] = 0;
921     cells[11] = cpu_to_be32(PCI1_MEM_SIZE);
922     qemu_fdt_setprop(fdt, "/pci@80000000", "ranges",
923                      cells, 12 * sizeof(cells[0]));
924     qemu_fdt_setprop_cell(fdt, "/pci@80000000", "#size-cells", 2);
925     qemu_fdt_setprop_cell(fdt, "/pci@80000000", "#address-cells", 3);
926     qemu_fdt_setprop_string(fdt, "/pci@80000000", "device_type", "pci");
927     qemu_fdt_setprop_string(fdt, "/pci@80000000", "name", "pci");
928 
929     fi.path = "/pci@80000000";
930     pci_bus = mv64361_get_pci_bus(pm->mv, 1);
931     pci_for_each_device_reverse(pci_bus, 0, add_pci_device, &fi);
932 
933     qemu_fdt_add_subnode(fdt, "/failsafe");
934     qemu_fdt_setprop_string(fdt, "/failsafe", "device_type", "serial");
935     qemu_fdt_setprop_string(fdt, "/failsafe", "name", "failsafe");
936 
937     qemu_fdt_add_subnode(fdt, "/rtas");
938     qemu_fdt_setprop_cell(fdt, "/rtas", "system-reboot", RTAS_SYSTEM_REBOOT);
939     qemu_fdt_setprop_cell(fdt, "/rtas", "hibernate", RTAS_HIBERNATE);
940     qemu_fdt_setprop_cell(fdt, "/rtas", "suspend", RTAS_SUSPEND);
941     qemu_fdt_setprop_cell(fdt, "/rtas", "power-off", RTAS_POWER_OFF);
942     qemu_fdt_setprop_cell(fdt, "/rtas", "set-indicator", RTAS_SET_INDICATOR);
943     qemu_fdt_setprop_cell(fdt, "/rtas", "display-character",
944                           RTAS_DISPLAY_CHARACTER);
945     qemu_fdt_setprop_cell(fdt, "/rtas", "write-pci-config",
946                           RTAS_WRITE_PCI_CONFIG);
947     qemu_fdt_setprop_cell(fdt, "/rtas", "read-pci-config",
948                           RTAS_READ_PCI_CONFIG);
949     /* Pegasos2 firmware misspells check-exception and guests use that */
950     qemu_fdt_setprop_cell(fdt, "/rtas", "check-execption",
951                           RTAS_CHECK_EXCEPTION);
952     qemu_fdt_setprop_cell(fdt, "/rtas", "event-scan", RTAS_EVENT_SCAN);
953     qemu_fdt_setprop_cell(fdt, "/rtas", "set-time-of-day",
954                           RTAS_SET_TIME_OF_DAY);
955     qemu_fdt_setprop_cell(fdt, "/rtas", "get-time-of-day",
956                           RTAS_GET_TIME_OF_DAY);
957     qemu_fdt_setprop_cell(fdt, "/rtas", "nvram-store", RTAS_NVRAM_STORE);
958     qemu_fdt_setprop_cell(fdt, "/rtas", "nvram-fetch", RTAS_NVRAM_FETCH);
959     qemu_fdt_setprop_cell(fdt, "/rtas", "restart-rtas", RTAS_RESTART_RTAS);
960     qemu_fdt_setprop_cell(fdt, "/rtas", "rtas-error-log-max", 0);
961     qemu_fdt_setprop_cell(fdt, "/rtas", "rtas-event-scan-rate", 0);
962     qemu_fdt_setprop_cell(fdt, "/rtas", "rtas-display-device", 0);
963     qemu_fdt_setprop_cell(fdt, "/rtas", "rtas-size", 20);
964     qemu_fdt_setprop_cell(fdt, "/rtas", "rtas-version", 1);
965     qemu_fdt_setprop_string(fdt, "/rtas", "name", "rtas");
966 
967     /* cpus */
968     qemu_fdt_add_subnode(fdt, "/cpus");
969     qemu_fdt_setprop_cell(fdt, "/cpus", "#cpus", 1);
970     qemu_fdt_setprop_cell(fdt, "/cpus", "#address-cells", 1);
971     qemu_fdt_setprop_cell(fdt, "/cpus", "#size-cells", 0);
972     qemu_fdt_setprop_string(fdt, "/cpus", "name", "cpus");
973 
974     /* FIXME Get CPU name from CPU object */
975     const char *cp = "/cpus/PowerPC,G4";
976     qemu_fdt_add_subnode(fdt, cp);
977     qemu_fdt_setprop_cell(fdt, cp, "l2cr", 0);
978     qemu_fdt_setprop_cell(fdt, cp, "d-cache-size", 0x8000);
979     qemu_fdt_setprop_cell(fdt, cp, "d-cache-block-size",
980                           cpu->env.dcache_line_size);
981     qemu_fdt_setprop_cell(fdt, cp, "d-cache-line-size",
982                           cpu->env.dcache_line_size);
983     qemu_fdt_setprop_cell(fdt, cp, "i-cache-size", 0x8000);
984     qemu_fdt_setprop_cell(fdt, cp, "i-cache-block-size",
985                           cpu->env.icache_line_size);
986     qemu_fdt_setprop_cell(fdt, cp, "i-cache-line-size",
987                           cpu->env.icache_line_size);
988     if (ppc_is_split_tlb(cpu)) {
989         qemu_fdt_setprop_cell(fdt, cp, "i-tlb-sets", cpu->env.nb_ways);
990         qemu_fdt_setprop_cell(fdt, cp, "i-tlb-size", cpu->env.tlb_per_way);
991         qemu_fdt_setprop_cell(fdt, cp, "d-tlb-sets", cpu->env.nb_ways);
992         qemu_fdt_setprop_cell(fdt, cp, "d-tlb-size", cpu->env.tlb_per_way);
993         qemu_fdt_setprop_string(fdt, cp, "tlb-split", "");
994     }
995     qemu_fdt_setprop_cell(fdt, cp, "tlb-sets", cpu->env.nb_ways);
996     qemu_fdt_setprop_cell(fdt, cp, "tlb-size", cpu->env.nb_tlb);
997     qemu_fdt_setprop_string(fdt, cp, "state", "running");
998     if (cpu->env.insns_flags & PPC_ALTIVEC) {
999         qemu_fdt_setprop_string(fdt, cp, "altivec", "");
1000         qemu_fdt_setprop_string(fdt, cp, "data-streams", "");
1001     }
1002     /*
1003      * FIXME What flags do data-streams, external-control and
1004      * performance-monitor depend on?
1005      */
1006     qemu_fdt_setprop_string(fdt, cp, "external-control", "");
1007     if (cpu->env.insns_flags & PPC_FLOAT_FSQRT) {
1008         qemu_fdt_setprop_string(fdt, cp, "general-purpose", "");
1009     }
1010     qemu_fdt_setprop_string(fdt, cp, "performance-monitor", "");
1011     if (cpu->env.insns_flags & PPC_FLOAT_FRES) {
1012         qemu_fdt_setprop_string(fdt, cp, "graphics", "");
1013     }
1014     qemu_fdt_setprop_cell(fdt, cp, "reservation-granule-size", 4);
1015     qemu_fdt_setprop_cell(fdt, cp, "timebase-frequency",
1016                           cpu->env.tb_env->tb_freq);
1017     qemu_fdt_setprop_cell(fdt, cp, "bus-frequency", BUS_FREQ_HZ);
1018     qemu_fdt_setprop_cell(fdt, cp, "clock-frequency", BUS_FREQ_HZ * 7.5);
1019     qemu_fdt_setprop_cell(fdt, cp, "cpu-version", cpu->env.spr[SPR_PVR]);
1020     cells[0] = 0;
1021     cells[1] = 0;
1022     qemu_fdt_setprop(fdt, cp, "reg", cells, 2 * sizeof(cells[0]));
1023     qemu_fdt_setprop_string(fdt, cp, "device_type", "cpu");
1024     qemu_fdt_setprop_string(fdt, cp, "name", strrchr(cp, '/') + 1);
1025 
1026     /* memory */
1027     qemu_fdt_add_subnode(fdt, "/memory@0");
1028     cells[0] = 0;
1029     cells[1] = cpu_to_be32(machine->ram_size);
1030     qemu_fdt_setprop(fdt, "/memory@0", "reg", cells, 2 * sizeof(cells[0]));
1031     qemu_fdt_setprop_string(fdt, "/memory@0", "device_type", "memory");
1032     qemu_fdt_setprop_string(fdt, "/memory@0", "name", "memory");
1033 
1034     qemu_fdt_add_subnode(fdt, "/chosen");
1035     if (pm->initrd_addr && pm->initrd_size) {
1036         qemu_fdt_setprop_cell(fdt, "/chosen", "linux,initrd-end",
1037                               pm->initrd_addr + pm->initrd_size);
1038         qemu_fdt_setprop_cell(fdt, "/chosen", "linux,initrd-start",
1039                               pm->initrd_addr);
1040     }
1041     qemu_fdt_setprop_string(fdt, "/chosen", "bootargs",
1042                             machine->kernel_cmdline ?: "");
1043     qemu_fdt_setprop_string(fdt, "/chosen", "name", "chosen");
1044 
1045     qemu_fdt_add_subnode(fdt, "/openprom");
1046     qemu_fdt_setprop_string(fdt, "/openprom", "model", "Pegasos2,1.1");
1047 
1048     return fdt;
1049 }
1050