xref: /openbmc/qemu/hw/ppc/pegasos2.c (revision 90bb6d67)
1 /*
2  * QEMU PowerPC CHRP (Genesi/bPlan Pegasos II) hardware System Emulator
3  *
4  * Copyright (c) 2018-2021 BALATON Zoltan
5  *
6  * This work is licensed under the GNU GPL license version 2 or later.
7  *
8  */
9 
10 #include "qemu/osdep.h"
11 #include "qemu/units.h"
12 #include "qapi/error.h"
13 #include "hw/ppc/ppc.h"
14 #include "hw/sysbus.h"
15 #include "hw/pci/pci_host.h"
16 #include "hw/irq.h"
17 #include "hw/pci-host/mv64361.h"
18 #include "hw/isa/vt82c686.h"
19 #include "hw/ide/pci.h"
20 #include "hw/i2c/smbus_eeprom.h"
21 #include "hw/qdev-properties.h"
22 #include "sysemu/reset.h"
23 #include "sysemu/runstate.h"
24 #include "sysemu/qtest.h"
25 #include "hw/boards.h"
26 #include "hw/loader.h"
27 #include "hw/fw-path-provider.h"
28 #include "elf.h"
29 #include "qemu/log.h"
30 #include "qemu/error-report.h"
31 #include "sysemu/kvm.h"
32 #include "kvm_ppc.h"
33 #include "exec/address-spaces.h"
34 #include "qom/qom-qobject.h"
35 #include "qapi/qmp/qdict.h"
36 #include "trace.h"
37 #include "qemu/datadir.h"
38 #include "sysemu/device_tree.h"
39 #include "hw/ppc/vof.h"
40 
41 #include <libfdt.h>
42 
43 #define PROM_FILENAME "vof.bin"
44 #define PROM_ADDR     0xfff00000
45 #define PROM_SIZE     0x80000
46 
47 #define INITRD_MIN_ADDR 0x600000
48 
49 #define KVMPPC_HCALL_BASE    0xf000
50 #define KVMPPC_H_RTAS        (KVMPPC_HCALL_BASE + 0x0)
51 #define KVMPPC_H_VOF_CLIENT  (KVMPPC_HCALL_BASE + 0x5)
52 
53 #define H_SUCCESS     0
54 #define H_PRIVILEGE  -3  /* Caller not privileged */
55 #define H_PARAMETER  -4  /* Parameter invalid, out-of-range or conflicting */
56 
57 #define BUS_FREQ_HZ 133333333
58 
59 #define PCI0_CFG_ADDR 0xcf8
60 #define PCI0_MEM_BASE 0xc0000000
61 #define PCI0_MEM_SIZE 0x20000000
62 #define PCI0_IO_BASE  0xf8000000
63 #define PCI0_IO_SIZE  0x10000
64 
65 #define PCI1_CFG_ADDR 0xc78
66 #define PCI1_MEM_BASE 0x80000000
67 #define PCI1_MEM_SIZE 0x40000000
68 #define PCI1_IO_BASE  0xfe000000
69 #define PCI1_IO_SIZE  0x10000
70 
71 #define TYPE_PEGASOS2_MACHINE  MACHINE_TYPE_NAME("pegasos2")
72 OBJECT_DECLARE_TYPE(Pegasos2MachineState, MachineClass, PEGASOS2_MACHINE)
73 
74 struct Pegasos2MachineState {
75     MachineState parent_obj;
76     PowerPCCPU *cpu;
77     DeviceState *mv;
78     qemu_irq mv_pirq[PCI_NUM_PINS];
79     qemu_irq via_pirq[PCI_NUM_PINS];
80     Vof *vof;
81     void *fdt_blob;
82     uint64_t kernel_addr;
83     uint64_t kernel_entry;
84     uint64_t kernel_size;
85     uint64_t initrd_addr;
86     uint64_t initrd_size;
87 };
88 
89 static void *build_fdt(MachineState *machine, int *fdt_size);
90 
91 static void pegasos2_cpu_reset(void *opaque)
92 {
93     PowerPCCPU *cpu = opaque;
94     Pegasos2MachineState *pm = PEGASOS2_MACHINE(current_machine);
95 
96     cpu_reset(CPU(cpu));
97     cpu->env.spr[SPR_HID1] = 7ULL << 28;
98     if (pm->vof) {
99         cpu->env.gpr[1] = 2 * VOF_STACK_SIZE - 0x20;
100         cpu->env.nip = 0x100;
101     }
102     cpu_ppc_tb_reset(&cpu->env);
103 }
104 
105 static void pegasos2_pci_irq(void *opaque, int n, int level)
106 {
107     Pegasos2MachineState *pm = opaque;
108 
109     /* PCI interrupt lines are connected to both MV64361 and VT8231 */
110     qemu_set_irq(pm->mv_pirq[n], level);
111     qemu_set_irq(pm->via_pirq[n], level);
112 }
113 
114 static void pegasos2_init(MachineState *machine)
115 {
116     Pegasos2MachineState *pm = PEGASOS2_MACHINE(machine);
117     CPUPPCState *env;
118     MemoryRegion *rom = g_new(MemoryRegion, 1);
119     PCIBus *pci_bus;
120     Object *via;
121     PCIDevice *dev;
122     I2CBus *i2c_bus;
123     const char *fwname = machine->firmware ?: PROM_FILENAME;
124     char *filename;
125     int i;
126     ssize_t sz;
127     uint8_t *spd_data;
128 
129     /* init CPU */
130     pm->cpu = POWERPC_CPU(cpu_create(machine->cpu_type));
131     env = &pm->cpu->env;
132     if (PPC_INPUT(env) != PPC_FLAGS_INPUT_6xx) {
133         error_report("Incompatible CPU, only 6xx bus supported");
134         exit(1);
135     }
136 
137     /* Set time-base frequency */
138     cpu_ppc_tb_init(env, BUS_FREQ_HZ / 4);
139     qemu_register_reset(pegasos2_cpu_reset, pm->cpu);
140 
141     /* RAM */
142     if (machine->ram_size > 2 * GiB) {
143         error_report("RAM size more than 2 GiB is not supported");
144         exit(1);
145     }
146     memory_region_add_subregion(get_system_memory(), 0, machine->ram);
147 
148     /* allocate and load firmware */
149     filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, fwname);
150     if (!filename) {
151         error_report("Could not find firmware '%s'", fwname);
152         exit(1);
153     }
154     if (!machine->firmware && !pm->vof) {
155         pm->vof = g_malloc0(sizeof(*pm->vof));
156     }
157     memory_region_init_rom(rom, NULL, "pegasos2.rom", PROM_SIZE, &error_fatal);
158     memory_region_add_subregion(get_system_memory(), PROM_ADDR, rom);
159     sz = load_elf(filename, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 1,
160                   PPC_ELF_MACHINE, 0, 0);
161     if (sz <= 0) {
162         sz = load_image_targphys(filename, pm->vof ? 0 : PROM_ADDR, PROM_SIZE);
163     }
164     if (sz <= 0 || sz > PROM_SIZE) {
165         error_report("Could not load firmware '%s'", filename);
166         exit(1);
167     }
168     g_free(filename);
169     if (pm->vof) {
170         pm->vof->fw_size = sz;
171     }
172 
173     /* Marvell Discovery II system controller */
174     pm->mv = DEVICE(sysbus_create_simple(TYPE_MV64361, -1,
175                           qdev_get_gpio_in(DEVICE(pm->cpu), PPC6xx_INPUT_INT)));
176     for (i = 0; i < PCI_NUM_PINS; i++) {
177         pm->mv_pirq[i] = qdev_get_gpio_in_named(pm->mv, "gpp", 12 + i);
178     }
179     pci_bus = mv64361_get_pci_bus(pm->mv, 1);
180     pci_bus_irqs(pci_bus, pegasos2_pci_irq, pm, PCI_NUM_PINS);
181 
182     /* VIA VT8231 South Bridge (multifunction PCI device) */
183     via = OBJECT(pci_new_multifunction(PCI_DEVFN(12, 0), TYPE_VT8231_ISA));
184 
185     /* Set properties on individual devices before realizing the south bridge */
186     if (machine->audiodev) {
187         dev = PCI_DEVICE(object_resolve_path_component(via, "ac97"));
188         qdev_prop_set_string(DEVICE(dev), "audiodev", machine->audiodev);
189     }
190 
191     pci_realize_and_unref(PCI_DEVICE(via), pci_bus, &error_abort);
192     for (i = 0; i < PCI_NUM_PINS; i++) {
193         pm->via_pirq[i] = qdev_get_gpio_in_named(DEVICE(via), "pirq", i);
194     }
195     object_property_add_alias(OBJECT(machine), "rtc-time",
196                               object_resolve_path_component(via, "rtc"),
197                               "date");
198     qdev_connect_gpio_out(DEVICE(via), 0,
199                           qdev_get_gpio_in_named(pm->mv, "gpp", 31));
200 
201     dev = PCI_DEVICE(object_resolve_path_component(via, "ide"));
202     pci_ide_create_devs(dev);
203 
204     dev = PCI_DEVICE(object_resolve_path_component(via, "pm"));
205     i2c_bus = I2C_BUS(qdev_get_child_bus(DEVICE(dev), "i2c"));
206     spd_data = spd_data_generate(DDR, machine->ram_size);
207     smbus_eeprom_init_one(i2c_bus, 0x57, spd_data);
208 
209     /* other PC hardware */
210     pci_vga_init(pci_bus);
211 
212     if (machine->kernel_filename) {
213         sz = load_elf(machine->kernel_filename, NULL, NULL, NULL,
214                       &pm->kernel_entry, &pm->kernel_addr, NULL, NULL, 1,
215                       PPC_ELF_MACHINE, 0, 0);
216         if (sz <= 0) {
217             error_report("Could not load kernel '%s'",
218                          machine->kernel_filename);
219             exit(1);
220         }
221         pm->kernel_size = sz;
222         if (!pm->vof) {
223             warn_report("Option -kernel may be ineffective with -bios.");
224         }
225     } else if (pm->vof && !qtest_enabled()) {
226         warn_report("Using Virtual OpenFirmware but no -kernel option.");
227     }
228 
229     if (machine->initrd_filename) {
230         pm->initrd_addr = pm->kernel_addr + pm->kernel_size + 64 * KiB;
231         pm->initrd_addr = ROUND_UP(pm->initrd_addr, 4);
232         pm->initrd_addr = MAX(pm->initrd_addr, INITRD_MIN_ADDR);
233         sz = load_image_targphys(machine->initrd_filename, pm->initrd_addr,
234                                  machine->ram_size - pm->initrd_addr);
235         if (sz <= 0) {
236             error_report("Could not load initrd '%s'",
237                          machine->initrd_filename);
238             exit(1);
239         }
240         pm->initrd_size = sz;
241     }
242 
243     if (!pm->vof && machine->kernel_cmdline && machine->kernel_cmdline[0]) {
244         warn_report("Option -append may be ineffective with -bios.");
245     }
246 }
247 
248 static uint32_t pegasos2_mv_reg_read(Pegasos2MachineState *pm,
249                                      uint32_t addr, uint32_t len)
250 {
251     MemoryRegion *r = sysbus_mmio_get_region(SYS_BUS_DEVICE(pm->mv), 0);
252     uint64_t val = 0xffffffffULL;
253     memory_region_dispatch_read(r, addr, &val, size_memop(len) | MO_LE,
254                                 MEMTXATTRS_UNSPECIFIED);
255     return val;
256 }
257 
258 static void pegasos2_mv_reg_write(Pegasos2MachineState *pm, uint32_t addr,
259                                   uint32_t len, uint32_t val)
260 {
261     MemoryRegion *r = sysbus_mmio_get_region(SYS_BUS_DEVICE(pm->mv), 0);
262     memory_region_dispatch_write(r, addr, val, size_memop(len) | MO_LE,
263                                  MEMTXATTRS_UNSPECIFIED);
264 }
265 
266 static uint32_t pegasos2_pci_config_read(Pegasos2MachineState *pm, int bus,
267                                          uint32_t addr, uint32_t len)
268 {
269     hwaddr pcicfg = bus ? PCI1_CFG_ADDR : PCI0_CFG_ADDR;
270     uint64_t val = 0xffffffffULL;
271 
272     if (len <= 4) {
273         pegasos2_mv_reg_write(pm, pcicfg, 4, addr | BIT(31));
274         val = pegasos2_mv_reg_read(pm, pcicfg + 4, len);
275     }
276     return val;
277 }
278 
279 static void pegasos2_pci_config_write(Pegasos2MachineState *pm, int bus,
280                                       uint32_t addr, uint32_t len, uint32_t val)
281 {
282     hwaddr pcicfg = bus ? PCI1_CFG_ADDR : PCI0_CFG_ADDR;
283 
284     pegasos2_mv_reg_write(pm, pcicfg, 4, addr | BIT(31));
285     pegasos2_mv_reg_write(pm, pcicfg + 4, len, val);
286 }
287 
288 static void pegasos2_machine_reset(MachineState *machine, ShutdownCause reason)
289 {
290     Pegasos2MachineState *pm = PEGASOS2_MACHINE(machine);
291     void *fdt;
292     uint64_t d[2];
293     int sz;
294 
295     qemu_devices_reset(reason);
296     if (!pm->vof) {
297         return; /* Firmware should set up machine so nothing to do */
298     }
299 
300     /* Otherwise, set up devices that board firmware would normally do */
301     pegasos2_mv_reg_write(pm, 0, 4, 0x28020ff);
302     pegasos2_mv_reg_write(pm, 0x278, 4, 0xa31fc);
303     pegasos2_mv_reg_write(pm, 0xf300, 4, 0x11ff0400);
304     pegasos2_mv_reg_write(pm, 0xf10c, 4, 0x80000000);
305     pegasos2_mv_reg_write(pm, 0x1c, 4, 0x8000000);
306     pegasos2_pci_config_write(pm, 0, PCI_COMMAND, 2, PCI_COMMAND_IO |
307                               PCI_COMMAND_MEMORY | PCI_COMMAND_MASTER);
308     pegasos2_pci_config_write(pm, 1, PCI_COMMAND, 2, PCI_COMMAND_IO |
309                               PCI_COMMAND_MEMORY | PCI_COMMAND_MASTER);
310 
311     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 0) << 8) |
312                               PCI_INTERRUPT_LINE, 2, 0x9);
313     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 0) << 8) |
314                               0x50, 1, 0x2);
315     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 0) << 8) |
316                               0x55, 1, 0x90);
317     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 0) << 8) |
318                               0x56, 1, 0x99);
319     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 0) << 8) |
320                               0x57, 1, 0x90);
321 
322     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 1) << 8) |
323                               PCI_INTERRUPT_LINE, 2, 0x109);
324     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 1) << 8) |
325                               PCI_CLASS_PROG, 1, 0xf);
326     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 1) << 8) |
327                               0x40, 1, 0xb);
328     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 1) << 8) |
329                               0x50, 4, 0x17171717);
330     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 1) << 8) |
331                               PCI_COMMAND, 2, 0x87);
332 
333     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 2) << 8) |
334                               PCI_INTERRUPT_LINE, 2, 0x409);
335     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 2) << 8) |
336                               PCI_COMMAND, 2, 0x7);
337 
338     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 3) << 8) |
339                               PCI_INTERRUPT_LINE, 2, 0x409);
340     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 3) << 8) |
341                               PCI_COMMAND, 2, 0x7);
342 
343     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 4) << 8) |
344                               PCI_INTERRUPT_LINE, 2, 0x9);
345     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 4) << 8) |
346                               0x48, 4, 0xf00);
347     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 4) << 8) |
348                               0x40, 4, 0x558020);
349     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 4) << 8) |
350                               0x90, 4, 0xd00);
351 
352     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 5) << 8) |
353                               PCI_INTERRUPT_LINE, 2, 0x309);
354 
355     pegasos2_pci_config_write(pm, 1, (PCI_DEVFN(12, 6) << 8) |
356                               PCI_INTERRUPT_LINE, 2, 0x309);
357 
358     /* Device tree and VOF set up */
359     vof_init(pm->vof, machine->ram_size, &error_fatal);
360     if (vof_claim(pm->vof, 0, VOF_STACK_SIZE, VOF_STACK_SIZE) == -1) {
361         error_report("Memory allocation for stack failed");
362         exit(1);
363     }
364     if (pm->kernel_size &&
365         vof_claim(pm->vof, pm->kernel_addr, pm->kernel_size, 0) == -1) {
366         error_report("Memory for kernel is in use");
367         exit(1);
368     }
369     if (pm->initrd_size &&
370         vof_claim(pm->vof, pm->initrd_addr, pm->initrd_size, 0) == -1) {
371         error_report("Memory for initrd is in use");
372         exit(1);
373     }
374     fdt = build_fdt(machine, &sz);
375     /* FIXME: VOF assumes entry is same as load address */
376     d[0] = cpu_to_be64(pm->kernel_entry);
377     d[1] = cpu_to_be64(pm->kernel_size - (pm->kernel_entry - pm->kernel_addr));
378     qemu_fdt_setprop(fdt, "/chosen", "qemu,boot-kernel", d, sizeof(d));
379 
380     qemu_fdt_dumpdtb(fdt, fdt_totalsize(fdt));
381     g_free(pm->fdt_blob);
382     pm->fdt_blob = fdt;
383 
384     vof_build_dt(fdt, pm->vof);
385     vof_client_open_store(fdt, pm->vof, "/chosen", "stdout", "/failsafe");
386 
387     /* Set machine->fdt for 'dumpdtb' QMP/HMP command */
388     machine->fdt = fdt;
389 
390     pm->cpu->vhyp = PPC_VIRTUAL_HYPERVISOR(machine);
391 }
392 
393 enum pegasos2_rtas_tokens {
394     RTAS_RESTART_RTAS = 0,
395     RTAS_NVRAM_FETCH = 1,
396     RTAS_NVRAM_STORE = 2,
397     RTAS_GET_TIME_OF_DAY = 3,
398     RTAS_SET_TIME_OF_DAY = 4,
399     RTAS_EVENT_SCAN = 6,
400     RTAS_CHECK_EXCEPTION = 7,
401     RTAS_READ_PCI_CONFIG = 8,
402     RTAS_WRITE_PCI_CONFIG = 9,
403     RTAS_DISPLAY_CHARACTER = 10,
404     RTAS_SET_INDICATOR = 11,
405     RTAS_POWER_OFF = 17,
406     RTAS_SUSPEND = 18,
407     RTAS_HIBERNATE = 19,
408     RTAS_SYSTEM_REBOOT = 20,
409 };
410 
411 static target_ulong pegasos2_rtas(PowerPCCPU *cpu, Pegasos2MachineState *pm,
412                                   target_ulong args_real)
413 {
414     AddressSpace *as = CPU(cpu)->as;
415     uint32_t token = ldl_be_phys(as, args_real);
416     uint32_t nargs = ldl_be_phys(as, args_real + 4);
417     uint32_t nrets = ldl_be_phys(as, args_real + 8);
418     uint32_t args = args_real + 12;
419     uint32_t rets = args_real + 12 + nargs * 4;
420 
421     if (nrets < 1) {
422         qemu_log_mask(LOG_GUEST_ERROR, "Too few return values in RTAS call\n");
423         return H_PARAMETER;
424     }
425     switch (token) {
426     case RTAS_GET_TIME_OF_DAY:
427     {
428         QObject *qo = object_property_get_qobject(qdev_get_machine(),
429                                                   "rtc-time", &error_fatal);
430         QDict *qd = qobject_to(QDict, qo);
431 
432         if (nargs != 0 || nrets != 8 || !qd) {
433             stl_be_phys(as, rets, -1);
434             qobject_unref(qo);
435             return H_PARAMETER;
436         }
437 
438         stl_be_phys(as, rets, 0);
439         stl_be_phys(as, rets + 4, qdict_get_int(qd, "tm_year") + 1900);
440         stl_be_phys(as, rets + 8, qdict_get_int(qd, "tm_mon") + 1);
441         stl_be_phys(as, rets + 12, qdict_get_int(qd, "tm_mday"));
442         stl_be_phys(as, rets + 16, qdict_get_int(qd, "tm_hour"));
443         stl_be_phys(as, rets + 20, qdict_get_int(qd, "tm_min"));
444         stl_be_phys(as, rets + 24, qdict_get_int(qd, "tm_sec"));
445         stl_be_phys(as, rets + 28, 0);
446         qobject_unref(qo);
447         return H_SUCCESS;
448     }
449     case RTAS_READ_PCI_CONFIG:
450     {
451         uint32_t addr, len, val;
452 
453         if (nargs != 2 || nrets != 2) {
454             stl_be_phys(as, rets, -1);
455             return H_PARAMETER;
456         }
457         addr = ldl_be_phys(as, args);
458         len = ldl_be_phys(as, args + 4);
459         val = pegasos2_pci_config_read(pm, !(addr >> 24),
460                                        addr & 0x0fffffff, len);
461         stl_be_phys(as, rets, 0);
462         stl_be_phys(as, rets + 4, val);
463         return H_SUCCESS;
464     }
465     case RTAS_WRITE_PCI_CONFIG:
466     {
467         uint32_t addr, len, val;
468 
469         if (nargs != 3 || nrets != 1) {
470             stl_be_phys(as, rets, -1);
471             return H_PARAMETER;
472         }
473         addr = ldl_be_phys(as, args);
474         len = ldl_be_phys(as, args + 4);
475         val = ldl_be_phys(as, args + 8);
476         pegasos2_pci_config_write(pm, !(addr >> 24),
477                                   addr & 0x0fffffff, len, val);
478         stl_be_phys(as, rets, 0);
479         return H_SUCCESS;
480     }
481     case RTAS_DISPLAY_CHARACTER:
482         if (nargs != 1 || nrets != 1) {
483             stl_be_phys(as, rets, -1);
484             return H_PARAMETER;
485         }
486         qemu_log_mask(LOG_UNIMP, "%c", ldl_be_phys(as, args));
487         stl_be_phys(as, rets, 0);
488         return H_SUCCESS;
489     case RTAS_POWER_OFF:
490     {
491         if (nargs != 2 || nrets != 1) {
492             stl_be_phys(as, rets, -1);
493             return H_PARAMETER;
494         }
495         qemu_system_shutdown_request(SHUTDOWN_CAUSE_GUEST_SHUTDOWN);
496         stl_be_phys(as, rets, 0);
497         return H_SUCCESS;
498     }
499     default:
500         qemu_log_mask(LOG_UNIMP, "Unknown RTAS token %u (args=%u, rets=%u)\n",
501                       token, nargs, nrets);
502         stl_be_phys(as, rets, 0);
503         return H_SUCCESS;
504     }
505 }
506 
507 static bool pegasos2_cpu_in_nested(PowerPCCPU *cpu)
508 {
509     return false;
510 }
511 
512 static void pegasos2_hypercall(PPCVirtualHypervisor *vhyp, PowerPCCPU *cpu)
513 {
514     Pegasos2MachineState *pm = PEGASOS2_MACHINE(vhyp);
515     CPUPPCState *env = &cpu->env;
516 
517     /* The TCG path should also be holding the BQL at this point */
518     g_assert(qemu_mutex_iothread_locked());
519 
520     if (FIELD_EX64(env->msr, MSR, PR)) {
521         qemu_log_mask(LOG_GUEST_ERROR, "Hypercall made with MSR[PR]=1\n");
522         env->gpr[3] = H_PRIVILEGE;
523     } else if (env->gpr[3] == KVMPPC_H_RTAS) {
524         env->gpr[3] = pegasos2_rtas(cpu, pm, env->gpr[4]);
525     } else if (env->gpr[3] == KVMPPC_H_VOF_CLIENT) {
526         int ret = vof_client_call(MACHINE(pm), pm->vof, pm->fdt_blob,
527                                   env->gpr[4]);
528         env->gpr[3] = (ret ? H_PARAMETER : H_SUCCESS);
529     } else {
530         qemu_log_mask(LOG_GUEST_ERROR, "Unsupported hypercall " TARGET_FMT_lx
531                       "\n", env->gpr[3]);
532         env->gpr[3] = -1;
533     }
534 }
535 
536 static void vhyp_nop(PPCVirtualHypervisor *vhyp, PowerPCCPU *cpu)
537 {
538 }
539 
540 static target_ulong vhyp_encode_hpt_for_kvm_pr(PPCVirtualHypervisor *vhyp)
541 {
542     return POWERPC_CPU(current_cpu)->env.spr[SPR_SDR1];
543 }
544 
545 static bool pegasos2_setprop(MachineState *ms, const char *path,
546                              const char *propname, void *val, int vallen)
547 {
548     return true;
549 }
550 
551 static void pegasos2_machine_class_init(ObjectClass *oc, void *data)
552 {
553     MachineClass *mc = MACHINE_CLASS(oc);
554     PPCVirtualHypervisorClass *vhc = PPC_VIRTUAL_HYPERVISOR_CLASS(oc);
555     VofMachineIfClass *vmc = VOF_MACHINE_CLASS(oc);
556 
557     mc->desc = "Genesi/bPlan Pegasos II";
558     mc->init = pegasos2_init;
559     mc->reset = pegasos2_machine_reset;
560     mc->block_default_type = IF_IDE;
561     mc->default_boot_order = "cd";
562     mc->default_display = "std";
563     mc->default_cpu_type = POWERPC_CPU_TYPE_NAME("7457_v1.2");
564     mc->default_ram_id = "pegasos2.ram";
565     mc->default_ram_size = 512 * MiB;
566     machine_add_audiodev_property(mc);
567 
568     vhc->cpu_in_nested = pegasos2_cpu_in_nested;
569     vhc->hypercall = pegasos2_hypercall;
570     vhc->cpu_exec_enter = vhyp_nop;
571     vhc->cpu_exec_exit = vhyp_nop;
572     vhc->encode_hpt_for_kvm_pr = vhyp_encode_hpt_for_kvm_pr;
573 
574     vmc->setprop = pegasos2_setprop;
575 }
576 
577 static const TypeInfo pegasos2_machine_info = {
578     .name          = TYPE_PEGASOS2_MACHINE,
579     .parent        = TYPE_MACHINE,
580     .class_init    = pegasos2_machine_class_init,
581     .instance_size = sizeof(Pegasos2MachineState),
582     .interfaces = (InterfaceInfo[]) {
583         { TYPE_PPC_VIRTUAL_HYPERVISOR },
584         { TYPE_VOF_MACHINE_IF },
585         { }
586     },
587 };
588 
589 static void pegasos2_machine_register_types(void)
590 {
591     type_register_static(&pegasos2_machine_info);
592 }
593 
594 type_init(pegasos2_machine_register_types)
595 
596 /* FDT creation for passing to firmware */
597 
598 typedef struct {
599     void *fdt;
600     const char *path;
601 } FDTInfo;
602 
603 /* We do everything in reverse order so it comes out right in the tree */
604 
605 static void dt_ide(PCIBus *bus, PCIDevice *d, FDTInfo *fi)
606 {
607     qemu_fdt_setprop_string(fi->fdt, fi->path, "device_type", "spi");
608 }
609 
610 static void dt_usb(PCIBus *bus, PCIDevice *d, FDTInfo *fi)
611 {
612     qemu_fdt_setprop_cell(fi->fdt, fi->path, "#size-cells", 0);
613     qemu_fdt_setprop_cell(fi->fdt, fi->path, "#address-cells", 1);
614     qemu_fdt_setprop_string(fi->fdt, fi->path, "device_type", "usb");
615 }
616 
617 static void dt_isa(PCIBus *bus, PCIDevice *d, FDTInfo *fi)
618 {
619     GString *name = g_string_sized_new(64);
620     uint32_t cells[3];
621 
622     qemu_fdt_setprop_cell(fi->fdt, fi->path, "#size-cells", 1);
623     qemu_fdt_setprop_cell(fi->fdt, fi->path, "#address-cells", 2);
624     qemu_fdt_setprop_string(fi->fdt, fi->path, "device_type", "isa");
625     qemu_fdt_setprop_string(fi->fdt, fi->path, "name", "isa");
626 
627     /* additional devices */
628     g_string_printf(name, "%s/lpt@i3bc", fi->path);
629     qemu_fdt_add_subnode(fi->fdt, name->str);
630     qemu_fdt_setprop_cell(fi->fdt, name->str, "clock-frequency", 0);
631     cells[0] = cpu_to_be32(7);
632     cells[1] = 0;
633     qemu_fdt_setprop(fi->fdt, name->str, "interrupts",
634                      cells, 2 * sizeof(cells[0]));
635     cells[0] = cpu_to_be32(1);
636     cells[1] = cpu_to_be32(0x3bc);
637     cells[2] = cpu_to_be32(8);
638     qemu_fdt_setprop(fi->fdt, name->str, "reg", cells, 3 * sizeof(cells[0]));
639     qemu_fdt_setprop_string(fi->fdt, name->str, "device_type", "lpt");
640     qemu_fdt_setprop_string(fi->fdt, name->str, "name", "lpt");
641 
642     g_string_printf(name, "%s/fdc@i3f0", fi->path);
643     qemu_fdt_add_subnode(fi->fdt, name->str);
644     qemu_fdt_setprop_cell(fi->fdt, name->str, "clock-frequency", 0);
645     cells[0] = cpu_to_be32(6);
646     cells[1] = 0;
647     qemu_fdt_setprop(fi->fdt, name->str, "interrupts",
648                      cells, 2 * sizeof(cells[0]));
649     cells[0] = cpu_to_be32(1);
650     cells[1] = cpu_to_be32(0x3f0);
651     cells[2] = cpu_to_be32(8);
652     qemu_fdt_setprop(fi->fdt, name->str, "reg", cells, 3 * sizeof(cells[0]));
653     qemu_fdt_setprop_string(fi->fdt, name->str, "device_type", "fdc");
654     qemu_fdt_setprop_string(fi->fdt, name->str, "name", "fdc");
655 
656     g_string_printf(name, "%s/timer@i40", fi->path);
657     qemu_fdt_add_subnode(fi->fdt, name->str);
658     qemu_fdt_setprop_cell(fi->fdt, name->str, "clock-frequency", 0);
659     cells[0] = cpu_to_be32(1);
660     cells[1] = cpu_to_be32(0x40);
661     cells[2] = cpu_to_be32(8);
662     qemu_fdt_setprop(fi->fdt, name->str, "reg", cells, 3 * sizeof(cells[0]));
663     qemu_fdt_setprop_string(fi->fdt, name->str, "device_type", "timer");
664     qemu_fdt_setprop_string(fi->fdt, name->str, "name", "timer");
665 
666     g_string_printf(name, "%s/rtc@i70", fi->path);
667     qemu_fdt_add_subnode(fi->fdt, name->str);
668     qemu_fdt_setprop_string(fi->fdt, name->str, "compatible", "ds1385-rtc");
669     qemu_fdt_setprop_cell(fi->fdt, name->str, "clock-frequency", 0);
670     cells[0] = cpu_to_be32(8);
671     cells[1] = 0;
672     qemu_fdt_setprop(fi->fdt, name->str, "interrupts",
673                      cells, 2 * sizeof(cells[0]));
674     cells[0] = cpu_to_be32(1);
675     cells[1] = cpu_to_be32(0x70);
676     cells[2] = cpu_to_be32(2);
677     qemu_fdt_setprop(fi->fdt, name->str, "reg", cells, 3 * sizeof(cells[0]));
678     qemu_fdt_setprop_string(fi->fdt, name->str, "device_type", "rtc");
679     qemu_fdt_setprop_string(fi->fdt, name->str, "name", "rtc");
680 
681     g_string_printf(name, "%s/keyboard@i60", fi->path);
682     qemu_fdt_add_subnode(fi->fdt, name->str);
683     cells[0] = cpu_to_be32(1);
684     cells[1] = 0;
685     qemu_fdt_setprop(fi->fdt, name->str, "interrupts",
686                      cells, 2 * sizeof(cells[0]));
687     cells[0] = cpu_to_be32(1);
688     cells[1] = cpu_to_be32(0x60);
689     cells[2] = cpu_to_be32(5);
690     qemu_fdt_setprop(fi->fdt, name->str, "reg", cells, 3 * sizeof(cells[0]));
691     qemu_fdt_setprop_string(fi->fdt, name->str, "device_type", "keyboard");
692     qemu_fdt_setprop_string(fi->fdt, name->str, "name", "keyboard");
693 
694     g_string_printf(name, "%s/8042@i60", fi->path);
695     qemu_fdt_add_subnode(fi->fdt, name->str);
696     qemu_fdt_setprop_cell(fi->fdt, name->str, "#interrupt-cells", 2);
697     qemu_fdt_setprop_cell(fi->fdt, name->str, "#size-cells", 0);
698     qemu_fdt_setprop_cell(fi->fdt, name->str, "#address-cells", 1);
699     qemu_fdt_setprop_string(fi->fdt, name->str, "interrupt-controller", "");
700     qemu_fdt_setprop_cell(fi->fdt, name->str, "clock-frequency", 0);
701     cells[0] = cpu_to_be32(1);
702     cells[1] = cpu_to_be32(0x60);
703     cells[2] = cpu_to_be32(5);
704     qemu_fdt_setprop(fi->fdt, name->str, "reg", cells, 3 * sizeof(cells[0]));
705     qemu_fdt_setprop_string(fi->fdt, name->str, "device_type", "");
706     qemu_fdt_setprop_string(fi->fdt, name->str, "name", "8042");
707 
708     g_string_printf(name, "%s/serial@i2f8", fi->path);
709     qemu_fdt_add_subnode(fi->fdt, name->str);
710     qemu_fdt_setprop_cell(fi->fdt, name->str, "clock-frequency", 0);
711     cells[0] = cpu_to_be32(3);
712     cells[1] = 0;
713     qemu_fdt_setprop(fi->fdt, name->str, "interrupts",
714                      cells, 2 * sizeof(cells[0]));
715     cells[0] = cpu_to_be32(1);
716     cells[1] = cpu_to_be32(0x2f8);
717     cells[2] = cpu_to_be32(8);
718     qemu_fdt_setprop(fi->fdt, name->str, "reg", cells, 3 * sizeof(cells[0]));
719     qemu_fdt_setprop_string(fi->fdt, name->str, "device_type", "serial");
720     qemu_fdt_setprop_string(fi->fdt, name->str, "name", "serial");
721 
722     g_string_free(name, TRUE);
723 }
724 
725 static struct {
726     const char *id;
727     const char *name;
728     void (*dtf)(PCIBus *bus, PCIDevice *d, FDTInfo *fi);
729 } device_map[] = {
730     { "pci11ab,6460", "host", NULL },
731     { "pci1106,8231", "isa", dt_isa },
732     { "pci1106,571", "ide", dt_ide },
733     { "pci1106,3044", "firewire", NULL },
734     { "pci1106,3038", "usb", dt_usb },
735     { "pci1106,8235", "other", NULL },
736     { "pci1106,3058", "sound", NULL },
737     { NULL, NULL }
738 };
739 
740 static void add_pci_device(PCIBus *bus, PCIDevice *d, void *opaque)
741 {
742     FDTInfo *fi = opaque;
743     GString *node = g_string_new(NULL);
744     uint32_t cells[(PCI_NUM_REGIONS + 1) * 5];
745     int i, j;
746     const char *name = NULL;
747     g_autofree const gchar *pn = g_strdup_printf("pci%x,%x",
748                                      pci_get_word(&d->config[PCI_VENDOR_ID]),
749                                      pci_get_word(&d->config[PCI_DEVICE_ID]));
750 
751     if (pci_get_word(&d->config[PCI_CLASS_DEVICE])  ==
752         PCI_CLASS_NETWORK_ETHERNET) {
753         name = "ethernet";
754     } else if (pci_get_word(&d->config[PCI_CLASS_DEVICE]) >> 8 ==
755         PCI_BASE_CLASS_DISPLAY) {
756         name = "display";
757     }
758     for (i = 0; device_map[i].id; i++) {
759         if (!strcmp(pn, device_map[i].id)) {
760             name = device_map[i].name;
761             break;
762         }
763     }
764     g_string_printf(node, "%s/%s@%x", fi->path, (name ?: pn),
765                     PCI_SLOT(d->devfn));
766     if (PCI_FUNC(d->devfn)) {
767         g_string_append_printf(node, ",%x", PCI_FUNC(d->devfn));
768     }
769 
770     qemu_fdt_add_subnode(fi->fdt, node->str);
771     if (device_map[i].dtf) {
772         FDTInfo cfi = { fi->fdt, node->str };
773         device_map[i].dtf(bus, d, &cfi);
774     }
775     cells[0] = cpu_to_be32(d->devfn << 8);
776     cells[1] = 0;
777     cells[2] = 0;
778     cells[3] = 0;
779     cells[4] = 0;
780     j = 5;
781     for (i = 0; i < PCI_NUM_REGIONS; i++) {
782         if (!d->io_regions[i].size) {
783             continue;
784         }
785         cells[j] = PCI_BASE_ADDRESS_0 + i * 4;
786         if (cells[j] == 0x28) {
787             cells[j] = 0x30;
788         }
789         cells[j] = cpu_to_be32(d->devfn << 8 | cells[j]);
790         if (d->io_regions[i].type & PCI_BASE_ADDRESS_SPACE_IO) {
791             cells[j] |= cpu_to_be32(1 << 24);
792         } else {
793             if (d->io_regions[i].type & PCI_BASE_ADDRESS_MEM_TYPE_64) {
794                 cells[j] |= cpu_to_be32(3 << 24);
795             } else {
796                 cells[j] |= cpu_to_be32(2 << 24);
797             }
798             if (d->io_regions[i].type & PCI_BASE_ADDRESS_MEM_PREFETCH) {
799                 cells[j] |= cpu_to_be32(4 << 28);
800             }
801         }
802         cells[j + 1] = 0;
803         cells[j + 2] = 0;
804         cells[j + 3] = cpu_to_be32(d->io_regions[i].size >> 32);
805         cells[j + 4] = cpu_to_be32(d->io_regions[i].size);
806         j += 5;
807     }
808     qemu_fdt_setprop(fi->fdt, node->str, "reg", cells, j * sizeof(cells[0]));
809     qemu_fdt_setprop_string(fi->fdt, node->str, "name", name ?: pn);
810     if (pci_get_byte(&d->config[PCI_INTERRUPT_PIN])) {
811         qemu_fdt_setprop_cell(fi->fdt, node->str, "interrupts",
812                               pci_get_byte(&d->config[PCI_INTERRUPT_PIN]));
813     }
814     /* Pegasos2 firmware has subsystem-id amd subsystem-vendor-id swapped */
815     qemu_fdt_setprop_cell(fi->fdt, node->str, "subsystem-vendor-id",
816                           pci_get_word(&d->config[PCI_SUBSYSTEM_ID]));
817     qemu_fdt_setprop_cell(fi->fdt, node->str, "subsystem-id",
818                           pci_get_word(&d->config[PCI_SUBSYSTEM_VENDOR_ID]));
819     cells[0] = pci_get_long(&d->config[PCI_CLASS_REVISION]);
820     qemu_fdt_setprop_cell(fi->fdt, node->str, "class-code", cells[0] >> 8);
821     qemu_fdt_setprop_cell(fi->fdt, node->str, "revision-id", cells[0] & 0xff);
822     qemu_fdt_setprop_cell(fi->fdt, node->str, "device-id",
823                           pci_get_word(&d->config[PCI_DEVICE_ID]));
824     qemu_fdt_setprop_cell(fi->fdt, node->str, "vendor-id",
825                           pci_get_word(&d->config[PCI_VENDOR_ID]));
826 
827     g_string_free(node, TRUE);
828 }
829 
830 static void *build_fdt(MachineState *machine, int *fdt_size)
831 {
832     Pegasos2MachineState *pm = PEGASOS2_MACHINE(machine);
833     PowerPCCPU *cpu = pm->cpu;
834     PCIBus *pci_bus;
835     FDTInfo fi;
836     uint32_t cells[16];
837     void *fdt = create_device_tree(fdt_size);
838 
839     fi.fdt = fdt;
840 
841     /* root node */
842     qemu_fdt_setprop_string(fdt, "/", "CODEGEN,description",
843                             "Pegasos CHRP PowerPC System");
844     qemu_fdt_setprop_string(fdt, "/", "CODEGEN,board", "Pegasos2");
845     qemu_fdt_setprop_string(fdt, "/", "CODEGEN,vendor", "bplan GmbH");
846     qemu_fdt_setprop_string(fdt, "/", "revision", "2B");
847     qemu_fdt_setprop_string(fdt, "/", "model", "Pegasos2");
848     qemu_fdt_setprop_string(fdt, "/", "device_type", "chrp");
849     qemu_fdt_setprop_cell(fdt, "/", "#address-cells", 1);
850     qemu_fdt_setprop_string(fdt, "/", "name", "bplan,Pegasos2");
851 
852     /* pci@c0000000 */
853     qemu_fdt_add_subnode(fdt, "/pci@c0000000");
854     cells[0] = 0;
855     cells[1] = 0;
856     qemu_fdt_setprop(fdt, "/pci@c0000000", "bus-range",
857                      cells, 2 * sizeof(cells[0]));
858     qemu_fdt_setprop_cell(fdt, "/pci@c0000000", "pci-bridge-number", 1);
859     cells[0] = cpu_to_be32(PCI0_MEM_BASE);
860     cells[1] = cpu_to_be32(PCI0_MEM_SIZE);
861     qemu_fdt_setprop(fdt, "/pci@c0000000", "reg", cells, 2 * sizeof(cells[0]));
862     cells[0] = cpu_to_be32(0x01000000);
863     cells[1] = 0;
864     cells[2] = 0;
865     cells[3] = cpu_to_be32(PCI0_IO_BASE);
866     cells[4] = 0;
867     cells[5] = cpu_to_be32(PCI0_IO_SIZE);
868     cells[6] = cpu_to_be32(0x02000000);
869     cells[7] = 0;
870     cells[8] = cpu_to_be32(PCI0_MEM_BASE);
871     cells[9] = cpu_to_be32(PCI0_MEM_BASE);
872     cells[10] = 0;
873     cells[11] = cpu_to_be32(PCI0_MEM_SIZE);
874     qemu_fdt_setprop(fdt, "/pci@c0000000", "ranges",
875                      cells, 12 * sizeof(cells[0]));
876     qemu_fdt_setprop_cell(fdt, "/pci@c0000000", "#size-cells", 2);
877     qemu_fdt_setprop_cell(fdt, "/pci@c0000000", "#address-cells", 3);
878     qemu_fdt_setprop_string(fdt, "/pci@c0000000", "device_type", "pci");
879     qemu_fdt_setprop_string(fdt, "/pci@c0000000", "name", "pci");
880 
881     fi.path = "/pci@c0000000";
882     pci_bus = mv64361_get_pci_bus(pm->mv, 0);
883     pci_for_each_device_reverse(pci_bus, 0, add_pci_device, &fi);
884 
885     /* pci@80000000 */
886     qemu_fdt_add_subnode(fdt, "/pci@80000000");
887     cells[0] = 0;
888     cells[1] = 0;
889     qemu_fdt_setprop(fdt, "/pci@80000000", "bus-range",
890                      cells, 2 * sizeof(cells[0]));
891     qemu_fdt_setprop_cell(fdt, "/pci@80000000", "pci-bridge-number", 0);
892     cells[0] = cpu_to_be32(PCI1_MEM_BASE);
893     cells[1] = cpu_to_be32(PCI1_MEM_SIZE);
894     qemu_fdt_setprop(fdt, "/pci@80000000", "reg", cells, 2 * sizeof(cells[0]));
895     qemu_fdt_setprop_cell(fdt, "/pci@80000000", "8259-interrupt-acknowledge",
896                           0xf1000cb4);
897     cells[0] = cpu_to_be32(0x01000000);
898     cells[1] = 0;
899     cells[2] = 0;
900     cells[3] = cpu_to_be32(PCI1_IO_BASE);
901     cells[4] = 0;
902     cells[5] = cpu_to_be32(PCI1_IO_SIZE);
903     cells[6] = cpu_to_be32(0x02000000);
904     cells[7] = 0;
905     cells[8] = cpu_to_be32(PCI1_MEM_BASE);
906     cells[9] = cpu_to_be32(PCI1_MEM_BASE);
907     cells[10] = 0;
908     cells[11] = cpu_to_be32(PCI1_MEM_SIZE);
909     qemu_fdt_setprop(fdt, "/pci@80000000", "ranges",
910                      cells, 12 * sizeof(cells[0]));
911     qemu_fdt_setprop_cell(fdt, "/pci@80000000", "#size-cells", 2);
912     qemu_fdt_setprop_cell(fdt, "/pci@80000000", "#address-cells", 3);
913     qemu_fdt_setprop_string(fdt, "/pci@80000000", "device_type", "pci");
914     qemu_fdt_setprop_string(fdt, "/pci@80000000", "name", "pci");
915 
916     fi.path = "/pci@80000000";
917     pci_bus = mv64361_get_pci_bus(pm->mv, 1);
918     pci_for_each_device_reverse(pci_bus, 0, add_pci_device, &fi);
919 
920     qemu_fdt_add_subnode(fdt, "/failsafe");
921     qemu_fdt_setprop_string(fdt, "/failsafe", "device_type", "serial");
922     qemu_fdt_setprop_string(fdt, "/failsafe", "name", "failsafe");
923 
924     qemu_fdt_add_subnode(fdt, "/rtas");
925     qemu_fdt_setprop_cell(fdt, "/rtas", "system-reboot", RTAS_SYSTEM_REBOOT);
926     qemu_fdt_setprop_cell(fdt, "/rtas", "hibernate", RTAS_HIBERNATE);
927     qemu_fdt_setprop_cell(fdt, "/rtas", "suspend", RTAS_SUSPEND);
928     qemu_fdt_setprop_cell(fdt, "/rtas", "power-off", RTAS_POWER_OFF);
929     qemu_fdt_setprop_cell(fdt, "/rtas", "set-indicator", RTAS_SET_INDICATOR);
930     qemu_fdt_setprop_cell(fdt, "/rtas", "display-character",
931                           RTAS_DISPLAY_CHARACTER);
932     qemu_fdt_setprop_cell(fdt, "/rtas", "write-pci-config",
933                           RTAS_WRITE_PCI_CONFIG);
934     qemu_fdt_setprop_cell(fdt, "/rtas", "read-pci-config",
935                           RTAS_READ_PCI_CONFIG);
936     /* Pegasos2 firmware misspells check-exception and guests use that */
937     qemu_fdt_setprop_cell(fdt, "/rtas", "check-execption",
938                           RTAS_CHECK_EXCEPTION);
939     qemu_fdt_setprop_cell(fdt, "/rtas", "event-scan", RTAS_EVENT_SCAN);
940     qemu_fdt_setprop_cell(fdt, "/rtas", "set-time-of-day",
941                           RTAS_SET_TIME_OF_DAY);
942     qemu_fdt_setprop_cell(fdt, "/rtas", "get-time-of-day",
943                           RTAS_GET_TIME_OF_DAY);
944     qemu_fdt_setprop_cell(fdt, "/rtas", "nvram-store", RTAS_NVRAM_STORE);
945     qemu_fdt_setprop_cell(fdt, "/rtas", "nvram-fetch", RTAS_NVRAM_FETCH);
946     qemu_fdt_setprop_cell(fdt, "/rtas", "restart-rtas", RTAS_RESTART_RTAS);
947     qemu_fdt_setprop_cell(fdt, "/rtas", "rtas-error-log-max", 0);
948     qemu_fdt_setprop_cell(fdt, "/rtas", "rtas-event-scan-rate", 0);
949     qemu_fdt_setprop_cell(fdt, "/rtas", "rtas-display-device", 0);
950     qemu_fdt_setprop_cell(fdt, "/rtas", "rtas-size", 20);
951     qemu_fdt_setprop_cell(fdt, "/rtas", "rtas-version", 1);
952     qemu_fdt_setprop_string(fdt, "/rtas", "name", "rtas");
953 
954     /* cpus */
955     qemu_fdt_add_subnode(fdt, "/cpus");
956     qemu_fdt_setprop_cell(fdt, "/cpus", "#cpus", 1);
957     qemu_fdt_setprop_cell(fdt, "/cpus", "#address-cells", 1);
958     qemu_fdt_setprop_cell(fdt, "/cpus", "#size-cells", 0);
959     qemu_fdt_setprop_string(fdt, "/cpus", "name", "cpus");
960 
961     /* FIXME Get CPU name from CPU object */
962     const char *cp = "/cpus/PowerPC,G4";
963     qemu_fdt_add_subnode(fdt, cp);
964     qemu_fdt_setprop_cell(fdt, cp, "l2cr", 0);
965     qemu_fdt_setprop_cell(fdt, cp, "d-cache-size", 0x8000);
966     qemu_fdt_setprop_cell(fdt, cp, "d-cache-block-size",
967                           cpu->env.dcache_line_size);
968     qemu_fdt_setprop_cell(fdt, cp, "d-cache-line-size",
969                           cpu->env.dcache_line_size);
970     qemu_fdt_setprop_cell(fdt, cp, "i-cache-size", 0x8000);
971     qemu_fdt_setprop_cell(fdt, cp, "i-cache-block-size",
972                           cpu->env.icache_line_size);
973     qemu_fdt_setprop_cell(fdt, cp, "i-cache-line-size",
974                           cpu->env.icache_line_size);
975     if (cpu->env.id_tlbs) {
976         qemu_fdt_setprop_cell(fdt, cp, "i-tlb-sets", cpu->env.nb_ways);
977         qemu_fdt_setprop_cell(fdt, cp, "i-tlb-size", cpu->env.tlb_per_way);
978         qemu_fdt_setprop_cell(fdt, cp, "d-tlb-sets", cpu->env.nb_ways);
979         qemu_fdt_setprop_cell(fdt, cp, "d-tlb-size", cpu->env.tlb_per_way);
980         qemu_fdt_setprop_string(fdt, cp, "tlb-split", "");
981     }
982     qemu_fdt_setprop_cell(fdt, cp, "tlb-sets", cpu->env.nb_ways);
983     qemu_fdt_setprop_cell(fdt, cp, "tlb-size", cpu->env.nb_tlb);
984     qemu_fdt_setprop_string(fdt, cp, "state", "running");
985     if (cpu->env.insns_flags & PPC_ALTIVEC) {
986         qemu_fdt_setprop_string(fdt, cp, "altivec", "");
987         qemu_fdt_setprop_string(fdt, cp, "data-streams", "");
988     }
989     /*
990      * FIXME What flags do data-streams, external-control and
991      * performance-monitor depend on?
992      */
993     qemu_fdt_setprop_string(fdt, cp, "external-control", "");
994     if (cpu->env.insns_flags & PPC_FLOAT_FSQRT) {
995         qemu_fdt_setprop_string(fdt, cp, "general-purpose", "");
996     }
997     qemu_fdt_setprop_string(fdt, cp, "performance-monitor", "");
998     if (cpu->env.insns_flags & PPC_FLOAT_FRES) {
999         qemu_fdt_setprop_string(fdt, cp, "graphics", "");
1000     }
1001     qemu_fdt_setprop_cell(fdt, cp, "reservation-granule-size", 4);
1002     qemu_fdt_setprop_cell(fdt, cp, "timebase-frequency",
1003                           cpu->env.tb_env->tb_freq);
1004     qemu_fdt_setprop_cell(fdt, cp, "bus-frequency", BUS_FREQ_HZ);
1005     qemu_fdt_setprop_cell(fdt, cp, "clock-frequency", BUS_FREQ_HZ * 7.5);
1006     qemu_fdt_setprop_cell(fdt, cp, "cpu-version", cpu->env.spr[SPR_PVR]);
1007     cells[0] = 0;
1008     cells[1] = 0;
1009     qemu_fdt_setprop(fdt, cp, "reg", cells, 2 * sizeof(cells[0]));
1010     qemu_fdt_setprop_string(fdt, cp, "device_type", "cpu");
1011     qemu_fdt_setprop_string(fdt, cp, "name", strrchr(cp, '/') + 1);
1012 
1013     /* memory */
1014     qemu_fdt_add_subnode(fdt, "/memory@0");
1015     cells[0] = 0;
1016     cells[1] = cpu_to_be32(machine->ram_size);
1017     qemu_fdt_setprop(fdt, "/memory@0", "reg", cells, 2 * sizeof(cells[0]));
1018     qemu_fdt_setprop_string(fdt, "/memory@0", "device_type", "memory");
1019     qemu_fdt_setprop_string(fdt, "/memory@0", "name", "memory");
1020 
1021     qemu_fdt_add_subnode(fdt, "/chosen");
1022     if (pm->initrd_addr && pm->initrd_size) {
1023         qemu_fdt_setprop_cell(fdt, "/chosen", "linux,initrd-end",
1024                               pm->initrd_addr + pm->initrd_size);
1025         qemu_fdt_setprop_cell(fdt, "/chosen", "linux,initrd-start",
1026                               pm->initrd_addr);
1027     }
1028     qemu_fdt_setprop_string(fdt, "/chosen", "bootargs",
1029                             machine->kernel_cmdline ?: "");
1030     qemu_fdt_setprop_string(fdt, "/chosen", "name", "chosen");
1031 
1032     qemu_fdt_add_subnode(fdt, "/openprom");
1033     qemu_fdt_setprop_string(fdt, "/openprom", "model", "Pegasos2,1.1");
1034 
1035     return fdt;
1036 }
1037