1 /* 2 * QEMU PowerPC 440 Bamboo board emulation 3 * 4 * Copyright 2007 IBM Corporation. 5 * Authors: 6 * Jerone Young <jyoung5@us.ibm.com> 7 * Christian Ehrhardt <ehrhardt@linux.vnet.ibm.com> 8 * Hollis Blanchard <hollisb@us.ibm.com> 9 * 10 * This work is licensed under the GNU GPL license version 2 or later. 11 * 12 */ 13 14 #include "config.h" 15 #include "qemu-common.h" 16 #include "net/net.h" 17 #include "hw/hw.h" 18 #include "hw/pci/pci.h" 19 #include "hw/boards.h" 20 #include "sysemu/kvm.h" 21 #include "kvm_ppc.h" 22 #include "sysemu/device_tree.h" 23 #include "hw/loader.h" 24 #include "elf.h" 25 #include "exec/address-spaces.h" 26 #include "hw/char/serial.h" 27 #include "hw/ppc/ppc.h" 28 #include "ppc405.h" 29 #include "sysemu/sysemu.h" 30 #include "hw/sysbus.h" 31 32 #define BINARY_DEVICE_TREE_FILE "bamboo.dtb" 33 34 /* from u-boot */ 35 #define KERNEL_ADDR 0x1000000 36 #define FDT_ADDR 0x1800000 37 #define RAMDISK_ADDR 0x1900000 38 39 #define PPC440EP_PCI_CONFIG 0xeec00000 40 #define PPC440EP_PCI_INTACK 0xeed00000 41 #define PPC440EP_PCI_SPECIAL 0xeed00000 42 #define PPC440EP_PCI_REGS 0xef400000 43 #define PPC440EP_PCI_IO 0xe8000000 44 #define PPC440EP_PCI_IOLEN 0x00010000 45 46 #define PPC440EP_SDRAM_NR_BANKS 4 47 48 static const unsigned int ppc440ep_sdram_bank_sizes[] = { 49 256<<20, 128<<20, 64<<20, 32<<20, 16<<20, 8<<20, 0 50 }; 51 52 static hwaddr entry; 53 54 static int bamboo_load_device_tree(hwaddr addr, 55 uint32_t ramsize, 56 hwaddr initrd_base, 57 hwaddr initrd_size, 58 const char *kernel_cmdline) 59 { 60 int ret = -1; 61 uint32_t mem_reg_property[] = { 0, 0, cpu_to_be32(ramsize) }; 62 char *filename; 63 int fdt_size; 64 void *fdt; 65 uint32_t tb_freq = 400000000; 66 uint32_t clock_freq = 400000000; 67 68 filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, BINARY_DEVICE_TREE_FILE); 69 if (!filename) { 70 goto out; 71 } 72 fdt = load_device_tree(filename, &fdt_size); 73 g_free(filename); 74 if (fdt == NULL) { 75 goto out; 76 } 77 78 /* Manipulate device tree in memory. */ 79 80 ret = qemu_devtree_setprop(fdt, "/memory", "reg", mem_reg_property, 81 sizeof(mem_reg_property)); 82 if (ret < 0) 83 fprintf(stderr, "couldn't set /memory/reg\n"); 84 85 ret = qemu_devtree_setprop_cell(fdt, "/chosen", "linux,initrd-start", 86 initrd_base); 87 if (ret < 0) 88 fprintf(stderr, "couldn't set /chosen/linux,initrd-start\n"); 89 90 ret = qemu_devtree_setprop_cell(fdt, "/chosen", "linux,initrd-end", 91 (initrd_base + initrd_size)); 92 if (ret < 0) 93 fprintf(stderr, "couldn't set /chosen/linux,initrd-end\n"); 94 95 ret = qemu_devtree_setprop_string(fdt, "/chosen", "bootargs", 96 kernel_cmdline); 97 if (ret < 0) 98 fprintf(stderr, "couldn't set /chosen/bootargs\n"); 99 100 /* Copy data from the host device tree into the guest. Since the guest can 101 * directly access the timebase without host involvement, we must expose 102 * the correct frequencies. */ 103 if (kvm_enabled()) { 104 tb_freq = kvmppc_get_tbfreq(); 105 clock_freq = kvmppc_get_clockfreq(); 106 } 107 108 qemu_devtree_setprop_cell(fdt, "/cpus/cpu@0", "clock-frequency", 109 clock_freq); 110 qemu_devtree_setprop_cell(fdt, "/cpus/cpu@0", "timebase-frequency", 111 tb_freq); 112 113 ret = rom_add_blob_fixed(BINARY_DEVICE_TREE_FILE, fdt, fdt_size, addr); 114 g_free(fdt); 115 116 out: 117 118 return ret; 119 } 120 121 /* Create reset TLB entries for BookE, spanning the 32bit addr space. */ 122 static void mmubooke_create_initial_mapping(CPUPPCState *env, 123 target_ulong va, 124 hwaddr pa) 125 { 126 ppcemb_tlb_t *tlb = &env->tlb.tlbe[0]; 127 128 tlb->attr = 0; 129 tlb->prot = PAGE_VALID | ((PAGE_READ | PAGE_WRITE | PAGE_EXEC) << 4); 130 tlb->size = 1 << 31; /* up to 0x80000000 */ 131 tlb->EPN = va & TARGET_PAGE_MASK; 132 tlb->RPN = pa & TARGET_PAGE_MASK; 133 tlb->PID = 0; 134 135 tlb = &env->tlb.tlbe[1]; 136 tlb->attr = 0; 137 tlb->prot = PAGE_VALID | ((PAGE_READ | PAGE_WRITE | PAGE_EXEC) << 4); 138 tlb->size = 1 << 31; /* up to 0xffffffff */ 139 tlb->EPN = 0x80000000 & TARGET_PAGE_MASK; 140 tlb->RPN = 0x80000000 & TARGET_PAGE_MASK; 141 tlb->PID = 0; 142 } 143 144 static void main_cpu_reset(void *opaque) 145 { 146 PowerPCCPU *cpu = opaque; 147 CPUPPCState *env = &cpu->env; 148 149 cpu_reset(CPU(cpu)); 150 env->gpr[1] = (16<<20) - 8; 151 env->gpr[3] = FDT_ADDR; 152 env->nip = entry; 153 154 /* Create a mapping for the kernel. */ 155 mmubooke_create_initial_mapping(env, 0, 0); 156 } 157 158 static void bamboo_init(QEMUMachineInitArgs *args) 159 { 160 ram_addr_t ram_size = args->ram_size; 161 const char *cpu_model = args->cpu_model; 162 const char *kernel_filename = args->kernel_filename; 163 const char *kernel_cmdline = args->kernel_cmdline; 164 const char *initrd_filename = args->initrd_filename; 165 unsigned int pci_irq_nrs[4] = { 28, 27, 26, 25 }; 166 MemoryRegion *address_space_mem = get_system_memory(); 167 MemoryRegion *isa = g_new(MemoryRegion, 1); 168 MemoryRegion *ram_memories 169 = g_malloc(PPC440EP_SDRAM_NR_BANKS * sizeof(*ram_memories)); 170 hwaddr ram_bases[PPC440EP_SDRAM_NR_BANKS]; 171 hwaddr ram_sizes[PPC440EP_SDRAM_NR_BANKS]; 172 qemu_irq *pic; 173 qemu_irq *irqs; 174 PCIBus *pcibus; 175 PowerPCCPU *cpu; 176 CPUPPCState *env; 177 uint64_t elf_entry; 178 uint64_t elf_lowaddr; 179 hwaddr loadaddr = 0; 180 target_long initrd_size = 0; 181 DeviceState *dev; 182 int success; 183 int i; 184 185 /* Setup CPU. */ 186 if (cpu_model == NULL) { 187 cpu_model = "440EP"; 188 } 189 cpu = cpu_ppc_init(cpu_model); 190 if (cpu == NULL) { 191 fprintf(stderr, "Unable to initialize CPU!\n"); 192 exit(1); 193 } 194 env = &cpu->env; 195 196 qemu_register_reset(main_cpu_reset, cpu); 197 ppc_booke_timers_init(cpu, 400000000, 0); 198 ppc_dcr_init(env, NULL, NULL); 199 200 /* interrupt controller */ 201 irqs = g_malloc0(sizeof(qemu_irq) * PPCUIC_OUTPUT_NB); 202 irqs[PPCUIC_OUTPUT_INT] = ((qemu_irq *)env->irq_inputs)[PPC40x_INPUT_INT]; 203 irqs[PPCUIC_OUTPUT_CINT] = ((qemu_irq *)env->irq_inputs)[PPC40x_INPUT_CINT]; 204 pic = ppcuic_init(env, irqs, 0x0C0, 0, 1); 205 206 /* SDRAM controller */ 207 memset(ram_bases, 0, sizeof(ram_bases)); 208 memset(ram_sizes, 0, sizeof(ram_sizes)); 209 ram_size = ppc4xx_sdram_adjust(ram_size, PPC440EP_SDRAM_NR_BANKS, 210 ram_memories, 211 ram_bases, ram_sizes, 212 ppc440ep_sdram_bank_sizes); 213 /* XXX 440EP's ECC interrupts are on UIC1, but we've only created UIC0. */ 214 ppc4xx_sdram_init(env, pic[14], PPC440EP_SDRAM_NR_BANKS, ram_memories, 215 ram_bases, ram_sizes, 1); 216 217 /* PCI */ 218 dev = sysbus_create_varargs(TYPE_PPC4xx_PCI_HOST_BRIDGE, 219 PPC440EP_PCI_CONFIG, 220 pic[pci_irq_nrs[0]], pic[pci_irq_nrs[1]], 221 pic[pci_irq_nrs[2]], pic[pci_irq_nrs[3]], 222 NULL); 223 pcibus = (PCIBus *)qdev_get_child_bus(dev, "pci.0"); 224 if (!pcibus) { 225 fprintf(stderr, "couldn't create PCI controller!\n"); 226 exit(1); 227 } 228 229 memory_region_init_alias(isa, NULL, "isa_mmio", 230 get_system_io(), 0, PPC440EP_PCI_IOLEN); 231 memory_region_add_subregion(get_system_memory(), PPC440EP_PCI_IO, isa); 232 233 if (serial_hds[0] != NULL) { 234 serial_mm_init(address_space_mem, 0xef600300, 0, pic[0], 235 PPC_SERIAL_MM_BAUDBASE, serial_hds[0], 236 DEVICE_BIG_ENDIAN); 237 } 238 if (serial_hds[1] != NULL) { 239 serial_mm_init(address_space_mem, 0xef600400, 0, pic[1], 240 PPC_SERIAL_MM_BAUDBASE, serial_hds[1], 241 DEVICE_BIG_ENDIAN); 242 } 243 244 if (pcibus) { 245 /* Register network interfaces. */ 246 for (i = 0; i < nb_nics; i++) { 247 /* There are no PCI NICs on the Bamboo board, but there are 248 * PCI slots, so we can pick whatever default model we want. */ 249 pci_nic_init_nofail(&nd_table[i], pcibus, "e1000", NULL); 250 } 251 } 252 253 /* Load kernel. */ 254 if (kernel_filename) { 255 success = load_uimage(kernel_filename, &entry, &loadaddr, NULL); 256 if (success < 0) { 257 success = load_elf(kernel_filename, NULL, NULL, &elf_entry, 258 &elf_lowaddr, NULL, 1, ELF_MACHINE, 0); 259 entry = elf_entry; 260 loadaddr = elf_lowaddr; 261 } 262 /* XXX try again as binary */ 263 if (success < 0) { 264 fprintf(stderr, "qemu: could not load kernel '%s'\n", 265 kernel_filename); 266 exit(1); 267 } 268 } 269 270 /* Load initrd. */ 271 if (initrd_filename) { 272 initrd_size = load_image_targphys(initrd_filename, RAMDISK_ADDR, 273 ram_size - RAMDISK_ADDR); 274 275 if (initrd_size < 0) { 276 fprintf(stderr, "qemu: could not load ram disk '%s' at %x\n", 277 initrd_filename, RAMDISK_ADDR); 278 exit(1); 279 } 280 } 281 282 /* If we're loading a kernel directly, we must load the device tree too. */ 283 if (kernel_filename) { 284 if (bamboo_load_device_tree(FDT_ADDR, ram_size, RAMDISK_ADDR, 285 initrd_size, kernel_cmdline) < 0) { 286 fprintf(stderr, "couldn't load device tree\n"); 287 exit(1); 288 } 289 } 290 291 if (kvm_enabled()) 292 kvmppc_init(); 293 } 294 295 static QEMUMachine bamboo_machine = { 296 .name = "bamboo", 297 .desc = "bamboo", 298 .init = bamboo_init, 299 DEFAULT_MACHINE_OPTIONS, 300 }; 301 302 static void bamboo_machine_init(void) 303 { 304 qemu_register_machine(&bamboo_machine); 305 } 306 307 machine_init(bamboo_machine_init); 308