1 /* 2 * QEMU aCube Sam460ex board emulation 3 * 4 * Copyright (c) 2012 François Revol 5 * Copyright (c) 2016-2019 BALATON Zoltan 6 * 7 * This file is derived from hw/ppc440_bamboo.c, 8 * the copyright for that material belongs to the original owners. 9 * 10 * This work is licensed under the GNU GPL license version 2 or later. 11 * 12 */ 13 14 #include "qemu/osdep.h" 15 #include "qemu/units.h" 16 #include "qemu/datadir.h" 17 #include "qemu/error-report.h" 18 #include "qapi/error.h" 19 #include "hw/boards.h" 20 #include "sysemu/kvm.h" 21 #include "kvm_ppc.h" 22 #include "sysemu/device_tree.h" 23 #include "sysemu/block-backend.h" 24 #include "hw/loader.h" 25 #include "elf.h" 26 #include "exec/memory.h" 27 #include "ppc440.h" 28 #include "hw/block/flash.h" 29 #include "sysemu/sysemu.h" 30 #include "sysemu/reset.h" 31 #include "hw/sysbus.h" 32 #include "hw/char/serial.h" 33 #include "hw/i2c/ppc4xx_i2c.h" 34 #include "hw/i2c/smbus_eeprom.h" 35 #include "hw/usb/hcd-ehci.h" 36 #include "hw/ppc/fdt.h" 37 #include "hw/qdev-properties.h" 38 #include "hw/intc/ppc-uic.h" 39 40 #include <libfdt.h> 41 42 #define BINARY_DEVICE_TREE_FILE "canyonlands.dtb" 43 #define UBOOT_FILENAME "u-boot-sam460-20100605.bin" 44 /* to extract the official U-Boot bin from the updater: */ 45 /* dd bs=1 skip=$(($(stat -c '%s' updater/updater-460) - 0x80000)) \ 46 if=updater/updater-460 of=u-boot-sam460-20100605.bin */ 47 48 /* from Sam460 U-Boot include/configs/Sam460ex.h */ 49 #define FLASH_BASE 0xfff00000 50 #define FLASH_BASE_H 0x4 51 #define FLASH_SIZE (1 * MiB) 52 #define UBOOT_LOAD_BASE 0xfff80000 53 #define UBOOT_SIZE 0x00080000 54 #define UBOOT_ENTRY 0xfffffffc 55 56 /* from U-Boot */ 57 #define EPAPR_MAGIC (0x45504150) 58 #define KERNEL_ADDR 0x1000000 59 #define FDT_ADDR 0x1800000 60 #define RAMDISK_ADDR 0x1900000 61 62 /* Sam460ex IRQ MAP: 63 IRQ0 = ETH_INT 64 IRQ1 = FPGA_INT 65 IRQ2 = PCI_INT (PCIA, PCIB, PCIC, PCIB) 66 IRQ3 = FPGA_INT2 67 IRQ11 = RTC_INT 68 IRQ12 = SM502_INT 69 */ 70 71 #define CPU_FREQ 1150000000 72 #define PLB_FREQ 230000000 73 #define OPB_FREQ 115000000 74 #define EBC_FREQ 115000000 75 #define UART_FREQ 11059200 76 #define SDRAM_NR_BANKS 4 77 78 /* The SoC could also handle 4 GiB but firmware does not work with that. */ 79 /* Maybe it overflows a signed 32 bit number somewhere? */ 80 static const ram_addr_t ppc460ex_sdram_bank_sizes[] = { 81 2 * GiB, 1 * GiB, 512 * MiB, 256 * MiB, 128 * MiB, 64 * MiB, 82 32 * MiB, 0 83 }; 84 85 struct boot_info { 86 uint32_t dt_base; 87 uint32_t dt_size; 88 uint32_t entry; 89 }; 90 91 static int sam460ex_load_uboot(void) 92 { 93 /* 94 * This first creates 1MiB of flash memory mapped at the end of 95 * the 32-bit address space (0xFFF00000..0xFFFFFFFF). 96 * 97 * If_PFLASH unit 0 is defined, the flash memory is initialized 98 * from that block backend. 99 * 100 * Else, it's initialized to zero. And then 512KiB of ROM get 101 * mapped on top of its second half (0xFFF80000..0xFFFFFFFF), 102 * initialized from u-boot-sam460-20100605.bin. 103 * 104 * This doesn't smell right. 105 * 106 * The physical hardware appears to have 512KiB flash memory. 107 * 108 * TODO Figure out what we really need here, and clean this up. 109 */ 110 111 DriveInfo *dinfo; 112 113 dinfo = drive_get(IF_PFLASH, 0, 0); 114 if (!pflash_cfi01_register(FLASH_BASE | ((hwaddr)FLASH_BASE_H << 32), 115 "sam460ex.flash", FLASH_SIZE, 116 dinfo ? blk_by_legacy_dinfo(dinfo) : NULL, 117 64 * KiB, 1, 0x89, 0x18, 0x0000, 0x0, 1)) { 118 error_report("Error registering flash memory"); 119 /* XXX: return an error instead? */ 120 exit(1); 121 } 122 123 if (!dinfo) { 124 /*error_report("No flash image given with the 'pflash' parameter," 125 " using default u-boot image");*/ 126 rom_add_file_fixed(UBOOT_FILENAME, 127 UBOOT_LOAD_BASE | ((hwaddr)FLASH_BASE_H << 32), 128 -1); 129 } 130 131 return 0; 132 } 133 134 static int sam460ex_load_device_tree(hwaddr addr, 135 uint32_t ramsize, 136 hwaddr initrd_base, 137 hwaddr initrd_size, 138 const char *kernel_cmdline) 139 { 140 uint32_t mem_reg_property[] = { 0, 0, cpu_to_be32(ramsize) }; 141 char *filename; 142 int fdt_size; 143 void *fdt; 144 uint32_t tb_freq = CPU_FREQ; 145 uint32_t clock_freq = CPU_FREQ; 146 int offset; 147 148 filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, BINARY_DEVICE_TREE_FILE); 149 if (!filename) { 150 error_report("Couldn't find dtb file `%s'", BINARY_DEVICE_TREE_FILE); 151 exit(1); 152 } 153 fdt = load_device_tree(filename, &fdt_size); 154 if (!fdt) { 155 error_report("Couldn't load dtb file `%s'", filename); 156 g_free(filename); 157 exit(1); 158 } 159 g_free(filename); 160 161 /* Manipulate device tree in memory. */ 162 163 qemu_fdt_setprop(fdt, "/memory", "reg", mem_reg_property, 164 sizeof(mem_reg_property)); 165 166 /* default FDT doesn't have a /chosen node... */ 167 qemu_fdt_add_subnode(fdt, "/chosen"); 168 169 qemu_fdt_setprop_cell(fdt, "/chosen", "linux,initrd-start", initrd_base); 170 171 qemu_fdt_setprop_cell(fdt, "/chosen", "linux,initrd-end", 172 (initrd_base + initrd_size)); 173 174 qemu_fdt_setprop_string(fdt, "/chosen", "bootargs", kernel_cmdline); 175 176 /* Copy data from the host device tree into the guest. Since the guest can 177 * directly access the timebase without host involvement, we must expose 178 * the correct frequencies. */ 179 if (kvm_enabled()) { 180 tb_freq = kvmppc_get_tbfreq(); 181 clock_freq = kvmppc_get_clockfreq(); 182 } 183 184 qemu_fdt_setprop_cell(fdt, "/cpus/cpu@0", "clock-frequency", 185 clock_freq); 186 qemu_fdt_setprop_cell(fdt, "/cpus/cpu@0", "timebase-frequency", 187 tb_freq); 188 189 /* Remove cpm node if it exists (it is not emulated) */ 190 offset = fdt_path_offset(fdt, "/cpm"); 191 if (offset >= 0) { 192 _FDT(fdt_nop_node(fdt, offset)); 193 } 194 195 /* set serial port clocks */ 196 offset = fdt_node_offset_by_compatible(fdt, -1, "ns16550"); 197 while (offset >= 0) { 198 _FDT(fdt_setprop_cell(fdt, offset, "clock-frequency", UART_FREQ)); 199 offset = fdt_node_offset_by_compatible(fdt, offset, "ns16550"); 200 } 201 202 /* some more clocks */ 203 qemu_fdt_setprop_cell(fdt, "/plb", "clock-frequency", 204 PLB_FREQ); 205 qemu_fdt_setprop_cell(fdt, "/plb/opb", "clock-frequency", 206 OPB_FREQ); 207 qemu_fdt_setprop_cell(fdt, "/plb/opb/ebc", "clock-frequency", 208 EBC_FREQ); 209 210 rom_add_blob_fixed(BINARY_DEVICE_TREE_FILE, fdt, fdt_size, addr); 211 g_free(fdt); 212 213 return fdt_size; 214 } 215 216 /* Create reset TLB entries for BookE, mapping only the flash memory. */ 217 static void mmubooke_create_initial_mapping_uboot(CPUPPCState *env) 218 { 219 ppcemb_tlb_t *tlb = &env->tlb.tlbe[0]; 220 221 /* on reset the flash is mapped by a shadow TLB, 222 * but since we don't implement them we need to use 223 * the same values U-Boot will use to avoid a fault. 224 */ 225 tlb->attr = 0; 226 tlb->prot = PAGE_VALID | ((PAGE_READ | PAGE_WRITE | PAGE_EXEC) << 4); 227 tlb->size = 0x10000000; /* up to 0xffffffff */ 228 tlb->EPN = 0xf0000000 & TARGET_PAGE_MASK; 229 tlb->RPN = (0xf0000000 & TARGET_PAGE_MASK) | 0x4; 230 tlb->PID = 0; 231 } 232 233 /* Create reset TLB entries for BookE, spanning the 32bit addr space. */ 234 static void mmubooke_create_initial_mapping(CPUPPCState *env, 235 target_ulong va, 236 hwaddr pa) 237 { 238 ppcemb_tlb_t *tlb = &env->tlb.tlbe[0]; 239 240 tlb->attr = 0; 241 tlb->prot = PAGE_VALID | ((PAGE_READ | PAGE_WRITE | PAGE_EXEC) << 4); 242 tlb->size = 1 << 31; /* up to 0x80000000 */ 243 tlb->EPN = va & TARGET_PAGE_MASK; 244 tlb->RPN = pa & TARGET_PAGE_MASK; 245 tlb->PID = 0; 246 } 247 248 static void main_cpu_reset(void *opaque) 249 { 250 PowerPCCPU *cpu = opaque; 251 CPUPPCState *env = &cpu->env; 252 struct boot_info *bi = env->load_info; 253 254 cpu_reset(CPU(cpu)); 255 256 /* either we have a kernel to boot or we jump to U-Boot */ 257 if (bi->entry != UBOOT_ENTRY) { 258 env->gpr[1] = (16 * MiB) - 8; 259 env->gpr[3] = FDT_ADDR; 260 env->nip = bi->entry; 261 262 /* Create a mapping for the kernel. */ 263 mmubooke_create_initial_mapping(env, 0, 0); 264 env->gpr[6] = tswap32(EPAPR_MAGIC); 265 env->gpr[7] = (16 * MiB) - 8; /* bi->ima_size; */ 266 267 } else { 268 env->nip = UBOOT_ENTRY; 269 mmubooke_create_initial_mapping_uboot(env); 270 } 271 } 272 273 static void sam460ex_init(MachineState *machine) 274 { 275 MemoryRegion *address_space_mem = get_system_memory(); 276 MemoryRegion *isa = g_new(MemoryRegion, 1); 277 MemoryRegion *ram_memories = g_new(MemoryRegion, SDRAM_NR_BANKS); 278 hwaddr ram_bases[SDRAM_NR_BANKS] = {0}; 279 hwaddr ram_sizes[SDRAM_NR_BANKS] = {0}; 280 MemoryRegion *l2cache_ram = g_new(MemoryRegion, 1); 281 DeviceState *uic[4]; 282 int i; 283 PCIBus *pci_bus; 284 PowerPCCPU *cpu; 285 CPUPPCState *env; 286 I2CBus *i2c; 287 hwaddr entry = UBOOT_ENTRY; 288 target_long initrd_size = 0; 289 DeviceState *dev; 290 SysBusDevice *sbdev; 291 struct boot_info *boot_info; 292 uint8_t *spd_data; 293 int success; 294 295 cpu = POWERPC_CPU(cpu_create(machine->cpu_type)); 296 env = &cpu->env; 297 if (env->mmu_model != POWERPC_MMU_BOOKE) { 298 error_report("Only MMU model BookE is supported by this machine."); 299 exit(1); 300 } 301 302 qemu_register_reset(main_cpu_reset, cpu); 303 boot_info = g_malloc0(sizeof(*boot_info)); 304 env->load_info = boot_info; 305 306 ppc_booke_timers_init(cpu, CPU_FREQ, 0); 307 ppc_dcr_init(env, NULL, NULL); 308 309 /* PLB arbitrer */ 310 dev = qdev_new(TYPE_PPC4xx_PLB); 311 ppc4xx_dcr_realize(PPC4xx_DCR_DEVICE(dev), cpu, &error_fatal); 312 object_unref(OBJECT(dev)); 313 314 /* interrupt controllers */ 315 for (i = 0; i < ARRAY_SIZE(uic); i++) { 316 /* 317 * UICs 1, 2 and 3 are cascaded through UIC 0. 318 * input_ints[n] is the interrupt number on UIC 0 which 319 * the INT output of UIC n is connected to. The CINT output 320 * of UIC n connects to input_ints[n] + 1. 321 * The entry in input_ints[] for UIC 0 is ignored, because UIC 0's 322 * INT and CINT outputs are connected to the CPU. 323 */ 324 const int input_ints[] = { -1, 30, 10, 16 }; 325 326 uic[i] = qdev_new(TYPE_PPC_UIC); 327 qdev_prop_set_uint32(uic[i], "dcr-base", 0xc0 + i * 0x10); 328 ppc4xx_dcr_realize(PPC4xx_DCR_DEVICE(uic[i]), cpu, &error_fatal); 329 object_unref(OBJECT(uic[i])); 330 331 sbdev = SYS_BUS_DEVICE(uic[i]); 332 if (i == 0) { 333 sysbus_connect_irq(sbdev, PPCUIC_OUTPUT_INT, 334 qdev_get_gpio_in(DEVICE(cpu), PPC40x_INPUT_INT)); 335 sysbus_connect_irq(sbdev, PPCUIC_OUTPUT_CINT, 336 qdev_get_gpio_in(DEVICE(cpu), PPC40x_INPUT_CINT)); 337 } else { 338 sysbus_connect_irq(sbdev, PPCUIC_OUTPUT_INT, 339 qdev_get_gpio_in(uic[0], input_ints[i])); 340 sysbus_connect_irq(sbdev, PPCUIC_OUTPUT_CINT, 341 qdev_get_gpio_in(uic[0], input_ints[i] + 1)); 342 } 343 } 344 345 /* SDRAM controller */ 346 /* put all RAM on first bank because board has one slot 347 * and firmware only checks that */ 348 ppc4xx_sdram_banks(machine->ram, 1, ram_memories, ram_bases, ram_sizes, 349 ppc460ex_sdram_bank_sizes); 350 351 /* FIXME: does 460EX have ECC interrupts? */ 352 ppc440_sdram_init(env, SDRAM_NR_BANKS, ram_memories, 353 ram_bases, ram_sizes, 1); 354 355 /* IIC controllers and devices */ 356 dev = sysbus_create_simple(TYPE_PPC4xx_I2C, 0x4ef600700, 357 qdev_get_gpio_in(uic[0], 2)); 358 i2c = PPC4xx_I2C(dev)->bus; 359 /* SPD EEPROM on RAM module */ 360 spd_data = spd_data_generate(ram_sizes[0] < 128 * MiB ? DDR : DDR2, 361 ram_sizes[0]); 362 spd_data[20] = 4; /* SO-DIMM module */ 363 smbus_eeprom_init_one(i2c, 0x50, spd_data); 364 /* RTC */ 365 i2c_slave_create_simple(i2c, "m41t80", 0x68); 366 367 dev = sysbus_create_simple(TYPE_PPC4xx_I2C, 0x4ef600800, 368 qdev_get_gpio_in(uic[0], 3)); 369 370 /* External bus controller */ 371 dev = qdev_new(TYPE_PPC4xx_EBC); 372 ppc4xx_dcr_realize(PPC4xx_DCR_DEVICE(dev), cpu, &error_fatal); 373 object_unref(OBJECT(dev)); 374 375 /* CPR */ 376 ppc4xx_cpr_init(env); 377 378 /* PLB to AHB bridge */ 379 ppc4xx_ahb_init(env); 380 381 /* System DCRs */ 382 ppc4xx_sdr_init(env); 383 384 /* MAL */ 385 dev = qdev_new(TYPE_PPC4xx_MAL); 386 qdev_prop_set_uint32(dev, "txc-num", 4); 387 qdev_prop_set_uint32(dev, "rxc-num", 16); 388 ppc4xx_dcr_realize(PPC4xx_DCR_DEVICE(dev), cpu, &error_fatal); 389 object_unref(OBJECT(dev)); 390 sbdev = SYS_BUS_DEVICE(dev); 391 for (i = 0; i < ARRAY_SIZE(PPC4xx_MAL(dev)->irqs); i++) { 392 sysbus_connect_irq(sbdev, i, qdev_get_gpio_in(uic[2], 3 + i)); 393 } 394 395 /* DMA */ 396 ppc4xx_dma_init(env, 0x200); 397 398 /* 256K of L2 cache as memory */ 399 ppc4xx_l2sram_init(env); 400 /* FIXME: remove this after fixing l2sram mapping in ppc440_uc.c? */ 401 memory_region_init_ram(l2cache_ram, NULL, "ppc440.l2cache_ram", 256 * KiB, 402 &error_abort); 403 memory_region_add_subregion(address_space_mem, 0x400000000LL, l2cache_ram); 404 405 /* USB */ 406 sysbus_create_simple(TYPE_PPC4xx_EHCI, 0x4bffd0400, 407 qdev_get_gpio_in(uic[2], 29)); 408 dev = qdev_new("sysbus-ohci"); 409 qdev_prop_set_string(dev, "masterbus", "usb-bus.0"); 410 qdev_prop_set_uint32(dev, "num-ports", 6); 411 sbdev = SYS_BUS_DEVICE(dev); 412 sysbus_realize_and_unref(sbdev, &error_fatal); 413 sysbus_mmio_map(sbdev, 0, 0x4bffd0000); 414 sysbus_connect_irq(sbdev, 0, qdev_get_gpio_in(uic[2], 30)); 415 usb_create_simple(usb_bus_find(-1), "usb-kbd"); 416 usb_create_simple(usb_bus_find(-1), "usb-mouse"); 417 418 /* PCI bus */ 419 ppc460ex_pcie_init(env); 420 /* All PCI irqs are connected to the same UIC pin (cf. UBoot source) */ 421 dev = sysbus_create_simple("ppc440-pcix-host", 0xc0ec00000, 422 qdev_get_gpio_in(uic[1], 0)); 423 pci_bus = PCI_BUS(qdev_get_child_bus(dev, "pci.0")); 424 425 memory_region_init_alias(isa, NULL, "isa_mmio", get_system_io(), 426 0, 0x10000); 427 memory_region_add_subregion(get_system_memory(), 0xc08000000, isa); 428 429 /* PCI devices */ 430 pci_create_simple(pci_bus, PCI_DEVFN(6, 0), "sm501"); 431 /* SoC has a single SATA port but we don't emulate that yet 432 * However, firmware and usual clients have driver for SiI311x 433 * so add one for convenience by default */ 434 if (defaults_enabled()) { 435 pci_create_simple(pci_bus, -1, "sii3112"); 436 } 437 438 /* SoC has 4 UARTs 439 * but board has only one wired and two are present in fdt */ 440 if (serial_hd(0) != NULL) { 441 serial_mm_init(address_space_mem, 0x4ef600300, 0, 442 qdev_get_gpio_in(uic[1], 1), 443 PPC_SERIAL_MM_BAUDBASE, serial_hd(0), 444 DEVICE_BIG_ENDIAN); 445 } 446 if (serial_hd(1) != NULL) { 447 serial_mm_init(address_space_mem, 0x4ef600400, 0, 448 qdev_get_gpio_in(uic[0], 1), 449 PPC_SERIAL_MM_BAUDBASE, serial_hd(1), 450 DEVICE_BIG_ENDIAN); 451 } 452 453 /* Load U-Boot image. */ 454 if (!machine->kernel_filename) { 455 success = sam460ex_load_uboot(); 456 if (success < 0) { 457 error_report("could not load firmware"); 458 exit(1); 459 } 460 } 461 462 /* Load kernel. */ 463 if (machine->kernel_filename) { 464 hwaddr loadaddr = LOAD_UIMAGE_LOADADDR_INVALID; 465 success = load_uimage(machine->kernel_filename, &entry, &loadaddr, 466 NULL, NULL, NULL); 467 if (success < 0) { 468 uint64_t elf_entry; 469 470 success = load_elf(machine->kernel_filename, NULL, NULL, NULL, 471 &elf_entry, NULL, NULL, NULL, 472 1, PPC_ELF_MACHINE, 0, 0); 473 entry = elf_entry; 474 } 475 /* XXX try again as binary */ 476 if (success < 0) { 477 error_report("could not load kernel '%s'", 478 machine->kernel_filename); 479 exit(1); 480 } 481 } 482 483 /* Load initrd. */ 484 if (machine->initrd_filename) { 485 initrd_size = load_image_targphys(machine->initrd_filename, 486 RAMDISK_ADDR, 487 machine->ram_size - RAMDISK_ADDR); 488 if (initrd_size < 0) { 489 error_report("could not load ram disk '%s' at %x", 490 machine->initrd_filename, RAMDISK_ADDR); 491 exit(1); 492 } 493 } 494 495 /* If we're loading a kernel directly, we must load the device tree too. */ 496 if (machine->kernel_filename) { 497 int dt_size; 498 499 dt_size = sam460ex_load_device_tree(FDT_ADDR, machine->ram_size, 500 RAMDISK_ADDR, initrd_size, 501 machine->kernel_cmdline); 502 503 boot_info->dt_base = FDT_ADDR; 504 boot_info->dt_size = dt_size; 505 } 506 507 boot_info->entry = entry; 508 } 509 510 static void sam460ex_machine_init(MachineClass *mc) 511 { 512 mc->desc = "aCube Sam460ex"; 513 mc->init = sam460ex_init; 514 mc->default_cpu_type = POWERPC_CPU_TYPE_NAME("460exb"); 515 mc->default_ram_size = 512 * MiB; 516 mc->default_ram_id = "ppc4xx.sdram"; 517 } 518 519 DEFINE_MACHINE("sam460ex", sam460ex_machine_init) 520