| /* |
| * ARM Integrator CP System emulation. |
| * |
| * Copyright (c) 2005 CodeSourcery, LLC. |
| * Written by Paul Brook |
| * |
| * This code is licenced under the GPL |
| */ |
| |
| #include <vl.h> |
| |
| #define KERNEL_ARGS_ADDR 0x100 |
| #define KERNEL_LOAD_ADDR 0x00010000 |
| #define INITRD_LOAD_ADDR 0x00800000 |
| |
| /* Stub functions for hardware that doesn't exist. */ |
| void pic_set_irq(int irq, int level) |
| { |
| cpu_abort (cpu_single_env, "pic_set_irq"); |
| } |
| |
| void pic_info(void) |
| { |
| } |
| |
| void irq_info(void) |
| { |
| } |
| |
| void DMA_run (void) |
| { |
| } |
| |
| typedef struct { |
| uint32_t flash_offset; |
| uint32_t cm_osc; |
| uint32_t cm_ctrl; |
| uint32_t cm_lock; |
| uint32_t cm_auxosc; |
| uint32_t cm_sdram; |
| uint32_t cm_init; |
| uint32_t cm_flags; |
| uint32_t cm_nvflags; |
| uint32_t int_level; |
| uint32_t irq_enabled; |
| uint32_t fiq_enabled; |
| } integratorcm_state; |
| |
| static uint8_t integrator_spd[128] = { |
| 128, 8, 4, 11, 9, 1, 64, 0, 2, 0xa0, 0xa0, 0, 0, 8, 0, 1, |
| 0xe, 4, 0x1c, 1, 2, 0x20, 0xc0, 0, 0, 0, 0, 0x30, 0x28, 0x30, 0x28, 0x40 |
| }; |
| |
| static uint32_t integratorcm_read(void *opaque, target_phys_addr_t offset) |
| { |
| integratorcm_state *s = (integratorcm_state *)opaque; |
| offset -= 0x10000000; |
| if (offset >= 0x100 && offset < 0x200) { |
| /* CM_SPD */ |
| if (offset >= 0x180) |
| return 0; |
| return integrator_spd[offset >> 2]; |
| } |
| switch (offset >> 2) { |
| case 0: /* CM_ID */ |
| return 0x411a3001; |
| case 1: /* CM_PROC */ |
| return 0; |
| case 2: /* CM_OSC */ |
| return s->cm_osc; |
| case 3: /* CM_CTRL */ |
| return s->cm_ctrl; |
| case 4: /* CM_STAT */ |
| return 0x00100000; |
| case 5: /* CM_LOCK */ |
| if (s->cm_lock == 0xa05f) { |
| return 0x1a05f; |
| } else { |
| return s->cm_lock; |
| } |
| case 6: /* CM_LMBUSCNT */ |
| /* ??? High frequency timer. */ |
| cpu_abort(cpu_single_env, "integratorcm_read: CM_LMBUSCNT"); |
| case 7: /* CM_AUXOSC */ |
| return s->cm_auxosc; |
| case 8: /* CM_SDRAM */ |
| return s->cm_sdram; |
| case 9: /* CM_INIT */ |
| return s->cm_init; |
| case 10: /* CM_REFCT */ |
| /* ??? High frequency timer. */ |
| cpu_abort(cpu_single_env, "integratorcm_read: CM_REFCT"); |
| case 12: /* CM_FLAGS */ |
| return s->cm_flags; |
| case 14: /* CM_NVFLAGS */ |
| return s->cm_nvflags; |
| case 16: /* CM_IRQ_STAT */ |
| return s->int_level & s->irq_enabled; |
| case 17: /* CM_IRQ_RSTAT */ |
| return s->int_level; |
| case 18: /* CM_IRQ_ENSET */ |
| return s->irq_enabled; |
| case 20: /* CM_SOFT_INTSET */ |
| return s->int_level & 1; |
| case 24: /* CM_FIQ_STAT */ |
| return s->int_level & s->fiq_enabled; |
| case 25: /* CM_FIQ_RSTAT */ |
| return s->int_level; |
| case 26: /* CM_FIQ_ENSET */ |
| return s->fiq_enabled; |
| case 32: /* CM_VOLTAGE_CTL0 */ |
| case 33: /* CM_VOLTAGE_CTL1 */ |
| case 34: /* CM_VOLTAGE_CTL2 */ |
| case 35: /* CM_VOLTAGE_CTL3 */ |
| /* ??? Voltage control unimplemented. */ |
| return 0; |
| default: |
| cpu_abort (cpu_single_env, |
| "integratorcm_read: Unimplemented offset 0x%x\n", offset); |
| return 0; |
| } |
| } |
| |
| static void integratorcm_do_remap(integratorcm_state *s, int flash) |
| { |
| if (flash) { |
| cpu_register_physical_memory(0, 0x100000, IO_MEM_RAM); |
| } else { |
| cpu_register_physical_memory(0, 0x100000, s->flash_offset | IO_MEM_RAM); |
| } |
| //??? tlb_flush (cpu_single_env, 1); |
| } |
| |
| static void integratorcm_set_ctrl(integratorcm_state *s, uint32_t value) |
| { |
| if (value & 8) { |
| cpu_abort(cpu_single_env, "Board reset\n"); |
| } |
| if ((s->cm_init ^ value) & 4) { |
| integratorcm_do_remap(s, (value & 4) == 0); |
| } |
| if ((s->cm_init ^ value) & 1) { |
| printf("Green LED %s\n", (value & 1) ? "on" : "off"); |
| } |
| s->cm_init = (s->cm_init & ~ 5) | (value ^ 5); |
| } |
| |
| static void integratorcm_update(integratorcm_state *s) |
| { |
| /* ??? The CPU irq/fiq is raised when either the core module or base PIC |
| are active. */ |
| if (s->int_level & (s->irq_enabled | s->fiq_enabled)) |
| cpu_abort(cpu_single_env, "Core module interrupt\n"); |
| } |
| |
| static void integratorcm_write(void *opaque, target_phys_addr_t offset, |
| uint32_t value) |
| { |
| integratorcm_state *s = (integratorcm_state *)opaque; |
| offset -= 0x10000000; |
| switch (offset >> 2) { |
| case 2: /* CM_OSC */ |
| if (s->cm_lock == 0xa05f) |
| s->cm_osc = value; |
| break; |
| case 3: /* CM_CTRL */ |
| integratorcm_set_ctrl(s, value); |
| break; |
| case 5: /* CM_LOCK */ |
| s->cm_lock = value & 0xffff; |
| break; |
| case 7: /* CM_AUXOSC */ |
| if (s->cm_lock == 0xa05f) |
| s->cm_auxosc = value; |
| break; |
| case 8: /* CM_SDRAM */ |
| s->cm_sdram = value; |
| break; |
| case 9: /* CM_INIT */ |
| /* ??? This can change the memory bus frequency. */ |
| s->cm_init = value; |
| break; |
| case 12: /* CM_FLAGSS */ |
| s->cm_flags |= value; |
| break; |
| case 13: /* CM_FLAGSC */ |
| s->cm_flags &= ~value; |
| break; |
| case 14: /* CM_NVFLAGSS */ |
| s->cm_nvflags |= value; |
| break; |
| case 15: /* CM_NVFLAGSS */ |
| s->cm_nvflags &= ~value; |
| break; |
| case 18: /* CM_IRQ_ENSET */ |
| s->irq_enabled |= value; |
| integratorcm_update(s); |
| break; |
| case 19: /* CM_IRQ_ENCLR */ |
| s->irq_enabled &= ~value; |
| integratorcm_update(s); |
| break; |
| case 20: /* CM_SOFT_INTSET */ |
| s->int_level |= (value & 1); |
| integratorcm_update(s); |
| break; |
| case 21: /* CM_SOFT_INTCLR */ |
| s->int_level &= ~(value & 1); |
| integratorcm_update(s); |
| break; |
| case 26: /* CM_FIQ_ENSET */ |
| s->fiq_enabled |= value; |
| integratorcm_update(s); |
| break; |
| case 27: /* CM_FIQ_ENCLR */ |
| s->fiq_enabled &= ~value; |
| integratorcm_update(s); |
| break; |
| case 32: /* CM_VOLTAGE_CTL0 */ |
| case 33: /* CM_VOLTAGE_CTL1 */ |
| case 34: /* CM_VOLTAGE_CTL2 */ |
| case 35: /* CM_VOLTAGE_CTL3 */ |
| /* ??? Voltage control unimplemented. */ |
| break; |
| default: |
| cpu_abort (cpu_single_env, |
| "integratorcm_write: Unimplemented offset 0x%x\n", offset); |
| break; |
| } |
| } |
| |
| /* Integrator/CM control registers. */ |
| |
| static CPUReadMemoryFunc *integratorcm_readfn[] = { |
| integratorcm_read, |
| integratorcm_read, |
| integratorcm_read |
| }; |
| |
| static CPUWriteMemoryFunc *integratorcm_writefn[] = { |
| integratorcm_write, |
| integratorcm_write, |
| integratorcm_write |
| }; |
| |
| static void integratorcm_init(int memsz, uint32_t flash_offset) |
| { |
| int iomemtype; |
| integratorcm_state *s; |
| |
| s = (integratorcm_state *)qemu_mallocz(sizeof(integratorcm_state)); |
| s->cm_osc = 0x01000048; |
| /* ??? What should the high bits of this value be? */ |
| s->cm_auxosc = 0x0007feff; |
| s->cm_sdram = 0x00011122; |
| if (memsz >= 256) { |
| integrator_spd[31] = 64; |
| s->cm_sdram |= 0x10; |
| } else if (memsz >= 128) { |
| integrator_spd[31] = 32; |
| s->cm_sdram |= 0x0c; |
| } else if (memsz >= 64) { |
| integrator_spd[31] = 16; |
| s->cm_sdram |= 0x08; |
| } else if (memsz >= 32) { |
| integrator_spd[31] = 4; |
| s->cm_sdram |= 0x04; |
| } else { |
| integrator_spd[31] = 2; |
| } |
| memcpy(integrator_spd + 73, "QEMU-MEMORY", 11); |
| s->cm_init = 0x00000112; |
| s->flash_offset = flash_offset; |
| |
| iomemtype = cpu_register_io_memory(0, integratorcm_readfn, |
| integratorcm_writefn, s); |
| cpu_register_physical_memory(0x10000000, 0x007fffff, iomemtype); |
| integratorcm_do_remap(s, 1); |
| /* ??? Save/restore. */ |
| } |
| |
| /* Integrator/CP hardware emulation. */ |
| /* Primary interrupt controller. */ |
| |
| typedef struct icp_pic_state |
| { |
| uint32_t base; |
| uint32_t level; |
| uint32_t irq_enabled; |
| uint32_t fiq_enabled; |
| void *parent; |
| /* -1 if parent is a cpu, otherwise IRQ number on parent PIC. */ |
| int parent_irq; |
| } icp_pic_state; |
| |
| static void icp_pic_update(icp_pic_state *s) |
| { |
| CPUState *env; |
| if (s->parent_irq != -1) { |
| uint32_t flags; |
| |
| flags = (s->level & s->irq_enabled); |
| pic_set_irq_new(s->parent, s->parent_irq, |
| flags != 0); |
| return; |
| } |
| /* Raise CPU interrupt. */ |
| env = (CPUState *)s->parent; |
| if (s->level & s->fiq_enabled) { |
| cpu_interrupt (env, CPU_INTERRUPT_FIQ); |
| } else { |
| cpu_reset_interrupt (env, CPU_INTERRUPT_FIQ); |
| } |
| if (s->level & s->irq_enabled) { |
| cpu_interrupt (env, CPU_INTERRUPT_HARD); |
| } else { |
| cpu_reset_interrupt (env, CPU_INTERRUPT_HARD); |
| } |
| } |
| |
| void pic_set_irq_new(void *opaque, int irq, int level) |
| { |
| icp_pic_state *s = (icp_pic_state *)opaque; |
| if (level) |
| s->level |= 1 << irq; |
| else |
| s->level &= ~(1 << irq); |
| icp_pic_update(s); |
| } |
| |
| static uint32_t icp_pic_read(void *opaque, target_phys_addr_t offset) |
| { |
| icp_pic_state *s = (icp_pic_state *)opaque; |
| |
| offset -= s->base; |
| switch (offset >> 2) { |
| case 0: /* IRQ_STATUS */ |
| return s->level & s->irq_enabled; |
| case 1: /* IRQ_RAWSTAT */ |
| return s->level; |
| case 2: /* IRQ_ENABLESET */ |
| return s->irq_enabled; |
| case 4: /* INT_SOFTSET */ |
| return s->level & 1; |
| case 8: /* FRQ_STATUS */ |
| return s->level & s->fiq_enabled; |
| case 9: /* FRQ_RAWSTAT */ |
| return s->level; |
| case 10: /* FRQ_ENABLESET */ |
| return s->fiq_enabled; |
| case 3: /* IRQ_ENABLECLR */ |
| case 5: /* INT_SOFTCLR */ |
| case 11: /* FRQ_ENABLECLR */ |
| default: |
| printf ("icp_pic_read: Bad register offset 0x%x\n", offset); |
| return 0; |
| } |
| } |
| |
| static void icp_pic_write(void *opaque, target_phys_addr_t offset, |
| uint32_t value) |
| { |
| icp_pic_state *s = (icp_pic_state *)opaque; |
| offset -= s->base; |
| |
| switch (offset >> 2) { |
| case 2: /* IRQ_ENABLESET */ |
| s->irq_enabled |= value; |
| break; |
| case 3: /* IRQ_ENABLECLR */ |
| s->irq_enabled &= ~value; |
| break; |
| case 4: /* INT_SOFTSET */ |
| if (value & 1) |
| pic_set_irq_new(s, 0, 1); |
| break; |
| case 5: /* INT_SOFTCLR */ |
| if (value & 1) |
| pic_set_irq_new(s, 0, 0); |
| break; |
| case 10: /* FRQ_ENABLESET */ |
| s->fiq_enabled |= value; |
| break; |
| case 11: /* FRQ_ENABLECLR */ |
| s->fiq_enabled &= ~value; |
| break; |
| case 0: /* IRQ_STATUS */ |
| case 1: /* IRQ_RAWSTAT */ |
| case 8: /* FRQ_STATUS */ |
| case 9: /* FRQ_RAWSTAT */ |
| default: |
| printf ("icp_pic_write: Bad register offset 0x%x\n", offset); |
| return; |
| } |
| icp_pic_update(s); |
| } |
| |
| static CPUReadMemoryFunc *icp_pic_readfn[] = { |
| icp_pic_read, |
| icp_pic_read, |
| icp_pic_read |
| }; |
| |
| static CPUWriteMemoryFunc *icp_pic_writefn[] = { |
| icp_pic_write, |
| icp_pic_write, |
| icp_pic_write |
| }; |
| |
| static icp_pic_state *icp_pic_init(uint32_t base, void *parent, |
| int parent_irq) |
| { |
| icp_pic_state *s; |
| int iomemtype; |
| |
| s = (icp_pic_state *)qemu_mallocz(sizeof(icp_pic_state)); |
| if (!s) |
| return NULL; |
| |
| s->base = base; |
| s->parent = parent; |
| s->parent_irq = parent_irq; |
| iomemtype = cpu_register_io_memory(0, icp_pic_readfn, |
| icp_pic_writefn, s); |
| cpu_register_physical_memory(base, 0x007fffff, iomemtype); |
| /* ??? Save/restore. */ |
| return s; |
| } |
| |
| /* Timers. */ |
| |
| /* System bus clock speed (40MHz) for timer 0. Not sure about this value. */ |
| #define ICP_BUS_FREQ 40000000 |
| |
| typedef struct { |
| int64_t next_time; |
| int64_t expires[3]; |
| int64_t loaded[3]; |
| QEMUTimer *timer; |
| icp_pic_state *pic; |
| uint32_t base; |
| uint32_t control[3]; |
| uint32_t count[3]; |
| uint32_t limit[3]; |
| int freq[3]; |
| int int_level[3]; |
| } icp_pit_state; |
| |
| /* Calculate the new expiry time of the given timer. */ |
| |
| static void icp_pit_reload(icp_pit_state *s, int n) |
| { |
| int64_t delay; |
| |
| s->loaded[n] = s->expires[n]; |
| delay = muldiv64(s->count[n], ticks_per_sec, s->freq[n]); |
| if (delay == 0) |
| delay = 1; |
| s->expires[n] += delay; |
| } |
| |
| /* Check all active timers, and schedule the next timer interrupt. */ |
| |
| static void icp_pit_update(icp_pit_state *s, int64_t now) |
| { |
| int n; |
| int64_t next; |
| |
| next = now; |
| for (n = 0; n < 3; n++) { |
| /* Ignore disabled timers. */ |
| if ((s->control[n] & 0x80) == 0) |
| continue; |
| /* Ignore expired one-shot timers. */ |
| if (s->count[n] == 0 && s->control[n] & 1) |
| continue; |
| if (s->expires[n] - now <= 0) { |
| /* Timer has expired. */ |
| s->int_level[n] = 1; |
| if (s->control[n] & 1) { |
| /* One-shot. */ |
| s->count[n] = 0; |
| } else { |
| if ((s->control[n] & 0x40) == 0) { |
| /* Free running. */ |
| if (s->control[n] & 2) |
| s->count[n] = 0xffffffff; |
| else |
| s->count[n] = 0xffff; |
| } else { |
| /* Periodic. */ |
| s->count[n] = s->limit[n]; |
| } |
| } |
| } |
| while (s->expires[n] - now <= 0) { |
| icp_pit_reload(s, n); |
| } |
| } |
| /* Update interrupts. */ |
| for (n = 0; n < 3; n++) { |
| if (s->int_level[n] && (s->control[n] & 0x20)) { |
| pic_set_irq_new(s->pic, 5 + n, 1); |
| } else { |
| pic_set_irq_new(s->pic, 5 + n, 0); |
| } |
| if (next - s->expires[n] < 0) |
| next = s->expires[n]; |
| } |
| /* Schedule the next timer interrupt. */ |
| if (next == now) { |
| qemu_del_timer(s->timer); |
| s->next_time = 0; |
| } else if (next != s->next_time) { |
| qemu_mod_timer(s->timer, next); |
| s->next_time = next; |
| } |
| } |
| |
| /* Return the current value of the timer. */ |
| static uint32_t icp_pit_getcount(icp_pit_state *s, int n, int64_t now) |
| { |
| int64_t elapsed; |
| int64_t period; |
| |
| if (s->count[n] == 0) |
| return 0; |
| if ((s->control[n] & 0x80) == 0) |
| return s->count[n]; |
| elapsed = now - s->loaded[n]; |
| period = s->expires[n] - s->loaded[n]; |
| /* If the timer should have expired then return 0. This can happen |
| when the host timer signal doesnt occur immediately. It's better to |
| have a timer appear to sit at zero for a while than have it wrap |
| around before the guest interrupt is raised. */ |
| /* ??? Could we trigger the interrupt here? */ |
| if (elapsed > period) |
| return 0; |
| /* We need to calculate count * elapsed / period without overfowing. |
| Scale both elapsed and period so they fit in a 32-bit int. */ |
| while (period != (int32_t)period) { |
| period >>= 1; |
| elapsed >>= 1; |
| } |
| return ((uint64_t)s->count[n] * (uint64_t)(int32_t)elapsed) |
| / (int32_t)period; |
| } |
| |
| static uint32_t icp_pit_read(void *opaque, target_phys_addr_t offset) |
| { |
| int n; |
| icp_pit_state *s = (icp_pit_state *)opaque; |
| |
| offset -= s->base; |
| n = offset >> 8; |
| if (n > 2) |
| cpu_abort (cpu_single_env, "icp_pit_read: Bad timer %x\n", offset); |
| switch ((offset & 0xff) >> 2) { |
| case 0: /* TimerLoad */ |
| case 6: /* TimerBGLoad */ |
| return s->limit[n]; |
| case 1: /* TimerValue */ |
| return icp_pit_getcount(s, n, qemu_get_clock(vm_clock)); |
| case 2: /* TimerControl */ |
| return s->control[n]; |
| case 4: /* TimerRIS */ |
| return s->int_level[n]; |
| case 5: /* TimerMIS */ |
| if ((s->control[n] & 0x20) == 0) |
| return 0; |
| return s->int_level[n]; |
| default: |
| cpu_abort (cpu_single_env, "icp_pit_read: Bad offset %x\n", offset); |
| return 0; |
| } |
| } |
| |
| static void icp_pit_write(void *opaque, target_phys_addr_t offset, |
| uint32_t value) |
| { |
| icp_pit_state *s = (icp_pit_state *)opaque; |
| int n; |
| int64_t now; |
| |
| now = qemu_get_clock(vm_clock); |
| offset -= s->base; |
| n = offset >> 8; |
| if (n > 2) |
| cpu_abort (cpu_single_env, "icp_pit_write: Bad offset %x\n", offset); |
| |
| switch ((offset & 0xff) >> 2) { |
| case 0: /* TimerLoad */ |
| s->limit[n] = value; |
| s->count[n] = value; |
| s->expires[n] = now; |
| icp_pit_reload(s, n); |
| break; |
| case 1: /* TimerValue */ |
| /* ??? Linux seems to want to write to this readonly register. |
| Ignore it. */ |
| break; |
| case 2: /* TimerControl */ |
| if (s->control[n] & 0x80) { |
| /* Pause the timer if it is running. This may cause some |
| inaccuracy dure to rounding, but avoids a whole lot of other |
| messyness. */ |
| s->count[n] = icp_pit_getcount(s, n, now); |
| } |
| s->control[n] = value; |
| if (n == 0) |
| s->freq[n] = ICP_BUS_FREQ; |
| else |
| s->freq[n] = 1000000; |
| /* ??? Need to recalculate expiry time after changing divisor. */ |
| switch ((value >> 2) & 3) { |
| case 1: s->freq[n] >>= 4; break; |
| case 2: s->freq[n] >>= 8; break; |
| } |
| if (s->control[n] & 0x80) { |
| /* Restart the timer if still enabled. */ |
| s->expires[n] = now; |
| icp_pit_reload(s, n); |
| } |
| break; |
| case 3: /* TimerIntClr */ |
| s->int_level[n] = 0; |
| break; |
| case 6: /* TimerBGLoad */ |
| s->limit[n] = value; |
| break; |
| default: |
| cpu_abort (cpu_single_env, "icp_pit_write: Bad offset %x\n", offset); |
| } |
| icp_pit_update(s, now); |
| } |
| |
| static void icp_pit_tick(void *opaque) |
| { |
| int64_t now; |
| |
| now = qemu_get_clock(vm_clock); |
| icp_pit_update((icp_pit_state *)opaque, now); |
| } |
| |
| static CPUReadMemoryFunc *icp_pit_readfn[] = { |
| icp_pit_read, |
| icp_pit_read, |
| icp_pit_read |
| }; |
| |
| static CPUWriteMemoryFunc *icp_pit_writefn[] = { |
| icp_pit_write, |
| icp_pit_write, |
| icp_pit_write |
| }; |
| |
| static void icp_pit_init(uint32_t base, icp_pic_state *pic) |
| { |
| int iomemtype; |
| icp_pit_state *s; |
| int n; |
| |
| s = (icp_pit_state *)qemu_mallocz(sizeof(icp_pit_state)); |
| s->base = base; |
| s->pic = pic; |
| s->freq[0] = ICP_BUS_FREQ; |
| s->freq[1] = 1000000; |
| s->freq[2] = 1000000; |
| for (n = 0; n < 3; n++) { |
| s->control[n] = 0x20; |
| s->count[n] = 0xffffffff; |
| } |
| |
| iomemtype = cpu_register_io_memory(0, icp_pit_readfn, |
| icp_pit_writefn, s); |
| cpu_register_physical_memory(base, 0x007fffff, iomemtype); |
| s->timer = qemu_new_timer(vm_clock, icp_pit_tick, s); |
| /* ??? Save/restore. */ |
| } |
| |
| /* ARM PrimeCell PL011 UART */ |
| |
| typedef struct { |
| uint32_t base; |
| uint32_t readbuff; |
| uint32_t flags; |
| uint32_t lcr; |
| uint32_t cr; |
| uint32_t dmacr; |
| uint32_t int_enabled; |
| uint32_t int_level; |
| uint32_t read_fifo[16]; |
| uint32_t ilpr; |
| uint32_t ibrd; |
| uint32_t fbrd; |
| uint32_t ifl; |
| int read_pos; |
| int read_count; |
| int read_trigger; |
| CharDriverState *chr; |
| icp_pic_state *pic; |
| int irq; |
| } pl011_state; |
| |
| #define PL011_INT_TX 0x20 |
| #define PL011_INT_RX 0x10 |
| |
| #define PL011_FLAG_TXFE 0x80 |
| #define PL011_FLAG_RXFF 0x40 |
| #define PL011_FLAG_TXFF 0x20 |
| #define PL011_FLAG_RXFE 0x10 |
| |
| static const unsigned char pl011_id[] = |
| { 0x11, 0x10, 0x14, 0x00, 0x0d, 0xf0, 0x05, 0xb1 }; |
| |
| static void pl011_update(pl011_state *s) |
| { |
| uint32_t flags; |
| |
| flags = s->int_level & s->int_enabled; |
| pic_set_irq_new(s->pic, s->irq, flags != 0); |
| } |
| |
| static uint32_t pl011_read(void *opaque, target_phys_addr_t offset) |
| { |
| pl011_state *s = (pl011_state *)opaque; |
| uint32_t c; |
| |
| offset -= s->base; |
| if (offset >= 0xfe0 && offset < 0x1000) { |
| return pl011_id[(offset - 0xfe0) >> 2]; |
| } |
| switch (offset >> 2) { |
| case 0: /* UARTDR */ |
| s->flags &= ~PL011_FLAG_RXFF; |
| c = s->read_fifo[s->read_pos]; |
| if (s->read_count > 0) { |
| s->read_count--; |
| if (++s->read_pos == 16) |
| s->read_pos = 0; |
| } |
| if (s->read_count == 0) { |
| s->flags |= PL011_FLAG_RXFE; |
| } |
| if (s->read_count == s->read_trigger - 1) |
| s->int_level &= ~ PL011_INT_RX; |
| pl011_update(s); |
| return c; |
| case 1: /* UARTCR */ |
| return 0; |
| case 6: /* UARTFR */ |
| return s->flags; |
| case 8: /* UARTILPR */ |
| return s->ilpr; |
| case 9: /* UARTIBRD */ |
| return s->ibrd; |
| case 10: /* UARTFBRD */ |
| return s->fbrd; |
| case 11: /* UARTLCR_H */ |
| return s->lcr; |
| case 12: /* UARTCR */ |
| return s->cr; |
| case 13: /* UARTIFLS */ |
| return s->ifl; |
| case 14: /* UARTIMSC */ |
| return s->int_enabled; |
| case 15: /* UARTRIS */ |
| return s->int_level; |
| case 16: /* UARTMIS */ |
| return s->int_level & s->int_enabled; |
| case 18: /* UARTDMACR */ |
| return s->dmacr; |
| default: |
| cpu_abort (cpu_single_env, "pl011_read: Bad offset %x\n", offset); |
| return 0; |
| } |
| } |
| |
| static void pl011_set_read_trigger(pl011_state *s) |
| { |
| #if 0 |
| /* The docs say the RX interrupt is triggered when the FIFO exceeds |
| the threshold. However linux only reads the FIFO in response to an |
| interrupt. Triggering the interrupt when the FIFO is non-empty seems |
| to make things work. */ |
| if (s->lcr & 0x10) |
| s->read_trigger = (s->ifl >> 1) & 0x1c; |
| else |
| #endif |
| s->read_trigger = 1; |
| } |
| |
| static void pl011_write(void *opaque, target_phys_addr_t offset, |
| uint32_t value) |
| { |
| pl011_state *s = (pl011_state *)opaque; |
| unsigned char ch; |
| |
| offset -= s->base; |
| switch (offset >> 2) { |
| case 0: /* UARTDR */ |
| /* ??? Check if transmitter is enabled. */ |
| ch = value; |
| if (s->chr) |
| qemu_chr_write(s->chr, &ch, 1); |
| s->int_level |= PL011_INT_TX; |
| pl011_update(s); |
| break; |
| case 1: /* UARTCR */ |
| s->cr = value; |
| break; |
| case 8: /* UARTUARTILPR */ |
| s->ilpr = value; |
| break; |
| case 9: /* UARTIBRD */ |
| s->ibrd = value; |
| break; |
| case 10: /* UARTFBRD */ |
| s->fbrd = value; |
| break; |
| case 11: /* UARTLCR_H */ |
| s->lcr = value; |
| pl011_set_read_trigger(s); |
| break; |
| case 12: /* UARTCR */ |
| /* ??? Need to implement the enable and loopback bits. */ |
| s->cr = value; |
| break; |
| case 13: /* UARTIFS */ |
| s->ifl = value; |
| pl011_set_read_trigger(s); |
| break; |
| case 14: /* UARTIMSC */ |
| s->int_enabled = value; |
| pl011_update(s); |
| break; |
| case 17: /* UARTICR */ |
| s->int_level &= ~value; |
| pl011_update(s); |
| break; |
| case 18: /* UARTDMACR */ |
| s->dmacr = value; |
| if (value & 3) |
| cpu_abort(cpu_single_env, "PL011: DMA not implemented\n"); |
| break; |
| default: |
| cpu_abort (cpu_single_env, "pl011_write: Bad offset %x\n", offset); |
| } |
| } |
| |
| static int pl011_can_recieve(void *opaque) |
| { |
| pl011_state *s = (pl011_state *)opaque; |
| |
| if (s->lcr & 0x10) |
| return s->read_count < 16; |
| else |
| return s->read_count < 1; |
| } |
| |
| static void pl011_recieve(void *opaque, const uint8_t *buf, int size) |
| { |
| pl011_state *s = (pl011_state *)opaque; |
| int slot; |
| |
| slot = s->read_pos + s->read_count; |
| if (slot >= 16) |
| slot -= 16; |
| s->read_fifo[slot] = *buf; |
| s->read_count++; |
| s->flags &= ~PL011_FLAG_RXFE; |
| if (s->cr & 0x10 || s->read_count == 16) { |
| s->flags |= PL011_FLAG_RXFF; |
| } |
| if (s->read_count == s->read_trigger) { |
| s->int_level |= PL011_INT_RX; |
| pl011_update(s); |
| } |
| } |
| |
| static void pl011_event(void *opaque, int event) |
| { |
| /* ??? Should probably implement break. */ |
| } |
| |
| static CPUReadMemoryFunc *pl011_readfn[] = { |
| pl011_read, |
| pl011_read, |
| pl011_read |
| }; |
| |
| static CPUWriteMemoryFunc *pl011_writefn[] = { |
| pl011_write, |
| pl011_write, |
| pl011_write |
| }; |
| |
| static void pl011_init(uint32_t base, icp_pic_state *pic, int irq, |
| CharDriverState *chr) |
| { |
| int iomemtype; |
| pl011_state *s; |
| |
| s = (pl011_state *)qemu_mallocz(sizeof(pl011_state)); |
| iomemtype = cpu_register_io_memory(0, pl011_readfn, |
| pl011_writefn, s); |
| cpu_register_physical_memory(base, 0x007fffff, iomemtype); |
| s->base = base; |
| s->pic = pic; |
| s->irq = irq; |
| s->chr = chr; |
| s->read_trigger = 1; |
| s->ifl = 0x12; |
| s->cr = 0x300; |
| s->flags = 0x90; |
| if (chr){ |
| qemu_chr_add_read_handler(chr, pl011_can_recieve, pl011_recieve, s); |
| qemu_chr_add_event_handler(chr, pl011_event); |
| } |
| /* ??? Save/restore. */ |
| } |
| |
| /* CP control registers. */ |
| typedef struct { |
| uint32_t base; |
| } icp_control_state; |
| |
| static uint32_t icp_control_read(void *opaque, target_phys_addr_t offset) |
| { |
| icp_control_state *s = (icp_control_state *)opaque; |
| offset -= s->base; |
| switch (offset >> 2) { |
| case 0: /* CP_IDFIELD */ |
| return 0x41034003; |
| case 1: /* CP_FLASHPROG */ |
| return 0; |
| case 2: /* CP_INTREG */ |
| return 0; |
| case 3: /* CP_DECODE */ |
| return 0x11; |
| default: |
| cpu_abort (cpu_single_env, "icp_control_read: Bad offset %x\n", offset); |
| return 0; |
| } |
| } |
| |
| static void icp_control_write(void *opaque, target_phys_addr_t offset, |
| uint32_t value) |
| { |
| icp_control_state *s = (icp_control_state *)opaque; |
| offset -= s->base; |
| switch (offset >> 2) { |
| case 1: /* CP_FLASHPROG */ |
| case 2: /* CP_INTREG */ |
| case 3: /* CP_DECODE */ |
| /* Nothing interesting implemented yet. */ |
| break; |
| default: |
| cpu_abort (cpu_single_env, "icp_control_write: Bad offset %x\n", offset); |
| } |
| } |
| static CPUReadMemoryFunc *icp_control_readfn[] = { |
| icp_control_read, |
| icp_control_read, |
| icp_control_read |
| }; |
| |
| static CPUWriteMemoryFunc *icp_control_writefn[] = { |
| icp_control_write, |
| icp_control_write, |
| icp_control_write |
| }; |
| |
| static void icp_control_init(uint32_t base) |
| { |
| int iomemtype; |
| icp_control_state *s; |
| |
| s = (icp_control_state *)qemu_mallocz(sizeof(icp_control_state)); |
| iomemtype = cpu_register_io_memory(0, icp_control_readfn, |
| icp_control_writefn, s); |
| cpu_register_physical_memory(base, 0x007fffff, iomemtype); |
| s->base = base; |
| /* ??? Save/restore. */ |
| } |
| |
| |
| /* Keyboard/Mouse Interface. */ |
| |
| typedef struct { |
| void *dev; |
| uint32_t base; |
| uint32_t cr; |
| uint32_t clk; |
| uint32_t last; |
| icp_pic_state *pic; |
| int pending; |
| int irq; |
| int is_mouse; |
| } icp_kmi_state; |
| |
| static void icp_kmi_update(void *opaque, int level) |
| { |
| icp_kmi_state *s = (icp_kmi_state *)opaque; |
| int raise; |
| |
| s->pending = level; |
| raise = (s->pending && (s->cr & 0x10) != 0) |
| || (s->cr & 0x08) != 0; |
| pic_set_irq_new(s->pic, s->irq, raise); |
| } |
| |
| static uint32_t icp_kmi_read(void *opaque, target_phys_addr_t offset) |
| { |
| icp_kmi_state *s = (icp_kmi_state *)opaque; |
| offset -= s->base; |
| if (offset >= 0xfe0 && offset < 0x1000) |
| return 0; |
| |
| switch (offset >> 2) { |
| case 0: /* KMICR */ |
| return s->cr; |
| case 1: /* KMISTAT */ |
| /* KMIC and KMID bits not implemented. */ |
| if (s->pending) { |
| return 0x10; |
| } else { |
| return 0; |
| } |
| case 2: /* KMIDATA */ |
| if (s->pending) |
| s->last = ps2_read_data(s->dev); |
| return s->last; |
| case 3: /* KMICLKDIV */ |
| return s->clk; |
| case 4: /* KMIIR */ |
| return s->pending | 2; |
| default: |
| cpu_abort (cpu_single_env, "icp_kmi_read: Bad offset %x\n", offset); |
| return 0; |
| } |
| } |
| |
| static void icp_kmi_write(void *opaque, target_phys_addr_t offset, |
| uint32_t value) |
| { |
| icp_kmi_state *s = (icp_kmi_state *)opaque; |
| offset -= s->base; |
| switch (offset >> 2) { |
| case 0: /* KMICR */ |
| s->cr = value; |
| icp_kmi_update(s, s->pending); |
| /* ??? Need to implement the enable/disable bit. */ |
| break; |
| case 2: /* KMIDATA */ |
| /* ??? This should toggle the TX interrupt line. */ |
| /* ??? This means kbd/mouse can block each other. */ |
| if (s->is_mouse) { |
| ps2_write_mouse(s->dev, value); |
| } else { |
| ps2_write_keyboard(s->dev, value); |
| } |
| break; |
| case 3: /* KMICLKDIV */ |
| s->clk = value; |
| return; |
| default: |
| cpu_abort (cpu_single_env, "icp_kmi_write: Bad offset %x\n", offset); |
| } |
| } |
| static CPUReadMemoryFunc *icp_kmi_readfn[] = { |
| icp_kmi_read, |
| icp_kmi_read, |
| icp_kmi_read |
| }; |
| |
| static CPUWriteMemoryFunc *icp_kmi_writefn[] = { |
| icp_kmi_write, |
| icp_kmi_write, |
| icp_kmi_write |
| }; |
| |
| static void icp_kmi_init(uint32_t base, icp_pic_state * pic, int irq, |
| int is_mouse) |
| { |
| int iomemtype; |
| icp_kmi_state *s; |
| |
| s = (icp_kmi_state *)qemu_mallocz(sizeof(icp_kmi_state)); |
| iomemtype = cpu_register_io_memory(0, icp_kmi_readfn, |
| icp_kmi_writefn, s); |
| cpu_register_physical_memory(base, 0x007fffff, iomemtype); |
| s->base = base; |
| s->pic = pic; |
| s->irq = irq; |
| s->is_mouse = is_mouse; |
| if (is_mouse) |
| s->dev = ps2_mouse_init(icp_kmi_update, s); |
| else |
| s->dev = ps2_kbd_init(icp_kmi_update, s); |
| /* ??? Save/restore. */ |
| } |
| |
| /* The worlds second smallest bootloader. Set r0-r2, then jump to kernel. */ |
| static uint32_t bootloader[] = { |
| 0xe3a00000, /* mov r0, #0 */ |
| 0xe3a01013, /* mov r1, #0x13 */ |
| 0xe3811c01, /* orr r1, r1, #0x100 */ |
| 0xe59f2000, /* ldr r2, [pc, #0] */ |
| 0xe59ff000, /* ldr pc, [pc, #0] */ |
| 0, /* Address of kernel args. Set by integratorcp_init. */ |
| 0 /* Kernel entry point. Set by integratorcp_init. */ |
| }; |
| |
| static void set_kernel_args(uint32_t ram_size, int initrd_size, |
| const char *kernel_cmdline) |
| { |
| uint32_t *p; |
| |
| p = (uint32_t *)(phys_ram_base + KERNEL_ARGS_ADDR); |
| /* ATAG_CORE */ |
| stl_raw(p++, 5); |
| stl_raw(p++, 0x54410001); |
| stl_raw(p++, 1); |
| stl_raw(p++, 0x1000); |
| stl_raw(p++, 0); |
| /* ATAG_MEM */ |
| stl_raw(p++, 4); |
| stl_raw(p++, 0x54410002); |
| stl_raw(p++, ram_size); |
| stl_raw(p++, 0); |
| if (initrd_size) { |
| /* ATAG_INITRD2 */ |
| stl_raw(p++, 4); |
| stl_raw(p++, 0x54420005); |
| stl_raw(p++, INITRD_LOAD_ADDR); |
| stl_raw(p++, initrd_size); |
| } |
| if (kernel_cmdline && *kernel_cmdline) { |
| /* ATAG_CMDLINE */ |
| int cmdline_size; |
| |
| cmdline_size = strlen(kernel_cmdline); |
| memcpy (p + 2, kernel_cmdline, cmdline_size + 1); |
| cmdline_size = (cmdline_size >> 2) + 1; |
| stl_raw(p++, cmdline_size + 2); |
| stl_raw(p++, 0x54410009); |
| p += cmdline_size; |
| } |
| /* ATAG_END */ |
| stl_raw(p++, 0); |
| stl_raw(p++, 0); |
| } |
| |
| /* Board init. */ |
| |
| static void integratorcp_init(int ram_size, int vga_ram_size, int boot_device, |
| DisplayState *ds, const char **fd_filename, int snapshot, |
| const char *kernel_filename, const char *kernel_cmdline, |
| const char *initrd_filename, uint32_t cpuid) |
| { |
| CPUState *env; |
| uint32_t bios_offset; |
| icp_pic_state *pic; |
| int kernel_size; |
| int initrd_size; |
| int n; |
| |
| env = cpu_init(); |
| cpu_arm_set_model(env, cpuid); |
| bios_offset = ram_size + vga_ram_size; |
| /* ??? On a real system the first 1Mb is mapped as SSRAM or boot flash. */ |
| /* ??? RAM shoud repeat to fill physical memory space. */ |
| /* SDRAM at address zero*/ |
| cpu_register_physical_memory(0, ram_size, IO_MEM_RAM); |
| /* And again at address 0x80000000 */ |
| cpu_register_physical_memory(0x80000000, ram_size, IO_MEM_RAM); |
| |
| integratorcm_init(ram_size >> 20, bios_offset); |
| pic = icp_pic_init(0x14000000, env, -1); |
| icp_pic_init(0xca000000, pic, 26); |
| icp_pit_init(0x13000000, pic); |
| pl011_init(0x16000000, pic, 1, serial_hds[0]); |
| pl011_init(0x17000000, pic, 2, serial_hds[1]); |
| icp_control_init(0xcb000000); |
| icp_kmi_init(0x18000000, pic, 3, 0); |
| icp_kmi_init(0x19000000, pic, 4, 1); |
| if (nd_table[0].vlan) { |
| if (nd_table[0].model == NULL |
| || strcmp(nd_table[0].model, "smc91c111") == 0) { |
| smc91c111_init(&nd_table[0], 0xc8000000, pic, 27); |
| } else { |
| fprintf(stderr, "qemu: Unsupported NIC: %s\n", nd_table[0].model); |
| exit (1); |
| } |
| } |
| pl110_init(ds, 0xc0000000, pic, 22, 0); |
| |
| /* Load the kernel. */ |
| if (!kernel_filename) { |
| fprintf(stderr, "Kernel image must be specified\n"); |
| exit(1); |
| } |
| kernel_size = load_image(kernel_filename, |
| phys_ram_base + KERNEL_LOAD_ADDR); |
| if (kernel_size < 0) { |
| fprintf(stderr, "qemu: could not load kernel '%s'\n", kernel_filename); |
| exit(1); |
| } |
| if (initrd_filename) { |
| initrd_size = load_image(initrd_filename, |
| phys_ram_base + INITRD_LOAD_ADDR); |
| if (initrd_size < 0) { |
| fprintf(stderr, "qemu: could not load initrd '%s'\n", |
| initrd_filename); |
| exit(1); |
| } |
| } else { |
| initrd_size = 0; |
| } |
| bootloader[5] = KERNEL_ARGS_ADDR; |
| bootloader[6] = KERNEL_LOAD_ADDR; |
| for (n = 0; n < sizeof(bootloader) / 4; n++) |
| stl_raw(phys_ram_base + (n * 4), bootloader[n]); |
| set_kernel_args(ram_size, initrd_size, kernel_cmdline); |
| } |
| |
| static void integratorcp926_init(int ram_size, int vga_ram_size, |
| int boot_device, DisplayState *ds, const char **fd_filename, int snapshot, |
| const char *kernel_filename, const char *kernel_cmdline, |
| const char *initrd_filename) |
| { |
| integratorcp_init(ram_size, vga_ram_size, boot_device, ds, fd_filename, |
| snapshot, kernel_filename, kernel_cmdline, |
| initrd_filename, ARM_CPUID_ARM926); |
| } |
| |
| static void integratorcp1026_init(int ram_size, int vga_ram_size, |
| int boot_device, DisplayState *ds, const char **fd_filename, int snapshot, |
| const char *kernel_filename, const char *kernel_cmdline, |
| const char *initrd_filename) |
| { |
| integratorcp_init(ram_size, vga_ram_size, boot_device, ds, fd_filename, |
| snapshot, kernel_filename, kernel_cmdline, |
| initrd_filename, ARM_CPUID_ARM1026); |
| } |
| |
| QEMUMachine integratorcp926_machine = { |
| "integratorcp926", |
| "ARM Integrator/CP (ARM926EJ-S)", |
| integratorcp926_init, |
| }; |
| |
| QEMUMachine integratorcp1026_machine = { |
| "integratorcp1026", |
| "ARM Integrator/CP (ARM1026EJ-S)", |
| integratorcp1026_init, |
| }; |
