summaryrefslogtreecommitdiffstats
path: root/hw
diff options
context:
space:
mode:
Diffstat (limited to 'hw')
-rw-r--r--hw/acpi/cpu_hotplug.c1
-rw-r--r--hw/arm/Makefile.objs1
-rw-r--r--hw/arm/bcm2835_peripherals.c204
-rw-r--r--hw/arm/bcm2836.c165
-rw-r--r--hw/arm/boot.c53
-rw-r--r--hw/arm/highbank.c37
-rw-r--r--hw/arm/raspi.c152
-rw-r--r--hw/arm/virt-acpi-build.c28
-rw-r--r--hw/audio/cs4231a.c23
-rw-r--r--hw/audio/gus.c20
-rw-r--r--hw/audio/sb16.c23
-rw-r--r--hw/block/fdc.c81
-rw-r--r--hw/dma/i82374.c58
-rw-r--r--hw/dma/i8257.c395
-rw-r--r--hw/i386/pc.c2
-rw-r--r--hw/intc/Makefile.objs1
-rw-r--r--hw/intc/bcm2835_ic.c236
-rw-r--r--hw/intc/bcm2836_control.c303
-rw-r--r--hw/isa/isa-bus.c21
-rw-r--r--hw/mips/mips_fulong2e.c2
-rw-r--r--hw/mips/mips_jazz.c5
-rw-r--r--hw/mips/mips_malta.c2
-rw-r--r--hw/misc/Makefile.objs2
-rw-r--r--hw/misc/bcm2835_mbox.c333
-rw-r--r--hw/misc/bcm2835_property.c287
-rw-r--r--hw/net/cadence_gem.c12
-rw-r--r--hw/net/e1000.c6
-rw-r--r--hw/sparc/sun4m.c24
-rw-r--r--hw/sparc64/sun4u.c39
-rw-r--r--hw/timer/a9gtimer.c1
30 files changed, 2150 insertions, 367 deletions
diff --git a/hw/acpi/cpu_hotplug.c b/hw/acpi/cpu_hotplug.c
index 2f99ec5455..5a410a5287 100644
--- a/hw/acpi/cpu_hotplug.c
+++ b/hw/acpi/cpu_hotplug.c
@@ -12,6 +12,7 @@
#include "qemu/osdep.h"
#include "hw/hw.h"
#include "hw/acpi/cpu_hotplug.h"
+#include "qom/cpu.h"
static uint64_t cpu_status_read(void *opaque, hwaddr addr, unsigned int size)
{
diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index 2195b60fac..a711e4df61 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -11,6 +11,7 @@ obj-y += armv7m.o exynos4210.o pxa2xx.o pxa2xx_gpio.o pxa2xx_pic.o
obj-$(CONFIG_DIGIC) += digic.o
obj-y += omap1.o omap2.o strongarm.o
obj-$(CONFIG_ALLWINNER_A10) += allwinner-a10.o cubieboard.o
+obj-$(CONFIG_RASPI) += bcm2835_peripherals.o bcm2836.o raspi.o
obj-$(CONFIG_STM32F205_SOC) += stm32f205_soc.o
obj-$(CONFIG_XLNX_ZYNQMP) += xlnx-zynqmp.o xlnx-ep108.o
obj-$(CONFIG_FSL_IMX25) += fsl-imx25.o imx25_pdk.o
diff --git a/hw/arm/bcm2835_peripherals.c b/hw/arm/bcm2835_peripherals.c
new file mode 100644
index 0000000000..18b72ecb69
--- /dev/null
+++ b/hw/arm/bcm2835_peripherals.c
@@ -0,0 +1,204 @@
+/*
+ * Raspberry Pi emulation (c) 2012 Gregory Estrade
+ * Upstreaming code cleanup [including bcm2835_*] (c) 2013 Jan Petrous
+ *
+ * Rasperry Pi 2 emulation and refactoring Copyright (c) 2015, Microsoft
+ * Written by Andrew Baumann
+ *
+ * This code is licensed under the GNU GPLv2 and later.
+ */
+
+#include "hw/arm/bcm2835_peripherals.h"
+#include "hw/misc/bcm2835_mbox_defs.h"
+#include "hw/arm/raspi_platform.h"
+
+/* Peripheral base address on the VC (GPU) system bus */
+#define BCM2835_VC_PERI_BASE 0x7e000000
+
+/* Capabilities for SD controller: no DMA, high-speed, default clocks etc. */
+#define BCM2835_SDHC_CAPAREG 0x52034b4
+
+static void bcm2835_peripherals_init(Object *obj)
+{
+ BCM2835PeripheralState *s = BCM2835_PERIPHERALS(obj);
+
+ /* Memory region for peripheral devices, which we export to our parent */
+ memory_region_init(&s->peri_mr, obj,"bcm2835-peripherals", 0x1000000);
+ object_property_add_child(obj, "peripheral-io", OBJECT(&s->peri_mr), NULL);
+ sysbus_init_mmio(SYS_BUS_DEVICE(s), &s->peri_mr);
+
+ /* Internal memory region for peripheral bus addresses (not exported) */
+ memory_region_init(&s->gpu_bus_mr, obj, "bcm2835-gpu", (uint64_t)1 << 32);
+ object_property_add_child(obj, "gpu-bus", OBJECT(&s->gpu_bus_mr), NULL);
+
+ /* Internal memory region for request/response communication with
+ * mailbox-addressable peripherals (not exported)
+ */
+ memory_region_init(&s->mbox_mr, obj, "bcm2835-mbox",
+ MBOX_CHAN_COUNT << MBOX_AS_CHAN_SHIFT);
+
+ /* Interrupt Controller */
+ object_initialize(&s->ic, sizeof(s->ic), TYPE_BCM2835_IC);
+ object_property_add_child(obj, "ic", OBJECT(&s->ic), NULL);
+ qdev_set_parent_bus(DEVICE(&s->ic), sysbus_get_default());
+
+ /* UART0 */
+ s->uart0 = SYS_BUS_DEVICE(object_new("pl011"));
+ object_property_add_child(obj, "uart0", OBJECT(s->uart0), NULL);
+ qdev_set_parent_bus(DEVICE(s->uart0), sysbus_get_default());
+
+ /* Mailboxes */
+ object_initialize(&s->mboxes, sizeof(s->mboxes), TYPE_BCM2835_MBOX);
+ object_property_add_child(obj, "mbox", OBJECT(&s->mboxes), NULL);
+ qdev_set_parent_bus(DEVICE(&s->mboxes), sysbus_get_default());
+
+ object_property_add_const_link(OBJECT(&s->mboxes), "mbox-mr",
+ OBJECT(&s->mbox_mr), &error_abort);
+
+ /* Property channel */
+ object_initialize(&s->property, sizeof(s->property), TYPE_BCM2835_PROPERTY);
+ object_property_add_child(obj, "property", OBJECT(&s->property), NULL);
+ qdev_set_parent_bus(DEVICE(&s->property), sysbus_get_default());
+
+ object_property_add_const_link(OBJECT(&s->property), "dma-mr",
+ OBJECT(&s->gpu_bus_mr), &error_abort);
+
+ /* Extended Mass Media Controller */
+ object_initialize(&s->sdhci, sizeof(s->sdhci), TYPE_SYSBUS_SDHCI);
+ object_property_add_child(obj, "sdhci", OBJECT(&s->sdhci), NULL);
+ qdev_set_parent_bus(DEVICE(&s->sdhci), sysbus_get_default());
+}
+
+static void bcm2835_peripherals_realize(DeviceState *dev, Error **errp)
+{
+ BCM2835PeripheralState *s = BCM2835_PERIPHERALS(dev);
+ Object *obj;
+ MemoryRegion *ram;
+ Error *err = NULL;
+ uint32_t ram_size;
+ int n;
+
+ obj = object_property_get_link(OBJECT(dev), "ram", &err);
+ if (obj == NULL) {
+ error_setg(errp, "%s: required ram link not found: %s",
+ __func__, error_get_pretty(err));
+ return;
+ }
+
+ ram = MEMORY_REGION(obj);
+ ram_size = memory_region_size(ram);
+
+ /* Map peripherals and RAM into the GPU address space. */
+ memory_region_init_alias(&s->peri_mr_alias, OBJECT(s),
+ "bcm2835-peripherals", &s->peri_mr, 0,
+ memory_region_size(&s->peri_mr));
+
+ memory_region_add_subregion_overlap(&s->gpu_bus_mr, BCM2835_VC_PERI_BASE,
+ &s->peri_mr_alias, 1);
+
+ /* RAM is aliased four times (different cache configurations) on the GPU */
+ for (n = 0; n < 4; n++) {
+ memory_region_init_alias(&s->ram_alias[n], OBJECT(s),
+ "bcm2835-gpu-ram-alias[*]", ram, 0, ram_size);
+ memory_region_add_subregion_overlap(&s->gpu_bus_mr, (hwaddr)n << 30,
+ &s->ram_alias[n], 0);
+ }
+
+ /* Interrupt Controller */
+ object_property_set_bool(OBJECT(&s->ic), true, "realized", &err);
+ if (err) {
+ error_propagate(errp, err);
+ return;
+ }
+
+ memory_region_add_subregion(&s->peri_mr, ARMCTRL_IC_OFFSET,
+ sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->ic), 0));
+ sysbus_pass_irq(SYS_BUS_DEVICE(s), SYS_BUS_DEVICE(&s->ic));
+
+ /* UART0 */
+ object_property_set_bool(OBJECT(s->uart0), true, "realized", &err);
+ if (err) {
+ error_propagate(errp, err);
+ return;
+ }
+
+ memory_region_add_subregion(&s->peri_mr, UART0_OFFSET,
+ sysbus_mmio_get_region(s->uart0, 0));
+ sysbus_connect_irq(s->uart0, 0,
+ qdev_get_gpio_in_named(DEVICE(&s->ic), BCM2835_IC_GPU_IRQ,
+ INTERRUPT_UART));
+
+ /* Mailboxes */
+ object_property_set_bool(OBJECT(&s->mboxes), true, "realized", &err);
+ if (err) {
+ error_propagate(errp, err);
+ return;
+ }
+
+ memory_region_add_subregion(&s->peri_mr, ARMCTRL_0_SBM_OFFSET,
+ sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->mboxes), 0));
+ sysbus_connect_irq(SYS_BUS_DEVICE(&s->mboxes), 0,
+ qdev_get_gpio_in_named(DEVICE(&s->ic), BCM2835_IC_ARM_IRQ,
+ INTERRUPT_ARM_MAILBOX));
+
+ /* Property channel */
+ object_property_set_int(OBJECT(&s->property), ram_size, "ram-size", &err);
+ if (err) {
+ error_propagate(errp, err);
+ return;
+ }
+
+ object_property_set_bool(OBJECT(&s->property), true, "realized", &err);
+ if (err) {
+ error_propagate(errp, err);
+ return;
+ }
+
+ memory_region_add_subregion(&s->mbox_mr,
+ MBOX_CHAN_PROPERTY << MBOX_AS_CHAN_SHIFT,
+ sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->property), 0));
+ sysbus_connect_irq(SYS_BUS_DEVICE(&s->property), 0,
+ qdev_get_gpio_in(DEVICE(&s->mboxes), MBOX_CHAN_PROPERTY));
+
+ /* Extended Mass Media Controller */
+ object_property_set_int(OBJECT(&s->sdhci), BCM2835_SDHC_CAPAREG, "capareg",
+ &err);
+ if (err) {
+ error_propagate(errp, err);
+ return;
+ }
+
+ object_property_set_bool(OBJECT(&s->sdhci), true, "realized", &err);
+ if (err) {
+ error_propagate(errp, err);
+ return;
+ }
+
+ memory_region_add_subregion(&s->peri_mr, EMMC_OFFSET,
+ sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->sdhci), 0));
+ sysbus_connect_irq(SYS_BUS_DEVICE(&s->sdhci), 0,
+ qdev_get_gpio_in_named(DEVICE(&s->ic), BCM2835_IC_GPU_IRQ,
+ INTERRUPT_ARASANSDIO));
+}
+
+static void bcm2835_peripherals_class_init(ObjectClass *oc, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(oc);
+
+ dc->realize = bcm2835_peripherals_realize;
+}
+
+static const TypeInfo bcm2835_peripherals_type_info = {
+ .name = TYPE_BCM2835_PERIPHERALS,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(BCM2835PeripheralState),
+ .instance_init = bcm2835_peripherals_init,
+ .class_init = bcm2835_peripherals_class_init,
+};
+
+static void bcm2835_peripherals_register_types(void)
+{
+ type_register_static(&bcm2835_peripherals_type_info);
+}
+
+type_init(bcm2835_peripherals_register_types)
diff --git a/hw/arm/bcm2836.c b/hw/arm/bcm2836.c
new file mode 100644
index 0000000000..69c7438317
--- /dev/null
+++ b/hw/arm/bcm2836.c
@@ -0,0 +1,165 @@
+/*
+ * Raspberry Pi emulation (c) 2012 Gregory Estrade
+ * Upstreaming code cleanup [including bcm2835_*] (c) 2013 Jan Petrous
+ *
+ * Rasperry Pi 2 emulation and refactoring Copyright (c) 2015, Microsoft
+ * Written by Andrew Baumann
+ *
+ * This code is licensed under the GNU GPLv2 and later.
+ */
+
+#include "hw/arm/bcm2836.h"
+#include "hw/arm/raspi_platform.h"
+#include "hw/sysbus.h"
+#include "exec/address-spaces.h"
+
+/* Peripheral base address seen by the CPU */
+#define BCM2836_PERI_BASE 0x3F000000
+
+/* "QA7" (Pi2) interrupt controller and mailboxes etc. */
+#define BCM2836_CONTROL_BASE 0x40000000
+
+static void bcm2836_init(Object *obj)
+{
+ BCM2836State *s = BCM2836(obj);
+ int n;
+
+ for (n = 0; n < BCM2836_NCPUS; n++) {
+ object_initialize(&s->cpus[n], sizeof(s->cpus[n]),
+ "cortex-a15-" TYPE_ARM_CPU);
+ object_property_add_child(obj, "cpu[*]", OBJECT(&s->cpus[n]),
+ &error_abort);
+ }
+
+ object_initialize(&s->control, sizeof(s->control), TYPE_BCM2836_CONTROL);
+ object_property_add_child(obj, "control", OBJECT(&s->control), NULL);
+ qdev_set_parent_bus(DEVICE(&s->control), sysbus_get_default());
+
+ object_initialize(&s->peripherals, sizeof(s->peripherals),
+ TYPE_BCM2835_PERIPHERALS);
+ object_property_add_child(obj, "peripherals", OBJECT(&s->peripherals),
+ &error_abort);
+ qdev_set_parent_bus(DEVICE(&s->peripherals), sysbus_get_default());
+}
+
+static void bcm2836_realize(DeviceState *dev, Error **errp)
+{
+ BCM2836State *s = BCM2836(dev);
+ Object *obj;
+ Error *err = NULL;
+ int n;
+
+ /* common peripherals from bcm2835 */
+
+ obj = object_property_get_link(OBJECT(dev), "ram", &err);
+ if (obj == NULL) {
+ error_setg(errp, "%s: required ram link not found: %s",
+ __func__, error_get_pretty(err));
+ return;
+ }
+
+ object_property_add_const_link(OBJECT(&s->peripherals), "ram", obj, &err);
+ if (err) {
+ error_propagate(errp, err);
+ return;
+ }
+
+ object_property_set_bool(OBJECT(&s->peripherals), true, "realized", &err);
+ if (err) {
+ error_propagate(errp, err);
+ return;
+ }
+
+ sysbus_mmio_map_overlap(SYS_BUS_DEVICE(&s->peripherals), 0,
+ BCM2836_PERI_BASE, 1);
+
+ /* bcm2836 interrupt controller (and mailboxes, etc.) */
+ object_property_set_bool(OBJECT(&s->control), true, "realized", &err);
+ if (err) {
+ error_propagate(errp, err);
+ return;
+ }
+
+ sysbus_mmio_map(SYS_BUS_DEVICE(&s->control), 0, BCM2836_CONTROL_BASE);
+
+ sysbus_connect_irq(SYS_BUS_DEVICE(&s->peripherals), 0,
+ qdev_get_gpio_in_named(DEVICE(&s->control), "gpu-irq", 0));
+ sysbus_connect_irq(SYS_BUS_DEVICE(&s->peripherals), 1,
+ qdev_get_gpio_in_named(DEVICE(&s->control), "gpu-fiq", 0));
+
+ for (n = 0; n < BCM2836_NCPUS; n++) {
+ /* Mirror bcm2836, which has clusterid set to 0xf
+ * TODO: this should be converted to a property of ARM_CPU
+ */
+ s->cpus[n].mp_affinity = 0xF00 | n;
+
+ /* set periphbase/CBAR value for CPU-local registers */
+ object_property_set_int(OBJECT(&s->cpus[n]),
+ BCM2836_PERI_BASE + MCORE_OFFSET,
+ "reset-cbar", &err);
+ if (err) {
+ error_propagate(errp, err);
+ return;
+ }
+
+ /* start powered off if not enabled */
+ object_property_set_bool(OBJECT(&s->cpus[n]), n >= s->enabled_cpus,
+ "start-powered-off", &err);
+ if (err) {
+ error_propagate(errp, err);
+ return;
+ }
+
+ object_property_set_bool(OBJECT(&s->cpus[n]), true, "realized", &err);
+ if (err) {
+ error_propagate(errp, err);
+ return;
+ }
+
+ /* Connect irq/fiq outputs from the interrupt controller. */
+ qdev_connect_gpio_out_named(DEVICE(&s->control), "irq", n,
+ qdev_get_gpio_in(DEVICE(&s->cpus[n]), ARM_CPU_IRQ));
+ qdev_connect_gpio_out_named(DEVICE(&s->control), "fiq", n,
+ qdev_get_gpio_in(DEVICE(&s->cpus[n]), ARM_CPU_FIQ));
+
+ /* Connect timers from the CPU to the interrupt controller */
+ qdev_connect_gpio_out(DEVICE(&s->cpus[n]), GTIMER_PHYS,
+ qdev_get_gpio_in_named(DEVICE(&s->control), "cntpsirq", n));
+ qdev_connect_gpio_out(DEVICE(&s->cpus[n]), GTIMER_VIRT,
+ qdev_get_gpio_in_named(DEVICE(&s->control), "cntvirq", n));
+ }
+}
+
+static Property bcm2836_props[] = {
+ DEFINE_PROP_UINT32("enabled-cpus", BCM2836State, enabled_cpus, BCM2836_NCPUS),
+ DEFINE_PROP_END_OF_LIST()
+};
+
+static void bcm2836_class_init(ObjectClass *oc, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(oc);
+
+ dc->props = bcm2836_props;
+ dc->realize = bcm2836_realize;
+
+ /*
+ * Reason: creates an ARM CPU, thus use after free(), see
+ * arm_cpu_class_init()
+ */
+ dc->cannot_destroy_with_object_finalize_yet = true;
+}
+
+static const TypeInfo bcm2836_type_info = {
+ .name = TYPE_BCM2836,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(BCM2836State),
+ .instance_init = bcm2836_init,
+ .class_init = bcm2836_class_init,
+};
+
+static void bcm2836_register_types(void)
+{
+ type_register_static(&bcm2836_type_info);
+}
+
+type_init(bcm2836_register_types)
diff --git a/hw/arm/boot.c b/hw/arm/boot.c
index 7742dd3cb6..cce8c7cd1c 100644
--- a/hw/arm/boot.c
+++ b/hw/arm/boot.c
@@ -178,6 +178,57 @@ static void default_write_secondary(ARMCPU *cpu,
smpboot, fixupcontext);
}
+void arm_write_secure_board_setup_dummy_smc(ARMCPU *cpu,
+ const struct arm_boot_info *info,
+ hwaddr mvbar_addr)
+{
+ int n;
+ uint32_t mvbar_blob[] = {
+ /* mvbar_addr: secure monitor vectors
+ * Default unimplemented and unused vectors to spin. Makes it
+ * easier to debug (as opposed to the CPU running away).
+ */
+ 0xeafffffe, /* (spin) */
+ 0xeafffffe, /* (spin) */
+ 0xe1b0f00e, /* movs pc, lr ;SMC exception return */
+ 0xeafffffe, /* (spin) */
+ 0xeafffffe, /* (spin) */
+ 0xeafffffe, /* (spin) */
+ 0xeafffffe, /* (spin) */
+ 0xeafffffe, /* (spin) */
+ };
+ uint32_t board_setup_blob[] = {
+ /* board setup addr */
+ 0xe3a00e00 + (mvbar_addr >> 4), /* mov r0, #mvbar_addr */
+ 0xee0c0f30, /* mcr p15, 0, r0, c12, c0, 1 ;set MVBAR */
+ 0xee110f11, /* mrc p15, 0, r0, c1 , c1, 0 ;read SCR */
+ 0xe3800031, /* orr r0, #0x31 ;enable AW, FW, NS */
+ 0xee010f11, /* mcr p15, 0, r0, c1, c1, 0 ;write SCR */
+ 0xe1a0100e, /* mov r1, lr ;save LR across SMC */
+ 0xe1600070, /* smc #0 ;call monitor to flush SCR */
+ 0xe1a0f001, /* mov pc, r1 ;return */
+ };
+
+ /* check that mvbar_addr is correctly aligned and relocatable (using MOV) */
+ assert((mvbar_addr & 0x1f) == 0 && (mvbar_addr >> 4) < 0x100);
+
+ /* check that these blobs don't overlap */
+ assert((mvbar_addr + sizeof(mvbar_blob) <= info->board_setup_addr)
+ || (info->board_setup_addr + sizeof(board_setup_blob) <= mvbar_addr));
+
+ for (n = 0; n < ARRAY_SIZE(mvbar_blob); n++) {
+ mvbar_blob[n] = tswap32(mvbar_blob[n]);
+ }
+ rom_add_blob_fixed("board-setup-mvbar", mvbar_blob, sizeof(mvbar_blob),
+ mvbar_addr);
+
+ for (n = 0; n < ARRAY_SIZE(board_setup_blob); n++) {
+ board_setup_blob[n] = tswap32(board_setup_blob[n]);
+ }
+ rom_add_blob_fixed("board-setup", board_setup_blob,
+ sizeof(board_setup_blob), info->board_setup_addr);
+}
+
static void default_reset_secondary(ARMCPU *cpu,
const struct arm_boot_info *info)
{
@@ -488,7 +539,9 @@ static void do_cpu_reset(void *opaque)
* adjust.
*/
if (env->aarch64) {
+ env->cp15.scr_el3 |= SCR_RW;
if (arm_feature(env, ARM_FEATURE_EL2)) {
+ env->cp15.hcr_el2 |= HCR_RW;
env->pstate = PSTATE_MODE_EL2h;
} else {
env->pstate = PSTATE_MODE_EL1h;
diff --git a/hw/arm/highbank.c b/hw/arm/highbank.c
index 620b52631a..e25cf5e3f3 100644
--- a/hw/arm/highbank.c
+++ b/hw/arm/highbank.c
@@ -35,49 +35,16 @@
#define MPCORE_PERIPHBASE 0xfff10000
#define MVBAR_ADDR 0x200
+#define BOARD_SETUP_ADDR (MVBAR_ADDR + 8 * sizeof(uint32_t))
#define NIRQ_GIC 160
/* Board init. */
-/* MVBAR_ADDR is limited by precision of movw */
-
-QEMU_BUILD_BUG_ON(MVBAR_ADDR >= (1 << 16));
-
-#define ARMV7_IMM16(x) (extract32((x), 0, 12) | \
- extract32((x), 12, 4) << 16)
-
static void hb_write_board_setup(ARMCPU *cpu,
const struct arm_boot_info *info)
{
- int n;
- uint32_t board_setup_blob[] = {
- /* MVBAR_ADDR */
- /* Default unimplemented and unused vectors to spin. Makes it
- * easier to debug (as opposed to the CPU running away).
- */
- 0xeafffffe, /* notused1: b notused */
- 0xeafffffe, /* notused2: b notused */
- 0xe1b0f00e, /* smc: movs pc, lr - exception return */
- 0xeafffffe, /* prefetch_abort: b prefetch_abort */
- 0xeafffffe, /* data_abort: b data_abort */
- 0xeafffffe, /* notused3: b notused3 */
- 0xeafffffe, /* irq: b irq */
- 0xeafffffe, /* fiq: b fiq */
-#define BOARD_SETUP_ADDR (MVBAR_ADDR + 8 * sizeof(uint32_t))
- 0xe3000000 + ARMV7_IMM16(MVBAR_ADDR), /* movw r0, MVBAR_ADDR */
- 0xee0c0f30, /* mcr p15, 0, r0, c12, c0, 1 - set MVBAR */
- 0xee110f11, /* mrc p15, 0, r0, c1 , c1, 0 - get SCR */
- 0xe3810001, /* orr r0, #1 - set NS */
- 0xee010f11, /* mcr p15, 0, r0, c1 , c1, 0 - set SCR */
- 0xe1600070, /* smc - go to monitor mode to flush NS change */
- 0xe12fff1e, /* bx lr - return to caller */
- };
- for (n = 0; n < ARRAY_SIZE(board_setup_blob); n++) {
- board_setup_blob[n] = tswap32(board_setup_blob[n]);
- }
- rom_add_blob_fixed("board-setup", board_setup_blob,
- sizeof(board_setup_blob), MVBAR_ADDR);
+ arm_write_secure_board_setup_dummy_smc(cpu, info, MVBAR_ADDR);
}
static void hb_write_secondary(ARMCPU *cpu, const struct arm_boot_info *info)
diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c
new file mode 100644
index 0000000000..0c9427c40e
--- /dev/null
+++ b/hw/arm/raspi.c
@@ -0,0 +1,152 @@
+/*
+ * Raspberry Pi emulation (c) 2012 Gregory Estrade
+ * Upstreaming code cleanup [including bcm2835_*] (c) 2013 Jan Petrous
+ *
+ * Rasperry Pi 2 emulation Copyright (c) 2015, Microsoft
+ * Written by Andrew Baumann
+ *
+ * This code is licensed under the GNU GPLv2 and later.
+ */
+
+#include "hw/arm/bcm2836.h"
+#include "qemu/error-report.h"
+#include "hw/boards.h"
+#include "hw/loader.h"
+#include "hw/arm/arm.h"
+#include "sysemu/sysemu.h"
+
+#define SMPBOOT_ADDR 0x300 /* this should leave enough space for ATAGS */
+#define MVBAR_ADDR 0x400 /* secure vectors */
+#define BOARDSETUP_ADDR (MVBAR_ADDR + 0x20) /* board setup code */
+#define FIRMWARE_ADDR 0x8000 /* Pi loads kernel.img here by default */
+
+/* Table of Linux board IDs for different Pi versions */
+static const int raspi_boardid[] = {[1] = 0xc42, [2] = 0xc43};
+
+typedef struct RasPiState {
+ BCM2836State soc;
+ MemoryRegion ram;
+} RasPiState;
+
+static void write_smpboot(ARMCPU *cpu, const struct arm_boot_info *info)
+{
+ static const uint32_t smpboot[] = {
+ 0xe1a0e00f, /* mov lr, pc */
+ 0xe3a0fe00 + (BOARDSETUP_ADDR >> 4), /* mov pc, BOARDSETUP_ADDR */
+ 0xee100fb0, /* mrc p15, 0, r0, c0, c0, 5;get core ID */
+ 0xe7e10050, /* ubfx r0, r0, #0, #2 ;extract LSB */
+ 0xe59f5014, /* ldr r5, =0x400000CC ;load mbox base */
+ 0xe320f001, /* 1: yield */
+ 0xe7953200, /* ldr r3, [r5, r0, lsl #4] ;read mbox for our core*/
+ 0xe3530000, /* cmp r3, #0 ;spin while zero */
+ 0x0afffffb, /* beq 1b */
+ 0xe7853200, /* str r3, [r5, r0, lsl #4] ;clear mbox */
+ 0xe12fff13, /* bx r3 ;jump to target */
+ 0x400000cc, /* (constant: mailbox 3 read/clear base) */
+ };
+
+ /* check that we don't overrun board setup vectors */
+ QEMU_BUILD_BUG_ON(SMPBOOT_ADDR + sizeof(smpboot) > MVBAR_ADDR);
+ /* check that board setup address is correctly relocated */
+ QEMU_BUILD_BUG_ON((BOARDSETUP_ADDR & 0xf) != 0
+ || (BOARDSETUP_ADDR >> 4) >= 0x100);
+
+ rom_add_blob_fixed("raspi_smpboot", smpboot, sizeof(smpboot),
+ info->smp_loader_start);
+}
+
+static void write_board_setup(ARMCPU *cpu, const struct arm_boot_info *info)
+{
+ arm_write_secure_board_setup_dummy_smc(cpu, info, MVBAR_ADDR);
+}
+
+static void reset_secondary(ARMCPU *cpu, const struct arm_boot_info *info)
+{
+ CPUState *cs = CPU(cpu);
+ cpu_set_pc(cs, info->smp_loader_start);
+}
+
+static void setup_boot(MachineState *machine, int version, size_t ram_size)
+{
+ static struct arm_boot_info binfo;
+ int r;
+
+ binfo.board_id = raspi_boardid[version];
+ binfo.ram_size = ram_size;
+ binfo.nb_cpus = smp_cpus;
+ binfo.board_setup_addr = BOARDSETUP_ADDR;
+ binfo.write_board_setup = write_board_setup;
+ binfo.secure_board_setup = true;
+ binfo.secure_boot = true;
+
+ /* Pi2 requires SMP setup */
+ if (version == 2) {
+ binfo.smp_loader_start = SMPBOOT_ADDR;
+ binfo.write_secondary_boot = write_smpboot;
+ binfo.secondary_cpu_reset_hook = reset_secondary;
+ }
+
+ /* If the user specified a "firmware" image (e.g. UEFI), we bypass
+ * the normal Linux boot process
+ */
+ if (machine->firmware) {
+ /* load the firmware image (typically kernel.img) */
+ r = load_image_targphys(machine->firmware, FIRMWARE_ADDR,
+ ram_size - FIRMWARE_ADDR);
+ if (r < 0) {
+ error_report("Failed to load firmware from %s", machine->firmware);
+ exit(1);
+ }
+
+ binfo.entry = FIRMWARE_ADDR;
+ binfo.firmware_loaded = true;
+ } else {
+ binfo.kernel_filename = machine->kernel_filename;
+ binfo.kernel_cmdline = machine->kernel_cmdline;
+ binfo.initrd_filename = machine->initrd_filename;
+ }
+
+ arm_load_kernel(ARM_CPU(first_cpu), &binfo);
+}
+
+static void raspi2_init(MachineState *machine)
+{
+ RasPiState *s = g_new0(RasPiState, 1);
+
+ object_initialize(&s->soc, sizeof(s->soc), TYPE_BCM2836);
+ object_property_add_child(OBJECT(machine), "soc", OBJECT(&s->soc),
+ &error_abort);
+
+ /* Allocate and map RAM */
+ memory_region_allocate_system_memory(&s->ram, OBJECT(machine), "ram",
+ machine->ram_size);
+ /* FIXME: Remove when we have custom CPU address space support */
+ memory_region_add_subregion_overlap(get_system_memory(), 0, &s->ram, 0);
+
+ /* Setup the SOC */
+ object_property_add_const_link(OBJECT(&s->soc), "ram", OBJECT(&s->ram),
+ &error_abort);
+ object_property_set_int(OBJECT(&s->soc), smp_cpus, "enabled-cpus",
+ &error_abort);
+ object_property_set_bool(OBJECT(&s->soc), true, "realized", &error_abort);
+
+ setup_boot(machine, 2, machine->ram_size);
+}
+
+static void raspi2_machine_init(MachineClass *mc)
+{
+ mc->desc = "Raspberry Pi 2";
+ mc->init = raspi2_init;
+ mc->block_default_type = IF_SD;
+ mc->no_parallel = 1;
+ mc->no_floppy = 1;
+ mc->no_cdrom = 1;
+ mc->max_cpus = BCM2836_NCPUS;
+
+ /* XXX: Temporary restriction in RAM size from the full 1GB. Since
+ * we do not yet support the framebuffer / GPU, we need to limit
+ * RAM usable by the OS to sit below the peripherals.
+ */
+ mc->default_ram_size = 0x3F000000; /* BCM2836_PERI_BASE */
+};
+DEFINE_MACHINE("raspi2", raspi2_machine_init)
diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index 87fbe7c97d..26146919cd 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -46,20 +46,6 @@
#define ARM_SPI_BASE 32
#define ACPI_POWER_BUTTON_DEVICE "PWRB"
-typedef struct VirtAcpiCpuInfo {
- DECLARE_BITMAP(found_cpus, VIRT_ACPI_CPU_ID_LIMIT);
-} VirtAcpiCpuInfo;
-
-static void virt_acpi_get_cpu_info(VirtAcpiCpuInfo *cpuinfo)
-{
- CPUState *cpu;
-
- memset(cpuinfo->found_cpus, 0, sizeof cpuinfo->found_cpus);
- CPU_FOREACH(cpu) {
- set_bit(cpu->cpu_index, cpuinfo->found_cpus);
- }
-}
-
static void acpi_dsdt_add_cpus(Aml *scope, int smp_cpus)
{
uint16_t i;
@@ -443,7 +429,7 @@ build_gtdt(GArray *table_data, GArray *linker)
gtdt->secure_el1_flags = ACPI_EDGE_SENSITIVE;
gtdt->non_secure_el1_interrupt = ARCH_TIMER_NS_EL1_IRQ + 16;
- gtdt->non_secure_el1_flags = ACPI_EDGE_SENSITIVE;
+ gtdt->non_secure_el1_flags = ACPI_EDGE_SENSITIVE | ACPI_GTDT_ALWAYS_ON;
gtdt->virtual_timer_interrupt = ARCH_TIMER_VIRT_IRQ + 16;
gtdt->virtual_timer_flags = ACPI_EDGE_SENSITIVE;
@@ -458,8 +444,7 @@ build_gtdt(GArray *table_data, GArray *linker)
/* MADT */
static void
-build_madt(GArray *table_data, GArray *linker, VirtGuestInfo *guest_info,
- VirtAcpiCpuInfo *cpuinfo)
+build_madt(GArray *table_data, GArray *linker, VirtGuestInfo *guest_info)
{
int madt_start = table_data->len;
const MemMapEntry *memmap = guest_info->memmap;
@@ -489,9 +474,7 @@ build_madt(GArray *table_data, GArray *linker, VirtGuestInfo *guest_info,
gicc->cpu_interface_number = i;
gicc->arm_mpidr = armcpu->mp_affinity;
gicc->uid = i;
- if (test_bit(i, cpuinfo->found_cpus)) {
- gicc->flags = cpu_to_le32(ACPI_GICC_ENABLED);
- }
+ gicc->flags = cpu_to_le32(ACPI_GICC_ENABLED);
}
if (guest_info->gic_version == 3) {
@@ -599,11 +582,8 @@ void virt_acpi_build(VirtGuestInfo *guest_info, AcpiBuildTables *tables)
{
GArray *table_offsets;
unsigned dsdt, rsdt;
- VirtAcpiCpuInfo cpuinfo;
GArray *tables_blob = tables->table_data;
- virt_acpi_get_cpu_info(&cpuinfo);
-
table_offsets = g_array_new(false, true /* clear */,
sizeof(uint32_t));
@@ -630,7 +610,7 @@ void virt_acpi_build(VirtGuestInfo *guest_info, AcpiBuildTables *tables)
build_fadt(tables_blob, tables->linker, dsdt);
acpi_add_table(table_offsets, tables_blob);
- build_madt(tables_blob, tables->linker, guest_info, &cpuinfo);
+ build_madt(tables_blob, tables->linker, guest_info);
acpi_add_table(table_offsets, tables_blob);
build_gtdt(tables_blob, tables->linker);
diff --git a/hw/audio/cs4231a.c b/hw/audio/cs4231a.c
index b0c7c93e21..3ecd0582bf 100644
--- a/hw/audio/cs4231a.c
+++ b/hw/audio/cs4231a.c
@@ -70,6 +70,7 @@ typedef struct CSState {
uint32_t irq;
uint32_t dma;
uint32_t port;
+ IsaDma *isa_dma;
int shift;
int dma_running;
int audio_free;
@@ -265,6 +266,7 @@ static void cs_reset_voices (CSState *s, uint32_t val)
{
int xtal;
struct audsettings as;
+ IsaDmaClass *k = ISADMA_GET_CLASS(s->isa_dma);
#ifdef DEBUG_XLAW
if (val == 0 || val == 32)
@@ -328,7 +330,7 @@ static void cs_reset_voices (CSState *s, uint32_t val)
if (s->dregs[Interface_Configuration] & PEN) {
if (!s->dma_running) {
- DMA_hold_DREQ (s->dma);
+ k->hold_DREQ(s->isa_dma, s->dma);
AUD_set_active_out (s->voice, 1);
s->transferred = 0;
}
@@ -336,7 +338,7 @@ static void cs_reset_voices (CSState *s, uint32_t val)
}
else {
if (s->dma_running) {
- DMA_release_DREQ (s->dma);
+ k->release_DREQ(s->isa_dma, s->dma);
AUD_set_active_out (s->voice, 0);
}
s->dma_running = 0;
@@ -345,7 +347,7 @@ static void cs_reset_voices (CSState *s, uint32_t val)
error:
if (s->dma_running) {
- DMA_release_DREQ (s->dma);
+ k->release_DREQ(s->isa_dma, s->dma);
AUD_set_active_out (s->voice, 0);
}
}
@@ -453,7 +455,8 @@ static void cs_write (void *opaque, hwaddr addr,
}
else {
if (s->dma_running) {
- DMA_release_DREQ (s->dma);
+ IsaDmaClass *k = ISADMA_GET_CLASS(s->isa_dma);
+ k->release_DREQ(s->isa_dma, s->dma);
AUD_set_active_out (s->voice, 0);
s->dma_running = 0;
}
@@ -518,6 +521,7 @@ static int cs_write_audio (CSState *s, int nchan, int dma_pos,
{
int temp, net;
uint8_t tmpbuf[4096];
+ IsaDmaClass *k = ISADMA_GET_CLASS(s->isa_dma);
temp = len;
net = 0;
@@ -532,7 +536,7 @@ static int cs_write_audio (CSState *s, int nchan, int dma_pos,
to_copy = sizeof (tmpbuf);
}
- copied = DMA_read_memory (nchan, tmpbuf, dma_pos, to_copy);
+ copied = k->read_memory(s->isa_dma, nchan, tmpbuf, dma_pos, to_copy);
if (s->tab) {
int i;
int16_t linbuf[4096];
@@ -600,7 +604,8 @@ static int cs4231a_pre_load (void *opaque)
CSState *s = opaque;
if (s->dma_running) {
- DMA_release_DREQ (s->dma);
+ IsaDmaClass *k = ISADMA_GET_CLASS(s->isa_dma);
+ k->release_DREQ(s->isa_dma, s->dma);
AUD_set_active_out (s->voice, 0);
}
s->dma_running = 0;
@@ -656,13 +661,15 @@ static void cs4231a_realizefn (DeviceState *dev, Error **errp)
{
ISADevice *d = ISA_DEVICE (dev);
CSState *s = CS4231A (dev);
+ IsaDmaClass *k;
isa_init_irq (d, &s->pic, s->irq);
+ s->isa_dma = isa_get_dma(isa_bus_from_device(d), s->dma);
+ k = ISADMA_GET_CLASS(s->isa_dma);
+ k->register_channel(s->isa_dma, s->dma, cs_dma_read, s);
isa_register_ioport (d, &s->ioports, s->port);
- DMA_register_channel (s->dma, cs_dma_read, s);
-
AUD_register_card ("cs4231a", &s->card);
}
diff --git a/hw/audio/gus.c b/hw/audio/gus.c
index 47c0fcfb4c..b416a54909 100644
--- a/hw/audio/gus.c
+++ b/hw/audio/gus.c
@@ -58,6 +58,7 @@ typedef struct GUSState {
SWVoiceOut *voice;
int64_t last_ticks;
qemu_irq pic;
+ IsaDma *isa_dma;
} GUSState;
static uint32_t gus_readb(void *opaque, uint32_t nport)
@@ -168,34 +169,36 @@ void GUS_irqclear (GUSEmuState *emu, int hwirq)
#endif
}
-void GUS_dmarequest (GUSEmuState *der)
+void GUS_dmarequest (GUSEmuState *emu)
{
- /* GUSState *s = (GUSState *) der; */
+ GUSState *s = emu->opaque;
+ IsaDmaClass *k = ISADMA_GET_CLASS(s->isa_dma);
ldebug ("dma request %d\n", der->gusdma);
- DMA_hold_DREQ (der->gusdma);
+ k->hold_DREQ(s->isa_dma, s->emu.gusdma);
}
static int GUS_read_DMA (void *opaque, int nchan, int dma_pos, int dma_len)
{
GUSState *s = opaque;
+ IsaDmaClass *k = ISADMA_GET_CLASS(s->isa_dma);
char tmpbuf[4096];
int pos = dma_pos, mode, left = dma_len - dma_pos;
ldebug ("read DMA %#x %d\n", dma_pos, dma_len);
- mode = DMA_get_channel_mode (s->emu.gusdma);
+ mode = k->has_autoinitialization(s->isa_dma, s->emu.gusdma);
while (left) {
int to_copy = audio_MIN ((size_t) left, sizeof (tmpbuf));
int copied;
ldebug ("left=%d to_copy=%d pos=%d\n", left, to_copy, pos);
- copied = DMA_read_memory (nchan, tmpbuf, pos, to_copy);
+ copied = k->read_memory(s->isa_dma, nchan, tmpbuf, pos, to_copy);
gus_dma_transferdata (&s->emu, tmpbuf, copied, left == copied);
left -= copied;
pos += copied;
}
if (((mode >> 4) & 1) == 0) {
- DMA_release_DREQ (s->emu.gusdma);
+ k->release_DREQ(s->isa_dma, s->emu.gusdma);
}
return dma_len;
}
@@ -232,6 +235,7 @@ static void gus_realizefn (DeviceState *dev, Error **errp)
{
ISADevice *d = ISA_DEVICE(dev);
GUSState *s = GUS (dev);
+ IsaDmaClass *k;
struct audsettings as;
AUD_register_card ("gus", &s->card);
@@ -264,7 +268,9 @@ static void gus_realizefn (DeviceState *dev, Error **errp)
isa_register_portio_list (d, (s->port + 0x100) & 0xf00,
gus_portio_list2, s, "gus");
- DMA_register_channel (s->emu.gusdma, GUS_read_DMA, s);
+ s->isa_dma = isa_get_dma(isa_bus_from_device(d), s->emu.gusdma);
+ k = ISADMA_GET_CLASS(s->isa_dma);
+ k->register_channel(s->isa_dma, s->emu.gusdma, GUS_read_DMA, s);
s->emu.himemaddr = s->himem;
s->emu.gusdatapos = s->emu.himemaddr + 1024 * 1024 + 32;
s->emu.opaque = s;
diff --git a/hw/audio/sb16.c b/hw/audio/sb16.c
index 3b2dcfdad9..6f8816cf64 100644
--- a/hw/audio/sb16.c
+++ b/hw/audio/sb16.c
@@ -56,6 +56,8 @@ typedef struct SB16State {
uint32_t hdma;
uint32_t port;
uint32_t ver;
+ IsaDma *isa_dma;
+ IsaDma *isa_hdma;
int in_index;
int out_data_len;
@@ -166,16 +168,18 @@ static void speaker (SB16State *s, int on)
static void control (SB16State *s, int hold)
{
int dma = s->use_hdma ? s->hdma : s->dma;
+ IsaDma *isa_dma = s->use_hdma ? s->isa_hdma : s->isa_dma;
+ IsaDmaClass *k = ISADMA_GET_CLASS(isa_dma);
s->dma_running = hold;
ldebug ("hold %d high %d dma %d\n", hold, s->use_hdma, dma);
if (hold) {
- DMA_hold_DREQ (dma);
+ k->hold_DREQ(isa_dma, dma);
AUD_set_active_out (s->voice, 1);
}
else {
- DMA_release_DREQ (dma);
+ k->release_DREQ(isa_dma, dma);
AUD_set_active_out (s->voice, 0);
}
}
@@ -1137,6 +1141,8 @@ static uint32_t mixer_read(void *opaque, uint32_t nport)
static int write_audio (SB16State *s, int nchan, int dma_pos,
int dma_len, int len)
{
+ IsaDma *isa_dma = nchan == s->dma ? s->isa_dma : s->isa_hdma;
+ IsaDmaClass *k = ISADMA_GET_CLASS(isa_dma);
int temp, net;
uint8_t tmpbuf[4096];
@@ -1153,7 +1159,7 @@ static int write_audio (SB16State *s, int nchan, int dma_pos,
to_copy = sizeof (tmpbuf);
}
- copied = DMA_read_memory (nchan, tmpbuf, dma_pos, to_copy);
+ copied = k->read_memory(isa_dma, nchan, tmpbuf, dma_pos, to_copy);
copied = AUD_write (s->voice, tmpbuf, copied);
temp -= copied;
@@ -1355,6 +1361,7 @@ static void sb16_realizefn (DeviceState *dev, Error **errp)
{
ISADevice *isadev = ISA_DEVICE (dev);
SB16State *s = SB16 (dev);
+ IsaDmaClass *k;
isa_init_irq (isadev, &s->pic, s->irq);
@@ -1373,8 +1380,14 @@ static void sb16_realizefn (DeviceState *dev, Error **errp)
isa_register_portio_list (isadev, s->port, sb16_ioport_list, s, "sb16");
- DMA_register_channel (s->hdma, SB_read_DMA, s);
- DMA_register_channel (s->dma, SB_read_DMA, s);
+ s->isa_hdma = isa_get_dma(isa_bus_from_device(isadev), s->hdma);
+ k = ISADMA_GET_CLASS(s->isa_hdma);
+ k->register_channel(s->isa_hdma, s->hdma, SB_read_DMA, s);
+
+ s->isa_dma = isa_get_dma(isa_bus_from_device(isadev), s->dma);
+ k = ISADMA_GET_CLASS(s->isa_dma);
+ k->register_channel(s->isa_dma, s->dma, SB_read_DMA, s);
+
s->can_write = 1;
AUD_register_card ("sb16", &s->card);
diff --git a/hw/block/fdc.c b/hw/block/fdc.c
index 818e8a4072..a6f22ef200 100644
--- a/hw/block/fdc.c
+++ b/hw/block/fdc.c
@@ -179,6 +179,21 @@ typedef struct FDrive {
static FloppyDriveType get_fallback_drive_type(FDrive *drv);
+/* Hack: FD_SEEK is expected to work on empty drives. However, QEMU
+ * currently goes through some pains to keep seeks within the bounds
+ * established by last_sect and max_track. Correcting this is difficult,
+ * as refactoring FDC code tends to expose nasty bugs in the Linux kernel.
+ *
+ * For now: allow empty drives to have large bounds so we can seek around,
+ * with the understanding that when a diskette is inserted, the bounds will
+ * properly tighten to match the geometry of that inserted medium.
+ */
+static void fd_empty_seek_hack(FDrive *drv)
+{
+ drv->last_sect = 0xFF;
+ drv->max_track = 0xFF;
+}
+
static void fd_init(FDrive *drv)
{
/* Drive */
@@ -394,6 +409,7 @@ static void fd_revalidate(FDrive *drv)
if (!blk_is_inserted(drv->blk)) {
FLOPPY_DPRINTF("No disk in drive\n");
drv->disk = FLOPPY_DRIVE_TYPE_NONE;
+ fd_empty_seek_hack(drv);
} else if (!drv->media_validated) {
rc = pick_geometry(drv);
if (rc) {
@@ -628,6 +644,7 @@ struct FDCtrl {
QEMUTimer *result_timer;
int dma_chann;
uint8_t phase;
+ IsaDma *dma;
/* Controller's identification */
uint8_t version;
/* HW */
@@ -1413,7 +1430,8 @@ static void fdctrl_stop_transfer(FDCtrl *fdctrl, uint8_t status0,
fdctrl->fifo[6] = FD_SECTOR_SC;
fdctrl->data_dir = FD_DIR_READ;
if (!(fdctrl->msr & FD_MSR_NONDMA)) {
- DMA_release_DREQ(fdctrl->dma_chann);
+ IsaDmaClass *k = ISADMA_GET_CLASS(fdctrl->dma);
+ k->release_DREQ(fdctrl->dma, fdctrl->dma_chann);
}
fdctrl->msr |= FD_MSR_RQM | FD_MSR_DIO;
fdctrl->msr &= ~FD_MSR_NONDMA;
@@ -1499,27 +1517,43 @@ static void fdctrl_start_transfer(FDCtrl *fdctrl, int direction)
}
fdctrl->eot = fdctrl->fifo[6];
if (fdctrl->dor & FD_DOR_DMAEN) {
- int dma_mode;
+ IsaDmaTransferMode dma_mode;
+ IsaDmaClass *k = ISADMA_GET_CLASS(fdctrl->dma);
+ bool dma_mode_ok;
/* DMA transfer are enabled. Check if DMA channel is well programmed */
- dma_mode = DMA_get_channel_mode(fdctrl->dma_chann);
- dma_mode = (dma_mode >> 2) & 3;
+ dma_mode = k->get_transfer_mode(fdctrl->dma, fdctrl->dma_chann);
FLOPPY_DPRINTF("dma_mode=%d direction=%d (%d - %d)\n",
dma_mode, direction,
(128 << fdctrl->fifo[5]) *
(cur_drv->last_sect - ks + 1), fdctrl->data_len);
- if (((direction == FD_DIR_SCANE || direction == FD_DIR_SCANL ||
- direction == FD_DIR_SCANH) && dma_mode == 0) ||
- (direction == FD_DIR_WRITE && dma_mode == 2) ||
- (direction == FD_DIR_READ && dma_mode == 1) ||
- (direction == FD_DIR_VERIFY)) {
+ switch (direction) {
+ case FD_DIR_SCANE:
+ case FD_DIR_SCANL:
+ case FD_DIR_SCANH:
+ dma_mode_ok = (dma_mode == ISADMA_TRANSFER_VERIFY);
+ break;
+ case FD_DIR_WRITE:
+ dma_mode_ok = (dma_mode == ISADMA_TRANSFER_WRITE);
+ break;
+ case FD_DIR_READ:
+ dma_mode_ok = (dma_mode == ISADMA_TRANSFER_READ);
+ break;
+ case FD_DIR_VERIFY:
+ dma_mode_ok = true;
+ break;
+ default:
+ dma_mode_ok = false;
+ break;
+ }
+ if (dma_mode_ok) {
/* No access is allowed until DMA transfer has completed */
fdctrl->msr &= ~FD_MSR_RQM;
if (direction != FD_DIR_VERIFY) {
/* Now, we just have to wait for the DMA controller to
* recall us...
*/
- DMA_hold_DREQ(fdctrl->dma_chann);
- DMA_schedule();
+ k->hold_DREQ(fdctrl->dma, fdctrl->dma_chann);
+ k->schedule(fdctrl->dma);
} else {
/* Start transfer */
fdctrl_transfer_handler(fdctrl, fdctrl->dma_chann, 0,
@@ -1558,12 +1592,14 @@ static int fdctrl_transfer_handler (void *opaque, int nchan,
FDrive *cur_drv;
int len, start_pos, rel_pos;
uint8_t status0 = 0x00, status1 = 0x00, status2 = 0x00;
+ IsaDmaClass *k;
fdctrl = opaque;
if (fdctrl->msr & FD_MSR_RQM) {
FLOPPY_DPRINTF("Not in DMA transfer mode !\n");
return 0;
}
+ k = ISADMA_GET_CLASS(fdctrl->dma);
cur_drv = get_cur_drv(fdctrl);
if (fdctrl->data_dir == FD_DIR_SCANE || fdctrl->data_dir == FD_DIR_SCANL ||
fdctrl->data_dir == FD_DIR_SCANH)
@@ -1602,8 +1638,8 @@ static int fdctrl_transfer_handler (void *opaque, int nchan,
switch (fdctrl->data_dir) {
case FD_DIR_READ:
/* READ commands */
- DMA_write_memory (nchan, fdctrl->fifo + rel_pos,
- fdctrl->data_pos, len);
+ k->write_memory(fdctrl->dma, nchan, fdctrl->fifo + rel_pos,
+ fdctrl->data_pos, len);
break;
case FD_DIR_WRITE:
/* WRITE commands */
@@ -1617,8 +1653,8 @@ static int fdctrl_transfer_handler (void *opaque, int nchan,
goto transfer_error;
}
- DMA_read_memory (nchan, fdctrl->fifo + rel_pos,
- fdctrl->data_pos, len);
+ k->read_memory(fdctrl->dma, nchan, fdctrl->fifo + rel_pos,
+ fdctrl->data_pos, len);
if (blk_write(cur_drv->blk, fd_sector(cur_drv),
fdctrl->fifo, 1) < 0) {
FLOPPY_DPRINTF("error writing sector %d\n",
@@ -1635,7 +1671,8 @@ static int fdctrl_transfer_handler (void *opaque, int nchan,
{
uint8_t tmpbuf[FD_SECTOR_LEN];
int ret;
- DMA_read_memory (nchan, tmpbuf, fdctrl->data_pos, len);
+ k->read_memory(fdctrl->dma, nchan, tmpbuf, fdctrl->data_pos,
+ len);
ret = memcmp(tmpbuf, fdctrl->fifo + rel_pos, len);
if (ret == 0) {
status2 = FD_SR2_SEH;
@@ -2425,7 +2462,11 @@ static void fdctrl_realize_common(FDCtrl *fdctrl, Error **errp)
fdctrl->num_floppies = MAX_FD;
if (fdctrl->dma_chann != -1) {
- DMA_register_channel(fdctrl->dma_chann, &fdctrl_transfer_handler, fdctrl);
+ IsaDmaClass *k;
+ assert(fdctrl->dma);
+ k = ISADMA_GET_CLASS(fdctrl->dma);
+ k->register_channel(fdctrl->dma, fdctrl->dma_chann,
+ &fdctrl_transfer_handler, fdctrl);
}
fdctrl_connect_drives(fdctrl, errp);
}
@@ -2448,6 +2489,10 @@ static void isabus_fdc_realize(DeviceState *dev, Error **errp)
isa_init_irq(isadev, &fdctrl->irq, isa->irq);
fdctrl->dma_chann = isa->dma;
+ if (fdctrl->dma_chann != -1) {
+ fdctrl->dma = isa_get_dma(isa_bus_from_device(isadev), isa->dma);
+ assert(fdctrl->dma);
+ }
qdev_set_legacy_instance_id(dev, isa->iobase, 2);
fdctrl_realize_common(fdctrl, &err);
@@ -2476,6 +2521,8 @@ static void sun4m_fdc_initfn(Object *obj)
FDCtrlSysBus *sys = SYSBUS_FDC(obj);
FDCtrl *fdctrl = &sys->state;
+ fdctrl->dma_chann = -1;
+
memory_region_init_io(&fdctrl->iomem, obj, &fdctrl_mem_strict_ops,
fdctrl, "fdctrl", 0x08);
sysbus_init_mmio(sbd, &fdctrl->iomem);
diff --git a/hw/dma/i82374.c b/hw/dma/i82374.c
index 869721d848..6c0f975df0 100644
--- a/hw/dma/i82374.c
+++ b/hw/dma/i82374.c
@@ -25,6 +25,9 @@
#include "qemu/osdep.h"
#include "hw/isa/isa.h"
+#define TYPE_I82374 "i82374"
+#define I82374(obj) OBJECT_CHECK(I82374State, (obj), TYPE_I82374)
+
//#define DEBUG_I82374
#ifdef DEBUG_I82374
@@ -38,6 +41,9 @@ do {} while (0)
do { fprintf(stderr, "i82374 ERROR: " fmt , ## __VA_ARGS__); } while (0)
typedef struct I82374State {
+ ISADevice parent_obj;
+
+ uint32_t iobase;
uint8_t commands[8];
PortioList port_list;
} I82374State;
@@ -99,32 +105,6 @@ static uint32_t i82374_read_descriptor(void *opaque, uint32_t nport)
return val;
}
-static void i82374_realize(I82374State *s, Error **errp)
-{
- DMA_init(1);
- memset(s->commands, 0, sizeof(s->commands));
-}
-
-#define TYPE_I82374 "i82374"
-#define I82374(obj) OBJECT_CHECK(ISAi82374State, (obj), TYPE_I82374)
-
-typedef struct ISAi82374State {
- ISADevice parent_obj;
-
- uint32_t iobase;
- I82374State state;
-} ISAi82374State;
-
-static const VMStateDescription vmstate_isa_i82374 = {
- .name = "isa-i82374",
- .version_id = 0,
- .minimum_version_id = 0,
- .fields = (VMStateField[]) {
- VMSTATE_STRUCT(state, ISAi82374State, 0, vmstate_i82374, I82374State),
- VMSTATE_END_OF_LIST()
- },
-};
-
static const MemoryRegionPortio i82374_portio_list[] = {
{ 0x0A, 1, 1, .read = i82374_read_isr, },
{ 0x10, 8, 1, .write = i82374_write_command, },
@@ -134,21 +114,21 @@ static const MemoryRegionPortio i82374_portio_list[] = {
PORTIO_END_OF_LIST(),
};
-static void i82374_isa_realize(DeviceState *dev, Error **errp)
+static void i82374_realize(DeviceState *dev, Error **errp)
{
- ISAi82374State *isa = I82374(dev);
- I82374State *s = &isa->state;
+ I82374State *s = I82374(dev);
- portio_list_init(&s->port_list, OBJECT(isa), i82374_portio_list, s,
+ portio_list_init(&s->port_list, OBJECT(s), i82374_portio_list, s,
"i82374");
- portio_list_add(&s->port_list, isa_address_space_io(&isa->parent_obj),
- isa->iobase);
+ portio_list_add(&s->port_list, isa_address_space_io(&s->parent_obj),
+ s->iobase);
- i82374_realize(s, errp);
+ DMA_init(isa_bus_from_device(ISA_DEVICE(dev)), 1);
+ memset(s->commands, 0, sizeof(s->commands));
}
static Property i82374_properties[] = {
- DEFINE_PROP_UINT32("iobase", ISAi82374State, iobase, 0x400),
+ DEFINE_PROP_UINT32("iobase", I82374State, iobase, 0x400),
DEFINE_PROP_END_OF_LIST()
};
@@ -156,21 +136,21 @@ static void i82374_class_init(ObjectClass *klass, void *data)
{
DeviceClass *dc = DEVICE_CLASS(klass);
- dc->realize = i82374_isa_realize;
- dc->vmsd = &vmstate_isa_i82374;
+ dc->realize = i82374_realize;
+ dc->vmsd = &vmstate_i82374;
dc->props = i82374_properties;
}
-static const TypeInfo i82374_isa_info = {
+static const TypeInfo i82374_info = {
.name = TYPE_I82374,
.parent = TYPE_ISA_DEVICE,
- .instance_size = sizeof(ISAi82374State),
+ .instance_size = sizeof(I82374State),
.class_init = i82374_class_init,
};
static void i82374_register_types(void)
{
- type_register_static(&i82374_isa_info);
+ type_register_static(&i82374_info);
}
type_init(i82374_register_types)
diff --git a/hw/dma/i8257.c b/hw/dma/i8257.c
index 1ff6c4da71..5a52707ae2 100644
--- a/hw/dma/i8257.c
+++ b/hw/dma/i8257.c
@@ -24,9 +24,13 @@
#include "qemu/osdep.h"
#include "hw/hw.h"
#include "hw/isa/isa.h"
+#include "hw/isa/i8257.h"
#include "qemu/main-loop.h"
#include "trace.h"
+#define I8257(obj) \
+ OBJECT_CHECK(I8257State, (obj), TYPE_I8257)
+
/* #define DEBUG_DMA */
#define dolog(...) fprintf (stderr, "dma: " __VA_ARGS__)
@@ -38,32 +42,9 @@
#define ldebug(...)
#endif
-struct dma_regs {
- int now[2];
- uint16_t base[2];
- uint8_t mode;
- uint8_t page;
- uint8_t pageh;
- uint8_t dack;
- uint8_t eop;
- DMA_transfer_handler transfer_handler;
- void *opaque;
-};
-
#define ADDR 0
#define COUNT 1
-static struct dma_cont {
- uint8_t status;
- uint8_t command;
- uint8_t mask;
- uint8_t flip_flop;
- int dshift;
- struct dma_regs regs[4];
- MemoryRegion channel_io;
- MemoryRegion cont_io;
-} dma_controllers[2];
-
enum {
CMD_MEMORY_TO_MEMORY = 0x01,
CMD_FIXED_ADDRESS = 0x02,
@@ -79,13 +60,13 @@ enum {
};
-static void DMA_run (void);
+static void i8257_dma_run(void *opaque);
-static int channels[8] = {-1, 2, 3, 1, -1, -1, -1, 0};
+static const int channels[8] = {-1, 2, 3, 1, -1, -1, -1, 0};
-static void write_page (void *opaque, uint32_t nport, uint32_t data)
+static void i8257_write_page(void *opaque, uint32_t nport, uint32_t data)
{
- struct dma_cont *d = opaque;
+ I8257State *d = opaque;
int ichan;
ichan = channels[nport & 7];
@@ -96,9 +77,9 @@ static void write_page (void *opaque, uint32_t nport, uint32_t data)
d->regs[ichan].page = data;
}
-static void write_pageh (void *opaque, uint32_t nport, uint32_t data)
+static void i8257_write_pageh(void *opaque, uint32_t nport, uint32_t data)
{
- struct dma_cont *d = opaque;
+ I8257State *d = opaque;
int ichan;
ichan = channels[nport & 7];
@@ -109,9 +90,9 @@ static void write_pageh (void *opaque, uint32_t nport, uint32_t data)
d->regs[ichan].pageh = data;
}
-static uint32_t read_page (void *opaque, uint32_t nport)
+static uint32_t i8257_read_page(void *opaque, uint32_t nport)
{
- struct dma_cont *d = opaque;
+ I8257State *d = opaque;
int ichan;
ichan = channels[nport & 7];
@@ -122,9 +103,9 @@ static uint32_t read_page (void *opaque, uint32_t nport)
return d->regs[ichan].page;
}
-static uint32_t read_pageh (void *opaque, uint32_t nport)
+static uint32_t i8257_read_pageh(void *opaque, uint32_t nport)
{
- struct dma_cont *d = opaque;
+ I8257State *d = opaque;
int ichan;
ichan = channels[nport & 7];
@@ -135,16 +116,16 @@ static uint32_t read_pageh (void *opaque, uint32_t nport)
return d->regs[ichan].pageh;
}
-static inline void init_chan (struct dma_cont *d, int ichan)
+static inline void i8257_init_chan(I8257State *d, int ichan)
{
- struct dma_regs *r;
+ I8257Regs *r;
r = d->regs + ichan;
r->now[ADDR] = r->base[ADDR] << d->dshift;
r->now[COUNT] = 0;
}
-static inline int getff (struct dma_cont *d)
+static inline int i8257_getff(I8257State *d)
{
int ff;
@@ -153,11 +134,11 @@ static inline int getff (struct dma_cont *d)
return ff;
}
-static uint64_t read_chan(void *opaque, hwaddr nport, unsigned size)
+static uint64_t i8257_read_chan(void *opaque, hwaddr nport, unsigned size)
{
- struct dma_cont *d = opaque;
+ I8257State *d = opaque;
int ichan, nreg, iport, ff, val, dir;
- struct dma_regs *r;
+ I8257Regs *r;
iport = (nport >> d->dshift) & 0x0f;
ichan = iport >> 1;
@@ -165,7 +146,7 @@ static uint64_t read_chan(void *opaque, hwaddr nport, unsigned size)
r = d->regs + ichan;
dir = ((r->mode >> 5) & 1) ? -1 : 1;
- ff = getff (d);
+ ff = i8257_getff(d);
if (nreg)
val = (r->base[COUNT] << d->dshift) - r->now[COUNT];
else
@@ -175,29 +156,29 @@ static uint64_t read_chan(void *opaque, hwaddr nport, unsigned size)
return (val >> (d->dshift + (ff << 3))) & 0xff;
}
-static void write_chan(void *opaque, hwaddr nport, uint64_t data,
- unsigned size)
+static void i8257_write_chan(void *opaque, hwaddr nport, uint64_t data,
+ unsigned int size)
{
- struct dma_cont *d = opaque;
+ I8257State *d = opaque;
int iport, ichan, nreg;
- struct dma_regs *r;
+ I8257Regs *r;
iport = (nport >> d->dshift) & 0x0f;
ichan = iport >> 1;
nreg = iport & 1;
r = d->regs + ichan;
- if (getff (d)) {
+ if (i8257_getff(d)) {
r->base[nreg] = (r->base[nreg] & 0xff) | ((data << 8) & 0xff00);
- init_chan (d, ichan);
+ i8257_init_chan(d, ichan);
} else {
r->base[nreg] = (r->base[nreg] & 0xff00) | (data & 0xff);
}
}
-static void write_cont(void *opaque, hwaddr nport, uint64_t data,
- unsigned size)
+static void i8257_write_cont(void *opaque, hwaddr nport, uint64_t data,
+ unsigned int size)
{
- struct dma_cont *d = opaque;
+ I8257State *d = opaque;
int iport, ichan = 0;
iport = (nport >> d->dshift) & 0x0f;
@@ -219,7 +200,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data,
d->status &= ~(1 << (ichan + 4));
}
d->status &= ~(1 << ichan);
- DMA_run();
+ i8257_dma_run(d);
break;
case 0x02: /* single mask */
@@ -227,7 +208,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data,
d->mask |= 1 << (data & 3);
else
d->mask &= ~(1 << (data & 3));
- DMA_run();
+ i8257_dma_run(d);
break;
case 0x03: /* mode */
@@ -262,12 +243,12 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data,
case 0x06: /* clear mask for all channels */
d->mask = 0;
- DMA_run();
+ i8257_dma_run(d);
break;
case 0x07: /* write mask for all channels */
d->mask = data;
- DMA_run();
+ i8257_dma_run(d);
break;
default:
@@ -283,9 +264,9 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data,
#endif
}
-static uint64_t read_cont(void *opaque, hwaddr nport, unsigned size)
+static uint64_t i8257_read_cont(void *opaque, hwaddr nport, unsigned size)
{
- struct dma_cont *d = opaque;
+ I8257State *d = opaque;
int iport, val;
iport = (nport >> d->dshift) & 0x0f;
@@ -306,37 +287,43 @@ static uint64_t read_cont(void *opaque, hwaddr nport, unsigned size)
return val;
}
-int DMA_get_channel_mode (int nchan)
+static IsaDmaTransferMode i8257_dma_get_transfer_mode(IsaDma *obj, int nchan)
{
- return dma_controllers[nchan > 3].regs[nchan & 3].mode;
+ I8257State *d = I8257(obj);
+ return (d->regs[nchan & 3].mode >> 2) & 3;
}
-void DMA_hold_DREQ (int nchan)
+static bool i8257_dma_has_autoinitialization(IsaDma *obj, int nchan)
{
- int ncont, ichan;
+ I8257State *d = I8257(obj);
+ return (d->regs[nchan & 3].mode >> 4) & 1;
+}
+
+static void i8257_dma_hold_DREQ(IsaDma *obj, int nchan)
+{
+ I8257State *d = I8257(obj);
+ int ichan;
- ncont = nchan > 3;
ichan = nchan & 3;
- linfo ("held cont=%d chan=%d\n", ncont, ichan);
- dma_controllers[ncont].status |= 1 << (ichan + 4);
- DMA_run();
+ d->status |= 1 << (ichan + 4);
+ i8257_dma_run(d);
}
-void DMA_release_DREQ (int nchan)
+static void i8257_dma_release_DREQ(IsaDma *obj, int nchan)
{
- int ncont, ichan;
+ I8257State *d = I8257(obj);
+ int ichan;
- ncont = nchan > 3;
ichan = nchan & 3;
- linfo ("released cont=%d chan=%d\n", ncont, ichan);
- dma_controllers[ncont].status &= ~(1 << (ichan + 4));
- DMA_run();
+ d->status &= ~(1 << (ichan + 4));
+ i8257_dma_run(d);
}
-static void channel_run (int ncont, int ichan)
+static void i8257_channel_run(I8257State *d, int ichan)
{
+ int ncont = d->dshift;
int n;
- struct dma_regs *r = &dma_controllers[ncont].regs[ichan];
+ I8257Regs *r = &d->regs[ichan];
#ifdef DEBUG_DMA
int dir, opmode;
@@ -357,70 +344,58 @@ static void channel_run (int ncont, int ichan)
ldebug ("dma_pos %d size %d\n", n, (r->base[COUNT] + 1) << ncont);
}
-static QEMUBH *dma_bh;
-static bool dma_bh_scheduled;
-
-static void DMA_run (void)
+static void i8257_dma_run(void *opaque)
{
- struct dma_cont *d;
- int icont, ichan;
+ I8257State *d = opaque;
+ int ichan;
int rearm = 0;
- static int running = 0;
- if (running) {
+ if (d->running) {
rearm = 1;
goto out;
} else {
- running = 1;
+ d->running = 1;
}
- d = dma_controllers;
-
- for (icont = 0; icont < 2; icont++, d++) {
- for (ichan = 0; ichan < 4; ichan++) {
- int mask;
+ for (ichan = 0; ichan < 4; ichan++) {
+ int mask;
- mask = 1 << ichan;
+ mask = 1 << ichan;
- if ((0 == (d->mask & mask)) && (0 != (d->status & (mask << 4)))) {
- channel_run (icont, ichan);
- rearm = 1;
- }
+ if ((0 == (d->mask & mask)) && (0 != (d->status & (mask << 4)))) {
+ i8257_channel_run(d, ichan);
+ rearm = 1;
}
}
- running = 0;
+ d->running = 0;
out:
if (rearm) {
- qemu_bh_schedule_idle(dma_bh);
- dma_bh_scheduled = true;
+ qemu_bh_schedule_idle(d->dma_bh);
+ d->dma_bh_scheduled = true;
}
}
-static void DMA_run_bh(void *unused)
+static void i8257_dma_register_channel(IsaDma *obj, int nchan,
+ DMA_transfer_handler transfer_handler,
+ void *opaque)
{
- dma_bh_scheduled = false;
- DMA_run();
-}
-
-void DMA_register_channel (int nchan,
- DMA_transfer_handler transfer_handler,
- void *opaque)
-{
- struct dma_regs *r;
- int ichan, ncont;
+ I8257State *d = I8257(obj);
+ I8257Regs *r;
+ int ichan;
- ncont = nchan > 3;
ichan = nchan & 3;
- r = dma_controllers[ncont].regs + ichan;
+ r = d->regs + ichan;
r->transfer_handler = transfer_handler;
r->opaque = opaque;
}
-int DMA_read_memory (int nchan, void *buf, int pos, int len)
+static int i8257_dma_read_memory(IsaDma *obj, int nchan, void *buf, int pos,
+ int len)
{
- struct dma_regs *r = &dma_controllers[nchan > 3].regs[nchan & 3];
+ I8257State *d = I8257(obj);
+ I8257Regs *r = &d->regs[nchan & 3];
hwaddr addr = ((r->pageh & 0x7f) << 24) | (r->page << 16) | r->now[ADDR];
if (r->mode & 0x20) {
@@ -440,9 +415,11 @@ int DMA_read_memory (int nchan, void *buf, int pos, int len)
return len;
}
-int DMA_write_memory (int nchan, void *buf, int pos, int len)
+static int i8257_dma_write_memory(IsaDma *obj, int nchan, void *buf, int pos,
+ int len)
{
- struct dma_regs *r = &dma_controllers[nchan > 3].regs[nchan & 3];
+ I8257State *s = I8257(obj);
+ I8257Regs *r = &s->regs[nchan & 3];
hwaddr addr = ((r->pageh & 0x7f) << 24) | (r->page << 16) | r->now[ADDR];
if (r->mode & 0x20) {
@@ -465,20 +442,22 @@ int DMA_write_memory (int nchan, void *buf, int pos, int len)
/* request the emulator to transfer a new DMA memory block ASAP (even
* if the idle bottom half would not have exited the iothread yet).
*/
-void DMA_schedule(void)
+static void i8257_dma_schedule(IsaDma *obj)
{
- if (dma_bh_scheduled) {
+ I8257State *d = I8257(obj);
+ if (d->dma_bh_scheduled) {
qemu_notify_event();
}
}
-static void dma_reset(void *opaque)
+static void i8257_reset(DeviceState *dev)
{
- struct dma_cont *d = opaque;
- write_cont(d, (0x05 << d->dshift), 0, 1);
+ I8257State *d = I8257(dev);
+ i8257_write_cont(d, (0x05 << d->dshift), 0, 1);
}
-static int dma_phony_handler (void *opaque, int nchan, int dma_pos, int dma_len)
+static int i8257_phony_handler(void *opaque, int nchan, int dma_pos,
+ int dma_len)
{
trace_i8257_unregistered_dma(nchan, dma_pos, dma_len);
return dma_pos;
@@ -486,8 +465,8 @@ static int dma_phony_handler (void *opaque, int nchan, int dma_pos, int dma_len)
static const MemoryRegionOps channel_io_ops = {
- .read = read_chan,
- .write = write_chan,
+ .read = i8257_read_chan,
+ .write = i8257_write_chan,
.endianness = DEVICE_NATIVE_ENDIAN,
.impl = {
.min_access_size = 1,
@@ -497,21 +476,21 @@ static const MemoryRegionOps channel_io_ops = {
/* IOport from page_base */
static const MemoryRegionPortio page_portio_list[] = {
- { 0x01, 3, 1, .write = write_page, .read = read_page, },
- { 0x07, 1, 1, .write = write_page, .read = read_page, },
+ { 0x01, 3, 1, .write = i8257_write_page, .read = i8257_read_page, },
+ { 0x07, 1, 1, .write = i8257_write_page, .read = i8257_read_page, },
PORTIO_END_OF_LIST(),
};
/* IOport from pageh_base */
static const MemoryRegionPortio pageh_portio_list[] = {
- { 0x01, 3, 1, .write = write_pageh, .read = read_pageh, },
- { 0x07, 3, 1, .write = write_pageh, .read = read_pageh, },
+ { 0x01, 3, 1, .write = i8257_write_pageh, .read = i8257_read_pageh, },
+ { 0x07, 3, 1, .write = i8257_write_pageh, .read = i8257_read_pageh, },
PORTIO_END_OF_LIST(),
};
static const MemoryRegionOps cont_io_ops = {
- .read = read_cont,
- .write = write_cont,
+ .read = i8257_read_cont,
+ .write = i8257_write_cont,
.endianness = DEVICE_NATIVE_ENDIAN,
.impl = {
.min_access_size = 1,
@@ -519,82 +498,142 @@ static const MemoryRegionOps cont_io_ops = {
},
};
-/* dshift = 0: 8 bit DMA, 1 = 16 bit DMA */
-static void dma_init2(struct dma_cont *d, int base, int dshift,
- int page_base, int pageh_base)
+static const VMStateDescription vmstate_i8257_regs = {
+ .name = "dma_regs",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_INT32_ARRAY(now, I8257Regs, 2),
+ VMSTATE_UINT16_ARRAY(base, I8257Regs, 2),
+ VMSTATE_UINT8(mode, I8257Regs),
+ VMSTATE_UINT8(page, I8257Regs),
+ VMSTATE_UINT8(pageh, I8257Regs),
+ VMSTATE_UINT8(dack, I8257Regs),
+ VMSTATE_UINT8(eop, I8257Regs),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static int i8257_post_load(void *opaque, int version_id)
{
- int i;
+ I8257State *d = opaque;
+ i8257_dma_run(d);
- d->dshift = dshift;
+ return 0;
+}
+
+static const VMStateDescription vmstate_i8257 = {
+ .name = "dma",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .post_load = i8257_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8(command, I8257State),
+ VMSTATE_UINT8(mask, I8257State),
+ VMSTATE_UINT8(flip_flop, I8257State),
+ VMSTATE_INT32(dshift, I8257State),
+ VMSTATE_STRUCT_ARRAY(regs, I8257State, 4, 1, vmstate_i8257_regs,
+ I8257Regs),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void i8257_realize(DeviceState *dev, Error **errp)
+{
+ ISADevice *isa = ISA_DEVICE(dev);
+ I8257State *d = I8257(dev);
+ int i;
memory_region_init_io(&d->channel_io, NULL, &channel_io_ops, d,
"dma-chan", 8 << d->dshift);
- memory_region_add_subregion(isa_address_space_io(NULL),
- base, &d->channel_io);
+ memory_region_add_subregion(isa_address_space_io(isa),
+ d->base, &d->channel_io);
- isa_register_portio_list(NULL, page_base, page_portio_list, d,
+ isa_register_portio_list(isa, d->page_base, page_portio_list, d,
"dma-page");
- if (pageh_base >= 0) {
- isa_register_portio_list(NULL, pageh_base, pageh_portio_list, d,
+ if (d->pageh_base >= 0) {
+ isa_register_portio_list(isa, d->pageh_base, pageh_portio_list, d,
"dma-pageh");
}
- memory_region_init_io(&d->cont_io, NULL, &cont_io_ops, d, "dma-cont",
- 8 << d->dshift);
- memory_region_add_subregion(isa_address_space_io(NULL),
- base + (8 << d->dshift), &d->cont_io);
+ memory_region_init_io(&d->cont_io, OBJECT(isa), &cont_io_ops, d,
+ "dma-cont", 8 << d->dshift);
+ memory_region_add_subregion(isa_address_space_io(isa),
+ d->base + (8 << d->dshift), &d->cont_io);
- qemu_register_reset(dma_reset, d);
- dma_reset(d);
- for (i = 0; i < ARRAY_SIZE (d->regs); ++i) {
- d->regs[i].transfer_handler = dma_phony_handler;
+ for (i = 0; i < ARRAY_SIZE(d->regs); ++i) {
+ d->regs[i].transfer_handler = i8257_phony_handler;
}
+
+ d->dma_bh = qemu_bh_new(i8257_dma_run, d);
}
-static const VMStateDescription vmstate_dma_regs = {
- .name = "dma_regs",
- .version_id = 1,
- .minimum_version_id = 1,
- .fields = (VMStateField[]) {
- VMSTATE_INT32_ARRAY(now, struct dma_regs, 2),
- VMSTATE_UINT16_ARRAY(base, struct dma_regs, 2),
- VMSTATE_UINT8(mode, struct dma_regs),
- VMSTATE_UINT8(page, struct dma_regs),
- VMSTATE_UINT8(pageh, struct dma_regs),
- VMSTATE_UINT8(dack, struct dma_regs),
- VMSTATE_UINT8(eop, struct dma_regs),
- VMSTATE_END_OF_LIST()
- }
+static Property i8257_properties[] = {
+ DEFINE_PROP_INT32("base", I8257State, base, 0x00),
+ DEFINE_PROP_INT32("page-base", I8257State, page_base, 0x80),
+ DEFINE_PROP_INT32("pageh-base", I8257State, pageh_base, 0x480),
+ DEFINE_PROP_INT32("dshift", I8257State, dshift, 0),
+ DEFINE_PROP_END_OF_LIST()
};
-static int dma_post_load(void *opaque, int version_id)
+static void i8257_class_init(ObjectClass *klass, void *data)
{
- DMA_run();
-
- return 0;
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ IsaDmaClass *idc = ISADMA_CLASS(klass);
+
+ dc->realize = i8257_realize;
+ dc->reset = i8257_reset;
+ dc->vmsd = &vmstate_i8257;
+ dc->props = i8257_properties;
+
+ idc->get_transfer_mode = i8257_dma_get_transfer_mode;
+ idc->has_autoinitialization = i8257_dma_has_autoinitialization;
+ idc->read_memory = i8257_dma_read_memory;
+ idc->write_memory = i8257_dma_write_memory;
+ idc->hold_DREQ = i8257_dma_hold_DREQ;
+ idc->release_DREQ = i8257_dma_release_DREQ;
+ idc->schedule = i8257_dma_schedule;
+ idc->register_channel = i8257_dma_register_channel;
}
-static const VMStateDescription vmstate_dma = {
- .name = "dma",
- .version_id = 1,
- .minimum_version_id = 1,
- .post_load = dma_post_load,
- .fields = (VMStateField[]) {
- VMSTATE_UINT8(command, struct dma_cont),
- VMSTATE_UINT8(mask, struct dma_cont),
- VMSTATE_UINT8(flip_flop, struct dma_cont),
- VMSTATE_INT32(dshift, struct dma_cont),
- VMSTATE_STRUCT_ARRAY(regs, struct dma_cont, 4, 1, vmstate_dma_regs, struct dma_regs),
- VMSTATE_END_OF_LIST()
+static const TypeInfo i8257_info = {
+ .name = TYPE_I8257,
+ .parent = TYPE_ISA_DEVICE,
+ .instance_size = sizeof(I8257State),
+ .class_init = i8257_class_init,
+ .interfaces = (InterfaceInfo[]) {
+ { TYPE_ISADMA },
+ { }
}
};
-void DMA_init(int high_page_enable)
+static void i8257_register_types(void)
{
- dma_init2(&dma_controllers[0], 0x00, 0, 0x80, high_page_enable ? 0x480 : -1);
- dma_init2(&dma_controllers[1], 0xc0, 1, 0x88, high_page_enable ? 0x488 : -1);
- vmstate_register (NULL, 0, &vmstate_dma, &dma_controllers[0]);
- vmstate_register (NULL, 1, &vmstate_dma, &dma_controllers[1]);
+ type_register_static(&i8257_info);
+}
+
+type_init(i8257_register_types)
- dma_bh = qemu_bh_new(DMA_run_bh, NULL);
+void DMA_init(ISABus *bus, int high_page_enable)
+{
+ ISADevice *isa1, *isa2;
+ DeviceState *d;
+
+ isa1 = isa_create(bus, TYPE_I8257);
+ d = DEVICE(isa1);
+ qdev_prop_set_int32(d, "base", 0x00);
+ qdev_prop_set_int32(d, "page-base", 0x80);
+ qdev_prop_set_int32(d, "pageh-base", high_page_enable ? 0x480 : -1);
+ qdev_prop_set_int32(d, "dshift", 0);
+ qdev_init_nofail(d);
+
+ isa2 = isa_create(bus, TYPE_I8257);
+ d = DEVICE(isa2);
+ qdev_prop_set_int32(d, "base", 0xc0);
+ qdev_prop_set_int32(d, "page-base", 0x88);
+ qdev_prop_set_int32(d, "pageh-base", high_page_enable ? 0x488 : -1);
+ qdev_prop_set_int32(d, "dshift", 1);
+ qdev_init_nofail(d);
+
+ isa_bus_dma(bus, ISADMA(isa1), ISADMA(isa2));
}
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 942ac0659a..b28bac4b66 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -1542,7 +1542,7 @@ void pc_basic_device_init(ISABus *isa_bus, qemu_irq *gsi,
port92 = isa_create_simple(isa_bus, "port92");
port92_init(port92, &a20_line[1]);
- DMA_init(0);
+ DMA_init(isa_bus, 0);
for(i = 0; i < MAX_FD; i++) {
fd[i] = drive_get(IF_FLOPPY, 0, i);
diff --git a/hw/intc/Makefile.objs b/hw/intc/Makefile.objs
index 004b0c25e4..6a13a39519 100644
--- a/hw/intc/Makefile.objs
+++ b/hw/intc/Makefile.objs
@@ -24,6 +24,7 @@ obj-$(CONFIG_GRLIB) += grlib_irqmp.o
obj-$(CONFIG_IOAPIC) += ioapic.o
obj-$(CONFIG_OMAP) += omap_intc.o
obj-$(CONFIG_OPENPIC_KVM) += openpic_kvm.o
+obj-$(CONFIG_RASPI) += bcm2835_ic.o bcm2836_control.o
obj-$(CONFIG_SH4) += sh_intc.o
obj-$(CONFIG_XICS) += xics.o
obj-$(CONFIG_XICS_KVM) += xics_kvm.o
diff --git a/hw/intc/bcm2835_ic.c b/hw/intc/bcm2835_ic.c
new file mode 100644
index 0000000000..005a72b1e2
--- /dev/null
+++ b/hw/intc/bcm2835_ic.c
@@ -0,0 +1,236 @@
+/*
+ * Raspberry Pi emulation (c) 2012 Gregory Estrade
+ * Refactoring for Pi2 Copyright (c) 2015, Microsoft. Written by Andrew Baumann.
+ * This code is licensed under the GNU GPLv2 and later.
+ * Heavily based on pl190.c, copyright terms below:
+ *
+ * Arm PrimeCell PL190 Vector Interrupt Controller
+ *
+ * Copyright (c) 2006 CodeSourcery.
+ * Written by Paul Brook
+ *
+ * This code is licensed under the GPL.
+ */
+
+#include "hw/intc/bcm2835_ic.h"
+
+#define GPU_IRQS 64
+#define ARM_IRQS 8
+
+#define IRQ_PENDING_BASIC 0x00 /* IRQ basic pending */
+#define IRQ_PENDING_1 0x04 /* IRQ pending 1 */
+#define IRQ_PENDING_2 0x08 /* IRQ pending 2 */
+#define FIQ_CONTROL 0x0C /* FIQ register */
+#define IRQ_ENABLE_1 0x10 /* Interrupt enable register 1 */
+#define IRQ_ENABLE_2 0x14 /* Interrupt enable register 2 */
+#define IRQ_ENABLE_BASIC 0x18 /* Base interrupt enable register */
+#define IRQ_DISABLE_1 0x1C /* Interrupt disable register 1 */
+#define IRQ_DISABLE_2 0x20 /* Interrupt disable register 2 */
+#define IRQ_DISABLE_BASIC 0x24 /* Base interrupt disable register */
+
+/* Update interrupts. */
+static void bcm2835_ic_update(BCM2835ICState *s)
+{
+ bool set = false;
+
+ if (s->fiq_enable) {
+ if (s->fiq_select >= GPU_IRQS) {
+ /* ARM IRQ */
+ set = extract32(s->arm_irq_level, s->fiq_select - GPU_IRQS, 1);
+ } else {
+ set = extract64(s->gpu_irq_level, s->fiq_select, 1);
+ }
+ }
+ qemu_set_irq(s->fiq, set);
+
+ set = (s->gpu_irq_level & s->gpu_irq_enable)
+ || (s->arm_irq_level & s->arm_irq_enable);
+ qemu_set_irq(s->irq, set);
+
+}
+
+static void bcm2835_ic_set_gpu_irq(void *opaque, int irq, int level)
+{
+ BCM2835ICState *s = opaque;
+
+ assert(irq >= 0 && irq < 64);
+ s->gpu_irq_level = deposit64(s->gpu_irq_level, irq, 1, level != 0);
+ bcm2835_ic_update(s);
+}
+
+static void bcm2835_ic_set_arm_irq(void *opaque, int irq, int level)
+{
+ BCM2835ICState *s = opaque;
+
+ assert(irq >= 0 && irq < 8);
+ s->arm_irq_level = deposit32(s->arm_irq_level, irq, 1, level != 0);
+ bcm2835_ic_update(s);
+}
+
+static const int irq_dups[] = { 7, 9, 10, 18, 19, 53, 54, 55, 56, 57, 62 };
+
+static uint64_t bcm2835_ic_read(void *opaque, hwaddr offset, unsigned size)
+{
+ BCM2835ICState *s = opaque;
+ uint32_t res = 0;
+ uint64_t gpu_pending = s->gpu_irq_level & s->gpu_irq_enable;
+ int i;
+
+ switch (offset) {
+ case IRQ_PENDING_BASIC:
+ /* bits 0-7: ARM irqs */
+ res = s->arm_irq_level & s->arm_irq_enable;
+
+ /* bits 8 & 9: pending registers 1 & 2 */
+ res |= (((uint32_t)gpu_pending) != 0) << 8;
+ res |= ((gpu_pending >> 32) != 0) << 9;
+
+ /* bits 10-20: selected GPU IRQs */
+ for (i = 0; i < ARRAY_SIZE(irq_dups); i++) {
+ res |= extract64(gpu_pending, irq_dups[i], 1) << (i + 10);
+ }
+ break;
+ case IRQ_PENDING_1:
+ res = gpu_pending;
+ break;
+ case IRQ_PENDING_2:
+ res = gpu_pending >> 32;
+ break;
+ case FIQ_CONTROL:
+ res = (s->fiq_enable << 7) | s->fiq_select;
+ break;
+ case IRQ_ENABLE_1:
+ res = s->gpu_irq_enable;
+ break;
+ case IRQ_ENABLE_2:
+ res = s->gpu_irq_enable >> 32;
+ break;
+ case IRQ_ENABLE_BASIC:
+ res = s->arm_irq_enable;
+ break;
+ case IRQ_DISABLE_1:
+ res = ~s->gpu_irq_enable;
+ break;
+ case IRQ_DISABLE_2:
+ res = ~s->gpu_irq_enable >> 32;
+ break;
+ case IRQ_DISABLE_BASIC:
+ res = ~s->arm_irq_enable;
+ break;
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset %"HWADDR_PRIx"\n",
+ __func__, offset);
+ return 0;
+ }
+
+ return res;
+}
+
+static void bcm2835_ic_write(void *opaque, hwaddr offset, uint64_t val,
+ unsigned size)
+{
+ BCM2835ICState *s = opaque;
+
+ switch (offset) {
+ case FIQ_CONTROL:
+ s->fiq_select = extract32(val, 0, 7);
+ s->fiq_enable = extract32(val, 7, 1);
+ break;
+ case IRQ_ENABLE_1:
+ s->gpu_irq_enable |= val;
+ break;
+ case IRQ_ENABLE_2:
+ s->gpu_irq_enable |= val << 32;
+ break;
+ case IRQ_ENABLE_BASIC:
+ s->arm_irq_enable |= val & 0xff;
+ break;
+ case IRQ_DISABLE_1:
+ s->gpu_irq_enable &= ~val;
+ break;
+ case IRQ_DISABLE_2:
+ s->gpu_irq_enable &= ~(val << 32);
+ break;
+ case IRQ_DISABLE_BASIC:
+ s->arm_irq_enable &= ~val & 0xff;
+ break;
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset %"HWADDR_PRIx"\n",
+ __func__, offset);
+ return;
+ }
+ bcm2835_ic_update(s);
+}
+
+static const MemoryRegionOps bcm2835_ic_ops = {
+ .read = bcm2835_ic_read,
+ .write = bcm2835_ic_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid.min_access_size = 4,
+ .valid.max_access_size = 4,
+};
+
+static void bcm2835_ic_reset(DeviceState *d)
+{
+ BCM2835ICState *s = BCM2835_IC(d);
+
+ s->gpu_irq_enable = 0;
+ s->arm_irq_enable = 0;
+ s->fiq_enable = false;
+ s->fiq_select = 0;
+}
+
+static void bcm2835_ic_init(Object *obj)
+{
+ BCM2835ICState *s = BCM2835_IC(obj);
+
+ memory_region_init_io(&s->iomem, obj, &bcm2835_ic_ops, s, TYPE_BCM2835_IC,
+ 0x200);
+ sysbus_init_mmio(SYS_BUS_DEVICE(s), &s->iomem);
+
+ qdev_init_gpio_in_named(DEVICE(s), bcm2835_ic_set_gpu_irq,
+ BCM2835_IC_GPU_IRQ, GPU_IRQS);
+ qdev_init_gpio_in_named(DEVICE(s), bcm2835_ic_set_arm_irq,
+ BCM2835_IC_ARM_IRQ, ARM_IRQS);
+
+ sysbus_init_irq(SYS_BUS_DEVICE(s), &s->irq);
+ sysbus_init_irq(SYS_BUS_DEVICE(s), &s->fiq);
+}
+
+static const VMStateDescription vmstate_bcm2835_ic = {
+ .name = TYPE_BCM2835_IC,
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT64(gpu_irq_level, BCM2835ICState),
+ VMSTATE_UINT64(gpu_irq_enable, BCM2835ICState),
+ VMSTATE_UINT8(arm_irq_level, BCM2835ICState),
+ VMSTATE_UINT8(arm_irq_enable, BCM2835ICState),
+ VMSTATE_BOOL(fiq_enable, BCM2835ICState),
+ VMSTATE_UINT8(fiq_select, BCM2835ICState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void bcm2835_ic_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->reset = bcm2835_ic_reset;
+ dc->vmsd = &vmstate_bcm2835_ic;
+}
+
+static TypeInfo bcm2835_ic_info = {
+ .name = TYPE_BCM2835_IC,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(BCM2835ICState),
+ .class_init = bcm2835_ic_class_init,
+ .instance_init = bcm2835_ic_init,
+};
+
+static void bcm2835_ic_register_types(void)
+{
+ type_register_static(&bcm2835_ic_info);
+}
+
+type_init(bcm2835_ic_register_types)
diff --git a/hw/intc/bcm2836_control.c b/hw/intc/bcm2836_control.c
new file mode 100644
index 0000000000..ad622aa99f
--- /dev/null
+++ b/hw/intc/bcm2836_control.c
@@ -0,0 +1,303 @@
+/*
+ * Rasperry Pi 2 emulation ARM control logic module.
+ * Copyright (c) 2015, Microsoft
+ * Written by Andrew Baumann
+ *
+ * Based on bcm2835_ic.c (Raspberry Pi emulation) (c) 2012 Gregory Estrade
+ * This code is licensed under the GNU GPLv2 and later.
+ *
+ * At present, only implements interrupt routing, and mailboxes (i.e.,
+ * not local timer, PMU interrupt, or AXI counters).
+ *
+ * Ref:
+ * https://www.raspberrypi.org/documentation/hardware/raspberrypi/bcm2836/QA7_rev3.4.pdf
+ */
+
+#include "hw/intc/bcm2836_control.h"
+
+#define REG_GPU_ROUTE 0x0c
+#define REG_TIMERCONTROL 0x40
+#define REG_MBOXCONTROL 0x50
+#define REG_IRQSRC 0x60
+#define REG_FIQSRC 0x70
+#define REG_MBOX0_WR 0x80
+#define REG_MBOX0_RDCLR 0xc0
+#define REG_LIMIT 0x100
+
+#define IRQ_BIT(cntrl, num) (((cntrl) & (1 << (num))) != 0)
+#define FIQ_BIT(cntrl, num) (((cntrl) & (1 << ((num) + 4))) != 0)
+
+#define IRQ_CNTPSIRQ 0
+#define IRQ_CNTPNSIRQ 1
+#define IRQ_CNTHPIRQ 2
+#define IRQ_CNTVIRQ 3
+#define IRQ_MAILBOX0 4
+#define IRQ_MAILBOX1 5
+#define IRQ_MAILBOX2 6
+#define IRQ_MAILBOX3 7
+#define IRQ_GPU 8
+#define IRQ_PMU 9
+#define IRQ_AXI 10
+#define IRQ_TIMER 11
+#define IRQ_MAX IRQ_TIMER
+
+static void deliver_local(BCM2836ControlState *s, uint8_t core, uint8_t irq,
+ uint32_t controlreg, uint8_t controlidx)
+{
+ if (FIQ_BIT(controlreg, controlidx)) {
+ /* deliver a FIQ */
+ s->fiqsrc[core] |= (uint32_t)1 << irq;
+ } else if (IRQ_BIT(controlreg, controlidx)) {
+ /* deliver an IRQ */
+ s->irqsrc[core] |= (uint32_t)1 << irq;
+ } else {
+ /* the interrupt is masked */
+ }
+}
+
+/* Update interrupts. */
+static void bcm2836_control_update(BCM2836ControlState *s)
+{
+ int i, j;
+
+ /* reset pending IRQs/FIQs */
+ for (i = 0; i < BCM2836_NCORES; i++) {
+ s->irqsrc[i] = s->fiqsrc[i] = 0;
+ }
+
+ /* apply routing logic, update status regs */
+ if (s->gpu_irq) {
+ assert(s->route_gpu_irq < BCM2836_NCORES);
+ s->irqsrc[s->route_gpu_irq] |= (uint32_t)1 << IRQ_GPU;
+ }
+
+ if (s->gpu_fiq) {
+ assert(s->route_gpu_fiq < BCM2836_NCORES);
+ s->fiqsrc[s->route_gpu_fiq] |= (uint32_t)1 << IRQ_GPU;
+ }
+
+ for (i = 0; i < BCM2836_NCORES; i++) {
+ /* handle local timer interrupts for this core */
+ if (s->timerirqs[i]) {
+ assert(s->timerirqs[i] < (1 << (IRQ_CNTVIRQ + 1))); /* sane mask? */
+ for (j = 0; j <= IRQ_CNTVIRQ; j++) {
+ if ((s->timerirqs[i] & (1 << j)) != 0) {
+ /* local interrupt j is set */
+ deliver_local(s, i, j, s->timercontrol[i], j);
+ }
+ }
+ }
+
+ /* handle mailboxes for this core */
+ for (j = 0; j < BCM2836_MBPERCORE; j++) {
+ if (s->mailboxes[i * BCM2836_MBPERCORE + j] != 0) {
+ /* mailbox j is set */
+ deliver_local(s, i, j + IRQ_MAILBOX0, s->mailboxcontrol[i], j);
+ }
+ }
+ }
+
+ /* call set_irq appropriately for each output */
+ for (i = 0; i < BCM2836_NCORES; i++) {
+ qemu_set_irq(s->irq[i], s->irqsrc[i] != 0);
+ qemu_set_irq(s->fiq[i], s->fiqsrc[i] != 0);
+ }
+}
+
+static void bcm2836_control_set_local_irq(void *opaque, int core, int local_irq,
+ int level)
+{
+ BCM2836ControlState *s = opaque;
+
+ assert(core >= 0 && core < BCM2836_NCORES);
+ assert(local_irq >= 0 && local_irq <= IRQ_CNTVIRQ);
+
+ s->timerirqs[core] = deposit32(s->timerirqs[core], local_irq, 1, !!level);
+
+ bcm2836_control_update(s);
+}
+
+/* XXX: the following wrapper functions are a kludgy workaround,
+ * needed because I can't seem to pass useful information in the "irq"
+ * parameter when using named interrupts. Feel free to clean this up!
+ */
+
+static void bcm2836_control_set_local_irq0(void *opaque, int core, int level)
+{
+ bcm2836_control_set_local_irq(opaque, core, 0, level);
+}
+
+static void bcm2836_control_set_local_irq1(void *opaque, int core, int level)
+{
+ bcm2836_control_set_local_irq(opaque, core, 1, level);
+}
+
+static void bcm2836_control_set_local_irq2(void *opaque, int core, int level)
+{
+ bcm2836_control_set_local_irq(opaque, core, 2, level);
+}
+
+static void bcm2836_control_set_local_irq3(void *opaque, int core, int level)
+{
+ bcm2836_control_set_local_irq(opaque, core, 3, level);
+}
+
+static void bcm2836_control_set_gpu_irq(void *opaque, int irq, int level)
+{
+ BCM2836ControlState *s = opaque;
+
+ s->gpu_irq = level;
+
+ bcm2836_control_update(s);
+}
+
+static void bcm2836_control_set_gpu_fiq(void *opaque, int irq, int level)
+{
+ BCM2836ControlState *s = opaque;
+
+ s->gpu_fiq = level;
+
+ bcm2836_control_update(s);
+}
+
+static uint64_t bcm2836_control_read(void *opaque, hwaddr offset, unsigned size)
+{
+ BCM2836ControlState *s = opaque;
+
+ if (offset == REG_GPU_ROUTE) {
+ assert(s->route_gpu_fiq < BCM2836_NCORES
+ && s->route_gpu_irq < BCM2836_NCORES);
+ return ((uint32_t)s->route_gpu_fiq << 2) | s->route_gpu_irq;
+ } else if (offset >= REG_TIMERCONTROL && offset < REG_MBOXCONTROL) {
+ return s->timercontrol[(offset - REG_TIMERCONTROL) >> 2];
+ } else if (offset >= REG_MBOXCONTROL && offset < REG_IRQSRC) {
+ return s->mailboxcontrol[(offset - REG_MBOXCONTROL) >> 2];
+ } else if (offset >= REG_IRQSRC && offset < REG_FIQSRC) {
+ return s->irqsrc[(offset - REG_IRQSRC) >> 2];
+ } else if (offset >= REG_FIQSRC && offset < REG_MBOX0_WR) {
+ return s->fiqsrc[(offset - REG_FIQSRC) >> 2];
+ } else if (offset >= REG_MBOX0_RDCLR && offset < REG_LIMIT) {
+ return s->mailboxes[(offset - REG_MBOX0_RDCLR) >> 2];
+ } else {
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset %"HWADDR_PRIx"\n",
+ __func__, offset);
+ return 0;
+ }
+}
+
+static void bcm2836_control_write(void *opaque, hwaddr offset,
+ uint64_t val, unsigned size)
+{
+ BCM2836ControlState *s = opaque;
+
+ if (offset == REG_GPU_ROUTE) {
+ s->route_gpu_irq = val & 0x3;
+ s->route_gpu_fiq = (val >> 2) & 0x3;
+ } else if (offset >= REG_TIMERCONTROL && offset < REG_MBOXCONTROL) {
+ s->timercontrol[(offset - REG_TIMERCONTROL) >> 2] = val & 0xff;
+ } else if (offset >= REG_MBOXCONTROL && offset < REG_IRQSRC) {
+ s->mailboxcontrol[(offset - REG_MBOXCONTROL) >> 2] = val & 0xff;
+ } else if (offset >= REG_MBOX0_WR && offset < REG_MBOX0_RDCLR) {
+ s->mailboxes[(offset - REG_MBOX0_WR) >> 2] |= val;
+ } else if (offset >= REG_MBOX0_RDCLR && offset < REG_LIMIT) {
+ s->mailboxes[(offset - REG_MBOX0_RDCLR) >> 2] &= ~val;
+ } else {
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset %"HWADDR_PRIx"\n",
+ __func__, offset);
+ return;
+ }
+
+ bcm2836_control_update(s);
+}
+
+static const MemoryRegionOps bcm2836_control_ops = {
+ .read = bcm2836_control_read,
+ .write = bcm2836_control_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid.min_access_size = 4,
+ .valid.max_access_size = 4,
+};
+
+static void bcm2836_control_reset(DeviceState *d)
+{
+ BCM2836ControlState *s = BCM2836_CONTROL(d);
+ int i;
+
+ s->route_gpu_irq = s->route_gpu_fiq = 0;
+
+ for (i = 0; i < BCM2836_NCORES; i++) {
+ s->timercontrol[i] = 0;
+ s->mailboxcontrol[i] = 0;
+ }
+
+ for (i = 0; i < BCM2836_NCORES * BCM2836_MBPERCORE; i++) {
+ s->mailboxes[i] = 0;
+ }
+}
+
+static void bcm2836_control_init(Object *obj)
+{
+ BCM2836ControlState *s = BCM2836_CONTROL(obj);
+ DeviceState *dev = DEVICE(obj);
+
+ memory_region_init_io(&s->iomem, obj, &bcm2836_control_ops, s,
+ TYPE_BCM2836_CONTROL, REG_LIMIT);
+ sysbus_init_mmio(SYS_BUS_DEVICE(s), &s->iomem);
+
+ /* inputs from each CPU core */
+ qdev_init_gpio_in_named(dev, bcm2836_control_set_local_irq0, "cntpsirq",
+ BCM2836_NCORES);
+ qdev_init_gpio_in_named(dev, bcm2836_control_set_local_irq1, "cntpnsirq",
+ BCM2836_NCORES);
+ qdev_init_gpio_in_named(dev, bcm2836_control_set_local_irq2, "cnthpirq",
+ BCM2836_NCORES);
+ qdev_init_gpio_in_named(dev, bcm2836_control_set_local_irq3, "cntvirq",
+ BCM2836_NCORES);
+
+ /* IRQ and FIQ inputs from upstream bcm2835 controller */
+ qdev_init_gpio_in_named(dev, bcm2836_control_set_gpu_irq, "gpu-irq", 1);
+ qdev_init_gpio_in_named(dev, bcm2836_control_set_gpu_fiq, "gpu-fiq", 1);
+
+ /* outputs to CPU cores */
+ qdev_init_gpio_out_named(dev, s->irq, "irq", BCM2836_NCORES);
+ qdev_init_gpio_out_named(dev, s->fiq, "fiq", BCM2836_NCORES);
+}
+
+static const VMStateDescription vmstate_bcm2836_control = {
+ .name = TYPE_BCM2836_CONTROL,
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(mailboxes, BCM2836ControlState,
+ BCM2836_NCORES * BCM2836_MBPERCORE),
+ VMSTATE_UINT8(route_gpu_irq, BCM2836ControlState),
+ VMSTATE_UINT8(route_gpu_fiq, BCM2836ControlState),
+ VMSTATE_UINT32_ARRAY(timercontrol, BCM2836ControlState, BCM2836_NCORES),
+ VMSTATE_UINT32_ARRAY(mailboxcontrol, BCM2836ControlState,
+ BCM2836_NCORES),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void bcm2836_control_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->reset = bcm2836_control_reset;
+ dc->vmsd = &vmstate_bcm2836_control;
+}
+
+static TypeInfo bcm2836_control_info = {
+ .name = TYPE_BCM2836_CONTROL,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(BCM2836ControlState),
+ .class_init = bcm2836_control_class_init,
+ .instance_init = bcm2836_control_init,
+};
+
+static void bcm2836_control_register_types(void)
+{
+ type_register_static(&bcm2836_control_info);
+}
+
+type_init(bcm2836_control_register_types)
diff --git a/hw/isa/isa-bus.c b/hw/isa/isa-bus.c
index b487cb1839..c3b7388529 100644
--- a/hw/isa/isa-bus.c
+++ b/hw/isa/isa-bus.c
@@ -37,6 +37,12 @@ static void isa_bus_class_init(ObjectClass *klass, void *data)
k->get_fw_dev_path = isabus_get_fw_dev_path;
}
+static const TypeInfo isa_dma_info = {
+ .name = TYPE_ISADMA,
+ .parent = TYPE_INTERFACE,
+ .class_size = sizeof(IsaDmaClass),
+};
+
static const TypeInfo isa_bus_info = {
.name = TYPE_ISA_BUS,
.parent = TYPE_BUS,
@@ -90,6 +96,20 @@ void isa_init_irq(ISADevice *dev, qemu_irq *p, int isairq)
dev->nirqs++;
}
+void isa_bus_dma(ISABus *bus, IsaDma *dma8, IsaDma *dma16)
+{
+ assert(bus && dma8 && dma16);
+ assert(!bus->dma[0] && !bus->dma[1]);
+ bus->dma[0] = dma8;
+ bus->dma[1] = dma16;
+}
+
+IsaDma *isa_get_dma(ISABus *bus, int nchan)
+{
+ assert(bus);
+ return bus->dma[nchan > 3 ? 1 : 0];
+}
+
static inline void isa_init_ioport(ISADevice *dev, uint16_t ioport)
{
if (dev && (dev->ioport_id == 0 || ioport < dev->ioport_id)) {
@@ -223,6 +243,7 @@ static const TypeInfo isa_device_type_info = {
static void isabus_register_types(void)
{
+ type_register_static(&isa_dma_info);
type_register_static(&isa_bus_info);
type_register_static(&isabus_bridge_info);
type_register_static(&isa_device_type_info);
diff --git a/hw/mips/mips_fulong2e.c b/hw/mips/mips_fulong2e.c
index 6748d89478..184c404454 100644
--- a/hw/mips/mips_fulong2e.c
+++ b/hw/mips/mips_fulong2e.c
@@ -366,7 +366,7 @@ static void mips_fulong2e_init(MachineState *machine)
/* init other devices */
pit = pit_init(isa_bus, 0x40, 0, NULL);
- DMA_init(0);
+ DMA_init(isa_bus, 0);
/* Super I/O */
isa_create_simple(isa_bus, "i8042");
diff --git a/hw/mips/mips_jazz.c b/hw/mips/mips_jazz.c
index 62527fdbe8..d6d8058602 100644
--- a/hw/mips/mips_jazz.c
+++ b/hw/mips/mips_jazz.c
@@ -225,7 +225,7 @@ static void mips_jazz_init(MachineState *machine,
/* ISA devices */
i8259 = i8259_init(isa_bus, env->irq[4]);
isa_bus_irqs(isa_bus, i8259);
- DMA_init(0);
+ DMA_init(isa_bus, 0);
pit = pit_init(isa_bus, 0x40, 0, NULL);
pcspk_init(isa_bus, pit);
@@ -297,7 +297,8 @@ static void mips_jazz_init(MachineState *machine,
for (n = 0; n < MAX_FD; n++) {
fds[n] = drive_get(IF_FLOPPY, 0, n);
}
- fdctrl_init_sysbus(qdev_get_gpio_in(rc4030, 1), 0, 0x80003000, fds);
+ /* FIXME: we should enable DMA with a custom IsaDma device */
+ fdctrl_init_sysbus(qdev_get_gpio_in(rc4030, 1), -1, 0x80003000, fds);
/* Real time clock */
rtc_init(isa_bus, 1980, NULL);
diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index c5da83fde8..c04aa2b8cc 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -1166,7 +1166,7 @@ void mips_malta_init(MachineState *machine)
smbus_eeprom_init(smbus, 8, smbus_eeprom_buf, smbus_eeprom_size);
g_free(smbus_eeprom_buf);
pit = pit_init(isa_bus, 0x40, 0, NULL);
- DMA_init(0);
+ DMA_init(isa_bus, 0);
/* Super I/O */
isa_create_simple(isa_bus, "i8042");
diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs
index d4765c2516..ea6cd3c9ff 100644
--- a/hw/misc/Makefile.objs
+++ b/hw/misc/Makefile.objs
@@ -36,6 +36,8 @@ obj-$(CONFIG_OMAP) += omap_gpmc.o
obj-$(CONFIG_OMAP) += omap_l4.o
obj-$(CONFIG_OMAP) += omap_sdrc.o
obj-$(CONFIG_OMAP) += omap_tap.o
+obj-$(CONFIG_RASPI) += bcm2835_mbox.o
+obj-$(CONFIG_RASPI) += bcm2835_property.o
obj-$(CONFIG_SLAVIO) += slavio_misc.o
obj-$(CONFIG_ZYNQ) += zynq_slcr.o
obj-$(CONFIG_ZYNQ) += zynq-xadc.o
diff --git a/hw/misc/bcm2835_mbox.c b/hw/misc/bcm2835_mbox.c
new file mode 100644
index 0000000000..df1d6e6ad6
--- /dev/null
+++ b/hw/misc/bcm2835_mbox.c
@@ -0,0 +1,333 @@
+/*
+ * Raspberry Pi emulation (c) 2012 Gregory Estrade
+ * This code is licensed under the GNU GPLv2 and later.
+ *
+ * This file models the system mailboxes, which are used for
+ * communication with low-bandwidth GPU peripherals. Refs:
+ * https://github.com/raspberrypi/firmware/wiki/Mailboxes
+ * https://github.com/raspberrypi/firmware/wiki/Accessing-mailboxes
+ */
+
+#include "hw/misc/bcm2835_mbox.h"
+
+#define MAIL0_PEEK 0x90
+#define MAIL0_SENDER 0x94
+#define MAIL1_STATUS 0xb8
+
+/* Mailbox status register */
+#define MAIL0_STATUS 0x98
+#define ARM_MS_FULL 0x80000000
+#define ARM_MS_EMPTY 0x40000000
+#define ARM_MS_LEVEL 0x400000FF /* Max. value depends on mailbox depth */
+
+/* MAILBOX config/status register */
+#define MAIL0_CONFIG 0x9c
+/* ANY write to this register clears the error bits! */
+#define ARM_MC_IHAVEDATAIRQEN 0x00000001 /* mbox irq enable: has data */
+#define ARM_MC_IHAVESPACEIRQEN 0x00000002 /* mbox irq enable: has space */
+#define ARM_MC_OPPISEMPTYIRQEN 0x00000004 /* mbox irq enable: Opp is empty */
+#define ARM_MC_MAIL_CLEAR 0x00000008 /* mbox clear write 1, then 0 */
+#define ARM_MC_IHAVEDATAIRQPEND 0x00000010 /* mbox irq pending: has space */
+#define ARM_MC_IHAVESPACEIRQPEND 0x00000020 /* mbox irq pending: Opp is empty */
+#define ARM_MC_OPPISEMPTYIRQPEND 0x00000040 /* mbox irq pending */
+/* Bit 7 is unused */
+#define ARM_MC_ERRNOOWN 0x00000100 /* error : none owner read from mailbox */
+#define ARM_MC_ERROVERFLW 0x00000200 /* error : write to fill mailbox */
+#define ARM_MC_ERRUNDRFLW 0x00000400 /* error : read from empty mailbox */
+
+static void mbox_update_status(BCM2835Mbox *mb)
+{
+ mb->status &= ~(ARM_MS_EMPTY | ARM_MS_FULL);
+ if (mb->count == 0) {
+ mb->status |= ARM_MS_EMPTY;
+ } else if (mb->count == MBOX_SIZE) {
+ mb->status |= ARM_MS_FULL;
+ }
+}
+
+static void mbox_reset(BCM2835Mbox *mb)
+{
+ int n;
+
+ mb->count = 0;
+ mb->config = 0;
+ for (n = 0; n < MBOX_SIZE; n++) {
+ mb->reg[n] = MBOX_INVALID_DATA;
+ }
+ mbox_update_status(mb);
+}
+
+static uint32_t mbox_pull(BCM2835Mbox *mb, int index)
+{
+ int n;
+ uint32_t val;
+
+ assert(mb->count > 0);
+ assert(index < mb->count);
+
+ val = mb->reg[index];
+ for (n = index + 1; n < mb->count; n++) {
+ mb->reg[n - 1] = mb->reg[n];
+ }
+ mb->count--;
+ mb->reg[mb->count] = MBOX_INVALID_DATA;
+
+ mbox_update_status(mb);
+
+ return val;
+}
+
+static void mbox_push(BCM2835Mbox *mb, uint32_t val)
+{
+ assert(mb->count < MBOX_SIZE);
+ mb->reg[mb->count++] = val;
+ mbox_update_status(mb);
+}
+
+static void bcm2835_mbox_update(BCM2835MboxState *s)
+{
+ uint32_t value;
+ bool set;
+ int n;
+
+ s->mbox_irq_disabled = true;
+
+ /* Get pending responses and put them in the vc->arm mbox,
+ * as long as it's not full
+ */
+ for (n = 0; n < MBOX_CHAN_COUNT; n++) {
+ while (s->available[n] && !(s->mbox[0].status & ARM_MS_FULL)) {
+ value = ldl_phys(&s->mbox_as, n << MBOX_AS_CHAN_SHIFT);
+ assert(value != MBOX_INVALID_DATA); /* Pending interrupt but no data */
+ mbox_push(&s->mbox[0], value);
+ }
+ }
+
+ /* TODO (?): Try to push pending requests from the arm->vc mbox */
+
+ /* Re-enable calls from the IRQ routine */
+ s->mbox_irq_disabled = false;
+
+ /* Update ARM IRQ status */
+ set = false;
+ s->mbox[0].config &= ~ARM_MC_IHAVEDATAIRQPEND;
+ if (!(s->mbox[0].status & ARM_MS_EMPTY)) {
+ s->mbox[0].config |= ARM_MC_IHAVEDATAIRQPEND;
+ if (s->mbox[0].config & ARM_MC_IHAVEDATAIRQEN) {
+ set = true;
+ }
+ }
+ qemu_set_irq(s->arm_irq, set);
+}
+
+static void bcm2835_mbox_set_irq(void *opaque, int irq, int level)
+{
+ BCM2835MboxState *s = opaque;
+
+ s->available[irq] = level;
+
+ /* avoid recursively calling bcm2835_mbox_update when the interrupt
+ * status changes due to the ldl_phys call within that function
+ */
+ if (!s->mbox_irq_disabled) {
+ bcm2835_mbox_update(s);
+ }
+}
+
+static uint64_t bcm2835_mbox_read(void *opaque, hwaddr offset, unsigned size)
+{
+ BCM2835MboxState *s = opaque;
+ uint32_t res = 0;
+
+ offset &= 0xff;
+
+ switch (offset) {
+ case 0x80 ... 0x8c: /* MAIL0_READ */
+ if (s->mbox[0].status & ARM_MS_EMPTY) {
+ res = MBOX_INVALID_DATA;
+ } else {
+ res = mbox_pull(&s->mbox[0], 0);
+ }
+ break;
+
+ case MAIL0_PEEK:
+ res = s->mbox[0].reg[0];
+ break;
+
+ case MAIL0_SENDER:
+ break;
+
+ case MAIL0_STATUS:
+ res = s->mbox[0].status;
+ break;
+
+ case MAIL0_CONFIG:
+ res = s->mbox[0].config;
+ break;
+
+ case MAIL1_STATUS:
+ res = s->mbox[1].status;
+ break;
+
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset %"HWADDR_PRIx"\n",
+ __func__, offset);
+ return 0;
+ }
+
+ bcm2835_mbox_update(s);
+
+ return res;
+}
+
+static void bcm2835_mbox_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ BCM2835MboxState *s = opaque;
+ hwaddr childaddr;
+ uint8_t ch;
+
+ offset &= 0xff;
+
+ switch (offset) {
+ case MAIL0_SENDER:
+ break;
+
+ case MAIL0_CONFIG:
+ s->mbox[0].config &= ~ARM_MC_IHAVEDATAIRQEN;
+ s->mbox[0].config |= value & ARM_MC_IHAVEDATAIRQEN;
+ break;
+
+ case 0xa0 ... 0xac: /* MAIL1_WRITE */
+ if (s->mbox[1].status & ARM_MS_FULL) {
+ /* Mailbox full */
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: mailbox full\n", __func__);
+ } else {
+ ch = value & 0xf;
+ if (ch < MBOX_CHAN_COUNT) {
+ childaddr = ch << MBOX_AS_CHAN_SHIFT;
+ if (ldl_phys(&s->mbox_as, childaddr + MBOX_AS_PENDING)) {
+ /* Child busy, push delayed. Push it in the arm->vc mbox */
+ mbox_push(&s->mbox[1], value);
+ } else {
+ /* Push it directly to the child device */
+ stl_phys(&s->mbox_as, childaddr, value);
+ }
+ } else {
+ /* Invalid channel number */
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid channel %u\n",
+ __func__, ch);
+ }
+ }
+ break;
+
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset %"HWADDR_PRIx"\n",
+ __func__, offset);
+ return;
+ }
+
+ bcm2835_mbox_update(s);
+}
+
+static const MemoryRegionOps bcm2835_mbox_ops = {
+ .read = bcm2835_mbox_read,
+ .write = bcm2835_mbox_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid.min_access_size = 4,
+ .valid.max_access_size = 4,
+};
+
+/* vmstate of a single mailbox */
+static const VMStateDescription vmstate_bcm2835_mbox_box = {
+ .name = TYPE_BCM2835_MBOX "_box",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(reg, BCM2835Mbox, MBOX_SIZE),
+ VMSTATE_UINT32(count, BCM2835Mbox),
+ VMSTATE_UINT32(status, BCM2835Mbox),
+ VMSTATE_UINT32(config, BCM2835Mbox),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+/* vmstate of the entire device */
+static const VMStateDescription vmstate_bcm2835_mbox = {
+ .name = TYPE_BCM2835_MBOX,
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_BOOL_ARRAY(available, BCM2835MboxState, MBOX_CHAN_COUNT),
+ VMSTATE_STRUCT_ARRAY(mbox, BCM2835MboxState, 2, 1,
+ vmstate_bcm2835_mbox_box, BCM2835Mbox),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void bcm2835_mbox_init(Object *obj)
+{
+ BCM2835MboxState *s = BCM2835_MBOX(obj);
+
+ memory_region_init_io(&s->iomem, obj, &bcm2835_mbox_ops, s,
+ TYPE_BCM2835_MBOX, 0x400);
+ sysbus_init_mmio(SYS_BUS_DEVICE(s), &s->iomem);
+ sysbus_init_irq(SYS_BUS_DEVICE(s), &s->arm_irq);
+ qdev_init_gpio_in(DEVICE(s), bcm2835_mbox_set_irq, MBOX_CHAN_COUNT);
+}
+
+static void bcm2835_mbox_reset(DeviceState *dev)
+{
+ BCM2835MboxState *s = BCM2835_MBOX(dev);
+ int n;
+
+ mbox_reset(&s->mbox[0]);
+ mbox_reset(&s->mbox[1]);
+ s->mbox_irq_disabled = false;
+ for (n = 0; n < MBOX_CHAN_COUNT; n++) {
+ s->available[n] = false;
+ }
+}
+
+static void bcm2835_mbox_realize(DeviceState *dev, Error **errp)
+{
+ BCM2835MboxState *s = BCM2835_MBOX(dev);
+ Object *obj;
+ Error *err = NULL;
+
+ obj = object_property_get_link(OBJECT(dev), "mbox-mr", &err);
+ if (obj == NULL) {
+ error_setg(errp, "%s: required mbox-mr link not found: %s",
+ __func__, error_get_pretty(err));
+ return;
+ }
+
+ s->mbox_mr = MEMORY_REGION(obj);
+ address_space_init(&s->mbox_as, s->mbox_mr, NULL);
+ bcm2835_mbox_reset(dev);
+}
+
+static void bcm2835_mbox_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = bcm2835_mbox_realize;
+ dc->reset = bcm2835_mbox_reset;
+ dc->vmsd = &vmstate_bcm2835_mbox;
+}
+
+static TypeInfo bcm2835_mbox_info = {
+ .name = TYPE_BCM2835_MBOX,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(BCM2835MboxState),
+ .class_init = bcm2835_mbox_class_init,
+ .instance_init = bcm2835_mbox_init,
+};
+
+static void bcm2835_mbox_register_types(void)
+{
+ type_register_static(&bcm2835_mbox_info);
+}
+
+type_init(bcm2835_mbox_register_types)
diff --git a/hw/misc/bcm2835_property.c b/hw/misc/bcm2835_property.c
new file mode 100644
index 0000000000..e42b43e72d
--- /dev/null
+++ b/hw/misc/bcm2835_property.c
@@ -0,0 +1,287 @@
+/*
+ * Raspberry Pi emulation (c) 2012 Gregory Estrade
+ * This code is licensed under the GNU GPLv2 and later.
+ */
+
+#include "hw/misc/bcm2835_property.h"
+#include "hw/misc/bcm2835_mbox_defs.h"
+#include "sysemu/dma.h"
+
+/* https://github.com/raspberrypi/firmware/wiki/Mailbox-property-interface */
+
+static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value)
+{
+ uint32_t tag;
+ uint32_t bufsize;
+ uint32_t tot_len;
+ size_t resplen;
+ uint32_t tmp;
+
+ value &= ~0xf;
+
+ s->addr = value;
+
+ tot_len = ldl_phys(&s->dma_as, value);
+
+ /* @(addr + 4) : Buffer response code */
+ value = s->addr + 8;
+ while (value + 8 <= s->addr + tot_len) {
+ tag = ldl_phys(&s->dma_as, value);
+ bufsize = ldl_phys(&s->dma_as, value + 4);
+ /* @(value + 8) : Request/response indicator */
+ resplen = 0;
+ switch (tag) {
+ case 0x00000000: /* End tag */
+ break;
+ case 0x00000001: /* Get firmware revision */
+ stl_phys(&s->dma_as, value + 12, 346337);
+ resplen = 4;
+ break;
+ case 0x00010001: /* Get board model */
+ qemu_log_mask(LOG_UNIMP,
+ "bcm2835_property: %x get board model NYI\n", tag);
+ resplen = 4;
+ break;
+ case 0x00010002: /* Get board revision */
+ qemu_log_mask(LOG_UNIMP,
+ "bcm2835_property: %x get board revision NYI\n", tag);
+ resplen = 4;
+ break;
+ case 0x00010003: /* Get board MAC address */
+ resplen = sizeof(s->macaddr.a);
+ dma_memory_write(&s->dma_as, value + 12, s->macaddr.a, resplen);
+ break;
+ case 0x00010004: /* Get board serial */
+ qemu_log_mask(LOG_UNIMP,
+ "bcm2835_property: %x get board serial NYI\n", tag);
+ resplen = 8;
+ break;
+ case 0x00010005: /* Get ARM memory */
+ /* base */
+ stl_phys(&s->dma_as, value + 12, 0);
+ /* size */
+ stl_phys(&s->dma_as, value + 16, s->ram_size);
+ resplen = 8;
+ break;
+ case 0x00028001: /* Set power state */
+ /* Assume that whatever device they asked for exists,
+ * and we'll just claim we set it to the desired state
+ */
+ tmp = ldl_phys(&s->dma_as, value + 16);
+ stl_phys(&s->dma_as, value + 16, (tmp & 1));
+ resplen = 8;
+ break;
+
+ /* Clocks */
+
+ case 0x00030001: /* Get clock state */
+ stl_phys(&s->dma_as, value + 16, 0x1);
+ resplen = 8;
+ break;
+
+ case 0x00038001: /* Set clock state */
+ qemu_log_mask(LOG_UNIMP,
+ "bcm2835_property: %x set clock state NYI\n", tag);
+ resplen = 8;
+ break;
+
+ case 0x00030002: /* Get clock rate */
+ case 0x00030004: /* Get max clock rate */
+ case 0x00030007: /* Get min clock rate */
+ switch (ldl_phys(&s->dma_as, value + 12)) {
+ case 1: /* EMMC */
+ stl_phys(&s->dma_as, value + 16, 50000000);
+ break;
+ case 2: /* UART */
+ stl_phys(&s->dma_as, value + 16, 3000000);
+ break;
+ default:
+ stl_phys(&s->dma_as, value + 16, 700000000);
+ break;
+ }
+ resplen = 8;
+ break;
+
+ case 0x00038002: /* Set clock rate */
+ case 0x00038004: /* Set max clock rate */
+ case 0x00038007: /* Set min clock rate */
+ qemu_log_mask(LOG_UNIMP,
+ "bcm2835_property: %x set clock rates NYI\n", tag);
+ resplen = 8;
+ break;
+
+ /* Temperature */
+
+ case 0x00030006: /* Get temperature */
+ stl_phys(&s->dma_as, value + 16, 25000);
+ resplen = 8;
+ break;
+
+ case 0x0003000A: /* Get max temperature */
+ stl_phys(&s->dma_as, value + 16, 99000);
+ resplen = 8;
+ break;
+
+
+ case 0x00060001: /* Get DMA channels */
+ /* channels 2-5 */
+ stl_phys(&s->dma_as, value + 12, 0x003C);
+ resplen = 4;
+ break;
+
+ case 0x00050001: /* Get command line */
+ resplen = 0;
+ break;
+
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "bcm2835_property: unhandled tag %08x\n", tag);
+ break;
+ }
+
+ if (tag == 0) {
+ break;
+ }
+
+ stl_phys(&s->dma_as, value + 8, (1 << 31) | resplen);
+ value += bufsize + 12;
+ }
+
+ /* Buffer response code */
+ stl_phys(&s->dma_as, s->addr + 4, (1 << 31));
+}
+
+static uint64_t bcm2835_property_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ BCM2835PropertyState *s = opaque;
+ uint32_t res = 0;
+
+ switch (offset) {
+ case MBOX_AS_DATA:
+ res = MBOX_CHAN_PROPERTY | s->addr;
+ s->pending = false;
+ qemu_set_irq(s->mbox_irq, 0);
+ break;
+
+ case MBOX_AS_PENDING:
+ res = s->pending;
+ break;
+
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset %"HWADDR_PRIx"\n",
+ __func__, offset);
+ return 0;
+ }
+
+ return res;
+}
+
+static void bcm2835_property_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ BCM2835PropertyState *s = opaque;
+
+ switch (offset) {
+ case MBOX_AS_DATA:
+ /* bcm2835_mbox should check our pending status before pushing */
+ assert(!s->pending);
+ s->pending = true;
+ bcm2835_property_mbox_push(s, value);
+ qemu_set_irq(s->mbox_irq, 1);
+ break;
+
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset %"HWADDR_PRIx"\n",
+ __func__, offset);
+ return;
+ }
+}
+
+static const MemoryRegionOps bcm2835_property_ops = {
+ .read = bcm2835_property_read,
+ .write = bcm2835_property_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid.min_access_size = 4,
+ .valid.max_access_size = 4,
+};
+
+static const VMStateDescription vmstate_bcm2835_property = {
+ .name = TYPE_BCM2835_PROPERTY,
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_MACADDR(macaddr, BCM2835PropertyState),
+ VMSTATE_UINT32(addr, BCM2835PropertyState),
+ VMSTATE_BOOL(pending, BCM2835PropertyState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void bcm2835_property_init(Object *obj)
+{
+ BCM2835PropertyState *s = BCM2835_PROPERTY(obj);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &bcm2835_property_ops, s,
+ TYPE_BCM2835_PROPERTY, 0x10);
+ sysbus_init_mmio(SYS_BUS_DEVICE(s), &s->iomem);
+ sysbus_init_irq(SYS_BUS_DEVICE(s), &s->mbox_irq);
+}
+
+static void bcm2835_property_reset(DeviceState *dev)
+{
+ BCM2835PropertyState *s = BCM2835_PROPERTY(dev);
+
+ s->pending = false;
+}
+
+static void bcm2835_property_realize(DeviceState *dev, Error **errp)
+{
+ BCM2835PropertyState *s = BCM2835_PROPERTY(dev);
+ Object *obj;
+ Error *err = NULL;
+
+ obj = object_property_get_link(OBJECT(dev), "dma-mr", &err);
+ if (obj == NULL) {
+ error_setg(errp, "%s: required dma-mr link not found: %s",
+ __func__, error_get_pretty(err));
+ return;
+ }
+
+ s->dma_mr = MEMORY_REGION(obj);
+ address_space_init(&s->dma_as, s->dma_mr, NULL);
+
+ /* TODO: connect to MAC address of USB NIC device, once we emulate it */
+ qemu_macaddr_default_if_unset(&s->macaddr);
+
+ bcm2835_property_reset(dev);
+}
+
+static Property bcm2835_property_props[] = {
+ DEFINE_PROP_UINT32("ram-size", BCM2835PropertyState, ram_size, 0),
+ DEFINE_PROP_END_OF_LIST()
+};
+
+static void bcm2835_property_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->props = bcm2835_property_props;
+ dc->realize = bcm2835_property_realize;
+ dc->vmsd = &vmstate_bcm2835_property;
+}
+
+static TypeInfo bcm2835_property_info = {
+ .name = TYPE_BCM2835_PROPERTY,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(BCM2835PropertyState),
+ .class_init = bcm2835_property_class_init,
+ .instance_init = bcm2835_property_init,
+};
+
+static void bcm2835_property_register_types(void)
+{
+ type_register_static(&bcm2835_property_info);
+}
+
+type_init(bcm2835_property_register_types)
diff --git a/hw/net/cadence_gem.c b/hw/net/cadence_gem.c
index f9e409192b..0346f3e335 100644
--- a/hw/net/cadence_gem.c
+++ b/hw/net/cadence_gem.c
@@ -678,6 +678,10 @@ static ssize_t gem_receive(NetClientState *nc, const uint8_t *buf, size_t size)
} else {
unsigned crc_val;
+ if (size > sizeof(rxbuf) - sizeof(crc_val)) {
+ size = sizeof(rxbuf) - sizeof(crc_val);
+ }
+ bytes_to_copy = size;
/* The application wants the FCS field, which QEMU does not provide.
* We must try and calculate one.
*/
@@ -863,6 +867,14 @@ static void gem_transmit(CadenceGEMState *s)
break;
}
+ if (tx_desc_get_length(desc) > sizeof(tx_packet) - (p - tx_packet)) {
+ DB_PRINT("TX descriptor @ 0x%x too large: size 0x%x space 0x%x\n",
+ (unsigned)packet_desc_addr,
+ (unsigned)tx_desc_get_length(desc),
+ sizeof(tx_packet) - (p - tx_packet));
+ break;
+ }
+
/* Gather this fragment of the packet from "dma memory" to our contig.
* buffer.
*/
diff --git a/hw/net/e1000.c b/hw/net/e1000.c
index 4eda7a3289..0387fa0646 100644
--- a/hw/net/e1000.c
+++ b/hw/net/e1000.c
@@ -909,7 +909,8 @@ start_xmit(E1000State *s)
* bogus values to TDT/TDLEN.
* there's nothing too intelligent we could do about this.
*/
- if (s->mac_reg[TDH] == tdh_start) {
+ if (s->mac_reg[TDH] == tdh_start ||
+ tdh_start >= s->mac_reg[TDLEN] / sizeof(desc)) {
DBGOUT(TXERR, "TDH wraparound @%x, TDT %x, TDLEN %x\n",
tdh_start, s->mac_reg[TDT], s->mac_reg[TDLEN]);
break;
@@ -1166,7 +1167,8 @@ e1000_receive_iov(NetClientState *nc, const struct iovec *iov, int iovcnt)
if (++s->mac_reg[RDH] * sizeof(desc) >= s->mac_reg[RDLEN])
s->mac_reg[RDH] = 0;
/* see comment in start_xmit; same here */
- if (s->mac_reg[RDH] == rdh_start) {
+ if (s->mac_reg[RDH] == rdh_start ||
+ rdh_start >= s->mac_reg[RDLEN] / sizeof(desc)) {
DBGOUT(RXERR, "RDH wraparound @%x, RDT %x, RDLEN %x\n",
rdh_start, s->mac_reg[RDT], s->mac_reg[RDLEN]);
set_ics(s, 0, E1000_ICS_RXO);
diff --git a/hw/sparc/sun4m.c b/hw/sparc/sun4m.c
index 1fcec4478f..20dc341710 100644
--- a/hw/sparc/sun4m.c
+++ b/hw/sparc/sun4m.c
@@ -96,29 +96,7 @@ struct sun4m_hwdef {
uint8_t nvram_machine_id;
};
-int DMA_get_channel_mode (int nchan)
-{
- return 0;
-}
-int DMA_read_memory (int nchan, void *buf, int pos, int size)
-{
- return 0;
-}
-int DMA_write_memory (int nchan, void *buf, int pos, int size)
-{
- return 0;
-}
-void DMA_hold_DREQ (int nchan) {}
-void DMA_release_DREQ (int nchan) {}
-void DMA_schedule(void) {}
-
-void DMA_init(int high_page_enable)
-{
-}
-
-void DMA_register_channel (int nchan,
- DMA_transfer_handler transfer_handler,
- void *opaque)
+void DMA_init(ISABus *bus, int high_page_enable)
{
}
diff --git a/hw/sparc64/sun4u.c b/hw/sparc64/sun4u.c
index 124c376897..add1e752f3 100644
--- a/hw/sparc64/sun4u.c
+++ b/hw/sparc64/sun4u.c
@@ -99,29 +99,7 @@ typedef struct EbusState {
MemoryRegion bar1;
} EbusState;
-int DMA_get_channel_mode (int nchan)
-{
- return 0;
-}
-int DMA_read_memory (int nchan, void *buf, int pos, int size)
-{
- return 0;
-}
-int DMA_write_memory (int nchan, void *buf, int pos, int size)
-{
- return 0;
-}
-void DMA_hold_DREQ (int nchan) {}
-void DMA_release_DREQ (int nchan) {}
-void DMA_schedule(void) {}
-
-void DMA_init(int high_page_enable)
-{
-}
-
-void DMA_register_channel (int nchan,
- DMA_transfer_handler transfer_handler,
- void *opaque)
+void DMA_init(ISABus *bus, int high_page_enable)
{
}
@@ -816,6 +794,7 @@ static void sun4uv_init(MemoryRegion *address_space_mem,
qemu_irq *ivec_irqs, *pbm_irqs;
DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
DriveInfo *fd[MAX_FD];
+ DeviceState *dev;
FWCfgState *fw_cfg;
/* init CPUs */
@@ -852,10 +831,22 @@ static void sun4uv_init(MemoryRegion *address_space_mem,
pci_cmd646_ide_init(pci_bus, hd, 1);
isa_create_simple(isa_bus, "i8042");
+
+ /* Floppy */
for(i = 0; i < MAX_FD; i++) {
fd[i] = drive_get(IF_FLOPPY, 0, i);
}
- fdctrl_init_isa(isa_bus, fd);
+ dev = DEVICE(isa_create(isa_bus, TYPE_ISA_FDC));
+ if (fd[0]) {
+ qdev_prop_set_drive(dev, "driveA", blk_by_legacy_dinfo(fd[0]),
+ &error_abort);
+ }
+ if (fd[1]) {
+ qdev_prop_set_drive(dev, "driveB", blk_by_legacy_dinfo(fd[1]),
+ &error_abort);
+ }
+ qdev_prop_set_uint32(dev, "dma", -1);
+ qdev_init_nofail(dev);
/* Map NVRAM into I/O (ebus) space */
nvram = m48t59_init(NULL, 0, 0, NVRAM_SIZE, 1968, 59);
diff --git a/hw/timer/a9gtimer.c b/hw/timer/a9gtimer.c
index c11a7bc75b..fa4602ca04 100644
--- a/hw/timer/a9gtimer.c
+++ b/hw/timer/a9gtimer.c
@@ -25,6 +25,7 @@
#include "qemu/timer.h"
#include "qemu/bitops.h"
#include "qemu/log.h"
+#include "qom/cpu.h"
#ifndef A9_GTIMER_ERR_DEBUG
#define A9_GTIMER_ERR_DEBUG 0
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2025-04-27 03:38:29 +0200