1 /* 2 * QEMU PowerPC CHRP (Genesi/bPlan Pegasos II) hardware System Emulator 3 * 4 * Copyright (c) 2018-2021 BALATON Zoltan 5 * 6 * This work is licensed under the GNU GPL license version 2 or later. 7 * 8 */ 9 10 #include "qemu/osdep.h" 11 #include "qemu-common.h" 12 #include "qemu/units.h" 13 #include "qapi/error.h" 14 #include "hw/hw.h" 15 #include "hw/ppc/ppc.h" 16 #include "hw/sysbus.h" 17 #include "hw/pci/pci_host.h" 18 #include "hw/irq.h" 19 #include "hw/pci-host/mv64361.h" 20 #include "hw/isa/vt82c686.h" 21 #include "hw/ide/pci.h" 22 #include "hw/i2c/smbus_eeprom.h" 23 #include "hw/qdev-properties.h" 24 #include "sysemu/reset.h" 25 #include "hw/boards.h" 26 #include "hw/loader.h" 27 #include "hw/fw-path-provider.h" 28 #include "elf.h" 29 #include "qemu/log.h" 30 #include "qemu/error-report.h" 31 #include "sysemu/kvm.h" 32 #include "kvm_ppc.h" 33 #include "exec/address-spaces.h" 34 #include "trace.h" 35 #include "qemu/datadir.h" 36 #include "sysemu/device_tree.h" 37 #include "hw/ppc/vof.h" 38 39 #include <libfdt.h> 40 41 #define PROM_FILENAME "vof.bin" 42 #define PROM_ADDR 0xfff00000 43 #define PROM_SIZE 0x80000 44 45 #define KVMPPC_HCALL_BASE 0xf000 46 #define KVMPPC_H_RTAS (KVMPPC_HCALL_BASE + 0x0) 47 #define KVMPPC_H_VOF_CLIENT (KVMPPC_HCALL_BASE + 0x5) 48 49 #define H_SUCCESS 0 50 #define H_PRIVILEGE -3 /* Caller not privileged */ 51 #define H_PARAMETER -4 /* Parameter invalid, out-of-range or conflicting */ 52 53 #define BUS_FREQ_HZ 133333333 54 55 #define PCI0_MEM_BASE 0xc0000000 56 #define PCI0_MEM_SIZE 0x20000000 57 #define PCI0_IO_BASE 0xf8000000 58 #define PCI0_IO_SIZE 0x10000 59 60 #define PCI1_MEM_BASE 0x80000000 61 #define PCI1_MEM_SIZE 0x40000000 62 #define PCI1_IO_BASE 0xfe000000 63 #define PCI1_IO_SIZE 0x10000 64 65 #define TYPE_PEGASOS2_MACHINE MACHINE_TYPE_NAME("pegasos2") 66 OBJECT_DECLARE_TYPE(Pegasos2MachineState, MachineClass, PEGASOS2_MACHINE) 67 68 struct Pegasos2MachineState { 69 MachineState parent_obj; 70 PowerPCCPU *cpu; 71 DeviceState *mv; 72 Vof *vof; 73 void *fdt_blob; 74 uint64_t kernel_addr; 75 uint64_t kernel_entry; 76 uint64_t kernel_size; 77 }; 78 79 static void *build_fdt(MachineState *machine, int *fdt_size); 80 81 static void pegasos2_cpu_reset(void *opaque) 82 { 83 PowerPCCPU *cpu = opaque; 84 Pegasos2MachineState *pm = PEGASOS2_MACHINE(current_machine); 85 86 cpu_reset(CPU(cpu)); 87 cpu->env.spr[SPR_HID1] = 7ULL << 28; 88 if (pm->vof) { 89 cpu->env.gpr[1] = 2 * VOF_STACK_SIZE - 0x20; 90 cpu->env.nip = 0x100; 91 } 92 } 93 94 static void pegasos2_init(MachineState *machine) 95 { 96 Pegasos2MachineState *pm = PEGASOS2_MACHINE(machine); 97 CPUPPCState *env; 98 MemoryRegion *rom = g_new(MemoryRegion, 1); 99 PCIBus *pci_bus; 100 PCIDevice *dev; 101 I2CBus *i2c_bus; 102 const char *fwname = machine->firmware ?: PROM_FILENAME; 103 char *filename; 104 int sz; 105 uint8_t *spd_data; 106 107 /* init CPU */ 108 pm->cpu = POWERPC_CPU(cpu_create(machine->cpu_type)); 109 env = &pm->cpu->env; 110 if (PPC_INPUT(env) != PPC_FLAGS_INPUT_6xx) { 111 error_report("Incompatible CPU, only 6xx bus supported"); 112 exit(1); 113 } 114 115 /* Set time-base frequency */ 116 cpu_ppc_tb_init(env, BUS_FREQ_HZ / 4); 117 qemu_register_reset(pegasos2_cpu_reset, pm->cpu); 118 119 /* RAM */ 120 memory_region_add_subregion(get_system_memory(), 0, machine->ram); 121 122 /* allocate and load firmware */ 123 filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, fwname); 124 if (!filename) { 125 error_report("Could not find firmware '%s'", fwname); 126 exit(1); 127 } 128 if (!machine->firmware && !pm->vof) { 129 pm->vof = g_malloc0(sizeof(*pm->vof)); 130 } 131 memory_region_init_rom(rom, NULL, "pegasos2.rom", PROM_SIZE, &error_fatal); 132 memory_region_add_subregion(get_system_memory(), PROM_ADDR, rom); 133 sz = load_elf(filename, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 1, 134 PPC_ELF_MACHINE, 0, 0); 135 if (sz <= 0) { 136 sz = load_image_targphys(filename, pm->vof ? 0 : PROM_ADDR, PROM_SIZE); 137 } 138 if (sz <= 0 || sz > PROM_SIZE) { 139 error_report("Could not load firmware '%s'", filename); 140 exit(1); 141 } 142 g_free(filename); 143 if (pm->vof) { 144 pm->vof->fw_size = sz; 145 } 146 147 /* Marvell Discovery II system controller */ 148 pm->mv = DEVICE(sysbus_create_simple(TYPE_MV64361, -1, 149 ((qemu_irq *)env->irq_inputs)[PPC6xx_INPUT_INT])); 150 pci_bus = mv64361_get_pci_bus(pm->mv, 1); 151 152 /* VIA VT8231 South Bridge (multifunction PCI device) */ 153 /* VT8231 function 0: PCI-to-ISA Bridge */ 154 dev = pci_create_simple_multifunction(pci_bus, PCI_DEVFN(12, 0), true, 155 TYPE_VT8231_ISA); 156 qdev_connect_gpio_out(DEVICE(dev), 0, 157 qdev_get_gpio_in_named(pm->mv, "gpp", 31)); 158 159 /* VT8231 function 1: IDE Controller */ 160 dev = pci_create_simple(pci_bus, PCI_DEVFN(12, 1), "via-ide"); 161 pci_ide_create_devs(dev); 162 163 /* VT8231 function 2-3: USB Ports */ 164 pci_create_simple(pci_bus, PCI_DEVFN(12, 2), "vt82c686b-usb-uhci"); 165 pci_create_simple(pci_bus, PCI_DEVFN(12, 3), "vt82c686b-usb-uhci"); 166 167 /* VT8231 function 4: Power Management Controller */ 168 dev = pci_create_simple(pci_bus, PCI_DEVFN(12, 4), TYPE_VT8231_PM); 169 i2c_bus = I2C_BUS(qdev_get_child_bus(DEVICE(dev), "i2c")); 170 spd_data = spd_data_generate(DDR, machine->ram_size); 171 smbus_eeprom_init_one(i2c_bus, 0x57, spd_data); 172 173 /* VT8231 function 5-6: AC97 Audio & Modem */ 174 pci_create_simple(pci_bus, PCI_DEVFN(12, 5), TYPE_VIA_AC97); 175 pci_create_simple(pci_bus, PCI_DEVFN(12, 6), TYPE_VIA_MC97); 176 177 /* other PC hardware */ 178 pci_vga_init(pci_bus); 179 180 if (machine->kernel_filename) { 181 sz = load_elf(machine->kernel_filename, NULL, NULL, NULL, 182 &pm->kernel_entry, &pm->kernel_addr, NULL, NULL, 1, 183 PPC_ELF_MACHINE, 0, 0); 184 if (sz <= 0) { 185 error_report("Could not load kernel '%s'", 186 machine->kernel_filename); 187 exit(1); 188 } 189 pm->kernel_size = sz; 190 if (!pm->vof) { 191 warn_report("Option -kernel may be ineffective with -bios."); 192 } 193 } 194 if (machine->kernel_cmdline && !pm->vof) { 195 warn_report("Option -append may be ineffective with -bios."); 196 } 197 } 198 199 static uint32_t pegasos2_pci_config_read(AddressSpace *as, int bus, 200 uint32_t addr, uint32_t len) 201 { 202 hwaddr pcicfg = (bus ? 0xf1000c78 : 0xf1000cf8); 203 uint32_t val = 0xffffffff; 204 205 stl_le_phys(as, pcicfg, addr | BIT(31)); 206 switch (len) { 207 case 4: 208 val = ldl_le_phys(as, pcicfg + 4); 209 break; 210 case 2: 211 val = lduw_le_phys(as, pcicfg + 4); 212 break; 213 case 1: 214 val = ldub_phys(as, pcicfg + 4); 215 break; 216 default: 217 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid length\n", __func__); 218 break; 219 } 220 return val; 221 } 222 223 static void pegasos2_pci_config_write(AddressSpace *as, int bus, uint32_t addr, 224 uint32_t len, uint32_t val) 225 { 226 hwaddr pcicfg = (bus ? 0xf1000c78 : 0xf1000cf8); 227 228 stl_le_phys(as, pcicfg, addr | BIT(31)); 229 switch (len) { 230 case 4: 231 stl_le_phys(as, pcicfg + 4, val); 232 break; 233 case 2: 234 stw_le_phys(as, pcicfg + 4, val); 235 break; 236 case 1: 237 stb_phys(as, pcicfg + 4, val); 238 break; 239 default: 240 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid length\n", __func__); 241 break; 242 } 243 } 244 245 static void pegasos2_machine_reset(MachineState *machine) 246 { 247 Pegasos2MachineState *pm = PEGASOS2_MACHINE(machine); 248 AddressSpace *as = CPU(pm->cpu)->as; 249 void *fdt; 250 uint64_t d[2]; 251 int sz; 252 253 qemu_devices_reset(); 254 if (!pm->vof) { 255 return; /* Firmware should set up machine so nothing to do */ 256 } 257 258 /* Otherwise, set up devices that board firmware would normally do */ 259 stl_le_phys(as, 0xf1000000, 0x28020ff); 260 stl_le_phys(as, 0xf1000278, 0xa31fc); 261 stl_le_phys(as, 0xf100f300, 0x11ff0400); 262 stl_le_phys(as, 0xf100f10c, 0x80000000); 263 stl_le_phys(as, 0xf100001c, 0x8000000); 264 pegasos2_pci_config_write(as, 0, PCI_COMMAND, 2, PCI_COMMAND_IO | 265 PCI_COMMAND_MEMORY | PCI_COMMAND_MASTER); 266 pegasos2_pci_config_write(as, 1, PCI_COMMAND, 2, PCI_COMMAND_IO | 267 PCI_COMMAND_MEMORY | PCI_COMMAND_MASTER); 268 269 pegasos2_pci_config_write(as, 1, (PCI_DEVFN(12, 0) << 8) | 270 PCI_INTERRUPT_LINE, 2, 0x9); 271 pegasos2_pci_config_write(as, 1, (PCI_DEVFN(12, 0) << 8) | 272 0x50, 1, 0x2); 273 274 pegasos2_pci_config_write(as, 1, (PCI_DEVFN(12, 1) << 8) | 275 PCI_INTERRUPT_LINE, 2, 0x109); 276 pegasos2_pci_config_write(as, 1, (PCI_DEVFN(12, 1) << 8) | 277 PCI_CLASS_PROG, 1, 0xf); 278 pegasos2_pci_config_write(as, 1, (PCI_DEVFN(12, 1) << 8) | 279 0x40, 1, 0xb); 280 pegasos2_pci_config_write(as, 1, (PCI_DEVFN(12, 1) << 8) | 281 0x50, 4, 0x17171717); 282 pegasos2_pci_config_write(as, 1, (PCI_DEVFN(12, 1) << 8) | 283 PCI_COMMAND, 2, 0x87); 284 285 pegasos2_pci_config_write(as, 1, (PCI_DEVFN(12, 2) << 8) | 286 PCI_INTERRUPT_LINE, 2, 0x409); 287 288 pegasos2_pci_config_write(as, 1, (PCI_DEVFN(12, 3) << 8) | 289 PCI_INTERRUPT_LINE, 2, 0x409); 290 291 pegasos2_pci_config_write(as, 1, (PCI_DEVFN(12, 4) << 8) | 292 PCI_INTERRUPT_LINE, 2, 0x9); 293 pegasos2_pci_config_write(as, 1, (PCI_DEVFN(12, 4) << 8) | 294 0x48, 4, 0xf00); 295 pegasos2_pci_config_write(as, 1, (PCI_DEVFN(12, 4) << 8) | 296 0x40, 4, 0x558020); 297 pegasos2_pci_config_write(as, 1, (PCI_DEVFN(12, 4) << 8) | 298 0x90, 4, 0xd00); 299 300 pegasos2_pci_config_write(as, 1, (PCI_DEVFN(12, 5) << 8) | 301 PCI_INTERRUPT_LINE, 2, 0x309); 302 303 pegasos2_pci_config_write(as, 1, (PCI_DEVFN(12, 6) << 8) | 304 PCI_INTERRUPT_LINE, 2, 0x309); 305 306 /* Device tree and VOF set up */ 307 vof_init(pm->vof, machine->ram_size, &error_fatal); 308 if (vof_claim(pm->vof, 0, VOF_STACK_SIZE, VOF_STACK_SIZE) == -1) { 309 error_report("Memory allocation for stack failed"); 310 exit(1); 311 } 312 if (pm->kernel_size && 313 vof_claim(pm->vof, pm->kernel_addr, pm->kernel_size, 0) == -1) { 314 error_report("Memory for kernel is in use"); 315 exit(1); 316 } 317 fdt = build_fdt(machine, &sz); 318 /* FIXME: VOF assumes entry is same as load address */ 319 d[0] = cpu_to_be64(pm->kernel_entry); 320 d[1] = cpu_to_be64(pm->kernel_size - (pm->kernel_entry - pm->kernel_addr)); 321 qemu_fdt_setprop(fdt, "/chosen", "qemu,boot-kernel", d, sizeof(d)); 322 323 qemu_fdt_dumpdtb(fdt, fdt_totalsize(fdt)); 324 g_free(pm->fdt_blob); 325 pm->fdt_blob = fdt; 326 327 vof_build_dt(fdt, pm->vof); 328 vof_client_open_store(fdt, pm->vof, "/chosen", "stdout", "/failsafe"); 329 pm->cpu->vhyp = PPC_VIRTUAL_HYPERVISOR(machine); 330 } 331 332 enum pegasos2_rtas_tokens { 333 RTAS_RESTART_RTAS = 0, 334 RTAS_NVRAM_FETCH = 1, 335 RTAS_NVRAM_STORE = 2, 336 RTAS_GET_TIME_OF_DAY = 3, 337 RTAS_SET_TIME_OF_DAY = 4, 338 RTAS_EVENT_SCAN = 6, 339 RTAS_CHECK_EXCEPTION = 7, 340 RTAS_READ_PCI_CONFIG = 8, 341 RTAS_WRITE_PCI_CONFIG = 9, 342 RTAS_DISPLAY_CHARACTER = 10, 343 RTAS_SET_INDICATOR = 11, 344 RTAS_POWER_OFF = 17, 345 RTAS_SUSPEND = 18, 346 RTAS_HIBERNATE = 19, 347 RTAS_SYSTEM_REBOOT = 20, 348 }; 349 350 static target_ulong pegasos2_rtas(PowerPCCPU *cpu, Pegasos2MachineState *pm, 351 target_ulong args_real) 352 { 353 AddressSpace *as = CPU(cpu)->as; 354 uint32_t token = ldl_be_phys(as, args_real); 355 uint32_t nargs = ldl_be_phys(as, args_real + 4); 356 uint32_t nrets = ldl_be_phys(as, args_real + 8); 357 uint32_t args = args_real + 12; 358 uint32_t rets = args_real + 12 + nargs * 4; 359 360 if (nrets < 1) { 361 qemu_log_mask(LOG_GUEST_ERROR, "Too few return values in RTAS call\n"); 362 return H_PARAMETER; 363 } 364 switch (token) { 365 case RTAS_READ_PCI_CONFIG: 366 { 367 uint32_t addr, len, val; 368 369 if (nargs != 2 || nrets != 2) { 370 stl_be_phys(as, rets, -1); 371 return H_PARAMETER; 372 } 373 addr = ldl_be_phys(as, args); 374 len = ldl_be_phys(as, args + 4); 375 val = pegasos2_pci_config_read(as, !(addr >> 24), 376 addr & 0x0fffffff, len); 377 stl_be_phys(as, rets, 0); 378 stl_be_phys(as, rets + 4, val); 379 return H_SUCCESS; 380 } 381 case RTAS_WRITE_PCI_CONFIG: 382 { 383 uint32_t addr, len, val; 384 385 if (nargs != 3 || nrets != 1) { 386 stl_be_phys(as, rets, -1); 387 return H_PARAMETER; 388 } 389 addr = ldl_be_phys(as, args); 390 len = ldl_be_phys(as, args + 4); 391 val = ldl_be_phys(as, args + 8); 392 pegasos2_pci_config_write(as, !(addr >> 24), 393 addr & 0x0fffffff, len, val); 394 stl_be_phys(as, rets, 0); 395 return H_SUCCESS; 396 } 397 case RTAS_DISPLAY_CHARACTER: 398 if (nargs != 1 || nrets != 1) { 399 stl_be_phys(as, rets, -1); 400 return H_PARAMETER; 401 } 402 qemu_log_mask(LOG_UNIMP, "%c", ldl_be_phys(as, args)); 403 stl_be_phys(as, rets, 0); 404 return H_SUCCESS; 405 default: 406 qemu_log_mask(LOG_UNIMP, "Unknown RTAS token %u (args=%u, rets=%u)\n", 407 token, nargs, nrets); 408 stl_be_phys(as, rets, 0); 409 return H_SUCCESS; 410 } 411 } 412 413 static void pegasos2_hypercall(PPCVirtualHypervisor *vhyp, PowerPCCPU *cpu) 414 { 415 Pegasos2MachineState *pm = PEGASOS2_MACHINE(vhyp); 416 CPUPPCState *env = &cpu->env; 417 418 /* The TCG path should also be holding the BQL at this point */ 419 g_assert(qemu_mutex_iothread_locked()); 420 421 if (msr_pr) { 422 qemu_log_mask(LOG_GUEST_ERROR, "Hypercall made with MSR[PR]=1\n"); 423 env->gpr[3] = H_PRIVILEGE; 424 } else if (env->gpr[3] == KVMPPC_H_RTAS) { 425 env->gpr[3] = pegasos2_rtas(cpu, pm, env->gpr[4]); 426 } else if (env->gpr[3] == KVMPPC_H_VOF_CLIENT) { 427 int ret = vof_client_call(MACHINE(pm), pm->vof, pm->fdt_blob, 428 env->gpr[4]); 429 env->gpr[3] = (ret ? H_PARAMETER : H_SUCCESS); 430 } else { 431 qemu_log_mask(LOG_GUEST_ERROR, "Unsupported hypercall " TARGET_FMT_lx 432 "\n", env->gpr[3]); 433 env->gpr[3] = -1; 434 } 435 } 436 437 static void vhyp_nop(PPCVirtualHypervisor *vhyp, PowerPCCPU *cpu) 438 { 439 } 440 441 static target_ulong vhyp_encode_hpt_for_kvm_pr(PPCVirtualHypervisor *vhyp) 442 { 443 return POWERPC_CPU(current_cpu)->env.spr[SPR_SDR1]; 444 } 445 446 static bool pegasos2_setprop(MachineState *ms, const char *path, 447 const char *propname, void *val, int vallen) 448 { 449 return true; 450 } 451 452 static void pegasos2_machine_class_init(ObjectClass *oc, void *data) 453 { 454 MachineClass *mc = MACHINE_CLASS(oc); 455 PPCVirtualHypervisorClass *vhc = PPC_VIRTUAL_HYPERVISOR_CLASS(oc); 456 VofMachineIfClass *vmc = VOF_MACHINE_CLASS(oc); 457 458 mc->desc = "Genesi/bPlan Pegasos II"; 459 mc->init = pegasos2_init; 460 mc->reset = pegasos2_machine_reset; 461 mc->block_default_type = IF_IDE; 462 mc->default_boot_order = "cd"; 463 mc->default_display = "std"; 464 mc->default_cpu_type = POWERPC_CPU_TYPE_NAME("7400_v2.9"); 465 mc->default_ram_id = "pegasos2.ram"; 466 mc->default_ram_size = 512 * MiB; 467 468 vhc->hypercall = pegasos2_hypercall; 469 vhc->cpu_exec_enter = vhyp_nop; 470 vhc->cpu_exec_exit = vhyp_nop; 471 vhc->encode_hpt_for_kvm_pr = vhyp_encode_hpt_for_kvm_pr; 472 473 vmc->setprop = pegasos2_setprop; 474 } 475 476 static const TypeInfo pegasos2_machine_info = { 477 .name = TYPE_PEGASOS2_MACHINE, 478 .parent = TYPE_MACHINE, 479 .class_init = pegasos2_machine_class_init, 480 .instance_size = sizeof(Pegasos2MachineState), 481 .interfaces = (InterfaceInfo[]) { 482 { TYPE_PPC_VIRTUAL_HYPERVISOR }, 483 { TYPE_VOF_MACHINE_IF }, 484 { } 485 }, 486 }; 487 488 static void pegasos2_machine_register_types(void) 489 { 490 type_register_static(&pegasos2_machine_info); 491 } 492 493 type_init(pegasos2_machine_register_types) 494 495 /* FDT creation for passing to firmware */ 496 497 typedef struct { 498 void *fdt; 499 const char *path; 500 } FDTInfo; 501 502 /* We do everything in reverse order so it comes out right in the tree */ 503 504 static void dt_ide(PCIBus *bus, PCIDevice *d, FDTInfo *fi) 505 { 506 qemu_fdt_setprop_string(fi->fdt, fi->path, "device_type", "spi"); 507 } 508 509 static void dt_usb(PCIBus *bus, PCIDevice *d, FDTInfo *fi) 510 { 511 qemu_fdt_setprop_cell(fi->fdt, fi->path, "#size-cells", 0); 512 qemu_fdt_setprop_cell(fi->fdt, fi->path, "#address-cells", 1); 513 qemu_fdt_setprop_string(fi->fdt, fi->path, "device_type", "usb"); 514 } 515 516 static void dt_isa(PCIBus *bus, PCIDevice *d, FDTInfo *fi) 517 { 518 GString *name = g_string_sized_new(64); 519 uint32_t cells[3]; 520 521 qemu_fdt_setprop_cell(fi->fdt, fi->path, "#size-cells", 1); 522 qemu_fdt_setprop_cell(fi->fdt, fi->path, "#address-cells", 2); 523 qemu_fdt_setprop_string(fi->fdt, fi->path, "device_type", "isa"); 524 qemu_fdt_setprop_string(fi->fdt, fi->path, "name", "isa"); 525 526 /* addional devices */ 527 g_string_printf(name, "%s/lpt@i3bc", fi->path); 528 qemu_fdt_add_subnode(fi->fdt, name->str); 529 qemu_fdt_setprop_cell(fi->fdt, name->str, "clock-frequency", 0); 530 cells[0] = cpu_to_be32(7); 531 cells[1] = 0; 532 qemu_fdt_setprop(fi->fdt, name->str, "interrupts", 533 cells, 2 * sizeof(cells[0])); 534 cells[0] = cpu_to_be32(1); 535 cells[1] = cpu_to_be32(0x3bc); 536 cells[2] = cpu_to_be32(8); 537 qemu_fdt_setprop(fi->fdt, name->str, "reg", cells, 3 * sizeof(cells[0])); 538 qemu_fdt_setprop_string(fi->fdt, name->str, "device_type", "lpt"); 539 qemu_fdt_setprop_string(fi->fdt, name->str, "name", "lpt"); 540 541 g_string_printf(name, "%s/fdc@i3f0", fi->path); 542 qemu_fdt_add_subnode(fi->fdt, name->str); 543 qemu_fdt_setprop_cell(fi->fdt, name->str, "clock-frequency", 0); 544 cells[0] = cpu_to_be32(6); 545 cells[1] = 0; 546 qemu_fdt_setprop(fi->fdt, name->str, "interrupts", 547 cells, 2 * sizeof(cells[0])); 548 cells[0] = cpu_to_be32(1); 549 cells[1] = cpu_to_be32(0x3f0); 550 cells[2] = cpu_to_be32(8); 551 qemu_fdt_setprop(fi->fdt, name->str, "reg", cells, 3 * sizeof(cells[0])); 552 qemu_fdt_setprop_string(fi->fdt, name->str, "device_type", "fdc"); 553 qemu_fdt_setprop_string(fi->fdt, name->str, "name", "fdc"); 554 555 g_string_printf(name, "%s/timer@i40", fi->path); 556 qemu_fdt_add_subnode(fi->fdt, name->str); 557 qemu_fdt_setprop_cell(fi->fdt, name->str, "clock-frequency", 0); 558 cells[0] = cpu_to_be32(1); 559 cells[1] = cpu_to_be32(0x40); 560 cells[2] = cpu_to_be32(8); 561 qemu_fdt_setprop(fi->fdt, name->str, "reg", cells, 3 * sizeof(cells[0])); 562 qemu_fdt_setprop_string(fi->fdt, name->str, "device_type", "timer"); 563 qemu_fdt_setprop_string(fi->fdt, name->str, "name", "timer"); 564 565 g_string_printf(name, "%s/rtc@i70", fi->path); 566 qemu_fdt_add_subnode(fi->fdt, name->str); 567 qemu_fdt_setprop_string(fi->fdt, name->str, "compatible", "ds1385-rtc"); 568 qemu_fdt_setprop_cell(fi->fdt, name->str, "clock-frequency", 0); 569 cells[0] = cpu_to_be32(8); 570 cells[1] = 0; 571 qemu_fdt_setprop(fi->fdt, name->str, "interrupts", 572 cells, 2 * sizeof(cells[0])); 573 cells[0] = cpu_to_be32(1); 574 cells[1] = cpu_to_be32(0x70); 575 cells[2] = cpu_to_be32(2); 576 qemu_fdt_setprop(fi->fdt, name->str, "reg", cells, 3 * sizeof(cells[0])); 577 qemu_fdt_setprop_string(fi->fdt, name->str, "device_type", "rtc"); 578 qemu_fdt_setprop_string(fi->fdt, name->str, "name", "rtc"); 579 580 g_string_printf(name, "%s/keyboard@i60", fi->path); 581 qemu_fdt_add_subnode(fi->fdt, name->str); 582 cells[0] = cpu_to_be32(1); 583 cells[1] = 0; 584 qemu_fdt_setprop(fi->fdt, name->str, "interrupts", 585 cells, 2 * sizeof(cells[0])); 586 cells[0] = cpu_to_be32(1); 587 cells[1] = cpu_to_be32(0x60); 588 cells[2] = cpu_to_be32(5); 589 qemu_fdt_setprop(fi->fdt, name->str, "reg", cells, 3 * sizeof(cells[0])); 590 qemu_fdt_setprop_string(fi->fdt, name->str, "device_type", "keyboard"); 591 qemu_fdt_setprop_string(fi->fdt, name->str, "name", "keyboard"); 592 593 g_string_printf(name, "%s/8042@i60", fi->path); 594 qemu_fdt_add_subnode(fi->fdt, name->str); 595 qemu_fdt_setprop_cell(fi->fdt, name->str, "#interrupt-cells", 2); 596 qemu_fdt_setprop_cell(fi->fdt, name->str, "#size-cells", 0); 597 qemu_fdt_setprop_cell(fi->fdt, name->str, "#address-cells", 1); 598 qemu_fdt_setprop_string(fi->fdt, name->str, "interrupt-controller", ""); 599 qemu_fdt_setprop_cell(fi->fdt, name->str, "clock-frequency", 0); 600 cells[0] = cpu_to_be32(1); 601 cells[1] = cpu_to_be32(0x60); 602 cells[2] = cpu_to_be32(5); 603 qemu_fdt_setprop(fi->fdt, name->str, "reg", cells, 3 * sizeof(cells[0])); 604 qemu_fdt_setprop_string(fi->fdt, name->str, "device_type", ""); 605 qemu_fdt_setprop_string(fi->fdt, name->str, "name", "8042"); 606 607 g_string_printf(name, "%s/serial@i2f8", fi->path); 608 qemu_fdt_add_subnode(fi->fdt, name->str); 609 qemu_fdt_setprop_cell(fi->fdt, name->str, "clock-frequency", 0); 610 cells[0] = cpu_to_be32(3); 611 cells[1] = 0; 612 qemu_fdt_setprop(fi->fdt, name->str, "interrupts", 613 cells, 2 * sizeof(cells[0])); 614 cells[0] = cpu_to_be32(1); 615 cells[1] = cpu_to_be32(0x2f8); 616 cells[2] = cpu_to_be32(8); 617 qemu_fdt_setprop(fi->fdt, name->str, "reg", cells, 3 * sizeof(cells[0])); 618 qemu_fdt_setprop_string(fi->fdt, name->str, "device_type", "serial"); 619 qemu_fdt_setprop_string(fi->fdt, name->str, "name", "serial"); 620 621 g_string_free(name, TRUE); 622 } 623 624 static struct { 625 const char *id; 626 const char *name; 627 void (*dtf)(PCIBus *bus, PCIDevice *d, FDTInfo *fi); 628 } device_map[] = { 629 { "pci11ab,6460", "host", NULL }, 630 { "pci1106,8231", "isa", dt_isa }, 631 { "pci1106,571", "ide", dt_ide }, 632 { "pci1106,3044", "firewire", NULL }, 633 { "pci1106,3038", "usb", dt_usb }, 634 { "pci1106,8235", "other", NULL }, 635 { "pci1106,3058", "sound", NULL }, 636 { NULL, NULL } 637 }; 638 639 static void add_pci_device(PCIBus *bus, PCIDevice *d, void *opaque) 640 { 641 FDTInfo *fi = opaque; 642 GString *node = g_string_new(NULL); 643 uint32_t cells[(PCI_NUM_REGIONS + 1) * 5]; 644 int i, j; 645 const char *name = NULL; 646 g_autofree const gchar *pn = g_strdup_printf("pci%x,%x", 647 pci_get_word(&d->config[PCI_VENDOR_ID]), 648 pci_get_word(&d->config[PCI_DEVICE_ID])); 649 650 for (i = 0; device_map[i].id; i++) { 651 if (!strcmp(pn, device_map[i].id)) { 652 name = device_map[i].name; 653 break; 654 } 655 } 656 g_string_printf(node, "%s/%s@%x", fi->path, (name ?: pn), 657 PCI_SLOT(d->devfn)); 658 if (PCI_FUNC(d->devfn)) { 659 g_string_append_printf(node, ",%x", PCI_FUNC(d->devfn)); 660 } 661 662 qemu_fdt_add_subnode(fi->fdt, node->str); 663 if (device_map[i].dtf) { 664 FDTInfo cfi = { fi->fdt, node->str }; 665 device_map[i].dtf(bus, d, &cfi); 666 } 667 cells[0] = cpu_to_be32(d->devfn << 8); 668 cells[1] = 0; 669 cells[2] = 0; 670 cells[3] = 0; 671 cells[4] = 0; 672 j = 5; 673 for (i = 0; i < PCI_NUM_REGIONS; i++) { 674 if (!d->io_regions[i].size) { 675 continue; 676 } 677 cells[j] = cpu_to_be32(d->devfn << 8 | (PCI_BASE_ADDRESS_0 + i * 4)); 678 if (d->io_regions[i].type & PCI_BASE_ADDRESS_SPACE_IO) { 679 cells[j] |= cpu_to_be32(1 << 24); 680 } else { 681 cells[j] |= cpu_to_be32(2 << 24); 682 if (d->io_regions[i].type & PCI_BASE_ADDRESS_MEM_PREFETCH) { 683 cells[j] |= cpu_to_be32(4 << 28); 684 } 685 } 686 cells[j + 1] = 0; 687 cells[j + 2] = 0; 688 cells[j + 3] = cpu_to_be32(d->io_regions[i].size >> 32); 689 cells[j + 4] = cpu_to_be32(d->io_regions[i].size); 690 j += 5; 691 } 692 qemu_fdt_setprop(fi->fdt, node->str, "reg", cells, j * sizeof(cells[0])); 693 qemu_fdt_setprop_string(fi->fdt, node->str, "name", name ?: pn); 694 if (pci_get_byte(&d->config[PCI_INTERRUPT_PIN])) { 695 qemu_fdt_setprop_cell(fi->fdt, node->str, "interrupts", 696 pci_get_byte(&d->config[PCI_INTERRUPT_PIN])); 697 } 698 /* Pegasos2 firmware has subsystem-id amd subsystem-vendor-id swapped */ 699 qemu_fdt_setprop_cell(fi->fdt, node->str, "subsystem-vendor-id", 700 pci_get_word(&d->config[PCI_SUBSYSTEM_ID])); 701 qemu_fdt_setprop_cell(fi->fdt, node->str, "subsystem-id", 702 pci_get_word(&d->config[PCI_SUBSYSTEM_VENDOR_ID])); 703 cells[0] = pci_get_long(&d->config[PCI_CLASS_REVISION]); 704 qemu_fdt_setprop_cell(fi->fdt, node->str, "class-code", cells[0] >> 8); 705 qemu_fdt_setprop_cell(fi->fdt, node->str, "revision-id", cells[0] & 0xff); 706 qemu_fdt_setprop_cell(fi->fdt, node->str, "device-id", 707 pci_get_word(&d->config[PCI_DEVICE_ID])); 708 qemu_fdt_setprop_cell(fi->fdt, node->str, "vendor-id", 709 pci_get_word(&d->config[PCI_VENDOR_ID])); 710 711 g_string_free(node, TRUE); 712 } 713 714 static void *build_fdt(MachineState *machine, int *fdt_size) 715 { 716 Pegasos2MachineState *pm = PEGASOS2_MACHINE(machine); 717 PowerPCCPU *cpu = pm->cpu; 718 PCIBus *pci_bus; 719 FDTInfo fi; 720 uint32_t cells[16]; 721 void *fdt = create_device_tree(fdt_size); 722 723 fi.fdt = fdt; 724 725 /* root node */ 726 qemu_fdt_setprop_string(fdt, "/", "CODEGEN,description", 727 "Pegasos CHRP PowerPC System"); 728 qemu_fdt_setprop_string(fdt, "/", "CODEGEN,board", "Pegasos2"); 729 qemu_fdt_setprop_string(fdt, "/", "CODEGEN,vendor", "bplan GmbH"); 730 qemu_fdt_setprop_string(fdt, "/", "revision", "2B"); 731 qemu_fdt_setprop_string(fdt, "/", "model", "Pegasos2"); 732 qemu_fdt_setprop_string(fdt, "/", "device_type", "chrp"); 733 qemu_fdt_setprop_cell(fdt, "/", "#address-cells", 1); 734 qemu_fdt_setprop_string(fdt, "/", "name", "bplan,Pegasos2"); 735 736 /* pci@c0000000 */ 737 qemu_fdt_add_subnode(fdt, "/pci@c0000000"); 738 cells[0] = 0; 739 cells[1] = 0; 740 qemu_fdt_setprop(fdt, "/pci@c0000000", "bus-range", 741 cells, 2 * sizeof(cells[0])); 742 qemu_fdt_setprop_cell(fdt, "/pci@c0000000", "pci-bridge-number", 1); 743 cells[0] = cpu_to_be32(PCI0_MEM_BASE); 744 cells[1] = cpu_to_be32(PCI0_MEM_SIZE); 745 qemu_fdt_setprop(fdt, "/pci@c0000000", "reg", cells, 2 * sizeof(cells[0])); 746 cells[0] = cpu_to_be32(0x01000000); 747 cells[1] = 0; 748 cells[2] = 0; 749 cells[3] = cpu_to_be32(PCI0_IO_BASE); 750 cells[4] = 0; 751 cells[5] = cpu_to_be32(PCI0_IO_SIZE); 752 cells[6] = cpu_to_be32(0x02000000); 753 cells[7] = 0; 754 cells[8] = cpu_to_be32(PCI0_MEM_BASE); 755 cells[9] = cpu_to_be32(PCI0_MEM_BASE); 756 cells[10] = 0; 757 cells[11] = cpu_to_be32(PCI0_MEM_SIZE); 758 qemu_fdt_setprop(fdt, "/pci@c0000000", "ranges", 759 cells, 12 * sizeof(cells[0])); 760 qemu_fdt_setprop_cell(fdt, "/pci@c0000000", "#size-cells", 2); 761 qemu_fdt_setprop_cell(fdt, "/pci@c0000000", "#address-cells", 3); 762 qemu_fdt_setprop_string(fdt, "/pci@c0000000", "device_type", "pci"); 763 qemu_fdt_setprop_string(fdt, "/pci@c0000000", "name", "pci"); 764 765 fi.path = "/pci@c0000000"; 766 pci_bus = mv64361_get_pci_bus(pm->mv, 0); 767 pci_for_each_device_reverse(pci_bus, 0, add_pci_device, &fi); 768 769 /* pci@80000000 */ 770 qemu_fdt_add_subnode(fdt, "/pci@80000000"); 771 cells[0] = 0; 772 cells[1] = 0; 773 qemu_fdt_setprop(fdt, "/pci@80000000", "bus-range", 774 cells, 2 * sizeof(cells[0])); 775 qemu_fdt_setprop_cell(fdt, "/pci@80000000", "pci-bridge-number", 0); 776 cells[0] = cpu_to_be32(PCI1_MEM_BASE); 777 cells[1] = cpu_to_be32(PCI1_MEM_SIZE); 778 qemu_fdt_setprop(fdt, "/pci@80000000", "reg", cells, 2 * sizeof(cells[0])); 779 qemu_fdt_setprop_cell(fdt, "/pci@80000000", "8259-interrupt-acknowledge", 780 0xf1000cb4); 781 cells[0] = cpu_to_be32(0x01000000); 782 cells[1] = 0; 783 cells[2] = 0; 784 cells[3] = cpu_to_be32(PCI1_IO_BASE); 785 cells[4] = 0; 786 cells[5] = cpu_to_be32(PCI1_IO_SIZE); 787 cells[6] = cpu_to_be32(0x02000000); 788 cells[7] = 0; 789 cells[8] = cpu_to_be32(PCI1_MEM_BASE); 790 cells[9] = cpu_to_be32(PCI1_MEM_BASE); 791 cells[10] = 0; 792 cells[11] = cpu_to_be32(PCI1_MEM_SIZE); 793 qemu_fdt_setprop(fdt, "/pci@80000000", "ranges", 794 cells, 12 * sizeof(cells[0])); 795 qemu_fdt_setprop_cell(fdt, "/pci@80000000", "#size-cells", 2); 796 qemu_fdt_setprop_cell(fdt, "/pci@80000000", "#address-cells", 3); 797 qemu_fdt_setprop_string(fdt, "/pci@80000000", "device_type", "pci"); 798 qemu_fdt_setprop_string(fdt, "/pci@80000000", "name", "pci"); 799 800 fi.path = "/pci@80000000"; 801 pci_bus = mv64361_get_pci_bus(pm->mv, 1); 802 pci_for_each_device_reverse(pci_bus, 0, add_pci_device, &fi); 803 804 qemu_fdt_add_subnode(fdt, "/failsafe"); 805 qemu_fdt_setprop_string(fdt, "/failsafe", "device_type", "serial"); 806 qemu_fdt_setprop_string(fdt, "/failsafe", "name", "failsafe"); 807 808 qemu_fdt_add_subnode(fdt, "/rtas"); 809 qemu_fdt_setprop_cell(fdt, "/rtas", "system-reboot", RTAS_SYSTEM_REBOOT); 810 qemu_fdt_setprop_cell(fdt, "/rtas", "hibernate", RTAS_HIBERNATE); 811 qemu_fdt_setprop_cell(fdt, "/rtas", "suspend", RTAS_SUSPEND); 812 qemu_fdt_setprop_cell(fdt, "/rtas", "power-off", RTAS_POWER_OFF); 813 qemu_fdt_setprop_cell(fdt, "/rtas", "set-indicator", RTAS_SET_INDICATOR); 814 qemu_fdt_setprop_cell(fdt, "/rtas", "display-character", 815 RTAS_DISPLAY_CHARACTER); 816 qemu_fdt_setprop_cell(fdt, "/rtas", "write-pci-config", 817 RTAS_WRITE_PCI_CONFIG); 818 qemu_fdt_setprop_cell(fdt, "/rtas", "read-pci-config", 819 RTAS_READ_PCI_CONFIG); 820 /* Pegasos2 firmware misspells check-exception and guests use that */ 821 qemu_fdt_setprop_cell(fdt, "/rtas", "check-execption", 822 RTAS_CHECK_EXCEPTION); 823 qemu_fdt_setprop_cell(fdt, "/rtas", "event-scan", RTAS_EVENT_SCAN); 824 qemu_fdt_setprop_cell(fdt, "/rtas", "set-time-of-day", 825 RTAS_SET_TIME_OF_DAY); 826 qemu_fdt_setprop_cell(fdt, "/rtas", "get-time-of-day", 827 RTAS_GET_TIME_OF_DAY); 828 qemu_fdt_setprop_cell(fdt, "/rtas", "nvram-store", RTAS_NVRAM_STORE); 829 qemu_fdt_setprop_cell(fdt, "/rtas", "nvram-fetch", RTAS_NVRAM_FETCH); 830 qemu_fdt_setprop_cell(fdt, "/rtas", "restart-rtas", RTAS_RESTART_RTAS); 831 qemu_fdt_setprop_cell(fdt, "/rtas", "rtas-error-log-max", 0); 832 qemu_fdt_setprop_cell(fdt, "/rtas", "rtas-event-scan-rate", 0); 833 qemu_fdt_setprop_cell(fdt, "/rtas", "rtas-display-device", 0); 834 qemu_fdt_setprop_cell(fdt, "/rtas", "rtas-size", 20); 835 qemu_fdt_setprop_cell(fdt, "/rtas", "rtas-version", 1); 836 837 /* cpus */ 838 qemu_fdt_add_subnode(fdt, "/cpus"); 839 qemu_fdt_setprop_cell(fdt, "/cpus", "#cpus", 1); 840 qemu_fdt_setprop_cell(fdt, "/cpus", "#address-cells", 1); 841 qemu_fdt_setprop_cell(fdt, "/cpus", "#size-cells", 0); 842 qemu_fdt_setprop_string(fdt, "/cpus", "name", "cpus"); 843 844 /* FIXME Get CPU name from CPU object */ 845 const char *cp = "/cpus/PowerPC,G4"; 846 qemu_fdt_add_subnode(fdt, cp); 847 qemu_fdt_setprop_cell(fdt, cp, "l2cr", 0); 848 qemu_fdt_setprop_cell(fdt, cp, "d-cache-size", 0x8000); 849 qemu_fdt_setprop_cell(fdt, cp, "d-cache-block-size", 850 cpu->env.dcache_line_size); 851 qemu_fdt_setprop_cell(fdt, cp, "d-cache-line-size", 852 cpu->env.dcache_line_size); 853 qemu_fdt_setprop_cell(fdt, cp, "i-cache-size", 0x8000); 854 qemu_fdt_setprop_cell(fdt, cp, "i-cache-block-size", 855 cpu->env.icache_line_size); 856 qemu_fdt_setprop_cell(fdt, cp, "i-cache-line-size", 857 cpu->env.icache_line_size); 858 if (cpu->env.id_tlbs) { 859 qemu_fdt_setprop_cell(fdt, cp, "i-tlb-sets", cpu->env.nb_ways); 860 qemu_fdt_setprop_cell(fdt, cp, "i-tlb-size", cpu->env.tlb_per_way); 861 qemu_fdt_setprop_cell(fdt, cp, "d-tlb-sets", cpu->env.nb_ways); 862 qemu_fdt_setprop_cell(fdt, cp, "d-tlb-size", cpu->env.tlb_per_way); 863 qemu_fdt_setprop_string(fdt, cp, "tlb-split", ""); 864 } 865 qemu_fdt_setprop_cell(fdt, cp, "tlb-sets", cpu->env.nb_ways); 866 qemu_fdt_setprop_cell(fdt, cp, "tlb-size", cpu->env.nb_tlb); 867 qemu_fdt_setprop_string(fdt, cp, "state", "running"); 868 if (cpu->env.insns_flags & PPC_ALTIVEC) { 869 qemu_fdt_setprop_string(fdt, cp, "altivec", ""); 870 qemu_fdt_setprop_string(fdt, cp, "data-streams", ""); 871 } 872 /* 873 * FIXME What flags do data-streams, external-control and 874 * performance-monitor depend on? 875 */ 876 qemu_fdt_setprop_string(fdt, cp, "external-control", ""); 877 if (cpu->env.insns_flags & PPC_FLOAT_FSQRT) { 878 qemu_fdt_setprop_string(fdt, cp, "general-purpose", ""); 879 } 880 qemu_fdt_setprop_string(fdt, cp, "performance-monitor", ""); 881 if (cpu->env.insns_flags & PPC_FLOAT_FRES) { 882 qemu_fdt_setprop_string(fdt, cp, "graphics", ""); 883 } 884 qemu_fdt_setprop_cell(fdt, cp, "reservation-granule-size", 4); 885 qemu_fdt_setprop_cell(fdt, cp, "timebase-frequency", 886 cpu->env.tb_env->tb_freq); 887 qemu_fdt_setprop_cell(fdt, cp, "bus-frequency", BUS_FREQ_HZ); 888 qemu_fdt_setprop_cell(fdt, cp, "clock-frequency", BUS_FREQ_HZ * 7.5); 889 qemu_fdt_setprop_cell(fdt, cp, "cpu-version", cpu->env.spr[SPR_PVR]); 890 cells[0] = 0; 891 cells[1] = 0; 892 qemu_fdt_setprop(fdt, cp, "reg", cells, 2 * sizeof(cells[0])); 893 qemu_fdt_setprop_string(fdt, cp, "device_type", "cpu"); 894 qemu_fdt_setprop_string(fdt, cp, "name", strrchr(cp, '/') + 1); 895 896 /* memory */ 897 qemu_fdt_add_subnode(fdt, "/memory@0"); 898 cells[0] = 0; 899 cells[1] = cpu_to_be32(machine->ram_size); 900 qemu_fdt_setprop(fdt, "/memory@0", "reg", cells, 2 * sizeof(cells[0])); 901 qemu_fdt_setprop_string(fdt, "/memory@0", "device_type", "memory"); 902 qemu_fdt_setprop_string(fdt, "/memory@0", "name", "memory"); 903 904 qemu_fdt_add_subnode(fdt, "/chosen"); 905 qemu_fdt_setprop_string(fdt, "/chosen", "bootargs", 906 machine->kernel_cmdline ?: ""); 907 qemu_fdt_setprop_string(fdt, "/chosen", "name", "chosen"); 908 909 qemu_fdt_add_subnode(fdt, "/openprom"); 910 qemu_fdt_setprop_string(fdt, "/openprom", "model", "Pegasos2,1.1"); 911 912 return fdt; 913 } 914