2 * QEMU PC System Emulator
4 * Copyright (c) 2003 Fabrice Bellard
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
43 #include <sys/ioctl.h>
44 #include <sys/socket.h>
46 #include <linux/if_tun.h>
53 #define DEFAULT_NETWORK_SCRIPT "/etc/qemu-ifup"
54 #define BIOS_FILENAME "bios.bin"
55 #define VGABIOS_FILENAME "vgabios.bin"
57 //#define DEBUG_UNUSED_IOPORT
59 //#define DEBUG_IRQ_LATENCY
61 /* output Bochs bios info messages */
69 /* debug NE2000 card */
70 //#define DEBUG_NE2000
72 /* debug PC keyboard */
75 /* debug PC keyboard : only mouse */
78 //#define DEBUG_SERIAL
80 #if !defined(CONFIG_SOFTMMU)
81 #define PHYS_RAM_MAX_SIZE (256 * 1024 * 1024)
83 #define PHYS_RAM_MAX_SIZE (2047 * 1024 * 1024)
86 #if defined (TARGET_I386)
87 #define KERNEL_LOAD_ADDR 0x00100000
88 #elif defined (TARGET_PPC)
89 //#define USE_OPEN_FIRMWARE
90 #if !defined (USE_OPEN_FIRMWARE)
91 #define KERNEL_LOAD_ADDR 0x01000000
92 #define KERNEL_STACK_ADDR 0x01200000
94 #define KERNEL_LOAD_ADDR 0x00000000
95 #define KERNEL_STACK_ADDR 0x00400000
98 #define INITRD_LOAD_ADDR 0x00400000
99 #define KERNEL_PARAMS_ADDR 0x00090000
100 #define KERNEL_CMDLINE_ADDR 0x00099000
102 #define GUI_REFRESH_INTERVAL 30
104 /* XXX: use a two level table to limit memory usage */
105 #define MAX_IOPORTS 65536
107 static const char *bios_dir = CONFIG_QEMU_SHAREDIR;
108 char phys_ram_file[1024];
109 CPUState *global_env;
110 CPUState *cpu_single_env;
111 IOPortReadFunc *ioport_read_table[3][MAX_IOPORTS];
112 IOPortWriteFunc *ioport_write_table[3][MAX_IOPORTS];
113 BlockDriverState *bs_table[MAX_DISKS], *fd_table[MAX_FD];
115 static DisplayState display_state;
118 int64_t ticks_per_sec;
119 int boot_device = 'c';
122 /***********************************************************/
125 uint32_t default_ioport_readb(CPUState *env, uint32_t address)
127 #ifdef DEBUG_UNUSED_IOPORT
128 fprintf(stderr, "inb: port=0x%04x\n", address);
133 void default_ioport_writeb(CPUState *env, uint32_t address, uint32_t data)
135 #ifdef DEBUG_UNUSED_IOPORT
136 fprintf(stderr, "outb: port=0x%04x data=0x%02x\n", address, data);
140 /* default is to make two byte accesses */
141 uint32_t default_ioport_readw(CPUState *env, uint32_t address)
144 data = ioport_read_table[0][address & (MAX_IOPORTS - 1)](env, address);
145 data |= ioport_read_table[0][(address + 1) & (MAX_IOPORTS - 1)](env, address + 1) << 8;
149 void default_ioport_writew(CPUState *env, uint32_t address, uint32_t data)
151 ioport_write_table[0][address & (MAX_IOPORTS - 1)](env, address, data & 0xff);
152 ioport_write_table[0][(address + 1) & (MAX_IOPORTS - 1)](env, address + 1, (data >> 8) & 0xff);
155 uint32_t default_ioport_readl(CPUState *env, uint32_t address)
157 #ifdef DEBUG_UNUSED_IOPORT
158 fprintf(stderr, "inl: port=0x%04x\n", address);
163 void default_ioport_writel(CPUState *env, uint32_t address, uint32_t data)
165 #ifdef DEBUG_UNUSED_IOPORT
166 fprintf(stderr, "outl: port=0x%04x data=0x%02x\n", address, data);
170 void init_ioports(void)
174 for(i = 0; i < MAX_IOPORTS; i++) {
175 ioport_read_table[0][i] = default_ioport_readb;
176 ioport_write_table[0][i] = default_ioport_writeb;
177 ioport_read_table[1][i] = default_ioport_readw;
178 ioport_write_table[1][i] = default_ioport_writew;
179 ioport_read_table[2][i] = default_ioport_readl;
180 ioport_write_table[2][i] = default_ioport_writel;
184 /* size is the word size in byte */
185 int register_ioport_read(int start, int length, IOPortReadFunc *func, int size)
197 for(i = start; i < start + length; i += size)
198 ioport_read_table[bsize][i] = func;
202 /* size is the word size in byte */
203 int register_ioport_write(int start, int length, IOPortWriteFunc *func, int size)
215 for(i = start; i < start + length; i += size)
216 ioport_write_table[bsize][i] = func;
220 void pstrcpy(char *buf, int buf_size, const char *str)
230 if (c == 0 || q >= buf + buf_size - 1)
237 /* strcat and truncate. */
238 char *pstrcat(char *buf, int buf_size, const char *s)
243 pstrcpy(buf + len, buf_size - len, s);
247 #if defined (TARGET_I386)
248 int load_kernel(const char *filename, uint8_t *addr,
254 fd = open(filename, O_RDONLY);
258 /* load 16 bit code */
259 if (read(fd, real_addr, 512) != 512)
261 setup_sects = real_addr[0x1F1];
264 if (read(fd, real_addr + 512, setup_sects * 512) !=
268 /* load 32 bit code */
269 size = read(fd, addr, 16 * 1024 * 1024);
280 /* return the size or -1 if error */
281 int load_image(const char *filename, uint8_t *addr)
284 fd = open(filename, O_RDONLY);
287 size = lseek(fd, 0, SEEK_END);
288 lseek(fd, 0, SEEK_SET);
289 if (read(fd, addr, size) != size) {
297 void cpu_outb(CPUState *env, int addr, int val)
299 ioport_write_table[0][addr & (MAX_IOPORTS - 1)](env, addr, val);
302 void cpu_outw(CPUState *env, int addr, int val)
304 ioport_write_table[1][addr & (MAX_IOPORTS - 1)](env, addr, val);
307 void cpu_outl(CPUState *env, int addr, int val)
309 ioport_write_table[2][addr & (MAX_IOPORTS - 1)](env, addr, val);
312 int cpu_inb(CPUState *env, int addr)
314 return ioport_read_table[0][addr & (MAX_IOPORTS - 1)](env, addr);
317 int cpu_inw(CPUState *env, int addr)
319 return ioport_read_table[1][addr & (MAX_IOPORTS - 1)](env, addr);
322 int cpu_inl(CPUState *env, int addr)
324 return ioport_read_table[2][addr & (MAX_IOPORTS - 1)](env, addr);
327 /***********************************************************/
328 void ioport80_write(CPUState *env, uint32_t addr, uint32_t data)
332 void hw_error(const char *fmt, ...)
337 fprintf(stderr, "qemu: hardware error: ");
338 vfprintf(stderr, fmt, ap);
339 fprintf(stderr, "\n");
341 cpu_x86_dump_state(global_env, stderr, X86_DUMP_FPU | X86_DUMP_CCOP);
343 cpu_dump_state(global_env, stderr, 0);
349 /***********************************************************/
352 #if defined (TARGET_I386)
353 #define RTC_SECONDS 0
354 #define RTC_SECONDS_ALARM 1
355 #define RTC_MINUTES 2
356 #define RTC_MINUTES_ALARM 3
358 #define RTC_HOURS_ALARM 5
359 #define RTC_ALARM_DONT_CARE 0xC0
361 #define RTC_DAY_OF_WEEK 6
362 #define RTC_DAY_OF_MONTH 7
371 /* PC cmos mappings */
372 #define REG_EQUIPMENT_BYTE 0x14
373 #define REG_IBM_CENTURY_BYTE 0x32
374 #define REG_IBM_PS2_CENTURY_BYTE 0x37
376 uint8_t cmos_data[128];
379 void cmos_ioport_write(CPUState *env, uint32_t addr, uint32_t data)
382 cmos_index = data & 0x7f;
385 printf("cmos: write index=0x%02x val=0x%02x\n",
389 case RTC_SECONDS_ALARM:
390 case RTC_MINUTES_ALARM:
391 case RTC_HOURS_ALARM:
392 /* XXX: not supported */
393 cmos_data[cmos_index] = data;
398 case RTC_DAY_OF_WEEK:
399 case RTC_DAY_OF_MONTH:
402 cmos_data[cmos_index] = data;
406 cmos_data[cmos_index] = data;
410 /* cannot write to them */
413 cmos_data[cmos_index] = data;
419 static inline int to_bcd(int a)
421 return ((a / 10) << 4) | (a % 10);
424 static void cmos_update_time(void)
431 cmos_data[RTC_SECONDS] = to_bcd(tm->tm_sec);
432 cmos_data[RTC_MINUTES] = to_bcd(tm->tm_min);
433 cmos_data[RTC_HOURS] = to_bcd(tm->tm_hour);
434 cmos_data[RTC_DAY_OF_WEEK] = to_bcd(tm->tm_wday);
435 cmos_data[RTC_DAY_OF_MONTH] = to_bcd(tm->tm_mday);
436 cmos_data[RTC_MONTH] = to_bcd(tm->tm_mon + 1);
437 cmos_data[RTC_YEAR] = to_bcd(tm->tm_year % 100);
438 cmos_data[REG_IBM_CENTURY_BYTE] = to_bcd((tm->tm_year / 100) + 19);
439 cmos_data[REG_IBM_PS2_CENTURY_BYTE] = cmos_data[REG_IBM_CENTURY_BYTE];
442 uint32_t cmos_ioport_read(CPUState *env, uint32_t addr)
453 case RTC_DAY_OF_WEEK:
454 case RTC_DAY_OF_MONTH:
457 case REG_IBM_CENTURY_BYTE:
458 case REG_IBM_PS2_CENTURY_BYTE:
460 ret = cmos_data[cmos_index];
463 ret = cmos_data[cmos_index];
464 /* toggle update-in-progress bit for Linux (same hack as
466 cmos_data[RTC_REG_A] ^= 0x80;
469 ret = cmos_data[cmos_index];
471 cmos_data[RTC_REG_C] = 0x00;
474 ret = cmos_data[cmos_index];
478 printf("cmos: read index=0x%02x val=0x%02x\n",
491 cmos_data[RTC_REG_A] = 0x26;
492 cmos_data[RTC_REG_B] = 0x02;
493 cmos_data[RTC_REG_C] = 0x00;
494 cmos_data[RTC_REG_D] = 0x80;
496 /* various important CMOS locations needed by PC/Bochs bios */
498 cmos_data[REG_EQUIPMENT_BYTE] = 0x02; /* FPU is there */
499 cmos_data[REG_EQUIPMENT_BYTE] |= 0x04; /* PS/2 mouse installed */
502 val = (ram_size / 1024) - 1024;
505 cmos_data[0x17] = val;
506 cmos_data[0x18] = val >> 8;
507 cmos_data[0x30] = val;
508 cmos_data[0x31] = val >> 8;
510 val = (ram_size / 65536) - ((16 * 1024 * 1024) / 65536);
513 cmos_data[0x34] = val;
514 cmos_data[0x35] = val >> 8;
516 switch(boot_device) {
519 cmos_data[0x3d] = 0x01; /* floppy boot */
523 cmos_data[0x3d] = 0x02; /* hard drive boot */
526 cmos_data[0x3d] = 0x03; /* CD-ROM boot */
530 register_ioport_write(0x70, 2, cmos_ioport_write, 1);
531 register_ioport_read(0x70, 2, cmos_ioport_read, 1);
534 void cmos_register_fd (uint8_t fd0, uint8_t fd1)
541 /* 1.44 Mb 3"5 drive */
542 cmos_data[0x10] |= 0x40;
545 /* 2.88 Mb 3"5 drive */
546 cmos_data[0x10] |= 0x60;
549 /* 1.2 Mb 5"5 drive */
550 cmos_data[0x10] |= 0x20;
555 /* 1.44 Mb 3"5 drive */
556 cmos_data[0x10] |= 0x04;
559 /* 2.88 Mb 3"5 drive */
560 cmos_data[0x10] |= 0x06;
563 /* 1.2 Mb 5"5 drive */
564 cmos_data[0x10] |= 0x02;
575 cmos_data[REG_EQUIPMENT_BYTE] |= 0x01; /* 1 drive, ready for boot */
578 cmos_data[REG_EQUIPMENT_BYTE] |= 0x41; /* 2 drives, ready for boot */
582 #endif /* TARGET_I386 */
584 /***********************************************************/
585 /* 8259 pic emulation */
587 typedef struct PicState {
588 uint8_t last_irr; /* edge detection */
589 uint8_t irr; /* interrupt request register */
590 uint8_t imr; /* interrupt mask register */
591 uint8_t isr; /* interrupt service register */
592 uint8_t priority_add; /* highest irq priority */
594 uint8_t read_reg_select;
596 uint8_t special_mask;
599 uint8_t rotate_on_auto_eoi;
600 uint8_t special_fully_nested_mode;
601 uint8_t init4; /* true if 4 byte init */
604 /* 0 is master pic, 1 is slave pic */
606 int pic_irq_requested;
608 /* set irq level. If an edge is detected, then the IRR is set to 1 */
609 static inline void pic_set_irq1(PicState *s, int irq, int level)
614 if ((s->last_irr & mask) == 0)
618 s->last_irr &= ~mask;
622 /* return the highest priority found in mask (highest = smallest
623 number). Return 8 if no irq */
624 static inline int get_priority(PicState *s, int mask)
630 while ((mask & (1 << ((priority + s->priority_add) & 7))) == 0)
635 /* return the pic wanted interrupt. return -1 if none */
636 static int pic_get_irq(PicState *s)
638 int mask, cur_priority, priority;
640 mask = s->irr & ~s->imr;
641 priority = get_priority(s, mask);
644 /* compute current priority. If special fully nested mode on the
645 master, the IRQ coming from the slave is not taken into account
646 for the priority computation. */
648 if (s->special_fully_nested_mode && s == &pics[0])
650 cur_priority = get_priority(s, mask);
651 if (priority < cur_priority) {
652 /* higher priority found: an irq should be generated */
653 return (priority + s->priority_add) & 7;
659 /* raise irq to CPU if necessary. must be called every time the active
661 void pic_update_irq(void)
665 /* first look at slave pic */
666 irq2 = pic_get_irq(&pics[1]);
668 /* if irq request by slave pic, signal master PIC */
669 pic_set_irq1(&pics[0], 2, 1);
670 pic_set_irq1(&pics[0], 2, 0);
672 /* look at requested irq */
673 irq = pic_get_irq(&pics[0]);
677 pic_irq_requested = 8 + irq2;
679 /* from master pic */
680 pic_irq_requested = irq;
682 #if defined(DEBUG_PIC)
685 for(i = 0; i < 2; i++) {
686 printf("pic%d: imr=%x irr=%x padd=%d\n",
687 i, pics[i].imr, pics[i].irr, pics[i].priority_add);
691 printf("pic: cpu_interrupt req=%d\n", pic_irq_requested);
693 cpu_interrupt(global_env, CPU_INTERRUPT_HARD);
697 #ifdef DEBUG_IRQ_LATENCY
698 int64_t irq_time[16];
699 int64_t cpu_get_ticks(void);
701 #if defined(DEBUG_PIC)
705 void pic_set_irq(int irq, int level)
707 #if defined(DEBUG_PIC)
708 if (level != irq_level[irq]) {
709 printf("pic_set_irq: irq=%d level=%d\n", irq, level);
710 irq_level[irq] = level;
713 #ifdef DEBUG_IRQ_LATENCY
715 irq_time[irq] = cpu_get_ticks();
718 pic_set_irq1(&pics[irq >> 3], irq & 7, level);
722 /* acknowledge interrupt 'irq' */
723 static inline void pic_intack(PicState *s, int irq)
726 if (s->rotate_on_auto_eoi)
727 s->priority_add = (irq + 1) & 7;
729 s->isr |= (1 << irq);
731 s->irr &= ~(1 << irq);
734 int cpu_x86_get_pic_interrupt(CPUState *env)
736 int irq, irq2, intno;
738 /* signal the pic that the irq was acked by the CPU */
739 irq = pic_irq_requested;
740 #ifdef DEBUG_IRQ_LATENCY
741 printf("IRQ%d latency=%0.3fus\n",
743 (double)(cpu_get_ticks() - irq_time[irq]) * 1000000.0 / ticks_per_sec);
745 #if defined(DEBUG_PIC)
746 printf("pic_interrupt: irq=%d\n", irq);
751 pic_intack(&pics[1], irq2);
753 intno = pics[1].irq_base + irq2;
755 intno = pics[0].irq_base + irq;
757 pic_intack(&pics[0], irq);
761 void pic_ioport_write(CPUState *env, uint32_t addr, uint32_t val)
764 int priority, cmd, irq;
767 printf("pic_write: addr=0x%02x val=0x%02x\n", addr, val);
769 s = &pics[addr >> 7];
774 memset(s, 0, sizeof(PicState));
778 hw_error("single mode not supported");
780 hw_error("level sensitive irq not supported");
781 } else if (val & 0x08) {
785 s->read_reg_select = val & 1;
787 s->special_mask = (val >> 5) & 1;
793 s->rotate_on_auto_eoi = cmd >> 2;
795 case 1: /* end of interrupt */
797 priority = get_priority(s, s->isr);
799 irq = (priority + s->priority_add) & 7;
800 s->isr &= ~(1 << irq);
802 s->priority_add = (irq + 1) & 7;
808 s->isr &= ~(1 << irq);
812 s->priority_add = (val + 1) & 7;
817 s->isr &= ~(1 << irq);
818 s->priority_add = (irq + 1) & 7;
827 switch(s->init_state) {
834 s->irq_base = val & 0xf8;
845 s->special_fully_nested_mode = (val >> 4) & 1;
846 s->auto_eoi = (val >> 1) & 1;
853 static uint32_t pic_poll_read (PicState *s, uint32_t addr1)
857 ret = pic_get_irq(s);
860 pics[0].isr &= ~(1 << 2);
861 pics[0].irr &= ~(1 << 2);
863 s->irr &= ~(1 << ret);
864 s->isr &= ~(1 << ret);
865 if (addr1 >> 7 || ret != 2)
875 uint32_t pic_ioport_read(CPUState *env, uint32_t addr1)
882 s = &pics[addr >> 7];
885 ret = pic_poll_read(s, addr1);
889 if (s->read_reg_select)
898 printf("pic_read: addr=0x%02x val=0x%02x\n", addr1, ret);
903 /* memory mapped interrupt status */
904 uint32_t pic_intack_read(CPUState *env)
908 ret = pic_poll_read(&pics[0], 0x00);
910 ret = pic_poll_read(&pics[1], 0x80) + 8;
911 /* Prepare for ISR read */
912 pics[0].read_reg_select = 1;
919 #if defined (TARGET_I386) || defined (TARGET_PPC)
920 register_ioport_write(0x20, 2, pic_ioport_write, 1);
921 register_ioport_read(0x20, 2, pic_ioport_read, 1);
922 register_ioport_write(0xa0, 2, pic_ioport_write, 1);
923 register_ioport_read(0xa0, 2, pic_ioport_read, 1);
927 /***********************************************************/
928 /* 8253 PIT emulation */
930 #define PIT_FREQ 1193182
932 #define RW_STATE_LSB 0
933 #define RW_STATE_MSB 1
934 #define RW_STATE_WORD0 2
935 #define RW_STATE_WORD1 3
936 #define RW_STATE_LATCHED_WORD0 4
937 #define RW_STATE_LATCHED_WORD1 5
939 typedef struct PITChannelState {
940 int count; /* can be 65536 */
941 uint16_t latched_count;
944 uint8_t bcd; /* not supported */
945 uint8_t gate; /* timer start */
946 int64_t count_load_time;
947 int64_t count_last_edge_check_time;
950 PITChannelState pit_channels[3];
952 int dummy_refresh_clock;
953 int pit_min_timer_count = 0;
956 #if defined(__powerpc__)
958 static inline uint32_t get_tbl(void)
961 asm volatile("mftb %0" : "=r" (tbl));
965 static inline uint32_t get_tbu(void)
968 asm volatile("mftbu %0" : "=r" (tbl));
972 int64_t cpu_get_real_ticks(void)
975 /* NOTE: we test if wrapping has occurred */
981 return ((int64_t)h << 32) | l;
984 #elif defined(__i386__)
986 int64_t cpu_get_real_ticks(void)
989 asm("rdtsc" : "=A" (val));
994 #error unsupported CPU
997 static int64_t cpu_ticks_offset;
998 static int64_t cpu_ticks_last;
1000 int64_t cpu_get_ticks(void)
1002 return cpu_get_real_ticks() + cpu_ticks_offset;
1005 /* enable cpu_get_ticks() */
1006 void cpu_enable_ticks(void)
1008 cpu_ticks_offset = cpu_ticks_last - cpu_get_real_ticks();
1011 /* disable cpu_get_ticks() : the clock is stopped. You must not call
1012 cpu_get_ticks() after that. */
1013 void cpu_disable_ticks(void)
1015 cpu_ticks_last = cpu_get_ticks();
1018 int64_t get_clock(void)
1021 gettimeofday(&tv, NULL);
1022 return tv.tv_sec * 1000000LL + tv.tv_usec;
1025 void cpu_calibrate_ticks(void)
1027 int64_t usec, ticks;
1030 ticks = cpu_get_ticks();
1032 usec = get_clock() - usec;
1033 ticks = cpu_get_ticks() - ticks;
1034 ticks_per_sec = (ticks * 1000000LL + (usec >> 1)) / usec;
1037 /* compute with 96 bit intermediate result: (a*b)/c */
1038 static uint64_t muldiv64(uint64_t a, uint32_t b, uint32_t c)
1043 #ifdef WORDS_BIGENDIAN
1053 rl = (uint64_t)u.l.low * (uint64_t)b;
1054 rh = (uint64_t)u.l.high * (uint64_t)b;
1056 res.l.high = rh / c;
1057 res.l.low = (((rh % c) << 32) + (rl & 0xffffffff)) / c;
1061 static int pit_get_count(PITChannelState *s)
1066 d = muldiv64(cpu_get_ticks() - s->count_load_time, PIT_FREQ, ticks_per_sec);
1072 counter = (s->count - d) & 0xffff;
1075 /* XXX: may be incorrect for odd counts */
1076 counter = s->count - ((2 * d) % s->count);
1079 counter = s->count - (d % s->count);
1085 /* get pit output bit */
1086 static int pit_get_out(PITChannelState *s)
1091 d = muldiv64(cpu_get_ticks() - s->count_load_time, PIT_FREQ, ticks_per_sec);
1095 out = (d >= s->count);
1098 out = (d < s->count);
1101 if ((d % s->count) == 0 && d != 0)
1107 out = (d % s->count) < ((s->count + 1) >> 1);
1111 out = (d == s->count);
1117 /* get the number of 0 to 1 transitions we had since we call this
1119 /* XXX: maybe better to use ticks precision to avoid getting edges
1120 twice if checks are done at very small intervals */
1121 static int pit_get_out_edges(PITChannelState *s)
1127 ticks = cpu_get_ticks();
1128 d1 = muldiv64(s->count_last_edge_check_time - s->count_load_time,
1129 PIT_FREQ, ticks_per_sec);
1130 d2 = muldiv64(ticks - s->count_load_time,
1131 PIT_FREQ, ticks_per_sec);
1132 s->count_last_edge_check_time = ticks;
1136 if (d1 < s->count && d2 >= s->count)
1150 v = s->count - ((s->count + 1) >> 1);
1151 d1 = (d1 + v) / s->count;
1152 d2 = (d2 + v) / s->count;
1157 if (d1 < s->count && d2 >= s->count)
1166 /* val must be 0 or 1 */
1167 static inline void pit_set_gate(PITChannelState *s, int val)
1173 /* XXX: just disable/enable counting */
1177 if (s->gate < val) {
1178 /* restart counting on rising edge */
1179 s->count_load_time = cpu_get_ticks();
1180 s->count_last_edge_check_time = s->count_load_time;
1185 if (s->gate < val) {
1186 /* restart counting on rising edge */
1187 s->count_load_time = cpu_get_ticks();
1188 s->count_last_edge_check_time = s->count_load_time;
1190 /* XXX: disable/enable counting */
1196 static inline void pit_load_count(PITChannelState *s, int val)
1200 s->count_load_time = cpu_get_ticks();
1201 s->count_last_edge_check_time = s->count_load_time;
1203 if (s == &pit_channels[0] && val <= pit_min_timer_count) {
1205 "\nWARNING: qemu: on your system, accurate timer emulation is impossible if its frequency is more than %d Hz. If using a 2.6 guest Linux kernel, you must patch asm/param.h to change HZ from 1000 to 100.\n\n",
1206 PIT_FREQ / pit_min_timer_count);
1210 void pit_ioport_write(CPUState *env, uint32_t addr, uint32_t val)
1212 int channel, access;
1220 s = &pit_channels[channel];
1221 access = (val >> 4) & 3;
1224 s->latched_count = pit_get_count(s);
1225 s->rw_state = RW_STATE_LATCHED_WORD0;
1228 s->mode = (val >> 1) & 7;
1230 s->rw_state = access - 1 + RW_STATE_LSB;
1234 s = &pit_channels[addr];
1235 switch(s->rw_state) {
1237 pit_load_count(s, val);
1240 pit_load_count(s, val << 8);
1242 case RW_STATE_WORD0:
1243 case RW_STATE_WORD1:
1244 if (s->rw_state & 1) {
1245 pit_load_count(s, (s->latched_count & 0xff) | (val << 8));
1247 s->latched_count = val;
1255 uint32_t pit_ioport_read(CPUState *env, uint32_t addr)
1261 s = &pit_channels[addr];
1262 switch(s->rw_state) {
1265 case RW_STATE_WORD0:
1266 case RW_STATE_WORD1:
1267 count = pit_get_count(s);
1268 if (s->rw_state & 1)
1269 ret = (count >> 8) & 0xff;
1272 if (s->rw_state & 2)
1276 case RW_STATE_LATCHED_WORD0:
1277 case RW_STATE_LATCHED_WORD1:
1278 if (s->rw_state & 1)
1279 ret = s->latched_count >> 8;
1281 ret = s->latched_count & 0xff;
1288 #if defined (TARGET_I386)
1289 void speaker_ioport_write(CPUState *env, uint32_t addr, uint32_t val)
1291 speaker_data_on = (val >> 1) & 1;
1292 pit_set_gate(&pit_channels[2], val & 1);
1295 uint32_t speaker_ioport_read(CPUState *env, uint32_t addr)
1298 out = pit_get_out(&pit_channels[2]);
1299 dummy_refresh_clock ^= 1;
1300 return (speaker_data_on << 1) | pit_channels[2].gate | (out << 5) |
1301 (dummy_refresh_clock << 4);
1310 cpu_calibrate_ticks();
1312 for(i = 0;i < 3; i++) {
1313 s = &pit_channels[i];
1316 pit_load_count(s, 0);
1319 register_ioport_write(0x40, 4, pit_ioport_write, 1);
1320 register_ioport_read(0x40, 3, pit_ioport_read, 1);
1322 #if defined (TARGET_I386)
1323 register_ioport_read(0x61, 1, speaker_ioport_read, 1);
1324 register_ioport_write(0x61, 1, speaker_ioport_write, 1);
1328 /***********************************************************/
1329 /* serial port emulation */
1333 #define UART_LCR_DLAB 0x80 /* Divisor latch access bit */
1335 #define UART_IER_MSI 0x08 /* Enable Modem status interrupt */
1336 #define UART_IER_RLSI 0x04 /* Enable receiver line status interrupt */
1337 #define UART_IER_THRI 0x02 /* Enable Transmitter holding register int. */
1338 #define UART_IER_RDI 0x01 /* Enable receiver data interrupt */
1340 #define UART_IIR_NO_INT 0x01 /* No interrupts pending */
1341 #define UART_IIR_ID 0x06 /* Mask for the interrupt ID */
1343 #define UART_IIR_MSI 0x00 /* Modem status interrupt */
1344 #define UART_IIR_THRI 0x02 /* Transmitter holding register empty */
1345 #define UART_IIR_RDI 0x04 /* Receiver data interrupt */
1346 #define UART_IIR_RLSI 0x06 /* Receiver line status interrupt */
1349 * These are the definitions for the Modem Control Register
1351 #define UART_MCR_LOOP 0x10 /* Enable loopback test mode */
1352 #define UART_MCR_OUT2 0x08 /* Out2 complement */
1353 #define UART_MCR_OUT1 0x04 /* Out1 complement */
1354 #define UART_MCR_RTS 0x02 /* RTS complement */
1355 #define UART_MCR_DTR 0x01 /* DTR complement */
1358 * These are the definitions for the Modem Status Register
1360 #define UART_MSR_DCD 0x80 /* Data Carrier Detect */
1361 #define UART_MSR_RI 0x40 /* Ring Indicator */
1362 #define UART_MSR_DSR 0x20 /* Data Set Ready */
1363 #define UART_MSR_CTS 0x10 /* Clear to Send */
1364 #define UART_MSR_DDCD 0x08 /* Delta DCD */
1365 #define UART_MSR_TERI 0x04 /* Trailing edge ring indicator */
1366 #define UART_MSR_DDSR 0x02 /* Delta DSR */
1367 #define UART_MSR_DCTS 0x01 /* Delta CTS */
1368 #define UART_MSR_ANY_DELTA 0x0F /* Any of the delta bits! */
1370 #define UART_LSR_TEMT 0x40 /* Transmitter empty */
1371 #define UART_LSR_THRE 0x20 /* Transmit-hold-register empty */
1372 #define UART_LSR_BI 0x10 /* Break interrupt indicator */
1373 #define UART_LSR_FE 0x08 /* Frame error indicator */
1374 #define UART_LSR_PE 0x04 /* Parity error indicator */
1375 #define UART_LSR_OE 0x02 /* Overrun error indicator */
1376 #define UART_LSR_DR 0x01 /* Receiver data ready */
1378 typedef struct SerialState {
1380 uint8_t rbr; /* receive register */
1382 uint8_t iir; /* read only */
1385 uint8_t lsr; /* read only */
1388 /* NOTE: this hidden state is necessary for tx irq generation as
1389 it can be reset while reading iir */
1393 SerialState serial_ports[1];
1395 void serial_update_irq(void)
1397 SerialState *s = &serial_ports[0];
1399 if ((s->lsr & UART_LSR_DR) && (s->ier & UART_IER_RDI)) {
1400 s->iir = UART_IIR_RDI;
1401 } else if (s->thr_ipending && (s->ier & UART_IER_THRI)) {
1402 s->iir = UART_IIR_THRI;
1404 s->iir = UART_IIR_NO_INT;
1406 if (s->iir != UART_IIR_NO_INT) {
1407 pic_set_irq(UART_IRQ, 1);
1409 pic_set_irq(UART_IRQ, 0);
1413 void serial_ioport_write(CPUState *env, uint32_t addr, uint32_t val)
1415 SerialState *s = &serial_ports[0];
1421 printf("serial: write addr=0x%02x val=0x%02x\n", addr, val);
1426 if (s->lcr & UART_LCR_DLAB) {
1427 s->divider = (s->divider & 0xff00) | val;
1429 s->thr_ipending = 0;
1430 s->lsr &= ~UART_LSR_THRE;
1431 serial_update_irq();
1435 ret = write(1, &ch, 1);
1437 s->thr_ipending = 1;
1438 s->lsr |= UART_LSR_THRE;
1439 s->lsr |= UART_LSR_TEMT;
1440 serial_update_irq();
1444 if (s->lcr & UART_LCR_DLAB) {
1445 s->divider = (s->divider & 0x00ff) | (val << 8);
1448 serial_update_irq();
1470 uint32_t serial_ioport_read(CPUState *env, uint32_t addr)
1472 SerialState *s = &serial_ports[0];
1479 if (s->lcr & UART_LCR_DLAB) {
1480 ret = s->divider & 0xff;
1483 s->lsr &= ~(UART_LSR_DR | UART_LSR_BI);
1484 serial_update_irq();
1488 if (s->lcr & UART_LCR_DLAB) {
1489 ret = (s->divider >> 8) & 0xff;
1496 /* reset THR pending bit */
1497 if ((ret & 0x7) == UART_IIR_THRI)
1498 s->thr_ipending = 0;
1499 serial_update_irq();
1511 if (s->mcr & UART_MCR_LOOP) {
1512 /* in loopback, the modem output pins are connected to the
1514 ret = (s->mcr & 0x0c) << 4;
1515 ret |= (s->mcr & 0x02) << 3;
1516 ret |= (s->mcr & 0x01) << 5;
1526 printf("serial: read addr=0x%02x val=0x%02x\n", addr, ret);
1531 #define TERM_ESCAPE 0x01 /* ctrl-a is used for escape */
1532 static int term_got_escape, term_command;
1533 static unsigned char term_cmd_buf[128];
1535 typedef struct term_cmd_t {
1536 const unsigned char *name;
1537 void (*handler)(unsigned char *params);
1540 static void do_change_cdrom (unsigned char *params);
1541 static void do_change_fd0 (unsigned char *params);
1542 static void do_change_fd1 (unsigned char *params);
1544 static term_cmd_t term_cmds[] = {
1545 { "changecd", &do_change_cdrom, },
1546 { "changefd0", &do_change_fd0, },
1547 { "changefd1", &do_change_fd1, },
1551 void term_print_help(void)
1554 "C-a h print this help\n"
1555 "C-a x exit emulatior\n"
1556 "C-a d switch on/off debug log\n"
1557 "C-a s save disk data back to file (if -snapshot)\n"
1558 "C-a b send break (magic sysrq)\n"
1559 "C-a c send qemu internal command\n"
1560 "C-a C-a send C-a\n"
1564 static void do_change_cdrom (unsigned char *params)
1566 /* Dunno how to do it... */
1569 static void do_change_fd (int fd, unsigned char *params)
1571 unsigned char *name_start, *name_end, *ros;
1574 for (name_start = params;
1575 isspace(*name_start); name_start++)
1577 if (*name_start == '\0')
1579 for (name_end = name_start;
1580 !isspace(*name_end) && *name_end != '\0'; name_end++)
1582 for (ros = name_end + 1; isspace(*ros); ros++)
1584 if (ros[0] == 'r' && ros[1] == 'o')
1589 printf("Change fd %d to %s (%s)\n", fd, name_start, params);
1590 fdctrl_disk_change(fd, name_start, ro);
1593 static void do_change_fd0 (unsigned char *params)
1595 do_change_fd(0, params);
1598 static void do_change_fd1 (unsigned char *params)
1600 do_change_fd(1, params);
1603 static void serial_treat_command ()
1605 unsigned char *cmd_start, *cmd_end;
1608 for (cmd_start = term_cmd_buf; isspace(*cmd_start); cmd_start++)
1610 for (cmd_end = cmd_start;
1611 !isspace(*cmd_end) && *cmd_end != '\0'; cmd_end++)
1613 for (i = 0; term_cmds[i].name != NULL; i++) {
1614 if (strlen(term_cmds[i].name) == (cmd_end - cmd_start) &&
1615 memcmp(term_cmds[i].name, cmd_start, cmd_end - cmd_start) == 0) {
1616 (*term_cmds[i].handler)(cmd_end + 1);
1621 printf("Unknown term command: %s\n", cmd_start);
1624 extern FILE *logfile;
1626 /* called when a char is received */
1627 void serial_received_byte(SerialState *s, int ch)
1630 if (ch == '\n' || ch == '\r' || term_command == 127) {
1632 serial_treat_command();
1635 if (ch == 0x7F || ch == 0x08) {
1636 if (term_command > 1) {
1637 term_cmd_buf[--term_command - 1] = '\0';
1640 printf("\r> %s", term_cmd_buf);
1642 } else if (ch > 0x1f) {
1643 term_cmd_buf[term_command++ - 1] = ch;
1644 term_cmd_buf[term_command - 1] = '\0';
1645 printf("\r> %s", term_cmd_buf);
1649 } else if (term_got_escape) {
1650 term_got_escape = 0;
1661 for (i = 0; i < MAX_DISKS; i++) {
1663 bdrv_commit(bs_table[i]);
1670 s->lsr |= UART_LSR_BI | UART_LSR_DR;
1671 serial_update_irq();
1679 cpu_set_log(CPU_LOG_ALL);
1684 } else if (ch == TERM_ESCAPE) {
1685 term_got_escape = 1;
1689 s->lsr |= UART_LSR_DR;
1690 serial_update_irq();
1694 void serial_init(void)
1696 SerialState *s = &serial_ports[0];
1698 s->lsr = UART_LSR_TEMT | UART_LSR_THRE;
1699 s->iir = UART_IIR_NO_INT;
1701 #if defined(TARGET_I386) || defined (TARGET_PPC)
1702 register_ioport_write(0x3f8, 8, serial_ioport_write, 1);
1703 register_ioport_read(0x3f8, 8, serial_ioport_read, 1);
1707 /***********************************************************/
1708 /* ne2000 emulation */
1710 #if defined (TARGET_I386)
1711 #define NE2000_IOPORT 0x300
1712 #define NE2000_IRQ 9
1714 #define MAX_ETH_FRAME_SIZE 1514
1716 #define E8390_CMD 0x00 /* The command register (for all pages) */
1717 /* Page 0 register offsets. */
1718 #define EN0_CLDALO 0x01 /* Low byte of current local dma addr RD */
1719 #define EN0_STARTPG 0x01 /* Starting page of ring bfr WR */
1720 #define EN0_CLDAHI 0x02 /* High byte of current local dma addr RD */
1721 #define EN0_STOPPG 0x02 /* Ending page +1 of ring bfr WR */
1722 #define EN0_BOUNDARY 0x03 /* Boundary page of ring bfr RD WR */
1723 #define EN0_TSR 0x04 /* Transmit status reg RD */
1724 #define EN0_TPSR 0x04 /* Transmit starting page WR */
1725 #define EN0_NCR 0x05 /* Number of collision reg RD */
1726 #define EN0_TCNTLO 0x05 /* Low byte of tx byte count WR */
1727 #define EN0_FIFO 0x06 /* FIFO RD */
1728 #define EN0_TCNTHI 0x06 /* High byte of tx byte count WR */
1729 #define EN0_ISR 0x07 /* Interrupt status reg RD WR */
1730 #define EN0_CRDALO 0x08 /* low byte of current remote dma address RD */
1731 #define EN0_RSARLO 0x08 /* Remote start address reg 0 */
1732 #define EN0_CRDAHI 0x09 /* high byte, current remote dma address RD */
1733 #define EN0_RSARHI 0x09 /* Remote start address reg 1 */
1734 #define EN0_RCNTLO 0x0a /* Remote byte count reg WR */
1735 #define EN0_RCNTHI 0x0b /* Remote byte count reg WR */
1736 #define EN0_RSR 0x0c /* rx status reg RD */
1737 #define EN0_RXCR 0x0c /* RX configuration reg WR */
1738 #define EN0_TXCR 0x0d /* TX configuration reg WR */
1739 #define EN0_COUNTER0 0x0d /* Rcv alignment error counter RD */
1740 #define EN0_DCFG 0x0e /* Data configuration reg WR */
1741 #define EN0_COUNTER1 0x0e /* Rcv CRC error counter RD */
1742 #define EN0_IMR 0x0f /* Interrupt mask reg WR */
1743 #define EN0_COUNTER2 0x0f /* Rcv missed frame error counter RD */
1745 #define EN1_PHYS 0x11
1746 #define EN1_CURPAG 0x17
1747 #define EN1_MULT 0x18
1749 /* Register accessed at EN_CMD, the 8390 base addr. */
1750 #define E8390_STOP 0x01 /* Stop and reset the chip */
1751 #define E8390_START 0x02 /* Start the chip, clear reset */
1752 #define E8390_TRANS 0x04 /* Transmit a frame */
1753 #define E8390_RREAD 0x08 /* Remote read */
1754 #define E8390_RWRITE 0x10 /* Remote write */
1755 #define E8390_NODMA 0x20 /* Remote DMA */
1756 #define E8390_PAGE0 0x00 /* Select page chip registers */
1757 #define E8390_PAGE1 0x40 /* using the two high-order bits */
1758 #define E8390_PAGE2 0x80 /* Page 3 is invalid. */
1760 /* Bits in EN0_ISR - Interrupt status register */
1761 #define ENISR_RX 0x01 /* Receiver, no error */
1762 #define ENISR_TX 0x02 /* Transmitter, no error */
1763 #define ENISR_RX_ERR 0x04 /* Receiver, with error */
1764 #define ENISR_TX_ERR 0x08 /* Transmitter, with error */
1765 #define ENISR_OVER 0x10 /* Receiver overwrote the ring */
1766 #define ENISR_COUNTERS 0x20 /* Counters need emptying */
1767 #define ENISR_RDC 0x40 /* remote dma complete */
1768 #define ENISR_RESET 0x80 /* Reset completed */
1769 #define ENISR_ALL 0x3f /* Interrupts we will enable */
1771 /* Bits in received packet status byte and EN0_RSR*/
1772 #define ENRSR_RXOK 0x01 /* Received a good packet */
1773 #define ENRSR_CRC 0x02 /* CRC error */
1774 #define ENRSR_FAE 0x04 /* frame alignment error */
1775 #define ENRSR_FO 0x08 /* FIFO overrun */
1776 #define ENRSR_MPA 0x10 /* missed pkt */
1777 #define ENRSR_PHY 0x20 /* physical/multicast address */
1778 #define ENRSR_DIS 0x40 /* receiver disable. set in monitor mode */
1779 #define ENRSR_DEF 0x80 /* deferring */
1781 /* Transmitted packet status, EN0_TSR. */
1782 #define ENTSR_PTX 0x01 /* Packet transmitted without error */
1783 #define ENTSR_ND 0x02 /* The transmit wasn't deferred. */
1784 #define ENTSR_COL 0x04 /* The transmit collided at least once. */
1785 #define ENTSR_ABT 0x08 /* The transmit collided 16 times, and was deferred. */
1786 #define ENTSR_CRS 0x10 /* The carrier sense was lost. */
1787 #define ENTSR_FU 0x20 /* A "FIFO underrun" occurred during transmit. */
1788 #define ENTSR_CDH 0x40 /* The collision detect "heartbeat" signal was lost. */
1789 #define ENTSR_OWC 0x80 /* There was an out-of-window collision. */
1791 #define NE2000_MEM_SIZE 32768
1793 typedef struct NE2000State {
1806 uint8_t phys[6]; /* mac address */
1808 uint8_t mult[8]; /* multicast mask array */
1809 uint8_t mem[NE2000_MEM_SIZE];
1812 NE2000State ne2000_state;
1814 char network_script[1024];
1816 void ne2000_reset(void)
1818 NE2000State *s = &ne2000_state;
1821 s->isr = ENISR_RESET;
1831 /* duplicate prom data */
1832 for(i = 15;i >= 0; i--) {
1833 s->mem[2 * i] = s->mem[i];
1834 s->mem[2 * i + 1] = s->mem[i];
1838 void ne2000_update_irq(NE2000State *s)
1841 isr = s->isr & s->imr;
1843 pic_set_irq(NE2000_IRQ, 1);
1845 pic_set_irq(NE2000_IRQ, 0);
1851 int fd, ret, pid, status;
1853 fd = open("/dev/net/tun", O_RDWR);
1855 fprintf(stderr, "warning: could not open /dev/net/tun: no virtual network emulation\n");
1858 memset(&ifr, 0, sizeof(ifr));
1859 ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
1860 pstrcpy(ifr.ifr_name, IFNAMSIZ, "tun%d");
1861 ret = ioctl(fd, TUNSETIFF, (void *) &ifr);
1863 fprintf(stderr, "warning: could not configure /dev/net/tun: no virtual network emulation\n");
1867 printf("Connected to host network interface: %s\n", ifr.ifr_name);
1868 fcntl(fd, F_SETFL, O_NONBLOCK);
1871 /* try to launch network init script */
1875 execl(network_script, network_script, ifr.ifr_name, NULL);
1878 while (waitpid(pid, &status, 0) != pid);
1879 if (!WIFEXITED(status) ||
1880 WEXITSTATUS(status) != 0) {
1881 fprintf(stderr, "%s: could not launch network script for '%s'\n",
1882 network_script, ifr.ifr_name);
1888 void net_send_packet(NE2000State *s, const uint8_t *buf, int size)
1891 printf("NE2000: sending packet size=%d\n", size);
1893 write(net_fd, buf, size);
1896 /* return true if the NE2000 can receive more data */
1897 int ne2000_can_receive(NE2000State *s)
1899 int avail, index, boundary;
1901 if (s->cmd & E8390_STOP)
1903 index = s->curpag << 8;
1904 boundary = s->boundary << 8;
1905 if (index < boundary)
1906 avail = boundary - index;
1908 avail = (s->stop - s->start) - (index - boundary);
1909 if (avail < (MAX_ETH_FRAME_SIZE + 4))
1914 void ne2000_receive(NE2000State *s, uint8_t *buf, int size)
1917 int total_len, next, avail, len, index;
1919 #if defined(DEBUG_NE2000)
1920 printf("NE2000: received len=%d\n", size);
1923 index = s->curpag << 8;
1924 /* 4 bytes for header */
1925 total_len = size + 4;
1926 /* address for next packet (4 bytes for CRC) */
1927 next = index + ((total_len + 4 + 255) & ~0xff);
1928 if (next >= s->stop)
1929 next -= (s->stop - s->start);
1930 /* prepare packet header */
1932 p[0] = ENRSR_RXOK; /* receive status */
1935 p[3] = total_len >> 8;
1938 /* write packet data */
1940 avail = s->stop - index;
1944 memcpy(s->mem + index, buf, len);
1947 if (index == s->stop)
1951 s->curpag = next >> 8;
1953 /* now we can signal we have receive something */
1955 ne2000_update_irq(s);
1958 void ne2000_ioport_write(CPUState *env, uint32_t addr, uint32_t val)
1960 NE2000State *s = &ne2000_state;
1965 printf("NE2000: write addr=0x%x val=0x%02x\n", addr, val);
1967 if (addr == E8390_CMD) {
1968 /* control register */
1970 if (val & E8390_START) {
1971 /* test specific case: zero length transfert */
1972 if ((val & (E8390_RREAD | E8390_RWRITE)) &&
1974 s->isr |= ENISR_RDC;
1975 ne2000_update_irq(s);
1977 if (val & E8390_TRANS) {
1978 net_send_packet(s, s->mem + (s->tpsr << 8), s->tcnt);
1979 /* signal end of transfert */
1982 ne2000_update_irq(s);
1987 offset = addr | (page << 4);
1990 s->start = val << 8;
2000 ne2000_update_irq(s);
2006 s->tcnt = (s->tcnt & 0xff00) | val;
2009 s->tcnt = (s->tcnt & 0x00ff) | (val << 8);
2012 s->rsar = (s->rsar & 0xff00) | val;
2015 s->rsar = (s->rsar & 0x00ff) | (val << 8);
2018 s->rcnt = (s->rcnt & 0xff00) | val;
2021 s->rcnt = (s->rcnt & 0x00ff) | (val << 8);
2028 ne2000_update_irq(s);
2030 case EN1_PHYS ... EN1_PHYS + 5:
2031 s->phys[offset - EN1_PHYS] = val;
2036 case EN1_MULT ... EN1_MULT + 7:
2037 s->mult[offset - EN1_MULT] = val;
2043 uint32_t ne2000_ioport_read(CPUState *env, uint32_t addr)
2045 NE2000State *s = &ne2000_state;
2046 int offset, page, ret;
2049 if (addr == E8390_CMD) {
2053 offset = addr | (page << 4);
2064 case EN1_PHYS ... EN1_PHYS + 5:
2065 ret = s->phys[offset - EN1_PHYS];
2070 case EN1_MULT ... EN1_MULT + 7:
2071 ret = s->mult[offset - EN1_MULT];
2079 printf("NE2000: read addr=0x%x val=%02x\n", addr, ret);
2084 void ne2000_asic_ioport_write(CPUState *env, uint32_t addr, uint32_t val)
2086 NE2000State *s = &ne2000_state;
2090 printf("NE2000: asic write val=0x%04x\n", val);
2092 p = s->mem + s->rsar;
2093 if (s->dcfg & 0x01) {
2106 if (s->rsar == s->stop)
2109 /* signal end of transfert */
2110 s->isr |= ENISR_RDC;
2111 ne2000_update_irq(s);
2115 uint32_t ne2000_asic_ioport_read(CPUState *env, uint32_t addr)
2117 NE2000State *s = &ne2000_state;
2121 p = s->mem + s->rsar;
2122 if (s->dcfg & 0x01) {
2124 ret = p[0] | (p[1] << 8);
2134 if (s->rsar == s->stop)
2137 /* signal end of transfert */
2138 s->isr |= ENISR_RDC;
2139 ne2000_update_irq(s);
2142 printf("NE2000: asic read val=0x%04x\n", ret);
2147 void ne2000_reset_ioport_write(CPUState *env, uint32_t addr, uint32_t val)
2149 /* nothing to do (end of reset pulse) */
2152 uint32_t ne2000_reset_ioport_read(CPUState *env, uint32_t addr)
2158 void ne2000_init(void)
2160 register_ioport_write(NE2000_IOPORT, 16, ne2000_ioport_write, 1);
2161 register_ioport_read(NE2000_IOPORT, 16, ne2000_ioport_read, 1);
2163 register_ioport_write(NE2000_IOPORT + 0x10, 1, ne2000_asic_ioport_write, 1);
2164 register_ioport_read(NE2000_IOPORT + 0x10, 1, ne2000_asic_ioport_read, 1);
2165 register_ioport_write(NE2000_IOPORT + 0x10, 2, ne2000_asic_ioport_write, 2);
2166 register_ioport_read(NE2000_IOPORT + 0x10, 2, ne2000_asic_ioport_read, 2);
2168 register_ioport_write(NE2000_IOPORT + 0x1f, 1, ne2000_reset_ioport_write, 1);
2169 register_ioport_read(NE2000_IOPORT + 0x1f, 1, ne2000_reset_ioport_read, 1);
2174 /***********************************************************/
2175 /* PC floppy disk controler emulation glue */
2176 #define PC_FDC_DMA 0x2
2177 #define PC_FDC_IRQ 0x6
2178 #define PC_FDC_BASE 0x3F0
2180 static void fdctrl_register (unsigned char **disknames, int ro,
2185 fdctrl_init(PC_FDC_IRQ, PC_FDC_DMA, 0, PC_FDC_BASE, boot_device);
2186 for (i = 0; i < MAX_FD; i++) {
2187 if (disknames[i] != NULL)
2188 fdctrl_disk_change(i, disknames[i], ro);
2192 /***********************************************************/
2193 /* keyboard emulation */
2195 /* Keyboard Controller Commands */
2196 #define KBD_CCMD_READ_MODE 0x20 /* Read mode bits */
2197 #define KBD_CCMD_WRITE_MODE 0x60 /* Write mode bits */
2198 #define KBD_CCMD_GET_VERSION 0xA1 /* Get controller version */
2199 #define KBD_CCMD_MOUSE_DISABLE 0xA7 /* Disable mouse interface */
2200 #define KBD_CCMD_MOUSE_ENABLE 0xA8 /* Enable mouse interface */
2201 #define KBD_CCMD_TEST_MOUSE 0xA9 /* Mouse interface test */
2202 #define KBD_CCMD_SELF_TEST 0xAA /* Controller self test */
2203 #define KBD_CCMD_KBD_TEST 0xAB /* Keyboard interface test */
2204 #define KBD_CCMD_KBD_DISABLE 0xAD /* Keyboard interface disable */
2205 #define KBD_CCMD_KBD_ENABLE 0xAE /* Keyboard interface enable */
2206 #define KBD_CCMD_READ_INPORT 0xC0 /* read input port */
2207 #define KBD_CCMD_READ_OUTPORT 0xD0 /* read output port */
2208 #define KBD_CCMD_WRITE_OUTPORT 0xD1 /* write output port */
2209 #define KBD_CCMD_WRITE_OBUF 0xD2
2210 #define KBD_CCMD_WRITE_AUX_OBUF 0xD3 /* Write to output buffer as if
2211 initiated by the auxiliary device */
2212 #define KBD_CCMD_WRITE_MOUSE 0xD4 /* Write the following byte to the mouse */
2213 #define KBD_CCMD_DISABLE_A20 0xDD /* HP vectra only ? */
2214 #define KBD_CCMD_ENABLE_A20 0xDF /* HP vectra only ? */
2215 #define KBD_CCMD_RESET 0xFE
2217 /* Keyboard Commands */
2218 #define KBD_CMD_SET_LEDS 0xED /* Set keyboard leds */
2219 #define KBD_CMD_ECHO 0xEE
2220 #define KBD_CMD_GET_ID 0xF2 /* get keyboard ID */
2221 #define KBD_CMD_SET_RATE 0xF3 /* Set typematic rate */
2222 #define KBD_CMD_ENABLE 0xF4 /* Enable scanning */
2223 #define KBD_CMD_RESET_DISABLE 0xF5 /* reset and disable scanning */
2224 #define KBD_CMD_RESET_ENABLE 0xF6 /* reset and enable scanning */
2225 #define KBD_CMD_RESET 0xFF /* Reset */
2227 /* Keyboard Replies */
2228 #define KBD_REPLY_POR 0xAA /* Power on reset */
2229 #define KBD_REPLY_ACK 0xFA /* Command ACK */
2230 #define KBD_REPLY_RESEND 0xFE /* Command NACK, send the cmd again */
2232 /* Status Register Bits */
2233 #define KBD_STAT_OBF 0x01 /* Keyboard output buffer full */
2234 #define KBD_STAT_IBF 0x02 /* Keyboard input buffer full */
2235 #define KBD_STAT_SELFTEST 0x04 /* Self test successful */
2236 #define KBD_STAT_CMD 0x08 /* Last write was a command write (0=data) */
2237 #define KBD_STAT_UNLOCKED 0x10 /* Zero if keyboard locked */
2238 #define KBD_STAT_MOUSE_OBF 0x20 /* Mouse output buffer full */
2239 #define KBD_STAT_GTO 0x40 /* General receive/xmit timeout */
2240 #define KBD_STAT_PERR 0x80 /* Parity error */
2242 /* Controller Mode Register Bits */
2243 #define KBD_MODE_KBD_INT 0x01 /* Keyboard data generate IRQ1 */
2244 #define KBD_MODE_MOUSE_INT 0x02 /* Mouse data generate IRQ12 */
2245 #define KBD_MODE_SYS 0x04 /* The system flag (?) */
2246 #define KBD_MODE_NO_KEYLOCK 0x08 /* The keylock doesn't affect the keyboard if set */
2247 #define KBD_MODE_DISABLE_KBD 0x10 /* Disable keyboard interface */
2248 #define KBD_MODE_DISABLE_MOUSE 0x20 /* Disable mouse interface */
2249 #define KBD_MODE_KCC 0x40 /* Scan code conversion to PC format */
2250 #define KBD_MODE_RFU 0x80
2252 /* Mouse Commands */
2253 #define AUX_SET_SCALE11 0xE6 /* Set 1:1 scaling */
2254 #define AUX_SET_SCALE21 0xE7 /* Set 2:1 scaling */
2255 #define AUX_SET_RES 0xE8 /* Set resolution */
2256 #define AUX_GET_SCALE 0xE9 /* Get scaling factor */
2257 #define AUX_SET_STREAM 0xEA /* Set stream mode */
2258 #define AUX_POLL 0xEB /* Poll */
2259 #define AUX_RESET_WRAP 0xEC /* Reset wrap mode */
2260 #define AUX_SET_WRAP 0xEE /* Set wrap mode */
2261 #define AUX_SET_REMOTE 0xF0 /* Set remote mode */
2262 #define AUX_GET_TYPE 0xF2 /* Get type */
2263 #define AUX_SET_SAMPLE 0xF3 /* Set sample rate */
2264 #define AUX_ENABLE_DEV 0xF4 /* Enable aux device */
2265 #define AUX_DISABLE_DEV 0xF5 /* Disable aux device */
2266 #define AUX_SET_DEFAULT 0xF6
2267 #define AUX_RESET 0xFF /* Reset aux device */
2268 #define AUX_ACK 0xFA /* Command byte ACK. */
2270 #define MOUSE_STATUS_REMOTE 0x40
2271 #define MOUSE_STATUS_ENABLED 0x20
2272 #define MOUSE_STATUS_SCALE21 0x10
2274 #define KBD_QUEUE_SIZE 256
2277 uint8_t data[KBD_QUEUE_SIZE];
2278 int rptr, wptr, count;
2281 typedef struct KBDState {
2283 uint8_t write_cmd; /* if non zero, write data to port 60 is expected */
2286 /* keyboard state */
2290 int mouse_write_cmd;
2291 uint8_t mouse_status;
2292 uint8_t mouse_resolution;
2293 uint8_t mouse_sample_rate;
2295 uint8_t mouse_type; /* 0 = PS2, 3 = IMPS/2, 4 = IMEX */
2296 uint8_t mouse_detect_state;
2297 int mouse_dx; /* current values, needed for 'poll' mode */
2300 uint8_t mouse_buttons;
2304 int reset_requested;
2306 /* update irq and KBD_STAT_[MOUSE_]OBF */
2307 /* XXX: not generating the irqs if KBD_MODE_DISABLE_KBD is set may be
2308 incorrect, but it avoids having to simulate exact delays */
2309 static void kbd_update_irq(KBDState *s)
2311 int irq12_level, irq1_level;
2315 s->status &= ~(KBD_STAT_OBF | KBD_STAT_MOUSE_OBF);
2316 if (s->queues[0].count != 0 ||
2317 s->queues[1].count != 0) {
2318 s->status |= KBD_STAT_OBF;
2319 if (s->queues[1].count != 0) {
2320 s->status |= KBD_STAT_MOUSE_OBF;
2321 if (s->mode & KBD_MODE_MOUSE_INT)
2324 if ((s->mode & KBD_MODE_KBD_INT) &&
2325 !(s->mode & KBD_MODE_DISABLE_KBD))
2329 pic_set_irq(1, irq1_level);
2330 pic_set_irq(12, irq12_level);
2333 static void kbd_queue(KBDState *s, int b, int aux)
2335 KBDQueue *q = &kbd_state.queues[aux];
2337 #if defined(DEBUG_MOUSE) || defined(DEBUG_KBD)
2339 printf("mouse event: 0x%02x\n", b);
2342 printf("kbd event: 0x%02x\n", b);
2345 if (q->count >= KBD_QUEUE_SIZE)
2347 q->data[q->wptr] = b;
2348 if (++q->wptr == KBD_QUEUE_SIZE)
2354 void kbd_put_keycode(int keycode)
2356 KBDState *s = &kbd_state;
2357 kbd_queue(s, keycode, 0);
2360 uint32_t kbd_read_status(CPUState *env, uint32_t addr)
2362 KBDState *s = &kbd_state;
2365 #if defined(DEBUG_KBD)
2366 printf("kbd: read status=0x%02x\n", val);
2371 void kbd_write_command(CPUState *env, uint32_t addr, uint32_t val)
2373 KBDState *s = &kbd_state;
2376 printf("kbd: write cmd=0x%02x\n", val);
2379 case KBD_CCMD_READ_MODE:
2380 kbd_queue(s, s->mode, 0);
2382 case KBD_CCMD_WRITE_MODE:
2383 case KBD_CCMD_WRITE_OBUF:
2384 case KBD_CCMD_WRITE_AUX_OBUF:
2385 case KBD_CCMD_WRITE_MOUSE:
2386 case KBD_CCMD_WRITE_OUTPORT:
2389 case KBD_CCMD_MOUSE_DISABLE:
2390 s->mode |= KBD_MODE_DISABLE_MOUSE;
2392 case KBD_CCMD_MOUSE_ENABLE:
2393 s->mode &= ~KBD_MODE_DISABLE_MOUSE;
2395 case KBD_CCMD_TEST_MOUSE:
2396 kbd_queue(s, 0x00, 0);
2398 case KBD_CCMD_SELF_TEST:
2399 s->status |= KBD_STAT_SELFTEST;
2400 kbd_queue(s, 0x55, 0);
2402 case KBD_CCMD_KBD_TEST:
2403 kbd_queue(s, 0x00, 0);
2405 case KBD_CCMD_KBD_DISABLE:
2406 s->mode |= KBD_MODE_DISABLE_KBD;
2409 case KBD_CCMD_KBD_ENABLE:
2410 s->mode &= ~KBD_MODE_DISABLE_KBD;
2413 case KBD_CCMD_READ_INPORT:
2414 kbd_queue(s, 0x00, 0);
2416 case KBD_CCMD_READ_OUTPORT:
2417 /* XXX: check that */
2419 val = 0x01 | (((cpu_single_env->a20_mask >> 20) & 1) << 1);
2423 if (s->status & KBD_STAT_OBF)
2425 if (s->status & KBD_STAT_MOUSE_OBF)
2427 kbd_queue(s, val, 0);
2430 case KBD_CCMD_ENABLE_A20:
2431 cpu_x86_set_a20(env, 1);
2433 case KBD_CCMD_DISABLE_A20:
2434 cpu_x86_set_a20(env, 0);
2437 case KBD_CCMD_RESET:
2438 reset_requested = 1;
2439 cpu_interrupt(global_env, CPU_INTERRUPT_EXIT);
2442 /* ignore that - I don't know what is its use */
2445 fprintf(stderr, "qemu: unsupported keyboard cmd=0x%02x\n", val);
2450 uint32_t kbd_read_data(CPUState *env, uint32_t addr)
2452 KBDState *s = &kbd_state;
2456 q = &s->queues[0]; /* first check KBD data */
2458 q = &s->queues[1]; /* then check AUX data */
2459 if (q->count == 0) {
2460 /* NOTE: if no data left, we return the last keyboard one
2461 (needed for EMM386) */
2462 /* XXX: need a timer to do things correctly */
2464 index = q->rptr - 1;
2466 index = KBD_QUEUE_SIZE - 1;
2467 val = q->data[index];
2469 val = q->data[q->rptr];
2470 if (++q->rptr == KBD_QUEUE_SIZE)
2473 /* reading deasserts IRQ */
2474 if (q == &s->queues[0])
2479 /* reassert IRQs if data left */
2482 printf("kbd: read data=0x%02x\n", val);
2487 static void kbd_reset_keyboard(KBDState *s)
2489 s->scan_enabled = 1;
2492 static void kbd_write_keyboard(KBDState *s, int val)
2494 switch(s->kbd_write_cmd) {
2499 kbd_queue(s, KBD_REPLY_ACK, 0);
2502 kbd_queue(s, KBD_REPLY_RESEND, 0);
2504 case KBD_CMD_GET_ID:
2505 kbd_queue(s, KBD_REPLY_ACK, 0);
2506 kbd_queue(s, 0xab, 0);
2507 kbd_queue(s, 0x83, 0);
2510 kbd_queue(s, KBD_CMD_ECHO, 0);
2512 case KBD_CMD_ENABLE:
2513 s->scan_enabled = 1;
2514 kbd_queue(s, KBD_REPLY_ACK, 0);
2516 case KBD_CMD_SET_LEDS:
2517 case KBD_CMD_SET_RATE:
2518 s->kbd_write_cmd = val;
2519 kbd_queue(s, KBD_REPLY_ACK, 0);
2521 case KBD_CMD_RESET_DISABLE:
2522 kbd_reset_keyboard(s);
2523 s->scan_enabled = 0;
2524 kbd_queue(s, KBD_REPLY_ACK, 0);
2526 case KBD_CMD_RESET_ENABLE:
2527 kbd_reset_keyboard(s);
2528 s->scan_enabled = 1;
2529 kbd_queue(s, KBD_REPLY_ACK, 0);
2532 kbd_reset_keyboard(s);
2533 kbd_queue(s, KBD_REPLY_ACK, 0);
2534 kbd_queue(s, KBD_REPLY_POR, 0);
2537 kbd_queue(s, KBD_REPLY_ACK, 0);
2541 case KBD_CMD_SET_LEDS:
2542 kbd_queue(s, KBD_REPLY_ACK, 0);
2543 s->kbd_write_cmd = -1;
2545 case KBD_CMD_SET_RATE:
2546 kbd_queue(s, KBD_REPLY_ACK, 0);
2547 s->kbd_write_cmd = -1;
2552 static void kbd_mouse_send_packet(KBDState *s)
2560 /* XXX: increase range to 8 bits ? */
2563 else if (dx1 < -127)
2567 else if (dy1 < -127)
2569 b = 0x08 | ((dx1 < 0) << 4) | ((dy1 < 0) << 5) | (s->mouse_buttons & 0x07);
2571 kbd_queue(s, dx1 & 0xff, 1);
2572 kbd_queue(s, dy1 & 0xff, 1);
2573 /* extra byte for IMPS/2 or IMEX */
2574 switch(s->mouse_type) {
2580 else if (dz1 < -127)
2582 kbd_queue(s, dz1 & 0xff, 1);
2589 b = (dz1 & 0x0f) | ((s->mouse_buttons & 0x18) << 1);
2600 void kbd_mouse_event(int dx, int dy, int dz, int buttons_state)
2602 KBDState *s = &kbd_state;
2604 /* check if deltas are recorded when disabled */
2605 if (!(s->mouse_status & MOUSE_STATUS_ENABLED))
2611 s->mouse_buttons = buttons_state;
2613 if (!(s->mouse_status & MOUSE_STATUS_REMOTE) &&
2614 (s->queues[1].count < (KBD_QUEUE_SIZE - 16))) {
2616 /* if not remote, send event. Multiple events are sent if
2618 kbd_mouse_send_packet(s);
2619 if (s->mouse_dx == 0 && s->mouse_dy == 0 && s->mouse_dz == 0)
2625 static void kbd_write_mouse(KBDState *s, int val)
2628 printf("kbd: write mouse 0x%02x\n", val);
2630 switch(s->mouse_write_cmd) {
2634 if (s->mouse_wrap) {
2635 if (val == AUX_RESET_WRAP) {
2637 kbd_queue(s, AUX_ACK, 1);
2639 } else if (val != AUX_RESET) {
2640 kbd_queue(s, val, 1);
2645 case AUX_SET_SCALE11:
2646 s->mouse_status &= ~MOUSE_STATUS_SCALE21;
2647 kbd_queue(s, AUX_ACK, 1);
2649 case AUX_SET_SCALE21:
2650 s->mouse_status |= MOUSE_STATUS_SCALE21;
2651 kbd_queue(s, AUX_ACK, 1);
2653 case AUX_SET_STREAM:
2654 s->mouse_status &= ~MOUSE_STATUS_REMOTE;
2655 kbd_queue(s, AUX_ACK, 1);
2659 kbd_queue(s, AUX_ACK, 1);
2661 case AUX_SET_REMOTE:
2662 s->mouse_status |= MOUSE_STATUS_REMOTE;
2663 kbd_queue(s, AUX_ACK, 1);
2666 kbd_queue(s, AUX_ACK, 1);
2667 kbd_queue(s, s->mouse_type, 1);
2670 case AUX_SET_SAMPLE:
2671 s->mouse_write_cmd = val;
2672 kbd_queue(s, AUX_ACK, 1);
2675 kbd_queue(s, AUX_ACK, 1);
2676 kbd_queue(s, s->mouse_status, 1);
2677 kbd_queue(s, s->mouse_resolution, 1);
2678 kbd_queue(s, s->mouse_sample_rate, 1);
2681 kbd_queue(s, AUX_ACK, 1);
2682 kbd_mouse_send_packet(s);
2684 case AUX_ENABLE_DEV:
2685 s->mouse_status |= MOUSE_STATUS_ENABLED;
2686 kbd_queue(s, AUX_ACK, 1);
2688 case AUX_DISABLE_DEV:
2689 s->mouse_status &= ~MOUSE_STATUS_ENABLED;
2690 kbd_queue(s, AUX_ACK, 1);
2692 case AUX_SET_DEFAULT:
2693 s->mouse_sample_rate = 100;
2694 s->mouse_resolution = 2;
2695 s->mouse_status = 0;
2696 kbd_queue(s, AUX_ACK, 1);
2699 s->mouse_sample_rate = 100;
2700 s->mouse_resolution = 2;
2701 s->mouse_status = 0;
2702 kbd_queue(s, AUX_ACK, 1);
2703 kbd_queue(s, 0xaa, 1);
2704 kbd_queue(s, s->mouse_type, 1);
2710 case AUX_SET_SAMPLE:
2711 s->mouse_sample_rate = val;
2713 /* detect IMPS/2 or IMEX */
2714 switch(s->mouse_detect_state) {
2718 s->mouse_detect_state = 1;
2722 s->mouse_detect_state = 2;
2723 else if (val == 200)
2724 s->mouse_detect_state = 3;
2726 s->mouse_detect_state = 0;
2730 s->mouse_type = 3; /* IMPS/2 */
2731 s->mouse_detect_state = 0;
2735 s->mouse_type = 4; /* IMEX */
2736 s->mouse_detect_state = 0;
2740 kbd_queue(s, AUX_ACK, 1);
2741 s->mouse_write_cmd = -1;
2744 s->mouse_resolution = val;
2745 kbd_queue(s, AUX_ACK, 1);
2746 s->mouse_write_cmd = -1;
2751 void kbd_write_data(CPUState *env, uint32_t addr, uint32_t val)
2753 KBDState *s = &kbd_state;
2756 printf("kbd: write data=0x%02x\n", val);
2759 switch(s->write_cmd) {
2761 kbd_write_keyboard(s, val);
2763 case KBD_CCMD_WRITE_MODE:
2767 case KBD_CCMD_WRITE_OBUF:
2768 kbd_queue(s, val, 0);
2770 case KBD_CCMD_WRITE_AUX_OBUF:
2771 kbd_queue(s, val, 1);
2773 case KBD_CCMD_WRITE_OUTPORT:
2775 cpu_x86_set_a20(env, (val >> 1) & 1);
2778 reset_requested = 1;
2779 cpu_interrupt(global_env, CPU_INTERRUPT_EXIT);
2782 case KBD_CCMD_WRITE_MOUSE:
2783 kbd_write_mouse(s, val);
2791 void kbd_reset(KBDState *s)
2796 s->kbd_write_cmd = -1;
2797 s->mouse_write_cmd = -1;
2798 s->mode = KBD_MODE_KBD_INT | KBD_MODE_MOUSE_INT;
2799 s->status = KBD_STAT_CMD | KBD_STAT_UNLOCKED;
2800 for(i = 0; i < 2; i++) {
2810 kbd_reset(&kbd_state);
2811 #if defined (TARGET_I386) || defined (TARGET_PPC)
2812 register_ioport_read(0x60, 1, kbd_read_data, 1);
2813 register_ioport_write(0x60, 1, kbd_write_data, 1);
2814 register_ioport_read(0x64, 1, kbd_read_status, 1);
2815 register_ioport_write(0x64, 1, kbd_write_command, 1);
2819 /***********************************************************/
2820 /* Bochs BIOS debug ports */
2822 void bochs_bios_write(CPUX86State *env, uint32_t addr, uint32_t val)
2825 /* Bochs BIOS messages */
2828 fprintf(stderr, "BIOS panic at rombios.c, line %d\n", val);
2833 fprintf(stderr, "%c", val);
2837 /* LGPL'ed VGA BIOS messages */
2840 fprintf(stderr, "VGA BIOS panic, line %d\n", val);
2845 fprintf(stderr, "%c", val);
2851 void bochs_bios_init(void)
2853 register_ioport_write(0x400, 1, bochs_bios_write, 2);
2854 register_ioport_write(0x401, 1, bochs_bios_write, 2);
2855 register_ioport_write(0x402, 1, bochs_bios_write, 1);
2856 register_ioport_write(0x403, 1, bochs_bios_write, 1);
2858 register_ioport_write(0x501, 1, bochs_bios_write, 2);
2859 register_ioport_write(0x502, 1, bochs_bios_write, 2);
2860 register_ioport_write(0x500, 1, bochs_bios_write, 1);
2861 register_ioport_write(0x503, 1, bochs_bios_write, 1);
2865 /***********************************************************/
2868 /* init terminal so that we can grab keys */
2869 static struct termios oldtty;
2871 static void term_exit(void)
2873 tcsetattr (0, TCSANOW, &oldtty);
2876 static void term_init(void)
2880 tcgetattr (0, &tty);
2883 tty.c_iflag &= ~(IGNBRK|BRKINT|PARMRK|ISTRIP
2884 |INLCR|IGNCR|ICRNL|IXON);
2885 tty.c_oflag |= OPOST;
2886 tty.c_lflag &= ~(ECHO|ECHONL|ICANON|IEXTEN);
2887 /* if graphical mode, we allow Ctrl-C handling */
2889 tty.c_lflag &= ~ISIG;
2890 tty.c_cflag &= ~(CSIZE|PARENB);
2893 tty.c_cc[VTIME] = 0;
2895 tcsetattr (0, TCSANOW, &tty);
2899 fcntl(0, F_SETFL, O_NONBLOCK);
2902 static void dumb_update(DisplayState *ds, int x, int y, int w, int h)
2906 static void dumb_resize(DisplayState *ds, int w, int h)
2910 static void dumb_refresh(DisplayState *ds)
2912 vga_update_display();
2915 void dumb_display_init(DisplayState *ds)
2920 ds->dpy_update = dumb_update;
2921 ds->dpy_resize = dumb_resize;
2922 ds->dpy_refresh = dumb_refresh;
2925 #if !defined(CONFIG_SOFTMMU)
2926 /***********************************************************/
2927 /* cpu signal handler */
2928 static void host_segv_handler(int host_signum, siginfo_t *info,
2931 if (cpu_signal_handler(host_signum, info, puc))
2938 static int timer_irq_pending;
2939 static int timer_irq_count;
2941 static int timer_ms;
2942 static int gui_refresh_pending, gui_refresh_count;
2944 static void host_alarm_handler(int host_signum, siginfo_t *info,
2947 /* NOTE: since usually the OS asks a 100 Hz clock, there can be
2948 some drift between cpu_get_ticks() and the interrupt time. So
2949 we queue some interrupts to avoid missing some */
2950 timer_irq_count += pit_get_out_edges(&pit_channels[0]);
2951 if (timer_irq_count) {
2952 if (timer_irq_count > 2)
2953 timer_irq_count = 2;
2955 timer_irq_pending = 1;
2957 gui_refresh_count += timer_ms;
2958 if (gui_refresh_count >= GUI_REFRESH_INTERVAL) {
2959 gui_refresh_count = 0;
2960 gui_refresh_pending = 1;
2963 if (gui_refresh_pending || timer_irq_pending) {
2964 /* just exit from the cpu to have a chance to handle timers */
2965 cpu_interrupt(global_env, CPU_INTERRUPT_EXIT);
2969 /* main execution loop */
2971 CPUState *cpu_gdbstub_get_env(void *opaque)
2976 int main_loop(void *opaque)
2978 struct pollfd ufds[3], *pf, *serial_ufd, *gdb_ufd;
2979 #if defined (TARGET_I386)
2980 struct pollfd *net_ufd;
2982 int ret, n, timeout, serial_ok;
2984 CPUState *env = global_env;
2987 /* initialize terminal only there so that the user has a
2988 chance to stop QEMU with Ctrl-C before the gdb connection
2997 #if defined (DO_TB_FLUSH)
3000 ret = cpu_exec(env);
3001 if (reset_requested) {
3002 ret = EXCP_INTERRUPT;
3005 if (ret == EXCP_DEBUG) {
3009 /* if hlt instruction, we wait until the next IRQ */
3010 if (ret == EXCP_HLT)
3014 /* poll any events */
3017 if (serial_ok && !(serial_ports[0].lsr & UART_LSR_DR)) {
3020 pf->events = POLLIN;
3023 #if defined (TARGET_I386)
3025 if (net_fd > 0 && ne2000_can_receive(&ne2000_state)) {
3028 pf->events = POLLIN;
3033 if (gdbstub_fd > 0) {
3035 pf->fd = gdbstub_fd;
3036 pf->events = POLLIN;
3040 ret = poll(ufds, pf - ufds, timeout);
3042 if (serial_ufd && (serial_ufd->revents & POLLIN)) {
3043 n = read(0, &ch, 1);
3045 serial_received_byte(&serial_ports[0], ch);
3047 /* Closed, stop polling. */
3051 #if defined (TARGET_I386)
3052 if (net_ufd && (net_ufd->revents & POLLIN)) {
3053 uint8_t buf[MAX_ETH_FRAME_SIZE];
3055 n = read(net_fd, buf, MAX_ETH_FRAME_SIZE);
3058 memset(buf + n, 0, 60 - n);
3061 ne2000_receive(&ne2000_state, buf, n);
3065 if (gdb_ufd && (gdb_ufd->revents & POLLIN)) {
3067 /* stop emulation if requested by gdb */
3068 n = read(gdbstub_fd, buf, 1);
3070 ret = EXCP_INTERRUPT;
3077 if (timer_irq_pending) {
3078 #if defined (TARGET_I386)
3081 timer_irq_pending = 0;
3083 if (cmos_data[RTC_REG_B] & 0x50) {
3088 /* XXX: add explicit timer */
3091 /* run dma transfers, if any */
3095 if (gui_refresh_pending) {
3096 display_state.dpy_refresh(&display_state);
3097 gui_refresh_pending = 0;
3100 cpu_disable_ticks();
3106 printf("QEMU PC emulator version " QEMU_VERSION ", Copyright (c) 2003 Fabrice Bellard\n"
3107 "usage: %s [options] [disk_image]\n"
3109 "'disk_image' is a raw hard image image for IDE hard disk 0\n"
3111 "Standard options:\n"
3112 "-fda/-fdb file use 'file' as floppy disk 0/1 image\n"
3113 "-hda/-hdb file use 'file' as IDE hard disk 0/1 image\n"
3114 "-hdc/-hdd file use 'file' as IDE hard disk 2/3 image\n"
3115 "-cdrom file use 'file' as IDE cdrom 2 image\n"
3116 "-boot [a|b|c|d] boot on floppy (a, b), hard disk (c) or CD-ROM (d)\n"
3117 "-snapshot write to temporary files instead of disk image files\n"
3118 "-m megs set virtual RAM size to megs MB\n"
3119 "-n script set network init script [default=%s]\n"
3120 "-tun-fd fd this fd talks to tap/tun, use it.\n"
3121 "-nographic disable graphical output\n"
3123 "Linux boot specific (does not require PC BIOS):\n"
3124 "-kernel bzImage use 'bzImage' as kernel image\n"
3125 "-append cmdline use 'cmdline' as kernel command line\n"
3126 "-initrd file use 'file' as initial ram disk\n"
3128 "Debug/Expert options:\n"
3129 "-s wait gdb connection to port %d\n"
3130 "-p port change gdb connection port\n"
3131 "-d output log to %s\n"
3132 "-hdachs c,h,s force hard disk 0 geometry (usually qemu can guess it)\n"
3133 "-L path set the directory for the BIOS and VGA BIOS\n"
3134 #ifdef USE_CODE_COPY
3135 "-no-code-copy disable code copy acceleration\n"
3139 "During emulation, use C-a h to get terminal commands:\n",
3140 #ifdef CONFIG_SOFTMMU
3145 DEFAULT_NETWORK_SCRIPT,
3146 DEFAULT_GDBSTUB_PORT,
3149 #ifndef CONFIG_SOFTMMU
3151 "NOTE: this version of QEMU is faster but it needs slightly patched OSes to\n"
3152 "work. Please use the 'qemu' executable to have a more accurate (but slower)\n"
3158 struct option long_options[] = {
3159 { "initrd", 1, NULL, 0, },
3160 { "hda", 1, NULL, 0, },
3161 { "hdb", 1, NULL, 0, },
3162 { "snapshot", 0, NULL, 0, },
3163 { "hdachs", 1, NULL, 0, },
3164 { "nographic", 0, NULL, 0, },
3165 { "kernel", 1, NULL, 0, },
3166 { "append", 1, NULL, 0, },
3167 { "tun-fd", 1, NULL, 0, },
3168 { "hdc", 1, NULL, 0, },
3169 { "hdd", 1, NULL, 0, },
3170 { "cdrom", 1, NULL, 0, },
3171 { "boot", 1, NULL, 0, },
3172 { "fda", 1, NULL, 0, },
3173 { "fdb", 1, NULL, 0, },
3174 { "no-code-copy", 0, NULL, 0},
3175 { NULL, 0, NULL, 0 },
3179 /* SDL use the pthreads and they modify sigaction. We don't
3181 #if __GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 2)
3182 extern void __libc_sigaction();
3183 #define sigaction(sig, act, oact) __libc_sigaction(sig, act, oact)
3185 extern void __sigaction();
3186 #define sigaction(sig, act, oact) __sigaction(sig, act, oact)
3188 #endif /* CONFIG_SDL */
3190 #if defined (TARGET_I386) && defined(USE_CODE_COPY)
3192 /* this stack is only used during signal handling */
3193 #define SIGNAL_STACK_SIZE 32768
3195 static uint8_t *signal_stack;
3199 int main(int argc, char **argv)
3201 int c, ret, initrd_size, i, use_gdbstub, gdbstub_port, long_index;
3202 int snapshot, linux_boot;
3203 struct sigaction act;
3204 struct itimerval itv;
3206 const char *initrd_filename;
3207 const char *hd_filename[MAX_DISKS], *fd_filename[MAX_FD];
3208 const char *kernel_filename, *kernel_cmdline;
3210 DisplayState *ds = &display_state;
3212 /* we never want that malloc() uses mmap() */
3213 mallopt(M_MMAP_THRESHOLD, 4096 * 1024);
3214 initrd_filename = NULL;
3215 for(i = 0; i < MAX_FD; i++)
3216 fd_filename[i] = NULL;
3217 for(i = 0; i < MAX_DISKS; i++)
3218 hd_filename[i] = NULL;
3219 ram_size = 32 * 1024 * 1024;
3220 vga_ram_size = VGA_RAM_SIZE;
3221 #if defined (TARGET_I386)
3222 pstrcpy(network_script, sizeof(network_script), DEFAULT_NETWORK_SCRIPT);
3225 gdbstub_port = DEFAULT_GDBSTUB_PORT;
3228 kernel_filename = NULL;
3229 kernel_cmdline = "";
3231 c = getopt_long_only(argc, argv, "hm:dn:sp:L:", long_options, &long_index);
3236 switch(long_index) {
3238 initrd_filename = optarg;
3241 hd_filename[0] = optarg;
3244 hd_filename[1] = optarg;
3251 int cyls, heads, secs;
3254 cyls = strtol(p, (char **)&p, 0);
3258 heads = strtol(p, (char **)&p, 0);
3262 secs = strtol(p, (char **)&p, 0);
3265 ide_set_geometry(0, cyls, heads, secs);
3273 kernel_filename = optarg;
3276 kernel_cmdline = optarg;
3278 #if defined (TARGET_I386)
3280 net_fd = atoi(optarg);
3284 hd_filename[2] = optarg;
3287 hd_filename[3] = optarg;
3290 hd_filename[2] = optarg;
3291 ide_set_cdrom(2, 1);
3294 boot_device = optarg[0];
3295 if (boot_device != 'a' && boot_device != 'b' &&
3296 boot_device != 'c' && boot_device != 'd') {
3297 fprintf(stderr, "qemu: invalid boot device '%c'\n", boot_device);
3302 fd_filename[0] = optarg;
3305 fd_filename[1] = optarg;
3308 code_copy_enabled = 0;
3316 ram_size = atoi(optarg) * 1024 * 1024;
3319 if (ram_size > PHYS_RAM_MAX_SIZE) {
3320 fprintf(stderr, "qemu: at most %d MB RAM can be simulated\n",
3321 PHYS_RAM_MAX_SIZE / (1024 * 1024));
3326 cpu_set_log(CPU_LOG_ALL);
3328 #if defined (TARGET_I386)
3330 pstrcpy(network_script, sizeof(network_script), optarg);
3337 gdbstub_port = atoi(optarg);
3345 if (optind < argc) {
3346 hd_filename[0] = argv[optind++];
3349 linux_boot = (kernel_filename != NULL);
3351 if (!linux_boot && hd_filename[0] == '\0' && hd_filename[2] == '\0' &&
3352 fd_filename[0] == '\0')
3355 /* boot to cd by default if no hard disk */
3356 if (hd_filename[0] == '\0' && boot_device == 'c') {
3357 if (fd_filename[0] != '\0')
3363 #if !defined(CONFIG_SOFTMMU)
3364 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
3366 static uint8_t stdout_buf[4096];
3367 setvbuf(stdout, stdout_buf, _IOLBF, sizeof(stdout_buf));
3370 setvbuf(stdout, NULL, _IOLBF, 0);
3373 /* init network tun interface */
3374 #if defined (TARGET_I386)
3379 /* init the memory */
3380 phys_ram_size = ram_size + vga_ram_size;
3382 #ifdef CONFIG_SOFTMMU
3383 phys_ram_base = memalign(TARGET_PAGE_SIZE, phys_ram_size);
3384 if (!phys_ram_base) {
3385 fprintf(stderr, "Could not allocate physical memory\n");
3389 /* as we must map the same page at several addresses, we must use
3394 tmpdir = getenv("QEMU_TMPDIR");
3397 snprintf(phys_ram_file, sizeof(phys_ram_file), "%s/vlXXXXXX", tmpdir);
3398 if (mkstemp(phys_ram_file) < 0) {
3399 fprintf(stderr, "Could not create temporary memory file '%s'\n",
3403 phys_ram_fd = open(phys_ram_file, O_CREAT | O_TRUNC | O_RDWR, 0600);
3404 if (phys_ram_fd < 0) {
3405 fprintf(stderr, "Could not open temporary memory file '%s'\n",
3409 ftruncate(phys_ram_fd, phys_ram_size);
3410 unlink(phys_ram_file);
3411 phys_ram_base = mmap(get_mmap_addr(phys_ram_size),
3413 PROT_WRITE | PROT_READ, MAP_SHARED | MAP_FIXED,
3415 if (phys_ram_base == MAP_FAILED) {
3416 fprintf(stderr, "Could not map physical memory\n");
3422 /* open the virtual block devices */
3423 for(i = 0; i < MAX_DISKS; i++) {
3424 if (hd_filename[i]) {
3425 bs_table[i] = bdrv_open(hd_filename[i], snapshot);
3427 fprintf(stderr, "qemu: could not open hard disk image '%s\n",
3434 /* init CPU state */
3437 cpu_single_env = env;
3442 cpu_register_physical_memory(0, ram_size, 0);
3444 #if defined(TARGET_I386)
3448 snprintf(buf, sizeof(buf), "%s/%s", bios_dir, BIOS_FILENAME);
3449 ret = load_image(buf, phys_ram_base + 0x000f0000);
3450 if (ret != 0x10000) {
3451 fprintf(stderr, "qemu: could not load PC bios '%s'\n", buf);
3456 snprintf(buf, sizeof(buf), "%s/%s", bios_dir, VGABIOS_FILENAME);
3457 ret = load_image(buf, phys_ram_base + 0x000c0000);
3459 /* setup basic memory access */
3460 cpu_register_physical_memory(0xc0000, 0x10000, 0xc0000 | IO_MEM_ROM);
3461 cpu_register_physical_memory(0xf0000, 0x10000, 0xf0000 | IO_MEM_ROM);
3466 extern uint8_t linux_boot_start;
3467 extern uint8_t linux_boot_end;
3469 if (bs_table[0] == NULL) {
3470 fprintf(stderr, "A disk image must be given for 'hda' when booting a Linux kernel\n");
3473 bdrv_set_boot_sector(bs_table[0], &linux_boot_start,
3474 &linux_boot_end - &linux_boot_start);
3476 /* now we can load the kernel */
3477 ret = load_kernel(kernel_filename,
3478 phys_ram_base + KERNEL_LOAD_ADDR,
3479 phys_ram_base + KERNEL_PARAMS_ADDR);
3481 fprintf(stderr, "qemu: could not load kernel '%s'\n",
3488 if (initrd_filename) {
3489 initrd_size = load_image(initrd_filename, phys_ram_base + INITRD_LOAD_ADDR);
3490 if (initrd_size < 0) {
3491 fprintf(stderr, "qemu: could not load initial ram disk '%s'\n",
3496 if (initrd_size > 0) {
3497 stl_raw(phys_ram_base + KERNEL_PARAMS_ADDR + 0x218, INITRD_LOAD_ADDR);
3498 stl_raw(phys_ram_base + KERNEL_PARAMS_ADDR + 0x21c, initrd_size);
3500 pstrcpy(phys_ram_base + KERNEL_CMDLINE_ADDR, 4096,
3502 stw_raw(phys_ram_base + KERNEL_PARAMS_ADDR + 0x20, 0xA33F);
3503 stw_raw(phys_ram_base + KERNEL_PARAMS_ADDR + 0x22,
3504 KERNEL_CMDLINE_ADDR - KERNEL_PARAMS_ADDR);
3506 stw_raw(phys_ram_base + KERNEL_PARAMS_ADDR + 0x210, 0x01);
3508 #elif defined(TARGET_PPC)
3510 // snprintf(buf, sizeof(buf), "%s/%s", bios_dir, BIOS_FILENAME);
3511 snprintf(buf, sizeof(buf), "%s", BIOS_FILENAME);
3512 printf("load BIOS at %p\n", phys_ram_base + 0x000f0000);
3513 ret = load_image(buf, phys_ram_base + 0x000f0000);
3514 if (ret != 0x10000) {
3515 fprintf(stderr, "qemu: could not load PPC bios '%s' (%d)\n%m\n",
3523 dumb_display_init(ds);
3526 sdl_display_init(ds);
3528 dumb_display_init(ds);
3531 /* init basic PC hardware */
3532 register_ioport_write(0x80, 1, ioport80_write, 1);
3534 vga_initialize(ds, phys_ram_base + ram_size, ram_size,
3536 #if defined (TARGET_I386)
3542 #if defined (TARGET_I386)
3549 #if defined (TARGET_I386)
3552 #if defined (TARGET_PPC)
3555 fdctrl_register((unsigned char **)fd_filename, snapshot, boot_device);
3557 /* setup cpu signal handlers for MMU / self modifying code handling */
3558 #if !defined(CONFIG_SOFTMMU)
3560 #if defined (TARGET_I386) && defined(USE_CODE_COPY)
3563 signal_stack = malloc(SIGNAL_STACK_SIZE);
3564 stk.ss_sp = signal_stack;
3565 stk.ss_size = SIGNAL_STACK_SIZE;
3568 if (sigaltstack(&stk, NULL) < 0) {
3569 perror("sigaltstack");
3575 sigfillset(&act.sa_mask);
3576 act.sa_flags = SA_SIGINFO;
3577 #if defined (TARGET_I386) && defined(USE_CODE_COPY)
3578 act.sa_flags |= SA_ONSTACK;
3580 act.sa_sigaction = host_segv_handler;
3581 sigaction(SIGSEGV, &act, NULL);
3582 sigaction(SIGBUS, &act, NULL);
3583 #if defined (TARGET_I386) && defined(USE_CODE_COPY)
3584 sigaction(SIGFPE, &act, NULL);
3589 sigfillset(&act.sa_mask);
3590 act.sa_flags = SA_SIGINFO;
3591 #if defined (TARGET_I386) && defined(USE_CODE_COPY)
3592 act.sa_flags |= SA_ONSTACK;
3594 act.sa_sigaction = host_alarm_handler;
3595 sigaction(SIGALRM, &act, NULL);
3597 itv.it_interval.tv_sec = 0;
3598 itv.it_interval.tv_usec = 1000;
3599 itv.it_value.tv_sec = 0;
3600 itv.it_value.tv_usec = 10 * 1000;
3601 setitimer(ITIMER_REAL, &itv, NULL);
3602 /* we probe the tick duration of the kernel to inform the user if
3603 the emulated kernel requested a too high timer frequency */
3604 getitimer(ITIMER_REAL, &itv);
3605 timer_ms = itv.it_interval.tv_usec / 1000;
3606 pit_min_timer_count = ((uint64_t)itv.it_interval.tv_usec * PIT_FREQ) /
3610 cpu_gdbstub(NULL, main_loop, gdbstub_port);
projects / qemu / blob