2 * QEMU PC System Emulator
4 * Copyright (c) 2003 Fabrice Bellard
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
42 #include <sys/ioctl.h>
43 #include <sys/socket.h>
45 #include <linux/if_tun.h>
53 #define DEFAULT_NETWORK_SCRIPT "/etc/qemu-ifup"
54 #define BIOS_FILENAME "bios.bin"
55 #define VGABIOS_FILENAME "vgabios.bin"
57 //#define DEBUG_UNUSED_IOPORT
59 //#define DEBUG_IRQ_LATENCY
61 /* output Bochs bios info messages */
69 /* debug NE2000 card */
70 //#define DEBUG_NE2000
72 /* debug PC keyboard */
75 /* debug PC keyboard : only mouse */
78 //#define DEBUG_SERIAL
80 #define PHYS_RAM_BASE 0xac000000
81 #define PHYS_RAM_MAX_SIZE (256 * 1024 * 1024)
83 #define KERNEL_LOAD_ADDR 0x00100000
84 #define INITRD_LOAD_ADDR 0x00400000
85 #define KERNEL_PARAMS_ADDR 0x00090000
87 #define GUI_REFRESH_INTERVAL 30
89 /* from plex86 (BSD license) */
90 struct __attribute__ ((packed)) linux_params {
91 // For 0x00..0x3f, see 'struct screen_info' in linux/include/linux/tty.h.
92 // I just padded out the VESA parts, rather than define them.
94 /* 0x000 */ uint8_t orig_x;
95 /* 0x001 */ uint8_t orig_y;
96 /* 0x002 */ uint16_t ext_mem_k;
97 /* 0x004 */ uint16_t orig_video_page;
98 /* 0x006 */ uint8_t orig_video_mode;
99 /* 0x007 */ uint8_t orig_video_cols;
100 /* 0x008 */ uint16_t unused1;
101 /* 0x00a */ uint16_t orig_video_ega_bx;
102 /* 0x00c */ uint16_t unused2;
103 /* 0x00e */ uint8_t orig_video_lines;
104 /* 0x00f */ uint8_t orig_video_isVGA;
105 /* 0x010 */ uint16_t orig_video_points;
106 /* 0x012 */ uint8_t pad0[0x20 - 0x12]; // VESA info.
107 /* 0x020 */ uint16_t cl_magic; // Commandline magic number (0xA33F)
108 /* 0x022 */ uint16_t cl_offset; // Commandline offset. Address of commandline
109 // is calculated as 0x90000 + cl_offset, bu
110 // only if cl_magic == 0xA33F.
111 /* 0x024 */ uint8_t pad1[0x40 - 0x24]; // VESA info.
113 /* 0x040 */ uint8_t apm_bios_info[20]; // struct apm_bios_info
114 /* 0x054 */ uint8_t pad2[0x80 - 0x54];
116 // Following 2 from 'struct drive_info_struct' in drivers/block/cciss.h.
117 // Might be truncated?
118 /* 0x080 */ uint8_t hd0_info[16]; // hd0-disk-parameter from intvector 0x41
119 /* 0x090 */ uint8_t hd1_info[16]; // hd1-disk-parameter from intvector 0x46
121 // System description table truncated to 16 bytes
122 // From 'struct sys_desc_table_struct' in linux/arch/i386/kernel/setup.c.
123 /* 0x0a0 */ uint16_t sys_description_len;
124 /* 0x0a2 */ uint8_t sys_description_table[14];
126 // [1] machine submodel id
130 /* 0x0b0 */ uint8_t pad3[0x1e0 - 0xb0];
131 /* 0x1e0 */ uint32_t alt_mem_k;
132 /* 0x1e4 */ uint8_t pad4[4];
133 /* 0x1e8 */ uint8_t e820map_entries;
134 /* 0x1e9 */ uint8_t eddbuf_entries; // EDD_NR
135 /* 0x1ea */ uint8_t pad5[0x1f1 - 0x1ea];
136 /* 0x1f1 */ uint8_t setup_sects; // size of setup.S, number of sectors
137 /* 0x1f2 */ uint16_t mount_root_rdonly; // MOUNT_ROOT_RDONLY (if !=0)
138 /* 0x1f4 */ uint16_t sys_size; // size of compressed kernel-part in the
139 // (b)zImage-file (in 16 byte units, rounded up)
140 /* 0x1f6 */ uint16_t swap_dev; // (unused AFAIK)
141 /* 0x1f8 */ uint16_t ramdisk_flags;
142 /* 0x1fa */ uint16_t vga_mode; // (old one)
143 /* 0x1fc */ uint16_t orig_root_dev; // (high=Major, low=minor)
144 /* 0x1fe */ uint8_t pad6[1];
145 /* 0x1ff */ uint8_t aux_device_info;
146 /* 0x200 */ uint16_t jump_setup; // Jump to start of setup code,
147 // aka "reserved" field.
148 /* 0x202 */ uint8_t setup_signature[4]; // Signature for SETUP-header, ="HdrS"
149 /* 0x206 */ uint16_t header_format_version; // Version number of header format;
150 /* 0x208 */ uint8_t setup_S_temp0[8]; // Used by setup.S for communication with
151 // boot loaders, look there.
152 /* 0x210 */ uint8_t loader_type;
157 // T=2: bootsect-loader
161 /* 0x211 */ uint8_t loadflags;
162 // bit0 = 1: kernel is loaded high (bzImage)
163 // bit7 = 1: Heap and pointer (see below) set by boot
165 /* 0x212 */ uint16_t setup_S_temp1;
166 /* 0x214 */ uint32_t kernel_start;
167 /* 0x218 */ uint32_t initrd_start;
168 /* 0x21c */ uint32_t initrd_size;
169 /* 0x220 */ uint8_t setup_S_temp2[4];
170 /* 0x224 */ uint16_t setup_S_heap_end_pointer;
171 /* 0x226 */ uint8_t pad7[0x2d0 - 0x226];
173 /* 0x2d0 : Int 15, ax=e820 memory map. */
174 // (linux/include/asm-i386/e820.h, 'struct e820entry')
177 #define E820_RESERVED 2
178 #define E820_ACPI 3 /* usable as RAM once ACPI tables have been read */
186 /* 0x550 */ uint8_t pad8[0x600 - 0x550];
188 // BIOS Enhanced Disk Drive Services.
189 // (From linux/include/asm-i386/edd.h, 'struct edd_info')
190 // Each 'struct edd_info is 78 bytes, times a max of 6 structs in array.
191 /* 0x600 */ uint8_t eddbuf[0x7d4 - 0x600];
193 /* 0x7d4 */ uint8_t pad9[0x800 - 0x7d4];
194 /* 0x800 */ uint8_t commandline[0x800];
197 uint64_t gdt_table[256];
198 uint64_t idt_table[48];
201 #define KERNEL_CS 0x10
202 #define KERNEL_DS 0x18
204 /* XXX: use a two level table to limit memory usage */
205 #define MAX_IOPORTS 65536
207 static const char *bios_dir = CONFIG_QEMU_SHAREDIR;
208 char phys_ram_file[1024];
209 CPUX86State *global_env;
210 CPUX86State *cpu_single_env;
211 IOPortReadFunc *ioport_read_table[3][MAX_IOPORTS];
212 IOPortWriteFunc *ioport_write_table[3][MAX_IOPORTS];
213 BlockDriverState *bs_table[MAX_DISKS];
215 static DisplayState display_state;
218 int64_t ticks_per_sec;
219 int boot_device = 'c';
221 /***********************************************************/
224 uint32_t default_ioport_readb(CPUX86State *env, uint32_t address)
226 #ifdef DEBUG_UNUSED_IOPORT
227 fprintf(stderr, "inb: port=0x%04x\n", address);
232 void default_ioport_writeb(CPUX86State *env, uint32_t address, uint32_t data)
234 #ifdef DEBUG_UNUSED_IOPORT
235 fprintf(stderr, "outb: port=0x%04x data=0x%02x\n", address, data);
239 /* default is to make two byte accesses */
240 uint32_t default_ioport_readw(CPUX86State *env, uint32_t address)
243 data = ioport_read_table[0][address & (MAX_IOPORTS - 1)](env, address);
244 data |= ioport_read_table[0][(address + 1) & (MAX_IOPORTS - 1)](env, address + 1) << 8;
248 void default_ioport_writew(CPUX86State *env, uint32_t address, uint32_t data)
250 ioport_write_table[0][address & (MAX_IOPORTS - 1)](env, address, data & 0xff);
251 ioport_write_table[0][(address + 1) & (MAX_IOPORTS - 1)](env, address + 1, (data >> 8) & 0xff);
254 uint32_t default_ioport_readl(CPUX86State *env, uint32_t address)
256 #ifdef DEBUG_UNUSED_IOPORT
257 fprintf(stderr, "inl: port=0x%04x\n", address);
262 void default_ioport_writel(CPUX86State *env, uint32_t address, uint32_t data)
264 #ifdef DEBUG_UNUSED_IOPORT
265 fprintf(stderr, "outl: port=0x%04x data=0x%02x\n", address, data);
269 void init_ioports(void)
273 for(i = 0; i < MAX_IOPORTS; i++) {
274 ioport_read_table[0][i] = default_ioport_readb;
275 ioport_write_table[0][i] = default_ioport_writeb;
276 ioport_read_table[1][i] = default_ioport_readw;
277 ioport_write_table[1][i] = default_ioport_writew;
278 ioport_read_table[2][i] = default_ioport_readl;
279 ioport_write_table[2][i] = default_ioport_writel;
283 /* size is the word size in byte */
284 int register_ioport_read(int start, int length, IOPortReadFunc *func, int size)
296 for(i = start; i < start + length; i += size)
297 ioport_read_table[bsize][i] = func;
301 /* size is the word size in byte */
302 int register_ioport_write(int start, int length, IOPortWriteFunc *func, int size)
314 for(i = start; i < start + length; i += size)
315 ioport_write_table[bsize][i] = func;
319 void pstrcpy(char *buf, int buf_size, const char *str)
329 if (c == 0 || q >= buf + buf_size - 1)
336 /* strcat and truncate. */
337 char *pstrcat(char *buf, int buf_size, const char *s)
342 pstrcpy(buf + len, buf_size - len, s);
346 int load_kernel(const char *filename, uint8_t *addr)
348 int fd, size, setup_sects;
349 uint8_t bootsect[512];
351 fd = open(filename, O_RDONLY);
354 if (read(fd, bootsect, 512) != 512)
356 setup_sects = bootsect[0x1F1];
359 /* skip 16 bit setup code */
360 lseek(fd, (setup_sects + 1) * 512, SEEK_SET);
361 size = read(fd, addr, 16 * 1024 * 1024);
371 /* return the size or -1 if error */
372 int load_image(const char *filename, uint8_t *addr)
375 fd = open(filename, O_RDONLY);
378 size = lseek(fd, 0, SEEK_END);
379 lseek(fd, 0, SEEK_SET);
380 if (read(fd, addr, size) != size) {
388 void cpu_x86_outb(CPUX86State *env, int addr, int val)
390 ioport_write_table[0][addr & (MAX_IOPORTS - 1)](env, addr, val);
393 void cpu_x86_outw(CPUX86State *env, int addr, int val)
395 ioport_write_table[1][addr & (MAX_IOPORTS - 1)](env, addr, val);
398 void cpu_x86_outl(CPUX86State *env, int addr, int val)
400 ioport_write_table[2][addr & (MAX_IOPORTS - 1)](env, addr, val);
403 int cpu_x86_inb(CPUX86State *env, int addr)
405 return ioport_read_table[0][addr & (MAX_IOPORTS - 1)](env, addr);
408 int cpu_x86_inw(CPUX86State *env, int addr)
410 return ioport_read_table[1][addr & (MAX_IOPORTS - 1)](env, addr);
413 int cpu_x86_inl(CPUX86State *env, int addr)
415 return ioport_read_table[2][addr & (MAX_IOPORTS - 1)](env, addr);
418 /***********************************************************/
419 void ioport80_write(CPUX86State *env, uint32_t addr, uint32_t data)
423 void hw_error(const char *fmt, ...)
428 fprintf(stderr, "qemu: hardware error: ");
429 vfprintf(stderr, fmt, ap);
430 fprintf(stderr, "\n");
432 cpu_x86_dump_state(global_env, stderr, X86_DUMP_FPU | X86_DUMP_CCOP);
438 /***********************************************************/
441 #define RTC_SECONDS 0
442 #define RTC_SECONDS_ALARM 1
443 #define RTC_MINUTES 2
444 #define RTC_MINUTES_ALARM 3
446 #define RTC_HOURS_ALARM 5
447 #define RTC_ALARM_DONT_CARE 0xC0
449 #define RTC_DAY_OF_WEEK 6
450 #define RTC_DAY_OF_MONTH 7
459 /* PC cmos mappings */
460 #define REG_EQUIPMENT_BYTE 0x14
461 #define REG_IBM_CENTURY_BYTE 0x32
463 uint8_t cmos_data[128];
466 void cmos_ioport_write(CPUX86State *env, uint32_t addr, uint32_t data)
469 cmos_index = data & 0x7f;
472 printf("cmos: write index=0x%02x val=0x%02x\n",
476 case RTC_SECONDS_ALARM:
477 case RTC_MINUTES_ALARM:
478 case RTC_HOURS_ALARM:
479 /* XXX: not supported */
480 cmos_data[cmos_index] = data;
485 case RTC_DAY_OF_WEEK:
486 case RTC_DAY_OF_MONTH:
489 cmos_data[cmos_index] = data;
493 cmos_data[cmos_index] = data;
497 /* cannot write to them */
500 cmos_data[cmos_index] = data;
506 uint32_t cmos_ioport_read(CPUX86State *env, uint32_t addr)
513 ret = cmos_data[cmos_index];
516 /* toggle update-in-progress bit for Linux (same hack as
518 cmos_data[RTC_REG_A] ^= 0x80;
522 cmos_data[RTC_REG_C] = 0x00;
526 printf("cmos: read index=0x%02x val=0x%02x\n",
534 static inline int to_bcd(int a)
536 return ((a / 10) << 4) | (a % 10);
547 cmos_data[RTC_SECONDS] = to_bcd(tm->tm_sec);
548 cmos_data[RTC_MINUTES] = to_bcd(tm->tm_min);
549 cmos_data[RTC_HOURS] = to_bcd(tm->tm_hour);
550 cmos_data[RTC_DAY_OF_WEEK] = to_bcd(tm->tm_wday);
551 cmos_data[RTC_DAY_OF_MONTH] = to_bcd(tm->tm_mday);
552 cmos_data[RTC_MONTH] = to_bcd(tm->tm_mon + 1);
553 cmos_data[RTC_YEAR] = to_bcd(tm->tm_year % 100);
555 cmos_data[RTC_REG_A] = 0x26;
556 cmos_data[RTC_REG_B] = 0x02;
557 cmos_data[RTC_REG_C] = 0x00;
558 cmos_data[RTC_REG_D] = 0x80;
560 /* various important CMOS locations needed by PC/Bochs bios */
561 cmos_data[REG_IBM_CENTURY_BYTE] = to_bcd((tm->tm_year / 100) + 19);
563 cmos_data[REG_EQUIPMENT_BYTE] = 0x02; /* FPU is there */
564 cmos_data[REG_EQUIPMENT_BYTE] |= 0x04; /* PS/2 mouse installed */
567 val = (phys_ram_size / 1024) - 1024;
570 cmos_data[0x17] = val;
571 cmos_data[0x18] = val >> 8;
572 cmos_data[0x30] = val;
573 cmos_data[0x31] = val >> 8;
575 val = (phys_ram_size / 65536) - ((16 * 1024 * 1024) / 65536);
578 cmos_data[0x34] = val;
579 cmos_data[0x35] = val >> 8;
581 switch(boot_device) {
583 cmos_data[0x3d] = 0x01; /* floppy boot */
587 cmos_data[0x3d] = 0x02; /* hard drive boot */
590 cmos_data[0x3d] = 0x03; /* CD-ROM boot */
594 register_ioport_write(0x70, 2, cmos_ioport_write, 1);
595 register_ioport_read(0x70, 2, cmos_ioport_read, 1);
598 /***********************************************************/
599 /* 8259 pic emulation */
601 typedef struct PicState {
602 uint8_t last_irr; /* edge detection */
603 uint8_t irr; /* interrupt request register */
604 uint8_t imr; /* interrupt mask register */
605 uint8_t isr; /* interrupt service register */
606 uint8_t priority_add; /* used to compute irq priority */
608 uint8_t read_reg_select;
609 uint8_t special_mask;
612 uint8_t rotate_on_autoeoi;
613 uint8_t init4; /* true if 4 byte init */
616 /* 0 is master pic, 1 is slave pic */
618 int pic_irq_requested;
620 /* set irq level. If an edge is detected, then the IRR is set to 1 */
621 static inline void pic_set_irq1(PicState *s, int irq, int level)
626 if ((s->last_irr & mask) == 0)
630 s->last_irr &= ~mask;
634 static inline int get_priority(PicState *s, int mask)
640 while ((mask & (1 << ((priority + s->priority_add) & 7))) == 0)
645 /* return the pic wanted interrupt. return -1 if none */
646 static int pic_get_irq(PicState *s)
648 int mask, cur_priority, priority;
650 mask = s->irr & ~s->imr;
651 priority = get_priority(s, mask);
654 /* compute current priority */
655 cur_priority = get_priority(s, s->isr);
656 if (priority > cur_priority) {
657 /* higher priority found: an irq should be generated */
664 /* raise irq to CPU if necessary. must be called every time the active
666 static void pic_update_irq(void)
670 /* first look at slave pic */
671 irq2 = pic_get_irq(&pics[1]);
673 /* if irq request by slave pic, signal master PIC */
674 pic_set_irq1(&pics[0], 2, 1);
675 pic_set_irq1(&pics[0], 2, 0);
677 /* look at requested irq */
678 irq = pic_get_irq(&pics[0]);
682 pic_irq_requested = 8 + irq2;
684 /* from master pic */
685 pic_irq_requested = irq;
687 cpu_x86_interrupt(global_env, CPU_INTERRUPT_HARD);
691 #ifdef DEBUG_IRQ_LATENCY
692 int64_t irq_time[16];
693 int64_t cpu_get_ticks(void);
695 #if defined(DEBUG_PIC)
699 void pic_set_irq(int irq, int level)
701 #if defined(DEBUG_PIC)
702 if (level != irq_level[irq]) {
703 printf("pic_set_irq: irq=%d level=%d\n", irq, level);
704 irq_level[irq] = level;
707 #ifdef DEBUG_IRQ_LATENCY
709 irq_time[irq] = cpu_get_ticks();
712 pic_set_irq1(&pics[irq >> 3], irq & 7, level);
716 int cpu_x86_get_pic_interrupt(CPUX86State *env)
718 int irq, irq2, intno;
720 /* signal the pic that the irq was acked by the CPU */
721 irq = pic_irq_requested;
722 #ifdef DEBUG_IRQ_LATENCY
723 printf("IRQ%d latency=%0.3fus\n",
725 (double)(cpu_get_ticks() - irq_time[irq]) * 1000000.0 / ticks_per_sec);
727 #if defined(DEBUG_PIC)
728 printf("pic_interrupt: irq=%d\n", irq);
733 pics[1].isr |= (1 << irq2);
734 pics[1].irr &= ~(1 << irq2);
736 intno = pics[1].irq_base + irq2;
738 intno = pics[0].irq_base + irq;
740 pics[0].isr |= (1 << irq);
741 pics[0].irr &= ~(1 << irq);
745 void pic_ioport_write(CPUX86State *env, uint32_t addr, uint32_t val)
751 printf("pic_write: addr=0x%02x val=0x%02x\n", addr, val);
753 s = &pics[addr >> 7];
758 memset(s, 0, sizeof(PicState));
762 hw_error("single mode not supported");
764 hw_error("level sensitive irq not supported");
765 } else if (val & 0x08) {
767 s->read_reg_select = val & 1;
769 s->special_mask = (val >> 5) & 1;
774 s->rotate_on_autoeoi = val >> 7;
776 case 0x20: /* end of interrupt */
778 priority = get_priority(s, s->isr);
780 s->isr &= ~(1 << ((priority + s->priority_add) & 7));
783 s->priority_add = (s->priority_add + 1) & 7;
788 s->isr &= ~(1 << priority);
792 s->priority_add = (val + 1) & 7;
797 s->isr &= ~(1 << priority);
798 s->priority_add = (priority + 1) & 7;
804 switch(s->init_state) {
811 s->irq_base = val & 0xf8;
822 s->auto_eoi = (val >> 1) & 1;
829 uint32_t pic_ioport_read(CPUX86State *env, uint32_t addr1)
836 s = &pics[addr >> 7];
839 if (s->read_reg_select)
847 printf("pic_read: addr=0x%02x val=0x%02x\n", addr1, ret);
854 register_ioport_write(0x20, 2, pic_ioport_write, 1);
855 register_ioport_read(0x20, 2, pic_ioport_read, 1);
856 register_ioport_write(0xa0, 2, pic_ioport_write, 1);
857 register_ioport_read(0xa0, 2, pic_ioport_read, 1);
860 /***********************************************************/
861 /* 8253 PIT emulation */
863 #define PIT_FREQ 1193182
865 #define RW_STATE_LSB 0
866 #define RW_STATE_MSB 1
867 #define RW_STATE_WORD0 2
868 #define RW_STATE_WORD1 3
869 #define RW_STATE_LATCHED_WORD0 4
870 #define RW_STATE_LATCHED_WORD1 5
872 typedef struct PITChannelState {
873 int count; /* can be 65536 */
874 uint16_t latched_count;
877 uint8_t bcd; /* not supported */
878 uint8_t gate; /* timer start */
879 int64_t count_load_time;
880 int64_t count_last_edge_check_time;
883 PITChannelState pit_channels[3];
885 int dummy_refresh_clock;
886 int pit_min_timer_count = 0;
889 #if defined(__powerpc__)
891 static inline uint32_t get_tbl(void)
894 asm volatile("mftb %0" : "=r" (tbl));
898 static inline uint32_t get_tbu(void)
901 asm volatile("mftbu %0" : "=r" (tbl));
905 int64_t cpu_get_real_ticks(void)
908 /* NOTE: we test if wrapping has occurred */
914 return ((int64_t)h << 32) | l;
917 #elif defined(__i386__)
919 int64_t cpu_get_real_ticks(void)
922 asm("rdtsc" : "=A" (val));
927 #error unsupported CPU
930 static int64_t cpu_ticks_offset;
931 static int64_t cpu_ticks_last;
933 int64_t cpu_get_ticks(void)
935 return cpu_get_real_ticks() + cpu_ticks_offset;
938 /* enable cpu_get_ticks() */
939 void cpu_enable_ticks(void)
941 cpu_ticks_offset = cpu_ticks_last - cpu_get_real_ticks();
944 /* disable cpu_get_ticks() : the clock is stopped. You must not call
945 cpu_get_ticks() after that. */
946 void cpu_disable_ticks(void)
948 cpu_ticks_last = cpu_get_ticks();
951 int64_t get_clock(void)
954 gettimeofday(&tv, NULL);
955 return tv.tv_sec * 1000000LL + tv.tv_usec;
958 void cpu_calibrate_ticks(void)
963 ticks = cpu_get_ticks();
965 usec = get_clock() - usec;
966 ticks = cpu_get_ticks() - ticks;
967 ticks_per_sec = (ticks * 1000000LL + (usec >> 1)) / usec;
970 /* compute with 96 bit intermediate result: (a*b)/c */
971 static uint64_t muldiv64(uint64_t a, uint32_t b, uint32_t c)
976 #ifdef WORDS_BIGENDIAN
986 rl = (uint64_t)u.l.low * (uint64_t)b;
987 rh = (uint64_t)u.l.high * (uint64_t)b;
990 res.l.low = (((rh % c) << 32) + (rl & 0xffffffff)) / c;
994 static int pit_get_count(PITChannelState *s)
999 d = muldiv64(cpu_get_ticks() - s->count_load_time, PIT_FREQ, ticks_per_sec);
1005 counter = (s->count - d) & 0xffff;
1008 /* XXX: may be incorrect for odd counts */
1009 counter = s->count - ((2 * d) % s->count);
1012 counter = s->count - (d % s->count);
1018 /* get pit output bit */
1019 static int pit_get_out(PITChannelState *s)
1024 d = muldiv64(cpu_get_ticks() - s->count_load_time, PIT_FREQ, ticks_per_sec);
1028 out = (d >= s->count);
1031 out = (d < s->count);
1034 if ((d % s->count) == 0 && d != 0)
1040 out = (d % s->count) < ((s->count + 1) >> 1);
1044 out = (d == s->count);
1050 /* get the number of 0 to 1 transitions we had since we call this
1052 /* XXX: maybe better to use ticks precision to avoid getting edges
1053 twice if checks are done at very small intervals */
1054 static int pit_get_out_edges(PITChannelState *s)
1060 ticks = cpu_get_ticks();
1061 d1 = muldiv64(s->count_last_edge_check_time - s->count_load_time,
1062 PIT_FREQ, ticks_per_sec);
1063 d2 = muldiv64(ticks - s->count_load_time,
1064 PIT_FREQ, ticks_per_sec);
1065 s->count_last_edge_check_time = ticks;
1069 if (d1 < s->count && d2 >= s->count)
1083 v = s->count - ((s->count + 1) >> 1);
1084 d1 = (d1 + v) / s->count;
1085 d2 = (d2 + v) / s->count;
1090 if (d1 < s->count && d2 >= s->count)
1099 /* val must be 0 or 1 */
1100 static inline void pit_set_gate(PITChannelState *s, int val)
1106 /* XXX: just disable/enable counting */
1110 if (s->gate < val) {
1111 /* restart counting on rising edge */
1112 s->count_load_time = cpu_get_ticks();
1113 s->count_last_edge_check_time = s->count_load_time;
1118 if (s->gate < val) {
1119 /* restart counting on rising edge */
1120 s->count_load_time = cpu_get_ticks();
1121 s->count_last_edge_check_time = s->count_load_time;
1123 /* XXX: disable/enable counting */
1129 static inline void pit_load_count(PITChannelState *s, int val)
1133 s->count_load_time = cpu_get_ticks();
1134 s->count_last_edge_check_time = s->count_load_time;
1136 if (s == &pit_channels[0] && val <= pit_min_timer_count) {
1138 "\nWARNING: qemu: on your system, accurate timer emulation is impossible if its frequency is more than %d Hz. If using a 2.5.xx Linux kernel, you must patch asm/param.h to change HZ from 1000 to 100.\n\n",
1139 PIT_FREQ / pit_min_timer_count);
1143 void pit_ioport_write(CPUX86State *env, uint32_t addr, uint32_t val)
1145 int channel, access;
1153 s = &pit_channels[channel];
1154 access = (val >> 4) & 3;
1157 s->latched_count = pit_get_count(s);
1158 s->rw_state = RW_STATE_LATCHED_WORD0;
1161 s->mode = (val >> 1) & 7;
1163 s->rw_state = access - 1 + RW_STATE_LSB;
1167 s = &pit_channels[addr];
1168 switch(s->rw_state) {
1170 pit_load_count(s, val);
1173 pit_load_count(s, val << 8);
1175 case RW_STATE_WORD0:
1176 case RW_STATE_WORD1:
1177 if (s->rw_state & 1) {
1178 pit_load_count(s, (s->latched_count & 0xff) | (val << 8));
1180 s->latched_count = val;
1188 uint32_t pit_ioport_read(CPUX86State *env, uint32_t addr)
1194 s = &pit_channels[addr];
1195 switch(s->rw_state) {
1198 case RW_STATE_WORD0:
1199 case RW_STATE_WORD1:
1200 count = pit_get_count(s);
1201 if (s->rw_state & 1)
1202 ret = (count >> 8) & 0xff;
1205 if (s->rw_state & 2)
1209 case RW_STATE_LATCHED_WORD0:
1210 case RW_STATE_LATCHED_WORD1:
1211 if (s->rw_state & 1)
1212 ret = s->latched_count >> 8;
1214 ret = s->latched_count & 0xff;
1221 void speaker_ioport_write(CPUX86State *env, uint32_t addr, uint32_t val)
1223 speaker_data_on = (val >> 1) & 1;
1224 pit_set_gate(&pit_channels[2], val & 1);
1227 uint32_t speaker_ioport_read(CPUX86State *env, uint32_t addr)
1230 out = pit_get_out(&pit_channels[2]);
1231 dummy_refresh_clock ^= 1;
1232 return (speaker_data_on << 1) | pit_channels[2].gate | (out << 5) |
1233 (dummy_refresh_clock << 4);
1241 cpu_calibrate_ticks();
1243 for(i = 0;i < 3; i++) {
1244 s = &pit_channels[i];
1247 pit_load_count(s, 0);
1250 register_ioport_write(0x40, 4, pit_ioport_write, 1);
1251 register_ioport_read(0x40, 3, pit_ioport_read, 1);
1253 register_ioport_read(0x61, 1, speaker_ioport_read, 1);
1254 register_ioport_write(0x61, 1, speaker_ioport_write, 1);
1257 /***********************************************************/
1258 /* serial port emulation */
1262 #define UART_LCR_DLAB 0x80 /* Divisor latch access bit */
1264 #define UART_IER_MSI 0x08 /* Enable Modem status interrupt */
1265 #define UART_IER_RLSI 0x04 /* Enable receiver line status interrupt */
1266 #define UART_IER_THRI 0x02 /* Enable Transmitter holding register int. */
1267 #define UART_IER_RDI 0x01 /* Enable receiver data interrupt */
1269 #define UART_IIR_NO_INT 0x01 /* No interrupts pending */
1270 #define UART_IIR_ID 0x06 /* Mask for the interrupt ID */
1272 #define UART_IIR_MSI 0x00 /* Modem status interrupt */
1273 #define UART_IIR_THRI 0x02 /* Transmitter holding register empty */
1274 #define UART_IIR_RDI 0x04 /* Receiver data interrupt */
1275 #define UART_IIR_RLSI 0x06 /* Receiver line status interrupt */
1278 * These are the definitions for the Modem Control Register
1280 #define UART_MCR_LOOP 0x10 /* Enable loopback test mode */
1281 #define UART_MCR_OUT2 0x08 /* Out2 complement */
1282 #define UART_MCR_OUT1 0x04 /* Out1 complement */
1283 #define UART_MCR_RTS 0x02 /* RTS complement */
1284 #define UART_MCR_DTR 0x01 /* DTR complement */
1287 * These are the definitions for the Modem Status Register
1289 #define UART_MSR_DCD 0x80 /* Data Carrier Detect */
1290 #define UART_MSR_RI 0x40 /* Ring Indicator */
1291 #define UART_MSR_DSR 0x20 /* Data Set Ready */
1292 #define UART_MSR_CTS 0x10 /* Clear to Send */
1293 #define UART_MSR_DDCD 0x08 /* Delta DCD */
1294 #define UART_MSR_TERI 0x04 /* Trailing edge ring indicator */
1295 #define UART_MSR_DDSR 0x02 /* Delta DSR */
1296 #define UART_MSR_DCTS 0x01 /* Delta CTS */
1297 #define UART_MSR_ANY_DELTA 0x0F /* Any of the delta bits! */
1299 #define UART_LSR_TEMT 0x40 /* Transmitter empty */
1300 #define UART_LSR_THRE 0x20 /* Transmit-hold-register empty */
1301 #define UART_LSR_BI 0x10 /* Break interrupt indicator */
1302 #define UART_LSR_FE 0x08 /* Frame error indicator */
1303 #define UART_LSR_PE 0x04 /* Parity error indicator */
1304 #define UART_LSR_OE 0x02 /* Overrun error indicator */
1305 #define UART_LSR_DR 0x01 /* Receiver data ready */
1307 typedef struct SerialState {
1309 uint8_t rbr; /* receive register */
1311 uint8_t iir; /* read only */
1314 uint8_t lsr; /* read only */
1317 /* NOTE: this hidden state is necessary for tx irq generation as
1318 it can be reset while reading iir */
1322 SerialState serial_ports[1];
1324 void serial_update_irq(void)
1326 SerialState *s = &serial_ports[0];
1328 if ((s->lsr & UART_LSR_DR) && (s->ier & UART_IER_RDI)) {
1329 s->iir = UART_IIR_RDI;
1330 } else if (s->thr_ipending && (s->ier & UART_IER_THRI)) {
1331 s->iir = UART_IIR_THRI;
1333 s->iir = UART_IIR_NO_INT;
1335 if (s->iir != UART_IIR_NO_INT) {
1336 pic_set_irq(UART_IRQ, 1);
1338 pic_set_irq(UART_IRQ, 0);
1342 void serial_ioport_write(CPUX86State *env, uint32_t addr, uint32_t val)
1344 SerialState *s = &serial_ports[0];
1350 printf("serial: write addr=0x%02x val=0x%02x\n", addr, val);
1355 if (s->lcr & UART_LCR_DLAB) {
1356 s->divider = (s->divider & 0xff00) | val;
1358 s->thr_ipending = 0;
1359 s->lsr &= ~UART_LSR_THRE;
1360 serial_update_irq();
1364 ret = write(1, &ch, 1);
1366 s->thr_ipending = 1;
1367 s->lsr |= UART_LSR_THRE;
1368 s->lsr |= UART_LSR_TEMT;
1369 serial_update_irq();
1373 if (s->lcr & UART_LCR_DLAB) {
1374 s->divider = (s->divider & 0x00ff) | (val << 8);
1377 serial_update_irq();
1399 uint32_t serial_ioport_read(CPUX86State *env, uint32_t addr)
1401 SerialState *s = &serial_ports[0];
1408 if (s->lcr & UART_LCR_DLAB) {
1409 ret = s->divider & 0xff;
1412 s->lsr &= ~(UART_LSR_DR | UART_LSR_BI);
1413 serial_update_irq();
1417 if (s->lcr & UART_LCR_DLAB) {
1418 ret = (s->divider >> 8) & 0xff;
1425 /* reset THR pending bit */
1426 if ((ret & 0x7) == UART_IIR_THRI)
1427 s->thr_ipending = 0;
1428 serial_update_irq();
1440 if (s->mcr & UART_MCR_LOOP) {
1441 /* in loopback, the modem output pins are connected to the
1443 ret = (s->mcr & 0x0c) << 4;
1444 ret |= (s->mcr & 0x02) << 3;
1445 ret |= (s->mcr & 0x01) << 5;
1455 printf("serial: read addr=0x%02x val=0x%02x\n", addr, ret);
1460 #define TERM_ESCAPE 0x01 /* ctrl-a is used for escape */
1461 static int term_got_escape;
1463 void term_print_help(void)
1466 "C-a h print this help\n"
1467 "C-a x exit emulatior\n"
1468 "C-a s save disk data back to file (if -snapshot)\n"
1469 "C-a b send break (magic sysrq)\n"
1470 "C-a C-a send C-a\n"
1474 /* called when a char is received */
1475 void serial_received_byte(SerialState *s, int ch)
1477 if (term_got_escape) {
1478 term_got_escape = 0;
1489 for (i = 0; i < MAX_DISKS; i++) {
1491 bdrv_commit(bs_table[i]);
1498 s->lsr |= UART_LSR_BI | UART_LSR_DR;
1499 serial_update_irq();
1502 cpu_set_log(CPU_LOG_ALL);
1507 } else if (ch == TERM_ESCAPE) {
1508 term_got_escape = 1;
1512 s->lsr |= UART_LSR_DR;
1513 serial_update_irq();
1517 void serial_init(void)
1519 SerialState *s = &serial_ports[0];
1521 s->lsr = UART_LSR_TEMT | UART_LSR_THRE;
1522 s->iir = UART_IIR_NO_INT;
1524 register_ioport_write(0x3f8, 8, serial_ioport_write, 1);
1525 register_ioport_read(0x3f8, 8, serial_ioport_read, 1);
1528 /***********************************************************/
1529 /* ne2000 emulation */
1531 #define NE2000_IOPORT 0x300
1532 #define NE2000_IRQ 9
1534 #define MAX_ETH_FRAME_SIZE 1514
1536 #define E8390_CMD 0x00 /* The command register (for all pages) */
1537 /* Page 0 register offsets. */
1538 #define EN0_CLDALO 0x01 /* Low byte of current local dma addr RD */
1539 #define EN0_STARTPG 0x01 /* Starting page of ring bfr WR */
1540 #define EN0_CLDAHI 0x02 /* High byte of current local dma addr RD */
1541 #define EN0_STOPPG 0x02 /* Ending page +1 of ring bfr WR */
1542 #define EN0_BOUNDARY 0x03 /* Boundary page of ring bfr RD WR */
1543 #define EN0_TSR 0x04 /* Transmit status reg RD */
1544 #define EN0_TPSR 0x04 /* Transmit starting page WR */
1545 #define EN0_NCR 0x05 /* Number of collision reg RD */
1546 #define EN0_TCNTLO 0x05 /* Low byte of tx byte count WR */
1547 #define EN0_FIFO 0x06 /* FIFO RD */
1548 #define EN0_TCNTHI 0x06 /* High byte of tx byte count WR */
1549 #define EN0_ISR 0x07 /* Interrupt status reg RD WR */
1550 #define EN0_CRDALO 0x08 /* low byte of current remote dma address RD */
1551 #define EN0_RSARLO 0x08 /* Remote start address reg 0 */
1552 #define EN0_CRDAHI 0x09 /* high byte, current remote dma address RD */
1553 #define EN0_RSARHI 0x09 /* Remote start address reg 1 */
1554 #define EN0_RCNTLO 0x0a /* Remote byte count reg WR */
1555 #define EN0_RCNTHI 0x0b /* Remote byte count reg WR */
1556 #define EN0_RSR 0x0c /* rx status reg RD */
1557 #define EN0_RXCR 0x0c /* RX configuration reg WR */
1558 #define EN0_TXCR 0x0d /* TX configuration reg WR */
1559 #define EN0_COUNTER0 0x0d /* Rcv alignment error counter RD */
1560 #define EN0_DCFG 0x0e /* Data configuration reg WR */
1561 #define EN0_COUNTER1 0x0e /* Rcv CRC error counter RD */
1562 #define EN0_IMR 0x0f /* Interrupt mask reg WR */
1563 #define EN0_COUNTER2 0x0f /* Rcv missed frame error counter RD */
1565 #define EN1_PHYS 0x11
1566 #define EN1_CURPAG 0x17
1567 #define EN1_MULT 0x18
1569 /* Register accessed at EN_CMD, the 8390 base addr. */
1570 #define E8390_STOP 0x01 /* Stop and reset the chip */
1571 #define E8390_START 0x02 /* Start the chip, clear reset */
1572 #define E8390_TRANS 0x04 /* Transmit a frame */
1573 #define E8390_RREAD 0x08 /* Remote read */
1574 #define E8390_RWRITE 0x10 /* Remote write */
1575 #define E8390_NODMA 0x20 /* Remote DMA */
1576 #define E8390_PAGE0 0x00 /* Select page chip registers */
1577 #define E8390_PAGE1 0x40 /* using the two high-order bits */
1578 #define E8390_PAGE2 0x80 /* Page 3 is invalid. */
1580 /* Bits in EN0_ISR - Interrupt status register */
1581 #define ENISR_RX 0x01 /* Receiver, no error */
1582 #define ENISR_TX 0x02 /* Transmitter, no error */
1583 #define ENISR_RX_ERR 0x04 /* Receiver, with error */
1584 #define ENISR_TX_ERR 0x08 /* Transmitter, with error */
1585 #define ENISR_OVER 0x10 /* Receiver overwrote the ring */
1586 #define ENISR_COUNTERS 0x20 /* Counters need emptying */
1587 #define ENISR_RDC 0x40 /* remote dma complete */
1588 #define ENISR_RESET 0x80 /* Reset completed */
1589 #define ENISR_ALL 0x3f /* Interrupts we will enable */
1591 /* Bits in received packet status byte and EN0_RSR*/
1592 #define ENRSR_RXOK 0x01 /* Received a good packet */
1593 #define ENRSR_CRC 0x02 /* CRC error */
1594 #define ENRSR_FAE 0x04 /* frame alignment error */
1595 #define ENRSR_FO 0x08 /* FIFO overrun */
1596 #define ENRSR_MPA 0x10 /* missed pkt */
1597 #define ENRSR_PHY 0x20 /* physical/multicast address */
1598 #define ENRSR_DIS 0x40 /* receiver disable. set in monitor mode */
1599 #define ENRSR_DEF 0x80 /* deferring */
1601 /* Transmitted packet status, EN0_TSR. */
1602 #define ENTSR_PTX 0x01 /* Packet transmitted without error */
1603 #define ENTSR_ND 0x02 /* The transmit wasn't deferred. */
1604 #define ENTSR_COL 0x04 /* The transmit collided at least once. */
1605 #define ENTSR_ABT 0x08 /* The transmit collided 16 times, and was deferred. */
1606 #define ENTSR_CRS 0x10 /* The carrier sense was lost. */
1607 #define ENTSR_FU 0x20 /* A "FIFO underrun" occurred during transmit. */
1608 #define ENTSR_CDH 0x40 /* The collision detect "heartbeat" signal was lost. */
1609 #define ENTSR_OWC 0x80 /* There was an out-of-window collision. */
1611 #define NE2000_MEM_SIZE 32768
1613 typedef struct NE2000State {
1626 uint8_t phys[6]; /* mac address */
1628 uint8_t mult[8]; /* multicast mask array */
1629 uint8_t mem[NE2000_MEM_SIZE];
1632 NE2000State ne2000_state;
1634 char network_script[1024];
1636 void ne2000_reset(void)
1638 NE2000State *s = &ne2000_state;
1641 s->isr = ENISR_RESET;
1651 /* duplicate prom data */
1652 for(i = 15;i >= 0; i--) {
1653 s->mem[2 * i] = s->mem[i];
1654 s->mem[2 * i + 1] = s->mem[i];
1658 void ne2000_update_irq(NE2000State *s)
1661 isr = s->isr & s->imr;
1663 pic_set_irq(NE2000_IRQ, 1);
1665 pic_set_irq(NE2000_IRQ, 0);
1671 int fd, ret, pid, status;
1673 fd = open("/dev/net/tun", O_RDWR);
1675 fprintf(stderr, "warning: could not open /dev/net/tun: no virtual network emulation\n");
1678 memset(&ifr, 0, sizeof(ifr));
1679 ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
1680 pstrcpy(ifr.ifr_name, IFNAMSIZ, "tun%d");
1681 ret = ioctl(fd, TUNSETIFF, (void *) &ifr);
1683 fprintf(stderr, "warning: could not configure /dev/net/tun: no virtual network emulation\n");
1687 printf("Connected to host network interface: %s\n", ifr.ifr_name);
1688 fcntl(fd, F_SETFL, O_NONBLOCK);
1691 /* try to launch network init script */
1695 execl(network_script, network_script, ifr.ifr_name, NULL);
1698 while (waitpid(pid, &status, 0) != pid);
1699 if (!WIFEXITED(status) ||
1700 WEXITSTATUS(status) != 0) {
1701 fprintf(stderr, "%s: could not launch network script for '%s'\n",
1702 network_script, ifr.ifr_name);
1708 void net_send_packet(NE2000State *s, const uint8_t *buf, int size)
1711 printf("NE2000: sending packet size=%d\n", size);
1713 write(net_fd, buf, size);
1716 /* return true if the NE2000 can receive more data */
1717 int ne2000_can_receive(NE2000State *s)
1719 int avail, index, boundary;
1721 if (s->cmd & E8390_STOP)
1723 index = s->curpag << 8;
1724 boundary = s->boundary << 8;
1725 if (index < boundary)
1726 avail = boundary - index;
1728 avail = (s->stop - s->start) - (index - boundary);
1729 if (avail < (MAX_ETH_FRAME_SIZE + 4))
1734 void ne2000_receive(NE2000State *s, uint8_t *buf, int size)
1737 int total_len, next, avail, len, index;
1739 #if defined(DEBUG_NE2000)
1740 printf("NE2000: received len=%d\n", size);
1743 index = s->curpag << 8;
1744 /* 4 bytes for header */
1745 total_len = size + 4;
1746 /* address for next packet (4 bytes for CRC) */
1747 next = index + ((total_len + 4 + 255) & ~0xff);
1748 if (next >= s->stop)
1749 next -= (s->stop - s->start);
1750 /* prepare packet header */
1752 p[0] = ENRSR_RXOK; /* receive status */
1755 p[3] = total_len >> 8;
1758 /* write packet data */
1760 avail = s->stop - index;
1764 memcpy(s->mem + index, buf, len);
1767 if (index == s->stop)
1771 s->curpag = next >> 8;
1773 /* now we can signal we have receive something */
1775 ne2000_update_irq(s);
1778 void ne2000_ioport_write(CPUX86State *env, uint32_t addr, uint32_t val)
1780 NE2000State *s = &ne2000_state;
1785 printf("NE2000: write addr=0x%x val=0x%02x\n", addr, val);
1787 if (addr == E8390_CMD) {
1788 /* control register */
1790 if (val & E8390_START) {
1791 /* test specific case: zero length transfert */
1792 if ((val & (E8390_RREAD | E8390_RWRITE)) &&
1794 s->isr |= ENISR_RDC;
1795 ne2000_update_irq(s);
1797 if (val & E8390_TRANS) {
1798 net_send_packet(s, s->mem + (s->tpsr << 8), s->tcnt);
1799 /* signal end of transfert */
1802 ne2000_update_irq(s);
1807 offset = addr | (page << 4);
1810 s->start = val << 8;
1820 ne2000_update_irq(s);
1826 s->tcnt = (s->tcnt & 0xff00) | val;
1829 s->tcnt = (s->tcnt & 0x00ff) | (val << 8);
1832 s->rsar = (s->rsar & 0xff00) | val;
1835 s->rsar = (s->rsar & 0x00ff) | (val << 8);
1838 s->rcnt = (s->rcnt & 0xff00) | val;
1841 s->rcnt = (s->rcnt & 0x00ff) | (val << 8);
1848 ne2000_update_irq(s);
1850 case EN1_PHYS ... EN1_PHYS + 5:
1851 s->phys[offset - EN1_PHYS] = val;
1856 case EN1_MULT ... EN1_MULT + 7:
1857 s->mult[offset - EN1_MULT] = val;
1863 uint32_t ne2000_ioport_read(CPUX86State *env, uint32_t addr)
1865 NE2000State *s = &ne2000_state;
1866 int offset, page, ret;
1869 if (addr == E8390_CMD) {
1873 offset = addr | (page << 4);
1884 case EN1_PHYS ... EN1_PHYS + 5:
1885 ret = s->phys[offset - EN1_PHYS];
1890 case EN1_MULT ... EN1_MULT + 7:
1891 ret = s->mult[offset - EN1_MULT];
1899 printf("NE2000: read addr=0x%x val=%02x\n", addr, ret);
1904 void ne2000_asic_ioport_write(CPUX86State *env, uint32_t addr, uint32_t val)
1906 NE2000State *s = &ne2000_state;
1910 printf("NE2000: asic write val=0x%04x\n", val);
1912 p = s->mem + s->rsar;
1913 if (s->dcfg & 0x01) {
1926 if (s->rsar == s->stop)
1929 /* signal end of transfert */
1930 s->isr |= ENISR_RDC;
1931 ne2000_update_irq(s);
1935 uint32_t ne2000_asic_ioport_read(CPUX86State *env, uint32_t addr)
1937 NE2000State *s = &ne2000_state;
1941 p = s->mem + s->rsar;
1942 if (s->dcfg & 0x01) {
1944 ret = p[0] | (p[1] << 8);
1954 if (s->rsar == s->stop)
1957 /* signal end of transfert */
1958 s->isr |= ENISR_RDC;
1959 ne2000_update_irq(s);
1962 printf("NE2000: asic read val=0x%04x\n", ret);
1967 void ne2000_reset_ioport_write(CPUX86State *env, uint32_t addr, uint32_t val)
1969 /* nothing to do (end of reset pulse) */
1972 uint32_t ne2000_reset_ioport_read(CPUX86State *env, uint32_t addr)
1978 void ne2000_init(void)
1980 register_ioport_write(NE2000_IOPORT, 16, ne2000_ioport_write, 1);
1981 register_ioport_read(NE2000_IOPORT, 16, ne2000_ioport_read, 1);
1983 register_ioport_write(NE2000_IOPORT + 0x10, 1, ne2000_asic_ioport_write, 1);
1984 register_ioport_read(NE2000_IOPORT + 0x10, 1, ne2000_asic_ioport_read, 1);
1985 register_ioport_write(NE2000_IOPORT + 0x10, 2, ne2000_asic_ioport_write, 2);
1986 register_ioport_read(NE2000_IOPORT + 0x10, 2, ne2000_asic_ioport_read, 2);
1988 register_ioport_write(NE2000_IOPORT + 0x1f, 1, ne2000_reset_ioport_write, 1);
1989 register_ioport_read(NE2000_IOPORT + 0x1f, 1, ne2000_reset_ioport_read, 1);
1993 /***********************************************************/
1994 /* keyboard emulation */
1996 /* Keyboard Controller Commands */
1997 #define KBD_CCMD_READ_MODE 0x20 /* Read mode bits */
1998 #define KBD_CCMD_WRITE_MODE 0x60 /* Write mode bits */
1999 #define KBD_CCMD_GET_VERSION 0xA1 /* Get controller version */
2000 #define KBD_CCMD_MOUSE_DISABLE 0xA7 /* Disable mouse interface */
2001 #define KBD_CCMD_MOUSE_ENABLE 0xA8 /* Enable mouse interface */
2002 #define KBD_CCMD_TEST_MOUSE 0xA9 /* Mouse interface test */
2003 #define KBD_CCMD_SELF_TEST 0xAA /* Controller self test */
2004 #define KBD_CCMD_KBD_TEST 0xAB /* Keyboard interface test */
2005 #define KBD_CCMD_KBD_DISABLE 0xAD /* Keyboard interface disable */
2006 #define KBD_CCMD_KBD_ENABLE 0xAE /* Keyboard interface enable */
2007 #define KBD_CCMD_READ_INPORT 0xC0 /* read input port */
2008 #define KBD_CCMD_READ_OUTPORT 0xD0 /* read output port */
2009 #define KBD_CCMD_WRITE_OUTPORT 0xD1 /* write output port */
2010 #define KBD_CCMD_WRITE_OBUF 0xD2
2011 #define KBD_CCMD_WRITE_AUX_OBUF 0xD3 /* Write to output buffer as if
2012 initiated by the auxiliary device */
2013 #define KBD_CCMD_WRITE_MOUSE 0xD4 /* Write the following byte to the mouse */
2014 #define KBD_CCMD_DISABLE_A20 0xDD /* HP vectra only ? */
2015 #define KBD_CCMD_ENABLE_A20 0xDF /* HP vectra only ? */
2016 #define KBD_CCMD_RESET 0xFE
2018 /* Keyboard Commands */
2019 #define KBD_CMD_SET_LEDS 0xED /* Set keyboard leds */
2020 #define KBD_CMD_ECHO 0xEE
2021 #define KBD_CMD_GET_ID 0xF2 /* get keyboard ID */
2022 #define KBD_CMD_SET_RATE 0xF3 /* Set typematic rate */
2023 #define KBD_CMD_ENABLE 0xF4 /* Enable scanning */
2024 #define KBD_CMD_RESET_DISABLE 0xF5 /* reset and disable scanning */
2025 #define KBD_CMD_RESET_ENABLE 0xF6 /* reset and enable scanning */
2026 #define KBD_CMD_RESET 0xFF /* Reset */
2028 /* Keyboard Replies */
2029 #define KBD_REPLY_POR 0xAA /* Power on reset */
2030 #define KBD_REPLY_ACK 0xFA /* Command ACK */
2031 #define KBD_REPLY_RESEND 0xFE /* Command NACK, send the cmd again */
2033 /* Status Register Bits */
2034 #define KBD_STAT_OBF 0x01 /* Keyboard output buffer full */
2035 #define KBD_STAT_IBF 0x02 /* Keyboard input buffer full */
2036 #define KBD_STAT_SELFTEST 0x04 /* Self test successful */
2037 #define KBD_STAT_CMD 0x08 /* Last write was a command write (0=data) */
2038 #define KBD_STAT_UNLOCKED 0x10 /* Zero if keyboard locked */
2039 #define KBD_STAT_MOUSE_OBF 0x20 /* Mouse output buffer full */
2040 #define KBD_STAT_GTO 0x40 /* General receive/xmit timeout */
2041 #define KBD_STAT_PERR 0x80 /* Parity error */
2043 /* Controller Mode Register Bits */
2044 #define KBD_MODE_KBD_INT 0x01 /* Keyboard data generate IRQ1 */
2045 #define KBD_MODE_MOUSE_INT 0x02 /* Mouse data generate IRQ12 */
2046 #define KBD_MODE_SYS 0x04 /* The system flag (?) */
2047 #define KBD_MODE_NO_KEYLOCK 0x08 /* The keylock doesn't affect the keyboard if set */
2048 #define KBD_MODE_DISABLE_KBD 0x10 /* Disable keyboard interface */
2049 #define KBD_MODE_DISABLE_MOUSE 0x20 /* Disable mouse interface */
2050 #define KBD_MODE_KCC 0x40 /* Scan code conversion to PC format */
2051 #define KBD_MODE_RFU 0x80
2053 /* Mouse Commands */
2054 #define AUX_SET_SCALE11 0xE6 /* Set 1:1 scaling */
2055 #define AUX_SET_SCALE21 0xE7 /* Set 2:1 scaling */
2056 #define AUX_SET_RES 0xE8 /* Set resolution */
2057 #define AUX_GET_SCALE 0xE9 /* Get scaling factor */
2058 #define AUX_SET_STREAM 0xEA /* Set stream mode */
2059 #define AUX_POLL 0xEB /* Poll */
2060 #define AUX_RESET_WRAP 0xEC /* Reset wrap mode */
2061 #define AUX_SET_WRAP 0xEE /* Set wrap mode */
2062 #define AUX_SET_REMOTE 0xF0 /* Set remote mode */
2063 #define AUX_GET_TYPE 0xF2 /* Get type */
2064 #define AUX_SET_SAMPLE 0xF3 /* Set sample rate */
2065 #define AUX_ENABLE_DEV 0xF4 /* Enable aux device */
2066 #define AUX_DISABLE_DEV 0xF5 /* Disable aux device */
2067 #define AUX_SET_DEFAULT 0xF6
2068 #define AUX_RESET 0xFF /* Reset aux device */
2069 #define AUX_ACK 0xFA /* Command byte ACK. */
2071 #define MOUSE_STATUS_REMOTE 0x40
2072 #define MOUSE_STATUS_ENABLED 0x20
2073 #define MOUSE_STATUS_SCALE21 0x10
2075 #define KBD_QUEUE_SIZE 256
2078 uint8_t data[KBD_QUEUE_SIZE];
2079 int rptr, wptr, count;
2082 typedef struct KBDState {
2084 uint8_t write_cmd; /* if non zero, write data to port 60 is expected */
2087 /* keyboard state */
2091 int mouse_write_cmd;
2092 uint8_t mouse_status;
2093 uint8_t mouse_resolution;
2094 uint8_t mouse_sample_rate;
2096 uint8_t mouse_type; /* 0 = PS2, 3 = IMPS/2, 4 = IMEX */
2097 uint8_t mouse_detect_state;
2098 int mouse_dx; /* current values, needed for 'poll' mode */
2101 uint8_t mouse_buttons;
2105 int reset_requested;
2107 /* update irq and KBD_STAT_[MOUSE_]OBF */
2108 /* XXX: not generating the irqs if KBD_MODE_DISABLE_KBD is set may be
2109 incorrect, but it avoids having to simulate exact delays */
2110 static void kbd_update_irq(KBDState *s)
2112 int irq12_level, irq1_level;
2116 s->status &= ~(KBD_STAT_OBF | KBD_STAT_MOUSE_OBF);
2117 if (s->queues[0].count != 0 ||
2118 s->queues[1].count != 0) {
2119 s->status |= KBD_STAT_OBF;
2120 if (s->queues[1].count != 0) {
2121 s->status |= KBD_STAT_MOUSE_OBF;
2122 if (s->mode & KBD_MODE_MOUSE_INT)
2125 if ((s->mode & KBD_MODE_KBD_INT) &&
2126 !(s->mode & KBD_MODE_DISABLE_KBD))
2130 pic_set_irq(1, irq1_level);
2131 pic_set_irq(12, irq12_level);
2134 static void kbd_queue(KBDState *s, int b, int aux)
2136 KBDQueue *q = &kbd_state.queues[aux];
2138 #if defined(DEBUG_MOUSE) || defined(DEBUG_KBD)
2140 printf("mouse event: 0x%02x\n", b);
2143 printf("kbd event: 0x%02x\n", b);
2146 if (q->count >= KBD_QUEUE_SIZE)
2148 q->data[q->wptr] = b;
2149 if (++q->wptr == KBD_QUEUE_SIZE)
2155 void kbd_put_keycode(int keycode)
2157 KBDState *s = &kbd_state;
2158 kbd_queue(s, keycode, 0);
2161 uint32_t kbd_read_status(CPUX86State *env, uint32_t addr)
2163 KBDState *s = &kbd_state;
2166 #if defined(DEBUG_KBD) && 0
2167 printf("kbd: read status=0x%02x\n", val);
2172 void kbd_write_command(CPUX86State *env, uint32_t addr, uint32_t val)
2174 KBDState *s = &kbd_state;
2177 printf("kbd: write cmd=0x%02x\n", val);
2180 case KBD_CCMD_READ_MODE:
2181 kbd_queue(s, s->mode, 0);
2183 case KBD_CCMD_WRITE_MODE:
2184 case KBD_CCMD_WRITE_OBUF:
2185 case KBD_CCMD_WRITE_AUX_OBUF:
2186 case KBD_CCMD_WRITE_MOUSE:
2187 case KBD_CCMD_WRITE_OUTPORT:
2190 case KBD_CCMD_MOUSE_DISABLE:
2191 s->mode |= KBD_MODE_DISABLE_MOUSE;
2193 case KBD_CCMD_MOUSE_ENABLE:
2194 s->mode &= ~KBD_MODE_DISABLE_MOUSE;
2196 case KBD_CCMD_TEST_MOUSE:
2197 kbd_queue(s, 0x00, 0);
2199 case KBD_CCMD_SELF_TEST:
2200 s->status |= KBD_STAT_SELFTEST;
2201 kbd_queue(s, 0x55, 0);
2203 case KBD_CCMD_KBD_TEST:
2204 kbd_queue(s, 0x00, 0);
2206 case KBD_CCMD_KBD_DISABLE:
2207 s->mode |= KBD_MODE_DISABLE_KBD;
2210 case KBD_CCMD_KBD_ENABLE:
2211 s->mode &= ~KBD_MODE_DISABLE_KBD;
2214 case KBD_CCMD_READ_INPORT:
2215 kbd_queue(s, 0x00, 0);
2217 case KBD_CCMD_READ_OUTPORT:
2218 /* XXX: check that */
2219 val = 0x01 | (a20_enabled << 1);
2220 if (s->status & KBD_STAT_OBF)
2222 if (s->status & KBD_STAT_MOUSE_OBF)
2224 kbd_queue(s, val, 0);
2226 case KBD_CCMD_ENABLE_A20:
2227 cpu_x86_set_a20(env, 1);
2229 case KBD_CCMD_DISABLE_A20:
2230 cpu_x86_set_a20(env, 0);
2232 case KBD_CCMD_RESET:
2233 reset_requested = 1;
2234 cpu_x86_interrupt(global_env, CPU_INTERRUPT_EXIT);
2237 /* ignore that - I don't know what is its use */
2240 fprintf(stderr, "qemu: unsupported keyboard cmd=0x%02x\n", val);
2245 uint32_t kbd_read_data(CPUX86State *env, uint32_t addr)
2247 KBDState *s = &kbd_state;
2251 q = &s->queues[0]; /* first check KBD data */
2253 q = &s->queues[1]; /* then check AUX data */
2254 if (q->count == 0) {
2255 /* NOTE: if no data left, we return the last keyboard one
2256 (needed for EMM386) */
2257 /* XXX: need a timer to do things correctly */
2259 index = q->rptr - 1;
2261 index = KBD_QUEUE_SIZE - 1;
2262 val = q->data[index];
2264 val = q->data[q->rptr];
2265 if (++q->rptr == KBD_QUEUE_SIZE)
2268 /* reading deasserts IRQ */
2269 if (q == &s->queues[0])
2274 /* reassert IRQs if data left */
2277 printf("kbd: read data=0x%02x\n", val);
2282 static void kbd_reset_keyboard(KBDState *s)
2284 s->scan_enabled = 1;
2287 static void kbd_write_keyboard(KBDState *s, int val)
2289 switch(s->kbd_write_cmd) {
2294 kbd_queue(s, KBD_REPLY_ACK, 0);
2297 kbd_queue(s, KBD_REPLY_RESEND, 0);
2299 case KBD_CMD_GET_ID:
2300 kbd_queue(s, KBD_REPLY_ACK, 0);
2301 kbd_queue(s, 0xab, 0);
2302 kbd_queue(s, 0x83, 0);
2305 kbd_queue(s, KBD_CMD_ECHO, 0);
2307 case KBD_CMD_ENABLE:
2308 s->scan_enabled = 1;
2309 kbd_queue(s, KBD_REPLY_ACK, 0);
2311 case KBD_CMD_SET_LEDS:
2312 case KBD_CMD_SET_RATE:
2313 s->kbd_write_cmd = val;
2314 kbd_queue(s, KBD_REPLY_ACK, 0);
2316 case KBD_CMD_RESET_DISABLE:
2317 kbd_reset_keyboard(s);
2318 s->scan_enabled = 0;
2319 kbd_queue(s, KBD_REPLY_ACK, 0);
2321 case KBD_CMD_RESET_ENABLE:
2322 kbd_reset_keyboard(s);
2323 s->scan_enabled = 1;
2324 kbd_queue(s, KBD_REPLY_ACK, 0);
2327 kbd_reset_keyboard(s);
2328 kbd_queue(s, KBD_REPLY_ACK, 0);
2329 kbd_queue(s, KBD_REPLY_POR, 0);
2332 kbd_queue(s, KBD_REPLY_ACK, 0);
2336 case KBD_CMD_SET_LEDS:
2337 kbd_queue(s, KBD_REPLY_ACK, 0);
2338 s->kbd_write_cmd = -1;
2340 case KBD_CMD_SET_RATE:
2341 kbd_queue(s, KBD_REPLY_ACK, 0);
2342 s->kbd_write_cmd = -1;
2347 static void kbd_mouse_send_packet(KBDState *s)
2355 /* XXX: increase range to 8 bits ? */
2358 else if (dx1 < -127)
2362 else if (dy1 < -127)
2364 b = 0x08 | ((dx1 < 0) << 4) | ((dy1 < 0) << 5) | (s->mouse_buttons & 0x07);
2366 kbd_queue(s, dx1 & 0xff, 1);
2367 kbd_queue(s, dy1 & 0xff, 1);
2368 /* extra byte for IMPS/2 or IMEX */
2369 switch(s->mouse_type) {
2375 else if (dz1 < -127)
2377 kbd_queue(s, dz1 & 0xff, 1);
2384 b = (dz1 & 0x0f) | ((s->mouse_buttons & 0x18) << 1);
2395 void kbd_mouse_event(int dx, int dy, int dz, int buttons_state)
2397 KBDState *s = &kbd_state;
2399 /* check if deltas are recorded when disabled */
2400 if (!(s->mouse_status & MOUSE_STATUS_ENABLED))
2406 s->mouse_buttons = buttons_state;
2408 if (!(s->mouse_status & MOUSE_STATUS_REMOTE) &&
2409 (s->queues[1].count < (KBD_QUEUE_SIZE - 16))) {
2411 /* if not remote, send event. Multiple events are sent if
2413 kbd_mouse_send_packet(s);
2414 if (s->mouse_dx == 0 && s->mouse_dy == 0 && s->mouse_dz == 0)
2420 static void kbd_write_mouse(KBDState *s, int val)
2423 printf("kbd: write mouse 0x%02x\n", val);
2425 switch(s->mouse_write_cmd) {
2429 if (s->mouse_wrap) {
2430 if (val == AUX_RESET_WRAP) {
2432 kbd_queue(s, AUX_ACK, 1);
2434 } else if (val != AUX_RESET) {
2435 kbd_queue(s, val, 1);
2440 case AUX_SET_SCALE11:
2441 s->mouse_status &= ~MOUSE_STATUS_SCALE21;
2442 kbd_queue(s, AUX_ACK, 1);
2444 case AUX_SET_SCALE21:
2445 s->mouse_status |= MOUSE_STATUS_SCALE21;
2446 kbd_queue(s, AUX_ACK, 1);
2448 case AUX_SET_STREAM:
2449 s->mouse_status &= ~MOUSE_STATUS_REMOTE;
2450 kbd_queue(s, AUX_ACK, 1);
2454 kbd_queue(s, AUX_ACK, 1);
2456 case AUX_SET_REMOTE:
2457 s->mouse_status |= MOUSE_STATUS_REMOTE;
2458 kbd_queue(s, AUX_ACK, 1);
2461 kbd_queue(s, AUX_ACK, 1);
2462 kbd_queue(s, s->mouse_type, 1);
2465 case AUX_SET_SAMPLE:
2466 s->mouse_write_cmd = val;
2467 kbd_queue(s, AUX_ACK, 1);
2470 kbd_queue(s, AUX_ACK, 1);
2471 kbd_queue(s, s->mouse_status, 1);
2472 kbd_queue(s, s->mouse_resolution, 1);
2473 kbd_queue(s, s->mouse_sample_rate, 1);
2476 kbd_queue(s, AUX_ACK, 1);
2477 kbd_mouse_send_packet(s);
2479 case AUX_ENABLE_DEV:
2480 s->mouse_status |= MOUSE_STATUS_ENABLED;
2481 kbd_queue(s, AUX_ACK, 1);
2483 case AUX_DISABLE_DEV:
2484 s->mouse_status &= ~MOUSE_STATUS_ENABLED;
2485 kbd_queue(s, AUX_ACK, 1);
2487 case AUX_SET_DEFAULT:
2488 s->mouse_sample_rate = 100;
2489 s->mouse_resolution = 2;
2490 s->mouse_status = 0;
2491 kbd_queue(s, AUX_ACK, 1);
2494 s->mouse_sample_rate = 100;
2495 s->mouse_resolution = 2;
2496 s->mouse_status = 0;
2497 kbd_queue(s, AUX_ACK, 1);
2498 kbd_queue(s, 0xaa, 1);
2499 kbd_queue(s, s->mouse_type, 1);
2505 case AUX_SET_SAMPLE:
2506 s->mouse_sample_rate = val;
2508 /* detect IMPS/2 or IMEX */
2509 switch(s->mouse_detect_state) {
2513 s->mouse_detect_state = 1;
2517 s->mouse_detect_state = 2;
2518 else if (val == 200)
2519 s->mouse_detect_state = 3;
2521 s->mouse_detect_state = 0;
2525 s->mouse_type = 3; /* IMPS/2 */
2526 s->mouse_detect_state = 0;
2530 s->mouse_type = 4; /* IMEX */
2531 s->mouse_detect_state = 0;
2535 kbd_queue(s, AUX_ACK, 1);
2536 s->mouse_write_cmd = -1;
2539 s->mouse_resolution = val;
2540 kbd_queue(s, AUX_ACK, 1);
2541 s->mouse_write_cmd = -1;
2546 void kbd_write_data(CPUX86State *env, uint32_t addr, uint32_t val)
2548 KBDState *s = &kbd_state;
2551 printf("kbd: write data=0x%02x\n", val);
2554 switch(s->write_cmd) {
2556 kbd_write_keyboard(s, val);
2558 case KBD_CCMD_WRITE_MODE:
2562 case KBD_CCMD_WRITE_OBUF:
2563 kbd_queue(s, val, 0);
2565 case KBD_CCMD_WRITE_AUX_OBUF:
2566 kbd_queue(s, val, 1);
2568 case KBD_CCMD_WRITE_OUTPORT:
2569 cpu_x86_set_a20(env, (val >> 1) & 1);
2571 reset_requested = 1;
2572 cpu_x86_interrupt(global_env, CPU_INTERRUPT_EXIT);
2575 case KBD_CCMD_WRITE_MOUSE:
2576 kbd_write_mouse(s, val);
2584 void kbd_reset(KBDState *s)
2589 s->kbd_write_cmd = -1;
2590 s->mouse_write_cmd = -1;
2591 s->mode = KBD_MODE_KBD_INT | KBD_MODE_MOUSE_INT;
2592 s->status = KBD_STAT_CMD | KBD_STAT_UNLOCKED;
2593 for(i = 0; i < 2; i++) {
2603 kbd_reset(&kbd_state);
2604 register_ioport_read(0x60, 1, kbd_read_data, 1);
2605 register_ioport_write(0x60, 1, kbd_write_data, 1);
2606 register_ioport_read(0x64, 1, kbd_read_status, 1);
2607 register_ioport_write(0x64, 1, kbd_write_command, 1);
2610 /***********************************************************/
2611 /* Bochs BIOS debug ports */
2613 void bochs_bios_write(CPUX86State *env, uint32_t addr, uint32_t val)
2616 /* Bochs BIOS messages */
2619 fprintf(stderr, "BIOS panic at rombios.c, line %d\n", val);
2624 fprintf(stderr, "%c", val);
2628 /* LGPL'ed VGA BIOS messages */
2631 fprintf(stderr, "VGA BIOS panic, line %d\n", val);
2636 fprintf(stderr, "%c", val);
2642 void bochs_bios_init(void)
2644 register_ioport_write(0x400, 1, bochs_bios_write, 2);
2645 register_ioport_write(0x401, 1, bochs_bios_write, 2);
2646 register_ioport_write(0x402, 1, bochs_bios_write, 1);
2647 register_ioport_write(0x403, 1, bochs_bios_write, 1);
2649 register_ioport_write(0x501, 1, bochs_bios_write, 2);
2650 register_ioport_write(0x502, 1, bochs_bios_write, 2);
2651 register_ioport_write(0x500, 1, bochs_bios_write, 1);
2652 register_ioport_write(0x503, 1, bochs_bios_write, 1);
2655 /***********************************************************/
2658 /* init terminal so that we can grab keys */
2659 static struct termios oldtty;
2661 static void term_exit(void)
2663 tcsetattr (0, TCSANOW, &oldtty);
2666 static void term_init(void)
2670 tcgetattr (0, &tty);
2673 tty.c_iflag &= ~(IGNBRK|BRKINT|PARMRK|ISTRIP
2674 |INLCR|IGNCR|ICRNL|IXON);
2675 tty.c_oflag |= OPOST;
2676 tty.c_lflag &= ~(ECHO|ECHONL|ICANON|IEXTEN);
2677 /* if graphical mode, we allow Ctrl-C handling */
2679 tty.c_lflag &= ~ISIG;
2680 tty.c_cflag &= ~(CSIZE|PARENB);
2683 tty.c_cc[VTIME] = 0;
2685 tcsetattr (0, TCSANOW, &tty);
2689 fcntl(0, F_SETFL, O_NONBLOCK);
2692 static void dumb_update(DisplayState *ds, int x, int y, int w, int h)
2696 static void dumb_resize(DisplayState *ds, int w, int h)
2700 static void dumb_refresh(DisplayState *ds)
2702 vga_update_display();
2705 void dumb_display_init(DisplayState *ds)
2710 ds->dpy_update = dumb_update;
2711 ds->dpy_resize = dumb_resize;
2712 ds->dpy_refresh = dumb_refresh;
2715 #if !defined(CONFIG_SOFTMMU)
2716 /***********************************************************/
2717 /* cpu signal handler */
2718 static void host_segv_handler(int host_signum, siginfo_t *info,
2721 if (cpu_signal_handler(host_signum, info, puc))
2728 static int timer_irq_pending;
2729 static int timer_irq_count;
2731 static int timer_ms;
2732 static int gui_refresh_pending, gui_refresh_count;
2734 static void host_alarm_handler(int host_signum, siginfo_t *info,
2737 /* NOTE: since usually the OS asks a 100 Hz clock, there can be
2738 some drift between cpu_get_ticks() and the interrupt time. So
2739 we queue some interrupts to avoid missing some */
2740 timer_irq_count += pit_get_out_edges(&pit_channels[0]);
2741 if (timer_irq_count) {
2742 if (timer_irq_count > 2)
2743 timer_irq_count = 2;
2745 timer_irq_pending = 1;
2747 gui_refresh_count += timer_ms;
2748 if (gui_refresh_count >= GUI_REFRESH_INTERVAL) {
2749 gui_refresh_count = 0;
2750 gui_refresh_pending = 1;
2753 /* XXX: seems dangerous to run that here. */
2757 if (gui_refresh_pending || timer_irq_pending) {
2758 /* just exit from the cpu to have a chance to handle timers */
2759 cpu_x86_interrupt(global_env, CPU_INTERRUPT_EXIT);
2763 #ifdef CONFIG_SOFTMMU
2764 void *get_mmap_addr(unsigned long size)
2769 unsigned long mmap_addr = PHYS_RAM_BASE;
2771 void *get_mmap_addr(unsigned long size)
2775 mmap_addr += ((size + 4095) & ~4095) + 4096;
2776 return (void *)addr;
2780 /* main execution loop */
2782 CPUState *cpu_gdbstub_get_env(void *opaque)
2787 int main_loop(void *opaque)
2789 struct pollfd ufds[3], *pf, *serial_ufd, *net_ufd, *gdb_ufd;
2790 int ret, n, timeout, serial_ok;
2792 CPUState *env = global_env;
2795 /* initialize terminal only there so that the user has a
2796 chance to stop QEMU with Ctrl-C before the gdb connection
2805 ret = cpu_x86_exec(env);
2806 if (reset_requested) {
2807 ret = EXCP_INTERRUPT;
2810 if (ret == EXCP_DEBUG) {
2814 /* if hlt instruction, we wait until the next IRQ */
2815 if (ret == EXCP_HLT)
2819 /* poll any events */
2822 if (serial_ok && !(serial_ports[0].lsr & UART_LSR_DR)) {
2825 pf->events = POLLIN;
2829 if (net_fd > 0 && ne2000_can_receive(&ne2000_state)) {
2832 pf->events = POLLIN;
2836 if (gdbstub_fd > 0) {
2838 pf->fd = gdbstub_fd;
2839 pf->events = POLLIN;
2843 ret = poll(ufds, pf - ufds, timeout);
2845 if (serial_ufd && (serial_ufd->revents & POLLIN)) {
2846 n = read(0, &ch, 1);
2848 serial_received_byte(&serial_ports[0], ch);
2850 /* Closed, stop polling. */
2854 if (net_ufd && (net_ufd->revents & POLLIN)) {
2855 uint8_t buf[MAX_ETH_FRAME_SIZE];
2857 n = read(net_fd, buf, MAX_ETH_FRAME_SIZE);
2860 memset(buf + n, 0, 60 - n);
2863 ne2000_receive(&ne2000_state, buf, n);
2866 if (gdb_ufd && (gdb_ufd->revents & POLLIN)) {
2868 /* stop emulation if requested by gdb */
2869 n = read(gdbstub_fd, buf, 1);
2871 ret = EXCP_INTERRUPT;
2878 if (timer_irq_pending) {
2881 timer_irq_pending = 0;
2883 if (cmos_data[RTC_REG_B] & 0x50) {
2889 if (gui_refresh_pending) {
2890 display_state.dpy_refresh(&display_state);
2891 gui_refresh_pending = 0;
2894 cpu_disable_ticks();
2900 printf("QEMU PC emulator version " QEMU_VERSION ", Copyright (c) 2003 Fabrice Bellard\n"
2901 "usage: %s [options] [disk_image]\n"
2903 "'disk_image' is a raw hard image image for IDE hard disk 0\n"
2905 "Standard options:\n"
2906 "-hda/-hdb file use 'file' as IDE hard disk 0/1 image\n"
2907 "-hdc/-hdd file use 'file' as IDE hard disk 2/3 image\n"
2908 "-cdrom file use 'file' as IDE cdrom 2 image\n"
2909 "-boot [c|d] boot on hard disk (c) or CD-ROM (d)\n"
2910 "-snapshot write to temporary files instead of disk image files\n"
2911 "-m megs set virtual RAM size to megs MB\n"
2912 "-n script set network init script [default=%s]\n"
2913 "-tun-fd fd this fd talks to tap/tun, use it.\n"
2914 "-nographic disable graphical output\n"
2916 "Linux boot specific (does not require PC BIOS):\n"
2917 "-kernel bzImage use 'bzImage' as kernel image\n"
2918 "-append cmdline use 'cmdline' as kernel command line\n"
2919 "-initrd file use 'file' as initial ram disk\n"
2921 "Debug/Expert options:\n"
2922 "-s wait gdb connection to port %d\n"
2923 "-p port change gdb connection port\n"
2924 "-d output log in /tmp/vl.log\n"
2925 "-hdachs c,h,s force hard disk 0 geometry (usually qemu can guess it)\n"
2926 "-L path set the directory for the BIOS and VGA BIOS\n"
2928 "During emulation, use C-a h to get terminal commands:\n",
2929 #ifdef CONFIG_SOFTMMU
2934 DEFAULT_NETWORK_SCRIPT,
2935 DEFAULT_GDBSTUB_PORT);
2937 #ifndef CONFIG_SOFTMMU
2939 "NOTE: this version of QEMU is faster but it needs slightly patched OSes to\n"
2940 "work. Please use the 'qemu' executable to have a more accurate (but slower)\n"
2946 struct option long_options[] = {
2947 { "initrd", 1, NULL, 0, },
2948 { "hda", 1, NULL, 0, },
2949 { "hdb", 1, NULL, 0, },
2950 { "snapshot", 0, NULL, 0, },
2951 { "hdachs", 1, NULL, 0, },
2952 { "nographic", 0, NULL, 0, },
2953 { "kernel", 1, NULL, 0, },
2954 { "append", 1, NULL, 0, },
2955 { "tun-fd", 1, NULL, 0, },
2956 { "hdc", 1, NULL, 0, },
2957 { "hdd", 1, NULL, 0, },
2958 { "cdrom", 1, NULL, 0, },
2959 { "boot", 1, NULL, 0, },
2960 { NULL, 0, NULL, 0 },
2964 /* SDL use the pthreads and they modify sigaction. We don't
2966 #if __GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 2)
2967 extern void __libc_sigaction();
2968 #define sigaction(sig, act, oact) __libc_sigaction(sig, act, oact)
2970 extern void __sigaction();
2971 #define sigaction(sig, act, oact) __sigaction(sig, act, oact)
2973 #endif /* CONFIG_SDL */
2975 int main(int argc, char **argv)
2977 int c, ret, initrd_size, i, use_gdbstub, gdbstub_port, long_index;
2978 int snapshot, linux_boot, total_ram_size;
2979 struct linux_params *params;
2980 struct sigaction act;
2981 struct itimerval itv;
2983 const char *initrd_filename;
2984 const char *hd_filename[MAX_DISKS];
2985 const char *kernel_filename, *kernel_cmdline;
2986 DisplayState *ds = &display_state;
2988 /* we never want that malloc() uses mmap() */
2989 mallopt(M_MMAP_THRESHOLD, 4096 * 1024);
2990 initrd_filename = NULL;
2991 for(i = 0; i < MAX_DISKS; i++)
2992 hd_filename[i] = NULL;
2993 phys_ram_size = 32 * 1024 * 1024;
2994 vga_ram_size = VGA_RAM_SIZE;
2995 pstrcpy(network_script, sizeof(network_script), DEFAULT_NETWORK_SCRIPT);
2997 gdbstub_port = DEFAULT_GDBSTUB_PORT;
3000 kernel_filename = NULL;
3001 kernel_cmdline = "";
3003 c = getopt_long_only(argc, argv, "hm:dn:sp:L:", long_options, &long_index);
3008 switch(long_index) {
3010 initrd_filename = optarg;
3013 hd_filename[0] = optarg;
3016 hd_filename[1] = optarg;
3023 int cyls, heads, secs;
3026 cyls = strtol(p, (char **)&p, 0);
3030 heads = strtol(p, (char **)&p, 0);
3034 secs = strtol(p, (char **)&p, 0);
3037 ide_set_geometry(0, cyls, heads, secs);
3045 kernel_filename = optarg;
3048 kernel_cmdline = optarg;
3051 net_fd = atoi(optarg);
3054 hd_filename[2] = optarg;
3057 hd_filename[3] = optarg;
3060 hd_filename[2] = optarg;
3061 ide_set_cdrom(2, 1);
3064 boot_device = optarg[0];
3065 if (boot_device != 'c' && boot_device != 'd') {
3066 fprintf(stderr, "qemu: invalid boot device '%c'\n", boot_device);
3076 phys_ram_size = atoi(optarg) * 1024 * 1024;
3077 if (phys_ram_size <= 0)
3079 if (phys_ram_size > PHYS_RAM_MAX_SIZE) {
3080 fprintf(stderr, "qemu: at most %d MB RAM can be simulated\n",
3081 PHYS_RAM_MAX_SIZE / (1024 * 1024));
3086 cpu_set_log(CPU_LOG_ALL);
3089 pstrcpy(network_script, sizeof(network_script), optarg);
3095 gdbstub_port = atoi(optarg);
3103 if (optind < argc) {
3104 hd_filename[0] = argv[optind++];
3107 linux_boot = (kernel_filename != NULL);
3109 if (!linux_boot && hd_filename[0] == '\0' && hd_filename[2] == '\0')
3112 /* boot to cd by default if no hard disk */
3113 if (hd_filename[0] == '\0' && boot_device == 'c')
3116 #if !defined(CONFIG_SOFTMMU)
3117 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
3119 static uint8_t stdout_buf[4096];
3120 setvbuf(stdout, stdout_buf, _IOLBF, sizeof(stdout_buf));
3123 setvbuf(stdout, NULL, _IOLBF, 0);
3126 /* init network tun interface */
3130 /* init the memory */
3131 total_ram_size = phys_ram_size + vga_ram_size;
3133 #ifdef CONFIG_SOFTMMU
3134 phys_ram_base = malloc(total_ram_size);
3135 if (!phys_ram_base) {
3136 fprintf(stderr, "Could not allocate physical memory\n");
3140 /* as we must map the same page at several addresses, we must use
3145 tmpdir = getenv("QEMU_TMPDIR");
3148 snprintf(phys_ram_file, sizeof(phys_ram_file), "%s/vlXXXXXX", tmpdir);
3149 if (mkstemp(phys_ram_file) < 0) {
3150 fprintf(stderr, "Could not create temporary memory file '%s'\n",
3154 phys_ram_fd = open(phys_ram_file, O_CREAT | O_TRUNC | O_RDWR, 0600);
3155 if (phys_ram_fd < 0) {
3156 fprintf(stderr, "Could not open temporary memory file '%s'\n",
3160 ftruncate(phys_ram_fd, total_ram_size);
3161 unlink(phys_ram_file);
3162 phys_ram_base = mmap(get_mmap_addr(total_ram_size),
3164 PROT_WRITE | PROT_READ, MAP_SHARED | MAP_FIXED,
3166 if (phys_ram_base == MAP_FAILED) {
3167 fprintf(stderr, "Could not map physical memory\n");
3173 /* open the virtual block devices */
3174 for(i = 0; i < MAX_DISKS; i++) {
3175 if (hd_filename[i]) {
3176 bs_table[i] = bdrv_open(hd_filename[i], snapshot);
3178 fprintf(stderr, "qemu: could not open hard disk image '%s\n",
3185 /* init CPU state */
3188 cpu_single_env = env;
3193 cpu_register_physical_memory(0, phys_ram_size, 0);
3196 /* now we can load the kernel */
3197 ret = load_kernel(kernel_filename, phys_ram_base + KERNEL_LOAD_ADDR);
3199 fprintf(stderr, "qemu: could not load kernel '%s'\n",
3206 if (initrd_filename) {
3207 initrd_size = load_image(initrd_filename, phys_ram_base + INITRD_LOAD_ADDR);
3208 if (initrd_size < 0) {
3209 fprintf(stderr, "qemu: could not load initial ram disk '%s'\n",
3215 /* init kernel params */
3216 params = (void *)(phys_ram_base + KERNEL_PARAMS_ADDR);
3217 memset(params, 0, sizeof(struct linux_params));
3218 params->mount_root_rdonly = 0;
3219 stw_raw(¶ms->cl_magic, 0xA33F);
3220 stw_raw(¶ms->cl_offset, params->commandline - (uint8_t *)params);
3221 stl_raw(¶ms->alt_mem_k, (phys_ram_size / 1024) - 1024);
3222 pstrcat(params->commandline, sizeof(params->commandline), kernel_cmdline);
3223 params->loader_type = 0x01;
3224 if (initrd_size > 0) {
3225 stl_raw(¶ms->initrd_start, INITRD_LOAD_ADDR);
3226 stl_raw(¶ms->initrd_size, initrd_size);
3228 params->orig_video_lines = 25;
3229 params->orig_video_cols = 80;
3231 /* setup basic memory access */
3232 env->cr[0] = 0x00000033;
3233 env->hflags |= HF_PE_MASK;
3234 cpu_x86_init_mmu(env);
3236 memset(params->idt_table, 0, sizeof(params->idt_table));
3238 stq_raw(¶ms->gdt_table[2], 0x00cf9a000000ffffLL); /* KERNEL_CS */
3239 stq_raw(¶ms->gdt_table[3], 0x00cf92000000ffffLL); /* KERNEL_DS */
3240 /* for newer kernels (2.6.0) CS/DS are at different addresses */
3241 stq_raw(¶ms->gdt_table[12], 0x00cf9a000000ffffLL); /* KERNEL_CS */
3242 stq_raw(¶ms->gdt_table[13], 0x00cf92000000ffffLL); /* KERNEL_DS */
3244 env->idt.base = (void *)((uint8_t *)params->idt_table - phys_ram_base);
3245 env->idt.limit = sizeof(params->idt_table) - 1;
3246 env->gdt.base = (void *)((uint8_t *)params->gdt_table - phys_ram_base);
3247 env->gdt.limit = sizeof(params->gdt_table) - 1;
3249 cpu_x86_load_seg_cache(env, R_CS, KERNEL_CS, NULL, 0xffffffff, 0x00cf9a00);
3250 cpu_x86_load_seg_cache(env, R_DS, KERNEL_DS, NULL, 0xffffffff, 0x00cf9200);
3251 cpu_x86_load_seg_cache(env, R_ES, KERNEL_DS, NULL, 0xffffffff, 0x00cf9200);
3252 cpu_x86_load_seg_cache(env, R_SS, KERNEL_DS, NULL, 0xffffffff, 0x00cf9200);
3253 cpu_x86_load_seg_cache(env, R_FS, KERNEL_DS, NULL, 0xffffffff, 0x00cf9200);
3254 cpu_x86_load_seg_cache(env, R_GS, KERNEL_DS, NULL, 0xffffffff, 0x00cf9200);
3256 env->eip = KERNEL_LOAD_ADDR;
3257 env->regs[R_ESI] = KERNEL_PARAMS_ADDR;
3266 snprintf(buf, sizeof(buf), "%s/%s", bios_dir, BIOS_FILENAME);
3267 ret = load_image(buf, phys_ram_base + 0x000f0000);
3268 if (ret != 0x10000) {
3269 fprintf(stderr, "qemu: could not load PC bios '%s'\n", buf);
3274 snprintf(buf, sizeof(buf), "%s/%s", bios_dir, VGABIOS_FILENAME);
3275 ret = load_image(buf, phys_ram_base + 0x000c0000);
3277 /* setup basic memory access */
3278 env->cr[0] = 0x60000010;
3279 cpu_x86_init_mmu(env);
3281 cpu_register_physical_memory(0xc0000, 0x10000, 0xc0000 | IO_MEM_ROM);
3282 cpu_register_physical_memory(0xf0000, 0x10000, 0xf0000 | IO_MEM_ROM);
3284 env->idt.limit = 0xffff;
3285 env->gdt.limit = 0xffff;
3286 env->ldt.limit = 0xffff;
3287 env->ldt.flags = DESC_P_MASK;
3288 env->tr.limit = 0xffff;
3289 env->tr.flags = DESC_P_MASK;
3291 /* not correct (CS base=0xffff0000) */
3292 cpu_x86_load_seg_cache(env, R_CS, 0xf000, (uint8_t *)0x000f0000, 0xffff, 0);
3293 cpu_x86_load_seg_cache(env, R_DS, 0, NULL, 0xffff, 0);
3294 cpu_x86_load_seg_cache(env, R_ES, 0, NULL, 0xffff, 0);
3295 cpu_x86_load_seg_cache(env, R_SS, 0, NULL, 0xffff, 0);
3296 cpu_x86_load_seg_cache(env, R_FS, 0, NULL, 0xffff, 0);
3297 cpu_x86_load_seg_cache(env, R_GS, 0, NULL, 0xffff, 0);
3300 env->regs[R_EDX] = 0x600; /* indicate P6 processor */
3309 dumb_display_init(ds);
3312 sdl_display_init(ds);
3314 dumb_display_init(ds);
3317 /* init basic PC hardware */
3318 register_ioport_write(0x80, 1, ioport80_write, 1);
3320 vga_init(ds, phys_ram_base + phys_ram_size, phys_ram_size,
3333 /* setup cpu signal handlers for MMU / self modifying code handling */
3334 sigfillset(&act.sa_mask);
3335 act.sa_flags = SA_SIGINFO;
3336 #if !defined(CONFIG_SOFTMMU)
3337 act.sa_sigaction = host_segv_handler;
3338 sigaction(SIGSEGV, &act, NULL);
3339 sigaction(SIGBUS, &act, NULL);
3342 act.sa_sigaction = host_alarm_handler;
3343 sigaction(SIGALRM, &act, NULL);
3345 itv.it_interval.tv_sec = 0;
3346 itv.it_interval.tv_usec = 1000;
3347 itv.it_value.tv_sec = 0;
3348 itv.it_value.tv_usec = 10 * 1000;
3349 setitimer(ITIMER_REAL, &itv, NULL);
3350 /* we probe the tick duration of the kernel to inform the user if
3351 the emulated kernel requested a too high timer frequency */
3352 getitimer(ITIMER_REAL, &itv);
3353 timer_ms = itv.it_interval.tv_usec / 1000;
3354 pit_min_timer_count = ((uint64_t)itv.it_interval.tv_usec * PIT_FREQ) /
3358 cpu_gdbstub(NULL, main_loop, gdbstub_port);
projects / qemu / blob