2 * ARM Integrator CP System emulation.
4 * Copyright (c) 2005 CodeSourcery, LLC.
5 * Written by Paul Brook
7 * This code is licenced under the GPL
12 #define KERNEL_ARGS_ADDR 0x100
13 #define KERNEL_LOAD_ADDR 0x00010000
14 #define INITRD_LOAD_ADDR 0x00800000
16 /* Stub functions for hardware that doesn't exist. */
17 void pic_set_irq(int irq, int level)
19 cpu_abort (cpu_single_env, "pic_set_irq");
30 void vga_update_display(void)
34 void vga_screen_dump(const char *filename)
38 void vga_invalidate_display(void)
47 uint32_t flash_offset;
61 static uint8_t integrator_spd[128] = {
62 128, 8, 4, 11, 9, 1, 64, 0, 2, 0xa0, 0xa0, 0, 0, 8, 0, 1,
63 0xe, 4, 0x1c, 1, 2, 0x20, 0xc0, 0, 0, 0, 0, 0x30, 0x28, 0x30, 0x28, 0x40
66 static uint32_t integratorcm_read(void *opaque, target_phys_addr_t offset)
68 integratorcm_state *s = (integratorcm_state *)opaque;
70 if (offset >= 0x100 && offset < 0x200) {
74 return integrator_spd[offset >> 2];
76 switch (offset >> 2) {
88 if (s->cm_lock == 0xa05f) {
93 case 6: /* CM_LMBUSCNT */
94 /* ??? High frequency timer. */
95 cpu_abort(cpu_single_env, "integratorcm_read: CM_LMBUSCNT");
96 case 7: /* CM_AUXOSC */
98 case 8: /* CM_SDRAM */
100 case 9: /* CM_INIT */
102 case 10: /* CM_REFCT */
103 /* ??? High frequency timer. */
104 cpu_abort(cpu_single_env, "integratorcm_read: CM_REFCT");
105 case 12: /* CM_FLAGS */
107 case 14: /* CM_NVFLAGS */
108 return s->cm_nvflags;
109 case 16: /* CM_IRQ_STAT */
110 return s->int_level & s->irq_enabled;
111 case 17: /* CM_IRQ_RSTAT */
113 case 18: /* CM_IRQ_ENSET */
114 return s->irq_enabled;
115 case 20: /* CM_SOFT_INTSET */
116 return s->int_level & 1;
117 case 24: /* CM_FIQ_STAT */
118 return s->int_level & s->fiq_enabled;
119 case 25: /* CM_FIQ_RSTAT */
121 case 26: /* CM_FIQ_ENSET */
122 return s->fiq_enabled;
123 case 32: /* CM_VOLTAGE_CTL0 */
124 case 33: /* CM_VOLTAGE_CTL1 */
125 case 34: /* CM_VOLTAGE_CTL2 */
126 case 35: /* CM_VOLTAGE_CTL3 */
127 /* ??? Voltage control unimplemented. */
130 cpu_abort (cpu_single_env,
131 "integratorcm_read: Unimplemented offset 0x%x\n", offset);
136 static void integratorcm_do_remap(integratorcm_state *s, int flash)
139 cpu_register_physical_memory(0, 0x100000, IO_MEM_RAM);
141 cpu_register_physical_memory(0, 0x100000, s->flash_offset | IO_MEM_RAM);
143 //??? tlb_flush (cpu_single_env, 1);
146 static void integratorcm_set_ctrl(integratorcm_state *s, uint32_t value)
149 cpu_abort(cpu_single_env, "Board reset\n");
151 if ((s->cm_init ^ value) & 4) {
152 integratorcm_do_remap(s, (value & 4) == 0);
154 if ((s->cm_init ^ value) & 1) {
155 printf("Green LED %s\n", (value & 1) ? "on" : "off");
157 s->cm_init = (s->cm_init & ~ 5) | (value ^ 5);
160 static void integratorcm_update(integratorcm_state *s)
162 /* ??? The CPU irq/fiq is raised when either the core module or base PIC
164 if (s->int_level & (s->irq_enabled | s->fiq_enabled))
165 cpu_abort(cpu_single_env, "Core module interrupt\n");
168 static void integratorcm_write(void *opaque, target_phys_addr_t offset,
171 integratorcm_state *s = (integratorcm_state *)opaque;
172 offset -= 0x10000000;
173 switch (offset >> 2) {
175 if (s->cm_lock == 0xa05f)
178 case 3: /* CM_CTRL */
179 integratorcm_set_ctrl(s, value);
181 case 5: /* CM_LOCK */
182 s->cm_lock = value & 0xffff;
184 case 7: /* CM_AUXOSC */
185 if (s->cm_lock == 0xa05f)
186 s->cm_auxosc = value;
188 case 8: /* CM_SDRAM */
191 case 9: /* CM_INIT */
192 /* ??? This can change the memory bus frequency. */
195 case 12: /* CM_FLAGSS */
196 s->cm_flags |= value;
198 case 13: /* CM_FLAGSC */
199 s->cm_flags &= ~value;
201 case 14: /* CM_NVFLAGSS */
202 s->cm_nvflags |= value;
204 case 15: /* CM_NVFLAGSS */
205 s->cm_nvflags &= ~value;
207 case 18: /* CM_IRQ_ENSET */
208 s->irq_enabled |= value;
209 integratorcm_update(s);
211 case 19: /* CM_IRQ_ENCLR */
212 s->irq_enabled &= ~value;
213 integratorcm_update(s);
215 case 20: /* CM_SOFT_INTSET */
216 s->int_level |= (value & 1);
217 integratorcm_update(s);
219 case 21: /* CM_SOFT_INTCLR */
220 s->int_level &= ~(value & 1);
221 integratorcm_update(s);
223 case 26: /* CM_FIQ_ENSET */
224 s->fiq_enabled |= value;
225 integratorcm_update(s);
227 case 27: /* CM_FIQ_ENCLR */
228 s->fiq_enabled &= ~value;
229 integratorcm_update(s);
231 case 32: /* CM_VOLTAGE_CTL0 */
232 case 33: /* CM_VOLTAGE_CTL1 */
233 case 34: /* CM_VOLTAGE_CTL2 */
234 case 35: /* CM_VOLTAGE_CTL3 */
235 /* ??? Voltage control unimplemented. */
238 cpu_abort (cpu_single_env,
239 "integratorcm_write: Unimplemented offset 0x%x\n", offset);
244 /* Integrator/CM control registers. */
246 static CPUReadMemoryFunc *integratorcm_readfn[] = {
252 static CPUWriteMemoryFunc *integratorcm_writefn[] = {
258 static void integratorcm_init(int memsz, uint32_t flash_offset)
261 integratorcm_state *s;
263 s = (integratorcm_state *)qemu_mallocz(sizeof(integratorcm_state));
264 s->cm_osc = 0x01000048;
265 /* ??? What should the high bits of this value be? */
266 s->cm_auxosc = 0x0007feff;
267 s->cm_sdram = 0x00011122;
269 integrator_spd[31] = 64;
271 } else if (memsz >= 128) {
272 integrator_spd[31] = 32;
274 } else if (memsz >= 64) {
275 integrator_spd[31] = 16;
277 } else if (memsz >= 32) {
278 integrator_spd[31] = 4;
281 integrator_spd[31] = 2;
283 memcpy(integrator_spd + 73, "QEMU-MEMORY", 11);
284 s->cm_init = 0x00000112;
285 s->flash_offset = flash_offset;
287 iomemtype = cpu_register_io_memory(0, integratorcm_readfn,
288 integratorcm_writefn, s);
289 cpu_register_physical_memory(0x10000000, 0x007fffff, iomemtype);
290 integratorcm_do_remap(s, 1);
291 /* ??? Save/restore. */
294 /* Integrator/CP hardware emulation. */
295 /* Primary interrupt controller. */
297 typedef struct icp_pic_state
301 uint32_t irq_enabled;
302 uint32_t fiq_enabled;
304 /* -1 if parent is a cpu, otherwise IRQ number on parent PIC. */
308 static void icp_pic_update(icp_pic_state *s)
311 if (s->parent_irq != -1) {
314 flags = (s->level & s->irq_enabled);
315 pic_set_irq_new(s->parent, s->parent_irq,
319 /* Raise CPU interrupt. */
320 env = (CPUState *)s->parent;
321 if (s->level & s->fiq_enabled) {
322 cpu_interrupt (env, CPU_INTERRUPT_FIQ);
324 cpu_reset_interrupt (env, CPU_INTERRUPT_FIQ);
326 if (s->level & s->irq_enabled) {
327 cpu_interrupt (env, CPU_INTERRUPT_HARD);
329 cpu_reset_interrupt (env, CPU_INTERRUPT_HARD);
333 void pic_set_irq_new(void *opaque, int irq, int level)
335 icp_pic_state *s = (icp_pic_state *)opaque;
337 s->level |= 1 << irq;
339 s->level &= ~(1 << irq);
343 static uint32_t icp_pic_read(void *opaque, target_phys_addr_t offset)
345 icp_pic_state *s = (icp_pic_state *)opaque;
348 switch (offset >> 2) {
349 case 0: /* IRQ_STATUS */
350 return s->level & s->irq_enabled;
351 case 1: /* IRQ_RAWSTAT */
353 case 2: /* IRQ_ENABLESET */
354 return s->irq_enabled;
355 case 4: /* INT_SOFTSET */
357 case 8: /* FRQ_STATUS */
358 return s->level & s->fiq_enabled;
359 case 9: /* FRQ_RAWSTAT */
361 case 10: /* FRQ_ENABLESET */
362 return s->fiq_enabled;
363 case 3: /* IRQ_ENABLECLR */
364 case 5: /* INT_SOFTCLR */
365 case 11: /* FRQ_ENABLECLR */
367 printf ("icp_pic_read: Bad register offset 0x%x\n", offset);
372 static void icp_pic_write(void *opaque, target_phys_addr_t offset,
375 icp_pic_state *s = (icp_pic_state *)opaque;
378 switch (offset >> 2) {
379 case 2: /* IRQ_ENABLESET */
380 s->irq_enabled |= value;
382 case 3: /* IRQ_ENABLECLR */
383 s->irq_enabled &= ~value;
385 case 4: /* INT_SOFTSET */
387 pic_set_irq_new(s, 0, 1);
389 case 5: /* INT_SOFTCLR */
391 pic_set_irq_new(s, 0, 0);
393 case 10: /* FRQ_ENABLESET */
394 s->fiq_enabled |= value;
396 case 11: /* FRQ_ENABLECLR */
397 s->fiq_enabled &= ~value;
399 case 0: /* IRQ_STATUS */
400 case 1: /* IRQ_RAWSTAT */
401 case 8: /* FRQ_STATUS */
402 case 9: /* FRQ_RAWSTAT */
404 printf ("icp_pic_write: Bad register offset 0x%x\n", offset);
410 static CPUReadMemoryFunc *icp_pic_readfn[] = {
416 static CPUWriteMemoryFunc *icp_pic_writefn[] = {
422 static icp_pic_state *icp_pic_init(uint32_t base, void *parent,
428 s = (icp_pic_state *)qemu_mallocz(sizeof(icp_pic_state));
434 s->parent_irq = parent_irq;
435 iomemtype = cpu_register_io_memory(0, icp_pic_readfn,
437 cpu_register_physical_memory(base, 0x007fffff, iomemtype);
438 /* ??? Save/restore. */
444 /* System bus clock speed (40MHz) for timer 0. Not sure about this value. */
445 #define ICP_BUS_FREQ 40000000
461 /* Calculate the new expiry time of the given timer. */
463 static void icp_pit_reload(icp_pit_state *s, int n)
467 s->loaded[n] = s->expires[n];
468 delay = muldiv64(s->count[n], ticks_per_sec, s->freq[n]);
471 s->expires[n] += delay;
474 /* Check all active timers, and schedule the next timer interrupt. */
476 static void icp_pit_update(icp_pit_state *s, int64_t now)
482 for (n = 0; n < 3; n++) {
483 /* Ignore disabled timers. */
484 if ((s->control[n] & 0x80) == 0)
486 /* Ignore expired one-shot timers. */
487 if (s->count[n] == 0 && s->control[n] & 1)
489 if (s->expires[n] - now <= 0) {
490 /* Timer has expired. */
492 if (s->control[n] & 1) {
496 if ((s->control[n] & 0x40) == 0) {
498 if (s->control[n] & 2)
499 s->count[n] = 0xffffffff;
501 s->count[n] = 0xffff;
504 s->count[n] = s->limit[n];
508 while (s->expires[n] - now <= 0) {
509 icp_pit_reload(s, n);
512 /* Update interrupts. */
513 for (n = 0; n < 3; n++) {
514 if (s->int_level[n] && (s->control[n] & 0x20)) {
515 pic_set_irq_new(s->pic, 5 + n, 1);
517 pic_set_irq_new(s->pic, 5 + n, 0);
519 if (next - s->expires[n] < 0)
520 next = s->expires[n];
522 /* Schedule the next timer interrupt. */
524 qemu_del_timer(s->timer);
526 } else if (next != s->next_time) {
527 qemu_mod_timer(s->timer, next);
532 /* Return the current value of the timer. */
533 static uint32_t icp_pit_getcount(icp_pit_state *s, int n, int64_t now)
538 if (s->count[n] == 0)
540 if ((s->control[n] & 0x80) == 0)
542 elapsed = now - s->loaded[n];
543 period = s->expires[n] - s->loaded[n];
544 /* If the timer should have expired then return 0. This can happen
545 when the host timer signal doesnt occur immediately. It's better to
546 have a timer appear to sit at zero for a while than have it wrap
547 around before the guest interrupt is raised. */
548 /* ??? Could we trigger the interrupt here? */
549 if (elapsed > period)
551 /* We need to calculate count * elapsed / period without overfowing.
552 Scale both elapsed and period so they fit in a 32-bit int. */
553 while (period != (int32_t)period) {
557 return ((uint64_t)s->count[n] * (uint64_t)(int32_t)elapsed)
561 static uint32_t icp_pit_read(void *opaque, target_phys_addr_t offset)
564 icp_pit_state *s = (icp_pit_state *)opaque;
569 cpu_abort (cpu_single_env, "icp_pit_read: Bad timer %x\n", offset);
570 switch ((offset & 0xff) >> 2) {
571 case 0: /* TimerLoad */
572 case 6: /* TimerBGLoad */
574 case 1: /* TimerValue */
575 return icp_pit_getcount(s, n, qemu_get_clock(vm_clock));
576 case 2: /* TimerControl */
577 return s->control[n];
578 case 4: /* TimerRIS */
579 return s->int_level[n];
580 case 5: /* TimerMIS */
581 if ((s->control[n] & 0x20) == 0)
583 return s->int_level[n];
585 cpu_abort (cpu_single_env, "icp_pit_read: Bad offset %x\n", offset);
590 static void icp_pit_write(void *opaque, target_phys_addr_t offset,
593 icp_pit_state *s = (icp_pit_state *)opaque;
597 now = qemu_get_clock(vm_clock);
601 cpu_abort (cpu_single_env, "icp_pit_write: Bad offset %x\n", offset);
603 switch ((offset & 0xff) >> 2) {
604 case 0: /* TimerLoad */
608 icp_pit_reload(s, n);
610 case 1: /* TimerValue */
611 /* ??? Linux seems to want to write to this readonly register.
614 case 2: /* TimerControl */
615 if (s->control[n] & 0x80) {
616 /* Pause the timer if it is running. This may cause some
617 inaccuracy dure to rounding, but avoids a whole lot of other
619 s->count[n] = icp_pit_getcount(s, n, now);
621 s->control[n] = value;
623 s->freq[n] = ICP_BUS_FREQ;
625 s->freq[n] = 1000000;
626 /* ??? Need to recalculate expiry time after changing divisor. */
627 switch ((value >> 2) & 3) {
628 case 1: s->freq[n] >>= 4; break;
629 case 2: s->freq[n] >>= 8; break;
631 if (s->control[n] & 0x80) {
632 /* Restart the timer if still enabled. */
634 icp_pit_reload(s, n);
637 case 3: /* TimerIntClr */
640 case 6: /* TimerBGLoad */
644 cpu_abort (cpu_single_env, "icp_pit_write: Bad offset %x\n", offset);
646 icp_pit_update(s, now);
649 static void icp_pit_tick(void *opaque)
653 now = qemu_get_clock(vm_clock);
654 icp_pit_update((icp_pit_state *)opaque, now);
657 static CPUReadMemoryFunc *icp_pit_readfn[] = {
663 static CPUWriteMemoryFunc *icp_pit_writefn[] = {
669 static void icp_pit_init(uint32_t base, icp_pic_state *pic)
675 s = (icp_pit_state *)qemu_mallocz(sizeof(icp_pit_state));
678 s->freq[0] = ICP_BUS_FREQ;
679 s->freq[1] = 1000000;
680 s->freq[2] = 1000000;
681 for (n = 0; n < 3; n++) {
682 s->control[n] = 0x20;
683 s->count[n] = 0xffffffff;
686 iomemtype = cpu_register_io_memory(0, icp_pit_readfn,
688 cpu_register_physical_memory(base, 0x007fffff, iomemtype);
689 s->timer = qemu_new_timer(vm_clock, icp_pit_tick, s);
690 /* ??? Save/restore. */
693 /* ARM PrimeCell PL011 UART */
702 uint32_t int_enabled;
704 uint32_t read_fifo[16];
712 CharDriverState *chr;
717 #define PL011_INT_TX 0x20
718 #define PL011_INT_RX 0x10
720 #define PL011_FLAG_TXFE 0x80
721 #define PL011_FLAG_RXFF 0x40
722 #define PL011_FLAG_TXFF 0x20
723 #define PL011_FLAG_RXFE 0x10
725 static const unsigned char pl011_id[] =
726 { 0x11, 0x10, 0x14, 0x00, 0x0d, 0xf0, 0x05, 0xb1 };
728 static void pl011_update(pl011_state *s)
732 flags = s->int_level & s->int_enabled;
733 pic_set_irq_new(s->pic, s->irq, flags != 0);
736 static uint32_t pl011_read(void *opaque, target_phys_addr_t offset)
738 pl011_state *s = (pl011_state *)opaque;
742 if (offset >= 0xfe0 && offset < 0x1000) {
743 return pl011_id[(offset - 0xfe0) >> 2];
745 switch (offset >> 2) {
747 s->flags &= ~PL011_FLAG_RXFF;
748 c = s->read_fifo[s->read_pos];
749 if (s->read_count > 0) {
751 if (++s->read_pos == 16)
754 if (s->read_count == 0) {
755 s->flags |= PL011_FLAG_RXFE;
757 if (s->read_count == s->read_trigger - 1)
758 s->int_level &= ~ PL011_INT_RX;
765 case 8: /* UARTILPR */
767 case 9: /* UARTIBRD */
769 case 10: /* UARTFBRD */
771 case 11: /* UARTLCR_H */
773 case 12: /* UARTCR */
775 case 13: /* UARTIFLS */
777 case 14: /* UARTIMSC */
778 return s->int_enabled;
779 case 15: /* UARTRIS */
781 case 16: /* UARTMIS */
782 return s->int_level & s->int_enabled;
783 case 18: /* UARTDMACR */
786 cpu_abort (cpu_single_env, "pl011_read: Bad offset %x\n", offset);
791 static void pl011_set_read_trigger(pl011_state *s)
794 /* The docs say the RX interrupt is triggered when the FIFO exceeds
795 the threshold. However linux only reads the FIFO in response to an
796 interrupt. Triggering the interrupt when the FIFO is non-empty seems
797 to make things work. */
799 s->read_trigger = (s->ifl >> 1) & 0x1c;
805 static void pl011_write(void *opaque, target_phys_addr_t offset,
808 pl011_state *s = (pl011_state *)opaque;
812 switch (offset >> 2) {
814 /* ??? Check if transmitter is enabled. */
817 qemu_chr_write(s->chr, &ch, 1);
818 s->int_level |= PL011_INT_TX;
824 case 8: /* UARTUARTILPR */
827 case 9: /* UARTIBRD */
830 case 10: /* UARTFBRD */
833 case 11: /* UARTLCR_H */
835 pl011_set_read_trigger(s);
837 case 12: /* UARTCR */
838 /* ??? Need to implement the enable and loopback bits. */
841 case 13: /* UARTIFS */
843 pl011_set_read_trigger(s);
845 case 14: /* UARTIMSC */
846 s->int_enabled = value;
849 case 17: /* UARTICR */
850 s->int_level &= ~value;
853 case 18: /* UARTDMACR */
856 cpu_abort(cpu_single_env, "PL011: DMA not implemented\n");
859 cpu_abort (cpu_single_env, "pl011_write: Bad offset %x\n", offset);
863 static int pl011_can_recieve(void *opaque)
865 pl011_state *s = (pl011_state *)opaque;
868 return s->read_count < 16;
870 return s->read_count < 1;
873 static void pl011_recieve(void *opaque, const uint8_t *buf, int size)
875 pl011_state *s = (pl011_state *)opaque;
878 slot = s->read_pos + s->read_count;
881 s->read_fifo[slot] = *buf;
883 s->flags &= ~PL011_FLAG_RXFE;
884 if (s->cr & 0x10 || s->read_count == 16) {
885 s->flags |= PL011_FLAG_RXFF;
887 if (s->read_count == s->read_trigger) {
888 s->int_level |= PL011_INT_RX;
893 static void pl011_event(void *opaque, int event)
895 /* ??? Should probably implement break. */
898 static CPUReadMemoryFunc *pl011_readfn[] = {
904 static CPUWriteMemoryFunc *pl011_writefn[] = {
910 static void pl011_init(uint32_t base, icp_pic_state *pic, int irq,
911 CharDriverState *chr)
916 s = (pl011_state *)qemu_mallocz(sizeof(pl011_state));
917 iomemtype = cpu_register_io_memory(0, pl011_readfn,
919 cpu_register_physical_memory(base, 0x007fffff, iomemtype);
929 qemu_chr_add_read_handler(chr, pl011_can_recieve, pl011_recieve, s);
930 qemu_chr_add_event_handler(chr, pl011_event);
932 /* ??? Save/restore. */
935 /* CP control registers. */
940 static uint32_t icp_control_read(void *opaque, target_phys_addr_t offset)
942 icp_control_state *s = (icp_control_state *)opaque;
944 switch (offset >> 2) {
945 case 0: /* CP_IDFIELD */
947 case 1: /* CP_FLASHPROG */
949 case 2: /* CP_INTREG */
951 case 3: /* CP_DECODE */
954 cpu_abort (cpu_single_env, "icp_control_read: Bad offset %x\n", offset);
959 static void icp_control_write(void *opaque, target_phys_addr_t offset,
962 icp_control_state *s = (icp_control_state *)opaque;
964 switch (offset >> 2) {
965 case 1: /* CP_FLASHPROG */
966 case 2: /* CP_INTREG */
967 case 3: /* CP_DECODE */
968 /* Nothing interesting implemented yet. */
971 cpu_abort (cpu_single_env, "icp_control_write: Bad offset %x\n", offset);
974 static CPUReadMemoryFunc *icp_control_readfn[] = {
980 static CPUWriteMemoryFunc *icp_control_writefn[] = {
986 static void icp_control_init(uint32_t base)
989 icp_control_state *s;
991 s = (icp_control_state *)qemu_mallocz(sizeof(icp_control_state));
992 iomemtype = cpu_register_io_memory(0, icp_control_readfn,
993 icp_control_writefn, s);
994 cpu_register_physical_memory(base, 0x007fffff, iomemtype);
996 /* ??? Save/restore. */
1000 /* Keyboard/Mouse Interface. */
1014 static void icp_kmi_update(void *opaque, int level)
1016 icp_kmi_state *s = (icp_kmi_state *)opaque;
1020 raise = (s->pending && (s->cr & 0x10) != 0)
1021 || (s->cr & 0x08) != 0;
1022 pic_set_irq_new(s->pic, s->irq, raise);
1025 static uint32_t icp_kmi_read(void *opaque, target_phys_addr_t offset)
1027 icp_kmi_state *s = (icp_kmi_state *)opaque;
1029 if (offset >= 0xfe0 && offset < 0x1000)
1032 switch (offset >> 2) {
1035 case 1: /* KMISTAT */
1036 /* KMIC and KMID bits not implemented. */
1042 case 2: /* KMIDATA */
1044 s->last = ps2_read_data(s->dev);
1046 case 3: /* KMICLKDIV */
1049 return s->pending | 2;
1051 cpu_abort (cpu_single_env, "icp_kmi_read: Bad offset %x\n", offset);
1056 static void icp_kmi_write(void *opaque, target_phys_addr_t offset,
1059 icp_kmi_state *s = (icp_kmi_state *)opaque;
1061 switch (offset >> 2) {
1064 icp_kmi_update(s, s->pending);
1065 /* ??? Need to implement the enable/disable bit. */
1067 case 2: /* KMIDATA */
1068 /* ??? This should toggle the TX interrupt line. */
1069 /* ??? This means kbd/mouse can block each other. */
1071 ps2_write_mouse(s->dev, value);
1073 ps2_write_keyboard(s->dev, value);
1076 case 3: /* KMICLKDIV */
1080 cpu_abort (cpu_single_env, "icp_kmi_write: Bad offset %x\n", offset);
1083 static CPUReadMemoryFunc *icp_kmi_readfn[] = {
1089 static CPUWriteMemoryFunc *icp_kmi_writefn[] = {
1095 static void icp_kmi_init(uint32_t base, icp_pic_state * pic, int irq,
1101 s = (icp_kmi_state *)qemu_mallocz(sizeof(icp_kmi_state));
1102 iomemtype = cpu_register_io_memory(0, icp_kmi_readfn,
1103 icp_kmi_writefn, s);
1104 cpu_register_physical_memory(base, 0x007fffff, iomemtype);
1108 s->is_mouse = is_mouse;
1110 s->dev = ps2_mouse_init(icp_kmi_update, s);
1112 s->dev = ps2_kbd_init(icp_kmi_update, s);
1113 /* ??? Save/restore. */
1116 /* The worlds second smallest bootloader. Set r0-r2, then jump to kernel. */
1117 static uint32_t bootloader[] = {
1118 0xe3a00000, /* mov r0, #0 */
1119 0xe3a01013, /* mov r1, #0x13 */
1120 0xe3811c01, /* orr r1, r1, #0x100 */
1121 0xe59f2000, /* ldr r2, [pc, #0] */
1122 0xe59ff000, /* ldr pc, [pc, #0] */
1123 0, /* Address of kernel args. Set by integratorcp_init. */
1124 0 /* Kernel entry point. Set by integratorcp_init. */
1127 static void set_kernel_args(uint32_t ram_size, int initrd_size,
1128 const char *kernel_cmdline)
1132 p = (uint32_t *)(phys_ram_base + KERNEL_ARGS_ADDR);
1135 *(p++) = 0x54410001;
1141 *(p++) = 0x54410002;
1147 *(p++) = 0x54420005;
1148 *(p++) = INITRD_LOAD_ADDR;
1149 *(p++) = initrd_size;
1151 if (kernel_cmdline && *kernel_cmdline) {
1155 cmdline_size = strlen(kernel_cmdline);
1156 memcpy (p + 2, kernel_cmdline, cmdline_size + 1);
1157 cmdline_size = (cmdline_size >> 2) + 1;
1158 *(p++) = cmdline_size + 2;
1159 *(p++) = 0x54410009;
1169 static void integratorcp_init(int ram_size, int vga_ram_size, int boot_device,
1170 DisplayState *ds, const char **fd_filename, int snapshot,
1171 const char *kernel_filename, const char *kernel_cmdline,
1172 const char *initrd_filename)
1175 uint32_t bios_offset;
1181 bios_offset = ram_size + vga_ram_size;
1182 /* ??? On a real system the first 1Mb is mapped as SSRAM or boot flash. */
1183 /* ??? RAM shoud repeat to fill physical memory space. */
1184 /* SDRAM at address zero*/
1185 cpu_register_physical_memory(0, ram_size, IO_MEM_RAM);
1186 /* And again at address 0x80000000 */
1187 cpu_register_physical_memory(0x80000000, ram_size, IO_MEM_RAM);
1189 integratorcm_init(ram_size >> 20, bios_offset);
1190 pic = icp_pic_init(0x14000000, env, -1);
1191 icp_pic_init(0xca000000, pic, 26);
1192 icp_pit_init(0x13000000, pic);
1193 pl011_init(0x16000000, pic, 1, serial_hds[0]);
1194 pl011_init(0x17000000, pic, 2, serial_hds[1]);
1195 icp_control_init(0xcb000000);
1196 icp_kmi_init(0x18000000, pic, 3, 0);
1197 icp_kmi_init(0x19000000, pic, 4, 1);
1198 if (nd_table[0].vlan) {
1199 if (nd_table[0].model == NULL
1200 || strcmp(nd_table[0].model, "smc91c111") == 0) {
1201 smc91c111_init(&nd_table[0], 0xc8000000, pic, 27);
1203 fprintf(stderr, "qemu: Unsupported NIC: %s\n", nd_table[0].model);
1208 /* Load the kernel. */
1209 if (!kernel_filename) {
1210 fprintf(stderr, "Kernel image must be specified\n");
1213 kernel_size = load_image(kernel_filename,
1214 phys_ram_base + KERNEL_LOAD_ADDR);
1215 if (kernel_size < 0) {
1216 fprintf(stderr, "qemu: could not load kernel '%s'\n", kernel_filename);
1219 if (initrd_filename) {
1220 initrd_size = load_image(initrd_filename,
1221 phys_ram_base + INITRD_LOAD_ADDR);
1222 if (initrd_size < 0) {
1223 fprintf(stderr, "qemu: could not load initrd '%s'\n",
1230 bootloader[5] = KERNEL_ARGS_ADDR;
1231 bootloader[6] = KERNEL_LOAD_ADDR;
1232 memcpy(phys_ram_base, bootloader, sizeof(bootloader));
1233 set_kernel_args(ram_size, initrd_size, kernel_cmdline);
1236 QEMUMachine integratorcp_machine = {
1238 "ARM Integrator/CP",
projects / qemu / blob