aboutsummaryrefslogtreecommitdiff
path: root/hw
diff options
context:
space:
mode:
authorMichael S. Tsirkin <mst@redhat.com>2011-05-05 16:39:47 +0300
committerMichael S. Tsirkin <mst@redhat.com>2011-05-05 16:39:47 +0300
commit5300f1a5487f67f0bde8ee1081b799108668cb1d (patch)
tree5274ff496f2665487736a4eec23bf76601e4da44 /hw
parent8d4c78e7c8adf0a4440a8de92738b3820fc8215a (diff)
parentd2d979c628e4b2c4a3cb71a31841875795c79043 (diff)
downloadqemu-5300f1a5487f67f0bde8ee1081b799108668cb1d.zip
qemu-5300f1a5487f67f0bde8ee1081b799108668cb1d.tar.gz
qemu-5300f1a5487f67f0bde8ee1081b799108668cb1d.tar.bz2
Merge remote branch 'origin/master' into pci
Conflicts: exec.c
Diffstat (limited to 'hw')
-rw-r--r--hw/9pfs/virtio-9p-debug.c (renamed from hw/virtio-9p-debug.c)0
-rw-r--r--hw/9pfs/virtio-9p-debug.h (renamed from hw/virtio-9p-debug.h)0
-rw-r--r--hw/9pfs/virtio-9p-local.c (renamed from hw/virtio-9p-local.c)2
-rw-r--r--hw/9pfs/virtio-9p-posix-acl.c (renamed from hw/virtio-9p-posix-acl.c)17
-rw-r--r--hw/9pfs/virtio-9p-xattr-user.c (renamed from hw/virtio-9p-xattr-user.c)2
-rw-r--r--hw/9pfs/virtio-9p-xattr.c (renamed from hw/virtio-9p-xattr.c)2
-rw-r--r--hw/9pfs/virtio-9p-xattr.h (renamed from hw/virtio-9p-xattr.h)0
-rw-r--r--hw/9pfs/virtio-9p.c (renamed from hw/virtio-9p.c)23
-rw-r--r--hw/9pfs/virtio-9p.h (renamed from hw/virtio-9p.h)4
-rw-r--r--hw/acpi.c197
-rw-r--r--hw/acpi.h68
-rw-r--r--hw/acpi_piix4.c225
-rw-r--r--hw/adb.c83
-rw-r--r--hw/ads7846.c41
-rw-r--r--hw/an5206.c1
-rw-r--r--hw/arm_boot.c2
-rw-r--r--hw/arm_timer.c66
-rw-r--r--hw/armv7m.c1
-rw-r--r--hw/armv7m_nvic.c39
-rw-r--r--hw/axis_dev88.c1
-rw-r--r--hw/blizzard.c1
-rw-r--r--hw/bt-hci-csr.c1
-rw-r--r--hw/ccid-card-emulated.c595
-rw-r--r--hw/ccid-card-passthru.c339
-rw-r--r--hw/ccid.h59
-rw-r--r--hw/collie.c69
-rw-r--r--hw/cris-boot.c1
-rw-r--r--hw/cuda.c116
-rw-r--r--hw/dummy_m68k.c1
-rw-r--r--hw/e1000.c23
-rw-r--r--hw/eepro100.c2
-rw-r--r--hw/empty_slot.c21
-rw-r--r--hw/etraxfs.c1
-rw-r--r--hw/fdc.c51
-rw-r--r--hw/file-op-9p.h107
-rw-r--r--hw/flash.h4
-rw-r--r--hw/grlib_apbuart.c2
-rw-r--r--hw/grlib_gptimer.c29
-rw-r--r--hw/grlib_irqmp.c4
-rw-r--r--hw/gumstix.c1
-rw-r--r--hw/heathrow_pic.c62
-rw-r--r--hw/hw.h17
-rw-r--r--hw/ide.h3
-rw-r--r--hw/ide/atapi.c1138
-rw-r--r--hw/ide/core.c979
-rw-r--r--hw/ide/ich.c1
-rw-r--r--hw/ide/internal.h16
-rw-r--r--hw/ide/isa.c1
-rw-r--r--hw/ide/macio.c1
-rw-r--r--hw/ide/microdrive.c1
-rw-r--r--hw/ide/mmio.c1
-rw-r--r--hw/ide/pci.c1
-rw-r--r--hw/integratorcp.c1
-rw-r--r--hw/ioapic.c5
-rw-r--r--hw/isa-bus.c1
-rw-r--r--hw/kvmclock.c6
-rw-r--r--hw/lan9118.c6
-rw-r--r--hw/lm32_boards.c1
-rw-r--r--hw/lsi53c895a.c57
-rw-r--r--hw/m48t59.c36
-rw-r--r--hw/mac_dbdma.c83
-rw-r--r--hw/mac_nvram.c32
-rw-r--r--hw/mainstone.c1
-rw-r--r--hw/max111x.c51
-rw-r--r--hw/milkymist-ac97.c335
-rw-r--r--hw/milkymist-hpdmc.c161
-rw-r--r--hw/milkymist-hw.h224
-rw-r--r--hw/milkymist-memcard.c294
-rw-r--r--hw/milkymist-minimac2.c539
-rw-r--r--hw/milkymist-pfpu.c536
-rw-r--r--hw/milkymist-softusb.c357
-rw-r--r--hw/milkymist-sysctl.c318
-rw-r--r--hw/milkymist-tmu2.c481
-rw-r--r--hw/milkymist-uart.c180
-rw-r--r--hw/milkymist-vgafb.c321
-rw-r--r--hw/milkymist-vgafb_template.h74
-rw-r--r--hw/milkymist.c216
-rw-r--r--hw/mips_fulong2e.c18
-rw-r--r--hw/mips_malta.c22
-rw-r--r--hw/mips_r4k.c10
-rw-r--r--hw/mipsnet.c53
-rw-r--r--hw/multiboot.c2
-rw-r--r--hw/musicpal.c4
-rw-r--r--hw/nand.c79
-rw-r--r--hw/ne2000.c2
-rw-r--r--hw/omap_sx1.c1
-rw-r--r--hw/pc_piix.c20
-rw-r--r--hw/pcie.c3
-rw-r--r--hw/pcnet-pci.c2
-rw-r--r--hw/pcnet.c30
-rw-r--r--hw/pflash_cfi02.c12
-rw-r--r--hw/piix4.c44
-rw-r--r--hw/pl011.c76
-rw-r--r--hw/pl022.c84
-rw-r--r--hw/ppc-viosrp.h216
-rw-r--r--hw/ppc.c33
-rw-r--r--hw/ppc.h1
-rw-r--r--hw/ppc440_bamboo.c3
-rw-r--r--hw/ppc4xx_devs.c1
-rw-r--r--hw/ppc4xx_pci.c80
-rw-r--r--hw/ppc_newworld.c11
-rw-r--r--hw/ppc_oldworld.c11
-rw-r--r--hw/ppc_prep.c10
-rw-r--r--hw/ppce500_mpc8544ds.c2
-rw-r--r--hw/ppce500_pci.c89
-rw-r--r--hw/ptimer.c59
-rw-r--r--hw/pxa2xx.c158
-rw-r--r--hw/pxa2xx_keypad.c53
-rw-r--r--hw/pxa2xx_lcd.c138
-rw-r--r--hw/qdev-properties.c4
-rw-r--r--hw/qdev.c3
-rw-r--r--hw/rc4030.c4
-rw-r--r--hw/realview.c4
-rw-r--r--hw/rtl8139.c440
-rw-r--r--hw/s390-virtio-bus.c25
-rw-r--r--hw/s390-virtio-bus.h4
-rw-r--r--hw/s390-virtio.c25
-rw-r--r--hw/sm501_template.h2
-rw-r--r--hw/smbus.h3
-rw-r--r--hw/smbus_eeprom.c22
-rw-r--r--hw/spapr.c475
-rw-r--r--hw/spapr.h301
-rw-r--r--hw/spapr_hcall.c525
-rw-r--r--hw/spapr_llan.c518
-rw-r--r--hw/spapr_rtas.c278
-rw-r--r--hw/spapr_vio.c731
-rw-r--r--hw/spapr_vio.h112
-rw-r--r--hw/spapr_vscsi.c988
-rw-r--r--hw/spapr_vty.c159
-rw-r--r--hw/srp.h240
-rw-r--r--hw/stellaris.c324
-rw-r--r--hw/stellaris_input.c50
-rw-r--r--hw/strongarm.c1598
-rw-r--r--hw/strongarm.h64
-rw-r--r--hw/sun4u.c9
-rw-r--r--hw/syborg.c1
-rw-r--r--hw/syborg_keyboard.c57
-rw-r--r--hw/syborg_pointer.c73
-rw-r--r--hw/syborg_rtc.c34
-rw-r--r--hw/syborg_serial.c60
-rw-r--r--hw/syborg_timer.c46
-rw-r--r--hw/syborg_virtio.c1
-rw-r--r--hw/sysbus.c1
-rw-r--r--hw/tc58128.c1
-rw-r--r--hw/tosa.c1
-rw-r--r--hw/twl92230.c1
-rw-r--r--hw/usb-ccid.c1419
-rw-r--r--hw/usb-hid.c2
-rw-r--r--hw/usb-msd.c4
-rw-r--r--hw/usb-ohci.c14
-rw-r--r--hw/versatilepb.c2
-rw-r--r--hw/vexpress.c224
-rw-r--r--hw/virtio-balloon.c3
-rw-r--r--hw/virtio-blk.c8
-rw-r--r--hw/virtio-console.c18
-rw-r--r--hw/virtio-pci.c5
-rw-r--r--hw/virtio-serial-bus.c23
-rw-r--r--hw/virtio.c1
-rw-r--r--hw/vmport.c1
-rw-r--r--hw/vt82c686.c110
-rw-r--r--hw/xen_console.c1
-rw-r--r--hw/xen_disk.c10
-rw-r--r--hw/xen_domainbuild.c1
-rw-r--r--hw/xen_machine_pv.c1
-rw-r--r--hw/xenfb.c1
-rw-r--r--hw/xics.c496
-rw-r--r--hw/xics.h38
-rw-r--r--hw/xilinx_timer.c1
168 files changed, 16532 insertions, 3100 deletions
diff --git a/hw/virtio-9p-debug.c b/hw/9pfs/virtio-9p-debug.c
index 6b18842..6b18842 100644
--- a/hw/virtio-9p-debug.c
+++ b/hw/9pfs/virtio-9p-debug.c
diff --git a/hw/virtio-9p-debug.h b/hw/9pfs/virtio-9p-debug.h
index d9a2491..d9a2491 100644
--- a/hw/virtio-9p-debug.h
+++ b/hw/9pfs/virtio-9p-debug.h
diff --git a/hw/virtio-9p-local.c b/hw/9pfs/virtio-9p-local.c
index a8e7525..0a015de 100644
--- a/hw/virtio-9p-local.c
+++ b/hw/9pfs/virtio-9p-local.c
@@ -370,7 +370,7 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath,
return fd;
}
/* Write the oldpath (target) to the file. */
- oldpath_size = strlen(oldpath) + 1;
+ oldpath_size = strlen(oldpath);
do {
write_size = write(fd, (void *)oldpath, oldpath_size);
} while (write_size == -1 && errno == EINTR);
diff --git a/hw/virtio-9p-posix-acl.c b/hw/9pfs/virtio-9p-posix-acl.c
index 3978d0c..575abe8 100644
--- a/hw/virtio-9p-posix-acl.c
+++ b/hw/9pfs/virtio-9p-posix-acl.c
@@ -15,7 +15,7 @@
#include <attr/xattr.h>
#include "virtio.h"
#include "virtio-9p.h"
-#include "file-op-9p.h"
+#include "fsdev/file-op-9p.h"
#include "virtio-9p-xattr.h"
#define MAP_ACL_ACCESS "user.virtfs.system.posix_acl_access"
@@ -60,7 +60,7 @@ static int mp_pacl_removexattr(FsContext *ctx,
ret = lremovexattr(rpath(ctx, path), MAP_ACL_ACCESS);
if (ret == -1 && errno == ENODATA) {
/*
- * We don't get ENODATA error when trying to remote a
+ * We don't get ENODATA error when trying to remove a
* posix acl that is not present. So don't throw the error
* even in case of mapped security model
*/
@@ -103,7 +103,18 @@ static int mp_dacl_setxattr(FsContext *ctx, const char *path, const char *name,
static int mp_dacl_removexattr(FsContext *ctx,
const char *path, const char *name)
{
- return lremovexattr(rpath(ctx, path), MAP_ACL_DEFAULT);
+ int ret;
+ ret = lremovexattr(rpath(ctx, path), MAP_ACL_DEFAULT);
+ if (ret == -1 && errno == ENODATA) {
+ /*
+ * We don't get ENODATA error when trying to remove a
+ * posix acl that is not present. So don't throw the error
+ * even in case of mapped security model
+ */
+ errno = 0;
+ ret = 0;
+ }
+ return ret;
}
diff --git a/hw/virtio-9p-xattr-user.c b/hw/9pfs/virtio-9p-xattr-user.c
index faa02a1..bba13ce 100644
--- a/hw/virtio-9p-xattr-user.c
+++ b/hw/9pfs/virtio-9p-xattr-user.c
@@ -14,7 +14,7 @@
#include <sys/types.h>
#include "virtio.h"
#include "virtio-9p.h"
-#include "file-op-9p.h"
+#include "fsdev/file-op-9p.h"
#include "virtio-9p-xattr.h"
diff --git a/hw/virtio-9p-xattr.c b/hw/9pfs/virtio-9p-xattr.c
index 1aab081..03c3d3f 100644
--- a/hw/virtio-9p-xattr.c
+++ b/hw/9pfs/virtio-9p-xattr.c
@@ -13,7 +13,7 @@
#include "virtio.h"
#include "virtio-9p.h"
-#include "file-op-9p.h"
+#include "fsdev/file-op-9p.h"
#include "virtio-9p-xattr.h"
diff --git a/hw/virtio-9p-xattr.h b/hw/9pfs/virtio-9p-xattr.h
index 2bbae2d..2bbae2d 100644
--- a/hw/virtio-9p-xattr.h
+++ b/hw/9pfs/virtio-9p-xattr.h
diff --git a/hw/virtio-9p.c b/hw/9pfs/virtio-9p.c
index 7c59988..b5fc52b 100644
--- a/hw/virtio-9p.c
+++ b/hw/9pfs/virtio-9p.c
@@ -596,7 +596,10 @@ static V9fsPDU *alloc_pdu(V9fsState *s)
static void free_pdu(V9fsState *s, V9fsPDU *pdu)
{
if (pdu) {
- QLIST_INSERT_HEAD(&s->free_list, pdu, next);
+ if (debug_9p_pdu) {
+ pprint_pdu(pdu);
+ }
+ QLIST_INSERT_HEAD(&s->free_list, pdu, next);
}
}
@@ -696,25 +699,22 @@ static size_t pdu_unmarshal(V9fsPDU *pdu, size_t offset, const char *fmt, ...)
case 'w': {
uint16_t val, *valp;
valp = va_arg(ap, uint16_t *);
- val = le16_to_cpupu(valp);
offset += pdu_unpack(&val, pdu, offset, sizeof(val));
- *valp = val;
+ *valp = le16_to_cpu(val);
break;
}
case 'd': {
uint32_t val, *valp;
valp = va_arg(ap, uint32_t *);
- val = le32_to_cpupu(valp);
offset += pdu_unpack(&val, pdu, offset, sizeof(val));
- *valp = val;
+ *valp = le32_to_cpu(val);
break;
}
case 'q': {
uint64_t val, *valp;
valp = va_arg(ap, uint64_t *);
- val = le64_to_cpup(valp);
offset += pdu_unpack(&val, pdu, offset, sizeof(val));
- *valp = val;
+ *valp = le64_to_cpu(val);
break;
}
case 'v': {
@@ -1482,7 +1482,7 @@ static void v9fs_walk_complete(V9fsState *s, V9fsWalkState *vs, int err)
{
complete_pdu(s, vs->pdu, err);
- if (vs->nwnames) {
+ if (vs->nwnames && vs->nwnames <= P9_MAXWELEM) {
for (vs->name_idx = 0; vs->name_idx < vs->nwnames; vs->name_idx++) {
v9fs_string_free(&vs->wnames[vs->name_idx]);
}
@@ -1578,7 +1578,7 @@ static void v9fs_walk(V9fsState *s, V9fsPDU *pdu)
vs->offset += pdu_unmarshal(vs->pdu, vs->offset, "ddw", &fid,
&newfid, &vs->nwnames);
- if (vs->nwnames) {
+ if (vs->nwnames && vs->nwnames <= P9_MAXWELEM) {
vs->wnames = qemu_mallocz(sizeof(vs->wnames[0]) * vs->nwnames);
vs->qids = qemu_mallocz(sizeof(vs->qids[0]) * vs->nwnames);
@@ -1587,6 +1587,9 @@ static void v9fs_walk(V9fsState *s, V9fsPDU *pdu)
vs->offset += pdu_unmarshal(vs->pdu, vs->offset, "s",
&vs->wnames[i]);
}
+ } else if (vs->nwnames > P9_MAXWELEM) {
+ err = -EINVAL;
+ goto out;
}
vs->fidp = lookup_fid(s, fid);
@@ -1771,7 +1774,7 @@ static void v9fs_post_lcreate(V9fsState *s, V9fsLcreateState *vs, int err)
v9fs_string_copy(&vs->fidp->path, &vs->fullname);
stat_to_qid(&vs->stbuf, &vs->qid);
vs->offset += pdu_marshal(vs->pdu, vs->offset, "Qd", &vs->qid,
- &vs->iounit);
+ vs->iounit);
err = vs->offset;
} else {
vs->fidp->fid_type = P9_FID_NONE;
diff --git a/hw/virtio-9p.h b/hw/9pfs/virtio-9p.h
index 2ae4ce7..622928f 100644
--- a/hw/virtio-9p.h
+++ b/hw/9pfs/virtio-9p.h
@@ -6,7 +6,7 @@
#include <sys/time.h>
#include <utime.h>
-#include "file-op-9p.h"
+#include "fsdev/file-op-9p.h"
/* The feature bitmap for virtio 9P */
/* The mount point is specified in a config variable */
@@ -282,7 +282,7 @@ typedef struct V9fsStatStateDotl {
typedef struct V9fsWalkState {
V9fsPDU *pdu;
size_t offset;
- int16_t nwnames;
+ uint16_t nwnames;
int name_idx;
V9fsQID *qids;
V9fsFidState *fidp;
diff --git a/hw/acpi.c b/hw/acpi.c
index 8071e7b..ad40fb4 100644
--- a/hw/acpi.c
+++ b/hw/acpi.c
@@ -15,6 +15,7 @@
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, see <http://www.gnu.org/licenses/>
*/
+#include "sysemu.h"
#include "hw.h"
#include "pc.h"
#include "acpi.h"
@@ -197,3 +198,199 @@ out:
}
return -1;
}
+
+/* ACPI PM1a EVT */
+uint16_t acpi_pm1_evt_get_sts(ACPIPM1EVT *pm1, int64_t overflow_time)
+{
+ int64_t d = acpi_pm_tmr_get_clock();
+ if (d >= overflow_time) {
+ pm1->sts |= ACPI_BITMASK_TIMER_STATUS;
+ }
+ return pm1->sts;
+}
+
+void acpi_pm1_evt_write_sts(ACPIPM1EVT *pm1, ACPIPMTimer *tmr, uint16_t val)
+{
+ uint16_t pm1_sts = acpi_pm1_evt_get_sts(pm1, tmr->overflow_time);
+ if (pm1_sts & val & ACPI_BITMASK_TIMER_STATUS) {
+ /* if TMRSTS is reset, then compute the new overflow time */
+ acpi_pm_tmr_calc_overflow_time(tmr);
+ }
+ pm1->sts &= ~val;
+}
+
+void acpi_pm1_evt_power_down(ACPIPM1EVT *pm1, ACPIPMTimer *tmr)
+{
+ if (!pm1) {
+ qemu_system_shutdown_request();
+ } else if (pm1->en & ACPI_BITMASK_POWER_BUTTON_ENABLE) {
+ pm1->sts |= ACPI_BITMASK_POWER_BUTTON_STATUS;
+ tmr->update_sci(tmr);
+ }
+}
+
+void acpi_pm1_evt_reset(ACPIPM1EVT *pm1)
+{
+ pm1->sts = 0;
+ pm1->en = 0;
+}
+
+/* ACPI PM_TMR */
+void acpi_pm_tmr_update(ACPIPMTimer *tmr, bool enable)
+{
+ int64_t expire_time;
+
+ /* schedule a timer interruption if needed */
+ if (enable) {
+ expire_time = muldiv64(tmr->overflow_time, get_ticks_per_sec(),
+ PM_TIMER_FREQUENCY);
+ qemu_mod_timer(tmr->timer, expire_time);
+ } else {
+ qemu_del_timer(tmr->timer);
+ }
+}
+
+void acpi_pm_tmr_calc_overflow_time(ACPIPMTimer *tmr)
+{
+ int64_t d = acpi_pm_tmr_get_clock();
+ tmr->overflow_time = (d + 0x800000LL) & ~0x7fffffLL;
+}
+
+uint32_t acpi_pm_tmr_get(ACPIPMTimer *tmr)
+{
+ uint32_t d = acpi_pm_tmr_get_clock();;
+ return d & 0xffffff;
+}
+
+static void acpi_pm_tmr_timer(void *opaque)
+{
+ ACPIPMTimer *tmr = opaque;
+ tmr->update_sci(tmr);
+}
+
+void acpi_pm_tmr_init(ACPIPMTimer *tmr, acpi_update_sci_fn update_sci)
+{
+ tmr->update_sci = update_sci;
+ tmr->timer = qemu_new_timer_ns(vm_clock, acpi_pm_tmr_timer, tmr);
+}
+
+void acpi_pm_tmr_reset(ACPIPMTimer *tmr)
+{
+ tmr->overflow_time = 0;
+ qemu_del_timer(tmr->timer);
+}
+
+/* ACPI PM1aCNT */
+void acpi_pm1_cnt_init(ACPIPM1CNT *pm1_cnt, qemu_irq cmos_s3)
+{
+ pm1_cnt->cmos_s3 = cmos_s3;
+}
+
+void acpi_pm1_cnt_write(ACPIPM1EVT *pm1a, ACPIPM1CNT *pm1_cnt, uint16_t val)
+{
+ pm1_cnt->cnt = val & ~(ACPI_BITMASK_SLEEP_ENABLE);
+
+ if (val & ACPI_BITMASK_SLEEP_ENABLE) {
+ /* change suspend type */
+ uint16_t sus_typ = (val >> 10) & 7;
+ switch(sus_typ) {
+ case 0: /* soft power off */
+ qemu_system_shutdown_request();
+ break;
+ case 1:
+ /* ACPI_BITMASK_WAKE_STATUS should be set on resume.
+ Pretend that resume was caused by power button */
+ pm1a->sts |=
+ (ACPI_BITMASK_WAKE_STATUS | ACPI_BITMASK_POWER_BUTTON_STATUS);
+ qemu_system_reset_request();
+ qemu_irq_raise(pm1_cnt->cmos_s3);
+ default:
+ break;
+ }
+ }
+}
+
+void acpi_pm1_cnt_update(ACPIPM1CNT *pm1_cnt,
+ bool sci_enable, bool sci_disable)
+{
+ /* ACPI specs 3.0, 4.7.2.5 */
+ if (sci_enable) {
+ pm1_cnt->cnt |= ACPI_BITMASK_SCI_ENABLE;
+ } else if (sci_disable) {
+ pm1_cnt->cnt &= ~ACPI_BITMASK_SCI_ENABLE;
+ }
+}
+
+void acpi_pm1_cnt_reset(ACPIPM1CNT *pm1_cnt)
+{
+ pm1_cnt->cnt = 0;
+ if (pm1_cnt->cmos_s3) {
+ qemu_irq_lower(pm1_cnt->cmos_s3);
+ }
+}
+
+/* ACPI GPE */
+void acpi_gpe_init(ACPIGPE *gpe, uint8_t len)
+{
+ gpe->len = len;
+ gpe->sts = qemu_mallocz(len / 2);
+ gpe->en = qemu_mallocz(len / 2);
+}
+
+void acpi_gpe_blk(ACPIGPE *gpe, uint32_t blk)
+{
+ gpe->blk = blk;
+}
+
+void acpi_gpe_reset(ACPIGPE *gpe)
+{
+ memset(gpe->sts, 0, gpe->len / 2);
+ memset(gpe->en, 0, gpe->len / 2);
+}
+
+static uint8_t *acpi_gpe_ioport_get_ptr(ACPIGPE *gpe, uint32_t addr)
+{
+ uint8_t *cur = NULL;
+
+ if (addr < gpe->len / 2) {
+ cur = gpe->sts + addr;
+ } else if (addr < gpe->len) {
+ cur = gpe->en + addr - gpe->len / 2;
+ } else {
+ abort();
+ }
+
+ return cur;
+}
+
+void acpi_gpe_ioport_writeb(ACPIGPE *gpe, uint32_t addr, uint32_t val)
+{
+ uint8_t *cur;
+
+ addr -= gpe->blk;
+ cur = acpi_gpe_ioport_get_ptr(gpe, addr);
+ if (addr < gpe->len / 2) {
+ /* GPE_STS */
+ *cur = (*cur) & ~val;
+ } else if (addr < gpe->len) {
+ /* GPE_EN */
+ *cur = val;
+ } else {
+ abort();
+ }
+}
+
+uint32_t acpi_gpe_ioport_readb(ACPIGPE *gpe, uint32_t addr)
+{
+ uint8_t *cur;
+ uint32_t val;
+
+ addr -= gpe->blk;
+ cur = acpi_gpe_ioport_get_ptr(gpe, addr);
+ val = 0;
+ if (cur != NULL) {
+ val = *cur;
+ }
+
+ return val;
+}
diff --git a/hw/acpi.h b/hw/acpi.h
index 5949958..c141e65 100644
--- a/hw/acpi.h
+++ b/hw/acpi.h
@@ -74,5 +74,73 @@
#define ACPI_BITMASK_ARB_DISABLE 0x0001
/* PM_TMR */
+struct ACPIPMTimer;
+typedef struct ACPIPMTimer ACPIPMTimer;
+
+typedef void (*acpi_update_sci_fn)(ACPIPMTimer *tmr);
+
+struct ACPIPMTimer {
+ QEMUTimer *timer;
+ int64_t overflow_time;
+
+ acpi_update_sci_fn update_sci;
+};
+
+void acpi_pm_tmr_update(ACPIPMTimer *tmr, bool enable);
+void acpi_pm_tmr_calc_overflow_time(ACPIPMTimer *tmr);
+uint32_t acpi_pm_tmr_get(ACPIPMTimer *tmr);
+void acpi_pm_tmr_init(ACPIPMTimer *tmr, acpi_update_sci_fn update_sci);
+void acpi_pm_tmr_reset(ACPIPMTimer *tmr);
+
+#include "qemu-timer.h"
+static inline int64_t acpi_pm_tmr_get_clock(void)
+{
+ return muldiv64(qemu_get_clock_ns(vm_clock), PM_TIMER_FREQUENCY,
+ get_ticks_per_sec());
+}
+
+/* PM1a_EVT: piix and ich9 don't implement PM1b. */
+struct ACPIPM1EVT
+{
+ uint16_t sts;
+ uint16_t en;
+};
+typedef struct ACPIPM1EVT ACPIPM1EVT;
+
+uint16_t acpi_pm1_evt_get_sts(ACPIPM1EVT *pm1, int64_t overflow_time);
+void acpi_pm1_evt_write_sts(ACPIPM1EVT *pm1, ACPIPMTimer *tmr, uint16_t val);
+void acpi_pm1_evt_power_down(ACPIPM1EVT *pm1, ACPIPMTimer *tmr);
+void acpi_pm1_evt_reset(ACPIPM1EVT *pm1);
+
+/* PM1a_CNT: piix and ich9 don't implement PM1b CNT. */
+struct ACPIPM1CNT {
+ uint16_t cnt;
+
+ qemu_irq cmos_s3;
+};
+typedef struct ACPIPM1CNT ACPIPM1CNT;
+
+void acpi_pm1_cnt_init(ACPIPM1CNT *pm1_cnt, qemu_irq cmos_s3);
+void acpi_pm1_cnt_write(ACPIPM1EVT *pm1a, ACPIPM1CNT *pm1_cnt, uint16_t val);
+void acpi_pm1_cnt_update(ACPIPM1CNT *pm1_cnt,
+ bool sci_enable, bool sci_disable);
+void acpi_pm1_cnt_reset(ACPIPM1CNT *pm1_cnt);
+
+/* GPE0 */
+struct ACPIGPE {
+ uint32_t blk;
+ uint8_t len;
+
+ uint8_t *sts;
+ uint8_t *en;
+};
+typedef struct ACPIGPE ACPIGPE;
+
+void acpi_gpe_init(ACPIGPE *gpe, uint8_t len);
+void acpi_gpe_blk(ACPIGPE *gpe, uint32_t blk);
+void acpi_gpe_reset(ACPIGPE *gpe);
+
+void acpi_gpe_ioport_writeb(ACPIGPE *gpe, uint32_t addr, uint32_t val);
+uint32_t acpi_gpe_ioport_readb(ACPIGPE *gpe, uint32_t addr);
#endif /* !QEMU_HW_ACPI_H */
diff --git a/hw/acpi_piix4.c b/hw/acpi_piix4.c
index 0b2bc97..96f5222 100644
--- a/hw/acpi_piix4.c
+++ b/hw/acpi_piix4.c
@@ -35,17 +35,13 @@
#define ACPI_DBG_IO_ADDR 0xb044
#define GPE_BASE 0xafe0
+#define GPE_LEN 4
#define PCI_BASE 0xae00
#define PCI_EJ_BASE 0xae08
#define PCI_RMV_BASE 0xae0c
#define PIIX4_PCI_HOTPLUG_STATUS 2
-struct gpe_regs {
- uint16_t sts; /* status */
- uint16_t en; /* enabled */
-};
-
struct pci_status {
uint32_t up;
uint32_t down;
@@ -54,25 +50,22 @@ struct pci_status {
typedef struct PIIX4PMState {
PCIDevice dev;
IORange ioport;
- uint16_t pmsts;
- uint16_t pmen;
- uint16_t pmcntrl;
+ ACPIPM1EVT pm1a;
+ ACPIPM1CNT pm1_cnt;
APMState apm;
- QEMUTimer *tmr_timer;
- int64_t tmr_overflow_time;
+ ACPIPMTimer tmr;
PMSMBus smb;
uint32_t smb_io_base;
qemu_irq irq;
- qemu_irq cmos_s3;
qemu_irq smi_irq;
int kvm_enabled;
/* for pci hotplug */
- struct gpe_regs gpe;
+ ACPIGPE gpe;
struct pci_status pci0_status;
uint32_t pci0_hotplug_enable;
} PIIX4PMState;
@@ -82,52 +75,27 @@ static void piix4_acpi_system_hot_add_init(PCIBus *bus, PIIX4PMState *s);
#define ACPI_ENABLE 0xf1
#define ACPI_DISABLE 0xf0
-static uint32_t get_pmtmr(PIIX4PMState *s)
-{
- uint32_t d;
- d = muldiv64(qemu_get_clock_ns(vm_clock), PM_TIMER_FREQUENCY, get_ticks_per_sec());
- return d & 0xffffff;
-}
-
-static int get_pmsts(PIIX4PMState *s)
-{
- int64_t d;
-
- d = muldiv64(qemu_get_clock_ns(vm_clock), PM_TIMER_FREQUENCY,
- get_ticks_per_sec());
- if (d >= s->tmr_overflow_time)
- s->pmsts |= ACPI_BITMASK_TIMER_STATUS;
- return s->pmsts;
-}
-
static void pm_update_sci(PIIX4PMState *s)
{
int sci_level, pmsts;
- int64_t expire_time;
- pmsts = get_pmsts(s);
- sci_level = (((pmsts & s->pmen) &
+ pmsts = acpi_pm1_evt_get_sts(&s->pm1a, s->tmr.overflow_time);
+ sci_level = (((pmsts & s->pm1a.en) &
(ACPI_BITMASK_RT_CLOCK_ENABLE |
ACPI_BITMASK_POWER_BUTTON_ENABLE |
ACPI_BITMASK_GLOBAL_LOCK_ENABLE |
ACPI_BITMASK_TIMER_ENABLE)) != 0) ||
- (((s->gpe.sts & s->gpe.en) & PIIX4_PCI_HOTPLUG_STATUS) != 0);
+ (((s->gpe.sts[0] & s->gpe.en[0]) & PIIX4_PCI_HOTPLUG_STATUS) != 0);
qemu_set_irq(s->irq, sci_level);
/* schedule a timer interruption if needed */
- if ((s->pmen & ACPI_BITMASK_TIMER_ENABLE) &&
- !(pmsts & ACPI_BITMASK_TIMER_STATUS)) {
- expire_time = muldiv64(s->tmr_overflow_time, get_ticks_per_sec(),
- PM_TIMER_FREQUENCY);
- qemu_mod_timer(s->tmr_timer, expire_time);
- } else {
- qemu_del_timer(s->tmr_timer);
- }
+ acpi_pm_tmr_update(&s->tmr, (s->pm1a.en & ACPI_BITMASK_TIMER_ENABLE) &&
+ !(pmsts & ACPI_BITMASK_TIMER_STATUS));
}
-static void pm_tmr_timer(void *opaque)
+static void pm_tmr_timer(ACPIPMTimer *tmr)
{
- PIIX4PMState *s = opaque;
+ PIIX4PMState *s = container_of(tmr, PIIX4PMState, tmr);
pm_update_sci(s);
}
@@ -143,54 +111,21 @@ static void pm_ioport_write(IORange *ioport, uint64_t addr, unsigned width,
switch(addr) {
case 0x00:
- {
- int64_t d;
- int pmsts;
- pmsts = get_pmsts(s);
- if (pmsts & val & ACPI_BITMASK_TIMER_STATUS) {
- /* if TMRSTS is reset, then compute the new overflow time */
- d = muldiv64(qemu_get_clock_ns(vm_clock), PM_TIMER_FREQUENCY,
- get_ticks_per_sec());
- s->tmr_overflow_time = (d + 0x800000LL) & ~0x7fffffLL;
- }
- s->pmsts &= ~val;
- pm_update_sci(s);
- }
+ acpi_pm1_evt_write_sts(&s->pm1a, &s->tmr, val);
+ pm_update_sci(s);
break;
case 0x02:
- s->pmen = val;
+ s->pm1a.en = val;
pm_update_sci(s);
break;
case 0x04:
- {
- int sus_typ;
- s->pmcntrl = val & ~(ACPI_BITMASK_SLEEP_ENABLE);
- if (val & ACPI_BITMASK_SLEEP_ENABLE) {
- /* change suspend type */
- sus_typ = (val >> 10) & 7;
- switch(sus_typ) {
- case 0: /* soft power off */
- qemu_system_shutdown_request();
- break;
- case 1:
- /* ACPI_BITMASK_WAKE_STATUS should be set on resume.
- Pretend that resume was caused by power button */
- s->pmsts |= (ACPI_BITMASK_WAKE_STATUS |
- ACPI_BITMASK_POWER_BUTTON_STATUS);
- qemu_system_reset_request();
- if (s->cmos_s3) {
- qemu_irq_raise(s->cmos_s3);
- }
- default:
- break;
- }
- }
- }
+ acpi_pm1_cnt_write(&s->pm1a, &s->pm1_cnt, val);
break;
default:
break;
}
- PIIX4_DPRINTF("PM writew port=0x%04x val=0x%04x\n", addr, val);
+ PIIX4_DPRINTF("PM writew port=0x%04x val=0x%04x\n", (unsigned int)addr,
+ (unsigned int)val);
}
static void pm_ioport_read(IORange *ioport, uint64_t addr, unsigned width,
@@ -201,22 +136,22 @@ static void pm_ioport_read(IORange *ioport, uint64_t addr, unsigned width,
switch(addr) {
case 0x00:
- val = get_pmsts(s);
+ val = acpi_pm1_evt_get_sts(&s->pm1a, s->tmr.overflow_time);
break;
case 0x02:
- val = s->pmen;
+ val = s->pm1a.en;
break;
case 0x04:
- val = s->pmcntrl;
+ val = s->pm1_cnt.cnt;
break;
case 0x08:
- val = get_pmtmr(s);
+ val = acpi_pm_tmr_get(&s->tmr);
break;
default:
val = 0;
break;
}
- PIIX4_DPRINTF("PM readw port=0x%04x val=0x%04x\n", addr, val);
+ PIIX4_DPRINTF("PM readw port=0x%04x val=0x%04x\n", (unsigned int)addr, val);
*data = val;
}
@@ -230,11 +165,7 @@ static void apm_ctrl_changed(uint32_t val, void *arg)
PIIX4PMState *s = arg;
/* ACPI specs 3.0, 4.7.2.5 */
- if (val == ACPI_ENABLE) {
- s->pmcntrl |= ACPI_BITMASK_SCI_ENABLE;
- } else if (val == ACPI_DISABLE) {
- s->pmcntrl &= ~ACPI_BITMASK_SCI_ENABLE;
- }
+ acpi_pm1_cnt_update(&s->pm1_cnt, val == ACPI_ENABLE, val == ACPI_DISABLE);
if (s->dev.config[0x5b] & (1 << 1)) {
if (s->smi_irq) {
@@ -279,14 +210,25 @@ static int vmstate_acpi_post_load(void *opaque, int version_id)
return 0;
}
+#define VMSTATE_GPE_ARRAY(_field, _state) \
+ { \
+ .name = (stringify(_field)), \
+ .version_id = 0, \
+ .num = GPE_LEN, \
+ .info = &vmstate_info_uint16, \
+ .size = sizeof(uint16_t), \
+ .flags = VMS_ARRAY | VMS_POINTER, \
+ .offset = vmstate_offset_pointer(_state, _field, uint8_t), \
+ }
+
static const VMStateDescription vmstate_gpe = {
.name = "gpe",
.version_id = 1,
.minimum_version_id = 1,
.minimum_version_id_old = 1,
.fields = (VMStateField []) {
- VMSTATE_UINT16(sts, struct gpe_regs),
- VMSTATE_UINT16(en, struct gpe_regs),
+ VMSTATE_GPE_ARRAY(sts, ACPIGPE),
+ VMSTATE_GPE_ARRAY(en, ACPIGPE),
VMSTATE_END_OF_LIST()
}
};
@@ -311,13 +253,13 @@ static const VMStateDescription vmstate_acpi = {
.post_load = vmstate_acpi_post_load,
.fields = (VMStateField []) {
VMSTATE_PCI_DEVICE(dev, PIIX4PMState),
- VMSTATE_UINT16(pmsts, PIIX4PMState),
- VMSTATE_UINT16(pmen, PIIX4PMState),
- VMSTATE_UINT16(pmcntrl, PIIX4PMState),
+ VMSTATE_UINT16(pm1a.sts, PIIX4PMState),
+ VMSTATE_UINT16(pm1a.en, PIIX4PMState),
+ VMSTATE_UINT16(pm1_cnt.cnt, PIIX4PMState),
VMSTATE_STRUCT(apm, PIIX4PMState, 0, vmstate_apm, APMState),
- VMSTATE_TIMER(tmr_timer, PIIX4PMState),
- VMSTATE_INT64(tmr_overflow_time, PIIX4PMState),
- VMSTATE_STRUCT(gpe, PIIX4PMState, 2, vmstate_gpe, struct gpe_regs),
+ VMSTATE_TIMER(tmr.timer, PIIX4PMState),
+ VMSTATE_INT64(tmr.overflow_time, PIIX4PMState),
+ VMSTATE_STRUCT(gpe, PIIX4PMState, 2, vmstate_gpe, ACPIGPE),
VMSTATE_STRUCT(pci0_status, PIIX4PMState, 2, vmstate_pci_status,
struct pci_status),
VMSTATE_END_OF_LIST()
@@ -363,13 +305,10 @@ static void piix4_reset(void *opaque)
static void piix4_powerdown(void *opaque, int irq, int power_failing)
{
PIIX4PMState *s = opaque;
+ ACPIPM1EVT *pm1a = s? &s->pm1a: NULL;
+ ACPIPMTimer *tmr = s? &s->tmr: NULL;
- if (!s) {
- qemu_system_shutdown_request();
- } else if (s->pmen & ACPI_BITMASK_POWER_BUTTON_ENABLE) {
- s->pmsts |= ACPI_BITMASK_POWER_BUTTON_STATUS;
- pm_update_sci(s);
- }
+ acpi_pm1_evt_power_down(pm1a, tmr);
}
static int piix4_pm_initfn(PCIDevice *dev)
@@ -413,7 +352,8 @@ static int piix4_pm_initfn(PCIDevice *dev)
register_ioport_write(s->smb_io_base, 64, 1, smb_ioport_writeb, &s->smb);
register_ioport_read(s->smb_io_base, 64, 1, smb_ioport_readb, &s->smb);
- s->tmr_timer = qemu_new_timer_ns(vm_clock, pm_tmr_timer, s);
+ acpi_pm_tmr_init(&s->tmr, pm_tmr_timer);
+ acpi_gpe_init(&s->gpe, GPE_LEN);
qemu_system_powerdown = *qemu_allocate_irqs(piix4_powerdown, s, 1);
@@ -436,7 +376,7 @@ i2c_bus *piix4_pm_init(PCIBus *bus, int devfn, uint32_t smb_io_base,
s = DO_UPCAST(PIIX4PMState, dev, dev);
s->irq = sci_irq;
- s->cmos_s3 = cmos_s3;
+ acpi_pm1_cnt_init(&s->pm1_cnt, cmos_s3);
s->smi_irq = smi_irq;
s->kvm_enabled = kvm_enabled;
@@ -467,74 +407,20 @@ static void piix4_pm_register(void)
device_init(piix4_pm_register);
-static uint32_t gpe_read_val(uint16_t val, uint32_t addr)
-{
- if (addr & 1)
- return (val >> 8) & 0xff;
- return val & 0xff;
-}
-
static uint32_t gpe_readb(void *opaque, uint32_t addr)
{
- uint32_t val = 0;
PIIX4PMState *s = opaque;
- struct gpe_regs *g = &s->gpe;
-
- switch (addr) {
- case GPE_BASE:
- case GPE_BASE + 1:
- val = gpe_read_val(g->sts, addr);
- break;
- case GPE_BASE + 2:
- case GPE_BASE + 3:
- val = gpe_read_val(g->en, addr);
- break;
- default:
- break;
- }
+ uint32_t val = acpi_gpe_ioport_readb(&s->gpe, addr);
PIIX4_DPRINTF("gpe read %x == %x\n", addr, val);
return val;
}
-static void gpe_write_val(uint16_t *cur, int addr, uint32_t val)
-{
- if (addr & 1)
- *cur = (*cur & 0xff) | (val << 8);
- else
- *cur = (*cur & 0xff00) | (val & 0xff);
-}
-
-static void gpe_reset_val(uint16_t *cur, int addr, uint32_t val)
-{
- uint16_t x1, x0 = val & 0xff;
- int shift = (addr & 1) ? 8 : 0;
-
- x1 = (*cur >> shift) & 0xff;
-
- x1 = x1 & ~x0;
-
- *cur = (*cur & (0xff << (8 - shift))) | (x1 << shift);
-}
-
static void gpe_writeb(void *opaque, uint32_t addr, uint32_t val)
{
PIIX4PMState *s = opaque;
- struct gpe_regs *g = &s->gpe;
-
- switch (addr) {
- case GPE_BASE:
- case GPE_BASE + 1:
- gpe_reset_val(&g->sts, addr, val);
- break;
- case GPE_BASE + 2:
- case GPE_BASE + 3:
- gpe_write_val(&g->en, addr, val);
- break;
- default:
- break;
- }
+ acpi_gpe_ioport_writeb(&s->gpe, addr, val);
pm_update_sci(s);
PIIX4_DPRINTF("gpe write %x <== %d\n", addr, val);
@@ -617,8 +503,9 @@ static void piix4_acpi_system_hot_add_init(PCIBus *bus, PIIX4PMState *s)
{
struct pci_status *pci0_status = &s->pci0_status;
- register_ioport_write(GPE_BASE, 4, 1, gpe_writeb, s);
- register_ioport_read(GPE_BASE, 4, 1, gpe_readb, s);
+ register_ioport_write(GPE_BASE, GPE_LEN, 1, gpe_writeb, s);
+ register_ioport_read(GPE_BASE, GPE_LEN, 1, gpe_readb, s);
+ acpi_gpe_blk(&s->gpe, GPE_BASE);
register_ioport_write(PCI_BASE, 8, 4, pcihotplug_write, pci0_status);
register_ioport_read(PCI_BASE, 8, 4, pcihotplug_read, pci0_status);
@@ -634,13 +521,13 @@ static void piix4_acpi_system_hot_add_init(PCIBus *bus, PIIX4PMState *s)
static void enable_device(PIIX4PMState *s, int slot)
{
- s->gpe.sts |= PIIX4_PCI_HOTPLUG_STATUS;
+ s->gpe.sts[0] |= PIIX4_PCI_HOTPLUG_STATUS;
s->pci0_status.up |= (1 << slot);
}
static void disable_device(PIIX4PMState *s, int slot)
{
- s->gpe.sts |= PIIX4_PCI_HOTPLUG_STATUS;
+ s->gpe.sts[0] |= PIIX4_PCI_HOTPLUG_STATUS;
s->pci0_status.down |= (1 << slot);
}
diff --git a/hw/adb.c b/hw/adb.c
index 99b30f6..7499cdc 100644
--- a/hw/adb.c
+++ b/hw/adb.c
@@ -261,30 +261,19 @@ static int adb_kbd_request(ADBDevice *d, uint8_t *obuf,
return olen;
}
-static void adb_kbd_save(QEMUFile *f, void *opaque)
-{
- KBDState *s = (KBDState *)opaque;
-
- qemu_put_buffer(f, s->data, sizeof(s->data));
- qemu_put_sbe32s(f, &s->rptr);
- qemu_put_sbe32s(f, &s->wptr);
- qemu_put_sbe32s(f, &s->count);
-}
-
-static int adb_kbd_load(QEMUFile *f, void *opaque, int version_id)
-{
- KBDState *s = (KBDState *)opaque;
-
- if (version_id != 1)
- return -EINVAL;
-
- qemu_get_buffer(f, s->data, sizeof(s->data));
- qemu_get_sbe32s(f, &s->rptr);
- qemu_get_sbe32s(f, &s->wptr);
- qemu_get_sbe32s(f, &s->count);
-
- return 0;
-}
+static const VMStateDescription vmstate_adb_kbd = {
+ .name = "adb_kbd",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_BUFFER(data, KBDState),
+ VMSTATE_INT32(rptr, KBDState),
+ VMSTATE_INT32(wptr, KBDState),
+ VMSTATE_INT32(count, KBDState),
+ VMSTATE_END_OF_LIST()
+ }
+};
static int adb_kbd_reset(ADBDevice *d)
{
@@ -305,8 +294,7 @@ void adb_kbd_init(ADBBusState *bus)
d = adb_register_device(bus, ADB_KEYBOARD, adb_kbd_request,
adb_kbd_reset, s);
qemu_add_kbd_event_handler(adb_kbd_put_keycode, d);
- register_savevm(NULL, "adb_kbd", -1, 1, adb_kbd_save,
- adb_kbd_load, s);
+ vmstate_register(NULL, -1, &vmstate_adb_kbd, s);
}
/***************************************************************/
@@ -439,32 +427,20 @@ static int adb_mouse_reset(ADBDevice *d)
return 0;
}
-static void adb_mouse_save(QEMUFile *f, void *opaque)
-{
- MouseState *s = (MouseState *)opaque;
-
- qemu_put_sbe32s(f, &s->buttons_state);
- qemu_put_sbe32s(f, &s->last_buttons_state);
- qemu_put_sbe32s(f, &s->dx);
- qemu_put_sbe32s(f, &s->dy);
- qemu_put_sbe32s(f, &s->dz);
-}
-
-static int adb_mouse_load(QEMUFile *f, void *opaque, int version_id)
-{
- MouseState *s = (MouseState *)opaque;
-
- if (version_id != 1)
- return -EINVAL;
-
- qemu_get_sbe32s(f, &s->buttons_state);
- qemu_get_sbe32s(f, &s->last_buttons_state);
- qemu_get_sbe32s(f, &s->dx);
- qemu_get_sbe32s(f, &s->dy);
- qemu_get_sbe32s(f, &s->dz);
-
- return 0;
-}
+static const VMStateDescription vmstate_adb_mouse = {
+ .name = "adb_mouse",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_INT32(buttons_state, MouseState),
+ VMSTATE_INT32(last_buttons_state, MouseState),
+ VMSTATE_INT32(dx, MouseState),
+ VMSTATE_INT32(dy, MouseState),
+ VMSTATE_INT32(dz, MouseState),
+ VMSTATE_END_OF_LIST()
+ }
+};
void adb_mouse_init(ADBBusState *bus)
{
@@ -475,6 +451,5 @@ void adb_mouse_init(ADBBusState *bus)
d = adb_register_device(bus, ADB_MOUSE, adb_mouse_request,
adb_mouse_reset, s);
qemu_add_mouse_event_handler(adb_mouse_event, d, 0, "QEMU ADB Mouse");
- register_savevm(NULL, "adb_mouse", -1, 1, adb_mouse_save,
- adb_mouse_load, s);
+ vmstate_register(NULL, -1, &vmstate_adb_mouse, s);
}
diff --git a/hw/ads7846.c b/hw/ads7846.c
index b3bbeaf..9c58a5f 100644
--- a/hw/ads7846.c
+++ b/hw/ads7846.c
@@ -105,35 +105,30 @@ static void ads7846_ts_event(void *opaque,
}
}
-static void ads7846_save(QEMUFile *f, void *opaque)
+static int ads7856_post_load(void *opaque, int version_id)
{
- ADS7846State *s = (ADS7846State *) opaque;
- int i;
-
- for (i = 0; i < 8; i ++)
- qemu_put_be32(f, s->input[i]);
- qemu_put_be32(f, s->noise);
- qemu_put_be32(f, s->cycle);
- qemu_put_be32(f, s->output);
-}
-
-static int ads7846_load(QEMUFile *f, void *opaque, int version_id)
-{
- ADS7846State *s = (ADS7846State *) opaque;
- int i;
-
- for (i = 0; i < 8; i ++)
- s->input[i] = qemu_get_be32(f);
- s->noise = qemu_get_be32(f);
- s->cycle = qemu_get_be32(f);
- s->output = qemu_get_be32(f);
+ ADS7846State *s = opaque;
s->pressure = 0;
ads7846_int_update(s);
-
return 0;
}
+static const VMStateDescription vmstate_ads7846 = {
+ .name = "ads7846",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .post_load = ads7856_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_INT32_ARRAY(input, ADS7846State, 8),
+ VMSTATE_INT32(noise, ADS7846State),
+ VMSTATE_INT32(cycle, ADS7846State),
+ VMSTATE_INT32(output, ADS7846State),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
static int ads7846_init(SSISlave *dev)
{
ADS7846State *s = FROM_SSI_SLAVE(ADS7846State, dev);
@@ -151,7 +146,7 @@ static int ads7846_init(SSISlave *dev)
ads7846_int_update(s);
- register_savevm(NULL, "ads7846", -1, 0, ads7846_save, ads7846_load, s);
+ vmstate_register(NULL, -1, &vmstate_ads7846, s);
return 0;
}
diff --git a/hw/an5206.c b/hw/an5206.c
index b9f19a9..42a0163 100644
--- a/hw/an5206.c
+++ b/hw/an5206.c
@@ -9,7 +9,6 @@
#include "hw.h"
#include "pc.h"
#include "mcf.h"
-#include "sysemu.h"
#include "boards.h"
#include "loader.h"
#include "elf.h"
diff --git a/hw/arm_boot.c b/hw/arm_boot.c
index 41e99d1..bfac982 100644
--- a/hw/arm_boot.c
+++ b/hw/arm_boot.c
@@ -15,7 +15,7 @@
#define KERNEL_ARGS_ADDR 0x100
#define KERNEL_LOAD_ADDR 0x00010000
-#define INITRD_LOAD_ADDR 0x00800000
+#define INITRD_LOAD_ADDR 0x00d00000
/* The worlds second smallest bootloader. Set r0-r2, then jump to kernel. */
static uint32_t bootloader[] = {
diff --git a/hw/arm_timer.c b/hw/arm_timer.c
index 82f05de..dac9e70 100644
--- a/hw/arm_timer.c
+++ b/hw/arm_timer.c
@@ -140,28 +140,19 @@ static void arm_timer_tick(void *opaque)
arm_timer_update(s);
}
-static void arm_timer_save(QEMUFile *f, void *opaque)
-{
- arm_timer_state *s = (arm_timer_state *)opaque;
- qemu_put_be32(f, s->control);
- qemu_put_be32(f, s->limit);
- qemu_put_be32(f, s->int_level);
- qemu_put_ptimer(f, s->timer);
-}
-
-static int arm_timer_load(QEMUFile *f, void *opaque, int version_id)
-{
- arm_timer_state *s = (arm_timer_state *)opaque;
-
- if (version_id != 1)
- return -EINVAL;
-
- s->control = qemu_get_be32(f);
- s->limit = qemu_get_be32(f);
- s->int_level = qemu_get_be32(f);
- qemu_get_ptimer(f, s->timer);
- return 0;
-}
+static const VMStateDescription vmstate_arm_timer = {
+ .name = "arm_timer",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(control, arm_timer_state),
+ VMSTATE_UINT32(limit, arm_timer_state),
+ VMSTATE_INT32(int_level, arm_timer_state),
+ VMSTATE_PTIMER(timer, arm_timer_state),
+ VMSTATE_END_OF_LIST()
+ }
+};
static arm_timer_state *arm_timer_init(uint32_t freq)
{
@@ -174,7 +165,7 @@ static arm_timer_state *arm_timer_init(uint32_t freq)
bh = qemu_bh_new(arm_timer_tick, s);
s->timer = ptimer_init(bh);
- register_savevm(NULL, "arm_timer", -1, 1, arm_timer_save, arm_timer_load, s);
+ vmstate_register(NULL, -1, &vmstate_arm_timer, s);
return s;
}
@@ -235,24 +226,17 @@ static CPUWriteMemoryFunc * const sp804_writefn[] = {
sp804_write
};
-static void sp804_save(QEMUFile *f, void *opaque)
-{
- sp804_state *s = (sp804_state *)opaque;
- qemu_put_be32(f, s->level[0]);
- qemu_put_be32(f, s->level[1]);
-}
-
-static int sp804_load(QEMUFile *f, void *opaque, int version_id)
-{
- sp804_state *s = (sp804_state *)opaque;
- if (version_id != 1)
- return -EINVAL;
-
- s->level[0] = qemu_get_be32(f);
- s->level[1] = qemu_get_be32(f);
- return 0;
-}
+static const VMStateDescription vmstate_sp804 = {
+ .name = "sp804",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_INT32_ARRAY(level, sp804_state, 2),
+ VMSTATE_END_OF_LIST()
+ }
+};
static int sp804_init(SysBusDevice *dev)
{
@@ -271,7 +255,7 @@ static int sp804_init(SysBusDevice *dev)
iomemtype = cpu_register_io_memory(sp804_readfn,
sp804_writefn, s, DEVICE_NATIVE_ENDIAN);
sysbus_init_mmio(dev, 0x1000, iomemtype);
- register_savevm(&dev->qdev, "sp804", -1, 1, sp804_save, sp804_load, s);
+ vmstate_register(&dev->qdev, -1, &vmstate_sp804, s);
return 0;
}
diff --git a/hw/armv7m.c b/hw/armv7m.c
index 304cd34..72d010a 100644
--- a/hw/armv7m.c
+++ b/hw/armv7m.c
@@ -9,7 +9,6 @@
#include "sysbus.h"
#include "arm-misc.h"
-#include "sysemu.h"
#include "loader.h"
#include "elf.h"
diff --git a/hw/armv7m_nvic.c b/hw/armv7m_nvic.c
index ffe16b8..d06eec9 100644
--- a/hw/armv7m_nvic.c
+++ b/hw/armv7m_nvic.c
@@ -365,30 +365,19 @@ static void nvic_writel(void *opaque, uint32_t offset, uint32_t value)
}
}
-static void nvic_save(QEMUFile *f, void *opaque)
-{
- nvic_state *s = (nvic_state *)opaque;
-
- qemu_put_be32(f, s->systick.control);
- qemu_put_be32(f, s->systick.reload);
- qemu_put_be64(f, s->systick.tick);
- qemu_put_timer(f, s->systick.timer);
-}
-
-static int nvic_load(QEMUFile *f, void *opaque, int version_id)
-{
- nvic_state *s = (nvic_state *)opaque;
-
- if (version_id != 1)
- return -EINVAL;
-
- s->systick.control = qemu_get_be32(f);
- s->systick.reload = qemu_get_be32(f);
- s->systick.tick = qemu_get_be64(f);
- qemu_get_timer(f, s->systick.timer);
-
- return 0;
-}
+static const VMStateDescription vmstate_nvic = {
+ .name = "armv7m_nvic",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(systick.control, nvic_state),
+ VMSTATE_UINT32(systick.reload, nvic_state),
+ VMSTATE_INT64(systick.tick, nvic_state),
+ VMSTATE_TIMER(systick.timer, nvic_state),
+ VMSTATE_END_OF_LIST()
+ }
+};
static int armv7m_nvic_init(SysBusDevice *dev)
{
@@ -397,7 +386,7 @@ static int armv7m_nvic_init(SysBusDevice *dev)
gic_init(&s->gic);
cpu_register_physical_memory(0xe000e000, 0x1000, s->gic.iomemtype);
s->systick.timer = qemu_new_timer_ns(vm_clock, systick_timer_tick, s);
- register_savevm(&dev->qdev, "armv7m_nvic", -1, 1, nvic_save, nvic_load, s);
+ vmstate_register(&dev->qdev, -1, &vmstate_nvic, s);
return 0;
}
diff --git a/hw/axis_dev88.c b/hw/axis_dev88.c
index 57b5e2f..0e2135a 100644
--- a/hw/axis_dev88.c
+++ b/hw/axis_dev88.c
@@ -26,7 +26,6 @@
#include "net.h"
#include "flash.h"
#include "boards.h"
-#include "sysemu.h"
#include "etraxfs.h"
#include "loader.h"
#include "elf.h"
diff --git a/hw/blizzard.c b/hw/blizzard.c
index 5f329ad..c524550 100644
--- a/hw/blizzard.c
+++ b/hw/blizzard.c
@@ -19,7 +19,6 @@
*/
#include "qemu-common.h"
-#include "sysemu.h"
#include "console.h"
#include "devices.h"
#include "vga_int.h"
diff --git a/hw/bt-hci-csr.c b/hw/bt-hci-csr.c
index 65ffa37..d135ef4 100644
--- a/hw/bt-hci-csr.c
+++ b/hw/bt-hci-csr.c
@@ -22,7 +22,6 @@
#include "qemu-char.h"
#include "qemu-timer.h"
#include "irq.h"
-#include "sysemu.h"
#include "net.h"
#include "bt.h"
diff --git a/hw/ccid-card-emulated.c b/hw/ccid-card-emulated.c
new file mode 100644
index 0000000..0b07184
--- /dev/null
+++ b/hw/ccid-card-emulated.c
@@ -0,0 +1,595 @@
+/*
+ * CCID Card Device. Emulated card.
+ *
+ * Copyright (c) 2011 Red Hat.
+ * Written by Alon Levy.
+ *
+ * This code is licenced under the GNU LGPL, version 2 or later.
+ */
+
+/*
+ * It can be used to provide access to the local hardware in a non exclusive
+ * way, or it can use certificates. It requires the usb-ccid bus.
+ *
+ * Usage 1: standard, mirror hardware reader+card:
+ * qemu .. -usb -device usb-ccid -device ccid-card-emulated
+ *
+ * Usage 2: use certificates, no hardware required
+ * one time: create the certificates:
+ * for i in 1 2 3; do
+ * certutil -d /etc/pki/nssdb -x -t "CT,CT,CT" -S -s "CN=user$i" -n user$i
+ * done
+ * qemu .. -usb -device usb-ccid \
+ * -device ccid-card-emulated,cert1=user1,cert2=user2,cert3=user3
+ *
+ * If you use a non default db for the certificates you can specify it using
+ * the db parameter.
+ */
+
+#include <eventt.h>
+#include <vevent.h>
+#include <vreader.h>
+#include <vcard_emul.h>
+
+#include "qemu-thread.h"
+#include "qemu-char.h"
+#include "monitor.h"
+#include "hw/ccid.h"
+
+#define DPRINTF(card, lvl, fmt, ...) \
+do {\
+ if (lvl <= card->debug) {\
+ printf("ccid-card-emul: %s: " fmt , __func__, ## __VA_ARGS__);\
+ } \
+} while (0)
+
+#define EMULATED_DEV_NAME "ccid-card-emulated"
+
+#define BACKEND_NSS_EMULATED_NAME "nss-emulated"
+#define BACKEND_CERTIFICATES_NAME "certificates"
+
+enum {
+ BACKEND_NSS_EMULATED = 1,
+ BACKEND_CERTIFICATES
+};
+
+#define DEFAULT_BACKEND BACKEND_NSS_EMULATED
+
+typedef struct EmulatedState EmulatedState;
+
+enum {
+ EMUL_READER_INSERT = 0,
+ EMUL_READER_REMOVE,
+ EMUL_CARD_INSERT,
+ EMUL_CARD_REMOVE,
+ EMUL_GUEST_APDU,
+ EMUL_RESPONSE_APDU,
+ EMUL_ERROR,
+};
+
+static const char *emul_event_to_string(uint32_t emul_event)
+{
+ switch (emul_event) {
+ case EMUL_READER_INSERT:
+ return "EMUL_READER_INSERT";
+ case EMUL_READER_REMOVE:
+ return "EMUL_READER_REMOVE";
+ case EMUL_CARD_INSERT:
+ return "EMUL_CARD_INSERT";
+ case EMUL_CARD_REMOVE:
+ return "EMUL_CARD_REMOVE";
+ case EMUL_GUEST_APDU:
+ return "EMUL_GUEST_APDU";
+ case EMUL_RESPONSE_APDU:
+ return "EMUL_RESPONSE_APDU";
+ case EMUL_ERROR:
+ return "EMUL_ERROR";
+ }
+ return "UNKNOWN";
+}
+
+typedef struct EmulEvent {
+ QSIMPLEQ_ENTRY(EmulEvent) entry;
+ union {
+ struct {
+ uint32_t type;
+ } gen;
+ struct {
+ uint32_t type;
+ uint64_t code;
+ } error;
+ struct {
+ uint32_t type;
+ uint32_t len;
+ uint8_t data[];
+ } data;
+ } p;
+} EmulEvent;
+
+#define MAX_ATR_SIZE 40
+struct EmulatedState {
+ CCIDCardState base;
+ uint8_t debug;
+ char *backend_str;
+ uint32_t backend;
+ char *cert1;
+ char *cert2;
+ char *cert3;
+ char *db;
+ uint8_t atr[MAX_ATR_SIZE];
+ uint8_t atr_length;
+ QSIMPLEQ_HEAD(event_list, EmulEvent) event_list;
+ QemuMutex event_list_mutex;
+ VReader *reader;
+ QSIMPLEQ_HEAD(guest_apdu_list, EmulEvent) guest_apdu_list;
+ QemuMutex vreader_mutex; /* and guest_apdu_list mutex */
+ QemuMutex handle_apdu_mutex;
+ QemuCond handle_apdu_cond;
+ int pipe[2];
+ int quit_apdu_thread;
+ QemuMutex apdu_thread_quit_mutex;
+ QemuCond apdu_thread_quit_cond;
+};
+
+static void emulated_apdu_from_guest(CCIDCardState *base,
+ const uint8_t *apdu, uint32_t len)
+{
+ EmulatedState *card = DO_UPCAST(EmulatedState, base, base);
+ EmulEvent *event = (EmulEvent *)qemu_malloc(sizeof(EmulEvent) + len);
+
+ assert(event);
+ event->p.data.type = EMUL_GUEST_APDU;
+ event->p.data.len = len;
+ memcpy(event->p.data.data, apdu, len);
+ qemu_mutex_lock(&card->vreader_mutex);
+ QSIMPLEQ_INSERT_TAIL(&card->guest_apdu_list, event, entry);
+ qemu_mutex_unlock(&card->vreader_mutex);
+ qemu_mutex_lock(&card->handle_apdu_mutex);
+ qemu_cond_signal(&card->handle_apdu_cond);
+ qemu_mutex_unlock(&card->handle_apdu_mutex);
+}
+
+static const uint8_t *emulated_get_atr(CCIDCardState *base, uint32_t *len)
+{
+ EmulatedState *card = DO_UPCAST(EmulatedState, base, base);
+
+ *len = card->atr_length;
+ return card->atr;
+}
+
+static void emulated_push_event(EmulatedState *card, EmulEvent *event)
+{
+ qemu_mutex_lock(&card->event_list_mutex);
+ QSIMPLEQ_INSERT_TAIL(&(card->event_list), event, entry);
+ qemu_mutex_unlock(&card->event_list_mutex);
+ if (write(card->pipe[1], card, 1) != 1) {
+ DPRINTF(card, 1, "write to pipe failed\n");
+ }
+}
+
+static void emulated_push_type(EmulatedState *card, uint32_t type)
+{
+ EmulEvent *event = (EmulEvent *)qemu_malloc(sizeof(EmulEvent));
+
+ assert(event);
+ event->p.gen.type = type;
+ emulated_push_event(card, event);
+}
+
+static void emulated_push_error(EmulatedState *card, uint64_t code)
+{
+ EmulEvent *event = (EmulEvent *)qemu_malloc(sizeof(EmulEvent));
+
+ assert(event);
+ event->p.error.type = EMUL_ERROR;
+ event->p.error.code = code;
+ emulated_push_event(card, event);
+}
+
+static void emulated_push_data_type(EmulatedState *card, uint32_t type,
+ const uint8_t *data, uint32_t len)
+{
+ EmulEvent *event = (EmulEvent *)qemu_malloc(sizeof(EmulEvent) + len);
+
+ assert(event);
+ event->p.data.type = type;
+ event->p.data.len = len;
+ memcpy(event->p.data.data, data, len);
+ emulated_push_event(card, event);
+}
+
+static void emulated_push_reader_insert(EmulatedState *card)
+{
+ emulated_push_type(card, EMUL_READER_INSERT);
+}
+
+static void emulated_push_reader_remove(EmulatedState *card)
+{
+ emulated_push_type(card, EMUL_READER_REMOVE);
+}
+
+static void emulated_push_card_insert(EmulatedState *card,
+ const uint8_t *atr, uint32_t len)
+{
+ emulated_push_data_type(card, EMUL_CARD_INSERT, atr, len);
+}
+
+static void emulated_push_card_remove(EmulatedState *card)
+{
+ emulated_push_type(card, EMUL_CARD_REMOVE);
+}
+
+static void emulated_push_response_apdu(EmulatedState *card,
+ const uint8_t *apdu, uint32_t len)
+{
+ emulated_push_data_type(card, EMUL_RESPONSE_APDU, apdu, len);
+}
+
+#define APDU_BUF_SIZE 270
+static void *handle_apdu_thread(void* arg)
+{
+ EmulatedState *card = arg;
+ uint8_t recv_data[APDU_BUF_SIZE];
+ int recv_len;
+ VReaderStatus reader_status;
+ EmulEvent *event;
+
+ while (1) {
+ qemu_mutex_lock(&card->handle_apdu_mutex);
+ qemu_cond_wait(&card->handle_apdu_cond, &card->handle_apdu_mutex);
+ qemu_mutex_unlock(&card->handle_apdu_mutex);
+ if (card->quit_apdu_thread) {
+ card->quit_apdu_thread = 0; /* debugging */
+ break;
+ }
+ qemu_mutex_lock(&card->vreader_mutex);
+ while (!QSIMPLEQ_EMPTY(&card->guest_apdu_list)) {
+ event = QSIMPLEQ_FIRST(&card->guest_apdu_list);
+ assert((unsigned long)event > 1000);
+ QSIMPLEQ_REMOVE_HEAD(&card->guest_apdu_list, entry);
+ if (event->p.data.type != EMUL_GUEST_APDU) {
+ DPRINTF(card, 1, "unexpected message in handle_apdu_thread\n");
+ qemu_free(event);
+ continue;
+ }
+ if (card->reader == NULL) {
+ DPRINTF(card, 1, "reader is NULL\n");
+ qemu_free(event);
+ continue;
+ }
+ recv_len = sizeof(recv_data);
+ reader_status = vreader_xfr_bytes(card->reader,
+ event->p.data.data, event->p.data.len,
+ recv_data, &recv_len);
+ DPRINTF(card, 2, "got back apdu of length %d\n", recv_len);
+ if (reader_status == VREADER_OK) {
+ emulated_push_response_apdu(card, recv_data, recv_len);
+ } else {
+ emulated_push_error(card, reader_status);
+ }
+ qemu_free(event);
+ }
+ qemu_mutex_unlock(&card->vreader_mutex);
+ }
+ qemu_mutex_lock(&card->apdu_thread_quit_mutex);
+ qemu_cond_signal(&card->apdu_thread_quit_cond);
+ qemu_mutex_unlock(&card->apdu_thread_quit_mutex);
+ return NULL;
+}
+
+static void *event_thread(void *arg)
+{
+ int atr_len = MAX_ATR_SIZE;
+ uint8_t atr[MAX_ATR_SIZE];
+ VEvent *event = NULL;
+ EmulatedState *card = arg;
+
+ while (1) {
+ const char *reader_name;
+
+ event = vevent_wait_next_vevent();
+ if (event == NULL || event->type == VEVENT_LAST) {
+ break;
+ }
+ if (event->type != VEVENT_READER_INSERT) {
+ if (card->reader == NULL && event->reader != NULL) {
+ /* Happens after device_add followed by card remove or insert.
+ * XXX: create synthetic add_reader events if vcard_emul_init
+ * already called, which happens if device_del and device_add
+ * are called */
+ card->reader = vreader_reference(event->reader);
+ } else {
+ if (event->reader != card->reader) {
+ fprintf(stderr,
+ "ERROR: wrong reader: quiting event_thread\n");
+ break;
+ }
+ }
+ }
+ switch (event->type) {
+ case VEVENT_READER_INSERT:
+ /* TODO: take a specific reader. i.e. track which reader
+ * we are seeing here, check it is the one we want (the first,
+ * or by a particular name), and ignore if we don't want it.
+ */
+ reader_name = vreader_get_name(event->reader);
+ if (card->reader != NULL) {
+ DPRINTF(card, 2, "READER INSERT - replacing %s with %s\n",
+ vreader_get_name(card->reader), reader_name);
+ qemu_mutex_lock(&card->vreader_mutex);
+ vreader_free(card->reader);
+ qemu_mutex_unlock(&card->vreader_mutex);
+ emulated_push_reader_remove(card);
+ }
+ qemu_mutex_lock(&card->vreader_mutex);
+ DPRINTF(card, 2, "READER INSERT %s\n", reader_name);
+ card->reader = vreader_reference(event->reader);
+ qemu_mutex_unlock(&card->vreader_mutex);
+ emulated_push_reader_insert(card);
+ break;
+ case VEVENT_READER_REMOVE:
+ DPRINTF(card, 2, " READER REMOVE: %s\n",
+ vreader_get_name(event->reader));
+ qemu_mutex_lock(&card->vreader_mutex);
+ vreader_free(card->reader);
+ card->reader = NULL;
+ qemu_mutex_unlock(&card->vreader_mutex);
+ emulated_push_reader_remove(card);
+ break;
+ case VEVENT_CARD_INSERT:
+ /* get the ATR (intended as a response to a power on from the
+ * reader */
+ atr_len = MAX_ATR_SIZE;
+ vreader_power_on(event->reader, atr, &atr_len);
+ card->atr_length = (uint8_t)atr_len;
+ DPRINTF(card, 2, " CARD INSERT\n");
+ emulated_push_card_insert(card, atr, atr_len);
+ break;
+ case VEVENT_CARD_REMOVE:
+ DPRINTF(card, 2, " CARD REMOVE\n");
+ emulated_push_card_remove(card);
+ break;
+ case VEVENT_LAST: /* quit */
+ vevent_delete(event);
+ return NULL;
+ break;
+ default:
+ break;
+ }
+ vevent_delete(event);
+ }
+ return NULL;
+}
+
+static void pipe_read(void *opaque)
+{
+ EmulatedState *card = opaque;
+ EmulEvent *event, *next;
+ char dummy;
+ int len;
+
+ do {
+ len = read(card->pipe[0], &dummy, sizeof(dummy));
+ } while (len == sizeof(dummy));
+ qemu_mutex_lock(&card->event_list_mutex);
+ QSIMPLEQ_FOREACH_SAFE(event, &card->event_list, entry, next) {
+ DPRINTF(card, 2, "event %s\n", emul_event_to_string(event->p.gen.type));
+ switch (event->p.gen.type) {
+ case EMUL_RESPONSE_APDU:
+ ccid_card_send_apdu_to_guest(&card->base, event->p.data.data,
+ event->p.data.len);
+ break;
+ case EMUL_READER_INSERT:
+ ccid_card_ccid_attach(&card->base);
+ break;
+ case EMUL_READER_REMOVE:
+ ccid_card_ccid_detach(&card->base);
+ break;
+ case EMUL_CARD_INSERT:
+ assert(event->p.data.len <= MAX_ATR_SIZE);
+ card->atr_length = event->p.data.len;
+ memcpy(card->atr, event->p.data.data, card->atr_length);
+ ccid_card_card_inserted(&card->base);
+ break;
+ case EMUL_CARD_REMOVE:
+ ccid_card_card_removed(&card->base);
+ break;
+ case EMUL_ERROR:
+ ccid_card_card_error(&card->base, event->p.error.code);
+ break;
+ default:
+ DPRINTF(card, 2, "unexpected event\n");
+ break;
+ }
+ qemu_free(event);
+ }
+ QSIMPLEQ_INIT(&card->event_list);
+ qemu_mutex_unlock(&card->event_list_mutex);
+}
+
+static int init_pipe_signaling(EmulatedState *card)
+{
+ if (pipe(card->pipe) < 0) {
+ DPRINTF(card, 2, "pipe creation failed\n");
+ return -1;
+ }
+ fcntl(card->pipe[0], F_SETFL, O_NONBLOCK);
+ fcntl(card->pipe[1], F_SETFL, O_NONBLOCK);
+ fcntl(card->pipe[0], F_SETOWN, getpid());
+ qemu_set_fd_handler(card->pipe[0], pipe_read, NULL, card);
+ return 0;
+}
+
+#define CERTIFICATES_DEFAULT_DB "/etc/pki/nssdb"
+#define CERTIFICATES_ARGS_TEMPLATE\
+ "db=\"%s\" use_hw=no soft=(,Virtual Reader,CAC,,%s,%s,%s)"
+
+static int wrap_vcard_emul_init(VCardEmulOptions *options)
+{
+ static int called;
+ static int options_was_null;
+
+ if (called) {
+ if ((options == NULL) != options_was_null) {
+ printf("%s: warning: running emulated with certificates"
+ " and emulated side by side is not supported\n",
+ __func__);
+ return VCARD_EMUL_FAIL;
+ }
+ vcard_emul_replay_insertion_events();
+ return VCARD_EMUL_OK;
+ }
+ options_was_null = (options == NULL);
+ called = 1;
+ return vcard_emul_init(options);
+}
+
+static int emulated_initialize_vcard_from_certificates(EmulatedState *card)
+{
+ char emul_args[200];
+ VCardEmulOptions *options = NULL;
+
+ snprintf(emul_args, sizeof(emul_args) - 1, CERTIFICATES_ARGS_TEMPLATE,
+ card->db ? card->db : CERTIFICATES_DEFAULT_DB,
+ card->cert1, card->cert2, card->cert3);
+ options = vcard_emul_options(emul_args);
+ if (options == NULL) {
+ printf("%s: warning: not using certificates due to"
+ " initialization error\n", __func__);
+ }
+ return wrap_vcard_emul_init(options);
+}
+
+typedef struct EnumTable {
+ const char *name;
+ uint32_t value;
+} EnumTable;
+
+EnumTable backend_enum_table[] = {
+ {BACKEND_NSS_EMULATED_NAME, BACKEND_NSS_EMULATED},
+ {BACKEND_CERTIFICATES_NAME, BACKEND_CERTIFICATES},
+ {NULL, 0},
+};
+
+static uint32_t parse_enumeration(char *str,
+ EnumTable *table, uint32_t not_found_value)
+{
+ uint32_t ret = not_found_value;
+
+ while (table->name != NULL) {
+ if (strcmp(table->name, str) == 0) {
+ ret = table->value;
+ break;
+ }
+ table++;
+ }
+ return ret;
+}
+
+static int emulated_initfn(CCIDCardState *base)
+{
+ EmulatedState *card = DO_UPCAST(EmulatedState, base, base);
+ QemuThread thread_id;
+ VCardEmulError ret;
+ EnumTable *ptable;
+
+ QSIMPLEQ_INIT(&card->event_list);
+ QSIMPLEQ_INIT(&card->guest_apdu_list);
+ qemu_mutex_init(&card->event_list_mutex);
+ qemu_mutex_init(&card->vreader_mutex);
+ qemu_mutex_init(&card->handle_apdu_mutex);
+ qemu_cond_init(&card->handle_apdu_cond);
+ card->reader = NULL;
+ card->quit_apdu_thread = 0;
+ if (init_pipe_signaling(card) < 0) {
+ return -1;
+ }
+ card->backend = parse_enumeration(card->backend_str, backend_enum_table, 0);
+ if (card->backend == 0) {
+ printf("unknown backend, must be one of:\n");
+ for (ptable = backend_enum_table; ptable->name != NULL; ++ptable) {
+ printf("%s\n", ptable->name);
+ }
+ return -1;
+ }
+
+ /* TODO: a passthru backened that works on local machine. third card type?*/
+ if (card->backend == BACKEND_CERTIFICATES) {
+ if (card->cert1 != NULL && card->cert2 != NULL && card->cert3 != NULL) {
+ ret = emulated_initialize_vcard_from_certificates(card);
+ } else {
+ printf("%s: you must provide all three certs for"
+ " certificates backend\n", EMULATED_DEV_NAME);
+ return -1;
+ }
+ } else {
+ if (card->backend != BACKEND_NSS_EMULATED) {
+ printf("%s: bad backend specified. The options are:\n%s (default),"
+ " %s.\n", EMULATED_DEV_NAME, BACKEND_NSS_EMULATED_NAME,
+ BACKEND_CERTIFICATES_NAME);
+ return -1;
+ }
+ if (card->cert1 != NULL || card->cert2 != NULL || card->cert3 != NULL) {
+ printf("%s: unexpected cert parameters to nss emulated backend\n",
+ EMULATED_DEV_NAME);
+ return -1;
+ }
+ /* default to mirroring the local hardware readers */
+ ret = wrap_vcard_emul_init(NULL);
+ }
+ if (ret != VCARD_EMUL_OK) {
+ printf("%s: failed to initialize vcard\n", EMULATED_DEV_NAME);
+ return -1;
+ }
+ qemu_thread_create(&thread_id, event_thread, card);
+ qemu_thread_create(&thread_id, handle_apdu_thread, card);
+ return 0;
+}
+
+static int emulated_exitfn(CCIDCardState *base)
+{
+ EmulatedState *card = DO_UPCAST(EmulatedState, base, base);
+ VEvent *vevent = vevent_new(VEVENT_LAST, NULL, NULL);
+
+ vevent_queue_vevent(vevent); /* stop vevent thread */
+ qemu_mutex_lock(&card->apdu_thread_quit_mutex);
+ card->quit_apdu_thread = 1; /* stop handle_apdu thread */
+ qemu_cond_signal(&card->handle_apdu_cond);
+ qemu_cond_wait(&card->apdu_thread_quit_cond,
+ &card->apdu_thread_quit_mutex);
+ /* handle_apdu thread stopped, can destroy all of it's mutexes */
+ qemu_cond_destroy(&card->handle_apdu_cond);
+ qemu_cond_destroy(&card->apdu_thread_quit_cond);
+ qemu_mutex_destroy(&card->apdu_thread_quit_mutex);
+ qemu_mutex_destroy(&card->handle_apdu_mutex);
+ qemu_mutex_destroy(&card->vreader_mutex);
+ qemu_mutex_destroy(&card->event_list_mutex);
+ return 0;
+}
+
+static CCIDCardInfo emulated_card_info = {
+ .qdev.name = EMULATED_DEV_NAME,
+ .qdev.desc = "emulated smartcard",
+ .qdev.size = sizeof(EmulatedState),
+ .initfn = emulated_initfn,
+ .exitfn = emulated_exitfn,
+ .get_atr = emulated_get_atr,
+ .apdu_from_guest = emulated_apdu_from_guest,
+ .qdev.unplug = qdev_simple_unplug_cb,
+ .qdev.props = (Property[]) {
+ DEFINE_PROP_STRING("backend", EmulatedState, backend_str),
+ DEFINE_PROP_STRING("cert1", EmulatedState, cert1),
+ DEFINE_PROP_STRING("cert2", EmulatedState, cert2),
+ DEFINE_PROP_STRING("cert3", EmulatedState, cert3),
+ DEFINE_PROP_STRING("db", EmulatedState, db),
+ DEFINE_PROP_UINT8("debug", EmulatedState, debug, 0),
+ DEFINE_PROP_END_OF_LIST(),
+ },
+};
+
+static void ccid_card_emulated_register_devices(void)
+{
+ ccid_card_qdev_register(&emulated_card_info);
+}
+
+device_init(ccid_card_emulated_register_devices)
diff --git a/hw/ccid-card-passthru.c b/hw/ccid-card-passthru.c
new file mode 100644
index 0000000..28eb9d1
--- /dev/null
+++ b/hw/ccid-card-passthru.c
@@ -0,0 +1,339 @@
+/*
+ * CCID Passthru Card Device emulation
+ *
+ * Copyright (c) 2011 Red Hat.
+ * Written by Alon Levy.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2.1 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "qemu-char.h"
+#include "qemu_socket.h"
+#include "monitor.h"
+#include "hw/ccid.h"
+#include "libcacard/vscard_common.h"
+
+#define DPRINTF(card, lvl, fmt, ...) \
+do { \
+ if (lvl <= card->debug) { \
+ printf("ccid-card-passthru: " fmt , ## __VA_ARGS__); \
+ } \
+} while (0)
+
+#define D_WARN 1
+#define D_INFO 2
+#define D_MORE_INFO 3
+#define D_VERBOSE 4
+
+/* TODO: do we still need this? */
+uint8_t DEFAULT_ATR[] = {
+/*
+ * From some example somewhere
+ * 0x3B, 0xB0, 0x18, 0x00, 0xD1, 0x81, 0x05, 0xB1, 0x40, 0x38, 0x1F, 0x03, 0x28
+ */
+
+/* From an Athena smart card */
+ 0x3B, 0xD5, 0x18, 0xFF, 0x80, 0x91, 0xFE, 0x1F, 0xC3, 0x80, 0x73, 0xC8, 0x21,
+ 0x13, 0x08
+};
+
+
+#define PASSTHRU_DEV_NAME "ccid-card-passthru"
+#define VSCARD_IN_SIZE 65536
+
+/* maximum size of ATR - from 7816-3 */
+#define MAX_ATR_SIZE 40
+
+typedef struct PassthruState PassthruState;
+
+struct PassthruState {
+ CCIDCardState base;
+ CharDriverState *cs;
+ uint8_t vscard_in_data[VSCARD_IN_SIZE];
+ uint32_t vscard_in_pos;
+ uint32_t vscard_in_hdr;
+ uint8_t atr[MAX_ATR_SIZE];
+ uint8_t atr_length;
+ uint8_t debug;
+};
+
+/*
+ * VSCard protocol over chardev
+ * This code should not depend on the card type.
+ */
+
+static void ccid_card_vscard_send_msg(PassthruState *s,
+ VSCMsgType type, uint32_t reader_id,
+ const uint8_t *payload, uint32_t length)
+{
+ VSCMsgHeader scr_msg_header;
+
+ scr_msg_header.type = htonl(type);
+ scr_msg_header.reader_id = htonl(reader_id);
+ scr_msg_header.length = htonl(length);
+ qemu_chr_write(s->cs, (uint8_t *)&scr_msg_header, sizeof(VSCMsgHeader));
+ qemu_chr_write(s->cs, payload, length);
+}
+
+static void ccid_card_vscard_send_apdu(PassthruState *s,
+ const uint8_t *apdu, uint32_t length)
+{
+ ccid_card_vscard_send_msg(
+ s, VSC_APDU, VSCARD_MINIMAL_READER_ID, apdu, length);
+}
+
+static void ccid_card_vscard_send_error(PassthruState *s,
+ uint32_t reader_id, VSCErrorCode code)
+{
+ VSCMsgError msg = {.code = htonl(code)};
+
+ ccid_card_vscard_send_msg(
+ s, VSC_Error, reader_id, (uint8_t *)&msg, sizeof(msg));
+}
+
+static void ccid_card_vscard_send_init(PassthruState *s)
+{
+ VSCMsgInit msg = {
+ .version = htonl(VSCARD_VERSION),
+ .magic = VSCARD_MAGIC,
+ .capabilities = {0}
+ };
+
+ ccid_card_vscard_send_msg(s, VSC_Init, VSCARD_UNDEFINED_READER_ID,
+ (uint8_t *)&msg, sizeof(msg));
+}
+
+static int ccid_card_vscard_can_read(void *opaque)
+{
+ PassthruState *card = opaque;
+
+ return VSCARD_IN_SIZE >= card->vscard_in_pos ?
+ VSCARD_IN_SIZE - card->vscard_in_pos : 0;
+}
+
+static void ccid_card_vscard_handle_init(
+ PassthruState *card, VSCMsgHeader *hdr, VSCMsgInit *init)
+{
+ uint32_t *capabilities;
+ int num_capabilities;
+ int i;
+
+ capabilities = init->capabilities;
+ num_capabilities =
+ 1 + ((hdr->length - sizeof(VSCMsgInit)) / sizeof(uint32_t));
+ init->version = ntohl(init->version);
+ for (i = 0 ; i < num_capabilities; ++i) {
+ capabilities[i] = ntohl(capabilities[i]);
+ }
+ if (init->magic != VSCARD_MAGIC) {
+ error_report("wrong magic");
+ /* we can't disconnect the chardev */
+ }
+ if (init->version != VSCARD_VERSION) {
+ DPRINTF(card, D_WARN,
+ "got version %d, have %d", init->version, VSCARD_VERSION);
+ }
+ /* future handling of capabilities, none exist atm */
+ ccid_card_vscard_send_init(card);
+}
+
+static void ccid_card_vscard_handle_message(PassthruState *card,
+ VSCMsgHeader *scr_msg_header)
+{
+ uint8_t *data = (uint8_t *)&scr_msg_header[1];
+
+ switch (scr_msg_header->type) {
+ case VSC_ATR:
+ DPRINTF(card, D_INFO, "VSC_ATR %d\n", scr_msg_header->length);
+ if (scr_msg_header->length > MAX_ATR_SIZE) {
+ error_report("ATR size exceeds spec, ignoring");
+ ccid_card_vscard_send_error(card, scr_msg_header->reader_id,
+ VSC_GENERAL_ERROR);
+ }
+ memcpy(card->atr, data, scr_msg_header->length);
+ card->atr_length = scr_msg_header->length;
+ ccid_card_card_inserted(&card->base);
+ ccid_card_vscard_send_error(card, scr_msg_header->reader_id,
+ VSC_SUCCESS);
+ break;
+ case VSC_APDU:
+ ccid_card_send_apdu_to_guest(
+ &card->base, data, scr_msg_header->length);
+ break;
+ case VSC_CardRemove:
+ DPRINTF(card, D_INFO, "VSC_CardRemove\n");
+ ccid_card_card_removed(&card->base);
+ ccid_card_vscard_send_error(card,
+ scr_msg_header->reader_id, VSC_SUCCESS);
+ break;
+ case VSC_Init:
+ ccid_card_vscard_handle_init(
+ card, scr_msg_header, (VSCMsgInit *)data);
+ break;
+ case VSC_Error:
+ ccid_card_card_error(&card->base, *(uint32_t *)data);
+ break;
+ case VSC_ReaderAdd:
+ if (ccid_card_ccid_attach(&card->base) < 0) {
+ ccid_card_vscard_send_error(card, VSCARD_UNDEFINED_READER_ID,
+ VSC_CANNOT_ADD_MORE_READERS);
+ } else {
+ ccid_card_vscard_send_error(card, VSCARD_MINIMAL_READER_ID,
+ VSC_SUCCESS);
+ }
+ break;
+ case VSC_ReaderRemove:
+ ccid_card_ccid_detach(&card->base);
+ ccid_card_vscard_send_error(card,
+ scr_msg_header->reader_id, VSC_SUCCESS);
+ break;
+ default:
+ printf("usb-ccid: chardev: unexpected message of type %X\n",
+ scr_msg_header->type);
+ ccid_card_vscard_send_error(card, scr_msg_header->reader_id,
+ VSC_GENERAL_ERROR);
+ }
+}
+
+static void ccid_card_vscard_drop_connection(PassthruState *card)
+{
+ qemu_chr_close(card->cs);
+ card->vscard_in_pos = card->vscard_in_hdr = 0;
+}
+
+static void ccid_card_vscard_read(void *opaque, const uint8_t *buf, int size)
+{
+ PassthruState *card = opaque;
+ VSCMsgHeader *hdr;
+
+ if (card->vscard_in_pos + size > VSCARD_IN_SIZE) {
+ error_report(
+ "no room for data: pos %d + size %d > %d. dropping connection.",
+ card->vscard_in_pos, size, VSCARD_IN_SIZE);
+ ccid_card_vscard_drop_connection(card);
+ return;
+ }
+ assert(card->vscard_in_pos < VSCARD_IN_SIZE);
+ assert(card->vscard_in_hdr < VSCARD_IN_SIZE);
+ memcpy(card->vscard_in_data + card->vscard_in_pos, buf, size);
+ card->vscard_in_pos += size;
+ hdr = (VSCMsgHeader *)(card->vscard_in_data + card->vscard_in_hdr);
+
+ while ((card->vscard_in_pos - card->vscard_in_hdr >= sizeof(VSCMsgHeader))
+ &&(card->vscard_in_pos - card->vscard_in_hdr >=
+ sizeof(VSCMsgHeader) + ntohl(hdr->length))) {
+ hdr->reader_id = ntohl(hdr->reader_id);
+ hdr->length = ntohl(hdr->length);
+ hdr->type = ntohl(hdr->type);
+ ccid_card_vscard_handle_message(card, hdr);
+ card->vscard_in_hdr += hdr->length + sizeof(VSCMsgHeader);
+ hdr = (VSCMsgHeader *)(card->vscard_in_data + card->vscard_in_hdr);
+ }
+ if (card->vscard_in_hdr == card->vscard_in_pos) {
+ card->vscard_in_pos = card->vscard_in_hdr = 0;
+ }
+}
+
+static void ccid_card_vscard_event(void *opaque, int event)
+{
+ PassthruState *card = opaque;
+
+ switch (event) {
+ case CHR_EVENT_BREAK:
+ card->vscard_in_pos = card->vscard_in_hdr = 0;
+ break;
+ case CHR_EVENT_FOCUS:
+ break;
+ case CHR_EVENT_OPENED:
+ DPRINTF(card, D_INFO, "%s: CHR_EVENT_OPENED\n", __func__);
+ break;
+ }
+}
+
+/* End VSCard handling */
+
+static void passthru_apdu_from_guest(
+ CCIDCardState *base, const uint8_t *apdu, uint32_t len)
+{
+ PassthruState *card = DO_UPCAST(PassthruState, base, base);
+
+ if (!card->cs) {
+ printf("ccid-passthru: no chardev, discarding apdu length %d\n", len);
+ return;
+ }
+ ccid_card_vscard_send_apdu(card, apdu, len);
+}
+
+static const uint8_t *passthru_get_atr(CCIDCardState *base, uint32_t *len)
+{
+ PassthruState *card = DO_UPCAST(PassthruState, base, base);
+
+ *len = card->atr_length;
+ return card->atr;
+}
+
+static int passthru_initfn(CCIDCardState *base)
+{
+ PassthruState *card = DO_UPCAST(PassthruState, base, base);
+
+ card->vscard_in_pos = 0;
+ card->vscard_in_hdr = 0;
+ if (card->cs) {
+ DPRINTF(card, D_INFO, "initing chardev\n");
+ qemu_chr_add_handlers(card->cs,
+ ccid_card_vscard_can_read,
+ ccid_card_vscard_read,
+ ccid_card_vscard_event, card);
+ ccid_card_vscard_send_init(card);
+ } else {
+ error_report("missing chardev");
+ return -1;
+ }
+ assert(sizeof(DEFAULT_ATR) <= MAX_ATR_SIZE);
+ memcpy(card->atr, DEFAULT_ATR, sizeof(DEFAULT_ATR));
+ card->atr_length = sizeof(DEFAULT_ATR);
+ return 0;
+}
+
+static int passthru_exitfn(CCIDCardState *base)
+{
+ return 0;
+}
+
+static VMStateDescription passthru_vmstate = {
+ .name = PASSTHRU_DEV_NAME,
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_BUFFER(vscard_in_data, PassthruState),
+ VMSTATE_UINT32(vscard_in_pos, PassthruState),
+ VMSTATE_UINT32(vscard_in_hdr, PassthruState),
+ VMSTATE_BUFFER(atr, PassthruState),
+ VMSTATE_UINT8(atr_length, PassthruState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static CCIDCardInfo passthru_card_info = {
+ .qdev.name = PASSTHRU_DEV_NAME,
+ .qdev.desc = "passthrough smartcard",
+ .qdev.size = sizeof(PassthruState),
+ .qdev.vmsd = &passthru_vmstate,
+ .initfn = passthru_initfn,
+ .exitfn = passthru_exitfn,
+ .get_atr = passthru_get_atr,
+ .apdu_from_guest = passthru_apdu_from_guest,
+ .qdev.props = (Property[]) {
+ DEFINE_PROP_CHR("chardev", PassthruState, cs),
+ DEFINE_PROP_UINT8("debug", PassthruState, debug, 0),
+ DEFINE_PROP_END_OF_LIST(),
+ },
+};
+
+static void ccid_card_passthru_register_devices(void)
+{
+ ccid_card_qdev_register(&passthru_card_info);
+}
+
+device_init(ccid_card_passthru_register_devices)
diff --git a/hw/ccid.h b/hw/ccid.h
new file mode 100644
index 0000000..dbfc13c
--- /dev/null
+++ b/hw/ccid.h
@@ -0,0 +1,59 @@
+/*
+ * CCID Passthru Card Device emulation
+ *
+ * Copyright (c) 2011 Red Hat.
+ * Written by Alon Levy.
+ *
+ * This code is licenced under the GNU LGPL, version 2 or later.
+ */
+
+#ifndef CCID_H
+#define CCID_H
+
+#include "qdev.h"
+
+typedef struct CCIDCardState CCIDCardState;
+typedef struct CCIDCardInfo CCIDCardInfo;
+
+/*
+ * state of the CCID Card device (i.e. hw/ccid-card-*.c)
+ */
+struct CCIDCardState {
+ DeviceState qdev;
+ uint32_t slot; /* For future use with multiple slot reader. */
+};
+
+/*
+ * callbacks to be used by the CCID device (hw/usb-ccid.c) to call
+ * into the smartcard device (hw/ccid-card-*.c)
+ */
+struct CCIDCardInfo {
+ DeviceInfo qdev;
+ void (*print)(Monitor *mon, CCIDCardState *card, int indent);
+ const uint8_t *(*get_atr)(CCIDCardState *card, uint32_t *len);
+ void (*apdu_from_guest)(CCIDCardState *card,
+ const uint8_t *apdu,
+ uint32_t len);
+ int (*exitfn)(CCIDCardState *card);
+ int (*initfn)(CCIDCardState *card);
+};
+
+/*
+ * API for smartcard calling the CCID device (used by hw/ccid-card-*.c)
+ */
+void ccid_card_send_apdu_to_guest(CCIDCardState *card,
+ uint8_t *apdu,
+ uint32_t len);
+void ccid_card_card_removed(CCIDCardState *card);
+void ccid_card_card_inserted(CCIDCardState *card);
+void ccid_card_card_error(CCIDCardState *card, uint64_t error);
+void ccid_card_qdev_register(CCIDCardInfo *card);
+
+/*
+ * support guest visible insertion/removal of ccid devices based on actual
+ * devices connected/removed. Called by card implementation (passthru, local)
+ */
+int ccid_card_ccid_attach(CCIDCardState *card);
+void ccid_card_ccid_detach(CCIDCardState *card);
+
+#endif /* CCID_H */
diff --git a/hw/collie.c b/hw/collie.c
new file mode 100644
index 0000000..156404d
--- /dev/null
+++ b/hw/collie.c
@@ -0,0 +1,69 @@
+/*
+ * SA-1110-based Sharp Zaurus SL-5500 platform.
+ *
+ * Copyright (C) 2011 Dmitry Eremin-Solenikov
+ *
+ * This code is licensed under GNU GPL v2.
+ */
+#include "hw.h"
+#include "sysbus.h"
+#include "boards.h"
+#include "devices.h"
+#include "strongarm.h"
+#include "arm-misc.h"
+#include "flash.h"
+#include "blockdev.h"
+
+static struct arm_boot_info collie_binfo = {
+ .loader_start = SA_SDCS0,
+ .ram_size = 0x20000000,
+};
+
+static void collie_init(ram_addr_t ram_size,
+ const char *boot_device,
+ const char *kernel_filename, const char *kernel_cmdline,
+ const char *initrd_filename, const char *cpu_model)
+{
+ StrongARMState *s;
+ DriveInfo *dinfo;
+ ram_addr_t phys_flash;
+
+ if (!cpu_model) {
+ cpu_model = "sa1110";
+ }
+
+ s = sa1110_init(collie_binfo.ram_size, cpu_model);
+
+ phys_flash = qemu_ram_alloc(NULL, "collie.fl1", 0x02000000);
+ dinfo = drive_get(IF_PFLASH, 0, 0);
+ pflash_cfi01_register(SA_CS0, phys_flash,
+ dinfo ? dinfo->bdrv : NULL, (64 * 1024),
+ 512, 4, 0x00, 0x00, 0x00, 0x00, 0);
+
+ phys_flash = qemu_ram_alloc(NULL, "collie.fl2", 0x02000000);
+ dinfo = drive_get(IF_PFLASH, 0, 1);
+ pflash_cfi01_register(SA_CS1, phys_flash,
+ dinfo ? dinfo->bdrv : NULL, (64 * 1024),
+ 512, 4, 0x00, 0x00, 0x00, 0x00, 0);
+
+ sysbus_create_simple("scoop", 0x40800000, NULL);
+
+ collie_binfo.kernel_filename = kernel_filename;
+ collie_binfo.kernel_cmdline = kernel_cmdline;
+ collie_binfo.initrd_filename = initrd_filename;
+ collie_binfo.board_id = 0x208;
+ arm_load_kernel(s->env, &collie_binfo);
+}
+
+static QEMUMachine collie_machine = {
+ .name = "collie",
+ .desc = "Collie PDA (SA-1110)",
+ .init = collie_init,
+};
+
+static void collie_machine_init(void)
+{
+ qemu_register_machine(&collie_machine);
+}
+
+machine_init(collie_machine_init)
diff --git a/hw/cris-boot.c b/hw/cris-boot.c
index 2ef17f6..37894f8 100644
--- a/hw/cris-boot.c
+++ b/hw/cris-boot.c
@@ -23,7 +23,6 @@
*/
#include "hw.h"
-#include "sysemu.h"
#include "loader.h"
#include "elf.h"
#include "cris-boot.h"
diff --git a/hw/cuda.c b/hw/cuda.c
index 37aa3f4..065c362 100644
--- a/hw/cuda.c
+++ b/hw/cuda.c
@@ -644,80 +644,56 @@ static CPUReadMemoryFunc * const cuda_read[] = {
&cuda_readl,
};
-static void cuda_save_timer(QEMUFile *f, CUDATimer *s)
+static bool cuda_timer_exist(void *opaque, int version_id)
{
- qemu_put_be16s(f, &s->latch);
- qemu_put_be16s(f, &s->counter_value);
- qemu_put_sbe64s(f, &s->load_time);
- qemu_put_sbe64s(f, &s->next_irq_time);
- if (s->timer)
- qemu_put_timer(f, s->timer);
-}
-
-static void cuda_save(QEMUFile *f, void *opaque)
-{
- CUDAState *s = (CUDAState *)opaque;
-
- qemu_put_ubyte(f, s->b);
- qemu_put_ubyte(f, s->a);
- qemu_put_ubyte(f, s->dirb);
- qemu_put_ubyte(f, s->dira);
- qemu_put_ubyte(f, s->sr);
- qemu_put_ubyte(f, s->acr);
- qemu_put_ubyte(f, s->pcr);
- qemu_put_ubyte(f, s->ifr);
- qemu_put_ubyte(f, s->ier);
- qemu_put_ubyte(f, s->anh);
- qemu_put_sbe32s(f, &s->data_in_size);
- qemu_put_sbe32s(f, &s->data_in_index);
- qemu_put_sbe32s(f, &s->data_out_index);
- qemu_put_ubyte(f, s->autopoll);
- qemu_put_buffer(f, s->data_in, sizeof(s->data_in));
- qemu_put_buffer(f, s->data_out, sizeof(s->data_out));
- qemu_put_be32s(f, &s->tick_offset);
- cuda_save_timer(f, &s->timers[0]);
- cuda_save_timer(f, &s->timers[1]);
-}
+ CUDATimer *s = opaque;
-static void cuda_load_timer(QEMUFile *f, CUDATimer *s)
-{
- qemu_get_be16s(f, &s->latch);
- qemu_get_be16s(f, &s->counter_value);
- qemu_get_sbe64s(f, &s->load_time);
- qemu_get_sbe64s(f, &s->next_irq_time);
- if (s->timer)
- qemu_get_timer(f, s->timer);
+ return s->timer != NULL;
}
-static int cuda_load(QEMUFile *f, void *opaque, int version_id)
-{
- CUDAState *s = (CUDAState *)opaque;
-
- if (version_id != 1)
- return -EINVAL;
-
- s->b = qemu_get_ubyte(f);
- s->a = qemu_get_ubyte(f);
- s->dirb = qemu_get_ubyte(f);
- s->dira = qemu_get_ubyte(f);
- s->sr = qemu_get_ubyte(f);
- s->acr = qemu_get_ubyte(f);
- s->pcr = qemu_get_ubyte(f);
- s->ifr = qemu_get_ubyte(f);
- s->ier = qemu_get_ubyte(f);
- s->anh = qemu_get_ubyte(f);
- qemu_get_sbe32s(f, &s->data_in_size);
- qemu_get_sbe32s(f, &s->data_in_index);
- qemu_get_sbe32s(f, &s->data_out_index);
- s->autopoll = qemu_get_ubyte(f);
- qemu_get_buffer(f, s->data_in, sizeof(s->data_in));
- qemu_get_buffer(f, s->data_out, sizeof(s->data_out));
- qemu_get_be32s(f, &s->tick_offset);
- cuda_load_timer(f, &s->timers[0]);
- cuda_load_timer(f, &s->timers[1]);
+static const VMStateDescription vmstate_cuda_timer = {
+ .name = "cuda_timer",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT16(latch, CUDATimer),
+ VMSTATE_UINT16(counter_value, CUDATimer),
+ VMSTATE_INT64(load_time, CUDATimer),
+ VMSTATE_INT64(next_irq_time, CUDATimer),
+ VMSTATE_TIMER_TEST(timer, CUDATimer, cuda_timer_exist),
+ VMSTATE_END_OF_LIST()
+ }
+};
- return 0;
-}
+static const VMStateDescription vmstate_cuda = {
+ .name = "cuda",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8(a, CUDAState),
+ VMSTATE_UINT8(b, CUDAState),
+ VMSTATE_UINT8(dira, CUDAState),
+ VMSTATE_UINT8(dirb, CUDAState),
+ VMSTATE_UINT8(sr, CUDAState),
+ VMSTATE_UINT8(acr, CUDAState),
+ VMSTATE_UINT8(pcr, CUDAState),
+ VMSTATE_UINT8(ifr, CUDAState),
+ VMSTATE_UINT8(ier, CUDAState),
+ VMSTATE_UINT8(anh, CUDAState),
+ VMSTATE_INT32(data_in_size, CUDAState),
+ VMSTATE_INT32(data_in_index, CUDAState),
+ VMSTATE_INT32(data_out_index, CUDAState),
+ VMSTATE_UINT8(autopoll, CUDAState),
+ VMSTATE_BUFFER(data_in, CUDAState),
+ VMSTATE_BUFFER(data_out, CUDAState),
+ VMSTATE_UINT32(tick_offset, CUDAState),
+ VMSTATE_STRUCT_ARRAY(timers, CUDAState, 2, 1,
+ vmstate_cuda_timer, CUDATimer),
+ VMSTATE_END_OF_LIST()
+ }
+};
static void cuda_reset(void *opaque)
{
@@ -764,6 +740,6 @@ void cuda_init (int *cuda_mem_index, qemu_irq irq)
s->adb_poll_timer = qemu_new_timer_ns(vm_clock, cuda_adb_poll, s);
*cuda_mem_index = cpu_register_io_memory(cuda_read, cuda_write, s,
DEVICE_NATIVE_ENDIAN);
- register_savevm(NULL, "cuda", -1, 1, cuda_save, cuda_load, s);
+ vmstate_register(NULL, -1, &vmstate_cuda, s);
qemu_register_reset(cuda_reset, s);
}
diff --git a/hw/dummy_m68k.c b/hw/dummy_m68k.c
index 61efb39..cec1cc8 100644
--- a/hw/dummy_m68k.c
+++ b/hw/dummy_m68k.c
@@ -7,7 +7,6 @@
*/
#include "hw.h"
-#include "sysemu.h"
#include "boards.h"
#include "loader.h"
#include "elf.h"
diff --git a/hw/e1000.c b/hw/e1000.c
index 55daae0..f160bfc 100644
--- a/hw/e1000.c
+++ b/hw/e1000.c
@@ -517,6 +517,14 @@ txdesc_writeback(target_phys_addr_t base, struct e1000_tx_desc *dp)
return E1000_ICR_TXDW;
}
+static uint64_t tx_desc_base(E1000State *s)
+{
+ uint64_t bah = s->mac_reg[TDBAH];
+ uint64_t bal = s->mac_reg[TDBAL] & ~0xf;
+
+ return (bah << 32) + bal;
+}
+
static void
start_xmit(E1000State *s)
{
@@ -530,7 +538,7 @@ start_xmit(E1000State *s)
}
while (s->mac_reg[TDH] != s->mac_reg[TDT]) {
- base = ((uint64_t)s->mac_reg[TDBAH] << 32) + s->mac_reg[TDBAL] +
+ base = tx_desc_base(s) +
sizeof(struct e1000_tx_desc) * s->mac_reg[TDH];
cpu_physical_memory_read(base, (void *)&desc, sizeof(desc));
@@ -651,6 +659,14 @@ e1000_can_receive(VLANClientState *nc)
return (s->mac_reg[RCTL] & E1000_RCTL_EN) && e1000_has_rxbufs(s, 1);
}
+static uint64_t rx_desc_base(E1000State *s)
+{
+ uint64_t bah = s->mac_reg[RDBAH];
+ uint64_t bal = s->mac_reg[RDBAL] & ~0xf;
+
+ return (bah << 32) + bal;
+}
+
static ssize_t
e1000_receive(VLANClientState *nc, const uint8_t *buf, size_t size)
{
@@ -700,8 +716,7 @@ e1000_receive(VLANClientState *nc, const uint8_t *buf, size_t size)
if (desc_size > s->rxbuf_size) {
desc_size = s->rxbuf_size;
}
- base = ((uint64_t)s->mac_reg[RDBAH] << 32) + s->mac_reg[RDBAL] +
- sizeof(desc) * s->mac_reg[RDH];
+ base = rx_desc_base(s) + sizeof(desc) * s->mac_reg[RDH];
cpu_physical_memory_read(base, (void *)&desc, sizeof(desc));
desc.special = vlan_special;
desc.status |= (vlan_status | E1000_RXD_STAT_DD);
@@ -1205,7 +1220,7 @@ static PCIDeviceInfo e1000_info = {
.qdev.vmsd = &vmstate_e1000,
.init = pci_e1000_init,
.exit = pci_e1000_uninit,
- .romfile = "pxe-e1000.bin",
+ .romfile = "pxe-e1000.rom",
.qdev.props = (Property[]) {
DEFINE_NIC_PROPERTIES(E1000State, conf),
DEFINE_PROP_END_OF_LIST(),
diff --git a/hw/eepro100.c b/hw/eepro100.c
index 1781c8e..05450e8 100644
--- a/hw/eepro100.c
+++ b/hw/eepro100.c
@@ -2174,7 +2174,7 @@ static void eepro100_register_devices(void)
PCIDeviceInfo *pci_dev = &e100_devices[i].pci;
/* We use the same rom file for all device ids.
QEMU fixes the device id during rom load. */
- pci_dev->romfile = "gpxe-eepro100-80861209.rom";
+ pci_dev->romfile = "pxe-eepro100.rom";
pci_dev->init = e100_nic_init;
pci_dev->exit = pci_nic_uninit;
pci_dev->qdev.props = e100_properties;
diff --git a/hw/empty_slot.c b/hw/empty_slot.c
index 664b8d9..da8adc4 100644
--- a/hw/empty_slot.c
+++ b/hw/empty_slot.c
@@ -53,18 +53,21 @@ static CPUWriteMemoryFunc * const empty_slot_write[3] = {
void empty_slot_init(target_phys_addr_t addr, uint64_t slot_size)
{
- DeviceState *dev;
- SysBusDevice *s;
- EmptySlot *e;
+ if (slot_size > 0) {
+ /* Only empty slots larger than 0 byte need handling. */
+ DeviceState *dev;
+ SysBusDevice *s;
+ EmptySlot *e;
- dev = qdev_create(NULL, "empty_slot");
- s = sysbus_from_qdev(dev);
- e = FROM_SYSBUS(EmptySlot, s);
- e->size = slot_size;
+ dev = qdev_create(NULL, "empty_slot");
+ s = sysbus_from_qdev(dev);
+ e = FROM_SYSBUS(EmptySlot, s);
+ e->size = slot_size;
- qdev_init_nofail(dev);
+ qdev_init_nofail(dev);
- sysbus_mmio_map(s, 0, addr);
+ sysbus_mmio_map(s, 0, addr);
+ }
}
static int empty_slot_init1(SysBusDevice *dev)
diff --git a/hw/etraxfs.c b/hw/etraxfs.c
index 5ee5f97..b84d74a 100644
--- a/hw/etraxfs.c
+++ b/hw/etraxfs.c
@@ -24,7 +24,6 @@
#include "sysbus.h"
#include "boards.h"
-#include "sysemu.h"
#include "net.h"
#include "flash.h"
#include "etraxfs.h"
diff --git a/hw/fdc.c b/hw/fdc.c
index 9fdbc75..edf0360 100644
--- a/hw/fdc.c
+++ b/hw/fdc.c
@@ -36,6 +36,7 @@
#include "qdev-addr.h"
#include "blockdev.h"
#include "sysemu.h"
+#include "block_int.h"
/********************************************************/
/* debug Floppy devices */
@@ -82,6 +83,7 @@ typedef struct FDrive {
uint8_t max_track; /* Nb of tracks */
uint16_t bps; /* Bytes per sector */
uint8_t ro; /* Is read-only */
+ uint8_t media_changed; /* Is media changed */
} FDrive;
static void fd_init(FDrive *drv)
@@ -533,16 +535,63 @@ static CPUWriteMemoryFunc * const fdctrl_mem_write_strict[3] = {
NULL,
};
+static void fdrive_media_changed_pre_save(void *opaque)
+{
+ FDrive *drive = opaque;
+
+ drive->media_changed = drive->bs->media_changed;
+}
+
+static int fdrive_media_changed_post_load(void *opaque, int version_id)
+{
+ FDrive *drive = opaque;
+
+ if (drive->bs != NULL) {
+ drive->bs->media_changed = drive->media_changed;
+ }
+
+ /* User ejected the floppy when drive->bs == NULL */
+ return 0;
+}
+
+static bool fdrive_media_changed_needed(void *opaque)
+{
+ FDrive *drive = opaque;
+
+ return (drive->bs != NULL && drive->bs->media_changed != 1);
+}
+
+static const VMStateDescription vmstate_fdrive_media_changed = {
+ .name = "fdrive/media_changed",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .pre_save = fdrive_media_changed_pre_save,
+ .post_load = fdrive_media_changed_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8(media_changed, FDrive),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
static const VMStateDescription vmstate_fdrive = {
.name = "fdrive",
.version_id = 1,
.minimum_version_id = 1,
.minimum_version_id_old = 1,
- .fields = (VMStateField []) {
+ .fields = (VMStateField[]) {
VMSTATE_UINT8(head, FDrive),
VMSTATE_UINT8(track, FDrive),
VMSTATE_UINT8(sect, FDrive),
VMSTATE_END_OF_LIST()
+ },
+ .subsections = (VMStateSubsection[]) {
+ {
+ .vmsd = &vmstate_fdrive_media_changed,
+ .needed = &fdrive_media_changed_needed,
+ } , {
+ /* empty */
+ }
}
};
diff --git a/hw/file-op-9p.h b/hw/file-op-9p.h
deleted file mode 100644
index 126e60e..0000000
--- a/hw/file-op-9p.h
+++ /dev/null
@@ -1,107 +0,0 @@
-/*
- * Virtio 9p
- *
- * Copyright IBM, Corp. 2010
- *
- * Authors:
- * Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
- *
- * This work is licensed under the terms of the GNU GPL, version 2. See
- * the COPYING file in the top-level directory.
- *
- */
-#ifndef _FILEOP_H
-#define _FILEOP_H
-#include <sys/types.h>
-#include <dirent.h>
-#include <sys/time.h>
-#include <utime.h>
-#include <sys/stat.h>
-#include <sys/uio.h>
-#include <sys/vfs.h>
-#define SM_LOCAL_MODE_BITS 0600
-#define SM_LOCAL_DIR_MODE_BITS 0700
-
-typedef enum
-{
- /*
- * Server will try to set uid/gid.
- * On failure ignore the error.
- */
- SM_NONE = 0,
- /*
- * uid/gid set on fileserver files
- */
- SM_PASSTHROUGH = 1,
- /*
- * uid/gid part of xattr
- */
- SM_MAPPED,
-} SecModel;
-
-typedef struct FsCred
-{
- uid_t fc_uid;
- gid_t fc_gid;
- mode_t fc_mode;
- dev_t fc_rdev;
-} FsCred;
-
-struct xattr_operations;
-
-typedef struct FsContext
-{
- char *fs_root;
- SecModel fs_sm;
- uid_t uid;
- struct xattr_operations **xops;
-} FsContext;
-
-void cred_init(FsCred *);
-
-typedef struct FileOperations
-{
- int (*lstat)(FsContext *, const char *, struct stat *);
- ssize_t (*readlink)(FsContext *, const char *, char *, size_t);
- int (*chmod)(FsContext *, const char *, FsCred *);
- int (*chown)(FsContext *, const char *, FsCred *);
- int (*mknod)(FsContext *, const char *, FsCred *);
- int (*utimensat)(FsContext *, const char *, const struct timespec *);
- int (*remove)(FsContext *, const char *);
- int (*symlink)(FsContext *, const char *, const char *, FsCred *);
- int (*link)(FsContext *, const char *, const char *);
- int (*setuid)(FsContext *, uid_t);
- int (*close)(FsContext *, int);
- int (*closedir)(FsContext *, DIR *);
- DIR *(*opendir)(FsContext *, const char *);
- int (*open)(FsContext *, const char *, int);
- int (*open2)(FsContext *, const char *, int, FsCred *);
- void (*rewinddir)(FsContext *, DIR *);
- off_t (*telldir)(FsContext *, DIR *);
- struct dirent *(*readdir)(FsContext *, DIR *);
- void (*seekdir)(FsContext *, DIR *, off_t);
- ssize_t (*preadv)(FsContext *, int, const struct iovec *, int, off_t);
- ssize_t (*pwritev)(FsContext *, int, const struct iovec *, int, off_t);
- int (*mkdir)(FsContext *, const char *, FsCred *);
- int (*fstat)(FsContext *, int, struct stat *);
- int (*rename)(FsContext *, const char *, const char *);
- int (*truncate)(FsContext *, const char *, off_t);
- int (*fsync)(FsContext *, int, int);
- int (*statfs)(FsContext *s, const char *path, struct statfs *stbuf);
- ssize_t (*lgetxattr)(FsContext *, const char *,
- const char *, void *, size_t);
- ssize_t (*llistxattr)(FsContext *, const char *, void *, size_t);
- int (*lsetxattr)(FsContext *, const char *,
- const char *, void *, size_t, int);
- int (*lremovexattr)(FsContext *, const char *, const char *);
- void *opaque;
-} FileOperations;
-
-static inline const char *rpath(FsContext *ctx, const char *path)
-{
- /* FIXME: so wrong... */
- static char buffer[4096];
- snprintf(buffer, sizeof(buffer), "%s/%s", ctx->fs_root, path);
- return buffer;
-}
-#endif
diff --git a/hw/flash.h b/hw/flash.h
index d7d103e..c22e1a9 100644
--- a/hw/flash.h
+++ b/hw/flash.h
@@ -21,8 +21,8 @@ pflash_t *pflash_cfi02_register(target_phys_addr_t base, ram_addr_t off,
typedef struct NANDFlashState NANDFlashState;
NANDFlashState *nand_init(int manf_id, int chip_id);
void nand_done(NANDFlashState *s);
-void nand_setpins(NANDFlashState *s,
- int cle, int ale, int ce, int wp, int gnd);
+void nand_setpins(NANDFlashState *s, uint8_t cle, uint8_t ale,
+ uint8_t ce, uint8_t wp, uint8_t gnd);
void nand_getpins(NANDFlashState *s, int *rb);
void nand_setio(NANDFlashState *s, uint8_t value);
uint8_t nand_getio(NANDFlashState *s);
diff --git a/hw/grlib_apbuart.c b/hw/grlib_apbuart.c
index 101b150..169a56e 100644
--- a/hw/grlib_apbuart.c
+++ b/hw/grlib_apbuart.c
@@ -133,7 +133,7 @@ grlib_apbuart_writel(void *opaque, target_phys_addr_t addr, uint32_t value)
break;
}
- trace_grlib_apbuart_unknown_register("write", addr);
+ trace_grlib_apbuart_writel_unknown(addr, value);
}
static CPUReadMemoryFunc * const grlib_apbuart_read[] = {
diff --git a/hw/grlib_gptimer.c b/hw/grlib_gptimer.c
index 596a900..99e9033 100644
--- a/hw/grlib_gptimer.c
+++ b/hw/grlib_gptimer.c
@@ -165,15 +165,15 @@ static uint32_t grlib_gptimer_readl(void *opaque, target_phys_addr_t addr)
/* Unit registers */
switch (addr) {
case SCALER_OFFSET:
- trace_grlib_gptimer_readl(-1, "scaler:", unit->scaler);
+ trace_grlib_gptimer_readl(-1, addr, unit->scaler);
return unit->scaler;
case SCALER_RELOAD_OFFSET:
- trace_grlib_gptimer_readl(-1, "reload:", unit->reload);
+ trace_grlib_gptimer_readl(-1, addr, unit->reload);
return unit->reload;
case CONFIG_OFFSET:
- trace_grlib_gptimer_readl(-1, "config:", unit->config);
+ trace_grlib_gptimer_readl(-1, addr, unit->config);
return unit->config;
default:
@@ -189,17 +189,16 @@ static uint32_t grlib_gptimer_readl(void *opaque, target_phys_addr_t addr)
switch (timer_addr) {
case COUNTER_OFFSET:
value = ptimer_get_count(unit->timers[id].ptimer);
- trace_grlib_gptimer_readl(id, "counter value:", value);
+ trace_grlib_gptimer_readl(id, addr, value);
return value;
case COUNTER_RELOAD_OFFSET:
value = unit->timers[id].reload;
- trace_grlib_gptimer_readl(id, "reload value:", value);
+ trace_grlib_gptimer_readl(id, addr, value);
return value;
case CONFIG_OFFSET:
- trace_grlib_gptimer_readl(id, "scaler value:",
- unit->timers[id].config);
+ trace_grlib_gptimer_readl(id, addr, unit->timers[id].config);
return unit->timers[id].config;
default:
@@ -208,7 +207,7 @@ static uint32_t grlib_gptimer_readl(void *opaque, target_phys_addr_t addr)
}
- trace_grlib_gptimer_unknown_register("read", addr);
+ trace_grlib_gptimer_readl(-1, addr, 0);
return 0;
}
@@ -226,19 +225,19 @@ grlib_gptimer_writel(void *opaque, target_phys_addr_t addr, uint32_t value)
case SCALER_OFFSET:
value &= 0xFFFF; /* clean up the value */
unit->scaler = value;
- trace_grlib_gptimer_writel(-1, "scaler:", unit->scaler);
+ trace_grlib_gptimer_writel(-1, addr, unit->scaler);
return;
case SCALER_RELOAD_OFFSET:
value &= 0xFFFF; /* clean up the value */
unit->reload = value;
- trace_grlib_gptimer_writel(-1, "reload:", unit->reload);
+ trace_grlib_gptimer_writel(-1, addr, unit->reload);
grlib_gptimer_set_scaler(unit, value);
return;
case CONFIG_OFFSET:
/* Read Only (disable timer freeze not supported) */
- trace_grlib_gptimer_writel(-1, "config (Read Only):", 0);
+ trace_grlib_gptimer_writel(-1, addr, 0);
return;
default:
@@ -253,18 +252,18 @@ grlib_gptimer_writel(void *opaque, target_phys_addr_t addr, uint32_t value)
/* GPTimer registers */
switch (timer_addr) {
case COUNTER_OFFSET:
- trace_grlib_gptimer_writel(id, "counter:", value);
+ trace_grlib_gptimer_writel(id, addr, value);
unit->timers[id].counter = value;
grlib_gptimer_enable(&unit->timers[id]);
return;
case COUNTER_RELOAD_OFFSET:
- trace_grlib_gptimer_writel(id, "reload:", value);
+ trace_grlib_gptimer_writel(id, addr, value);
unit->timers[id].reload = value;
return;
case CONFIG_OFFSET:
- trace_grlib_gptimer_writel(id, "config:", value);
+ trace_grlib_gptimer_writel(id, addr, value);
if (value & GPTIMER_INT_PENDING) {
/* clear pending bit */
@@ -297,7 +296,7 @@ grlib_gptimer_writel(void *opaque, target_phys_addr_t addr, uint32_t value)
}
- trace_grlib_gptimer_unknown_register("write", addr);
+ trace_grlib_gptimer_writel(-1, addr, value);
}
static CPUReadMemoryFunc * const grlib_gptimer_read[] = {
diff --git a/hw/grlib_irqmp.c b/hw/grlib_irqmp.c
index f47c491..b8738fc 100644
--- a/hw/grlib_irqmp.c
+++ b/hw/grlib_irqmp.c
@@ -220,7 +220,7 @@ static uint32_t grlib_irqmp_readl(void *opaque, target_phys_addr_t addr)
return state->extended[cpu];
}
- trace_grlib_irqmp_unknown_register("read", addr);
+ trace_grlib_irqmp_readl_unknown(addr);
return 0;
}
@@ -308,7 +308,7 @@ grlib_irqmp_writel(void *opaque, target_phys_addr_t addr, uint32_t value)
return;
}
- trace_grlib_irqmp_unknown_register("write", addr);
+ trace_grlib_irqmp_writel_unknown(addr, value);
}
static CPUReadMemoryFunc * const grlib_irqmp_read[] = {
diff --git a/hw/gumstix.c b/hw/gumstix.c
index ee63f63..853f7e1 100644
--- a/hw/gumstix.c
+++ b/hw/gumstix.c
@@ -35,7 +35,6 @@
#include "pxa.h"
#include "net.h"
#include "flash.h"
-#include "sysemu.h"
#include "devices.h"
#include "boards.h"
#include "blockdev.h"
diff --git a/hw/heathrow_pic.c b/hw/heathrow_pic.c
index b19b754..5fd71a0 100644
--- a/hw/heathrow_pic.c
+++ b/hw/heathrow_pic.c
@@ -159,42 +159,31 @@ static void heathrow_pic_set_irq(void *opaque, int num, int level)
heathrow_pic_update(s);
}
-static void heathrow_pic_save_one(QEMUFile *f, HeathrowPIC *s)
-{
- qemu_put_be32s(f, &s->events);
- qemu_put_be32s(f, &s->mask);
- qemu_put_be32s(f, &s->levels);
- qemu_put_be32s(f, &s->level_triggered);
-}
-
-static void heathrow_pic_save(QEMUFile *f, void *opaque)
-{
- HeathrowPICS *s = (HeathrowPICS *)opaque;
-
- heathrow_pic_save_one(f, &s->pics[0]);
- heathrow_pic_save_one(f, &s->pics[1]);
-}
-
-static void heathrow_pic_load_one(QEMUFile *f, HeathrowPIC *s)
-{
- qemu_get_be32s(f, &s->events);
- qemu_get_be32s(f, &s->mask);
- qemu_get_be32s(f, &s->levels);
- qemu_get_be32s(f, &s->level_triggered);
-}
-
-static int heathrow_pic_load(QEMUFile *f, void *opaque, int version_id)
-{
- HeathrowPICS *s = (HeathrowPICS *)opaque;
-
- if (version_id != 1)
- return -EINVAL;
-
- heathrow_pic_load_one(f, &s->pics[0]);
- heathrow_pic_load_one(f, &s->pics[1]);
+static const VMStateDescription vmstate_heathrow_pic_one = {
+ .name = "heathrow_pic_one",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(events, HeathrowPIC),
+ VMSTATE_UINT32(mask, HeathrowPIC),
+ VMSTATE_UINT32(levels, HeathrowPIC),
+ VMSTATE_UINT32(level_triggered, HeathrowPIC),
+ VMSTATE_END_OF_LIST()
+ }
+};
- return 0;
-}
+static const VMStateDescription vmstate_heathrow_pic = {
+ .name = "heathrow_pic",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_STRUCT_ARRAY(pics, HeathrowPICS, 2, 1,
+ vmstate_heathrow_pic_one, HeathrowPIC),
+ VMSTATE_END_OF_LIST()
+ }
+};
static void heathrow_pic_reset_one(HeathrowPIC *s)
{
@@ -223,8 +212,7 @@ qemu_irq *heathrow_pic_init(int *pmem_index,
*pmem_index = cpu_register_io_memory(pic_read, pic_write, s,
DEVICE_LITTLE_ENDIAN);
- register_savevm(NULL, "heathrow_pic", -1, 1, heathrow_pic_save,
- heathrow_pic_load, s);
+ vmstate_register(NULL, -1, &vmstate_heathrow_pic, s);
qemu_register_reset(heathrow_pic_reset, s);
return qemu_allocate_irqs(heathrow_pic_set_irq, s, 64);
}
diff --git a/hw/hw.h b/hw/hw.h
index 1b09039..56447a7 100644
--- a/hw/hw.h
+++ b/hw/hw.h
@@ -689,6 +689,17 @@ extern const VMStateDescription vmstate_usb_device;
.offset = vmstate_offset_macaddr(_state, _field), \
}
+extern const VMStateDescription vmstate_ptimer;
+
+#define VMSTATE_PTIMER(_field, _state) { \
+ .name = (stringify(_field)), \
+ .version_id = (1), \
+ .vmsd = &vmstate_ptimer, \
+ .size = sizeof(ptimer_state *), \
+ .flags = VMS_STRUCT|VMS_POINTER, \
+ .offset = vmstate_offset_pointer(_state, _field, ptimer_state), \
+}
+
/* _f : field name
_f_n : num of elements field_name
_n : num of elements
@@ -784,12 +795,6 @@ extern const VMStateDescription vmstate_usb_device;
#define VMSTATE_TIMER_ARRAY(_f, _s, _n) \
VMSTATE_ARRAY_OF_POINTER(_f, _s, _n, 0, vmstate_info_timer, QEMUTimer *)
-#define VMSTATE_PTIMER_V(_f, _s, _v) \
- VMSTATE_POINTER(_f, _s, _v, vmstate_info_ptimer, ptimer_state *)
-
-#define VMSTATE_PTIMER(_f, _s) \
- VMSTATE_PTIMER_V(_f, _s, 0)
-
#define VMSTATE_BOOL_ARRAY_V(_f, _s, _n, _v) \
VMSTATE_ARRAY(_f, _s, _n, _v, vmstate_info_bool, bool)
diff --git a/hw/ide.h b/hw/ide.h
index 73fb550..34d9394 100644
--- a/hw/ide.h
+++ b/hw/ide.h
@@ -28,4 +28,7 @@ void mmio_ide_init (target_phys_addr_t membase, target_phys_addr_t membase2,
void ide_get_bs(BlockDriverState *bs[], BusState *qbus);
+/* ide/core.c */
+void ide_drive_get(DriveInfo **hd, int max_bus);
+
#endif /* HW_IDE_H */
diff --git a/hw/ide/atapi.c b/hw/ide/atapi.c
new file mode 100644
index 0000000..fe2fb0b
--- /dev/null
+++ b/hw/ide/atapi.c
@@ -0,0 +1,1138 @@
+/*
+ * QEMU ATAPI Emulation
+ *
+ * Copyright (c) 2003 Fabrice Bellard
+ * Copyright (c) 2006 Openedhand Ltd.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/ide/internal.h"
+#include "hw/scsi.h"
+
+static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
+
+static void padstr8(uint8_t *buf, int buf_size, const char *src)
+{
+ int i;
+ for(i = 0; i < buf_size; i++) {
+ if (*src)
+ buf[i] = *src++;
+ else
+ buf[i] = ' ';
+ }
+}
+
+static inline void cpu_to_ube16(uint8_t *buf, int val)
+{
+ buf[0] = val >> 8;
+ buf[1] = val & 0xff;
+}
+
+static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
+{
+ buf[0] = val >> 24;
+ buf[1] = val >> 16;
+ buf[2] = val >> 8;
+ buf[3] = val & 0xff;
+}
+
+static inline int ube16_to_cpu(const uint8_t *buf)
+{
+ return (buf[0] << 8) | buf[1];
+}
+
+static inline int ube32_to_cpu(const uint8_t *buf)
+{
+ return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
+}
+
+static void lba_to_msf(uint8_t *buf, int lba)
+{
+ lba += 150;
+ buf[0] = (lba / 75) / 60;
+ buf[1] = (lba / 75) % 60;
+ buf[2] = lba % 75;
+}
+
+static inline int media_present(IDEState *s)
+{
+ return (s->nb_sectors > 0);
+}
+
+/* XXX: DVDs that could fit on a CD will be reported as a CD */
+static inline int media_is_dvd(IDEState *s)
+{
+ return (media_present(s) && s->nb_sectors > CD_MAX_SECTORS);
+}
+
+static inline int media_is_cd(IDEState *s)
+{
+ return (media_present(s) && s->nb_sectors <= CD_MAX_SECTORS);
+}
+
+static void cd_data_to_raw(uint8_t *buf, int lba)
+{
+ /* sync bytes */
+ buf[0] = 0x00;
+ memset(buf + 1, 0xff, 10);
+ buf[11] = 0x00;
+ buf += 12;
+ /* MSF */
+ lba_to_msf(buf, lba);
+ buf[3] = 0x01; /* mode 1 data */
+ buf += 4;
+ /* data */
+ buf += 2048;
+ /* XXX: ECC not computed */
+ memset(buf, 0, 288);
+}
+
+static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
+ int sector_size)
+{
+ int ret;
+
+ switch(sector_size) {
+ case 2048:
+ ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
+ break;
+ case 2352:
+ ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
+ if (ret < 0)
+ return ret;
+ cd_data_to_raw(buf, lba);
+ break;
+ default:
+ ret = -EIO;
+ break;
+ }
+ return ret;
+}
+
+void ide_atapi_cmd_ok(IDEState *s)
+{
+ s->error = 0;
+ s->status = READY_STAT | SEEK_STAT;
+ s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
+ ide_set_irq(s->bus);
+}
+
+void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
+{
+#ifdef DEBUG_IDE_ATAPI
+ printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
+#endif
+ s->error = sense_key << 4;
+ s->status = READY_STAT | ERR_STAT;
+ s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
+ s->sense_key = sense_key;
+ s->asc = asc;
+ ide_set_irq(s->bus);
+}
+
+void ide_atapi_io_error(IDEState *s, int ret)
+{
+ /* XXX: handle more errors */
+ if (ret == -ENOMEDIUM) {
+ ide_atapi_cmd_error(s, SENSE_NOT_READY,
+ ASC_MEDIUM_NOT_PRESENT);
+ } else {
+ ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
+ ASC_LOGICAL_BLOCK_OOR);
+ }
+}
+
+/* The whole ATAPI transfer logic is handled in this function */
+void ide_atapi_cmd_reply_end(IDEState *s)
+{
+ int byte_count_limit, size, ret;
+#ifdef DEBUG_IDE_ATAPI
+ printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
+ s->packet_transfer_size,
+ s->elementary_transfer_size,
+ s->io_buffer_index);
+#endif
+ if (s->packet_transfer_size <= 0) {
+ /* end of transfer */
+ ide_transfer_stop(s);
+ s->status = READY_STAT | SEEK_STAT;
+ s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
+ ide_set_irq(s->bus);
+#ifdef DEBUG_IDE_ATAPI
+ printf("status=0x%x\n", s->status);
+#endif
+ } else {
+ /* see if a new sector must be read */
+ if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
+ ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
+ if (ret < 0) {
+ ide_transfer_stop(s);
+ ide_atapi_io_error(s, ret);
+ return;
+ }
+ s->lba++;
+ s->io_buffer_index = 0;
+ }
+ if (s->elementary_transfer_size > 0) {
+ /* there are some data left to transmit in this elementary
+ transfer */
+ size = s->cd_sector_size - s->io_buffer_index;
+ if (size > s->elementary_transfer_size)
+ size = s->elementary_transfer_size;
+ s->packet_transfer_size -= size;
+ s->elementary_transfer_size -= size;
+ s->io_buffer_index += size;
+ ide_transfer_start(s, s->io_buffer + s->io_buffer_index - size,
+ size, ide_atapi_cmd_reply_end);
+ } else {
+ /* a new transfer is needed */
+ s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
+ byte_count_limit = s->lcyl | (s->hcyl << 8);
+#ifdef DEBUG_IDE_ATAPI
+ printf("byte_count_limit=%d\n", byte_count_limit);
+#endif
+ if (byte_count_limit == 0xffff)
+ byte_count_limit--;
+ size = s->packet_transfer_size;
+ if (size > byte_count_limit) {
+ /* byte count limit must be even if this case */
+ if (byte_count_limit & 1)
+ byte_count_limit--;
+ size = byte_count_limit;
+ }
+ s->lcyl = size;
+ s->hcyl = size >> 8;
+ s->elementary_transfer_size = size;
+ /* we cannot transmit more than one sector at a time */
+ if (s->lba != -1) {
+ if (size > (s->cd_sector_size - s->io_buffer_index))
+ size = (s->cd_sector_size - s->io_buffer_index);
+ }
+ s->packet_transfer_size -= size;
+ s->elementary_transfer_size -= size;
+ s->io_buffer_index += size;
+ ide_transfer_start(s, s->io_buffer + s->io_buffer_index - size,
+ size, ide_atapi_cmd_reply_end);
+ ide_set_irq(s->bus);
+#ifdef DEBUG_IDE_ATAPI
+ printf("status=0x%x\n", s->status);
+#endif
+ }
+ }
+}
+
+/* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
+static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
+{
+ if (size > max_size)
+ size = max_size;
+ s->lba = -1; /* no sector read */
+ s->packet_transfer_size = size;
+ s->io_buffer_size = size; /* dma: send the reply data as one chunk */
+ s->elementary_transfer_size = 0;
+ s->io_buffer_index = 0;
+
+ if (s->atapi_dma) {
+ s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
+ s->bus->dma->ops->start_dma(s->bus->dma, s,
+ ide_atapi_cmd_read_dma_cb);
+ } else {
+ s->status = READY_STAT | SEEK_STAT;
+ ide_atapi_cmd_reply_end(s);
+ }
+}
+
+/* start a CD-CDROM read command */
+static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
+ int sector_size)
+{
+ s->lba = lba;
+ s->packet_transfer_size = nb_sectors * sector_size;
+ s->elementary_transfer_size = 0;
+ s->io_buffer_index = sector_size;
+ s->cd_sector_size = sector_size;
+
+ s->status = READY_STAT | SEEK_STAT;
+ ide_atapi_cmd_reply_end(s);
+}
+
+static void ide_atapi_cmd_check_status(IDEState *s)
+{
+#ifdef DEBUG_IDE_ATAPI
+ printf("atapi_cmd_check_status\n");
+#endif
+ s->error = MC_ERR | (SENSE_UNIT_ATTENTION << 4);
+ s->status = ERR_STAT;
+ s->nsector = 0;
+ ide_set_irq(s->bus);
+}
+/* ATAPI DMA support */
+
+/* XXX: handle read errors */
+static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
+{
+ IDEState *s = opaque;
+ int data_offset, n;
+
+ if (ret < 0) {
+ ide_atapi_io_error(s, ret);
+ goto eot;
+ }
+
+ if (s->io_buffer_size > 0) {
+ /*
+ * For a cdrom read sector command (s->lba != -1),
+ * adjust the lba for the next s->io_buffer_size chunk
+ * and dma the current chunk.
+ * For a command != read (s->lba == -1), just transfer
+ * the reply data.
+ */
+ if (s->lba != -1) {
+ if (s->cd_sector_size == 2352) {
+ n = 1;
+ cd_data_to_raw(s->io_buffer, s->lba);
+ } else {
+ n = s->io_buffer_size >> 11;
+ }
+ s->lba += n;
+ }
+ s->packet_transfer_size -= s->io_buffer_size;
+ if (s->bus->dma->ops->rw_buf(s->bus->dma, 1) == 0)
+ goto eot;
+ }
+
+ if (s->packet_transfer_size <= 0) {
+ s->status = READY_STAT | SEEK_STAT;
+ s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
+ ide_set_irq(s->bus);
+ eot:
+ s->bus->dma->ops->add_status(s->bus->dma, BM_STATUS_INT);
+ ide_set_inactive(s);
+ return;
+ }
+
+ s->io_buffer_index = 0;
+ if (s->cd_sector_size == 2352) {
+ n = 1;
+ s->io_buffer_size = s->cd_sector_size;
+ data_offset = 16;
+ } else {
+ n = s->packet_transfer_size >> 11;
+ if (n > (IDE_DMA_BUF_SECTORS / 4))
+ n = (IDE_DMA_BUF_SECTORS / 4);
+ s->io_buffer_size = n * 2048;
+ data_offset = 0;
+ }
+#ifdef DEBUG_AIO
+ printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
+#endif
+ s->bus->dma->iov.iov_base = (void *)(s->io_buffer + data_offset);
+ s->bus->dma->iov.iov_len = n * 4 * 512;
+ qemu_iovec_init_external(&s->bus->dma->qiov, &s->bus->dma->iov, 1);
+ s->bus->dma->aiocb = bdrv_aio_readv(s->bs, (int64_t)s->lba << 2,
+ &s->bus->dma->qiov, n * 4,
+ ide_atapi_cmd_read_dma_cb, s);
+ if (!s->bus->dma->aiocb) {
+ /* Note: media not present is the most likely case */
+ ide_atapi_cmd_error(s, SENSE_NOT_READY,
+ ASC_MEDIUM_NOT_PRESENT);
+ goto eot;
+ }
+}
+
+/* start a CD-CDROM read command with DMA */
+/* XXX: test if DMA is available */
+static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
+ int sector_size)
+{
+ s->lba = lba;
+ s->packet_transfer_size = nb_sectors * sector_size;
+ s->io_buffer_index = 0;
+ s->io_buffer_size = 0;
+ s->cd_sector_size = sector_size;
+
+ /* XXX: check if BUSY_STAT should be set */
+ s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
+ s->bus->dma->ops->start_dma(s->bus->dma, s,
+ ide_atapi_cmd_read_dma_cb);
+}
+
+static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
+ int sector_size)
+{
+#ifdef DEBUG_IDE_ATAPI
+ printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
+ lba, nb_sectors);
+#endif
+ if (s->atapi_dma) {
+ ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
+ } else {
+ ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
+ }
+}
+
+static inline uint8_t ide_atapi_set_profile(uint8_t *buf, uint8_t *index,
+ uint16_t profile)
+{
+ uint8_t *buf_profile = buf + 12; /* start of profiles */
+
+ buf_profile += ((*index) * 4); /* start of indexed profile */
+ cpu_to_ube16 (buf_profile, profile);
+ buf_profile[2] = ((buf_profile[0] == buf[6]) && (buf_profile[1] == buf[7]));
+
+ /* each profile adds 4 bytes to the response */
+ (*index)++;
+ buf[11] += 4; /* Additional Length */
+
+ return 4;
+}
+
+static int ide_dvd_read_structure(IDEState *s, int format,
+ const uint8_t *packet, uint8_t *buf)
+{
+ switch (format) {
+ case 0x0: /* Physical format information */
+ {
+ int layer = packet[6];
+ uint64_t total_sectors;
+
+ if (layer != 0)
+ return -ASC_INV_FIELD_IN_CMD_PACKET;
+
+ total_sectors = s->nb_sectors >> 2;
+ if (total_sectors == 0) {
+ return -ASC_MEDIUM_NOT_PRESENT;
+ }
+
+ buf[4] = 1; /* DVD-ROM, part version 1 */
+ buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
+ buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
+ buf[7] = 0; /* default densities */
+
+ /* FIXME: 0x30000 per spec? */
+ cpu_to_ube32(buf + 8, 0); /* start sector */
+ cpu_to_ube32(buf + 12, total_sectors - 1); /* end sector */
+ cpu_to_ube32(buf + 16, total_sectors - 1); /* l0 end sector */
+
+ /* Size of buffer, not including 2 byte size field */
+ cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
+
+ /* 2k data + 4 byte header */
+ return (2048 + 4);
+ }
+
+ case 0x01: /* DVD copyright information */
+ buf[4] = 0; /* no copyright data */
+ buf[5] = 0; /* no region restrictions */
+
+ /* Size of buffer, not including 2 byte size field */
+ cpu_to_be16wu((uint16_t *)buf, 4 + 2);
+
+ /* 4 byte header + 4 byte data */
+ return (4 + 4);
+
+ case 0x03: /* BCA information - invalid field for no BCA info */
+ return -ASC_INV_FIELD_IN_CMD_PACKET;
+
+ case 0x04: /* DVD disc manufacturing information */
+ /* Size of buffer, not including 2 byte size field */
+ cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
+
+ /* 2k data + 4 byte header */
+ return (2048 + 4);
+
+ case 0xff:
+ /*
+ * This lists all the command capabilities above. Add new ones
+ * in order and update the length and buffer return values.
+ */
+
+ buf[4] = 0x00; /* Physical format */
+ buf[5] = 0x40; /* Not writable, is readable */
+ cpu_to_be16wu((uint16_t *)(buf + 6), 2048 + 4);
+
+ buf[8] = 0x01; /* Copyright info */
+ buf[9] = 0x40; /* Not writable, is readable */
+ cpu_to_be16wu((uint16_t *)(buf + 10), 4 + 4);
+
+ buf[12] = 0x03; /* BCA info */
+ buf[13] = 0x40; /* Not writable, is readable */
+ cpu_to_be16wu((uint16_t *)(buf + 14), 188 + 4);
+
+ buf[16] = 0x04; /* Manufacturing info */
+ buf[17] = 0x40; /* Not writable, is readable */
+ cpu_to_be16wu((uint16_t *)(buf + 18), 2048 + 4);
+
+ /* Size of buffer, not including 2 byte size field */
+ cpu_to_be16wu((uint16_t *)buf, 16 + 2);
+
+ /* data written + 4 byte header */
+ return (16 + 4);
+
+ default: /* TODO: formats beyond DVD-ROM requires */
+ return -ASC_INV_FIELD_IN_CMD_PACKET;
+ }
+}
+
+static unsigned int event_status_media(IDEState *s,
+ uint8_t *buf)
+{
+ enum media_event_code {
+ MEC_NO_CHANGE = 0, /* Status unchanged */
+ MEC_EJECT_REQUESTED, /* received a request from user to eject */
+ MEC_NEW_MEDIA, /* new media inserted and ready for access */
+ MEC_MEDIA_REMOVAL, /* only for media changers */
+ MEC_MEDIA_CHANGED, /* only for media changers */
+ MEC_BG_FORMAT_COMPLETED, /* MRW or DVD+RW b/g format completed */
+ MEC_BG_FORMAT_RESTARTED, /* MRW or DVD+RW b/g format restarted */
+ };
+ enum media_status {
+ MS_TRAY_OPEN = 1,
+ MS_MEDIA_PRESENT = 2,
+ };
+ uint8_t event_code, media_status;
+
+ media_status = 0;
+ if (s->bs->tray_open) {
+ media_status = MS_TRAY_OPEN;
+ } else if (bdrv_is_inserted(s->bs)) {
+ media_status = MS_MEDIA_PRESENT;
+ }
+
+ /* Event notification descriptor */
+ event_code = MEC_NO_CHANGE;
+ if (media_status != MS_TRAY_OPEN && s->events.new_media) {
+ event_code = MEC_NEW_MEDIA;
+ s->events.new_media = false;
+ }
+
+ buf[4] = event_code;
+ buf[5] = media_status;
+
+ /* These fields are reserved, just clear them. */
+ buf[6] = 0;
+ buf[7] = 0;
+
+ return 8; /* We wrote to 4 extra bytes from the header */
+}
+
+static void cmd_get_event_status_notification(IDEState *s,
+ uint8_t *buf)
+{
+ const uint8_t *packet = buf;
+
+ struct {
+ uint8_t opcode;
+ uint8_t polled; /* lsb bit is polled; others are reserved */
+ uint8_t reserved2[2];
+ uint8_t class;
+ uint8_t reserved3[2];
+ uint16_t len;
+ uint8_t control;
+ } __attribute__((packed)) *gesn_cdb;
+
+ struct {
+ uint16_t len;
+ uint8_t notification_class;
+ uint8_t supported_events;
+ } __attribute((packed)) *gesn_event_header;
+
+ enum notification_class_request_type {
+ NCR_RESERVED1 = 1 << 0,
+ NCR_OPERATIONAL_CHANGE = 1 << 1,
+ NCR_POWER_MANAGEMENT = 1 << 2,
+ NCR_EXTERNAL_REQUEST = 1 << 3,
+ NCR_MEDIA = 1 << 4,
+ NCR_MULTI_HOST = 1 << 5,
+ NCR_DEVICE_BUSY = 1 << 6,
+ NCR_RESERVED2 = 1 << 7,
+ };
+ enum event_notification_class_field {
+ ENC_NO_EVENTS = 0,
+ ENC_OPERATIONAL_CHANGE,
+ ENC_POWER_MANAGEMENT,
+ ENC_EXTERNAL_REQUEST,
+ ENC_MEDIA,
+ ENC_MULTIPLE_HOSTS,
+ ENC_DEVICE_BUSY,
+ ENC_RESERVED,
+ };
+ unsigned int max_len, used_len;
+
+ gesn_cdb = (void *)packet;
+ gesn_event_header = (void *)buf;
+
+ max_len = be16_to_cpu(gesn_cdb->len);
+
+ /* It is fine by the MMC spec to not support async mode operations */
+ if (!(gesn_cdb->polled & 0x01)) { /* asynchronous mode */
+ /* Only polling is supported, asynchronous mode is not. */
+ ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
+ ASC_INV_FIELD_IN_CMD_PACKET);
+ return;
+ }
+
+ /* polling mode operation */
+
+ /*
+ * These are the supported events.
+ *
+ * We currently only support requests of the 'media' type.
+ */
+ gesn_event_header->supported_events = NCR_MEDIA;
+
+ /*
+ * We use |= below to set the class field; other bits in this byte
+ * are reserved now but this is useful to do if we have to use the
+ * reserved fields later.
+ */
+ gesn_event_header->notification_class = 0;
+
+ /*
+ * Responses to requests are to be based on request priority. The
+ * notification_class_request_type enum above specifies the
+ * priority: upper elements are higher prio than lower ones.
+ */
+ if (gesn_cdb->class & NCR_MEDIA) {
+ gesn_event_header->notification_class |= ENC_MEDIA;
+ used_len = event_status_media(s, buf);
+ } else {
+ gesn_event_header->notification_class = 0x80; /* No event available */
+ used_len = sizeof(*gesn_event_header);
+ }
+ gesn_event_header->len = cpu_to_be16(used_len
+ - sizeof(*gesn_event_header));
+ ide_atapi_cmd_reply(s, used_len, max_len);
+}
+
+static void cmd_request_sense(IDEState *s, uint8_t *buf)
+{
+ int max_len = buf[4];
+
+ memset(buf, 0, 18);
+ buf[0] = 0x70 | (1 << 7);
+ buf[2] = s->sense_key;
+ buf[7] = 10;
+ buf[12] = s->asc;
+
+ if (s->sense_key == SENSE_UNIT_ATTENTION) {
+ s->sense_key = SENSE_NONE;
+ }
+
+ ide_atapi_cmd_reply(s, 18, max_len);
+}
+
+static void cmd_inquiry(IDEState *s, uint8_t *buf)
+{
+ int max_len = buf[4];
+
+ buf[0] = 0x05; /* CD-ROM */
+ buf[1] = 0x80; /* removable */
+ buf[2] = 0x00; /* ISO */
+ buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
+ buf[4] = 31; /* additional length */
+ buf[5] = 0; /* reserved */
+ buf[6] = 0; /* reserved */
+ buf[7] = 0; /* reserved */
+ padstr8(buf + 8, 8, "QEMU");
+ padstr8(buf + 16, 16, "QEMU DVD-ROM");
+ padstr8(buf + 32, 4, s->version);
+ ide_atapi_cmd_reply(s, 36, max_len);
+}
+
+static void cmd_get_configuration(IDEState *s, uint8_t *buf)
+{
+ uint32_t len;
+ uint8_t index = 0;
+ int max_len;
+
+ /* only feature 0 is supported */
+ if (buf[2] != 0 || buf[3] != 0) {
+ ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
+ ASC_INV_FIELD_IN_CMD_PACKET);
+ return;
+ }
+
+ /* XXX: could result in alignment problems in some architectures */
+ max_len = ube16_to_cpu(buf + 7);
+
+ /*
+ * XXX: avoid overflow for io_buffer if max_len is bigger than
+ * the size of that buffer (dimensioned to max number of
+ * sectors to transfer at once)
+ *
+ * Only a problem if the feature/profiles grow.
+ */
+ if (max_len > 512) {
+ /* XXX: assume 1 sector */
+ max_len = 512;
+ }
+
+ memset(buf, 0, max_len);
+ /*
+ * the number of sectors from the media tells us which profile
+ * to use as current. 0 means there is no media
+ */
+ if (media_is_dvd(s)) {
+ cpu_to_ube16(buf + 6, MMC_PROFILE_DVD_ROM);
+ } else if (media_is_cd(s)) {
+ cpu_to_ube16(buf + 6, MMC_PROFILE_CD_ROM);
+ }
+
+ buf[10] = 0x02 | 0x01; /* persistent and current */
+ len = 12; /* headers: 8 + 4 */
+ len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_DVD_ROM);
+ len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_CD_ROM);
+ cpu_to_ube32(buf, len - 4); /* data length */
+
+ ide_atapi_cmd_reply(s, len, max_len);
+}
+
+static void cmd_mode_sense(IDEState *s, uint8_t *buf)
+{
+ int action, code;
+ int max_len;
+
+ if (buf[0] == GPCMD_MODE_SENSE_10) {
+ max_len = ube16_to_cpu(buf + 7);
+ } else {
+ max_len = buf[4];
+ }
+
+ action = buf[2] >> 6;
+ code = buf[2] & 0x3f;
+
+ switch(action) {
+ case 0: /* current values */
+ switch(code) {
+ case GPMODE_R_W_ERROR_PAGE: /* error recovery */
+ cpu_to_ube16(&buf[0], 16 + 6);
+ buf[2] = 0x70;
+ buf[3] = 0;
+ buf[4] = 0;
+ buf[5] = 0;
+ buf[6] = 0;
+ buf[7] = 0;
+
+ buf[8] = 0x01;
+ buf[9] = 0x06;
+ buf[10] = 0x00;
+ buf[11] = 0x05;
+ buf[12] = 0x00;
+ buf[13] = 0x00;
+ buf[14] = 0x00;
+ buf[15] = 0x00;
+ ide_atapi_cmd_reply(s, 16, max_len);
+ break;
+ case GPMODE_AUDIO_CTL_PAGE:
+ cpu_to_ube16(&buf[0], 24 + 6);
+ buf[2] = 0x70;
+ buf[3] = 0;
+ buf[4] = 0;
+ buf[5] = 0;
+ buf[6] = 0;
+ buf[7] = 0;
+
+ /* Fill with CDROM audio volume */
+ buf[17] = 0;
+ buf[19] = 0;
+ buf[21] = 0;
+ buf[23] = 0;
+
+ ide_atapi_cmd_reply(s, 24, max_len);
+ break;
+ case GPMODE_CAPABILITIES_PAGE:
+ cpu_to_ube16(&buf[0], 28 + 6);
+ buf[2] = 0x70;
+ buf[3] = 0;
+ buf[4] = 0;
+ buf[5] = 0;
+ buf[6] = 0;
+ buf[7] = 0;
+
+ buf[8] = 0x2a;
+ buf[9] = 0x12;
+ buf[10] = 0x00;
+ buf[11] = 0x00;
+
+ /* Claim PLAY_AUDIO capability (0x01) since some Linux
+ code checks for this to automount media. */
+ buf[12] = 0x71;
+ buf[13] = 3 << 5;
+ buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
+ if (bdrv_is_locked(s->bs))
+ buf[6] |= 1 << 1;
+ buf[15] = 0x00;
+ cpu_to_ube16(&buf[16], 706);
+ buf[18] = 0;
+ buf[19] = 2;
+ cpu_to_ube16(&buf[20], 512);
+ cpu_to_ube16(&buf[22], 706);
+ buf[24] = 0;
+ buf[25] = 0;
+ buf[26] = 0;
+ buf[27] = 0;
+ ide_atapi_cmd_reply(s, 28, max_len);
+ break;
+ default:
+ goto error_cmd;
+ }
+ break;
+ case 1: /* changeable values */
+ goto error_cmd;
+ case 2: /* default values */
+ goto error_cmd;
+ default:
+ case 3: /* saved values */
+ ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
+ ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
+ break;
+ }
+ return;
+
+error_cmd:
+ ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, ASC_INV_FIELD_IN_CMD_PACKET);
+}
+
+static void cmd_test_unit_ready(IDEState *s, uint8_t *buf)
+{
+ /* Not Ready Conditions are already handled in ide_atapi_cmd(), so if we
+ * come here, we know that it's ready. */
+ ide_atapi_cmd_ok(s);
+}
+
+static void cmd_prevent_allow_medium_removal(IDEState *s, uint8_t* buf)
+{
+ bdrv_set_locked(s->bs, buf[4] & 1);
+ ide_atapi_cmd_ok(s);
+}
+
+static void cmd_read(IDEState *s, uint8_t* buf)
+{
+ int nb_sectors, lba;
+
+ if (buf[0] == GPCMD_READ_10) {
+ nb_sectors = ube16_to_cpu(buf + 7);
+ } else {
+ nb_sectors = ube32_to_cpu(buf + 6);
+ }
+
+ lba = ube32_to_cpu(buf + 2);
+ if (nb_sectors == 0) {
+ ide_atapi_cmd_ok(s);
+ return;
+ }
+
+ ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
+}
+
+static void cmd_read_cd(IDEState *s, uint8_t* buf)
+{
+ int nb_sectors, lba, transfer_request;
+
+ nb_sectors = (buf[6] << 16) | (buf[7] << 8) | buf[8];
+ lba = ube32_to_cpu(buf + 2);
+
+ if (nb_sectors == 0) {
+ ide_atapi_cmd_ok(s);
+ return;
+ }
+
+ transfer_request = buf[9];
+ switch(transfer_request & 0xf8) {
+ case 0x00:
+ /* nothing */
+ ide_atapi_cmd_ok(s);
+ break;
+ case 0x10:
+ /* normal read */
+ ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
+ break;
+ case 0xf8:
+ /* read all data */
+ ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
+ break;
+ default:
+ ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
+ ASC_INV_FIELD_IN_CMD_PACKET);
+ break;
+ }
+}
+
+static void cmd_seek(IDEState *s, uint8_t* buf)
+{
+ unsigned int lba;
+ uint64_t total_sectors = s->nb_sectors >> 2;
+
+ lba = ube32_to_cpu(buf + 2);
+ if (lba >= total_sectors) {
+ ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, ASC_LOGICAL_BLOCK_OOR);
+ return;
+ }
+
+ ide_atapi_cmd_ok(s);
+}
+
+static void cmd_start_stop_unit(IDEState *s, uint8_t* buf)
+{
+ int start, eject, sense, err = 0;
+ start = buf[4] & 1;
+ eject = (buf[4] >> 1) & 1;
+
+ if (eject) {
+ err = bdrv_eject(s->bs, !start);
+ }
+
+ switch (err) {
+ case 0:
+ ide_atapi_cmd_ok(s);
+ break;
+ case -EBUSY:
+ sense = SENSE_NOT_READY;
+ if (bdrv_is_inserted(s->bs)) {
+ sense = SENSE_ILLEGAL_REQUEST;
+ }
+ ide_atapi_cmd_error(s, sense, ASC_MEDIA_REMOVAL_PREVENTED);
+ break;
+ default:
+ ide_atapi_cmd_error(s, SENSE_NOT_READY, ASC_MEDIUM_NOT_PRESENT);
+ break;
+ }
+}
+
+static void cmd_mechanism_status(IDEState *s, uint8_t* buf)
+{
+ int max_len = ube16_to_cpu(buf + 8);
+
+ cpu_to_ube16(buf, 0);
+ /* no current LBA */
+ buf[2] = 0;
+ buf[3] = 0;
+ buf[4] = 0;
+ buf[5] = 1;
+ cpu_to_ube16(buf + 6, 0);
+ ide_atapi_cmd_reply(s, 8, max_len);
+}
+
+static void cmd_read_toc_pma_atip(IDEState *s, uint8_t* buf)
+{
+ int format, msf, start_track, len;
+ int max_len;
+ uint64_t total_sectors = s->nb_sectors >> 2;
+
+ max_len = ube16_to_cpu(buf + 7);
+ format = buf[9] >> 6;
+ msf = (buf[1] >> 1) & 1;
+ start_track = buf[6];
+
+ switch(format) {
+ case 0:
+ len = cdrom_read_toc(total_sectors, buf, msf, start_track);
+ if (len < 0)
+ goto error_cmd;
+ ide_atapi_cmd_reply(s, len, max_len);
+ break;
+ case 1:
+ /* multi session : only a single session defined */
+ memset(buf, 0, 12);
+ buf[1] = 0x0a;
+ buf[2] = 0x01;
+ buf[3] = 0x01;
+ ide_atapi_cmd_reply(s, 12, max_len);
+ break;
+ case 2:
+ len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
+ if (len < 0)
+ goto error_cmd;
+ ide_atapi_cmd_reply(s, len, max_len);
+ break;
+ default:
+ error_cmd:
+ ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
+ ASC_INV_FIELD_IN_CMD_PACKET);
+ }
+}
+
+static void cmd_read_cdvd_capacity(IDEState *s, uint8_t* buf)
+{
+ uint64_t total_sectors = s->nb_sectors >> 2;
+
+ /* NOTE: it is really the number of sectors minus 1 */
+ cpu_to_ube32(buf, total_sectors - 1);
+ cpu_to_ube32(buf + 4, 2048);
+ ide_atapi_cmd_reply(s, 8, 8);
+}
+
+static void cmd_read_dvd_structure(IDEState *s, uint8_t* buf)
+{
+ int max_len;
+ int media = buf[1];
+ int format = buf[7];
+ int ret;
+
+ max_len = ube16_to_cpu(buf + 8);
+
+ if (format < 0xff) {
+ if (media_is_cd(s)) {
+ ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
+ ASC_INCOMPATIBLE_FORMAT);
+ return;
+ } else if (!media_present(s)) {
+ ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
+ ASC_INV_FIELD_IN_CMD_PACKET);
+ return;
+ }
+ }
+
+ memset(buf, 0, max_len > IDE_DMA_BUF_SECTORS * 512 + 4 ?
+ IDE_DMA_BUF_SECTORS * 512 + 4 : max_len);
+
+ switch (format) {
+ case 0x00 ... 0x7f:
+ case 0xff:
+ if (media == 0) {
+ ret = ide_dvd_read_structure(s, format, buf, buf);
+
+ if (ret < 0) {
+ ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, -ret);
+ } else {
+ ide_atapi_cmd_reply(s, ret, max_len);
+ }
+
+ break;
+ }
+ /* TODO: BD support, fall through for now */
+
+ /* Generic disk structures */
+ case 0x80: /* TODO: AACS volume identifier */
+ case 0x81: /* TODO: AACS media serial number */
+ case 0x82: /* TODO: AACS media identifier */
+ case 0x83: /* TODO: AACS media key block */
+ case 0x90: /* TODO: List of recognized format layers */
+ case 0xc0: /* TODO: Write protection status */
+ default:
+ ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
+ ASC_INV_FIELD_IN_CMD_PACKET);
+ break;
+ }
+}
+
+static void cmd_set_speed(IDEState *s, uint8_t* buf)
+{
+ ide_atapi_cmd_ok(s);
+}
+
+enum {
+ /*
+ * Only commands flagged as ALLOW_UA are allowed to run under a
+ * unit attention condition. (See MMC-5, section 4.1.6.1)
+ */
+ ALLOW_UA = 0x01,
+
+ /*
+ * Commands flagged with CHECK_READY can only execute if a medium is present.
+ * Otherwise they report the Not Ready Condition. (See MMC-5, section
+ * 4.1.8)
+ */
+ CHECK_READY = 0x02,
+};
+
+static const struct {
+ void (*handler)(IDEState *s, uint8_t *buf);
+ int flags;
+} atapi_cmd_table[0x100] = {
+ [ 0x00 ] = { cmd_test_unit_ready, CHECK_READY },
+ [ 0x03 ] = { cmd_request_sense, ALLOW_UA },
+ [ 0x12 ] = { cmd_inquiry, ALLOW_UA },
+ [ 0x1a ] = { cmd_mode_sense, /* (6) */ 0 },
+ [ 0x1b ] = { cmd_start_stop_unit, 0 },
+ [ 0x1e ] = { cmd_prevent_allow_medium_removal, 0 },
+ [ 0x25 ] = { cmd_read_cdvd_capacity, CHECK_READY },
+ [ 0x28 ] = { cmd_read, /* (10) */ 0 },
+ [ 0x2b ] = { cmd_seek, CHECK_READY },
+ [ 0x43 ] = { cmd_read_toc_pma_atip, CHECK_READY },
+ [ 0x46 ] = { cmd_get_configuration, ALLOW_UA },
+ [ 0x4a ] = { cmd_get_event_status_notification, ALLOW_UA },
+ [ 0x5a ] = { cmd_mode_sense, /* (10) */ 0 },
+ [ 0xa8 ] = { cmd_read, /* (12) */ 0 },
+ [ 0xad ] = { cmd_read_dvd_structure, 0 },
+ [ 0xbb ] = { cmd_set_speed, 0 },
+ [ 0xbd ] = { cmd_mechanism_status, 0 },
+ [ 0xbe ] = { cmd_read_cd, 0 },
+};
+
+void ide_atapi_cmd(IDEState *s)
+{
+ uint8_t *buf;
+
+ buf = s->io_buffer;
+#ifdef DEBUG_IDE_ATAPI
+ {
+ int i;
+ printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
+ for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
+ printf(" %02x", buf[i]);
+ }
+ printf("\n");
+ }
+#endif
+ /*
+ * If there's a UNIT_ATTENTION condition pending, only command flagged with
+ * ALLOW_UA are allowed to complete. with other commands getting a CHECK
+ * condition response unless a higher priority status, defined by the drive
+ * here, is pending.
+ */
+ if (s->sense_key == SENSE_UNIT_ATTENTION &&
+ !(atapi_cmd_table[s->io_buffer[0]].flags & ALLOW_UA)) {
+ ide_atapi_cmd_check_status(s);
+ return;
+ }
+ /*
+ * When a CD gets changed, we have to report an ejected state and
+ * then a loaded state to guests so that they detect tray
+ * open/close and media change events. Guests that do not use
+ * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
+ * states rely on this behavior.
+ */
+ if (bdrv_is_inserted(s->bs) && s->cdrom_changed) {
+ ide_atapi_cmd_error(s, SENSE_NOT_READY, ASC_MEDIUM_NOT_PRESENT);
+
+ s->cdrom_changed = 0;
+ s->sense_key = SENSE_UNIT_ATTENTION;
+ s->asc = ASC_MEDIUM_MAY_HAVE_CHANGED;
+ return;
+ }
+
+ /* Report a Not Ready condition if appropriate for the command */
+ if ((atapi_cmd_table[s->io_buffer[0]].flags & CHECK_READY) &&
+ (!media_present(s) || !bdrv_is_inserted(s->bs)))
+ {
+ ide_atapi_cmd_error(s, SENSE_NOT_READY, ASC_MEDIUM_NOT_PRESENT);
+ return;
+ }
+
+ /* Execute the command */
+ if (atapi_cmd_table[s->io_buffer[0]].handler) {
+ atapi_cmd_table[s->io_buffer[0]].handler(s, buf);
+ return;
+ }
+
+ ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, ASC_ILLEGAL_OPCODE);
+}
diff --git a/hw/ide/core.c b/hw/ide/core.c
index 007a4ee..90f553b 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -25,7 +25,6 @@
#include <hw/hw.h>
#include <hw/pc.h>
#include <hw/pci.h>
-#include <hw/scsi.h>
#include "qemu-error.h"
#include "qemu-timer.h"
#include "sysemu.h"
@@ -56,23 +55,6 @@ static const int smart_attributes[][12] = {
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
};
-/* XXX: DVDs that could fit on a CD will be reported as a CD */
-static inline int media_present(IDEState *s)
-{
- return (s->nb_sectors > 0);
-}
-
-static inline int media_is_dvd(IDEState *s)
-{
- return (media_present(s) && s->nb_sectors > CD_MAX_SECTORS);
-}
-
-static inline int media_is_cd(IDEState *s)
-{
- return (media_present(s) && s->nb_sectors <= CD_MAX_SECTORS);
-}
-
-static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
static int ide_handle_rw_error(IDEState *s, int error, int op);
static void padstr(char *str, const char *src, int len)
@@ -87,17 +69,6 @@ static void padstr(char *str, const char *src, int len)
}
}
-static void padstr8(uint8_t *buf, int buf_size, const char *src)
-{
- int i;
- for(i = 0; i < buf_size; i++) {
- if (*src)
- buf[i] = *src++;
- else
- buf[i] = ' ';
- }
-}
-
static void put_le16(uint16_t *p, unsigned int v)
{
*p = cpu_to_le16(v);
@@ -335,8 +306,8 @@ static inline void ide_abort_command(IDEState *s)
}
/* prepare data transfer and tell what to do after */
-static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
- EndTransferFunc *end_transfer_func)
+void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
+ EndTransferFunc *end_transfer_func)
{
s->end_transfer_func = end_transfer_func;
s->data_ptr = buf;
@@ -347,7 +318,7 @@ static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
s->bus->dma->ops->start_transfer(s->bus->dma);
}
-static void ide_transfer_stop(IDEState *s)
+void ide_transfer_stop(IDEState *s)
{
s->end_transfer_func = ide_transfer_stop;
s->data_ptr = s->io_buffer;
@@ -447,7 +418,7 @@ static void dma_buf_commit(IDEState *s, int is_write)
qemu_sglist_destroy(&s->sg);
}
-static void ide_set_inactive(IDEState *s)
+void ide_set_inactive(IDEState *s)
{
s->bus->dma->aiocb = NULL;
s->bus->dma->ops->set_inactive(s->bus->dma);
@@ -617,38 +588,6 @@ void ide_sector_write(IDEState *s)
}
}
-void ide_atapi_cmd_ok(IDEState *s)
-{
- s->error = 0;
- s->status = READY_STAT | SEEK_STAT;
- s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
- ide_set_irq(s->bus);
-}
-
-void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
-{
-#ifdef DEBUG_IDE_ATAPI
- printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
-#endif
- s->error = sense_key << 4;
- s->status = READY_STAT | ERR_STAT;
- s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
- s->sense_key = sense_key;
- s->asc = asc;
- ide_set_irq(s->bus);
-}
-
-static void ide_atapi_cmd_check_status(IDEState *s)
-{
-#ifdef DEBUG_IDE_ATAPI
- printf("atapi_cmd_check_status\n");
-#endif
- s->error = MC_ERR | (SENSE_UNIT_ATTENTION << 4);
- s->status = ERR_STAT;
- s->nsector = 0;
- ide_set_irq(s->bus);
-}
-
static void ide_flush_cb(void *opaque, int ret)
{
IDEState *s = opaque;
@@ -679,870 +618,6 @@ void ide_flush_cache(IDEState *s)
}
}
-static inline void cpu_to_ube16(uint8_t *buf, int val)
-{
- buf[0] = val >> 8;
- buf[1] = val & 0xff;
-}
-
-static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
-{
- buf[0] = val >> 24;
- buf[1] = val >> 16;
- buf[2] = val >> 8;
- buf[3] = val & 0xff;
-}
-
-static inline int ube16_to_cpu(const uint8_t *buf)
-{
- return (buf[0] << 8) | buf[1];
-}
-
-static inline int ube32_to_cpu(const uint8_t *buf)
-{
- return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
-}
-
-static void lba_to_msf(uint8_t *buf, int lba)
-{
- lba += 150;
- buf[0] = (lba / 75) / 60;
- buf[1] = (lba / 75) % 60;
- buf[2] = lba % 75;
-}
-
-static void cd_data_to_raw(uint8_t *buf, int lba)
-{
- /* sync bytes */
- buf[0] = 0x00;
- memset(buf + 1, 0xff, 10);
- buf[11] = 0x00;
- buf += 12;
- /* MSF */
- lba_to_msf(buf, lba);
- buf[3] = 0x01; /* mode 1 data */
- buf += 4;
- /* data */
- buf += 2048;
- /* XXX: ECC not computed */
- memset(buf, 0, 288);
-}
-
-static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
- int sector_size)
-{
- int ret;
-
- switch(sector_size) {
- case 2048:
- ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
- break;
- case 2352:
- ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
- if (ret < 0)
- return ret;
- cd_data_to_raw(buf, lba);
- break;
- default:
- ret = -EIO;
- break;
- }
- return ret;
-}
-
-void ide_atapi_io_error(IDEState *s, int ret)
-{
- /* XXX: handle more errors */
- if (ret == -ENOMEDIUM) {
- ide_atapi_cmd_error(s, SENSE_NOT_READY,
- ASC_MEDIUM_NOT_PRESENT);
- } else {
- ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
- ASC_LOGICAL_BLOCK_OOR);
- }
-}
-
-/* The whole ATAPI transfer logic is handled in this function */
-static void ide_atapi_cmd_reply_end(IDEState *s)
-{
- int byte_count_limit, size, ret;
-#ifdef DEBUG_IDE_ATAPI
- printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
- s->packet_transfer_size,
- s->elementary_transfer_size,
- s->io_buffer_index);
-#endif
- if (s->packet_transfer_size <= 0) {
- /* end of transfer */
- ide_transfer_stop(s);
- s->status = READY_STAT | SEEK_STAT;
- s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
- ide_set_irq(s->bus);
-#ifdef DEBUG_IDE_ATAPI
- printf("status=0x%x\n", s->status);
-#endif
- } else {
- /* see if a new sector must be read */
- if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
- ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
- if (ret < 0) {
- ide_transfer_stop(s);
- ide_atapi_io_error(s, ret);
- return;
- }
- s->lba++;
- s->io_buffer_index = 0;
- }
- if (s->elementary_transfer_size > 0) {
- /* there are some data left to transmit in this elementary
- transfer */
- size = s->cd_sector_size - s->io_buffer_index;
- if (size > s->elementary_transfer_size)
- size = s->elementary_transfer_size;
- s->packet_transfer_size -= size;
- s->elementary_transfer_size -= size;
- s->io_buffer_index += size;
- ide_transfer_start(s, s->io_buffer + s->io_buffer_index - size,
- size, ide_atapi_cmd_reply_end);
- } else {
- /* a new transfer is needed */
- s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
- byte_count_limit = s->lcyl | (s->hcyl << 8);
-#ifdef DEBUG_IDE_ATAPI
- printf("byte_count_limit=%d\n", byte_count_limit);
-#endif
- if (byte_count_limit == 0xffff)
- byte_count_limit--;
- size = s->packet_transfer_size;
- if (size > byte_count_limit) {
- /* byte count limit must be even if this case */
- if (byte_count_limit & 1)
- byte_count_limit--;
- size = byte_count_limit;
- }
- s->lcyl = size;
- s->hcyl = size >> 8;
- s->elementary_transfer_size = size;
- /* we cannot transmit more than one sector at a time */
- if (s->lba != -1) {
- if (size > (s->cd_sector_size - s->io_buffer_index))
- size = (s->cd_sector_size - s->io_buffer_index);
- }
- s->packet_transfer_size -= size;
- s->elementary_transfer_size -= size;
- s->io_buffer_index += size;
- ide_transfer_start(s, s->io_buffer + s->io_buffer_index - size,
- size, ide_atapi_cmd_reply_end);
- ide_set_irq(s->bus);
-#ifdef DEBUG_IDE_ATAPI
- printf("status=0x%x\n", s->status);
-#endif
- }
- }
-}
-
-/* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
-static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
-{
- if (size > max_size)
- size = max_size;
- s->lba = -1; /* no sector read */
- s->packet_transfer_size = size;
- s->io_buffer_size = size; /* dma: send the reply data as one chunk */
- s->elementary_transfer_size = 0;
- s->io_buffer_index = 0;
-
- if (s->atapi_dma) {
- s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
- s->bus->dma->ops->start_dma(s->bus->dma, s,
- ide_atapi_cmd_read_dma_cb);
- } else {
- s->status = READY_STAT | SEEK_STAT;
- ide_atapi_cmd_reply_end(s);
- }
-}
-
-/* start a CD-CDROM read command */
-static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
- int sector_size)
-{
- s->lba = lba;
- s->packet_transfer_size = nb_sectors * sector_size;
- s->elementary_transfer_size = 0;
- s->io_buffer_index = sector_size;
- s->cd_sector_size = sector_size;
-
- s->status = READY_STAT | SEEK_STAT;
- ide_atapi_cmd_reply_end(s);
-}
-
-/* ATAPI DMA support */
-
-/* XXX: handle read errors */
-static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
-{
- IDEState *s = opaque;
- int data_offset, n;
-
- if (ret < 0) {
- ide_atapi_io_error(s, ret);
- goto eot;
- }
-
- if (s->io_buffer_size > 0) {
- /*
- * For a cdrom read sector command (s->lba != -1),
- * adjust the lba for the next s->io_buffer_size chunk
- * and dma the current chunk.
- * For a command != read (s->lba == -1), just transfer
- * the reply data.
- */
- if (s->lba != -1) {
- if (s->cd_sector_size == 2352) {
- n = 1;
- cd_data_to_raw(s->io_buffer, s->lba);
- } else {
- n = s->io_buffer_size >> 11;
- }
- s->lba += n;
- }
- s->packet_transfer_size -= s->io_buffer_size;
- if (s->bus->dma->ops->rw_buf(s->bus->dma, 1) == 0)
- goto eot;
- }
-
- if (s->packet_transfer_size <= 0) {
- s->status = READY_STAT | SEEK_STAT;
- s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
- ide_set_irq(s->bus);
- eot:
- s->bus->dma->ops->add_status(s->bus->dma, BM_STATUS_INT);
- ide_set_inactive(s);
- return;
- }
-
- s->io_buffer_index = 0;
- if (s->cd_sector_size == 2352) {
- n = 1;
- s->io_buffer_size = s->cd_sector_size;
- data_offset = 16;
- } else {
- n = s->packet_transfer_size >> 11;
- if (n > (IDE_DMA_BUF_SECTORS / 4))
- n = (IDE_DMA_BUF_SECTORS / 4);
- s->io_buffer_size = n * 2048;
- data_offset = 0;
- }
-#ifdef DEBUG_AIO
- printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
-#endif
- s->bus->dma->iov.iov_base = (void *)(s->io_buffer + data_offset);
- s->bus->dma->iov.iov_len = n * 4 * 512;
- qemu_iovec_init_external(&s->bus->dma->qiov, &s->bus->dma->iov, 1);
- s->bus->dma->aiocb = bdrv_aio_readv(s->bs, (int64_t)s->lba << 2,
- &s->bus->dma->qiov, n * 4,
- ide_atapi_cmd_read_dma_cb, s);
- if (!s->bus->dma->aiocb) {
- /* Note: media not present is the most likely case */
- ide_atapi_cmd_error(s, SENSE_NOT_READY,
- ASC_MEDIUM_NOT_PRESENT);
- goto eot;
- }
-}
-
-/* start a CD-CDROM read command with DMA */
-/* XXX: test if DMA is available */
-static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
- int sector_size)
-{
- s->lba = lba;
- s->packet_transfer_size = nb_sectors * sector_size;
- s->io_buffer_index = 0;
- s->io_buffer_size = 0;
- s->cd_sector_size = sector_size;
-
- /* XXX: check if BUSY_STAT should be set */
- s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
- s->bus->dma->ops->start_dma(s->bus->dma, s,
- ide_atapi_cmd_read_dma_cb);
-}
-
-static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
- int sector_size)
-{
-#ifdef DEBUG_IDE_ATAPI
- printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
- lba, nb_sectors);
-#endif
- if (s->atapi_dma) {
- ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
- } else {
- ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
- }
-}
-
-static inline uint8_t ide_atapi_set_profile(uint8_t *buf, uint8_t *index,
- uint16_t profile)
-{
- uint8_t *buf_profile = buf + 12; /* start of profiles */
-
- buf_profile += ((*index) * 4); /* start of indexed profile */
- cpu_to_ube16 (buf_profile, profile);
- buf_profile[2] = ((buf_profile[0] == buf[6]) && (buf_profile[1] == buf[7]));
-
- /* each profile adds 4 bytes to the response */
- (*index)++;
- buf[11] += 4; /* Additional Length */
-
- return 4;
-}
-
-static int ide_dvd_read_structure(IDEState *s, int format,
- const uint8_t *packet, uint8_t *buf)
-{
- switch (format) {
- case 0x0: /* Physical format information */
- {
- int layer = packet[6];
- uint64_t total_sectors;
-
- if (layer != 0)
- return -ASC_INV_FIELD_IN_CMD_PACKET;
-
- bdrv_get_geometry(s->bs, &total_sectors);
- total_sectors >>= 2;
- if (total_sectors == 0)
- return -ASC_MEDIUM_NOT_PRESENT;
-
- buf[4] = 1; /* DVD-ROM, part version 1 */
- buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
- buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
- buf[7] = 0; /* default densities */
-
- /* FIXME: 0x30000 per spec? */
- cpu_to_ube32(buf + 8, 0); /* start sector */
- cpu_to_ube32(buf + 12, total_sectors - 1); /* end sector */
- cpu_to_ube32(buf + 16, total_sectors - 1); /* l0 end sector */
-
- /* Size of buffer, not including 2 byte size field */
- cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
-
- /* 2k data + 4 byte header */
- return (2048 + 4);
- }
-
- case 0x01: /* DVD copyright information */
- buf[4] = 0; /* no copyright data */
- buf[5] = 0; /* no region restrictions */
-
- /* Size of buffer, not including 2 byte size field */
- cpu_to_be16wu((uint16_t *)buf, 4 + 2);
-
- /* 4 byte header + 4 byte data */
- return (4 + 4);
-
- case 0x03: /* BCA information - invalid field for no BCA info */
- return -ASC_INV_FIELD_IN_CMD_PACKET;
-
- case 0x04: /* DVD disc manufacturing information */
- /* Size of buffer, not including 2 byte size field */
- cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
-
- /* 2k data + 4 byte header */
- return (2048 + 4);
-
- case 0xff:
- /*
- * This lists all the command capabilities above. Add new ones
- * in order and update the length and buffer return values.
- */
-
- buf[4] = 0x00; /* Physical format */
- buf[5] = 0x40; /* Not writable, is readable */
- cpu_to_be16wu((uint16_t *)(buf + 6), 2048 + 4);
-
- buf[8] = 0x01; /* Copyright info */
- buf[9] = 0x40; /* Not writable, is readable */
- cpu_to_be16wu((uint16_t *)(buf + 10), 4 + 4);
-
- buf[12] = 0x03; /* BCA info */
- buf[13] = 0x40; /* Not writable, is readable */
- cpu_to_be16wu((uint16_t *)(buf + 14), 188 + 4);
-
- buf[16] = 0x04; /* Manufacturing info */
- buf[17] = 0x40; /* Not writable, is readable */
- cpu_to_be16wu((uint16_t *)(buf + 18), 2048 + 4);
-
- /* Size of buffer, not including 2 byte size field */
- cpu_to_be16wu((uint16_t *)buf, 16 + 2);
-
- /* data written + 4 byte header */
- return (16 + 4);
-
- default: /* TODO: formats beyond DVD-ROM requires */
- return -ASC_INV_FIELD_IN_CMD_PACKET;
- }
-}
-
-static void ide_atapi_cmd(IDEState *s)
-{
- const uint8_t *packet;
- uint8_t *buf;
- int max_len;
-
- packet = s->io_buffer;
- buf = s->io_buffer;
-#ifdef DEBUG_IDE_ATAPI
- {
- int i;
- printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
- for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
- printf(" %02x", packet[i]);
- }
- printf("\n");
- }
-#endif
- /* If there's a UNIT_ATTENTION condition pending, only
- REQUEST_SENSE and INQUIRY commands are allowed to complete. */
- if (s->sense_key == SENSE_UNIT_ATTENTION &&
- s->io_buffer[0] != GPCMD_REQUEST_SENSE &&
- s->io_buffer[0] != GPCMD_INQUIRY) {
- ide_atapi_cmd_check_status(s);
- return;
- }
- switch(s->io_buffer[0]) {
- case GPCMD_TEST_UNIT_READY:
- if (bdrv_is_inserted(s->bs) && !s->cdrom_changed) {
- ide_atapi_cmd_ok(s);
- } else {
- s->cdrom_changed = 0;
- ide_atapi_cmd_error(s, SENSE_NOT_READY,
- ASC_MEDIUM_NOT_PRESENT);
- }
- break;
- case GPCMD_MODE_SENSE_6:
- case GPCMD_MODE_SENSE_10:
- {
- int action, code;
- if (packet[0] == GPCMD_MODE_SENSE_10)
- max_len = ube16_to_cpu(packet + 7);
- else
- max_len = packet[4];
- action = packet[2] >> 6;
- code = packet[2] & 0x3f;
- switch(action) {
- case 0: /* current values */
- switch(code) {
- case GPMODE_R_W_ERROR_PAGE: /* error recovery */
- cpu_to_ube16(&buf[0], 16 + 6);
- buf[2] = 0x70;
- buf[3] = 0;
- buf[4] = 0;
- buf[5] = 0;
- buf[6] = 0;
- buf[7] = 0;
-
- buf[8] = 0x01;
- buf[9] = 0x06;
- buf[10] = 0x00;
- buf[11] = 0x05;
- buf[12] = 0x00;
- buf[13] = 0x00;
- buf[14] = 0x00;
- buf[15] = 0x00;
- ide_atapi_cmd_reply(s, 16, max_len);
- break;
- case GPMODE_AUDIO_CTL_PAGE:
- cpu_to_ube16(&buf[0], 24 + 6);
- buf[2] = 0x70;
- buf[3] = 0;
- buf[4] = 0;
- buf[5] = 0;
- buf[6] = 0;
- buf[7] = 0;
-
- /* Fill with CDROM audio volume */
- buf[17] = 0;
- buf[19] = 0;
- buf[21] = 0;
- buf[23] = 0;
-
- ide_atapi_cmd_reply(s, 24, max_len);
- break;
- case GPMODE_CAPABILITIES_PAGE:
- cpu_to_ube16(&buf[0], 28 + 6);
- buf[2] = 0x70;
- buf[3] = 0;
- buf[4] = 0;
- buf[5] = 0;
- buf[6] = 0;
- buf[7] = 0;
-
- buf[8] = 0x2a;
- buf[9] = 0x12;
- buf[10] = 0x00;
- buf[11] = 0x00;
-
- /* Claim PLAY_AUDIO capability (0x01) since some Linux
- code checks for this to automount media. */
- buf[12] = 0x71;
- buf[13] = 3 << 5;
- buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
- if (bdrv_is_locked(s->bs))
- buf[6] |= 1 << 1;
- buf[15] = 0x00;
- cpu_to_ube16(&buf[16], 706);
- buf[18] = 0;
- buf[19] = 2;
- cpu_to_ube16(&buf[20], 512);
- cpu_to_ube16(&buf[22], 706);
- buf[24] = 0;
- buf[25] = 0;
- buf[26] = 0;
- buf[27] = 0;
- ide_atapi_cmd_reply(s, 28, max_len);
- break;
- default:
- goto error_cmd;
- }
- break;
- case 1: /* changeable values */
- goto error_cmd;
- case 2: /* default values */
- goto error_cmd;
- default:
- case 3: /* saved values */
- ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
- ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
- break;
- }
- }
- break;
- case GPCMD_REQUEST_SENSE:
- max_len = packet[4];
- memset(buf, 0, 18);
- buf[0] = 0x70 | (1 << 7);
- buf[2] = s->sense_key;
- buf[7] = 10;
- buf[12] = s->asc;
- if (s->sense_key == SENSE_UNIT_ATTENTION)
- s->sense_key = SENSE_NONE;
- ide_atapi_cmd_reply(s, 18, max_len);
- break;
- case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
- if (bdrv_is_inserted(s->bs)) {
- bdrv_set_locked(s->bs, packet[4] & 1);
- ide_atapi_cmd_ok(s);
- } else {
- ide_atapi_cmd_error(s, SENSE_NOT_READY,
- ASC_MEDIUM_NOT_PRESENT);
- }
- break;
- case GPCMD_READ_10:
- case GPCMD_READ_12:
- {
- int nb_sectors, lba;
-
- if (packet[0] == GPCMD_READ_10)
- nb_sectors = ube16_to_cpu(packet + 7);
- else
- nb_sectors = ube32_to_cpu(packet + 6);
- lba = ube32_to_cpu(packet + 2);
- if (nb_sectors == 0) {
- ide_atapi_cmd_ok(s);
- break;
- }
- ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
- }
- break;
- case GPCMD_READ_CD:
- {
- int nb_sectors, lba, transfer_request;
-
- nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
- lba = ube32_to_cpu(packet + 2);
- if (nb_sectors == 0) {
- ide_atapi_cmd_ok(s);
- break;
- }
- transfer_request = packet[9];
- switch(transfer_request & 0xf8) {
- case 0x00:
- /* nothing */
- ide_atapi_cmd_ok(s);
- break;
- case 0x10:
- /* normal read */
- ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
- break;
- case 0xf8:
- /* read all data */
- ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
- break;
- default:
- ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
- ASC_INV_FIELD_IN_CMD_PACKET);
- break;
- }
- }
- break;
- case GPCMD_SEEK:
- {
- unsigned int lba;
- uint64_t total_sectors;
-
- bdrv_get_geometry(s->bs, &total_sectors);
- total_sectors >>= 2;
- if (total_sectors == 0) {
- ide_atapi_cmd_error(s, SENSE_NOT_READY,
- ASC_MEDIUM_NOT_PRESENT);
- break;
- }
- lba = ube32_to_cpu(packet + 2);
- if (lba >= total_sectors) {
- ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
- ASC_LOGICAL_BLOCK_OOR);
- break;
- }
- ide_atapi_cmd_ok(s);
- }
- break;
- case GPCMD_START_STOP_UNIT:
- {
- int start, eject, err = 0;
- start = packet[4] & 1;
- eject = (packet[4] >> 1) & 1;
-
- if (eject) {
- err = bdrv_eject(s->bs, !start);
- }
-
- switch (err) {
- case 0:
- ide_atapi_cmd_ok(s);
- break;
- case -EBUSY:
- ide_atapi_cmd_error(s, SENSE_NOT_READY,
- ASC_MEDIA_REMOVAL_PREVENTED);
- break;
- default:
- ide_atapi_cmd_error(s, SENSE_NOT_READY,
- ASC_MEDIUM_NOT_PRESENT);
- break;
- }
- }
- break;
- case GPCMD_MECHANISM_STATUS:
- {
- max_len = ube16_to_cpu(packet + 8);
- cpu_to_ube16(buf, 0);
- /* no current LBA */
- buf[2] = 0;
- buf[3] = 0;
- buf[4] = 0;
- buf[5] = 1;
- cpu_to_ube16(buf + 6, 0);
- ide_atapi_cmd_reply(s, 8, max_len);
- }
- break;
- case GPCMD_READ_TOC_PMA_ATIP:
- {
- int format, msf, start_track, len;
- uint64_t total_sectors;
-
- bdrv_get_geometry(s->bs, &total_sectors);
- total_sectors >>= 2;
- if (total_sectors == 0) {
- ide_atapi_cmd_error(s, SENSE_NOT_READY,
- ASC_MEDIUM_NOT_PRESENT);
- break;
- }
- max_len = ube16_to_cpu(packet + 7);
- format = packet[9] >> 6;
- msf = (packet[1] >> 1) & 1;
- start_track = packet[6];
- switch(format) {
- case 0:
- len = cdrom_read_toc(total_sectors, buf, msf, start_track);
- if (len < 0)
- goto error_cmd;
- ide_atapi_cmd_reply(s, len, max_len);
- break;
- case 1:
- /* multi session : only a single session defined */
- memset(buf, 0, 12);
- buf[1] = 0x0a;
- buf[2] = 0x01;
- buf[3] = 0x01;
- ide_atapi_cmd_reply(s, 12, max_len);
- break;
- case 2:
- len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
- if (len < 0)
- goto error_cmd;
- ide_atapi_cmd_reply(s, len, max_len);
- break;
- default:
- error_cmd:
- ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
- ASC_INV_FIELD_IN_CMD_PACKET);
- break;
- }
- }
- break;
- case GPCMD_READ_CDVD_CAPACITY:
- {
- uint64_t total_sectors;
-
- bdrv_get_geometry(s->bs, &total_sectors);
- total_sectors >>= 2;
- if (total_sectors == 0) {
- ide_atapi_cmd_error(s, SENSE_NOT_READY,
- ASC_MEDIUM_NOT_PRESENT);
- break;
- }
- /* NOTE: it is really the number of sectors minus 1 */
- cpu_to_ube32(buf, total_sectors - 1);
- cpu_to_ube32(buf + 4, 2048);
- ide_atapi_cmd_reply(s, 8, 8);
- }
- break;
- case GPCMD_READ_DVD_STRUCTURE:
- {
- int media = packet[1];
- int format = packet[7];
- int ret;
-
- max_len = ube16_to_cpu(packet + 8);
-
- if (format < 0xff) {
- if (media_is_cd(s)) {
- ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
- ASC_INCOMPATIBLE_FORMAT);
- break;
- } else if (!media_present(s)) {
- ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
- ASC_INV_FIELD_IN_CMD_PACKET);
- break;
- }
- }
-
- memset(buf, 0, max_len > IDE_DMA_BUF_SECTORS * 512 + 4 ?
- IDE_DMA_BUF_SECTORS * 512 + 4 : max_len);
-
- switch (format) {
- case 0x00 ... 0x7f:
- case 0xff:
- if (media == 0) {
- ret = ide_dvd_read_structure(s, format, packet, buf);
-
- if (ret < 0)
- ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, -ret);
- else
- ide_atapi_cmd_reply(s, ret, max_len);
-
- break;
- }
- /* TODO: BD support, fall through for now */
-
- /* Generic disk structures */
- case 0x80: /* TODO: AACS volume identifier */
- case 0x81: /* TODO: AACS media serial number */
- case 0x82: /* TODO: AACS media identifier */
- case 0x83: /* TODO: AACS media key block */
- case 0x90: /* TODO: List of recognized format layers */
- case 0xc0: /* TODO: Write protection status */
- default:
- ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
- ASC_INV_FIELD_IN_CMD_PACKET);
- break;
- }
- }
- break;
- case GPCMD_SET_SPEED:
- ide_atapi_cmd_ok(s);
- break;
- case GPCMD_INQUIRY:
- max_len = packet[4];
- buf[0] = 0x05; /* CD-ROM */
- buf[1] = 0x80; /* removable */
- buf[2] = 0x00; /* ISO */
- buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
- buf[4] = 31; /* additional length */
- buf[5] = 0; /* reserved */
- buf[6] = 0; /* reserved */
- buf[7] = 0; /* reserved */
- padstr8(buf + 8, 8, "QEMU");
- padstr8(buf + 16, 16, "QEMU DVD-ROM");
- padstr8(buf + 32, 4, s->version);
- ide_atapi_cmd_reply(s, 36, max_len);
- break;
- case GPCMD_GET_CONFIGURATION:
- {
- uint32_t len;
- uint8_t index = 0;
-
- /* only feature 0 is supported */
- if (packet[2] != 0 || packet[3] != 0) {
- ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
- ASC_INV_FIELD_IN_CMD_PACKET);
- break;
- }
-
- /* XXX: could result in alignment problems in some architectures */
- max_len = ube16_to_cpu(packet + 7);
-
- /*
- * XXX: avoid overflow for io_buffer if max_len is bigger than
- * the size of that buffer (dimensioned to max number of
- * sectors to transfer at once)
- *
- * Only a problem if the feature/profiles grow.
- */
- if (max_len > 512) /* XXX: assume 1 sector */
- max_len = 512;
-
- memset(buf, 0, max_len);
- /*
- * the number of sectors from the media tells us which profile
- * to use as current. 0 means there is no media
- */
- if (media_is_dvd(s))
- cpu_to_ube16(buf + 6, MMC_PROFILE_DVD_ROM);
- else if (media_is_cd(s))
- cpu_to_ube16(buf + 6, MMC_PROFILE_CD_ROM);
-
- buf[10] = 0x02 | 0x01; /* persistent and current */
- len = 12; /* headers: 8 + 4 */
- len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_DVD_ROM);
- len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_CD_ROM);
- cpu_to_ube32(buf, len - 4); /* data length */
-
- ide_atapi_cmd_reply(s, len, max_len);
- break;
- }
- case GPCMD_GET_EVENT_STATUS_NOTIFICATION:
- max_len = ube16_to_cpu(packet + 7);
-
- if (packet[1] & 0x01) { /* polling */
- /* We don't support any event class (yet). */
- cpu_to_ube16(buf, 0x00); /* No event descriptor returned */
- buf[2] = 0x80; /* No Event Available (NEA) */
- buf[3] = 0x00; /* Empty supported event classes */
- ide_atapi_cmd_reply(s, 4, max_len);
- } else { /* asynchronous mode */
- /* Only polling is supported, asynchronous mode is not. */
- ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
- ASC_INV_FIELD_IN_CMD_PACKET);
- }
- break;
- default:
- ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
- ASC_ILLEGAL_OPCODE);
- break;
- }
-}
-
static void ide_cfata_metadata_inquiry(IDEState *s)
{
uint16_t *p;
@@ -1609,9 +684,15 @@ static void cdrom_change_cb(void *opaque, int reason)
bdrv_get_geometry(s->bs, &nb_sectors);
s->nb_sectors = nb_sectors;
- s->sense_key = SENSE_UNIT_ATTENTION;
- s->asc = ASC_MEDIUM_MAY_HAVE_CHANGED;
+ /*
+ * First indicate to the guest that a CD has been removed. That's
+ * done on the next command the guest sends us.
+ *
+ * Then we set SENSE_UNIT_ATTENTION, by which the guest will
+ * detect a new CD in the drive. See ide_atapi_cmd() for details.
+ */
s->cdrom_changed = 1;
+ s->events.new_media = true;
ide_set_irq(s->bus);
}
@@ -2756,6 +1837,25 @@ static bool ide_drive_pio_state_needed(void *opaque)
return (s->status & DRQ_STAT) != 0;
}
+static bool ide_atapi_gesn_needed(void *opaque)
+{
+ IDEState *s = opaque;
+
+ return s->events.new_media || s->events.eject_request;
+}
+
+/* Fields for GET_EVENT_STATUS_NOTIFICATION ATAPI command */
+const VMStateDescription vmstate_ide_atapi_gesn_state = {
+ .name ="ide_drive/atapi/gesn_state",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField []) {
+ VMSTATE_BOOL(events.new_media, IDEState),
+ VMSTATE_BOOL(events.eject_request, IDEState),
+ }
+};
+
const VMStateDescription vmstate_ide_drive_pio_state = {
.name = "ide_drive/pio_state",
.version_id = 1,
@@ -2810,6 +1910,9 @@ const VMStateDescription vmstate_ide_drive = {
.vmsd = &vmstate_ide_drive_pio_state,
.needed = ide_drive_pio_state_needed,
}, {
+ .vmsd = &vmstate_ide_atapi_gesn_state,
+ .needed = ide_atapi_gesn_needed,
+ }, {
/* empty */
}
}
@@ -2826,3 +1929,17 @@ const VMStateDescription vmstate_ide_bus = {
VMSTATE_END_OF_LIST()
}
};
+
+void ide_drive_get(DriveInfo **hd, int max_bus)
+{
+ int i;
+
+ if (drive_get_max_bus(IF_IDE) >= max_bus) {
+ fprintf(stderr, "qemu: too many IDE bus: %d\n", max_bus);
+ exit(1);
+ }
+
+ for(i = 0; i < max_bus * MAX_IDE_DEVS; i++) {
+ hd[i] = drive_get(IF_IDE, i / MAX_IDE_DEVS, i % MAX_IDE_DEVS);
+ }
+}
diff --git a/hw/ide/ich.c b/hw/ide/ich.c
index fd3537e..e44339b 100644
--- a/hw/ide/ich.c
+++ b/hw/ide/ich.c
@@ -67,7 +67,6 @@
#include <hw/isa.h>
#include "block.h"
#include "block_int.h"
-#include "sysemu.h"
#include "dma.h"
#include <hw/ide/pci.h>
diff --git a/hw/ide/internal.h b/hw/ide/internal.h
index d533fb6..aa198b6 100644
--- a/hw/ide/internal.h
+++ b/hw/ide/internal.h
@@ -9,6 +9,7 @@
#include <hw/ide.h>
#include "block_int.h"
#include "iorange.h"
+#include "dma.h"
/* debug IDE devices */
//#define DEBUG_IDE
@@ -373,6 +374,11 @@ typedef int DMAFunc(IDEDMA *);
typedef int DMAIntFunc(IDEDMA *, int);
typedef void DMARestartFunc(void *, int, int);
+struct unreported_events {
+ bool eject_request;
+ bool new_media;
+};
+
/* NOTE: IDEState represents in fact one drive */
struct IDEState {
IDEBus *bus;
@@ -408,6 +414,7 @@ struct IDEState {
BlockDriverState *bs;
char version[9];
/* ATAPI specific */
+ struct unreported_events events;
uint8_t sense_key;
uint8_t asc;
uint8_t cdrom_changed;
@@ -564,6 +571,15 @@ void ide_sector_write(IDEState *s);
void ide_sector_read(IDEState *s);
void ide_flush_cache(IDEState *s);
+void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
+ EndTransferFunc *end_transfer_func);
+void ide_transfer_stop(IDEState *s);
+void ide_set_inactive(IDEState *s);
+
+/* hw/ide/atapi.c */
+void ide_atapi_cmd(IDEState *s);
+void ide_atapi_cmd_reply_end(IDEState *s);
+
/* hw/ide/qdev.c */
void ide_bus_new(IDEBus *idebus, DeviceState *dev, int bus_id);
IDEDevice *ide_create_drive(IDEBus *bus, int unit, DriveInfo *drive);
diff --git a/hw/ide/isa.c b/hw/ide/isa.c
index 8c59c5a..4ac7453 100644
--- a/hw/ide/isa.c
+++ b/hw/ide/isa.c
@@ -27,7 +27,6 @@
#include <hw/isa.h>
#include "block.h"
#include "block_int.h"
-#include "sysemu.h"
#include "dma.h"
#include <hw/ide/internal.h>
diff --git a/hw/ide/macio.c b/hw/ide/macio.c
index c1b4caa..7107f6b 100644
--- a/hw/ide/macio.c
+++ b/hw/ide/macio.c
@@ -27,7 +27,6 @@
#include <hw/mac_dbdma.h>
#include "block.h"
#include "block_int.h"
-#include "sysemu.h"
#include "dma.h"
#include <hw/ide/internal.h>
diff --git a/hw/ide/microdrive.c b/hw/ide/microdrive.c
index 2ceeb87..9fbbf0e 100644
--- a/hw/ide/microdrive.c
+++ b/hw/ide/microdrive.c
@@ -27,7 +27,6 @@
#include <hw/pcmcia.h>
#include "block.h"
#include "block_int.h"
-#include "sysemu.h"
#include "dma.h"
#include <hw/ide/internal.h>
diff --git a/hw/ide/mmio.c b/hw/ide/mmio.c
index 82b24b6..10f6f40 100644
--- a/hw/ide/mmio.c
+++ b/hw/ide/mmio.c
@@ -25,7 +25,6 @@
#include <hw/hw.h>
#include "block.h"
#include "block_int.h"
-#include "sysemu.h"
#include "dma.h"
#include <hw/ide/internal.h>
diff --git a/hw/ide/pci.c b/hw/ide/pci.c
index 35168cb..65cb56c 100644
--- a/hw/ide/pci.c
+++ b/hw/ide/pci.c
@@ -28,7 +28,6 @@
#include <hw/isa.h>
#include "block.h"
#include "block_int.h"
-#include "sysemu.h"
#include "dma.h"
#include <hw/ide/pci.h>
diff --git a/hw/integratorcp.c b/hw/integratorcp.c
index b049940..a6c27be 100644
--- a/hw/integratorcp.c
+++ b/hw/integratorcp.c
@@ -10,7 +10,6 @@
#include "sysbus.h"
#include "primecell.h"
#include "devices.h"
-#include "sysemu.h"
#include "boards.h"
#include "arm-misc.h"
#include "net.h"
diff --git a/hw/ioapic.c b/hw/ioapic.c
index 569327d..6c26e82 100644
--- a/hw/ioapic.c
+++ b/hw/ioapic.c
@@ -160,8 +160,9 @@ static void ioapic_set_irq(void *opaque, int vector, int level)
s->irr &= ~mask;
}
} else {
- /* edge triggered */
- if (level) {
+ /* According to the 82093AA manual, we must ignore edge requests
+ * if the input pin is masked. */
+ if (level && !(entry & IOAPIC_LVT_MASKED)) {
s->irr |= mask;
ioapic_service(s);
}
diff --git a/hw/isa-bus.c b/hw/isa-bus.c
index d07aa41..2765543 100644
--- a/hw/isa-bus.c
+++ b/hw/isa-bus.c
@@ -17,7 +17,6 @@
* License along with this library; if not, see <http://www.gnu.org/licenses/>.
*/
#include "hw.h"
-#include "sysemu.h"
#include "monitor.h"
#include "sysbus.h"
#include "isa.h"
diff --git a/hw/kvmclock.c b/hw/kvmclock.c
index b6ceddf..004c4ad 100644
--- a/hw/kvmclock.c
+++ b/hw/kvmclock.c
@@ -103,7 +103,11 @@ static SysBusDeviceInfo kvmclock_info = {
void kvmclock_create(void)
{
if (kvm_enabled() &&
- first_cpu->cpuid_kvm_features & (1ULL << KVM_FEATURE_CLOCKSOURCE)) {
+ first_cpu->cpuid_kvm_features & ((1ULL << KVM_FEATURE_CLOCKSOURCE)
+#ifdef KVM_FEATURE_CLOCKSOURCE2
+ || (1ULL << KVM_FEATURE_CLOCKSOURCE2)
+#endif
+ )) {
sysbus_create_simple("kvmclock", -1, NULL);
}
}
diff --git a/hw/lan9118.c b/hw/lan9118.c
index af6949f..2dc8d18 100644
--- a/hw/lan9118.c
+++ b/hw/lan9118.c
@@ -785,6 +785,12 @@ static void do_mac_write(lan9118_state *s, int reg, uint32_t val)
case MAC_FLOW:
s->mac_flow = val & 0xffff0000;
break;
+ case MAC_VLAN1:
+ /* Writing to this register changes a condition for
+ * FrameTooLong bit in rx_status. Since we do not set
+ * FrameTooLong anyway, just ignore write to this.
+ */
+ break;
default:
hw_error("lan9118: Unimplemented MAC register write: %d = 0x%x\n",
s->mac_cmd & 0xf, val);
diff --git a/hw/lm32_boards.c b/hw/lm32_boards.c
index 85190f0..6462923 100644
--- a/hw/lm32_boards.c
+++ b/hw/lm32_boards.c
@@ -21,7 +21,6 @@
#include "hw.h"
#include "net.h"
#include "flash.h"
-#include "sysemu.h"
#include "devices.h"
#include "boards.h"
#include "loader.h"
diff --git a/hw/lsi53c895a.c b/hw/lsi53c895a.c
index 6c811cf..be4df58 100644
--- a/hw/lsi53c895a.c
+++ b/hw/lsi53c895a.c
@@ -853,6 +853,18 @@ static void lsi_do_msgout(LSIState *s)
{
uint8_t msg;
int len;
+ uint32_t current_tag;
+ SCSIDevice *current_dev;
+ lsi_request *p, *p_next;
+ int id;
+
+ if (s->current) {
+ current_tag = s->current->tag;
+ } else {
+ current_tag = s->select_tag;
+ }
+ id = (current_tag >> 8) & 0xf;
+ current_dev = s->bus.devs[id];
DPRINTF("MSG out len=%d\n", s->dbc);
while (s->dbc) {
@@ -898,6 +910,51 @@ static void lsi_do_msgout(LSIState *s)
BADF("ORDERED queue not implemented\n");
s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
break;
+ case 0x0d:
+ /* The ABORT TAG message clears the current I/O process only. */
+ DPRINTF("MSG: ABORT TAG tag=0x%x\n", current_tag);
+ current_dev->info->cancel_io(current_dev, current_tag);
+ lsi_disconnect(s);
+ break;
+ case 0x06:
+ case 0x0e:
+ case 0x0c:
+ /* The ABORT message clears all I/O processes for the selecting
+ initiator on the specified logical unit of the target. */
+ if (msg == 0x06) {
+ DPRINTF("MSG: ABORT tag=0x%x\n", current_tag);
+ }
+ /* The CLEAR QUEUE message clears all I/O processes for all
+ initiators on the specified logical unit of the target. */
+ if (msg == 0x0e) {
+ DPRINTF("MSG: CLEAR QUEUE tag=0x%x\n", current_tag);
+ }
+ /* The BUS DEVICE RESET message clears all I/O processes for all
+ initiators on all logical units of the target. */
+ if (msg == 0x0c) {
+ DPRINTF("MSG: BUS DEVICE RESET tag=0x%x\n", current_tag);
+ }
+
+ /* clear the current I/O process */
+ current_dev->info->cancel_io(current_dev, current_tag);
+
+ /* As the current implemented devices scsi_disk and scsi_generic
+ only support one LUN, we don't need to keep track of LUNs.
+ Clearing I/O processes for other initiators could be possible
+ for scsi_generic by sending a SG_SCSI_RESET to the /dev/sgX
+ device, but this is currently not implemented (and seems not
+ to be really necessary). So let's simply clear all queued
+ commands for the current device: */
+ id = current_tag & 0x0000ff00;
+ QTAILQ_FOREACH_SAFE(p, &s->queue, next, p_next) {
+ if ((p->tag & 0x0000ff00) == id) {
+ current_dev->info->cancel_io(current_dev, p->tag);
+ QTAILQ_REMOVE(&s->queue, p, next);
+ }
+ }
+
+ lsi_disconnect(s);
+ break;
default:
if ((msg & 0x80) == 0) {
goto bad;
diff --git a/hw/m48t59.c b/hw/m48t59.c
index 9f39d6b..537c0f7 100644
--- a/hw/m48t59.c
+++ b/hw/m48t59.c
@@ -585,28 +585,18 @@ static CPUReadMemoryFunc * const nvram_read[] = {
&nvram_readl,
};
-static void m48t59_save(QEMUFile *f, void *opaque)
-{
- M48t59State *s = opaque;
-
- qemu_put_8s(f, &s->lock);
- qemu_put_be16s(f, &s->addr);
- qemu_put_buffer(f, s->buffer, s->size);
-}
-
-static int m48t59_load(QEMUFile *f, void *opaque, int version_id)
-{
- M48t59State *s = opaque;
-
- if (version_id != 1)
- return -EINVAL;
-
- qemu_get_8s(f, &s->lock);
- qemu_get_be16s(f, &s->addr);
- qemu_get_buffer(f, s->buffer, s->size);
-
- return 0;
-}
+static const VMStateDescription vmstate_m48t59 = {
+ .name = "m48t59",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8(lock, M48t59State),
+ VMSTATE_UINT16(addr, M48t59State),
+ VMSTATE_VBUFFER_UINT32(buffer, M48t59State, 0, NULL, 0, size),
+ VMSTATE_END_OF_LIST()
+ }
+};
static void m48t59_reset_common(M48t59State *NVRAM)
{
@@ -696,7 +686,7 @@ static void m48t59_init_common(M48t59State *s)
}
qemu_get_timedate(&s->alarm, 0);
- register_savevm(NULL, "m48t59", -1, 1, m48t59_save, m48t59_load, s);
+ vmstate_register(NULL, -1, &vmstate_m48t59, s);
}
static int m48t59_init_isa1(ISADevice *dev)
diff --git a/hw/mac_dbdma.c b/hw/mac_dbdma.c
index 5680fa9..ed4458e 100644
--- a/hw/mac_dbdma.c
+++ b/hw/mac_dbdma.c
@@ -165,6 +165,10 @@ typedef struct DBDMA_channel {
int processing;
} DBDMA_channel;
+typedef struct {
+ DBDMA_channel channels[DBDMA_CHANNELS];
+} DBDMAState;
+
#ifdef DEBUG_DBDMA
static void dump_dbdma_cmd(dbdma_cmd *cmd)
{
@@ -617,31 +621,34 @@ static void channel_run(DBDMA_channel *ch)
}
}
-static void DBDMA_run (DBDMA_channel *ch)
+static void DBDMA_run(DBDMAState *s)
{
int channel;
- for (channel = 0; channel < DBDMA_CHANNELS; channel++, ch++) {
- uint32_t status = ch->regs[DBDMA_STATUS];
- if (!ch->processing && (status & RUN) && (status & ACTIVE))
- channel_run(ch);
+ for (channel = 0; channel < DBDMA_CHANNELS; channel++) {
+ DBDMA_channel *ch = &s->channels[channel];
+ uint32_t status = ch->regs[DBDMA_STATUS];
+ if (!ch->processing && (status & RUN) && (status & ACTIVE)) {
+ channel_run(ch);
+ }
}
}
static void DBDMA_run_bh(void *opaque)
{
- DBDMA_channel *ch = opaque;
+ DBDMAState *s = opaque;
DBDMA_DPRINTF("DBDMA_run_bh\n");
- DBDMA_run(ch);
+ DBDMA_run(s);
}
void DBDMA_register_channel(void *dbdma, int nchan, qemu_irq irq,
DBDMA_rw rw, DBDMA_flush flush,
void *opaque)
{
- DBDMA_channel *ch = ( DBDMA_channel *)dbdma + nchan;
+ DBDMAState *s = dbdma;
+ DBDMA_channel *ch = &s->channels[nchan];
DBDMA_DPRINTF("DBDMA_register_channel 0x%x\n", nchan);
@@ -700,7 +707,8 @@ static void dbdma_writel (void *opaque,
target_phys_addr_t addr, uint32_t value)
{
int channel = addr >> DBDMA_CHANNEL_SHIFT;
- DBDMA_channel *ch = (DBDMA_channel *)opaque + channel;
+ DBDMAState *s = opaque;
+ DBDMA_channel *ch = &s->channels[channel];
int reg = (addr - (channel << DBDMA_CHANNEL_SHIFT)) >> 2;
DBDMA_DPRINTF("writel 0x" TARGET_FMT_plx " <= 0x%08x\n", addr, value);
@@ -749,7 +757,8 @@ static uint32_t dbdma_readl (void *opaque, target_phys_addr_t addr)
{
uint32_t value;
int channel = addr >> DBDMA_CHANNEL_SHIFT;
- DBDMA_channel *ch = (DBDMA_channel *)opaque + channel;
+ DBDMAState *s = opaque;
+ DBDMA_channel *ch = &s->channels[channel];
int reg = (addr - (channel << DBDMA_CHANNEL_SHIFT)) >> 2;
value = ch->regs[reg];
@@ -801,49 +810,47 @@ static CPUReadMemoryFunc * const dbdma_read[] = {
dbdma_readl,
};
-static void dbdma_save(QEMUFile *f, void *opaque)
-{
- DBDMA_channel *s = opaque;
- unsigned int i, j;
-
- for (i = 0; i < DBDMA_CHANNELS; i++)
- for (j = 0; j < DBDMA_REGS; j++)
- qemu_put_be32s(f, &s[i].regs[j]);
-}
-
-static int dbdma_load(QEMUFile *f, void *opaque, int version_id)
-{
- DBDMA_channel *s = opaque;
- unsigned int i, j;
-
- if (version_id != 2)
- return -EINVAL;
-
- for (i = 0; i < DBDMA_CHANNELS; i++)
- for (j = 0; j < DBDMA_REGS; j++)
- qemu_get_be32s(f, &s[i].regs[j]);
+static const VMStateDescription vmstate_dbdma_channel = {
+ .name = "dbdma_channel",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(regs, struct DBDMA_channel, DBDMA_REGS),
+ VMSTATE_END_OF_LIST()
+ }
+};
- return 0;
-}
+static const VMStateDescription vmstate_dbdma = {
+ .name = "dbdma",
+ .version_id = 2,
+ .minimum_version_id = 2,
+ .minimum_version_id_old = 2,
+ .fields = (VMStateField[]) {
+ VMSTATE_STRUCT_ARRAY(channels, DBDMAState, DBDMA_CHANNELS, 1,
+ vmstate_dbdma_channel, DBDMA_channel),
+ VMSTATE_END_OF_LIST()
+ }
+};
static void dbdma_reset(void *opaque)
{
- DBDMA_channel *s = opaque;
+ DBDMAState *s = opaque;
int i;
for (i = 0; i < DBDMA_CHANNELS; i++)
- memset(s[i].regs, 0, DBDMA_SIZE);
+ memset(s->channels[i].regs, 0, DBDMA_SIZE);
}
void* DBDMA_init (int *dbdma_mem_index)
{
- DBDMA_channel *s;
+ DBDMAState *s;
- s = qemu_mallocz(sizeof(DBDMA_channel) * DBDMA_CHANNELS);
+ s = qemu_mallocz(sizeof(DBDMAState));
*dbdma_mem_index = cpu_register_io_memory(dbdma_read, dbdma_write, s,
DEVICE_LITTLE_ENDIAN);
- register_savevm(NULL, "dbdma", -1, 1, dbdma_save, dbdma_load, s);
+ vmstate_register(NULL, -1, &vmstate_dbdma, s);
qemu_register_reset(dbdma_reset, s);
dbdma_bh = qemu_bh_new(DBDMA_run_bh, s);
diff --git a/hw/mac_nvram.c b/hw/mac_nvram.c
index c2a2fc2..61e53d2 100644
--- a/hw/mac_nvram.c
+++ b/hw/mac_nvram.c
@@ -38,7 +38,7 @@
#endif
struct MacIONVRAMState {
- target_phys_addr_t size;
+ uint32_t size;
int mem_index;
unsigned int it_shift;
uint8_t *data;
@@ -105,24 +105,17 @@ static CPUReadMemoryFunc * const nvram_read[] = {
&macio_nvram_readb,
};
-static void macio_nvram_save(QEMUFile *f, void *opaque)
-{
- MacIONVRAMState *s = (MacIONVRAMState *)opaque;
-
- qemu_put_buffer(f, s->data, s->size);
-}
-
-static int macio_nvram_load(QEMUFile *f, void *opaque, int version_id)
-{
- MacIONVRAMState *s = (MacIONVRAMState *)opaque;
-
- if (version_id != 1)
- return -EINVAL;
-
- qemu_get_buffer(f, s->data, s->size);
+static const VMStateDescription vmstate_macio_nvram = {
+ .name = "macio_nvram",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_VBUFFER_UINT32(data, MacIONVRAMState, 0, NULL, 0, size),
+ VMSTATE_END_OF_LIST()
+ }
+};
- return 0;
-}
static void macio_nvram_reset(void *opaque)
{
@@ -141,8 +134,7 @@ MacIONVRAMState *macio_nvram_init (int *mem_index, target_phys_addr_t size,
s->mem_index = cpu_register_io_memory(nvram_read, nvram_write, s,
DEVICE_NATIVE_ENDIAN);
*mem_index = s->mem_index;
- register_savevm(NULL, "macio_nvram", -1, 1, macio_nvram_save,
- macio_nvram_load, s);
+ vmstate_register(NULL, -1, &vmstate_macio_nvram, s);
qemu_register_reset(macio_nvram_reset, s);
return s;
diff --git a/hw/mainstone.c b/hw/mainstone.c
index 50691ca..4792f0e 100644
--- a/hw/mainstone.c
+++ b/hw/mainstone.c
@@ -14,7 +14,6 @@
#include "net.h"
#include "devices.h"
#include "boards.h"
-#include "sysemu.h"
#include "flash.h"
#include "blockdev.h"
#include "sysbus.h"
diff --git a/hw/max111x.c b/hw/max111x.c
index 2844665..70cd1af 100644
--- a/hw/max111x.c
+++ b/hw/max111x.c
@@ -15,7 +15,7 @@ typedef struct {
uint8_t tb1, rb2, rb3;
int cycle;
- int input[8];
+ uint8_t input[8];
int inputs, com;
} MAX111xState;
@@ -94,36 +94,22 @@ static uint32_t max111x_transfer(SSISlave *dev, uint32_t value)
return max111x_read(s);
}
-static void max111x_save(QEMUFile *f, void *opaque)
-{
- MAX111xState *s = (MAX111xState *) opaque;
- int i;
-
- qemu_put_8s(f, &s->tb1);
- qemu_put_8s(f, &s->rb2);
- qemu_put_8s(f, &s->rb3);
- qemu_put_be32(f, s->inputs);
- qemu_put_be32(f, s->com);
- for (i = 0; i < s->inputs; i ++)
- qemu_put_byte(f, s->input[i]);
-}
-
-static int max111x_load(QEMUFile *f, void *opaque, int version_id)
-{
- MAX111xState *s = (MAX111xState *) opaque;
- int i;
-
- qemu_get_8s(f, &s->tb1);
- qemu_get_8s(f, &s->rb2);
- qemu_get_8s(f, &s->rb3);
- if (s->inputs != qemu_get_be32(f))
- return -EINVAL;
- s->com = qemu_get_be32(f);
- for (i = 0; i < s->inputs; i ++)
- s->input[i] = qemu_get_byte(f);
-
- return 0;
-}
+static const VMStateDescription vmstate_max111x = {
+ .name = "max111x",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8(tb1, MAX111xState),
+ VMSTATE_UINT8(rb2, MAX111xState),
+ VMSTATE_UINT8(rb3, MAX111xState),
+ VMSTATE_INT32_EQUAL(inputs, MAX111xState),
+ VMSTATE_INT32(com, MAX111xState),
+ VMSTATE_ARRAY_INT32_UNSAFE(input, MAX111xState, inputs,
+ vmstate_info_uint8, uint8_t),
+ VMSTATE_END_OF_LIST()
+ }
+};
static int max111x_init(SSISlave *dev, int inputs)
{
@@ -143,8 +129,7 @@ static int max111x_init(SSISlave *dev, int inputs)
s->input[7] = 0x80;
s->com = 0;
- register_savevm(&dev->qdev, "max111x", -1, 0,
- max111x_save, max111x_load, s);
+ vmstate_register(&dev->qdev, -1, &vmstate_max111x, s);
return 0;
}
diff --git a/hw/milkymist-ac97.c b/hw/milkymist-ac97.c
new file mode 100644
index 0000000..6c9e318
--- /dev/null
+++ b/hw/milkymist-ac97.c
@@ -0,0 +1,335 @@
+/*
+ * QEMU model of the Milkymist System Controller.
+ *
+ * Copyright (c) 2010 Michael Walle <michael@walle.cc>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ *
+ * Specification available at:
+ * http://www.milkymist.org/socdoc/ac97.pdf
+ */
+
+#include "hw.h"
+#include "sysbus.h"
+#include "trace.h"
+#include "audio/audio.h"
+#include "qemu-error.h"
+
+enum {
+ R_AC97_CTRL = 0,
+ R_AC97_ADDR,
+ R_AC97_DATAOUT,
+ R_AC97_DATAIN,
+ R_D_CTRL,
+ R_D_ADDR,
+ R_D_REMAINING,
+ R_RESERVED,
+ R_U_CTRL,
+ R_U_ADDR,
+ R_U_REMAINING,
+ R_MAX
+};
+
+enum {
+ AC97_CTRL_RQEN = (1<<0),
+ AC97_CTRL_WRITE = (1<<1),
+};
+
+enum {
+ CTRL_EN = (1<<0),
+};
+
+struct MilkymistAC97State {
+ SysBusDevice busdev;
+
+ QEMUSoundCard card;
+ SWVoiceIn *voice_in;
+ SWVoiceOut *voice_out;
+
+ uint32_t regs[R_MAX];
+
+ qemu_irq crrequest_irq;
+ qemu_irq crreply_irq;
+ qemu_irq dmar_irq;
+ qemu_irq dmaw_irq;
+};
+typedef struct MilkymistAC97State MilkymistAC97State;
+
+static void update_voices(MilkymistAC97State *s)
+{
+ if (s->regs[R_D_CTRL] & CTRL_EN) {
+ AUD_set_active_out(s->voice_out, 1);
+ } else {
+ AUD_set_active_out(s->voice_out, 0);
+ }
+
+ if (s->regs[R_U_CTRL] & CTRL_EN) {
+ AUD_set_active_in(s->voice_in, 1);
+ } else {
+ AUD_set_active_in(s->voice_in, 0);
+ }
+}
+
+static uint32_t ac97_read(void *opaque, target_phys_addr_t addr)
+{
+ MilkymistAC97State *s = opaque;
+ uint32_t r = 0;
+
+ addr >>= 2;
+ switch (addr) {
+ case R_AC97_CTRL:
+ case R_AC97_ADDR:
+ case R_AC97_DATAOUT:
+ case R_AC97_DATAIN:
+ case R_D_CTRL:
+ case R_D_ADDR:
+ case R_D_REMAINING:
+ case R_U_CTRL:
+ case R_U_ADDR:
+ case R_U_REMAINING:
+ r = s->regs[addr];
+ break;
+
+ default:
+ error_report("milkymist_ac97: read access to unkown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+
+ trace_milkymist_ac97_memory_read(addr << 2, r);
+
+ return r;
+}
+
+static void ac97_write(void *opaque, target_phys_addr_t addr, uint32_t value)
+{
+ MilkymistAC97State *s = opaque;
+
+ trace_milkymist_ac97_memory_write(addr, value);
+
+ addr >>= 2;
+ switch (addr) {
+ case R_AC97_CTRL:
+ /* always raise an IRQ according to the direction */
+ if (value & AC97_CTRL_RQEN) {
+ if (value & AC97_CTRL_WRITE) {
+ trace_milkymist_ac97_pulse_irq_crrequest();
+ qemu_irq_pulse(s->crrequest_irq);
+ } else {
+ trace_milkymist_ac97_pulse_irq_crreply();
+ qemu_irq_pulse(s->crreply_irq);
+ }
+ }
+
+ /* RQEN is self clearing */
+ s->regs[addr] = value & ~AC97_CTRL_RQEN;
+ break;
+ case R_D_CTRL:
+ case R_U_CTRL:
+ s->regs[addr] = value;
+ update_voices(s);
+ break;
+ case R_AC97_ADDR:
+ case R_AC97_DATAOUT:
+ case R_AC97_DATAIN:
+ case R_D_ADDR:
+ case R_D_REMAINING:
+ case R_U_ADDR:
+ case R_U_REMAINING:
+ s->regs[addr] = value;
+ break;
+
+ default:
+ error_report("milkymist_ac97: write access to unkown register 0x"
+ TARGET_FMT_plx, addr);
+ break;
+ }
+
+}
+
+static CPUReadMemoryFunc * const ac97_read_fn[] = {
+ NULL,
+ NULL,
+ &ac97_read,
+};
+
+static CPUWriteMemoryFunc * const ac97_write_fn[] = {
+ NULL,
+ NULL,
+ &ac97_write,
+};
+
+static void ac97_in_cb(void *opaque, int avail_b)
+{
+ MilkymistAC97State *s = opaque;
+ uint8_t buf[4096];
+ uint32_t remaining = s->regs[R_U_REMAINING];
+ int temp = audio_MIN(remaining, avail_b);
+ uint32_t addr = s->regs[R_U_ADDR];
+ int transferred = 0;
+
+ trace_milkymist_ac97_in_cb(avail_b, remaining);
+
+ /* prevent from raising an IRQ */
+ if (temp == 0) {
+ return;
+ }
+
+ while (temp) {
+ int acquired, to_copy;
+
+ to_copy = audio_MIN(temp, sizeof(buf));
+ acquired = AUD_read(s->voice_in, buf, to_copy);
+ if (!acquired) {
+ break;
+ }
+
+ cpu_physical_memory_write(addr, buf, acquired);
+
+ temp -= acquired;
+ addr += acquired;
+ transferred += acquired;
+ }
+
+ trace_milkymist_ac97_in_cb_transferred(transferred);
+
+ s->regs[R_U_ADDR] = addr;
+ s->regs[R_U_REMAINING] -= transferred;
+
+ if ((s->regs[R_U_CTRL] & CTRL_EN) && (s->regs[R_U_REMAINING] == 0)) {
+ trace_milkymist_ac97_pulse_irq_dmaw();
+ qemu_irq_pulse(s->dmaw_irq);
+ }
+}
+
+static void ac97_out_cb(void *opaque, int free_b)
+{
+ MilkymistAC97State *s = opaque;
+ uint8_t buf[4096];
+ uint32_t remaining = s->regs[R_D_REMAINING];
+ int temp = audio_MIN(remaining, free_b);
+ uint32_t addr = s->regs[R_D_ADDR];
+ int transferred = 0;
+
+ trace_milkymist_ac97_out_cb(free_b, remaining);
+
+ /* prevent from raising an IRQ */
+ if (temp == 0) {
+ return;
+ }
+
+ while (temp) {
+ int copied, to_copy;
+
+ to_copy = audio_MIN(temp, sizeof(buf));
+ cpu_physical_memory_read(addr, buf, to_copy);
+ copied = AUD_write(s->voice_out, buf, to_copy);
+ if (!copied) {
+ break;
+ }
+ temp -= copied;
+ addr += copied;
+ transferred += copied;
+ }
+
+ trace_milkymist_ac97_out_cb_transferred(transferred);
+
+ s->regs[R_D_ADDR] = addr;
+ s->regs[R_D_REMAINING] -= transferred;
+
+ if ((s->regs[R_D_CTRL] & CTRL_EN) && (s->regs[R_D_REMAINING] == 0)) {
+ trace_milkymist_ac97_pulse_irq_dmar();
+ qemu_irq_pulse(s->dmar_irq);
+ }
+}
+
+static void milkymist_ac97_reset(DeviceState *d)
+{
+ MilkymistAC97State *s = container_of(d, MilkymistAC97State, busdev.qdev);
+ int i;
+
+ for (i = 0; i < R_MAX; i++) {
+ s->regs[i] = 0;
+ }
+
+ AUD_set_active_in(s->voice_in, 0);
+ AUD_set_active_out(s->voice_out, 0);
+}
+
+static int ac97_post_load(void *opaque, int version_id)
+{
+ MilkymistAC97State *s = opaque;
+
+ update_voices(s);
+
+ return 0;
+}
+
+static int milkymist_ac97_init(SysBusDevice *dev)
+{
+ MilkymistAC97State *s = FROM_SYSBUS(typeof(*s), dev);
+ int ac97_regs;
+
+ struct audsettings as;
+ sysbus_init_irq(dev, &s->crrequest_irq);
+ sysbus_init_irq(dev, &s->crreply_irq);
+ sysbus_init_irq(dev, &s->dmar_irq);
+ sysbus_init_irq(dev, &s->dmaw_irq);
+
+ AUD_register_card("Milkymist AC'97", &s->card);
+
+ as.freq = 48000;
+ as.nchannels = 2;
+ as.fmt = AUD_FMT_S16;
+ as.endianness = 1;
+
+ s->voice_in = AUD_open_in(&s->card, s->voice_in,
+ "mm_ac97.in", s, ac97_in_cb, &as);
+ s->voice_out = AUD_open_out(&s->card, s->voice_out,
+ "mm_ac97.out", s, ac97_out_cb, &as);
+
+ ac97_regs = cpu_register_io_memory(ac97_read_fn, ac97_write_fn, s,
+ DEVICE_NATIVE_ENDIAN);
+ sysbus_init_mmio(dev, R_MAX * 4, ac97_regs);
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_milkymist_ac97 = {
+ .name = "milkymist-ac97",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .post_load = ac97_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(regs, MilkymistAC97State, R_MAX),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static SysBusDeviceInfo milkymist_ac97_info = {
+ .init = milkymist_ac97_init,
+ .qdev.name = "milkymist-ac97",
+ .qdev.size = sizeof(MilkymistAC97State),
+ .qdev.vmsd = &vmstate_milkymist_ac97,
+ .qdev.reset = milkymist_ac97_reset,
+};
+
+static void milkymist_ac97_register(void)
+{
+ sysbus_register_withprop(&milkymist_ac97_info);
+}
+
+device_init(milkymist_ac97_register)
diff --git a/hw/milkymist-hpdmc.c b/hw/milkymist-hpdmc.c
new file mode 100644
index 0000000..c0962fb
--- /dev/null
+++ b/hw/milkymist-hpdmc.c
@@ -0,0 +1,161 @@
+/*
+ * QEMU model of the Milkymist High Performance Dynamic Memory Controller.
+ *
+ * Copyright (c) 2010 Michael Walle <michael@walle.cc>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ *
+ * Specification available at:
+ * http://www.milkymist.org/socdoc/hpdmc.pdf
+ */
+
+#include "hw.h"
+#include "sysbus.h"
+#include "trace.h"
+#include "qemu-error.h"
+
+enum {
+ R_SYSTEM = 0,
+ R_BYPASS,
+ R_TIMING,
+ R_IODELAY,
+ R_MAX
+};
+
+enum {
+ IODELAY_DQSDELAY_RDY = (1<<5),
+ IODELAY_PLL1_LOCKED = (1<<6),
+ IODELAY_PLL2_LOCKED = (1<<7),
+};
+
+struct MilkymistHpdmcState {
+ SysBusDevice busdev;
+
+ uint32_t regs[R_MAX];
+};
+typedef struct MilkymistHpdmcState MilkymistHpdmcState;
+
+static uint32_t hpdmc_read(void *opaque, target_phys_addr_t addr)
+{
+ MilkymistHpdmcState *s = opaque;
+ uint32_t r = 0;
+
+ addr >>= 2;
+ switch (addr) {
+ case R_SYSTEM:
+ case R_BYPASS:
+ case R_TIMING:
+ case R_IODELAY:
+ r = s->regs[addr];
+ break;
+
+ default:
+ error_report("milkymist_hpdmc: read access to unknown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+
+ trace_milkymist_hpdmc_memory_read(addr << 2, r);
+
+ return r;
+}
+
+static void hpdmc_write(void *opaque, target_phys_addr_t addr, uint32_t value)
+{
+ MilkymistHpdmcState *s = opaque;
+
+ trace_milkymist_hpdmc_memory_write(addr, value);
+
+ addr >>= 2;
+ switch (addr) {
+ case R_SYSTEM:
+ case R_BYPASS:
+ case R_TIMING:
+ s->regs[addr] = value;
+ break;
+ case R_IODELAY:
+ /* ignore writes */
+ break;
+
+ default:
+ error_report("milkymist_hpdmc: write access to unknown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+}
+
+static CPUReadMemoryFunc * const hpdmc_read_fn[] = {
+ NULL,
+ NULL,
+ &hpdmc_read,
+};
+
+static CPUWriteMemoryFunc * const hpdmc_write_fn[] = {
+ NULL,
+ NULL,
+ &hpdmc_write,
+};
+
+static void milkymist_hpdmc_reset(DeviceState *d)
+{
+ MilkymistHpdmcState *s = container_of(d, MilkymistHpdmcState, busdev.qdev);
+ int i;
+
+ for (i = 0; i < R_MAX; i++) {
+ s->regs[i] = 0;
+ }
+
+ /* defaults */
+ s->regs[R_IODELAY] = IODELAY_DQSDELAY_RDY | IODELAY_PLL1_LOCKED
+ | IODELAY_PLL2_LOCKED;
+}
+
+static int milkymist_hpdmc_init(SysBusDevice *dev)
+{
+ MilkymistHpdmcState *s = FROM_SYSBUS(typeof(*s), dev);
+ int hpdmc_regs;
+
+ hpdmc_regs = cpu_register_io_memory(hpdmc_read_fn, hpdmc_write_fn, s,
+ DEVICE_NATIVE_ENDIAN);
+ sysbus_init_mmio(dev, R_MAX * 4, hpdmc_regs);
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_milkymist_hpdmc = {
+ .name = "milkymist-hpdmc",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(regs, MilkymistHpdmcState, R_MAX),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static SysBusDeviceInfo milkymist_hpdmc_info = {
+ .init = milkymist_hpdmc_init,
+ .qdev.name = "milkymist-hpdmc",
+ .qdev.size = sizeof(MilkymistHpdmcState),
+ .qdev.vmsd = &vmstate_milkymist_hpdmc,
+ .qdev.reset = milkymist_hpdmc_reset,
+};
+
+static void milkymist_hpdmc_register(void)
+{
+ sysbus_register_withprop(&milkymist_hpdmc_info);
+}
+
+device_init(milkymist_hpdmc_register)
diff --git a/hw/milkymist-hw.h b/hw/milkymist-hw.h
new file mode 100644
index 0000000..20de68e
--- /dev/null
+++ b/hw/milkymist-hw.h
@@ -0,0 +1,224 @@
+#ifndef QEMU_HW_MILKYMIST_H
+#define QEMU_HW_MILKYMIST_H
+
+#include "qdev.h"
+#include "qdev-addr.h"
+
+static inline DeviceState *milkymist_uart_create(target_phys_addr_t base,
+ qemu_irq rx_irq, qemu_irq tx_irq)
+{
+ DeviceState *dev;
+
+ dev = qdev_create(NULL, "milkymist-uart");
+ qdev_init_nofail(dev);
+ sysbus_mmio_map(sysbus_from_qdev(dev), 0, base);
+ sysbus_connect_irq(sysbus_from_qdev(dev), 0, rx_irq);
+ sysbus_connect_irq(sysbus_from_qdev(dev), 1, tx_irq);
+
+ return dev;
+}
+
+static inline DeviceState *milkymist_hpdmc_create(target_phys_addr_t base)
+{
+ DeviceState *dev;
+
+ dev = qdev_create(NULL, "milkymist-hpdmc");
+ qdev_init_nofail(dev);
+ sysbus_mmio_map(sysbus_from_qdev(dev), 0, base);
+
+ return dev;
+}
+
+static inline DeviceState *milkymist_memcard_create(target_phys_addr_t base)
+{
+ DeviceState *dev;
+
+ dev = qdev_create(NULL, "milkymist-memcard");
+ qdev_init_nofail(dev);
+ sysbus_mmio_map(sysbus_from_qdev(dev), 0, base);
+
+ return dev;
+}
+
+static inline DeviceState *milkymist_vgafb_create(target_phys_addr_t base,
+ uint32_t fb_offset, uint32_t fb_mask)
+{
+ DeviceState *dev;
+
+ dev = qdev_create(NULL, "milkymist-vgafb");
+ qdev_prop_set_uint32(dev, "fb_offset", fb_offset);
+ qdev_prop_set_uint32(dev, "fb_mask", fb_mask);
+ qdev_init_nofail(dev);
+ sysbus_mmio_map(sysbus_from_qdev(dev), 0, base);
+
+ return dev;
+}
+
+static inline DeviceState *milkymist_sysctl_create(target_phys_addr_t base,
+ qemu_irq gpio_irq, qemu_irq timer0_irq, qemu_irq timer1_irq,
+ uint32_t freq_hz, uint32_t system_id, uint32_t capabilities,
+ uint32_t gpio_strappings)
+{
+ DeviceState *dev;
+
+ dev = qdev_create(NULL, "milkymist-sysctl");
+ qdev_prop_set_uint32(dev, "frequency", freq_hz);
+ qdev_prop_set_uint32(dev, "systemid", system_id);
+ qdev_prop_set_uint32(dev, "capabilities", capabilities);
+ qdev_prop_set_uint32(dev, "gpio_strappings", gpio_strappings);
+ qdev_init_nofail(dev);
+ sysbus_mmio_map(sysbus_from_qdev(dev), 0, base);
+ sysbus_connect_irq(sysbus_from_qdev(dev), 0, gpio_irq);
+ sysbus_connect_irq(sysbus_from_qdev(dev), 1, timer0_irq);
+ sysbus_connect_irq(sysbus_from_qdev(dev), 2, timer1_irq);
+
+ return dev;
+}
+
+static inline DeviceState *milkymist_pfpu_create(target_phys_addr_t base,
+ qemu_irq irq)
+{
+ DeviceState *dev;
+
+ dev = qdev_create(NULL, "milkymist-pfpu");
+ qdev_init_nofail(dev);
+ sysbus_mmio_map(sysbus_from_qdev(dev), 0, base);
+ sysbus_connect_irq(sysbus_from_qdev(dev), 0, irq);
+ return dev;
+}
+
+#ifdef CONFIG_OPENGL
+#include <X11/Xlib.h>
+#include <GL/glx.h>
+static const int glx_fbconfig_attr[] = {
+ GLX_GREEN_SIZE, 5,
+ GLX_GREEN_SIZE, 6,
+ GLX_BLUE_SIZE, 5,
+ None
+};
+#endif
+
+static inline DeviceState *milkymist_tmu2_create(target_phys_addr_t base,
+ qemu_irq irq)
+{
+#ifdef CONFIG_OPENGL
+ DeviceState *dev;
+ Display *d;
+ GLXFBConfig *configs;
+ int nelements;
+ int ver_major, ver_minor;
+
+ if (display_type == DT_NOGRAPHIC) {
+ return NULL;
+ }
+
+ /* check that GLX will work */
+ d = XOpenDisplay(NULL);
+ if (d == NULL) {
+ return NULL;
+ }
+
+ if (!glXQueryVersion(d, &ver_major, &ver_minor)) {
+ /* Yeah, sometimes getting the GLX version can fail.
+ * Isn't X beautiful? */
+ XCloseDisplay(d);
+ return NULL;
+ }
+
+ if ((ver_major < 1) || ((ver_major == 1) && (ver_minor < 3))) {
+ printf("Your GLX version is %d.%d,"
+ "but TMU emulation needs at least 1.3. TMU disabled.\n",
+ ver_major, ver_minor);
+ XCloseDisplay(d);
+ return NULL;
+ }
+
+ configs = glXChooseFBConfig(d, 0, glx_fbconfig_attr, &nelements);
+ if (configs == NULL) {
+ XCloseDisplay(d);
+ return NULL;
+ }
+
+ XFree(configs);
+ XCloseDisplay(d);
+
+ dev = qdev_create(NULL, "milkymist-tmu2");
+ qdev_init_nofail(dev);
+ sysbus_mmio_map(sysbus_from_qdev(dev), 0, base);
+ sysbus_connect_irq(sysbus_from_qdev(dev), 0, irq);
+
+ return dev;
+#else
+ return NULL;
+#endif
+}
+
+static inline DeviceState *milkymist_ac97_create(target_phys_addr_t base,
+ qemu_irq crrequest_irq, qemu_irq crreply_irq, qemu_irq dmar_irq,
+ qemu_irq dmaw_irq)
+{
+ DeviceState *dev;
+
+ dev = qdev_create(NULL, "milkymist-ac97");
+ qdev_init_nofail(dev);
+ sysbus_mmio_map(sysbus_from_qdev(dev), 0, base);
+ sysbus_connect_irq(sysbus_from_qdev(dev), 0, crrequest_irq);
+ sysbus_connect_irq(sysbus_from_qdev(dev), 1, crreply_irq);
+ sysbus_connect_irq(sysbus_from_qdev(dev), 2, dmar_irq);
+ sysbus_connect_irq(sysbus_from_qdev(dev), 3, dmaw_irq);
+
+ return dev;
+}
+
+static inline DeviceState *milkymist_minimac_create(target_phys_addr_t base,
+ qemu_irq rx_irq, qemu_irq tx_irq)
+{
+ DeviceState *dev;
+
+ qemu_check_nic_model(&nd_table[0], "minimac");
+ dev = qdev_create(NULL, "milkymist-minimac");
+ qdev_set_nic_properties(dev, &nd_table[0]);
+ qdev_init_nofail(dev);
+ sysbus_mmio_map(sysbus_from_qdev(dev), 0, base);
+ sysbus_connect_irq(sysbus_from_qdev(dev), 0, rx_irq);
+ sysbus_connect_irq(sysbus_from_qdev(dev), 1, tx_irq);
+
+ return dev;
+}
+
+static inline DeviceState *milkymist_minimac2_create(target_phys_addr_t base,
+ target_phys_addr_t buffers_base, qemu_irq rx_irq, qemu_irq tx_irq)
+{
+ DeviceState *dev;
+
+ qemu_check_nic_model(&nd_table[0], "minimac2");
+ dev = qdev_create(NULL, "milkymist-minimac2");
+ qdev_prop_set_taddr(dev, "buffers_base", buffers_base);
+ qdev_set_nic_properties(dev, &nd_table[0]);
+ qdev_init_nofail(dev);
+ sysbus_mmio_map(sysbus_from_qdev(dev), 0, base);
+ sysbus_connect_irq(sysbus_from_qdev(dev), 0, rx_irq);
+ sysbus_connect_irq(sysbus_from_qdev(dev), 1, tx_irq);
+
+ return dev;
+}
+
+static inline DeviceState *milkymist_softusb_create(target_phys_addr_t base,
+ qemu_irq irq, uint32_t pmem_base, uint32_t pmem_size,
+ uint32_t dmem_base, uint32_t dmem_size)
+{
+ DeviceState *dev;
+
+ dev = qdev_create(NULL, "milkymist-softusb");
+ qdev_prop_set_uint32(dev, "pmem_base", pmem_base);
+ qdev_prop_set_uint32(dev, "pmem_size", pmem_size);
+ qdev_prop_set_uint32(dev, "dmem_base", dmem_base);
+ qdev_prop_set_uint32(dev, "dmem_size", dmem_size);
+ qdev_init_nofail(dev);
+ sysbus_mmio_map(sysbus_from_qdev(dev), 0, base);
+ sysbus_connect_irq(sysbus_from_qdev(dev), 0, irq);
+
+ return dev;
+}
+
+#endif /* QEMU_HW_MILKYMIST_H */
diff --git a/hw/milkymist-memcard.c b/hw/milkymist-memcard.c
new file mode 100644
index 0000000..06077af
--- /dev/null
+++ b/hw/milkymist-memcard.c
@@ -0,0 +1,294 @@
+/*
+ * QEMU model of the Milkymist SD Card Controller.
+ *
+ * Copyright (c) 2010 Michael Walle <michael@walle.cc>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ *
+ * Specification available at:
+ * http://www.milkymist.org/socdoc/memcard.pdf
+ */
+
+#include "hw.h"
+#include "sysbus.h"
+#include "sysemu.h"
+#include "trace.h"
+#include "qemu-error.h"
+#include "blockdev.h"
+#include "sd.h"
+
+enum {
+ ENABLE_CMD_TX = (1<<0),
+ ENABLE_CMD_RX = (1<<1),
+ ENABLE_DAT_TX = (1<<2),
+ ENABLE_DAT_RX = (1<<3),
+};
+
+enum {
+ PENDING_CMD_TX = (1<<0),
+ PENDING_CMD_RX = (1<<1),
+ PENDING_DAT_TX = (1<<2),
+ PENDING_DAT_RX = (1<<3),
+};
+
+enum {
+ START_CMD_TX = (1<<0),
+ START_DAT_RX = (1<<1),
+};
+
+enum {
+ R_CLK2XDIV = 0,
+ R_ENABLE,
+ R_PENDING,
+ R_START,
+ R_CMD,
+ R_DAT,
+ R_MAX
+};
+
+struct MilkymistMemcardState {
+ SysBusDevice busdev;
+ SDState *card;
+
+ int command_write_ptr;
+ int response_read_ptr;
+ int response_len;
+ int ignore_next_cmd;
+ int enabled;
+ uint8_t command[6];
+ uint8_t response[17];
+ uint32_t regs[R_MAX];
+};
+typedef struct MilkymistMemcardState MilkymistMemcardState;
+
+static void update_pending_bits(MilkymistMemcardState *s)
+{
+ /* transmits are instantaneous, thus tx pending bits are never set */
+ s->regs[R_PENDING] = 0;
+ /* if rx is enabled the corresponding pending bits are always set */
+ if (s->regs[R_ENABLE] & ENABLE_CMD_RX) {
+ s->regs[R_PENDING] |= PENDING_CMD_RX;
+ }
+ if (s->regs[R_ENABLE] & ENABLE_DAT_RX) {
+ s->regs[R_PENDING] |= PENDING_DAT_RX;
+ }
+}
+
+static void memcard_sd_command(MilkymistMemcardState *s)
+{
+ SDRequest req;
+
+ req.cmd = s->command[0] & 0x3f;
+ req.arg = (s->command[1] << 24) | (s->command[2] << 16)
+ | (s->command[3] << 8) | s->command[4];
+ req.crc = s->command[5];
+
+ s->response[0] = req.cmd;
+ s->response_len = sd_do_command(s->card, &req, s->response+1);
+ s->response_read_ptr = 0;
+
+ if (s->response_len == 16) {
+ /* R2 response */
+ s->response[0] = 0x3f;
+ s->response_len += 1;
+ } else if (s->response_len == 4) {
+ /* no crc calculation, insert dummy byte */
+ s->response[5] = 0;
+ s->response_len += 2;
+ }
+
+ if (req.cmd == 0) {
+ /* next write is a dummy byte to clock the initialization of the sd
+ * card */
+ s->ignore_next_cmd = 1;
+ }
+}
+
+static uint32_t memcard_read(void *opaque, target_phys_addr_t addr)
+{
+ MilkymistMemcardState *s = opaque;
+ uint32_t r = 0;
+
+ addr >>= 2;
+ switch (addr) {
+ case R_CMD:
+ if (!s->enabled) {
+ r = 0xff;
+ } else {
+ r = s->response[s->response_read_ptr++];
+ if (s->response_read_ptr > s->response_len) {
+ error_report("milkymist_memcard: "
+ "read more cmd bytes than available. Clipping.");
+ s->response_read_ptr = 0;
+ }
+ }
+ break;
+ case R_DAT:
+ if (!s->enabled) {
+ r = 0xffffffff;
+ } else {
+ r = 0;
+ r |= sd_read_data(s->card) << 24;
+ r |= sd_read_data(s->card) << 16;
+ r |= sd_read_data(s->card) << 8;
+ r |= sd_read_data(s->card);
+ }
+ break;
+ case R_CLK2XDIV:
+ case R_ENABLE:
+ case R_PENDING:
+ case R_START:
+ r = s->regs[addr];
+ break;
+
+ default:
+ error_report("milkymist_memcard: read access to unkown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+
+ trace_milkymist_memcard_memory_read(addr << 2, r);
+
+ return r;
+}
+
+static void memcard_write(void *opaque, target_phys_addr_t addr, uint32_t value)
+{
+ MilkymistMemcardState *s = opaque;
+
+ trace_milkymist_memcard_memory_write(addr, value);
+
+ addr >>= 2;
+ switch (addr) {
+ case R_PENDING:
+ /* clear rx pending bits */
+ s->regs[R_PENDING] &= ~(value & (PENDING_CMD_RX | PENDING_DAT_RX));
+ update_pending_bits(s);
+ break;
+ case R_CMD:
+ if (!s->enabled) {
+ break;
+ }
+ if (s->ignore_next_cmd) {
+ s->ignore_next_cmd = 0;
+ break;
+ }
+ s->command[s->command_write_ptr] = value & 0xff;
+ s->command_write_ptr = (s->command_write_ptr + 1) % 6;
+ if (s->command_write_ptr == 0) {
+ memcard_sd_command(s);
+ }
+ break;
+ case R_DAT:
+ if (!s->enabled) {
+ break;
+ }
+ sd_write_data(s->card, (value >> 24) & 0xff);
+ sd_write_data(s->card, (value >> 16) & 0xff);
+ sd_write_data(s->card, (value >> 8) & 0xff);
+ sd_write_data(s->card, value & 0xff);
+ break;
+ case R_ENABLE:
+ s->regs[addr] = value;
+ update_pending_bits(s);
+ break;
+ case R_CLK2XDIV:
+ case R_START:
+ s->regs[addr] = value;
+ break;
+
+ default:
+ error_report("milkymist_memcard: write access to unkown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+}
+
+static CPUReadMemoryFunc * const memcard_read_fn[] = {
+ NULL,
+ NULL,
+ &memcard_read,
+};
+
+static CPUWriteMemoryFunc * const memcard_write_fn[] = {
+ NULL,
+ NULL,
+ &memcard_write,
+};
+
+static void milkymist_memcard_reset(DeviceState *d)
+{
+ MilkymistMemcardState *s =
+ container_of(d, MilkymistMemcardState, busdev.qdev);
+ int i;
+
+ s->command_write_ptr = 0;
+ s->response_read_ptr = 0;
+ s->response_len = 0;
+
+ for (i = 0; i < R_MAX; i++) {
+ s->regs[i] = 0;
+ }
+}
+
+static int milkymist_memcard_init(SysBusDevice *dev)
+{
+ MilkymistMemcardState *s = FROM_SYSBUS(typeof(*s), dev);
+ DriveInfo *dinfo;
+ int memcard_regs;
+
+ dinfo = drive_get_next(IF_SD);
+ s->card = sd_init(dinfo ? dinfo->bdrv : NULL, 0);
+ s->enabled = dinfo ? bdrv_is_inserted(dinfo->bdrv) : 0;
+
+ memcard_regs = cpu_register_io_memory(memcard_read_fn, memcard_write_fn, s,
+ DEVICE_NATIVE_ENDIAN);
+ sysbus_init_mmio(dev, R_MAX * 4, memcard_regs);
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_milkymist_memcard = {
+ .name = "milkymist-memcard",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_INT32(command_write_ptr, MilkymistMemcardState),
+ VMSTATE_INT32(response_read_ptr, MilkymistMemcardState),
+ VMSTATE_INT32(response_len, MilkymistMemcardState),
+ VMSTATE_INT32(ignore_next_cmd, MilkymistMemcardState),
+ VMSTATE_INT32(enabled, MilkymistMemcardState),
+ VMSTATE_UINT8_ARRAY(command, MilkymistMemcardState, 6),
+ VMSTATE_UINT8_ARRAY(response, MilkymistMemcardState, 17),
+ VMSTATE_UINT32_ARRAY(regs, MilkymistMemcardState, R_MAX),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static SysBusDeviceInfo milkymist_memcard_info = {
+ .init = milkymist_memcard_init,
+ .qdev.name = "milkymist-memcard",
+ .qdev.size = sizeof(MilkymistMemcardState),
+ .qdev.vmsd = &vmstate_milkymist_memcard,
+ .qdev.reset = milkymist_memcard_reset,
+};
+
+static void milkymist_memcard_register(void)
+{
+ sysbus_register_withprop(&milkymist_memcard_info);
+}
+
+device_init(milkymist_memcard_register)
diff --git a/hw/milkymist-minimac2.c b/hw/milkymist-minimac2.c
new file mode 100644
index 0000000..c4e2818
--- /dev/null
+++ b/hw/milkymist-minimac2.c
@@ -0,0 +1,539 @@
+/*
+ * QEMU model of the Milkymist minimac2 block.
+ *
+ * Copyright (c) 2011 Michael Walle <michael@walle.cc>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ *
+ * Specification available at:
+ * not available yet
+ *
+ */
+
+#include "hw.h"
+#include "sysbus.h"
+#include "trace.h"
+#include "net.h"
+#include "qemu-error.h"
+#include "qdev-addr.h"
+
+#include <zlib.h>
+
+enum {
+ R_SETUP = 0,
+ R_MDIO,
+ R_STATE0,
+ R_COUNT0,
+ R_STATE1,
+ R_COUNT1,
+ R_TXCOUNT,
+ R_MAX
+};
+
+enum {
+ SETUP_PHY_RST = (1<<0),
+};
+
+enum {
+ MDIO_DO = (1<<0),
+ MDIO_DI = (1<<1),
+ MDIO_OE = (1<<2),
+ MDIO_CLK = (1<<3),
+};
+
+enum {
+ STATE_EMPTY = 0,
+ STATE_LOADED = 1,
+ STATE_PENDING = 2,
+};
+
+enum {
+ MDIO_OP_WRITE = 1,
+ MDIO_OP_READ = 2,
+};
+
+enum mdio_state {
+ MDIO_STATE_IDLE,
+ MDIO_STATE_READING,
+ MDIO_STATE_WRITING,
+};
+
+enum {
+ R_PHY_ID1 = 2,
+ R_PHY_ID2 = 3,
+ R_PHY_MAX = 32
+};
+
+#define MINIMAC2_MTU 1530
+#define MINIMAC2_BUFFER_SIZE 2048
+
+struct MilkymistMinimac2MdioState {
+ int last_clk;
+ int count;
+ uint32_t data;
+ uint16_t data_out;
+ int state;
+
+ uint8_t phy_addr;
+ uint8_t reg_addr;
+};
+typedef struct MilkymistMinimac2MdioState MilkymistMinimac2MdioState;
+
+struct MilkymistMinimac2State {
+ SysBusDevice busdev;
+ NICState *nic;
+ NICConf conf;
+ char *phy_model;
+ target_phys_addr_t buffers_base;
+
+ qemu_irq rx_irq;
+ qemu_irq tx_irq;
+
+ uint32_t regs[R_MAX];
+
+ MilkymistMinimac2MdioState mdio;
+
+ uint16_t phy_regs[R_PHY_MAX];
+
+ uint8_t *rx0_buf;
+ uint8_t *rx1_buf;
+ uint8_t *tx_buf;
+};
+typedef struct MilkymistMinimac2State MilkymistMinimac2State;
+
+static const uint8_t preamble_sfd[] = {
+ 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0xd5
+};
+
+static void minimac2_mdio_write_reg(MilkymistMinimac2State *s,
+ uint8_t phy_addr, uint8_t reg_addr, uint16_t value)
+{
+ trace_milkymist_minimac2_mdio_write(phy_addr, reg_addr, value);
+
+ /* nop */
+}
+
+static uint16_t minimac2_mdio_read_reg(MilkymistMinimac2State *s,
+ uint8_t phy_addr, uint8_t reg_addr)
+{
+ uint16_t r = s->phy_regs[reg_addr];
+
+ trace_milkymist_minimac2_mdio_read(phy_addr, reg_addr, r);
+
+ return r;
+}
+
+static void minimac2_update_mdio(MilkymistMinimac2State *s)
+{
+ MilkymistMinimac2MdioState *m = &s->mdio;
+
+ /* detect rising clk edge */
+ if (m->last_clk == 0 && (s->regs[R_MDIO] & MDIO_CLK)) {
+ /* shift data in */
+ int bit = ((s->regs[R_MDIO] & MDIO_DO)
+ && (s->regs[R_MDIO] & MDIO_OE)) ? 1 : 0;
+ m->data = (m->data << 1) | bit;
+
+ /* check for sync */
+ if (m->data == 0xffffffff) {
+ m->count = 32;
+ }
+
+ if (m->count == 16) {
+ uint8_t start = (m->data >> 14) & 0x3;
+ uint8_t op = (m->data >> 12) & 0x3;
+ uint8_t ta = (m->data) & 0x3;
+
+ if (start == 1 && op == MDIO_OP_WRITE && ta == 2) {
+ m->state = MDIO_STATE_WRITING;
+ } else if (start == 1 && op == MDIO_OP_READ && (ta & 1) == 0) {
+ m->state = MDIO_STATE_READING;
+ } else {
+ m->state = MDIO_STATE_IDLE;
+ }
+
+ if (m->state != MDIO_STATE_IDLE) {
+ m->phy_addr = (m->data >> 7) & 0x1f;
+ m->reg_addr = (m->data >> 2) & 0x1f;
+ }
+
+ if (m->state == MDIO_STATE_READING) {
+ m->data_out = minimac2_mdio_read_reg(s, m->phy_addr,
+ m->reg_addr);
+ }
+ }
+
+ if (m->count < 16 && m->state == MDIO_STATE_READING) {
+ int bit = (m->data_out & 0x8000) ? 1 : 0;
+ m->data_out <<= 1;
+
+ if (bit) {
+ s->regs[R_MDIO] |= MDIO_DI;
+ } else {
+ s->regs[R_MDIO] &= ~MDIO_DI;
+ }
+ }
+
+ if (m->count == 0 && m->state) {
+ if (m->state == MDIO_STATE_WRITING) {
+ uint16_t data = m->data & 0xffff;
+ minimac2_mdio_write_reg(s, m->phy_addr, m->reg_addr, data);
+ }
+ m->state = MDIO_STATE_IDLE;
+ }
+ m->count--;
+ }
+
+ m->last_clk = (s->regs[R_MDIO] & MDIO_CLK) ? 1 : 0;
+}
+
+static size_t assemble_frame(uint8_t *buf, size_t size,
+ const uint8_t *payload, size_t payload_size)
+{
+ uint32_t crc;
+
+ if (size < payload_size + 12) {
+ error_report("milkymist_minimac2: received too big ethernet frame");
+ return 0;
+ }
+
+ /* prepend preamble and sfd */
+ memcpy(buf, preamble_sfd, 8);
+
+ /* now copy the payload */
+ memcpy(buf + 8, payload, payload_size);
+
+ /* pad frame if needed */
+ if (payload_size < 60) {
+ memset(buf + payload_size + 8, 0, 60 - payload_size);
+ payload_size = 60;
+ }
+
+ /* append fcs */
+ crc = cpu_to_le32(crc32(0, buf + 8, payload_size));
+ memcpy(buf + payload_size + 8, &crc, 4);
+
+ return payload_size + 12;
+}
+
+static void minimac2_tx(MilkymistMinimac2State *s)
+{
+ uint32_t txcount = s->regs[R_TXCOUNT];
+ uint8_t *buf = s->tx_buf;
+
+ if (txcount < 64) {
+ error_report("milkymist_minimac2: ethernet frame too small (%u < %u)\n",
+ txcount, 64);
+ goto err;
+ }
+
+ if (txcount > MINIMAC2_MTU) {
+ error_report("milkymist_minimac2: MTU exceeded (%u > %u)\n",
+ txcount, MINIMAC2_MTU);
+ goto err;
+ }
+
+ if (memcmp(buf, preamble_sfd, 8) != 0) {
+ error_report("milkymist_minimac2: frame doesn't contain the preamble "
+ "and/or the SFD (%02x %02x %02x %02x %02x %02x %02x %02x)\n",
+ buf[0], buf[1], buf[2], buf[3], buf[4], buf[5], buf[6], buf[7]);
+ goto err;
+ }
+
+ trace_milkymist_minimac2_tx_frame(txcount - 12);
+
+ /* send packet, skipping preamble and sfd */
+ qemu_send_packet_raw(&s->nic->nc, buf + 8, txcount - 12);
+
+ s->regs[R_TXCOUNT] = 0;
+
+err:
+ trace_milkymist_minimac2_pulse_irq_tx();
+ qemu_irq_pulse(s->tx_irq);
+}
+
+static void update_rx_interrupt(MilkymistMinimac2State *s)
+{
+ if (s->regs[R_STATE0] == STATE_PENDING
+ || s->regs[R_STATE1] == STATE_PENDING) {
+ trace_milkymist_minimac2_raise_irq_rx();
+ qemu_irq_raise(s->rx_irq);
+ } else {
+ trace_milkymist_minimac2_lower_irq_rx();
+ qemu_irq_lower(s->rx_irq);
+ }
+}
+
+static ssize_t minimac2_rx(VLANClientState *nc, const uint8_t *buf, size_t size)
+{
+ MilkymistMinimac2State *s = DO_UPCAST(NICState, nc, nc)->opaque;
+
+ uint32_t r_count;
+ uint32_t r_state;
+ uint8_t *rx_buf;
+
+ size_t frame_size;
+
+ trace_milkymist_minimac2_rx_frame(buf, size);
+
+ /* choose appropriate slot */
+ if (s->regs[R_STATE0] == STATE_LOADED) {
+ r_count = R_COUNT0;
+ r_state = R_STATE0;
+ rx_buf = s->rx0_buf;
+ } else if (s->regs[R_STATE1] == STATE_LOADED) {
+ r_count = R_COUNT1;
+ r_state = R_STATE1;
+ rx_buf = s->rx1_buf;
+ } else {
+ trace_milkymist_minimac2_drop_rx_frame(buf);
+ return size;
+ }
+
+ /* assemble frame */
+ frame_size = assemble_frame(rx_buf, MINIMAC2_BUFFER_SIZE, buf, size);
+
+ if (frame_size == 0) {
+ return size;
+ }
+
+ trace_milkymist_minimac2_rx_transfer(rx_buf, frame_size);
+
+ /* update slot */
+ s->regs[r_count] = frame_size;
+ s->regs[r_state] = STATE_PENDING;
+
+ update_rx_interrupt(s);
+
+ return size;
+}
+
+static uint32_t
+minimac2_read(void *opaque, target_phys_addr_t addr)
+{
+ MilkymistMinimac2State *s = opaque;
+ uint32_t r = 0;
+
+ addr >>= 2;
+ switch (addr) {
+ case R_SETUP:
+ case R_MDIO:
+ case R_STATE0:
+ case R_COUNT0:
+ case R_STATE1:
+ case R_COUNT1:
+ case R_TXCOUNT:
+ r = s->regs[addr];
+ break;
+
+ default:
+ error_report("milkymist_minimac2: read access to unknown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+
+ trace_milkymist_minimac2_memory_read(addr << 2, r);
+
+ return r;
+}
+
+static void
+minimac2_write(void *opaque, target_phys_addr_t addr, uint32_t value)
+{
+ MilkymistMinimac2State *s = opaque;
+
+ trace_milkymist_minimac2_memory_read(addr, value);
+
+ addr >>= 2;
+ switch (addr) {
+ case R_MDIO:
+ {
+ /* MDIO_DI is read only */
+ int mdio_di = (s->regs[R_MDIO] & MDIO_DI);
+ s->regs[R_MDIO] = value;
+ if (mdio_di) {
+ s->regs[R_MDIO] |= mdio_di;
+ } else {
+ s->regs[R_MDIO] &= ~mdio_di;
+ }
+
+ minimac2_update_mdio(s);
+ } break;
+ case R_TXCOUNT:
+ s->regs[addr] = value;
+ if (value > 0) {
+ minimac2_tx(s);
+ }
+ break;
+ case R_STATE0:
+ case R_STATE1:
+ s->regs[addr] = value;
+ update_rx_interrupt(s);
+ break;
+ case R_SETUP:
+ case R_COUNT0:
+ case R_COUNT1:
+ s->regs[addr] = value;
+ break;
+
+ default:
+ error_report("milkymist_minimac2: write access to unknown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+}
+
+static CPUReadMemoryFunc * const minimac2_read_fn[] = {
+ NULL,
+ NULL,
+ &minimac2_read,
+};
+
+static CPUWriteMemoryFunc * const minimac2_write_fn[] = {
+ NULL,
+ NULL,
+ &minimac2_write,
+};
+
+static int minimac2_can_rx(VLANClientState *nc)
+{
+ MilkymistMinimac2State *s = DO_UPCAST(NICState, nc, nc)->opaque;
+
+ if (s->regs[R_STATE0] == STATE_LOADED) {
+ return 1;
+ }
+ if (s->regs[R_STATE1] == STATE_LOADED) {
+ return 1;
+ }
+
+ return 0;
+}
+
+static void minimac2_cleanup(VLANClientState *nc)
+{
+ MilkymistMinimac2State *s = DO_UPCAST(NICState, nc, nc)->opaque;
+
+ s->nic = NULL;
+}
+
+static void milkymist_minimac2_reset(DeviceState *d)
+{
+ MilkymistMinimac2State *s =
+ container_of(d, MilkymistMinimac2State, busdev.qdev);
+ int i;
+
+ for (i = 0; i < R_MAX; i++) {
+ s->regs[i] = 0;
+ }
+ for (i = 0; i < R_PHY_MAX; i++) {
+ s->phy_regs[i] = 0;
+ }
+
+ /* defaults */
+ s->phy_regs[R_PHY_ID1] = 0x0022; /* Micrel KSZ8001L */
+ s->phy_regs[R_PHY_ID2] = 0x161a;
+}
+
+static NetClientInfo net_milkymist_minimac2_info = {
+ .type = NET_CLIENT_TYPE_NIC,
+ .size = sizeof(NICState),
+ .can_receive = minimac2_can_rx,
+ .receive = minimac2_rx,
+ .cleanup = minimac2_cleanup,
+};
+
+static int milkymist_minimac2_init(SysBusDevice *dev)
+{
+ MilkymistMinimac2State *s = FROM_SYSBUS(typeof(*s), dev);
+ int regs;
+ ram_addr_t buffers;
+ size_t buffers_size = TARGET_PAGE_ALIGN(3 * MINIMAC2_BUFFER_SIZE);
+
+ sysbus_init_irq(dev, &s->rx_irq);
+ sysbus_init_irq(dev, &s->tx_irq);
+
+ regs = cpu_register_io_memory(minimac2_read_fn, minimac2_write_fn, s,
+ DEVICE_NATIVE_ENDIAN);
+ sysbus_init_mmio(dev, R_MAX * 4, regs);
+
+ /* register buffers memory */
+ buffers = qemu_ram_alloc(NULL, "milkymist_minimac2.buffers", buffers_size);
+ s->rx0_buf = qemu_get_ram_ptr(buffers);
+ s->rx1_buf = s->rx0_buf + MINIMAC2_BUFFER_SIZE;
+ s->tx_buf = s->rx1_buf + MINIMAC2_BUFFER_SIZE;
+
+ cpu_register_physical_memory(s->buffers_base, buffers_size,
+ buffers | IO_MEM_RAM);
+
+ qemu_macaddr_default_if_unset(&s->conf.macaddr);
+ s->nic = qemu_new_nic(&net_milkymist_minimac2_info, &s->conf,
+ dev->qdev.info->name, dev->qdev.id, s);
+ qemu_format_nic_info_str(&s->nic->nc, s->conf.macaddr.a);
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_milkymist_minimac2_mdio = {
+ .name = "milkymist-minimac2-mdio",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_INT32(last_clk, MilkymistMinimac2MdioState),
+ VMSTATE_INT32(count, MilkymistMinimac2MdioState),
+ VMSTATE_UINT32(data, MilkymistMinimac2MdioState),
+ VMSTATE_UINT16(data_out, MilkymistMinimac2MdioState),
+ VMSTATE_INT32(state, MilkymistMinimac2MdioState),
+ VMSTATE_UINT8(phy_addr, MilkymistMinimac2MdioState),
+ VMSTATE_UINT8(reg_addr, MilkymistMinimac2MdioState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_milkymist_minimac2 = {
+ .name = "milkymist-minimac2",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(regs, MilkymistMinimac2State, R_MAX),
+ VMSTATE_UINT16_ARRAY(phy_regs, MilkymistMinimac2State, R_PHY_MAX),
+ VMSTATE_STRUCT(mdio, MilkymistMinimac2State, 0,
+ vmstate_milkymist_minimac2_mdio, MilkymistMinimac2MdioState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static SysBusDeviceInfo milkymist_minimac2_info = {
+ .init = milkymist_minimac2_init,
+ .qdev.name = "milkymist-minimac2",
+ .qdev.size = sizeof(MilkymistMinimac2State),
+ .qdev.vmsd = &vmstate_milkymist_minimac2,
+ .qdev.reset = milkymist_minimac2_reset,
+ .qdev.props = (Property[]) {
+ DEFINE_PROP_TADDR("buffers_base", MilkymistMinimac2State,
+ buffers_base, 0),
+ DEFINE_NIC_PROPERTIES(MilkymistMinimac2State, conf),
+ DEFINE_PROP_STRING("phy_model", MilkymistMinimac2State, phy_model),
+ DEFINE_PROP_END_OF_LIST(),
+ }
+};
+
+static void milkymist_minimac2_register(void)
+{
+ sysbus_register_withprop(&milkymist_minimac2_info);
+}
+
+device_init(milkymist_minimac2_register)
diff --git a/hw/milkymist-pfpu.c b/hw/milkymist-pfpu.c
new file mode 100644
index 0000000..94e6315
--- /dev/null
+++ b/hw/milkymist-pfpu.c
@@ -0,0 +1,536 @@
+/*
+ * QEMU model of the Milkymist programmable FPU.
+ *
+ * Copyright (c) 2010 Michael Walle <michael@walle.cc>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ *
+ * Specification available at:
+ * http://www.milkymist.org/socdoc/pfpu.pdf
+ *
+ */
+
+#include "hw.h"
+#include "sysbus.h"
+#include "trace.h"
+#include "qemu-log.h"
+#include "qemu-error.h"
+#include <math.h>
+
+/* #define TRACE_EXEC */
+
+#ifdef TRACE_EXEC
+# define D_EXEC(x) x
+#else
+# define D_EXEC(x)
+#endif
+
+enum {
+ R_CTL = 0,
+ R_MESHBASE,
+ R_HMESHLAST,
+ R_VMESHLAST,
+ R_CODEPAGE,
+ R_VERTICES,
+ R_COLLISIONS,
+ R_STRAYWRITES,
+ R_LASTDMA,
+ R_PC,
+ R_DREGBASE,
+ R_CODEBASE,
+ R_MAX
+};
+
+enum {
+ CTL_START_BUSY = (1<<0),
+};
+
+enum {
+ OP_NOP = 0,
+ OP_FADD,
+ OP_FSUB,
+ OP_FMUL,
+ OP_FABS,
+ OP_F2I,
+ OP_I2F,
+ OP_VECTOUT,
+ OP_SIN,
+ OP_COS,
+ OP_ABOVE,
+ OP_EQUAL,
+ OP_COPY,
+ OP_IF,
+ OP_TSIGN,
+ OP_QUAKE,
+};
+
+enum {
+ GPR_X = 0,
+ GPR_Y = 1,
+ GPR_FLAGS = 2,
+};
+
+enum {
+ LATENCY_FADD = 5,
+ LATENCY_FSUB = 5,
+ LATENCY_FMUL = 7,
+ LATENCY_FABS = 2,
+ LATENCY_F2I = 2,
+ LATENCY_I2F = 3,
+ LATENCY_VECTOUT = 0,
+ LATENCY_SIN = 4,
+ LATENCY_COS = 4,
+ LATENCY_ABOVE = 2,
+ LATENCY_EQUAL = 2,
+ LATENCY_COPY = 2,
+ LATENCY_IF = 2,
+ LATENCY_TSIGN = 2,
+ LATENCY_QUAKE = 2,
+ MAX_LATENCY = 7
+};
+
+#define GPR_BEGIN 0x100
+#define GPR_END 0x17f
+#define MICROCODE_BEGIN 0x200
+#define MICROCODE_END 0x3ff
+#define MICROCODE_WORDS 2048
+
+#define REINTERPRET_CAST(type, val) (*((type *)&(val)))
+
+#ifdef TRACE_EXEC
+static const char *opcode_to_str[] = {
+ "NOP", "FADD", "FSUB", "FMUL", "FABS", "F2I", "I2F", "VECTOUT",
+ "SIN", "COS", "ABOVE", "EQUAL", "COPY", "IF", "TSIGN", "QUAKE",
+};
+#endif
+
+struct MilkymistPFPUState {
+ SysBusDevice busdev;
+ CharDriverState *chr;
+ qemu_irq irq;
+
+ uint32_t regs[R_MAX];
+ uint32_t gp_regs[128];
+ uint32_t microcode[MICROCODE_WORDS];
+
+ int output_queue_pos;
+ uint32_t output_queue[MAX_LATENCY];
+};
+typedef struct MilkymistPFPUState MilkymistPFPUState;
+
+static inline target_phys_addr_t
+get_dma_address(uint32_t base, uint32_t x, uint32_t y)
+{
+ return base + 8 * (128 * y + x);
+}
+
+static inline void
+output_queue_insert(MilkymistPFPUState *s, uint32_t val, int pos)
+{
+ s->output_queue[(s->output_queue_pos + pos) % MAX_LATENCY] = val;
+}
+
+static inline uint32_t
+output_queue_remove(MilkymistPFPUState *s)
+{
+ return s->output_queue[s->output_queue_pos];
+}
+
+static inline void
+output_queue_advance(MilkymistPFPUState *s)
+{
+ s->output_queue[s->output_queue_pos] = 0;
+ s->output_queue_pos = (s->output_queue_pos + 1) % MAX_LATENCY;
+}
+
+static int pfpu_decode_insn(MilkymistPFPUState *s)
+{
+ uint32_t pc = s->regs[R_PC];
+ uint32_t insn = s->microcode[pc];
+ uint32_t reg_a = (insn >> 18) & 0x7f;
+ uint32_t reg_b = (insn >> 11) & 0x7f;
+ uint32_t op = (insn >> 7) & 0xf;
+ uint32_t reg_d = insn & 0x7f;
+ uint32_t r = 0;
+ int latency = 0;
+
+ switch (op) {
+ case OP_NOP:
+ break;
+ case OP_FADD:
+ {
+ float a = REINTERPRET_CAST(float, s->gp_regs[reg_a]);
+ float b = REINTERPRET_CAST(float, s->gp_regs[reg_b]);
+ float t = a + b;
+ r = REINTERPRET_CAST(uint32_t, t);
+ latency = LATENCY_FADD;
+ D_EXEC(qemu_log("ADD a=%f b=%f t=%f, r=%08x\n", a, b, t, r));
+ } break;
+ case OP_FSUB:
+ {
+ float a = REINTERPRET_CAST(float, s->gp_regs[reg_a]);
+ float b = REINTERPRET_CAST(float, s->gp_regs[reg_b]);
+ float t = a - b;
+ r = REINTERPRET_CAST(uint32_t, t);
+ latency = LATENCY_FSUB;
+ D_EXEC(qemu_log("SUB a=%f b=%f t=%f, r=%08x\n", a, b, t, r));
+ } break;
+ case OP_FMUL:
+ {
+ float a = REINTERPRET_CAST(float, s->gp_regs[reg_a]);
+ float b = REINTERPRET_CAST(float, s->gp_regs[reg_b]);
+ float t = a * b;
+ r = REINTERPRET_CAST(uint32_t, t);
+ latency = LATENCY_FMUL;
+ D_EXEC(qemu_log("MUL a=%f b=%f t=%f, r=%08x\n", a, b, t, r));
+ } break;
+ case OP_FABS:
+ {
+ float a = REINTERPRET_CAST(float, s->gp_regs[reg_a]);
+ float t = fabsf(a);
+ r = REINTERPRET_CAST(uint32_t, t);
+ latency = LATENCY_FABS;
+ D_EXEC(qemu_log("ABS a=%f t=%f, r=%08x\n", a, t, r));
+ } break;
+ case OP_F2I:
+ {
+ float a = REINTERPRET_CAST(float, s->gp_regs[reg_a]);
+ int32_t t = a;
+ r = REINTERPRET_CAST(uint32_t, t);
+ latency = LATENCY_F2I;
+ D_EXEC(qemu_log("F2I a=%f t=%d, r=%08x\n", a, t, r));
+ } break;
+ case OP_I2F:
+ {
+ int32_t a = REINTERPRET_CAST(int32_t, s->gp_regs[reg_a]);
+ float t = a;
+ r = REINTERPRET_CAST(uint32_t, t);
+ latency = LATENCY_I2F;
+ D_EXEC(qemu_log("I2F a=%08x t=%f, r=%08x\n", a, t, r));
+ } break;
+ case OP_VECTOUT:
+ {
+ uint32_t a = cpu_to_be32(s->gp_regs[reg_a]);
+ uint32_t b = cpu_to_be32(s->gp_regs[reg_b]);
+ target_phys_addr_t dma_ptr =
+ get_dma_address(s->regs[R_MESHBASE],
+ s->gp_regs[GPR_X], s->gp_regs[GPR_Y]);
+ cpu_physical_memory_write(dma_ptr, (uint8_t *)&a, 4);
+ cpu_physical_memory_write(dma_ptr + 4, (uint8_t *)&b, 4);
+ s->regs[R_LASTDMA] = dma_ptr + 4;
+ D_EXEC(qemu_log("VECTOUT a=%08x b=%08x dma=%08x\n", a, b, dma_ptr));
+ trace_milkymist_pfpu_vectout(a, b, dma_ptr);
+ } break;
+ case OP_SIN:
+ {
+ int32_t a = REINTERPRET_CAST(int32_t, s->gp_regs[reg_a]);
+ float t = sinf(a * (1.0f / (M_PI * 4096.0f)));
+ r = REINTERPRET_CAST(uint32_t, t);
+ latency = LATENCY_SIN;
+ D_EXEC(qemu_log("SIN a=%d t=%f, r=%08x\n", a, t, r));
+ } break;
+ case OP_COS:
+ {
+ int32_t a = REINTERPRET_CAST(int32_t, s->gp_regs[reg_a]);
+ float t = cosf(a * (1.0f / (M_PI * 4096.0f)));
+ r = REINTERPRET_CAST(uint32_t, t);
+ latency = LATENCY_COS;
+ D_EXEC(qemu_log("COS a=%d t=%f, r=%08x\n", a, t, r));
+ } break;
+ case OP_ABOVE:
+ {
+ float a = REINTERPRET_CAST(float, s->gp_regs[reg_a]);
+ float b = REINTERPRET_CAST(float, s->gp_regs[reg_b]);
+ float t = (a > b) ? 1.0f : 0.0f;
+ r = REINTERPRET_CAST(uint32_t, t);
+ latency = LATENCY_ABOVE;
+ D_EXEC(qemu_log("ABOVE a=%f b=%f t=%f, r=%08x\n", a, b, t, r));
+ } break;
+ case OP_EQUAL:
+ {
+ float a = REINTERPRET_CAST(float, s->gp_regs[reg_a]);
+ float b = REINTERPRET_CAST(float, s->gp_regs[reg_b]);
+ float t = (a == b) ? 1.0f : 0.0f;
+ r = REINTERPRET_CAST(uint32_t, t);
+ latency = LATENCY_EQUAL;
+ D_EXEC(qemu_log("EQUAL a=%f b=%f t=%f, r=%08x\n", a, b, t, r));
+ } break;
+ case OP_COPY:
+ {
+ r = s->gp_regs[reg_a];
+ latency = LATENCY_COPY;
+ D_EXEC(qemu_log("COPY"));
+ } break;
+ case OP_IF:
+ {
+ float a = REINTERPRET_CAST(float, s->gp_regs[reg_a]);
+ float b = REINTERPRET_CAST(float, s->gp_regs[reg_b]);
+ uint32_t f = s->gp_regs[GPR_FLAGS];
+ float t = (f != 0) ? a : b;
+ r = REINTERPRET_CAST(uint32_t, t);
+ latency = LATENCY_IF;
+ D_EXEC(qemu_log("IF f=%u a=%f b=%f t=%f, r=%08x\n", f, a, b, t, r));
+ } break;
+ case OP_TSIGN:
+ {
+ float a = REINTERPRET_CAST(float, s->gp_regs[reg_a]);
+ float b = REINTERPRET_CAST(float, s->gp_regs[reg_b]);
+ float t = (b < 0) ? -a : a;
+ r = REINTERPRET_CAST(uint32_t, t);
+ latency = LATENCY_TSIGN;
+ D_EXEC(qemu_log("TSIGN a=%f b=%f t=%f, r=%08x\n", a, b, t, r));
+ } break;
+ case OP_QUAKE:
+ {
+ uint32_t a = s->gp_regs[reg_a];
+ r = 0x5f3759df - (a >> 1);
+ latency = LATENCY_QUAKE;
+ D_EXEC(qemu_log("QUAKE a=%d r=%08x\n", a, r));
+ } break;
+
+ default:
+ error_report("milkymist_pfpu: unknown opcode %d\n", op);
+ break;
+ }
+
+ if (!reg_d) {
+ D_EXEC(qemu_log("%04d %8s R%03d, R%03d <L=%d, E=%04d>\n",
+ s->regs[R_PC], opcode_to_str[op], reg_a, reg_b, latency,
+ s->regs[R_PC] + latency));
+ } else {
+ D_EXEC(qemu_log("%04d %8s R%03d, R%03d <L=%d, E=%04d> -> R%03d\n",
+ s->regs[R_PC], opcode_to_str[op], reg_a, reg_b, latency,
+ s->regs[R_PC] + latency, reg_d));
+ }
+
+ if (op == OP_VECTOUT) {
+ return 0;
+ }
+
+ /* store output for this cycle */
+ if (reg_d) {
+ uint32_t val = output_queue_remove(s);
+ D_EXEC(qemu_log("R%03d <- 0x%08x\n", reg_d, val));
+ s->gp_regs[reg_d] = val;
+ }
+
+ output_queue_advance(s);
+
+ /* store op output */
+ if (op != OP_NOP) {
+ output_queue_insert(s, r, latency-1);
+ }
+
+ /* advance PC */
+ s->regs[R_PC]++;
+
+ return 1;
+};
+
+static void pfpu_start(MilkymistPFPUState *s)
+{
+ int x, y;
+ int i;
+
+ for (y = 0; y <= s->regs[R_VMESHLAST]; y++) {
+ for (x = 0; x <= s->regs[R_HMESHLAST]; x++) {
+ D_EXEC(qemu_log("\nprocessing x=%d y=%d\n", x, y));
+
+ /* set current position */
+ s->gp_regs[GPR_X] = x;
+ s->gp_regs[GPR_Y] = y;
+
+ /* run microcode on this position */
+ i = 0;
+ while (pfpu_decode_insn(s)) {
+ /* decode at most MICROCODE_WORDS instructions */
+ if (i++ >= MICROCODE_WORDS) {
+ error_report("milkymist_pfpu: too many instructions "
+ "executed in microcode. No VECTOUT?\n");
+ break;
+ }
+ }
+
+ /* reset pc for next run */
+ s->regs[R_PC] = 0;
+ }
+ }
+
+ s->regs[R_VERTICES] = x * y;
+
+ trace_milkymist_pfpu_pulse_irq();
+ qemu_irq_pulse(s->irq);
+}
+
+static inline int get_microcode_address(MilkymistPFPUState *s, uint32_t addr)
+{
+ return (512 * s->regs[R_CODEPAGE]) + addr - MICROCODE_BEGIN;
+}
+
+static uint32_t pfpu_read(void *opaque, target_phys_addr_t addr)
+{
+ MilkymistPFPUState *s = opaque;
+ uint32_t r = 0;
+
+ addr >>= 2;
+ switch (addr) {
+ case R_CTL:
+ case R_MESHBASE:
+ case R_HMESHLAST:
+ case R_VMESHLAST:
+ case R_CODEPAGE:
+ case R_VERTICES:
+ case R_COLLISIONS:
+ case R_STRAYWRITES:
+ case R_LASTDMA:
+ case R_PC:
+ case R_DREGBASE:
+ case R_CODEBASE:
+ r = s->regs[addr];
+ break;
+ case GPR_BEGIN ... GPR_END:
+ r = s->gp_regs[addr - GPR_BEGIN];
+ break;
+ case MICROCODE_BEGIN ... MICROCODE_END:
+ r = s->microcode[get_microcode_address(s, addr)];
+ break;
+
+ default:
+ error_report("milkymist_pfpu: read access to unknown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+
+ trace_milkymist_pfpu_memory_read(addr << 2, r);
+
+ return r;
+}
+
+static void
+pfpu_write(void *opaque, target_phys_addr_t addr, uint32_t value)
+{
+ MilkymistPFPUState *s = opaque;
+
+ trace_milkymist_pfpu_memory_write(addr, value);
+
+ addr >>= 2;
+ switch (addr) {
+ case R_CTL:
+ if (value & CTL_START_BUSY) {
+ pfpu_start(s);
+ }
+ break;
+ case R_MESHBASE:
+ case R_HMESHLAST:
+ case R_VMESHLAST:
+ case R_CODEPAGE:
+ case R_VERTICES:
+ case R_COLLISIONS:
+ case R_STRAYWRITES:
+ case R_LASTDMA:
+ case R_PC:
+ case R_DREGBASE:
+ case R_CODEBASE:
+ s->regs[addr] = value;
+ break;
+ case GPR_BEGIN ... GPR_END:
+ s->gp_regs[addr - GPR_BEGIN] = value;
+ break;
+ case MICROCODE_BEGIN ... MICROCODE_END:
+ s->microcode[get_microcode_address(s, addr)] = value;
+ break;
+
+ default:
+ error_report("milkymist_pfpu: write access to unknown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+}
+
+static CPUReadMemoryFunc * const pfpu_read_fn[] = {
+ NULL,
+ NULL,
+ &pfpu_read,
+};
+
+static CPUWriteMemoryFunc * const pfpu_write_fn[] = {
+ NULL,
+ NULL,
+ &pfpu_write,
+};
+
+static void milkymist_pfpu_reset(DeviceState *d)
+{
+ MilkymistPFPUState *s = container_of(d, MilkymistPFPUState, busdev.qdev);
+ int i;
+
+ for (i = 0; i < R_MAX; i++) {
+ s->regs[i] = 0;
+ }
+ for (i = 0; i < 128; i++) {
+ s->gp_regs[i] = 0;
+ }
+ for (i = 0; i < MICROCODE_WORDS; i++) {
+ s->microcode[i] = 0;
+ }
+ s->output_queue_pos = 0;
+ for (i = 0; i < MAX_LATENCY; i++) {
+ s->output_queue[i] = 0;
+ }
+}
+
+static int milkymist_pfpu_init(SysBusDevice *dev)
+{
+ MilkymistPFPUState *s = FROM_SYSBUS(typeof(*s), dev);
+ int pfpu_regs;
+
+ sysbus_init_irq(dev, &s->irq);
+
+ pfpu_regs = cpu_register_io_memory(pfpu_read_fn, pfpu_write_fn, s,
+ DEVICE_NATIVE_ENDIAN);
+ sysbus_init_mmio(dev, MICROCODE_END * 4, pfpu_regs);
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_milkymist_pfpu = {
+ .name = "milkymist-pfpu",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(regs, MilkymistPFPUState, R_MAX),
+ VMSTATE_UINT32_ARRAY(gp_regs, MilkymistPFPUState, 128),
+ VMSTATE_UINT32_ARRAY(microcode, MilkymistPFPUState, MICROCODE_WORDS),
+ VMSTATE_INT32(output_queue_pos, MilkymistPFPUState),
+ VMSTATE_UINT32_ARRAY(output_queue, MilkymistPFPUState, MAX_LATENCY),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static SysBusDeviceInfo milkymist_pfpu_info = {
+ .init = milkymist_pfpu_init,
+ .qdev.name = "milkymist-pfpu",
+ .qdev.size = sizeof(MilkymistPFPUState),
+ .qdev.vmsd = &vmstate_milkymist_pfpu,
+ .qdev.reset = milkymist_pfpu_reset,
+};
+
+static void milkymist_pfpu_register(void)
+{
+ sysbus_register_withprop(&milkymist_pfpu_info);
+}
+
+device_init(milkymist_pfpu_register)
diff --git a/hw/milkymist-softusb.c b/hw/milkymist-softusb.c
new file mode 100644
index 0000000..1565260
--- /dev/null
+++ b/hw/milkymist-softusb.c
@@ -0,0 +1,357 @@
+/*
+ * QEMU model of the Milkymist SoftUSB block.
+ *
+ * Copyright (c) 2010 Michael Walle <michael@walle.cc>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ *
+ * Specification available at:
+ * not available yet
+ */
+
+#include "hw.h"
+#include "sysbus.h"
+#include "trace.h"
+#include "console.h"
+#include "usb.h"
+#include "qemu-error.h"
+
+enum {
+ R_CTRL = 0,
+ R_MAX
+};
+
+enum {
+ CTRL_RESET = (1<<0),
+};
+
+#define COMLOC_DEBUG_PRODUCE 0x1000
+#define COMLOC_DEBUG_BASE 0x1001
+#define COMLOC_MEVT_PRODUCE 0x1101
+#define COMLOC_MEVT_BASE 0x1102
+#define COMLOC_KEVT_PRODUCE 0x1142
+#define COMLOC_KEVT_BASE 0x1143
+
+struct MilkymistSoftUsbState {
+ SysBusDevice busdev;
+ USBBus usbbus;
+ USBPort usbport[2];
+ USBDevice *usbdev;
+
+ qemu_irq irq;
+
+ /* device properties */
+ uint32_t pmem_base;
+ uint32_t pmem_size;
+ uint32_t dmem_base;
+ uint32_t dmem_size;
+
+ /* device registers */
+ uint32_t regs[R_MAX];
+
+ /* mouse state */
+ int mouse_dx;
+ int mouse_dy;
+ int mouse_dz;
+ uint8_t mouse_buttons_state;
+
+ /* keyboard state */
+ uint8_t kbd_usb_buffer[8];
+};
+typedef struct MilkymistSoftUsbState MilkymistSoftUsbState;
+
+static uint32_t softusb_read(void *opaque, target_phys_addr_t addr)
+{
+ MilkymistSoftUsbState *s = opaque;
+ uint32_t r = 0;
+
+ addr >>= 2;
+ switch (addr) {
+ case R_CTRL:
+ r = s->regs[addr];
+ break;
+
+ default:
+ error_report("milkymist_softusb: read access to unknown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+
+ trace_milkymist_softusb_memory_read(addr << 2, r);
+
+ return r;
+}
+
+static void
+softusb_write(void *opaque, target_phys_addr_t addr, uint32_t value)
+{
+ MilkymistSoftUsbState *s = opaque;
+
+ trace_milkymist_softusb_memory_write(addr, value);
+
+ addr >>= 2;
+ switch (addr) {
+ case R_CTRL:
+ s->regs[addr] = value;
+ break;
+
+ default:
+ error_report("milkymist_softusb: write access to unknown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+}
+
+static CPUReadMemoryFunc * const softusb_read_fn[] = {
+ NULL,
+ NULL,
+ &softusb_read,
+};
+
+static CPUWriteMemoryFunc * const softusb_write_fn[] = {
+ NULL,
+ NULL,
+ &softusb_write,
+};
+
+static inline void softusb_read_dmem(MilkymistSoftUsbState *s,
+ uint32_t offset, uint8_t *buf, uint32_t len)
+{
+ if (offset + len >= s->dmem_size) {
+ error_report("milkymist_softusb: read dmem out of bounds "
+ "at offset 0x%x, len %d\n", offset, len);
+ return;
+ }
+
+ cpu_physical_memory_read(s->dmem_base + offset, buf, len);
+}
+
+static inline void softusb_write_dmem(MilkymistSoftUsbState *s,
+ uint32_t offset, uint8_t *buf, uint32_t len)
+{
+ if (offset + len >= s->dmem_size) {
+ error_report("milkymist_softusb: write dmem out of bounds "
+ "at offset 0x%x, len %d\n", offset, len);
+ return;
+ }
+
+ cpu_physical_memory_write(s->dmem_base + offset, buf, len);
+}
+
+static inline void softusb_read_pmem(MilkymistSoftUsbState *s,
+ uint32_t offset, uint8_t *buf, uint32_t len)
+{
+ if (offset + len >= s->pmem_size) {
+ error_report("milkymist_softusb: read pmem out of bounds "
+ "at offset 0x%x, len %d\n", offset, len);
+ return;
+ }
+
+ cpu_physical_memory_read(s->pmem_base + offset, buf, len);
+}
+
+static inline void softusb_write_pmem(MilkymistSoftUsbState *s,
+ uint32_t offset, uint8_t *buf, uint32_t len)
+{
+ if (offset + len >= s->pmem_size) {
+ error_report("milkymist_softusb: write pmem out of bounds "
+ "at offset 0x%x, len %d\n", offset, len);
+ return;
+ }
+
+ cpu_physical_memory_write(s->pmem_base + offset, buf, len);
+}
+
+static void softusb_mouse_changed(MilkymistSoftUsbState *s)
+{
+ uint8_t m;
+ uint8_t buf[4];
+
+ buf[0] = s->mouse_buttons_state;
+ buf[1] = s->mouse_dx;
+ buf[2] = s->mouse_dy;
+ buf[3] = s->mouse_dz;
+
+ softusb_read_dmem(s, COMLOC_MEVT_PRODUCE, &m, 1);
+ trace_milkymist_softusb_mevt(m);
+ softusb_write_dmem(s, COMLOC_MEVT_BASE + 4 * m, buf, 4);
+ m = (m + 1) & 0xf;
+ softusb_write_dmem(s, COMLOC_MEVT_PRODUCE, &m, 1);
+
+ trace_milkymist_softusb_pulse_irq();
+ qemu_irq_pulse(s->irq);
+}
+
+static void softusb_kbd_changed(MilkymistSoftUsbState *s)
+{
+ uint8_t m;
+
+ softusb_read_dmem(s, COMLOC_KEVT_PRODUCE, &m, 1);
+ trace_milkymist_softusb_kevt(m);
+ softusb_write_dmem(s, COMLOC_KEVT_BASE + 8 * m, s->kbd_usb_buffer, 8);
+ m = (m + 1) & 0x7;
+ softusb_write_dmem(s, COMLOC_KEVT_PRODUCE, &m, 1);
+
+ trace_milkymist_softusb_pulse_irq();
+ qemu_irq_pulse(s->irq);
+}
+
+static void softusb_mouse_event(void *opaque,
+ int dx, int dy, int dz, int buttons_state)
+{
+ MilkymistSoftUsbState *s = opaque;
+
+ /* if device is in reset, do nothing */
+ if (s->regs[R_CTRL] & CTRL_RESET) {
+ return;
+ }
+
+ trace_milkymist_softusb_mouse_event(dx, dy, dz, buttons_state);
+
+ s->mouse_dx = dx;
+ s->mouse_dy = dy;
+ s->mouse_dz = dz;
+ s->mouse_buttons_state = buttons_state;
+
+ softusb_mouse_changed(s);
+}
+
+static void softusb_usbdev_datain(void *opaque)
+{
+ MilkymistSoftUsbState *s = opaque;
+
+ USBPacket p;
+
+ p.pid = USB_TOKEN_IN;
+ p.devep = 1;
+ p.data = s->kbd_usb_buffer;
+ p.len = sizeof(s->kbd_usb_buffer);
+ s->usbdev->info->handle_data(s->usbdev, &p);
+
+ softusb_kbd_changed(s);
+}
+
+static void softusb_attach(USBPort *port)
+{
+}
+
+static USBPortOps softusb_ops = {
+ .attach = softusb_attach,
+};
+
+static void milkymist_softusb_reset(DeviceState *d)
+{
+ MilkymistSoftUsbState *s =
+ container_of(d, MilkymistSoftUsbState, busdev.qdev);
+ int i;
+
+ for (i = 0; i < R_MAX; i++) {
+ s->regs[i] = 0;
+ }
+ s->mouse_dx = 0;
+ s->mouse_dy = 0;
+ s->mouse_dz = 0;
+ s->mouse_buttons_state = 0;
+ memset(s->kbd_usb_buffer, 0, sizeof(s->kbd_usb_buffer));
+
+ /* defaults */
+ s->regs[R_CTRL] = CTRL_RESET;
+}
+
+static int milkymist_softusb_init(SysBusDevice *dev)
+{
+ MilkymistSoftUsbState *s = FROM_SYSBUS(typeof(*s), dev);
+ int softusb_regs;
+ ram_addr_t pmem_ram;
+ ram_addr_t dmem_ram;
+
+ sysbus_init_irq(dev, &s->irq);
+
+ softusb_regs = cpu_register_io_memory(softusb_read_fn, softusb_write_fn, s,
+ DEVICE_NATIVE_ENDIAN);
+ sysbus_init_mmio(dev, R_MAX * 4, softusb_regs);
+
+ /* register pmem and dmem */
+ pmem_ram = qemu_ram_alloc(NULL, "milkymist_softusb.pmem", s->pmem_size);
+ cpu_register_physical_memory(s->pmem_base, s->pmem_size,
+ pmem_ram | IO_MEM_RAM);
+ dmem_ram = qemu_ram_alloc(NULL, "milkymist_softusb.dmem", s->dmem_size);
+ cpu_register_physical_memory(s->dmem_base, s->dmem_size,
+ dmem_ram | IO_MEM_RAM);
+
+ qemu_add_mouse_event_handler(softusb_mouse_event, s, 0, "Milkymist Mouse");
+
+ /* create our usb bus */
+ usb_bus_new(&s->usbbus, NULL);
+
+ /* our two ports */
+ usb_register_port(&s->usbbus, &s->usbport[0], NULL, 0, &softusb_ops,
+ USB_SPEED_MASK_LOW);
+ usb_register_port(&s->usbbus, &s->usbport[1], NULL, 1, &softusb_ops,
+ USB_SPEED_MASK_LOW);
+
+ /* and finally create an usb keyboard */
+ s->usbdev = usb_create_simple(&s->usbbus, "usb-kbd");
+ usb_hid_datain_cb(s->usbdev, s, softusb_usbdev_datain);
+ s->usbdev->info->handle_reset(s->usbdev);
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_milkymist_softusb = {
+ .name = "milkymist-softusb",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(regs, MilkymistSoftUsbState, R_MAX),
+ VMSTATE_INT32(mouse_dx, MilkymistSoftUsbState),
+ VMSTATE_INT32(mouse_dy, MilkymistSoftUsbState),
+ VMSTATE_INT32(mouse_dz, MilkymistSoftUsbState),
+ VMSTATE_UINT8(mouse_buttons_state, MilkymistSoftUsbState),
+ VMSTATE_BUFFER(kbd_usb_buffer, MilkymistSoftUsbState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static SysBusDeviceInfo milkymist_softusb_info = {
+ .init = milkymist_softusb_init,
+ .qdev.name = "milkymist-softusb",
+ .qdev.size = sizeof(MilkymistSoftUsbState),
+ .qdev.vmsd = &vmstate_milkymist_softusb,
+ .qdev.reset = milkymist_softusb_reset,
+ .qdev.props = (Property[]) {
+ DEFINE_PROP_UINT32(
+ "pmem_base", MilkymistSoftUsbState, pmem_base, 0xa0000000
+ ),
+ DEFINE_PROP_UINT32(
+ "pmem_size", MilkymistSoftUsbState, pmem_size, 0x00001000
+ ),
+ DEFINE_PROP_UINT32(
+ "dmem_base", MilkymistSoftUsbState, dmem_base, 0xa0020000
+ ),
+ DEFINE_PROP_UINT32(
+ "dmem_size", MilkymistSoftUsbState, dmem_size, 0x00002000
+ ),
+ DEFINE_PROP_END_OF_LIST(),
+ }
+};
+
+static void milkymist_softusb_register(void)
+{
+ sysbus_register_withprop(&milkymist_softusb_info);
+}
+
+device_init(milkymist_softusb_register)
diff --git a/hw/milkymist-sysctl.c b/hw/milkymist-sysctl.c
new file mode 100644
index 0000000..6bd0cb9
--- /dev/null
+++ b/hw/milkymist-sysctl.c
@@ -0,0 +1,318 @@
+/*
+ * QEMU model of the Milkymist System Controller.
+ *
+ * Copyright (c) 2010 Michael Walle <michael@walle.cc>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ *
+ * Specification available at:
+ * http://www.milkymist.org/socdoc/sysctl.pdf
+ */
+
+#include "hw.h"
+#include "sysbus.h"
+#include "sysemu.h"
+#include "trace.h"
+#include "qemu-timer.h"
+#include "qemu-error.h"
+
+enum {
+ CTRL_ENABLE = (1<<0),
+ CTRL_AUTORESTART = (1<<1),
+};
+
+enum {
+ ICAP_READY = (1<<0),
+};
+
+enum {
+ R_GPIO_IN = 0,
+ R_GPIO_OUT,
+ R_GPIO_INTEN,
+ R_RESERVED0,
+ R_TIMER0_CONTROL,
+ R_TIMER0_COMPARE,
+ R_TIMER0_COUNTER,
+ R_RESERVED1,
+ R_TIMER1_CONTROL,
+ R_TIMER1_COMPARE,
+ R_TIMER1_COUNTER,
+ R_RESERVED2,
+ R_RESERVED3,
+ R_ICAP,
+ R_CAPABILITIES,
+ R_SYSTEM_ID,
+ R_MAX
+};
+
+struct MilkymistSysctlState {
+ SysBusDevice busdev;
+
+ QEMUBH *bh0;
+ QEMUBH *bh1;
+ ptimer_state *ptimer0;
+ ptimer_state *ptimer1;
+
+ uint32_t freq_hz;
+ uint32_t capabilities;
+ uint32_t systemid;
+ uint32_t strappings;
+
+ uint32_t regs[R_MAX];
+
+ qemu_irq gpio_irq;
+ qemu_irq timer0_irq;
+ qemu_irq timer1_irq;
+};
+typedef struct MilkymistSysctlState MilkymistSysctlState;
+
+static void sysctl_icap_write(MilkymistSysctlState *s, uint32_t value)
+{
+ trace_milkymist_sysctl_icap_write(value);
+ switch (value & 0xffff) {
+ case 0x000e:
+ qemu_system_shutdown_request();
+ break;
+ }
+}
+
+static uint32_t sysctl_read(void *opaque, target_phys_addr_t addr)
+{
+ MilkymistSysctlState *s = opaque;
+ uint32_t r = 0;
+
+ addr >>= 2;
+ switch (addr) {
+ case R_TIMER0_COUNTER:
+ r = (uint32_t)ptimer_get_count(s->ptimer0);
+ /* milkymist timer counts up */
+ r = s->regs[R_TIMER0_COMPARE] - r;
+ break;
+ case R_TIMER1_COUNTER:
+ r = (uint32_t)ptimer_get_count(s->ptimer1);
+ /* milkymist timer counts up */
+ r = s->regs[R_TIMER1_COMPARE] - r;
+ break;
+ case R_GPIO_IN:
+ case R_GPIO_OUT:
+ case R_GPIO_INTEN:
+ case R_TIMER0_CONTROL:
+ case R_TIMER0_COMPARE:
+ case R_TIMER1_CONTROL:
+ case R_TIMER1_COMPARE:
+ case R_ICAP:
+ case R_CAPABILITIES:
+ case R_SYSTEM_ID:
+ r = s->regs[addr];
+ break;
+
+ default:
+ error_report("milkymist_sysctl: read access to unkown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+
+ trace_milkymist_sysctl_memory_read(addr << 2, r);
+
+ return r;
+}
+
+static void sysctl_write(void *opaque, target_phys_addr_t addr, uint32_t value)
+{
+ MilkymistSysctlState *s = opaque;
+
+ trace_milkymist_sysctl_memory_write(addr, value);
+
+ addr >>= 2;
+ switch (addr) {
+ case R_GPIO_OUT:
+ case R_GPIO_INTEN:
+ case R_TIMER0_COUNTER:
+ case R_TIMER1_COUNTER:
+ s->regs[addr] = value;
+ break;
+ case R_TIMER0_COMPARE:
+ ptimer_set_limit(s->ptimer0, value, 0);
+ s->regs[addr] = value;
+ break;
+ case R_TIMER1_COMPARE:
+ ptimer_set_limit(s->ptimer1, value, 0);
+ s->regs[addr] = value;
+ break;
+ case R_TIMER0_CONTROL:
+ s->regs[addr] = value;
+ if (s->regs[R_TIMER0_CONTROL] & CTRL_ENABLE) {
+ trace_milkymist_sysctl_start_timer0();
+ ptimer_set_count(s->ptimer0,
+ s->regs[R_TIMER0_COMPARE] - s->regs[R_TIMER0_COUNTER]);
+ ptimer_run(s->ptimer0, 0);
+ } else {
+ trace_milkymist_sysctl_stop_timer0();
+ ptimer_stop(s->ptimer0);
+ }
+ break;
+ case R_TIMER1_CONTROL:
+ s->regs[addr] = value;
+ if (s->regs[R_TIMER1_CONTROL] & CTRL_ENABLE) {
+ trace_milkymist_sysctl_start_timer1();
+ ptimer_set_count(s->ptimer1,
+ s->regs[R_TIMER1_COMPARE] - s->regs[R_TIMER1_COUNTER]);
+ ptimer_run(s->ptimer1, 0);
+ } else {
+ trace_milkymist_sysctl_stop_timer1();
+ ptimer_stop(s->ptimer1);
+ }
+ break;
+ case R_ICAP:
+ sysctl_icap_write(s, value);
+ break;
+ case R_SYSTEM_ID:
+ qemu_system_reset_request();
+ break;
+
+ case R_GPIO_IN:
+ case R_CAPABILITIES:
+ error_report("milkymist_sysctl: write to read-only register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+
+ default:
+ error_report("milkymist_sysctl: write access to unkown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+}
+
+static CPUReadMemoryFunc * const sysctl_read_fn[] = {
+ NULL,
+ NULL,
+ &sysctl_read,
+};
+
+static CPUWriteMemoryFunc * const sysctl_write_fn[] = {
+ NULL,
+ NULL,
+ &sysctl_write,
+};
+
+static void timer0_hit(void *opaque)
+{
+ MilkymistSysctlState *s = opaque;
+
+ if (!(s->regs[R_TIMER0_CONTROL] & CTRL_AUTORESTART)) {
+ s->regs[R_TIMER0_CONTROL] &= ~CTRL_ENABLE;
+ trace_milkymist_sysctl_stop_timer0();
+ ptimer_stop(s->ptimer0);
+ }
+
+ trace_milkymist_sysctl_pulse_irq_timer0();
+ qemu_irq_pulse(s->timer0_irq);
+}
+
+static void timer1_hit(void *opaque)
+{
+ MilkymistSysctlState *s = opaque;
+
+ if (!(s->regs[R_TIMER1_CONTROL] & CTRL_AUTORESTART)) {
+ s->regs[R_TIMER1_CONTROL] &= ~CTRL_ENABLE;
+ trace_milkymist_sysctl_stop_timer1();
+ ptimer_stop(s->ptimer1);
+ }
+
+ trace_milkymist_sysctl_pulse_irq_timer1();
+ qemu_irq_pulse(s->timer1_irq);
+}
+
+static void milkymist_sysctl_reset(DeviceState *d)
+{
+ MilkymistSysctlState *s =
+ container_of(d, MilkymistSysctlState, busdev.qdev);
+ int i;
+
+ for (i = 0; i < R_MAX; i++) {
+ s->regs[i] = 0;
+ }
+
+ ptimer_stop(s->ptimer0);
+ ptimer_stop(s->ptimer1);
+
+ /* defaults */
+ s->regs[R_ICAP] = ICAP_READY;
+ s->regs[R_SYSTEM_ID] = s->systemid;
+ s->regs[R_CAPABILITIES] = s->capabilities;
+ s->regs[R_GPIO_IN] = s->strappings;
+}
+
+static int milkymist_sysctl_init(SysBusDevice *dev)
+{
+ MilkymistSysctlState *s = FROM_SYSBUS(typeof(*s), dev);
+ int sysctl_regs;
+
+ sysbus_init_irq(dev, &s->gpio_irq);
+ sysbus_init_irq(dev, &s->timer0_irq);
+ sysbus_init_irq(dev, &s->timer1_irq);
+
+ s->bh0 = qemu_bh_new(timer0_hit, s);
+ s->bh1 = qemu_bh_new(timer1_hit, s);
+ s->ptimer0 = ptimer_init(s->bh0);
+ s->ptimer1 = ptimer_init(s->bh1);
+ ptimer_set_freq(s->ptimer0, s->freq_hz);
+ ptimer_set_freq(s->ptimer1, s->freq_hz);
+
+ sysctl_regs = cpu_register_io_memory(sysctl_read_fn, sysctl_write_fn, s,
+ DEVICE_NATIVE_ENDIAN);
+ sysbus_init_mmio(dev, R_MAX * 4, sysctl_regs);
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_milkymist_sysctl = {
+ .name = "milkymist-sysctl",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(regs, MilkymistSysctlState, R_MAX),
+ VMSTATE_PTIMER(ptimer0, MilkymistSysctlState),
+ VMSTATE_PTIMER(ptimer1, MilkymistSysctlState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static SysBusDeviceInfo milkymist_sysctl_info = {
+ .init = milkymist_sysctl_init,
+ .qdev.name = "milkymist-sysctl",
+ .qdev.size = sizeof(MilkymistSysctlState),
+ .qdev.vmsd = &vmstate_milkymist_sysctl,
+ .qdev.reset = milkymist_sysctl_reset,
+ .qdev.props = (Property[]) {
+ DEFINE_PROP_UINT32("frequency", MilkymistSysctlState,
+ freq_hz, 80000000),
+ DEFINE_PROP_UINT32("capabilities", MilkymistSysctlState,
+ capabilities, 0x00000000),
+ DEFINE_PROP_UINT32("systemid", MilkymistSysctlState,
+ systemid, 0x10014d31),
+ DEFINE_PROP_UINT32("gpio_strappings", MilkymistSysctlState,
+ strappings, 0x00000001),
+ DEFINE_PROP_END_OF_LIST(),
+ }
+};
+
+static void milkymist_sysctl_register(void)
+{
+ sysbus_register_withprop(&milkymist_sysctl_info);
+}
+
+device_init(milkymist_sysctl_register)
diff --git a/hw/milkymist-tmu2.c b/hw/milkymist-tmu2.c
new file mode 100644
index 0000000..9cebe31
--- /dev/null
+++ b/hw/milkymist-tmu2.c
@@ -0,0 +1,481 @@
+/*
+ * QEMU model of the Milkymist texture mapping unit.
+ *
+ * Copyright (c) 2010 Michael Walle <michael@walle.cc>
+ * Copyright (c) 2010 Sebastien Bourdeauducq
+ * <sebastien.bourdeauducq@lekernel.net>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ *
+ * Specification available at:
+ * http://www.milkymist.org/socdoc/tmu2.pdf
+ *
+ */
+
+#include "hw.h"
+#include "sysbus.h"
+#include "trace.h"
+#include "qemu-error.h"
+
+#include <X11/Xlib.h>
+#include <GL/gl.h>
+#include <GL/glx.h>
+
+enum {
+ R_CTL = 0,
+ R_HMESHLAST,
+ R_VMESHLAST,
+ R_BRIGHTNESS,
+ R_CHROMAKEY,
+ R_VERTICESADDR,
+ R_TEXFBUF,
+ R_TEXHRES,
+ R_TEXVRES,
+ R_TEXHMASK,
+ R_TEXVMASK,
+ R_DSTFBUF,
+ R_DSTHRES,
+ R_DSTVRES,
+ R_DSTHOFFSET,
+ R_DSTVOFFSET,
+ R_DSTSQUAREW,
+ R_DSTSQUAREH,
+ R_ALPHA,
+ R_MAX
+};
+
+enum {
+ CTL_START_BUSY = (1<<0),
+ CTL_CHROMAKEY = (1<<1),
+};
+
+enum {
+ MAX_BRIGHTNESS = 63,
+ MAX_ALPHA = 63,
+};
+
+enum {
+ MESH_MAXSIZE = 128,
+};
+
+struct vertex {
+ int x;
+ int y;
+} __attribute__((packed));
+
+struct MilkymistTMU2State {
+ SysBusDevice busdev;
+ CharDriverState *chr;
+ qemu_irq irq;
+
+ uint32_t regs[R_MAX];
+
+ Display *dpy;
+ GLXFBConfig glx_fb_config;
+ GLXContext glx_context;
+};
+typedef struct MilkymistTMU2State MilkymistTMU2State;
+
+static const int glx_fbconfig_attr[] = {
+ GLX_GREEN_SIZE, 5,
+ GLX_GREEN_SIZE, 6,
+ GLX_BLUE_SIZE, 5,
+ None
+};
+
+static int tmu2_glx_init(MilkymistTMU2State *s)
+{
+ GLXFBConfig *configs;
+ int nelements;
+
+ s->dpy = XOpenDisplay(NULL); /* FIXME: call XCloseDisplay() */
+ if (s->dpy == NULL) {
+ return 1;
+ }
+
+ configs = glXChooseFBConfig(s->dpy, 0, glx_fbconfig_attr, &nelements);
+ if (configs == NULL) {
+ return 1;
+ }
+
+ s->glx_fb_config = *configs;
+ XFree(configs);
+
+ /* FIXME: call glXDestroyContext() */
+ s->glx_context = glXCreateNewContext(s->dpy, s->glx_fb_config,
+ GLX_RGBA_TYPE, NULL, 1);
+ if (s->glx_context == NULL) {
+ return 1;
+ }
+
+ return 0;
+}
+
+static void tmu2_gl_map(struct vertex *mesh, int texhres, int texvres,
+ int hmeshlast, int vmeshlast, int ho, int vo, int sw, int sh)
+{
+ int x, y;
+ int x0, y0, x1, y1;
+ int u0, v0, u1, v1, u2, v2, u3, v3;
+ double xscale = 1.0 / ((double)(64 * texhres));
+ double yscale = 1.0 / ((double)(64 * texvres));
+
+ glLoadIdentity();
+ glTranslatef(ho, vo, 0);
+ glEnable(GL_TEXTURE_2D);
+ glBegin(GL_QUADS);
+
+ for (y = 0; y < vmeshlast; y++) {
+ y0 = y * sh;
+ y1 = y0 + sh;
+ for (x = 0; x < hmeshlast; x++) {
+ x0 = x * sw;
+ x1 = x0 + sw;
+
+ u0 = be32_to_cpu(mesh[MESH_MAXSIZE * y + x].x);
+ v0 = be32_to_cpu(mesh[MESH_MAXSIZE * y + x].y);
+ u1 = be32_to_cpu(mesh[MESH_MAXSIZE * y + x + 1].x);
+ v1 = be32_to_cpu(mesh[MESH_MAXSIZE * y + x + 1].y);
+ u2 = be32_to_cpu(mesh[MESH_MAXSIZE * (y + 1) + x + 1].x);
+ v2 = be32_to_cpu(mesh[MESH_MAXSIZE * (y + 1) + x + 1].y);
+ u3 = be32_to_cpu(mesh[MESH_MAXSIZE * (y + 1) + x].x);
+ v3 = be32_to_cpu(mesh[MESH_MAXSIZE * (y + 1) + x].y);
+
+ glTexCoord2d(((double)u0) * xscale, ((double)v0) * yscale);
+ glVertex3i(x0, y0, 0);
+ glTexCoord2d(((double)u1) * xscale, ((double)v1) * yscale);
+ glVertex3i(x1, y0, 0);
+ glTexCoord2d(((double)u2) * xscale, ((double)v2) * yscale);
+ glVertex3i(x1, y1, 0);
+ glTexCoord2d(((double)u3) * xscale, ((double)v3) * yscale);
+ glVertex3i(x0, y1, 0);
+ }
+ }
+
+ glEnd();
+}
+
+static void tmu2_start(MilkymistTMU2State *s)
+{
+ int pbuffer_attrib[6] = {
+ GLX_PBUFFER_WIDTH,
+ 0,
+ GLX_PBUFFER_HEIGHT,
+ 0,
+ GLX_PRESERVED_CONTENTS,
+ True
+ };
+
+ GLXPbuffer pbuffer;
+ GLuint texture;
+ void *fb;
+ target_phys_addr_t fb_len;
+ void *mesh;
+ target_phys_addr_t mesh_len;
+ float m;
+
+ trace_milkymist_tmu2_start();
+
+ /* Create and set up a suitable OpenGL context */
+ pbuffer_attrib[1] = s->regs[R_DSTHRES];
+ pbuffer_attrib[3] = s->regs[R_DSTVRES];
+ pbuffer = glXCreatePbuffer(s->dpy, s->glx_fb_config, pbuffer_attrib);
+ glXMakeContextCurrent(s->dpy, pbuffer, pbuffer, s->glx_context);
+
+ /* Fixup endianness. TODO: would it work on BE hosts? */
+ glPixelStorei(GL_UNPACK_SWAP_BYTES, 1);
+ glPixelStorei(GL_PACK_SWAP_BYTES, 1);
+
+ /* Row alignment */
+ glPixelStorei(GL_UNPACK_ALIGNMENT, 2);
+ glPixelStorei(GL_PACK_ALIGNMENT, 2);
+
+ /* Read the QEMU source framebuffer into an OpenGL texture */
+ glGenTextures(1, &texture);
+ glBindTexture(GL_TEXTURE_2D, texture);
+ fb_len = 2*s->regs[R_TEXHRES]*s->regs[R_TEXVRES];
+ fb = cpu_physical_memory_map(s->regs[R_TEXFBUF], &fb_len, 0);
+ if (fb == NULL) {
+ glDeleteTextures(1, &texture);
+ glXMakeContextCurrent(s->dpy, None, None, NULL);
+ glXDestroyPbuffer(s->dpy, pbuffer);
+ return;
+ }
+ glTexImage2D(GL_TEXTURE_2D, 0, 3, s->regs[R_TEXHRES], s->regs[R_TEXVRES],
+ 0, GL_RGB, GL_UNSIGNED_SHORT_5_6_5, fb);
+ cpu_physical_memory_unmap(fb, fb_len, 0, fb_len);
+
+ /* Set up texturing options */
+ /* WARNING:
+ * Many cases of TMU2 masking are not supported by OpenGL.
+ * We only implement the most common ones:
+ * - full bilinear filtering vs. nearest texel
+ * - texture clamping vs. texture wrapping
+ */
+ if ((s->regs[R_TEXHMASK] & 0x3f) > 0x20) {
+ glTexParameteri(GL_TEXTURE_2D, GL_TEXTURE_MIN_FILTER, GL_LINEAR);
+ glTexParameteri(GL_TEXTURE_2D, GL_TEXTURE_MAG_FILTER, GL_LINEAR);
+ } else {
+ glTexParameteri(GL_TEXTURE_2D, GL_TEXTURE_MIN_FILTER, GL_NEAREST);
+ glTexParameteri(GL_TEXTURE_2D, GL_TEXTURE_MAG_FILTER, GL_NEAREST);
+ }
+ if ((s->regs[R_TEXHMASK] >> 6) & s->regs[R_TEXHRES]) {
+ glTexParameteri(GL_TEXTURE_2D, GL_TEXTURE_WRAP_S, GL_CLAMP);
+ } else {
+ glTexParameteri(GL_TEXTURE_2D, GL_TEXTURE_WRAP_S, GL_REPEAT);
+ }
+ if ((s->regs[R_TEXVMASK] >> 6) & s->regs[R_TEXVRES]) {
+ glTexParameteri(GL_TEXTURE_2D, GL_TEXTURE_WRAP_T, GL_CLAMP);
+ } else {
+ glTexParameteri(GL_TEXTURE_2D, GL_TEXTURE_WRAP_T, GL_REPEAT);
+ }
+
+ /* Translucency and decay */
+ glEnable(GL_BLEND);
+ glBlendFunc(GL_SRC_ALPHA, GL_ONE_MINUS_SRC_ALPHA);
+ m = (float)(s->regs[R_BRIGHTNESS] + 1) / 64.0f;
+ glColor4f(m, m, m, (float)(s->regs[R_ALPHA] + 1) / 64.0f);
+
+ /* Read the QEMU dest. framebuffer into the OpenGL framebuffer */
+ fb_len = 2 * s->regs[R_DSTHRES] * s->regs[R_DSTVRES];
+ fb = cpu_physical_memory_map(s->regs[R_DSTFBUF], &fb_len, 0);
+ if (fb == NULL) {
+ glDeleteTextures(1, &texture);
+ glXMakeContextCurrent(s->dpy, None, None, NULL);
+ glXDestroyPbuffer(s->dpy, pbuffer);
+ return;
+ }
+
+ glDrawPixels(s->regs[R_DSTHRES], s->regs[R_DSTVRES], GL_RGB,
+ GL_UNSIGNED_SHORT_5_6_5, fb);
+ cpu_physical_memory_unmap(fb, fb_len, 0, fb_len);
+ glViewport(0, 0, s->regs[R_DSTHRES], s->regs[R_DSTVRES]);
+ glMatrixMode(GL_PROJECTION);
+ glLoadIdentity();
+ glOrtho(0.0, s->regs[R_DSTHRES], 0.0, s->regs[R_DSTVRES], -1.0, 1.0);
+ glMatrixMode(GL_MODELVIEW);
+
+ /* Map the texture */
+ mesh_len = MESH_MAXSIZE*MESH_MAXSIZE*sizeof(struct vertex);
+ mesh = cpu_physical_memory_map(s->regs[R_VERTICESADDR], &mesh_len, 0);
+ if (mesh == NULL) {
+ glDeleteTextures(1, &texture);
+ glXMakeContextCurrent(s->dpy, None, None, NULL);
+ glXDestroyPbuffer(s->dpy, pbuffer);
+ return;
+ }
+
+ tmu2_gl_map((struct vertex *)mesh,
+ s->regs[R_TEXHRES], s->regs[R_TEXVRES],
+ s->regs[R_HMESHLAST], s->regs[R_VMESHLAST],
+ s->regs[R_DSTHOFFSET], s->regs[R_DSTVOFFSET],
+ s->regs[R_DSTSQUAREW], s->regs[R_DSTSQUAREH]);
+ cpu_physical_memory_unmap(mesh, mesh_len, 0, mesh_len);
+
+ /* Write back the OpenGL framebuffer to the QEMU framebuffer */
+ fb_len = 2 * s->regs[R_DSTHRES] * s->regs[R_DSTVRES];
+ fb = cpu_physical_memory_map(s->regs[R_DSTFBUF], &fb_len, 1);
+ if (fb == NULL) {
+ glDeleteTextures(1, &texture);
+ glXMakeContextCurrent(s->dpy, None, None, NULL);
+ glXDestroyPbuffer(s->dpy, pbuffer);
+ return;
+ }
+
+ glReadPixels(0, 0, s->regs[R_DSTHRES], s->regs[R_DSTVRES], GL_RGB,
+ GL_UNSIGNED_SHORT_5_6_5, fb);
+ cpu_physical_memory_unmap(fb, fb_len, 1, fb_len);
+
+ /* Free OpenGL allocs */
+ glDeleteTextures(1, &texture);
+ glXMakeContextCurrent(s->dpy, None, None, NULL);
+ glXDestroyPbuffer(s->dpy, pbuffer);
+
+ s->regs[R_CTL] &= ~CTL_START_BUSY;
+
+ trace_milkymist_tmu2_pulse_irq();
+ qemu_irq_pulse(s->irq);
+}
+
+static uint32_t tmu2_read(void *opaque, target_phys_addr_t addr)
+{
+ MilkymistTMU2State *s = opaque;
+ uint32_t r = 0;
+
+ addr >>= 2;
+ switch (addr) {
+ case R_CTL:
+ case R_HMESHLAST:
+ case R_VMESHLAST:
+ case R_BRIGHTNESS:
+ case R_CHROMAKEY:
+ case R_VERTICESADDR:
+ case R_TEXFBUF:
+ case R_TEXHRES:
+ case R_TEXVRES:
+ case R_TEXHMASK:
+ case R_TEXVMASK:
+ case R_DSTFBUF:
+ case R_DSTHRES:
+ case R_DSTVRES:
+ case R_DSTHOFFSET:
+ case R_DSTVOFFSET:
+ case R_DSTSQUAREW:
+ case R_DSTSQUAREH:
+ case R_ALPHA:
+ r = s->regs[addr];
+ break;
+
+ default:
+ error_report("milkymist_tmu2: read access to unknown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+
+ trace_milkymist_tmu2_memory_read(addr << 2, r);
+
+ return r;
+}
+
+static void tmu2_check_registers(MilkymistTMU2State *s)
+{
+ if (s->regs[R_BRIGHTNESS] > MAX_BRIGHTNESS) {
+ error_report("milkymist_tmu2: max brightness is %d\n", MAX_BRIGHTNESS);
+ }
+
+ if (s->regs[R_ALPHA] > MAX_ALPHA) {
+ error_report("milkymist_tmu2: max alpha is %d\n", MAX_ALPHA);
+ }
+
+ if (s->regs[R_VERTICESADDR] & 0x07) {
+ error_report("milkymist_tmu2: vertex mesh address has to be 64-bit "
+ "aligned\n");
+ }
+
+ if (s->regs[R_TEXFBUF] & 0x01) {
+ error_report("milkymist_tmu2: texture buffer address has to be "
+ "16-bit aligned\n");
+ }
+}
+
+static void tmu2_write(void *opaque, target_phys_addr_t addr, uint32_t value)
+{
+ MilkymistTMU2State *s = opaque;
+
+ trace_milkymist_tmu2_memory_write(addr, value);
+
+ addr >>= 2;
+ switch (addr) {
+ case R_CTL:
+ s->regs[addr] = value;
+ if (value & CTL_START_BUSY) {
+ tmu2_start(s);
+ }
+ break;
+ case R_BRIGHTNESS:
+ case R_HMESHLAST:
+ case R_VMESHLAST:
+ case R_CHROMAKEY:
+ case R_VERTICESADDR:
+ case R_TEXFBUF:
+ case R_TEXHRES:
+ case R_TEXVRES:
+ case R_TEXHMASK:
+ case R_TEXVMASK:
+ case R_DSTFBUF:
+ case R_DSTHRES:
+ case R_DSTVRES:
+ case R_DSTHOFFSET:
+ case R_DSTVOFFSET:
+ case R_DSTSQUAREW:
+ case R_DSTSQUAREH:
+ case R_ALPHA:
+ s->regs[addr] = value;
+ break;
+
+ default:
+ error_report("milkymist_tmu2: write access to unknown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+
+ tmu2_check_registers(s);
+}
+
+static CPUReadMemoryFunc * const tmu2_read_fn[] = {
+ NULL,
+ NULL,
+ &tmu2_read,
+};
+
+static CPUWriteMemoryFunc * const tmu2_write_fn[] = {
+ NULL,
+ NULL,
+ &tmu2_write,
+};
+
+static void milkymist_tmu2_reset(DeviceState *d)
+{
+ MilkymistTMU2State *s = container_of(d, MilkymistTMU2State, busdev.qdev);
+ int i;
+
+ for (i = 0; i < R_MAX; i++) {
+ s->regs[i] = 0;
+ }
+}
+
+static int milkymist_tmu2_init(SysBusDevice *dev)
+{
+ MilkymistTMU2State *s = FROM_SYSBUS(typeof(*s), dev);
+ int tmu2_regs;
+
+ if (tmu2_glx_init(s)) {
+ return 1;
+ }
+
+ sysbus_init_irq(dev, &s->irq);
+
+ tmu2_regs = cpu_register_io_memory(tmu2_read_fn, tmu2_write_fn, s,
+ DEVICE_NATIVE_ENDIAN);
+ sysbus_init_mmio(dev, R_MAX * 4, tmu2_regs);
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_milkymist_tmu2 = {
+ .name = "milkymist-tmu2",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(regs, MilkymistTMU2State, R_MAX),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static SysBusDeviceInfo milkymist_tmu2_info = {
+ .init = milkymist_tmu2_init,
+ .qdev.name = "milkymist-tmu2",
+ .qdev.size = sizeof(MilkymistTMU2State),
+ .qdev.vmsd = &vmstate_milkymist_tmu2,
+ .qdev.reset = milkymist_tmu2_reset,
+};
+
+static void milkymist_tmu2_register(void)
+{
+ sysbus_register_withprop(&milkymist_tmu2_info);
+}
+
+device_init(milkymist_tmu2_register)
diff --git a/hw/milkymist-uart.c b/hw/milkymist-uart.c
new file mode 100644
index 0000000..56c90da
--- /dev/null
+++ b/hw/milkymist-uart.c
@@ -0,0 +1,180 @@
+/*
+ * QEMU model of the Milkymist UART block.
+ *
+ * Copyright (c) 2010 Michael Walle <michael@walle.cc>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ *
+ * Specification available at:
+ * http://www.milkymist.org/socdoc/uart.pdf
+ */
+
+#include "hw.h"
+#include "sysbus.h"
+#include "trace.h"
+#include "qemu-char.h"
+#include "qemu-error.h"
+
+enum {
+ R_RXTX = 0,
+ R_DIV,
+ R_MAX
+};
+
+struct MilkymistUartState {
+ SysBusDevice busdev;
+ CharDriverState *chr;
+ qemu_irq rx_irq;
+ qemu_irq tx_irq;
+
+ uint32_t regs[R_MAX];
+};
+typedef struct MilkymistUartState MilkymistUartState;
+
+static uint32_t uart_read(void *opaque, target_phys_addr_t addr)
+{
+ MilkymistUartState *s = opaque;
+ uint32_t r = 0;
+
+ addr >>= 2;
+ switch (addr) {
+ case R_RXTX:
+ case R_DIV:
+ r = s->regs[addr];
+ break;
+
+ default:
+ error_report("milkymist_uart: read access to unknown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+
+ trace_milkymist_uart_memory_read(addr << 2, r);
+
+ return r;
+}
+
+static void uart_write(void *opaque, target_phys_addr_t addr, uint32_t value)
+{
+ MilkymistUartState *s = opaque;
+ unsigned char ch = value;
+
+ trace_milkymist_uart_memory_write(addr, value);
+
+ addr >>= 2;
+ switch (addr) {
+ case R_RXTX:
+ if (s->chr) {
+ qemu_chr_write(s->chr, &ch, 1);
+ }
+ trace_milkymist_uart_pulse_irq_tx();
+ qemu_irq_pulse(s->tx_irq);
+ break;
+ case R_DIV:
+ s->regs[addr] = value;
+ break;
+
+ default:
+ error_report("milkymist_uart: write access to unknown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+}
+
+static CPUReadMemoryFunc * const uart_read_fn[] = {
+ NULL,
+ NULL,
+ &uart_read,
+};
+
+static CPUWriteMemoryFunc * const uart_write_fn[] = {
+ NULL,
+ NULL,
+ &uart_write,
+};
+
+static void uart_rx(void *opaque, const uint8_t *buf, int size)
+{
+ MilkymistUartState *s = opaque;
+
+ s->regs[R_RXTX] = *buf;
+ trace_milkymist_uart_pulse_irq_rx();
+ qemu_irq_pulse(s->rx_irq);
+}
+
+static int uart_can_rx(void *opaque)
+{
+ return 1;
+}
+
+static void uart_event(void *opaque, int event)
+{
+}
+
+static void milkymist_uart_reset(DeviceState *d)
+{
+ MilkymistUartState *s = container_of(d, MilkymistUartState, busdev.qdev);
+ int i;
+
+ for (i = 0; i < R_MAX; i++) {
+ s->regs[i] = 0;
+ }
+}
+
+static int milkymist_uart_init(SysBusDevice *dev)
+{
+ MilkymistUartState *s = FROM_SYSBUS(typeof(*s), dev);
+ int uart_regs;
+
+ sysbus_init_irq(dev, &s->rx_irq);
+ sysbus_init_irq(dev, &s->tx_irq);
+
+ uart_regs = cpu_register_io_memory(uart_read_fn, uart_write_fn, s,
+ DEVICE_NATIVE_ENDIAN);
+ sysbus_init_mmio(dev, R_MAX * 4, uart_regs);
+
+ s->chr = qdev_init_chardev(&dev->qdev);
+ if (s->chr) {
+ qemu_chr_add_handlers(s->chr, uart_can_rx, uart_rx, uart_event, s);
+ }
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_milkymist_uart = {
+ .name = "milkymist-uart",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(regs, MilkymistUartState, R_MAX),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static SysBusDeviceInfo milkymist_uart_info = {
+ .init = milkymist_uart_init,
+ .qdev.name = "milkymist-uart",
+ .qdev.size = sizeof(MilkymistUartState),
+ .qdev.vmsd = &vmstate_milkymist_uart,
+ .qdev.reset = milkymist_uart_reset,
+};
+
+static void milkymist_uart_register(void)
+{
+ sysbus_register_withprop(&milkymist_uart_info);
+}
+
+device_init(milkymist_uart_register)
diff --git a/hw/milkymist-vgafb.c b/hw/milkymist-vgafb.c
new file mode 100644
index 0000000..2e55e42
--- /dev/null
+++ b/hw/milkymist-vgafb.c
@@ -0,0 +1,321 @@
+
+/*
+ * QEMU model of the Milkymist VGA framebuffer.
+ *
+ * Copyright (c) 2010 Michael Walle <michael@walle.cc>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ *
+ * Specification available at:
+ * http://www.milkymist.org/socdoc/vgafb.pdf
+ */
+
+#include "hw.h"
+#include "sysbus.h"
+#include "trace.h"
+#include "console.h"
+#include "framebuffer.h"
+#include "pixel_ops.h"
+#include "qemu-error.h"
+
+#define BITS 8
+#include "milkymist-vgafb_template.h"
+#define BITS 15
+#include "milkymist-vgafb_template.h"
+#define BITS 16
+#include "milkymist-vgafb_template.h"
+#define BITS 24
+#include "milkymist-vgafb_template.h"
+#define BITS 32
+#include "milkymist-vgafb_template.h"
+
+enum {
+ R_CTRL = 0,
+ R_HRES,
+ R_HSYNC_START,
+ R_HSYNC_END,
+ R_HSCAN,
+ R_VRES,
+ R_VSYNC_START,
+ R_VSYNC_END,
+ R_VSCAN,
+ R_BASEADDRESS,
+ R_BASEADDRESS_ACT,
+ R_BURST_COUNT,
+ R_SOURCE_CLOCK,
+ R_MAX
+};
+
+enum {
+ CTRL_RESET = (1<<0),
+};
+
+struct MilkymistVgafbState {
+ SysBusDevice busdev;
+ DisplayState *ds;
+
+ int invalidate;
+ uint32_t fb_offset;
+ uint32_t fb_mask;
+
+ uint32_t regs[R_MAX];
+};
+typedef struct MilkymistVgafbState MilkymistVgafbState;
+
+static int vgafb_enabled(MilkymistVgafbState *s)
+{
+ return !(s->regs[R_CTRL] & CTRL_RESET);
+}
+
+static void vgafb_update_display(void *opaque)
+{
+ MilkymistVgafbState *s = opaque;
+ int first = 0;
+ int last = 0;
+ drawfn fn;
+
+ if (!vgafb_enabled(s)) {
+ return;
+ }
+
+ int dest_width = s->regs[R_HRES];
+
+ switch (ds_get_bits_per_pixel(s->ds)) {
+ case 0:
+ return;
+ case 8:
+ fn = draw_line_8;
+ break;
+ case 15:
+ fn = draw_line_15;
+ dest_width *= 2;
+ break;
+ case 16:
+ fn = draw_line_16;
+ dest_width *= 2;
+ break;
+ case 24:
+ fn = draw_line_24;
+ dest_width *= 3;
+ break;
+ case 32:
+ fn = draw_line_32;
+ dest_width *= 4;
+ break;
+ default:
+ hw_error("milkymist_vgafb: bad color depth\n");
+ break;
+ }
+
+ framebuffer_update_display(s->ds,
+ s->regs[R_BASEADDRESS] + s->fb_offset,
+ s->regs[R_HRES],
+ s->regs[R_VRES],
+ s->regs[R_HRES] * 2,
+ dest_width,
+ 0,
+ s->invalidate,
+ fn,
+ NULL,
+ &first, &last);
+
+ if (first >= 0) {
+ dpy_update(s->ds, 0, first, s->regs[R_HRES], last - first + 1);
+ }
+ s->invalidate = 0;
+}
+
+static void vgafb_invalidate_display(void *opaque)
+{
+ MilkymistVgafbState *s = opaque;
+ s->invalidate = 1;
+}
+
+static void vgafb_resize(MilkymistVgafbState *s)
+{
+ if (!vgafb_enabled(s)) {
+ return;
+ }
+
+ qemu_console_resize(s->ds, s->regs[R_HRES], s->regs[R_VRES]);
+ s->invalidate = 1;
+}
+
+static uint32_t vgafb_read(void *opaque, target_phys_addr_t addr)
+{
+ MilkymistVgafbState *s = opaque;
+ uint32_t r = 0;
+
+ addr >>= 2;
+ switch (addr) {
+ case R_CTRL:
+ case R_HRES:
+ case R_HSYNC_START:
+ case R_HSYNC_END:
+ case R_HSCAN:
+ case R_VRES:
+ case R_VSYNC_START:
+ case R_VSYNC_END:
+ case R_VSCAN:
+ case R_BASEADDRESS:
+ case R_BURST_COUNT:
+ case R_SOURCE_CLOCK:
+ r = s->regs[addr];
+ break;
+ case R_BASEADDRESS_ACT:
+ r = s->regs[R_BASEADDRESS];
+ break;
+
+ default:
+ error_report("milkymist_vgafb: read access to unknown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+
+ trace_milkymist_vgafb_memory_read(addr << 2, r);
+
+ return r;
+}
+
+static void
+vgafb_write(void *opaque, target_phys_addr_t addr, uint32_t value)
+{
+ MilkymistVgafbState *s = opaque;
+
+ trace_milkymist_vgafb_memory_write(addr, value);
+
+ addr >>= 2;
+ switch (addr) {
+ case R_CTRL:
+ s->regs[addr] = value;
+ vgafb_resize(s);
+ break;
+ case R_HSYNC_START:
+ case R_HSYNC_END:
+ case R_HSCAN:
+ case R_VSYNC_START:
+ case R_VSYNC_END:
+ case R_VSCAN:
+ case R_BURST_COUNT:
+ case R_SOURCE_CLOCK:
+ s->regs[addr] = value;
+ break;
+ case R_BASEADDRESS:
+ if (value & 0x1f) {
+ error_report("milkymist_vgafb: framebuffer base address have to "
+ "be 32 byte aligned");
+ break;
+ }
+ s->regs[addr] = value & s->fb_mask;
+ s->invalidate = 1;
+ break;
+ case R_HRES:
+ case R_VRES:
+ s->regs[addr] = value;
+ vgafb_resize(s);
+ break;
+ case R_BASEADDRESS_ACT:
+ error_report("milkymist_vgafb: write to read-only register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+
+ default:
+ error_report("milkymist_vgafb: write access to unknown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+}
+
+static CPUReadMemoryFunc * const vgafb_read_fn[] = {
+ NULL,
+ NULL,
+ &vgafb_read
+};
+
+static CPUWriteMemoryFunc * const vgafb_write_fn[] = {
+ NULL,
+ NULL,
+ &vgafb_write
+};
+
+static void milkymist_vgafb_reset(DeviceState *d)
+{
+ MilkymistVgafbState *s = container_of(d, MilkymistVgafbState, busdev.qdev);
+ int i;
+
+ for (i = 0; i < R_MAX; i++) {
+ s->regs[i] = 0;
+ }
+
+ /* defaults */
+ s->regs[R_CTRL] = CTRL_RESET;
+ s->regs[R_HRES] = 640;
+ s->regs[R_VRES] = 480;
+ s->regs[R_BASEADDRESS] = 0;
+}
+
+static int milkymist_vgafb_init(SysBusDevice *dev)
+{
+ MilkymistVgafbState *s = FROM_SYSBUS(typeof(*s), dev);
+ int vgafb_regs;
+
+ vgafb_regs = cpu_register_io_memory(vgafb_read_fn, vgafb_write_fn, s,
+ DEVICE_NATIVE_ENDIAN);
+ sysbus_init_mmio(dev, R_MAX * 4, vgafb_regs);
+
+ s->ds = graphic_console_init(vgafb_update_display,
+ vgafb_invalidate_display,
+ NULL, NULL, s);
+
+ return 0;
+}
+
+static int vgafb_post_load(void *opaque, int version_id)
+{
+ vgafb_invalidate_display(opaque);
+ return 0;
+}
+
+static const VMStateDescription vmstate_milkymist_vgafb = {
+ .name = "milkymist-vgafb",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .post_load = vgafb_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(regs, MilkymistVgafbState, R_MAX),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static SysBusDeviceInfo milkymist_vgafb_info = {
+ .init = milkymist_vgafb_init,
+ .qdev.name = "milkymist-vgafb",
+ .qdev.size = sizeof(MilkymistVgafbState),
+ .qdev.vmsd = &vmstate_milkymist_vgafb,
+ .qdev.reset = milkymist_vgafb_reset,
+ .qdev.props = (Property[]) {
+ DEFINE_PROP_UINT32("fb_offset", MilkymistVgafbState, fb_offset, 0x0),
+ DEFINE_PROP_UINT32("fb_mask", MilkymistVgafbState, fb_mask, 0xffffffff),
+ DEFINE_PROP_END_OF_LIST(),
+ }
+};
+
+static void milkymist_vgafb_register(void)
+{
+ sysbus_register_withprop(&milkymist_vgafb_info);
+}
+
+device_init(milkymist_vgafb_register)
diff --git a/hw/milkymist-vgafb_template.h b/hw/milkymist-vgafb_template.h
new file mode 100644
index 0000000..69af9ef
--- /dev/null
+++ b/hw/milkymist-vgafb_template.h
@@ -0,0 +1,74 @@
+/*
+ * QEMU model of the Milkymist VGA framebuffer.
+ *
+ * Copyright (c) 2010 Michael Walle <michael@walle.cc>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#if BITS == 8
+#define COPY_PIXEL(to, r, g, b) \
+ do { \
+ *to = rgb_to_pixel8(r, g, b); \
+ to += 1; \
+ } while (0)
+#elif BITS == 15
+#define COPY_PIXEL(to, r, g, b) \
+ do { \
+ *(uint16_t *)to = rgb_to_pixel15(r, g, b); \
+ to += 2; \
+ } while (0)
+#elif BITS == 16
+#define COPY_PIXEL(to, r, g, b) \
+ do { \
+ *(uint16_t *)to = rgb_to_pixel16(r, g, b); \
+ to += 2; \
+ } while (0)
+#elif BITS == 24
+#define COPY_PIXEL(to, r, g, b) \
+ do { \
+ uint32 tmp = rgb_to_pixel24(r, g, b); \
+ *(to++) = tmp & 0xff; \
+ *(to++) = (tmp >> 8) & 0xff; \
+ *(to++) = (tmp >> 16) & 0xff; \
+ } while (0)
+#elif BITS == 32
+#define COPY_PIXEL(to, r, g, b) \
+ do { \
+ *(uint32_t *)to = rgb_to_pixel32(r, g, b); \
+ to += 4; \
+ } while (0)
+#else
+#error unknown bit depth
+#endif
+
+static void glue(draw_line_, BITS)(void *opaque, uint8_t *d, const uint8_t *s,
+ int width, int deststep)
+{
+ uint16_t rgb565;
+ uint8_t r, g, b;
+
+ while (width--) {
+ rgb565 = lduw_raw(s);
+ r = ((rgb565 >> 11) & 0x1f) << 3;
+ g = ((rgb565 >> 5) & 0x3f) << 2;
+ b = ((rgb565 >> 0) & 0x1f) << 3;
+ COPY_PIXEL(d, r, g, b);
+ s += 2;
+ }
+}
+
+#undef BITS
+#undef COPY_PIXEL
diff --git a/hw/milkymist.c b/hw/milkymist.c
new file mode 100644
index 0000000..7879840
--- /dev/null
+++ b/hw/milkymist.c
@@ -0,0 +1,216 @@
+/*
+ * QEMU model for the Milkymist board.
+ *
+ * Copyright (c) 2010 Michael Walle <michael@walle.cc>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "sysbus.h"
+#include "hw.h"
+#include "net.h"
+#include "flash.h"
+#include "sysemu.h"
+#include "devices.h"
+#include "boards.h"
+#include "loader.h"
+#include "elf.h"
+#include "blockdev.h"
+#include "milkymist-hw.h"
+#include "lm32.h"
+
+#define BIOS_FILENAME "mmone-bios.bin"
+#define BIOS_OFFSET 0x00860000
+#define BIOS_SIZE (512*1024)
+#define KERNEL_LOAD_ADDR 0x40000000
+
+typedef struct {
+ CPUState *env;
+ target_phys_addr_t bootstrap_pc;
+ target_phys_addr_t flash_base;
+ target_phys_addr_t initrd_base;
+ size_t initrd_size;
+ target_phys_addr_t cmdline_base;
+} ResetInfo;
+
+static void cpu_irq_handler(void *opaque, int irq, int level)
+{
+ CPUState *env = opaque;
+
+ if (level) {
+ cpu_interrupt(env, CPU_INTERRUPT_HARD);
+ } else {
+ cpu_reset_interrupt(env, CPU_INTERRUPT_HARD);
+ }
+}
+
+static void main_cpu_reset(void *opaque)
+{
+ ResetInfo *reset_info = opaque;
+ CPUState *env = reset_info->env;
+
+ cpu_reset(env);
+
+ /* init defaults */
+ env->pc = reset_info->bootstrap_pc;
+ env->regs[R_R1] = reset_info->cmdline_base;
+ env->regs[R_R2] = reset_info->initrd_base;
+ env->regs[R_R3] = reset_info->initrd_base + reset_info->initrd_size;
+ env->eba = reset_info->flash_base;
+ env->deba = reset_info->flash_base;
+}
+
+static void
+milkymist_init(ram_addr_t ram_size_not_used,
+ const char *boot_device,
+ const char *kernel_filename,
+ const char *kernel_cmdline,
+ const char *initrd_filename, const char *cpu_model)
+{
+ CPUState *env;
+ int kernel_size;
+ DriveInfo *dinfo;
+ ram_addr_t phys_sdram;
+ ram_addr_t phys_flash;
+ qemu_irq irq[32], *cpu_irq;
+ int i;
+ char *bios_filename;
+ ResetInfo *reset_info;
+
+ /* memory map */
+ target_phys_addr_t flash_base = 0x00000000;
+ size_t flash_sector_size = 128 * 1024;
+ size_t flash_size = 32 * 1024 * 1024;
+ target_phys_addr_t sdram_base = 0x40000000;
+ size_t sdram_size = 128 * 1024 * 1024;
+
+ target_phys_addr_t initrd_base = sdram_base + 0x1002000;
+ target_phys_addr_t cmdline_base = sdram_base + 0x1000000;
+ size_t initrd_max = sdram_size - 0x1002000;
+
+ reset_info = qemu_mallocz(sizeof(ResetInfo));
+
+ if (cpu_model == NULL) {
+ cpu_model = "lm32-full";
+ }
+ env = cpu_init(cpu_model);
+ reset_info->env = env;
+
+ cpu_lm32_set_phys_msb_ignore(env, 1);
+
+ phys_sdram = qemu_ram_alloc(NULL, "milkymist.sdram", sdram_size);
+ cpu_register_physical_memory(sdram_base, sdram_size,
+ phys_sdram | IO_MEM_RAM);
+
+ phys_flash = qemu_ram_alloc(NULL, "milkymist.flash", flash_size);
+ dinfo = drive_get(IF_PFLASH, 0, 0);
+ /* Numonyx JS28F256J3F105 */
+ pflash_cfi01_register(flash_base, phys_flash,
+ dinfo ? dinfo->bdrv : NULL, flash_sector_size,
+ flash_size / flash_sector_size, 2,
+ 0x00, 0x89, 0x00, 0x1d, 1);
+
+ /* create irq lines */
+ cpu_irq = qemu_allocate_irqs(cpu_irq_handler, env, 1);
+ env->pic_state = lm32_pic_init(*cpu_irq);
+ for (i = 0; i < 32; i++) {
+ irq[i] = qdev_get_gpio_in(env->pic_state, i);
+ }
+
+ /* load bios rom */
+ if (bios_name == NULL) {
+ bios_name = BIOS_FILENAME;
+ }
+ bios_filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
+
+ if (bios_filename) {
+ load_image_targphys(bios_filename, BIOS_OFFSET, BIOS_SIZE);
+ }
+
+ reset_info->bootstrap_pc = BIOS_OFFSET;
+
+ /* if no kernel is given no valid bios rom is a fatal error */
+ if (!kernel_filename && !dinfo && !bios_filename) {
+ fprintf(stderr, "qemu: could not load Milkymist One bios '%s'\n",
+ bios_name);
+ exit(1);
+ }
+
+ milkymist_uart_create(0x60000000, irq[0], irq[1]);
+ milkymist_sysctl_create(0x60001000, irq[2], irq[3], irq[4],
+ 80000000, 0x10014d31, 0x0000041f, 0x00000001);
+ milkymist_hpdmc_create(0x60002000);
+ milkymist_vgafb_create(0x60003000, 0x40000000, 0x0fffffff);
+ milkymist_memcard_create(0x60004000);
+ milkymist_ac97_create(0x60005000, irq[5], irq[6], irq[7], irq[8]);
+ milkymist_pfpu_create(0x60006000, irq[9]);
+ milkymist_tmu2_create(0x60007000, irq[10]);
+ milkymist_minimac2_create(0x60008000, 0x30000000, irq[11], irq[12]);
+ milkymist_softusb_create(0x6000f000, irq[17],
+ 0x20000000, 0x1000, 0x20020000, 0x2000);
+
+ /* make sure juart isn't the first chardev */
+ env->juart_state = lm32_juart_init();
+
+ if (kernel_filename) {
+ uint64_t entry;
+
+ /* Boots a kernel elf binary. */
+ kernel_size = load_elf(kernel_filename, NULL, NULL, &entry, NULL, NULL,
+ 1, ELF_MACHINE, 0);
+ reset_info->bootstrap_pc = entry;
+
+ if (kernel_size < 0) {
+ kernel_size = load_image_targphys(kernel_filename, sdram_base,
+ sdram_size);
+ reset_info->bootstrap_pc = sdram_base;
+ }
+
+ if (kernel_size < 0) {
+ fprintf(stderr, "qemu: could not load kernel '%s'\n",
+ kernel_filename);
+ exit(1);
+ }
+ }
+
+ if (kernel_cmdline && strlen(kernel_cmdline)) {
+ pstrcpy_targphys("cmdline", cmdline_base, TARGET_PAGE_SIZE,
+ kernel_cmdline);
+ reset_info->cmdline_base = (uint32_t)cmdline_base;
+ }
+
+ if (initrd_filename) {
+ size_t initrd_size;
+ initrd_size = load_image_targphys(initrd_filename, initrd_base,
+ initrd_max);
+ reset_info->initrd_base = (uint32_t)initrd_base;
+ reset_info->initrd_size = (uint32_t)initrd_size;
+ }
+
+ qemu_register_reset(main_cpu_reset, reset_info);
+}
+
+static QEMUMachine milkymist_machine = {
+ .name = "milkymist",
+ .desc = "Milkymist One",
+ .init = milkymist_init,
+ .is_default = 0
+};
+
+static void milkymist_machine_init(void)
+{
+ qemu_register_machine(&milkymist_machine);
+}
+
+machine_init(milkymist_machine_init);
diff --git a/hw/mips_fulong2e.c b/hw/mips_fulong2e.c
index f5ae639..420fada 100644
--- a/hw/mips_fulong2e.c
+++ b/hw/mips_fulong2e.c
@@ -263,11 +263,9 @@ static void mips_fulong2e_init(ram_addr_t ram_size, const char *boot_device,
qemu_irq *cpu_exit_irq;
int via_devfn;
PCIBus *pci_bus;
- uint8_t *eeprom_buf;
i2c_bus *smbus;
int i;
DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
- DeviceState *eeprom;
CPUState *env;
/* init CPUs */
@@ -338,14 +336,7 @@ static void mips_fulong2e_init(ram_addr_t ram_size, const char *boot_device,
pci_bus = bonito_init((qemu_irq *)&(env->irq[2]));
/* South bridge */
- if (drive_get_max_bus(IF_IDE) >= MAX_IDE_BUS) {
- fprintf(stderr, "qemu: too many IDE bus\n");
- exit(1);
- }
-
- for(i = 0; i < MAX_IDE_BUS * MAX_IDE_DEVS; i++) {
- hd[i] = drive_get(IF_IDE, i / MAX_IDE_DEVS, i % MAX_IDE_DEVS);
- }
+ ide_drive_get(hd, MAX_IDE_BUS);
via_devfn = vt82c686b_init(pci_bus, PCI_DEVFN(FULONG2E_VIA_SLOT, 0));
if (via_devfn < 0) {
@@ -360,13 +351,8 @@ static void mips_fulong2e_init(ram_addr_t ram_size, const char *boot_device,
smbus = vt82c686b_pm_init(pci_bus, PCI_DEVFN(FULONG2E_VIA_SLOT, 4),
0xeee1, NULL);
- eeprom_buf = qemu_mallocz(8 * 256); /* XXX: make this persistent */
- memcpy(eeprom_buf, eeprom_spd, sizeof(eeprom_spd));
/* TODO: Populate SPD eeprom data. */
- eeprom = qdev_create((BusState *)smbus, "smbus-eeprom");
- qdev_prop_set_uint8(eeprom, "address", 0x50);
- qdev_prop_set_ptr(eeprom, "data", eeprom_buf);
- qdev_init_nofail(eeprom);
+ smbus_eeprom_init(smbus, 1, eeprom_spd, sizeof(eeprom_spd));
/* init other devices */
pit = pit_init(0x40, 0);
diff --git a/hw/mips_malta.c b/hw/mips_malta.c
index d8baa6d..ed2a483 100644
--- a/hw/mips_malta.c
+++ b/hw/mips_malta.c
@@ -770,7 +770,6 @@ void mips_malta_init (ram_addr_t ram_size,
qemu_irq *i8259;
qemu_irq *cpu_exit_irq;
int piix4_devfn;
- uint8_t *eeprom_buf;
i2c_bus *smbus;
int i;
DriveInfo *dinfo;
@@ -905,15 +904,7 @@ void mips_malta_init (ram_addr_t ram_size,
pci_bus = gt64120_register(i8259);
/* Southbridge */
-
- if (drive_get_max_bus(IF_IDE) >= MAX_IDE_BUS) {
- fprintf(stderr, "qemu: too many IDE bus\n");
- exit(1);
- }
-
- for(i = 0; i < MAX_IDE_BUS * MAX_IDE_DEVS; i++) {
- hd[i] = drive_get(IF_IDE, i / MAX_IDE_DEVS, i % MAX_IDE_DEVS);
- }
+ ide_drive_get(hd, MAX_IDE_BUS);
piix4_devfn = piix4_init(pci_bus, 80);
isa_bus_irqs(i8259);
@@ -921,15 +912,8 @@ void mips_malta_init (ram_addr_t ram_size,
usb_uhci_piix4_init(pci_bus, piix4_devfn + 2);
smbus = piix4_pm_init(pci_bus, piix4_devfn + 3, 0x1100, isa_get_irq(9),
NULL, NULL, 0);
- eeprom_buf = qemu_mallocz(8 * 256); /* XXX: make this persistent */
- for (i = 0; i < 8; i++) {
- /* TODO: Populate SPD eeprom data. */
- DeviceState *eeprom;
- eeprom = qdev_create((BusState *)smbus, "smbus-eeprom");
- qdev_prop_set_uint8(eeprom, "address", 0x50 + i);
- qdev_prop_set_ptr(eeprom, "data", eeprom_buf + (i * 256));
- qdev_init_nofail(eeprom);
- }
+ /* TODO: Populate SPD eeprom data. */
+ smbus_eeprom_init(smbus, 8, NULL, 0);
pit = pit_init(0x40, 0);
cpu_exit_irq = qemu_allocate_irqs(cpu_request_exit, NULL, 1);
DMA_init(0, cpu_exit_irq);
diff --git a/hw/mips_r4k.c b/hw/mips_r4k.c
index 8feb461..2834a46 100644
--- a/hw/mips_r4k.c
+++ b/hw/mips_r4k.c
@@ -287,15 +287,7 @@ void mips_r4k_init (ram_addr_t ram_size,
if (nd_table[0].vlan)
isa_ne2000_init(0x300, 9, &nd_table[0]);
- if (drive_get_max_bus(IF_IDE) >= MAX_IDE_BUS) {
- fprintf(stderr, "qemu: too many IDE bus\n");
- exit(1);
- }
-
- for(i = 0; i < MAX_IDE_BUS * MAX_IDE_DEVS; i++) {
- hd[i] = drive_get(IF_IDE, i / MAX_IDE_DEVS, i % MAX_IDE_DEVS);
- }
-
+ ide_drive_get(hd, MAX_IDE_BUS);
for(i = 0; i < MAX_IDE_BUS; i++)
isa_ide_init(ide_iobase[i], ide_iobase2[i], ide_irq[i],
hd[MAX_IDE_DEVS * i],
diff --git a/hw/mipsnet.c b/hw/mipsnet.c
index c5e54ff..26aad51 100644
--- a/hw/mipsnet.c
+++ b/hw/mipsnet.c
@@ -202,44 +202,29 @@ static void mipsnet_ioport_write(void *opaque, uint32_t addr, uint32_t val)
}
}
-static void mipsnet_save(QEMUFile *f, void *opaque)
-{
- MIPSnetState *s = opaque;
-
- qemu_put_be32s(f, &s->busy);
- qemu_put_be32s(f, &s->rx_count);
- qemu_put_be32s(f, &s->rx_read);
- qemu_put_be32s(f, &s->tx_count);
- qemu_put_be32s(f, &s->tx_written);
- qemu_put_be32s(f, &s->intctl);
- qemu_put_buffer(f, s->rx_buffer, MAX_ETH_FRAME_SIZE);
- qemu_put_buffer(f, s->tx_buffer, MAX_ETH_FRAME_SIZE);
-}
-
-static int mipsnet_load(QEMUFile *f, void *opaque, int version_id)
-{
- MIPSnetState *s = opaque;
-
- if (version_id > 0)
- return -EINVAL;
-
- qemu_get_be32s(f, &s->busy);
- qemu_get_be32s(f, &s->rx_count);
- qemu_get_be32s(f, &s->rx_read);
- qemu_get_be32s(f, &s->tx_count);
- qemu_get_be32s(f, &s->tx_written);
- qemu_get_be32s(f, &s->intctl);
- qemu_get_buffer(f, s->rx_buffer, MAX_ETH_FRAME_SIZE);
- qemu_get_buffer(f, s->tx_buffer, MAX_ETH_FRAME_SIZE);
-
- return 0;
-}
+static const VMStateDescription vmstate_mipsnet = {
+ .name = "mipsnet",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(busy, MIPSnetState),
+ VMSTATE_UINT32(rx_count, MIPSnetState),
+ VMSTATE_UINT32(rx_read, MIPSnetState),
+ VMSTATE_UINT32(tx_count, MIPSnetState),
+ VMSTATE_UINT32(tx_written, MIPSnetState),
+ VMSTATE_UINT32(intctl, MIPSnetState),
+ VMSTATE_BUFFER(rx_buffer, MIPSnetState),
+ VMSTATE_BUFFER(tx_buffer, MIPSnetState),
+ VMSTATE_END_OF_LIST()
+ }
+};
static void mipsnet_cleanup(VLANClientState *nc)
{
MIPSnetState *s = DO_UPCAST(NICState, nc, nc)->opaque;
- unregister_savevm(NULL, "mipsnet", s);
+ vmstate_unregister(NULL, &vmstate_mipsnet, s);
isa_unassign_ioport(s->io_base, 36);
@@ -284,5 +269,5 @@ void mipsnet_init (int base, qemu_irq irq, NICInfo *nd)
}
mipsnet_reset(s);
- register_savevm(NULL, "mipsnet", 0, 0, mipsnet_save, mipsnet_load, s);
+ vmstate_register(NULL, 0, &vmstate_mipsnet, s);
}
diff --git a/hw/multiboot.c b/hw/multiboot.c
index 0d2bfb4..394ed01 100644
--- a/hw/multiboot.c
+++ b/hw/multiboot.c
@@ -272,7 +272,7 @@ int load_multiboot(void *fw_cfg,
mb_debug("multiboot loading module: %s\n", initrd_filename);
mb_mod_length = get_image_size(initrd_filename);
if (mb_mod_length < 0) {
- fprintf(stderr, "failed to get %s image size\n", initrd_filename);
+ fprintf(stderr, "Failed to open file '%s'\n", initrd_filename);
exit(1);
}
diff --git a/hw/musicpal.c b/hw/musicpal.c
index d98aa8d..52b2931 100644
--- a/hw/musicpal.c
+++ b/hw/musicpal.c
@@ -1597,11 +1597,11 @@ static void musicpal_init(ram_addr_t ram_size,
musicpal_misc_init();
dev = sysbus_create_simple("musicpal_gpio", MP_GPIO_BASE, pic[MP_GPIO_IRQ]);
- i2c_dev = sysbus_create_simple("gpio_i2c", 0, NULL);
+ i2c_dev = sysbus_create_simple("gpio_i2c", -1, NULL);
i2c = (i2c_bus *)qdev_get_child_bus(i2c_dev, "i2c");
lcd_dev = sysbus_create_simple("musicpal_lcd", MP_LCD_BASE, NULL);
- key_dev = sysbus_create_simple("musicpal_key", 0, NULL);
+ key_dev = sysbus_create_simple("musicpal_key", -1, NULL);
/* I2C read data */
qdev_connect_gpio_out(i2c_dev, 0,
diff --git a/hw/nand.c b/hw/nand.c
index f414aa1..37e51d7 100644
--- a/hw/nand.c
+++ b/hw/nand.c
@@ -52,7 +52,7 @@ struct NANDFlashState {
BlockDriverState *bdrv;
int mem_oob;
- int cle, ale, ce, wp, gnd;
+ uint8_t cle, ale, ce, wp, gnd;
uint8_t io[MAX_PAGE + MAX_OOB + 0x400];
uint8_t *ioaddr;
@@ -66,6 +66,8 @@ struct NANDFlashState {
void (*blk_write)(NANDFlashState *s);
void (*blk_erase)(NANDFlashState *s);
void (*blk_load)(NANDFlashState *s, uint32_t addr, int offset);
+
+ uint32_t ioaddr_vmstate;
};
# define NAND_NO_AUTOINCR 0x00000001
@@ -281,56 +283,59 @@ static void nand_command(NANDFlashState *s)
}
}
-static void nand_save(QEMUFile *f, void *opaque)
+static void nand_pre_save(void *opaque)
{
- NANDFlashState *s = (NANDFlashState *) opaque;
- qemu_put_byte(f, s->cle);
- qemu_put_byte(f, s->ale);
- qemu_put_byte(f, s->ce);
- qemu_put_byte(f, s->wp);
- qemu_put_byte(f, s->gnd);
- qemu_put_buffer(f, s->io, sizeof(s->io));
- qemu_put_be32(f, s->ioaddr - s->io);
- qemu_put_be32(f, s->iolen);
-
- qemu_put_be32s(f, &s->cmd);
- qemu_put_be32s(f, &s->addr);
- qemu_put_be32(f, s->addrlen);
- qemu_put_be32(f, s->status);
- qemu_put_be32(f, s->offset);
- /* XXX: do we want to save s->storage too? */
+ NANDFlashState *s = opaque;
+
+ s->ioaddr_vmstate = s->ioaddr - s->io;
}
-static int nand_load(QEMUFile *f, void *opaque, int version_id)
+static int nand_post_load(void *opaque, int version_id)
{
- NANDFlashState *s = (NANDFlashState *) opaque;
- s->cle = qemu_get_byte(f);
- s->ale = qemu_get_byte(f);
- s->ce = qemu_get_byte(f);
- s->wp = qemu_get_byte(f);
- s->gnd = qemu_get_byte(f);
- qemu_get_buffer(f, s->io, sizeof(s->io));
- s->ioaddr = s->io + qemu_get_be32(f);
- s->iolen = qemu_get_be32(f);
- if (s->ioaddr >= s->io + sizeof(s->io) || s->ioaddr < s->io)
+ NANDFlashState *s = opaque;
+
+ if (s->ioaddr_vmstate > sizeof(s->io)) {
return -EINVAL;
+ }
+ s->ioaddr = s->io + s->ioaddr_vmstate;
- qemu_get_be32s(f, &s->cmd);
- qemu_get_be32s(f, &s->addr);
- s->addrlen = qemu_get_be32(f);
- s->status = qemu_get_be32(f);
- s->offset = qemu_get_be32(f);
return 0;
}
+static const VMStateDescription vmstate_nand = {
+ .name = "nand",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .pre_save = nand_pre_save,
+ .post_load = nand_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8(cle, NANDFlashState),
+ VMSTATE_UINT8(ale, NANDFlashState),
+ VMSTATE_UINT8(ce, NANDFlashState),
+ VMSTATE_UINT8(wp, NANDFlashState),
+ VMSTATE_UINT8(gnd, NANDFlashState),
+ VMSTATE_BUFFER(io, NANDFlashState),
+ VMSTATE_UINT32(ioaddr_vmstate, NANDFlashState),
+ VMSTATE_INT32(iolen, NANDFlashState),
+ VMSTATE_UINT32(cmd, NANDFlashState),
+ VMSTATE_UINT32(addr, NANDFlashState),
+ VMSTATE_INT32(addrlen, NANDFlashState),
+ VMSTATE_INT32(status, NANDFlashState),
+ VMSTATE_INT32(offset, NANDFlashState),
+ /* XXX: do we want to save s->storage too? */
+ VMSTATE_END_OF_LIST()
+ }
+};
+
/*
* Chip inputs are CLE, ALE, CE, WP, GND and eight I/O pins. Chip
* outputs are R/B and eight I/O pins.
*
* CE, WP and R/B are active low.
*/
-void nand_setpins(NANDFlashState *s,
- int cle, int ale, int ce, int wp, int gnd)
+void nand_setpins(NANDFlashState *s, uint8_t cle, uint8_t ale,
+ uint8_t ce, uint8_t wp, uint8_t gnd)
{
s->cle = cle;
s->ale = ale;
@@ -502,7 +507,7 @@ NANDFlashState *nand_init(int manf_id, int chip_id)
is used. */
s->ioaddr = s->io;
- register_savevm(NULL, "nand", -1, 0, nand_save, nand_load, s);
+ vmstate_register(NULL, -1, &vmstate_nand, s);
return s;
}
diff --git a/hw/ne2000.c b/hw/ne2000.c
index 5966359..b668ad1 100644
--- a/hw/ne2000.c
+++ b/hw/ne2000.c
@@ -742,7 +742,7 @@ static int pci_ne2000_init(PCIDevice *pci_dev)
if (!pci_dev->qdev.hotplugged) {
static int loaded = 0;
if (!loaded) {
- rom_add_option("pxe-ne2k_pci.bin", -1);
+ rom_add_option("pxe-ne2k_pci.rom", -1);
loaded = 1;
}
}
diff --git a/hw/omap_sx1.c b/hw/omap_sx1.c
index 06bccbd..a7b687b 100644
--- a/hw/omap_sx1.c
+++ b/hw/omap_sx1.c
@@ -26,7 +26,6 @@
* with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#include "hw.h"
-#include "sysemu.h"
#include "console.h"
#include "omap.h"
#include "boards.h"
diff --git a/hw/pc_piix.c b/hw/pc_piix.c
index b3ede89..a85214b 100644
--- a/hw/pc_piix.c
+++ b/hw/pc_piix.c
@@ -37,6 +37,7 @@
#include "sysbus.h"
#include "arch_init.h"
#include "blockdev.h"
+#include "smbus.h"
#define MAX_IDE_BUS 2
@@ -129,15 +130,7 @@ static void pc_init1(ram_addr_t ram_size,
pci_nic_init_nofail(nd, "e1000", NULL);
}
- if (drive_get_max_bus(IF_IDE) >= MAX_IDE_BUS) {
- fprintf(stderr, "qemu: too many IDE bus\n");
- exit(1);
- }
-
- for(i = 0; i < MAX_IDE_BUS * MAX_IDE_DEVS; i++) {
- hd[i] = drive_get(IF_IDE, i / MAX_IDE_DEVS, i % MAX_IDE_DEVS);
- }
-
+ ide_drive_get(hd, MAX_IDE_BUS);
if (pci_enabled) {
PCIDevice *dev;
dev = pci_piix3_ide_init(pci_bus, hd, piix3_devfn + 1);
@@ -162,7 +155,6 @@ static void pc_init1(ram_addr_t ram_size,
}
if (pci_enabled && acpi_enabled) {
- uint8_t *eeprom_buf = qemu_mallocz(8 * 256); /* XXX: make this persistent */
i2c_bus *smbus;
cmos_s3 = qemu_allocate_irqs(pc_cmos_set_s3_resume, rtc_state, 1);
@@ -171,13 +163,7 @@ static void pc_init1(ram_addr_t ram_size,
smbus = piix4_pm_init(pci_bus, piix3_devfn + 3, 0xb100,
isa_get_irq(9), *cmos_s3, *smi_irq,
kvm_enabled());
- for (i = 0; i < 8; i++) {
- DeviceState *eeprom;
- eeprom = qdev_create((BusState *)smbus, "smbus-eeprom");
- qdev_prop_set_uint8(eeprom, "address", 0x50 + i);
- qdev_prop_set_ptr(eeprom, "data", eeprom_buf + (i * 256));
- qdev_init_nofail(eeprom);
- }
+ smbus_eeprom_init(smbus, 8, NULL, 0);
}
if (i440fx_state) {
diff --git a/hw/pcie.c b/hw/pcie.c
index 6a113a9..9de6149 100644
--- a/hw/pcie.c
+++ b/hw/pcie.c
@@ -18,8 +18,7 @@
* with this program; if not, see <http://www.gnu.org/licenses/>.
*/
-#include "sysemu.h"
-#include "range.h"
+#include "qemu-common.h"
#include "pci_bridge.h"
#include "pcie.h"
#include "msix.h"
diff --git a/hw/pcnet-pci.c b/hw/pcnet-pci.c
index 4ac3e32..9415a1e 100644
--- a/hw/pcnet-pci.c
+++ b/hw/pcnet-pci.c
@@ -296,7 +296,7 @@ static int pci_pcnet_init(PCIDevice *pci_dev)
if (!pci_dev->qdev.hotplugged) {
static int loaded = 0;
if (!loaded) {
- rom_add_option("pxe-pcnet.bin", -1);
+ rom_add_option("pxe-pcnet.rom", -1);
loaded = 1;
}
}
diff --git a/hw/pcnet.c b/hw/pcnet.c
index 82ccbbd..cf16fd4 100644
--- a/hw/pcnet.c
+++ b/hw/pcnet.c
@@ -113,23 +113,23 @@ struct qemu_ether_header {
#define CSR_XMTRL(S) ((S)->csr[78])
#define CSR_MISSC(S) ((S)->csr[112])
-#define CSR_IADR(S) ((S)->csr[ 1] | ((S)->csr[ 2] << 16))
-#define CSR_CRBA(S) ((S)->csr[18] | ((S)->csr[19] << 16))
-#define CSR_CXBA(S) ((S)->csr[20] | ((S)->csr[21] << 16))
-#define CSR_NRBA(S) ((S)->csr[22] | ((S)->csr[23] << 16))
-#define CSR_BADR(S) ((S)->csr[24] | ((S)->csr[25] << 16))
-#define CSR_NRDA(S) ((S)->csr[26] | ((S)->csr[27] << 16))
-#define CSR_CRDA(S) ((S)->csr[28] | ((S)->csr[29] << 16))
-#define CSR_BADX(S) ((S)->csr[30] | ((S)->csr[31] << 16))
-#define CSR_NXDA(S) ((S)->csr[32] | ((S)->csr[33] << 16))
-#define CSR_CXDA(S) ((S)->csr[34] | ((S)->csr[35] << 16))
-#define CSR_NNRD(S) ((S)->csr[36] | ((S)->csr[37] << 16))
-#define CSR_NNXD(S) ((S)->csr[38] | ((S)->csr[39] << 16))
-#define CSR_PXDA(S) ((S)->csr[60] | ((S)->csr[61] << 16))
-#define CSR_NXBA(S) ((S)->csr[64] | ((S)->csr[65] << 16))
+#define CSR_IADR(S) ((S)->csr[ 1] | ((uint32_t)(S)->csr[ 2] << 16))
+#define CSR_CRBA(S) ((S)->csr[18] | ((uint32_t)(S)->csr[19] << 16))
+#define CSR_CXBA(S) ((S)->csr[20] | ((uint32_t)(S)->csr[21] << 16))
+#define CSR_NRBA(S) ((S)->csr[22] | ((uint32_t)(S)->csr[23] << 16))
+#define CSR_BADR(S) ((S)->csr[24] | ((uint32_t)(S)->csr[25] << 16))
+#define CSR_NRDA(S) ((S)->csr[26] | ((uint32_t)(S)->csr[27] << 16))
+#define CSR_CRDA(S) ((S)->csr[28] | ((uint32_t)(S)->csr[29] << 16))
+#define CSR_BADX(S) ((S)->csr[30] | ((uint32_t)(S)->csr[31] << 16))
+#define CSR_NXDA(S) ((S)->csr[32] | ((uint32_t)(S)->csr[33] << 16))
+#define CSR_CXDA(S) ((S)->csr[34] | ((uint32_t)(S)->csr[35] << 16))
+#define CSR_NNRD(S) ((S)->csr[36] | ((uint32_t)(S)->csr[37] << 16))
+#define CSR_NNXD(S) ((S)->csr[38] | ((uint32_t)(S)->csr[39] << 16))
+#define CSR_PXDA(S) ((S)->csr[60] | ((uint32_t)(S)->csr[61] << 16))
+#define CSR_NXBA(S) ((S)->csr[64] | ((uint32_t)(S)->csr[65] << 16))
#define PHYSADDR(S,A) \
- (BCR_SSIZE32(S) ? (A) : (A) | ((0xff00 & (uint32_t)(s)->csr[2])<<16))
+ (BCR_SSIZE32(S) ? (A) : (A) | ((0xff00 & (uint32_t)(S)->csr[2])<<16))
struct pcnet_initblk16 {
uint16_t mode;
diff --git a/hw/pflash_cfi02.c b/hw/pflash_cfi02.c
index 30c8aa4..14bbc34 100644
--- a/hw/pflash_cfi02.c
+++ b/hw/pflash_cfi02.c
@@ -50,6 +50,8 @@ do { \
#define DPRINTF(fmt, ...) do { } while (0)
#endif
+#define PFLASH_LAZY_ROMD_THRESHOLD 42
+
struct pflash_t {
BlockDriverState *bs;
target_phys_addr_t base;
@@ -70,6 +72,7 @@ struct pflash_t {
ram_addr_t off;
int fl_mem;
int rom_mode;
+ int read_counter; /* used for lazy switch-back to rom mode */
void *storage;
};
@@ -112,10 +115,10 @@ static uint32_t pflash_read (pflash_t *pfl, target_phys_addr_t offset,
DPRINTF("%s: offset " TARGET_FMT_plx "\n", __func__, offset);
ret = -1;
- if (pfl->rom_mode) {
- /* Lazy reset of to ROMD mode */
- if (pfl->wcycle == 0)
- pflash_register_memory(pfl, 1);
+ /* Lazy reset to ROMD mode after a certain amount of read accesses */
+ if (!pfl->rom_mode && pfl->wcycle == 0 &&
+ ++pfl->read_counter > PFLASH_LAZY_ROMD_THRESHOLD) {
+ pflash_register_memory(pfl, 1);
}
offset &= pfl->chip_len - 1;
boff = offset & 0xFF;
@@ -254,6 +257,7 @@ static void pflash_write (pflash_t *pfl, target_phys_addr_t offset,
/* Set the device in I/O access mode if required */
if (pfl->rom_mode)
pflash_register_memory(pfl, 0);
+ pfl->read_counter = 0;
/* We're in read mode */
check_unlock0:
if (boff == 0x55 && cmd == 0x98) {
diff --git a/hw/piix4.c b/hw/piix4.c
index 72073cd..71f1f84 100644
--- a/hw/piix4.c
+++ b/hw/piix4.c
@@ -30,10 +30,14 @@
PCIDevice *piix4_dev;
+typedef struct PIIX4State {
+ PCIDevice dev;
+} PIIX4State;
+
static void piix4_reset(void *opaque)
{
- PCIDevice *d = opaque;
- uint8_t *pci_conf = d->config;
+ PIIX4State *d = opaque;
+ uint8_t *pci_conf = d->dev.config;
pci_conf[0x04] = 0x07; // master, memory and I/O
pci_conf[0x05] = 0x00;
@@ -68,33 +72,30 @@ static void piix4_reset(void *opaque)
pci_conf[0xae] = 0x00;
}
-static void piix_save(QEMUFile* f, void *opaque)
-{
- PCIDevice *d = opaque;
- pci_device_save(d, f);
-}
-
-static int piix_load(QEMUFile* f, void *opaque, int version_id)
-{
- PCIDevice *d = opaque;
- if (version_id != 2)
- return -EINVAL;
- return pci_device_load(d, f);
-}
+static const VMStateDescription vmstate_piix4 = {
+ .name = "PIIX4",
+ .version_id = 2,
+ .minimum_version_id = 2,
+ .minimum_version_id_old = 2,
+ .fields = (VMStateField[]) {
+ VMSTATE_PCI_DEVICE(dev, PIIX4State),
+ VMSTATE_END_OF_LIST()
+ }
+};
-static int piix4_initfn(PCIDevice *d)
+static int piix4_initfn(PCIDevice *dev)
{
+ PIIX4State *d = DO_UPCAST(PIIX4State, dev, dev);
uint8_t *pci_conf;
- isa_bus_new(&d->qdev);
- register_savevm(&d->qdev, "PIIX4", 0, 2, piix_save, piix_load, d);
+ isa_bus_new(&d->dev.qdev);
- pci_conf = d->config;
+ pci_conf = d->dev.config;
pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82371AB_0); // 82371AB/EB/MB PIIX4 PCI-to-ISA bridge
pci_config_set_class(pci_conf, PCI_CLASS_BRIDGE_ISA);
- piix4_dev = d;
+ piix4_dev = &d->dev;
qemu_register_reset(piix4_reset, d);
return 0;
}
@@ -111,7 +112,8 @@ static PCIDeviceInfo piix4_info[] = {
{
.qdev.name = "PIIX4",
.qdev.desc = "ISA bridge",
- .qdev.size = sizeof(PCIDevice),
+ .qdev.size = sizeof(PIIX4State),
+ .qdev.vmsd = &vmstate_piix4,
.qdev.no_user = 1,
.no_hotplug = 1,
.init = piix4_initfn,
diff --git a/hw/pl011.c b/hw/pl011.c
index 77f0dbf..3b94b14 100644
--- a/hw/pl011.c
+++ b/hw/pl011.c
@@ -235,56 +235,30 @@ static CPUWriteMemoryFunc * const pl011_writefn[] = {
pl011_write
};
-static void pl011_save(QEMUFile *f, void *opaque)
-{
- pl011_state *s = (pl011_state *)opaque;
- int i;
-
- qemu_put_be32(f, s->readbuff);
- qemu_put_be32(f, s->flags);
- qemu_put_be32(f, s->lcr);
- qemu_put_be32(f, s->cr);
- qemu_put_be32(f, s->dmacr);
- qemu_put_be32(f, s->int_enabled);
- qemu_put_be32(f, s->int_level);
- for (i = 0; i < 16; i++)
- qemu_put_be32(f, s->read_fifo[i]);
- qemu_put_be32(f, s->ilpr);
- qemu_put_be32(f, s->ibrd);
- qemu_put_be32(f, s->fbrd);
- qemu_put_be32(f, s->ifl);
- qemu_put_be32(f, s->read_pos);
- qemu_put_be32(f, s->read_count);
- qemu_put_be32(f, s->read_trigger);
-}
-
-static int pl011_load(QEMUFile *f, void *opaque, int version_id)
-{
- pl011_state *s = (pl011_state *)opaque;
- int i;
-
- if (version_id != 1)
- return -EINVAL;
-
- s->readbuff = qemu_get_be32(f);
- s->flags = qemu_get_be32(f);
- s->lcr = qemu_get_be32(f);
- s->cr = qemu_get_be32(f);
- s->dmacr = qemu_get_be32(f);
- s->int_enabled = qemu_get_be32(f);
- s->int_level = qemu_get_be32(f);
- for (i = 0; i < 16; i++)
- s->read_fifo[i] = qemu_get_be32(f);
- s->ilpr = qemu_get_be32(f);
- s->ibrd = qemu_get_be32(f);
- s->fbrd = qemu_get_be32(f);
- s->ifl = qemu_get_be32(f);
- s->read_pos = qemu_get_be32(f);
- s->read_count = qemu_get_be32(f);
- s->read_trigger = qemu_get_be32(f);
-
- return 0;
-}
+static const VMStateDescription vmstate_pl011 = {
+ .name = "pl011",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(readbuff, pl011_state),
+ VMSTATE_UINT32(flags, pl011_state),
+ VMSTATE_UINT32(lcr, pl011_state),
+ VMSTATE_UINT32(cr, pl011_state),
+ VMSTATE_UINT32(dmacr, pl011_state),
+ VMSTATE_UINT32(int_enabled, pl011_state),
+ VMSTATE_UINT32(int_level, pl011_state),
+ VMSTATE_UINT32_ARRAY(read_fifo, pl011_state, 16),
+ VMSTATE_UINT32(ilpr, pl011_state),
+ VMSTATE_UINT32(ibrd, pl011_state),
+ VMSTATE_UINT32(fbrd, pl011_state),
+ VMSTATE_UINT32(ifl, pl011_state),
+ VMSTATE_INT32(read_pos, pl011_state),
+ VMSTATE_INT32(read_count, pl011_state),
+ VMSTATE_INT32(read_trigger, pl011_state),
+ VMSTATE_END_OF_LIST()
+ }
+};
static int pl011_init(SysBusDevice *dev, const unsigned char *id)
{
@@ -307,7 +281,7 @@ static int pl011_init(SysBusDevice *dev, const unsigned char *id)
qemu_chr_add_handlers(s->chr, pl011_can_receive, pl011_receive,
pl011_event, s);
}
- register_savevm(&dev->qdev, "pl011_uart", -1, 1, pl011_save, pl011_load, s);
+ vmstate_register(&dev->qdev, -1, &vmstate_pl011, s);
return 0;
}
diff --git a/hw/pl022.c b/hw/pl022.c
index ffe05ab..00e494a 100644
--- a/hw/pl022.c
+++ b/hw/pl022.c
@@ -239,54 +239,42 @@ static CPUWriteMemoryFunc * const pl022_writefn[] = {
pl022_write
};
-static void pl022_save(QEMUFile *f, void *opaque)
-{
- pl022_state *s = (pl022_state *)opaque;
- int i;
-
- qemu_put_be32(f, s->cr0);
- qemu_put_be32(f, s->cr1);
- qemu_put_be32(f, s->bitmask);
- qemu_put_be32(f, s->sr);
- qemu_put_be32(f, s->cpsr);
- qemu_put_be32(f, s->is);
- qemu_put_be32(f, s->im);
- qemu_put_be32(f, s->tx_fifo_head);
- qemu_put_be32(f, s->rx_fifo_head);
- qemu_put_be32(f, s->tx_fifo_len);
- qemu_put_be32(f, s->rx_fifo_len);
- for (i = 0; i < 8; i++) {
- qemu_put_be16(f, s->tx_fifo[i]);
- qemu_put_be16(f, s->rx_fifo[i]);
- }
-}
-
-static int pl022_load(QEMUFile *f, void *opaque, int version_id)
-{
- pl022_state *s = (pl022_state *)opaque;
- int i;
-
- if (version_id != 1)
- return -EINVAL;
-
- s->cr0 = qemu_get_be32(f);
- s->cr1 = qemu_get_be32(f);
- s->bitmask = qemu_get_be32(f);
- s->sr = qemu_get_be32(f);
- s->cpsr = qemu_get_be32(f);
- s->is = qemu_get_be32(f);
- s->im = qemu_get_be32(f);
- s->tx_fifo_head = qemu_get_be32(f);
- s->rx_fifo_head = qemu_get_be32(f);
- s->tx_fifo_len = qemu_get_be32(f);
- s->rx_fifo_len = qemu_get_be32(f);
- for (i = 0; i < 8; i++) {
- s->tx_fifo[i] = qemu_get_be16(f);
- s->rx_fifo[i] = qemu_get_be16(f);
+static const VMStateDescription vmstate_pl022 = {
+ .name = "pl022_ssp",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(cr0, pl022_state),
+ VMSTATE_UINT32(cr1, pl022_state),
+ VMSTATE_UINT32(bitmask, pl022_state),
+ VMSTATE_UINT32(sr, pl022_state),
+ VMSTATE_UINT32(cpsr, pl022_state),
+ VMSTATE_UINT32(is, pl022_state),
+ VMSTATE_UINT32(im, pl022_state),
+ VMSTATE_INT32(tx_fifo_head, pl022_state),
+ VMSTATE_INT32(rx_fifo_head, pl022_state),
+ VMSTATE_INT32(tx_fifo_len, pl022_state),
+ VMSTATE_INT32(rx_fifo_len, pl022_state),
+ VMSTATE_UINT16(tx_fifo[0], pl022_state),
+ VMSTATE_UINT16(rx_fifo[0], pl022_state),
+ VMSTATE_UINT16(tx_fifo[1], pl022_state),
+ VMSTATE_UINT16(rx_fifo[1], pl022_state),
+ VMSTATE_UINT16(tx_fifo[2], pl022_state),
+ VMSTATE_UINT16(rx_fifo[2], pl022_state),
+ VMSTATE_UINT16(tx_fifo[3], pl022_state),
+ VMSTATE_UINT16(rx_fifo[3], pl022_state),
+ VMSTATE_UINT16(tx_fifo[4], pl022_state),
+ VMSTATE_UINT16(rx_fifo[4], pl022_state),
+ VMSTATE_UINT16(tx_fifo[5], pl022_state),
+ VMSTATE_UINT16(rx_fifo[5], pl022_state),
+ VMSTATE_UINT16(tx_fifo[6], pl022_state),
+ VMSTATE_UINT16(rx_fifo[6], pl022_state),
+ VMSTATE_UINT16(tx_fifo[7], pl022_state),
+ VMSTATE_UINT16(rx_fifo[7], pl022_state),
+ VMSTATE_END_OF_LIST()
}
-
- return 0;
-}
+};
static int pl022_init(SysBusDevice *dev)
{
@@ -300,7 +288,7 @@ static int pl022_init(SysBusDevice *dev)
sysbus_init_irq(dev, &s->irq);
s->ssi = ssi_create_bus(&dev->qdev, "ssi");
pl022_reset(s);
- register_savevm(&dev->qdev, "pl022_ssp", -1, 1, pl022_save, pl022_load, s);
+ vmstate_register(&dev->qdev, -1, &vmstate_pl022, s);
return 0;
}
diff --git a/hw/ppc-viosrp.h b/hw/ppc-viosrp.h
new file mode 100644
index 0000000..d8e365d
--- /dev/null
+++ b/hw/ppc-viosrp.h
@@ -0,0 +1,216 @@
+/*****************************************************************************/
+/* srp.h -- SCSI RDMA Protocol definitions */
+/* */
+/* Written By: Colin Devilbis, IBM Corporation */
+/* */
+/* Copyright (C) 2003 IBM Corporation */
+/* */
+/* This program is free software; you can redistribute it and/or modify */
+/* it under the terms of the GNU General Public License as published by */
+/* the Free Software Foundation; either version 2 of the License, or */
+/* (at your option) any later version. */
+/* */
+/* This program is distributed in the hope that it will be useful, */
+/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
+/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
+/* GNU General Public License for more details. */
+/* */
+/* You should have received a copy of the GNU General Public License */
+/* along with this program; if not, write to the Free Software */
+/* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */
+/* */
+/* */
+/* This file contains structures and definitions for IBM RPA (RS/6000 */
+/* platform architecture) implementation of the SRP (SCSI RDMA Protocol) */
+/* standard. SRP is used on IBM iSeries and pSeries platforms to send SCSI */
+/* commands between logical partitions. */
+/* */
+/* SRP Information Units (IUs) are sent on a "Command/Response Queue" (CRQ) */
+/* between partitions. The definitions in this file are architected, */
+/* and cannot be changed without breaking compatibility with other versions */
+/* of Linux and other operating systems (AIX, OS/400) that talk this protocol*/
+/* between logical partitions */
+/*****************************************************************************/
+#ifndef PPC_VIOSRP_H
+#define PPC_VIOSRP_H
+
+#define SRP_VERSION "16.a"
+#define SRP_MAX_IU_LEN 256
+#define SRP_MAX_LOC_LEN 32
+
+union srp_iu {
+ struct srp_login_req login_req;
+ struct srp_login_rsp login_rsp;
+ struct srp_login_rej login_rej;
+ struct srp_i_logout i_logout;
+ struct srp_t_logout t_logout;
+ struct srp_tsk_mgmt tsk_mgmt;
+ struct srp_cmd cmd;
+ struct srp_rsp rsp;
+ uint8_t reserved[SRP_MAX_IU_LEN];
+};
+
+enum viosrp_crq_formats {
+ VIOSRP_SRP_FORMAT = 0x01,
+ VIOSRP_MAD_FORMAT = 0x02,
+ VIOSRP_OS400_FORMAT = 0x03,
+ VIOSRP_AIX_FORMAT = 0x04,
+ VIOSRP_LINUX_FORMAT = 0x06,
+ VIOSRP_INLINE_FORMAT = 0x07
+};
+
+enum viosrp_crq_status {
+ VIOSRP_OK = 0x0,
+ VIOSRP_NONRECOVERABLE_ERR = 0x1,
+ VIOSRP_VIOLATES_MAX_XFER = 0x2,
+ VIOSRP_PARTNER_PANIC = 0x3,
+ VIOSRP_DEVICE_BUSY = 0x8,
+ VIOSRP_ADAPTER_FAIL = 0x10,
+ VIOSRP_OK2 = 0x99,
+};
+
+struct viosrp_crq {
+ uint8_t valid; /* used by RPA */
+ uint8_t format; /* SCSI vs out-of-band */
+ uint8_t reserved;
+ uint8_t status; /* non-scsi failure? (e.g. DMA failure) */
+ uint16_t timeout; /* in seconds */
+ uint16_t IU_length; /* in bytes */
+ uint64_t IU_data_ptr; /* the TCE for transferring data */
+};
+
+/* MADs are Management requests above and beyond the IUs defined in the SRP
+ * standard.
+ */
+enum viosrp_mad_types {
+ VIOSRP_EMPTY_IU_TYPE = 0x01,
+ VIOSRP_ERROR_LOG_TYPE = 0x02,
+ VIOSRP_ADAPTER_INFO_TYPE = 0x03,
+ VIOSRP_HOST_CONFIG_TYPE = 0x04,
+ VIOSRP_CAPABILITIES_TYPE = 0x05,
+ VIOSRP_ENABLE_FAST_FAIL = 0x08,
+};
+
+enum viosrp_mad_status {
+ VIOSRP_MAD_SUCCESS = 0x00,
+ VIOSRP_MAD_NOT_SUPPORTED = 0xF1,
+ VIOSRP_MAD_FAILED = 0xF7,
+};
+
+enum viosrp_capability_type {
+ MIGRATION_CAPABILITIES = 0x01,
+ RESERVATION_CAPABILITIES = 0x02,
+};
+
+enum viosrp_capability_support {
+ SERVER_DOES_NOT_SUPPORTS_CAP = 0x0,
+ SERVER_SUPPORTS_CAP = 0x01,
+ SERVER_CAP_DATA = 0x02,
+};
+
+enum viosrp_reserve_type {
+ CLIENT_RESERVE_SCSI_2 = 0x01,
+};
+
+enum viosrp_capability_flag {
+ CLIENT_MIGRATED = 0x01,
+ CLIENT_RECONNECT = 0x02,
+ CAP_LIST_SUPPORTED = 0x04,
+ CAP_LIST_DATA = 0x08,
+};
+
+/*
+ * Common MAD header
+ */
+struct mad_common {
+ uint32_t type;
+ uint16_t status;
+ uint16_t length;
+ uint64_t tag;
+};
+
+/*
+ * All SRP (and MAD) requests normally flow from the
+ * client to the server. There is no way for the server to send
+ * an asynchronous message back to the client. The Empty IU is used
+ * to hang out a meaningless request to the server so that it can respond
+ * asynchrouously with something like a SCSI AER
+ */
+struct viosrp_empty_iu {
+ struct mad_common common;
+ uint64_t buffer;
+ uint32_t port;
+};
+
+struct viosrp_error_log {
+ struct mad_common common;
+ uint64_t buffer;
+};
+
+struct viosrp_adapter_info {
+ struct mad_common common;
+ uint64_t buffer;
+};
+
+struct viosrp_host_config {
+ struct mad_common common;
+ uint64_t buffer;
+};
+
+struct viosrp_fast_fail {
+ struct mad_common common;
+};
+
+struct viosrp_capabilities {
+ struct mad_common common;
+ uint64_t buffer;
+};
+
+struct mad_capability_common {
+ uint32_t cap_type;
+ uint16_t length;
+ uint16_t server_support;
+};
+
+struct mad_reserve_cap {
+ struct mad_capability_common common;
+ uint32_t type;
+};
+
+struct mad_migration_cap {
+ struct mad_capability_common common;
+ uint32_t ecl;
+};
+
+struct capabilities {
+ uint32_t flags;
+ char name[SRP_MAX_LOC_LEN];
+ char loc[SRP_MAX_LOC_LEN];
+ struct mad_migration_cap migration;
+ struct mad_reserve_cap reserve;
+};
+
+union mad_iu {
+ struct viosrp_empty_iu empty_iu;
+ struct viosrp_error_log error_log;
+ struct viosrp_adapter_info adapter_info;
+ struct viosrp_host_config host_config;
+ struct viosrp_fast_fail fast_fail;
+ struct viosrp_capabilities capabilities;
+};
+
+union viosrp_iu {
+ union srp_iu srp;
+ union mad_iu mad;
+};
+
+struct mad_adapter_info_data {
+ char srp_version[8];
+ char partition_name[96];
+ uint32_t partition_number;
+ uint32_t mad_version;
+ uint32_t os_type;
+ uint32_t port_max_txu[8]; /* per-port maximum transfer */
+};
+
+#endif
diff --git a/hw/ppc.c b/hw/ppc.c
index b55a848..1873328 100644
--- a/hw/ppc.c
+++ b/hw/ppc.c
@@ -247,6 +247,39 @@ void ppc970_irq_init (CPUState *env)
env->irq_inputs = (void **)qemu_allocate_irqs(&ppc970_set_irq, env,
PPC970_INPUT_NB);
}
+
+/* POWER7 internal IRQ controller */
+static void power7_set_irq (void *opaque, int pin, int level)
+{
+ CPUState *env = opaque;
+
+ LOG_IRQ("%s: env %p pin %d level %d\n", __func__,
+ env, pin, level);
+
+ switch (pin) {
+ case POWER7_INPUT_INT:
+ /* Level sensitive - active high */
+ LOG_IRQ("%s: set the external IRQ state to %d\n",
+ __func__, level);
+ ppc_set_irq(env, PPC_INTERRUPT_EXT, level);
+ break;
+ default:
+ /* Unknown pin - do nothing */
+ LOG_IRQ("%s: unknown IRQ pin %d\n", __func__, pin);
+ return;
+ }
+ if (level) {
+ env->irq_input_state |= 1 << pin;
+ } else {
+ env->irq_input_state &= ~(1 << pin);
+ }
+}
+
+void ppcPOWER7_irq_init (CPUState *env)
+{
+ env->irq_inputs = (void **)qemu_allocate_irqs(&power7_set_irq, env,
+ POWER7_INPUT_NB);
+}
#endif /* defined(TARGET_PPC64) */
/* PowerPC 40x internal IRQ controller */
diff --git a/hw/ppc.h b/hw/ppc.h
index 34f54cf..3ccf134 100644
--- a/hw/ppc.h
+++ b/hw/ppc.h
@@ -36,6 +36,7 @@ void ppc40x_irq_init (CPUState *env);
void ppce500_irq_init (CPUState *env);
void ppc6xx_irq_init (CPUState *env);
void ppc970_irq_init (CPUState *env);
+void ppcPOWER7_irq_init (CPUState *env);
/* PPC machines for OpenBIOS */
enum {
diff --git a/hw/ppc440_bamboo.c b/hw/ppc440_bamboo.c
index 34ddf45..20b8629 100644
--- a/hw/ppc440_bamboo.c
+++ b/hw/ppc440_bamboo.c
@@ -17,7 +17,6 @@
#include "hw.h"
#include "pci.h"
#include "boards.h"
-#include "sysemu.h"
#include "ppc440.h"
#include "kvm.h"
#include "kvm_ppc.h"
@@ -156,8 +155,6 @@ static void bamboo_init(ram_addr_t ram_size,
exit(1);
}
- cpu_synchronize_state(env);
-
/* Set initial guest state. */
env->gpr[1] = (16<<20) - 8;
env->gpr[3] = FDT_ADDR;
diff --git a/hw/ppc4xx_devs.c b/hw/ppc4xx_devs.c
index 5f581fe..7f9ed17 100644
--- a/hw/ppc4xx_devs.c
+++ b/hw/ppc4xx_devs.c
@@ -24,7 +24,6 @@
#include "hw.h"
#include "ppc.h"
#include "ppc4xx.h"
-#include "sysemu.h"
#include "qemu-log.h"
//#define DEBUG_MMIO
diff --git a/hw/ppc4xx_pci.c b/hw/ppc4xx_pci.c
index f62f1f9..299473c 100644
--- a/hw/ppc4xx_pci.c
+++ b/hw/ppc4xx_pci.c
@@ -285,50 +285,48 @@ static void ppc4xx_pci_set_irq(void *opaque, int irq_num, int level)
qemu_set_irq(pci_irqs[irq_num], level);
}
-static void ppc4xx_pci_save(QEMUFile *f, void *opaque)
-{
- PPC4xxPCIState *controller = opaque;
- int i;
-
- pci_device_save(controller->pci_dev, f);
-
- for (i = 0; i < PPC4xx_PCI_NR_PMMS; i++) {
- qemu_put_be32s(f, &controller->pmm[i].la);
- qemu_put_be32s(f, &controller->pmm[i].ma);
- qemu_put_be32s(f, &controller->pmm[i].pcila);
- qemu_put_be32s(f, &controller->pmm[i].pciha);
- }
-
- for (i = 0; i < PPC4xx_PCI_NR_PTMS; i++) {
- qemu_put_be32s(f, &controller->ptm[i].ms);
- qemu_put_be32s(f, &controller->ptm[i].la);
+static const VMStateDescription vmstate_pci_master_map = {
+ .name = "pci_master_map",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(la, struct PCIMasterMap),
+ VMSTATE_UINT32(ma, struct PCIMasterMap),
+ VMSTATE_UINT32(pcila, struct PCIMasterMap),
+ VMSTATE_UINT32(pciha, struct PCIMasterMap),
+ VMSTATE_END_OF_LIST()
}
-}
-
-static int ppc4xx_pci_load(QEMUFile *f, void *opaque, int version_id)
-{
- PPC4xxPCIState *controller = opaque;
- int i;
-
- if (version_id != 1)
- return -EINVAL;
-
- pci_device_load(controller->pci_dev, f);
+};
- for (i = 0; i < PPC4xx_PCI_NR_PMMS; i++) {
- qemu_get_be32s(f, &controller->pmm[i].la);
- qemu_get_be32s(f, &controller->pmm[i].ma);
- qemu_get_be32s(f, &controller->pmm[i].pcila);
- qemu_get_be32s(f, &controller->pmm[i].pciha);
+static const VMStateDescription vmstate_pci_target_map = {
+ .name = "pci_target_map",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(ms, struct PCITargetMap),
+ VMSTATE_UINT32(la, struct PCITargetMap),
+ VMSTATE_END_OF_LIST()
}
+};
- for (i = 0; i < PPC4xx_PCI_NR_PTMS; i++) {
- qemu_get_be32s(f, &controller->ptm[i].ms);
- qemu_get_be32s(f, &controller->ptm[i].la);
+static const VMStateDescription vmstate_ppc4xx_pci = {
+ .name = "ppc4xx_pci",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_PCI_DEVICE_POINTER(pci_dev, PPC4xxPCIState),
+ VMSTATE_STRUCT_ARRAY(pmm, PPC4xxPCIState, PPC4xx_PCI_NR_PMMS, 1,
+ vmstate_pci_master_map,
+ struct PCIMasterMap),
+ VMSTATE_STRUCT_ARRAY(ptm, PPC4xxPCIState, PPC4xx_PCI_NR_PTMS, 1,
+ vmstate_pci_target_map,
+ struct PCITargetMap),
+ VMSTATE_END_OF_LIST()
}
-
- return 0;
-}
+};
/* XXX Interrupt acknowledge cycles not supported. */
PCIBus *ppc4xx_pci_init(CPUState *env, qemu_irq pci_irqs[4],
@@ -381,8 +379,8 @@ PCIBus *ppc4xx_pci_init(CPUState *env, qemu_irq pci_irqs[4],
qemu_register_reset(ppc4xx_pci_reset, controller);
/* XXX load/save code not tested. */
- register_savevm(&controller->pci_dev->qdev, "ppc4xx_pci", ppc4xx_pci_id++,
- 1, ppc4xx_pci_save, ppc4xx_pci_load, controller);
+ vmstate_register(&controller->pci_dev->qdev, ppc4xx_pci_id++,
+ &vmstate_ppc4xx_pci, controller);
return controller->pci_state.bus;
diff --git a/hw/ppc_newworld.c b/hw/ppc_newworld.c
index b9245f0..86f1cfb 100644
--- a/hw/ppc_newworld.c
+++ b/hw/ppc_newworld.c
@@ -325,20 +325,13 @@ static void ppc_core99_init (ram_addr_t ram_size,
for(i = 0; i < nb_nics; i++)
pci_nic_init_nofail(&nd_table[i], "ne2k_pci", NULL);
- if (drive_get_max_bus(IF_IDE) >= MAX_IDE_BUS) {
- fprintf(stderr, "qemu: too many IDE bus\n");
- exit(1);
- }
+ ide_drive_get(hd, MAX_IDE_BUS);
dbdma = DBDMA_init(&dbdma_mem_index);
/* We only emulate 2 out of 3 IDE controllers for now */
ide_mem_index[0] = -1;
- hd[0] = drive_get(IF_IDE, 0, 0);
- hd[1] = drive_get(IF_IDE, 0, 1);
ide_mem_index[1] = pmac_ide_init(hd, pic[0x0d], dbdma, 0x16, pic[0x02]);
- hd[0] = drive_get(IF_IDE, 1, 0);
- hd[1] = drive_get(IF_IDE, 1, 1);
- ide_mem_index[2] = pmac_ide_init(hd, pic[0x0e], dbdma, 0x1a, pic[0x02]);
+ ide_mem_index[2] = pmac_ide_init(&hd[MAX_IDE_DEVS], pic[0x0e], dbdma, 0x1a, pic[0x02]);
/* cuda also initialize ADB */
if (machine_arch == ARCH_MAC99_U3) {
diff --git a/hw/ppc_oldworld.c b/hw/ppc_oldworld.c
index 8a4e088..75a3127 100644
--- a/hw/ppc_oldworld.c
+++ b/hw/ppc_oldworld.c
@@ -236,21 +236,16 @@ static void ppc_heathrow_init (ram_addr_t ram_size,
pci_nic_init_nofail(&nd_table[i], "ne2k_pci", NULL);
- if (drive_get_max_bus(IF_IDE) >= MAX_IDE_BUS) {
- fprintf(stderr, "qemu: too many IDE bus\n");
- exit(1);
- }
+ ide_drive_get(hd, MAX_IDE_BUS);
/* First IDE channel is a MAC IDE on the MacIO bus */
- hd[0] = drive_get(IF_IDE, 0, 0);
- hd[1] = drive_get(IF_IDE, 0, 1);
dbdma = DBDMA_init(&dbdma_mem_index);
ide_mem_index[0] = -1;
ide_mem_index[1] = pmac_ide_init(hd, pic[0x0D], dbdma, 0x16, pic[0x02]);
/* Second IDE channel is a CMD646 on the PCI bus */
- hd[0] = drive_get(IF_IDE, 1, 0);
- hd[1] = drive_get(IF_IDE, 1, 1);
+ hd[0] = hd[MAX_IDE_DEVS];
+ hd[1] = hd[MAX_IDE_DEVS + 1];
hd[3] = hd[2] = NULL;
pci_cmd646_ide_init(pci_bus, hd, 0);
diff --git a/hw/ppc_prep.c b/hw/ppc_prep.c
index 5615ef9..0e9cfc2 100644
--- a/hw/ppc_prep.c
+++ b/hw/ppc_prep.c
@@ -681,15 +681,7 @@ static void ppc_prep_init (ram_addr_t ram_size,
}
}
- if (drive_get_max_bus(IF_IDE) >= MAX_IDE_BUS) {
- fprintf(stderr, "qemu: too many IDE bus\n");
- exit(1);
- }
-
- for(i = 0; i < MAX_IDE_BUS * MAX_IDE_DEVS; i++) {
- hd[i] = drive_get(IF_IDE, i / MAX_IDE_DEVS, i % MAX_IDE_DEVS);
- }
-
+ ide_drive_get(hd, MAX_IDE_BUS);
for(i = 0; i < MAX_IDE_BUS; i++) {
isa_ide_init(ide_iobase[i], ide_iobase2[i], ide_irq[i],
hd[2 * i],
diff --git a/hw/ppce500_mpc8544ds.c b/hw/ppce500_mpc8544ds.c
index b7670ae..e111dda 100644
--- a/hw/ppce500_mpc8544ds.c
+++ b/hw/ppce500_mpc8544ds.c
@@ -268,8 +268,6 @@ static void mpc8544ds_init(ram_addr_t ram_size,
exit(1);
}
- cpu_synchronize_state(env);
-
/* Set initial guest state. */
env->gpr[1] = (16<<20) - 8;
env->gpr[3] = dt_base;
diff --git a/hw/ppce500_pci.c b/hw/ppce500_pci.c
index 11edd03..83a20e4 100644
--- a/hw/ppce500_pci.c
+++ b/hw/ppce500_pci.c
@@ -198,7 +198,7 @@ static int mpc85xx_pci_map_irq(PCIDevice *pci_dev, int irq_num)
ret = (irq_num + devno - 0x10) % 4;
break;
default:
- printf("Error:%s:unknow dev number\n", __func__);
+ printf("Error:%s:unknown dev number\n", __func__);
}
pci_debug("%s: devfn %x irq %d -> %d devno:%x\n", __func__,
@@ -216,56 +216,49 @@ static void mpc85xx_pci_set_irq(void *opaque, int irq_num, int level)
qemu_set_irq(pic[irq_num], level);
}
-static void ppce500_pci_save(QEMUFile *f, void *opaque)
-{
- PPCE500PCIState *controller = opaque;
- int i;
-
- pci_device_save(controller->pci_dev, f);
-
- for (i = 0; i < PPCE500_PCI_NR_POBS; i++) {
- qemu_put_be32s(f, &controller->pob[i].potar);
- qemu_put_be32s(f, &controller->pob[i].potear);
- qemu_put_be32s(f, &controller->pob[i].powbar);
- qemu_put_be32s(f, &controller->pob[i].powar);
- }
-
- for (i = 0; i < PPCE500_PCI_NR_PIBS; i++) {
- qemu_put_be32s(f, &controller->pib[i].pitar);
- qemu_put_be32s(f, &controller->pib[i].piwbar);
- qemu_put_be32s(f, &controller->pib[i].piwbear);
- qemu_put_be32s(f, &controller->pib[i].piwar);
+static const VMStateDescription vmstate_pci_outbound = {
+ .name = "pci_outbound",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(potar, struct pci_outbound),
+ VMSTATE_UINT32(potear, struct pci_outbound),
+ VMSTATE_UINT32(powbar, struct pci_outbound),
+ VMSTATE_UINT32(powar, struct pci_outbound),
+ VMSTATE_END_OF_LIST()
}
- qemu_put_be32s(f, &controller->gasket_time);
-}
-
-static int ppce500_pci_load(QEMUFile *f, void *opaque, int version_id)
-{
- PPCE500PCIState *controller = opaque;
- int i;
-
- if (version_id != 1)
- return -EINVAL;
-
- pci_device_load(controller->pci_dev, f);
+};
- for (i = 0; i < PPCE500_PCI_NR_POBS; i++) {
- qemu_get_be32s(f, &controller->pob[i].potar);
- qemu_get_be32s(f, &controller->pob[i].potear);
- qemu_get_be32s(f, &controller->pob[i].powbar);
- qemu_get_be32s(f, &controller->pob[i].powar);
+static const VMStateDescription vmstate_pci_inbound = {
+ .name = "pci_inbound",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(pitar, struct pci_inbound),
+ VMSTATE_UINT32(piwbar, struct pci_inbound),
+ VMSTATE_UINT32(piwbear, struct pci_inbound),
+ VMSTATE_UINT32(piwar, struct pci_inbound),
+ VMSTATE_END_OF_LIST()
}
+};
- for (i = 0; i < PPCE500_PCI_NR_PIBS; i++) {
- qemu_get_be32s(f, &controller->pib[i].pitar);
- qemu_get_be32s(f, &controller->pib[i].piwbar);
- qemu_get_be32s(f, &controller->pib[i].piwbear);
- qemu_get_be32s(f, &controller->pib[i].piwar);
+static const VMStateDescription vmstate_ppce500_pci = {
+ .name = "ppce500_pci",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_PCI_DEVICE_POINTER(pci_dev, PPCE500PCIState),
+ VMSTATE_STRUCT_ARRAY(pob, PPCE500PCIState, PPCE500_PCI_NR_POBS, 1,
+ vmstate_pci_outbound, struct pci_outbound),
+ VMSTATE_STRUCT_ARRAY(pib, PPCE500PCIState, PPCE500_PCI_NR_PIBS, 1,
+ vmstate_pci_outbound, struct pci_inbound),
+ VMSTATE_UINT32(gasket_time, PPCE500PCIState),
+ VMSTATE_END_OF_LIST()
}
- qemu_get_be32s(f, &controller->gasket_time);
-
- return 0;
-}
+};
PCIBus *ppce500_pci_init(qemu_irq pci_irqs[4], target_phys_addr_t registers)
{
@@ -314,8 +307,8 @@ PCIBus *ppce500_pci_init(qemu_irq pci_irqs[4], target_phys_addr_t registers)
PCIE500_REG_SIZE, index);
/* XXX load/save code not tested. */
- register_savevm(&d->qdev, "ppce500_pci", ppce500_pci_id++,
- 1, ppce500_pci_save, ppce500_pci_load, controller);
+ vmstate_register(&d->qdev, ppce500_pci_id++, &vmstate_ppce500_pci,
+ controller);
return controller->pci_state.bus;
diff --git a/hw/ptimer.c b/hw/ptimer.c
index e68c1d1..47964a6 100644
--- a/hw/ptimer.c
+++ b/hw/ptimer.c
@@ -11,7 +11,7 @@
struct ptimer_state
{
- int enabled; /* 0 = disabled, 1 = periodic, 2 = oneshot. */
+ uint8_t enabled; /* 0 = disabled, 1 = periodic, 2 = oneshot. */
uint64_t limit;
uint64_t delta;
uint32_t period_frac;
@@ -188,49 +188,22 @@ void ptimer_set_limit(ptimer_state *s, uint64_t limit, int reload)
}
}
-void qemu_put_ptimer(QEMUFile *f, ptimer_state *s)
-{
- qemu_put_byte(f, s->enabled);
- qemu_put_be64s(f, &s->limit);
- qemu_put_be64s(f, &s->delta);
- qemu_put_be32s(f, &s->period_frac);
- qemu_put_sbe64s(f, &s->period);
- qemu_put_sbe64s(f, &s->last_event);
- qemu_put_sbe64s(f, &s->next_event);
- qemu_put_timer(f, s->timer);
-}
-
-void qemu_get_ptimer(QEMUFile *f, ptimer_state *s)
-{
- s->enabled = qemu_get_byte(f);
- qemu_get_be64s(f, &s->limit);
- qemu_get_be64s(f, &s->delta);
- qemu_get_be32s(f, &s->period_frac);
- qemu_get_sbe64s(f, &s->period);
- qemu_get_sbe64s(f, &s->last_event);
- qemu_get_sbe64s(f, &s->next_event);
- qemu_get_timer(f, s->timer);
-}
-
-static int get_ptimer(QEMUFile *f, void *pv, size_t size)
-{
- ptimer_state *v = pv;
-
- qemu_get_ptimer(f, v);
- return 0;
-}
-
-static void put_ptimer(QEMUFile *f, void *pv, size_t size)
-{
- ptimer_state *v = pv;
-
- qemu_put_ptimer(f, v);
-}
-
-const VMStateInfo vmstate_info_ptimer = {
+const VMStateDescription vmstate_ptimer = {
.name = "ptimer",
- .get = get_ptimer,
- .put = put_ptimer,
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8(enabled, ptimer_state),
+ VMSTATE_UINT64(limit, ptimer_state),
+ VMSTATE_UINT64(delta, ptimer_state),
+ VMSTATE_UINT32(period_frac, ptimer_state),
+ VMSTATE_INT64(period, ptimer_state),
+ VMSTATE_INT64(last_event, ptimer_state),
+ VMSTATE_INT64(next_event, ptimer_state),
+ VMSTATE_TIMER(timer, ptimer_state),
+ VMSTATE_END_OF_LIST()
+ }
};
ptimer_state *ptimer_init(QEMUBH *bh)
diff --git a/hw/pxa2xx.c b/hw/pxa2xx.c
index 9b95e2c..ac5d95d 100644
--- a/hw/pxa2xx.c
+++ b/hw/pxa2xx.c
@@ -146,25 +146,16 @@ static CPUWriteMemoryFunc * const pxa2xx_pm_writefn[] = {
pxa2xx_pm_write,
};
-static void pxa2xx_pm_save(QEMUFile *f, void *opaque)
-{
- PXA2xxState *s = (PXA2xxState *) opaque;
- int i;
-
- for (i = 0; i < 0x40; i ++)
- qemu_put_be32s(f, &s->pm_regs[i]);
-}
-
-static int pxa2xx_pm_load(QEMUFile *f, void *opaque, int version_id)
-{
- PXA2xxState *s = (PXA2xxState *) opaque;
- int i;
-
- for (i = 0; i < 0x40; i ++)
- qemu_get_be32s(f, &s->pm_regs[i]);
-
- return 0;
-}
+static const VMStateDescription vmstate_pxa2xx_pm = {
+ .name = "pxa2xx_pm",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(pm_regs, PXA2xxState, 0x40),
+ VMSTATE_END_OF_LIST()
+ }
+};
#define CCCR 0x00 /* Core Clock Configuration register */
#define CKEN 0x04 /* Clock Enable register */
@@ -227,29 +218,18 @@ static CPUWriteMemoryFunc * const pxa2xx_cm_writefn[] = {
pxa2xx_cm_write,
};
-static void pxa2xx_cm_save(QEMUFile *f, void *opaque)
-{
- PXA2xxState *s = (PXA2xxState *) opaque;
- int i;
-
- for (i = 0; i < 4; i ++)
- qemu_put_be32s(f, &s->cm_regs[i]);
- qemu_put_be32s(f, &s->clkcfg);
- qemu_put_be32s(f, &s->pmnc);
-}
-
-static int pxa2xx_cm_load(QEMUFile *f, void *opaque, int version_id)
-{
- PXA2xxState *s = (PXA2xxState *) opaque;
- int i;
-
- for (i = 0; i < 4; i ++)
- qemu_get_be32s(f, &s->cm_regs[i]);
- qemu_get_be32s(f, &s->clkcfg);
- qemu_get_be32s(f, &s->pmnc);
-
- return 0;
-}
+static const VMStateDescription vmstate_pxa2xx_cm = {
+ .name = "pxa2xx_cm",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(cm_regs, PXA2xxState, 4),
+ VMSTATE_UINT32(clkcfg, PXA2xxState),
+ VMSTATE_UINT32(pmnc, PXA2xxState),
+ VMSTATE_END_OF_LIST()
+ }
+};
static uint32_t pxa2xx_clkpwr_read(void *opaque, int op2, int reg, int crm)
{
@@ -527,25 +507,16 @@ static CPUWriteMemoryFunc * const pxa2xx_mm_writefn[] = {
pxa2xx_mm_write,
};
-static void pxa2xx_mm_save(QEMUFile *f, void *opaque)
-{
- PXA2xxState *s = (PXA2xxState *) opaque;
- int i;
-
- for (i = 0; i < 0x1a; i ++)
- qemu_put_be32s(f, &s->mm_regs[i]);
-}
-
-static int pxa2xx_mm_load(QEMUFile *f, void *opaque, int version_id)
-{
- PXA2xxState *s = (PXA2xxState *) opaque;
- int i;
-
- for (i = 0; i < 0x1a; i ++)
- qemu_get_be32s(f, &s->mm_regs[i]);
-
- return 0;
-}
+static const VMStateDescription vmstate_pxa2xx_mm = {
+ .name = "pxa2xx_mm",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(mm_regs, PXA2xxState, 0x1a),
+ VMSTATE_END_OF_LIST()
+ }
+};
/* Synchronous Serial Ports */
typedef struct {
@@ -1748,39 +1719,23 @@ static CPUWriteMemoryFunc * const pxa2xx_i2s_writefn[] = {
pxa2xx_i2s_write,
};
-static void pxa2xx_i2s_save(QEMUFile *f, void *opaque)
-{
- PXA2xxI2SState *s = (PXA2xxI2SState *) opaque;
-
- qemu_put_be32s(f, &s->control[0]);
- qemu_put_be32s(f, &s->control[1]);
- qemu_put_be32s(f, &s->status);
- qemu_put_be32s(f, &s->mask);
- qemu_put_be32s(f, &s->clk);
-
- qemu_put_be32(f, s->enable);
- qemu_put_be32(f, s->rx_len);
- qemu_put_be32(f, s->tx_len);
- qemu_put_be32(f, s->fifo_len);
-}
-
-static int pxa2xx_i2s_load(QEMUFile *f, void *opaque, int version_id)
-{
- PXA2xxI2SState *s = (PXA2xxI2SState *) opaque;
-
- qemu_get_be32s(f, &s->control[0]);
- qemu_get_be32s(f, &s->control[1]);
- qemu_get_be32s(f, &s->status);
- qemu_get_be32s(f, &s->mask);
- qemu_get_be32s(f, &s->clk);
-
- s->enable = qemu_get_be32(f);
- s->rx_len = qemu_get_be32(f);
- s->tx_len = qemu_get_be32(f);
- s->fifo_len = qemu_get_be32(f);
-
- return 0;
-}
+static const VMStateDescription vmstate_pxa2xx_i2s = {
+ .name = "pxa2xx_i2s",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(control, PXA2xxI2SState, 2),
+ VMSTATE_UINT32(status, PXA2xxI2SState),
+ VMSTATE_UINT32(mask, PXA2xxI2SState),
+ VMSTATE_UINT32(clk, PXA2xxI2SState),
+ VMSTATE_INT32(enable, PXA2xxI2SState),
+ VMSTATE_INT32(rx_len, PXA2xxI2SState),
+ VMSTATE_INT32(tx_len, PXA2xxI2SState),
+ VMSTATE_INT32(fifo_len, PXA2xxI2SState),
+ VMSTATE_END_OF_LIST()
+ }
+};
static void pxa2xx_i2s_data_req(void *opaque, int tx, int rx)
{
@@ -1822,8 +1777,7 @@ static PXA2xxI2SState *pxa2xx_i2s_init(target_phys_addr_t base,
pxa2xx_i2s_writefn, s, DEVICE_NATIVE_ENDIAN);
cpu_register_physical_memory(base, 0x100000, iomemtype);
- register_savevm(NULL, "pxa2xx_i2s", base, 0,
- pxa2xx_i2s_save, pxa2xx_i2s_load, s);
+ vmstate_register(NULL, base, &vmstate_pxa2xx_i2s, s);
return s;
}
@@ -2188,7 +2142,7 @@ PXA2xxState *pxa270_init(unsigned int sdram_size, const char *revision)
iomemtype = cpu_register_io_memory(pxa2xx_cm_readfn,
pxa2xx_cm_writefn, s, DEVICE_NATIVE_ENDIAN);
cpu_register_physical_memory(s->cm_base, 0x1000, iomemtype);
- register_savevm(NULL, "pxa2xx_cm", 0, 0, pxa2xx_cm_save, pxa2xx_cm_load, s);
+ vmstate_register(NULL, 0, &vmstate_pxa2xx_cm, s);
cpu_arm_set_cp_io(s->env, 14, pxa2xx_cp14_read, pxa2xx_cp14_write, s);
@@ -2199,13 +2153,13 @@ PXA2xxState *pxa270_init(unsigned int sdram_size, const char *revision)
iomemtype = cpu_register_io_memory(pxa2xx_mm_readfn,
pxa2xx_mm_writefn, s, DEVICE_NATIVE_ENDIAN);
cpu_register_physical_memory(s->mm_base, 0x1000, iomemtype);
- register_savevm(NULL, "pxa2xx_mm", 0, 0, pxa2xx_mm_save, pxa2xx_mm_load, s);
+ vmstate_register(NULL, 0, &vmstate_pxa2xx_mm, s);
s->pm_base = 0x40f00000;
iomemtype = cpu_register_io_memory(pxa2xx_pm_readfn,
pxa2xx_pm_writefn, s, DEVICE_NATIVE_ENDIAN);
cpu_register_physical_memory(s->pm_base, 0x100, iomemtype);
- register_savevm(NULL, "pxa2xx_pm", 0, 0, pxa2xx_pm_save, pxa2xx_pm_load, s);
+ vmstate_register(NULL, 0, &vmstate_pxa2xx_pm, s);
for (i = 0; pxa27x_ssp[i].io_base; i ++);
s->ssp = (SSIBus **)qemu_mallocz(sizeof(SSIBus *) * i);
@@ -2324,7 +2278,7 @@ PXA2xxState *pxa255_init(unsigned int sdram_size)
iomemtype = cpu_register_io_memory(pxa2xx_cm_readfn,
pxa2xx_cm_writefn, s, DEVICE_NATIVE_ENDIAN);
cpu_register_physical_memory(s->cm_base, 0x1000, iomemtype);
- register_savevm(NULL, "pxa2xx_cm", 0, 0, pxa2xx_cm_save, pxa2xx_cm_load, s);
+ vmstate_register(NULL, 0, &vmstate_pxa2xx_cm, s);
cpu_arm_set_cp_io(s->env, 14, pxa2xx_cp14_read, pxa2xx_cp14_write, s);
@@ -2335,13 +2289,13 @@ PXA2xxState *pxa255_init(unsigned int sdram_size)
iomemtype = cpu_register_io_memory(pxa2xx_mm_readfn,
pxa2xx_mm_writefn, s, DEVICE_NATIVE_ENDIAN);
cpu_register_physical_memory(s->mm_base, 0x1000, iomemtype);
- register_savevm(NULL, "pxa2xx_mm", 0, 0, pxa2xx_mm_save, pxa2xx_mm_load, s);
+ vmstate_register(NULL, 0, &vmstate_pxa2xx_mm, s);
s->pm_base = 0x40f00000;
iomemtype = cpu_register_io_memory(pxa2xx_pm_readfn,
pxa2xx_pm_writefn, s, DEVICE_NATIVE_ENDIAN);
cpu_register_physical_memory(s->pm_base, 0x100, iomemtype);
- register_savevm(NULL, "pxa2xx_pm", 0, 0, pxa2xx_pm_save, pxa2xx_pm_load, s);
+ vmstate_register(NULL, 0, &vmstate_pxa2xx_pm, s);
for (i = 0; pxa255_ssp[i].io_base; i ++);
s->ssp = (SSIBus **)qemu_mallocz(sizeof(SSIBus *) * i);
diff --git a/hw/pxa2xx_keypad.c b/hw/pxa2xx_keypad.c
index d77dbf1..10ef154 100644
--- a/hw/pxa2xx_keypad.c
+++ b/hw/pxa2xx_keypad.c
@@ -289,40 +289,22 @@ static CPUWriteMemoryFunc * const pxa2xx_keypad_writefn[] = {
pxa2xx_keypad_write
};
-static void pxa2xx_keypad_save(QEMUFile *f, void *opaque)
-{
- PXA2xxKeyPadState *s = (PXA2xxKeyPadState *) opaque;
-
- qemu_put_be32s(f, &s->kpc);
- qemu_put_be32s(f, &s->kpdk);
- qemu_put_be32s(f, &s->kprec);
- qemu_put_be32s(f, &s->kpmk);
- qemu_put_be32s(f, &s->kpas);
- qemu_put_be32s(f, &s->kpasmkp[0]);
- qemu_put_be32s(f, &s->kpasmkp[1]);
- qemu_put_be32s(f, &s->kpasmkp[2]);
- qemu_put_be32s(f, &s->kpasmkp[3]);
- qemu_put_be32s(f, &s->kpkdi);
-
-}
-
-static int pxa2xx_keypad_load(QEMUFile *f, void *opaque, int version_id)
-{
- PXA2xxKeyPadState *s = (PXA2xxKeyPadState *) opaque;
-
- qemu_get_be32s(f, &s->kpc);
- qemu_get_be32s(f, &s->kpdk);
- qemu_get_be32s(f, &s->kprec);
- qemu_get_be32s(f, &s->kpmk);
- qemu_get_be32s(f, &s->kpas);
- qemu_get_be32s(f, &s->kpasmkp[0]);
- qemu_get_be32s(f, &s->kpasmkp[1]);
- qemu_get_be32s(f, &s->kpasmkp[2]);
- qemu_get_be32s(f, &s->kpasmkp[3]);
- qemu_get_be32s(f, &s->kpkdi);
-
- return 0;
-}
+static const VMStateDescription vmstate_pxa2xx_keypad = {
+ .name = "pxa2xx_keypad",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(kpc, PXA2xxKeyPadState),
+ VMSTATE_UINT32(kpdk, PXA2xxKeyPadState),
+ VMSTATE_UINT32(kprec, PXA2xxKeyPadState),
+ VMSTATE_UINT32(kpmk, PXA2xxKeyPadState),
+ VMSTATE_UINT32(kpas, PXA2xxKeyPadState),
+ VMSTATE_UINT32_ARRAY(kpasmkp, PXA2xxKeyPadState, 4),
+ VMSTATE_UINT32(kpkdi, PXA2xxKeyPadState),
+ VMSTATE_END_OF_LIST()
+ }
+};
PXA2xxKeyPadState *pxa27x_keypad_init(target_phys_addr_t base,
qemu_irq irq)
@@ -337,8 +319,7 @@ PXA2xxKeyPadState *pxa27x_keypad_init(target_phys_addr_t base,
pxa2xx_keypad_writefn, s, DEVICE_NATIVE_ENDIAN);
cpu_register_physical_memory(base, 0x00100000, iomemtype);
- register_savevm(NULL, "pxa2xx_keypad", 0, 0,
- pxa2xx_keypad_save, pxa2xx_keypad_load, s);
+ vmstate_register(NULL, 0, &vmstate_pxa2xx_keypad, s);
return s;
}
diff --git a/hw/pxa2xx_lcd.c b/hw/pxa2xx_lcd.c
index 5b2b07e..e524802 100644
--- a/hw/pxa2xx_lcd.c
+++ b/hw/pxa2xx_lcd.c
@@ -15,6 +15,20 @@
#include "sysemu.h"
#include "framebuffer.h"
+struct DMAChannel {
+ target_phys_addr_t branch;
+ uint8_t up;
+ uint8_t palette[1024];
+ uint8_t pbuffer[1024];
+ void (*redraw)(PXA2xxLCDState *s, target_phys_addr_t addr,
+ int *miny, int *maxy);
+
+ target_phys_addr_t descriptor;
+ target_phys_addr_t source;
+ uint32_t id;
+ uint32_t command;
+};
+
struct PXA2xxLCDState {
qemu_irq irq;
int irqlevel;
@@ -50,19 +64,7 @@ struct PXA2xxLCDState {
uint32_t liidr;
uint8_t bscntr;
- struct {
- target_phys_addr_t branch;
- int up;
- uint8_t palette[1024];
- uint8_t pbuffer[1024];
- void (*redraw)(PXA2xxLCDState *s, target_phys_addr_t addr,
- int *miny, int *maxy);
-
- target_phys_addr_t descriptor;
- target_phys_addr_t source;
- uint32_t id;
- uint32_t command;
- } dma_ch[7];
+ struct DMAChannel dma_ch[7];
qemu_irq vsync_cb;
int orientation;
@@ -831,74 +833,26 @@ static void pxa2xx_lcdc_orientation(void *opaque, int angle)
pxa2xx_lcdc_resize(s);
}
-static void pxa2xx_lcdc_save(QEMUFile *f, void *opaque)
-{
- PXA2xxLCDState *s = (PXA2xxLCDState *) opaque;
- int i;
-
- qemu_put_be32(f, s->irqlevel);
- qemu_put_be32(f, s->transp);
-
- for (i = 0; i < 6; i ++)
- qemu_put_be32s(f, &s->control[i]);
- for (i = 0; i < 2; i ++)
- qemu_put_be32s(f, &s->status[i]);
- for (i = 0; i < 2; i ++)
- qemu_put_be32s(f, &s->ovl1c[i]);
- for (i = 0; i < 2; i ++)
- qemu_put_be32s(f, &s->ovl2c[i]);
- qemu_put_be32s(f, &s->ccr);
- qemu_put_be32s(f, &s->cmdcr);
- qemu_put_be32s(f, &s->trgbr);
- qemu_put_be32s(f, &s->tcr);
- qemu_put_be32s(f, &s->liidr);
- qemu_put_8s(f, &s->bscntr);
-
- for (i = 0; i < 7; i ++) {
- qemu_put_betl(f, s->dma_ch[i].branch);
- qemu_put_byte(f, s->dma_ch[i].up);
- qemu_put_buffer(f, s->dma_ch[i].pbuffer, sizeof(s->dma_ch[i].pbuffer));
-
- qemu_put_betl(f, s->dma_ch[i].descriptor);
- qemu_put_betl(f, s->dma_ch[i].source);
- qemu_put_be32s(f, &s->dma_ch[i].id);
- qemu_put_be32s(f, &s->dma_ch[i].command);
+static const VMStateDescription vmstate_dma_channel = {
+ .name = "dma_channel",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINTTL(branch, struct DMAChannel),
+ VMSTATE_UINT8(up, struct DMAChannel),
+ VMSTATE_BUFFER(pbuffer, struct DMAChannel),
+ VMSTATE_UINTTL(descriptor, struct DMAChannel),
+ VMSTATE_UINTTL(source, struct DMAChannel),
+ VMSTATE_UINT32(id, struct DMAChannel),
+ VMSTATE_UINT32(command, struct DMAChannel),
+ VMSTATE_END_OF_LIST()
}
-}
+};
-static int pxa2xx_lcdc_load(QEMUFile *f, void *opaque, int version_id)
+static int pxa2xx_lcdc_post_load(void *opaque, int version_id)
{
- PXA2xxLCDState *s = (PXA2xxLCDState *) opaque;
- int i;
-
- s->irqlevel = qemu_get_be32(f);
- s->transp = qemu_get_be32(f);
-
- for (i = 0; i < 6; i ++)
- qemu_get_be32s(f, &s->control[i]);
- for (i = 0; i < 2; i ++)
- qemu_get_be32s(f, &s->status[i]);
- for (i = 0; i < 2; i ++)
- qemu_get_be32s(f, &s->ovl1c[i]);
- for (i = 0; i < 2; i ++)
- qemu_get_be32s(f, &s->ovl2c[i]);
- qemu_get_be32s(f, &s->ccr);
- qemu_get_be32s(f, &s->cmdcr);
- qemu_get_be32s(f, &s->trgbr);
- qemu_get_be32s(f, &s->tcr);
- qemu_get_be32s(f, &s->liidr);
- qemu_get_8s(f, &s->bscntr);
-
- for (i = 0; i < 7; i ++) {
- s->dma_ch[i].branch = qemu_get_betl(f);
- s->dma_ch[i].up = qemu_get_byte(f);
- qemu_get_buffer(f, s->dma_ch[i].pbuffer, sizeof(s->dma_ch[i].pbuffer));
-
- s->dma_ch[i].descriptor = qemu_get_betl(f);
- s->dma_ch[i].source = qemu_get_betl(f);
- qemu_get_be32s(f, &s->dma_ch[i].id);
- qemu_get_be32s(f, &s->dma_ch[i].command);
- }
+ PXA2xxLCDState *s = opaque;
s->bpp = LCCR3_BPP(s->control[3]);
s->xres = s->yres = s->pal_for = -1;
@@ -906,6 +860,31 @@ static int pxa2xx_lcdc_load(QEMUFile *f, void *opaque, int version_id)
return 0;
}
+static const VMStateDescription vmstate_pxa2xx_lcdc = {
+ .name = "pxa2xx_lcdc",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .post_load = pxa2xx_lcdc_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_INT32(irqlevel, PXA2xxLCDState),
+ VMSTATE_INT32(transp, PXA2xxLCDState),
+ VMSTATE_UINT32_ARRAY(control, PXA2xxLCDState, 6),
+ VMSTATE_UINT32_ARRAY(status, PXA2xxLCDState, 2),
+ VMSTATE_UINT32_ARRAY(ovl1c, PXA2xxLCDState, 2),
+ VMSTATE_UINT32_ARRAY(ovl2c, PXA2xxLCDState, 2),
+ VMSTATE_UINT32(ccr, PXA2xxLCDState),
+ VMSTATE_UINT32(cmdcr, PXA2xxLCDState),
+ VMSTATE_UINT32(trgbr, PXA2xxLCDState),
+ VMSTATE_UINT32(tcr, PXA2xxLCDState),
+ VMSTATE_UINT32(liidr, PXA2xxLCDState),
+ VMSTATE_UINT8(bscntr, PXA2xxLCDState),
+ VMSTATE_STRUCT_ARRAY(dma_ch, PXA2xxLCDState, 7, 0,
+ vmstate_dma_channel, struct DMAChannel),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
#define BITS 8
#include "pxa2xx_template.h"
#define BITS 15
@@ -970,8 +949,7 @@ PXA2xxLCDState *pxa2xx_lcdc_init(target_phys_addr_t base, qemu_irq irq)
exit(1);
}
- register_savevm(NULL, "pxa2xx_lcdc", 0, 0,
- pxa2xx_lcdc_save, pxa2xx_lcdc_load, s);
+ vmstate_register(NULL, 0, &vmstate_pxa2xx_lcdc, s);
return s;
}
diff --git a/hw/qdev-properties.c b/hw/qdev-properties.c
index 1088a26..eff2d24 100644
--- a/hw/qdev-properties.c
+++ b/hw/qdev-properties.c
@@ -354,10 +354,10 @@ static int parse_chr(DeviceState *dev, Property *prop, const char *str)
if (*ptr == NULL) {
return -ENOENT;
}
- if ((*ptr)->assigned) {
+ if ((*ptr)->avail_connections < 1) {
return -EEXIST;
}
- (*ptr)->assigned = 1;
+ --(*ptr)->avail_connections;
return 0;
}
diff --git a/hw/qdev.c b/hw/qdev.c
index 1aa1ea0..9519f5d 100644
--- a/hw/qdev.c
+++ b/hw/qdev.c
@@ -358,7 +358,8 @@ int qdev_simple_unplug_cb(DeviceState *dev)
return 0;
}
-/* Like qdev_init(), but terminate program via hw_error() instead of
+
+/* Like qdev_init(), but terminate program via error_report() instead of
returning an error value. This is okay during machine creation.
Don't use for hotplug, because there callers need to recover from
failure. Exception: if you know the device's init() callback can't
diff --git a/hw/rc4030.c b/hw/rc4030.c
index d30230a..6563336 100644
--- a/hw/rc4030.c
+++ b/hw/rc4030.c
@@ -307,7 +307,7 @@ static void rc4030_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
if (s->cache_ltag == 0x80000001 && s->cache_bmask == 0xf0f0f0f) {
target_phys_addr_t dest = s->cache_ptag & ~0x1;
dest += (s->cache_maint & 0x3) << 3;
- cpu_physical_memory_rw(dest, (uint8_t*)&val, 4, 1);
+ cpu_physical_memory_write(dest, &val, 4);
}
break;
/* Remote Speed Registers */
@@ -704,7 +704,7 @@ void rc4030_dma_memory_rw(void *opaque, target_phys_addr_t addr, uint8_t *buf, i
entry_addr = s->dma_tl_base + index * sizeof(dma_pagetable_entry);
/* XXX: not sure. should we really use only lowest bits? */
entry_addr &= 0x7fffffff;
- cpu_physical_memory_rw(entry_addr, (uint8_t *)&entry, sizeof(entry), 0);
+ cpu_physical_memory_read(entry_addr, &entry, sizeof(entry));
/* Read/write data at right place */
phys_addr = entry.frame + (addr & (DMA_PAGESIZE - 1));
diff --git a/hw/realview.c b/hw/realview.c
index a67861e..96fb9da 100644
--- a/hw/realview.c
+++ b/hw/realview.c
@@ -288,8 +288,8 @@ static void realview_init(ram_addr_t ram_size,
for(n = 0; n < nb_nics; n++) {
nd = &nd_table[n];
- if ((!nd->model && !done_nic)
- || strcmp(nd->model, is_pb ? "lan9118" : "smc91c111") == 0) {
+ if (!done_nic && (!nd->model ||
+ strcmp(nd->model, is_pb ? "lan9118" : "smc91c111") == 0)) {
if (is_pb) {
lan9118_init(nd, 0x4e000000, pic[28]);
} else {
diff --git a/hw/rtl8139.c b/hw/rtl8139.c
index 822038d..c7c7a3c 100644
--- a/hw/rtl8139.c
+++ b/hw/rtl8139.c
@@ -85,9 +85,13 @@
#define VLAN_HLEN (ETHER_TYPE_LEN + VLAN_TCI_LEN)
#if defined (DEBUG_RTL8139)
-# define DEBUG_PRINT(x) do { printf x ; } while (0)
+# define DPRINTF(fmt, ...) \
+ do { fprintf(stderr, "RTL8139: " fmt, ## __VA_ARGS__); } while (0)
#else
-# define DEBUG_PRINT(x)
+static inline GCC_FMT_ATTR(1, 2) int DPRINTF(const char *fmt, ...)
+{
+ return 0;
+}
#endif
/* Symbolic offsets to registers. */
@@ -510,7 +514,7 @@ static void rtl8139_set_next_tctr_time(RTL8139State *s, int64_t current_time);
static void prom9346_decode_command(EEprom9346 *eeprom, uint8_t command)
{
- DEBUG_PRINT(("RTL8139: eeprom command 0x%02x\n", command));
+ DPRINTF("eeprom command 0x%02x\n", command);
switch (command & Chip9346_op_mask)
{
@@ -521,8 +525,8 @@ static void prom9346_decode_command(EEprom9346 *eeprom, uint8_t command)
eeprom->eedo = 0;
eeprom->tick = 0;
eeprom->mode = Chip9346_data_read;
- DEBUG_PRINT(("RTL8139: eeprom read from address 0x%02x data=0x%04x\n",
- eeprom->address, eeprom->output));
+ DPRINTF("eeprom read from address 0x%02x data=0x%04x\n",
+ eeprom->address, eeprom->output);
}
break;
@@ -532,8 +536,8 @@ static void prom9346_decode_command(EEprom9346 *eeprom, uint8_t command)
eeprom->input = 0;
eeprom->tick = 0;
eeprom->mode = Chip9346_none; /* Chip9346_data_write */
- DEBUG_PRINT(("RTL8139: eeprom begin write to address 0x%02x\n",
- eeprom->address));
+ DPRINTF("eeprom begin write to address 0x%02x\n",
+ eeprom->address);
}
break;
default:
@@ -541,13 +545,13 @@ static void prom9346_decode_command(EEprom9346 *eeprom, uint8_t command)
switch (command & Chip9346_op_ext_mask)
{
case Chip9346_op_write_enable:
- DEBUG_PRINT(("RTL8139: eeprom write enabled\n"));
+ DPRINTF("eeprom write enabled\n");
break;
case Chip9346_op_write_all:
- DEBUG_PRINT(("RTL8139: eeprom begin write all\n"));
+ DPRINTF("eeprom begin write all\n");
break;
case Chip9346_op_write_disable:
- DEBUG_PRINT(("RTL8139: eeprom write disabled\n"));
+ DPRINTF("eeprom write disabled\n");
break;
}
break;
@@ -560,7 +564,8 @@ static void prom9346_shift_clock(EEprom9346 *eeprom)
++ eeprom->tick;
- DEBUG_PRINT(("eeprom: tick %d eedi=%d eedo=%d\n", eeprom->tick, eeprom->eedi, eeprom->eedo));
+ DPRINTF("eeprom: tick %d eedi=%d eedo=%d\n", eeprom->tick, eeprom->eedi,
+ eeprom->eedo);
switch (eeprom->mode)
{
@@ -570,7 +575,7 @@ static void prom9346_shift_clock(EEprom9346 *eeprom)
eeprom->mode = Chip9346_read_command;
eeprom->tick = 0;
eeprom->input = 0;
- DEBUG_PRINT(("eeprom: +++ synchronized, begin command read\n"));
+ DPRINTF("eeprom: +++ synchronized, begin command read\n");
}
break;
@@ -595,7 +600,7 @@ static void prom9346_shift_clock(EEprom9346 *eeprom)
eeprom->input = 0;
eeprom->tick = 0;
- DEBUG_PRINT(("eeprom: +++ end of read, awaiting next command\n"));
+ DPRINTF("eeprom: +++ end of read, awaiting next command\n");
#else
// original behaviour
++eeprom->address;
@@ -603,8 +608,8 @@ static void prom9346_shift_clock(EEprom9346 *eeprom)
eeprom->output = eeprom->contents[eeprom->address];
eeprom->tick = 0;
- DEBUG_PRINT(("eeprom: +++ read next address 0x%02x data=0x%04x\n",
- eeprom->address, eeprom->output));
+ DPRINTF("eeprom: +++ read next address 0x%02x data=0x%04x\n",
+ eeprom->address, eeprom->output);
#endif
}
break;
@@ -613,8 +618,8 @@ static void prom9346_shift_clock(EEprom9346 *eeprom)
eeprom->input = (eeprom->input << 1) | (bit & 1);
if (eeprom->tick == 16)
{
- DEBUG_PRINT(("RTL8139: eeprom write to address 0x%02x data=0x%04x\n",
- eeprom->address, eeprom->input));
+ DPRINTF("eeprom write to address 0x%02x data=0x%04x\n",
+ eeprom->address, eeprom->input);
eeprom->contents[eeprom->address] = eeprom->input;
eeprom->mode = Chip9346_none; /* waiting for next command after CS cycle */
@@ -632,8 +637,7 @@ static void prom9346_shift_clock(EEprom9346 *eeprom)
{
eeprom->contents[i] = eeprom->input;
}
- DEBUG_PRINT(("RTL8139: eeprom filled with data=0x%04x\n",
- eeprom->input));
+ DPRINTF("eeprom filled with data=0x%04x\n", eeprom->input);
eeprom->mode = Chip9346_enter_command_mode;
eeprom->tick = 0;
@@ -666,8 +670,8 @@ static void prom9346_set_wire(RTL8139State *s, int eecs, int eesk, int eedi)
eeprom->eesk = eesk;
eeprom->eedi = eedi;
- DEBUG_PRINT(("eeprom: +++ wires CS=%d SK=%d DI=%d DO=%d\n",
- eeprom->eecs, eeprom->eesk, eeprom->eedi, eeprom->eedo));
+ DPRINTF("eeprom: +++ wires CS=%d SK=%d DI=%d DO=%d\n", eeprom->eecs,
+ eeprom->eesk, eeprom->eedi, eeprom->eedo);
if (!old_eecs && eecs)
{
@@ -677,12 +681,12 @@ static void prom9346_set_wire(RTL8139State *s, int eecs, int eesk, int eedi)
eeprom->output = 0;
eeprom->mode = Chip9346_enter_command_mode;
- DEBUG_PRINT(("=== eeprom: begin access, enter command mode\n"));
+ DPRINTF("=== eeprom: begin access, enter command mode\n");
}
if (!eecs)
{
- DEBUG_PRINT(("=== eeprom: end access\n"));
+ DPRINTF("=== eeprom: end access\n");
return;
}
@@ -698,8 +702,8 @@ static void rtl8139_update_irq(RTL8139State *s)
int isr;
isr = (s->IntrStatus & s->IntrMask) & 0xffff;
- DEBUG_PRINT(("RTL8139: Set IRQ to %d (%04x %04x)\n",
- isr ? 1 : 0, s->IntrStatus, s->IntrMask));
+ DPRINTF("Set IRQ to %d (%04x %04x)\n", isr ? 1 : 0, s->IntrStatus,
+ s->IntrMask);
qemu_set_irq(s->dev.irq[0], (isr != 0));
}
@@ -763,7 +767,7 @@ static void rtl8139_write_buffer(RTL8139State *s, const void *buf, int size)
/* write packet data */
if (wrapped && !(s->RxBufferSize < 65536 && rtl8139_RxWrap(s)))
{
- DEBUG_PRINT((">>> RTL8139: rx packet wrapped in buffer at %d\n", size-wrapped));
+ DPRINTF(">>> rx packet wrapped in buffer at %d\n", size - wrapped);
if (size > wrapped)
{
@@ -834,12 +838,12 @@ static ssize_t rtl8139_do_receive(VLANClientState *nc, const uint8_t *buf, size_
static const uint8_t broadcast_macaddr[6] =
{ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
- DEBUG_PRINT((">>> RTL8139: received len=%d\n", size));
+ DPRINTF(">>> received len=%d\n", size);
/* test if board clock is stopped */
if (!s->clock_enabled)
{
- DEBUG_PRINT(("RTL8139: stopped ==========================\n"));
+ DPRINTF("stopped ==========================\n");
return -1;
}
@@ -847,21 +851,21 @@ static ssize_t rtl8139_do_receive(VLANClientState *nc, const uint8_t *buf, size_
if (!rtl8139_receiver_enabled(s))
{
- DEBUG_PRINT(("RTL8139: receiver disabled ================\n"));
+ DPRINTF("receiver disabled ================\n");
return -1;
}
/* XXX: check this */
if (s->RxConfig & AcceptAllPhys) {
/* promiscuous: receive all */
- DEBUG_PRINT((">>> RTL8139: packet received in promiscuous mode\n"));
+ DPRINTF(">>> packet received in promiscuous mode\n");
} else {
if (!memcmp(buf, broadcast_macaddr, 6)) {
/* broadcast address */
if (!(s->RxConfig & AcceptBroadcast))
{
- DEBUG_PRINT((">>> RTL8139: broadcast packet rejected\n"));
+ DPRINTF(">>> broadcast packet rejected\n");
/* update tally counter */
++s->tally_counters.RxERR;
@@ -871,7 +875,7 @@ static ssize_t rtl8139_do_receive(VLANClientState *nc, const uint8_t *buf, size_
packet_header |= RxBroadcast;
- DEBUG_PRINT((">>> RTL8139: broadcast packet received\n"));
+ DPRINTF(">>> broadcast packet received\n");
/* update tally counter */
++s->tally_counters.RxOkBrd;
@@ -880,7 +884,7 @@ static ssize_t rtl8139_do_receive(VLANClientState *nc, const uint8_t *buf, size_
/* multicast */
if (!(s->RxConfig & AcceptMulticast))
{
- DEBUG_PRINT((">>> RTL8139: multicast packet rejected\n"));
+ DPRINTF(">>> multicast packet rejected\n");
/* update tally counter */
++s->tally_counters.RxERR;
@@ -892,7 +896,7 @@ static ssize_t rtl8139_do_receive(VLANClientState *nc, const uint8_t *buf, size_
if (!(s->mult[mcast_idx >> 3] & (1 << (mcast_idx & 7))))
{
- DEBUG_PRINT((">>> RTL8139: multicast address mismatch\n"));
+ DPRINTF(">>> multicast address mismatch\n");
/* update tally counter */
++s->tally_counters.RxERR;
@@ -902,7 +906,7 @@ static ssize_t rtl8139_do_receive(VLANClientState *nc, const uint8_t *buf, size_
packet_header |= RxMulticast;
- DEBUG_PRINT((">>> RTL8139: multicast packet received\n"));
+ DPRINTF(">>> multicast packet received\n");
/* update tally counter */
++s->tally_counters.RxOkMul;
@@ -916,7 +920,7 @@ static ssize_t rtl8139_do_receive(VLANClientState *nc, const uint8_t *buf, size_
/* match */
if (!(s->RxConfig & AcceptMyPhys))
{
- DEBUG_PRINT((">>> RTL8139: rejecting physical address matching packet\n"));
+ DPRINTF(">>> rejecting physical address matching packet\n");
/* update tally counter */
++s->tally_counters.RxERR;
@@ -926,14 +930,14 @@ static ssize_t rtl8139_do_receive(VLANClientState *nc, const uint8_t *buf, size_
packet_header |= RxPhysical;
- DEBUG_PRINT((">>> RTL8139: physical address matching packet received\n"));
+ DPRINTF(">>> physical address matching packet received\n");
/* update tally counter */
++s->tally_counters.RxOkPhy;
} else {
- DEBUG_PRINT((">>> RTL8139: unknown packet\n"));
+ DPRINTF(">>> unknown packet\n");
/* update tally counter */
++s->tally_counters.RxERR;
@@ -955,7 +959,7 @@ static ssize_t rtl8139_do_receive(VLANClientState *nc, const uint8_t *buf, size_
if (rtl8139_cp_receiver_enabled(s))
{
- DEBUG_PRINT(("RTL8139: in C+ Rx mode ================\n"));
+ DPRINTF("in C+ Rx mode ================\n");
/* begin C+ receiver mode */
@@ -978,8 +982,9 @@ static ssize_t rtl8139_do_receive(VLANClientState *nc, const uint8_t *buf, size_
cplus_rx_ring_desc = rtl8139_addr64(s->RxRingAddrLO, s->RxRingAddrHI);
cplus_rx_ring_desc += 16 * descriptor;
- DEBUG_PRINT(("RTL8139: +++ C+ mode reading RX descriptor %d from host memory at %08x %08x = %016" PRIx64 "\n",
- descriptor, s->RxRingAddrHI, s->RxRingAddrLO, (uint64_t)cplus_rx_ring_desc));
+ DPRINTF("+++ C+ mode reading RX descriptor %d from host memory at "
+ "%08x %08x = "TARGET_FMT_plx"\n", descriptor, s->RxRingAddrHI,
+ s->RxRingAddrLO, cplus_rx_ring_desc);
uint32_t val, rxdw0,rxdw1,rxbufLO,rxbufHI;
@@ -992,13 +997,13 @@ static ssize_t rtl8139_do_receive(VLANClientState *nc, const uint8_t *buf, size_
cpu_physical_memory_read(cplus_rx_ring_desc+12, (uint8_t *)&val, 4);
rxbufHI = le32_to_cpu(val);
- DEBUG_PRINT(("RTL8139: +++ C+ mode RX descriptor %d %08x %08x %08x %08x\n",
- descriptor,
- rxdw0, rxdw1, rxbufLO, rxbufHI));
+ DPRINTF("+++ C+ mode RX descriptor %d %08x %08x %08x %08x\n",
+ descriptor, rxdw0, rxdw1, rxbufLO, rxbufHI);
if (!(rxdw0 & CP_RX_OWN))
{
- DEBUG_PRINT(("RTL8139: C+ Rx mode : descriptor %d is owned by host\n", descriptor));
+ DPRINTF("C+ Rx mode : descriptor %d is owned by host\n",
+ descriptor);
s->IntrStatus |= RxOverflow;
++s->RxMissed;
@@ -1028,9 +1033,8 @@ static ssize_t rtl8139_do_receive(VLANClientState *nc, const uint8_t *buf, size_
rxdw1 |= CP_RX_TAVA | le16_to_cpup((uint16_t *)
&dot1q_buf[ETHER_TYPE_LEN]);
- DEBUG_PRINT(("RTL8139: C+ Rx mode : extracted vlan tag with tci: "
- "%u\n", be16_to_cpup((uint16_t *)
- &dot1q_buf[ETHER_TYPE_LEN])));
+ DPRINTF("C+ Rx mode : extracted vlan tag with tci: ""%u\n",
+ be16_to_cpup((uint16_t *)&dot1q_buf[ETHER_TYPE_LEN]));
} else {
/* reset VLAN tag flag */
rxdw1 &= ~CP_RX_TAVA;
@@ -1040,8 +1044,8 @@ static ssize_t rtl8139_do_receive(VLANClientState *nc, const uint8_t *buf, size_
if (size+4 > rx_space)
{
- DEBUG_PRINT(("RTL8139: C+ Rx mode : descriptor %d size %d received %d + 4\n",
- descriptor, rx_space, size));
+ DPRINTF("C+ Rx mode : descriptor %d size %d received %d + 4\n",
+ descriptor, rx_space, size);
s->IntrStatus |= RxOverflow;
++s->RxMissed;
@@ -1136,12 +1140,12 @@ static ssize_t rtl8139_do_receive(VLANClientState *nc, const uint8_t *buf, size_
++s->currCPlusRxDesc;
}
- DEBUG_PRINT(("RTL8139: done C+ Rx mode ----------------\n"));
+ DPRINTF("done C+ Rx mode ----------------\n");
}
else
{
- DEBUG_PRINT(("RTL8139: in ring Rx mode ================\n"));
+ DPRINTF("in ring Rx mode ================\n");
/* begin ring receiver mode */
int avail = MOD2(s->RxBufferSize + s->RxBufPtr - s->RxBufAddr, s->RxBufferSize);
@@ -1150,8 +1154,9 @@ static ssize_t rtl8139_do_receive(VLANClientState *nc, const uint8_t *buf, size_
if (avail != 0 && size + 8 >= avail)
{
- DEBUG_PRINT(("rx overflow: rx buffer length %d head 0x%04x read 0x%04x === available 0x%04x need 0x%04x\n",
- s->RxBufferSize, s->RxBufAddr, s->RxBufPtr, avail, size + 8));
+ DPRINTF("rx overflow: rx buffer length %d head 0x%04x "
+ "read 0x%04x === available 0x%04x need 0x%04x\n",
+ s->RxBufferSize, s->RxBufAddr, s->RxBufPtr, avail, size + 8);
s->IntrStatus |= RxOverflow;
++s->RxMissed;
@@ -1179,8 +1184,8 @@ static ssize_t rtl8139_do_receive(VLANClientState *nc, const uint8_t *buf, size_
/* now we can signal we have received something */
- DEBUG_PRINT((" received: rx buffer length %d head 0x%04x read 0x%04x\n",
- s->RxBufferSize, s->RxBufAddr, s->RxBufPtr));
+ DPRINTF("received: rx buffer length %d head 0x%04x read 0x%04x\n",
+ s->RxBufferSize, s->RxBufAddr, s->RxBufPtr);
}
s->IntrStatus |= RxOK;
@@ -1374,22 +1379,22 @@ static void rtl8139_ChipCmd_write(RTL8139State *s, uint32_t val)
{
val &= 0xff;
- DEBUG_PRINT(("RTL8139: ChipCmd write val=0x%08x\n", val));
+ DPRINTF("ChipCmd write val=0x%08x\n", val);
if (val & CmdReset)
{
- DEBUG_PRINT(("RTL8139: ChipCmd reset\n"));
+ DPRINTF("ChipCmd reset\n");
rtl8139_reset(&s->dev.qdev);
}
if (val & CmdRxEnb)
{
- DEBUG_PRINT(("RTL8139: ChipCmd enable receiver\n"));
+ DPRINTF("ChipCmd enable receiver\n");
s->currCPlusRxDesc = 0;
}
if (val & CmdTxEnb)
{
- DEBUG_PRINT(("RTL8139: ChipCmd enable transmitter\n"));
+ DPRINTF("ChipCmd enable transmitter\n");
s->currCPlusTxDesc = 0;
}
@@ -1409,11 +1414,11 @@ static int rtl8139_RxBufferEmpty(RTL8139State *s)
if (unread != 0)
{
- DEBUG_PRINT(("RTL8139: receiver buffer data available 0x%04x\n", unread));
+ DPRINTF("receiver buffer data available 0x%04x\n", unread);
return 0;
}
- DEBUG_PRINT(("RTL8139: receiver buffer is empty\n"));
+ DPRINTF("receiver buffer is empty\n");
return 1;
}
@@ -1425,7 +1430,7 @@ static uint32_t rtl8139_ChipCmd_read(RTL8139State *s)
if (rtl8139_RxBufferEmpty(s))
ret |= RxBufEmpty;
- DEBUG_PRINT(("RTL8139: ChipCmd read val=0x%04x\n", ret));
+ DPRINTF("ChipCmd read val=0x%04x\n", ret);
return ret;
}
@@ -1434,7 +1439,7 @@ static void rtl8139_CpCmd_write(RTL8139State *s, uint32_t val)
{
val &= 0xffff;
- DEBUG_PRINT(("RTL8139C+ command register write(w) val=0x%04x\n", val));
+ DPRINTF("C+ command register write(w) val=0x%04x\n", val);
s->cplus_enabled = 1;
@@ -1448,21 +1453,21 @@ static uint32_t rtl8139_CpCmd_read(RTL8139State *s)
{
uint32_t ret = s->CpCmd;
- DEBUG_PRINT(("RTL8139C+ command register read(w) val=0x%04x\n", ret));
+ DPRINTF("C+ command register read(w) val=0x%04x\n", ret);
return ret;
}
static void rtl8139_IntrMitigate_write(RTL8139State *s, uint32_t val)
{
- DEBUG_PRINT(("RTL8139C+ IntrMitigate register write(w) val=0x%04x\n", val));
+ DPRINTF("C+ IntrMitigate register write(w) val=0x%04x\n", val);
}
static uint32_t rtl8139_IntrMitigate_read(RTL8139State *s)
{
uint32_t ret = 0;
- DEBUG_PRINT(("RTL8139C+ IntrMitigate register read(w) val=0x%04x\n", ret));
+ DPRINTF("C+ IntrMitigate register read(w) val=0x%04x\n", ret);
return ret;
}
@@ -1474,7 +1479,7 @@ static int rtl8139_config_writeable(RTL8139State *s)
return 1;
}
- DEBUG_PRINT(("RTL8139: Configuration registers are write-protected\n"));
+ DPRINTF("Configuration registers are write-protected\n");
return 0;
}
@@ -1483,7 +1488,7 @@ static void rtl8139_BasicModeCtrl_write(RTL8139State *s, uint32_t val)
{
val &= 0xffff;
- DEBUG_PRINT(("RTL8139: BasicModeCtrl register write(w) val=0x%04x\n", val));
+ DPRINTF("BasicModeCtrl register write(w) val=0x%04x\n", val);
/* mask unwriteable bits */
uint32_t mask = 0x4cff;
@@ -1505,7 +1510,7 @@ static uint32_t rtl8139_BasicModeCtrl_read(RTL8139State *s)
{
uint32_t ret = s->BasicModeCtrl;
- DEBUG_PRINT(("RTL8139: BasicModeCtrl register read(w) val=0x%04x\n", ret));
+ DPRINTF("BasicModeCtrl register read(w) val=0x%04x\n", ret);
return ret;
}
@@ -1514,7 +1519,7 @@ static void rtl8139_BasicModeStatus_write(RTL8139State *s, uint32_t val)
{
val &= 0xffff;
- DEBUG_PRINT(("RTL8139: BasicModeStatus register write(w) val=0x%04x\n", val));
+ DPRINTF("BasicModeStatus register write(w) val=0x%04x\n", val);
/* mask unwriteable bits */
val = SET_MASKED(val, 0xff3f, s->BasicModeStatus);
@@ -1526,7 +1531,7 @@ static uint32_t rtl8139_BasicModeStatus_read(RTL8139State *s)
{
uint32_t ret = s->BasicModeStatus;
- DEBUG_PRINT(("RTL8139: BasicModeStatus register read(w) val=0x%04x\n", ret));
+ DPRINTF("BasicModeStatus register read(w) val=0x%04x\n", ret);
return ret;
}
@@ -1535,7 +1540,7 @@ static void rtl8139_Cfg9346_write(RTL8139State *s, uint32_t val)
{
val &= 0xff;
- DEBUG_PRINT(("RTL8139: Cfg9346 write val=0x%02x\n", val));
+ DPRINTF("Cfg9346 write val=0x%02x\n", val);
/* mask unwriteable bits */
val = SET_MASKED(val, 0x31, s->Cfg9346);
@@ -1578,7 +1583,7 @@ static uint32_t rtl8139_Cfg9346_read(RTL8139State *s)
}
}
- DEBUG_PRINT(("RTL8139: Cfg9346 read val=0x%02x\n", ret));
+ DPRINTF("Cfg9346 read val=0x%02x\n", ret);
return ret;
}
@@ -1587,7 +1592,7 @@ static void rtl8139_Config0_write(RTL8139State *s, uint32_t val)
{
val &= 0xff;
- DEBUG_PRINT(("RTL8139: Config0 write val=0x%02x\n", val));
+ DPRINTF("Config0 write val=0x%02x\n", val);
if (!rtl8139_config_writeable(s))
return;
@@ -1602,7 +1607,7 @@ static uint32_t rtl8139_Config0_read(RTL8139State *s)
{
uint32_t ret = s->Config0;
- DEBUG_PRINT(("RTL8139: Config0 read val=0x%02x\n", ret));
+ DPRINTF("Config0 read val=0x%02x\n", ret);
return ret;
}
@@ -1611,7 +1616,7 @@ static void rtl8139_Config1_write(RTL8139State *s, uint32_t val)
{
val &= 0xff;
- DEBUG_PRINT(("RTL8139: Config1 write val=0x%02x\n", val));
+ DPRINTF("Config1 write val=0x%02x\n", val);
if (!rtl8139_config_writeable(s))
return;
@@ -1626,7 +1631,7 @@ static uint32_t rtl8139_Config1_read(RTL8139State *s)
{
uint32_t ret = s->Config1;
- DEBUG_PRINT(("RTL8139: Config1 read val=0x%02x\n", ret));
+ DPRINTF("Config1 read val=0x%02x\n", ret);
return ret;
}
@@ -1635,7 +1640,7 @@ static void rtl8139_Config3_write(RTL8139State *s, uint32_t val)
{
val &= 0xff;
- DEBUG_PRINT(("RTL8139: Config3 write val=0x%02x\n", val));
+ DPRINTF("Config3 write val=0x%02x\n", val);
if (!rtl8139_config_writeable(s))
return;
@@ -1650,7 +1655,7 @@ static uint32_t rtl8139_Config3_read(RTL8139State *s)
{
uint32_t ret = s->Config3;
- DEBUG_PRINT(("RTL8139: Config3 read val=0x%02x\n", ret));
+ DPRINTF("Config3 read val=0x%02x\n", ret);
return ret;
}
@@ -1659,7 +1664,7 @@ static void rtl8139_Config4_write(RTL8139State *s, uint32_t val)
{
val &= 0xff;
- DEBUG_PRINT(("RTL8139: Config4 write val=0x%02x\n", val));
+ DPRINTF("Config4 write val=0x%02x\n", val);
if (!rtl8139_config_writeable(s))
return;
@@ -1674,7 +1679,7 @@ static uint32_t rtl8139_Config4_read(RTL8139State *s)
{
uint32_t ret = s->Config4;
- DEBUG_PRINT(("RTL8139: Config4 read val=0x%02x\n", ret));
+ DPRINTF("Config4 read val=0x%02x\n", ret);
return ret;
}
@@ -1683,7 +1688,7 @@ static void rtl8139_Config5_write(RTL8139State *s, uint32_t val)
{
val &= 0xff;
- DEBUG_PRINT(("RTL8139: Config5 write val=0x%02x\n", val));
+ DPRINTF("Config5 write val=0x%02x\n", val);
/* mask unwriteable bits */
val = SET_MASKED(val, 0x80, s->Config5);
@@ -1695,7 +1700,7 @@ static uint32_t rtl8139_Config5_read(RTL8139State *s)
{
uint32_t ret = s->Config5;
- DEBUG_PRINT(("RTL8139: Config5 read val=0x%02x\n", ret));
+ DPRINTF("Config5 read val=0x%02x\n", ret);
return ret;
}
@@ -1704,11 +1709,11 @@ static void rtl8139_TxConfig_write(RTL8139State *s, uint32_t val)
{
if (!rtl8139_transmitter_enabled(s))
{
- DEBUG_PRINT(("RTL8139: transmitter disabled; no TxConfig write val=0x%08x\n", val));
+ DPRINTF("transmitter disabled; no TxConfig write val=0x%08x\n", val);
return;
}
- DEBUG_PRINT(("RTL8139: TxConfig write val=0x%08x\n", val));
+ DPRINTF("TxConfig write val=0x%08x\n", val);
val = SET_MASKED(val, TxVersionMask | 0x8070f80f, s->TxConfig);
@@ -1717,7 +1722,7 @@ static void rtl8139_TxConfig_write(RTL8139State *s, uint32_t val)
static void rtl8139_TxConfig_writeb(RTL8139State *s, uint32_t val)
{
- DEBUG_PRINT(("RTL8139C TxConfig via write(b) val=0x%02x\n", val));
+ DPRINTF("RTL8139C TxConfig via write(b) val=0x%02x\n", val);
uint32_t tc = s->TxConfig;
tc &= 0xFFFFFF00;
@@ -1729,14 +1734,14 @@ static uint32_t rtl8139_TxConfig_read(RTL8139State *s)
{
uint32_t ret = s->TxConfig;
- DEBUG_PRINT(("RTL8139: TxConfig read val=0x%04x\n", ret));
+ DPRINTF("TxConfig read val=0x%04x\n", ret);
return ret;
}
static void rtl8139_RxConfig_write(RTL8139State *s, uint32_t val)
{
- DEBUG_PRINT(("RTL8139: RxConfig write val=0x%08x\n", val));
+ DPRINTF("RxConfig write val=0x%08x\n", val);
/* mask unwriteable bits */
val = SET_MASKED(val, 0xf0fc0040, s->RxConfig);
@@ -1746,14 +1751,14 @@ static void rtl8139_RxConfig_write(RTL8139State *s, uint32_t val)
/* reset buffer size and read/write pointers */
rtl8139_reset_rxring(s, 8192 << ((s->RxConfig >> 11) & 0x3));
- DEBUG_PRINT(("RTL8139: RxConfig write reset buffer size to %d\n", s->RxBufferSize));
+ DPRINTF("RxConfig write reset buffer size to %d\n", s->RxBufferSize);
}
static uint32_t rtl8139_RxConfig_read(RTL8139State *s)
{
uint32_t ret = s->RxConfig;
- DEBUG_PRINT(("RTL8139: RxConfig read val=0x%08x\n", ret));
+ DPRINTF("RxConfig read val=0x%08x\n", ret);
return ret;
}
@@ -1765,7 +1770,7 @@ static void rtl8139_transfer_frame(RTL8139State *s, uint8_t *buf, int size,
if (!size)
{
- DEBUG_PRINT(("RTL8139: +++ empty ethernet frame\n"));
+ DPRINTF("+++ empty ethernet frame\n");
return;
}
@@ -1790,7 +1795,7 @@ static void rtl8139_transfer_frame(RTL8139State *s, uint8_t *buf, int size,
buf = buf2;
}
- DEBUG_PRINT(("RTL8139: +++ transmit loopback mode\n"));
+ DPRINTF("+++ transmit loopback mode\n");
rtl8139_do_receive(&s->nic->nc, buf, size, do_interrupt);
if (iov) {
@@ -1811,25 +1816,25 @@ static int rtl8139_transmit_one(RTL8139State *s, int descriptor)
{
if (!rtl8139_transmitter_enabled(s))
{
- DEBUG_PRINT(("RTL8139: +++ cannot transmit from descriptor %d: transmitter disabled\n",
- descriptor));
+ DPRINTF("+++ cannot transmit from descriptor %d: transmitter "
+ "disabled\n", descriptor);
return 0;
}
if (s->TxStatus[descriptor] & TxHostOwns)
{
- DEBUG_PRINT(("RTL8139: +++ cannot transmit from descriptor %d: owned by host (%08x)\n",
- descriptor, s->TxStatus[descriptor]));
+ DPRINTF("+++ cannot transmit from descriptor %d: owned by host "
+ "(%08x)\n", descriptor, s->TxStatus[descriptor]);
return 0;
}
- DEBUG_PRINT(("RTL8139: +++ transmitting from descriptor %d\n", descriptor));
+ DPRINTF("+++ transmitting from descriptor %d\n", descriptor);
int txsize = s->TxStatus[descriptor] & 0x1fff;
uint8_t txbuffer[0x2000];
- DEBUG_PRINT(("RTL8139: +++ transmit reading %d bytes from host memory at 0x%08x\n",
- txsize, s->TxAddr[descriptor]));
+ DPRINTF("+++ transmit reading %d bytes from host memory at 0x%08x\n",
+ txsize, s->TxAddr[descriptor]);
cpu_physical_memory_read(s->TxAddr[descriptor], txbuffer, txsize);
@@ -1839,7 +1844,8 @@ static int rtl8139_transmit_one(RTL8139State *s, int descriptor)
rtl8139_transfer_frame(s, txbuffer, txsize, 0, NULL);
- DEBUG_PRINT(("RTL8139: +++ transmitted %d bytes from descriptor %d\n", txsize, descriptor));
+ DPRINTF("+++ transmitted %d bytes from descriptor %d\n", txsize,
+ descriptor);
/* update interrupt */
s->IntrStatus |= TxOK;
@@ -1939,13 +1945,13 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
{
if (!rtl8139_transmitter_enabled(s))
{
- DEBUG_PRINT(("RTL8139: +++ C+ mode: transmitter disabled\n"));
+ DPRINTF("+++ C+ mode: transmitter disabled\n");
return 0;
}
if (!rtl8139_cp_transmitter_enabled(s))
{
- DEBUG_PRINT(("RTL8139: +++ C+ mode: C+ transmitter disabled\n"));
+ DPRINTF("+++ C+ mode: C+ transmitter disabled\n");
return 0 ;
}
@@ -1957,8 +1963,9 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
/* Normal priority ring */
cplus_tx_ring_desc += 16 * descriptor;
- DEBUG_PRINT(("RTL8139: +++ C+ mode reading TX descriptor %d from host memory at %08x0x%08x = 0x%8lx\n",
- descriptor, s->TxAddr[1], s->TxAddr[0], cplus_tx_ring_desc));
+ DPRINTF("+++ C+ mode reading TX descriptor %d from host memory at "
+ "%08x0x%08x = 0x"TARGET_FMT_plx"\n", descriptor, s->TxAddr[1],
+ s->TxAddr[0], cplus_tx_ring_desc);
uint32_t val, txdw0,txdw1,txbufLO,txbufHI;
@@ -1971,9 +1978,8 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
cpu_physical_memory_read(cplus_tx_ring_desc+12, (uint8_t *)&val, 4);
txbufHI = le32_to_cpu(val);
- DEBUG_PRINT(("RTL8139: +++ C+ mode TX descriptor %d %08x %08x %08x %08x\n",
- descriptor,
- txdw0, txdw1, txbufLO, txbufHI));
+ DPRINTF("+++ C+ mode TX descriptor %d %08x %08x %08x %08x\n", descriptor,
+ txdw0, txdw1, txbufLO, txbufHI);
/* w0 ownership flag */
#define CP_TX_OWN (1<<31)
@@ -2019,15 +2025,16 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
if (!(txdw0 & CP_TX_OWN))
{
- DEBUG_PRINT(("RTL8139: C+ Tx mode : descriptor %d is owned by host\n", descriptor));
+ DPRINTF("C+ Tx mode : descriptor %d is owned by host\n", descriptor);
return 0 ;
}
- DEBUG_PRINT(("RTL8139: +++ C+ Tx mode : transmitting from descriptor %d\n", descriptor));
+ DPRINTF("+++ C+ Tx mode : transmitting from descriptor %d\n", descriptor);
if (txdw0 & CP_TX_FS)
{
- DEBUG_PRINT(("RTL8139: +++ C+ Tx mode : descriptor %d is first segment descriptor\n", descriptor));
+ DPRINTF("+++ C+ Tx mode : descriptor %d is first segment "
+ "descriptor\n", descriptor);
/* reset internal buffer offset */
s->cplus_txbuffer_offset = 0;
@@ -2043,7 +2050,8 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
s->cplus_txbuffer = qemu_malloc(s->cplus_txbuffer_len);
s->cplus_txbuffer_offset = 0;
- DEBUG_PRINT(("RTL8139: +++ C+ mode transmission buffer allocated space %d\n", s->cplus_txbuffer_len));
+ DPRINTF("+++ C+ mode transmission buffer allocated space %d\n",
+ s->cplus_txbuffer_len);
}
while (s->cplus_txbuffer && s->cplus_txbuffer_offset + txsize >= s->cplus_txbuffer_len)
@@ -2051,14 +2059,16 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
s->cplus_txbuffer_len += CP_TX_BUFFER_SIZE;
s->cplus_txbuffer = qemu_realloc(s->cplus_txbuffer, s->cplus_txbuffer_len);
- DEBUG_PRINT(("RTL8139: +++ C+ mode transmission buffer space changed to %d\n", s->cplus_txbuffer_len));
+ DPRINTF("+++ C+ mode transmission buffer space changed to %d\n",
+ s->cplus_txbuffer_len);
}
if (!s->cplus_txbuffer)
{
/* out of memory */
- DEBUG_PRINT(("RTL8139: +++ C+ mode transmiter failed to reallocate %d bytes\n", s->cplus_txbuffer_len));
+ DPRINTF("+++ C+ mode transmiter failed to reallocate %d bytes\n",
+ s->cplus_txbuffer_len);
/* update tally counter */
++s->tally_counters.TxERR;
@@ -2069,8 +2079,9 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
/* append more data to the packet */
- DEBUG_PRINT(("RTL8139: +++ C+ mode transmit reading %d bytes from host memory at %016" PRIx64 " to offset %d\n",
- txsize, (uint64_t)tx_addr, s->cplus_txbuffer_offset));
+ DPRINTF("+++ C+ mode transmit reading %d bytes from host memory at "
+ TARGET_FMT_plx" to offset %d\n", txsize, tx_addr,
+ s->cplus_txbuffer_offset);
cpu_physical_memory_read(tx_addr, s->cplus_txbuffer + s->cplus_txbuffer_offset, txsize);
s->cplus_txbuffer_offset += txsize;
@@ -2107,7 +2118,8 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
uint8_t dot1q_buffer_space[VLAN_HLEN];
uint16_t *dot1q_buffer;
- DEBUG_PRINT(("RTL8139: +++ C+ Tx mode : descriptor %d is last segment descriptor\n", descriptor));
+ DPRINTF("+++ C+ Tx mode : descriptor %d is last segment descriptor\n",
+ descriptor);
/* can transfer fully assembled packet */
@@ -2119,8 +2131,8 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
if (txdw1 & CP_TX_TAGC) {
/* the vlan tag is in BE byte order in the descriptor
* BE + le_to_cpu() + ~swap()~ = cpu */
- DEBUG_PRINT(("RTL8139: +++ C+ Tx mode : inserting vlan tag with "
- "tci: %u\n", bswap16(txdw1 & CP_TX_VLAN_TAG_MASK)));
+ DPRINTF("+++ C+ Tx mode : inserting vlan tag with ""tci: %u\n",
+ bswap16(txdw1 & CP_TX_VLAN_TAG_MASK));
dot1q_buffer = (uint16_t *) dot1q_buffer_space;
dot1q_buffer[0] = cpu_to_be16(ETH_P_8021Q);
@@ -2137,7 +2149,7 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
if (txdw0 & (CP_TX_IPCS | CP_TX_UDPCS | CP_TX_TCPCS | CP_TX_LGSEN))
{
- DEBUG_PRINT(("RTL8139: +++ C+ mode offloaded task checksum\n"));
+ DPRINTF("+++ C+ mode offloaded task checksum\n");
/* ip packet header */
ip_header *ip = NULL;
@@ -2151,7 +2163,7 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
int proto = be16_to_cpu(*(uint16_t *)(saved_buffer + 12));
if (proto == ETH_P_IP)
{
- DEBUG_PRINT(("RTL8139: +++ C+ mode has IP packet\n"));
+ DPRINTF("+++ C+ mode has IP packet\n");
/* not aligned */
eth_payload_data = saved_buffer + ETH_HLEN;
@@ -2160,7 +2172,9 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
ip = (ip_header*)eth_payload_data;
if (IP_HEADER_VERSION(ip) != IP_HEADER_VERSION_4) {
- DEBUG_PRINT(("RTL8139: +++ C+ mode packet has bad IP version %d expected %d\n", IP_HEADER_VERSION(ip), IP_HEADER_VERSION_4));
+ DPRINTF("+++ C+ mode packet has bad IP version %d "
+ "expected %d\n", IP_HEADER_VERSION(ip),
+ IP_HEADER_VERSION_4);
ip = NULL;
} else {
hlen = IP_HEADER_LENGTH(ip);
@@ -2173,7 +2187,7 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
{
if (txdw0 & CP_TX_IPCS)
{
- DEBUG_PRINT(("RTL8139: +++ C+ mode need IP checksum\n"));
+ DPRINTF("+++ C+ mode need IP checksum\n");
if (hlen<sizeof(ip_header) || hlen>eth_payload_len) {/* min header length */
/* bad packet header len */
@@ -2183,17 +2197,18 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
{
ip->ip_sum = 0;
ip->ip_sum = ip_checksum(ip, hlen);
- DEBUG_PRINT(("RTL8139: +++ C+ mode IP header len=%d checksum=%04x\n", hlen, ip->ip_sum));
+ DPRINTF("+++ C+ mode IP header len=%d checksum=%04x\n",
+ hlen, ip->ip_sum);
}
}
if ((txdw0 & CP_TX_LGSEN) && ip_protocol == IP_PROTO_TCP)
{
-#if defined (DEBUG_RTL8139)
int large_send_mss = (txdw0 >> 16) & CP_TC_LGSEN_MSS_MASK;
-#endif
- DEBUG_PRINT(("RTL8139: +++ C+ mode offloaded task TSO MTU=%d IP data %d frame data %d specified MSS=%d\n",
- ETH_MTU, ip_data_len, saved_size - ETH_HLEN, large_send_mss));
+
+ DPRINTF("+++ C+ mode offloaded task TSO MTU=%d IP data %d "
+ "frame data %d specified MSS=%d\n", ETH_MTU,
+ ip_data_len, saved_size - ETH_HLEN, large_send_mss);
int tcp_send_offset = 0;
int send_count = 0;
@@ -2217,8 +2232,9 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
int tcp_data_len = ip_data_len - tcp_hlen;
int tcp_chunk_size = ETH_MTU - hlen - tcp_hlen;
- DEBUG_PRINT(("RTL8139: +++ C+ mode TSO IP data len %d TCP hlen %d TCP data len %d TCP chunk size %d\n",
- ip_data_len, tcp_hlen, tcp_data_len, tcp_chunk_size));
+ DPRINTF("+++ C+ mode TSO IP data len %d TCP hlen %d TCP "
+ "data len %d TCP chunk size %d\n", ip_data_len,
+ tcp_hlen, tcp_data_len, tcp_chunk_size);
/* note the cycle below overwrites IP header data,
but restores it from saved_ip_header before sending packet */
@@ -2236,13 +2252,16 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
chunk_size = tcp_data_len - tcp_send_offset;
}
- DEBUG_PRINT(("RTL8139: +++ C+ mode TSO TCP seqno %08x\n", be32_to_cpu(p_tcp_hdr->th_seq)));
+ DPRINTF("+++ C+ mode TSO TCP seqno %08x\n",
+ be32_to_cpu(p_tcp_hdr->th_seq));
/* add 4 TCP pseudoheader fields */
/* copy IP source and destination fields */
memcpy(data_to_checksum, saved_ip_header + 12, 8);
- DEBUG_PRINT(("RTL8139: +++ C+ mode TSO calculating TCP checksum for packet with %d bytes data\n", tcp_hlen + chunk_size));
+ DPRINTF("+++ C+ mode TSO calculating TCP checksum for "
+ "packet with %d bytes data\n", tcp_hlen +
+ chunk_size);
if (tcp_send_offset)
{
@@ -2264,7 +2283,8 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
p_tcp_hdr->th_sum = 0;
int tcp_checksum = ip_checksum(data_to_checksum, tcp_hlen + chunk_size + 12);
- DEBUG_PRINT(("RTL8139: +++ C+ mode TSO TCP checksum %04x\n", tcp_checksum));
+ DPRINTF("+++ C+ mode TSO TCP checksum %04x\n",
+ tcp_checksum);
p_tcp_hdr->th_sum = tcp_checksum;
@@ -2279,10 +2299,12 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
ip->ip_sum = 0;
ip->ip_sum = ip_checksum(eth_payload_data, hlen);
- DEBUG_PRINT(("RTL8139: +++ C+ mode TSO IP header len=%d checksum=%04x\n", hlen, ip->ip_sum));
+ DPRINTF("+++ C+ mode TSO IP header len=%d "
+ "checksum=%04x\n", hlen, ip->ip_sum);
int tso_send_size = ETH_HLEN + hlen + tcp_hlen + chunk_size;
- DEBUG_PRINT(("RTL8139: +++ C+ mode TSO transferring packet size %d\n", tso_send_size));
+ DPRINTF("+++ C+ mode TSO transferring packet size "
+ "%d\n", tso_send_size);
rtl8139_transfer_frame(s, saved_buffer, tso_send_size,
0, (uint8_t *) dot1q_buffer);
@@ -2296,7 +2318,7 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
}
else if (txdw0 & (CP_TX_TCPCS|CP_TX_UDPCS))
{
- DEBUG_PRINT(("RTL8139: +++ C+ mode need TCP or UDP checksum\n"));
+ DPRINTF("+++ C+ mode need TCP or UDP checksum\n");
/* maximum IP header length is 60 bytes */
uint8_t saved_ip_header[60];
@@ -2311,7 +2333,8 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
if ((txdw0 & CP_TX_TCPCS) && ip_protocol == IP_PROTO_TCP)
{
- DEBUG_PRINT(("RTL8139: +++ C+ mode calculating TCP checksum for packet with %d bytes data\n", ip_data_len));
+ DPRINTF("+++ C+ mode calculating TCP checksum for "
+ "packet with %d bytes data\n", ip_data_len);
ip_pseudo_header *p_tcpip_hdr = (ip_pseudo_header *)data_to_checksum;
p_tcpip_hdr->zeros = 0;
@@ -2323,13 +2346,15 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
p_tcp_hdr->th_sum = 0;
int tcp_checksum = ip_checksum(data_to_checksum, ip_data_len + 12);
- DEBUG_PRINT(("RTL8139: +++ C+ mode TCP checksum %04x\n", tcp_checksum));
+ DPRINTF("+++ C+ mode TCP checksum %04x\n",
+ tcp_checksum);
p_tcp_hdr->th_sum = tcp_checksum;
}
else if ((txdw0 & CP_TX_UDPCS) && ip_protocol == IP_PROTO_UDP)
{
- DEBUG_PRINT(("RTL8139: +++ C+ mode calculating UDP checksum for packet with %d bytes data\n", ip_data_len));
+ DPRINTF("+++ C+ mode calculating UDP checksum for "
+ "packet with %d bytes data\n", ip_data_len);
ip_pseudo_header *p_udpip_hdr = (ip_pseudo_header *)data_to_checksum;
p_udpip_hdr->zeros = 0;
@@ -2341,7 +2366,8 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
p_udp_hdr->uh_sum = 0;
int udp_checksum = ip_checksum(data_to_checksum, ip_data_len + 12);
- DEBUG_PRINT(("RTL8139: +++ C+ mode UDP checksum %04x\n", udp_checksum));
+ DPRINTF("+++ C+ mode UDP checksum %04x\n",
+ udp_checksum);
p_udp_hdr->uh_sum = udp_checksum;
}
@@ -2355,7 +2381,7 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
/* update tally counter */
++s->tally_counters.TxOk;
- DEBUG_PRINT(("RTL8139: +++ C+ mode transmitting %d bytes packet\n", saved_size));
+ DPRINTF("+++ C+ mode transmitting %d bytes packet\n", saved_size);
rtl8139_transfer_frame(s, saved_buffer, saved_size, 1,
(uint8_t *) dot1q_buffer);
@@ -2374,7 +2400,7 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
}
else
{
- DEBUG_PRINT(("RTL8139: +++ C+ mode transmission continue to next descriptor\n"));
+ DPRINTF("+++ C+ mode transmission continue to next descriptor\n");
}
return 1;
@@ -2392,8 +2418,8 @@ static void rtl8139_cplus_transmit(RTL8139State *s)
/* Mark transfer completed */
if (!txcount)
{
- DEBUG_PRINT(("RTL8139: C+ mode : transmitter queue stalled, current TxDesc = %d\n",
- s->currCPlusTxDesc));
+ DPRINTF("C+ mode : transmitter queue stalled, current TxDesc = %d\n",
+ s->currCPlusTxDesc);
}
else
{
@@ -2418,7 +2444,8 @@ static void rtl8139_transmit(RTL8139State *s)
/* Mark transfer completed */
if (!txcount)
{
- DEBUG_PRINT(("RTL8139: transmitter queue stalled, current TxDesc = %d\n", s->currTxDesc));
+ DPRINTF("transmitter queue stalled, current TxDesc = %d\n",
+ s->currTxDesc);
}
}
@@ -2431,7 +2458,8 @@ static void rtl8139_TxStatus_write(RTL8139State *s, uint32_t txRegOffset, uint32
if (s->cplus_enabled)
{
- DEBUG_PRINT(("RTL8139C+ DTCCR write offset=0x%x val=0x%08x descriptor=%d\n", txRegOffset, val, descriptor));
+ DPRINTF("RTL8139C+ DTCCR write offset=0x%x val=0x%08x "
+ "descriptor=%d\n", txRegOffset, val, descriptor);
/* handle Dump Tally Counters command */
s->TxStatus[descriptor] = val;
@@ -2450,7 +2478,8 @@ static void rtl8139_TxStatus_write(RTL8139State *s, uint32_t txRegOffset, uint32
return;
}
- DEBUG_PRINT(("RTL8139: TxStatus write offset=0x%x val=0x%08x descriptor=%d\n", txRegOffset, val, descriptor));
+ DPRINTF("TxStatus write offset=0x%x val=0x%08x descriptor=%d\n",
+ txRegOffset, val, descriptor);
/* mask only reserved bits */
val &= ~0xff00c000; /* these bits are reset on write */
@@ -2466,7 +2495,7 @@ static uint32_t rtl8139_TxStatus_read(RTL8139State *s, uint32_t txRegOffset)
{
uint32_t ret = s->TxStatus[txRegOffset/4];
- DEBUG_PRINT(("RTL8139: TxStatus read offset=0x%x val=0x%08x\n", txRegOffset, ret));
+ DPRINTF("TxStatus read offset=0x%x val=0x%08x\n", txRegOffset, ret);
return ret;
}
@@ -2498,7 +2527,7 @@ static uint16_t rtl8139_TSAD_read(RTL8139State *s)
|((s->TxStatus[0] & TxHostOwns )?TSAD_OWN0:0) ;
- DEBUG_PRINT(("RTL8139: TSAD read val=0x%04x\n", ret));
+ DPRINTF("TSAD read val=0x%04x\n", ret);
return ret;
}
@@ -2507,14 +2536,14 @@ static uint16_t rtl8139_CSCR_read(RTL8139State *s)
{
uint16_t ret = s->CSCR;
- DEBUG_PRINT(("RTL8139: CSCR read val=0x%04x\n", ret));
+ DPRINTF("CSCR read val=0x%04x\n", ret);
return ret;
}
static void rtl8139_TxAddr_write(RTL8139State *s, uint32_t txAddrOffset, uint32_t val)
{
- DEBUG_PRINT(("RTL8139: TxAddr write offset=0x%x val=0x%08x\n", txAddrOffset, val));
+ DPRINTF("TxAddr write offset=0x%x val=0x%08x\n", txAddrOffset, val);
s->TxAddr[txAddrOffset/4] = val;
}
@@ -2523,20 +2552,20 @@ static uint32_t rtl8139_TxAddr_read(RTL8139State *s, uint32_t txAddrOffset)
{
uint32_t ret = s->TxAddr[txAddrOffset/4];
- DEBUG_PRINT(("RTL8139: TxAddr read offset=0x%x val=0x%08x\n", txAddrOffset, ret));
+ DPRINTF("TxAddr read offset=0x%x val=0x%08x\n", txAddrOffset, ret);
return ret;
}
static void rtl8139_RxBufPtr_write(RTL8139State *s, uint32_t val)
{
- DEBUG_PRINT(("RTL8139: RxBufPtr write val=0x%04x\n", val));
+ DPRINTF("RxBufPtr write val=0x%04x\n", val);
/* this value is off by 16 */
s->RxBufPtr = MOD2(val + 0x10, s->RxBufferSize);
- DEBUG_PRINT((" CAPR write: rx buffer length %d head 0x%04x read 0x%04x\n",
- s->RxBufferSize, s->RxBufAddr, s->RxBufPtr));
+ DPRINTF(" CAPR write: rx buffer length %d head 0x%04x read 0x%04x\n",
+ s->RxBufferSize, s->RxBufAddr, s->RxBufPtr);
}
static uint32_t rtl8139_RxBufPtr_read(RTL8139State *s)
@@ -2544,7 +2573,7 @@ static uint32_t rtl8139_RxBufPtr_read(RTL8139State *s)
/* this value is off by 16 */
uint32_t ret = s->RxBufPtr - 0x10;
- DEBUG_PRINT(("RTL8139: RxBufPtr read val=0x%04x\n", ret));
+ DPRINTF("RxBufPtr read val=0x%04x\n", ret);
return ret;
}
@@ -2554,14 +2583,14 @@ static uint32_t rtl8139_RxBufAddr_read(RTL8139State *s)
/* this value is NOT off by 16 */
uint32_t ret = s->RxBufAddr;
- DEBUG_PRINT(("RTL8139: RxBufAddr read val=0x%04x\n", ret));
+ DPRINTF("RxBufAddr read val=0x%04x\n", ret);
return ret;
}
static void rtl8139_RxBuf_write(RTL8139State *s, uint32_t val)
{
- DEBUG_PRINT(("RTL8139: RxBuf write val=0x%08x\n", val));
+ DPRINTF("RxBuf write val=0x%08x\n", val);
s->RxBuf = val;
@@ -2572,14 +2601,14 @@ static uint32_t rtl8139_RxBuf_read(RTL8139State *s)
{
uint32_t ret = s->RxBuf;
- DEBUG_PRINT(("RTL8139: RxBuf read val=0x%08x\n", ret));
+ DPRINTF("RxBuf read val=0x%08x\n", ret);
return ret;
}
static void rtl8139_IntrMask_write(RTL8139State *s, uint32_t val)
{
- DEBUG_PRINT(("RTL8139: IntrMask write(w) val=0x%04x\n", val));
+ DPRINTF("IntrMask write(w) val=0x%04x\n", val);
/* mask unwriteable bits */
val = SET_MASKED(val, 0x1e00, s->IntrMask);
@@ -2595,14 +2624,14 @@ static uint32_t rtl8139_IntrMask_read(RTL8139State *s)
{
uint32_t ret = s->IntrMask;
- DEBUG_PRINT(("RTL8139: IntrMask read(w) val=0x%04x\n", ret));
+ DPRINTF("IntrMask read(w) val=0x%04x\n", ret);
return ret;
}
static void rtl8139_IntrStatus_write(RTL8139State *s, uint32_t val)
{
- DEBUG_PRINT(("RTL8139: IntrStatus write(w) val=0x%04x\n", val));
+ DPRINTF("IntrStatus write(w) val=0x%04x\n", val);
#if 0
@@ -2639,7 +2668,7 @@ static uint32_t rtl8139_IntrStatus_read(RTL8139State *s)
uint32_t ret = s->IntrStatus;
- DEBUG_PRINT(("RTL8139: IntrStatus read(w) val=0x%04x\n", ret));
+ DPRINTF("IntrStatus read(w) val=0x%04x\n", ret);
#if 0
@@ -2655,7 +2684,7 @@ static uint32_t rtl8139_IntrStatus_read(RTL8139State *s)
static void rtl8139_MultiIntr_write(RTL8139State *s, uint32_t val)
{
- DEBUG_PRINT(("RTL8139: MultiIntr write(w) val=0x%04x\n", val));
+ DPRINTF("MultiIntr write(w) val=0x%04x\n", val);
/* mask unwriteable bits */
val = SET_MASKED(val, 0xf000, s->MultiIntr);
@@ -2667,7 +2696,7 @@ static uint32_t rtl8139_MultiIntr_read(RTL8139State *s)
{
uint32_t ret = s->MultiIntr;
- DEBUG_PRINT(("RTL8139: MultiIntr read(w) val=0x%04x\n", ret));
+ DPRINTF("MultiIntr read(w) val=0x%04x\n", ret);
return ret;
}
@@ -2715,11 +2744,12 @@ static void rtl8139_io_writeb(void *opaque, uint8_t addr, uint32_t val)
break;
case MediaStatus:
/* ignore */
- DEBUG_PRINT(("RTL8139: not implemented write(b) to MediaStatus val=0x%02x\n", val));
+ DPRINTF("not implemented write(b) to MediaStatus val=0x%02x\n",
+ val);
break;
case HltClk:
- DEBUG_PRINT(("RTL8139: HltClk write val=0x%08x\n", val));
+ DPRINTF("HltClk write val=0x%08x\n", val);
if (val == 'R')
{
s->clock_enabled = 1;
@@ -2731,27 +2761,29 @@ static void rtl8139_io_writeb(void *opaque, uint8_t addr, uint32_t val)
break;
case TxThresh:
- DEBUG_PRINT(("RTL8139C+ TxThresh write(b) val=0x%02x\n", val));
+ DPRINTF("C+ TxThresh write(b) val=0x%02x\n", val);
s->TxThresh = val;
break;
case TxPoll:
- DEBUG_PRINT(("RTL8139C+ TxPoll write(b) val=0x%02x\n", val));
+ DPRINTF("C+ TxPoll write(b) val=0x%02x\n", val);
if (val & (1 << 7))
{
- DEBUG_PRINT(("RTL8139C+ TxPoll high priority transmission (not implemented)\n"));
+ DPRINTF("C+ TxPoll high priority transmission (not "
+ "implemented)\n");
//rtl8139_cplus_transmit(s);
}
if (val & (1 << 6))
{
- DEBUG_PRINT(("RTL8139C+ TxPoll normal priority transmission\n"));
+ DPRINTF("C+ TxPoll normal priority transmission\n");
rtl8139_cplus_transmit(s);
}
break;
default:
- DEBUG_PRINT(("RTL8139: not implemented write(b) addr=0x%x val=0x%02x\n", addr, val));
+ DPRINTF("not implemented write(b) addr=0x%x val=0x%02x\n", addr,
+ val);
break;
}
}
@@ -2787,14 +2819,14 @@ static void rtl8139_io_writew(void *opaque, uint8_t addr, uint32_t val)
rtl8139_BasicModeStatus_write(s, val);
break;
case NWayAdvert:
- DEBUG_PRINT(("RTL8139: NWayAdvert write(w) val=0x%04x\n", val));
+ DPRINTF("NWayAdvert write(w) val=0x%04x\n", val);
s->NWayAdvert = val;
break;
case NWayLPAR:
- DEBUG_PRINT(("RTL8139: forbidden NWayLPAR write(w) val=0x%04x\n", val));
+ DPRINTF("forbidden NWayLPAR write(w) val=0x%04x\n", val);
break;
case NWayExpansion:
- DEBUG_PRINT(("RTL8139: NWayExpansion write(w) val=0x%04x\n", val));
+ DPRINTF("NWayExpansion write(w) val=0x%04x\n", val);
s->NWayExpansion = val;
break;
@@ -2807,7 +2839,8 @@ static void rtl8139_io_writew(void *opaque, uint8_t addr, uint32_t val)
break;
default:
- DEBUG_PRINT(("RTL8139: ioport write(w) addr=0x%x val=0x%04x via write(b)\n", addr, val));
+ DPRINTF("ioport write(w) addr=0x%x val=0x%04x via write(b)\n",
+ addr, val);
rtl8139_io_writeb(opaque, addr, val & 0xff);
rtl8139_io_writeb(opaque, addr + 1, (val >> 8) & 0xff);
@@ -2820,7 +2853,7 @@ static void rtl8139_set_next_tctr_time(RTL8139State *s, int64_t current_time)
int64_t pci_time, next_time;
uint32_t low_pci;
- DEBUG_PRINT(("RTL8139: entered rtl8139_set_next_tctr_time\n"));
+ DPRINTF("entered rtl8139_set_next_tctr_time\n");
if (s->TimerExpire && current_time >= s->TimerExpire) {
s->IntrStatus |= PCSTimeout;
@@ -2864,7 +2897,7 @@ static void rtl8139_io_writel(void *opaque, uint8_t addr, uint32_t val)
switch (addr)
{
case RxMissed:
- DEBUG_PRINT(("RTL8139: RxMissed clearing on write\n"));
+ DPRINTF("RxMissed clearing on write\n");
s->RxMissed = 0;
break;
@@ -2889,23 +2922,23 @@ static void rtl8139_io_writel(void *opaque, uint8_t addr, uint32_t val)
break;
case RxRingAddrLO:
- DEBUG_PRINT(("RTL8139: C+ RxRing low bits write val=0x%08x\n", val));
+ DPRINTF("C+ RxRing low bits write val=0x%08x\n", val);
s->RxRingAddrLO = val;
break;
case RxRingAddrHI:
- DEBUG_PRINT(("RTL8139: C+ RxRing high bits write val=0x%08x\n", val));
+ DPRINTF("C+ RxRing high bits write val=0x%08x\n", val);
s->RxRingAddrHI = val;
break;
case Timer:
- DEBUG_PRINT(("RTL8139: TCTR Timer reset on write\n"));
+ DPRINTF("TCTR Timer reset on write\n");
s->TCTR_base = qemu_get_clock_ns(vm_clock);
rtl8139_set_next_tctr_time(s, s->TCTR_base);
break;
case FlashReg:
- DEBUG_PRINT(("RTL8139: FlashReg TimerInt write val=0x%08x\n", val));
+ DPRINTF("FlashReg TimerInt write val=0x%08x\n", val);
if (s->TimerInt != val) {
s->TimerInt = val;
rtl8139_set_next_tctr_time(s, qemu_get_clock_ns(vm_clock));
@@ -2913,7 +2946,8 @@ static void rtl8139_io_writel(void *opaque, uint8_t addr, uint32_t val)
break;
default:
- DEBUG_PRINT(("RTL8139: ioport write(l) addr=0x%x val=0x%08x via write(b)\n", addr, val));
+ DPRINTF("ioport write(l) addr=0x%x val=0x%08x via write(b)\n",
+ addr, val);
rtl8139_io_writeb(opaque, addr, val & 0xff);
rtl8139_io_writeb(opaque, addr + 1, (val >> 8) & 0xff);
rtl8139_io_writeb(opaque, addr + 2, (val >> 16) & 0xff);
@@ -2964,31 +2998,31 @@ static uint32_t rtl8139_io_readb(void *opaque, uint8_t addr)
case MediaStatus:
ret = 0xd0;
- DEBUG_PRINT(("RTL8139: MediaStatus read 0x%x\n", ret));
+ DPRINTF("MediaStatus read 0x%x\n", ret);
break;
case HltClk:
ret = s->clock_enabled;
- DEBUG_PRINT(("RTL8139: HltClk read 0x%x\n", ret));
+ DPRINTF("HltClk read 0x%x\n", ret);
break;
case PCIRevisionID:
ret = RTL8139_PCI_REVID;
- DEBUG_PRINT(("RTL8139: PCI Revision ID read 0x%x\n", ret));
+ DPRINTF("PCI Revision ID read 0x%x\n", ret);
break;
case TxThresh:
ret = s->TxThresh;
- DEBUG_PRINT(("RTL8139C+ TxThresh read(b) val=0x%02x\n", ret));
+ DPRINTF("C+ TxThresh read(b) val=0x%02x\n", ret);
break;
case 0x43: /* Part of TxConfig register. Windows driver tries to read it */
ret = s->TxConfig >> 24;
- DEBUG_PRINT(("RTL8139C TxConfig at 0x43 read(b) val=0x%02x\n", ret));
+ DPRINTF("RTL8139C TxConfig at 0x43 read(b) val=0x%02x\n", ret);
break;
default:
- DEBUG_PRINT(("RTL8139: not implemented read(b) addr=0x%x\n", addr));
+ DPRINTF("not implemented read(b) addr=0x%x\n", addr);
ret = 0;
break;
}
@@ -3033,15 +3067,15 @@ static uint32_t rtl8139_io_readw(void *opaque, uint8_t addr)
break;
case NWayAdvert:
ret = s->NWayAdvert;
- DEBUG_PRINT(("RTL8139: NWayAdvert read(w) val=0x%04x\n", ret));
+ DPRINTF("NWayAdvert read(w) val=0x%04x\n", ret);
break;
case NWayLPAR:
ret = s->NWayLPAR;
- DEBUG_PRINT(("RTL8139: NWayLPAR read(w) val=0x%04x\n", ret));
+ DPRINTF("NWayLPAR read(w) val=0x%04x\n", ret);
break;
case NWayExpansion:
ret = s->NWayExpansion;
- DEBUG_PRINT(("RTL8139: NWayExpansion read(w) val=0x%04x\n", ret));
+ DPRINTF("NWayExpansion read(w) val=0x%04x\n", ret);
break;
case CpCmd:
@@ -3061,12 +3095,12 @@ static uint32_t rtl8139_io_readw(void *opaque, uint8_t addr)
break;
default:
- DEBUG_PRINT(("RTL8139: ioport read(w) addr=0x%x via read(b)\n", addr));
+ DPRINTF("ioport read(w) addr=0x%x via read(b)\n", addr);
ret = rtl8139_io_readb(opaque, addr);
ret |= rtl8139_io_readb(opaque, addr + 1) << 8;
- DEBUG_PRINT(("RTL8139: ioport read(w) addr=0x%x val=0x%04x\n", addr, ret));
+ DPRINTF("ioport read(w) addr=0x%x val=0x%04x\n", addr, ret);
break;
}
@@ -3085,7 +3119,7 @@ static uint32_t rtl8139_io_readl(void *opaque, uint8_t addr)
case RxMissed:
ret = s->RxMissed;
- DEBUG_PRINT(("RTL8139: RxMissed read val=0x%08x\n", ret));
+ DPRINTF("RxMissed read val=0x%08x\n", ret);
break;
case TxConfig:
@@ -3110,34 +3144,34 @@ static uint32_t rtl8139_io_readl(void *opaque, uint8_t addr)
case RxRingAddrLO:
ret = s->RxRingAddrLO;
- DEBUG_PRINT(("RTL8139: C+ RxRing low bits read val=0x%08x\n", ret));
+ DPRINTF("C+ RxRing low bits read val=0x%08x\n", ret);
break;
case RxRingAddrHI:
ret = s->RxRingAddrHI;
- DEBUG_PRINT(("RTL8139: C+ RxRing high bits read val=0x%08x\n", ret));
+ DPRINTF("C+ RxRing high bits read val=0x%08x\n", ret);
break;
case Timer:
ret = muldiv64(qemu_get_clock_ns(vm_clock) - s->TCTR_base,
PCI_FREQUENCY, get_ticks_per_sec());
- DEBUG_PRINT(("RTL8139: TCTR Timer read val=0x%08x\n", ret));
+ DPRINTF("TCTR Timer read val=0x%08x\n", ret);
break;
case FlashReg:
ret = s->TimerInt;
- DEBUG_PRINT(("RTL8139: FlashReg TimerInt read val=0x%08x\n", ret));
+ DPRINTF("FlashReg TimerInt read val=0x%08x\n", ret);
break;
default:
- DEBUG_PRINT(("RTL8139: ioport read(l) addr=0x%x via read(b)\n", addr));
+ DPRINTF("ioport read(l) addr=0x%x via read(b)\n", addr);
ret = rtl8139_io_readb(opaque, addr);
ret |= rtl8139_io_readb(opaque, addr + 1) << 8;
ret |= rtl8139_io_readb(opaque, addr + 2) << 16;
ret |= rtl8139_io_readb(opaque, addr + 3) << 24;
- DEBUG_PRINT(("RTL8139: read(l) addr=0x%x val=%08x\n", addr, ret));
+ DPRINTF("read(l) addr=0x%x val=%08x\n", addr, ret);
break;
}
@@ -3374,7 +3408,7 @@ static void rtl8139_timer(void *opaque)
if (!s->clock_enabled)
{
- DEBUG_PRINT(("RTL8139: >>> timer: clock is not running\n"));
+ DPRINTF(">>> timer: clock is not running\n");
return;
}
@@ -3475,7 +3509,7 @@ static PCIDeviceInfo rtl8139_info = {
.qdev.vmsd = &vmstate_rtl8139,
.init = pci_rtl8139_init,
.exit = pci_rtl8139_uninit,
- .romfile = "pxe-rtl8139.bin",
+ .romfile = "pxe-rtl8139.rom",
.qdev.props = (Property[]) {
DEFINE_NIC_PROPERTIES(RTL8139State, conf),
DEFINE_PROP_END_OF_LIST(),
diff --git a/hw/s390-virtio-bus.c b/hw/s390-virtio-bus.c
index 784dc01..bb49e39 100644
--- a/hw/s390-virtio-bus.c
+++ b/hw/s390-virtio-bus.c
@@ -43,6 +43,8 @@
do { } while (0)
#endif
+#define VIRTIO_EXT_CODE 0x2603
+
struct BusInfo s390_virtio_bus_info = {
.name = "s390-virtio",
.size = sizeof(VirtIOS390Bus),
@@ -139,7 +141,7 @@ static int s390_virtio_serial_init(VirtIOS390Device *dev)
bus = DO_UPCAST(VirtIOS390Bus, bus, dev->qdev.parent_bus);
- vdev = virtio_serial_init((DeviceState *)dev, dev->max_virtserial_ports);
+ vdev = virtio_serial_init((DeviceState *)dev, &dev->serial);
if (!vdev) {
return -1;
}
@@ -223,7 +225,7 @@ void s390_virtio_device_sync(VirtIOS390Device *dev)
cur_offs += num_vq * VIRTIO_VQCONFIG_LEN;
/* Sync feature bitmap */
- stl_phys(cur_offs, dev->host_features);
+ stl_phys(cur_offs, bswap32(dev->host_features));
dev->feat_offs = cur_offs + dev->feat_len;
cur_offs += dev->feat_len * 2;
@@ -233,7 +235,8 @@ void s390_virtio_device_sync(VirtIOS390Device *dev)
dev->vdev->get_config(dev->vdev, dev->vdev->config);
}
- cpu_physical_memory_rw(cur_offs, dev->vdev->config, dev->vdev->config_len, 1);
+ cpu_physical_memory_write(cur_offs,
+ dev->vdev->config, dev->vdev->config_len);
cur_offs += dev->vdev->config_len;
}
@@ -246,7 +249,7 @@ void s390_virtio_device_update_status(VirtIOS390Device *dev)
/* Update guest supported feature bitmap */
- features = ldl_phys(dev->feat_offs);
+ features = bswap32(ldl_phys(dev->feat_offs));
if (vdev->set_features) {
vdev->set_features(vdev, features);
}
@@ -304,9 +307,13 @@ static void virtio_s390_notify(void *opaque, uint16_t vector)
{
VirtIOS390Device *dev = (VirtIOS390Device*)opaque;
uint64_t token = s390_virtio_device_vq_token(dev, vector);
+ CPUState *env = s390_cpu_addr2state(0);
- /* XXX kvm dependency! */
- kvm_s390_virtio_irq(s390_cpu_addr2state(0), 0, token);
+ if (kvm_enabled()) {
+ kvm_s390_virtio_irq(env, 0, token);
+ } else {
+ cpu_inject_ext(env, VIRTIO_EXT_CODE, 0, token);
+ }
}
static unsigned virtio_s390_get_features(void *opaque)
@@ -325,6 +332,7 @@ static const VirtIOBindings virtio_s390_bindings = {
static VirtIOS390DeviceInfo s390_virtio_net = {
.init = s390_virtio_net_init,
.qdev.name = "virtio-net-s390",
+ .qdev.alias = "virtio-net",
.qdev.size = sizeof(VirtIOS390Device),
.qdev.props = (Property[]) {
DEFINE_NIC_PROPERTIES(VirtIOS390Device, nic),
@@ -340,6 +348,7 @@ static VirtIOS390DeviceInfo s390_virtio_net = {
static VirtIOS390DeviceInfo s390_virtio_blk = {
.init = s390_virtio_blk_init,
.qdev.name = "virtio-blk-s390",
+ .qdev.alias = "virtio-blk",
.qdev.size = sizeof(VirtIOS390Device),
.qdev.props = (Property[]) {
DEFINE_BLOCK_PROPERTIES(VirtIOS390Device, block),
@@ -353,8 +362,8 @@ static VirtIOS390DeviceInfo s390_virtio_serial = {
.qdev.alias = "virtio-serial",
.qdev.size = sizeof(VirtIOS390Device),
.qdev.props = (Property[]) {
- DEFINE_PROP_UINT32("max_ports", VirtIOS390Device, max_virtserial_ports,
- 31),
+ DEFINE_PROP_UINT32("max_ports", VirtIOS390Device,
+ serial.max_virtserial_ports, 31),
DEFINE_PROP_END_OF_LIST(),
},
};
diff --git a/hw/s390-virtio-bus.h b/hw/s390-virtio-bus.h
index 33379a3..edf6d04 100644
--- a/hw/s390-virtio-bus.h
+++ b/hw/s390-virtio-bus.h
@@ -18,6 +18,7 @@
*/
#include "virtio-net.h"
+#include "virtio-serial.h"
#define VIRTIO_DEV_OFFS_TYPE 0 /* 8 bits */
#define VIRTIO_DEV_OFFS_NUM_VQ 1 /* 8 bits */
@@ -43,8 +44,7 @@ typedef struct VirtIOS390Device {
BlockConf block;
NICConf nic;
uint32_t host_features;
- /* Max. number of ports we can have for a the virtio-serial device */
- uint32_t max_virtserial_ports;
+ virtio_serial_conf serial;
virtio_net_conf net;
} VirtIOS390Device;
diff --git a/hw/s390-virtio.c b/hw/s390-virtio.c
index 850422f..698ff6f 100644
--- a/hw/s390-virtio.c
+++ b/hw/s390-virtio.c
@@ -82,13 +82,12 @@ CPUState *s390_cpu_addr2state(uint16_t cpu_addr)
return ipi_states[cpu_addr];
}
-int s390_virtio_hypercall(CPUState *env)
+int s390_virtio_hypercall(CPUState *env, uint64_t mem, uint64_t hypercall)
{
int r = 0, i;
- target_ulong mem = env->regs[2];
- dprintf("KVM hypercall: %ld\n", env->regs[1]);
- switch (env->regs[1]) {
+ dprintf("KVM hypercall: %ld\n", hypercall);
+ switch (hypercall) {
case KVM_S390_VIRTIO_NOTIFY:
if (mem > ram_size) {
VirtIOS390Device *dev = s390_virtio_bus_find_vring(s390_bus,
@@ -128,8 +127,7 @@ int s390_virtio_hypercall(CPUState *env)
break;
}
- env->regs[2] = r;
- return 0;
+ return r;
}
/* PC hardware initialisation */
@@ -145,14 +143,9 @@ static void s390_init(ram_addr_t ram_size,
ram_addr_t kernel_size = 0;
ram_addr_t initrd_offset;
ram_addr_t initrd_size = 0;
+ uint8_t *storage_keys;
int i;
- /* XXX we only work on KVM for now */
-
- if (!kvm_enabled()) {
- fprintf(stderr, "The S390 target only works with KVM enabled\n");
- exit(1);
- }
/* get a BUS */
s390_bus = s390_virtio_bus_init(&ram_size);
@@ -161,6 +154,9 @@ static void s390_init(ram_addr_t ram_size,
ram_addr = qemu_ram_alloc(NULL, "s390.ram", ram_size);
cpu_register_physical_memory(0, ram_size, ram_addr);
+ /* allocate storage keys */
+ storage_keys = qemu_mallocz(ram_size / TARGET_PAGE_SIZE);
+
/* init CPUs */
if (cpu_model == NULL) {
cpu_model = "host";
@@ -178,6 +174,7 @@ static void s390_init(ram_addr_t ram_size,
ipi_states[i] = tmp_env;
tmp_env->halted = 1;
tmp_env->exception_index = EXCP_HLT;
+ tmp_env->storage_keys = storage_keys;
}
env->halted = 0;
@@ -230,8 +227,8 @@ static void s390_init(ram_addr_t ram_size,
}
if (kernel_cmdline) {
- cpu_physical_memory_rw(KERN_PARM_AREA, (uint8_t *)kernel_cmdline,
- strlen(kernel_cmdline), 1);
+ cpu_physical_memory_write(KERN_PARM_AREA, kernel_cmdline,
+ strlen(kernel_cmdline));
}
/* Create VirtIO network adapters */
diff --git a/hw/sm501_template.h b/hw/sm501_template.h
index d1ceef9..2d4a3d8 100644
--- a/hw/sm501_template.h
+++ b/hw/sm501_template.h
@@ -120,7 +120,7 @@ static void glue(draw_hwc_line_, PIXEL_NAME)(SM501State * s, int crt,
/* get pixel value */
if (i % 4 == 0) {
- cpu_physical_memory_rw(cursor_addr, &bitset, 1, 0);
+ bitset = ldub_phys(cursor_addr);
cursor_addr++;
}
v = bitset & 3;
diff --git a/hw/smbus.h b/hw/smbus.h
index 571c52d..a398715 100644
--- a/hw/smbus.h
+++ b/hw/smbus.h
@@ -66,3 +66,6 @@ void smbus_write_word(i2c_bus *bus, uint8_t addr, uint8_t command, uint16_t data
int smbus_read_block(i2c_bus *bus, uint8_t addr, uint8_t command, uint8_t *data);
void smbus_write_block(i2c_bus *bus, uint8_t addr, uint8_t command, uint8_t *data,
int len);
+
+void smbus_eeprom_init(i2c_bus *smbus, int nb_eeprom,
+ const uint8_t *eeprom_spd, int size);
diff --git a/hw/smbus_eeprom.c b/hw/smbus_eeprom.c
index 52463e0..3634754 100644
--- a/hw/smbus_eeprom.c
+++ b/hw/smbus_eeprom.c
@@ -96,7 +96,7 @@ static uint8_t eeprom_read_data(SMBusDevice *dev, uint8_t cmd, int n)
return eeprom_receive_byte(dev);
}
-static int smbus_eeprom_init(SMBusDevice *dev)
+static int smbus_eeprom_initfn(SMBusDevice *dev)
{
SMBusEEPROMDevice *eeprom = (SMBusEEPROMDevice *)dev;
@@ -111,7 +111,7 @@ static SMBusDeviceInfo smbus_eeprom_info = {
DEFINE_PROP_PTR("data", SMBusEEPROMDevice, data),
DEFINE_PROP_END_OF_LIST(),
},
- .init = smbus_eeprom_init,
+ .init = smbus_eeprom_initfn,
.quick_cmd = eeprom_quick_cmd,
.send_byte = eeprom_send_byte,
.receive_byte = eeprom_receive_byte,
@@ -125,3 +125,21 @@ static void smbus_eeprom_register_devices(void)
}
device_init(smbus_eeprom_register_devices)
+
+void smbus_eeprom_init(i2c_bus *smbus, int nb_eeprom,
+ const uint8_t *eeprom_spd, int eeprom_spd_size)
+{
+ int i;
+ uint8_t *eeprom_buf = qemu_mallocz(8 * 256); /* XXX: make this persistent */
+ if (eeprom_spd_size > 0) {
+ memcpy(eeprom_buf, eeprom_spd, eeprom_spd_size);
+ }
+
+ for (i = 0; i < nb_eeprom; i++) {
+ DeviceState *eeprom;
+ eeprom = qdev_create((BusState *)smbus, "smbus-eeprom");
+ qdev_prop_set_uint8(eeprom, "address", 0x50 + i);
+ qdev_prop_set_ptr(eeprom, "data", eeprom_buf + (i * 256));
+ qdev_init_nofail(eeprom);
+ }
+}
diff --git a/hw/spapr.c b/hw/spapr.c
new file mode 100644
index 0000000..1782cc0
--- /dev/null
+++ b/hw/spapr.c
@@ -0,0 +1,475 @@
+/*
+ * QEMU PowerPC pSeries Logical Partition (aka sPAPR) hardware System Emulator
+ *
+ * Copyright (c) 2004-2007 Fabrice Bellard
+ * Copyright (c) 2007 Jocelyn Mayer
+ * Copyright (c) 2010 David Gibson, IBM Corporation.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ */
+#include "sysemu.h"
+#include "hw.h"
+#include "elf.h"
+#include "net.h"
+#include "blockdev.h"
+
+#include "hw/boards.h"
+#include "hw/ppc.h"
+#include "hw/loader.h"
+
+#include "hw/spapr.h"
+#include "hw/spapr_vio.h"
+#include "hw/xics.h"
+
+#include <libfdt.h>
+
+#define KERNEL_LOAD_ADDR 0x00000000
+#define INITRD_LOAD_ADDR 0x02800000
+#define FDT_MAX_SIZE 0x10000
+#define RTAS_MAX_SIZE 0x10000
+#define FW_MAX_SIZE 0x400000
+#define FW_FILE_NAME "slof.bin"
+
+#define MIN_RAM_SLOF 512UL
+
+#define TIMEBASE_FREQ 512000000ULL
+
+#define MAX_CPUS 32
+#define XICS_IRQS 1024
+
+sPAPREnvironment *spapr;
+
+static void *spapr_create_fdt_skel(const char *cpu_model,
+ target_phys_addr_t initrd_base,
+ target_phys_addr_t initrd_size,
+ const char *boot_device,
+ const char *kernel_cmdline,
+ long hash_shift)
+{
+ void *fdt;
+ CPUState *env;
+ uint64_t mem_reg_property[] = { 0, cpu_to_be64(ram_size) };
+ uint32_t start_prop = cpu_to_be32(initrd_base);
+ uint32_t end_prop = cpu_to_be32(initrd_base + initrd_size);
+ uint32_t pft_size_prop[] = {0, cpu_to_be32(hash_shift)};
+ char hypertas_prop[] = "hcall-pft\0hcall-term\0hcall-dabr\0hcall-interrupt"
+ "\0hcall-tce\0hcall-vio\0hcall-splpar";
+ uint32_t interrupt_server_ranges_prop[] = {0, cpu_to_be32(smp_cpus)};
+ int i;
+ char *modelname;
+
+#define _FDT(exp) \
+ do { \
+ int ret = (exp); \
+ if (ret < 0) { \
+ fprintf(stderr, "qemu: error creating device tree: %s: %s\n", \
+ #exp, fdt_strerror(ret)); \
+ exit(1); \
+ } \
+ } while (0)
+
+ fdt = qemu_mallocz(FDT_MAX_SIZE);
+ _FDT((fdt_create(fdt, FDT_MAX_SIZE)));
+
+ _FDT((fdt_finish_reservemap(fdt)));
+
+ /* Root node */
+ _FDT((fdt_begin_node(fdt, "")));
+ _FDT((fdt_property_string(fdt, "device_type", "chrp")));
+ _FDT((fdt_property_string(fdt, "model", "qemu,emulated-pSeries-LPAR")));
+
+ _FDT((fdt_property_cell(fdt, "#address-cells", 0x2)));
+ _FDT((fdt_property_cell(fdt, "#size-cells", 0x2)));
+
+ /* /chosen */
+ _FDT((fdt_begin_node(fdt, "chosen")));
+
+ _FDT((fdt_property_string(fdt, "bootargs", kernel_cmdline)));
+ _FDT((fdt_property(fdt, "linux,initrd-start",
+ &start_prop, sizeof(start_prop))));
+ _FDT((fdt_property(fdt, "linux,initrd-end",
+ &end_prop, sizeof(end_prop))));
+ _FDT((fdt_property_string(fdt, "qemu,boot-device", boot_device)));
+
+ _FDT((fdt_end_node(fdt)));
+
+ /* memory node */
+ _FDT((fdt_begin_node(fdt, "memory@0")));
+
+ _FDT((fdt_property_string(fdt, "device_type", "memory")));
+ _FDT((fdt_property(fdt, "reg",
+ mem_reg_property, sizeof(mem_reg_property))));
+
+ _FDT((fdt_end_node(fdt)));
+
+ /* cpus */
+ _FDT((fdt_begin_node(fdt, "cpus")));
+
+ _FDT((fdt_property_cell(fdt, "#address-cells", 0x1)));
+ _FDT((fdt_property_cell(fdt, "#size-cells", 0x0)));
+
+ modelname = qemu_strdup(cpu_model);
+
+ for (i = 0; i < strlen(modelname); i++) {
+ modelname[i] = toupper(modelname[i]);
+ }
+
+ for (env = first_cpu; env != NULL; env = env->next_cpu) {
+ int index = env->cpu_index;
+ uint32_t gserver_prop[] = {cpu_to_be32(index), 0}; /* HACK! */
+ char *nodename;
+ uint32_t segs[] = {cpu_to_be32(28), cpu_to_be32(40),
+ 0xffffffff, 0xffffffff};
+
+ if (asprintf(&nodename, "%s@%x", modelname, index) < 0) {
+ fprintf(stderr, "Allocation failure\n");
+ exit(1);
+ }
+
+ _FDT((fdt_begin_node(fdt, nodename)));
+
+ free(nodename);
+
+ _FDT((fdt_property_cell(fdt, "reg", index)));
+ _FDT((fdt_property_string(fdt, "device_type", "cpu")));
+
+ _FDT((fdt_property_cell(fdt, "cpu-version", env->spr[SPR_PVR])));
+ _FDT((fdt_property_cell(fdt, "dcache-block-size",
+ env->dcache_line_size)));
+ _FDT((fdt_property_cell(fdt, "icache-block-size",
+ env->icache_line_size)));
+ _FDT((fdt_property_cell(fdt, "timebase-frequency", TIMEBASE_FREQ)));
+ /* Hardcode CPU frequency for now. It's kind of arbitrary on
+ * full emu, for kvm we should copy it from the host */
+ _FDT((fdt_property_cell(fdt, "clock-frequency", 1000000000)));
+ _FDT((fdt_property_cell(fdt, "ibm,slb-size", env->slb_nr)));
+ _FDT((fdt_property(fdt, "ibm,pft-size",
+ pft_size_prop, sizeof(pft_size_prop))));
+ _FDT((fdt_property_string(fdt, "status", "okay")));
+ _FDT((fdt_property(fdt, "64-bit", NULL, 0)));
+ _FDT((fdt_property_cell(fdt, "ibm,ppc-interrupt-server#s", index)));
+ _FDT((fdt_property(fdt, "ibm,ppc-interrupt-gserver#s",
+ gserver_prop, sizeof(gserver_prop))));
+
+ if (env->mmu_model & POWERPC_MMU_1TSEG) {
+ _FDT((fdt_property(fdt, "ibm,processor-segment-sizes",
+ segs, sizeof(segs))));
+ }
+
+ _FDT((fdt_end_node(fdt)));
+ }
+
+ qemu_free(modelname);
+
+ _FDT((fdt_end_node(fdt)));
+
+ /* RTAS */
+ _FDT((fdt_begin_node(fdt, "rtas")));
+
+ _FDT((fdt_property(fdt, "ibm,hypertas-functions", hypertas_prop,
+ sizeof(hypertas_prop))));
+
+ _FDT((fdt_end_node(fdt)));
+
+ /* interrupt controller */
+ _FDT((fdt_begin_node(fdt, "interrupt-controller@0")));
+
+ _FDT((fdt_property_string(fdt, "device_type",
+ "PowerPC-External-Interrupt-Presentation")));
+ _FDT((fdt_property_string(fdt, "compatible", "IBM,ppc-xicp")));
+ _FDT((fdt_property_cell(fdt, "reg", 0)));
+ _FDT((fdt_property(fdt, "interrupt-controller", NULL, 0)));
+ _FDT((fdt_property(fdt, "ibm,interrupt-server-ranges",
+ interrupt_server_ranges_prop,
+ sizeof(interrupt_server_ranges_prop))));
+
+ _FDT((fdt_end_node(fdt)));
+
+ /* vdevice */
+ _FDT((fdt_begin_node(fdt, "vdevice")));
+
+ _FDT((fdt_property_string(fdt, "device_type", "vdevice")));
+ _FDT((fdt_property_string(fdt, "compatible", "IBM,vdevice")));
+ _FDT((fdt_property_cell(fdt, "#address-cells", 0x1)));
+ _FDT((fdt_property_cell(fdt, "#size-cells", 0x0)));
+ _FDT((fdt_property_cell(fdt, "#interrupt-cells", 0x2)));
+ _FDT((fdt_property(fdt, "interrupt-controller", NULL, 0)));
+
+ _FDT((fdt_end_node(fdt)));
+
+ _FDT((fdt_end_node(fdt))); /* close root node */
+ _FDT((fdt_finish(fdt)));
+
+ return fdt;
+}
+
+static void spapr_finalize_fdt(sPAPREnvironment *spapr,
+ target_phys_addr_t fdt_addr,
+ target_phys_addr_t rtas_addr,
+ target_phys_addr_t rtas_size)
+{
+ int ret;
+ void *fdt;
+
+ fdt = qemu_malloc(FDT_MAX_SIZE);
+
+ /* open out the base tree into a temp buffer for the final tweaks */
+ _FDT((fdt_open_into(spapr->fdt_skel, fdt, FDT_MAX_SIZE)));
+
+ ret = spapr_populate_vdevice(spapr->vio_bus, fdt);
+ if (ret < 0) {
+ fprintf(stderr, "couldn't setup vio devices in fdt\n");
+ exit(1);
+ }
+
+ /* RTAS */
+ ret = spapr_rtas_device_tree_setup(fdt, rtas_addr, rtas_size);
+ if (ret < 0) {
+ fprintf(stderr, "Couldn't set up RTAS device tree properties\n");
+ }
+
+ _FDT((fdt_pack(fdt)));
+
+ cpu_physical_memory_write(fdt_addr, fdt, fdt_totalsize(fdt));
+
+ qemu_free(fdt);
+}
+
+static uint64_t translate_kernel_address(void *opaque, uint64_t addr)
+{
+ return (addr & 0x0fffffff) + KERNEL_LOAD_ADDR;
+}
+
+static void emulate_spapr_hypercall(CPUState *env)
+{
+ env->gpr[3] = spapr_hypercall(env, env->gpr[3], &env->gpr[4]);
+}
+
+static void spapr_reset(void *opaque)
+{
+ sPAPREnvironment *spapr = (sPAPREnvironment *)opaque;
+
+ fprintf(stderr, "sPAPR reset\n");
+
+ /* flush out the hash table */
+ memset(spapr->htab, 0, spapr->htab_size);
+
+ /* Load the fdt */
+ spapr_finalize_fdt(spapr, spapr->fdt_addr, spapr->rtas_addr,
+ spapr->rtas_size);
+
+ /* Set up the entry state */
+ first_cpu->gpr[3] = spapr->fdt_addr;
+ first_cpu->gpr[5] = 0;
+ first_cpu->halted = 0;
+ first_cpu->nip = spapr->entry_point;
+
+}
+
+/* pSeries LPAR / sPAPR hardware init */
+static void ppc_spapr_init(ram_addr_t ram_size,
+ const char *boot_device,
+ const char *kernel_filename,
+ const char *kernel_cmdline,
+ const char *initrd_filename,
+ const char *cpu_model)
+{
+ CPUState *env;
+ int i;
+ ram_addr_t ram_offset;
+ uint32_t initrd_base;
+ long kernel_size, initrd_size, fw_size;
+ long pteg_shift = 17;
+ char *filename;
+ int irq = 16;
+
+ spapr = qemu_malloc(sizeof(*spapr));
+ cpu_ppc_hypercall = emulate_spapr_hypercall;
+
+ /* We place the device tree just below either the top of RAM, or
+ * 2GB, so that it can be processed with 32-bit code if
+ * necessary */
+ spapr->fdt_addr = MIN(ram_size, 0x80000000) - FDT_MAX_SIZE;
+ spapr->rtas_addr = spapr->fdt_addr - RTAS_MAX_SIZE;
+
+ /* init CPUs */
+ if (cpu_model == NULL) {
+ cpu_model = "POWER7";
+ }
+ for (i = 0; i < smp_cpus; i++) {
+ env = cpu_init(cpu_model);
+
+ if (!env) {
+ fprintf(stderr, "Unable to find PowerPC CPU definition\n");
+ exit(1);
+ }
+ /* Set time-base frequency to 512 MHz */
+ cpu_ppc_tb_init(env, TIMEBASE_FREQ);
+ qemu_register_reset((QEMUResetHandler *)&cpu_reset, env);
+
+ env->hreset_vector = 0x60;
+ env->hreset_excp_prefix = 0;
+ env->gpr[3] = env->cpu_index;
+ }
+
+ /* allocate RAM */
+ ram_offset = qemu_ram_alloc(NULL, "ppc_spapr.ram", ram_size);
+ cpu_register_physical_memory(0, ram_size, ram_offset);
+
+ /* allocate hash page table. For now we always make this 16mb,
+ * later we should probably make it scale to the size of guest
+ * RAM */
+ spapr->htab_size = 1ULL << (pteg_shift + 7);
+ spapr->htab = qemu_malloc(spapr->htab_size);
+
+ for (env = first_cpu; env != NULL; env = env->next_cpu) {
+ env->external_htab = spapr->htab;
+ env->htab_base = -1;
+ env->htab_mask = spapr->htab_size - 1;
+ }
+
+ filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, "spapr-rtas.bin");
+ spapr->rtas_size = load_image_targphys(filename, spapr->rtas_addr,
+ ram_size - spapr->rtas_addr);
+ if (spapr->rtas_size < 0) {
+ hw_error("qemu: could not load LPAR rtas '%s'\n", filename);
+ exit(1);
+ }
+ qemu_free(filename);
+
+ /* Set up Interrupt Controller */
+ spapr->icp = xics_system_init(XICS_IRQS);
+
+ /* Set up VIO bus */
+ spapr->vio_bus = spapr_vio_bus_init();
+
+ for (i = 0; i < MAX_SERIAL_PORTS; i++, irq++) {
+ if (serial_hds[i]) {
+ spapr_vty_create(spapr->vio_bus, i, serial_hds[i],
+ xics_find_qirq(spapr->icp, irq), irq);
+ }
+ }
+
+ for (i = 0; i < nb_nics; i++, irq++) {
+ NICInfo *nd = &nd_table[i];
+
+ if (!nd->model) {
+ nd->model = qemu_strdup("ibmveth");
+ }
+
+ if (strcmp(nd->model, "ibmveth") == 0) {
+ spapr_vlan_create(spapr->vio_bus, 0x1000 + i, nd,
+ xics_find_qirq(spapr->icp, irq), irq);
+ } else {
+ fprintf(stderr, "pSeries (sPAPR) platform does not support "
+ "NIC model '%s' (only ibmveth is supported)\n",
+ nd->model);
+ exit(1);
+ }
+ }
+
+ for (i = 0; i <= drive_get_max_bus(IF_SCSI); i++) {
+ spapr_vscsi_create(spapr->vio_bus, 0x2000 + i,
+ xics_find_qirq(spapr->icp, irq), irq);
+ irq++;
+ }
+
+ if (kernel_filename) {
+ uint64_t lowaddr = 0;
+
+ kernel_size = load_elf(kernel_filename, translate_kernel_address, NULL,
+ NULL, &lowaddr, NULL, 1, ELF_MACHINE, 0);
+ if (kernel_size < 0) {
+ kernel_size = load_image_targphys(kernel_filename,
+ KERNEL_LOAD_ADDR,
+ ram_size - KERNEL_LOAD_ADDR);
+ }
+ if (kernel_size < 0) {
+ fprintf(stderr, "qemu: could not load kernel '%s'\n",
+ kernel_filename);
+ exit(1);
+ }
+
+ /* load initrd */
+ if (initrd_filename) {
+ initrd_base = INITRD_LOAD_ADDR;
+ initrd_size = load_image_targphys(initrd_filename, initrd_base,
+ ram_size - initrd_base);
+ if (initrd_size < 0) {
+ fprintf(stderr, "qemu: could not load initial ram disk '%s'\n",
+ initrd_filename);
+ exit(1);
+ }
+ } else {
+ initrd_base = 0;
+ initrd_size = 0;
+ }
+
+ spapr->entry_point = KERNEL_LOAD_ADDR;
+ } else {
+ if (ram_size < (MIN_RAM_SLOF << 20)) {
+ fprintf(stderr, "qemu: pSeries SLOF firmware requires >= "
+ "%ldM guest RAM\n", MIN_RAM_SLOF);
+ exit(1);
+ }
+ filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, "slof.bin");
+ fw_size = load_image_targphys(filename, 0, FW_MAX_SIZE);
+ if (fw_size < 0) {
+ hw_error("qemu: could not load LPAR rtas '%s'\n", filename);
+ exit(1);
+ }
+ qemu_free(filename);
+ spapr->entry_point = 0x100;
+ initrd_base = 0;
+ initrd_size = 0;
+
+ /* SLOF will startup the secondary CPUs using RTAS,
+ rather than expecting a kexec() style entry */
+ for (env = first_cpu; env != NULL; env = env->next_cpu) {
+ env->halted = 1;
+ }
+ }
+
+ /* Prepare the device tree */
+ spapr->fdt_skel = spapr_create_fdt_skel(cpu_model,
+ initrd_base, initrd_size,
+ boot_device, kernel_cmdline,
+ pteg_shift + 7);
+ assert(spapr->fdt_skel != NULL);
+
+ qemu_register_reset(spapr_reset, spapr);
+}
+
+static QEMUMachine spapr_machine = {
+ .name = "pseries",
+ .desc = "pSeries Logical Partition (PAPR compliant)",
+ .init = ppc_spapr_init,
+ .max_cpus = MAX_CPUS,
+ .no_vga = 1,
+ .no_parallel = 1,
+ .use_scsi = 1,
+};
+
+static void spapr_machine_init(void)
+{
+ qemu_register_machine(&spapr_machine);
+}
+
+machine_init(spapr_machine_init);
diff --git a/hw/spapr.h b/hw/spapr.h
new file mode 100644
index 0000000..b52133a
--- /dev/null
+++ b/hw/spapr.h
@@ -0,0 +1,301 @@
+#if !defined(__HW_SPAPR_H__)
+#define __HW_SPAPR_H__
+
+struct VIOsPAPRBus;
+struct icp_state;
+
+typedef struct sPAPREnvironment {
+ struct VIOsPAPRBus *vio_bus;
+ struct icp_state *icp;
+
+ void *htab;
+ long htab_size;
+ target_phys_addr_t fdt_addr, rtas_addr;
+ long rtas_size;
+ void *fdt_skel;
+ target_ulong entry_point;
+} sPAPREnvironment;
+
+#define H_SUCCESS 0
+#define H_BUSY 1 /* Hardware busy -- retry later */
+#define H_CLOSED 2 /* Resource closed */
+#define H_NOT_AVAILABLE 3
+#define H_CONSTRAINED 4 /* Resource request constrained to max allowed */
+#define H_PARTIAL 5
+#define H_IN_PROGRESS 14 /* Kind of like busy */
+#define H_PAGE_REGISTERED 15
+#define H_PARTIAL_STORE 16
+#define H_PENDING 17 /* returned from H_POLL_PENDING */
+#define H_CONTINUE 18 /* Returned from H_Join on success */
+#define H_LONG_BUSY_START_RANGE 9900 /* Start of long busy range */
+#define H_LONG_BUSY_ORDER_1_MSEC 9900 /* Long busy, hint that 1msec \
+ is a good time to retry */
+#define H_LONG_BUSY_ORDER_10_MSEC 9901 /* Long busy, hint that 10msec \
+ is a good time to retry */
+#define H_LONG_BUSY_ORDER_100_MSEC 9902 /* Long busy, hint that 100msec \
+ is a good time to retry */
+#define H_LONG_BUSY_ORDER_1_SEC 9903 /* Long busy, hint that 1sec \
+ is a good time to retry */
+#define H_LONG_BUSY_ORDER_10_SEC 9904 /* Long busy, hint that 10sec \
+ is a good time to retry */
+#define H_LONG_BUSY_ORDER_100_SEC 9905 /* Long busy, hint that 100sec \
+ is a good time to retry */
+#define H_LONG_BUSY_END_RANGE 9905 /* End of long busy range */
+#define H_HARDWARE -1 /* Hardware error */
+#define H_FUNCTION -2 /* Function not supported */
+#define H_PRIVILEGE -3 /* Caller not privileged */
+#define H_PARAMETER -4 /* Parameter invalid, out-of-range or conflicting */
+#define H_BAD_MODE -5 /* Illegal msr value */
+#define H_PTEG_FULL -6 /* PTEG is full */
+#define H_NOT_FOUND -7 /* PTE was not found" */
+#define H_RESERVED_DABR -8 /* DABR address is reserved by the hypervisor on this processor" */
+#define H_NO_MEM -9
+#define H_AUTHORITY -10
+#define H_PERMISSION -11
+#define H_DROPPED -12
+#define H_SOURCE_PARM -13
+#define H_DEST_PARM -14
+#define H_REMOTE_PARM -15
+#define H_RESOURCE -16
+#define H_ADAPTER_PARM -17
+#define H_RH_PARM -18
+#define H_RCQ_PARM -19
+#define H_SCQ_PARM -20
+#define H_EQ_PARM -21
+#define H_RT_PARM -22
+#define H_ST_PARM -23
+#define H_SIGT_PARM -24
+#define H_TOKEN_PARM -25
+#define H_MLENGTH_PARM -27
+#define H_MEM_PARM -28
+#define H_MEM_ACCESS_PARM -29
+#define H_ATTR_PARM -30
+#define H_PORT_PARM -31
+#define H_MCG_PARM -32
+#define H_VL_PARM -33
+#define H_TSIZE_PARM -34
+#define H_TRACE_PARM -35
+
+#define H_MASK_PARM -37
+#define H_MCG_FULL -38
+#define H_ALIAS_EXIST -39
+#define H_P_COUNTER -40
+#define H_TABLE_FULL -41
+#define H_ALT_TABLE -42
+#define H_MR_CONDITION -43
+#define H_NOT_ENOUGH_RESOURCES -44
+#define H_R_STATE -45
+#define H_RESCINDEND -46
+#define H_MULTI_THREADS_ACTIVE -9005
+
+
+/* Long Busy is a condition that can be returned by the firmware
+ * when a call cannot be completed now, but the identical call
+ * should be retried later. This prevents calls blocking in the
+ * firmware for long periods of time. Annoyingly the firmware can return
+ * a range of return codes, hinting at how long we should wait before
+ * retrying. If you don't care for the hint, the macro below is a good
+ * way to check for the long_busy return codes
+ */
+#define H_IS_LONG_BUSY(x) ((x >= H_LONG_BUSY_START_RANGE) \
+ && (x <= H_LONG_BUSY_END_RANGE))
+
+/* Flags */
+#define H_LARGE_PAGE (1ULL<<(63-16))
+#define H_EXACT (1ULL<<(63-24)) /* Use exact PTE or return H_PTEG_FULL */
+#define H_R_XLATE (1ULL<<(63-25)) /* include a valid logical page num in the pte if the valid bit is set */
+#define H_READ_4 (1ULL<<(63-26)) /* Return 4 PTEs */
+#define H_PAGE_STATE_CHANGE (1ULL<<(63-28))
+#define H_PAGE_UNUSED ((1ULL<<(63-29)) | (1ULL<<(63-30)))
+#define H_PAGE_SET_UNUSED (H_PAGE_STATE_CHANGE | H_PAGE_UNUSED)
+#define H_PAGE_SET_LOANED (H_PAGE_SET_UNUSED | (1ULL<<(63-31)))
+#define H_PAGE_SET_ACTIVE H_PAGE_STATE_CHANGE
+#define H_AVPN (1ULL<<(63-32)) /* An avpn is provided as a sanity test */
+#define H_ANDCOND (1ULL<<(63-33))
+#define H_ICACHE_INVALIDATE (1ULL<<(63-40)) /* icbi, etc. (ignored for IO pages) */
+#define H_ICACHE_SYNCHRONIZE (1ULL<<(63-41)) /* dcbst, icbi, etc (ignored for IO pages */
+#define H_ZERO_PAGE (1ULL<<(63-48)) /* zero the page before mapping (ignored for IO pages) */
+#define H_COPY_PAGE (1ULL<<(63-49))
+#define H_N (1ULL<<(63-61))
+#define H_PP1 (1ULL<<(63-62))
+#define H_PP2 (1ULL<<(63-63))
+
+/* VASI States */
+#define H_VASI_INVALID 0
+#define H_VASI_ENABLED 1
+#define H_VASI_ABORTED 2
+#define H_VASI_SUSPENDING 3
+#define H_VASI_SUSPENDED 4
+#define H_VASI_RESUMED 5
+#define H_VASI_COMPLETED 6
+
+/* DABRX flags */
+#define H_DABRX_HYPERVISOR (1ULL<<(63-61))
+#define H_DABRX_KERNEL (1ULL<<(63-62))
+#define H_DABRX_USER (1ULL<<(63-63))
+
+/* Each control block has to be on a 4K bondary */
+#define H_CB_ALIGNMENT 4096
+
+/* pSeries hypervisor opcodes */
+#define H_REMOVE 0x04
+#define H_ENTER 0x08
+#define H_READ 0x0c
+#define H_CLEAR_MOD 0x10
+#define H_CLEAR_REF 0x14
+#define H_PROTECT 0x18
+#define H_GET_TCE 0x1c
+#define H_PUT_TCE 0x20
+#define H_SET_SPRG0 0x24
+#define H_SET_DABR 0x28
+#define H_PAGE_INIT 0x2c
+#define H_SET_ASR 0x30
+#define H_ASR_ON 0x34
+#define H_ASR_OFF 0x38
+#define H_LOGICAL_CI_LOAD 0x3c
+#define H_LOGICAL_CI_STORE 0x40
+#define H_LOGICAL_CACHE_LOAD 0x44
+#define H_LOGICAL_CACHE_STORE 0x48
+#define H_LOGICAL_ICBI 0x4c
+#define H_LOGICAL_DCBF 0x50
+#define H_GET_TERM_CHAR 0x54
+#define H_PUT_TERM_CHAR 0x58
+#define H_REAL_TO_LOGICAL 0x5c
+#define H_HYPERVISOR_DATA 0x60
+#define H_EOI 0x64
+#define H_CPPR 0x68
+#define H_IPI 0x6c
+#define H_IPOLL 0x70
+#define H_XIRR 0x74
+#define H_PERFMON 0x7c
+#define H_MIGRATE_DMA 0x78
+#define H_REGISTER_VPA 0xDC
+#define H_CEDE 0xE0
+#define H_CONFER 0xE4
+#define H_PROD 0xE8
+#define H_GET_PPP 0xEC
+#define H_SET_PPP 0xF0
+#define H_PURR 0xF4
+#define H_PIC 0xF8
+#define H_REG_CRQ 0xFC
+#define H_FREE_CRQ 0x100
+#define H_VIO_SIGNAL 0x104
+#define H_SEND_CRQ 0x108
+#define H_COPY_RDMA 0x110
+#define H_REGISTER_LOGICAL_LAN 0x114
+#define H_FREE_LOGICAL_LAN 0x118
+#define H_ADD_LOGICAL_LAN_BUFFER 0x11C
+#define H_SEND_LOGICAL_LAN 0x120
+#define H_BULK_REMOVE 0x124
+#define H_MULTICAST_CTRL 0x130
+#define H_SET_XDABR 0x134
+#define H_STUFF_TCE 0x138
+#define H_PUT_TCE_INDIRECT 0x13C
+#define H_CHANGE_LOGICAL_LAN_MAC 0x14C
+#define H_VTERM_PARTNER_INFO 0x150
+#define H_REGISTER_VTERM 0x154
+#define H_FREE_VTERM 0x158
+#define H_RESET_EVENTS 0x15C
+#define H_ALLOC_RESOURCE 0x160
+#define H_FREE_RESOURCE 0x164
+#define H_MODIFY_QP 0x168
+#define H_QUERY_QP 0x16C
+#define H_REREGISTER_PMR 0x170
+#define H_REGISTER_SMR 0x174
+#define H_QUERY_MR 0x178
+#define H_QUERY_MW 0x17C
+#define H_QUERY_HCA 0x180
+#define H_QUERY_PORT 0x184
+#define H_MODIFY_PORT 0x188
+#define H_DEFINE_AQP1 0x18C
+#define H_GET_TRACE_BUFFER 0x190
+#define H_DEFINE_AQP0 0x194
+#define H_RESIZE_MR 0x198
+#define H_ATTACH_MCQP 0x19C
+#define H_DETACH_MCQP 0x1A0
+#define H_CREATE_RPT 0x1A4
+#define H_REMOVE_RPT 0x1A8
+#define H_REGISTER_RPAGES 0x1AC
+#define H_DISABLE_AND_GETC 0x1B0
+#define H_ERROR_DATA 0x1B4
+#define H_GET_HCA_INFO 0x1B8
+#define H_GET_PERF_COUNT 0x1BC
+#define H_MANAGE_TRACE 0x1C0
+#define H_FREE_LOGICAL_LAN_BUFFER 0x1D4
+#define H_QUERY_INT_STATE 0x1E4
+#define H_POLL_PENDING 0x1D8
+#define H_ILLAN_ATTRIBUTES 0x244
+#define H_MODIFY_HEA_QP 0x250
+#define H_QUERY_HEA_QP 0x254
+#define H_QUERY_HEA 0x258
+#define H_QUERY_HEA_PORT 0x25C
+#define H_MODIFY_HEA_PORT 0x260
+#define H_REG_BCMC 0x264
+#define H_DEREG_BCMC 0x268
+#define H_REGISTER_HEA_RPAGES 0x26C
+#define H_DISABLE_AND_GET_HEA 0x270
+#define H_GET_HEA_INFO 0x274
+#define H_ALLOC_HEA_RESOURCE 0x278
+#define H_ADD_CONN 0x284
+#define H_DEL_CONN 0x288
+#define H_JOIN 0x298
+#define H_VASI_STATE 0x2A4
+#define H_ENABLE_CRQ 0x2B0
+#define H_GET_EM_PARMS 0x2B8
+#define H_SET_MPP 0x2D0
+#define H_GET_MPP 0x2D4
+#define MAX_HCALL_OPCODE H_GET_MPP
+
+/* The hcalls above are standardized in PAPR and implemented by pHyp
+ * as well.
+ *
+ * We also need some hcalls which are specific to qemu / KVM-on-POWER.
+ * So far we just need one for H_RTAS, but in future we'll need more
+ * for extensions like virtio. We put those into the 0xf000-0xfffc
+ * range which is reserved by PAPR for "platform-specific" hcalls.
+ */
+#define KVMPPC_HCALL_BASE 0xf000
+#define KVMPPC_H_RTAS (KVMPPC_HCALL_BASE + 0x0)
+#define KVMPPC_HCALL_MAX KVMPPC_H_RTAS
+
+extern sPAPREnvironment *spapr;
+
+/*#define DEBUG_SPAPR_HCALLS*/
+
+#ifdef DEBUG_SPAPR_HCALLS
+#define hcall_dprintf(fmt, ...) \
+ do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
+#else
+#define hcall_dprintf(fmt, ...) \
+ do { } while (0)
+#endif
+
+typedef target_ulong (*spapr_hcall_fn)(CPUState *env, sPAPREnvironment *spapr,
+ target_ulong opcode,
+ target_ulong *args);
+
+void spapr_register_hypercall(target_ulong opcode, spapr_hcall_fn fn);
+target_ulong spapr_hypercall(CPUState *env, target_ulong opcode,
+ target_ulong *args);
+
+static inline uint32_t rtas_ld(target_ulong phys, int n)
+{
+ return ldl_phys(phys + 4*n);
+}
+
+static inline void rtas_st(target_ulong phys, int n, uint32_t val)
+{
+ stl_phys(phys + 4*n, val);
+}
+
+typedef void (*spapr_rtas_fn)(sPAPREnvironment *spapr, uint32_t token,
+ uint32_t nargs, target_ulong args,
+ uint32_t nret, target_ulong rets);
+void spapr_rtas_register(const char *name, spapr_rtas_fn fn);
+target_ulong spapr_rtas_call(sPAPREnvironment *spapr,
+ uint32_t token, uint32_t nargs, target_ulong args,
+ uint32_t nret, target_ulong rets);
+int spapr_rtas_device_tree_setup(void *fdt, target_phys_addr_t rtas_addr,
+ target_phys_addr_t rtas_size);
+
+#endif /* !defined (__HW_SPAPR_H__) */
diff --git a/hw/spapr_hcall.c b/hw/spapr_hcall.c
new file mode 100644
index 0000000..f88e1d2
--- /dev/null
+++ b/hw/spapr_hcall.c
@@ -0,0 +1,525 @@
+#include "sysemu.h"
+#include "cpu.h"
+#include "qemu-char.h"
+#include "sysemu.h"
+#include "qemu-char.h"
+#include "exec-all.h"
+#include "exec.h"
+#include "helper_regs.h"
+#include "hw/spapr.h"
+
+#define HPTES_PER_GROUP 8
+
+#define HPTE_V_SSIZE_SHIFT 62
+#define HPTE_V_AVPN_SHIFT 7
+#define HPTE_V_AVPN 0x3fffffffffffff80ULL
+#define HPTE_V_AVPN_VAL(x) (((x) & HPTE_V_AVPN) >> HPTE_V_AVPN_SHIFT)
+#define HPTE_V_COMPARE(x, y) (!(((x) ^ (y)) & 0xffffffffffffff80UL))
+#define HPTE_V_BOLTED 0x0000000000000010ULL
+#define HPTE_V_LOCK 0x0000000000000008ULL
+#define HPTE_V_LARGE 0x0000000000000004ULL
+#define HPTE_V_SECONDARY 0x0000000000000002ULL
+#define HPTE_V_VALID 0x0000000000000001ULL
+
+#define HPTE_R_PP0 0x8000000000000000ULL
+#define HPTE_R_TS 0x4000000000000000ULL
+#define HPTE_R_KEY_HI 0x3000000000000000ULL
+#define HPTE_R_RPN_SHIFT 12
+#define HPTE_R_RPN 0x3ffffffffffff000ULL
+#define HPTE_R_FLAGS 0x00000000000003ffULL
+#define HPTE_R_PP 0x0000000000000003ULL
+#define HPTE_R_N 0x0000000000000004ULL
+#define HPTE_R_G 0x0000000000000008ULL
+#define HPTE_R_M 0x0000000000000010ULL
+#define HPTE_R_I 0x0000000000000020ULL
+#define HPTE_R_W 0x0000000000000040ULL
+#define HPTE_R_WIMG 0x0000000000000078ULL
+#define HPTE_R_C 0x0000000000000080ULL
+#define HPTE_R_R 0x0000000000000100ULL
+#define HPTE_R_KEY_LO 0x0000000000000e00ULL
+
+#define HPTE_V_1TB_SEG 0x4000000000000000ULL
+#define HPTE_V_VRMA_MASK 0x4001ffffff000000ULL
+
+#define HPTE_V_HVLOCK 0x40ULL
+
+static inline int lock_hpte(void *hpte, target_ulong bits)
+{
+ uint64_t pteh;
+
+ pteh = ldq_p(hpte);
+
+ /* We're protected by qemu's global lock here */
+ if (pteh & bits) {
+ return 0;
+ }
+ stq_p(hpte, pteh | HPTE_V_HVLOCK);
+ return 1;
+}
+
+static target_ulong compute_tlbie_rb(target_ulong v, target_ulong r,
+ target_ulong pte_index)
+{
+ target_ulong rb, va_low;
+
+ rb = (v & ~0x7fULL) << 16; /* AVA field */
+ va_low = pte_index >> 3;
+ if (v & HPTE_V_SECONDARY) {
+ va_low = ~va_low;
+ }
+ /* xor vsid from AVA */
+ if (!(v & HPTE_V_1TB_SEG)) {
+ va_low ^= v >> 12;
+ } else {
+ va_low ^= v >> 24;
+ }
+ va_low &= 0x7ff;
+ if (v & HPTE_V_LARGE) {
+ rb |= 1; /* L field */
+#if 0 /* Disable that P7 specific bit for now */
+ if (r & 0xff000) {
+ /* non-16MB large page, must be 64k */
+ /* (masks depend on page size) */
+ rb |= 0x1000; /* page encoding in LP field */
+ rb |= (va_low & 0x7f) << 16; /* 7b of VA in AVA/LP field */
+ rb |= (va_low & 0xfe); /* AVAL field */
+ }
+#endif
+ } else {
+ /* 4kB page */
+ rb |= (va_low & 0x7ff) << 12; /* remaining 11b of AVA */
+ }
+ rb |= (v >> 54) & 0x300; /* B field */
+ return rb;
+}
+
+static target_ulong h_enter(CPUState *env, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ target_ulong flags = args[0];
+ target_ulong pte_index = args[1];
+ target_ulong pteh = args[2];
+ target_ulong ptel = args[3];
+ target_ulong porder;
+ target_ulong i, pa;
+ uint8_t *hpte;
+
+ /* only handle 4k and 16M pages for now */
+ porder = 12;
+ if (pteh & HPTE_V_LARGE) {
+#if 0 /* We don't support 64k pages yet */
+ if ((ptel & 0xf000) == 0x1000) {
+ /* 64k page */
+ porder = 16;
+ } else
+#endif
+ if ((ptel & 0xff000) == 0) {
+ /* 16M page */
+ porder = 24;
+ /* lowest AVA bit must be 0 for 16M pages */
+ if (pteh & 0x80) {
+ return H_PARAMETER;
+ }
+ } else {
+ return H_PARAMETER;
+ }
+ }
+
+ pa = ptel & HPTE_R_RPN;
+ /* FIXME: bounds check the pa? */
+
+ /* Check WIMG */
+ if ((ptel & HPTE_R_WIMG) != HPTE_R_M) {
+ return H_PARAMETER;
+ }
+ pteh &= ~0x60ULL;
+
+ if ((pte_index * HASH_PTE_SIZE_64) & ~env->htab_mask) {
+ return H_PARAMETER;
+ }
+ if (likely((flags & H_EXACT) == 0)) {
+ pte_index &= ~7ULL;
+ hpte = env->external_htab + (pte_index * HASH_PTE_SIZE_64);
+ for (i = 0; ; ++i) {
+ if (i == 8) {
+ return H_PTEG_FULL;
+ }
+ if (((ldq_p(hpte) & HPTE_V_VALID) == 0) &&
+ lock_hpte(hpte, HPTE_V_HVLOCK | HPTE_V_VALID)) {
+ break;
+ }
+ hpte += HASH_PTE_SIZE_64;
+ }
+ } else {
+ i = 0;
+ hpte = env->external_htab + (pte_index * HASH_PTE_SIZE_64);
+ if (!lock_hpte(hpte, HPTE_V_HVLOCK | HPTE_V_VALID)) {
+ return H_PTEG_FULL;
+ }
+ }
+ stq_p(hpte + (HASH_PTE_SIZE_64/2), ptel);
+ /* eieio(); FIXME: need some sort of barrier for smp? */
+ stq_p(hpte, pteh);
+
+ assert(!(ldq_p(hpte) & HPTE_V_HVLOCK));
+ args[0] = pte_index + i;
+ return H_SUCCESS;
+}
+
+static target_ulong h_remove(CPUState *env, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ target_ulong flags = args[0];
+ target_ulong pte_index = args[1];
+ target_ulong avpn = args[2];
+ uint8_t *hpte;
+ target_ulong v, r, rb;
+
+ if ((pte_index * HASH_PTE_SIZE_64) & ~env->htab_mask) {
+ return H_PARAMETER;
+ }
+
+ hpte = env->external_htab + (pte_index * HASH_PTE_SIZE_64);
+ while (!lock_hpte(hpte, HPTE_V_HVLOCK)) {
+ /* We have no real concurrency in qemu soft-emulation, so we
+ * will never actually have a contested lock */
+ assert(0);
+ }
+
+ v = ldq_p(hpte);
+ r = ldq_p(hpte + (HASH_PTE_SIZE_64/2));
+
+ if ((v & HPTE_V_VALID) == 0 ||
+ ((flags & H_AVPN) && (v & ~0x7fULL) != avpn) ||
+ ((flags & H_ANDCOND) && (v & avpn) != 0)) {
+ stq_p(hpte, v & ~HPTE_V_HVLOCK);
+ assert(!(ldq_p(hpte) & HPTE_V_HVLOCK));
+ return H_NOT_FOUND;
+ }
+ args[0] = v & ~HPTE_V_HVLOCK;
+ args[1] = r;
+ stq_p(hpte, 0);
+ rb = compute_tlbie_rb(v, r, pte_index);
+ ppc_tlb_invalidate_one(env, rb);
+ assert(!(ldq_p(hpte) & HPTE_V_HVLOCK));
+ return H_SUCCESS;
+}
+
+static target_ulong h_protect(CPUState *env, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ target_ulong flags = args[0];
+ target_ulong pte_index = args[1];
+ target_ulong avpn = args[2];
+ uint8_t *hpte;
+ target_ulong v, r, rb;
+
+ if ((pte_index * HASH_PTE_SIZE_64) & ~env->htab_mask) {
+ return H_PARAMETER;
+ }
+
+ hpte = env->external_htab + (pte_index * HASH_PTE_SIZE_64);
+ while (!lock_hpte(hpte, HPTE_V_HVLOCK)) {
+ /* We have no real concurrency in qemu soft-emulation, so we
+ * will never actually have a contested lock */
+ assert(0);
+ }
+
+ v = ldq_p(hpte);
+ r = ldq_p(hpte + (HASH_PTE_SIZE_64/2));
+
+ if ((v & HPTE_V_VALID) == 0 ||
+ ((flags & H_AVPN) && (v & ~0x7fULL) != avpn)) {
+ stq_p(hpte, v & ~HPTE_V_HVLOCK);
+ assert(!(ldq_p(hpte) & HPTE_V_HVLOCK));
+ return H_NOT_FOUND;
+ }
+
+ r &= ~(HPTE_R_PP0 | HPTE_R_PP | HPTE_R_N |
+ HPTE_R_KEY_HI | HPTE_R_KEY_LO);
+ r |= (flags << 55) & HPTE_R_PP0;
+ r |= (flags << 48) & HPTE_R_KEY_HI;
+ r |= flags & (HPTE_R_PP | HPTE_R_N | HPTE_R_KEY_LO);
+ rb = compute_tlbie_rb(v, r, pte_index);
+ stq_p(hpte, v & ~HPTE_V_VALID);
+ ppc_tlb_invalidate_one(env, rb);
+ stq_p(hpte + (HASH_PTE_SIZE_64/2), r);
+ /* Don't need a memory barrier, due to qemu's global lock */
+ stq_p(hpte, v & ~HPTE_V_HVLOCK);
+ assert(!(ldq_p(hpte) & HPTE_V_HVLOCK));
+ return H_SUCCESS;
+}
+
+static target_ulong h_set_dabr(CPUState *env, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ /* FIXME: actually implement this */
+ return H_HARDWARE;
+}
+
+#define FLAGS_REGISTER_VPA 0x0000200000000000ULL
+#define FLAGS_REGISTER_DTL 0x0000400000000000ULL
+#define FLAGS_REGISTER_SLBSHADOW 0x0000600000000000ULL
+#define FLAGS_DEREGISTER_VPA 0x0000a00000000000ULL
+#define FLAGS_DEREGISTER_DTL 0x0000c00000000000ULL
+#define FLAGS_DEREGISTER_SLBSHADOW 0x0000e00000000000ULL
+
+#define VPA_MIN_SIZE 640
+#define VPA_SIZE_OFFSET 0x4
+#define VPA_SHARED_PROC_OFFSET 0x9
+#define VPA_SHARED_PROC_VAL 0x2
+
+static target_ulong register_vpa(CPUState *env, target_ulong vpa)
+{
+ uint16_t size;
+ uint8_t tmp;
+
+ if (vpa == 0) {
+ hcall_dprintf("Can't cope with registering a VPA at logical 0\n");
+ return H_HARDWARE;
+ }
+
+ if (vpa % env->dcache_line_size) {
+ return H_PARAMETER;
+ }
+ /* FIXME: bounds check the address */
+
+ size = lduw_phys(vpa + 0x4);
+
+ if (size < VPA_MIN_SIZE) {
+ return H_PARAMETER;
+ }
+
+ /* VPA is not allowed to cross a page boundary */
+ if ((vpa / 4096) != ((vpa + size - 1) / 4096)) {
+ return H_PARAMETER;
+ }
+
+ env->vpa = vpa;
+
+ tmp = ldub_phys(env->vpa + VPA_SHARED_PROC_OFFSET);
+ tmp |= VPA_SHARED_PROC_VAL;
+ stb_phys(env->vpa + VPA_SHARED_PROC_OFFSET, tmp);
+
+ return H_SUCCESS;
+}
+
+static target_ulong deregister_vpa(CPUState *env, target_ulong vpa)
+{
+ if (env->slb_shadow) {
+ return H_RESOURCE;
+ }
+
+ if (env->dispatch_trace_log) {
+ return H_RESOURCE;
+ }
+
+ env->vpa = 0;
+ return H_SUCCESS;
+}
+
+static target_ulong register_slb_shadow(CPUState *env, target_ulong addr)
+{
+ uint32_t size;
+
+ if (addr == 0) {
+ hcall_dprintf("Can't cope with SLB shadow at logical 0\n");
+ return H_HARDWARE;
+ }
+
+ size = ldl_phys(addr + 0x4);
+ if (size < 0x8) {
+ return H_PARAMETER;
+ }
+
+ if ((addr / 4096) != ((addr + size - 1) / 4096)) {
+ return H_PARAMETER;
+ }
+
+ if (!env->vpa) {
+ return H_RESOURCE;
+ }
+
+ env->slb_shadow = addr;
+
+ return H_SUCCESS;
+}
+
+static target_ulong deregister_slb_shadow(CPUState *env, target_ulong addr)
+{
+ env->slb_shadow = 0;
+ return H_SUCCESS;
+}
+
+static target_ulong register_dtl(CPUState *env, target_ulong addr)
+{
+ uint32_t size;
+
+ if (addr == 0) {
+ hcall_dprintf("Can't cope with DTL at logical 0\n");
+ return H_HARDWARE;
+ }
+
+ size = ldl_phys(addr + 0x4);
+
+ if (size < 48) {
+ return H_PARAMETER;
+ }
+
+ if (!env->vpa) {
+ return H_RESOURCE;
+ }
+
+ env->dispatch_trace_log = addr;
+ env->dtl_size = size;
+
+ return H_SUCCESS;
+}
+
+static target_ulong deregister_dtl(CPUState *emv, target_ulong addr)
+{
+ env->dispatch_trace_log = 0;
+ env->dtl_size = 0;
+
+ return H_SUCCESS;
+}
+
+static target_ulong h_register_vpa(CPUState *env, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ target_ulong flags = args[0];
+ target_ulong procno = args[1];
+ target_ulong vpa = args[2];
+ target_ulong ret = H_PARAMETER;
+ CPUState *tenv;
+
+ for (tenv = first_cpu; tenv; tenv = tenv->next_cpu) {
+ if (tenv->cpu_index == procno) {
+ break;
+ }
+ }
+
+ if (!tenv) {
+ return H_PARAMETER;
+ }
+
+ switch (flags) {
+ case FLAGS_REGISTER_VPA:
+ ret = register_vpa(tenv, vpa);
+ break;
+
+ case FLAGS_DEREGISTER_VPA:
+ ret = deregister_vpa(tenv, vpa);
+ break;
+
+ case FLAGS_REGISTER_SLBSHADOW:
+ ret = register_slb_shadow(tenv, vpa);
+ break;
+
+ case FLAGS_DEREGISTER_SLBSHADOW:
+ ret = deregister_slb_shadow(tenv, vpa);
+ break;
+
+ case FLAGS_REGISTER_DTL:
+ ret = register_dtl(tenv, vpa);
+ break;
+
+ case FLAGS_DEREGISTER_DTL:
+ ret = deregister_dtl(tenv, vpa);
+ break;
+ }
+
+ return ret;
+}
+
+static target_ulong h_cede(CPUState *env, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ env->msr |= (1ULL << MSR_EE);
+ hreg_compute_hflags(env);
+ if (!cpu_has_work(env)) {
+ env->halted = 1;
+ }
+ return H_SUCCESS;
+}
+
+static target_ulong h_rtas(CPUState *env, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ target_ulong rtas_r3 = args[0];
+ uint32_t token = ldl_phys(rtas_r3);
+ uint32_t nargs = ldl_phys(rtas_r3 + 4);
+ uint32_t nret = ldl_phys(rtas_r3 + 8);
+
+ return spapr_rtas_call(spapr, token, nargs, rtas_r3 + 12,
+ nret, rtas_r3 + 12 + 4*nargs);
+}
+
+spapr_hcall_fn papr_hypercall_table[(MAX_HCALL_OPCODE / 4) + 1];
+spapr_hcall_fn kvmppc_hypercall_table[KVMPPC_HCALL_MAX - KVMPPC_HCALL_BASE];
+
+void spapr_register_hypercall(target_ulong opcode, spapr_hcall_fn fn)
+{
+ spapr_hcall_fn *slot;
+
+ if (opcode <= MAX_HCALL_OPCODE) {
+ assert((opcode & 0x3) == 0);
+
+ slot = &papr_hypercall_table[opcode / 4];
+ } else {
+ assert((opcode >= KVMPPC_HCALL_BASE) && (opcode <= KVMPPC_HCALL_MAX));
+
+
+ slot = &kvmppc_hypercall_table[opcode - KVMPPC_HCALL_BASE];
+ }
+
+ assert(!(*slot) || (fn == *slot));
+ *slot = fn;
+}
+
+target_ulong spapr_hypercall(CPUState *env, target_ulong opcode,
+ target_ulong *args)
+{
+ if (msr_pr) {
+ hcall_dprintf("Hypercall made with MSR[PR]=1\n");
+ return H_PRIVILEGE;
+ }
+
+ if ((opcode <= MAX_HCALL_OPCODE)
+ && ((opcode & 0x3) == 0)) {
+ spapr_hcall_fn fn = papr_hypercall_table[opcode / 4];
+
+ if (fn) {
+ return fn(env, spapr, opcode, args);
+ }
+ } else if ((opcode >= KVMPPC_HCALL_BASE) &&
+ (opcode <= KVMPPC_HCALL_MAX)) {
+ spapr_hcall_fn fn = kvmppc_hypercall_table[opcode - KVMPPC_HCALL_BASE];
+
+ if (fn) {
+ return fn(env, spapr, opcode, args);
+ }
+ }
+
+ hcall_dprintf("Unimplemented hcall 0x" TARGET_FMT_lx "\n", opcode);
+ return H_FUNCTION;
+}
+
+static void hypercall_init(void)
+{
+ /* hcall-pft */
+ spapr_register_hypercall(H_ENTER, h_enter);
+ spapr_register_hypercall(H_REMOVE, h_remove);
+ spapr_register_hypercall(H_PROTECT, h_protect);
+
+ /* hcall-dabr */
+ spapr_register_hypercall(H_SET_DABR, h_set_dabr);
+
+ /* hcall-splpar */
+ spapr_register_hypercall(H_REGISTER_VPA, h_register_vpa);
+ spapr_register_hypercall(H_CEDE, h_cede);
+
+ /* qemu/KVM-PPC specific hcalls */
+ spapr_register_hypercall(KVMPPC_H_RTAS, h_rtas);
+}
+device_init(hypercall_init);
diff --git a/hw/spapr_llan.c b/hw/spapr_llan.c
new file mode 100644
index 0000000..ff3a78f
--- /dev/null
+++ b/hw/spapr_llan.c
@@ -0,0 +1,518 @@
+/*
+ * QEMU PowerPC pSeries Logical Partition (aka sPAPR) hardware System Emulator
+ *
+ * PAPR Inter-VM Logical Lan, aka ibmveth
+ *
+ * Copyright (c) 2010,2011 David Gibson, IBM Corporation.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ */
+#include "hw.h"
+#include "net.h"
+#include "hw/qdev.h"
+#include "hw/spapr.h"
+#include "hw/spapr_vio.h"
+
+#include <libfdt.h>
+
+#define ETH_ALEN 6
+#define MAX_PACKET_SIZE 65536
+
+/*#define DEBUG*/
+
+#ifdef DEBUG
+#define dprintf(fmt...) do { fprintf(stderr, fmt); } while (0)
+#else
+#define dprintf(fmt...)
+#endif
+
+/*
+ * Virtual LAN device
+ */
+
+typedef uint64_t vlan_bd_t;
+
+#define VLAN_BD_VALID 0x8000000000000000ULL
+#define VLAN_BD_TOGGLE 0x4000000000000000ULL
+#define VLAN_BD_NO_CSUM 0x0200000000000000ULL
+#define VLAN_BD_CSUM_GOOD 0x0100000000000000ULL
+#define VLAN_BD_LEN_MASK 0x00ffffff00000000ULL
+#define VLAN_BD_LEN(bd) (((bd) & VLAN_BD_LEN_MASK) >> 32)
+#define VLAN_BD_ADDR_MASK 0x00000000ffffffffULL
+#define VLAN_BD_ADDR(bd) ((bd) & VLAN_BD_ADDR_MASK)
+
+#define VLAN_VALID_BD(addr, len) (VLAN_BD_VALID | \
+ (((len) << 32) & VLAN_BD_LEN_MASK) | \
+ (addr & VLAN_BD_ADDR_MASK))
+
+#define VLAN_RXQC_TOGGLE 0x80
+#define VLAN_RXQC_VALID 0x40
+#define VLAN_RXQC_NO_CSUM 0x02
+#define VLAN_RXQC_CSUM_GOOD 0x01
+
+#define VLAN_RQ_ALIGNMENT 16
+#define VLAN_RXQ_BD_OFF 0
+#define VLAN_FILTER_BD_OFF 8
+#define VLAN_RX_BDS_OFF 16
+#define VLAN_MAX_BUFS ((SPAPR_VIO_TCE_PAGE_SIZE - VLAN_RX_BDS_OFF) / 8)
+
+typedef struct VIOsPAPRVLANDevice {
+ VIOsPAPRDevice sdev;
+ NICConf nicconf;
+ NICState *nic;
+ int isopen;
+ target_ulong buf_list;
+ int add_buf_ptr, use_buf_ptr, rx_bufs;
+ target_ulong rxq_ptr;
+} VIOsPAPRVLANDevice;
+
+static int spapr_vlan_can_receive(VLANClientState *nc)
+{
+ VIOsPAPRVLANDevice *dev = DO_UPCAST(NICState, nc, nc)->opaque;
+
+ return (dev->isopen && dev->rx_bufs > 0);
+}
+
+static ssize_t spapr_vlan_receive(VLANClientState *nc, const uint8_t *buf,
+ size_t size)
+{
+ VIOsPAPRDevice *sdev = DO_UPCAST(NICState, nc, nc)->opaque;
+ VIOsPAPRVLANDevice *dev = (VIOsPAPRVLANDevice *)sdev;
+ vlan_bd_t rxq_bd = ldq_tce(sdev, dev->buf_list + VLAN_RXQ_BD_OFF);
+ vlan_bd_t bd;
+ int buf_ptr = dev->use_buf_ptr;
+ uint64_t handle;
+ uint8_t control;
+
+ dprintf("spapr_vlan_receive() [%s] rx_bufs=%d\n", sdev->qdev.id,
+ dev->rx_bufs);
+
+ if (!dev->isopen) {
+ return -1;
+ }
+
+ if (!dev->rx_bufs) {
+ return -1;
+ }
+
+ do {
+ buf_ptr += 8;
+ if (buf_ptr >= SPAPR_VIO_TCE_PAGE_SIZE) {
+ buf_ptr = VLAN_RX_BDS_OFF;
+ }
+
+ bd = ldq_tce(sdev, dev->buf_list + buf_ptr);
+ dprintf("use_buf_ptr=%d bd=0x%016llx\n",
+ buf_ptr, (unsigned long long)bd);
+ } while ((!(bd & VLAN_BD_VALID) || (VLAN_BD_LEN(bd) < (size + 8)))
+ && (buf_ptr != dev->use_buf_ptr));
+
+ if (!(bd & VLAN_BD_VALID) || (VLAN_BD_LEN(bd) < (size + 8))) {
+ /* Failed to find a suitable buffer */
+ return -1;
+ }
+
+ /* Remove the buffer from the pool */
+ dev->rx_bufs--;
+ dev->use_buf_ptr = buf_ptr;
+ stq_tce(sdev, dev->buf_list + dev->use_buf_ptr, 0);
+
+ dprintf("Found buffer: ptr=%d num=%d\n", dev->use_buf_ptr, dev->rx_bufs);
+
+ /* Transfer the packet data */
+ if (spapr_tce_dma_write(sdev, VLAN_BD_ADDR(bd) + 8, buf, size) < 0) {
+ return -1;
+ }
+
+ dprintf("spapr_vlan_receive: DMA write completed\n");
+
+ /* Update the receive queue */
+ control = VLAN_RXQC_TOGGLE | VLAN_RXQC_VALID;
+ if (rxq_bd & VLAN_BD_TOGGLE) {
+ control ^= VLAN_RXQC_TOGGLE;
+ }
+
+ handle = ldq_tce(sdev, VLAN_BD_ADDR(bd));
+ stq_tce(sdev, VLAN_BD_ADDR(rxq_bd) + dev->rxq_ptr + 8, handle);
+ stw_tce(sdev, VLAN_BD_ADDR(rxq_bd) + dev->rxq_ptr + 4, size);
+ sth_tce(sdev, VLAN_BD_ADDR(rxq_bd) + dev->rxq_ptr + 2, 8);
+ stb_tce(sdev, VLAN_BD_ADDR(rxq_bd) + dev->rxq_ptr, control);
+
+ dprintf("wrote rxq entry (ptr=0x%llx): 0x%016llx 0x%016llx\n",
+ (unsigned long long)dev->rxq_ptr,
+ (unsigned long long)ldq_tce(sdev, VLAN_BD_ADDR(rxq_bd) +
+ dev->rxq_ptr),
+ (unsigned long long)ldq_tce(sdev, VLAN_BD_ADDR(rxq_bd) +
+ dev->rxq_ptr + 8));
+
+ dev->rxq_ptr += 16;
+ if (dev->rxq_ptr >= VLAN_BD_LEN(rxq_bd)) {
+ dev->rxq_ptr = 0;
+ stq_tce(sdev, dev->buf_list + VLAN_RXQ_BD_OFF, rxq_bd ^ VLAN_BD_TOGGLE);
+ }
+
+ if (sdev->signal_state & 1) {
+ qemu_irq_pulse(sdev->qirq);
+ }
+
+ return size;
+}
+
+static NetClientInfo net_spapr_vlan_info = {
+ .type = NET_CLIENT_TYPE_NIC,
+ .size = sizeof(NICState),
+ .can_receive = spapr_vlan_can_receive,
+ .receive = spapr_vlan_receive,
+};
+
+static int spapr_vlan_init(VIOsPAPRDevice *sdev)
+{
+ VIOsPAPRVLANDevice *dev = (VIOsPAPRVLANDevice *)sdev;
+ VIOsPAPRBus *bus;
+
+ bus = DO_UPCAST(VIOsPAPRBus, bus, sdev->qdev.parent_bus);
+
+ qemu_macaddr_default_if_unset(&dev->nicconf.macaddr);
+
+ dev->nic = qemu_new_nic(&net_spapr_vlan_info, &dev->nicconf,
+ sdev->qdev.info->name, sdev->qdev.id, dev);
+ qemu_format_nic_info_str(&dev->nic->nc, dev->nicconf.macaddr.a);
+
+ return 0;
+}
+
+void spapr_vlan_create(VIOsPAPRBus *bus, uint32_t reg, NICInfo *nd,
+ qemu_irq qirq, uint32_t vio_irq_num)
+{
+ DeviceState *dev;
+ VIOsPAPRDevice *sdev;
+
+ dev = qdev_create(&bus->bus, "spapr-vlan");
+ qdev_prop_set_uint32(dev, "reg", reg);
+
+ qdev_set_nic_properties(dev, nd);
+
+ qdev_init_nofail(dev);
+ sdev = (VIOsPAPRDevice *)dev;
+ sdev->qirq = qirq;
+ sdev->vio_irq_num = vio_irq_num;
+}
+
+static int spapr_vlan_devnode(VIOsPAPRDevice *dev, void *fdt, int node_off)
+{
+ VIOsPAPRVLANDevice *vdev = (VIOsPAPRVLANDevice *)dev;
+ uint8_t padded_mac[8] = {0, 0};
+ int ret;
+
+ /* Some old phyp versions give the mac address in an 8-byte
+ * property. The kernel driver has an insane workaround for this;
+ * rather than doing the obvious thing and checking the property
+ * length, it checks whether the first byte has 0b10 in the low
+ * bits. If a correct 6-byte property has a different first byte
+ * the kernel will get the wrong mac address, overrunning its
+ * buffer in the process (read only, thank goodness).
+ *
+ * Here we workaround the kernel workaround by always supplying an
+ * 8-byte property, with the mac address in the last six bytes */
+ memcpy(&padded_mac[2], &vdev->nicconf.macaddr, ETH_ALEN);
+ ret = fdt_setprop(fdt, node_off, "local-mac-address",
+ padded_mac, sizeof(padded_mac));
+ if (ret < 0) {
+ return ret;
+ }
+
+ ret = fdt_setprop_cell(fdt, node_off, "ibm,mac-address-filters", 0);
+ if (ret < 0) {
+ return ret;
+ }
+
+ return 0;
+}
+
+static int check_bd(VIOsPAPRVLANDevice *dev, vlan_bd_t bd,
+ target_ulong alignment)
+{
+ if ((VLAN_BD_ADDR(bd) % alignment)
+ || (VLAN_BD_LEN(bd) % alignment)) {
+ return -1;
+ }
+
+ if (spapr_vio_check_tces(&dev->sdev, VLAN_BD_ADDR(bd),
+ VLAN_BD_LEN(bd), SPAPR_TCE_RW) != 0) {
+ return -1;
+ }
+
+ return 0;
+}
+
+static target_ulong h_register_logical_lan(CPUState *env,
+ sPAPREnvironment *spapr,
+ target_ulong opcode,
+ target_ulong *args)
+{
+ target_ulong reg = args[0];
+ target_ulong buf_list = args[1];
+ target_ulong rec_queue = args[2];
+ target_ulong filter_list = args[3];
+ VIOsPAPRDevice *sdev = spapr_vio_find_by_reg(spapr->vio_bus, reg);
+ VIOsPAPRVLANDevice *dev = (VIOsPAPRVLANDevice *)sdev;
+ vlan_bd_t filter_list_bd;
+
+ if (!dev) {
+ return H_PARAMETER;
+ }
+
+ if (dev->isopen) {
+ hcall_dprintf("H_REGISTER_LOGICAL_LAN called twice without "
+ "H_FREE_LOGICAL_LAN\n");
+ return H_RESOURCE;
+ }
+
+ if (check_bd(dev, VLAN_VALID_BD(buf_list, SPAPR_VIO_TCE_PAGE_SIZE),
+ SPAPR_VIO_TCE_PAGE_SIZE) < 0) {
+ hcall_dprintf("Bad buf_list 0x" TARGET_FMT_lx " for "
+ "H_REGISTER_LOGICAL_LAN\n", buf_list);
+ return H_PARAMETER;
+ }
+
+ filter_list_bd = VLAN_VALID_BD(filter_list, SPAPR_VIO_TCE_PAGE_SIZE);
+ if (check_bd(dev, filter_list_bd, SPAPR_VIO_TCE_PAGE_SIZE) < 0) {
+ hcall_dprintf("Bad filter_list 0x" TARGET_FMT_lx " for "
+ "H_REGISTER_LOGICAL_LAN\n", filter_list);
+ return H_PARAMETER;
+ }
+
+ if (!(rec_queue & VLAN_BD_VALID)
+ || (check_bd(dev, rec_queue, VLAN_RQ_ALIGNMENT) < 0)) {
+ hcall_dprintf("Bad receive queue for H_REGISTER_LOGICAL_LAN\n");
+ return H_PARAMETER;
+ }
+
+ dev->buf_list = buf_list;
+ sdev->signal_state = 0;
+
+ rec_queue &= ~VLAN_BD_TOGGLE;
+
+ /* Initialize the buffer list */
+ stq_tce(sdev, buf_list, rec_queue);
+ stq_tce(sdev, buf_list + 8, filter_list_bd);
+ spapr_tce_dma_zero(sdev, buf_list + VLAN_RX_BDS_OFF,
+ SPAPR_VIO_TCE_PAGE_SIZE - VLAN_RX_BDS_OFF);
+ dev->add_buf_ptr = VLAN_RX_BDS_OFF - 8;
+ dev->use_buf_ptr = VLAN_RX_BDS_OFF - 8;
+ dev->rx_bufs = 0;
+ dev->rxq_ptr = 0;
+
+ /* Initialize the receive queue */
+ spapr_tce_dma_zero(sdev, VLAN_BD_ADDR(rec_queue), VLAN_BD_LEN(rec_queue));
+
+ dev->isopen = 1;
+ return H_SUCCESS;
+}
+
+
+static target_ulong h_free_logical_lan(CPUState *env, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ target_ulong reg = args[0];
+ VIOsPAPRDevice *sdev = spapr_vio_find_by_reg(spapr->vio_bus, reg);
+ VIOsPAPRVLANDevice *dev = (VIOsPAPRVLANDevice *)sdev;
+
+ if (!dev) {
+ return H_PARAMETER;
+ }
+
+ if (!dev->isopen) {
+ hcall_dprintf("H_FREE_LOGICAL_LAN called without "
+ "H_REGISTER_LOGICAL_LAN\n");
+ return H_RESOURCE;
+ }
+
+ dev->buf_list = 0;
+ dev->rx_bufs = 0;
+ dev->isopen = 0;
+ return H_SUCCESS;
+}
+
+static target_ulong h_add_logical_lan_buffer(CPUState *env,
+ sPAPREnvironment *spapr,
+ target_ulong opcode,
+ target_ulong *args)
+{
+ target_ulong reg = args[0];
+ target_ulong buf = args[1];
+ VIOsPAPRDevice *sdev = spapr_vio_find_by_reg(spapr->vio_bus, reg);
+ VIOsPAPRVLANDevice *dev = (VIOsPAPRVLANDevice *)sdev;
+ vlan_bd_t bd;
+
+ dprintf("H_ADD_LOGICAL_LAN_BUFFER(0x" TARGET_FMT_lx
+ ", 0x" TARGET_FMT_lx ")\n", reg, buf);
+
+ if (!sdev) {
+ hcall_dprintf("Wrong device in h_add_logical_lan_buffer\n");
+ return H_PARAMETER;
+ }
+
+ if ((check_bd(dev, buf, 4) < 0)
+ || (VLAN_BD_LEN(buf) < 16)) {
+ hcall_dprintf("Bad buffer enqueued in h_add_logical_lan_buffer\n");
+ return H_PARAMETER;
+ }
+
+ if (!dev->isopen || dev->rx_bufs >= VLAN_MAX_BUFS) {
+ return H_RESOURCE;
+ }
+
+ do {
+ dev->add_buf_ptr += 8;
+ if (dev->add_buf_ptr >= SPAPR_VIO_TCE_PAGE_SIZE) {
+ dev->add_buf_ptr = VLAN_RX_BDS_OFF;
+ }
+
+ bd = ldq_tce(sdev, dev->buf_list + dev->add_buf_ptr);
+ } while (bd & VLAN_BD_VALID);
+
+ stq_tce(sdev, dev->buf_list + dev->add_buf_ptr, buf);
+
+ dev->rx_bufs++;
+
+ dprintf("h_add_logical_lan_buffer(): Added buf ptr=%d rx_bufs=%d"
+ " bd=0x%016llx\n", dev->add_buf_ptr, dev->rx_bufs,
+ (unsigned long long)buf);
+
+ return H_SUCCESS;
+}
+
+static target_ulong h_send_logical_lan(CPUState *env, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ target_ulong reg = args[0];
+ target_ulong *bufs = args + 1;
+ target_ulong continue_token = args[7];
+ VIOsPAPRDevice *sdev = spapr_vio_find_by_reg(spapr->vio_bus, reg);
+ VIOsPAPRVLANDevice *dev = (VIOsPAPRVLANDevice *)sdev;
+ unsigned total_len;
+ uint8_t *lbuf, *p;
+ int i, nbufs;
+ int ret;
+
+ dprintf("H_SEND_LOGICAL_LAN(0x" TARGET_FMT_lx ", <bufs>, 0x"
+ TARGET_FMT_lx ")\n", reg, continue_token);
+
+ if (!sdev) {
+ return H_PARAMETER;
+ }
+
+ dprintf("rxbufs = %d\n", dev->rx_bufs);
+
+ if (!dev->isopen) {
+ return H_DROPPED;
+ }
+
+ if (continue_token) {
+ return H_HARDWARE; /* FIXME actually handle this */
+ }
+
+ total_len = 0;
+ for (i = 0; i < 6; i++) {
+ dprintf(" buf desc: 0x" TARGET_FMT_lx "\n", bufs[i]);
+ if (!(bufs[i] & VLAN_BD_VALID)) {
+ break;
+ }
+ total_len += VLAN_BD_LEN(bufs[i]);
+ }
+
+ nbufs = i;
+ dprintf("h_send_logical_lan() %d buffers, total length 0x%x\n",
+ nbufs, total_len);
+
+ if (total_len == 0) {
+ return H_SUCCESS;
+ }
+
+ if (total_len > MAX_PACKET_SIZE) {
+ /* Don't let the guest force too large an allocation */
+ return H_RESOURCE;
+ }
+
+ lbuf = alloca(total_len);
+ p = lbuf;
+ for (i = 0; i < nbufs; i++) {
+ ret = spapr_tce_dma_read(sdev, VLAN_BD_ADDR(bufs[i]),
+ p, VLAN_BD_LEN(bufs[i]));
+ if (ret < 0) {
+ return ret;
+ }
+
+ p += VLAN_BD_LEN(bufs[i]);
+ }
+
+ qemu_send_packet(&dev->nic->nc, lbuf, total_len);
+
+ return H_SUCCESS;
+}
+
+static target_ulong h_multicast_ctrl(CPUState *env, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ target_ulong reg = args[0];
+ VIOsPAPRDevice *dev = spapr_vio_find_by_reg(spapr->vio_bus, reg);
+
+ if (!dev) {
+ return H_PARAMETER;
+ }
+
+ return H_SUCCESS;
+}
+
+static void vlan_hcalls(VIOsPAPRBus *bus)
+{
+ spapr_register_hypercall(H_REGISTER_LOGICAL_LAN, h_register_logical_lan);
+ spapr_register_hypercall(H_FREE_LOGICAL_LAN, h_free_logical_lan);
+ spapr_register_hypercall(H_SEND_LOGICAL_LAN, h_send_logical_lan);
+ spapr_register_hypercall(H_ADD_LOGICAL_LAN_BUFFER,
+ h_add_logical_lan_buffer);
+ spapr_register_hypercall(H_MULTICAST_CTRL, h_multicast_ctrl);
+}
+
+static VIOsPAPRDeviceInfo spapr_vlan = {
+ .init = spapr_vlan_init,
+ .devnode = spapr_vlan_devnode,
+ .dt_name = "l-lan",
+ .dt_type = "network",
+ .dt_compatible = "IBM,l-lan",
+ .signal_mask = 0x1,
+ .hcalls = vlan_hcalls,
+ .qdev.name = "spapr-vlan",
+ .qdev.size = sizeof(VIOsPAPRVLANDevice),
+ .qdev.props = (Property[]) {
+ DEFINE_PROP_UINT32("reg", VIOsPAPRDevice, reg, 0x1000),
+ DEFINE_PROP_UINT32("dma-window", VIOsPAPRDevice, rtce_window_size,
+ 0x10000000),
+ DEFINE_NIC_PROPERTIES(VIOsPAPRVLANDevice, nicconf),
+ DEFINE_PROP_END_OF_LIST(),
+ },
+};
+
+static void spapr_vlan_register(void)
+{
+ spapr_vio_bus_register_withprop(&spapr_vlan);
+}
+device_init(spapr_vlan_register);
diff --git a/hw/spapr_rtas.c b/hw/spapr_rtas.c
new file mode 100644
index 0000000..16b6542
--- /dev/null
+++ b/hw/spapr_rtas.c
@@ -0,0 +1,278 @@
+/*
+ * QEMU PowerPC pSeries Logical Partition (aka sPAPR) hardware System Emulator
+ *
+ * Hypercall based emulated RTAS
+ *
+ * Copyright (c) 2010-2011 David Gibson, IBM Corporation.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ */
+#include "cpu.h"
+#include "sysemu.h"
+#include "qemu-char.h"
+#include "hw/qdev.h"
+#include "device_tree.h"
+
+#include "hw/spapr.h"
+#include "hw/spapr_vio.h"
+
+#include <libfdt.h>
+
+#define TOKEN_BASE 0x2000
+#define TOKEN_MAX 0x100
+
+static void rtas_display_character(sPAPREnvironment *spapr,
+ uint32_t token, uint32_t nargs,
+ target_ulong args,
+ uint32_t nret, target_ulong rets)
+{
+ uint8_t c = rtas_ld(args, 0);
+ VIOsPAPRDevice *sdev = spapr_vio_find_by_reg(spapr->vio_bus, 0);
+
+ if (!sdev) {
+ rtas_st(rets, 0, -1);
+ } else {
+ vty_putchars(sdev, &c, sizeof(c));
+ rtas_st(rets, 0, 0);
+ }
+}
+
+static void rtas_get_time_of_day(sPAPREnvironment *spapr,
+ uint32_t token, uint32_t nargs,
+ target_ulong args,
+ uint32_t nret, target_ulong rets)
+{
+ struct tm tm;
+
+ if (nret != 8) {
+ rtas_st(rets, 0, -3);
+ return;
+ }
+
+ qemu_get_timedate(&tm, 0);
+
+ rtas_st(rets, 0, 0); /* Success */
+ rtas_st(rets, 1, tm.tm_year + 1900);
+ rtas_st(rets, 2, tm.tm_mon + 1);
+ rtas_st(rets, 3, tm.tm_mday);
+ rtas_st(rets, 4, tm.tm_hour);
+ rtas_st(rets, 5, tm.tm_min);
+ rtas_st(rets, 6, tm.tm_sec);
+ rtas_st(rets, 7, 0); /* we don't do nanoseconds */
+}
+
+static void rtas_power_off(sPAPREnvironment *spapr,
+ uint32_t token, uint32_t nargs, target_ulong args,
+ uint32_t nret, target_ulong rets)
+{
+ if (nargs != 2 || nret != 1) {
+ rtas_st(rets, 0, -3);
+ return;
+ }
+ qemu_system_shutdown_request();
+ rtas_st(rets, 0, 0);
+}
+
+static void rtas_query_cpu_stopped_state(sPAPREnvironment *spapr,
+ uint32_t token, uint32_t nargs,
+ target_ulong args,
+ uint32_t nret, target_ulong rets)
+{
+ target_ulong id;
+ CPUState *env;
+
+ if (nargs != 1 || nret != 2) {
+ rtas_st(rets, 0, -3);
+ return;
+ }
+
+ id = rtas_ld(args, 0);
+ for (env = first_cpu; env; env = env->next_cpu) {
+ if (env->cpu_index != id) {
+ continue;
+ }
+
+ if (env->halted) {
+ rtas_st(rets, 1, 0);
+ } else {
+ rtas_st(rets, 1, 2);
+ }
+
+ rtas_st(rets, 0, 0);
+ return;
+ }
+
+ /* Didn't find a matching cpu */
+ rtas_st(rets, 0, -3);
+}
+
+static void rtas_start_cpu(sPAPREnvironment *spapr,
+ uint32_t token, uint32_t nargs,
+ target_ulong args,
+ uint32_t nret, target_ulong rets)
+{
+ target_ulong id, start, r3;
+ CPUState *env;
+
+ if (nargs != 3 || nret != 1) {
+ rtas_st(rets, 0, -3);
+ return;
+ }
+
+ id = rtas_ld(args, 0);
+ start = rtas_ld(args, 1);
+ r3 = rtas_ld(args, 2);
+
+ for (env = first_cpu; env; env = env->next_cpu) {
+ if (env->cpu_index != id) {
+ continue;
+ }
+
+ if (!env->halted) {
+ rtas_st(rets, 0, -1);
+ return;
+ }
+
+ env->msr = (1ULL << MSR_SF) | (1ULL << MSR_ME);
+ env->nip = start;
+ env->gpr[3] = r3;
+ env->halted = 0;
+
+ qemu_cpu_kick(env);
+
+ rtas_st(rets, 0, 0);
+ return;
+ }
+
+ /* Didn't find a matching cpu */
+ rtas_st(rets, 0, -3);
+}
+
+static struct rtas_call {
+ const char *name;
+ spapr_rtas_fn fn;
+} rtas_table[TOKEN_MAX];
+
+struct rtas_call *rtas_next = rtas_table;
+
+target_ulong spapr_rtas_call(sPAPREnvironment *spapr,
+ uint32_t token, uint32_t nargs, target_ulong args,
+ uint32_t nret, target_ulong rets)
+{
+ if ((token >= TOKEN_BASE)
+ && ((token - TOKEN_BASE) < TOKEN_MAX)) {
+ struct rtas_call *call = rtas_table + (token - TOKEN_BASE);
+
+ if (call->fn) {
+ call->fn(spapr, token, nargs, args, nret, rets);
+ return H_SUCCESS;
+ }
+ }
+
+ /* HACK: Some Linux early debug code uses RTAS display-character,
+ * but assumes the token value is 0xa (which it is on some real
+ * machines) without looking it up in the device tree. This
+ * special case makes this work */
+ if (token == 0xa) {
+ rtas_display_character(spapr, 0xa, nargs, args, nret, rets);
+ return H_SUCCESS;
+ }
+
+ hcall_dprintf("Unknown RTAS token 0x%x\n", token);
+ rtas_st(rets, 0, -3);
+ return H_PARAMETER;
+}
+
+void spapr_rtas_register(const char *name, spapr_rtas_fn fn)
+{
+ assert(rtas_next < (rtas_table + TOKEN_MAX));
+
+ rtas_next->name = name;
+ rtas_next->fn = fn;
+
+ rtas_next++;
+}
+
+int spapr_rtas_device_tree_setup(void *fdt, target_phys_addr_t rtas_addr,
+ target_phys_addr_t rtas_size)
+{
+ int ret;
+ int i;
+
+ ret = fdt_add_mem_rsv(fdt, rtas_addr, rtas_size);
+ if (ret < 0) {
+ fprintf(stderr, "Couldn't add RTAS reserve entry: %s\n",
+ fdt_strerror(ret));
+ return ret;
+ }
+
+ ret = qemu_devtree_setprop_cell(fdt, "/rtas", "linux,rtas-base",
+ rtas_addr);
+ if (ret < 0) {
+ fprintf(stderr, "Couldn't add linux,rtas-base property: %s\n",
+ fdt_strerror(ret));
+ return ret;
+ }
+
+ ret = qemu_devtree_setprop_cell(fdt, "/rtas", "linux,rtas-entry",
+ rtas_addr);
+ if (ret < 0) {
+ fprintf(stderr, "Couldn't add linux,rtas-entry property: %s\n",
+ fdt_strerror(ret));
+ return ret;
+ }
+
+ ret = qemu_devtree_setprop_cell(fdt, "/rtas", "rtas-size",
+ rtas_size);
+ if (ret < 0) {
+ fprintf(stderr, "Couldn't add rtas-size property: %s\n",
+ fdt_strerror(ret));
+ return ret;
+ }
+
+ for (i = 0; i < TOKEN_MAX; i++) {
+ struct rtas_call *call = &rtas_table[i];
+
+ if (!call->fn) {
+ continue;
+ }
+
+ ret = qemu_devtree_setprop_cell(fdt, "/rtas", call->name,
+ i + TOKEN_BASE);
+ if (ret < 0) {
+ fprintf(stderr, "Couldn't add rtas token for %s: %s\n",
+ call->name, fdt_strerror(ret));
+ return ret;
+ }
+
+ }
+ return 0;
+}
+
+static void register_core_rtas(void)
+{
+ spapr_rtas_register("display-character", rtas_display_character);
+ spapr_rtas_register("get-time-of-day", rtas_get_time_of_day);
+ spapr_rtas_register("power-off", rtas_power_off);
+ spapr_rtas_register("query-cpu-stopped-state",
+ rtas_query_cpu_stopped_state);
+ spapr_rtas_register("start-cpu", rtas_start_cpu);
+}
+device_init(register_core_rtas);
diff --git a/hw/spapr_vio.c b/hw/spapr_vio.c
new file mode 100644
index 0000000..481a804
--- /dev/null
+++ b/hw/spapr_vio.c
@@ -0,0 +1,731 @@
+/*
+ * QEMU sPAPR VIO code
+ *
+ * Copyright (c) 2010 David Gibson, IBM Corporation <dwg@au1.ibm.com>
+ * Based on the s390 virtio bus code:
+ * Copyright (c) 2009 Alexander Graf <agraf@suse.de>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw.h"
+#include "sysemu.h"
+#include "boards.h"
+#include "monitor.h"
+#include "loader.h"
+#include "elf.h"
+#include "hw/sysbus.h"
+#include "kvm.h"
+#include "device_tree.h"
+#include "kvm_ppc.h"
+
+#include "hw/spapr.h"
+#include "hw/spapr_vio.h"
+
+#ifdef CONFIG_FDT
+#include <libfdt.h>
+#endif /* CONFIG_FDT */
+
+/* #define DEBUG_SPAPR */
+/* #define DEBUG_TCE */
+
+#ifdef DEBUG_SPAPR
+#define dprintf(fmt, ...) \
+ do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
+#else
+#define dprintf(fmt, ...) \
+ do { } while (0)
+#endif
+
+static struct BusInfo spapr_vio_bus_info = {
+ .name = "spapr-vio",
+ .size = sizeof(VIOsPAPRBus),
+};
+
+VIOsPAPRDevice *spapr_vio_find_by_reg(VIOsPAPRBus *bus, uint32_t reg)
+{
+ DeviceState *qdev;
+ VIOsPAPRDevice *dev = NULL;
+
+ QLIST_FOREACH(qdev, &bus->bus.children, sibling) {
+ dev = (VIOsPAPRDevice *)qdev;
+ if (dev->reg == reg) {
+ break;
+ }
+ }
+
+ return dev;
+}
+
+#ifdef CONFIG_FDT
+static int vio_make_devnode(VIOsPAPRDevice *dev,
+ void *fdt)
+{
+ VIOsPAPRDeviceInfo *info = (VIOsPAPRDeviceInfo *)dev->qdev.info;
+ int vdevice_off, node_off;
+ int ret;
+
+ vdevice_off = fdt_path_offset(fdt, "/vdevice");
+ if (vdevice_off < 0) {
+ return vdevice_off;
+ }
+
+ node_off = fdt_add_subnode(fdt, vdevice_off, dev->qdev.id);
+ if (node_off < 0) {
+ return node_off;
+ }
+
+ ret = fdt_setprop_cell(fdt, node_off, "reg", dev->reg);
+ if (ret < 0) {
+ return ret;
+ }
+
+ if (info->dt_type) {
+ ret = fdt_setprop_string(fdt, node_off, "device_type",
+ info->dt_type);
+ if (ret < 0) {
+ return ret;
+ }
+ }
+
+ if (info->dt_compatible) {
+ ret = fdt_setprop_string(fdt, node_off, "compatible",
+ info->dt_compatible);
+ if (ret < 0) {
+ return ret;
+ }
+ }
+
+ if (dev->qirq) {
+ uint32_t ints_prop[] = {cpu_to_be32(dev->vio_irq_num), 0};
+
+ ret = fdt_setprop(fdt, node_off, "interrupts", ints_prop,
+ sizeof(ints_prop));
+ if (ret < 0) {
+ return ret;
+ }
+ }
+
+ if (dev->rtce_window_size) {
+ uint32_t dma_prop[] = {cpu_to_be32(dev->reg),
+ 0, 0,
+ 0, cpu_to_be32(dev->rtce_window_size)};
+
+ ret = fdt_setprop_cell(fdt, node_off, "ibm,#dma-address-cells", 2);
+ if (ret < 0) {
+ return ret;
+ }
+
+ ret = fdt_setprop_cell(fdt, node_off, "ibm,#dma-size-cells", 2);
+ if (ret < 0) {
+ return ret;
+ }
+
+ ret = fdt_setprop(fdt, node_off, "ibm,my-dma-window", dma_prop,
+ sizeof(dma_prop));
+ if (ret < 0) {
+ return ret;
+ }
+ }
+
+ if (info->devnode) {
+ ret = (info->devnode)(dev, fdt, node_off);
+ if (ret < 0) {
+ return ret;
+ }
+ }
+
+ return node_off;
+}
+#endif /* CONFIG_FDT */
+
+/*
+ * RTCE handling
+ */
+
+static void rtce_init(VIOsPAPRDevice *dev)
+{
+ size_t size = (dev->rtce_window_size >> SPAPR_VIO_TCE_PAGE_SHIFT)
+ * sizeof(VIOsPAPR_RTCE);
+
+ if (size) {
+ dev->rtce_table = qemu_mallocz(size);
+ }
+}
+
+static target_ulong h_put_tce(CPUState *env, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ target_ulong liobn = args[0];
+ target_ulong ioba = args[1];
+ target_ulong tce = args[2];
+ VIOsPAPRDevice *dev = spapr_vio_find_by_reg(spapr->vio_bus, liobn);
+ VIOsPAPR_RTCE *rtce;
+
+ if (!dev) {
+ hcall_dprintf("spapr_vio_put_tce on non-existent LIOBN "
+ TARGET_FMT_lx "\n", liobn);
+ return H_PARAMETER;
+ }
+
+ ioba &= ~(SPAPR_VIO_TCE_PAGE_SIZE - 1);
+
+#ifdef DEBUG_TCE
+ fprintf(stderr, "spapr_vio_put_tce on %s ioba 0x" TARGET_FMT_lx
+ " TCE 0x" TARGET_FMT_lx "\n", dev->qdev.id, ioba, tce);
+#endif
+
+ if (ioba >= dev->rtce_window_size) {
+ hcall_dprintf("spapr_vio_put_tce on out-of-boards IOBA 0x"
+ TARGET_FMT_lx "\n", ioba);
+ return H_PARAMETER;
+ }
+
+ rtce = dev->rtce_table + (ioba >> SPAPR_VIO_TCE_PAGE_SHIFT);
+ rtce->tce = tce;
+
+ return H_SUCCESS;
+}
+
+int spapr_vio_check_tces(VIOsPAPRDevice *dev, target_ulong ioba,
+ target_ulong len, enum VIOsPAPR_TCEAccess access)
+{
+ int start, end, i;
+
+ start = ioba >> SPAPR_VIO_TCE_PAGE_SHIFT;
+ end = (ioba + len - 1) >> SPAPR_VIO_TCE_PAGE_SHIFT;
+
+ for (i = start; i <= end; i++) {
+ if ((dev->rtce_table[i].tce & access) != access) {
+#ifdef DEBUG_TCE
+ fprintf(stderr, "FAIL on %d\n", i);
+#endif
+ return -1;
+ }
+ }
+
+ return 0;
+}
+
+int spapr_tce_dma_write(VIOsPAPRDevice *dev, uint64_t taddr, const void *buf,
+ uint32_t size)
+{
+#ifdef DEBUG_TCE
+ fprintf(stderr, "spapr_tce_dma_write taddr=0x%llx size=0x%x\n",
+ (unsigned long long)taddr, size);
+#endif
+
+ /* Check for bypass */
+ if (dev->flags & VIO_PAPR_FLAG_DMA_BYPASS) {
+ cpu_physical_memory_write(taddr, buf, size);
+ return 0;
+ }
+
+ while (size) {
+ uint64_t tce;
+ uint32_t lsize;
+ uint64_t txaddr;
+
+ /* Check if we are in bound */
+ if (taddr >= dev->rtce_window_size) {
+#ifdef DEBUG_TCE
+ fprintf(stderr, "spapr_tce_dma_write out of bounds\n");
+#endif
+ return H_DEST_PARM;
+ }
+ tce = dev->rtce_table[taddr >> SPAPR_VIO_TCE_PAGE_SHIFT].tce;
+
+ /* How much til end of page ? */
+ lsize = MIN(size, ((~taddr) & SPAPR_VIO_TCE_PAGE_MASK) + 1);
+
+ /* Check TCE */
+ if (!(tce & 2)) {
+ return H_DEST_PARM;
+ }
+
+ /* Translate */
+ txaddr = (tce & ~SPAPR_VIO_TCE_PAGE_MASK) |
+ (taddr & SPAPR_VIO_TCE_PAGE_MASK);
+
+#ifdef DEBUG_TCE
+ fprintf(stderr, " -> write to txaddr=0x%llx, size=0x%x\n",
+ (unsigned long long)txaddr, lsize);
+#endif
+
+ /* Do it */
+ cpu_physical_memory_write(txaddr, buf, lsize);
+ buf += lsize;
+ taddr += lsize;
+ size -= lsize;
+ }
+ return 0;
+}
+
+int spapr_tce_dma_zero(VIOsPAPRDevice *dev, uint64_t taddr, uint32_t size)
+{
+ /* FIXME: allocating a temp buffer is nasty, but just stepping
+ * through writing zeroes is awkward. This will do for now. */
+ uint8_t zeroes[size];
+
+#ifdef DEBUG_TCE
+ fprintf(stderr, "spapr_tce_dma_zero taddr=0x%llx size=0x%x\n",
+ (unsigned long long)taddr, size);
+#endif
+
+ memset(zeroes, 0, size);
+ return spapr_tce_dma_write(dev, taddr, zeroes, size);
+}
+
+void stb_tce(VIOsPAPRDevice *dev, uint64_t taddr, uint8_t val)
+{
+ spapr_tce_dma_write(dev, taddr, &val, sizeof(val));
+}
+
+void sth_tce(VIOsPAPRDevice *dev, uint64_t taddr, uint16_t val)
+{
+ val = tswap16(val);
+ spapr_tce_dma_write(dev, taddr, &val, sizeof(val));
+}
+
+
+void stw_tce(VIOsPAPRDevice *dev, uint64_t taddr, uint32_t val)
+{
+ val = tswap32(val);
+ spapr_tce_dma_write(dev, taddr, &val, sizeof(val));
+}
+
+void stq_tce(VIOsPAPRDevice *dev, uint64_t taddr, uint64_t val)
+{
+ val = tswap64(val);
+ spapr_tce_dma_write(dev, taddr, &val, sizeof(val));
+}
+
+int spapr_tce_dma_read(VIOsPAPRDevice *dev, uint64_t taddr, void *buf,
+ uint32_t size)
+{
+#ifdef DEBUG_TCE
+ fprintf(stderr, "spapr_tce_dma_write taddr=0x%llx size=0x%x\n",
+ (unsigned long long)taddr, size);
+#endif
+
+ /* Check for bypass */
+ if (dev->flags & VIO_PAPR_FLAG_DMA_BYPASS) {
+ cpu_physical_memory_read(taddr, buf, size);
+ return 0;
+ }
+
+ while (size) {
+ uint64_t tce;
+ uint32_t lsize;
+ uint64_t txaddr;
+
+ /* Check if we are in bound */
+ if (taddr >= dev->rtce_window_size) {
+#ifdef DEBUG_TCE
+ fprintf(stderr, "spapr_tce_dma_read out of bounds\n");
+#endif
+ return H_DEST_PARM;
+ }
+ tce = dev->rtce_table[taddr >> SPAPR_VIO_TCE_PAGE_SHIFT].tce;
+
+ /* How much til end of page ? */
+ lsize = MIN(size, ((~taddr) & SPAPR_VIO_TCE_PAGE_MASK) + 1);
+
+ /* Check TCE */
+ if (!(tce & 1)) {
+ return H_DEST_PARM;
+ }
+
+ /* Translate */
+ txaddr = (tce & ~SPAPR_VIO_TCE_PAGE_MASK) |
+ (taddr & SPAPR_VIO_TCE_PAGE_MASK);
+
+#ifdef DEBUG_TCE
+ fprintf(stderr, " -> write to txaddr=0x%llx, size=0x%x\n",
+ (unsigned long long)txaddr, lsize);
+#endif
+ /* Do it */
+ cpu_physical_memory_read(txaddr, buf, lsize);
+ buf += lsize;
+ taddr += lsize;
+ size -= lsize;
+ }
+ return H_SUCCESS;
+}
+
+uint64_t ldq_tce(VIOsPAPRDevice *dev, uint64_t taddr)
+{
+ uint64_t val;
+
+ spapr_tce_dma_read(dev, taddr, &val, sizeof(val));
+ return tswap64(val);
+}
+
+/*
+ * CRQ handling
+ */
+static target_ulong h_reg_crq(CPUState *env, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ target_ulong reg = args[0];
+ target_ulong queue_addr = args[1];
+ target_ulong queue_len = args[2];
+ VIOsPAPRDevice *dev = spapr_vio_find_by_reg(spapr->vio_bus, reg);
+
+ if (!dev) {
+ hcall_dprintf("h_reg_crq on non-existent unit 0x"
+ TARGET_FMT_lx "\n", reg);
+ return H_PARAMETER;
+ }
+
+ /* We can't grok a queue size bigger than 256M for now */
+ if (queue_len < 0x1000 || queue_len > 0x10000000) {
+ hcall_dprintf("h_reg_crq, queue size too small or too big (0x%llx)\n",
+ (unsigned long long)queue_len);
+ return H_PARAMETER;
+ }
+
+ /* Check queue alignment */
+ if (queue_addr & 0xfff) {
+ hcall_dprintf("h_reg_crq, queue not aligned (0x%llx)\n",
+ (unsigned long long)queue_addr);
+ return H_PARAMETER;
+ }
+
+ /* Check if device supports CRQs */
+ if (!dev->crq.SendFunc) {
+ return H_NOT_FOUND;
+ }
+
+
+ /* Already a queue ? */
+ if (dev->crq.qsize) {
+ return H_RESOURCE;
+ }
+ dev->crq.qladdr = queue_addr;
+ dev->crq.qsize = queue_len;
+ dev->crq.qnext = 0;
+
+ dprintf("CRQ for dev 0x" TARGET_FMT_lx " registered at 0x"
+ TARGET_FMT_lx "/0x" TARGET_FMT_lx "\n",
+ reg, queue_addr, queue_len);
+ return H_SUCCESS;
+}
+
+static target_ulong h_free_crq(CPUState *env, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ target_ulong reg = args[0];
+ VIOsPAPRDevice *dev = spapr_vio_find_by_reg(spapr->vio_bus, reg);
+
+ if (!dev) {
+ hcall_dprintf("h_free_crq on non-existent unit 0x"
+ TARGET_FMT_lx "\n", reg);
+ return H_PARAMETER;
+ }
+
+ dev->crq.qladdr = 0;
+ dev->crq.qsize = 0;
+ dev->crq.qnext = 0;
+
+ dprintf("CRQ for dev 0x" TARGET_FMT_lx " freed\n", reg);
+
+ return H_SUCCESS;
+}
+
+static target_ulong h_send_crq(CPUState *env, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ target_ulong reg = args[0];
+ target_ulong msg_hi = args[1];
+ target_ulong msg_lo = args[2];
+ VIOsPAPRDevice *dev = spapr_vio_find_by_reg(spapr->vio_bus, reg);
+ uint64_t crq_mangle[2];
+
+ if (!dev) {
+ hcall_dprintf("h_send_crq on non-existent unit 0x"
+ TARGET_FMT_lx "\n", reg);
+ return H_PARAMETER;
+ }
+ crq_mangle[0] = cpu_to_be64(msg_hi);
+ crq_mangle[1] = cpu_to_be64(msg_lo);
+
+ if (dev->crq.SendFunc) {
+ return dev->crq.SendFunc(dev, (uint8_t *)crq_mangle);
+ }
+
+ return H_HARDWARE;
+}
+
+static target_ulong h_enable_crq(CPUState *env, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ target_ulong reg = args[0];
+ VIOsPAPRDevice *dev = spapr_vio_find_by_reg(spapr->vio_bus, reg);
+
+ if (!dev) {
+ hcall_dprintf("h_enable_crq on non-existent unit 0x"
+ TARGET_FMT_lx "\n", reg);
+ return H_PARAMETER;
+ }
+
+ return 0;
+}
+
+/* Returns negative error, 0 success, or positive: queue full */
+int spapr_vio_send_crq(VIOsPAPRDevice *dev, uint8_t *crq)
+{
+ int rc;
+ uint8_t byte;
+
+ if (!dev->crq.qsize) {
+ fprintf(stderr, "spapr_vio_send_creq on uninitialized queue\n");
+ return -1;
+ }
+
+ /* Maybe do a fast path for KVM just writing to the pages */
+ rc = spapr_tce_dma_read(dev, dev->crq.qladdr + dev->crq.qnext, &byte, 1);
+ if (rc) {
+ return rc;
+ }
+ if (byte != 0) {
+ return 1;
+ }
+
+ rc = spapr_tce_dma_write(dev, dev->crq.qladdr + dev->crq.qnext + 8,
+ &crq[8], 8);
+ if (rc) {
+ return rc;
+ }
+
+ kvmppc_eieio();
+
+ rc = spapr_tce_dma_write(dev, dev->crq.qladdr + dev->crq.qnext, crq, 8);
+ if (rc) {
+ return rc;
+ }
+
+ dev->crq.qnext = (dev->crq.qnext + 16) % dev->crq.qsize;
+
+ if (dev->signal_state & 1) {
+ qemu_irq_pulse(dev->qirq);
+ }
+
+ return 0;
+}
+
+/* "quiesce" handling */
+
+static void spapr_vio_quiesce_one(VIOsPAPRDevice *dev)
+{
+ dev->flags &= ~VIO_PAPR_FLAG_DMA_BYPASS;
+
+ if (dev->rtce_table) {
+ size_t size = (dev->rtce_window_size >> SPAPR_VIO_TCE_PAGE_SHIFT)
+ * sizeof(VIOsPAPR_RTCE);
+ memset(dev->rtce_table, 0, size);
+ }
+
+ dev->crq.qladdr = 0;
+ dev->crq.qsize = 0;
+ dev->crq.qnext = 0;
+}
+
+static void rtas_set_tce_bypass(sPAPREnvironment *spapr, uint32_t token,
+ uint32_t nargs, target_ulong args,
+ uint32_t nret, target_ulong rets)
+{
+ VIOsPAPRBus *bus = spapr->vio_bus;
+ VIOsPAPRDevice *dev;
+ uint32_t unit, enable;
+
+ if (nargs != 2) {
+ rtas_st(rets, 0, -3);
+ return;
+ }
+ unit = rtas_ld(args, 0);
+ enable = rtas_ld(args, 1);
+ dev = spapr_vio_find_by_reg(bus, unit);
+ if (!dev) {
+ rtas_st(rets, 0, -3);
+ return;
+ }
+ if (enable) {
+ dev->flags |= VIO_PAPR_FLAG_DMA_BYPASS;
+ } else {
+ dev->flags &= ~VIO_PAPR_FLAG_DMA_BYPASS;
+ }
+
+ rtas_st(rets, 0, 0);
+}
+
+static void rtas_quiesce(sPAPREnvironment *spapr, uint32_t token,
+ uint32_t nargs, target_ulong args,
+ uint32_t nret, target_ulong rets)
+{
+ VIOsPAPRBus *bus = spapr->vio_bus;
+ DeviceState *qdev;
+ VIOsPAPRDevice *dev = NULL;
+
+ if (nargs != 0) {
+ rtas_st(rets, 0, -3);
+ return;
+ }
+
+ QLIST_FOREACH(qdev, &bus->bus.children, sibling) {
+ dev = (VIOsPAPRDevice *)qdev;
+ spapr_vio_quiesce_one(dev);
+ }
+
+ rtas_st(rets, 0, 0);
+}
+
+static int spapr_vio_busdev_init(DeviceState *qdev, DeviceInfo *qinfo)
+{
+ VIOsPAPRDeviceInfo *info = (VIOsPAPRDeviceInfo *)qinfo;
+ VIOsPAPRDevice *dev = (VIOsPAPRDevice *)qdev;
+ char *id;
+
+ if (asprintf(&id, "%s@%x", info->dt_name, dev->reg) < 0) {
+ return -1;
+ }
+
+ dev->qdev.id = id;
+
+ rtce_init(dev);
+
+ return info->init(dev);
+}
+
+void spapr_vio_bus_register_withprop(VIOsPAPRDeviceInfo *info)
+{
+ info->qdev.init = spapr_vio_busdev_init;
+ info->qdev.bus_info = &spapr_vio_bus_info;
+
+ assert(info->qdev.size >= sizeof(VIOsPAPRDevice));
+ qdev_register(&info->qdev);
+}
+
+static target_ulong h_vio_signal(CPUState *env, sPAPREnvironment *spapr,
+ target_ulong opcode,
+ target_ulong *args)
+{
+ target_ulong reg = args[0];
+ target_ulong mode = args[1];
+ VIOsPAPRDevice *dev = spapr_vio_find_by_reg(spapr->vio_bus, reg);
+ VIOsPAPRDeviceInfo *info;
+
+ if (!dev) {
+ return H_PARAMETER;
+ }
+
+ info = (VIOsPAPRDeviceInfo *)dev->qdev.info;
+
+ if (mode & ~info->signal_mask) {
+ return H_PARAMETER;
+ }
+
+ dev->signal_state = mode;
+
+ return H_SUCCESS;
+}
+
+VIOsPAPRBus *spapr_vio_bus_init(void)
+{
+ VIOsPAPRBus *bus;
+ BusState *qbus;
+ DeviceState *dev;
+ DeviceInfo *qinfo;
+
+ /* Create bridge device */
+ dev = qdev_create(NULL, "spapr-vio-bridge");
+ qdev_init_nofail(dev);
+
+ /* Create bus on bridge device */
+
+ qbus = qbus_create(&spapr_vio_bus_info, dev, "spapr-vio");
+ bus = DO_UPCAST(VIOsPAPRBus, bus, qbus);
+
+ /* hcall-vio */
+ spapr_register_hypercall(H_VIO_SIGNAL, h_vio_signal);
+
+ /* hcall-tce */
+ spapr_register_hypercall(H_PUT_TCE, h_put_tce);
+
+ /* hcall-crq */
+ spapr_register_hypercall(H_REG_CRQ, h_reg_crq);
+ spapr_register_hypercall(H_FREE_CRQ, h_free_crq);
+ spapr_register_hypercall(H_SEND_CRQ, h_send_crq);
+ spapr_register_hypercall(H_ENABLE_CRQ, h_enable_crq);
+
+ /* RTAS calls */
+ spapr_rtas_register("ibm,set-tce-bypass", rtas_set_tce_bypass);
+ spapr_rtas_register("quiesce", rtas_quiesce);
+
+ for (qinfo = device_info_list; qinfo; qinfo = qinfo->next) {
+ VIOsPAPRDeviceInfo *info = (VIOsPAPRDeviceInfo *)qinfo;
+
+ if (qinfo->bus_info != &spapr_vio_bus_info) {
+ continue;
+ }
+
+ if (info->hcalls) {
+ info->hcalls(bus);
+ }
+ }
+
+ return bus;
+}
+
+/* Represents sPAPR hcall VIO devices */
+
+static int spapr_vio_bridge_init(SysBusDevice *dev)
+{
+ /* nothing */
+ return 0;
+}
+
+static SysBusDeviceInfo spapr_vio_bridge_info = {
+ .init = spapr_vio_bridge_init,
+ .qdev.name = "spapr-vio-bridge",
+ .qdev.size = sizeof(SysBusDevice),
+ .qdev.no_user = 1,
+};
+
+static void spapr_vio_register_devices(void)
+{
+ sysbus_register_withprop(&spapr_vio_bridge_info);
+}
+
+device_init(spapr_vio_register_devices)
+
+#ifdef CONFIG_FDT
+int spapr_populate_vdevice(VIOsPAPRBus *bus, void *fdt)
+{
+ DeviceState *qdev;
+ int ret = 0;
+
+ QLIST_FOREACH(qdev, &bus->bus.children, sibling) {
+ VIOsPAPRDevice *dev = (VIOsPAPRDevice *)qdev;
+
+ ret = vio_make_devnode(dev, fdt);
+
+ if (ret < 0) {
+ return ret;
+ }
+ }
+
+ return 0;
+}
+#endif /* CONFIG_FDT */
diff --git a/hw/spapr_vio.h b/hw/spapr_vio.h
new file mode 100644
index 0000000..841b043
--- /dev/null
+++ b/hw/spapr_vio.h
@@ -0,0 +1,112 @@
+#ifndef _HW_SPAPR_VIO_H
+#define _HW_SPAPR_VIO_H
+/*
+ * QEMU sPAPR VIO bus definitions
+ *
+ * Copyright (c) 2010 David Gibson, IBM Corporation <david@gibson.dropbear.id.au>
+ * Based on the s390 virtio bus definitions:
+ * Copyright (c) 2009 Alexander Graf <agraf@suse.de>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#define SPAPR_VIO_TCE_PAGE_SHIFT 12
+#define SPAPR_VIO_TCE_PAGE_SIZE (1ULL << SPAPR_VIO_TCE_PAGE_SHIFT)
+#define SPAPR_VIO_TCE_PAGE_MASK (SPAPR_VIO_TCE_PAGE_SIZE - 1)
+
+enum VIOsPAPR_TCEAccess {
+ SPAPR_TCE_FAULT = 0,
+ SPAPR_TCE_RO = 1,
+ SPAPR_TCE_WO = 2,
+ SPAPR_TCE_RW = 3,
+};
+
+struct VIOsPAPRDevice;
+
+typedef struct VIOsPAPR_RTCE {
+ uint64_t tce;
+} VIOsPAPR_RTCE;
+
+typedef struct VIOsPAPR_CRQ {
+ uint64_t qladdr;
+ uint32_t qsize;
+ uint32_t qnext;
+ int(*SendFunc)(struct VIOsPAPRDevice *vdev, uint8_t *crq);
+} VIOsPAPR_CRQ;
+
+typedef struct VIOsPAPRDevice {
+ DeviceState qdev;
+ uint32_t reg;
+ uint32_t flags;
+#define VIO_PAPR_FLAG_DMA_BYPASS 0x1
+ qemu_irq qirq;
+ uint32_t vio_irq_num;
+ target_ulong signal_state;
+ uint32_t rtce_window_size;
+ VIOsPAPR_RTCE *rtce_table;
+ VIOsPAPR_CRQ crq;
+} VIOsPAPRDevice;
+
+typedef struct VIOsPAPRBus {
+ BusState bus;
+} VIOsPAPRBus;
+
+typedef struct {
+ DeviceInfo qdev;
+ const char *dt_name, *dt_type, *dt_compatible;
+ target_ulong signal_mask;
+ int (*init)(VIOsPAPRDevice *dev);
+ void (*hcalls)(VIOsPAPRBus *bus);
+ int (*devnode)(VIOsPAPRDevice *dev, void *fdt, int node_off);
+} VIOsPAPRDeviceInfo;
+
+extern VIOsPAPRBus *spapr_vio_bus_init(void);
+extern VIOsPAPRDevice *spapr_vio_find_by_reg(VIOsPAPRBus *bus, uint32_t reg);
+extern void spapr_vio_bus_register_withprop(VIOsPAPRDeviceInfo *info);
+extern int spapr_populate_vdevice(VIOsPAPRBus *bus, void *fdt);
+
+extern int spapr_vio_signal(VIOsPAPRDevice *dev, target_ulong mode);
+
+int spapr_vio_check_tces(VIOsPAPRDevice *dev, target_ulong ioba,
+ target_ulong len,
+ enum VIOsPAPR_TCEAccess access);
+
+int spapr_tce_dma_read(VIOsPAPRDevice *dev, uint64_t taddr,
+ void *buf, uint32_t size);
+int spapr_tce_dma_write(VIOsPAPRDevice *dev, uint64_t taddr,
+ const void *buf, uint32_t size);
+int spapr_tce_dma_zero(VIOsPAPRDevice *dev, uint64_t taddr, uint32_t size);
+void stb_tce(VIOsPAPRDevice *dev, uint64_t taddr, uint8_t val);
+void sth_tce(VIOsPAPRDevice *dev, uint64_t taddr, uint16_t val);
+void stw_tce(VIOsPAPRDevice *dev, uint64_t taddr, uint32_t val);
+void stq_tce(VIOsPAPRDevice *dev, uint64_t taddr, uint64_t val);
+uint64_t ldq_tce(VIOsPAPRDevice *dev, uint64_t taddr);
+
+int spapr_vio_send_crq(VIOsPAPRDevice *dev, uint8_t *crq);
+
+void vty_putchars(VIOsPAPRDevice *sdev, uint8_t *buf, int len);
+void spapr_vty_create(VIOsPAPRBus *bus,
+ uint32_t reg, CharDriverState *chardev,
+ qemu_irq qirq, uint32_t vio_irq_num);
+
+void spapr_vlan_create(VIOsPAPRBus *bus, uint32_t reg, NICInfo *nd,
+ qemu_irq qirq, uint32_t vio_irq_num);
+
+void spapr_vscsi_create(VIOsPAPRBus *bus, uint32_t reg,
+ qemu_irq qirq, uint32_t vio_irq_num);
+
+int spapr_tce_set_bypass(uint32_t unit, uint32_t enable);
+void spapr_vio_quiesce(void);
+
+#endif /* _HW_SPAPR_VIO_H */
diff --git a/hw/spapr_vscsi.c b/hw/spapr_vscsi.c
new file mode 100644
index 0000000..9928334
--- /dev/null
+++ b/hw/spapr_vscsi.c
@@ -0,0 +1,988 @@
+/*
+ * QEMU PowerPC pSeries Logical Partition (aka sPAPR) hardware System Emulator
+ *
+ * PAPR Virtual SCSI, aka ibmvscsi
+ *
+ * Copyright (c) 2010,2011 Benjamin Herrenschmidt, IBM Corporation.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ * TODO:
+ *
+ * - Cleanups :-)
+ * - Sort out better how to assign devices to VSCSI instances
+ * - Fix residual counts
+ * - Add indirect descriptors support
+ * - Maybe do autosense (PAPR seems to mandate it, linux doesn't care)
+ */
+#include "hw.h"
+#include "scsi.h"
+#include "scsi-defs.h"
+#include "net.h" /* Remove that when we can */
+#include "srp.h"
+#include "hw/qdev.h"
+#include "hw/spapr.h"
+#include "hw/spapr_vio.h"
+#include "hw/ppc-viosrp.h"
+
+#include <libfdt.h>
+
+/*#define DEBUG_VSCSI*/
+
+#ifdef DEBUG_VSCSI
+#define dprintf(fmt, ...) \
+ do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
+#else
+#define dprintf(fmt, ...) \
+ do { } while (0)
+#endif
+
+/*
+ * Virtual SCSI device
+ */
+
+/* Random numbers */
+#define VSCSI_MAX_SECTORS 4096
+#define VSCSI_REQ_LIMIT 24
+
+#define SCSI_SENSE_BUF_SIZE 96
+#define SRP_RSP_SENSE_DATA_LEN 18
+
+typedef union vscsi_crq {
+ struct viosrp_crq s;
+ uint8_t raw[16];
+} vscsi_crq;
+
+typedef struct vscsi_req {
+ vscsi_crq crq;
+ union viosrp_iu iu;
+
+ /* SCSI request tracking */
+ SCSIDevice *sdev;
+ uint32_t qtag; /* qemu tag != srp tag */
+ int lun;
+ int active;
+ long data_len;
+ int writing;
+ int sensing;
+ int senselen;
+ uint8_t sense[SCSI_SENSE_BUF_SIZE];
+
+ /* RDMA related bits */
+ uint8_t dma_fmt;
+ struct srp_direct_buf ext_desc;
+ struct srp_direct_buf *cur_desc;
+ struct srp_indirect_buf *ind_desc;
+ int local_desc;
+ int total_desc;
+} vscsi_req;
+
+
+typedef struct {
+ VIOsPAPRDevice vdev;
+ SCSIBus bus;
+ vscsi_req reqs[VSCSI_REQ_LIMIT];
+} VSCSIState;
+
+/* XXX Debug only */
+static VSCSIState *dbg_vscsi_state;
+
+
+static struct vscsi_req *vscsi_get_req(VSCSIState *s)
+{
+ vscsi_req *req;
+ int i;
+
+ for (i = 0; i < VSCSI_REQ_LIMIT; i++) {
+ req = &s->reqs[i];
+ if (!req->active) {
+ memset(req, 0, sizeof(*req));
+ req->qtag = i;
+ req->active = 1;
+ return req;
+ }
+ }
+ return NULL;
+}
+
+static void vscsi_put_req(VSCSIState *s, vscsi_req *req)
+{
+ req->active = 0;
+}
+
+static vscsi_req *vscsi_find_req(VSCSIState *s, uint32_t tag)
+{
+ if (tag >= VSCSI_REQ_LIMIT || !s->reqs[tag].active) {
+ return NULL;
+ }
+ return &s->reqs[tag];
+}
+
+static void vscsi_decode_id_lun(uint64_t srp_lun, int *id, int *lun)
+{
+ /* XXX Figure that one out properly ! This is crackpot */
+ *id = (srp_lun >> 56) & 0x7f;
+ *lun = (srp_lun >> 48) & 0xff;
+}
+
+static int vscsi_send_iu(VSCSIState *s, vscsi_req *req,
+ uint64_t length, uint8_t format)
+{
+ long rc, rc1;
+
+ /* First copy the SRP */
+ rc = spapr_tce_dma_write(&s->vdev, req->crq.s.IU_data_ptr,
+ &req->iu, length);
+ if (rc) {
+ fprintf(stderr, "vscsi_send_iu: DMA write failure !\n");
+ }
+
+ req->crq.s.valid = 0x80;
+ req->crq.s.format = format;
+ req->crq.s.reserved = 0x00;
+ req->crq.s.timeout = cpu_to_be16(0x0000);
+ req->crq.s.IU_length = cpu_to_be16(length);
+ req->crq.s.IU_data_ptr = req->iu.srp.rsp.tag; /* right byte order */
+
+ if (rc == 0) {
+ req->crq.s.status = 0x99; /* Just needs to be non-zero */
+ } else {
+ req->crq.s.status = 0x00;
+ }
+
+ rc1 = spapr_vio_send_crq(&s->vdev, req->crq.raw);
+ if (rc1) {
+ fprintf(stderr, "vscsi_send_iu: Error sending response\n");
+ return rc1;
+ }
+
+ return rc;
+}
+
+static void vscsi_makeup_sense(VSCSIState *s, vscsi_req *req,
+ uint8_t key, uint8_t asc, uint8_t ascq)
+{
+ req->senselen = SRP_RSP_SENSE_DATA_LEN;
+
+ /* Valid bit and 'current errors' */
+ req->sense[0] = (0x1 << 7 | 0x70);
+ /* Sense key */
+ req->sense[2] = key;
+ /* Additional sense length */
+ req->sense[7] = 0xa; /* 10 bytes */
+ /* Additional sense code */
+ req->sense[12] = asc;
+ req->sense[13] = ascq;
+}
+
+static int vscsi_send_rsp(VSCSIState *s, vscsi_req *req,
+ uint8_t status, int32_t res_in, int32_t res_out)
+{
+ union viosrp_iu *iu = &req->iu;
+ uint64_t tag = iu->srp.rsp.tag;
+ int total_len = sizeof(iu->srp.rsp);
+
+ dprintf("VSCSI: Sending resp status: 0x%x, "
+ "res_in: %d, res_out: %d\n", status, res_in, res_out);
+
+ memset(iu, 0, sizeof(struct srp_rsp));
+ iu->srp.rsp.opcode = SRP_RSP;
+ iu->srp.rsp.req_lim_delta = cpu_to_be32(1);
+ iu->srp.rsp.tag = tag;
+
+ /* Handle residuals */
+ if (res_in < 0) {
+ iu->srp.rsp.flags |= SRP_RSP_FLAG_DIUNDER;
+ res_in = -res_in;
+ } else if (res_in) {
+ iu->srp.rsp.flags |= SRP_RSP_FLAG_DIOVER;
+ }
+ if (res_out < 0) {
+ iu->srp.rsp.flags |= SRP_RSP_FLAG_DOUNDER;
+ res_out = -res_out;
+ } else if (res_out) {
+ iu->srp.rsp.flags |= SRP_RSP_FLAG_DOOVER;
+ }
+ iu->srp.rsp.data_in_res_cnt = cpu_to_be32(res_in);
+ iu->srp.rsp.data_out_res_cnt = cpu_to_be32(res_out);
+
+ /* We don't do response data */
+ /* iu->srp.rsp.flags &= ~SRP_RSP_FLAG_RSPVALID; */
+ iu->srp.rsp.resp_data_len = cpu_to_be32(0);
+
+ /* Handle success vs. failure */
+ iu->srp.rsp.status = status;
+ if (status) {
+ iu->srp.rsp.sol_not = (iu->srp.cmd.sol_not & 0x04) >> 2;
+ if (req->senselen) {
+ req->iu.srp.rsp.flags |= SRP_RSP_FLAG_SNSVALID;
+ req->iu.srp.rsp.sense_data_len = cpu_to_be32(req->senselen);
+ memcpy(req->iu.srp.rsp.data, req->sense, req->senselen);
+ total_len += req->senselen;
+ }
+ } else {
+ iu->srp.rsp.sol_not = (iu->srp.cmd.sol_not & 0x02) >> 1;
+ }
+
+ vscsi_send_iu(s, req, total_len, VIOSRP_SRP_FORMAT);
+ return 0;
+}
+
+static inline void vscsi_swap_desc(struct srp_direct_buf *desc)
+{
+ desc->va = be64_to_cpu(desc->va);
+ desc->len = be32_to_cpu(desc->len);
+}
+
+static int vscsi_srp_direct_data(VSCSIState *s, vscsi_req *req,
+ uint8_t *buf, uint32_t len)
+{
+ struct srp_direct_buf *md = req->cur_desc;
+ uint32_t llen;
+ int rc = 0;
+
+ dprintf("VSCSI: direct segment 0x%x bytes, va=0x%llx desc len=0x%x\n",
+ len, (unsigned long long)md->va, md->len);
+
+ llen = MIN(len, md->len);
+ if (llen) {
+ if (req->writing) { /* writing = to device = reading from memory */
+ rc = spapr_tce_dma_read(&s->vdev, md->va, buf, llen);
+ } else {
+ rc = spapr_tce_dma_write(&s->vdev, md->va, buf, llen);
+ }
+ }
+ md->len -= llen;
+ md->va += llen;
+
+ if (rc) {
+ return -1;
+ }
+ return llen;
+}
+
+static int vscsi_srp_indirect_data(VSCSIState *s, vscsi_req *req,
+ uint8_t *buf, uint32_t len)
+{
+ struct srp_direct_buf *td = &req->ind_desc->table_desc;
+ struct srp_direct_buf *md = req->cur_desc;
+ int rc = 0;
+ uint32_t llen, total = 0;
+
+ dprintf("VSCSI: indirect segment 0x%x bytes, td va=0x%llx len=0x%x\n",
+ len, (unsigned long long)td->va, td->len);
+
+ /* While we have data ... */
+ while (len) {
+ /* If we have a descriptor but it's empty, go fetch a new one */
+ if (md && md->len == 0) {
+ /* More local available, use one */
+ if (req->local_desc) {
+ md = ++req->cur_desc;
+ --req->local_desc;
+ --req->total_desc;
+ td->va += sizeof(struct srp_direct_buf);
+ } else {
+ md = req->cur_desc = NULL;
+ }
+ }
+ /* No descriptor at hand, fetch one */
+ if (!md) {
+ if (!req->total_desc) {
+ dprintf("VSCSI: Out of descriptors !\n");
+ break;
+ }
+ md = req->cur_desc = &req->ext_desc;
+ dprintf("VSCSI: Reading desc from 0x%llx\n",
+ (unsigned long long)td->va);
+ rc = spapr_tce_dma_read(&s->vdev, td->va, md,
+ sizeof(struct srp_direct_buf));
+ if (rc) {
+ dprintf("VSCSI: tce_dma_read -> %d reading ext_desc\n", rc);
+ break;
+ }
+ vscsi_swap_desc(md);
+ td->va += sizeof(struct srp_direct_buf);
+ --req->total_desc;
+ }
+ dprintf("VSCSI: [desc va=0x%llx,len=0x%x] remaining=0x%x\n",
+ (unsigned long long)md->va, md->len, len);
+
+ /* Perform transfer */
+ llen = MIN(len, md->len);
+ if (req->writing) { /* writing = to device = reading from memory */
+ rc = spapr_tce_dma_read(&s->vdev, md->va, buf, llen);
+ } else {
+ rc = spapr_tce_dma_write(&s->vdev, md->va, buf, llen);
+ }
+ if (rc) {
+ dprintf("VSCSI: tce_dma_r/w(%d) -> %d\n", req->writing, rc);
+ break;
+ }
+ dprintf("VSCSI: data: %02x %02x %02x %02x...\n",
+ buf[0], buf[1], buf[2], buf[3]);
+
+ len -= llen;
+ buf += llen;
+ total += llen;
+ md->va += llen;
+ md->len -= llen;
+ }
+ return rc ? -1 : total;
+}
+
+static int vscsi_srp_transfer_data(VSCSIState *s, vscsi_req *req,
+ int writing, uint8_t *buf, uint32_t len)
+{
+ int err = 0;
+
+ switch (req->dma_fmt) {
+ case SRP_NO_DATA_DESC:
+ dprintf("VSCSI: no data desc transfer, skipping 0x%x bytes\n", len);
+ break;
+ case SRP_DATA_DESC_DIRECT:
+ err = vscsi_srp_direct_data(s, req, buf, len);
+ break;
+ case SRP_DATA_DESC_INDIRECT:
+ err = vscsi_srp_indirect_data(s, req, buf, len);
+ break;
+ }
+ return err;
+}
+
+/* Bits from linux srp */
+static int data_out_desc_size(struct srp_cmd *cmd)
+{
+ int size = 0;
+ uint8_t fmt = cmd->buf_fmt >> 4;
+
+ switch (fmt) {
+ case SRP_NO_DATA_DESC:
+ break;
+ case SRP_DATA_DESC_DIRECT:
+ size = sizeof(struct srp_direct_buf);
+ break;
+ case SRP_DATA_DESC_INDIRECT:
+ size = sizeof(struct srp_indirect_buf) +
+ sizeof(struct srp_direct_buf)*cmd->data_out_desc_cnt;
+ break;
+ default:
+ break;
+ }
+ return size;
+}
+
+static int vscsi_preprocess_desc(vscsi_req *req)
+{
+ struct srp_cmd *cmd = &req->iu.srp.cmd;
+ int offset, i;
+
+ offset = cmd->add_cdb_len & ~3;
+
+ if (req->writing) {
+ req->dma_fmt = cmd->buf_fmt >> 4;
+ } else {
+ offset += data_out_desc_size(cmd);
+ req->dma_fmt = cmd->buf_fmt & ((1U << 4) - 1);
+ }
+
+ switch (req->dma_fmt) {
+ case SRP_NO_DATA_DESC:
+ break;
+ case SRP_DATA_DESC_DIRECT:
+ req->cur_desc = (struct srp_direct_buf *)(cmd->add_data + offset);
+ req->total_desc = req->local_desc = 1;
+ vscsi_swap_desc(req->cur_desc);
+ dprintf("VSCSI: using direct RDMA %s, 0x%x bytes MD: 0x%llx\n",
+ req->writing ? "write" : "read",
+ req->cur_desc->len, (unsigned long long)req->cur_desc->va);
+ break;
+ case SRP_DATA_DESC_INDIRECT:
+ req->ind_desc = (struct srp_indirect_buf *)(cmd->add_data + offset);
+ vscsi_swap_desc(&req->ind_desc->table_desc);
+ req->total_desc = req->ind_desc->table_desc.len /
+ sizeof(struct srp_direct_buf);
+ req->local_desc = req->writing ? cmd->data_out_desc_cnt :
+ cmd->data_in_desc_cnt;
+ for (i = 0; i < req->local_desc; i++) {
+ vscsi_swap_desc(&req->ind_desc->desc_list[i]);
+ }
+ req->cur_desc = req->local_desc ? &req->ind_desc->desc_list[0] : NULL;
+ dprintf("VSCSI: using indirect RDMA %s, 0x%x bytes %d descs "
+ "(%d local) VA: 0x%llx\n",
+ req->writing ? "read" : "write",
+ be32_to_cpu(req->ind_desc->len),
+ req->total_desc, req->local_desc,
+ (unsigned long long)req->ind_desc->table_desc.va);
+ break;
+ default:
+ fprintf(stderr,
+ "vscsi_preprocess_desc: Unknown format %x\n", req->dma_fmt);
+ return -1;
+ }
+
+ return 0;
+}
+
+static void vscsi_send_request_sense(VSCSIState *s, vscsi_req *req)
+{
+ SCSIDevice *sdev = req->sdev;
+ uint8_t *cdb = req->iu.srp.cmd.cdb;
+ int n;
+
+ cdb[0] = 3;
+ cdb[1] = 0;
+ cdb[2] = 0;
+ cdb[3] = 0;
+ cdb[4] = 96;
+ cdb[5] = 0;
+ req->sensing = 1;
+ n = sdev->info->send_command(sdev, req->qtag, cdb, req->lun);
+ dprintf("VSCSI: Queued request sense tag 0x%x\n", req->qtag);
+ if (n < 0) {
+ fprintf(stderr, "VSCSI: REQUEST_SENSE wants write data !?!?!?\n");
+ sdev->info->cancel_io(sdev, req->qtag);
+ vscsi_makeup_sense(s, req, HARDWARE_ERROR, 0, 0);
+ vscsi_send_rsp(s, req, CHECK_CONDITION, 0, 0);
+ vscsi_put_req(s, req);
+ return;
+ } else if (n == 0) {
+ return;
+ }
+ sdev->info->read_data(sdev, req->qtag);
+}
+
+/* Callback to indicate that the SCSI layer has completed a transfer. */
+static void vscsi_command_complete(SCSIBus *bus, int reason, uint32_t tag,
+ uint32_t arg)
+{
+ VSCSIState *s = DO_UPCAST(VSCSIState, vdev.qdev, bus->qbus.parent);
+ vscsi_req *req = vscsi_find_req(s, tag);
+ SCSIDevice *sdev;
+ uint8_t *buf;
+ int32_t res_in = 0, res_out = 0;
+ int len, rc = 0;
+
+ dprintf("VSCSI: SCSI cmd complete, r=0x%x tag=0x%x arg=0x%x, req=%p\n",
+ reason, tag, arg, req);
+ if (req == NULL) {
+ fprintf(stderr, "VSCSI: Can't find request for tag 0x%x\n", tag);
+ return;
+ }
+ sdev = req->sdev;
+
+ if (req->sensing) {
+ if (reason == SCSI_REASON_DONE) {
+ dprintf("VSCSI: Sense done !\n");
+ vscsi_send_rsp(s, req, CHECK_CONDITION, 0, 0);
+ vscsi_put_req(s, req);
+ } else {
+ uint8_t *buf = sdev->info->get_buf(sdev, tag);
+
+ len = MIN(arg, SCSI_SENSE_BUF_SIZE);
+ dprintf("VSCSI: Sense data, %d bytes:\n", len);
+ dprintf(" %02x %02x %02x %02x %02x %02x %02x %02x\n",
+ buf[0], buf[1], buf[2], buf[3],
+ buf[4], buf[5], buf[6], buf[7]);
+ dprintf(" %02x %02x %02x %02x %02x %02x %02x %02x\n",
+ buf[8], buf[9], buf[10], buf[11],
+ buf[12], buf[13], buf[14], buf[15]);
+ memcpy(req->sense, buf, len);
+ req->senselen = len;
+ sdev->info->read_data(sdev, req->qtag);
+ }
+ return;
+ }
+
+ if (reason == SCSI_REASON_DONE) {
+ dprintf("VSCSI: Command complete err=%d\n", arg);
+ if (arg == 0) {
+ /* We handle overflows, not underflows for normal commands,
+ * but hopefully nobody cares
+ */
+ if (req->writing) {
+ res_out = req->data_len;
+ } else {
+ res_in = req->data_len;
+ }
+ vscsi_send_rsp(s, req, 0, res_in, res_out);
+ } else if (arg == CHECK_CONDITION) {
+ dprintf("VSCSI: Got CHECK_CONDITION, requesting sense...\n");
+ vscsi_send_request_sense(s, req);
+ return;
+ } else {
+ vscsi_send_rsp(s, req, arg, 0, 0);
+ }
+ vscsi_put_req(s, req);
+ return;
+ }
+
+ /* "arg" is how much we have read for reads and how much we want
+ * to write for writes (ie, how much is to be DMA'd)
+ */
+ if (arg) {
+ buf = sdev->info->get_buf(sdev, tag);
+ rc = vscsi_srp_transfer_data(s, req, req->writing, buf, arg);
+ }
+ if (rc < 0) {
+ fprintf(stderr, "VSCSI: RDMA error rc=%d!\n", rc);
+ sdev->info->cancel_io(sdev, req->qtag);
+ vscsi_makeup_sense(s, req, HARDWARE_ERROR, 0, 0);
+ vscsi_send_rsp(s, req, CHECK_CONDITION, 0, 0);
+ vscsi_put_req(s, req);
+ return;
+ }
+
+ /* Start next chunk */
+ req->data_len -= rc;
+ if (req->writing) {
+ sdev->info->write_data(sdev, req->qtag);
+ } else {
+ sdev->info->read_data(sdev, req->qtag);
+ }
+}
+
+static void vscsi_process_login(VSCSIState *s, vscsi_req *req)
+{
+ union viosrp_iu *iu = &req->iu;
+ struct srp_login_rsp *rsp = &iu->srp.login_rsp;
+ uint64_t tag = iu->srp.rsp.tag;
+
+ dprintf("VSCSI: Got login, sendin response !\n");
+
+ /* TODO handle case that requested size is wrong and
+ * buffer format is wrong
+ */
+ memset(iu, 0, sizeof(struct srp_login_rsp));
+ rsp->opcode = SRP_LOGIN_RSP;
+ /* Don't advertise quite as many request as we support to
+ * keep room for management stuff etc...
+ */
+ rsp->req_lim_delta = cpu_to_be32(VSCSI_REQ_LIMIT-2);
+ rsp->tag = tag;
+ rsp->max_it_iu_len = cpu_to_be32(sizeof(union srp_iu));
+ rsp->max_ti_iu_len = cpu_to_be32(sizeof(union srp_iu));
+ /* direct and indirect */
+ rsp->buf_fmt = cpu_to_be16(SRP_BUF_FORMAT_DIRECT | SRP_BUF_FORMAT_INDIRECT);
+
+ vscsi_send_iu(s, req, sizeof(*rsp), VIOSRP_SRP_FORMAT);
+}
+
+static void vscsi_inquiry_no_target(VSCSIState *s, vscsi_req *req)
+{
+ uint8_t *cdb = req->iu.srp.cmd.cdb;
+ uint8_t resp_data[36];
+ int rc, len, alen;
+
+ /* We dont do EVPD. Also check that page_code is 0 */
+ if ((cdb[1] & 0x01) || (cdb[1] & 0x01) || cdb[2] != 0) {
+ /* Send INVALID FIELD IN CDB */
+ vscsi_makeup_sense(s, req, ILLEGAL_REQUEST, 0x24, 0);
+ vscsi_send_rsp(s, req, CHECK_CONDITION, 0, 0);
+ return;
+ }
+ alen = cdb[3];
+ alen = (alen << 8) | cdb[4];
+ len = MIN(alen, 36);
+
+ /* Fake up inquiry using PQ=3 */
+ memset(resp_data, 0, 36);
+ resp_data[0] = 0x7f; /* Not capable of supporting a device here */
+ resp_data[2] = 0x06; /* SPS-4 */
+ resp_data[3] = 0x02; /* Resp data format */
+ resp_data[4] = 36 - 5; /* Additional length */
+ resp_data[7] = 0x10; /* Sync transfers */
+ memcpy(&resp_data[16], "QEMU EMPTY ", 16);
+ memcpy(&resp_data[8], "QEMU ", 8);
+
+ req->writing = 0;
+ vscsi_preprocess_desc(req);
+ rc = vscsi_srp_transfer_data(s, req, 0, resp_data, len);
+ if (rc < 0) {
+ vscsi_makeup_sense(s, req, HARDWARE_ERROR, 0, 0);
+ vscsi_send_rsp(s, req, CHECK_CONDITION, 0, 0);
+ } else {
+ vscsi_send_rsp(s, req, 0, 36 - rc, 0);
+ }
+}
+
+static int vscsi_queue_cmd(VSCSIState *s, vscsi_req *req)
+{
+ union srp_iu *srp = &req->iu.srp;
+ SCSIDevice *sdev;
+ int n, id, lun;
+
+ vscsi_decode_id_lun(be64_to_cpu(srp->cmd.lun), &id, &lun);
+
+ /* Qemu vs. linux issue with LUNs to be sorted out ... */
+ sdev = (id < 8 && lun < 16) ? s->bus.devs[id] : NULL;
+ if (!sdev) {
+ dprintf("VSCSI: Command for id %d with no drive\n", id);
+ if (srp->cmd.cdb[0] == INQUIRY) {
+ vscsi_inquiry_no_target(s, req);
+ } else {
+ vscsi_makeup_sense(s, req, ILLEGAL_REQUEST, 0x24, 0x00);
+ vscsi_send_rsp(s, req, CHECK_CONDITION, 0, 0);
+ } return 1;
+ }
+
+ req->sdev = sdev;
+ req->lun = lun;
+ n = sdev->info->send_command(sdev, req->qtag, srp->cmd.cdb, lun);
+
+ dprintf("VSCSI: Queued command tag 0x%x CMD 0x%x ID %d LUN %d ret: %d\n",
+ req->qtag, srp->cmd.cdb[0], id, lun, n);
+
+ if (n) {
+ /* Transfer direction must be set before preprocessing the
+ * descriptors
+ */
+ req->writing = (n < 1);
+
+ /* Preprocess RDMA descriptors */
+ vscsi_preprocess_desc(req);
+ }
+
+ /* Get transfer direction and initiate transfer */
+ if (n > 0) {
+ req->data_len = n;
+ sdev->info->read_data(sdev, req->qtag);
+ } else if (n < 0) {
+ req->data_len = -n;
+ sdev->info->write_data(sdev, req->qtag);
+ }
+ /* Don't touch req here, it may have been recycled already */
+
+ return 0;
+}
+
+static int vscsi_process_tsk_mgmt(VSCSIState *s, vscsi_req *req)
+{
+ union viosrp_iu *iu = &req->iu;
+ int fn;
+
+ fprintf(stderr, "vscsi_process_tsk_mgmt %02x\n",
+ iu->srp.tsk_mgmt.tsk_mgmt_func);
+
+ switch (iu->srp.tsk_mgmt.tsk_mgmt_func) {
+#if 0 /* We really don't deal with these for now */
+ case SRP_TSK_ABORT_TASK:
+ fn = ABORT_TASK;
+ break;
+ case SRP_TSK_ABORT_TASK_SET:
+ fn = ABORT_TASK_SET;
+ break;
+ case SRP_TSK_CLEAR_TASK_SET:
+ fn = CLEAR_TASK_SET;
+ break;
+ case SRP_TSK_LUN_RESET:
+ fn = LOGICAL_UNIT_RESET;
+ break;
+ case SRP_TSK_CLEAR_ACA:
+ fn = CLEAR_ACA;
+ break;
+#endif
+ default:
+ fn = 0;
+ }
+ if (fn) {
+ /* XXX Send/Handle target task management */
+ ;
+ } else {
+ vscsi_makeup_sense(s, req, ILLEGAL_REQUEST, 0x20, 0);
+ vscsi_send_rsp(s, req, CHECK_CONDITION, 0, 0);
+ }
+ return !fn;
+}
+
+static int vscsi_handle_srp_req(VSCSIState *s, vscsi_req *req)
+{
+ union srp_iu *srp = &req->iu.srp;
+ int done = 1;
+ uint8_t opcode = srp->rsp.opcode;
+
+ switch (opcode) {
+ case SRP_LOGIN_REQ:
+ vscsi_process_login(s, req);
+ break;
+ case SRP_TSK_MGMT:
+ done = vscsi_process_tsk_mgmt(s, req);
+ break;
+ case SRP_CMD:
+ done = vscsi_queue_cmd(s, req);
+ break;
+ case SRP_LOGIN_RSP:
+ case SRP_I_LOGOUT:
+ case SRP_T_LOGOUT:
+ case SRP_RSP:
+ case SRP_CRED_REQ:
+ case SRP_CRED_RSP:
+ case SRP_AER_REQ:
+ case SRP_AER_RSP:
+ fprintf(stderr, "VSCSI: Unsupported opcode %02x\n", opcode);
+ break;
+ default:
+ fprintf(stderr, "VSCSI: Unknown type %02x\n", opcode);
+ }
+
+ return done;
+}
+
+static int vscsi_send_adapter_info(VSCSIState *s, vscsi_req *req)
+{
+ struct viosrp_adapter_info *sinfo;
+ struct mad_adapter_info_data info;
+ int rc;
+
+ sinfo = &req->iu.mad.adapter_info;
+
+#if 0 /* What for ? */
+ rc = spapr_tce_dma_read(&s->vdev, be64_to_cpu(sinfo->buffer),
+ &info, be16_to_cpu(sinfo->common.length));
+ if (rc) {
+ fprintf(stderr, "vscsi_send_adapter_info: DMA read failure !\n");
+ }
+#endif
+ memset(&info, 0, sizeof(info));
+ strcpy(info.srp_version, SRP_VERSION);
+ strncpy(info.partition_name, "qemu", sizeof("qemu"));
+ info.partition_number = cpu_to_be32(0);
+ info.mad_version = cpu_to_be32(1);
+ info.os_type = cpu_to_be32(2);
+ info.port_max_txu[0] = cpu_to_be32(VSCSI_MAX_SECTORS << 9);
+
+ rc = spapr_tce_dma_write(&s->vdev, be64_to_cpu(sinfo->buffer),
+ &info, be16_to_cpu(sinfo->common.length));
+ if (rc) {
+ fprintf(stderr, "vscsi_send_adapter_info: DMA write failure !\n");
+ }
+
+ sinfo->common.status = rc ? cpu_to_be32(1) : 0;
+
+ return vscsi_send_iu(s, req, sizeof(*sinfo), VIOSRP_MAD_FORMAT);
+}
+
+static int vscsi_handle_mad_req(VSCSIState *s, vscsi_req *req)
+{
+ union mad_iu *mad = &req->iu.mad;
+
+ switch (be32_to_cpu(mad->empty_iu.common.type)) {
+ case VIOSRP_EMPTY_IU_TYPE:
+ fprintf(stderr, "Unsupported EMPTY MAD IU\n");
+ break;
+ case VIOSRP_ERROR_LOG_TYPE:
+ fprintf(stderr, "Unsupported ERROR LOG MAD IU\n");
+ mad->error_log.common.status = cpu_to_be16(1);
+ vscsi_send_iu(s, req, sizeof(mad->error_log), VIOSRP_MAD_FORMAT);
+ break;
+ case VIOSRP_ADAPTER_INFO_TYPE:
+ vscsi_send_adapter_info(s, req);
+ break;
+ case VIOSRP_HOST_CONFIG_TYPE:
+ mad->host_config.common.status = cpu_to_be16(1);
+ vscsi_send_iu(s, req, sizeof(mad->host_config), VIOSRP_MAD_FORMAT);
+ break;
+ default:
+ fprintf(stderr, "VSCSI: Unknown MAD type %02x\n",
+ be32_to_cpu(mad->empty_iu.common.type));
+ }
+
+ return 1;
+}
+
+static void vscsi_got_payload(VSCSIState *s, vscsi_crq *crq)
+{
+ vscsi_req *req;
+ int done;
+
+ req = vscsi_get_req(s);
+ if (req == NULL) {
+ fprintf(stderr, "VSCSI: Failed to get a request !\n");
+ return;
+ }
+
+ /* We only support a limited number of descriptors, we know
+ * the ibmvscsi driver uses up to 10 max, so it should fit
+ * in our 256 bytes IUs. If not we'll have to increase the size
+ * of the structure.
+ */
+ if (crq->s.IU_length > sizeof(union viosrp_iu)) {
+ fprintf(stderr, "VSCSI: SRP IU too long (%d bytes) !\n",
+ crq->s.IU_length);
+ return;
+ }
+
+ /* XXX Handle failure differently ? */
+ if (spapr_tce_dma_read(&s->vdev, crq->s.IU_data_ptr, &req->iu,
+ crq->s.IU_length)) {
+ fprintf(stderr, "vscsi_got_payload: DMA read failure !\n");
+ qemu_free(req);
+ }
+ memcpy(&req->crq, crq, sizeof(vscsi_crq));
+
+ if (crq->s.format == VIOSRP_MAD_FORMAT) {
+ done = vscsi_handle_mad_req(s, req);
+ } else {
+ done = vscsi_handle_srp_req(s, req);
+ }
+
+ if (done) {
+ vscsi_put_req(s, req);
+ }
+}
+
+
+static int vscsi_do_crq(struct VIOsPAPRDevice *dev, uint8_t *crq_data)
+{
+ VSCSIState *s = DO_UPCAST(VSCSIState, vdev, dev);
+ vscsi_crq crq;
+
+ memcpy(crq.raw, crq_data, 16);
+ crq.s.timeout = be16_to_cpu(crq.s.timeout);
+ crq.s.IU_length = be16_to_cpu(crq.s.IU_length);
+ crq.s.IU_data_ptr = be64_to_cpu(crq.s.IU_data_ptr);
+
+ dprintf("VSCSI: do_crq %02x %02x ...\n", crq.raw[0], crq.raw[1]);
+
+ switch (crq.s.valid) {
+ case 0xc0: /* Init command/response */
+
+ /* Respond to initialization request */
+ if (crq.s.format == 0x01) {
+ memset(crq.raw, 0, 16);
+ crq.s.valid = 0xc0;
+ crq.s.format = 0x02;
+ spapr_vio_send_crq(dev, crq.raw);
+ }
+
+ /* Note that in hotplug cases, we might get a 0x02
+ * as a result of us emitting the init request
+ */
+
+ break;
+ case 0xff: /* Link event */
+
+ /* Not handled for now */
+
+ break;
+ case 0x80: /* Payloads */
+ switch (crq.s.format) {
+ case VIOSRP_SRP_FORMAT: /* AKA VSCSI request */
+ case VIOSRP_MAD_FORMAT: /* AKA VSCSI response */
+ vscsi_got_payload(s, &crq);
+ break;
+ case VIOSRP_OS400_FORMAT:
+ case VIOSRP_AIX_FORMAT:
+ case VIOSRP_LINUX_FORMAT:
+ case VIOSRP_INLINE_FORMAT:
+ fprintf(stderr, "vscsi_do_srq: Unsupported payload format %02x\n",
+ crq.s.format);
+ break;
+ default:
+ fprintf(stderr, "vscsi_do_srq: Unknown payload format %02x\n",
+ crq.s.format);
+ }
+ break;
+ default:
+ fprintf(stderr, "vscsi_do_crq: unknown CRQ %02x %02x ...\n",
+ crq.raw[0], crq.raw[1]);
+ };
+
+ return 0;
+}
+
+static int spapr_vscsi_init(VIOsPAPRDevice *dev)
+{
+ VSCSIState *s = DO_UPCAST(VSCSIState, vdev, dev);
+ int i;
+
+ dbg_vscsi_state = s;
+
+ /* Initialize qemu request tags */
+ memset(s->reqs, 0, sizeof(s->reqs));
+ for (i = 0; i < VSCSI_REQ_LIMIT; i++) {
+ s->reqs[i].qtag = i;
+ }
+
+ dev->crq.SendFunc = vscsi_do_crq;
+
+ scsi_bus_new(&s->bus, &dev->qdev, 1, VSCSI_REQ_LIMIT,
+ vscsi_command_complete);
+ if (!dev->qdev.hotplugged) {
+ scsi_bus_legacy_handle_cmdline(&s->bus);
+ }
+
+ return 0;
+}
+
+void spapr_vscsi_create(VIOsPAPRBus *bus, uint32_t reg,
+ qemu_irq qirq, uint32_t vio_irq_num)
+{
+ DeviceState *dev;
+ VIOsPAPRDevice *sdev;
+
+ dev = qdev_create(&bus->bus, "spapr-vscsi");
+ qdev_prop_set_uint32(dev, "reg", reg);
+
+ qdev_init_nofail(dev);
+
+ sdev = (VIOsPAPRDevice *)dev;
+ sdev->qirq = qirq;
+ sdev->vio_irq_num = vio_irq_num;
+}
+
+static int spapr_vscsi_devnode(VIOsPAPRDevice *dev, void *fdt, int node_off)
+{
+ int ret;
+
+ ret = fdt_setprop_cell(fdt, node_off, "#address-cells", 2);
+ if (ret < 0) {
+ return ret;
+ }
+
+ ret = fdt_setprop_cell(fdt, node_off, "#size-cells", 0);
+ if (ret < 0) {
+ return ret;
+ }
+
+ return 0;
+}
+
+static VIOsPAPRDeviceInfo spapr_vscsi = {
+ .init = spapr_vscsi_init,
+ .devnode = spapr_vscsi_devnode,
+ .dt_name = "v-scsi",
+ .dt_type = "vscsi",
+ .dt_compatible = "IBM,v-scsi",
+ .signal_mask = 0x00000001,
+ .qdev.name = "spapr-vscsi",
+ .qdev.size = sizeof(VSCSIState),
+ .qdev.props = (Property[]) {
+ DEFINE_PROP_UINT32("reg", VIOsPAPRDevice, reg, 0x2000),
+ DEFINE_PROP_UINT32("dma-window", VIOsPAPRDevice,
+ rtce_window_size, 0x10000000),
+ DEFINE_PROP_END_OF_LIST(),
+ },
+};
+
+static void spapr_vscsi_register(void)
+{
+ spapr_vio_bus_register_withprop(&spapr_vscsi);
+}
+device_init(spapr_vscsi_register);
diff --git a/hw/spapr_vty.c b/hw/spapr_vty.c
new file mode 100644
index 0000000..6fc0105
--- /dev/null
+++ b/hw/spapr_vty.c
@@ -0,0 +1,159 @@
+#include "qdev.h"
+#include "qemu-char.h"
+#include "hw/spapr.h"
+#include "hw/spapr_vio.h"
+
+#define VTERM_BUFSIZE 16
+
+typedef struct VIOsPAPRVTYDevice {
+ VIOsPAPRDevice sdev;
+ CharDriverState *chardev;
+ uint32_t in, out;
+ uint8_t buf[VTERM_BUFSIZE];
+} VIOsPAPRVTYDevice;
+
+static int vty_can_receive(void *opaque)
+{
+ VIOsPAPRVTYDevice *dev = (VIOsPAPRVTYDevice *)opaque;
+
+ return (dev->in - dev->out) < VTERM_BUFSIZE;
+}
+
+static void vty_receive(void *opaque, const uint8_t *buf, int size)
+{
+ VIOsPAPRVTYDevice *dev = (VIOsPAPRVTYDevice *)opaque;
+ int i;
+
+ if ((dev->in == dev->out) && size) {
+ /* toggle line to simulate edge interrupt */
+ qemu_irq_pulse(dev->sdev.qirq);
+ }
+ for (i = 0; i < size; i++) {
+ assert((dev->in - dev->out) < VTERM_BUFSIZE);
+ dev->buf[dev->in++ % VTERM_BUFSIZE] = buf[i];
+ }
+}
+
+static int vty_getchars(VIOsPAPRDevice *sdev, uint8_t *buf, int max)
+{
+ VIOsPAPRVTYDevice *dev = (VIOsPAPRVTYDevice *)sdev;
+ int n = 0;
+
+ while ((n < max) && (dev->out != dev->in)) {
+ buf[n++] = dev->buf[dev->out++ % VTERM_BUFSIZE];
+ }
+
+ return n;
+}
+
+void vty_putchars(VIOsPAPRDevice *sdev, uint8_t *buf, int len)
+{
+ VIOsPAPRVTYDevice *dev = (VIOsPAPRVTYDevice *)sdev;
+
+ /* FIXME: should check the qemu_chr_write() return value */
+ qemu_chr_write(dev->chardev, buf, len);
+}
+
+static int spapr_vty_init(VIOsPAPRDevice *sdev)
+{
+ VIOsPAPRVTYDevice *dev = (VIOsPAPRVTYDevice *)sdev;
+
+ qemu_chr_add_handlers(dev->chardev, vty_can_receive,
+ vty_receive, NULL, dev);
+
+ return 0;
+}
+
+static target_ulong h_put_term_char(CPUState *env, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ target_ulong reg = args[0];
+ target_ulong len = args[1];
+ target_ulong char0_7 = args[2];
+ target_ulong char8_15 = args[3];
+ VIOsPAPRDevice *sdev = spapr_vio_find_by_reg(spapr->vio_bus, reg);
+ uint8_t buf[16];
+
+ if (!sdev) {
+ return H_PARAMETER;
+ }
+
+ if (len > 16) {
+ return H_PARAMETER;
+ }
+
+ *((uint64_t *)buf) = cpu_to_be64(char0_7);
+ *((uint64_t *)buf + 1) = cpu_to_be64(char8_15);
+
+ vty_putchars(sdev, buf, len);
+
+ return H_SUCCESS;
+}
+
+static target_ulong h_get_term_char(CPUState *env, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ target_ulong reg = args[0];
+ target_ulong *len = args + 0;
+ target_ulong *char0_7 = args + 1;
+ target_ulong *char8_15 = args + 2;
+ VIOsPAPRDevice *sdev = spapr_vio_find_by_reg(spapr->vio_bus, reg);
+ uint8_t buf[16];
+
+ if (!sdev) {
+ return H_PARAMETER;
+ }
+
+ *len = vty_getchars(sdev, buf, sizeof(buf));
+ if (*len < 16) {
+ memset(buf + *len, 0, 16 - *len);
+ }
+
+ *char0_7 = be64_to_cpu(*((uint64_t *)buf));
+ *char8_15 = be64_to_cpu(*((uint64_t *)buf + 1));
+
+ return H_SUCCESS;
+}
+
+void spapr_vty_create(VIOsPAPRBus *bus,
+ uint32_t reg, CharDriverState *chardev,
+ qemu_irq qirq, uint32_t vio_irq_num)
+{
+ DeviceState *dev;
+ VIOsPAPRDevice *sdev;
+
+ dev = qdev_create(&bus->bus, "spapr-vty");
+ qdev_prop_set_uint32(dev, "reg", reg);
+ qdev_prop_set_chr(dev, "chardev", chardev);
+ qdev_init_nofail(dev);
+ sdev = (VIOsPAPRDevice *)dev;
+ sdev->qirq = qirq;
+ sdev->vio_irq_num = vio_irq_num;
+}
+
+static void vty_hcalls(VIOsPAPRBus *bus)
+{
+ spapr_register_hypercall(H_PUT_TERM_CHAR, h_put_term_char);
+ spapr_register_hypercall(H_GET_TERM_CHAR, h_get_term_char);
+}
+
+static VIOsPAPRDeviceInfo spapr_vty = {
+ .init = spapr_vty_init,
+ .dt_name = "vty",
+ .dt_type = "serial",
+ .dt_compatible = "hvterm1",
+ .hcalls = vty_hcalls,
+ .qdev.name = "spapr-vty",
+ .qdev.size = sizeof(VIOsPAPRVTYDevice),
+ .qdev.props = (Property[]) {
+ DEFINE_PROP_UINT32("reg", VIOsPAPRDevice, reg, 0),
+ DEFINE_PROP_CHR("chardev", VIOsPAPRVTYDevice, chardev),
+ DEFINE_PROP_END_OF_LIST(),
+ },
+};
+
+static void spapr_vty_register(void)
+{
+ spapr_vio_bus_register_withprop(&spapr_vty);
+}
+device_init(spapr_vty_register);
diff --git a/hw/srp.h b/hw/srp.h
new file mode 100644
index 0000000..afcd135
--- /dev/null
+++ b/hw/srp.h
@@ -0,0 +1,240 @@
+/*
+ * Copyright (c) 2005 Cisco Systems. All rights reserved.
+ *
+ * This software is available to you under a choice of one of two
+ * licenses. You may choose to be licensed under the terms of the GNU
+ * General Public License (GPL) Version 2, available from the file
+ * COPYING in the main directory of this source tree, or the
+ * OpenIB.org BSD license below:
+ *
+ * Redistribution and use in source and binary forms, with or
+ * without modification, are permitted provided that the following
+ * conditions are met:
+ *
+ * - Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials
+ * provided with the distribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ *
+ */
+
+#ifndef SCSI_SRP_H
+#define SCSI_SRP_H
+
+/*
+ * Structures and constants for the SCSI RDMA Protocol (SRP) as
+ * defined by the INCITS T10 committee. This file was written using
+ * draft Revision 16a of the SRP standard.
+ */
+
+enum {
+
+ SRP_LOGIN_REQ = 0x00,
+ SRP_TSK_MGMT = 0x01,
+ SRP_CMD = 0x02,
+ SRP_I_LOGOUT = 0x03,
+ SRP_LOGIN_RSP = 0xc0,
+ SRP_RSP = 0xc1,
+ SRP_LOGIN_REJ = 0xc2,
+ SRP_T_LOGOUT = 0x80,
+ SRP_CRED_REQ = 0x81,
+ SRP_AER_REQ = 0x82,
+ SRP_CRED_RSP = 0x41,
+ SRP_AER_RSP = 0x42
+};
+
+enum {
+ SRP_BUF_FORMAT_DIRECT = 1 << 1,
+ SRP_BUF_FORMAT_INDIRECT = 1 << 2
+};
+
+enum {
+ SRP_NO_DATA_DESC = 0,
+ SRP_DATA_DESC_DIRECT = 1,
+ SRP_DATA_DESC_INDIRECT = 2
+};
+
+enum {
+ SRP_TSK_ABORT_TASK = 0x01,
+ SRP_TSK_ABORT_TASK_SET = 0x02,
+ SRP_TSK_CLEAR_TASK_SET = 0x04,
+ SRP_TSK_LUN_RESET = 0x08,
+ SRP_TSK_CLEAR_ACA = 0x40
+};
+
+enum srp_login_rej_reason {
+ SRP_LOGIN_REJ_UNABLE_ESTABLISH_CHANNEL = 0x00010000,
+ SRP_LOGIN_REJ_INSUFFICIENT_RESOURCES = 0x00010001,
+ SRP_LOGIN_REJ_REQ_IT_IU_LENGTH_TOO_LARGE = 0x00010002,
+ SRP_LOGIN_REJ_UNABLE_ASSOCIATE_CHANNEL = 0x00010003,
+ SRP_LOGIN_REJ_UNSUPPORTED_DESCRIPTOR_FMT = 0x00010004,
+ SRP_LOGIN_REJ_MULTI_CHANNEL_UNSUPPORTED = 0x00010005,
+ SRP_LOGIN_REJ_CHANNEL_LIMIT_REACHED = 0x00010006
+};
+
+enum {
+ SRP_REV10_IB_IO_CLASS = 0xff00,
+ SRP_REV16A_IB_IO_CLASS = 0x0100
+};
+
+struct srp_direct_buf {
+ uint64_t va;
+ uint32_t key;
+ uint32_t len;
+};
+
+/*
+ * We need the packed attribute because the SRP spec puts the list of
+ * descriptors at an offset of 20, which is not aligned to the size of
+ * struct srp_direct_buf. The whole structure must be packed to avoid
+ * having the 20-byte structure padded to 24 bytes on 64-bit architectures.
+ */
+struct srp_indirect_buf {
+ struct srp_direct_buf table_desc;
+ uint32_t len;
+ struct srp_direct_buf desc_list[0];
+} __attribute__((packed));
+
+enum {
+ SRP_MULTICHAN_SINGLE = 0,
+ SRP_MULTICHAN_MULTI = 1
+};
+
+struct srp_login_req {
+ uint8_t opcode;
+ uint8_t reserved1[7];
+ uint64_t tag;
+ uint32_t req_it_iu_len;
+ uint8_t reserved2[4];
+ uint16_t req_buf_fmt;
+ uint8_t req_flags;
+ uint8_t reserved3[5];
+ uint8_t initiator_port_id[16];
+ uint8_t target_port_id[16];
+};
+
+/*
+ * The SRP spec defines the size of the LOGIN_RSP structure to be 52
+ * bytes, so it needs to be packed to avoid having it padded to 56
+ * bytes on 64-bit architectures.
+ */
+struct srp_login_rsp {
+ uint8_t opcode;
+ uint8_t reserved1[3];
+ uint32_t req_lim_delta;
+ uint64_t tag;
+ uint32_t max_it_iu_len;
+ uint32_t max_ti_iu_len;
+ uint16_t buf_fmt;
+ uint8_t rsp_flags;
+ uint8_t reserved2[25];
+} __attribute__((packed));
+
+struct srp_login_rej {
+ uint8_t opcode;
+ uint8_t reserved1[3];
+ uint32_t reason;
+ uint64_t tag;
+ uint8_t reserved2[8];
+ uint16_t buf_fmt;
+ uint8_t reserved3[6];
+};
+
+struct srp_i_logout {
+ uint8_t opcode;
+ uint8_t reserved[7];
+ uint64_t tag;
+};
+
+struct srp_t_logout {
+ uint8_t opcode;
+ uint8_t sol_not;
+ uint8_t reserved[2];
+ uint32_t reason;
+ uint64_t tag;
+};
+
+/*
+ * We need the packed attribute because the SRP spec only aligns the
+ * 8-byte LUN field to 4 bytes.
+ */
+struct srp_tsk_mgmt {
+ uint8_t opcode;
+ uint8_t sol_not;
+ uint8_t reserved1[6];
+ uint64_t tag;
+ uint8_t reserved2[4];
+ uint64_t lun __attribute__((packed));
+ uint8_t reserved3[2];
+ uint8_t tsk_mgmt_func;
+ uint8_t reserved4;
+ uint64_t task_tag;
+ uint8_t reserved5[8];
+};
+
+/*
+ * We need the packed attribute because the SRP spec only aligns the
+ * 8-byte LUN field to 4 bytes.
+ */
+struct srp_cmd {
+ uint8_t opcode;
+ uint8_t sol_not;
+ uint8_t reserved1[3];
+ uint8_t buf_fmt;
+ uint8_t data_out_desc_cnt;
+ uint8_t data_in_desc_cnt;
+ uint64_t tag;
+ uint8_t reserved2[4];
+ uint64_t lun __attribute__((packed));
+ uint8_t reserved3;
+ uint8_t task_attr;
+ uint8_t reserved4;
+ uint8_t add_cdb_len;
+ uint8_t cdb[16];
+ uint8_t add_data[0];
+};
+
+enum {
+ SRP_RSP_FLAG_RSPVALID = 1 << 0,
+ SRP_RSP_FLAG_SNSVALID = 1 << 1,
+ SRP_RSP_FLAG_DOOVER = 1 << 2,
+ SRP_RSP_FLAG_DOUNDER = 1 << 3,
+ SRP_RSP_FLAG_DIOVER = 1 << 4,
+ SRP_RSP_FLAG_DIUNDER = 1 << 5
+};
+
+/*
+ * The SRP spec defines the size of the RSP structure to be 36 bytes,
+ * so it needs to be packed to avoid having it padded to 40 bytes on
+ * 64-bit architectures.
+ */
+struct srp_rsp {
+ uint8_t opcode;
+ uint8_t sol_not;
+ uint8_t reserved1[2];
+ uint32_t req_lim_delta;
+ uint64_t tag;
+ uint8_t reserved2[2];
+ uint8_t flags;
+ uint8_t status;
+ uint32_t data_out_res_cnt;
+ uint32_t data_in_res_cnt;
+ uint32_t sense_data_len;
+ uint32_t resp_data_len;
+ uint8_t data[0];
+} __attribute__((packed));
+
+#endif /* SCSI_SRP_H */
diff --git a/hw/stellaris.c b/hw/stellaris.c
index 0d52926..ac9fcc1 100644
--- a/hw/stellaris.c
+++ b/hw/stellaris.c
@@ -14,7 +14,6 @@
#include "qemu-timer.h"
#include "i2c.h"
#include "net.h"
-#include "sysemu.h"
#include "boards.h"
#define GPIO_A 0
@@ -280,64 +279,28 @@ static CPUWriteMemoryFunc * const gptm_writefn[] = {
gptm_write
};
-static void gptm_save(QEMUFile *f, void *opaque)
-{
- gptm_state *s = (gptm_state *)opaque;
-
- qemu_put_be32(f, s->config);
- qemu_put_be32(f, s->mode[0]);
- qemu_put_be32(f, s->mode[1]);
- qemu_put_be32(f, s->control);
- qemu_put_be32(f, s->state);
- qemu_put_be32(f, s->mask);
- qemu_put_be32(f, s->mode[0]);
- qemu_put_be32(f, s->mode[0]);
- qemu_put_be32(f, s->load[0]);
- qemu_put_be32(f, s->load[1]);
- qemu_put_be32(f, s->match[0]);
- qemu_put_be32(f, s->match[1]);
- qemu_put_be32(f, s->prescale[0]);
- qemu_put_be32(f, s->prescale[1]);
- qemu_put_be32(f, s->match_prescale[0]);
- qemu_put_be32(f, s->match_prescale[1]);
- qemu_put_be32(f, s->rtc);
- qemu_put_be64(f, s->tick[0]);
- qemu_put_be64(f, s->tick[1]);
- qemu_put_timer(f, s->timer[0]);
- qemu_put_timer(f, s->timer[1]);
-}
-
-static int gptm_load(QEMUFile *f, void *opaque, int version_id)
-{
- gptm_state *s = (gptm_state *)opaque;
-
- if (version_id != 1)
- return -EINVAL;
-
- s->config = qemu_get_be32(f);
- s->mode[0] = qemu_get_be32(f);
- s->mode[1] = qemu_get_be32(f);
- s->control = qemu_get_be32(f);
- s->state = qemu_get_be32(f);
- s->mask = qemu_get_be32(f);
- s->mode[0] = qemu_get_be32(f);
- s->mode[0] = qemu_get_be32(f);
- s->load[0] = qemu_get_be32(f);
- s->load[1] = qemu_get_be32(f);
- s->match[0] = qemu_get_be32(f);
- s->match[1] = qemu_get_be32(f);
- s->prescale[0] = qemu_get_be32(f);
- s->prescale[1] = qemu_get_be32(f);
- s->match_prescale[0] = qemu_get_be32(f);
- s->match_prescale[1] = qemu_get_be32(f);
- s->rtc = qemu_get_be32(f);
- s->tick[0] = qemu_get_be64(f);
- s->tick[1] = qemu_get_be64(f);
- qemu_get_timer(f, s->timer[0]);
- qemu_get_timer(f, s->timer[1]);
-
- return 0;
-}
+static const VMStateDescription vmstate_stellaris_gptm = {
+ .name = "stellaris_gptm",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(config, gptm_state),
+ VMSTATE_UINT32_ARRAY(mode, gptm_state, 2),
+ VMSTATE_UINT32(control, gptm_state),
+ VMSTATE_UINT32(state, gptm_state),
+ VMSTATE_UINT32(mask, gptm_state),
+ VMSTATE_UNUSED(8),
+ VMSTATE_UINT32_ARRAY(load, gptm_state, 2),
+ VMSTATE_UINT32_ARRAY(match, gptm_state, 2),
+ VMSTATE_UINT32_ARRAY(prescale, gptm_state, 2),
+ VMSTATE_UINT32_ARRAY(match_prescale, gptm_state, 2),
+ VMSTATE_UINT32(rtc, gptm_state),
+ VMSTATE_INT64_ARRAY(tick, gptm_state, 2),
+ VMSTATE_TIMER_ARRAY(timer, gptm_state, 2),
+ VMSTATE_END_OF_LIST()
+ }
+};
static int stellaris_gptm_init(SysBusDevice *dev)
{
@@ -355,8 +318,7 @@ static int stellaris_gptm_init(SysBusDevice *dev)
s->opaque[0] = s->opaque[1] = s;
s->timer[0] = qemu_new_timer_ns(vm_clock, gptm_tick, &s->opaque[0]);
s->timer[1] = qemu_new_timer_ns(vm_clock, gptm_tick, &s->opaque[1]);
- register_savevm(&dev->qdev, "stellaris_gptm", -1, 1,
- gptm_save, gptm_load, s);
+ vmstate_register(&dev->qdev, -1, &vmstate_stellaris_gptm, s);
return 0;
}
@@ -605,58 +567,37 @@ static void ssys_reset(void *opaque)
s->dcgc[0] = 1;
}
-static void ssys_save(QEMUFile *f, void *opaque)
-{
- ssys_state *s = (ssys_state *)opaque;
-
- qemu_put_be32(f, s->pborctl);
- qemu_put_be32(f, s->ldopctl);
- qemu_put_be32(f, s->int_mask);
- qemu_put_be32(f, s->int_status);
- qemu_put_be32(f, s->resc);
- qemu_put_be32(f, s->rcc);
- qemu_put_be32(f, s->rcgc[0]);
- qemu_put_be32(f, s->rcgc[1]);
- qemu_put_be32(f, s->rcgc[2]);
- qemu_put_be32(f, s->scgc[0]);
- qemu_put_be32(f, s->scgc[1]);
- qemu_put_be32(f, s->scgc[2]);
- qemu_put_be32(f, s->dcgc[0]);
- qemu_put_be32(f, s->dcgc[1]);
- qemu_put_be32(f, s->dcgc[2]);
- qemu_put_be32(f, s->clkvclr);
- qemu_put_be32(f, s->ldoarst);
-}
-
-static int ssys_load(QEMUFile *f, void *opaque, int version_id)
+static int stellaris_sys_post_load(void *opaque, int version_id)
{
- ssys_state *s = (ssys_state *)opaque;
+ ssys_state *s = opaque;
- if (version_id != 1)
- return -EINVAL;
-
- s->pborctl = qemu_get_be32(f);
- s->ldopctl = qemu_get_be32(f);
- s->int_mask = qemu_get_be32(f);
- s->int_status = qemu_get_be32(f);
- s->resc = qemu_get_be32(f);
- s->rcc = qemu_get_be32(f);
- s->rcgc[0] = qemu_get_be32(f);
- s->rcgc[1] = qemu_get_be32(f);
- s->rcgc[2] = qemu_get_be32(f);
- s->scgc[0] = qemu_get_be32(f);
- s->scgc[1] = qemu_get_be32(f);
- s->scgc[2] = qemu_get_be32(f);
- s->dcgc[0] = qemu_get_be32(f);
- s->dcgc[1] = qemu_get_be32(f);
- s->dcgc[2] = qemu_get_be32(f);
- s->clkvclr = qemu_get_be32(f);
- s->ldoarst = qemu_get_be32(f);
ssys_calculate_system_clock(s);
return 0;
}
+static const VMStateDescription vmstate_stellaris_sys = {
+ .name = "stellaris_sys",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .post_load = stellaris_sys_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(pborctl, ssys_state),
+ VMSTATE_UINT32(ldopctl, ssys_state),
+ VMSTATE_UINT32(int_mask, ssys_state),
+ VMSTATE_UINT32(int_status, ssys_state),
+ VMSTATE_UINT32(resc, ssys_state),
+ VMSTATE_UINT32(rcc, ssys_state),
+ VMSTATE_UINT32_ARRAY(rcgc, ssys_state, 3),
+ VMSTATE_UINT32_ARRAY(scgc, ssys_state, 3),
+ VMSTATE_UINT32_ARRAY(dcgc, ssys_state, 3),
+ VMSTATE_UINT32(clkvclr, ssys_state),
+ VMSTATE_UINT32(ldoarst, ssys_state),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
static int stellaris_sys_init(uint32_t base, qemu_irq irq,
stellaris_board_info * board,
uint8_t *macaddr)
@@ -676,7 +617,7 @@ static int stellaris_sys_init(uint32_t base, qemu_irq irq,
DEVICE_NATIVE_ENDIAN);
cpu_register_physical_memory(base, 0x00001000, iomemtype);
ssys_reset(s);
- register_savevm(NULL, "stellaris_sys", -1, 1, ssys_save, ssys_load, s);
+ vmstate_register(NULL, -1, &vmstate_stellaris_sys, s);
return 0;
}
@@ -844,36 +785,22 @@ static CPUWriteMemoryFunc * const stellaris_i2c_writefn[] = {
stellaris_i2c_write
};
-static void stellaris_i2c_save(QEMUFile *f, void *opaque)
-{
- stellaris_i2c_state *s = (stellaris_i2c_state *)opaque;
-
- qemu_put_be32(f, s->msa);
- qemu_put_be32(f, s->mcs);
- qemu_put_be32(f, s->mdr);
- qemu_put_be32(f, s->mtpr);
- qemu_put_be32(f, s->mimr);
- qemu_put_be32(f, s->mris);
- qemu_put_be32(f, s->mcr);
-}
-
-static int stellaris_i2c_load(QEMUFile *f, void *opaque, int version_id)
-{
- stellaris_i2c_state *s = (stellaris_i2c_state *)opaque;
-
- if (version_id != 1)
- return -EINVAL;
-
- s->msa = qemu_get_be32(f);
- s->mcs = qemu_get_be32(f);
- s->mdr = qemu_get_be32(f);
- s->mtpr = qemu_get_be32(f);
- s->mimr = qemu_get_be32(f);
- s->mris = qemu_get_be32(f);
- s->mcr = qemu_get_be32(f);
-
- return 0;
-}
+static const VMStateDescription vmstate_stellaris_i2c = {
+ .name = "stellaris_i2c",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(msa, stellaris_i2c_state),
+ VMSTATE_UINT32(mcs, stellaris_i2c_state),
+ VMSTATE_UINT32(mdr, stellaris_i2c_state),
+ VMSTATE_UINT32(mtpr, stellaris_i2c_state),
+ VMSTATE_UINT32(mimr, stellaris_i2c_state),
+ VMSTATE_UINT32(mris, stellaris_i2c_state),
+ VMSTATE_UINT32(mcr, stellaris_i2c_state),
+ VMSTATE_END_OF_LIST()
+ }
+};
static int stellaris_i2c_init(SysBusDevice * dev)
{
@@ -891,8 +818,7 @@ static int stellaris_i2c_init(SysBusDevice * dev)
sysbus_init_mmio(dev, 0x1000, iomemtype);
/* ??? For now we only implement the master interface. */
stellaris_i2c_reset(s);
- register_savevm(&dev->qdev, "stellaris_i2c", -1, 1,
- stellaris_i2c_save, stellaris_i2c_load, s);
+ vmstate_register(&dev->qdev, -1, &vmstate_stellaris_i2c, s);
return 0;
}
@@ -1130,60 +1056,40 @@ static CPUWriteMemoryFunc * const stellaris_adc_writefn[] = {
stellaris_adc_write
};
-static void stellaris_adc_save(QEMUFile *f, void *opaque)
-{
- stellaris_adc_state *s = (stellaris_adc_state *)opaque;
- int i;
- int j;
-
- qemu_put_be32(f, s->actss);
- qemu_put_be32(f, s->ris);
- qemu_put_be32(f, s->im);
- qemu_put_be32(f, s->emux);
- qemu_put_be32(f, s->ostat);
- qemu_put_be32(f, s->ustat);
- qemu_put_be32(f, s->sspri);
- qemu_put_be32(f, s->sac);
- for (i = 0; i < 4; i++) {
- qemu_put_be32(f, s->fifo[i].state);
- for (j = 0; j < 16; j++) {
- qemu_put_be32(f, s->fifo[i].data[j]);
- }
- qemu_put_be32(f, s->ssmux[i]);
- qemu_put_be32(f, s->ssctl[i]);
- }
- qemu_put_be32(f, s->noise);
-}
-
-static int stellaris_adc_load(QEMUFile *f, void *opaque, int version_id)
-{
- stellaris_adc_state *s = (stellaris_adc_state *)opaque;
- int i;
- int j;
-
- if (version_id != 1)
- return -EINVAL;
-
- s->actss = qemu_get_be32(f);
- s->ris = qemu_get_be32(f);
- s->im = qemu_get_be32(f);
- s->emux = qemu_get_be32(f);
- s->ostat = qemu_get_be32(f);
- s->ustat = qemu_get_be32(f);
- s->sspri = qemu_get_be32(f);
- s->sac = qemu_get_be32(f);
- for (i = 0; i < 4; i++) {
- s->fifo[i].state = qemu_get_be32(f);
- for (j = 0; j < 16; j++) {
- s->fifo[i].data[j] = qemu_get_be32(f);
- }
- s->ssmux[i] = qemu_get_be32(f);
- s->ssctl[i] = qemu_get_be32(f);
+static const VMStateDescription vmstate_stellaris_adc = {
+ .name = "stellaris_adc",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(actss, stellaris_adc_state),
+ VMSTATE_UINT32(ris, stellaris_adc_state),
+ VMSTATE_UINT32(im, stellaris_adc_state),
+ VMSTATE_UINT32(emux, stellaris_adc_state),
+ VMSTATE_UINT32(ostat, stellaris_adc_state),
+ VMSTATE_UINT32(ustat, stellaris_adc_state),
+ VMSTATE_UINT32(sspri, stellaris_adc_state),
+ VMSTATE_UINT32(sac, stellaris_adc_state),
+ VMSTATE_UINT32(fifo[0].state, stellaris_adc_state),
+ VMSTATE_UINT32_ARRAY(fifo[0].data, stellaris_adc_state, 16),
+ VMSTATE_UINT32(ssmux[0], stellaris_adc_state),
+ VMSTATE_UINT32(ssctl[0], stellaris_adc_state),
+ VMSTATE_UINT32(fifo[1].state, stellaris_adc_state),
+ VMSTATE_UINT32_ARRAY(fifo[1].data, stellaris_adc_state, 16),
+ VMSTATE_UINT32(ssmux[1], stellaris_adc_state),
+ VMSTATE_UINT32(ssctl[1], stellaris_adc_state),
+ VMSTATE_UINT32(fifo[2].state, stellaris_adc_state),
+ VMSTATE_UINT32_ARRAY(fifo[2].data, stellaris_adc_state, 16),
+ VMSTATE_UINT32(ssmux[2], stellaris_adc_state),
+ VMSTATE_UINT32(ssctl[2], stellaris_adc_state),
+ VMSTATE_UINT32(fifo[3].state, stellaris_adc_state),
+ VMSTATE_UINT32_ARRAY(fifo[3].data, stellaris_adc_state, 16),
+ VMSTATE_UINT32(ssmux[3], stellaris_adc_state),
+ VMSTATE_UINT32(ssctl[3], stellaris_adc_state),
+ VMSTATE_UINT32(noise, stellaris_adc_state),
+ VMSTATE_END_OF_LIST()
}
- s->noise = qemu_get_be32(f);
-
- return 0;
-}
+};
static int stellaris_adc_init(SysBusDevice *dev)
{
@@ -1201,8 +1107,7 @@ static int stellaris_adc_init(SysBusDevice *dev)
sysbus_init_mmio(dev, 0x1000, iomemtype);
stellaris_adc_reset(s);
qdev_init_gpio_in(&dev->qdev, stellaris_adc_trigger, 1);
- register_savevm(&dev->qdev, "stellaris_adc", -1, 1,
- stellaris_adc_save, stellaris_adc_load, s);
+ vmstate_register(&dev->qdev, -1, &vmstate_stellaris_adc, s);
return 0;
}
@@ -1234,24 +1139,16 @@ static uint32_t stellaris_ssi_bus_transfer(SSISlave *dev, uint32_t val)
return ssi_transfer(s->bus[s->current_dev], val);
}
-static void stellaris_ssi_bus_save(QEMUFile *f, void *opaque)
-{
- stellaris_ssi_bus_state *s = (stellaris_ssi_bus_state *)opaque;
-
- qemu_put_be32(f, s->current_dev);
-}
-
-static int stellaris_ssi_bus_load(QEMUFile *f, void *opaque, int version_id)
-{
- stellaris_ssi_bus_state *s = (stellaris_ssi_bus_state *)opaque;
-
- if (version_id != 1)
- return -EINVAL;
-
- s->current_dev = qemu_get_be32(f);
-
- return 0;
-}
+static const VMStateDescription vmstate_stellaris_ssi_bus = {
+ .name = "stellaris_ssi_bus",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_INT32(current_dev, stellaris_ssi_bus_state),
+ VMSTATE_END_OF_LIST()
+ }
+};
static int stellaris_ssi_bus_init(SSISlave *dev)
{
@@ -1261,8 +1158,7 @@ static int stellaris_ssi_bus_init(SSISlave *dev)
s->bus[1] = ssi_create_bus(&dev->qdev, "ssi1");
qdev_init_gpio_in(&dev->qdev, stellaris_ssi_bus_select, 1);
- register_savevm(&dev->qdev, "stellaris_ssi_bus", -1, 1,
- stellaris_ssi_bus_save, stellaris_ssi_bus_load, s);
+ vmstate_register(&dev->qdev, -1, &vmstate_stellaris_ssi_bus, s);
return 0;
}
diff --git a/hw/stellaris_input.c b/hw/stellaris_input.c
index 16aae96..06c5f9d 100644
--- a/hw/stellaris_input.c
+++ b/hw/stellaris_input.c
@@ -13,7 +13,7 @@
typedef struct {
qemu_irq irq;
int keycode;
- int pressed;
+ uint8_t pressed;
} gamepad_button;
typedef struct {
@@ -47,30 +47,29 @@ static void stellaris_gamepad_put_key(void * opaque, int keycode)
s->extension = 0;
}
-static void stellaris_gamepad_save(QEMUFile *f, void *opaque)
-{
- gamepad_state *s = (gamepad_state *)opaque;
- int i;
-
- qemu_put_be32(f, s->extension);
- for (i = 0; i < s->num_buttons; i++)
- qemu_put_byte(f, s->buttons[i].pressed);
-}
-
-static int stellaris_gamepad_load(QEMUFile *f, void *opaque, int version_id)
-{
- gamepad_state *s = (gamepad_state *)opaque;
- int i;
-
- if (version_id != 1)
- return -EINVAL;
-
- s->extension = qemu_get_be32(f);
- for (i = 0; i < s->num_buttons; i++)
- s->buttons[i].pressed = qemu_get_byte(f);
+static const VMStateDescription vmstate_stellaris_button = {
+ .name = "stellaris_button",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8(pressed, gamepad_button),
+ VMSTATE_END_OF_LIST()
+ }
+};
- return 0;
-}
+static const VMStateDescription vmstate_stellaris_gamepad = {
+ .name = "stellaris_gamepad",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_INT32(extension, gamepad_state),
+ VMSTATE_STRUCT_VARRAY_INT32(buttons, gamepad_state, num_buttons, 0,
+ vmstate_stellaris_button, gamepad_button),
+ VMSTATE_END_OF_LIST()
+ }
+};
/* Returns an array 5 ouput slots. */
void stellaris_gamepad_init(int n, qemu_irq *irq, const int *keycode)
@@ -86,6 +85,5 @@ void stellaris_gamepad_init(int n, qemu_irq *irq, const int *keycode)
}
s->num_buttons = n;
qemu_add_kbd_event_handler(stellaris_gamepad_put_key, s);
- register_savevm(NULL, "stellaris_gamepad", -1, 1,
- stellaris_gamepad_save, stellaris_gamepad_load, s);
+ vmstate_register(NULL, -1, &vmstate_stellaris_gamepad, s);
}
diff --git a/hw/strongarm.c b/hw/strongarm.c
new file mode 100644
index 0000000..de08bdf
--- /dev/null
+++ b/hw/strongarm.c
@@ -0,0 +1,1598 @@
+/*
+ * StrongARM SA-1100/SA-1110 emulation
+ *
+ * Copyright (C) 2011 Dmitry Eremin-Solenikov
+ *
+ * Largely based on StrongARM emulation:
+ * Copyright (c) 2006 Openedhand Ltd.
+ * Written by Andrzej Zaborowski <balrog@zabor.org>
+ *
+ * UART code based on QEMU 16550A UART emulation
+ * Copyright (c) 2003-2004 Fabrice Bellard
+ * Copyright (c) 2008 Citrix Systems, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+#include "sysbus.h"
+#include "strongarm.h"
+#include "qemu-error.h"
+#include "arm-misc.h"
+#include "sysemu.h"
+#include "ssi.h"
+
+//#define DEBUG
+
+/*
+ TODO
+ - Implement cp15, c14 ?
+ - Implement cp15, c15 !!! (idle used in L)
+ - Implement idle mode handling/DIM
+ - Implement sleep mode/Wake sources
+ - Implement reset control
+ - Implement memory control regs
+ - PCMCIA handling
+ - Maybe support MBGNT/MBREQ
+ - DMA channels
+ - GPCLK
+ - IrDA
+ - MCP
+ - Enhance UART with modem signals
+ */
+
+#ifdef DEBUG
+# define DPRINTF(format, ...) printf(format , ## __VA_ARGS__)
+#else
+# define DPRINTF(format, ...) do { } while (0)
+#endif
+
+static struct {
+ target_phys_addr_t io_base;
+ int irq;
+} sa_serial[] = {
+ { 0x80010000, SA_PIC_UART1 },
+ { 0x80030000, SA_PIC_UART2 },
+ { 0x80050000, SA_PIC_UART3 },
+ { 0, 0 }
+};
+
+/* Interrupt Controller */
+typedef struct {
+ SysBusDevice busdev;
+ qemu_irq irq;
+ qemu_irq fiq;
+
+ uint32_t pending;
+ uint32_t enabled;
+ uint32_t is_fiq;
+ uint32_t int_idle;
+} StrongARMPICState;
+
+#define ICIP 0x00
+#define ICMR 0x04
+#define ICLR 0x08
+#define ICFP 0x10
+#define ICPR 0x20
+#define ICCR 0x0c
+
+#define SA_PIC_SRCS 32
+
+
+static void strongarm_pic_update(void *opaque)
+{
+ StrongARMPICState *s = opaque;
+
+ /* FIXME: reflect DIM */
+ qemu_set_irq(s->fiq, s->pending & s->enabled & s->is_fiq);
+ qemu_set_irq(s->irq, s->pending & s->enabled & ~s->is_fiq);
+}
+
+static void strongarm_pic_set_irq(void *opaque, int irq, int level)
+{
+ StrongARMPICState *s = opaque;
+
+ if (level) {
+ s->pending |= 1 << irq;
+ } else {
+ s->pending &= ~(1 << irq);
+ }
+
+ strongarm_pic_update(s);
+}
+
+static uint32_t strongarm_pic_mem_read(void *opaque, target_phys_addr_t offset)
+{
+ StrongARMPICState *s = opaque;
+
+ switch (offset) {
+ case ICIP:
+ return s->pending & ~s->is_fiq & s->enabled;
+ case ICMR:
+ return s->enabled;
+ case ICLR:
+ return s->is_fiq;
+ case ICCR:
+ return s->int_idle == 0;
+ case ICFP:
+ return s->pending & s->is_fiq & s->enabled;
+ case ICPR:
+ return s->pending;
+ default:
+ printf("%s: Bad register offset 0x" TARGET_FMT_plx "\n",
+ __func__, offset);
+ return 0;
+ }
+}
+
+static void strongarm_pic_mem_write(void *opaque, target_phys_addr_t offset,
+ uint32_t value)
+{
+ StrongARMPICState *s = opaque;
+
+ switch (offset) {
+ case ICMR:
+ s->enabled = value;
+ break;
+ case ICLR:
+ s->is_fiq = value;
+ break;
+ case ICCR:
+ s->int_idle = (value & 1) ? 0 : ~0;
+ break;
+ default:
+ printf("%s: Bad register offset 0x" TARGET_FMT_plx "\n",
+ __func__, offset);
+ break;
+ }
+ strongarm_pic_update(s);
+}
+
+static CPUReadMemoryFunc * const strongarm_pic_readfn[] = {
+ strongarm_pic_mem_read,
+ strongarm_pic_mem_read,
+ strongarm_pic_mem_read,
+};
+
+static CPUWriteMemoryFunc * const strongarm_pic_writefn[] = {
+ strongarm_pic_mem_write,
+ strongarm_pic_mem_write,
+ strongarm_pic_mem_write,
+};
+
+static int strongarm_pic_initfn(SysBusDevice *dev)
+{
+ StrongARMPICState *s = FROM_SYSBUS(StrongARMPICState, dev);
+ int iomemtype;
+
+ qdev_init_gpio_in(&dev->qdev, strongarm_pic_set_irq, SA_PIC_SRCS);
+ iomemtype = cpu_register_io_memory(strongarm_pic_readfn,
+ strongarm_pic_writefn, s, DEVICE_NATIVE_ENDIAN);
+ sysbus_init_mmio(dev, 0x1000, iomemtype);
+ sysbus_init_irq(dev, &s->irq);
+ sysbus_init_irq(dev, &s->fiq);
+
+ return 0;
+}
+
+static int strongarm_pic_post_load(void *opaque, int version_id)
+{
+ strongarm_pic_update(opaque);
+ return 0;
+}
+
+static VMStateDescription vmstate_strongarm_pic_regs = {
+ .name = "strongarm_pic",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .post_load = strongarm_pic_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(pending, StrongARMPICState),
+ VMSTATE_UINT32(enabled, StrongARMPICState),
+ VMSTATE_UINT32(is_fiq, StrongARMPICState),
+ VMSTATE_UINT32(int_idle, StrongARMPICState),
+ VMSTATE_END_OF_LIST(),
+ },
+};
+
+static SysBusDeviceInfo strongarm_pic_info = {
+ .init = strongarm_pic_initfn,
+ .qdev.name = "strongarm_pic",
+ .qdev.desc = "StrongARM PIC",
+ .qdev.size = sizeof(StrongARMPICState),
+ .qdev.vmsd = &vmstate_strongarm_pic_regs,
+};
+
+/* Real-Time Clock */
+#define RTAR 0x00 /* RTC Alarm register */
+#define RCNR 0x04 /* RTC Counter register */
+#define RTTR 0x08 /* RTC Timer Trim register */
+#define RTSR 0x10 /* RTC Status register */
+
+#define RTSR_AL (1 << 0) /* RTC Alarm detected */
+#define RTSR_HZ (1 << 1) /* RTC 1Hz detected */
+#define RTSR_ALE (1 << 2) /* RTC Alarm enable */
+#define RTSR_HZE (1 << 3) /* RTC 1Hz enable */
+
+/* 16 LSB of RTTR are clockdiv for internal trim logic,
+ * trim delete isn't emulated, so
+ * f = 32 768 / (RTTR_trim + 1) */
+
+typedef struct {
+ SysBusDevice busdev;
+ uint32_t rttr;
+ uint32_t rtsr;
+ uint32_t rtar;
+ uint32_t last_rcnr;
+ int64_t last_hz;
+ QEMUTimer *rtc_alarm;
+ QEMUTimer *rtc_hz;
+ qemu_irq rtc_irq;
+ qemu_irq rtc_hz_irq;
+} StrongARMRTCState;
+
+static inline void strongarm_rtc_int_update(StrongARMRTCState *s)
+{
+ qemu_set_irq(s->rtc_irq, s->rtsr & RTSR_AL);
+ qemu_set_irq(s->rtc_hz_irq, s->rtsr & RTSR_HZ);
+}
+
+static void strongarm_rtc_hzupdate(StrongARMRTCState *s)
+{
+ int64_t rt = qemu_get_clock_ms(rt_clock);
+ s->last_rcnr += ((rt - s->last_hz) << 15) /
+ (1000 * ((s->rttr & 0xffff) + 1));
+ s->last_hz = rt;
+}
+
+static inline void strongarm_rtc_timer_update(StrongARMRTCState *s)
+{
+ if ((s->rtsr & RTSR_HZE) && !(s->rtsr & RTSR_HZ)) {
+ qemu_mod_timer(s->rtc_hz, s->last_hz + 1000);
+ } else {
+ qemu_del_timer(s->rtc_hz);
+ }
+
+ if ((s->rtsr & RTSR_ALE) && !(s->rtsr & RTSR_AL)) {
+ qemu_mod_timer(s->rtc_alarm, s->last_hz +
+ (((s->rtar - s->last_rcnr) * 1000 *
+ ((s->rttr & 0xffff) + 1)) >> 15));
+ } else {
+ qemu_del_timer(s->rtc_alarm);
+ }
+}
+
+static inline void strongarm_rtc_alarm_tick(void *opaque)
+{
+ StrongARMRTCState *s = opaque;
+ s->rtsr |= RTSR_AL;
+ strongarm_rtc_timer_update(s);
+ strongarm_rtc_int_update(s);
+}
+
+static inline void strongarm_rtc_hz_tick(void *opaque)
+{
+ StrongARMRTCState *s = opaque;
+ s->rtsr |= RTSR_HZ;
+ strongarm_rtc_timer_update(s);
+ strongarm_rtc_int_update(s);
+}
+
+static uint32_t strongarm_rtc_read(void *opaque, target_phys_addr_t addr)
+{
+ StrongARMRTCState *s = opaque;
+
+ switch (addr) {
+ case RTTR:
+ return s->rttr;
+ case RTSR:
+ return s->rtsr;
+ case RTAR:
+ return s->rtar;
+ case RCNR:
+ return s->last_rcnr +
+ ((qemu_get_clock_ms(rt_clock) - s->last_hz) << 15) /
+ (1000 * ((s->rttr & 0xffff) + 1));
+ default:
+ printf("%s: Bad register 0x" TARGET_FMT_plx "\n", __func__, addr);
+ return 0;
+ }
+}
+
+static void strongarm_rtc_write(void *opaque, target_phys_addr_t addr,
+ uint32_t value)
+{
+ StrongARMRTCState *s = opaque;
+ uint32_t old_rtsr;
+
+ switch (addr) {
+ case RTTR:
+ strongarm_rtc_hzupdate(s);
+ s->rttr = value;
+ strongarm_rtc_timer_update(s);
+ break;
+
+ case RTSR:
+ old_rtsr = s->rtsr;
+ s->rtsr = (value & (RTSR_ALE | RTSR_HZE)) |
+ (s->rtsr & ~(value & (RTSR_AL | RTSR_HZ)));
+
+ if (s->rtsr != old_rtsr) {
+ strongarm_rtc_timer_update(s);
+ }
+
+ strongarm_rtc_int_update(s);
+ break;
+
+ case RTAR:
+ s->rtar = value;
+ strongarm_rtc_timer_update(s);
+ break;
+
+ case RCNR:
+ strongarm_rtc_hzupdate(s);
+ s->last_rcnr = value;
+ strongarm_rtc_timer_update(s);
+ break;
+
+ default:
+ printf("%s: Bad register 0x" TARGET_FMT_plx "\n", __func__, addr);
+ }
+}
+
+static CPUReadMemoryFunc * const strongarm_rtc_readfn[] = {
+ strongarm_rtc_read,
+ strongarm_rtc_read,
+ strongarm_rtc_read,
+};
+
+static CPUWriteMemoryFunc * const strongarm_rtc_writefn[] = {
+ strongarm_rtc_write,
+ strongarm_rtc_write,
+ strongarm_rtc_write,
+};
+
+static int strongarm_rtc_init(SysBusDevice *dev)
+{
+ StrongARMRTCState *s = FROM_SYSBUS(StrongARMRTCState, dev);
+ struct tm tm;
+ int iomemtype;
+
+ s->rttr = 0x0;
+ s->rtsr = 0;
+
+ qemu_get_timedate(&tm, 0);
+
+ s->last_rcnr = (uint32_t) mktimegm(&tm);
+ s->last_hz = qemu_get_clock_ms(rt_clock);
+
+ s->rtc_alarm = qemu_new_timer_ms(rt_clock, strongarm_rtc_alarm_tick, s);
+ s->rtc_hz = qemu_new_timer_ms(rt_clock, strongarm_rtc_hz_tick, s);
+
+ sysbus_init_irq(dev, &s->rtc_irq);
+ sysbus_init_irq(dev, &s->rtc_hz_irq);
+
+ iomemtype = cpu_register_io_memory(strongarm_rtc_readfn,
+ strongarm_rtc_writefn, s, DEVICE_NATIVE_ENDIAN);
+ sysbus_init_mmio(dev, 0x10000, iomemtype);
+
+ return 0;
+}
+
+static void strongarm_rtc_pre_save(void *opaque)
+{
+ StrongARMRTCState *s = opaque;
+
+ strongarm_rtc_hzupdate(s);
+}
+
+static int strongarm_rtc_post_load(void *opaque, int version_id)
+{
+ StrongARMRTCState *s = opaque;
+
+ strongarm_rtc_timer_update(s);
+ strongarm_rtc_int_update(s);
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_strongarm_rtc_regs = {
+ .name = "strongarm-rtc",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .pre_save = strongarm_rtc_pre_save,
+ .post_load = strongarm_rtc_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(rttr, StrongARMRTCState),
+ VMSTATE_UINT32(rtsr, StrongARMRTCState),
+ VMSTATE_UINT32(rtar, StrongARMRTCState),
+ VMSTATE_UINT32(last_rcnr, StrongARMRTCState),
+ VMSTATE_INT64(last_hz, StrongARMRTCState),
+ VMSTATE_END_OF_LIST(),
+ },
+};
+
+static SysBusDeviceInfo strongarm_rtc_sysbus_info = {
+ .init = strongarm_rtc_init,
+ .qdev.name = "strongarm-rtc",
+ .qdev.desc = "StrongARM RTC Controller",
+ .qdev.size = sizeof(StrongARMRTCState),
+ .qdev.vmsd = &vmstate_strongarm_rtc_regs,
+};
+
+/* GPIO */
+#define GPLR 0x00
+#define GPDR 0x04
+#define GPSR 0x08
+#define GPCR 0x0c
+#define GRER 0x10
+#define GFER 0x14
+#define GEDR 0x18
+#define GAFR 0x1c
+
+typedef struct StrongARMGPIOInfo StrongARMGPIOInfo;
+struct StrongARMGPIOInfo {
+ SysBusDevice busdev;
+ qemu_irq handler[28];
+ qemu_irq irqs[11];
+ qemu_irq irqX;
+
+ uint32_t ilevel;
+ uint32_t olevel;
+ uint32_t dir;
+ uint32_t rising;
+ uint32_t falling;
+ uint32_t status;
+ uint32_t gpsr;
+ uint32_t gafr;
+
+ uint32_t prev_level;
+};
+
+
+static void strongarm_gpio_irq_update(StrongARMGPIOInfo *s)
+{
+ int i;
+ for (i = 0; i < 11; i++) {
+ qemu_set_irq(s->irqs[i], s->status & (1 << i));
+ }
+
+ qemu_set_irq(s->irqX, (s->status & ~0x7ff));
+}
+
+static void strongarm_gpio_set(void *opaque, int line, int level)
+{
+ StrongARMGPIOInfo *s = opaque;
+ uint32_t mask;
+
+ mask = 1 << line;
+
+ if (level) {
+ s->status |= s->rising & mask &
+ ~s->ilevel & ~s->dir;
+ s->ilevel |= mask;
+ } else {
+ s->status |= s->falling & mask &
+ s->ilevel & ~s->dir;
+ s->ilevel &= ~mask;
+ }
+
+ if (s->status & mask) {
+ strongarm_gpio_irq_update(s);
+ }
+}
+
+static void strongarm_gpio_handler_update(StrongARMGPIOInfo *s)
+{
+ uint32_t level, diff;
+ int bit;
+
+ level = s->olevel & s->dir;
+
+ for (diff = s->prev_level ^ level; diff; diff ^= 1 << bit) {
+ bit = ffs(diff) - 1;
+ qemu_set_irq(s->handler[bit], (level >> bit) & 1);
+ }
+
+ s->prev_level = level;
+}
+
+static uint32_t strongarm_gpio_read(void *opaque, target_phys_addr_t offset)
+{
+ StrongARMGPIOInfo *s = opaque;
+
+ switch (offset) {
+ case GPDR: /* GPIO Pin-Direction registers */
+ return s->dir;
+
+ case GPSR: /* GPIO Pin-Output Set registers */
+ DPRINTF("%s: Read from a write-only register 0x" TARGET_FMT_plx "\n",
+ __func__, offset);
+ return s->gpsr; /* Return last written value. */
+
+ case GPCR: /* GPIO Pin-Output Clear registers */
+ DPRINTF("%s: Read from a write-only register 0x" TARGET_FMT_plx "\n",
+ __func__, offset);
+ return 31337; /* Specified as unpredictable in the docs. */
+
+ case GRER: /* GPIO Rising-Edge Detect Enable registers */
+ return s->rising;
+
+ case GFER: /* GPIO Falling-Edge Detect Enable registers */
+ return s->falling;
+
+ case GAFR: /* GPIO Alternate Function registers */
+ return s->gafr;
+
+ case GPLR: /* GPIO Pin-Level registers */
+ return (s->olevel & s->dir) |
+ (s->ilevel & ~s->dir);
+
+ case GEDR: /* GPIO Edge Detect Status registers */
+ return s->status;
+
+ default:
+ printf("%s: Bad offset 0x" TARGET_FMT_plx "\n", __func__, offset);
+ }
+
+ return 0;
+}
+
+static void strongarm_gpio_write(void *opaque,
+ target_phys_addr_t offset, uint32_t value)
+{
+ StrongARMGPIOInfo *s = opaque;
+
+ switch (offset) {
+ case GPDR: /* GPIO Pin-Direction registers */
+ s->dir = value;
+ strongarm_gpio_handler_update(s);
+ break;
+
+ case GPSR: /* GPIO Pin-Output Set registers */
+ s->olevel |= value;
+ strongarm_gpio_handler_update(s);
+ s->gpsr = value;
+ break;
+
+ case GPCR: /* GPIO Pin-Output Clear registers */
+ s->olevel &= ~value;
+ strongarm_gpio_handler_update(s);
+ break;
+
+ case GRER: /* GPIO Rising-Edge Detect Enable registers */
+ s->rising = value;
+ break;
+
+ case GFER: /* GPIO Falling-Edge Detect Enable registers */
+ s->falling = value;
+ break;
+
+ case GAFR: /* GPIO Alternate Function registers */
+ s->gafr = value;
+ break;
+
+ case GEDR: /* GPIO Edge Detect Status registers */
+ s->status &= ~value;
+ strongarm_gpio_irq_update(s);
+ break;
+
+ default:
+ printf("%s: Bad offset 0x" TARGET_FMT_plx "\n", __func__, offset);
+ }
+}
+
+static CPUReadMemoryFunc * const strongarm_gpio_readfn[] = {
+ strongarm_gpio_read,
+ strongarm_gpio_read,
+ strongarm_gpio_read
+};
+
+static CPUWriteMemoryFunc * const strongarm_gpio_writefn[] = {
+ strongarm_gpio_write,
+ strongarm_gpio_write,
+ strongarm_gpio_write
+};
+
+static DeviceState *strongarm_gpio_init(target_phys_addr_t base,
+ DeviceState *pic)
+{
+ DeviceState *dev;
+ int i;
+
+ dev = qdev_create(NULL, "strongarm-gpio");
+ qdev_init_nofail(dev);
+
+ sysbus_mmio_map(sysbus_from_qdev(dev), 0, base);
+ for (i = 0; i < 12; i++)
+ sysbus_connect_irq(sysbus_from_qdev(dev), i,
+ qdev_get_gpio_in(pic, SA_PIC_GPIO0_EDGE + i));
+
+ return dev;
+}
+
+static int strongarm_gpio_initfn(SysBusDevice *dev)
+{
+ int iomemtype;
+ StrongARMGPIOInfo *s;
+ int i;
+
+ s = FROM_SYSBUS(StrongARMGPIOInfo, dev);
+
+ qdev_init_gpio_in(&dev->qdev, strongarm_gpio_set, 28);
+ qdev_init_gpio_out(&dev->qdev, s->handler, 28);
+
+ iomemtype = cpu_register_io_memory(strongarm_gpio_readfn,
+ strongarm_gpio_writefn, s, DEVICE_NATIVE_ENDIAN);
+
+ sysbus_init_mmio(dev, 0x1000, iomemtype);
+ for (i = 0; i < 11; i++) {
+ sysbus_init_irq(dev, &s->irqs[i]);
+ }
+ sysbus_init_irq(dev, &s->irqX);
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_strongarm_gpio_regs = {
+ .name = "strongarm-gpio",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(ilevel, StrongARMGPIOInfo),
+ VMSTATE_UINT32(olevel, StrongARMGPIOInfo),
+ VMSTATE_UINT32(dir, StrongARMGPIOInfo),
+ VMSTATE_UINT32(rising, StrongARMGPIOInfo),
+ VMSTATE_UINT32(falling, StrongARMGPIOInfo),
+ VMSTATE_UINT32(status, StrongARMGPIOInfo),
+ VMSTATE_UINT32(gafr, StrongARMGPIOInfo),
+ VMSTATE_END_OF_LIST(),
+ },
+};
+
+static SysBusDeviceInfo strongarm_gpio_info = {
+ .init = strongarm_gpio_initfn,
+ .qdev.name = "strongarm-gpio",
+ .qdev.desc = "StrongARM GPIO controller",
+ .qdev.size = sizeof(StrongARMGPIOInfo),
+};
+
+/* Peripheral Pin Controller */
+#define PPDR 0x00
+#define PPSR 0x04
+#define PPAR 0x08
+#define PSDR 0x0c
+#define PPFR 0x10
+
+typedef struct StrongARMPPCInfo StrongARMPPCInfo;
+struct StrongARMPPCInfo {
+ SysBusDevice busdev;
+ qemu_irq handler[28];
+
+ uint32_t ilevel;
+ uint32_t olevel;
+ uint32_t dir;
+ uint32_t ppar;
+ uint32_t psdr;
+ uint32_t ppfr;
+
+ uint32_t prev_level;
+};
+
+static void strongarm_ppc_set(void *opaque, int line, int level)
+{
+ StrongARMPPCInfo *s = opaque;
+
+ if (level) {
+ s->ilevel |= 1 << line;
+ } else {
+ s->ilevel &= ~(1 << line);
+ }
+}
+
+static void strongarm_ppc_handler_update(StrongARMPPCInfo *s)
+{
+ uint32_t level, diff;
+ int bit;
+
+ level = s->olevel & s->dir;
+
+ for (diff = s->prev_level ^ level; diff; diff ^= 1 << bit) {
+ bit = ffs(diff) - 1;
+ qemu_set_irq(s->handler[bit], (level >> bit) & 1);
+ }
+
+ s->prev_level = level;
+}
+
+static uint32_t strongarm_ppc_read(void *opaque, target_phys_addr_t offset)
+{
+ StrongARMPPCInfo *s = opaque;
+
+ switch (offset) {
+ case PPDR: /* PPC Pin Direction registers */
+ return s->dir | ~0x3fffff;
+
+ case PPSR: /* PPC Pin State registers */
+ return (s->olevel & s->dir) |
+ (s->ilevel & ~s->dir) |
+ ~0x3fffff;
+
+ case PPAR:
+ return s->ppar | ~0x41000;
+
+ case PSDR:
+ return s->psdr;
+
+ case PPFR:
+ return s->ppfr | ~0x7f001;
+
+ default:
+ printf("%s: Bad offset 0x" TARGET_FMT_plx "\n", __func__, offset);
+ }
+
+ return 0;
+}
+
+static void strongarm_ppc_write(void *opaque,
+ target_phys_addr_t offset, uint32_t value)
+{
+ StrongARMPPCInfo *s = opaque;
+
+ switch (offset) {
+ case PPDR: /* PPC Pin Direction registers */
+ s->dir = value & 0x3fffff;
+ strongarm_ppc_handler_update(s);
+ break;
+
+ case PPSR: /* PPC Pin State registers */
+ s->olevel = value & s->dir & 0x3fffff;
+ strongarm_ppc_handler_update(s);
+ break;
+
+ case PPAR:
+ s->ppar = value & 0x41000;
+ break;
+
+ case PSDR:
+ s->psdr = value & 0x3fffff;
+ break;
+
+ case PPFR:
+ s->ppfr = value & 0x7f001;
+ break;
+
+ default:
+ printf("%s: Bad offset 0x" TARGET_FMT_plx "\n", __func__, offset);
+ }
+}
+
+static CPUReadMemoryFunc * const strongarm_ppc_readfn[] = {
+ strongarm_ppc_read,
+ strongarm_ppc_read,
+ strongarm_ppc_read
+};
+
+static CPUWriteMemoryFunc * const strongarm_ppc_writefn[] = {
+ strongarm_ppc_write,
+ strongarm_ppc_write,
+ strongarm_ppc_write
+};
+
+static int strongarm_ppc_init(SysBusDevice *dev)
+{
+ int iomemtype;
+ StrongARMPPCInfo *s;
+
+ s = FROM_SYSBUS(StrongARMPPCInfo, dev);
+
+ qdev_init_gpio_in(&dev->qdev, strongarm_ppc_set, 22);
+ qdev_init_gpio_out(&dev->qdev, s->handler, 22);
+
+ iomemtype = cpu_register_io_memory(strongarm_ppc_readfn,
+ strongarm_ppc_writefn, s, DEVICE_NATIVE_ENDIAN);
+
+ sysbus_init_mmio(dev, 0x1000, iomemtype);
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_strongarm_ppc_regs = {
+ .name = "strongarm-ppc",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(ilevel, StrongARMPPCInfo),
+ VMSTATE_UINT32(olevel, StrongARMPPCInfo),
+ VMSTATE_UINT32(dir, StrongARMPPCInfo),
+ VMSTATE_UINT32(ppar, StrongARMPPCInfo),
+ VMSTATE_UINT32(psdr, StrongARMPPCInfo),
+ VMSTATE_UINT32(ppfr, StrongARMPPCInfo),
+ VMSTATE_END_OF_LIST(),
+ },
+};
+
+static SysBusDeviceInfo strongarm_ppc_info = {
+ .init = strongarm_ppc_init,
+ .qdev.name = "strongarm-ppc",
+ .qdev.desc = "StrongARM PPC controller",
+ .qdev.size = sizeof(StrongARMPPCInfo),
+};
+
+/* UART Ports */
+#define UTCR0 0x00
+#define UTCR1 0x04
+#define UTCR2 0x08
+#define UTCR3 0x0c
+#define UTDR 0x14
+#define UTSR0 0x1c
+#define UTSR1 0x20
+
+#define UTCR0_PE (1 << 0) /* Parity enable */
+#define UTCR0_OES (1 << 1) /* Even parity */
+#define UTCR0_SBS (1 << 2) /* 2 stop bits */
+#define UTCR0_DSS (1 << 3) /* 8-bit data */
+
+#define UTCR3_RXE (1 << 0) /* Rx enable */
+#define UTCR3_TXE (1 << 1) /* Tx enable */
+#define UTCR3_BRK (1 << 2) /* Force Break */
+#define UTCR3_RIE (1 << 3) /* Rx int enable */
+#define UTCR3_TIE (1 << 4) /* Tx int enable */
+#define UTCR3_LBM (1 << 5) /* Loopback */
+
+#define UTSR0_TFS (1 << 0) /* Tx FIFO nearly empty */
+#define UTSR0_RFS (1 << 1) /* Rx FIFO nearly full */
+#define UTSR0_RID (1 << 2) /* Receiver Idle */
+#define UTSR0_RBB (1 << 3) /* Receiver begin break */
+#define UTSR0_REB (1 << 4) /* Receiver end break */
+#define UTSR0_EIF (1 << 5) /* Error in FIFO */
+
+#define UTSR1_RNE (1 << 1) /* Receive FIFO not empty */
+#define UTSR1_TNF (1 << 2) /* Transmit FIFO not full */
+#define UTSR1_PRE (1 << 3) /* Parity error */
+#define UTSR1_FRE (1 << 4) /* Frame error */
+#define UTSR1_ROR (1 << 5) /* Receive Over Run */
+
+#define RX_FIFO_PRE (1 << 8)
+#define RX_FIFO_FRE (1 << 9)
+#define RX_FIFO_ROR (1 << 10)
+
+typedef struct {
+ SysBusDevice busdev;
+ CharDriverState *chr;
+ qemu_irq irq;
+
+ uint8_t utcr0;
+ uint16_t brd;
+ uint8_t utcr3;
+ uint8_t utsr0;
+ uint8_t utsr1;
+
+ uint8_t tx_fifo[8];
+ uint8_t tx_start;
+ uint8_t tx_len;
+ uint16_t rx_fifo[12]; /* value + error flags in high bits */
+ uint8_t rx_start;
+ uint8_t rx_len;
+
+ uint64_t char_transmit_time; /* time to transmit a char in ticks*/
+ bool wait_break_end;
+ QEMUTimer *rx_timeout_timer;
+ QEMUTimer *tx_timer;
+} StrongARMUARTState;
+
+static void strongarm_uart_update_status(StrongARMUARTState *s)
+{
+ uint16_t utsr1 = 0;
+
+ if (s->tx_len != 8) {
+ utsr1 |= UTSR1_TNF;
+ }
+
+ if (s->rx_len != 0) {
+ uint16_t ent = s->rx_fifo[s->rx_start];
+
+ utsr1 |= UTSR1_RNE;
+ if (ent & RX_FIFO_PRE) {
+ s->utsr1 |= UTSR1_PRE;
+ }
+ if (ent & RX_FIFO_FRE) {
+ s->utsr1 |= UTSR1_FRE;
+ }
+ if (ent & RX_FIFO_ROR) {
+ s->utsr1 |= UTSR1_ROR;
+ }
+ }
+
+ s->utsr1 = utsr1;
+}
+
+static void strongarm_uart_update_int_status(StrongARMUARTState *s)
+{
+ uint16_t utsr0 = s->utsr0 &
+ (UTSR0_REB | UTSR0_RBB | UTSR0_RID);
+ int i;
+
+ if ((s->utcr3 & UTCR3_TXE) &&
+ (s->utcr3 & UTCR3_TIE) &&
+ s->tx_len <= 4) {
+ utsr0 |= UTSR0_TFS;
+ }
+
+ if ((s->utcr3 & UTCR3_RXE) &&
+ (s->utcr3 & UTCR3_RIE) &&
+ s->rx_len > 4) {
+ utsr0 |= UTSR0_RFS;
+ }
+
+ for (i = 0; i < s->rx_len && i < 4; i++)
+ if (s->rx_fifo[(s->rx_start + i) % 12] & ~0xff) {
+ utsr0 |= UTSR0_EIF;
+ break;
+ }
+
+ s->utsr0 = utsr0;
+ qemu_set_irq(s->irq, utsr0);
+}
+
+static void strongarm_uart_update_parameters(StrongARMUARTState *s)
+{
+ int speed, parity, data_bits, stop_bits, frame_size;
+ QEMUSerialSetParams ssp;
+
+ /* Start bit. */
+ frame_size = 1;
+ if (s->utcr0 & UTCR0_PE) {
+ /* Parity bit. */
+ frame_size++;
+ if (s->utcr0 & UTCR0_OES) {
+ parity = 'E';
+ } else {
+ parity = 'O';
+ }
+ } else {
+ parity = 'N';
+ }
+ if (s->utcr0 & UTCR0_SBS) {
+ stop_bits = 2;
+ } else {
+ stop_bits = 1;
+ }
+
+ data_bits = (s->utcr0 & UTCR0_DSS) ? 8 : 7;
+ frame_size += data_bits + stop_bits;
+ speed = 3686400 / 16 / (s->brd + 1);
+ ssp.speed = speed;
+ ssp.parity = parity;
+ ssp.data_bits = data_bits;
+ ssp.stop_bits = stop_bits;
+ s->char_transmit_time = (get_ticks_per_sec() / speed) * frame_size;
+ if (s->chr) {
+ qemu_chr_ioctl(s->chr, CHR_IOCTL_SERIAL_SET_PARAMS, &ssp);
+ }
+
+ DPRINTF(stderr, "%s speed=%d parity=%c data=%d stop=%d\n", s->chr->label,
+ speed, parity, data_bits, stop_bits);
+}
+
+static void strongarm_uart_rx_to(void *opaque)
+{
+ StrongARMUARTState *s = opaque;
+
+ if (s->rx_len) {
+ s->utsr0 |= UTSR0_RID;
+ strongarm_uart_update_int_status(s);
+ }
+}
+
+static void strongarm_uart_rx_push(StrongARMUARTState *s, uint16_t c)
+{
+ if ((s->utcr3 & UTCR3_RXE) == 0) {
+ /* rx disabled */
+ return;
+ }
+
+ if (s->wait_break_end) {
+ s->utsr0 |= UTSR0_REB;
+ s->wait_break_end = false;
+ }
+
+ if (s->rx_len < 12) {
+ s->rx_fifo[(s->rx_start + s->rx_len) % 12] = c;
+ s->rx_len++;
+ } else
+ s->rx_fifo[(s->rx_start + 11) % 12] |= RX_FIFO_ROR;
+}
+
+static int strongarm_uart_can_receive(void *opaque)
+{
+ StrongARMUARTState *s = opaque;
+
+ if (s->rx_len == 12) {
+ return 0;
+ }
+ /* It's best not to get more than 2/3 of RX FIFO, so advertise that much */
+ if (s->rx_len < 8) {
+ return 8 - s->rx_len;
+ }
+ return 1;
+}
+
+static void strongarm_uart_receive(void *opaque, const uint8_t *buf, int size)
+{
+ StrongARMUARTState *s = opaque;
+ int i;
+
+ for (i = 0; i < size; i++) {
+ strongarm_uart_rx_push(s, buf[i]);
+ }
+
+ /* call the timeout receive callback in 3 char transmit time */
+ qemu_mod_timer(s->rx_timeout_timer,
+ qemu_get_clock_ns(vm_clock) + s->char_transmit_time * 3);
+
+ strongarm_uart_update_status(s);
+ strongarm_uart_update_int_status(s);
+}
+
+static void strongarm_uart_event(void *opaque, int event)
+{
+ StrongARMUARTState *s = opaque;
+ if (event == CHR_EVENT_BREAK) {
+ s->utsr0 |= UTSR0_RBB;
+ strongarm_uart_rx_push(s, RX_FIFO_FRE);
+ s->wait_break_end = true;
+ strongarm_uart_update_status(s);
+ strongarm_uart_update_int_status(s);
+ }
+}
+
+static void strongarm_uart_tx(void *opaque)
+{
+ StrongARMUARTState *s = opaque;
+ uint64_t new_xmit_ts = qemu_get_clock_ns(vm_clock);
+
+ if (s->utcr3 & UTCR3_LBM) /* loopback */ {
+ strongarm_uart_receive(s, &s->tx_fifo[s->tx_start], 1);
+ } else if (s->chr) {
+ qemu_chr_write(s->chr, &s->tx_fifo[s->tx_start], 1);
+ }
+
+ s->tx_start = (s->tx_start + 1) % 8;
+ s->tx_len--;
+ if (s->tx_len) {
+ qemu_mod_timer(s->tx_timer, new_xmit_ts + s->char_transmit_time);
+ }
+ strongarm_uart_update_status(s);
+ strongarm_uart_update_int_status(s);
+}
+
+static uint32_t strongarm_uart_read(void *opaque, target_phys_addr_t addr)
+{
+ StrongARMUARTState *s = opaque;
+ uint16_t ret;
+
+ switch (addr) {
+ case UTCR0:
+ return s->utcr0;
+
+ case UTCR1:
+ return s->brd >> 8;
+
+ case UTCR2:
+ return s->brd & 0xff;
+
+ case UTCR3:
+ return s->utcr3;
+
+ case UTDR:
+ if (s->rx_len != 0) {
+ ret = s->rx_fifo[s->rx_start];
+ s->rx_start = (s->rx_start + 1) % 12;
+ s->rx_len--;
+ strongarm_uart_update_status(s);
+ strongarm_uart_update_int_status(s);
+ return ret;
+ }
+ return 0;
+
+ case UTSR0:
+ return s->utsr0;
+
+ case UTSR1:
+ return s->utsr1;
+
+ default:
+ printf("%s: Bad register 0x" TARGET_FMT_plx "\n", __func__, addr);
+ return 0;
+ }
+}
+
+static void strongarm_uart_write(void *opaque, target_phys_addr_t addr,
+ uint32_t value)
+{
+ StrongARMUARTState *s = opaque;
+
+ switch (addr) {
+ case UTCR0:
+ s->utcr0 = value & 0x7f;
+ strongarm_uart_update_parameters(s);
+ break;
+
+ case UTCR1:
+ s->brd = (s->brd & 0xff) | ((value & 0xf) << 8);
+ strongarm_uart_update_parameters(s);
+ break;
+
+ case UTCR2:
+ s->brd = (s->brd & 0xf00) | (value & 0xff);
+ strongarm_uart_update_parameters(s);
+ break;
+
+ case UTCR3:
+ s->utcr3 = value & 0x3f;
+ if ((s->utcr3 & UTCR3_RXE) == 0) {
+ s->rx_len = 0;
+ }
+ if ((s->utcr3 & UTCR3_TXE) == 0) {
+ s->tx_len = 0;
+ }
+ strongarm_uart_update_status(s);
+ strongarm_uart_update_int_status(s);
+ break;
+
+ case UTDR:
+ if ((s->utcr3 & UTCR3_TXE) && s->tx_len != 8) {
+ s->tx_fifo[(s->tx_start + s->tx_len) % 8] = value;
+ s->tx_len++;
+ strongarm_uart_update_status(s);
+ strongarm_uart_update_int_status(s);
+ if (s->tx_len == 1) {
+ strongarm_uart_tx(s);
+ }
+ }
+ break;
+
+ case UTSR0:
+ s->utsr0 = s->utsr0 & ~(value &
+ (UTSR0_REB | UTSR0_RBB | UTSR0_RID));
+ strongarm_uart_update_int_status(s);
+ break;
+
+ default:
+ printf("%s: Bad register 0x" TARGET_FMT_plx "\n", __func__, addr);
+ }
+}
+
+static CPUReadMemoryFunc * const strongarm_uart_readfn[] = {
+ strongarm_uart_read,
+ strongarm_uart_read,
+ strongarm_uart_read,
+};
+
+static CPUWriteMemoryFunc * const strongarm_uart_writefn[] = {
+ strongarm_uart_write,
+ strongarm_uart_write,
+ strongarm_uart_write,
+};
+
+static int strongarm_uart_init(SysBusDevice *dev)
+{
+ StrongARMUARTState *s = FROM_SYSBUS(StrongARMUARTState, dev);
+ int iomemtype;
+
+ iomemtype = cpu_register_io_memory(strongarm_uart_readfn,
+ strongarm_uart_writefn, s, DEVICE_NATIVE_ENDIAN);
+ sysbus_init_mmio(dev, 0x10000, iomemtype);
+ sysbus_init_irq(dev, &s->irq);
+
+ s->rx_timeout_timer = qemu_new_timer_ns(vm_clock, strongarm_uart_rx_to, s);
+ s->tx_timer = qemu_new_timer_ns(vm_clock, strongarm_uart_tx, s);
+
+ if (s->chr) {
+ qemu_chr_add_handlers(s->chr,
+ strongarm_uart_can_receive,
+ strongarm_uart_receive,
+ strongarm_uart_event,
+ s);
+ }
+
+ return 0;
+}
+
+static void strongarm_uart_reset(DeviceState *dev)
+{
+ StrongARMUARTState *s = DO_UPCAST(StrongARMUARTState, busdev.qdev, dev);
+
+ s->utcr0 = UTCR0_DSS; /* 8 data, no parity */
+ s->brd = 23; /* 9600 */
+ /* enable send & recv - this actually violates spec */
+ s->utcr3 = UTCR3_TXE | UTCR3_RXE;
+
+ s->rx_len = s->tx_len = 0;
+
+ strongarm_uart_update_parameters(s);
+ strongarm_uart_update_status(s);
+ strongarm_uart_update_int_status(s);
+}
+
+static int strongarm_uart_post_load(void *opaque, int version_id)
+{
+ StrongARMUARTState *s = opaque;
+
+ strongarm_uart_update_parameters(s);
+ strongarm_uart_update_status(s);
+ strongarm_uart_update_int_status(s);
+
+ /* tx and restart timer */
+ if (s->tx_len) {
+ strongarm_uart_tx(s);
+ }
+
+ /* restart rx timeout timer */
+ if (s->rx_len) {
+ qemu_mod_timer(s->rx_timeout_timer,
+ qemu_get_clock_ns(vm_clock) + s->char_transmit_time * 3);
+ }
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_strongarm_uart_regs = {
+ .name = "strongarm-uart",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .post_load = strongarm_uart_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8(utcr0, StrongARMUARTState),
+ VMSTATE_UINT16(brd, StrongARMUARTState),
+ VMSTATE_UINT8(utcr3, StrongARMUARTState),
+ VMSTATE_UINT8(utsr0, StrongARMUARTState),
+ VMSTATE_UINT8_ARRAY(tx_fifo, StrongARMUARTState, 8),
+ VMSTATE_UINT8(tx_start, StrongARMUARTState),
+ VMSTATE_UINT8(tx_len, StrongARMUARTState),
+ VMSTATE_UINT16_ARRAY(rx_fifo, StrongARMUARTState, 12),
+ VMSTATE_UINT8(rx_start, StrongARMUARTState),
+ VMSTATE_UINT8(rx_len, StrongARMUARTState),
+ VMSTATE_BOOL(wait_break_end, StrongARMUARTState),
+ VMSTATE_END_OF_LIST(),
+ },
+};
+
+static SysBusDeviceInfo strongarm_uart_info = {
+ .init = strongarm_uart_init,
+ .qdev.name = "strongarm-uart",
+ .qdev.desc = "StrongARM UART controller",
+ .qdev.size = sizeof(StrongARMUARTState),
+ .qdev.reset = strongarm_uart_reset,
+ .qdev.vmsd = &vmstate_strongarm_uart_regs,
+ .qdev.props = (Property[]) {
+ DEFINE_PROP_CHR("chardev", StrongARMUARTState, chr),
+ DEFINE_PROP_END_OF_LIST(),
+ }
+};
+
+/* Synchronous Serial Ports */
+typedef struct {
+ SysBusDevice busdev;
+ qemu_irq irq;
+ SSIBus *bus;
+
+ uint16_t sscr[2];
+ uint16_t sssr;
+
+ uint16_t rx_fifo[8];
+ uint8_t rx_level;
+ uint8_t rx_start;
+} StrongARMSSPState;
+
+#define SSCR0 0x60 /* SSP Control register 0 */
+#define SSCR1 0x64 /* SSP Control register 1 */
+#define SSDR 0x6c /* SSP Data register */
+#define SSSR 0x74 /* SSP Status register */
+
+/* Bitfields for above registers */
+#define SSCR0_SPI(x) (((x) & 0x30) == 0x00)
+#define SSCR0_SSP(x) (((x) & 0x30) == 0x10)
+#define SSCR0_UWIRE(x) (((x) & 0x30) == 0x20)
+#define SSCR0_PSP(x) (((x) & 0x30) == 0x30)
+#define SSCR0_SSE (1 << 7)
+#define SSCR0_DSS(x) (((x) & 0xf) + 1)
+#define SSCR1_RIE (1 << 0)
+#define SSCR1_TIE (1 << 1)
+#define SSCR1_LBM (1 << 2)
+#define SSSR_TNF (1 << 2)
+#define SSSR_RNE (1 << 3)
+#define SSSR_TFS (1 << 5)
+#define SSSR_RFS (1 << 6)
+#define SSSR_ROR (1 << 7)
+#define SSSR_RW 0x0080
+
+static void strongarm_ssp_int_update(StrongARMSSPState *s)
+{
+ int level = 0;
+
+ level |= (s->sssr & SSSR_ROR);
+ level |= (s->sssr & SSSR_RFS) && (s->sscr[1] & SSCR1_RIE);
+ level |= (s->sssr & SSSR_TFS) && (s->sscr[1] & SSCR1_TIE);
+ qemu_set_irq(s->irq, level);
+}
+
+static void strongarm_ssp_fifo_update(StrongARMSSPState *s)
+{
+ s->sssr &= ~SSSR_TFS;
+ s->sssr &= ~SSSR_TNF;
+ if (s->sscr[0] & SSCR0_SSE) {
+ if (s->rx_level >= 4) {
+ s->sssr |= SSSR_RFS;
+ } else {
+ s->sssr &= ~SSSR_RFS;
+ }
+ if (s->rx_level) {
+ s->sssr |= SSSR_RNE;
+ } else {
+ s->sssr &= ~SSSR_RNE;
+ }
+ /* TX FIFO is never filled, so it is always in underrun
+ condition if SSP is enabled */
+ s->sssr |= SSSR_TFS;
+ s->sssr |= SSSR_TNF;
+ }
+
+ strongarm_ssp_int_update(s);
+}
+
+static uint32_t strongarm_ssp_read(void *opaque, target_phys_addr_t addr)
+{
+ StrongARMSSPState *s = opaque;
+ uint32_t retval;
+
+ switch (addr) {
+ case SSCR0:
+ return s->sscr[0];
+ case SSCR1:
+ return s->sscr[1];
+ case SSSR:
+ return s->sssr;
+ case SSDR:
+ if (~s->sscr[0] & SSCR0_SSE) {
+ return 0xffffffff;
+ }
+ if (s->rx_level < 1) {
+ printf("%s: SSP Rx Underrun\n", __func__);
+ return 0xffffffff;
+ }
+ s->rx_level--;
+ retval = s->rx_fifo[s->rx_start++];
+ s->rx_start &= 0x7;
+ strongarm_ssp_fifo_update(s);
+ return retval;
+ default:
+ printf("%s: Bad register 0x" TARGET_FMT_plx "\n", __func__, addr);
+ break;
+ }
+ return 0;
+}
+
+static void strongarm_ssp_write(void *opaque, target_phys_addr_t addr,
+ uint32_t value)
+{
+ StrongARMSSPState *s = opaque;
+
+ switch (addr) {
+ case SSCR0:
+ s->sscr[0] = value & 0xffbf;
+ if ((s->sscr[0] & SSCR0_SSE) && SSCR0_DSS(value) < 4) {
+ printf("%s: Wrong data size: %i bits\n", __func__,
+ SSCR0_DSS(value));
+ }
+ if (!(value & SSCR0_SSE)) {
+ s->sssr = 0;
+ s->rx_level = 0;
+ }
+ strongarm_ssp_fifo_update(s);
+ break;
+
+ case SSCR1:
+ s->sscr[1] = value & 0x2f;
+ if (value & SSCR1_LBM) {
+ printf("%s: Attempt to use SSP LBM mode\n", __func__);
+ }
+ strongarm_ssp_fifo_update(s);
+ break;
+
+ case SSSR:
+ s->sssr &= ~(value & SSSR_RW);
+ strongarm_ssp_int_update(s);
+ break;
+
+ case SSDR:
+ if (SSCR0_UWIRE(s->sscr[0])) {
+ value &= 0xff;
+ } else
+ /* Note how 32bits overflow does no harm here */
+ value &= (1 << SSCR0_DSS(s->sscr[0])) - 1;
+
+ /* Data goes from here to the Tx FIFO and is shifted out from
+ * there directly to the slave, no need to buffer it.
+ */
+ if (s->sscr[0] & SSCR0_SSE) {
+ uint32_t readval;
+ if (s->sscr[1] & SSCR1_LBM) {
+ readval = value;
+ } else {
+ readval = ssi_transfer(s->bus, value);
+ }
+
+ if (s->rx_level < 0x08) {
+ s->rx_fifo[(s->rx_start + s->rx_level++) & 0x7] = readval;
+ } else {
+ s->sssr |= SSSR_ROR;
+ }
+ }
+ strongarm_ssp_fifo_update(s);
+ break;
+
+ default:
+ printf("%s: Bad register 0x" TARGET_FMT_plx "\n", __func__, addr);
+ break;
+ }
+}
+
+static CPUReadMemoryFunc * const strongarm_ssp_readfn[] = {
+ strongarm_ssp_read,
+ strongarm_ssp_read,
+ strongarm_ssp_read,
+};
+
+static CPUWriteMemoryFunc * const strongarm_ssp_writefn[] = {
+ strongarm_ssp_write,
+ strongarm_ssp_write,
+ strongarm_ssp_write,
+};
+
+static int strongarm_ssp_post_load(void *opaque, int version_id)
+{
+ StrongARMSSPState *s = opaque;
+
+ strongarm_ssp_fifo_update(s);
+
+ return 0;
+}
+
+static int strongarm_ssp_init(SysBusDevice *dev)
+{
+ int iomemtype;
+ StrongARMSSPState *s = FROM_SYSBUS(StrongARMSSPState, dev);
+
+ sysbus_init_irq(dev, &s->irq);
+
+ iomemtype = cpu_register_io_memory(strongarm_ssp_readfn,
+ strongarm_ssp_writefn, s,
+ DEVICE_NATIVE_ENDIAN);
+ sysbus_init_mmio(dev, 0x1000, iomemtype);
+
+ s->bus = ssi_create_bus(&dev->qdev, "ssi");
+ return 0;
+}
+
+static void strongarm_ssp_reset(DeviceState *dev)
+{
+ StrongARMSSPState *s = DO_UPCAST(StrongARMSSPState, busdev.qdev, dev);
+ s->sssr = 0x03; /* 3 bit data, SPI, disabled */
+ s->rx_start = 0;
+ s->rx_level = 0;
+}
+
+static const VMStateDescription vmstate_strongarm_ssp_regs = {
+ .name = "strongarm-ssp",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .post_load = strongarm_ssp_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT16_ARRAY(sscr, StrongARMSSPState, 2),
+ VMSTATE_UINT16(sssr, StrongARMSSPState),
+ VMSTATE_UINT16_ARRAY(rx_fifo, StrongARMSSPState, 8),
+ VMSTATE_UINT8(rx_start, StrongARMSSPState),
+ VMSTATE_UINT8(rx_level, StrongARMSSPState),
+ VMSTATE_END_OF_LIST(),
+ },
+};
+
+static SysBusDeviceInfo strongarm_ssp_info = {
+ .init = strongarm_ssp_init,
+ .qdev.name = "strongarm-ssp",
+ .qdev.desc = "StrongARM SSP controller",
+ .qdev.size = sizeof(StrongARMSSPState),
+ .qdev.reset = strongarm_ssp_reset,
+ .qdev.vmsd = &vmstate_strongarm_ssp_regs,
+};
+
+/* Main CPU functions */
+StrongARMState *sa1110_init(unsigned int sdram_size, const char *rev)
+{
+ StrongARMState *s;
+ qemu_irq *pic;
+ int i;
+
+ s = qemu_mallocz(sizeof(StrongARMState));
+
+ if (!rev) {
+ rev = "sa1110-b5";
+ }
+
+ if (strncmp(rev, "sa1110", 6)) {
+ error_report("Machine requires a SA1110 processor.\n");
+ exit(1);
+ }
+
+ s->env = cpu_init(rev);
+
+ if (!s->env) {
+ error_report("Unable to find CPU definition\n");
+ exit(1);
+ }
+
+ cpu_register_physical_memory(SA_SDCS0,
+ sdram_size, qemu_ram_alloc(NULL, "strongarm.sdram",
+ sdram_size) | IO_MEM_RAM);
+
+ pic = arm_pic_init_cpu(s->env);
+ s->pic = sysbus_create_varargs("strongarm_pic", 0x90050000,
+ pic[ARM_PIC_CPU_IRQ], pic[ARM_PIC_CPU_FIQ], NULL);
+
+ sysbus_create_varargs("pxa25x-timer", 0x90000000,
+ qdev_get_gpio_in(s->pic, SA_PIC_OSTC0),
+ qdev_get_gpio_in(s->pic, SA_PIC_OSTC1),
+ qdev_get_gpio_in(s->pic, SA_PIC_OSTC2),
+ qdev_get_gpio_in(s->pic, SA_PIC_OSTC3),
+ NULL);
+
+ sysbus_create_simple("strongarm-rtc", 0x90010000,
+ qdev_get_gpio_in(s->pic, SA_PIC_RTC_ALARM));
+
+ s->gpio = strongarm_gpio_init(0x90040000, s->pic);
+
+ s->ppc = sysbus_create_varargs("strongarm-ppc", 0x90060000, NULL);
+
+ for (i = 0; sa_serial[i].io_base; i++) {
+ DeviceState *dev = qdev_create(NULL, "strongarm-uart");
+ qdev_prop_set_chr(dev, "chardev", serial_hds[i]);
+ qdev_init_nofail(dev);
+ sysbus_mmio_map(sysbus_from_qdev(dev), 0,
+ sa_serial[i].io_base);
+ sysbus_connect_irq(sysbus_from_qdev(dev), 0,
+ qdev_get_gpio_in(s->pic, sa_serial[i].irq));
+ }
+
+ s->ssp = sysbus_create_varargs("strongarm-ssp", 0x80070000,
+ qdev_get_gpio_in(s->pic, SA_PIC_SSP), NULL);
+ s->ssp_bus = (SSIBus *)qdev_get_child_bus(s->ssp, "ssi");
+
+ return s;
+}
+
+static void strongarm_register_devices(void)
+{
+ sysbus_register_withprop(&strongarm_pic_info);
+ sysbus_register_withprop(&strongarm_rtc_sysbus_info);
+ sysbus_register_withprop(&strongarm_gpio_info);
+ sysbus_register_withprop(&strongarm_ppc_info);
+ sysbus_register_withprop(&strongarm_uart_info);
+ sysbus_register_withprop(&strongarm_ssp_info);
+}
+device_init(strongarm_register_devices)
diff --git a/hw/strongarm.h b/hw/strongarm.h
new file mode 100644
index 0000000..a81b110
--- /dev/null
+++ b/hw/strongarm.h
@@ -0,0 +1,64 @@
+#ifndef _STRONGARM_H
+#define _STRONGARM_H
+
+#define SA_CS0 0x00000000
+#define SA_CS1 0x08000000
+#define SA_CS2 0x10000000
+#define SA_CS3 0x18000000
+#define SA_PCMCIA_CS0 0x20000000
+#define SA_PCMCIA_CS1 0x30000000
+#define SA_CS4 0x40000000
+#define SA_CS5 0x48000000
+/* system registers here */
+#define SA_SDCS0 0xc0000000
+#define SA_SDCS1 0xc8000000
+#define SA_SDCS2 0xd0000000
+#define SA_SDCS3 0xd8000000
+
+enum {
+ SA_PIC_GPIO0_EDGE = 0,
+ SA_PIC_GPIO1_EDGE,
+ SA_PIC_GPIO2_EDGE,
+ SA_PIC_GPIO3_EDGE,
+ SA_PIC_GPIO4_EDGE,
+ SA_PIC_GPIO5_EDGE,
+ SA_PIC_GPIO6_EDGE,
+ SA_PIC_GPIO7_EDGE,
+ SA_PIC_GPIO8_EDGE,
+ SA_PIC_GPIO9_EDGE,
+ SA_PIC_GPIO10_EDGE,
+ SA_PIC_GPIOX_EDGE,
+ SA_PIC_LCD,
+ SA_PIC_UDC,
+ SA_PIC_RSVD1,
+ SA_PIC_UART1,
+ SA_PIC_UART2,
+ SA_PIC_UART3,
+ SA_PIC_MCP,
+ SA_PIC_SSP,
+ SA_PIC_DMA_CH0,
+ SA_PIC_DMA_CH1,
+ SA_PIC_DMA_CH2,
+ SA_PIC_DMA_CH3,
+ SA_PIC_DMA_CH4,
+ SA_PIC_DMA_CH5,
+ SA_PIC_OSTC0,
+ SA_PIC_OSTC1,
+ SA_PIC_OSTC2,
+ SA_PIC_OSTC3,
+ SA_PIC_RTC_HZ,
+ SA_PIC_RTC_ALARM,
+};
+
+typedef struct {
+ CPUState *env;
+ DeviceState *pic;
+ DeviceState *gpio;
+ DeviceState *ppc;
+ DeviceState *ssp;
+ SSIBus *ssp_bus;
+} StrongARMState;
+
+StrongARMState *sa1110_init(unsigned int sdram_size, const char *rev);
+
+#endif
diff --git a/hw/sun4u.c b/hw/sun4u.c
index dbb5a15..5eb38cf 100644
--- a/hw/sun4u.c
+++ b/hw/sun4u.c
@@ -793,14 +793,7 @@ static void sun4uv_init(ram_addr_t RAM_size,
for(i = 0; i < nb_nics; i++)
pci_nic_init_nofail(&nd_table[i], "ne2k_pci", NULL);
- if (drive_get_max_bus(IF_IDE) >= MAX_IDE_BUS) {
- fprintf(stderr, "qemu: too many IDE bus\n");
- exit(1);
- }
- for(i = 0; i < MAX_IDE_BUS * MAX_IDE_DEVS; i++) {
- hd[i] = drive_get(IF_IDE, i / MAX_IDE_DEVS,
- i % MAX_IDE_DEVS);
- }
+ ide_drive_get(hd, MAX_IDE_BUS);
pci_cmd646_ide_init(pci_bus, hd, 1);
diff --git a/hw/syborg.c b/hw/syborg.c
index 758c69a..bc200e4 100644
--- a/hw/syborg.c
+++ b/hw/syborg.c
@@ -25,7 +25,6 @@
#include "sysbus.h"
#include "boards.h"
#include "arm-misc.h"
-#include "sysemu.h"
#include "net.h"
static struct arm_boot_info syborg_binfo;
diff --git a/hw/syborg_keyboard.c b/hw/syborg_keyboard.c
index d295e99..706a039 100644
--- a/hw/syborg_keyboard.c
+++ b/hw/syborg_keyboard.c
@@ -51,11 +51,11 @@ enum {
typedef struct {
SysBusDevice busdev;
- int int_enabled;
+ uint32_t int_enabled;
int extension_bit;
uint32_t fifo_size;
uint32_t *key_fifo;
- int read_pos, read_count;
+ uint32_t read_pos, read_count;
qemu_irq irq;
} SyborgKeyboardState;
@@ -165,43 +165,21 @@ static void syborg_keyboard_event(void *opaque, int keycode)
syborg_keyboard_update(s);
}
-static void syborg_keyboard_save(QEMUFile *f, void *opaque)
-{
- SyborgKeyboardState *s = (SyborgKeyboardState *)opaque;
- int i;
-
- qemu_put_be32(f, s->fifo_size);
- qemu_put_be32(f, s->int_enabled);
- qemu_put_be32(f, s->extension_bit);
- qemu_put_be32(f, s->read_pos);
- qemu_put_be32(f, s->read_count);
- for (i = 0; i < s->fifo_size; i++) {
- qemu_put_be32(f, s->key_fifo[i]);
- }
-}
-
-static int syborg_keyboard_load(QEMUFile *f, void *opaque, int version_id)
-{
- SyborgKeyboardState *s = (SyborgKeyboardState *)opaque;
- uint32_t val;
- int i;
-
- if (version_id != 1)
- return -EINVAL;
-
- val = qemu_get_be32(f);
- if (val != s->fifo_size)
- return -EINVAL;
-
- s->int_enabled = qemu_get_be32(f);
- s->extension_bit = qemu_get_be32(f);
- s->read_pos = qemu_get_be32(f);
- s->read_count = qemu_get_be32(f);
- for (i = 0; i < s->fifo_size; i++) {
- s->key_fifo[i] = qemu_get_be32(f);
+static const VMStateDescription vmstate_syborg_keyboard = {
+ .name = "syborg_keyboard",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_EQUAL(fifo_size, SyborgKeyboardState),
+ VMSTATE_UINT32(int_enabled, SyborgKeyboardState),
+ VMSTATE_UINT32(read_pos, SyborgKeyboardState),
+ VMSTATE_UINT32(read_count, SyborgKeyboardState),
+ VMSTATE_VARRAY_UINT32(key_fifo, SyborgKeyboardState, fifo_size, 1,
+ vmstate_info_uint32, uint32),
+ VMSTATE_END_OF_LIST()
}
- return 0;
-}
+};
static int syborg_keyboard_init(SysBusDevice *dev)
{
@@ -221,8 +199,7 @@ static int syborg_keyboard_init(SysBusDevice *dev)
qemu_add_kbd_event_handler(syborg_keyboard_event, s);
- register_savevm(&dev->qdev, "syborg_keyboard", -1, 1,
- syborg_keyboard_save, syborg_keyboard_load, s);
+ vmstate_register(&dev->qdev, -1, &vmstate_syborg_keyboard, s);
return 0;
}
diff --git a/hw/syborg_pointer.c b/hw/syborg_pointer.c
index a886888..2f99707 100644
--- a/hw/syborg_pointer.c
+++ b/hw/syborg_pointer.c
@@ -152,52 +152,36 @@ static void syborg_pointer_event(void *opaque, int dx, int dy, int dz,
syborg_pointer_update(s);
}
-static void syborg_pointer_save(QEMUFile *f, void *opaque)
-{
- SyborgPointerState *s = (SyborgPointerState *)opaque;
- int i;
-
- qemu_put_be32(f, s->fifo_size);
- qemu_put_be32(f, s->absolute);
- qemu_put_be32(f, s->int_enabled);
- qemu_put_be32(f, s->read_pos);
- qemu_put_be32(f, s->read_count);
- for (i = 0; i < s->fifo_size; i++) {
- qemu_put_be32(f, s->event_fifo[i].x);
- qemu_put_be32(f, s->event_fifo[i].y);
- qemu_put_be32(f, s->event_fifo[i].z);
- qemu_put_be32(f, s->event_fifo[i].pointer_buttons);
+static const VMStateDescription vmstate_event_data = {
+ .name = "dbma_channel",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_INT32(x, event_data),
+ VMSTATE_INT32(y, event_data),
+ VMSTATE_INT32(z, event_data),
+ VMSTATE_INT32(pointer_buttons, event_data),
+ VMSTATE_END_OF_LIST()
}
-}
+};
-static int syborg_pointer_load(QEMUFile *f, void *opaque, int version_id)
-{
- SyborgPointerState *s = (SyborgPointerState *)opaque;
- uint32_t val;
- int i;
-
- if (version_id != 1)
- return -EINVAL;
-
- val = qemu_get_be32(f);
- if (val != s->fifo_size)
- return -EINVAL;
-
- val = qemu_get_be32(f);
- if (val != s->absolute)
- return -EINVAL;
-
- s->int_enabled = qemu_get_be32(f);
- s->read_pos = qemu_get_be32(f);
- s->read_count = qemu_get_be32(f);
- for (i = 0; i < s->fifo_size; i++) {
- s->event_fifo[i].x = qemu_get_be32(f);
- s->event_fifo[i].y = qemu_get_be32(f);
- s->event_fifo[i].z = qemu_get_be32(f);
- s->event_fifo[i].pointer_buttons = qemu_get_be32(f);
+static const VMStateDescription vmstate_syborg_pointer = {
+ .name = "syborg_pointer",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_EQUAL(fifo_size, SyborgPointerState),
+ VMSTATE_UINT32_EQUAL(absolute, SyborgPointerState),
+ VMSTATE_INT32(int_enabled, SyborgPointerState),
+ VMSTATE_INT32(read_pos, SyborgPointerState),
+ VMSTATE_INT32(read_count, SyborgPointerState),
+ VMSTATE_STRUCT_VARRAY_UINT32(event_fifo, SyborgPointerState, fifo_size,
+ 1, vmstate_event_data, event_data),
+ VMSTATE_END_OF_LIST()
}
- return 0;
-}
+};
static int syborg_pointer_init(SysBusDevice *dev)
{
@@ -219,8 +203,7 @@ static int syborg_pointer_init(SysBusDevice *dev)
qemu_add_mouse_event_handler(syborg_pointer_event, s, s->absolute,
"Syborg Pointer");
- register_savevm(&dev->qdev, "syborg_pointer", -1, 1,
- syborg_pointer_save, syborg_pointer_load, s);
+ vmstate_register(&dev->qdev, -1, &vmstate_syborg_pointer, s);
return 0;
}
diff --git a/hw/syborg_rtc.c b/hw/syborg_rtc.c
index 16d8f9e..69f6ccf 100644
--- a/hw/syborg_rtc.c
+++ b/hw/syborg_rtc.c
@@ -102,26 +102,17 @@ static CPUWriteMemoryFunc * const syborg_rtc_writefn[] = {
syborg_rtc_write
};
-static void syborg_rtc_save(QEMUFile *f, void *opaque)
-{
- SyborgRTCState *s = opaque;
-
- qemu_put_be64(f, s->offset);
- qemu_put_be64(f, s->data);
-}
-
-static int syborg_rtc_load(QEMUFile *f, void *opaque, int version_id)
-{
- SyborgRTCState *s = opaque;
-
- if (version_id != 1)
- return -EINVAL;
-
- s->offset = qemu_get_be64(f);
- s->data = qemu_get_be64(f);
-
- return 0;
-}
+static const VMStateDescription vmstate_syborg_rtc = {
+ .name = "syborg_keyboard",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_INT64(offset, SyborgRTCState),
+ VMSTATE_INT64(data, SyborgRTCState),
+ VMSTATE_END_OF_LIST()
+ }
+};
static int syborg_rtc_init(SysBusDevice *dev)
{
@@ -137,8 +128,7 @@ static int syborg_rtc_init(SysBusDevice *dev)
qemu_get_timedate(&tm, 0);
s->offset = (uint64_t)mktime(&tm) * 1000000000;
- register_savevm(&dev->qdev, "syborg_rtc", -1, 1,
- syborg_rtc_save, syborg_rtc_load, s);
+ vmstate_register(&dev->qdev, -1, &vmstate_syborg_rtc, s);
return 0;
}
diff --git a/hw/syborg_serial.c b/hw/syborg_serial.c
index 34ce076..df2950f 100644
--- a/hw/syborg_serial.c
+++ b/hw/syborg_serial.c
@@ -273,47 +273,24 @@ static CPUWriteMemoryFunc * const syborg_serial_writefn[] = {
syborg_serial_write
};
-static void syborg_serial_save(QEMUFile *f, void *opaque)
-{
- SyborgSerialState *s = opaque;
- int i;
-
- qemu_put_be32(f, s->fifo_size);
- qemu_put_be32(f, s->int_enable);
- qemu_put_be32(f, s->read_pos);
- qemu_put_be32(f, s->read_count);
- qemu_put_be32(f, s->dma_tx_ptr);
- qemu_put_be32(f, s->dma_rx_ptr);
- qemu_put_be32(f, s->dma_rx_size);
- for (i = 0; i < s->fifo_size; i++) {
- qemu_put_be32(f, s->read_fifo[i]);
- }
-}
-
-static int syborg_serial_load(QEMUFile *f, void *opaque, int version_id)
-{
- SyborgSerialState *s = opaque;
- int i;
-
- if (version_id != 1)
- return -EINVAL;
-
- i = qemu_get_be32(f);
- if (s->fifo_size != i)
- return -EINVAL;
-
- s->int_enable = qemu_get_be32(f);
- s->read_pos = qemu_get_be32(f);
- s->read_count = qemu_get_be32(f);
- s->dma_tx_ptr = qemu_get_be32(f);
- s->dma_rx_ptr = qemu_get_be32(f);
- s->dma_rx_size = qemu_get_be32(f);
- for (i = 0; i < s->fifo_size; i++) {
- s->read_fifo[i] = qemu_get_be32(f);
+static const VMStateDescription vmstate_syborg_serial = {
+ .name = "syborg_serial",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_EQUAL(fifo_size, SyborgSerialState),
+ VMSTATE_UINT32(int_enable, SyborgSerialState),
+ VMSTATE_INT32(read_pos, SyborgSerialState),
+ VMSTATE_INT32(read_count, SyborgSerialState),
+ VMSTATE_UINT32(dma_tx_ptr, SyborgSerialState),
+ VMSTATE_UINT32(dma_rx_ptr, SyborgSerialState),
+ VMSTATE_UINT32(dma_rx_size, SyborgSerialState),
+ VMSTATE_VARRAY_UINT32(read_fifo, SyborgSerialState, fifo_size, 1,
+ vmstate_info_uint32, uint32),
+ VMSTATE_END_OF_LIST()
}
-
- return 0;
-}
+};
static int syborg_serial_init(SysBusDevice *dev)
{
@@ -336,8 +313,6 @@ static int syborg_serial_init(SysBusDevice *dev)
}
s->read_fifo = qemu_mallocz(s->fifo_size * sizeof(s->read_fifo[0]));
- register_savevm(&dev->qdev, "syborg_serial", -1, 1,
- syborg_serial_save, syborg_serial_load, s);
return 0;
}
@@ -345,6 +320,7 @@ static SysBusDeviceInfo syborg_serial_info = {
.init = syborg_serial_init,
.qdev.name = "syborg,serial",
.qdev.size = sizeof(SyborgSerialState),
+ .qdev.vmsd = &vmstate_syborg_serial,
.qdev.props = (Property[]) {
DEFINE_PROP_UINT32("fifo-size", SyborgSerialState, fifo_size, 16),
DEFINE_PROP_END_OF_LIST(),
diff --git a/hw/syborg_timer.c b/hw/syborg_timer.c
index cedcd8e..50c813e 100644
--- a/hw/syborg_timer.c
+++ b/hw/syborg_timer.c
@@ -174,34 +174,21 @@ static CPUWriteMemoryFunc * const syborg_timer_writefn[] = {
syborg_timer_write
};
-static void syborg_timer_save(QEMUFile *f, void *opaque)
-{
- SyborgTimerState *s = opaque;
-
- qemu_put_be32(f, s->running);
- qemu_put_be32(f, s->oneshot);
- qemu_put_be32(f, s->limit);
- qemu_put_be32(f, s->int_level);
- qemu_put_be32(f, s->int_enabled);
- qemu_put_ptimer(f, s->timer);
-}
-
-static int syborg_timer_load(QEMUFile *f, void *opaque, int version_id)
-{
- SyborgTimerState *s = opaque;
-
- if (version_id != 1)
- return -EINVAL;
-
- s->running = qemu_get_be32(f);
- s->oneshot = qemu_get_be32(f);
- s->limit = qemu_get_be32(f);
- s->int_level = qemu_get_be32(f);
- s->int_enabled = qemu_get_be32(f);
- qemu_get_ptimer(f, s->timer);
-
- return 0;
-}
+static const VMStateDescription vmstate_syborg_timer = {
+ .name = "syborg_timer",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_INT32(running, SyborgTimerState),
+ VMSTATE_INT32(oneshot, SyborgTimerState),
+ VMSTATE_UINT32(limit, SyborgTimerState),
+ VMSTATE_UINT32(int_level, SyborgTimerState),
+ VMSTATE_UINT32(int_enabled, SyborgTimerState),
+ VMSTATE_PTIMER(timer, SyborgTimerState),
+ VMSTATE_END_OF_LIST()
+ }
+};
static int syborg_timer_init(SysBusDevice *dev)
{
@@ -222,8 +209,7 @@ static int syborg_timer_init(SysBusDevice *dev)
bh = qemu_bh_new(syborg_timer_tick, s);
s->timer = ptimer_init(bh);
ptimer_set_freq(s->timer, s->freq);
- register_savevm(&dev->qdev, "syborg_timer", -1, 1,
- syborg_timer_save, syborg_timer_load, s);
+ vmstate_register(&dev->qdev, -1, &vmstate_syborg_timer, s);
return 0;
}
diff --git a/hw/syborg_virtio.c b/hw/syborg_virtio.c
index ee08c49..2f3e6da 100644
--- a/hw/syborg_virtio.c
+++ b/hw/syborg_virtio.c
@@ -26,7 +26,6 @@
#include "sysbus.h"
#include "virtio.h"
#include "virtio-net.h"
-#include "sysemu.h"
//#define DEBUG_SYBORG_VIRTIO
diff --git a/hw/sysbus.c b/hw/sysbus.c
index acad72a..2e22be7 100644
--- a/hw/sysbus.c
+++ b/hw/sysbus.c
@@ -18,7 +18,6 @@
*/
#include "sysbus.h"
-#include "sysemu.h"
#include "monitor.h"
static void sysbus_dev_print(Monitor *mon, DeviceState *dev, int indent);
diff --git a/hw/tc58128.c b/hw/tc58128.c
index 672a01c..61b99dd 100644
--- a/hw/tc58128.c
+++ b/hw/tc58128.c
@@ -1,6 +1,5 @@
#include "hw.h"
#include "sh.h"
-#include "sysemu.h"
#include "loader.h"
#define CE1 0x0100
diff --git a/hw/tosa.c b/hw/tosa.c
index b8b6c4f..a7967a2 100644
--- a/hw/tosa.c
+++ b/hw/tosa.c
@@ -11,7 +11,6 @@
#include "hw.h"
#include "pxa.h"
#include "arm-misc.h"
-#include "sysemu.h"
#include "devices.h"
#include "sharpsl.h"
#include "pcmcia.h"
diff --git a/hw/twl92230.c b/hw/twl92230.c
index 8e74acc..a75448f 100644
--- a/hw/twl92230.c
+++ b/hw/twl92230.c
@@ -22,7 +22,6 @@
#include "hw.h"
#include "qemu-timer.h"
#include "i2c.h"
-#include "sysemu.h"
#include "console.h"
#define VERBOSE 1
diff --git a/hw/usb-ccid.c b/hw/usb-ccid.c
new file mode 100644
index 0000000..079b4a2
--- /dev/null
+++ b/hw/usb-ccid.c
@@ -0,0 +1,1419 @@
+/*
+ * Copyright (C) 2011 Red Hat, Inc.
+ *
+ * CCID Device emulation
+ *
+ * Written by Alon Levy, with contributions from Robert Relyea.
+ *
+ * Based on usb-serial.c, see it's copyright and attributions below.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2.1 or later.
+ * See the COPYING file in the top-level directory.
+ * ------- (original copyright & attribution for usb-serial.c below) --------
+ * Copyright (c) 2006 CodeSourcery.
+ * Copyright (c) 2008 Samuel Thibault <samuel.thibault@ens-lyon.org>
+ * Written by Paul Brook, reused for FTDI by Samuel Thibault,
+ */
+
+/*
+ * References:
+ *
+ * CCID Specification Revision 1.1 April 22nd 2005
+ * "Universal Serial Bus, Device Class: Smart Card"
+ * Specification for Integrated Circuit(s) Cards Interface Devices
+ *
+ * Endianness note: from the spec (1.3)
+ * "Fields that are larger than a byte are stored in little endian"
+ *
+ * KNOWN BUGS
+ * 1. remove/insert can sometimes result in removed state instead of inserted.
+ * This is a result of the following:
+ * symptom: dmesg shows ERMOTEIO (-121), pcscd shows -99. This can happen
+ * when a short packet is sent, as seen in uhci-usb.c, resulting from a urb
+ * from the guest requesting SPD and us returning a smaller packet.
+ * Not sure which messages trigger this.
+ */
+
+#include "qemu-common.h"
+#include "qemu-error.h"
+#include "usb.h"
+#include "monitor.h"
+
+#include "hw/ccid.h"
+
+#define DPRINTF(s, lvl, fmt, ...) \
+do { \
+ if (lvl <= s->debug) { \
+ printf("usb-ccid: " fmt , ## __VA_ARGS__); \
+ } \
+} while (0)
+
+#define D_WARN 1
+#define D_INFO 2
+#define D_MORE_INFO 3
+#define D_VERBOSE 4
+
+#define CCID_DEV_NAME "usb-ccid"
+
+/*
+ * The two options for variable sized buffers:
+ * make them constant size, for large enough constant,
+ * or handle the migration complexity - VMState doesn't handle this case.
+ * sizes are expected never to be exceeded, unless guest misbehaves.
+ */
+#define BULK_OUT_DATA_SIZE 65536
+#define PENDING_ANSWERS_NUM 128
+
+#define BULK_IN_BUF_SIZE 384
+#define BULK_IN_PENDING_NUM 8
+
+#define InterfaceOutClass \
+ ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE)<<8)
+
+#define InterfaceInClass \
+ ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE)<<8)
+
+#define CCID_MAX_PACKET_SIZE 64
+
+#define CCID_CONTROL_ABORT 0x1
+#define CCID_CONTROL_GET_CLOCK_FREQUENCIES 0x2
+#define CCID_CONTROL_GET_DATA_RATES 0x3
+
+#define CCID_PRODUCT_DESCRIPTION "QEMU USB CCID"
+#define CCID_VENDOR_DESCRIPTION "QEMU " QEMU_VERSION
+#define CCID_INTERFACE_NAME "CCID Interface"
+#define CCID_SERIAL_NUMBER_STRING "1"
+/*
+ * Using Gemplus Vendor and Product id
+ * Effect on various drivers:
+ * usbccid.sys (winxp, others untested) is a class driver so it doesn't care.
+ * linux has a number of class drivers, but openct filters based on
+ * vendor/product (/etc/openct.conf under fedora), hence Gemplus.
+ */
+#define CCID_VENDOR_ID 0x08e6
+#define CCID_PRODUCT_ID 0x4433
+#define CCID_DEVICE_VERSION 0x0000
+
+/*
+ * BULK_OUT messages from PC to Reader
+ * Defined in CCID Rev 1.1 6.1 (page 26)
+ */
+#define CCID_MESSAGE_TYPE_PC_to_RDR_IccPowerOn 0x62
+#define CCID_MESSAGE_TYPE_PC_to_RDR_IccPowerOff 0x63
+#define CCID_MESSAGE_TYPE_PC_to_RDR_GetSlotStatus 0x65
+#define CCID_MESSAGE_TYPE_PC_to_RDR_XfrBlock 0x6f
+#define CCID_MESSAGE_TYPE_PC_to_RDR_GetParameters 0x6c
+#define CCID_MESSAGE_TYPE_PC_to_RDR_ResetParameters 0x6d
+#define CCID_MESSAGE_TYPE_PC_to_RDR_SetParameters 0x61
+#define CCID_MESSAGE_TYPE_PC_to_RDR_Escape 0x6b
+#define CCID_MESSAGE_TYPE_PC_to_RDR_IccClock 0x6e
+#define CCID_MESSAGE_TYPE_PC_to_RDR_T0APDU 0x6a
+#define CCID_MESSAGE_TYPE_PC_to_RDR_Secure 0x69
+#define CCID_MESSAGE_TYPE_PC_to_RDR_Mechanical 0x71
+#define CCID_MESSAGE_TYPE_PC_to_RDR_Abort 0x72
+#define CCID_MESSAGE_TYPE_PC_to_RDR_SetDataRateAndClockFrequency 0x73
+
+/*
+ * BULK_IN messages from Reader to PC
+ * Defined in CCID Rev 1.1 6.2 (page 48)
+ */
+#define CCID_MESSAGE_TYPE_RDR_to_PC_DataBlock 0x80
+#define CCID_MESSAGE_TYPE_RDR_to_PC_SlotStatus 0x81
+#define CCID_MESSAGE_TYPE_RDR_to_PC_Parameters 0x82
+#define CCID_MESSAGE_TYPE_RDR_to_PC_Escape 0x83
+#define CCID_MESSAGE_TYPE_RDR_to_PC_DataRateAndClockFrequency 0x84
+
+/*
+ * INTERRUPT_IN messages from Reader to PC
+ * Defined in CCID Rev 1.1 6.3 (page 56)
+ */
+#define CCID_MESSAGE_TYPE_RDR_to_PC_NotifySlotChange 0x50
+#define CCID_MESSAGE_TYPE_RDR_to_PC_HardwareError 0x51
+
+/*
+ * Endpoints for CCID - addresses are up to us to decide.
+ * To support slot insertion and removal we must have an interrupt in ep
+ * in addition we need a bulk in and bulk out ep
+ * 5.2, page 20
+ */
+#define CCID_INT_IN_EP 1
+#define CCID_BULK_IN_EP 2
+#define CCID_BULK_OUT_EP 3
+
+/* bmSlotICCState masks */
+#define SLOT_0_STATE_MASK 1
+#define SLOT_0_CHANGED_MASK 2
+
+/* Status codes that go in bStatus (see 6.2.6) */
+enum {
+ ICC_STATUS_PRESENT_ACTIVE = 0,
+ ICC_STATUS_PRESENT_INACTIVE,
+ ICC_STATUS_NOT_PRESENT
+};
+
+enum {
+ COMMAND_STATUS_NO_ERROR = 0,
+ COMMAND_STATUS_FAILED,
+ COMMAND_STATUS_TIME_EXTENSION_REQUIRED
+};
+
+/* Error codes that go in bError (see 6.2.6) */
+enum {
+ ERROR_CMD_NOT_SUPPORTED = 0,
+ ERROR_CMD_ABORTED = -1,
+ ERROR_ICC_MUTE = -2,
+ ERROR_XFR_PARITY_ERROR = -3,
+ ERROR_XFR_OVERRUN = -4,
+ ERROR_HW_ERROR = -5,
+};
+
+/* 6.2.6 RDR_to_PC_SlotStatus definitions */
+enum {
+ CLOCK_STATUS_RUNNING = 0,
+ /*
+ * 0 - Clock Running, 1 - Clock stopped in State L, 2 - H,
+ * 3 - unknown state. rest are RFU
+ */
+};
+
+typedef struct __attribute__ ((__packed__)) CCID_Header {
+ uint8_t bMessageType;
+ uint32_t dwLength;
+ uint8_t bSlot;
+ uint8_t bSeq;
+} CCID_Header;
+
+typedef struct __attribute__ ((__packed__)) CCID_BULK_IN {
+ CCID_Header hdr;
+ uint8_t bStatus; /* Only used in BULK_IN */
+ uint8_t bError; /* Only used in BULK_IN */
+} CCID_BULK_IN;
+
+typedef struct __attribute__ ((__packed__)) CCID_SlotStatus {
+ CCID_BULK_IN b;
+ uint8_t bClockStatus;
+} CCID_SlotStatus;
+
+typedef struct __attribute__ ((__packed__)) CCID_Parameter {
+ CCID_BULK_IN b;
+ uint8_t bProtocolNum;
+ uint8_t abProtocolDataStructure[0];
+} CCID_Parameter;
+
+typedef struct __attribute__ ((__packed__)) CCID_DataBlock {
+ CCID_BULK_IN b;
+ uint8_t bChainParameter;
+ uint8_t abData[0];
+} CCID_DataBlock;
+
+/* 6.1.4 PC_to_RDR_XfrBlock */
+typedef struct __attribute__ ((__packed__)) CCID_XferBlock {
+ CCID_Header hdr;
+ uint8_t bBWI; /* Block Waiting Timeout */
+ uint16_t wLevelParameter; /* XXX currently unused */
+ uint8_t abData[0];
+} CCID_XferBlock;
+
+typedef struct __attribute__ ((__packed__)) CCID_IccPowerOn {
+ CCID_Header hdr;
+ uint8_t bPowerSelect;
+ uint16_t abRFU;
+} CCID_IccPowerOn;
+
+typedef struct __attribute__ ((__packed__)) CCID_IccPowerOff {
+ CCID_Header hdr;
+ uint16_t abRFU;
+} CCID_IccPowerOff;
+
+typedef struct __attribute__ ((__packed__)) CCID_SetParameters {
+ CCID_Header hdr;
+ uint8_t bProtocolNum;
+ uint16_t abRFU;
+ uint8_t abProtocolDataStructure[0];
+} CCID_SetParameters;
+
+typedef struct CCID_Notify_Slot_Change {
+ uint8_t bMessageType; /* CCID_MESSAGE_TYPE_RDR_to_PC_NotifySlotChange */
+ uint8_t bmSlotICCState;
+} CCID_Notify_Slot_Change;
+
+/* used for DataBlock response to XferBlock */
+typedef struct Answer {
+ uint8_t slot;
+ uint8_t seq;
+} Answer;
+
+/* pending BULK_IN messages */
+typedef struct BulkIn {
+ uint8_t data[BULK_IN_BUF_SIZE];
+ uint32_t len;
+ uint32_t pos;
+} BulkIn;
+
+enum {
+ MIGRATION_NONE,
+ MIGRATION_MIGRATED,
+};
+
+typedef struct CCIDBus CCIDBus;
+typedef struct USBCCIDState USBCCIDState;
+
+#define MAX_PROTOCOL_SIZE 7
+
+/*
+ * powered - defaults to true, changed by PowerOn/PowerOff messages
+ */
+struct USBCCIDState {
+ USBDevice dev;
+ CCIDBus *bus;
+ CCIDCardState *card;
+ CCIDCardInfo *cardinfo; /* caching the info pointer */
+ BulkIn bulk_in_pending[BULK_IN_PENDING_NUM]; /* circular */
+ uint32_t bulk_in_pending_start;
+ uint32_t bulk_in_pending_end; /* first free */
+ uint32_t bulk_in_pending_num;
+ BulkIn *current_bulk_in;
+ uint8_t bulk_out_data[BULK_OUT_DATA_SIZE];
+ uint32_t bulk_out_pos;
+ uint64_t last_answer_error;
+ Answer pending_answers[PENDING_ANSWERS_NUM];
+ uint32_t pending_answers_start;
+ uint32_t pending_answers_end;
+ uint32_t pending_answers_num;
+ uint8_t bError;
+ uint8_t bmCommandStatus;
+ uint8_t bProtocolNum;
+ uint8_t abProtocolDataStructure[MAX_PROTOCOL_SIZE];
+ uint32_t ulProtocolDataStructureSize;
+ uint32_t state_vmstate;
+ uint32_t migration_target_ip;
+ uint16_t migration_target_port;
+ uint8_t migration_state;
+ uint8_t bmSlotICCState;
+ uint8_t powered;
+ uint8_t notify_slot_change;
+ uint8_t debug;
+};
+
+/*
+ * CCID Spec chapter 4: CCID uses a standard device descriptor per Chapter 9,
+ * "USB Device Framework", section 9.6.1, in the Universal Serial Bus
+ * Specification.
+ *
+ * This device implemented based on the spec and with an Athena Smart Card
+ * Reader as reference:
+ * 0dc3:1004 Athena Smartcard Solutions, Inc.
+ */
+
+static const uint8_t qemu_ccid_dev_descriptor[] = {
+ 0x12, /* u8 bLength; */
+ USB_DT_DEVICE, /* u8 bDescriptorType; Device */
+ 0x10, 0x01, /* u16 bcdUSB; v1.1 */
+
+ 0x00, /* u8 bDeviceClass; */
+ 0x00, /* u8 bDeviceSubClass; */
+ 0x00, /* u8 bDeviceProtocol; [ low/full speeds only ] */
+ 0x40, /* u8 bMaxPacketSize0; 8 Bytes (valid: 8,16,32,64) */
+
+ /* Vendor and product id are arbitrary. */
+ /* u16 idVendor */
+ CCID_VENDOR_ID & 0xff, CCID_VENDOR_ID >> 8,
+ /* u16 idProduct */
+ CCID_PRODUCT_ID & 0xff, CCID_PRODUCT_ID >> 8,
+ /* u16 bcdDevice */
+ CCID_DEVICE_VERSION & 0xff, CCID_DEVICE_VERSION >> 8,
+ 0x01, /* u8 iManufacturer; */
+ 0x02, /* u8 iProduct; */
+ 0x03, /* u8 iSerialNumber; */
+ 0x01, /* u8 bNumConfigurations; */
+};
+
+static const uint8_t qemu_ccid_config_descriptor[] = {
+
+ /* one configuration */
+ 0x09, /* u8 bLength; */
+ USB_DT_CONFIG, /* u8 bDescriptorType; Configuration */
+ 0x5d, 0x00, /* u16 wTotalLength; 9+9+54+7+7+7 */
+ 0x01, /* u8 bNumInterfaces; (1) */
+ 0x01, /* u8 bConfigurationValue; */
+ 0x00, /* u8 iConfiguration; */
+ 0xe0, /* u8 bmAttributes;
+ Bit 7: must be set,
+ 6: Self-powered,
+ 5: Remote wakeup,
+ 4..0: resvd */
+ 100/2, /* u8 MaxPower; 50 == 100mA */
+
+ /* one interface */
+ 0x09, /* u8 if_bLength; */
+ USB_DT_INTERFACE, /* u8 if_bDescriptorType; Interface */
+ 0x00, /* u8 if_bInterfaceNumber; */
+ 0x00, /* u8 if_bAlternateSetting; */
+ 0x03, /* u8 if_bNumEndpoints; */
+ 0x0b, /* u8 if_bInterfaceClass; Smart Card Device Class */
+ 0x00, /* u8 if_bInterfaceSubClass; Subclass code */
+ 0x00, /* u8 if_bInterfaceProtocol; Protocol code */
+ 0x04, /* u8 if_iInterface; Index of string descriptor */
+
+ /* Smart Card Device Class Descriptor */
+ 0x36, /* u8 bLength; */
+ 0x21, /* u8 bDescriptorType; Functional */
+ 0x10, 0x01, /* u16 bcdCCID; CCID Specification Release Number. */
+ 0x00, /*
+ * u8 bMaxSlotIndex; The index of the highest available
+ * slot on this device. All slots are consecutive starting
+ * at 00h.
+ */
+ 0x07, /* u8 bVoltageSupport; 01h - 5.0v, 02h - 3.0, 03 - 1.8 */
+
+ 0x03, 0x00, /* u32 dwProtocols; RRRR PPPP. RRRR = 0000h.*/
+ 0x00, 0x00, /* PPPP: 0001h = Protocol T=0, 0002h = Protocol T=1 */
+ /* u32 dwDefaultClock; in kHZ (0x0fa0 is 4 MHz) */
+ 0xa0, 0x0f, 0x00, 0x00,
+ /* u32 dwMaximumClock; */
+ 0x00, 0x00, 0x01, 0x00,
+ 0x00, /* u8 bNumClockSupported; *
+ * 0 means just the default and max. */
+ /* u32 dwDataRate ;bps. 9600 == 00002580h */
+ 0x80, 0x25, 0x00, 0x00,
+ /* u32 dwMaxDataRate ; 11520 bps == 0001C200h */
+ 0x00, 0xC2, 0x01, 0x00,
+ 0x00, /* u8 bNumDataRatesSupported; 00 means all rates between
+ * default and max */
+ /* u32 dwMaxIFSD; *
+ * maximum IFSD supported by CCID for protocol *
+ * T=1 (Maximum seen from various cards) */
+ 0xfe, 0x00, 0x00, 0x00,
+ /* u32 dwSyncProtocols; 1 - 2-wire, 2 - 3-wire, 4 - I2C */
+ 0x00, 0x00, 0x00, 0x00,
+ /* u32 dwMechanical; 0 - no special characteristics. */
+ 0x00, 0x00, 0x00, 0x00,
+ /*
+ * u32 dwFeatures;
+ * 0 - No special characteristics
+ * + 2 Automatic parameter configuration based on ATR data
+ * + 4 Automatic activation of ICC on inserting
+ * + 8 Automatic ICC voltage selection
+ * + 10 Automatic ICC clock frequency change
+ * + 20 Automatic baud rate change
+ * + 40 Automatic parameters negotiation made by the CCID
+ * + 80 automatic PPS made by the CCID
+ * 100 CCID can set ICC in clock stop mode
+ * 200 NAD value other then 00 accepted (T=1 protocol)
+ * + 400 Automatic IFSD exchange as first exchange (T=1)
+ * One of the following only:
+ * + 10000 TPDU level exchanges with CCID
+ * 20000 Short APDU level exchange with CCID
+ * 40000 Short and Extended APDU level exchange with CCID
+ *
+ * + 100000 USB Wake up signaling supported on card
+ * insertion and removal. Must set bit 5 in bmAttributes
+ * in Configuration descriptor if 100000 is set.
+ */
+ 0xfe, 0x04, 0x11, 0x00,
+ /*
+ * u32 dwMaxCCIDMessageLength; For extended APDU in
+ * [261 + 10 , 65544 + 10]. Otherwise the minimum is
+ * wMaxPacketSize of the Bulk-OUT endpoint
+ */
+ 0x12, 0x00, 0x01, 0x00,
+ 0xFF, /*
+ * u8 bClassGetResponse; Significant only for CCID that
+ * offers an APDU level for exchanges. Indicates the
+ * default class value used by the CCID when it sends a
+ * Get Response command to perform the transportation of
+ * an APDU by T=0 protocol
+ * FFh indicates that the CCID echos the class of the APDU.
+ */
+ 0xFF, /*
+ * u8 bClassEnvelope; EAPDU only. Envelope command for
+ * T=0
+ */
+ 0x00, 0x00, /*
+ * u16 wLcdLayout; XXYY Number of lines (XX) and chars per
+ * line for LCD display used for PIN entry. 0000 - no LCD
+ */
+ 0x01, /*
+ * u8 bPINSupport; 01h PIN Verification,
+ * 02h PIN Modification
+ */
+ 0x01, /* u8 bMaxCCIDBusySlots; */
+
+ /* Interrupt-IN endpoint */
+ 0x07, /* u8 ep_bLength; */
+ /* u8 ep_bDescriptorType; Endpoint */
+ USB_DT_ENDPOINT,
+ /* u8 ep_bEndpointAddress; IN Endpoint 1 */
+ 0x80 | CCID_INT_IN_EP,
+ 0x03, /* u8 ep_bmAttributes; Interrupt */
+ /* u16 ep_wMaxPacketSize; */
+ CCID_MAX_PACKET_SIZE & 0xff, (CCID_MAX_PACKET_SIZE >> 8),
+ 0xff, /* u8 ep_bInterval; */
+
+ /* Bulk-In endpoint */
+ 0x07, /* u8 ep_bLength; */
+ /* u8 ep_bDescriptorType; Endpoint */
+ USB_DT_ENDPOINT,
+ /* u8 ep_bEndpointAddress; IN Endpoint 2 */
+ 0x80 | CCID_BULK_IN_EP,
+ 0x02, /* u8 ep_bmAttributes; Bulk */
+ 0x40, 0x00, /* u16 ep_wMaxPacketSize; */
+ 0x00, /* u8 ep_bInterval; */
+
+ /* Bulk-Out endpoint */
+ 0x07, /* u8 ep_bLength; */
+ /* u8 ep_bDescriptorType; Endpoint */
+ USB_DT_ENDPOINT,
+ /* u8 ep_bEndpointAddress; OUT Endpoint 3 */
+ CCID_BULK_OUT_EP,
+ 0x02, /* u8 ep_bmAttributes; Bulk */
+ 0x40, 0x00, /* u16 ep_wMaxPacketSize; */
+ 0x00, /* u8 ep_bInterval; */
+
+};
+
+static bool ccid_has_pending_answers(USBCCIDState *s)
+{
+ return s->pending_answers_num > 0;
+}
+
+static void ccid_clear_pending_answers(USBCCIDState *s)
+{
+ s->pending_answers_num = 0;
+ s->pending_answers_start = 0;
+ s->pending_answers_end = 0;
+}
+
+static void ccid_print_pending_answers(USBCCIDState *s)
+{
+ Answer *answer;
+ int i, count;
+
+ DPRINTF(s, D_VERBOSE, "usb-ccid: pending answers:");
+ if (!ccid_has_pending_answers(s)) {
+ DPRINTF(s, D_VERBOSE, " empty\n");
+ return;
+ }
+ for (i = s->pending_answers_start, count = s->pending_answers_num ;
+ count > 0; count--, i++) {
+ answer = &s->pending_answers[i % PENDING_ANSWERS_NUM];
+ if (count == 1) {
+ DPRINTF(s, D_VERBOSE, "%d:%d\n", answer->slot, answer->seq);
+ } else {
+ DPRINTF(s, D_VERBOSE, "%d:%d,", answer->slot, answer->seq);
+ }
+ }
+}
+
+static void ccid_add_pending_answer(USBCCIDState *s, CCID_Header *hdr)
+{
+ Answer *answer;
+
+ assert(s->pending_answers_num < PENDING_ANSWERS_NUM);
+ s->pending_answers_num++;
+ answer =
+ &s->pending_answers[(s->pending_answers_end++) % PENDING_ANSWERS_NUM];
+ answer->slot = hdr->bSlot;
+ answer->seq = hdr->bSeq;
+ ccid_print_pending_answers(s);
+}
+
+static void ccid_remove_pending_answer(USBCCIDState *s,
+ uint8_t *slot, uint8_t *seq)
+{
+ Answer *answer;
+
+ assert(s->pending_answers_num > 0);
+ s->pending_answers_num--;
+ answer =
+ &s->pending_answers[(s->pending_answers_start++) % PENDING_ANSWERS_NUM];
+ *slot = answer->slot;
+ *seq = answer->seq;
+ ccid_print_pending_answers(s);
+}
+
+static void ccid_bulk_in_clear(USBCCIDState *s)
+{
+ s->bulk_in_pending_start = 0;
+ s->bulk_in_pending_end = 0;
+ s->bulk_in_pending_num = 0;
+}
+
+static void ccid_bulk_in_release(USBCCIDState *s)
+{
+ assert(s->current_bulk_in != NULL);
+ s->current_bulk_in->pos = 0;
+ s->current_bulk_in = NULL;
+}
+
+static void ccid_bulk_in_get(USBCCIDState *s)
+{
+ if (s->current_bulk_in != NULL || s->bulk_in_pending_num == 0) {
+ return;
+ }
+ assert(s->bulk_in_pending_num > 0);
+ s->bulk_in_pending_num--;
+ s->current_bulk_in =
+ &s->bulk_in_pending[(s->bulk_in_pending_start++) % BULK_IN_PENDING_NUM];
+}
+
+static void *ccid_reserve_recv_buf(USBCCIDState *s, uint16_t len)
+{
+ BulkIn *bulk_in;
+
+ DPRINTF(s, D_VERBOSE, "%s: QUEUE: reserve %d bytes\n", __func__, len);
+
+ /* look for an existing element */
+ if (len > BULK_IN_BUF_SIZE) {
+ DPRINTF(s, D_WARN, "usb-ccid.c: %s: len larger then max (%d>%d). "
+ "discarding message.\n",
+ __func__, len, BULK_IN_BUF_SIZE);
+ return NULL;
+ }
+ if (s->bulk_in_pending_num >= BULK_IN_PENDING_NUM) {
+ DPRINTF(s, D_WARN, "usb-ccid.c: %s: No free bulk_in buffers. "
+ "discarding message.\n", __func__);
+ return NULL;
+ }
+ bulk_in =
+ &s->bulk_in_pending[(s->bulk_in_pending_end++) % BULK_IN_PENDING_NUM];
+ s->bulk_in_pending_num++;
+ bulk_in->len = len;
+ return bulk_in->data;
+}
+
+static void ccid_reset(USBCCIDState *s)
+{
+ ccid_bulk_in_clear(s);
+ ccid_clear_pending_answers(s);
+}
+
+static void ccid_detach(USBCCIDState *s)
+{
+ ccid_reset(s);
+}
+
+static void ccid_handle_reset(USBDevice *dev)
+{
+ USBCCIDState *s = DO_UPCAST(USBCCIDState, dev, dev);
+
+ DPRINTF(s, 1, "Reset\n");
+
+ ccid_reset(s);
+}
+
+static int ccid_handle_control(USBDevice *dev, int request, int value,
+ int index, int length, uint8_t *data)
+{
+ USBCCIDState *s = DO_UPCAST(USBCCIDState, dev, dev);
+ int ret = 0;
+
+ DPRINTF(s, 1, "got control %x, value %x\n", request, value);
+ switch (request) {
+ case DeviceRequest | USB_REQ_GET_STATUS:
+ data[0] = (1 << USB_DEVICE_SELF_POWERED) |
+ (dev->remote_wakeup << USB_DEVICE_REMOTE_WAKEUP);
+ data[1] = 0x00;
+ ret = 2;
+ break;
+ case DeviceOutRequest | USB_REQ_CLEAR_FEATURE:
+ if (value == USB_DEVICE_REMOTE_WAKEUP) {
+ dev->remote_wakeup = 0;
+ } else {
+ goto fail;
+ }
+ ret = 0;
+ break;
+ case DeviceOutRequest | USB_REQ_SET_FEATURE:
+ if (value == USB_DEVICE_REMOTE_WAKEUP) {
+ dev->remote_wakeup = 1;
+ } else {
+ goto fail;
+ }
+ ret = 0;
+ break;
+ case DeviceOutRequest | USB_REQ_SET_ADDRESS:
+ dev->addr = value;
+ ret = 0;
+ break;
+ case DeviceRequest | USB_REQ_GET_DESCRIPTOR:
+ switch (value >> 8) {
+ case USB_DT_DEVICE:
+ memcpy(data, qemu_ccid_dev_descriptor,
+ sizeof(qemu_ccid_dev_descriptor));
+ ret = sizeof(qemu_ccid_dev_descriptor);
+ break;
+ case USB_DT_CONFIG:
+ memcpy(data, qemu_ccid_config_descriptor,
+ sizeof(qemu_ccid_config_descriptor));
+ ret = sizeof(qemu_ccid_config_descriptor);
+ break;
+ case USB_DT_STRING:
+ switch (value & 0xff) {
+ case 0:
+ /* language ids */
+ data[0] = 4;
+ data[1] = 3;
+ data[2] = 0x09;
+ data[3] = 0x04;
+ ret = 4;
+ break;
+ case 1:
+ /* vendor description */
+ ret = set_usb_string(data, CCID_VENDOR_DESCRIPTION);
+ break;
+ case 2:
+ /* product description */
+ ret = set_usb_string(data, CCID_PRODUCT_DESCRIPTION);
+ break;
+ case 3:
+ /* serial number */
+ ret = set_usb_string(data, CCID_SERIAL_NUMBER_STRING);
+ break;
+ case 4:
+ /* interface name */
+ ret = set_usb_string(data, CCID_INTERFACE_NAME);
+ break;
+ default:
+ goto fail;
+ }
+ break;
+ default:
+ goto fail;
+ }
+ break;
+ case DeviceRequest | USB_REQ_GET_CONFIGURATION:
+ data[0] = 1;
+ ret = 1;
+ break;
+ case DeviceOutRequest | USB_REQ_SET_CONFIGURATION:
+ /* Only one configuration - we just ignore the request */
+ ret = 0;
+ break;
+ case DeviceRequest | USB_REQ_GET_INTERFACE:
+ data[0] = 0;
+ ret = 1;
+ break;
+ case InterfaceOutRequest | USB_REQ_SET_INTERFACE:
+ ret = 0;
+ break;
+ case EndpointOutRequest | USB_REQ_CLEAR_FEATURE:
+ ret = 0;
+ break;
+
+ /* Class specific requests. */
+ case InterfaceOutClass | CCID_CONTROL_ABORT:
+ DPRINTF(s, 1, "ccid_control abort UNIMPLEMENTED\n");
+ ret = USB_RET_STALL;
+ break;
+ case InterfaceInClass | CCID_CONTROL_GET_CLOCK_FREQUENCIES:
+ DPRINTF(s, 1, "ccid_control get clock frequencies UNIMPLEMENTED\n");
+ ret = USB_RET_STALL;
+ break;
+ case InterfaceInClass | CCID_CONTROL_GET_DATA_RATES:
+ DPRINTF(s, 1, "ccid_control get data rates UNIMPLEMENTED\n");
+ ret = USB_RET_STALL;
+ break;
+ default:
+fail:
+ DPRINTF(s, 1, "got unsupported/bogus control %x, value %x\n",
+ request, value);
+ ret = USB_RET_STALL;
+ break;
+ }
+ return ret;
+}
+
+static bool ccid_card_inserted(USBCCIDState *s)
+{
+ return s->bmSlotICCState & SLOT_0_STATE_MASK;
+}
+
+static uint8_t ccid_card_status(USBCCIDState *s)
+{
+ return ccid_card_inserted(s)
+ ? (s->powered ?
+ ICC_STATUS_PRESENT_ACTIVE
+ : ICC_STATUS_PRESENT_INACTIVE
+ )
+ : ICC_STATUS_NOT_PRESENT;
+}
+
+static uint8_t ccid_calc_status(USBCCIDState *s)
+{
+ /*
+ * page 55, 6.2.6, calculation of bStatus from bmICCStatus and
+ * bmCommandStatus
+ */
+ uint8_t ret = ccid_card_status(s) | (s->bmCommandStatus << 6);
+ DPRINTF(s, D_VERBOSE, "status = %d\n", ret);
+ return ret;
+}
+
+static void ccid_reset_error_status(USBCCIDState *s)
+{
+ s->bError = ERROR_CMD_NOT_SUPPORTED;
+ s->bmCommandStatus = COMMAND_STATUS_NO_ERROR;
+}
+
+static void ccid_write_slot_status(USBCCIDState *s, CCID_Header *recv)
+{
+ CCID_SlotStatus *h = ccid_reserve_recv_buf(s, sizeof(CCID_SlotStatus));
+ if (h == NULL) {
+ return;
+ }
+ h->b.hdr.bMessageType = CCID_MESSAGE_TYPE_RDR_to_PC_SlotStatus;
+ h->b.hdr.dwLength = 0;
+ h->b.hdr.bSlot = recv->bSlot;
+ h->b.hdr.bSeq = recv->bSeq;
+ h->b.bStatus = ccid_calc_status(s);
+ h->b.bError = s->bError;
+ h->bClockStatus = CLOCK_STATUS_RUNNING;
+ ccid_reset_error_status(s);
+}
+
+static void ccid_write_parameters(USBCCIDState *s, CCID_Header *recv)
+{
+ CCID_Parameter *h;
+ uint32_t len = s->ulProtocolDataStructureSize;
+
+ h = ccid_reserve_recv_buf(s, sizeof(CCID_Parameter) + len);
+ if (h == NULL) {
+ return;
+ }
+ h->b.hdr.bMessageType = CCID_MESSAGE_TYPE_RDR_to_PC_Parameters;
+ h->b.hdr.dwLength = 0;
+ h->b.hdr.bSlot = recv->bSlot;
+ h->b.hdr.bSeq = recv->bSeq;
+ h->b.bStatus = ccid_calc_status(s);
+ h->b.bError = s->bError;
+ h->bProtocolNum = s->bProtocolNum;
+ memcpy(h->abProtocolDataStructure, s->abProtocolDataStructure, len);
+ ccid_reset_error_status(s);
+}
+
+static void ccid_write_data_block(USBCCIDState *s, uint8_t slot, uint8_t seq,
+ const uint8_t *data, uint32_t len)
+{
+ CCID_DataBlock *p = ccid_reserve_recv_buf(s, sizeof(*p) + len);
+
+ if (p == NULL) {
+ return;
+ }
+ p->b.hdr.bMessageType = CCID_MESSAGE_TYPE_RDR_to_PC_DataBlock;
+ p->b.hdr.dwLength = cpu_to_le32(len);
+ p->b.hdr.bSlot = slot;
+ p->b.hdr.bSeq = seq;
+ p->b.bStatus = ccid_calc_status(s);
+ p->b.bError = s->bError;
+ if (p->b.bError) {
+ DPRINTF(s, D_VERBOSE, "error %d", p->b.bError);
+ }
+ memcpy(p->abData, data, len);
+ ccid_reset_error_status(s);
+}
+
+static void ccid_write_data_block_answer(USBCCIDState *s,
+ const uint8_t *data, uint32_t len)
+{
+ uint8_t seq;
+ uint8_t slot;
+
+ if (!ccid_has_pending_answers(s)) {
+ abort();
+ }
+ ccid_remove_pending_answer(s, &slot, &seq);
+ ccid_write_data_block(s, slot, seq, data, len);
+}
+
+static void ccid_write_data_block_atr(USBCCIDState *s, CCID_Header *recv)
+{
+ const uint8_t *atr = NULL;
+ uint32_t len = 0;
+
+ if (s->card) {
+ atr = s->cardinfo->get_atr(s->card, &len);
+ }
+ ccid_write_data_block(s, recv->bSlot, recv->bSeq, atr, len);
+}
+
+static void ccid_set_parameters(USBCCIDState *s, CCID_Header *recv)
+{
+ CCID_SetParameters *ph = (CCID_SetParameters *) recv;
+ uint32_t len = 0;
+ if ((ph->bProtocolNum & 3) == 0) {
+ len = 5;
+ }
+ if ((ph->bProtocolNum & 3) == 1) {
+ len = 7;
+ }
+ if (len == 0) {
+ s->bmCommandStatus = COMMAND_STATUS_FAILED;
+ s->bError = 7; /* Protocol invalid or not supported */
+ return;
+ }
+ s->bProtocolNum = ph->bProtocolNum;
+ memcpy(s->abProtocolDataStructure, ph->abProtocolDataStructure, len);
+ s->ulProtocolDataStructureSize = len;
+ DPRINTF(s, 1, "%s: using len %d\n", __func__, len);
+}
+
+/*
+ * must be 5 bytes for T=0, 7 bytes for T=1
+ * See page 52
+ */
+static const uint8_t abDefaultProtocolDataStructure[7] = {
+ 0x77, 0x00, 0x00, 0x00, 0x00, 0xfe /*IFSC*/, 0x00 /*NAD*/ };
+
+static void ccid_reset_parameters(USBCCIDState *s)
+{
+ uint32_t len = sizeof(abDefaultProtocolDataStructure);
+
+ s->bProtocolNum = 1; /* T=1 */
+ s->ulProtocolDataStructureSize = len;
+ memcpy(s->abProtocolDataStructure, abDefaultProtocolDataStructure, len);
+}
+
+static void ccid_report_error_failed(USBCCIDState *s, uint8_t error)
+{
+ s->bmCommandStatus = COMMAND_STATUS_FAILED;
+ s->bError = error;
+}
+
+/* NOTE: only a single slot is supported (SLOT_0) */
+static void ccid_on_slot_change(USBCCIDState *s, bool full)
+{
+ /* RDR_to_PC_NotifySlotChange, 6.3.1 page 56 */
+ uint8_t current = s->bmSlotICCState;
+ if (full) {
+ s->bmSlotICCState |= SLOT_0_STATE_MASK;
+ } else {
+ s->bmSlotICCState &= ~SLOT_0_STATE_MASK;
+ }
+ if (current != s->bmSlotICCState) {
+ s->bmSlotICCState |= SLOT_0_CHANGED_MASK;
+ }
+ s->notify_slot_change = true;
+}
+
+static void ccid_write_data_block_error(
+ USBCCIDState *s, uint8_t slot, uint8_t seq)
+{
+ ccid_write_data_block(s, slot, seq, NULL, 0);
+}
+
+static void ccid_on_apdu_from_guest(USBCCIDState *s, CCID_XferBlock *recv)
+{
+ uint32_t len;
+
+ if (ccid_card_status(s) != ICC_STATUS_PRESENT_ACTIVE) {
+ DPRINTF(s, 1,
+ "usb-ccid: not sending apdu to client, no card connected\n");
+ ccid_write_data_block_error(s, recv->hdr.bSlot, recv->hdr.bSeq);
+ return;
+ }
+ len = le32_to_cpu(recv->hdr.dwLength);
+ DPRINTF(s, 1, "%s: seq %d, len %d\n", __func__,
+ recv->hdr.bSeq, len);
+ ccid_add_pending_answer(s, (CCID_Header *)recv);
+ if (s->card) {
+ s->cardinfo->apdu_from_guest(s->card, recv->abData, len);
+ } else {
+ DPRINTF(s, D_WARN, "warning: discarded apdu\n");
+ }
+}
+
+/*
+ * Handle a single USB_TOKEN_OUT, return value returned to guest.
+ * Return value:
+ * 0 - all ok
+ * USB_RET_STALL - failed to handle packet
+ */
+static int ccid_handle_bulk_out(USBCCIDState *s, USBPacket *p)
+{
+ CCID_Header *ccid_header;
+
+ if (p->len + s->bulk_out_pos > BULK_OUT_DATA_SIZE) {
+ return USB_RET_STALL;
+ }
+ ccid_header = (CCID_Header *)s->bulk_out_data;
+ memcpy(s->bulk_out_data + s->bulk_out_pos, p->data, p->len);
+ s->bulk_out_pos += p->len;
+ if (p->len == CCID_MAX_PACKET_SIZE) {
+ DPRINTF(s, D_VERBOSE,
+ "usb-ccid: bulk_in: expecting more packets (%d/%d)\n",
+ p->len, ccid_header->dwLength);
+ return 0;
+ }
+ if (s->bulk_out_pos < 10) {
+ DPRINTF(s, 1,
+ "%s: bad USB_TOKEN_OUT length, should be at least 10 bytes\n",
+ __func__);
+ } else {
+ DPRINTF(s, D_MORE_INFO, "%s %x\n", __func__, ccid_header->bMessageType);
+ switch (ccid_header->bMessageType) {
+ case CCID_MESSAGE_TYPE_PC_to_RDR_GetSlotStatus:
+ ccid_write_slot_status(s, ccid_header);
+ break;
+ case CCID_MESSAGE_TYPE_PC_to_RDR_IccPowerOn:
+ DPRINTF(s, 1, "PowerOn: %d\n",
+ ((CCID_IccPowerOn *)(ccid_header))->bPowerSelect);
+ s->powered = true;
+ if (!ccid_card_inserted(s)) {
+ ccid_report_error_failed(s, ERROR_ICC_MUTE);
+ }
+ /* atr is written regardless of error. */
+ ccid_write_data_block_atr(s, ccid_header);
+ break;
+ case CCID_MESSAGE_TYPE_PC_to_RDR_IccPowerOff:
+ DPRINTF(s, 1, "PowerOff\n");
+ ccid_reset_error_status(s);
+ s->powered = false;
+ ccid_write_slot_status(s, ccid_header);
+ break;
+ case CCID_MESSAGE_TYPE_PC_to_RDR_XfrBlock:
+ ccid_on_apdu_from_guest(s, (CCID_XferBlock *)s->bulk_out_data);
+ break;
+ case CCID_MESSAGE_TYPE_PC_to_RDR_SetParameters:
+ ccid_reset_error_status(s);
+ ccid_set_parameters(s, ccid_header);
+ ccid_write_parameters(s, ccid_header);
+ break;
+ case CCID_MESSAGE_TYPE_PC_to_RDR_ResetParameters:
+ ccid_reset_error_status(s);
+ ccid_reset_parameters(s);
+ ccid_write_parameters(s, ccid_header);
+ break;
+ case CCID_MESSAGE_TYPE_PC_to_RDR_GetParameters:
+ ccid_reset_error_status(s);
+ ccid_write_parameters(s, ccid_header);
+ break;
+ default:
+ DPRINTF(s, 1,
+ "handle_data: ERROR: unhandled message type %Xh\n",
+ ccid_header->bMessageType);
+ /*
+ * The caller is expecting the device to respond, tell it we
+ * don't support the operation.
+ */
+ ccid_report_error_failed(s, ERROR_CMD_NOT_SUPPORTED);
+ ccid_write_slot_status(s, ccid_header);
+ break;
+ }
+ }
+ s->bulk_out_pos = 0;
+ return 0;
+}
+
+static int ccid_bulk_in_copy_to_guest(USBCCIDState *s, uint8_t *data, int len)
+{
+ int ret = 0;
+
+ assert(len > 0);
+ ccid_bulk_in_get(s);
+ if (s->current_bulk_in != NULL) {
+ ret = MIN(s->current_bulk_in->len - s->current_bulk_in->pos, len);
+ memcpy(data, s->current_bulk_in->data + s->current_bulk_in->pos, ret);
+ s->current_bulk_in->pos += ret;
+ if (s->current_bulk_in->pos == s->current_bulk_in->len) {
+ ccid_bulk_in_release(s);
+ }
+ } else {
+ /* return when device has no data - usb 2.0 spec Table 8-4 */
+ ret = USB_RET_NAK;
+ }
+ if (ret > 0) {
+ DPRINTF(s, D_MORE_INFO,
+ "%s: %d/%d req/act to guest (BULK_IN)\n", __func__, len, ret);
+ }
+ if (ret != USB_RET_NAK && ret < len) {
+ DPRINTF(s, 1,
+ "%s: returning short (EREMOTEIO) %d < %d\n", __func__, ret, len);
+ }
+ return ret;
+}
+
+static int ccid_handle_data(USBDevice *dev, USBPacket *p)
+{
+ USBCCIDState *s = DO_UPCAST(USBCCIDState, dev, dev);
+ int ret = 0;
+ uint8_t *data = p->data;
+ int len = p->len;
+
+ switch (p->pid) {
+ case USB_TOKEN_OUT:
+ ret = ccid_handle_bulk_out(s, p);
+ break;
+
+ case USB_TOKEN_IN:
+ switch (p->devep & 0xf) {
+ case CCID_BULK_IN_EP:
+ if (!len) {
+ ret = USB_RET_NAK;
+ } else {
+ ret = ccid_bulk_in_copy_to_guest(s, data, len);
+ }
+ break;
+ case CCID_INT_IN_EP:
+ if (s->notify_slot_change) {
+ /* page 56, RDR_to_PC_NotifySlotChange */
+ data[0] = CCID_MESSAGE_TYPE_RDR_to_PC_NotifySlotChange;
+ data[1] = s->bmSlotICCState;
+ ret = 2;
+ s->notify_slot_change = false;
+ s->bmSlotICCState &= ~SLOT_0_CHANGED_MASK;
+ DPRINTF(s, D_INFO,
+ "handle_data: int_in: notify_slot_change %X, "
+ "requested len %d\n",
+ s->bmSlotICCState, len);
+ }
+ break;
+ default:
+ DPRINTF(s, 1, "Bad endpoint\n");
+ break;
+ }
+ break;
+ default:
+ DPRINTF(s, 1, "Bad token\n");
+ ret = USB_RET_STALL;
+ break;
+ }
+
+ return ret;
+}
+
+static void ccid_handle_destroy(USBDevice *dev)
+{
+ USBCCIDState *s = DO_UPCAST(USBCCIDState, dev, dev);
+
+ ccid_bulk_in_clear(s);
+}
+
+static void ccid_flush_pending_answers(USBCCIDState *s)
+{
+ while (ccid_has_pending_answers(s)) {
+ ccid_write_data_block_answer(s, NULL, 0);
+ }
+}
+
+static Answer *ccid_peek_next_answer(USBCCIDState *s)
+{
+ return s->pending_answers_num == 0
+ ? NULL
+ : &s->pending_answers[s->pending_answers_start % PENDING_ANSWERS_NUM];
+}
+
+static void ccid_bus_dev_print(Monitor *mon, DeviceState *qdev, int indent)
+{
+ CCIDCardState *card = DO_UPCAST(CCIDCardState, qdev, qdev);
+ CCIDCardInfo *info = DO_UPCAST(CCIDCardInfo, qdev, qdev->info);
+
+ if (info->print) {
+ info->print(mon, card, indent);
+ }
+}
+
+struct CCIDBus {
+ BusState qbus;
+};
+
+static struct BusInfo ccid_bus_info = {
+ .name = "ccid-bus",
+ .size = sizeof(CCIDBus),
+ .print_dev = ccid_bus_dev_print,
+ .props = (Property[]) {
+ DEFINE_PROP_UINT32("slot", struct CCIDCardState, slot, 0),
+ DEFINE_PROP_END_OF_LIST(),
+ }
+};
+
+static CCIDBus *ccid_bus_new(DeviceState *dev)
+{
+ CCIDBus *bus;
+
+ bus = FROM_QBUS(CCIDBus, qbus_create(&ccid_bus_info, dev, NULL));
+ bus->qbus.allow_hotplug = 1;
+
+ return bus;
+}
+
+void ccid_card_send_apdu_to_guest(CCIDCardState *card,
+ uint8_t *apdu, uint32_t len)
+{
+ USBCCIDState *s = DO_UPCAST(USBCCIDState, dev.qdev,
+ card->qdev.parent_bus->parent);
+ Answer *answer;
+
+ if (!ccid_has_pending_answers(s)) {
+ DPRINTF(s, 1, "CCID ERROR: got an APDU without pending answers\n");
+ return;
+ }
+ s->bmCommandStatus = COMMAND_STATUS_NO_ERROR;
+ answer = ccid_peek_next_answer(s);
+ if (answer == NULL) {
+ abort();
+ }
+ DPRINTF(s, 1, "APDU returned to guest %d (answer seq %d, slot %d)\n",
+ len, answer->seq, answer->slot);
+ ccid_write_data_block_answer(s, apdu, len);
+}
+
+void ccid_card_card_removed(CCIDCardState *card)
+{
+ USBCCIDState *s =
+ DO_UPCAST(USBCCIDState, dev.qdev, card->qdev.parent_bus->parent);
+
+ ccid_on_slot_change(s, false);
+ ccid_flush_pending_answers(s);
+ ccid_reset(s);
+}
+
+int ccid_card_ccid_attach(CCIDCardState *card)
+{
+ USBCCIDState *s =
+ DO_UPCAST(USBCCIDState, dev.qdev, card->qdev.parent_bus->parent);
+
+ DPRINTF(s, 1, "CCID Attach\n");
+ if (s->migration_state == MIGRATION_MIGRATED) {
+ s->migration_state = MIGRATION_NONE;
+ }
+ return 0;
+}
+
+void ccid_card_ccid_detach(CCIDCardState *card)
+{
+ USBCCIDState *s =
+ DO_UPCAST(USBCCIDState, dev.qdev, card->qdev.parent_bus->parent);
+
+ DPRINTF(s, 1, "CCID Detach\n");
+ if (ccid_card_inserted(s)) {
+ ccid_on_slot_change(s, false);
+ }
+ ccid_detach(s);
+}
+
+void ccid_card_card_error(CCIDCardState *card, uint64_t error)
+{
+ USBCCIDState *s =
+ DO_UPCAST(USBCCIDState, dev.qdev, card->qdev.parent_bus->parent);
+
+ s->bmCommandStatus = COMMAND_STATUS_FAILED;
+ s->last_answer_error = error;
+ DPRINTF(s, 1, "VSC_Error: %" PRIX64 "\n", s->last_answer_error);
+ /* TODO: these errors should be more verbose and propagated to the guest.*/
+ /*
+ * We flush all pending answers on CardRemove message in ccid-card-passthru,
+ * so check that first to not trigger abort
+ */
+ if (ccid_has_pending_answers(s)) {
+ ccid_write_data_block_answer(s, NULL, 0);
+ }
+}
+
+void ccid_card_card_inserted(CCIDCardState *card)
+{
+ USBCCIDState *s =
+ DO_UPCAST(USBCCIDState, dev.qdev, card->qdev.parent_bus->parent);
+
+ s->bmCommandStatus = COMMAND_STATUS_NO_ERROR;
+ ccid_flush_pending_answers(s);
+ ccid_on_slot_change(s, true);
+}
+
+static int ccid_card_exit(DeviceState *qdev)
+{
+ int ret = 0;
+ CCIDCardState *card = DO_UPCAST(CCIDCardState, qdev, qdev);
+ CCIDCardInfo *info = DO_UPCAST(CCIDCardInfo, qdev, qdev->info);
+ USBCCIDState *s =
+ DO_UPCAST(USBCCIDState, dev.qdev, card->qdev.parent_bus->parent);
+
+ if (ccid_card_inserted(s)) {
+ ccid_card_card_removed(card);
+ }
+ if (info->exitfn) {
+ ret = info->exitfn(card);
+ }
+ s->card = NULL;
+ s->cardinfo = NULL;
+ return ret;
+}
+
+static int ccid_card_init(DeviceState *qdev, DeviceInfo *base)
+{
+ CCIDCardState *card = DO_UPCAST(CCIDCardState, qdev, qdev);
+ CCIDCardInfo *info = DO_UPCAST(CCIDCardInfo, qdev, base);
+ USBCCIDState *s =
+ DO_UPCAST(USBCCIDState, dev.qdev, card->qdev.parent_bus->parent);
+ int ret = 0;
+
+ if (card->slot != 0) {
+ error_report("Warning: usb-ccid supports one slot, can't add %d",
+ card->slot);
+ return -1;
+ }
+ if (s->card != NULL) {
+ error_report("Warning: usb-ccid card already full, not adding\n");
+ return -1;
+ }
+ ret = info->initfn ? info->initfn(card) : ret;
+ if (ret == 0) {
+ s->card = card;
+ s->cardinfo = info;
+ }
+ return ret;
+}
+
+void ccid_card_qdev_register(CCIDCardInfo *card)
+{
+ card->qdev.bus_info = &ccid_bus_info;
+ card->qdev.init = ccid_card_init;
+ card->qdev.exit = ccid_card_exit;
+ qdev_register(&card->qdev);
+}
+
+static int ccid_initfn(USBDevice *dev)
+{
+ USBCCIDState *s = DO_UPCAST(USBCCIDState, dev, dev);
+
+ s->bus = ccid_bus_new(&dev->qdev);
+ s->card = NULL;
+ s->cardinfo = NULL;
+ s->migration_state = MIGRATION_NONE;
+ s->migration_target_ip = 0;
+ s->migration_target_port = 0;
+ s->dev.speed = USB_SPEED_FULL;
+ s->notify_slot_change = false;
+ s->powered = true;
+ s->pending_answers_num = 0;
+ s->last_answer_error = 0;
+ s->bulk_in_pending_start = 0;
+ s->bulk_in_pending_end = 0;
+ s->current_bulk_in = NULL;
+ ccid_reset_error_status(s);
+ s->bulk_out_pos = 0;
+ ccid_reset_parameters(s);
+ ccid_reset(s);
+ return 0;
+}
+
+static int ccid_post_load(void *opaque, int version_id)
+{
+ USBCCIDState *s = opaque;
+
+ /*
+ * This must be done after usb_device_attach, which sets state to ATTACHED,
+ * while it must be DEFAULT in order to accept packets (like it is after
+ * reset, but reset will reset our addr and call our reset handler which
+ * may change state, and we don't want to do that when migrating).
+ */
+ s->dev.state = s->state_vmstate;
+ return 0;
+}
+
+static void ccid_pre_save(void *opaque)
+{
+ USBCCIDState *s = opaque;
+
+ s->state_vmstate = s->dev.state;
+ if (s->dev.attached) {
+ /*
+ * Migrating an open device, ignore reconnection CHR_EVENT to avoid an
+ * erroneous detach.
+ */
+ s->migration_state = MIGRATION_MIGRATED;
+ }
+}
+
+static VMStateDescription bulk_in_vmstate = {
+ .name = "CCID BulkIn state",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_BUFFER(data, BulkIn),
+ VMSTATE_UINT32(len, BulkIn),
+ VMSTATE_UINT32(pos, BulkIn),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static VMStateDescription answer_vmstate = {
+ .name = "CCID Answer state",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8(slot, Answer),
+ VMSTATE_UINT8(seq, Answer),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static VMStateDescription usb_device_vmstate = {
+ .name = "usb_device",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8(addr, USBDevice),
+ VMSTATE_BUFFER(setup_buf, USBDevice),
+ VMSTATE_BUFFER(data_buf, USBDevice),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static VMStateDescription ccid_vmstate = {
+ .name = CCID_DEV_NAME,
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .post_load = ccid_post_load,
+ .pre_save = ccid_pre_save,
+ .fields = (VMStateField[]) {
+ VMSTATE_STRUCT(dev, USBCCIDState, 1, usb_device_vmstate, USBDevice),
+ VMSTATE_UINT8(debug, USBCCIDState),
+ VMSTATE_BUFFER(bulk_out_data, USBCCIDState),
+ VMSTATE_UINT32(bulk_out_pos, USBCCIDState),
+ VMSTATE_UINT8(bmSlotICCState, USBCCIDState),
+ VMSTATE_UINT8(powered, USBCCIDState),
+ VMSTATE_UINT8(notify_slot_change, USBCCIDState),
+ VMSTATE_UINT64(last_answer_error, USBCCIDState),
+ VMSTATE_UINT8(bError, USBCCIDState),
+ VMSTATE_UINT8(bmCommandStatus, USBCCIDState),
+ VMSTATE_UINT8(bProtocolNum, USBCCIDState),
+ VMSTATE_BUFFER(abProtocolDataStructure, USBCCIDState),
+ VMSTATE_UINT32(ulProtocolDataStructureSize, USBCCIDState),
+ VMSTATE_STRUCT_ARRAY(bulk_in_pending, USBCCIDState,
+ BULK_IN_PENDING_NUM, 1, bulk_in_vmstate, BulkIn),
+ VMSTATE_UINT32(bulk_in_pending_start, USBCCIDState),
+ VMSTATE_UINT32(bulk_in_pending_end, USBCCIDState),
+ VMSTATE_STRUCT_ARRAY(pending_answers, USBCCIDState,
+ PENDING_ANSWERS_NUM, 1, answer_vmstate, Answer),
+ VMSTATE_UINT32(pending_answers_num, USBCCIDState),
+ VMSTATE_UINT8(migration_state, USBCCIDState),
+ VMSTATE_UINT32(state_vmstate, USBCCIDState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static struct USBDeviceInfo ccid_info = {
+ .product_desc = "QEMU USB CCID",
+ .qdev.name = CCID_DEV_NAME,
+ .qdev.desc = "CCID Rev 1.1 smartcard reader",
+ .qdev.size = sizeof(USBCCIDState),
+ .init = ccid_initfn,
+ .handle_packet = usb_generic_handle_packet,
+ .handle_reset = ccid_handle_reset,
+ .handle_control = ccid_handle_control,
+ .handle_data = ccid_handle_data,
+ .handle_destroy = ccid_handle_destroy,
+ .usbdevice_name = "ccid",
+ .qdev.props = (Property[]) {
+ DEFINE_PROP_UINT8("debug", USBCCIDState, debug, 0),
+ DEFINE_PROP_END_OF_LIST(),
+ },
+ .qdev.vmsd = &ccid_vmstate,
+};
+
+static void ccid_register_devices(void)
+{
+ usb_qdev_register(&ccid_info);
+}
+device_init(ccid_register_devices)
diff --git a/hw/usb-hid.c b/hw/usb-hid.c
index c25362c..89c293c 100644
--- a/hw/usb-hid.c
+++ b/hw/usb-hid.c
@@ -26,7 +26,7 @@
#include "console.h"
#include "usb.h"
#include "usb-desc.h"
-#include "sysemu.h"
+#include "qemu-timer.h"
/* HID interface requests */
#define GET_REPORT 0xa101
diff --git a/hw/usb-msd.c b/hw/usb-msd.c
index 76f5b02..947fd3f 100644
--- a/hw/usb-msd.c
+++ b/hw/usb-msd.c
@@ -33,7 +33,7 @@ do { printf("usb-msd: " fmt , ## __VA_ARGS__); } while (0)
enum USBMSDMode {
USB_MSDM_CBW, /* Command Block. */
- USB_MSDM_DATAOUT, /* Tranfer data to device. */
+ USB_MSDM_DATAOUT, /* Transfer data to device. */
USB_MSDM_DATAIN, /* Transfer data from device. */
USB_MSDM_CSW /* Command Status. */
};
@@ -253,7 +253,7 @@ static void usb_msd_command_complete(SCSIBus *bus, int reason, uint32_t tag,
usb_msd_copy_data(s);
if (s->usb_len == 0) {
/* Set s->packet to NULL before calling usb_packet_complete
- because annother request may be issued before
+ because another request may be issued before
usb_packet_complete returns. */
DPRINTF("Packet complete %p\n", p);
s->packet = NULL;
diff --git a/hw/usb-ohci.c b/hw/usb-ohci.c
index 73d47b8..d21c820 100644
--- a/hw/usb-ohci.c
+++ b/hw/usb-ohci.c
@@ -427,7 +427,7 @@ static inline int get_dwords(OHCIState *ohci,
addr += ohci->localmem_base;
for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
- cpu_physical_memory_rw(addr, (uint8_t *)buf, sizeof(*buf), 0);
+ cpu_physical_memory_read(addr, buf, sizeof(*buf));
*buf = le32_to_cpu(*buf);
}
@@ -444,7 +444,7 @@ static inline int put_dwords(OHCIState *ohci,
for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
uint32_t tmp = cpu_to_le32(*buf);
- cpu_physical_memory_rw(addr, (uint8_t *)&tmp, sizeof(tmp), 1);
+ cpu_physical_memory_write(addr, &tmp, sizeof(tmp));
}
return 1;
@@ -459,7 +459,7 @@ static inline int get_words(OHCIState *ohci,
addr += ohci->localmem_base;
for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
- cpu_physical_memory_rw(addr, (uint8_t *)buf, sizeof(*buf), 0);
+ cpu_physical_memory_read(addr, buf, sizeof(*buf));
*buf = le16_to_cpu(*buf);
}
@@ -476,7 +476,7 @@ static inline int put_words(OHCIState *ohci,
for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
uint16_t tmp = cpu_to_le16(*buf);
- cpu_physical_memory_rw(addr, (uint8_t *)&tmp, sizeof(tmp), 1);
+ cpu_physical_memory_write(addr, &tmp, sizeof(tmp));
}
return 1;
@@ -504,8 +504,7 @@ static inline int ohci_read_iso_td(OHCIState *ohci,
static inline int ohci_read_hcca(OHCIState *ohci,
uint32_t addr, struct ohci_hcca *hcca)
{
- cpu_physical_memory_rw(addr + ohci->localmem_base,
- (uint8_t *)hcca, sizeof(*hcca), 0);
+ cpu_physical_memory_read(addr + ohci->localmem_base, hcca, sizeof(*hcca));
return 1;
}
@@ -531,8 +530,7 @@ static inline int ohci_put_iso_td(OHCIState *ohci,
static inline int ohci_put_hcca(OHCIState *ohci,
uint32_t addr, struct ohci_hcca *hcca)
{
- cpu_physical_memory_rw(addr + ohci->localmem_base,
- (uint8_t *)hcca, sizeof(*hcca), 1);
+ cpu_physical_memory_write(addr + ohci->localmem_base, hcca, sizeof(*hcca));
return 1;
}
diff --git a/hw/versatilepb.c b/hw/versatilepb.c
index 9f1bfcf..46b6a3f 100644
--- a/hw/versatilepb.c
+++ b/hw/versatilepb.c
@@ -223,7 +223,7 @@ static void versatile_init(ram_addr_t ram_size,
for(n = 0; n < nb_nics; n++) {
nd = &nd_table[n];
- if ((!nd->model && !done_smc) || strcmp(nd->model, "smc91c111") == 0) {
+ if (!done_smc && (!nd->model || strcmp(nd->model, "smc91c111") == 0)) {
smc91c111_init(nd, 0x10010000, sic[25]);
done_smc = 1;
} else {
diff --git a/hw/vexpress.c b/hw/vexpress.c
new file mode 100644
index 0000000..9ffd332
--- /dev/null
+++ b/hw/vexpress.c
@@ -0,0 +1,224 @@
+/*
+ * ARM Versatile Express emulation.
+ *
+ * Copyright (c) 2010 - 2011 B Labs Ltd.
+ * Copyright (c) 2011 Linaro Limited
+ * Written by Bahadir Balban, Amit Mahajan, Peter Maydell
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "sysbus.h"
+#include "arm-misc.h"
+#include "primecell.h"
+#include "devices.h"
+#include "net.h"
+#include "sysemu.h"
+#include "boards.h"
+
+#define SMP_BOOT_ADDR 0xe0000000
+
+#define VEXPRESS_BOARD_ID 0x8e0
+
+static struct arm_boot_info vexpress_binfo = {
+ .smp_loader_start = SMP_BOOT_ADDR,
+};
+
+static void vexpress_a9_init(ram_addr_t ram_size,
+ const char *boot_device,
+ const char *kernel_filename, const char *kernel_cmdline,
+ const char *initrd_filename, const char *cpu_model)
+{
+ CPUState *env = NULL;
+ ram_addr_t ram_offset, vram_offset, sram_offset;
+ DeviceState *dev, *sysctl;
+ SysBusDevice *busdev;
+ qemu_irq *irqp;
+ qemu_irq pic[64];
+ int n;
+ qemu_irq cpu_irq[4];
+ uint32_t proc_id;
+ uint32_t sys_id;
+ ram_addr_t low_ram_size, vram_size, sram_size;
+
+ if (!cpu_model) {
+ cpu_model = "cortex-a9";
+ }
+
+ for (n = 0; n < smp_cpus; n++) {
+ env = cpu_init(cpu_model);
+ if (!env) {
+ fprintf(stderr, "Unable to find CPU definition\n");
+ exit(1);
+ }
+ irqp = arm_pic_init_cpu(env);
+ cpu_irq[n] = irqp[ARM_PIC_CPU_IRQ];
+ }
+
+ if (ram_size > 0x40000000) {
+ /* 1GB is the maximum the address space permits */
+ fprintf(stderr, "vexpress: cannot model more than 1GB RAM\n");
+ exit(1);
+ }
+
+ ram_offset = qemu_ram_alloc(NULL, "vexpress.highmem", ram_size);
+ low_ram_size = ram_size;
+ if (low_ram_size > 0x4000000) {
+ low_ram_size = 0x4000000;
+ }
+ /* RAM is from 0x60000000 upwards. The bottom 64MB of the
+ * address space should in theory be remappable to various
+ * things including ROM or RAM; we always map the RAM there.
+ */
+ cpu_register_physical_memory(0x0, low_ram_size, ram_offset | IO_MEM_RAM);
+ cpu_register_physical_memory(0x60000000, ram_size,
+ ram_offset | IO_MEM_RAM);
+
+ /* 0x1e000000 A9MPCore (SCU) private memory region */
+ dev = qdev_create(NULL, "a9mpcore_priv");
+ qdev_prop_set_uint32(dev, "num-cpu", smp_cpus);
+ qdev_init_nofail(dev);
+ busdev = sysbus_from_qdev(dev);
+ vexpress_binfo.smp_priv_base = 0x1e000000;
+ sysbus_mmio_map(busdev, 0, vexpress_binfo.smp_priv_base);
+ for (n = 0; n < smp_cpus; n++) {
+ sysbus_connect_irq(busdev, n, cpu_irq[n]);
+ }
+ /* Interrupts [42:0] are from the motherboard;
+ * [47:43] are reserved; [63:48] are daughterboard
+ * peripherals. Note that some documentation numbers
+ * external interrupts starting from 32 (because the
+ * A9MP has internal interrupts 0..31).
+ */
+ for (n = 0; n < 64; n++) {
+ pic[n] = qdev_get_gpio_in(dev, n);
+ }
+
+ /* Motherboard peripherals CS7 : 0x10000000 .. 0x10020000 */
+ sys_id = 0x1190f500;
+ proc_id = 0x0c000191;
+
+ /* 0x10000000 System registers */
+ sysctl = qdev_create(NULL, "realview_sysctl");
+ qdev_prop_set_uint32(sysctl, "sys_id", sys_id);
+ qdev_init_nofail(sysctl);
+ qdev_prop_set_uint32(sysctl, "proc_id", proc_id);
+ sysbus_mmio_map(sysbus_from_qdev(sysctl), 0, 0x10000000);
+
+ /* 0x10001000 SP810 system control */
+ /* 0x10002000 serial bus PCI */
+ /* 0x10004000 PL041 audio */
+
+ dev = sysbus_create_varargs("pl181", 0x10005000, pic[9], pic[10], NULL);
+ /* Wire up MMC card detect and read-only signals */
+ qdev_connect_gpio_out(dev, 0,
+ qdev_get_gpio_in(sysctl, ARM_SYSCTL_GPIO_MMC_WPROT));
+ qdev_connect_gpio_out(dev, 1,
+ qdev_get_gpio_in(sysctl, ARM_SYSCTL_GPIO_MMC_CARDIN));
+
+ sysbus_create_simple("pl050_keyboard", 0x10006000, pic[12]);
+ sysbus_create_simple("pl050_mouse", 0x10007000, pic[13]);
+
+ sysbus_create_simple("pl011", 0x10009000, pic[5]);
+ sysbus_create_simple("pl011", 0x1000a000, pic[6]);
+ sysbus_create_simple("pl011", 0x1000b000, pic[7]);
+ sysbus_create_simple("pl011", 0x1000c000, pic[8]);
+
+ /* 0x1000f000 SP805 WDT */
+
+ sysbus_create_simple("sp804", 0x10011000, pic[2]);
+ sysbus_create_simple("sp804", 0x10012000, pic[3]);
+
+ /* 0x10016000 Serial Bus DVI */
+
+ sysbus_create_simple("pl031", 0x10017000, pic[4]); /* RTC */
+
+ /* 0x1001a000 Compact Flash */
+
+ /* 0x1001f000 PL111 CLCD (motherboard) */
+
+ /* Daughterboard peripherals : 0x10020000 .. 0x20000000 */
+
+ /* 0x10020000 PL111 CLCD (daughterboard) */
+ sysbus_create_simple("pl110", 0x10020000, pic[44]);
+
+ /* 0x10060000 AXI RAM */
+ /* 0x100e0000 PL341 Dynamic Memory Controller */
+ /* 0x100e1000 PL354 Static Memory Controller */
+ /* 0x100e2000 System Configuration Controller */
+
+ sysbus_create_simple("sp804", 0x100e4000, pic[48]);
+ /* 0x100e5000 SP805 Watchdog module */
+ /* 0x100e6000 BP147 TrustZone Protection Controller */
+ /* 0x100e9000 PL301 'Fast' AXI matrix */
+ /* 0x100ea000 PL301 'Slow' AXI matrix */
+ /* 0x100ec000 TrustZone Address Space Controller */
+ /* 0x10200000 CoreSight debug APB */
+ /* 0x1e00a000 PL310 L2 Cache Controller */
+
+ /* CS0: NOR0 flash : 0x40000000 .. 0x44000000 */
+ /* CS4: NOR1 flash : 0x44000000 .. 0x48000000 */
+ /* CS2: SRAM : 0x48000000 .. 0x4a000000 */
+ sram_size = 0x2000000;
+ sram_offset = qemu_ram_alloc(NULL, "vexpress.sram", sram_size);
+ cpu_register_physical_memory(0x48000000, sram_size,
+ sram_offset | IO_MEM_RAM);
+
+ /* CS3: USB, ethernet, VRAM : 0x4c000000 .. 0x50000000 */
+
+ /* 0x4c000000 Video RAM */
+ vram_size = 0x800000;
+ vram_offset = qemu_ram_alloc(NULL, "vexpress.vram", vram_size);
+ cpu_register_physical_memory(0x4c000000, vram_size,
+ vram_offset | IO_MEM_RAM);
+
+ /* 0x4e000000 LAN9118 Ethernet */
+ if (nd_table[0].vlan) {
+ lan9118_init(&nd_table[0], 0x4e000000, pic[15]);
+ }
+
+ /* 0x4f000000 ISP1761 USB */
+
+ /* ??? Hack to map an additional page of ram for the secondary CPU
+ startup code. I guess this works on real hardware because the
+ BootROM happens to be in ROM/flash or in memory that isn't clobbered
+ until after Linux boots the secondary CPUs. */
+ ram_offset = qemu_ram_alloc(NULL, "vexpress.hack", 0x1000);
+ cpu_register_physical_memory(SMP_BOOT_ADDR, 0x1000,
+ ram_offset | IO_MEM_RAM);
+
+ vexpress_binfo.ram_size = ram_size;
+ vexpress_binfo.kernel_filename = kernel_filename;
+ vexpress_binfo.kernel_cmdline = kernel_cmdline;
+ vexpress_binfo.initrd_filename = initrd_filename;
+ vexpress_binfo.nb_cpus = smp_cpus;
+ vexpress_binfo.board_id = VEXPRESS_BOARD_ID;
+ vexpress_binfo.loader_start = 0x60000000;
+ arm_load_kernel(first_cpu, &vexpress_binfo);
+}
+
+
+static QEMUMachine vexpress_a9_machine = {
+ .name = "vexpress-a9",
+ .desc = "ARM Versatile Express for Cortex-A9",
+ .init = vexpress_a9_init,
+ .use_scsi = 1,
+ .max_cpus = 4,
+};
+
+static void vexpress_machine_init(void)
+{
+ qemu_register_machine(&vexpress_a9_machine);
+}
+
+machine_init(vexpress_machine_init);
diff --git a/hw/virtio-balloon.c b/hw/virtio-balloon.c
index 8adddea..70a8710 100644
--- a/hw/virtio-balloon.c
+++ b/hw/virtio-balloon.c
@@ -15,7 +15,6 @@
#include "qemu-common.h"
#include "virtio.h"
#include "pc.h"
-#include "sysemu.h"
#include "cpu.h"
#include "monitor.h"
#include "balloon.h"
@@ -191,7 +190,7 @@ static void virtio_balloon_set_config(VirtIODevice *vdev,
VirtIOBalloon *dev = to_virtio_balloon(vdev);
struct virtio_balloon_config config;
memcpy(&config, config_data, 8);
- dev->actual = config.actual;
+ dev->actual = le32_to_cpu(config.actual);
}
static uint32_t virtio_balloon_get_features(VirtIODevice *vdev, uint32_t f)
diff --git a/hw/virtio-blk.c b/hw/virtio-blk.c
index b14fb99..91e0394 100644
--- a/hw/virtio-blk.c
+++ b/hw/virtio-blk.c
@@ -290,6 +290,10 @@ static void virtio_blk_handle_write(VirtIOBlockReq *req, MultiReqBuffer *mrb)
virtio_blk_rw_complete(req, -EIO);
return;
}
+ if (req->qiov.size % req->dev->conf->logical_block_size) {
+ virtio_blk_rw_complete(req, -EIO);
+ return;
+ }
if (mrb->num_writes == 32) {
virtio_submit_multiwrite(req->dev->bs, mrb);
@@ -317,6 +321,10 @@ static void virtio_blk_handle_read(VirtIOBlockReq *req)
virtio_blk_rw_complete(req, -EIO);
return;
}
+ if (req->qiov.size % req->dev->conf->logical_block_size) {
+ virtio_blk_rw_complete(req, -EIO);
+ return;
+ }
acb = bdrv_aio_readv(req->dev->bs, sector, &req->qiov,
req->qiov.size / BDRV_SECTOR_SIZE,
diff --git a/hw/virtio-console.c b/hw/virtio-console.c
index 6b5237b..de539c4 100644
--- a/hw/virtio-console.c
+++ b/hw/virtio-console.c
@@ -28,6 +28,22 @@ static ssize_t flush_buf(VirtIOSerialPort *port, const uint8_t *buf, size_t len)
return qemu_chr_write(vcon->chr, buf, len);
}
+/* Callback function that's called when the guest opens the port */
+static void guest_open(VirtIOSerialPort *port)
+{
+ VirtConsole *vcon = DO_UPCAST(VirtConsole, port, port);
+
+ qemu_chr_guest_open(vcon->chr);
+}
+
+/* Callback function that's called when the guest closes the port */
+static void guest_close(VirtIOSerialPort *port)
+{
+ VirtConsole *vcon = DO_UPCAST(VirtConsole, port, port);
+
+ qemu_chr_guest_close(vcon->chr);
+}
+
/* Readiness of the guest to accept data on a port */
static int chr_can_read(void *opaque)
{
@@ -64,6 +80,8 @@ static int generic_port_init(VirtConsole *vcon, VirtIOSerialPort *port)
qemu_chr_add_handlers(vcon->chr, chr_can_read, chr_read, chr_event,
vcon);
vcon->port.info->have_data = flush_buf;
+ vcon->port.info->guest_open = guest_open;
+ vcon->port.info->guest_close = guest_close;
}
return 0;
}
diff --git a/hw/virtio-pci.c b/hw/virtio-pci.c
index df10703..c19629d 100644
--- a/hw/virtio-pci.c
+++ b/hw/virtio-pci.c
@@ -873,10 +873,11 @@ static PCIDeviceInfo virtio_info[] = {
.qdev.reset = virtio_pci_reset,
},{
.qdev.name = "virtio-net-pci",
+ .qdev.alias = "virtio-net",
.qdev.size = sizeof(VirtIOPCIProxy),
.init = virtio_net_init_pci,
.exit = virtio_net_exit_pci,
- .romfile = "pxe-virtio.bin",
+ .romfile = "pxe-virtio.rom",
.qdev.props = (Property[]) {
DEFINE_PROP_BIT("ioeventfd", VirtIOPCIProxy, flags,
VIRTIO_PCI_FLAG_USE_IOEVENTFD_BIT, false),
@@ -911,6 +912,7 @@ static PCIDeviceInfo virtio_info[] = {
.qdev.reset = virtio_pci_reset,
},{
.qdev.name = "virtio-balloon-pci",
+ .qdev.alias = "virtio-balloon",
.qdev.size = sizeof(VirtIOPCIProxy),
.init = virtio_balloon_init_pci,
.exit = virtio_exit_pci,
@@ -922,6 +924,7 @@ static PCIDeviceInfo virtio_info[] = {
},{
#ifdef CONFIG_VIRTFS
.qdev.name = "virtio-9p-pci",
+ .qdev.alias = "virtio-9p",
.qdev.size = sizeof(VirtIOPCIProxy),
.init = virtio_9p_init_pci,
.qdev.props = (Property[]) {
diff --git a/hw/virtio-serial-bus.c b/hw/virtio-serial-bus.c
index 6227379..f10d48f 100644
--- a/hw/virtio-serial-bus.c
+++ b/hw/virtio-serial-bus.c
@@ -494,7 +494,7 @@ static void virtio_serial_save(QEMUFile *f, void *opaque)
VirtIOSerial *s = opaque;
VirtIOSerialPort *port;
uint32_t nr_active_ports;
- unsigned int i;
+ unsigned int i, max_nr_ports;
/* The virtio device */
virtio_save(&s->vdev, f);
@@ -506,8 +506,8 @@ static void virtio_serial_save(QEMUFile *f, void *opaque)
qemu_put_be32s(f, &s->config.max_nr_ports);
/* The ports map */
-
- for (i = 0; i < (s->config.max_nr_ports + 31) / 32; i++) {
+ max_nr_ports = tswap32(s->config.max_nr_ports);
+ for (i = 0; i < (max_nr_ports + 31) / 32; i++) {
qemu_put_be32s(f, &s->ports_map[i]);
}
@@ -568,7 +568,8 @@ static int virtio_serial_load(QEMUFile *f, void *opaque, int version_id)
qemu_get_be16s(f, &s->config.rows);
qemu_get_be32s(f, &max_nr_ports);
- if (max_nr_ports > s->config.max_nr_ports) {
+ tswap32s(&max_nr_ports);
+ if (max_nr_ports > tswap32(s->config.max_nr_ports)) {
/* Source could have had more ports than us. Fail migration. */
return -EINVAL;
}
@@ -670,9 +671,10 @@ static void virtser_bus_dev_print(Monitor *mon, DeviceState *qdev, int indent)
/* This function is only used if a port id is not provided by the user */
static uint32_t find_free_port_id(VirtIOSerial *vser)
{
- unsigned int i;
+ unsigned int i, max_nr_ports;
- for (i = 0; i < (vser->config.max_nr_ports + 31) / 32; i++) {
+ max_nr_ports = tswap32(vser->config.max_nr_ports);
+ for (i = 0; i < (max_nr_ports + 31) / 32; i++) {
uint32_t map, bit;
map = vser->ports_map[i];
@@ -720,7 +722,7 @@ static int virtser_port_qdev_init(DeviceState *qdev, DeviceInfo *base)
VirtIOSerialPort *port = DO_UPCAST(VirtIOSerialPort, dev, qdev);
VirtIOSerialPortInfo *info = DO_UPCAST(VirtIOSerialPortInfo, qdev, base);
VirtIOSerialBus *bus = DO_UPCAST(VirtIOSerialBus, qbus, qdev->parent_bus);
- int ret;
+ int ret, max_nr_ports;
bool plugging_port0;
port->vser = bus->vser;
@@ -750,9 +752,10 @@ static int virtser_port_qdev_init(DeviceState *qdev, DeviceInfo *base)
}
}
- if (port->id >= port->vser->config.max_nr_ports) {
+ max_nr_ports = tswap32(port->vser->config.max_nr_ports);
+ if (port->id >= max_nr_ports) {
error_report("virtio-serial-bus: Out-of-range port id specified, max. allowed: %u\n",
- port->vser->config.max_nr_ports - 1);
+ max_nr_ports - 1);
return -1;
}
@@ -863,7 +866,7 @@ VirtIODevice *virtio_serial_init(DeviceState *dev, virtio_serial_conf *conf)
vser->ovqs[i] = virtio_add_queue(vdev, 128, handle_output);
}
- vser->config.max_nr_ports = conf->max_virtserial_ports;
+ vser->config.max_nr_ports = tswap32(conf->max_virtserial_ports);
vser->ports_map = qemu_mallocz(((conf->max_virtserial_ports + 31) / 32)
* sizeof(vser->ports_map[0]));
/*
diff --git a/hw/virtio.c b/hw/virtio.c
index 31bd9e3..6e8814c 100644
--- a/hw/virtio.c
+++ b/hw/virtio.c
@@ -16,7 +16,6 @@
#include "trace.h"
#include "qemu-error.h"
#include "virtio.h"
-#include "sysemu.h"
/* The alignment to use between consumer and producer parts of vring.
* x86 pagesize again. */
diff --git a/hw/vmport.c b/hw/vmport.c
index 19010e4..c8aefaa 100644
--- a/hw/vmport.c
+++ b/hw/vmport.c
@@ -24,7 +24,6 @@
#include "hw.h"
#include "isa.h"
#include "pc.h"
-#include "sysemu.h"
#include "kvm.h"
#include "qdev.h"
diff --git a/hw/vt82c686.c b/hw/vt82c686.c
index 818460d..ca8f826 100644
--- a/hw/vt82c686.c
+++ b/hw/vt82c686.c
@@ -156,12 +156,10 @@ static void vt82c686b_write_config(PCIDevice * d, uint32_t address,
typedef struct VT686PMState {
PCIDevice dev;
- uint16_t pmsts;
- uint16_t pmen;
- uint16_t pmcntrl;
+ ACPIPM1EVT pm1a;
+ ACPIPM1CNT pm1_cnt;
APMState apm;
- QEMUTimer *tmr_timer;
- int64_t tmr_overflow_time;
+ ACPIPMTimer tmr;
PMSMBus smb;
uint32_t smb_io_base;
} VT686PMState;
@@ -174,54 +172,25 @@ typedef struct VT686MC97State {
PCIDevice dev;
} VT686MC97State;
-#define RTC_EN (1 << 10)
-#define PWRBTN_EN (1 << 8)
-#define GBL_EN (1 << 5)
-#define TMROF_EN (1 << 0)
-#define SUS_EN (1 << 13)
-
-#define ACPI_ENABLE 0xf1
-#define ACPI_DISABLE 0xf0
-
-static uint32_t get_pmtmr(VT686PMState *s)
-{
- uint32_t d;
- d = muldiv64(qemu_get_clock_ns(vm_clock), PM_TIMER_FREQUENCY, get_ticks_per_sec());
- return d & 0xffffff;
-}
-
-static int get_pmsts(VT686PMState *s)
-{
- int64_t d;
- int pmsts;
- pmsts = s->pmsts;
- d = muldiv64(qemu_get_clock_ns(vm_clock), PM_TIMER_FREQUENCY, get_ticks_per_sec());
- if (d >= s->tmr_overflow_time)
- s->pmsts |= TMROF_EN;
- return pmsts;
-}
-
static void pm_update_sci(VT686PMState *s)
{
int sci_level, pmsts;
- int64_t expire_time;
- pmsts = get_pmsts(s);
- sci_level = (((pmsts & s->pmen) &
- (RTC_EN | PWRBTN_EN | GBL_EN | TMROF_EN)) != 0);
+ pmsts = acpi_pm1_evt_get_sts(&s->pm1a, s->tmr.overflow_time);
+ sci_level = (((pmsts & s->pm1a.en) &
+ (ACPI_BITMASK_RT_CLOCK_ENABLE |
+ ACPI_BITMASK_POWER_BUTTON_ENABLE |
+ ACPI_BITMASK_GLOBAL_LOCK_ENABLE |
+ ACPI_BITMASK_TIMER_ENABLE)) != 0);
qemu_set_irq(s->dev.irq[0], sci_level);
/* schedule a timer interruption if needed */
- if ((s->pmen & TMROF_EN) && !(pmsts & TMROF_EN)) {
- expire_time = muldiv64(s->tmr_overflow_time, get_ticks_per_sec(), PM_TIMER_FREQUENCY);
- qemu_mod_timer(s->tmr_timer, expire_time);
- } else {
- qemu_del_timer(s->tmr_timer);
- }
+ acpi_pm_tmr_update(&s->tmr, (s->pm1a.en & ACPI_BITMASK_TIMER_ENABLE) &&
+ !(pmsts & ACPI_BITMASK_TIMER_STATUS));
}
-static void pm_tmr_timer(void *opaque)
+static void pm_tmr_timer(ACPIPMTimer *tmr)
{
- VT686PMState *s = opaque;
+ VT686PMState *s = container_of(tmr, VT686PMState, tmr);
pm_update_sci(s);
}
@@ -232,39 +201,15 @@ static void pm_ioport_writew(void *opaque, uint32_t addr, uint32_t val)
addr &= 0x0f;
switch (addr) {
case 0x00:
- {
- int64_t d;
- int pmsts;
- pmsts = get_pmsts(s);
- if (pmsts & val & TMROF_EN) {
- /* if TMRSTS is reset, then compute the new overflow time */
- d = muldiv64(qemu_get_clock_ns(vm_clock), PM_TIMER_FREQUENCY, get_ticks_per_sec());
- s->tmr_overflow_time = (d + 0x800000LL) & ~0x7fffffLL;
- }
- s->pmsts &= ~val;
- pm_update_sci(s);
- }
+ acpi_pm1_evt_write_sts(&s->pm1a, &s->tmr, val);
+ pm_update_sci(s);
break;
case 0x02:
- s->pmen = val;
+ s->pm1a.en = val;
pm_update_sci(s);
break;
case 0x04:
- {
- int sus_typ;
- s->pmcntrl = val & ~(SUS_EN);
- if (val & SUS_EN) {
- /* change suspend type */
- sus_typ = (val >> 10) & 3;
- switch (sus_typ) {
- case 0: /* soft power off */
- qemu_system_shutdown_request();
- break;
- default:
- break;
- }
- }
- }
+ acpi_pm1_cnt_write(&s->pm1a, &s->pm1_cnt, val);
break;
default:
break;
@@ -280,13 +225,13 @@ static uint32_t pm_ioport_readw(void *opaque, uint32_t addr)
addr &= 0x0f;
switch (addr) {
case 0x00:
- val = get_pmsts(s);
+ val = acpi_pm1_evt_get_sts(&s->pm1a, s->tmr.overflow_time);
break;
case 0x02:
- val = s->pmen;
+ val = s->pm1a.en;
break;
case 0x04:
- val = s->pmcntrl;
+ val = s->pm1_cnt.cnt;
break;
default:
val = 0;
@@ -310,7 +255,7 @@ static uint32_t pm_ioport_readl(void *opaque, uint32_t addr)
addr &= 0x0f;
switch (addr) {
case 0x08:
- val = get_pmtmr(s);
+ val = acpi_pm_tmr_get(&s->tmr);
break;
default:
val = 0;
@@ -361,12 +306,12 @@ static const VMStateDescription vmstate_acpi = {
.post_load = vmstate_acpi_post_load,
.fields = (VMStateField []) {
VMSTATE_PCI_DEVICE(dev, VT686PMState),
- VMSTATE_UINT16(pmsts, VT686PMState),
- VMSTATE_UINT16(pmen, VT686PMState),
- VMSTATE_UINT16(pmcntrl, VT686PMState),
+ VMSTATE_UINT16(pm1a.sts, VT686PMState),
+ VMSTATE_UINT16(pm1a.en, VT686PMState),
+ VMSTATE_UINT16(pm1_cnt.cnt, VT686PMState),
VMSTATE_STRUCT(apm, VT686PMState, 0, vmstate_apm, APMState),
- VMSTATE_TIMER(tmr_timer, VT686PMState),
- VMSTATE_INT64(tmr_overflow_time, VT686PMState),
+ VMSTATE_TIMER(tmr.timer, VT686PMState),
+ VMSTATE_INT64(tmr.overflow_time, VT686PMState),
VMSTATE_END_OF_LIST()
}
};
@@ -486,7 +431,8 @@ static int vt82c686b_pm_initfn(PCIDevice *dev)
apm_init(&s->apm, NULL, s);
- s->tmr_timer = qemu_new_timer_ns(vm_clock, pm_tmr_timer, s);
+ acpi_pm_tmr_init(&s->tmr, pm_tmr_timer);
+ acpi_pm1_cnt_init(&s->pm1_cnt, NULL);
pm_smbus_init(&s->dev.qdev, &s->smb);
diff --git a/hw/xen_console.c b/hw/xen_console.c
index d2261f4..c6c8163 100644
--- a/hw/xen_console.c
+++ b/hw/xen_console.c
@@ -33,7 +33,6 @@
#include <xenctrl.h>
#include "hw.h"
-#include "sysemu.h"
#include "qemu-char.h"
#include "xen_backend.h"
diff --git a/hw/xen_disk.c b/hw/xen_disk.c
index 445bf03..558bf8a 100644
--- a/hw/xen_disk.c
+++ b/hw/xen_disk.c
@@ -310,7 +310,7 @@ static int ioreq_runio_qemu_sync(struct ioreq *ioreq)
off_t pos;
if (ioreq->req.nr_segments && ioreq_map(ioreq) == -1)
- goto err;
+ goto err_no_map;
if (ioreq->presync)
bdrv_flush(blkdev->bs);
@@ -364,6 +364,9 @@ static int ioreq_runio_qemu_sync(struct ioreq *ioreq)
return 0;
err:
+ ioreq_unmap(ioreq);
+err_no_map:
+ ioreq_finish(ioreq);
ioreq->status = BLKIF_RSP_ERROR;
return -1;
}
@@ -393,7 +396,7 @@ static int ioreq_runio_qemu_aio(struct ioreq *ioreq)
struct XenBlkDev *blkdev = ioreq->blkdev;
if (ioreq->req.nr_segments && ioreq_map(ioreq) == -1)
- goto err;
+ goto err_no_map;
ioreq->aio_inflight++;
if (ioreq->presync)
@@ -427,6 +430,9 @@ static int ioreq_runio_qemu_aio(struct ioreq *ioreq)
return 0;
err:
+ ioreq_unmap(ioreq);
+err_no_map:
+ ioreq_finish(ioreq);
ioreq->status = BLKIF_RSP_ERROR;
return -1;
}
diff --git a/hw/xen_domainbuild.c b/hw/xen_domainbuild.c
index 371c562..4093587 100644
--- a/hw/xen_domainbuild.c
+++ b/hw/xen_domainbuild.c
@@ -1,7 +1,6 @@
#include <signal.h>
#include "xen_backend.h"
#include "xen_domainbuild.h"
-#include "sysemu.h"
#include "qemu-timer.h"
#include "qemu-log.h"
diff --git a/hw/xen_machine_pv.c b/hw/xen_machine_pv.c
index 77a34bf..0d7f73e 100644
--- a/hw/xen_machine_pv.c
+++ b/hw/xen_machine_pv.c
@@ -24,7 +24,6 @@
#include "hw.h"
#include "pc.h"
-#include "sysemu.h"
#include "boards.h"
#include "xen_backend.h"
#include "xen_domainbuild.h"
diff --git a/hw/xenfb.c b/hw/xenfb.c
index da5297b..1db75fb 100644
--- a/hw/xenfb.c
+++ b/hw/xenfb.c
@@ -44,7 +44,6 @@
#include <xen/io/protocols.h>
#include "hw.h"
-#include "sysemu.h"
#include "console.h"
#include "qemu-char.h"
#include "xen_backend.h"
diff --git a/hw/xics.c b/hw/xics.c
new file mode 100644
index 0000000..13a1d25
--- /dev/null
+++ b/hw/xics.c
@@ -0,0 +1,496 @@
+/*
+ * QEMU PowerPC pSeries Logical Partition (aka sPAPR) hardware System Emulator
+ *
+ * PAPR Virtualized Interrupt System, aka ICS/ICP aka xics
+ *
+ * Copyright (c) 2010,2011 David Gibson, IBM Corporation.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ */
+
+#include "hw.h"
+#include "hw/spapr.h"
+#include "hw/xics.h"
+
+#include <pthread.h>
+
+/*
+ * ICP: Presentation layer
+ */
+
+struct icp_server_state {
+ uint32_t xirr;
+ uint8_t pending_priority;
+ uint8_t mfrr;
+ qemu_irq output;
+};
+
+#define XISR_MASK 0x00ffffff
+#define CPPR_MASK 0xff000000
+
+#define XISR(ss) (((ss)->xirr) & XISR_MASK)
+#define CPPR(ss) (((ss)->xirr) >> 24)
+
+struct ics_state;
+
+struct icp_state {
+ long nr_servers;
+ struct icp_server_state *ss;
+ struct ics_state *ics;
+};
+
+static void ics_reject(struct ics_state *ics, int nr);
+static void ics_resend(struct ics_state *ics);
+static void ics_eoi(struct ics_state *ics, int nr);
+
+static void icp_check_ipi(struct icp_state *icp, int server)
+{
+ struct icp_server_state *ss = icp->ss + server;
+
+ if (XISR(ss) && (ss->pending_priority <= ss->mfrr)) {
+ return;
+ }
+
+ if (XISR(ss)) {
+ ics_reject(icp->ics, XISR(ss));
+ }
+
+ ss->xirr = (ss->xirr & ~XISR_MASK) | XICS_IPI;
+ ss->pending_priority = ss->mfrr;
+ qemu_irq_raise(ss->output);
+}
+
+static void icp_resend(struct icp_state *icp, int server)
+{
+ struct icp_server_state *ss = icp->ss + server;
+
+ if (ss->mfrr < CPPR(ss)) {
+ icp_check_ipi(icp, server);
+ }
+ ics_resend(icp->ics);
+}
+
+static void icp_set_cppr(struct icp_state *icp, int server, uint8_t cppr)
+{
+ struct icp_server_state *ss = icp->ss + server;
+ uint8_t old_cppr;
+ uint32_t old_xisr;
+
+ old_cppr = CPPR(ss);
+ ss->xirr = (ss->xirr & ~CPPR_MASK) | (cppr << 24);
+
+ if (cppr < old_cppr) {
+ if (XISR(ss) && (cppr <= ss->pending_priority)) {
+ old_xisr = XISR(ss);
+ ss->xirr &= ~XISR_MASK; /* Clear XISR */
+ qemu_irq_lower(ss->output);
+ ics_reject(icp->ics, old_xisr);
+ }
+ } else {
+ if (!XISR(ss)) {
+ icp_resend(icp, server);
+ }
+ }
+}
+
+static void icp_set_mfrr(struct icp_state *icp, int nr, uint8_t mfrr)
+{
+ struct icp_server_state *ss = icp->ss + nr;
+
+ ss->mfrr = mfrr;
+ if (mfrr < CPPR(ss)) {
+ icp_check_ipi(icp, nr);
+ }
+}
+
+static uint32_t icp_accept(struct icp_server_state *ss)
+{
+ uint32_t xirr;
+
+ qemu_irq_lower(ss->output);
+ xirr = ss->xirr;
+ ss->xirr = ss->pending_priority << 24;
+ return xirr;
+}
+
+static void icp_eoi(struct icp_state *icp, int server, uint32_t xirr)
+{
+ struct icp_server_state *ss = icp->ss + server;
+
+ ics_eoi(icp->ics, xirr & XISR_MASK);
+ /* Send EOI -> ICS */
+ ss->xirr = (ss->xirr & ~CPPR_MASK) | (xirr & CPPR_MASK);
+ if (!XISR(ss)) {
+ icp_resend(icp, server);
+ }
+}
+
+static void icp_irq(struct icp_state *icp, int server, int nr, uint8_t priority)
+{
+ struct icp_server_state *ss = icp->ss + server;
+
+ if ((priority >= CPPR(ss))
+ || (XISR(ss) && (ss->pending_priority <= priority))) {
+ ics_reject(icp->ics, nr);
+ } else {
+ if (XISR(ss)) {
+ ics_reject(icp->ics, XISR(ss));
+ }
+ ss->xirr = (ss->xirr & ~XISR_MASK) | (nr & XISR_MASK);
+ ss->pending_priority = priority;
+ qemu_irq_raise(ss->output);
+ }
+}
+
+/*
+ * ICS: Source layer
+ */
+
+struct ics_irq_state {
+ int server;
+ uint8_t priority;
+ uint8_t saved_priority;
+ /* int pending:1; */
+ /* int presented:1; */
+ int rejected:1;
+ int masked_pending:1;
+};
+
+struct ics_state {
+ int nr_irqs;
+ int offset;
+ qemu_irq *qirqs;
+ struct ics_irq_state *irqs;
+ struct icp_state *icp;
+};
+
+static int ics_valid_irq(struct ics_state *ics, uint32_t nr)
+{
+ return (nr >= ics->offset)
+ && (nr < (ics->offset + ics->nr_irqs));
+}
+
+static void ics_set_irq_msi(void *opaque, int nr, int val)
+{
+ struct ics_state *ics = (struct ics_state *)opaque;
+ struct ics_irq_state *irq = ics->irqs + nr;
+
+ if (val) {
+ if (irq->priority == 0xff) {
+ irq->masked_pending = 1;
+ /* masked pending */ ;
+ } else {
+ icp_irq(ics->icp, irq->server, nr + ics->offset, irq->priority);
+ }
+ }
+}
+
+static void ics_reject_msi(struct ics_state *ics, int nr)
+{
+ struct ics_irq_state *irq = ics->irqs + nr - ics->offset;
+
+ irq->rejected = 1;
+}
+
+static void ics_resend_msi(struct ics_state *ics)
+{
+ int i;
+
+ for (i = 0; i < ics->nr_irqs; i++) {
+ struct ics_irq_state *irq = ics->irqs + i;
+
+ /* FIXME: filter by server#? */
+ if (irq->rejected) {
+ irq->rejected = 0;
+ if (irq->priority != 0xff) {
+ icp_irq(ics->icp, irq->server, i + ics->offset, irq->priority);
+ }
+ }
+ }
+}
+
+static void ics_write_xive_msi(struct ics_state *ics, int nr, int server,
+ uint8_t priority)
+{
+ struct ics_irq_state *irq = ics->irqs + nr;
+
+ irq->server = server;
+ irq->priority = priority;
+
+ if (!irq->masked_pending || (priority == 0xff)) {
+ return;
+ }
+
+ irq->masked_pending = 0;
+ icp_irq(ics->icp, server, nr + ics->offset, priority);
+}
+
+static void ics_reject(struct ics_state *ics, int nr)
+{
+ ics_reject_msi(ics, nr);
+}
+
+static void ics_resend(struct ics_state *ics)
+{
+ ics_resend_msi(ics);
+}
+
+static void ics_eoi(struct ics_state *ics, int nr)
+{
+}
+
+/*
+ * Exported functions
+ */
+
+qemu_irq xics_find_qirq(struct icp_state *icp, int irq)
+{
+ if ((irq < icp->ics->offset)
+ || (irq >= (icp->ics->offset + icp->ics->nr_irqs))) {
+ return NULL;
+ }
+
+ return icp->ics->qirqs[irq - icp->ics->offset];
+}
+
+static target_ulong h_cppr(CPUState *env, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ target_ulong cppr = args[0];
+
+ icp_set_cppr(spapr->icp, env->cpu_index, cppr);
+ return H_SUCCESS;
+}
+
+static target_ulong h_ipi(CPUState *env, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ target_ulong server = args[0];
+ target_ulong mfrr = args[1];
+
+ if (server >= spapr->icp->nr_servers) {
+ return H_PARAMETER;
+ }
+
+ icp_set_mfrr(spapr->icp, server, mfrr);
+ return H_SUCCESS;
+
+}
+
+static target_ulong h_xirr(CPUState *env, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ uint32_t xirr = icp_accept(spapr->icp->ss + env->cpu_index);
+
+ args[0] = xirr;
+ return H_SUCCESS;
+}
+
+static target_ulong h_eoi(CPUState *env, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ target_ulong xirr = args[0];
+
+ icp_eoi(spapr->icp, env->cpu_index, xirr);
+ return H_SUCCESS;
+}
+
+static void rtas_set_xive(sPAPREnvironment *spapr, uint32_t token,
+ uint32_t nargs, target_ulong args,
+ uint32_t nret, target_ulong rets)
+{
+ struct ics_state *ics = spapr->icp->ics;
+ uint32_t nr, server, priority;
+
+ if ((nargs != 3) || (nret != 1)) {
+ rtas_st(rets, 0, -3);
+ return;
+ }
+
+ nr = rtas_ld(args, 0);
+ server = rtas_ld(args, 1);
+ priority = rtas_ld(args, 2);
+
+ if (!ics_valid_irq(ics, nr) || (server >= ics->icp->nr_servers)
+ || (priority > 0xff)) {
+ rtas_st(rets, 0, -3);
+ return;
+ }
+
+ ics_write_xive_msi(ics, nr - ics->offset, server, priority);
+
+ rtas_st(rets, 0, 0); /* Success */
+}
+
+static void rtas_get_xive(sPAPREnvironment *spapr, uint32_t token,
+ uint32_t nargs, target_ulong args,
+ uint32_t nret, target_ulong rets)
+{
+ struct ics_state *ics = spapr->icp->ics;
+ uint32_t nr;
+
+ if ((nargs != 1) || (nret != 3)) {
+ rtas_st(rets, 0, -3);
+ return;
+ }
+
+ nr = rtas_ld(args, 0);
+
+ if (!ics_valid_irq(ics, nr)) {
+ rtas_st(rets, 0, -3);
+ return;
+ }
+
+ rtas_st(rets, 0, 0); /* Success */
+ rtas_st(rets, 1, ics->irqs[nr - ics->offset].server);
+ rtas_st(rets, 2, ics->irqs[nr - ics->offset].priority);
+}
+
+static void rtas_int_off(sPAPREnvironment *spapr, uint32_t token,
+ uint32_t nargs, target_ulong args,
+ uint32_t nret, target_ulong rets)
+{
+ struct ics_state *ics = spapr->icp->ics;
+ uint32_t nr;
+
+ if ((nargs != 1) || (nret != 1)) {
+ rtas_st(rets, 0, -3);
+ return;
+ }
+
+ nr = rtas_ld(args, 0);
+
+ if (!ics_valid_irq(ics, nr)) {
+ rtas_st(rets, 0, -3);
+ return;
+ }
+
+ /* This is a NOP for now, since the described PAPR semantics don't
+ * seem to gel with what Linux does */
+#if 0
+ struct ics_irq_state *irq = xics->irqs + (nr - xics->offset);
+
+ irq->saved_priority = irq->priority;
+ ics_write_xive_msi(xics, nr - xics->offset, irq->server, 0xff);
+#endif
+
+ rtas_st(rets, 0, 0); /* Success */
+}
+
+static void rtas_int_on(sPAPREnvironment *spapr, uint32_t token,
+ uint32_t nargs, target_ulong args,
+ uint32_t nret, target_ulong rets)
+{
+ struct ics_state *ics = spapr->icp->ics;
+ uint32_t nr;
+
+ if ((nargs != 1) || (nret != 1)) {
+ rtas_st(rets, 0, -3);
+ return;
+ }
+
+ nr = rtas_ld(args, 0);
+
+ if (!ics_valid_irq(ics, nr)) {
+ rtas_st(rets, 0, -3);
+ return;
+ }
+
+ /* This is a NOP for now, since the described PAPR semantics don't
+ * seem to gel with what Linux does */
+#if 0
+ struct ics_irq_state *irq = xics->irqs + (nr - xics->offset);
+
+ ics_write_xive_msi(xics, nr - xics->offset,
+ irq->server, irq->saved_priority);
+#endif
+
+ rtas_st(rets, 0, 0); /* Success */
+}
+
+struct icp_state *xics_system_init(int nr_irqs)
+{
+ CPUState *env;
+ int max_server_num;
+ int i;
+ struct icp_state *icp;
+ struct ics_state *ics;
+
+ max_server_num = -1;
+ for (env = first_cpu; env != NULL; env = env->next_cpu) {
+ if (env->cpu_index > max_server_num) {
+ max_server_num = env->cpu_index;
+ }
+ }
+
+ icp = qemu_mallocz(sizeof(*icp));
+ icp->nr_servers = max_server_num + 1;
+ icp->ss = qemu_mallocz(icp->nr_servers*sizeof(struct icp_server_state));
+
+ for (i = 0; i < icp->nr_servers; i++) {
+ icp->ss[i].mfrr = 0xff;
+ }
+
+ for (env = first_cpu; env != NULL; env = env->next_cpu) {
+ struct icp_server_state *ss = &icp->ss[env->cpu_index];
+
+ switch (PPC_INPUT(env)) {
+ case PPC_FLAGS_INPUT_POWER7:
+ ss->output = env->irq_inputs[POWER7_INPUT_INT];
+ break;
+
+ case PPC_FLAGS_INPUT_970:
+ ss->output = env->irq_inputs[PPC970_INPUT_INT];
+ break;
+
+ default:
+ hw_error("XICS interrupt model does not support this CPU bus "
+ "model\n");
+ exit(1);
+ }
+ }
+
+ ics = qemu_mallocz(sizeof(*ics));
+ ics->nr_irqs = nr_irqs;
+ ics->offset = 16;
+ ics->irqs = qemu_mallocz(nr_irqs * sizeof(struct ics_irq_state));
+
+ icp->ics = ics;
+ ics->icp = icp;
+
+ for (i = 0; i < nr_irqs; i++) {
+ ics->irqs[i].priority = 0xff;
+ ics->irqs[i].saved_priority = 0xff;
+ }
+
+ ics->qirqs = qemu_allocate_irqs(ics_set_irq_msi, ics, nr_irqs);
+
+ spapr_register_hypercall(H_CPPR, h_cppr);
+ spapr_register_hypercall(H_IPI, h_ipi);
+ spapr_register_hypercall(H_XIRR, h_xirr);
+ spapr_register_hypercall(H_EOI, h_eoi);
+
+ spapr_rtas_register("ibm,set-xive", rtas_set_xive);
+ spapr_rtas_register("ibm,get-xive", rtas_get_xive);
+ spapr_rtas_register("ibm,int-off", rtas_int_off);
+ spapr_rtas_register("ibm,int-on", rtas_int_on);
+
+ return icp;
+}
diff --git a/hw/xics.h b/hw/xics.h
new file mode 100644
index 0000000..83c1182
--- /dev/null
+++ b/hw/xics.h
@@ -0,0 +1,38 @@
+/*
+ * QEMU PowerPC pSeries Logical Partition (aka sPAPR) hardware System Emulator
+ *
+ * PAPR Virtualized Interrupt System, aka ICS/ICP aka xics
+ *
+ * Copyright (c) 2010,2011 David Gibson, IBM Corporation.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ */
+#if !defined(__XICS_H__)
+#define __XICS_H__
+
+#define XICS_IPI 0x2
+
+struct icp_state;
+
+qemu_irq xics_find_qirq(struct icp_state *icp, int irq);
+
+struct icp_state *xics_system_init(int nr_irqs);
+
+#endif /* __XICS_H__ */
diff --git a/hw/xilinx_timer.c b/hw/xilinx_timer.c
index 30827b0..d398c18 100644
--- a/hw/xilinx_timer.c
+++ b/hw/xilinx_timer.c
@@ -23,7 +23,6 @@
*/
#include "sysbus.h"
-#include "sysemu.h"
#include "qemu-timer.h"
#define D(x)