2 * ARM Integrator CP System emulation.
4 * Copyright (c) 2005 CodeSourcery, LLC.
5 * Written by Paul Brook
7 * This code is licenced under the GPL
12 #define KERNEL_ARGS_ADDR 0x100
13 #define KERNEL_LOAD_ADDR 0x00010000
14 #define INITRD_LOAD_ADDR 0x00800000
16 /* Stub functions for hardware that doesn't exist. */
17 void pic_set_irq(int irq, int level)
19 cpu_abort (cpu_single_env, "pic_set_irq");
35 uint32_t flash_offset;
49 static uint8_t integrator_spd[128] = {
50 128, 8, 4, 11, 9, 1, 64, 0, 2, 0xa0, 0xa0, 0, 0, 8, 0, 1,
51 0xe, 4, 0x1c, 1, 2, 0x20, 0xc0, 0, 0, 0, 0, 0x30, 0x28, 0x30, 0x28, 0x40
54 static uint32_t integratorcm_read(void *opaque, target_phys_addr_t offset)
56 integratorcm_state *s = (integratorcm_state *)opaque;
58 if (offset >= 0x100 && offset < 0x200) {
62 return integrator_spd[offset >> 2];
64 switch (offset >> 2) {
76 if (s->cm_lock == 0xa05f) {
81 case 6: /* CM_LMBUSCNT */
82 /* ??? High frequency timer. */
83 cpu_abort(cpu_single_env, "integratorcm_read: CM_LMBUSCNT");
84 case 7: /* CM_AUXOSC */
86 case 8: /* CM_SDRAM */
90 case 10: /* CM_REFCT */
91 /* ??? High frequency timer. */
92 cpu_abort(cpu_single_env, "integratorcm_read: CM_REFCT");
93 case 12: /* CM_FLAGS */
95 case 14: /* CM_NVFLAGS */
97 case 16: /* CM_IRQ_STAT */
98 return s->int_level & s->irq_enabled;
99 case 17: /* CM_IRQ_RSTAT */
101 case 18: /* CM_IRQ_ENSET */
102 return s->irq_enabled;
103 case 20: /* CM_SOFT_INTSET */
104 return s->int_level & 1;
105 case 24: /* CM_FIQ_STAT */
106 return s->int_level & s->fiq_enabled;
107 case 25: /* CM_FIQ_RSTAT */
109 case 26: /* CM_FIQ_ENSET */
110 return s->fiq_enabled;
111 case 32: /* CM_VOLTAGE_CTL0 */
112 case 33: /* CM_VOLTAGE_CTL1 */
113 case 34: /* CM_VOLTAGE_CTL2 */
114 case 35: /* CM_VOLTAGE_CTL3 */
115 /* ??? Voltage control unimplemented. */
118 cpu_abort (cpu_single_env,
119 "integratorcm_read: Unimplemented offset 0x%x\n", offset);
124 static void integratorcm_do_remap(integratorcm_state *s, int flash)
127 cpu_register_physical_memory(0, 0x100000, IO_MEM_RAM);
129 cpu_register_physical_memory(0, 0x100000, s->flash_offset | IO_MEM_RAM);
131 //??? tlb_flush (cpu_single_env, 1);
134 static void integratorcm_set_ctrl(integratorcm_state *s, uint32_t value)
137 cpu_abort(cpu_single_env, "Board reset\n");
139 if ((s->cm_init ^ value) & 4) {
140 integratorcm_do_remap(s, (value & 4) == 0);
142 if ((s->cm_init ^ value) & 1) {
143 printf("Green LED %s\n", (value & 1) ? "on" : "off");
145 s->cm_init = (s->cm_init & ~ 5) | (value ^ 5);
148 static void integratorcm_update(integratorcm_state *s)
150 /* ??? The CPU irq/fiq is raised when either the core module or base PIC
152 if (s->int_level & (s->irq_enabled | s->fiq_enabled))
153 cpu_abort(cpu_single_env, "Core module interrupt\n");
156 static void integratorcm_write(void *opaque, target_phys_addr_t offset,
159 integratorcm_state *s = (integratorcm_state *)opaque;
160 offset -= 0x10000000;
161 switch (offset >> 2) {
163 if (s->cm_lock == 0xa05f)
166 case 3: /* CM_CTRL */
167 integratorcm_set_ctrl(s, value);
169 case 5: /* CM_LOCK */
170 s->cm_lock = value & 0xffff;
172 case 7: /* CM_AUXOSC */
173 if (s->cm_lock == 0xa05f)
174 s->cm_auxosc = value;
176 case 8: /* CM_SDRAM */
179 case 9: /* CM_INIT */
180 /* ??? This can change the memory bus frequency. */
183 case 12: /* CM_FLAGSS */
184 s->cm_flags |= value;
186 case 13: /* CM_FLAGSC */
187 s->cm_flags &= ~value;
189 case 14: /* CM_NVFLAGSS */
190 s->cm_nvflags |= value;
192 case 15: /* CM_NVFLAGSS */
193 s->cm_nvflags &= ~value;
195 case 18: /* CM_IRQ_ENSET */
196 s->irq_enabled |= value;
197 integratorcm_update(s);
199 case 19: /* CM_IRQ_ENCLR */
200 s->irq_enabled &= ~value;
201 integratorcm_update(s);
203 case 20: /* CM_SOFT_INTSET */
204 s->int_level |= (value & 1);
205 integratorcm_update(s);
207 case 21: /* CM_SOFT_INTCLR */
208 s->int_level &= ~(value & 1);
209 integratorcm_update(s);
211 case 26: /* CM_FIQ_ENSET */
212 s->fiq_enabled |= value;
213 integratorcm_update(s);
215 case 27: /* CM_FIQ_ENCLR */
216 s->fiq_enabled &= ~value;
217 integratorcm_update(s);
219 case 32: /* CM_VOLTAGE_CTL0 */
220 case 33: /* CM_VOLTAGE_CTL1 */
221 case 34: /* CM_VOLTAGE_CTL2 */
222 case 35: /* CM_VOLTAGE_CTL3 */
223 /* ??? Voltage control unimplemented. */
226 cpu_abort (cpu_single_env,
227 "integratorcm_write: Unimplemented offset 0x%x\n", offset);
232 /* Integrator/CM control registers. */
234 static CPUReadMemoryFunc *integratorcm_readfn[] = {
240 static CPUWriteMemoryFunc *integratorcm_writefn[] = {
246 static void integratorcm_init(int memsz, uint32_t flash_offset)
249 integratorcm_state *s;
251 s = (integratorcm_state *)qemu_mallocz(sizeof(integratorcm_state));
252 s->cm_osc = 0x01000048;
253 /* ??? What should the high bits of this value be? */
254 s->cm_auxosc = 0x0007feff;
255 s->cm_sdram = 0x00011122;
257 integrator_spd[31] = 64;
259 } else if (memsz >= 128) {
260 integrator_spd[31] = 32;
262 } else if (memsz >= 64) {
263 integrator_spd[31] = 16;
265 } else if (memsz >= 32) {
266 integrator_spd[31] = 4;
269 integrator_spd[31] = 2;
271 memcpy(integrator_spd + 73, "QEMU-MEMORY", 11);
272 s->cm_init = 0x00000112;
273 s->flash_offset = flash_offset;
275 iomemtype = cpu_register_io_memory(0, integratorcm_readfn,
276 integratorcm_writefn, s);
277 cpu_register_physical_memory(0x10000000, 0x007fffff, iomemtype);
278 integratorcm_do_remap(s, 1);
279 /* ??? Save/restore. */
282 /* Integrator/CP hardware emulation. */
283 /* Primary interrupt controller. */
285 typedef struct icp_pic_state
289 uint32_t irq_enabled;
290 uint32_t fiq_enabled;
292 /* -1 if parent is a cpu, otherwise IRQ number on parent PIC. */
296 static void icp_pic_update(icp_pic_state *s)
299 if (s->parent_irq != -1) {
302 flags = (s->level & s->irq_enabled);
303 pic_set_irq_new(s->parent, s->parent_irq,
307 /* Raise CPU interrupt. */
308 env = (CPUState *)s->parent;
309 if (s->level & s->fiq_enabled) {
310 cpu_interrupt (env, CPU_INTERRUPT_FIQ);
312 cpu_reset_interrupt (env, CPU_INTERRUPT_FIQ);
314 if (s->level & s->irq_enabled) {
315 cpu_interrupt (env, CPU_INTERRUPT_HARD);
317 cpu_reset_interrupt (env, CPU_INTERRUPT_HARD);
321 void pic_set_irq_new(void *opaque, int irq, int level)
323 icp_pic_state *s = (icp_pic_state *)opaque;
325 s->level |= 1 << irq;
327 s->level &= ~(1 << irq);
331 static uint32_t icp_pic_read(void *opaque, target_phys_addr_t offset)
333 icp_pic_state *s = (icp_pic_state *)opaque;
336 switch (offset >> 2) {
337 case 0: /* IRQ_STATUS */
338 return s->level & s->irq_enabled;
339 case 1: /* IRQ_RAWSTAT */
341 case 2: /* IRQ_ENABLESET */
342 return s->irq_enabled;
343 case 4: /* INT_SOFTSET */
345 case 8: /* FRQ_STATUS */
346 return s->level & s->fiq_enabled;
347 case 9: /* FRQ_RAWSTAT */
349 case 10: /* FRQ_ENABLESET */
350 return s->fiq_enabled;
351 case 3: /* IRQ_ENABLECLR */
352 case 5: /* INT_SOFTCLR */
353 case 11: /* FRQ_ENABLECLR */
355 printf ("icp_pic_read: Bad register offset 0x%x\n", offset);
360 static void icp_pic_write(void *opaque, target_phys_addr_t offset,
363 icp_pic_state *s = (icp_pic_state *)opaque;
366 switch (offset >> 2) {
367 case 2: /* IRQ_ENABLESET */
368 s->irq_enabled |= value;
370 case 3: /* IRQ_ENABLECLR */
371 s->irq_enabled &= ~value;
373 case 4: /* INT_SOFTSET */
375 pic_set_irq_new(s, 0, 1);
377 case 5: /* INT_SOFTCLR */
379 pic_set_irq_new(s, 0, 0);
381 case 10: /* FRQ_ENABLESET */
382 s->fiq_enabled |= value;
384 case 11: /* FRQ_ENABLECLR */
385 s->fiq_enabled &= ~value;
387 case 0: /* IRQ_STATUS */
388 case 1: /* IRQ_RAWSTAT */
389 case 8: /* FRQ_STATUS */
390 case 9: /* FRQ_RAWSTAT */
392 printf ("icp_pic_write: Bad register offset 0x%x\n", offset);
398 static CPUReadMemoryFunc *icp_pic_readfn[] = {
404 static CPUWriteMemoryFunc *icp_pic_writefn[] = {
410 static icp_pic_state *icp_pic_init(uint32_t base, void *parent,
416 s = (icp_pic_state *)qemu_mallocz(sizeof(icp_pic_state));
422 s->parent_irq = parent_irq;
423 iomemtype = cpu_register_io_memory(0, icp_pic_readfn,
425 cpu_register_physical_memory(base, 0x007fffff, iomemtype);
426 /* ??? Save/restore. */
432 /* System bus clock speed (40MHz) for timer 0. Not sure about this value. */
433 #define ICP_BUS_FREQ 40000000
449 /* Calculate the new expiry time of the given timer. */
451 static void icp_pit_reload(icp_pit_state *s, int n)
455 s->loaded[n] = s->expires[n];
456 delay = muldiv64(s->count[n], ticks_per_sec, s->freq[n]);
459 s->expires[n] += delay;
462 /* Check all active timers, and schedule the next timer interrupt. */
464 static void icp_pit_update(icp_pit_state *s, int64_t now)
470 for (n = 0; n < 3; n++) {
471 /* Ignore disabled timers. */
472 if ((s->control[n] & 0x80) == 0)
474 /* Ignore expired one-shot timers. */
475 if (s->count[n] == 0 && s->control[n] & 1)
477 if (s->expires[n] - now <= 0) {
478 /* Timer has expired. */
480 if (s->control[n] & 1) {
484 if ((s->control[n] & 0x40) == 0) {
486 if (s->control[n] & 2)
487 s->count[n] = 0xffffffff;
489 s->count[n] = 0xffff;
492 s->count[n] = s->limit[n];
496 while (s->expires[n] - now <= 0) {
497 icp_pit_reload(s, n);
500 /* Update interrupts. */
501 for (n = 0; n < 3; n++) {
502 if (s->int_level[n] && (s->control[n] & 0x20)) {
503 pic_set_irq_new(s->pic, 5 + n, 1);
505 pic_set_irq_new(s->pic, 5 + n, 0);
507 if (next - s->expires[n] < 0)
508 next = s->expires[n];
510 /* Schedule the next timer interrupt. */
512 qemu_del_timer(s->timer);
514 } else if (next != s->next_time) {
515 qemu_mod_timer(s->timer, next);
520 /* Return the current value of the timer. */
521 static uint32_t icp_pit_getcount(icp_pit_state *s, int n, int64_t now)
526 if (s->count[n] == 0)
528 if ((s->control[n] & 0x80) == 0)
530 elapsed = now - s->loaded[n];
531 period = s->expires[n] - s->loaded[n];
532 /* If the timer should have expired then return 0. This can happen
533 when the host timer signal doesnt occur immediately. It's better to
534 have a timer appear to sit at zero for a while than have it wrap
535 around before the guest interrupt is raised. */
536 /* ??? Could we trigger the interrupt here? */
537 if (elapsed > period)
539 /* We need to calculate count * elapsed / period without overfowing.
540 Scale both elapsed and period so they fit in a 32-bit int. */
541 while (period != (int32_t)period) {
545 return ((uint64_t)s->count[n] * (uint64_t)(int32_t)elapsed)
549 static uint32_t icp_pit_read(void *opaque, target_phys_addr_t offset)
552 icp_pit_state *s = (icp_pit_state *)opaque;
557 cpu_abort (cpu_single_env, "icp_pit_read: Bad timer %x\n", offset);
558 switch ((offset & 0xff) >> 2) {
559 case 0: /* TimerLoad */
560 case 6: /* TimerBGLoad */
562 case 1: /* TimerValue */
563 return icp_pit_getcount(s, n, qemu_get_clock(vm_clock));
564 case 2: /* TimerControl */
565 return s->control[n];
566 case 4: /* TimerRIS */
567 return s->int_level[n];
568 case 5: /* TimerMIS */
569 if ((s->control[n] & 0x20) == 0)
571 return s->int_level[n];
573 cpu_abort (cpu_single_env, "icp_pit_read: Bad offset %x\n", offset);
578 static void icp_pit_write(void *opaque, target_phys_addr_t offset,
581 icp_pit_state *s = (icp_pit_state *)opaque;
585 now = qemu_get_clock(vm_clock);
589 cpu_abort (cpu_single_env, "icp_pit_write: Bad offset %x\n", offset);
591 switch ((offset & 0xff) >> 2) {
592 case 0: /* TimerLoad */
596 icp_pit_reload(s, n);
598 case 1: /* TimerValue */
599 /* ??? Linux seems to want to write to this readonly register.
602 case 2: /* TimerControl */
603 if (s->control[n] & 0x80) {
604 /* Pause the timer if it is running. This may cause some
605 inaccuracy dure to rounding, but avoids a whole lot of other
607 s->count[n] = icp_pit_getcount(s, n, now);
609 s->control[n] = value;
611 s->freq[n] = ICP_BUS_FREQ;
613 s->freq[n] = 1000000;
614 /* ??? Need to recalculate expiry time after changing divisor. */
615 switch ((value >> 2) & 3) {
616 case 1: s->freq[n] >>= 4; break;
617 case 2: s->freq[n] >>= 8; break;
619 if (s->control[n] & 0x80) {
620 /* Restart the timer if still enabled. */
622 icp_pit_reload(s, n);
625 case 3: /* TimerIntClr */
628 case 6: /* TimerBGLoad */
632 cpu_abort (cpu_single_env, "icp_pit_write: Bad offset %x\n", offset);
634 icp_pit_update(s, now);
637 static void icp_pit_tick(void *opaque)
641 now = qemu_get_clock(vm_clock);
642 icp_pit_update((icp_pit_state *)opaque, now);
645 static CPUReadMemoryFunc *icp_pit_readfn[] = {
651 static CPUWriteMemoryFunc *icp_pit_writefn[] = {
657 static void icp_pit_init(uint32_t base, icp_pic_state *pic)
663 s = (icp_pit_state *)qemu_mallocz(sizeof(icp_pit_state));
666 s->freq[0] = ICP_BUS_FREQ;
667 s->freq[1] = 1000000;
668 s->freq[2] = 1000000;
669 for (n = 0; n < 3; n++) {
670 s->control[n] = 0x20;
671 s->count[n] = 0xffffffff;
674 iomemtype = cpu_register_io_memory(0, icp_pit_readfn,
676 cpu_register_physical_memory(base, 0x007fffff, iomemtype);
677 s->timer = qemu_new_timer(vm_clock, icp_pit_tick, s);
678 /* ??? Save/restore. */
681 /* ARM PrimeCell PL011 UART */
690 uint32_t int_enabled;
692 uint32_t read_fifo[16];
700 CharDriverState *chr;
705 #define PL011_INT_TX 0x20
706 #define PL011_INT_RX 0x10
708 #define PL011_FLAG_TXFE 0x80
709 #define PL011_FLAG_RXFF 0x40
710 #define PL011_FLAG_TXFF 0x20
711 #define PL011_FLAG_RXFE 0x10
713 static const unsigned char pl011_id[] =
714 { 0x11, 0x10, 0x14, 0x00, 0x0d, 0xf0, 0x05, 0xb1 };
716 static void pl011_update(pl011_state *s)
720 flags = s->int_level & s->int_enabled;
721 pic_set_irq_new(s->pic, s->irq, flags != 0);
724 static uint32_t pl011_read(void *opaque, target_phys_addr_t offset)
726 pl011_state *s = (pl011_state *)opaque;
730 if (offset >= 0xfe0 && offset < 0x1000) {
731 return pl011_id[(offset - 0xfe0) >> 2];
733 switch (offset >> 2) {
735 s->flags &= ~PL011_FLAG_RXFF;
736 c = s->read_fifo[s->read_pos];
737 if (s->read_count > 0) {
739 if (++s->read_pos == 16)
742 if (s->read_count == 0) {
743 s->flags |= PL011_FLAG_RXFE;
745 if (s->read_count == s->read_trigger - 1)
746 s->int_level &= ~ PL011_INT_RX;
753 case 8: /* UARTILPR */
755 case 9: /* UARTIBRD */
757 case 10: /* UARTFBRD */
759 case 11: /* UARTLCR_H */
761 case 12: /* UARTCR */
763 case 13: /* UARTIFLS */
765 case 14: /* UARTIMSC */
766 return s->int_enabled;
767 case 15: /* UARTRIS */
769 case 16: /* UARTMIS */
770 return s->int_level & s->int_enabled;
771 case 18: /* UARTDMACR */
774 cpu_abort (cpu_single_env, "pl011_read: Bad offset %x\n", offset);
779 static void pl011_set_read_trigger(pl011_state *s)
782 /* The docs say the RX interrupt is triggered when the FIFO exceeds
783 the threshold. However linux only reads the FIFO in response to an
784 interrupt. Triggering the interrupt when the FIFO is non-empty seems
785 to make things work. */
787 s->read_trigger = (s->ifl >> 1) & 0x1c;
793 static void pl011_write(void *opaque, target_phys_addr_t offset,
796 pl011_state *s = (pl011_state *)opaque;
800 switch (offset >> 2) {
802 /* ??? Check if transmitter is enabled. */
805 qemu_chr_write(s->chr, &ch, 1);
806 s->int_level |= PL011_INT_TX;
812 case 8: /* UARTUARTILPR */
815 case 9: /* UARTIBRD */
818 case 10: /* UARTFBRD */
821 case 11: /* UARTLCR_H */
823 pl011_set_read_trigger(s);
825 case 12: /* UARTCR */
826 /* ??? Need to implement the enable and loopback bits. */
829 case 13: /* UARTIFS */
831 pl011_set_read_trigger(s);
833 case 14: /* UARTIMSC */
834 s->int_enabled = value;
837 case 17: /* UARTICR */
838 s->int_level &= ~value;
841 case 18: /* UARTDMACR */
844 cpu_abort(cpu_single_env, "PL011: DMA not implemented\n");
847 cpu_abort (cpu_single_env, "pl011_write: Bad offset %x\n", offset);
851 static int pl011_can_recieve(void *opaque)
853 pl011_state *s = (pl011_state *)opaque;
856 return s->read_count < 16;
858 return s->read_count < 1;
861 static void pl011_recieve(void *opaque, const uint8_t *buf, int size)
863 pl011_state *s = (pl011_state *)opaque;
866 slot = s->read_pos + s->read_count;
869 s->read_fifo[slot] = *buf;
871 s->flags &= ~PL011_FLAG_RXFE;
872 if (s->cr & 0x10 || s->read_count == 16) {
873 s->flags |= PL011_FLAG_RXFF;
875 if (s->read_count == s->read_trigger) {
876 s->int_level |= PL011_INT_RX;
881 static void pl011_event(void *opaque, int event)
883 /* ??? Should probably implement break. */
886 static CPUReadMemoryFunc *pl011_readfn[] = {
892 static CPUWriteMemoryFunc *pl011_writefn[] = {
898 static void pl011_init(uint32_t base, icp_pic_state *pic, int irq,
899 CharDriverState *chr)
904 s = (pl011_state *)qemu_mallocz(sizeof(pl011_state));
905 iomemtype = cpu_register_io_memory(0, pl011_readfn,
907 cpu_register_physical_memory(base, 0x007fffff, iomemtype);
917 qemu_chr_add_read_handler(chr, pl011_can_recieve, pl011_recieve, s);
918 qemu_chr_add_event_handler(chr, pl011_event);
920 /* ??? Save/restore. */
923 /* CP control registers. */
928 static uint32_t icp_control_read(void *opaque, target_phys_addr_t offset)
930 icp_control_state *s = (icp_control_state *)opaque;
932 switch (offset >> 2) {
933 case 0: /* CP_IDFIELD */
935 case 1: /* CP_FLASHPROG */
937 case 2: /* CP_INTREG */
939 case 3: /* CP_DECODE */
942 cpu_abort (cpu_single_env, "icp_control_read: Bad offset %x\n", offset);
947 static void icp_control_write(void *opaque, target_phys_addr_t offset,
950 icp_control_state *s = (icp_control_state *)opaque;
952 switch (offset >> 2) {
953 case 1: /* CP_FLASHPROG */
954 case 2: /* CP_INTREG */
955 case 3: /* CP_DECODE */
956 /* Nothing interesting implemented yet. */
959 cpu_abort (cpu_single_env, "icp_control_write: Bad offset %x\n", offset);
962 static CPUReadMemoryFunc *icp_control_readfn[] = {
968 static CPUWriteMemoryFunc *icp_control_writefn[] = {
974 static void icp_control_init(uint32_t base)
977 icp_control_state *s;
979 s = (icp_control_state *)qemu_mallocz(sizeof(icp_control_state));
980 iomemtype = cpu_register_io_memory(0, icp_control_readfn,
981 icp_control_writefn, s);
982 cpu_register_physical_memory(base, 0x007fffff, iomemtype);
984 /* ??? Save/restore. */
988 /* Keyboard/Mouse Interface. */
1002 static void icp_kmi_update(void *opaque, int level)
1004 icp_kmi_state *s = (icp_kmi_state *)opaque;
1008 raise = (s->pending && (s->cr & 0x10) != 0)
1009 || (s->cr & 0x08) != 0;
1010 pic_set_irq_new(s->pic, s->irq, raise);
1013 static uint32_t icp_kmi_read(void *opaque, target_phys_addr_t offset)
1015 icp_kmi_state *s = (icp_kmi_state *)opaque;
1017 if (offset >= 0xfe0 && offset < 0x1000)
1020 switch (offset >> 2) {
1023 case 1: /* KMISTAT */
1024 /* KMIC and KMID bits not implemented. */
1030 case 2: /* KMIDATA */
1032 s->last = ps2_read_data(s->dev);
1034 case 3: /* KMICLKDIV */
1037 return s->pending | 2;
1039 cpu_abort (cpu_single_env, "icp_kmi_read: Bad offset %x\n", offset);
1044 static void icp_kmi_write(void *opaque, target_phys_addr_t offset,
1047 icp_kmi_state *s = (icp_kmi_state *)opaque;
1049 switch (offset >> 2) {
1052 icp_kmi_update(s, s->pending);
1053 /* ??? Need to implement the enable/disable bit. */
1055 case 2: /* KMIDATA */
1056 /* ??? This should toggle the TX interrupt line. */
1057 /* ??? This means kbd/mouse can block each other. */
1059 ps2_write_mouse(s->dev, value);
1061 ps2_write_keyboard(s->dev, value);
1064 case 3: /* KMICLKDIV */
1068 cpu_abort (cpu_single_env, "icp_kmi_write: Bad offset %x\n", offset);
1071 static CPUReadMemoryFunc *icp_kmi_readfn[] = {
1077 static CPUWriteMemoryFunc *icp_kmi_writefn[] = {
1083 static void icp_kmi_init(uint32_t base, icp_pic_state * pic, int irq,
1089 s = (icp_kmi_state *)qemu_mallocz(sizeof(icp_kmi_state));
1090 iomemtype = cpu_register_io_memory(0, icp_kmi_readfn,
1091 icp_kmi_writefn, s);
1092 cpu_register_physical_memory(base, 0x007fffff, iomemtype);
1096 s->is_mouse = is_mouse;
1098 s->dev = ps2_mouse_init(icp_kmi_update, s);
1100 s->dev = ps2_kbd_init(icp_kmi_update, s);
1101 /* ??? Save/restore. */
1104 /* The worlds second smallest bootloader. Set r0-r2, then jump to kernel. */
1105 static uint32_t bootloader[] = {
1106 0xe3a00000, /* mov r0, #0 */
1107 0xe3a01013, /* mov r1, #0x13 */
1108 0xe3811c01, /* orr r1, r1, #0x100 */
1109 0xe59f2000, /* ldr r2, [pc, #0] */
1110 0xe59ff000, /* ldr pc, [pc, #0] */
1111 0, /* Address of kernel args. Set by integratorcp_init. */
1112 0 /* Kernel entry point. Set by integratorcp_init. */
1115 static void set_kernel_args(uint32_t ram_size, int initrd_size,
1116 const char *kernel_cmdline)
1120 p = (uint32_t *)(phys_ram_base + KERNEL_ARGS_ADDR);
1123 stl_raw(p++, 0x54410001);
1125 stl_raw(p++, 0x1000);
1129 stl_raw(p++, 0x54410002);
1130 stl_raw(p++, ram_size);
1135 stl_raw(p++, 0x54420005);
1136 stl_raw(p++, INITRD_LOAD_ADDR);
1137 stl_raw(p++, initrd_size);
1139 if (kernel_cmdline && *kernel_cmdline) {
1143 cmdline_size = strlen(kernel_cmdline);
1144 memcpy (p + 2, kernel_cmdline, cmdline_size + 1);
1145 cmdline_size = (cmdline_size >> 2) + 1;
1146 stl_raw(p++, cmdline_size + 2);
1147 stl_raw(p++, 0x54410009);
1157 static void integratorcp_init(int ram_size, int vga_ram_size, int boot_device,
1158 DisplayState *ds, const char **fd_filename, int snapshot,
1159 const char *kernel_filename, const char *kernel_cmdline,
1160 const char *initrd_filename, uint32_t cpuid)
1163 uint32_t bios_offset;
1170 cpu_arm_set_model(env, cpuid);
1171 bios_offset = ram_size + vga_ram_size;
1172 /* ??? On a real system the first 1Mb is mapped as SSRAM or boot flash. */
1173 /* ??? RAM shoud repeat to fill physical memory space. */
1174 /* SDRAM at address zero*/
1175 cpu_register_physical_memory(0, ram_size, IO_MEM_RAM);
1176 /* And again at address 0x80000000 */
1177 cpu_register_physical_memory(0x80000000, ram_size, IO_MEM_RAM);
1179 integratorcm_init(ram_size >> 20, bios_offset);
1180 pic = icp_pic_init(0x14000000, env, -1);
1181 icp_pic_init(0xca000000, pic, 26);
1182 icp_pit_init(0x13000000, pic);
1183 pl011_init(0x16000000, pic, 1, serial_hds[0]);
1184 pl011_init(0x17000000, pic, 2, serial_hds[1]);
1185 icp_control_init(0xcb000000);
1186 icp_kmi_init(0x18000000, pic, 3, 0);
1187 icp_kmi_init(0x19000000, pic, 4, 1);
1188 if (nd_table[0].vlan) {
1189 if (nd_table[0].model == NULL
1190 || strcmp(nd_table[0].model, "smc91c111") == 0) {
1191 smc91c111_init(&nd_table[0], 0xc8000000, pic, 27);
1193 fprintf(stderr, "qemu: Unsupported NIC: %s\n", nd_table[0].model);
1197 pl110_init(ds, 0xc0000000, pic, 22, 0);
1199 /* Load the kernel. */
1200 if (!kernel_filename) {
1201 fprintf(stderr, "Kernel image must be specified\n");
1204 kernel_size = load_image(kernel_filename,
1205 phys_ram_base + KERNEL_LOAD_ADDR);
1206 if (kernel_size < 0) {
1207 fprintf(stderr, "qemu: could not load kernel '%s'\n", kernel_filename);
1210 if (initrd_filename) {
1211 initrd_size = load_image(initrd_filename,
1212 phys_ram_base + INITRD_LOAD_ADDR);
1213 if (initrd_size < 0) {
1214 fprintf(stderr, "qemu: could not load initrd '%s'\n",
1221 bootloader[5] = KERNEL_ARGS_ADDR;
1222 bootloader[6] = KERNEL_LOAD_ADDR;
1223 for (n = 0; n < sizeof(bootloader) / 4; n++)
1224 stl_raw(phys_ram_base + (n * 4), bootloader[n]);
1225 set_kernel_args(ram_size, initrd_size, kernel_cmdline);
1228 static void integratorcp926_init(int ram_size, int vga_ram_size,
1229 int boot_device, DisplayState *ds, const char **fd_filename, int snapshot,
1230 const char *kernel_filename, const char *kernel_cmdline,
1231 const char *initrd_filename)
1233 integratorcp_init(ram_size, vga_ram_size, boot_device, ds, fd_filename,
1234 snapshot, kernel_filename, kernel_cmdline,
1235 initrd_filename, ARM_CPUID_ARM926);
1238 static void integratorcp1026_init(int ram_size, int vga_ram_size,
1239 int boot_device, DisplayState *ds, const char **fd_filename, int snapshot,
1240 const char *kernel_filename, const char *kernel_cmdline,
1241 const char *initrd_filename)
1243 integratorcp_init(ram_size, vga_ram_size, boot_device, ds, fd_filename,
1244 snapshot, kernel_filename, kernel_cmdline,
1245 initrd_filename, ARM_CPUID_ARM1026);
1248 QEMUMachine integratorcp926_machine = {
1250 "ARM Integrator/CP (ARM926EJ-S)",
1251 integratorcp926_init,
1254 QEMUMachine integratorcp1026_machine = {
1256 "ARM Integrator/CP (ARM1026EJ-S)",
1257 integratorcp1026_init,