2 * Marvell MV88W8618 / Freecom MusicPal emulation.
4 * Copyright (c) 2008 Jan Kiszka
6 * This code is licenced under the GNU GPL v2.
16 #include "qemu-timer.h"
20 #include "audio/audio.h"
23 #define MP_ETH_BASE 0x80008000
24 #define MP_ETH_SIZE 0x00001000
26 #define MP_UART1_BASE 0x8000C840
27 #define MP_UART2_BASE 0x8000C940
29 #define MP_FLASHCFG_BASE 0x90006000
30 #define MP_FLASHCFG_SIZE 0x00001000
32 #define MP_AUDIO_BASE 0x90007000
33 #define MP_AUDIO_SIZE 0x00001000
35 #define MP_PIC_BASE 0x90008000
36 #define MP_PIC_SIZE 0x00001000
38 #define MP_PIT_BASE 0x90009000
39 #define MP_PIT_SIZE 0x00001000
41 #define MP_LCD_BASE 0x9000c000
42 #define MP_LCD_SIZE 0x00001000
44 #define MP_SRAM_BASE 0xC0000000
45 #define MP_SRAM_SIZE 0x00020000
47 #define MP_RAM_DEFAULT_SIZE 32*1024*1024
48 #define MP_FLASH_SIZE_MAX 32*1024*1024
50 #define MP_TIMER1_IRQ 4
52 #define MP_TIMER4_IRQ 7
55 #define MP_UART1_IRQ 11
56 #define MP_UART2_IRQ 11
57 #define MP_GPIO_IRQ 12
59 #define MP_AUDIO_IRQ 30
61 static uint32_t gpio_in_state = 0xffffffff;
62 static uint32_t gpio_isr;
63 static uint32_t gpio_out_state;
64 static ram_addr_t sram_off;
66 /* Address conversion helpers */
67 static void *target2host_addr(uint32_t addr)
69 if (addr < MP_SRAM_BASE) {
70 if (addr >= MP_RAM_DEFAULT_SIZE)
72 return (void *)(phys_ram_base + addr);
74 if (addr >= MP_SRAM_BASE + MP_SRAM_SIZE)
76 return (void *)(phys_ram_base + sram_off + addr - MP_SRAM_BASE);
80 static uint32_t host2target_addr(void *addr)
82 if (addr < ((void *)phys_ram_base) + sram_off)
83 return (unsigned long)addr - (unsigned long)phys_ram_base;
85 return (unsigned long)addr - (unsigned long)phys_ram_base -
86 sram_off + MP_SRAM_BASE;
90 typedef enum i2c_state {
113 typedef struct i2c_interface {
122 static void i2c_enter_stop(i2c_interface *i2c)
124 if (i2c->current_addr >= 0)
125 i2c_end_transfer(i2c->bus);
126 i2c->current_addr = -1;
127 i2c->state = STOPPED;
130 static void i2c_state_update(i2c_interface *i2c, int data, int clock)
135 switch (i2c->state) {
137 if (data == 0 && i2c->last_data == 1 && clock == 1)
138 i2c->state = INITIALIZING;
142 if (clock == 0 && i2c->last_clock == 1 && data == 0)
143 i2c->state = SENDING_BIT7;
148 case SENDING_BIT7 ... SENDING_BIT0:
149 if (clock == 0 && i2c->last_clock == 1) {
150 i2c->buffer = (i2c->buffer << 1) | data;
151 i2c->state++; /* will end up in WAITING_FOR_ACK */
152 } else if (data == 1 && i2c->last_data == 0 && clock == 1)
156 case WAITING_FOR_ACK:
157 if (clock == 0 && i2c->last_clock == 1) {
158 if (i2c->current_addr < 0) {
159 i2c->current_addr = i2c->buffer;
160 i2c_start_transfer(i2c->bus, i2c->current_addr & 0xfe,
163 i2c_send(i2c->bus, i2c->buffer);
164 if (i2c->current_addr & 1) {
165 i2c->state = RECEIVING_BIT7;
166 i2c->buffer = i2c_recv(i2c->bus);
168 i2c->state = SENDING_BIT7;
169 } else if (data == 1 && i2c->last_data == 0 && clock == 1)
173 case RECEIVING_BIT7 ... RECEIVING_BIT0:
174 if (clock == 0 && i2c->last_clock == 1) {
175 i2c->state++; /* will end up in SENDING_ACK */
177 } else if (data == 1 && i2c->last_data == 0 && clock == 1)
182 if (clock == 0 && i2c->last_clock == 1) {
183 i2c->state = RECEIVING_BIT7;
185 i2c->buffer = i2c_recv(i2c->bus);
188 } else if (data == 1 && i2c->last_data == 0 && clock == 1)
193 i2c->last_data = data;
194 i2c->last_clock = clock;
197 static int i2c_get_data(i2c_interface *i2c)
202 switch (i2c->state) {
203 case RECEIVING_BIT7 ... RECEIVING_BIT0:
204 return (i2c->buffer >> 7);
206 case WAITING_FOR_ACK:
212 static i2c_interface *mixer_i2c;
216 /* Audio register offsets */
217 #define MP_AUDIO_PLAYBACK_MODE 0x00
218 #define MP_AUDIO_CLOCK_DIV 0x18
219 #define MP_AUDIO_IRQ_STATUS 0x20
220 #define MP_AUDIO_IRQ_ENABLE 0x24
221 #define MP_AUDIO_TX_START_LO 0x28
222 #define MP_AUDIO_TX_THRESHOLD 0x2C
223 #define MP_AUDIO_TX_STATUS 0x38
224 #define MP_AUDIO_TX_START_HI 0x40
226 /* Status register and IRQ enable bits */
227 #define MP_AUDIO_TX_HALF (1 << 6)
228 #define MP_AUDIO_TX_FULL (1 << 7)
230 /* Playback mode bits */
231 #define MP_AUDIO_16BIT_SAMPLE (1 << 0)
232 #define MP_AUDIO_PLAYBACK_EN (1 << 7)
233 #define MP_AUDIO_CLOCK_24MHZ (1 << 9)
234 #define MP_AUDIO_MONO (1 << 14)
236 /* Wolfson 8750 I2C address */
237 #define MP_WM_ADDR 0x34
239 static const char audio_name[] = "mv88w8618";
241 typedef struct musicpal_audio_state {
243 uint32_t playback_mode;
246 unsigned long phys_buf;
247 int8_t *target_buffer;
248 unsigned int threshold;
249 unsigned int play_pos;
250 unsigned int last_free;
253 } musicpal_audio_state;
255 static void audio_callback(void *opaque, int free_out, int free_in)
257 musicpal_audio_state *s = opaque;
258 int16_t *codec_buffer;
262 if (!(s->playback_mode & MP_AUDIO_PLAYBACK_EN))
265 if (s->playback_mode & MP_AUDIO_16BIT_SAMPLE)
268 if (!(s->playback_mode & MP_AUDIO_MONO))
271 block_size = s->threshold/2;
272 if (free_out - s->last_free < block_size)
275 mem_buffer = s->target_buffer + s->play_pos;
276 if (s->playback_mode & MP_AUDIO_16BIT_SAMPLE) {
277 if (s->playback_mode & MP_AUDIO_MONO) {
278 codec_buffer = wm8750_dac_buffer(s->wm, block_size >> 1);
279 for (pos = 0; pos < block_size; pos += 2) {
280 *codec_buffer++ = *(int16_t *)mem_buffer;
281 *codec_buffer++ = *(int16_t *)mem_buffer;
285 memcpy(wm8750_dac_buffer(s->wm, block_size >> 2),
286 (uint32_t *)mem_buffer, block_size);
288 if (s->playback_mode & MP_AUDIO_MONO) {
289 codec_buffer = wm8750_dac_buffer(s->wm, block_size);
290 for (pos = 0; pos < block_size; pos++) {
291 *codec_buffer++ = cpu_to_le16(256 * *mem_buffer);
292 *codec_buffer++ = cpu_to_le16(256 * *mem_buffer++);
295 codec_buffer = wm8750_dac_buffer(s->wm, block_size >> 1);
296 for (pos = 0; pos < block_size; pos += 2) {
297 *codec_buffer++ = cpu_to_le16(256 * *mem_buffer++);
298 *codec_buffer++ = cpu_to_le16(256 * *mem_buffer++);
302 wm8750_dac_commit(s->wm);
304 s->last_free = free_out - block_size;
306 if (s->play_pos == 0) {
307 s->status |= MP_AUDIO_TX_HALF;
308 s->play_pos = block_size;
310 s->status |= MP_AUDIO_TX_FULL;
314 if (s->status & s->irq_enable)
315 qemu_irq_raise(s->irq);
318 static void musicpal_audio_clock_update(musicpal_audio_state *s)
322 if (s->playback_mode & MP_AUDIO_CLOCK_24MHZ)
323 rate = 24576000 / 64; /* 24.576MHz */
325 rate = 11289600 / 64; /* 11.2896MHz */
327 rate /= ((s->clock_div >> 8) & 0xff) + 1;
329 wm8750_set_bclk_in(s->wm, rate);
332 static uint32_t musicpal_audio_read(void *opaque, target_phys_addr_t offset)
334 musicpal_audio_state *s = opaque;
337 case MP_AUDIO_PLAYBACK_MODE:
338 return s->playback_mode;
340 case MP_AUDIO_CLOCK_DIV:
343 case MP_AUDIO_IRQ_STATUS:
346 case MP_AUDIO_IRQ_ENABLE:
347 return s->irq_enable;
349 case MP_AUDIO_TX_STATUS:
350 return s->play_pos >> 2;
357 static void musicpal_audio_write(void *opaque, target_phys_addr_t offset,
360 musicpal_audio_state *s = opaque;
363 case MP_AUDIO_PLAYBACK_MODE:
364 if (value & MP_AUDIO_PLAYBACK_EN &&
365 !(s->playback_mode & MP_AUDIO_PLAYBACK_EN)) {
370 s->playback_mode = value;
371 musicpal_audio_clock_update(s);
374 case MP_AUDIO_CLOCK_DIV:
375 s->clock_div = value;
378 musicpal_audio_clock_update(s);
381 case MP_AUDIO_IRQ_STATUS:
385 case MP_AUDIO_IRQ_ENABLE:
386 s->irq_enable = value;
387 if (s->status & s->irq_enable)
388 qemu_irq_raise(s->irq);
391 case MP_AUDIO_TX_START_LO:
392 s->phys_buf = (s->phys_buf & 0xFFFF0000) | (value & 0xFFFF);
393 s->target_buffer = target2host_addr(s->phys_buf);
398 case MP_AUDIO_TX_THRESHOLD:
399 s->threshold = (value + 1) * 4;
402 case MP_AUDIO_TX_START_HI:
403 s->phys_buf = (s->phys_buf & 0xFFFF) | (value << 16);
404 s->target_buffer = target2host_addr(s->phys_buf);
411 static void musicpal_audio_reset(void *opaque)
413 musicpal_audio_state *s = opaque;
415 s->playback_mode = 0;
420 static CPUReadMemoryFunc *musicpal_audio_readfn[] = {
426 static CPUWriteMemoryFunc *musicpal_audio_writefn[] = {
427 musicpal_audio_write,
428 musicpal_audio_write,
432 static i2c_interface *musicpal_audio_init(uint32_t base, qemu_irq irq)
435 musicpal_audio_state *s;
441 AUD_log(audio_name, "No audio state\n");
445 s = qemu_mallocz(sizeof(musicpal_audio_state));
450 i2c = qemu_mallocz(sizeof(i2c_interface));
453 i2c->bus = i2c_init_bus();
454 i2c->current_addr = -1;
456 s->wm = wm8750_init(i2c->bus, audio);
459 i2c_set_slave_address(s->wm, MP_WM_ADDR);
460 wm8750_data_req_set(s->wm, audio_callback, s);
462 iomemtype = cpu_register_io_memory(0, musicpal_audio_readfn,
463 musicpal_audio_writefn, s);
464 cpu_register_physical_memory(base, MP_AUDIO_SIZE, iomemtype);
466 qemu_register_reset(musicpal_audio_reset, s);
470 #else /* !HAS_AUDIO */
471 static i2c_interface *musicpal_audio_init(uint32_t base, qemu_irq irq)
475 #endif /* !HAS_AUDIO */
477 /* Ethernet register offsets */
478 #define MP_ETH_SMIR 0x010
479 #define MP_ETH_PCXR 0x408
480 #define MP_ETH_SDCMR 0x448
481 #define MP_ETH_ICR 0x450
482 #define MP_ETH_IMR 0x458
483 #define MP_ETH_FRDP0 0x480
484 #define MP_ETH_FRDP1 0x484
485 #define MP_ETH_FRDP2 0x488
486 #define MP_ETH_FRDP3 0x48C
487 #define MP_ETH_CRDP0 0x4A0
488 #define MP_ETH_CRDP1 0x4A4
489 #define MP_ETH_CRDP2 0x4A8
490 #define MP_ETH_CRDP3 0x4AC
491 #define MP_ETH_CTDP0 0x4E0
492 #define MP_ETH_CTDP1 0x4E4
493 #define MP_ETH_CTDP2 0x4E8
494 #define MP_ETH_CTDP3 0x4EC
497 #define MP_ETH_SMIR_DATA 0x0000FFFF
498 #define MP_ETH_SMIR_ADDR 0x03FF0000
499 #define MP_ETH_SMIR_OPCODE (1 << 26) /* Read value */
500 #define MP_ETH_SMIR_RDVALID (1 << 27)
503 #define MP_ETH_PHY1_BMSR 0x00210000
504 #define MP_ETH_PHY1_PHYSID1 0x00410000
505 #define MP_ETH_PHY1_PHYSID2 0x00610000
507 #define MP_PHY_BMSR_LINK 0x0004
508 #define MP_PHY_BMSR_AUTONEG 0x0008
510 #define MP_PHY_88E3015 0x01410E20
512 /* TX descriptor status */
513 #define MP_ETH_TX_OWN (1 << 31)
515 /* RX descriptor status */
516 #define MP_ETH_RX_OWN (1 << 31)
518 /* Interrupt cause/mask bits */
519 #define MP_ETH_IRQ_RX_BIT 0
520 #define MP_ETH_IRQ_RX (1 << MP_ETH_IRQ_RX_BIT)
521 #define MP_ETH_IRQ_TXHI_BIT 2
522 #define MP_ETH_IRQ_TXLO_BIT 3
524 /* Port config bits */
525 #define MP_ETH_PCXR_2BSM_BIT 28 /* 2-byte incoming suffix */
527 /* SDMA command bits */
528 #define MP_ETH_CMD_TXHI (1 << 23)
529 #define MP_ETH_CMD_TXLO (1 << 22)
531 typedef struct mv88w8618_tx_desc {
539 typedef struct mv88w8618_rx_desc {
542 uint16_t buffer_size;
547 typedef struct mv88w8618_eth_state {
553 mv88w8618_tx_desc *tx_queue[2];
554 mv88w8618_rx_desc *rx_queue[4];
555 mv88w8618_rx_desc *frx_queue[4];
556 mv88w8618_rx_desc *cur_rx[4];
558 } mv88w8618_eth_state;
560 static int eth_can_receive(void *opaque)
565 static void eth_receive(void *opaque, const uint8_t *buf, int size)
567 mv88w8618_eth_state *s = opaque;
568 mv88w8618_rx_desc *desc;
571 for (i = 0; i < 4; i++) {
576 if (le32_to_cpu(desc->cmdstat) & MP_ETH_RX_OWN &&
577 le16_to_cpu(desc->buffer_size) >= size) {
578 memcpy(target2host_addr(le32_to_cpu(desc->buffer) +
581 desc->bytes = cpu_to_le16(size + s->vlan_header);
582 desc->cmdstat &= cpu_to_le32(~MP_ETH_RX_OWN);
583 s->cur_rx[i] = target2host_addr(le32_to_cpu(desc->next));
585 s->icr |= MP_ETH_IRQ_RX;
587 qemu_irq_raise(s->irq);
590 desc = target2host_addr(le32_to_cpu(desc->next));
591 } while (desc != s->rx_queue[i]);
595 static void eth_send(mv88w8618_eth_state *s, int queue_index)
597 mv88w8618_tx_desc *desc = s->tx_queue[queue_index];
600 if (le32_to_cpu(desc->cmdstat) & MP_ETH_TX_OWN) {
601 qemu_send_packet(s->vc,
602 target2host_addr(le32_to_cpu(desc->buffer)),
603 le16_to_cpu(desc->bytes));
604 desc->cmdstat &= cpu_to_le32(~MP_ETH_TX_OWN);
605 s->icr |= 1 << (MP_ETH_IRQ_TXLO_BIT - queue_index);
607 desc = target2host_addr(le32_to_cpu(desc->next));
608 } while (desc != s->tx_queue[queue_index]);
611 static uint32_t mv88w8618_eth_read(void *opaque, target_phys_addr_t offset)
613 mv88w8618_eth_state *s = opaque;
617 if (s->smir & MP_ETH_SMIR_OPCODE) {
618 switch (s->smir & MP_ETH_SMIR_ADDR) {
619 case MP_ETH_PHY1_BMSR:
620 return MP_PHY_BMSR_LINK | MP_PHY_BMSR_AUTONEG |
622 case MP_ETH_PHY1_PHYSID1:
623 return (MP_PHY_88E3015 >> 16) | MP_ETH_SMIR_RDVALID;
624 case MP_ETH_PHY1_PHYSID2:
625 return (MP_PHY_88E3015 & 0xFFFF) | MP_ETH_SMIR_RDVALID;
627 return MP_ETH_SMIR_RDVALID;
638 case MP_ETH_FRDP0 ... MP_ETH_FRDP3:
639 return host2target_addr(s->frx_queue[(offset - MP_ETH_FRDP0)/4]);
641 case MP_ETH_CRDP0 ... MP_ETH_CRDP3:
642 return host2target_addr(s->rx_queue[(offset - MP_ETH_CRDP0)/4]);
644 case MP_ETH_CTDP0 ... MP_ETH_CTDP3:
645 return host2target_addr(s->tx_queue[(offset - MP_ETH_CTDP0)/4]);
652 static void mv88w8618_eth_write(void *opaque, target_phys_addr_t offset,
655 mv88w8618_eth_state *s = opaque;
663 s->vlan_header = ((value >> MP_ETH_PCXR_2BSM_BIT) & 1) * 2;
667 if (value & MP_ETH_CMD_TXHI)
669 if (value & MP_ETH_CMD_TXLO)
671 if (value & (MP_ETH_CMD_TXHI | MP_ETH_CMD_TXLO) && s->icr & s->imr)
672 qemu_irq_raise(s->irq);
682 qemu_irq_raise(s->irq);
685 case MP_ETH_FRDP0 ... MP_ETH_FRDP3:
686 s->frx_queue[(offset - MP_ETH_FRDP0)/4] = target2host_addr(value);
689 case MP_ETH_CRDP0 ... MP_ETH_CRDP3:
690 s->rx_queue[(offset - MP_ETH_CRDP0)/4] =
691 s->cur_rx[(offset - MP_ETH_CRDP0)/4] = target2host_addr(value);
694 case MP_ETH_CTDP0 ... MP_ETH_CTDP3:
695 s->tx_queue[(offset - MP_ETH_CTDP0)/4] = target2host_addr(value);
700 static CPUReadMemoryFunc *mv88w8618_eth_readfn[] = {
706 static CPUWriteMemoryFunc *mv88w8618_eth_writefn[] = {
712 static void mv88w8618_eth_init(NICInfo *nd, uint32_t base, qemu_irq irq)
714 mv88w8618_eth_state *s;
717 qemu_check_nic_model(nd, "mv88w8618");
719 s = qemu_mallocz(sizeof(mv88w8618_eth_state));
723 s->vc = qemu_new_vlan_client(nd->vlan, nd->model, nd->name,
724 eth_receive, eth_can_receive, s);
725 iomemtype = cpu_register_io_memory(0, mv88w8618_eth_readfn,
726 mv88w8618_eth_writefn, s);
727 cpu_register_physical_memory(base, MP_ETH_SIZE, iomemtype);
730 /* LCD register offsets */
731 #define MP_LCD_IRQCTRL 0x180
732 #define MP_LCD_IRQSTAT 0x184
733 #define MP_LCD_SPICTRL 0x1ac
734 #define MP_LCD_INST 0x1bc
735 #define MP_LCD_DATA 0x1c0
738 #define MP_LCD_SPI_DATA 0x00100011
739 #define MP_LCD_SPI_CMD 0x00104011
740 #define MP_LCD_SPI_INVALID 0x00000000
743 #define MP_LCD_INST_SETPAGE0 0xB0
745 #define MP_LCD_INST_SETPAGE7 0xB7
747 #define MP_LCD_TEXTCOLOR 0xe0e0ff /* RRGGBB */
749 typedef struct musicpal_lcd_state {
755 QEMUConsole *console;
756 uint8_t video_ram[128*64/8];
757 } musicpal_lcd_state;
759 static uint32_t lcd_brightness;
761 static uint8_t scale_lcd_color(uint8_t col)
765 switch (lcd_brightness) {
766 case 0x00000007: /* 0 */
769 case 0x00020000: /* 1 */
770 return (tmp * 1) / 7;
772 case 0x00020001: /* 2 */
773 return (tmp * 2) / 7;
775 case 0x00040000: /* 3 */
776 return (tmp * 3) / 7;
778 case 0x00010006: /* 4 */
779 return (tmp * 4) / 7;
781 case 0x00020005: /* 5 */
782 return (tmp * 5) / 7;
784 case 0x00040003: /* 6 */
785 return (tmp * 6) / 7;
787 case 0x00030004: /* 7 */
793 #define SET_LCD_PIXEL(depth, type) \
794 static inline void glue(set_lcd_pixel, depth) \
795 (musicpal_lcd_state *s, int x, int y, type col) \
798 type *pixel = &((type *) ds_get_data(s->ds))[(y * 128 * 3 + x) * 3]; \
800 for (dy = 0; dy < 3; dy++, pixel += 127 * 3) \
801 for (dx = 0; dx < 3; dx++, pixel++) \
804 SET_LCD_PIXEL(8, uint8_t)
805 SET_LCD_PIXEL(16, uint16_t)
806 SET_LCD_PIXEL(32, uint32_t)
808 #include "pixel_ops.h"
810 static void lcd_refresh(void *opaque)
812 musicpal_lcd_state *s = opaque;
815 switch (ds_get_bits_per_pixel(s->ds)) {
818 #define LCD_REFRESH(depth, func) \
820 col = func(scale_lcd_color((MP_LCD_TEXTCOLOR >> 16) & 0xff), \
821 scale_lcd_color((MP_LCD_TEXTCOLOR >> 8) & 0xff), \
822 scale_lcd_color(MP_LCD_TEXTCOLOR & 0xff)); \
823 for (x = 0; x < 128; x++) \
824 for (y = 0; y < 64; y++) \
825 if (s->video_ram[x + (y/8)*128] & (1 << (y % 8))) \
826 glue(set_lcd_pixel, depth)(s, x, y, col); \
828 glue(set_lcd_pixel, depth)(s, x, y, 0); \
830 LCD_REFRESH(8, rgb_to_pixel8)
831 LCD_REFRESH(16, rgb_to_pixel16)
832 LCD_REFRESH(32, (s->ds->bgr ? rgb_to_pixel32bgr : rgb_to_pixel32))
834 cpu_abort(cpu_single_env, "unsupported colour depth %i\n",
835 ds_get_bits_per_pixel(s->ds));
838 dpy_update(s->ds, 0, 0, 128*3, 64*3);
841 static void lcd_invalidate(void *opaque)
845 static uint32_t musicpal_lcd_read(void *opaque, target_phys_addr_t offset)
847 musicpal_lcd_state *s = opaque;
858 static void musicpal_lcd_write(void *opaque, target_phys_addr_t offset,
861 musicpal_lcd_state *s = opaque;
869 if (value == MP_LCD_SPI_DATA || value == MP_LCD_SPI_CMD)
872 s->mode = MP_LCD_SPI_INVALID;
876 if (value >= MP_LCD_INST_SETPAGE0 && value <= MP_LCD_INST_SETPAGE7) {
877 s->page = value - MP_LCD_INST_SETPAGE0;
883 if (s->mode == MP_LCD_SPI_CMD) {
884 if (value >= MP_LCD_INST_SETPAGE0 &&
885 value <= MP_LCD_INST_SETPAGE7) {
886 s->page = value - MP_LCD_INST_SETPAGE0;
889 } else if (s->mode == MP_LCD_SPI_DATA) {
890 s->video_ram[s->page*128 + s->page_off] = value;
891 s->page_off = (s->page_off + 1) & 127;
897 static CPUReadMemoryFunc *musicpal_lcd_readfn[] = {
903 static CPUWriteMemoryFunc *musicpal_lcd_writefn[] = {
909 static void musicpal_lcd_init(DisplayState *ds, uint32_t base)
911 musicpal_lcd_state *s;
914 s = qemu_mallocz(sizeof(musicpal_lcd_state));
918 iomemtype = cpu_register_io_memory(0, musicpal_lcd_readfn,
919 musicpal_lcd_writefn, s);
920 cpu_register_physical_memory(base, MP_LCD_SIZE, iomemtype);
922 s->console = graphic_console_init(ds, lcd_refresh, lcd_invalidate,
924 qemu_console_resize(s->console, 128*3, 64*3);
927 /* PIC register offsets */
928 #define MP_PIC_STATUS 0x00
929 #define MP_PIC_ENABLE_SET 0x08
930 #define MP_PIC_ENABLE_CLR 0x0C
932 typedef struct mv88w8618_pic_state
937 } mv88w8618_pic_state;
939 static void mv88w8618_pic_update(mv88w8618_pic_state *s)
941 qemu_set_irq(s->parent_irq, (s->level & s->enabled));
944 static void mv88w8618_pic_set_irq(void *opaque, int irq, int level)
946 mv88w8618_pic_state *s = opaque;
949 s->level |= 1 << irq;
951 s->level &= ~(1 << irq);
952 mv88w8618_pic_update(s);
955 static uint32_t mv88w8618_pic_read(void *opaque, target_phys_addr_t offset)
957 mv88w8618_pic_state *s = opaque;
961 return s->level & s->enabled;
968 static void mv88w8618_pic_write(void *opaque, target_phys_addr_t offset,
971 mv88w8618_pic_state *s = opaque;
974 case MP_PIC_ENABLE_SET:
978 case MP_PIC_ENABLE_CLR:
979 s->enabled &= ~value;
983 mv88w8618_pic_update(s);
986 static void mv88w8618_pic_reset(void *opaque)
988 mv88w8618_pic_state *s = opaque;
994 static CPUReadMemoryFunc *mv88w8618_pic_readfn[] = {
1000 static CPUWriteMemoryFunc *mv88w8618_pic_writefn[] = {
1001 mv88w8618_pic_write,
1002 mv88w8618_pic_write,
1006 static qemu_irq *mv88w8618_pic_init(uint32_t base, qemu_irq parent_irq)
1008 mv88w8618_pic_state *s;
1012 s = qemu_mallocz(sizeof(mv88w8618_pic_state));
1015 qi = qemu_allocate_irqs(mv88w8618_pic_set_irq, s, 32);
1016 s->parent_irq = parent_irq;
1017 iomemtype = cpu_register_io_memory(0, mv88w8618_pic_readfn,
1018 mv88w8618_pic_writefn, s);
1019 cpu_register_physical_memory(base, MP_PIC_SIZE, iomemtype);
1021 qemu_register_reset(mv88w8618_pic_reset, s);
1026 /* PIT register offsets */
1027 #define MP_PIT_TIMER1_LENGTH 0x00
1029 #define MP_PIT_TIMER4_LENGTH 0x0C
1030 #define MP_PIT_CONTROL 0x10
1031 #define MP_PIT_TIMER1_VALUE 0x14
1033 #define MP_PIT_TIMER4_VALUE 0x20
1034 #define MP_BOARD_RESET 0x34
1036 /* Magic board reset value (probably some watchdog behind it) */
1037 #define MP_BOARD_RESET_MAGIC 0x10000
1039 typedef struct mv88w8618_timer_state {
1040 ptimer_state *timer;
1044 } mv88w8618_timer_state;
1046 typedef struct mv88w8618_pit_state {
1049 } mv88w8618_pit_state;
1051 static void mv88w8618_timer_tick(void *opaque)
1053 mv88w8618_timer_state *s = opaque;
1055 qemu_irq_raise(s->irq);
1058 static void *mv88w8618_timer_init(uint32_t freq, qemu_irq irq)
1060 mv88w8618_timer_state *s;
1063 s = qemu_mallocz(sizeof(mv88w8618_timer_state));
1067 bh = qemu_bh_new(mv88w8618_timer_tick, s);
1068 s->timer = ptimer_init(bh);
1073 static uint32_t mv88w8618_pit_read(void *opaque, target_phys_addr_t offset)
1075 mv88w8618_pit_state *s = opaque;
1076 mv88w8618_timer_state *t;
1079 case MP_PIT_TIMER1_VALUE ... MP_PIT_TIMER4_VALUE:
1080 t = s->timer[(offset-MP_PIT_TIMER1_VALUE) >> 2];
1081 return ptimer_get_count(t->timer);
1088 static void mv88w8618_pit_write(void *opaque, target_phys_addr_t offset,
1091 mv88w8618_pit_state *s = opaque;
1092 mv88w8618_timer_state *t;
1096 case MP_PIT_TIMER1_LENGTH ... MP_PIT_TIMER4_LENGTH:
1097 t = s->timer[offset >> 2];
1099 ptimer_set_limit(t->timer, t->limit, 1);
1102 case MP_PIT_CONTROL:
1103 for (i = 0; i < 4; i++) {
1106 ptimer_set_limit(t->timer, t->limit, 0);
1107 ptimer_set_freq(t->timer, t->freq);
1108 ptimer_run(t->timer, 0);
1114 case MP_BOARD_RESET:
1115 if (value == MP_BOARD_RESET_MAGIC)
1116 qemu_system_reset_request();
1121 static CPUReadMemoryFunc *mv88w8618_pit_readfn[] = {
1127 static CPUWriteMemoryFunc *mv88w8618_pit_writefn[] = {
1128 mv88w8618_pit_write,
1129 mv88w8618_pit_write,
1133 static void mv88w8618_pit_init(uint32_t base, qemu_irq *pic, int irq)
1136 mv88w8618_pit_state *s;
1138 s = qemu_mallocz(sizeof(mv88w8618_pit_state));
1142 /* Letting them all run at 1 MHz is likely just a pragmatic
1143 * simplification. */
1144 s->timer[0] = mv88w8618_timer_init(1000000, pic[irq]);
1145 s->timer[1] = mv88w8618_timer_init(1000000, pic[irq + 1]);
1146 s->timer[2] = mv88w8618_timer_init(1000000, pic[irq + 2]);
1147 s->timer[3] = mv88w8618_timer_init(1000000, pic[irq + 3]);
1149 iomemtype = cpu_register_io_memory(0, mv88w8618_pit_readfn,
1150 mv88w8618_pit_writefn, s);
1151 cpu_register_physical_memory(base, MP_PIT_SIZE, iomemtype);
1154 /* Flash config register offsets */
1155 #define MP_FLASHCFG_CFGR0 0x04
1157 typedef struct mv88w8618_flashcfg_state {
1159 } mv88w8618_flashcfg_state;
1161 static uint32_t mv88w8618_flashcfg_read(void *opaque,
1162 target_phys_addr_t offset)
1164 mv88w8618_flashcfg_state *s = opaque;
1167 case MP_FLASHCFG_CFGR0:
1175 static void mv88w8618_flashcfg_write(void *opaque, target_phys_addr_t offset,
1178 mv88w8618_flashcfg_state *s = opaque;
1181 case MP_FLASHCFG_CFGR0:
1187 static CPUReadMemoryFunc *mv88w8618_flashcfg_readfn[] = {
1188 mv88w8618_flashcfg_read,
1189 mv88w8618_flashcfg_read,
1190 mv88w8618_flashcfg_read
1193 static CPUWriteMemoryFunc *mv88w8618_flashcfg_writefn[] = {
1194 mv88w8618_flashcfg_write,
1195 mv88w8618_flashcfg_write,
1196 mv88w8618_flashcfg_write
1199 static void mv88w8618_flashcfg_init(uint32_t base)
1202 mv88w8618_flashcfg_state *s;
1204 s = qemu_mallocz(sizeof(mv88w8618_flashcfg_state));
1208 s->cfgr0 = 0xfffe4285; /* Default as set by U-Boot for 8 MB flash */
1209 iomemtype = cpu_register_io_memory(0, mv88w8618_flashcfg_readfn,
1210 mv88w8618_flashcfg_writefn, s);
1211 cpu_register_physical_memory(base, MP_FLASHCFG_SIZE, iomemtype);
1214 /* Various registers in the 0x80000000 domain */
1215 #define MP_BOARD_REVISION 0x2018
1217 #define MP_WLAN_MAGIC1 0xc11c
1218 #define MP_WLAN_MAGIC2 0xc124
1220 #define MP_GPIO_OE_LO 0xd008
1221 #define MP_GPIO_OUT_LO 0xd00c
1222 #define MP_GPIO_IN_LO 0xd010
1223 #define MP_GPIO_ISR_LO 0xd020
1224 #define MP_GPIO_OE_HI 0xd508
1225 #define MP_GPIO_OUT_HI 0xd50c
1226 #define MP_GPIO_IN_HI 0xd510
1227 #define MP_GPIO_ISR_HI 0xd520
1229 /* GPIO bits & masks */
1230 #define MP_GPIO_WHEEL_VOL (1 << 8)
1231 #define MP_GPIO_WHEEL_VOL_INV (1 << 9)
1232 #define MP_GPIO_WHEEL_NAV (1 << 10)
1233 #define MP_GPIO_WHEEL_NAV_INV (1 << 11)
1234 #define MP_GPIO_LCD_BRIGHTNESS 0x00070000
1235 #define MP_GPIO_BTN_FAVORITS (1 << 19)
1236 #define MP_GPIO_BTN_MENU (1 << 20)
1237 #define MP_GPIO_BTN_VOLUME (1 << 21)
1238 #define MP_GPIO_BTN_NAVIGATION (1 << 22)
1239 #define MP_GPIO_I2C_DATA_BIT 29
1240 #define MP_GPIO_I2C_DATA (1 << MP_GPIO_I2C_DATA_BIT)
1241 #define MP_GPIO_I2C_CLOCK_BIT 30
1243 /* LCD brightness bits in GPIO_OE_HI */
1244 #define MP_OE_LCD_BRIGHTNESS 0x0007
1246 static uint32_t musicpal_read(void *opaque, target_phys_addr_t offset)
1249 case MP_BOARD_REVISION:
1252 case MP_GPIO_OE_HI: /* used for LCD brightness control */
1253 return lcd_brightness & MP_OE_LCD_BRIGHTNESS;
1255 case MP_GPIO_OUT_LO:
1256 return gpio_out_state & 0xFFFF;
1257 case MP_GPIO_OUT_HI:
1258 return gpio_out_state >> 16;
1261 return gpio_in_state & 0xFFFF;
1263 /* Update received I2C data */
1264 gpio_in_state = (gpio_in_state & ~MP_GPIO_I2C_DATA) |
1265 (i2c_get_data(mixer_i2c) << MP_GPIO_I2C_DATA_BIT);
1266 return gpio_in_state >> 16;
1268 case MP_GPIO_ISR_LO:
1269 return gpio_isr & 0xFFFF;
1270 case MP_GPIO_ISR_HI:
1271 return gpio_isr >> 16;
1273 /* Workaround to allow loading the binary-only wlandrv.ko crap
1274 * from the original Freecom firmware. */
1275 case MP_WLAN_MAGIC1:
1277 case MP_WLAN_MAGIC2:
1285 static void musicpal_write(void *opaque, target_phys_addr_t offset,
1289 case MP_GPIO_OE_HI: /* used for LCD brightness control */
1290 lcd_brightness = (lcd_brightness & MP_GPIO_LCD_BRIGHTNESS) |
1291 (value & MP_OE_LCD_BRIGHTNESS);
1294 case MP_GPIO_OUT_LO:
1295 gpio_out_state = (gpio_out_state & 0xFFFF0000) | (value & 0xFFFF);
1297 case MP_GPIO_OUT_HI:
1298 gpio_out_state = (gpio_out_state & 0xFFFF) | (value << 16);
1299 lcd_brightness = (lcd_brightness & 0xFFFF) |
1300 (gpio_out_state & MP_GPIO_LCD_BRIGHTNESS);
1301 i2c_state_update(mixer_i2c,
1302 (gpio_out_state >> MP_GPIO_I2C_DATA_BIT) & 1,
1303 (gpio_out_state >> MP_GPIO_I2C_CLOCK_BIT) & 1);
1309 /* Keyboard codes & masks */
1310 #define KEY_RELEASED 0x80
1311 #define KEY_CODE 0x7f
1313 #define KEYCODE_TAB 0x0f
1314 #define KEYCODE_ENTER 0x1c
1315 #define KEYCODE_F 0x21
1316 #define KEYCODE_M 0x32
1318 #define KEYCODE_EXTENDED 0xe0
1319 #define KEYCODE_UP 0x48
1320 #define KEYCODE_DOWN 0x50
1321 #define KEYCODE_LEFT 0x4b
1322 #define KEYCODE_RIGHT 0x4d
1324 static void musicpal_key_event(void *opaque, int keycode)
1326 qemu_irq irq = opaque;
1328 static int kbd_extended;
1330 if (keycode == KEYCODE_EXTENDED) {
1336 switch (keycode & KEY_CODE) {
1338 event = MP_GPIO_WHEEL_NAV | MP_GPIO_WHEEL_NAV_INV;
1342 event = MP_GPIO_WHEEL_NAV;
1346 event = MP_GPIO_WHEEL_VOL | MP_GPIO_WHEEL_VOL_INV;
1350 event = MP_GPIO_WHEEL_VOL;
1354 switch (keycode & KEY_CODE) {
1356 event = MP_GPIO_BTN_FAVORITS;
1360 event = MP_GPIO_BTN_VOLUME;
1364 event = MP_GPIO_BTN_NAVIGATION;
1368 event = MP_GPIO_BTN_MENU;
1371 /* Do not repeat already pressed buttons */
1372 if (!(keycode & KEY_RELEASED) && !(gpio_in_state & event))
1377 if (keycode & KEY_RELEASED) {
1378 gpio_in_state |= event;
1380 gpio_in_state &= ~event;
1382 qemu_irq_raise(irq);
1389 static CPUReadMemoryFunc *musicpal_readfn[] = {
1395 static CPUWriteMemoryFunc *musicpal_writefn[] = {
1401 static struct arm_boot_info musicpal_binfo = {
1402 .loader_start = 0x0,
1406 static void musicpal_init(ram_addr_t ram_size, int vga_ram_size,
1407 const char *boot_device, DisplayState *ds,
1408 const char *kernel_filename, const char *kernel_cmdline,
1409 const char *initrd_filename, const char *cpu_model)
1415 unsigned long flash_size;
1418 cpu_model = "arm926";
1420 env = cpu_init(cpu_model);
1422 fprintf(stderr, "Unable to find CPU definition\n");
1425 pic = arm_pic_init_cpu(env);
1427 /* For now we use a fixed - the original - RAM size */
1428 cpu_register_physical_memory(0, MP_RAM_DEFAULT_SIZE,
1429 qemu_ram_alloc(MP_RAM_DEFAULT_SIZE));
1431 sram_off = qemu_ram_alloc(MP_SRAM_SIZE);
1432 cpu_register_physical_memory(MP_SRAM_BASE, MP_SRAM_SIZE, sram_off);
1434 /* Catch various stuff not handled by separate subsystems */
1435 iomemtype = cpu_register_io_memory(0, musicpal_readfn,
1436 musicpal_writefn, env);
1437 cpu_register_physical_memory(0x80000000, 0x10000, iomemtype);
1439 pic = mv88w8618_pic_init(MP_PIC_BASE, pic[ARM_PIC_CPU_IRQ]);
1440 mv88w8618_pit_init(MP_PIT_BASE, pic, MP_TIMER1_IRQ);
1443 serial_mm_init(MP_UART1_BASE, 2, pic[MP_UART1_IRQ], 1825000,
1446 serial_mm_init(MP_UART2_BASE, 2, pic[MP_UART2_IRQ], 1825000,
1449 /* Register flash */
1450 index = drive_get_index(IF_PFLASH, 0, 0);
1452 flash_size = bdrv_getlength(drives_table[index].bdrv);
1453 if (flash_size != 8*1024*1024 && flash_size != 16*1024*1024 &&
1454 flash_size != 32*1024*1024) {
1455 fprintf(stderr, "Invalid flash image size\n");
1460 * The original U-Boot accesses the flash at 0xFE000000 instead of
1461 * 0xFF800000 (if there is 8 MB flash). So remap flash access if the
1462 * image is smaller than 32 MB.
1464 pflash_cfi02_register(0-MP_FLASH_SIZE_MAX, qemu_ram_alloc(flash_size),
1465 drives_table[index].bdrv, 0x10000,
1466 (flash_size + 0xffff) >> 16,
1467 MP_FLASH_SIZE_MAX / flash_size,
1468 2, 0x00BF, 0x236D, 0x0000, 0x0000,
1471 mv88w8618_flashcfg_init(MP_FLASHCFG_BASE);
1473 musicpal_lcd_init(ds, MP_LCD_BASE);
1475 qemu_add_kbd_event_handler(musicpal_key_event, pic[MP_GPIO_IRQ]);
1477 mv88w8618_eth_init(&nd_table[0], MP_ETH_BASE, pic[MP_ETH_IRQ]);
1479 mixer_i2c = musicpal_audio_init(MP_AUDIO_BASE, pic[MP_AUDIO_IRQ]);
1481 musicpal_binfo.ram_size = MP_RAM_DEFAULT_SIZE;
1482 musicpal_binfo.kernel_filename = kernel_filename;
1483 musicpal_binfo.kernel_cmdline = kernel_cmdline;
1484 musicpal_binfo.initrd_filename = initrd_filename;
1485 arm_load_kernel(env, &musicpal_binfo);
1488 QEMUMachine musicpal_machine = {
1490 .desc = "Marvell 88w8618 / MusicPal (ARM926EJ-S)",
1491 .init = musicpal_init,
1492 .ram_require = MP_RAM_DEFAULT_SIZE + MP_SRAM_SIZE +
1493 MP_FLASH_SIZE_MAX + RAMSIZE_FIXED,
projects / qemu / blob