2 * Marvell MV88W8618 / Freecom MusicPal emulation.
4 * Copyright (c) 2008 Jan Kiszka
6 * This code is licenced under the GNU GPL v2.
16 #include "qemu-timer.h"
20 #include "audio/audio.h"
23 #define MP_ETH_BASE 0x80008000
24 #define MP_ETH_SIZE 0x00001000
26 #define MP_UART1_BASE 0x8000C840
27 #define MP_UART2_BASE 0x8000C940
29 #define MP_FLASHCFG_BASE 0x90006000
30 #define MP_FLASHCFG_SIZE 0x00001000
32 #define MP_AUDIO_BASE 0x90007000
33 #define MP_AUDIO_SIZE 0x00001000
35 #define MP_PIC_BASE 0x90008000
36 #define MP_PIC_SIZE 0x00001000
38 #define MP_PIT_BASE 0x90009000
39 #define MP_PIT_SIZE 0x00001000
41 #define MP_LCD_BASE 0x9000c000
42 #define MP_LCD_SIZE 0x00001000
44 #define MP_SRAM_BASE 0xC0000000
45 #define MP_SRAM_SIZE 0x00020000
47 #define MP_RAM_DEFAULT_SIZE 32*1024*1024
48 #define MP_FLASH_SIZE_MAX 32*1024*1024
50 #define MP_TIMER1_IRQ 4
52 #define MP_TIMER4_IRQ 7
55 #define MP_UART1_IRQ 11
56 #define MP_UART2_IRQ 11
57 #define MP_GPIO_IRQ 12
59 #define MP_AUDIO_IRQ 30
61 static uint32_t gpio_in_state = 0xffffffff;
62 static uint32_t gpio_out_state;
63 static ram_addr_t sram_off;
65 /* Address conversion helpers */
66 static void *target2host_addr(uint32_t addr)
68 if (addr < MP_SRAM_BASE) {
69 if (addr >= MP_RAM_DEFAULT_SIZE)
71 return (void *)(phys_ram_base + addr);
73 if (addr >= MP_SRAM_BASE + MP_SRAM_SIZE)
75 return (void *)(phys_ram_base + sram_off + addr - MP_SRAM_BASE);
79 static uint32_t host2target_addr(void *addr)
81 if (addr < ((void *)phys_ram_base) + sram_off)
82 return (unsigned long)addr - (unsigned long)phys_ram_base;
84 return (unsigned long)addr - (unsigned long)phys_ram_base -
85 sram_off + MP_SRAM_BASE;
89 typedef enum i2c_state {
112 typedef struct i2c_interface {
121 static void i2c_enter_stop(i2c_interface *i2c)
123 if (i2c->current_addr >= 0)
124 i2c_end_transfer(i2c->bus);
125 i2c->current_addr = -1;
126 i2c->state = STOPPED;
129 static void i2c_state_update(i2c_interface *i2c, int data, int clock)
134 switch (i2c->state) {
136 if (data == 0 && i2c->last_data == 1 && clock == 1)
137 i2c->state = INITIALIZING;
141 if (clock == 0 && i2c->last_clock == 1 && data == 0)
142 i2c->state = SENDING_BIT7;
147 case SENDING_BIT7 ... SENDING_BIT0:
148 if (clock == 0 && i2c->last_clock == 1) {
149 i2c->buffer = (i2c->buffer << 1) | data;
150 i2c->state++; /* will end up in WAITING_FOR_ACK */
151 } else if (data == 1 && i2c->last_data == 0 && clock == 1)
155 case WAITING_FOR_ACK:
156 if (clock == 0 && i2c->last_clock == 1) {
157 if (i2c->current_addr < 0) {
158 i2c->current_addr = i2c->buffer;
159 i2c_start_transfer(i2c->bus, i2c->current_addr & 0xfe,
162 i2c_send(i2c->bus, i2c->buffer);
163 if (i2c->current_addr & 1) {
164 i2c->state = RECEIVING_BIT7;
165 i2c->buffer = i2c_recv(i2c->bus);
167 i2c->state = SENDING_BIT7;
168 } else if (data == 1 && i2c->last_data == 0 && clock == 1)
172 case RECEIVING_BIT7 ... RECEIVING_BIT0:
173 if (clock == 0 && i2c->last_clock == 1) {
174 i2c->state++; /* will end up in SENDING_ACK */
176 } else if (data == 1 && i2c->last_data == 0 && clock == 1)
181 if (clock == 0 && i2c->last_clock == 1) {
182 i2c->state = RECEIVING_BIT7;
184 i2c->buffer = i2c_recv(i2c->bus);
187 } else if (data == 1 && i2c->last_data == 0 && clock == 1)
192 i2c->last_data = data;
193 i2c->last_clock = clock;
196 static int i2c_get_data(i2c_interface *i2c)
201 switch (i2c->state) {
202 case RECEIVING_BIT7 ... RECEIVING_BIT0:
203 return (i2c->buffer >> 7);
205 case WAITING_FOR_ACK:
211 static i2c_interface *mixer_i2c;
215 /* Audio register offsets */
216 #define MP_AUDIO_PLAYBACK_MODE 0x00
217 #define MP_AUDIO_CLOCK_DIV 0x18
218 #define MP_AUDIO_IRQ_STATUS 0x20
219 #define MP_AUDIO_IRQ_ENABLE 0x24
220 #define MP_AUDIO_TX_START_LO 0x28
221 #define MP_AUDIO_TX_THRESHOLD 0x2C
222 #define MP_AUDIO_TX_STATUS 0x38
223 #define MP_AUDIO_TX_START_HI 0x40
225 /* Status register and IRQ enable bits */
226 #define MP_AUDIO_TX_HALF (1 << 6)
227 #define MP_AUDIO_TX_FULL (1 << 7)
229 /* Playback mode bits */
230 #define MP_AUDIO_16BIT_SAMPLE (1 << 0)
231 #define MP_AUDIO_PLAYBACK_EN (1 << 7)
232 #define MP_AUDIO_CLOCK_24MHZ (1 << 9)
234 /* Wolfson 8750 I2C address */
235 #define MP_WM_ADDR 0x34
237 const char audio_name[] = "mv88w8618";
239 typedef struct musicpal_audio_state {
242 uint32_t playback_mode;
245 unsigned long phys_buf;
247 unsigned int threshold;
248 unsigned int play_pos;
249 unsigned int last_free;
252 } musicpal_audio_state;
254 static void audio_callback(void *opaque, int free_out, int free_in)
256 musicpal_audio_state *s = opaque;
257 int16_t *codec_buffer;
260 if (!(s->playback_mode & MP_AUDIO_PLAYBACK_EN))
263 if (s->playback_mode & MP_AUDIO_16BIT_SAMPLE)
268 block_size = s->threshold/2;
269 if (free_out - s->last_free < block_size)
272 if (s->playback_mode & MP_AUDIO_16BIT_SAMPLE)
273 memcpy(wm8750_dac_buffer(s->wm, block_size >> 2),
274 (uint32_t *)(s->target_buffer + s->play_pos),
277 codec_buffer = wm8750_dac_buffer(s->wm, block_size >> 1);
278 for (pos = 0; pos < block_size; pos += 2) {
279 *codec_buffer++ = cpu_to_le16(256 *
280 *(int8_t *)(s->target_buffer + s->play_pos + pos));
281 *codec_buffer++ = cpu_to_le16(256 *
282 *(int8_t *)(s->target_buffer + s->play_pos + pos + 1));
285 wm8750_dac_commit(s->wm);
287 s->last_free = free_out - block_size;
289 if (s->play_pos == 0) {
290 s->status |= MP_AUDIO_TX_HALF;
291 s->play_pos = block_size;
293 s->status |= MP_AUDIO_TX_FULL;
297 if (s->status & s->irq_enable)
298 qemu_irq_raise(s->irq);
301 static uint32_t musicpal_audio_read(void *opaque, target_phys_addr_t offset)
303 musicpal_audio_state *s = opaque;
307 case MP_AUDIO_PLAYBACK_MODE:
308 return s->playback_mode;
310 case MP_AUDIO_CLOCK_DIV:
313 case MP_AUDIO_IRQ_STATUS:
316 case MP_AUDIO_IRQ_ENABLE:
317 return s->irq_enable;
319 case MP_AUDIO_TX_STATUS:
320 return s->play_pos >> 2;
327 static void musicpal_audio_write(void *opaque, target_phys_addr_t offset,
330 musicpal_audio_state *s = opaque;
334 case MP_AUDIO_PLAYBACK_MODE:
335 if (value & MP_AUDIO_PLAYBACK_EN &&
336 !(s->playback_mode & MP_AUDIO_PLAYBACK_EN)) {
341 s->playback_mode = value;
344 case MP_AUDIO_CLOCK_DIV:
345 s->clock_div = value;
350 case MP_AUDIO_IRQ_STATUS:
354 case MP_AUDIO_IRQ_ENABLE:
355 s->irq_enable = value;
356 if (s->status & s->irq_enable)
357 qemu_irq_raise(s->irq);
360 case MP_AUDIO_TX_START_LO:
361 s->phys_buf = (s->phys_buf & 0xFFFF0000) | (value & 0xFFFF);
362 s->target_buffer = target2host_addr(s->phys_buf);
367 case MP_AUDIO_TX_THRESHOLD:
368 s->threshold = (value + 1) * 4;
371 case MP_AUDIO_TX_START_HI:
372 s->phys_buf = (s->phys_buf & 0xFFFF) | (value << 16);
373 s->target_buffer = target2host_addr(s->phys_buf);
380 static void musicpal_audio_reset(void *opaque)
382 musicpal_audio_state *s = opaque;
384 s->playback_mode = 0;
389 static CPUReadMemoryFunc *musicpal_audio_readfn[] = {
395 static CPUWriteMemoryFunc *musicpal_audio_writefn[] = {
396 musicpal_audio_write,
397 musicpal_audio_write,
401 static i2c_interface *musicpal_audio_init(uint32_t base, qemu_irq irq)
404 musicpal_audio_state *s;
410 AUD_log(audio_name, "No audio state\n");
414 s = qemu_mallocz(sizeof(musicpal_audio_state));
420 i2c = qemu_mallocz(sizeof(i2c_interface));
423 i2c->bus = i2c_init_bus();
424 i2c->current_addr = -1;
426 s->wm = wm8750_init(i2c->bus, audio);
429 i2c_set_slave_address(s->wm, MP_WM_ADDR);
430 wm8750_data_req_set(s->wm, audio_callback, s);
432 iomemtype = cpu_register_io_memory(0, musicpal_audio_readfn,
433 musicpal_audio_writefn, s);
434 cpu_register_physical_memory(base, MP_AUDIO_SIZE, iomemtype);
436 qemu_register_reset(musicpal_audio_reset, s);
440 #else /* !HAS_AUDIO */
441 static i2c_interface *musicpal_audio_init(uint32_t base, qemu_irq irq)
445 #endif /* !HAS_AUDIO */
447 /* Ethernet register offsets */
448 #define MP_ETH_SMIR 0x010
449 #define MP_ETH_PCXR 0x408
450 #define MP_ETH_SDCMR 0x448
451 #define MP_ETH_ICR 0x450
452 #define MP_ETH_IMR 0x458
453 #define MP_ETH_FRDP0 0x480
454 #define MP_ETH_FRDP1 0x484
455 #define MP_ETH_FRDP2 0x488
456 #define MP_ETH_FRDP3 0x48C
457 #define MP_ETH_CRDP0 0x4A0
458 #define MP_ETH_CRDP1 0x4A4
459 #define MP_ETH_CRDP2 0x4A8
460 #define MP_ETH_CRDP3 0x4AC
461 #define MP_ETH_CTDP0 0x4E0
462 #define MP_ETH_CTDP1 0x4E4
463 #define MP_ETH_CTDP2 0x4E8
464 #define MP_ETH_CTDP3 0x4EC
467 #define MP_ETH_SMIR_DATA 0x0000FFFF
468 #define MP_ETH_SMIR_ADDR 0x03FF0000
469 #define MP_ETH_SMIR_OPCODE (1 << 26) /* Read value */
470 #define MP_ETH_SMIR_RDVALID (1 << 27)
473 #define MP_ETH_PHY1_BMSR 0x00210000
474 #define MP_ETH_PHY1_PHYSID1 0x00410000
475 #define MP_ETH_PHY1_PHYSID2 0x00610000
477 #define MP_PHY_BMSR_LINK 0x0004
478 #define MP_PHY_BMSR_AUTONEG 0x0008
480 #define MP_PHY_88E3015 0x01410E20
482 /* TX descriptor status */
483 #define MP_ETH_TX_OWN (1 << 31)
485 /* RX descriptor status */
486 #define MP_ETH_RX_OWN (1 << 31)
488 /* Interrupt cause/mask bits */
489 #define MP_ETH_IRQ_RX_BIT 0
490 #define MP_ETH_IRQ_RX (1 << MP_ETH_IRQ_RX_BIT)
491 #define MP_ETH_IRQ_TXHI_BIT 2
492 #define MP_ETH_IRQ_TXLO_BIT 3
494 /* Port config bits */
495 #define MP_ETH_PCXR_2BSM_BIT 28 /* 2-byte incoming suffix */
497 /* SDMA command bits */
498 #define MP_ETH_CMD_TXHI (1 << 23)
499 #define MP_ETH_CMD_TXLO (1 << 22)
501 typedef struct mv88w8618_tx_desc {
509 typedef struct mv88w8618_rx_desc {
512 uint16_t buffer_size;
517 typedef struct mv88w8618_eth_state {
524 mv88w8618_tx_desc *tx_queue[2];
525 mv88w8618_rx_desc *rx_queue[4];
526 mv88w8618_rx_desc *frx_queue[4];
527 mv88w8618_rx_desc *cur_rx[4];
529 } mv88w8618_eth_state;
531 static int eth_can_receive(void *opaque)
536 static void eth_receive(void *opaque, const uint8_t *buf, int size)
538 mv88w8618_eth_state *s = opaque;
539 mv88w8618_rx_desc *desc;
542 for (i = 0; i < 4; i++) {
547 if (le32_to_cpu(desc->cmdstat) & MP_ETH_RX_OWN &&
548 le16_to_cpu(desc->buffer_size) >= size) {
549 memcpy(target2host_addr(le32_to_cpu(desc->buffer) +
552 desc->bytes = cpu_to_le16(size + s->vlan_header);
553 desc->cmdstat &= cpu_to_le32(~MP_ETH_RX_OWN);
554 s->cur_rx[i] = target2host_addr(le32_to_cpu(desc->next));
556 s->icr |= MP_ETH_IRQ_RX;
558 qemu_irq_raise(s->irq);
561 desc = target2host_addr(le32_to_cpu(desc->next));
562 } while (desc != s->rx_queue[i]);
566 static void eth_send(mv88w8618_eth_state *s, int queue_index)
568 mv88w8618_tx_desc *desc = s->tx_queue[queue_index];
571 if (le32_to_cpu(desc->cmdstat) & MP_ETH_TX_OWN) {
572 qemu_send_packet(s->vc,
573 target2host_addr(le32_to_cpu(desc->buffer)),
574 le16_to_cpu(desc->bytes));
575 desc->cmdstat &= cpu_to_le32(~MP_ETH_TX_OWN);
576 s->icr |= 1 << (MP_ETH_IRQ_TXLO_BIT - queue_index);
578 desc = target2host_addr(le32_to_cpu(desc->next));
579 } while (desc != s->tx_queue[queue_index]);
582 static uint32_t mv88w8618_eth_read(void *opaque, target_phys_addr_t offset)
584 mv88w8618_eth_state *s = opaque;
589 if (s->smir & MP_ETH_SMIR_OPCODE) {
590 switch (s->smir & MP_ETH_SMIR_ADDR) {
591 case MP_ETH_PHY1_BMSR:
592 return MP_PHY_BMSR_LINK | MP_PHY_BMSR_AUTONEG |
594 case MP_ETH_PHY1_PHYSID1:
595 return (MP_PHY_88E3015 >> 16) | MP_ETH_SMIR_RDVALID;
596 case MP_ETH_PHY1_PHYSID2:
597 return (MP_PHY_88E3015 & 0xFFFF) | MP_ETH_SMIR_RDVALID;
599 return MP_ETH_SMIR_RDVALID;
610 case MP_ETH_FRDP0 ... MP_ETH_FRDP3:
611 return host2target_addr(s->frx_queue[(offset - MP_ETH_FRDP0)/4]);
613 case MP_ETH_CRDP0 ... MP_ETH_CRDP3:
614 return host2target_addr(s->rx_queue[(offset - MP_ETH_CRDP0)/4]);
616 case MP_ETH_CTDP0 ... MP_ETH_CTDP3:
617 return host2target_addr(s->tx_queue[(offset - MP_ETH_CTDP0)/4]);
624 static void mv88w8618_eth_write(void *opaque, target_phys_addr_t offset,
627 mv88w8618_eth_state *s = opaque;
636 s->vlan_header = ((value >> MP_ETH_PCXR_2BSM_BIT) & 1) * 2;
640 if (value & MP_ETH_CMD_TXHI)
642 if (value & MP_ETH_CMD_TXLO)
644 if (value & (MP_ETH_CMD_TXHI | MP_ETH_CMD_TXLO) && s->icr & s->imr)
645 qemu_irq_raise(s->irq);
655 qemu_irq_raise(s->irq);
658 case MP_ETH_FRDP0 ... MP_ETH_FRDP3:
659 s->frx_queue[(offset - MP_ETH_FRDP0)/4] = target2host_addr(value);
662 case MP_ETH_CRDP0 ... MP_ETH_CRDP3:
663 s->rx_queue[(offset - MP_ETH_CRDP0)/4] =
664 s->cur_rx[(offset - MP_ETH_CRDP0)/4] = target2host_addr(value);
667 case MP_ETH_CTDP0 ... MP_ETH_CTDP3:
668 s->tx_queue[(offset - MP_ETH_CTDP0)/4] = target2host_addr(value);
673 static CPUReadMemoryFunc *mv88w8618_eth_readfn[] = {
679 static CPUWriteMemoryFunc *mv88w8618_eth_writefn[] = {
685 static void mv88w8618_eth_init(NICInfo *nd, uint32_t base, qemu_irq irq)
687 mv88w8618_eth_state *s;
690 s = qemu_mallocz(sizeof(mv88w8618_eth_state));
695 s->vc = qemu_new_vlan_client(nd->vlan, eth_receive, eth_can_receive, s);
696 iomemtype = cpu_register_io_memory(0, mv88w8618_eth_readfn,
697 mv88w8618_eth_writefn, s);
698 cpu_register_physical_memory(base, MP_ETH_SIZE, iomemtype);
701 /* LCD register offsets */
702 #define MP_LCD_IRQCTRL 0x180
703 #define MP_LCD_IRQSTAT 0x184
704 #define MP_LCD_SPICTRL 0x1ac
705 #define MP_LCD_INST 0x1bc
706 #define MP_LCD_DATA 0x1c0
709 #define MP_LCD_SPI_DATA 0x00100011
710 #define MP_LCD_SPI_CMD 0x00104011
711 #define MP_LCD_SPI_INVALID 0x00000000
714 #define MP_LCD_INST_SETPAGE0 0xB0
716 #define MP_LCD_INST_SETPAGE7 0xB7
718 #define MP_LCD_TEXTCOLOR 0xe0e0ff /* RRGGBB */
720 typedef struct musicpal_lcd_state {
727 uint8_t video_ram[128*64/8];
728 } musicpal_lcd_state;
730 static uint32_t lcd_brightness;
732 static uint8_t scale_lcd_color(uint8_t col)
736 switch (lcd_brightness) {
737 case 0x00000007: /* 0 */
740 case 0x00020000: /* 1 */
741 return (tmp * 1) / 7;
743 case 0x00020001: /* 2 */
744 return (tmp * 2) / 7;
746 case 0x00040000: /* 3 */
747 return (tmp * 3) / 7;
749 case 0x00010006: /* 4 */
750 return (tmp * 4) / 7;
752 case 0x00020005: /* 5 */
753 return (tmp * 5) / 7;
755 case 0x00040003: /* 6 */
756 return (tmp * 6) / 7;
758 case 0x00030004: /* 7 */
764 #define SET_LCD_PIXEL(depth, type) \
765 static inline void glue(set_lcd_pixel, depth) \
766 (musicpal_lcd_state *s, int x, int y, type col) \
769 type *pixel = &((type *) s->ds->data)[(y * 128 * 3 + x) * 3]; \
771 for (dy = 0; dy < 3; dy++, pixel += 127 * 3) \
772 for (dx = 0; dx < 3; dx++, pixel++) \
775 SET_LCD_PIXEL(8, uint8_t)
776 SET_LCD_PIXEL(16, uint16_t)
777 SET_LCD_PIXEL(32, uint32_t)
779 #include "pixel_ops.h"
781 static void lcd_refresh(void *opaque)
783 musicpal_lcd_state *s = opaque;
786 switch (s->ds->depth) {
789 #define LCD_REFRESH(depth, func) \
791 col = func(scale_lcd_color((MP_LCD_TEXTCOLOR >> 16) & 0xff), \
792 scale_lcd_color((MP_LCD_TEXTCOLOR >> 8) & 0xff), \
793 scale_lcd_color(MP_LCD_TEXTCOLOR & 0xff)); \
794 for (x = 0; x < 128; x++) \
795 for (y = 0; y < 64; y++) \
796 if (s->video_ram[x + (y/8)*128] & (1 << (y % 8))) \
797 glue(set_lcd_pixel, depth)(s, x, y, col); \
799 glue(set_lcd_pixel, depth)(s, x, y, 0); \
801 LCD_REFRESH(8, rgb_to_pixel8)
802 LCD_REFRESH(16, rgb_to_pixel16)
803 LCD_REFRESH(32, (s->ds->bgr ? rgb_to_pixel32bgr : rgb_to_pixel32))
805 cpu_abort(cpu_single_env, "unsupported colour depth %i\n",
809 dpy_update(s->ds, 0, 0, 128*3, 64*3);
812 static uint32_t musicpal_lcd_read(void *opaque, target_phys_addr_t offset)
814 musicpal_lcd_state *s = opaque;
826 static void musicpal_lcd_write(void *opaque, target_phys_addr_t offset,
829 musicpal_lcd_state *s = opaque;
838 if (value == MP_LCD_SPI_DATA || value == MP_LCD_SPI_CMD)
841 s->mode = MP_LCD_SPI_INVALID;
845 if (value >= MP_LCD_INST_SETPAGE0 && value <= MP_LCD_INST_SETPAGE7) {
846 s->page = value - MP_LCD_INST_SETPAGE0;
852 if (s->mode == MP_LCD_SPI_CMD) {
853 if (value >= MP_LCD_INST_SETPAGE0 &&
854 value <= MP_LCD_INST_SETPAGE7) {
855 s->page = value - MP_LCD_INST_SETPAGE0;
858 } else if (s->mode == MP_LCD_SPI_DATA) {
859 s->video_ram[s->page*128 + s->page_off] = value;
860 s->page_off = (s->page_off + 1) & 127;
866 static CPUReadMemoryFunc *musicpal_lcd_readfn[] = {
872 static CPUWriteMemoryFunc *musicpal_lcd_writefn[] = {
878 static void musicpal_lcd_init(DisplayState *ds, uint32_t base)
880 musicpal_lcd_state *s;
883 s = qemu_mallocz(sizeof(musicpal_lcd_state));
888 iomemtype = cpu_register_io_memory(0, musicpal_lcd_readfn,
889 musicpal_lcd_writefn, s);
890 cpu_register_physical_memory(base, MP_LCD_SIZE, iomemtype);
892 graphic_console_init(ds, lcd_refresh, NULL, NULL, NULL, s);
893 dpy_resize(ds, 128*3, 64*3);
896 /* PIC register offsets */
897 #define MP_PIC_STATUS 0x00
898 #define MP_PIC_ENABLE_SET 0x08
899 #define MP_PIC_ENABLE_CLR 0x0C
901 typedef struct mv88w8618_pic_state
907 } mv88w8618_pic_state;
909 static void mv88w8618_pic_update(mv88w8618_pic_state *s)
911 qemu_set_irq(s->parent_irq, (s->level & s->enabled));
914 static void mv88w8618_pic_set_irq(void *opaque, int irq, int level)
916 mv88w8618_pic_state *s = opaque;
919 s->level |= 1 << irq;
921 s->level &= ~(1 << irq);
922 mv88w8618_pic_update(s);
925 static uint32_t mv88w8618_pic_read(void *opaque, target_phys_addr_t offset)
927 mv88w8618_pic_state *s = opaque;
932 return s->level & s->enabled;
939 static void mv88w8618_pic_write(void *opaque, target_phys_addr_t offset,
942 mv88w8618_pic_state *s = opaque;
946 case MP_PIC_ENABLE_SET:
950 case MP_PIC_ENABLE_CLR:
951 s->enabled &= ~value;
955 mv88w8618_pic_update(s);
958 static void mv88w8618_pic_reset(void *opaque)
960 mv88w8618_pic_state *s = opaque;
966 static CPUReadMemoryFunc *mv88w8618_pic_readfn[] = {
972 static CPUWriteMemoryFunc *mv88w8618_pic_writefn[] = {
978 static qemu_irq *mv88w8618_pic_init(uint32_t base, qemu_irq parent_irq)
980 mv88w8618_pic_state *s;
984 s = qemu_mallocz(sizeof(mv88w8618_pic_state));
987 qi = qemu_allocate_irqs(mv88w8618_pic_set_irq, s, 32);
989 s->parent_irq = parent_irq;
990 iomemtype = cpu_register_io_memory(0, mv88w8618_pic_readfn,
991 mv88w8618_pic_writefn, s);
992 cpu_register_physical_memory(base, MP_PIC_SIZE, iomemtype);
994 qemu_register_reset(mv88w8618_pic_reset, s);
999 /* PIT register offsets */
1000 #define MP_PIT_TIMER1_LENGTH 0x00
1002 #define MP_PIT_TIMER4_LENGTH 0x0C
1003 #define MP_PIT_CONTROL 0x10
1004 #define MP_PIT_TIMER1_VALUE 0x14
1006 #define MP_PIT_TIMER4_VALUE 0x20
1007 #define MP_BOARD_RESET 0x34
1009 /* Magic board reset value (probably some watchdog behind it) */
1010 #define MP_BOARD_RESET_MAGIC 0x10000
1012 typedef struct mv88w8618_timer_state {
1013 ptimer_state *timer;
1017 } mv88w8618_timer_state;
1019 typedef struct mv88w8618_pit_state {
1023 } mv88w8618_pit_state;
1025 static void mv88w8618_timer_tick(void *opaque)
1027 mv88w8618_timer_state *s = opaque;
1029 qemu_irq_raise(s->irq);
1032 static void *mv88w8618_timer_init(uint32_t freq, qemu_irq irq)
1034 mv88w8618_timer_state *s;
1037 s = qemu_mallocz(sizeof(mv88w8618_timer_state));
1041 bh = qemu_bh_new(mv88w8618_timer_tick, s);
1042 s->timer = ptimer_init(bh);
1047 static uint32_t mv88w8618_pit_read(void *opaque, target_phys_addr_t offset)
1049 mv88w8618_pit_state *s = opaque;
1050 mv88w8618_timer_state *t;
1054 case MP_PIT_TIMER1_VALUE ... MP_PIT_TIMER4_VALUE:
1055 t = s->timer[(offset-MP_PIT_TIMER1_VALUE) >> 2];
1056 return ptimer_get_count(t->timer);
1063 static void mv88w8618_pit_write(void *opaque, target_phys_addr_t offset,
1066 mv88w8618_pit_state *s = opaque;
1067 mv88w8618_timer_state *t;
1072 case MP_PIT_TIMER1_LENGTH ... MP_PIT_TIMER4_LENGTH:
1073 t = s->timer[offset >> 2];
1075 ptimer_set_limit(t->timer, t->limit, 1);
1078 case MP_PIT_CONTROL:
1079 for (i = 0; i < 4; i++) {
1082 ptimer_set_limit(t->timer, t->limit, 0);
1083 ptimer_set_freq(t->timer, t->freq);
1084 ptimer_run(t->timer, 0);
1090 case MP_BOARD_RESET:
1091 if (value == MP_BOARD_RESET_MAGIC)
1092 qemu_system_reset_request();
1097 static CPUReadMemoryFunc *mv88w8618_pit_readfn[] = {
1103 static CPUWriteMemoryFunc *mv88w8618_pit_writefn[] = {
1104 mv88w8618_pit_write,
1105 mv88w8618_pit_write,
1109 static void mv88w8618_pit_init(uint32_t base, qemu_irq *pic, int irq)
1112 mv88w8618_pit_state *s;
1114 s = qemu_mallocz(sizeof(mv88w8618_pit_state));
1119 /* Letting them all run at 1 MHz is likely just a pragmatic
1120 * simplification. */
1121 s->timer[0] = mv88w8618_timer_init(1000000, pic[irq]);
1122 s->timer[1] = mv88w8618_timer_init(1000000, pic[irq + 1]);
1123 s->timer[2] = mv88w8618_timer_init(1000000, pic[irq + 2]);
1124 s->timer[3] = mv88w8618_timer_init(1000000, pic[irq + 3]);
1126 iomemtype = cpu_register_io_memory(0, mv88w8618_pit_readfn,
1127 mv88w8618_pit_writefn, s);
1128 cpu_register_physical_memory(base, MP_PIT_SIZE, iomemtype);
1131 /* Flash config register offsets */
1132 #define MP_FLASHCFG_CFGR0 0x04
1134 typedef struct mv88w8618_flashcfg_state {
1137 } mv88w8618_flashcfg_state;
1139 static uint32_t mv88w8618_flashcfg_read(void *opaque,
1140 target_phys_addr_t offset)
1142 mv88w8618_flashcfg_state *s = opaque;
1146 case MP_FLASHCFG_CFGR0:
1154 static void mv88w8618_flashcfg_write(void *opaque, target_phys_addr_t offset,
1157 mv88w8618_flashcfg_state *s = opaque;
1161 case MP_FLASHCFG_CFGR0:
1167 static CPUReadMemoryFunc *mv88w8618_flashcfg_readfn[] = {
1168 mv88w8618_flashcfg_read,
1169 mv88w8618_flashcfg_read,
1170 mv88w8618_flashcfg_read
1173 static CPUWriteMemoryFunc *mv88w8618_flashcfg_writefn[] = {
1174 mv88w8618_flashcfg_write,
1175 mv88w8618_flashcfg_write,
1176 mv88w8618_flashcfg_write
1179 static void mv88w8618_flashcfg_init(uint32_t base)
1182 mv88w8618_flashcfg_state *s;
1184 s = qemu_mallocz(sizeof(mv88w8618_flashcfg_state));
1189 s->cfgr0 = 0xfffe4285; /* Default as set by U-Boot for 8 MB flash */
1190 iomemtype = cpu_register_io_memory(0, mv88w8618_flashcfg_readfn,
1191 mv88w8618_flashcfg_writefn, s);
1192 cpu_register_physical_memory(base, MP_FLASHCFG_SIZE, iomemtype);
1195 /* Various registers in the 0x80000000 domain */
1196 #define MP_BOARD_REVISION 0x2018
1198 #define MP_WLAN_MAGIC1 0xc11c
1199 #define MP_WLAN_MAGIC2 0xc124
1201 #define MP_GPIO_OE_LO 0xd008
1202 #define MP_GPIO_OUT_LO 0xd00c
1203 #define MP_GPIO_IN_LO 0xd010
1204 #define MP_GPIO_ISR_LO 0xd020
1205 #define MP_GPIO_OE_HI 0xd508
1206 #define MP_GPIO_OUT_HI 0xd50c
1207 #define MP_GPIO_IN_HI 0xd510
1208 #define MP_GPIO_ISR_HI 0xd520
1210 /* GPIO bits & masks */
1211 #define MP_GPIO_WHEEL_VOL (1 << 8)
1212 #define MP_GPIO_WHEEL_VOL_INV (1 << 9)
1213 #define MP_GPIO_WHEEL_NAV (1 << 10)
1214 #define MP_GPIO_WHEEL_NAV_INV (1 << 11)
1215 #define MP_GPIO_LCD_BRIGHTNESS 0x00070000
1216 #define MP_GPIO_BTN_FAVORITS (1 << 19)
1217 #define MP_GPIO_BTN_MENU (1 << 20)
1218 #define MP_GPIO_BTN_VOLUME (1 << 21)
1219 #define MP_GPIO_BTN_NAVIGATION (1 << 22)
1220 #define MP_GPIO_I2C_DATA_BIT 29
1221 #define MP_GPIO_I2C_DATA (1 << MP_GPIO_I2C_DATA_BIT)
1222 #define MP_GPIO_I2C_CLOCK_BIT 30
1224 /* LCD brightness bits in GPIO_OE_HI */
1225 #define MP_OE_LCD_BRIGHTNESS 0x0007
1227 static uint32_t musicpal_read(void *opaque, target_phys_addr_t offset)
1229 offset -= 0x80000000;
1231 case MP_BOARD_REVISION:
1234 case MP_GPIO_OE_HI: /* used for LCD brightness control */
1235 return lcd_brightness & MP_OE_LCD_BRIGHTNESS;
1237 case MP_GPIO_OUT_LO:
1238 return gpio_out_state & 0xFFFF;
1239 case MP_GPIO_OUT_HI:
1240 return gpio_out_state >> 16;
1243 return gpio_in_state & 0xFFFF;
1245 /* Update received I2C data */
1246 gpio_in_state = (gpio_in_state & ~MP_GPIO_I2C_DATA) |
1247 (i2c_get_data(mixer_i2c) << MP_GPIO_I2C_DATA_BIT);
1248 return gpio_in_state >> 16;
1250 /* This is a simplification of reality */
1251 case MP_GPIO_ISR_LO:
1252 return ~gpio_in_state & 0xFFFF;
1253 case MP_GPIO_ISR_HI:
1254 return ~gpio_in_state >> 16;
1256 /* Workaround to allow loading the binary-only wlandrv.ko crap
1257 * from the original Freecom firmware. */
1258 case MP_WLAN_MAGIC1:
1260 case MP_WLAN_MAGIC2:
1268 static void musicpal_write(void *opaque, target_phys_addr_t offset,
1271 offset -= 0x80000000;
1273 case MP_GPIO_OE_HI: /* used for LCD brightness control */
1274 lcd_brightness = (lcd_brightness & MP_GPIO_LCD_BRIGHTNESS) |
1275 (value & MP_OE_LCD_BRIGHTNESS);
1278 case MP_GPIO_OUT_LO:
1279 gpio_out_state = (gpio_out_state & 0xFFFF0000) | (value & 0xFFFF);
1281 case MP_GPIO_OUT_HI:
1282 gpio_out_state = (gpio_out_state & 0xFFFF) | (value << 16);
1283 lcd_brightness = (lcd_brightness & 0xFFFF) |
1284 (gpio_out_state & MP_GPIO_LCD_BRIGHTNESS);
1285 i2c_state_update(mixer_i2c,
1286 (gpio_out_state >> MP_GPIO_I2C_DATA_BIT) & 1,
1287 (gpio_out_state >> MP_GPIO_I2C_CLOCK_BIT) & 1);
1293 /* Keyboard codes & masks */
1294 #define KEY_PRESSED 0x80
1295 #define KEY_CODE 0x7f
1297 #define KEYCODE_TAB 0x0f
1298 #define KEYCODE_ENTER 0x1c
1299 #define KEYCODE_F 0x21
1300 #define KEYCODE_M 0x32
1302 #define KEYCODE_EXTENDED 0xe0
1303 #define KEYCODE_UP 0x48
1304 #define KEYCODE_DOWN 0x50
1305 #define KEYCODE_LEFT 0x4b
1306 #define KEYCODE_RIGHT 0x4d
1308 static void musicpal_key_event(void *opaque, int keycode)
1310 qemu_irq irq = opaque;
1312 static int kbd_extended;
1314 if (keycode == KEYCODE_EXTENDED) {
1320 switch (keycode & KEY_CODE) {
1322 event = MP_GPIO_WHEEL_NAV | MP_GPIO_WHEEL_NAV_INV;
1326 event = MP_GPIO_WHEEL_NAV;
1330 event = MP_GPIO_WHEEL_VOL | MP_GPIO_WHEEL_VOL_INV;
1334 event = MP_GPIO_WHEEL_VOL;
1338 switch (keycode & KEY_CODE) {
1340 event = MP_GPIO_BTN_FAVORITS;
1344 event = MP_GPIO_BTN_VOLUME;
1348 event = MP_GPIO_BTN_NAVIGATION;
1352 event = MP_GPIO_BTN_MENU;
1356 if (keycode & KEY_PRESSED)
1357 gpio_in_state |= event;
1358 else if (gpio_in_state & event) {
1359 gpio_in_state &= ~event;
1360 qemu_irq_raise(irq);
1366 static CPUReadMemoryFunc *musicpal_readfn[] = {
1372 static CPUWriteMemoryFunc *musicpal_writefn[] = {
1378 static struct arm_boot_info musicpal_binfo = {
1379 .loader_start = 0x0,
1383 static void musicpal_init(ram_addr_t ram_size, int vga_ram_size,
1384 const char *boot_device, DisplayState *ds,
1385 const char *kernel_filename, const char *kernel_cmdline,
1386 const char *initrd_filename, const char *cpu_model)
1392 unsigned long flash_size;
1395 cpu_model = "arm926";
1397 env = cpu_init(cpu_model);
1399 fprintf(stderr, "Unable to find CPU definition\n");
1402 pic = arm_pic_init_cpu(env);
1404 /* For now we use a fixed - the original - RAM size */
1405 cpu_register_physical_memory(0, MP_RAM_DEFAULT_SIZE,
1406 qemu_ram_alloc(MP_RAM_DEFAULT_SIZE));
1408 sram_off = qemu_ram_alloc(MP_SRAM_SIZE);
1409 cpu_register_physical_memory(MP_SRAM_BASE, MP_SRAM_SIZE, sram_off);
1411 /* Catch various stuff not handled by separate subsystems */
1412 iomemtype = cpu_register_io_memory(0, musicpal_readfn,
1413 musicpal_writefn, env);
1414 cpu_register_physical_memory(0x80000000, 0x10000, iomemtype);
1416 pic = mv88w8618_pic_init(MP_PIC_BASE, pic[ARM_PIC_CPU_IRQ]);
1417 mv88w8618_pit_init(MP_PIT_BASE, pic, MP_TIMER1_IRQ);
1420 serial_mm_init(MP_UART1_BASE, 2, pic[MP_UART1_IRQ], /*1825000,*/
1423 serial_mm_init(MP_UART2_BASE, 2, pic[MP_UART2_IRQ], /*1825000,*/
1426 /* Register flash */
1427 index = drive_get_index(IF_PFLASH, 0, 0);
1429 flash_size = bdrv_getlength(drives_table[index].bdrv);
1430 if (flash_size != 8*1024*1024 && flash_size != 16*1024*1024 &&
1431 flash_size != 32*1024*1024) {
1432 fprintf(stderr, "Invalid flash image size\n");
1437 * The original U-Boot accesses the flash at 0xFE000000 instead of
1438 * 0xFF800000 (if there is 8 MB flash). So remap flash access if the
1439 * image is smaller than 32 MB.
1441 pflash_cfi02_register(0-MP_FLASH_SIZE_MAX, qemu_ram_alloc(flash_size),
1442 drives_table[index].bdrv, 0x10000,
1443 (flash_size + 0xffff) >> 16,
1444 MP_FLASH_SIZE_MAX / flash_size,
1445 2, 0x00BF, 0x236D, 0x0000, 0x0000,
1448 mv88w8618_flashcfg_init(MP_FLASHCFG_BASE);
1450 musicpal_lcd_init(ds, MP_LCD_BASE);
1452 qemu_add_kbd_event_handler(musicpal_key_event, pic[MP_GPIO_IRQ]);
1455 * Wait a bit to catch menu button during U-Boot start-up
1456 * (to trigger emergency update).
1460 mv88w8618_eth_init(&nd_table[0], MP_ETH_BASE, pic[MP_ETH_IRQ]);
1462 mixer_i2c = musicpal_audio_init(MP_AUDIO_BASE, pic[MP_AUDIO_IRQ]);
1464 musicpal_binfo.ram_size = MP_RAM_DEFAULT_SIZE;
1465 musicpal_binfo.kernel_filename = kernel_filename;
1466 musicpal_binfo.kernel_cmdline = kernel_cmdline;
1467 musicpal_binfo.initrd_filename = initrd_filename;
1468 arm_load_kernel(env, &musicpal_binfo);
1471 QEMUMachine musicpal_machine = {
1473 "Marvell 88w8618 / MusicPal (ARM926EJ-S)",
1475 MP_RAM_DEFAULT_SIZE + MP_SRAM_SIZE + MP_FLASH_SIZE_MAX + RAMSIZE_FIXED
projects / qemu / blob