2 * Marvell MV88W8618 / Freecom MusicPal emulation.
4 * Copyright (c) 2008 Jan Kiszka
6 * This code is licenced under the GNU GPL v2.
16 #include "qemu-timer.h"
20 #include "audio/audio.h"
23 #define MP_MISC_BASE 0x80002000
24 #define MP_MISC_SIZE 0x00001000
26 #define MP_ETH_BASE 0x80008000
27 #define MP_ETH_SIZE 0x00001000
29 #define MP_WLAN_BASE 0x8000C000
30 #define MP_WLAN_SIZE 0x00000800
32 #define MP_UART1_BASE 0x8000C840
33 #define MP_UART2_BASE 0x8000C940
35 #define MP_GPIO_BASE 0x8000D000
36 #define MP_GPIO_SIZE 0x00001000
38 #define MP_FLASHCFG_BASE 0x90006000
39 #define MP_FLASHCFG_SIZE 0x00001000
41 #define MP_AUDIO_BASE 0x90007000
42 #define MP_AUDIO_SIZE 0x00001000
44 #define MP_PIC_BASE 0x90008000
45 #define MP_PIC_SIZE 0x00001000
47 #define MP_PIT_BASE 0x90009000
48 #define MP_PIT_SIZE 0x00001000
50 #define MP_LCD_BASE 0x9000c000
51 #define MP_LCD_SIZE 0x00001000
53 #define MP_SRAM_BASE 0xC0000000
54 #define MP_SRAM_SIZE 0x00020000
56 #define MP_RAM_DEFAULT_SIZE 32*1024*1024
57 #define MP_FLASH_SIZE_MAX 32*1024*1024
59 #define MP_TIMER1_IRQ 4
61 #define MP_TIMER4_IRQ 7
64 #define MP_UART1_IRQ 11
65 #define MP_UART2_IRQ 11
66 #define MP_GPIO_IRQ 12
68 #define MP_AUDIO_IRQ 30
70 static uint32_t gpio_in_state = 0xffffffff;
71 static uint32_t gpio_isr;
72 static uint32_t gpio_out_state;
73 static ram_addr_t sram_off;
75 /* Address conversion helpers */
76 static void *target2host_addr(uint32_t addr)
78 if (addr < MP_SRAM_BASE) {
79 if (addr >= MP_RAM_DEFAULT_SIZE)
81 return (void *)(phys_ram_base + addr);
83 if (addr >= MP_SRAM_BASE + MP_SRAM_SIZE)
85 return (void *)(phys_ram_base + sram_off + addr - MP_SRAM_BASE);
89 static uint32_t host2target_addr(void *addr)
91 if (addr < ((void *)phys_ram_base) + sram_off)
92 return (unsigned long)addr - (unsigned long)phys_ram_base;
94 return (unsigned long)addr - (unsigned long)phys_ram_base -
95 sram_off + MP_SRAM_BASE;
99 typedef enum i2c_state {
122 typedef struct i2c_interface {
131 static void i2c_enter_stop(i2c_interface *i2c)
133 if (i2c->current_addr >= 0)
134 i2c_end_transfer(i2c->bus);
135 i2c->current_addr = -1;
136 i2c->state = STOPPED;
139 static void i2c_state_update(i2c_interface *i2c, int data, int clock)
144 switch (i2c->state) {
146 if (data == 0 && i2c->last_data == 1 && clock == 1)
147 i2c->state = INITIALIZING;
151 if (clock == 0 && i2c->last_clock == 1 && data == 0)
152 i2c->state = SENDING_BIT7;
157 case SENDING_BIT7 ... SENDING_BIT0:
158 if (clock == 0 && i2c->last_clock == 1) {
159 i2c->buffer = (i2c->buffer << 1) | data;
160 i2c->state++; /* will end up in WAITING_FOR_ACK */
161 } else if (data == 1 && i2c->last_data == 0 && clock == 1)
165 case WAITING_FOR_ACK:
166 if (clock == 0 && i2c->last_clock == 1) {
167 if (i2c->current_addr < 0) {
168 i2c->current_addr = i2c->buffer;
169 i2c_start_transfer(i2c->bus, i2c->current_addr & 0xfe,
172 i2c_send(i2c->bus, i2c->buffer);
173 if (i2c->current_addr & 1) {
174 i2c->state = RECEIVING_BIT7;
175 i2c->buffer = i2c_recv(i2c->bus);
177 i2c->state = SENDING_BIT7;
178 } else if (data == 1 && i2c->last_data == 0 && clock == 1)
182 case RECEIVING_BIT7 ... RECEIVING_BIT0:
183 if (clock == 0 && i2c->last_clock == 1) {
184 i2c->state++; /* will end up in SENDING_ACK */
186 } else if (data == 1 && i2c->last_data == 0 && clock == 1)
191 if (clock == 0 && i2c->last_clock == 1) {
192 i2c->state = RECEIVING_BIT7;
194 i2c->buffer = i2c_recv(i2c->bus);
197 } else if (data == 1 && i2c->last_data == 0 && clock == 1)
202 i2c->last_data = data;
203 i2c->last_clock = clock;
206 static int i2c_get_data(i2c_interface *i2c)
211 switch (i2c->state) {
212 case RECEIVING_BIT7 ... RECEIVING_BIT0:
213 return (i2c->buffer >> 7);
215 case WAITING_FOR_ACK:
221 static i2c_interface *mixer_i2c;
225 /* Audio register offsets */
226 #define MP_AUDIO_PLAYBACK_MODE 0x00
227 #define MP_AUDIO_CLOCK_DIV 0x18
228 #define MP_AUDIO_IRQ_STATUS 0x20
229 #define MP_AUDIO_IRQ_ENABLE 0x24
230 #define MP_AUDIO_TX_START_LO 0x28
231 #define MP_AUDIO_TX_THRESHOLD 0x2C
232 #define MP_AUDIO_TX_STATUS 0x38
233 #define MP_AUDIO_TX_START_HI 0x40
235 /* Status register and IRQ enable bits */
236 #define MP_AUDIO_TX_HALF (1 << 6)
237 #define MP_AUDIO_TX_FULL (1 << 7)
239 /* Playback mode bits */
240 #define MP_AUDIO_16BIT_SAMPLE (1 << 0)
241 #define MP_AUDIO_PLAYBACK_EN (1 << 7)
242 #define MP_AUDIO_CLOCK_24MHZ (1 << 9)
243 #define MP_AUDIO_MONO (1 << 14)
245 /* Wolfson 8750 I2C address */
246 #define MP_WM_ADDR 0x34
248 static const char audio_name[] = "mv88w8618";
250 typedef struct musicpal_audio_state {
252 uint32_t playback_mode;
255 unsigned long phys_buf;
256 int8_t *target_buffer;
257 unsigned int threshold;
258 unsigned int play_pos;
259 unsigned int last_free;
262 } musicpal_audio_state;
264 static void audio_callback(void *opaque, int free_out, int free_in)
266 musicpal_audio_state *s = opaque;
267 int16_t *codec_buffer;
271 if (!(s->playback_mode & MP_AUDIO_PLAYBACK_EN))
274 if (s->playback_mode & MP_AUDIO_16BIT_SAMPLE)
277 if (!(s->playback_mode & MP_AUDIO_MONO))
280 block_size = s->threshold/2;
281 if (free_out - s->last_free < block_size)
284 mem_buffer = s->target_buffer + s->play_pos;
285 if (s->playback_mode & MP_AUDIO_16BIT_SAMPLE) {
286 if (s->playback_mode & MP_AUDIO_MONO) {
287 codec_buffer = wm8750_dac_buffer(s->wm, block_size >> 1);
288 for (pos = 0; pos < block_size; pos += 2) {
289 *codec_buffer++ = *(int16_t *)mem_buffer;
290 *codec_buffer++ = *(int16_t *)mem_buffer;
294 memcpy(wm8750_dac_buffer(s->wm, block_size >> 2),
295 (uint32_t *)mem_buffer, block_size);
297 if (s->playback_mode & MP_AUDIO_MONO) {
298 codec_buffer = wm8750_dac_buffer(s->wm, block_size);
299 for (pos = 0; pos < block_size; pos++) {
300 *codec_buffer++ = cpu_to_le16(256 * *mem_buffer);
301 *codec_buffer++ = cpu_to_le16(256 * *mem_buffer++);
304 codec_buffer = wm8750_dac_buffer(s->wm, block_size >> 1);
305 for (pos = 0; pos < block_size; pos += 2) {
306 *codec_buffer++ = cpu_to_le16(256 * *mem_buffer++);
307 *codec_buffer++ = cpu_to_le16(256 * *mem_buffer++);
311 wm8750_dac_commit(s->wm);
313 s->last_free = free_out - block_size;
315 if (s->play_pos == 0) {
316 s->status |= MP_AUDIO_TX_HALF;
317 s->play_pos = block_size;
319 s->status |= MP_AUDIO_TX_FULL;
323 if (s->status & s->irq_enable)
324 qemu_irq_raise(s->irq);
327 static void musicpal_audio_clock_update(musicpal_audio_state *s)
331 if (s->playback_mode & MP_AUDIO_CLOCK_24MHZ)
332 rate = 24576000 / 64; /* 24.576MHz */
334 rate = 11289600 / 64; /* 11.2896MHz */
336 rate /= ((s->clock_div >> 8) & 0xff) + 1;
338 wm8750_set_bclk_in(s->wm, rate);
341 static uint32_t musicpal_audio_read(void *opaque, target_phys_addr_t offset)
343 musicpal_audio_state *s = opaque;
346 case MP_AUDIO_PLAYBACK_MODE:
347 return s->playback_mode;
349 case MP_AUDIO_CLOCK_DIV:
352 case MP_AUDIO_IRQ_STATUS:
355 case MP_AUDIO_IRQ_ENABLE:
356 return s->irq_enable;
358 case MP_AUDIO_TX_STATUS:
359 return s->play_pos >> 2;
366 static void musicpal_audio_write(void *opaque, target_phys_addr_t offset,
369 musicpal_audio_state *s = opaque;
372 case MP_AUDIO_PLAYBACK_MODE:
373 if (value & MP_AUDIO_PLAYBACK_EN &&
374 !(s->playback_mode & MP_AUDIO_PLAYBACK_EN)) {
379 s->playback_mode = value;
380 musicpal_audio_clock_update(s);
383 case MP_AUDIO_CLOCK_DIV:
384 s->clock_div = value;
387 musicpal_audio_clock_update(s);
390 case MP_AUDIO_IRQ_STATUS:
394 case MP_AUDIO_IRQ_ENABLE:
395 s->irq_enable = value;
396 if (s->status & s->irq_enable)
397 qemu_irq_raise(s->irq);
400 case MP_AUDIO_TX_START_LO:
401 s->phys_buf = (s->phys_buf & 0xFFFF0000) | (value & 0xFFFF);
402 s->target_buffer = target2host_addr(s->phys_buf);
407 case MP_AUDIO_TX_THRESHOLD:
408 s->threshold = (value + 1) * 4;
411 case MP_AUDIO_TX_START_HI:
412 s->phys_buf = (s->phys_buf & 0xFFFF) | (value << 16);
413 s->target_buffer = target2host_addr(s->phys_buf);
420 static void musicpal_audio_reset(void *opaque)
422 musicpal_audio_state *s = opaque;
424 s->playback_mode = 0;
429 static CPUReadMemoryFunc *musicpal_audio_readfn[] = {
435 static CPUWriteMemoryFunc *musicpal_audio_writefn[] = {
436 musicpal_audio_write,
437 musicpal_audio_write,
441 static i2c_interface *musicpal_audio_init(qemu_irq irq)
444 musicpal_audio_state *s;
450 AUD_log(audio_name, "No audio state\n");
454 s = qemu_mallocz(sizeof(musicpal_audio_state));
457 i2c = qemu_mallocz(sizeof(i2c_interface));
458 i2c->bus = i2c_init_bus();
459 i2c->current_addr = -1;
461 s->wm = wm8750_init(i2c->bus, audio);
464 i2c_set_slave_address(s->wm, MP_WM_ADDR);
465 wm8750_data_req_set(s->wm, audio_callback, s);
467 iomemtype = cpu_register_io_memory(0, musicpal_audio_readfn,
468 musicpal_audio_writefn, s);
469 cpu_register_physical_memory(MP_AUDIO_BASE, MP_AUDIO_SIZE, iomemtype);
471 qemu_register_reset(musicpal_audio_reset, s);
475 #else /* !HAS_AUDIO */
476 static i2c_interface *musicpal_audio_init(qemu_irq irq)
480 #endif /* !HAS_AUDIO */
482 /* Ethernet register offsets */
483 #define MP_ETH_SMIR 0x010
484 #define MP_ETH_PCXR 0x408
485 #define MP_ETH_SDCMR 0x448
486 #define MP_ETH_ICR 0x450
487 #define MP_ETH_IMR 0x458
488 #define MP_ETH_FRDP0 0x480
489 #define MP_ETH_FRDP1 0x484
490 #define MP_ETH_FRDP2 0x488
491 #define MP_ETH_FRDP3 0x48C
492 #define MP_ETH_CRDP0 0x4A0
493 #define MP_ETH_CRDP1 0x4A4
494 #define MP_ETH_CRDP2 0x4A8
495 #define MP_ETH_CRDP3 0x4AC
496 #define MP_ETH_CTDP0 0x4E0
497 #define MP_ETH_CTDP1 0x4E4
498 #define MP_ETH_CTDP2 0x4E8
499 #define MP_ETH_CTDP3 0x4EC
502 #define MP_ETH_SMIR_DATA 0x0000FFFF
503 #define MP_ETH_SMIR_ADDR 0x03FF0000
504 #define MP_ETH_SMIR_OPCODE (1 << 26) /* Read value */
505 #define MP_ETH_SMIR_RDVALID (1 << 27)
508 #define MP_ETH_PHY1_BMSR 0x00210000
509 #define MP_ETH_PHY1_PHYSID1 0x00410000
510 #define MP_ETH_PHY1_PHYSID2 0x00610000
512 #define MP_PHY_BMSR_LINK 0x0004
513 #define MP_PHY_BMSR_AUTONEG 0x0008
515 #define MP_PHY_88E3015 0x01410E20
517 /* TX descriptor status */
518 #define MP_ETH_TX_OWN (1 << 31)
520 /* RX descriptor status */
521 #define MP_ETH_RX_OWN (1 << 31)
523 /* Interrupt cause/mask bits */
524 #define MP_ETH_IRQ_RX_BIT 0
525 #define MP_ETH_IRQ_RX (1 << MP_ETH_IRQ_RX_BIT)
526 #define MP_ETH_IRQ_TXHI_BIT 2
527 #define MP_ETH_IRQ_TXLO_BIT 3
529 /* Port config bits */
530 #define MP_ETH_PCXR_2BSM_BIT 28 /* 2-byte incoming suffix */
532 /* SDMA command bits */
533 #define MP_ETH_CMD_TXHI (1 << 23)
534 #define MP_ETH_CMD_TXLO (1 << 22)
536 typedef struct mv88w8618_tx_desc {
544 typedef struct mv88w8618_rx_desc {
547 uint16_t buffer_size;
552 typedef struct mv88w8618_eth_state {
558 mv88w8618_tx_desc *tx_queue[2];
559 mv88w8618_rx_desc *rx_queue[4];
560 mv88w8618_rx_desc *frx_queue[4];
561 mv88w8618_rx_desc *cur_rx[4];
563 } mv88w8618_eth_state;
565 static int eth_can_receive(void *opaque)
570 static void eth_receive(void *opaque, const uint8_t *buf, int size)
572 mv88w8618_eth_state *s = opaque;
573 mv88w8618_rx_desc *desc;
576 for (i = 0; i < 4; i++) {
581 if (le32_to_cpu(desc->cmdstat) & MP_ETH_RX_OWN &&
582 le16_to_cpu(desc->buffer_size) >= size) {
583 memcpy(target2host_addr(le32_to_cpu(desc->buffer) +
586 desc->bytes = cpu_to_le16(size + s->vlan_header);
587 desc->cmdstat &= cpu_to_le32(~MP_ETH_RX_OWN);
588 s->cur_rx[i] = target2host_addr(le32_to_cpu(desc->next));
590 s->icr |= MP_ETH_IRQ_RX;
592 qemu_irq_raise(s->irq);
595 desc = target2host_addr(le32_to_cpu(desc->next));
596 } while (desc != s->rx_queue[i]);
600 static void eth_send(mv88w8618_eth_state *s, int queue_index)
602 mv88w8618_tx_desc *desc = s->tx_queue[queue_index];
605 if (le32_to_cpu(desc->cmdstat) & MP_ETH_TX_OWN) {
606 qemu_send_packet(s->vc,
607 target2host_addr(le32_to_cpu(desc->buffer)),
608 le16_to_cpu(desc->bytes));
609 desc->cmdstat &= cpu_to_le32(~MP_ETH_TX_OWN);
610 s->icr |= 1 << (MP_ETH_IRQ_TXLO_BIT - queue_index);
612 desc = target2host_addr(le32_to_cpu(desc->next));
613 } while (desc != s->tx_queue[queue_index]);
616 static uint32_t mv88w8618_eth_read(void *opaque, target_phys_addr_t offset)
618 mv88w8618_eth_state *s = opaque;
622 if (s->smir & MP_ETH_SMIR_OPCODE) {
623 switch (s->smir & MP_ETH_SMIR_ADDR) {
624 case MP_ETH_PHY1_BMSR:
625 return MP_PHY_BMSR_LINK | MP_PHY_BMSR_AUTONEG |
627 case MP_ETH_PHY1_PHYSID1:
628 return (MP_PHY_88E3015 >> 16) | MP_ETH_SMIR_RDVALID;
629 case MP_ETH_PHY1_PHYSID2:
630 return (MP_PHY_88E3015 & 0xFFFF) | MP_ETH_SMIR_RDVALID;
632 return MP_ETH_SMIR_RDVALID;
643 case MP_ETH_FRDP0 ... MP_ETH_FRDP3:
644 return host2target_addr(s->frx_queue[(offset - MP_ETH_FRDP0)/4]);
646 case MP_ETH_CRDP0 ... MP_ETH_CRDP3:
647 return host2target_addr(s->rx_queue[(offset - MP_ETH_CRDP0)/4]);
649 case MP_ETH_CTDP0 ... MP_ETH_CTDP3:
650 return host2target_addr(s->tx_queue[(offset - MP_ETH_CTDP0)/4]);
657 static void mv88w8618_eth_write(void *opaque, target_phys_addr_t offset,
660 mv88w8618_eth_state *s = opaque;
668 s->vlan_header = ((value >> MP_ETH_PCXR_2BSM_BIT) & 1) * 2;
672 if (value & MP_ETH_CMD_TXHI)
674 if (value & MP_ETH_CMD_TXLO)
676 if (value & (MP_ETH_CMD_TXHI | MP_ETH_CMD_TXLO) && s->icr & s->imr)
677 qemu_irq_raise(s->irq);
687 qemu_irq_raise(s->irq);
690 case MP_ETH_FRDP0 ... MP_ETH_FRDP3:
691 s->frx_queue[(offset - MP_ETH_FRDP0)/4] = target2host_addr(value);
694 case MP_ETH_CRDP0 ... MP_ETH_CRDP3:
695 s->rx_queue[(offset - MP_ETH_CRDP0)/4] =
696 s->cur_rx[(offset - MP_ETH_CRDP0)/4] = target2host_addr(value);
699 case MP_ETH_CTDP0 ... MP_ETH_CTDP3:
700 s->tx_queue[(offset - MP_ETH_CTDP0)/4] = target2host_addr(value);
705 static CPUReadMemoryFunc *mv88w8618_eth_readfn[] = {
711 static CPUWriteMemoryFunc *mv88w8618_eth_writefn[] = {
717 static void mv88w8618_eth_init(NICInfo *nd, uint32_t base, qemu_irq irq)
719 mv88w8618_eth_state *s;
722 qemu_check_nic_model(nd, "mv88w8618");
724 s = qemu_mallocz(sizeof(mv88w8618_eth_state));
726 s->vc = qemu_new_vlan_client(nd->vlan, nd->model, nd->name,
727 eth_receive, eth_can_receive, s);
728 iomemtype = cpu_register_io_memory(0, mv88w8618_eth_readfn,
729 mv88w8618_eth_writefn, s);
730 cpu_register_physical_memory(base, MP_ETH_SIZE, iomemtype);
733 /* LCD register offsets */
734 #define MP_LCD_IRQCTRL 0x180
735 #define MP_LCD_IRQSTAT 0x184
736 #define MP_LCD_SPICTRL 0x1ac
737 #define MP_LCD_INST 0x1bc
738 #define MP_LCD_DATA 0x1c0
741 #define MP_LCD_SPI_DATA 0x00100011
742 #define MP_LCD_SPI_CMD 0x00104011
743 #define MP_LCD_SPI_INVALID 0x00000000
746 #define MP_LCD_INST_SETPAGE0 0xB0
748 #define MP_LCD_INST_SETPAGE7 0xB7
750 #define MP_LCD_TEXTCOLOR 0xe0e0ff /* RRGGBB */
752 typedef struct musicpal_lcd_state {
758 uint8_t video_ram[128*64/8];
759 } musicpal_lcd_state;
761 static uint32_t lcd_brightness;
763 static uint8_t scale_lcd_color(uint8_t col)
767 switch (lcd_brightness) {
768 case 0x00000007: /* 0 */
771 case 0x00020000: /* 1 */
772 return (tmp * 1) / 7;
774 case 0x00020001: /* 2 */
775 return (tmp * 2) / 7;
777 case 0x00040000: /* 3 */
778 return (tmp * 3) / 7;
780 case 0x00010006: /* 4 */
781 return (tmp * 4) / 7;
783 case 0x00020005: /* 5 */
784 return (tmp * 5) / 7;
786 case 0x00040003: /* 6 */
787 return (tmp * 6) / 7;
789 case 0x00030004: /* 7 */
795 #define SET_LCD_PIXEL(depth, type) \
796 static inline void glue(set_lcd_pixel, depth) \
797 (musicpal_lcd_state *s, int x, int y, type col) \
800 type *pixel = &((type *) ds_get_data(s->ds))[(y * 128 * 3 + x) * 3]; \
802 for (dy = 0; dy < 3; dy++, pixel += 127 * 3) \
803 for (dx = 0; dx < 3; dx++, pixel++) \
806 SET_LCD_PIXEL(8, uint8_t)
807 SET_LCD_PIXEL(16, uint16_t)
808 SET_LCD_PIXEL(32, uint32_t)
810 #include "pixel_ops.h"
812 static void lcd_refresh(void *opaque)
814 musicpal_lcd_state *s = opaque;
817 switch (ds_get_bits_per_pixel(s->ds)) {
820 #define LCD_REFRESH(depth, func) \
822 col = func(scale_lcd_color((MP_LCD_TEXTCOLOR >> 16) & 0xff), \
823 scale_lcd_color((MP_LCD_TEXTCOLOR >> 8) & 0xff), \
824 scale_lcd_color(MP_LCD_TEXTCOLOR & 0xff)); \
825 for (x = 0; x < 128; x++) \
826 for (y = 0; y < 64; y++) \
827 if (s->video_ram[x + (y/8)*128] & (1 << (y % 8))) \
828 glue(set_lcd_pixel, depth)(s, x, y, col); \
830 glue(set_lcd_pixel, depth)(s, x, y, 0); \
832 LCD_REFRESH(8, rgb_to_pixel8)
833 LCD_REFRESH(16, rgb_to_pixel16)
834 LCD_REFRESH(32, (is_surface_bgr(s->ds) ? rgb_to_pixel32bgr : rgb_to_pixel32))
836 cpu_abort(cpu_single_env, "unsupported colour depth %i\n",
837 ds_get_bits_per_pixel(s->ds));
840 dpy_update(s->ds, 0, 0, 128*3, 64*3);
843 static void lcd_invalidate(void *opaque)
847 static uint32_t musicpal_lcd_read(void *opaque, target_phys_addr_t offset)
849 musicpal_lcd_state *s = opaque;
860 static void musicpal_lcd_write(void *opaque, target_phys_addr_t offset,
863 musicpal_lcd_state *s = opaque;
871 if (value == MP_LCD_SPI_DATA || value == MP_LCD_SPI_CMD)
874 s->mode = MP_LCD_SPI_INVALID;
878 if (value >= MP_LCD_INST_SETPAGE0 && value <= MP_LCD_INST_SETPAGE7) {
879 s->page = value - MP_LCD_INST_SETPAGE0;
885 if (s->mode == MP_LCD_SPI_CMD) {
886 if (value >= MP_LCD_INST_SETPAGE0 &&
887 value <= MP_LCD_INST_SETPAGE7) {
888 s->page = value - MP_LCD_INST_SETPAGE0;
891 } else if (s->mode == MP_LCD_SPI_DATA) {
892 s->video_ram[s->page*128 + s->page_off] = value;
893 s->page_off = (s->page_off + 1) & 127;
899 static CPUReadMemoryFunc *musicpal_lcd_readfn[] = {
905 static CPUWriteMemoryFunc *musicpal_lcd_writefn[] = {
911 static void musicpal_lcd_init(void)
913 musicpal_lcd_state *s;
916 s = qemu_mallocz(sizeof(musicpal_lcd_state));
917 iomemtype = cpu_register_io_memory(0, musicpal_lcd_readfn,
918 musicpal_lcd_writefn, s);
919 cpu_register_physical_memory(MP_LCD_BASE, MP_LCD_SIZE, iomemtype);
921 s->ds = graphic_console_init(lcd_refresh, lcd_invalidate,
923 qemu_console_resize(s->ds, 128*3, 64*3);
926 /* PIC register offsets */
927 #define MP_PIC_STATUS 0x00
928 #define MP_PIC_ENABLE_SET 0x08
929 #define MP_PIC_ENABLE_CLR 0x0C
931 typedef struct mv88w8618_pic_state
936 } mv88w8618_pic_state;
938 static void mv88w8618_pic_update(mv88w8618_pic_state *s)
940 qemu_set_irq(s->parent_irq, (s->level & s->enabled));
943 static void mv88w8618_pic_set_irq(void *opaque, int irq, int level)
945 mv88w8618_pic_state *s = opaque;
948 s->level |= 1 << irq;
950 s->level &= ~(1 << irq);
951 mv88w8618_pic_update(s);
954 static uint32_t mv88w8618_pic_read(void *opaque, target_phys_addr_t offset)
956 mv88w8618_pic_state *s = opaque;
960 return s->level & s->enabled;
967 static void mv88w8618_pic_write(void *opaque, target_phys_addr_t offset,
970 mv88w8618_pic_state *s = opaque;
973 case MP_PIC_ENABLE_SET:
977 case MP_PIC_ENABLE_CLR:
978 s->enabled &= ~value;
982 mv88w8618_pic_update(s);
985 static void mv88w8618_pic_reset(void *opaque)
987 mv88w8618_pic_state *s = opaque;
993 static CPUReadMemoryFunc *mv88w8618_pic_readfn[] = {
999 static CPUWriteMemoryFunc *mv88w8618_pic_writefn[] = {
1000 mv88w8618_pic_write,
1001 mv88w8618_pic_write,
1005 static qemu_irq *mv88w8618_pic_init(uint32_t base, qemu_irq parent_irq)
1007 mv88w8618_pic_state *s;
1011 s = qemu_mallocz(sizeof(mv88w8618_pic_state));
1012 qi = qemu_allocate_irqs(mv88w8618_pic_set_irq, s, 32);
1013 s->parent_irq = parent_irq;
1014 iomemtype = cpu_register_io_memory(0, mv88w8618_pic_readfn,
1015 mv88w8618_pic_writefn, s);
1016 cpu_register_physical_memory(base, MP_PIC_SIZE, iomemtype);
1018 qemu_register_reset(mv88w8618_pic_reset, s);
1023 /* PIT register offsets */
1024 #define MP_PIT_TIMER1_LENGTH 0x00
1026 #define MP_PIT_TIMER4_LENGTH 0x0C
1027 #define MP_PIT_CONTROL 0x10
1028 #define MP_PIT_TIMER1_VALUE 0x14
1030 #define MP_PIT_TIMER4_VALUE 0x20
1031 #define MP_BOARD_RESET 0x34
1033 /* Magic board reset value (probably some watchdog behind it) */
1034 #define MP_BOARD_RESET_MAGIC 0x10000
1036 typedef struct mv88w8618_timer_state {
1037 ptimer_state *timer;
1041 } mv88w8618_timer_state;
1043 typedef struct mv88w8618_pit_state {
1046 } mv88w8618_pit_state;
1048 static void mv88w8618_timer_tick(void *opaque)
1050 mv88w8618_timer_state *s = opaque;
1052 qemu_irq_raise(s->irq);
1055 static void *mv88w8618_timer_init(uint32_t freq, qemu_irq irq)
1057 mv88w8618_timer_state *s;
1060 s = qemu_mallocz(sizeof(mv88w8618_timer_state));
1064 bh = qemu_bh_new(mv88w8618_timer_tick, s);
1065 s->timer = ptimer_init(bh);
1070 static uint32_t mv88w8618_pit_read(void *opaque, target_phys_addr_t offset)
1072 mv88w8618_pit_state *s = opaque;
1073 mv88w8618_timer_state *t;
1076 case MP_PIT_TIMER1_VALUE ... MP_PIT_TIMER4_VALUE:
1077 t = s->timer[(offset-MP_PIT_TIMER1_VALUE) >> 2];
1078 return ptimer_get_count(t->timer);
1085 static void mv88w8618_pit_write(void *opaque, target_phys_addr_t offset,
1088 mv88w8618_pit_state *s = opaque;
1089 mv88w8618_timer_state *t;
1093 case MP_PIT_TIMER1_LENGTH ... MP_PIT_TIMER4_LENGTH:
1094 t = s->timer[offset >> 2];
1096 ptimer_set_limit(t->timer, t->limit, 1);
1099 case MP_PIT_CONTROL:
1100 for (i = 0; i < 4; i++) {
1103 ptimer_set_limit(t->timer, t->limit, 0);
1104 ptimer_set_freq(t->timer, t->freq);
1105 ptimer_run(t->timer, 0);
1111 case MP_BOARD_RESET:
1112 if (value == MP_BOARD_RESET_MAGIC)
1113 qemu_system_reset_request();
1118 static CPUReadMemoryFunc *mv88w8618_pit_readfn[] = {
1124 static CPUWriteMemoryFunc *mv88w8618_pit_writefn[] = {
1125 mv88w8618_pit_write,
1126 mv88w8618_pit_write,
1130 static void mv88w8618_pit_init(uint32_t base, qemu_irq *pic, int irq)
1133 mv88w8618_pit_state *s;
1135 s = qemu_mallocz(sizeof(mv88w8618_pit_state));
1137 /* Letting them all run at 1 MHz is likely just a pragmatic
1138 * simplification. */
1139 s->timer[0] = mv88w8618_timer_init(1000000, pic[irq]);
1140 s->timer[1] = mv88w8618_timer_init(1000000, pic[irq + 1]);
1141 s->timer[2] = mv88w8618_timer_init(1000000, pic[irq + 2]);
1142 s->timer[3] = mv88w8618_timer_init(1000000, pic[irq + 3]);
1144 iomemtype = cpu_register_io_memory(0, mv88w8618_pit_readfn,
1145 mv88w8618_pit_writefn, s);
1146 cpu_register_physical_memory(base, MP_PIT_SIZE, iomemtype);
1149 /* Flash config register offsets */
1150 #define MP_FLASHCFG_CFGR0 0x04
1152 typedef struct mv88w8618_flashcfg_state {
1154 } mv88w8618_flashcfg_state;
1156 static uint32_t mv88w8618_flashcfg_read(void *opaque,
1157 target_phys_addr_t offset)
1159 mv88w8618_flashcfg_state *s = opaque;
1162 case MP_FLASHCFG_CFGR0:
1170 static void mv88w8618_flashcfg_write(void *opaque, target_phys_addr_t offset,
1173 mv88w8618_flashcfg_state *s = opaque;
1176 case MP_FLASHCFG_CFGR0:
1182 static CPUReadMemoryFunc *mv88w8618_flashcfg_readfn[] = {
1183 mv88w8618_flashcfg_read,
1184 mv88w8618_flashcfg_read,
1185 mv88w8618_flashcfg_read
1188 static CPUWriteMemoryFunc *mv88w8618_flashcfg_writefn[] = {
1189 mv88w8618_flashcfg_write,
1190 mv88w8618_flashcfg_write,
1191 mv88w8618_flashcfg_write
1194 static void mv88w8618_flashcfg_init(uint32_t base)
1197 mv88w8618_flashcfg_state *s;
1199 s = qemu_mallocz(sizeof(mv88w8618_flashcfg_state));
1201 s->cfgr0 = 0xfffe4285; /* Default as set by U-Boot for 8 MB flash */
1202 iomemtype = cpu_register_io_memory(0, mv88w8618_flashcfg_readfn,
1203 mv88w8618_flashcfg_writefn, s);
1204 cpu_register_physical_memory(base, MP_FLASHCFG_SIZE, iomemtype);
1207 /* Misc register offsets */
1208 #define MP_MISC_BOARD_REVISION 0x18
1210 #define MP_BOARD_REVISION 0x31
1212 static uint32_t musicpal_misc_read(void *opaque, target_phys_addr_t offset)
1215 case MP_MISC_BOARD_REVISION:
1216 return MP_BOARD_REVISION;
1223 static void musicpal_misc_write(void *opaque, target_phys_addr_t offset,
1228 static CPUReadMemoryFunc *musicpal_misc_readfn[] = {
1234 static CPUWriteMemoryFunc *musicpal_misc_writefn[] = {
1235 musicpal_misc_write,
1236 musicpal_misc_write,
1237 musicpal_misc_write,
1240 static void musicpal_misc_init(void)
1244 iomemtype = cpu_register_io_memory(0, musicpal_misc_readfn,
1245 musicpal_misc_writefn, NULL);
1246 cpu_register_physical_memory(MP_MISC_BASE, MP_MISC_SIZE, iomemtype);
1249 /* WLAN register offsets */
1250 #define MP_WLAN_MAGIC1 0x11c
1251 #define MP_WLAN_MAGIC2 0x124
1253 static uint32_t mv88w8618_wlan_read(void *opaque, target_phys_addr_t offset)
1256 /* Workaround to allow loading the binary-only wlandrv.ko crap
1257 * from the original Freecom firmware. */
1258 case MP_WLAN_MAGIC1:
1260 case MP_WLAN_MAGIC2:
1268 static void mv88w8618_wlan_write(void *opaque, target_phys_addr_t offset,
1273 static CPUReadMemoryFunc *mv88w8618_wlan_readfn[] = {
1274 mv88w8618_wlan_read,
1275 mv88w8618_wlan_read,
1276 mv88w8618_wlan_read,
1279 static CPUWriteMemoryFunc *mv88w8618_wlan_writefn[] = {
1280 mv88w8618_wlan_write,
1281 mv88w8618_wlan_write,
1282 mv88w8618_wlan_write,
1285 static void mv88w8618_wlan_init(uint32_t base)
1289 iomemtype = cpu_register_io_memory(0, mv88w8618_wlan_readfn,
1290 mv88w8618_wlan_writefn, NULL);
1291 cpu_register_physical_memory(base, MP_WLAN_SIZE, iomemtype);
1294 /* GPIO register offsets */
1295 #define MP_GPIO_OE_LO 0x008
1296 #define MP_GPIO_OUT_LO 0x00c
1297 #define MP_GPIO_IN_LO 0x010
1298 #define MP_GPIO_ISR_LO 0x020
1299 #define MP_GPIO_OE_HI 0x508
1300 #define MP_GPIO_OUT_HI 0x50c
1301 #define MP_GPIO_IN_HI 0x510
1302 #define MP_GPIO_ISR_HI 0x520
1304 /* GPIO bits & masks */
1305 #define MP_GPIO_WHEEL_VOL (1 << 8)
1306 #define MP_GPIO_WHEEL_VOL_INV (1 << 9)
1307 #define MP_GPIO_WHEEL_NAV (1 << 10)
1308 #define MP_GPIO_WHEEL_NAV_INV (1 << 11)
1309 #define MP_GPIO_LCD_BRIGHTNESS 0x00070000
1310 #define MP_GPIO_BTN_FAVORITS (1 << 19)
1311 #define MP_GPIO_BTN_MENU (1 << 20)
1312 #define MP_GPIO_BTN_VOLUME (1 << 21)
1313 #define MP_GPIO_BTN_NAVIGATION (1 << 22)
1314 #define MP_GPIO_I2C_DATA_BIT 29
1315 #define MP_GPIO_I2C_DATA (1 << MP_GPIO_I2C_DATA_BIT)
1316 #define MP_GPIO_I2C_CLOCK_BIT 30
1318 /* LCD brightness bits in GPIO_OE_HI */
1319 #define MP_OE_LCD_BRIGHTNESS 0x0007
1321 static uint32_t musicpal_gpio_read(void *opaque, target_phys_addr_t offset)
1324 case MP_GPIO_OE_HI: /* used for LCD brightness control */
1325 return lcd_brightness & MP_OE_LCD_BRIGHTNESS;
1327 case MP_GPIO_OUT_LO:
1328 return gpio_out_state & 0xFFFF;
1329 case MP_GPIO_OUT_HI:
1330 return gpio_out_state >> 16;
1333 return gpio_in_state & 0xFFFF;
1335 /* Update received I2C data */
1336 gpio_in_state = (gpio_in_state & ~MP_GPIO_I2C_DATA) |
1337 (i2c_get_data(mixer_i2c) << MP_GPIO_I2C_DATA_BIT);
1338 return gpio_in_state >> 16;
1340 case MP_GPIO_ISR_LO:
1341 return gpio_isr & 0xFFFF;
1342 case MP_GPIO_ISR_HI:
1343 return gpio_isr >> 16;
1350 static void musicpal_gpio_write(void *opaque, target_phys_addr_t offset,
1354 case MP_GPIO_OE_HI: /* used for LCD brightness control */
1355 lcd_brightness = (lcd_brightness & MP_GPIO_LCD_BRIGHTNESS) |
1356 (value & MP_OE_LCD_BRIGHTNESS);
1359 case MP_GPIO_OUT_LO:
1360 gpio_out_state = (gpio_out_state & 0xFFFF0000) | (value & 0xFFFF);
1362 case MP_GPIO_OUT_HI:
1363 gpio_out_state = (gpio_out_state & 0xFFFF) | (value << 16);
1364 lcd_brightness = (lcd_brightness & 0xFFFF) |
1365 (gpio_out_state & MP_GPIO_LCD_BRIGHTNESS);
1366 i2c_state_update(mixer_i2c,
1367 (gpio_out_state >> MP_GPIO_I2C_DATA_BIT) & 1,
1368 (gpio_out_state >> MP_GPIO_I2C_CLOCK_BIT) & 1);
1374 static CPUReadMemoryFunc *musicpal_gpio_readfn[] = {
1380 static CPUWriteMemoryFunc *musicpal_gpio_writefn[] = {
1381 musicpal_gpio_write,
1382 musicpal_gpio_write,
1383 musicpal_gpio_write,
1386 static void musicpal_gpio_init(void)
1390 iomemtype = cpu_register_io_memory(0, musicpal_gpio_readfn,
1391 musicpal_gpio_writefn, NULL);
1392 cpu_register_physical_memory(MP_GPIO_BASE, MP_GPIO_SIZE, iomemtype);
1395 /* Keyboard codes & masks */
1396 #define KEY_RELEASED 0x80
1397 #define KEY_CODE 0x7f
1399 #define KEYCODE_TAB 0x0f
1400 #define KEYCODE_ENTER 0x1c
1401 #define KEYCODE_F 0x21
1402 #define KEYCODE_M 0x32
1404 #define KEYCODE_EXTENDED 0xe0
1405 #define KEYCODE_UP 0x48
1406 #define KEYCODE_DOWN 0x50
1407 #define KEYCODE_LEFT 0x4b
1408 #define KEYCODE_RIGHT 0x4d
1410 static void musicpal_key_event(void *opaque, int keycode)
1412 qemu_irq irq = opaque;
1414 static int kbd_extended;
1416 if (keycode == KEYCODE_EXTENDED) {
1422 switch (keycode & KEY_CODE) {
1424 event = MP_GPIO_WHEEL_NAV | MP_GPIO_WHEEL_NAV_INV;
1428 event = MP_GPIO_WHEEL_NAV;
1432 event = MP_GPIO_WHEEL_VOL | MP_GPIO_WHEEL_VOL_INV;
1436 event = MP_GPIO_WHEEL_VOL;
1440 switch (keycode & KEY_CODE) {
1442 event = MP_GPIO_BTN_FAVORITS;
1446 event = MP_GPIO_BTN_VOLUME;
1450 event = MP_GPIO_BTN_NAVIGATION;
1454 event = MP_GPIO_BTN_MENU;
1457 /* Do not repeat already pressed buttons */
1458 if (!(keycode & KEY_RELEASED) && !(gpio_in_state & event))
1463 if (keycode & KEY_RELEASED) {
1464 gpio_in_state |= event;
1466 gpio_in_state &= ~event;
1468 qemu_irq_raise(irq);
1475 static struct arm_boot_info musicpal_binfo = {
1476 .loader_start = 0x0,
1480 static void musicpal_init(ram_addr_t ram_size, int vga_ram_size,
1481 const char *boot_device,
1482 const char *kernel_filename, const char *kernel_cmdline,
1483 const char *initrd_filename, const char *cpu_model)
1488 unsigned long flash_size;
1491 cpu_model = "arm926";
1493 env = cpu_init(cpu_model);
1495 fprintf(stderr, "Unable to find CPU definition\n");
1498 pic = arm_pic_init_cpu(env);
1500 /* For now we use a fixed - the original - RAM size */
1501 cpu_register_physical_memory(0, MP_RAM_DEFAULT_SIZE,
1502 qemu_ram_alloc(MP_RAM_DEFAULT_SIZE));
1504 sram_off = qemu_ram_alloc(MP_SRAM_SIZE);
1505 cpu_register_physical_memory(MP_SRAM_BASE, MP_SRAM_SIZE, sram_off);
1507 pic = mv88w8618_pic_init(MP_PIC_BASE, pic[ARM_PIC_CPU_IRQ]);
1508 mv88w8618_pit_init(MP_PIT_BASE, pic, MP_TIMER1_IRQ);
1511 serial_mm_init(MP_UART1_BASE, 2, pic[MP_UART1_IRQ], 1825000,
1514 serial_mm_init(MP_UART2_BASE, 2, pic[MP_UART2_IRQ], 1825000,
1517 /* Register flash */
1518 index = drive_get_index(IF_PFLASH, 0, 0);
1520 flash_size = bdrv_getlength(drives_table[index].bdrv);
1521 if (flash_size != 8*1024*1024 && flash_size != 16*1024*1024 &&
1522 flash_size != 32*1024*1024) {
1523 fprintf(stderr, "Invalid flash image size\n");
1528 * The original U-Boot accesses the flash at 0xFE000000 instead of
1529 * 0xFF800000 (if there is 8 MB flash). So remap flash access if the
1530 * image is smaller than 32 MB.
1532 pflash_cfi02_register(0-MP_FLASH_SIZE_MAX, qemu_ram_alloc(flash_size),
1533 drives_table[index].bdrv, 0x10000,
1534 (flash_size + 0xffff) >> 16,
1535 MP_FLASH_SIZE_MAX / flash_size,
1536 2, 0x00BF, 0x236D, 0x0000, 0x0000,
1539 mv88w8618_flashcfg_init(MP_FLASHCFG_BASE);
1541 musicpal_lcd_init();
1543 qemu_add_kbd_event_handler(musicpal_key_event, pic[MP_GPIO_IRQ]);
1545 mv88w8618_eth_init(&nd_table[0], MP_ETH_BASE, pic[MP_ETH_IRQ]);
1547 mixer_i2c = musicpal_audio_init(pic[MP_AUDIO_IRQ]);
1549 mv88w8618_wlan_init(MP_WLAN_BASE);
1551 musicpal_misc_init();
1552 musicpal_gpio_init();
1554 musicpal_binfo.ram_size = MP_RAM_DEFAULT_SIZE;
1555 musicpal_binfo.kernel_filename = kernel_filename;
1556 musicpal_binfo.kernel_cmdline = kernel_cmdline;
1557 musicpal_binfo.initrd_filename = initrd_filename;
1558 arm_load_kernel(env, &musicpal_binfo);
1561 QEMUMachine musicpal_machine = {
1563 .desc = "Marvell 88w8618 / MusicPal (ARM926EJ-S)",
1564 .init = musicpal_init,
1565 .ram_require = MP_RAM_DEFAULT_SIZE + MP_SRAM_SIZE +
1566 MP_FLASH_SIZE_MAX + RAMSIZE_FIXED,
projects / qemu / blob