raspi.c (14161B)
1/* 2 * Raspberry Pi emulation (c) 2012 Gregory Estrade 3 * Upstreaming code cleanup [including bcm2835_*] (c) 2013 Jan Petrous 4 * 5 * Rasperry Pi 2 emulation Copyright (c) 2015, Microsoft 6 * Written by Andrew Baumann 7 * 8 * Raspberry Pi 3 emulation Copyright (c) 2018 Zoltán Baldaszti 9 * Upstream code cleanup (c) 2018 Pekka Enberg 10 * 11 * This work is licensed under the terms of the GNU GPL, version 2 or later. 12 * See the COPYING file in the top-level directory. 13 */ 14 15#include "qemu/osdep.h" 16#include "qemu/units.h" 17#include "qemu/cutils.h" 18#include "qapi/error.h" 19#include "hw/arm/bcm2836.h" 20#include "hw/registerfields.h" 21#include "qemu/error-report.h" 22#include "hw/boards.h" 23#include "hw/loader.h" 24#include "hw/arm/boot.h" 25#include "qom/object.h" 26 27#define SMPBOOT_ADDR 0x300 /* this should leave enough space for ATAGS */ 28#define MVBAR_ADDR 0x400 /* secure vectors */ 29#define BOARDSETUP_ADDR (MVBAR_ADDR + 0x20) /* board setup code */ 30#define FIRMWARE_ADDR_2 0x8000 /* Pi 2 loads kernel.img here by default */ 31#define FIRMWARE_ADDR_3 0x80000 /* Pi 3 loads kernel.img here by default */ 32#define SPINTABLE_ADDR 0xd8 /* Pi 3 bootloader spintable */ 33 34/* Registered machine type (matches RPi Foundation bootloader and U-Boot) */ 35#define MACH_TYPE_BCM2708 3138 36 37struct RaspiMachineState { 38 /*< private >*/ 39 MachineState parent_obj; 40 /*< public >*/ 41 BCM283XState soc; 42 struct arm_boot_info binfo; 43}; 44typedef struct RaspiMachineState RaspiMachineState; 45 46struct RaspiMachineClass { 47 /*< private >*/ 48 MachineClass parent_obj; 49 /*< public >*/ 50 uint32_t board_rev; 51}; 52typedef struct RaspiMachineClass RaspiMachineClass; 53 54#define TYPE_RASPI_MACHINE MACHINE_TYPE_NAME("raspi-common") 55DECLARE_OBJ_CHECKERS(RaspiMachineState, RaspiMachineClass, 56 RASPI_MACHINE, TYPE_RASPI_MACHINE) 57 58 59/* 60 * Board revision codes: 61 * www.raspberrypi.org/documentation/hardware/raspberrypi/revision-codes/ 62 */ 63FIELD(REV_CODE, REVISION, 0, 4); 64FIELD(REV_CODE, TYPE, 4, 8); 65FIELD(REV_CODE, PROCESSOR, 12, 4); 66FIELD(REV_CODE, MANUFACTURER, 16, 4); 67FIELD(REV_CODE, MEMORY_SIZE, 20, 3); 68FIELD(REV_CODE, STYLE, 23, 1); 69 70typedef enum RaspiProcessorId { 71 PROCESSOR_ID_BCM2835 = 0, 72 PROCESSOR_ID_BCM2836 = 1, 73 PROCESSOR_ID_BCM2837 = 2, 74} RaspiProcessorId; 75 76static const struct { 77 const char *type; 78 int cores_count; 79} soc_property[] = { 80 [PROCESSOR_ID_BCM2835] = {TYPE_BCM2835, 1}, 81 [PROCESSOR_ID_BCM2836] = {TYPE_BCM2836, BCM283X_NCPUS}, 82 [PROCESSOR_ID_BCM2837] = {TYPE_BCM2837, BCM283X_NCPUS}, 83}; 84 85static uint64_t board_ram_size(uint32_t board_rev) 86{ 87 assert(FIELD_EX32(board_rev, REV_CODE, STYLE)); /* Only new style */ 88 return 256 * MiB << FIELD_EX32(board_rev, REV_CODE, MEMORY_SIZE); 89} 90 91static RaspiProcessorId board_processor_id(uint32_t board_rev) 92{ 93 int proc_id = FIELD_EX32(board_rev, REV_CODE, PROCESSOR); 94 95 assert(FIELD_EX32(board_rev, REV_CODE, STYLE)); /* Only new style */ 96 assert(proc_id < ARRAY_SIZE(soc_property) && soc_property[proc_id].type); 97 98 return proc_id; 99} 100 101static const char *board_soc_type(uint32_t board_rev) 102{ 103 return soc_property[board_processor_id(board_rev)].type; 104} 105 106static int cores_count(uint32_t board_rev) 107{ 108 return soc_property[board_processor_id(board_rev)].cores_count; 109} 110 111static const char *board_type(uint32_t board_rev) 112{ 113 static const char *types[] = { 114 "A", "B", "A+", "B+", "2B", "Alpha", "CM1", NULL, "3B", "Zero", 115 "CM3", NULL, "Zero W", "3B+", "3A+", NULL, "CM3+", "4B", 116 }; 117 assert(FIELD_EX32(board_rev, REV_CODE, STYLE)); /* Only new style */ 118 int bt = FIELD_EX32(board_rev, REV_CODE, TYPE); 119 if (bt >= ARRAY_SIZE(types) || !types[bt]) { 120 return "Unknown"; 121 } 122 return types[bt]; 123} 124 125static void write_smpboot(ARMCPU *cpu, const struct arm_boot_info *info) 126{ 127 static const uint32_t smpboot[] = { 128 0xe1a0e00f, /* mov lr, pc */ 129 0xe3a0fe00 + (BOARDSETUP_ADDR >> 4), /* mov pc, BOARDSETUP_ADDR */ 130 0xee100fb0, /* mrc p15, 0, r0, c0, c0, 5;get core ID */ 131 0xe7e10050, /* ubfx r0, r0, #0, #2 ;extract LSB */ 132 0xe59f5014, /* ldr r5, =0x400000CC ;load mbox base */ 133 0xe320f001, /* 1: yield */ 134 0xe7953200, /* ldr r3, [r5, r0, lsl #4] ;read mbox for our core*/ 135 0xe3530000, /* cmp r3, #0 ;spin while zero */ 136 0x0afffffb, /* beq 1b */ 137 0xe7853200, /* str r3, [r5, r0, lsl #4] ;clear mbox */ 138 0xe12fff13, /* bx r3 ;jump to target */ 139 0x400000cc, /* (constant: mailbox 3 read/clear base) */ 140 }; 141 142 /* check that we don't overrun board setup vectors */ 143 QEMU_BUILD_BUG_ON(SMPBOOT_ADDR + sizeof(smpboot) > MVBAR_ADDR); 144 /* check that board setup address is correctly relocated */ 145 QEMU_BUILD_BUG_ON((BOARDSETUP_ADDR & 0xf) != 0 146 || (BOARDSETUP_ADDR >> 4) >= 0x100); 147 148 rom_add_blob_fixed_as("raspi_smpboot", smpboot, sizeof(smpboot), 149 info->smp_loader_start, 150 arm_boot_address_space(cpu, info)); 151} 152 153static void write_smpboot64(ARMCPU *cpu, const struct arm_boot_info *info) 154{ 155 AddressSpace *as = arm_boot_address_space(cpu, info); 156 /* Unlike the AArch32 version we don't need to call the board setup hook. 157 * The mechanism for doing the spin-table is also entirely different. 158 * We must have four 64-bit fields at absolute addresses 159 * 0xd8, 0xe0, 0xe8, 0xf0 in RAM, which are the flag variables for 160 * our CPUs, and which we must ensure are zero initialized before 161 * the primary CPU goes into the kernel. We put these variables inside 162 * a rom blob, so that the reset for ROM contents zeroes them for us. 163 */ 164 static const uint32_t smpboot[] = { 165 0xd2801b05, /* mov x5, 0xd8 */ 166 0xd53800a6, /* mrs x6, mpidr_el1 */ 167 0x924004c6, /* and x6, x6, #0x3 */ 168 0xd503205f, /* spin: wfe */ 169 0xf86678a4, /* ldr x4, [x5,x6,lsl #3] */ 170 0xb4ffffc4, /* cbz x4, spin */ 171 0xd2800000, /* mov x0, #0x0 */ 172 0xd2800001, /* mov x1, #0x0 */ 173 0xd2800002, /* mov x2, #0x0 */ 174 0xd2800003, /* mov x3, #0x0 */ 175 0xd61f0080, /* br x4 */ 176 }; 177 178 static const uint64_t spintables[] = { 179 0, 0, 0, 0 180 }; 181 182 rom_add_blob_fixed_as("raspi_smpboot", smpboot, sizeof(smpboot), 183 info->smp_loader_start, as); 184 rom_add_blob_fixed_as("raspi_spintables", spintables, sizeof(spintables), 185 SPINTABLE_ADDR, as); 186} 187 188static void write_board_setup(ARMCPU *cpu, const struct arm_boot_info *info) 189{ 190 arm_write_secure_board_setup_dummy_smc(cpu, info, MVBAR_ADDR); 191} 192 193static void reset_secondary(ARMCPU *cpu, const struct arm_boot_info *info) 194{ 195 CPUState *cs = CPU(cpu); 196 cpu_set_pc(cs, info->smp_loader_start); 197} 198 199static void setup_boot(MachineState *machine, RaspiProcessorId processor_id, 200 size_t ram_size) 201{ 202 RaspiMachineState *s = RASPI_MACHINE(machine); 203 int r; 204 205 s->binfo.board_id = MACH_TYPE_BCM2708; 206 s->binfo.ram_size = ram_size; 207 s->binfo.nb_cpus = machine->smp.cpus; 208 209 if (processor_id <= PROCESSOR_ID_BCM2836) { 210 /* 211 * The BCM2835 and BCM2836 require some custom setup code to run 212 * in Secure mode before booting a kernel (to set up the SMC vectors 213 * so that we get a no-op SMC; this is used by Linux to call the 214 * firmware for some cache maintenance operations. 215 * The BCM2837 doesn't need this. 216 */ 217 s->binfo.board_setup_addr = BOARDSETUP_ADDR; 218 s->binfo.write_board_setup = write_board_setup; 219 s->binfo.secure_board_setup = true; 220 s->binfo.secure_boot = true; 221 } 222 223 /* BCM2836 and BCM2837 requires SMP setup */ 224 if (processor_id >= PROCESSOR_ID_BCM2836) { 225 s->binfo.smp_loader_start = SMPBOOT_ADDR; 226 if (processor_id == PROCESSOR_ID_BCM2836) { 227 s->binfo.write_secondary_boot = write_smpboot; 228 } else { 229 s->binfo.write_secondary_boot = write_smpboot64; 230 } 231 s->binfo.secondary_cpu_reset_hook = reset_secondary; 232 } 233 234 /* If the user specified a "firmware" image (e.g. UEFI), we bypass 235 * the normal Linux boot process 236 */ 237 if (machine->firmware) { 238 hwaddr firmware_addr = processor_id <= PROCESSOR_ID_BCM2836 239 ? FIRMWARE_ADDR_2 : FIRMWARE_ADDR_3; 240 /* load the firmware image (typically kernel.img) */ 241 r = load_image_targphys(machine->firmware, firmware_addr, 242 ram_size - firmware_addr); 243 if (r < 0) { 244 error_report("Failed to load firmware from %s", machine->firmware); 245 exit(1); 246 } 247 248 s->binfo.entry = firmware_addr; 249 s->binfo.firmware_loaded = true; 250 } 251 252 arm_load_kernel(&s->soc.cpu[0].core, machine, &s->binfo); 253} 254 255static void raspi_machine_init(MachineState *machine) 256{ 257 RaspiMachineClass *mc = RASPI_MACHINE_GET_CLASS(machine); 258 RaspiMachineState *s = RASPI_MACHINE(machine); 259 uint32_t board_rev = mc->board_rev; 260 uint64_t ram_size = board_ram_size(board_rev); 261 uint32_t vcram_size; 262 DriveInfo *di; 263 BlockBackend *blk; 264 BusState *bus; 265 DeviceState *carddev; 266 267 if (machine->ram_size != ram_size) { 268 char *size_str = size_to_str(ram_size); 269 error_report("Invalid RAM size, should be %s", size_str); 270 g_free(size_str); 271 exit(1); 272 } 273 274 /* FIXME: Remove when we have custom CPU address space support */ 275 memory_region_add_subregion_overlap(get_system_memory(), 0, 276 machine->ram, 0); 277 278 /* Setup the SOC */ 279 object_initialize_child(OBJECT(machine), "soc", &s->soc, 280 board_soc_type(board_rev)); 281 object_property_add_const_link(OBJECT(&s->soc), "ram", OBJECT(machine->ram)); 282 object_property_set_int(OBJECT(&s->soc), "board-rev", board_rev, 283 &error_abort); 284 qdev_realize(DEVICE(&s->soc), NULL, &error_fatal); 285 286 /* Create and plug in the SD cards */ 287 di = drive_get_next(IF_SD); 288 blk = di ? blk_by_legacy_dinfo(di) : NULL; 289 bus = qdev_get_child_bus(DEVICE(&s->soc), "sd-bus"); 290 if (bus == NULL) { 291 error_report("No SD bus found in SOC object"); 292 exit(1); 293 } 294 carddev = qdev_new(TYPE_SD_CARD); 295 qdev_prop_set_drive_err(carddev, "drive", blk, &error_fatal); 296 qdev_realize_and_unref(carddev, bus, &error_fatal); 297 298 vcram_size = object_property_get_uint(OBJECT(&s->soc), "vcram-size", 299 &error_abort); 300 setup_boot(machine, board_processor_id(mc->board_rev), 301 machine->ram_size - vcram_size); 302} 303 304static void raspi_machine_class_common_init(MachineClass *mc, 305 uint32_t board_rev) 306{ 307 mc->desc = g_strdup_printf("Raspberry Pi %s (revision 1.%u)", 308 board_type(board_rev), 309 FIELD_EX32(board_rev, REV_CODE, REVISION)); 310 mc->init = raspi_machine_init; 311 mc->block_default_type = IF_SD; 312 mc->no_parallel = 1; 313 mc->no_floppy = 1; 314 mc->no_cdrom = 1; 315 mc->default_cpus = mc->min_cpus = mc->max_cpus = cores_count(board_rev); 316 mc->default_ram_size = board_ram_size(board_rev); 317 mc->default_ram_id = "ram"; 318}; 319 320static void raspi0_machine_class_init(ObjectClass *oc, void *data) 321{ 322 MachineClass *mc = MACHINE_CLASS(oc); 323 RaspiMachineClass *rmc = RASPI_MACHINE_CLASS(oc); 324 325 rmc->board_rev = 0x920092; /* Revision 1.2 */ 326 raspi_machine_class_common_init(mc, rmc->board_rev); 327}; 328 329static void raspi1ap_machine_class_init(ObjectClass *oc, void *data) 330{ 331 MachineClass *mc = MACHINE_CLASS(oc); 332 RaspiMachineClass *rmc = RASPI_MACHINE_CLASS(oc); 333 334 rmc->board_rev = 0x900021; /* Revision 1.1 */ 335 raspi_machine_class_common_init(mc, rmc->board_rev); 336}; 337 338static void raspi2b_machine_class_init(ObjectClass *oc, void *data) 339{ 340 MachineClass *mc = MACHINE_CLASS(oc); 341 RaspiMachineClass *rmc = RASPI_MACHINE_CLASS(oc); 342 343 rmc->board_rev = 0xa21041; 344 raspi_machine_class_common_init(mc, rmc->board_rev); 345}; 346 347#ifdef TARGET_AARCH64 348static void raspi3ap_machine_class_init(ObjectClass *oc, void *data) 349{ 350 MachineClass *mc = MACHINE_CLASS(oc); 351 RaspiMachineClass *rmc = RASPI_MACHINE_CLASS(oc); 352 353 rmc->board_rev = 0x9020e0; /* Revision 1.0 */ 354 raspi_machine_class_common_init(mc, rmc->board_rev); 355}; 356 357static void raspi3b_machine_class_init(ObjectClass *oc, void *data) 358{ 359 MachineClass *mc = MACHINE_CLASS(oc); 360 RaspiMachineClass *rmc = RASPI_MACHINE_CLASS(oc); 361 362 rmc->board_rev = 0xa02082; 363 raspi_machine_class_common_init(mc, rmc->board_rev); 364}; 365#endif /* TARGET_AARCH64 */ 366 367static const TypeInfo raspi_machine_types[] = { 368 { 369 .name = MACHINE_TYPE_NAME("raspi0"), 370 .parent = TYPE_RASPI_MACHINE, 371 .class_init = raspi0_machine_class_init, 372 }, { 373 .name = MACHINE_TYPE_NAME("raspi1ap"), 374 .parent = TYPE_RASPI_MACHINE, 375 .class_init = raspi1ap_machine_class_init, 376 }, { 377 .name = MACHINE_TYPE_NAME("raspi2b"), 378 .parent = TYPE_RASPI_MACHINE, 379 .class_init = raspi2b_machine_class_init, 380#ifdef TARGET_AARCH64 381 }, { 382 .name = MACHINE_TYPE_NAME("raspi3ap"), 383 .parent = TYPE_RASPI_MACHINE, 384 .class_init = raspi3ap_machine_class_init, 385 }, { 386 .name = MACHINE_TYPE_NAME("raspi3b"), 387 .parent = TYPE_RASPI_MACHINE, 388 .class_init = raspi3b_machine_class_init, 389#endif 390 }, { 391 .name = TYPE_RASPI_MACHINE, 392 .parent = TYPE_MACHINE, 393 .instance_size = sizeof(RaspiMachineState), 394 .class_size = sizeof(RaspiMachineClass), 395 .abstract = true, 396 } 397}; 398 399DEFINE_TYPES(raspi_machine_types)