sam460ex.c (17261B)
1/* 2 * QEMU aCube Sam460ex board emulation 3 * 4 * Copyright (c) 2012 François Revol 5 * Copyright (c) 2016-2019 BALATON Zoltan 6 * 7 * This file is derived from hw/ppc440_bamboo.c, 8 * the copyright for that material belongs to the original owners. 9 * 10 * This work is licensed under the GNU GPL license version 2 or later. 11 * 12 */ 13 14#include "qemu/osdep.h" 15#include "qemu/units.h" 16#include "qemu-common.h" 17#include "qemu/datadir.h" 18#include "qemu/error-report.h" 19#include "qapi/error.h" 20#include "hw/boards.h" 21#include "sysemu/kvm.h" 22#include "kvm_ppc.h" 23#include "sysemu/device_tree.h" 24#include "sysemu/block-backend.h" 25#include "hw/loader.h" 26#include "elf.h" 27#include "exec/memory.h" 28#include "ppc440.h" 29#include "ppc405.h" 30#include "hw/block/flash.h" 31#include "sysemu/sysemu.h" 32#include "sysemu/reset.h" 33#include "hw/sysbus.h" 34#include "hw/char/serial.h" 35#include "hw/i2c/ppc4xx_i2c.h" 36#include "hw/i2c/smbus_eeprom.h" 37#include "hw/usb/hcd-ehci.h" 38#include "hw/ppc/fdt.h" 39#include "hw/qdev-properties.h" 40#include "hw/intc/ppc-uic.h" 41 42#include <libfdt.h> 43 44#define BINARY_DEVICE_TREE_FILE "canyonlands.dtb" 45#define UBOOT_FILENAME "u-boot-sam460-20100605.bin" 46/* to extract the official U-Boot bin from the updater: */ 47/* dd bs=1 skip=$(($(stat -c '%s' updater/updater-460) - 0x80000)) \ 48 if=updater/updater-460 of=u-boot-sam460-20100605.bin */ 49 50/* from Sam460 U-Boot include/configs/Sam460ex.h */ 51#define FLASH_BASE 0xfff00000 52#define FLASH_BASE_H 0x4 53#define FLASH_SIZE (1 * MiB) 54#define UBOOT_LOAD_BASE 0xfff80000 55#define UBOOT_SIZE 0x00080000 56#define UBOOT_ENTRY 0xfffffffc 57 58/* from U-Boot */ 59#define EPAPR_MAGIC (0x45504150) 60#define KERNEL_ADDR 0x1000000 61#define FDT_ADDR 0x1800000 62#define RAMDISK_ADDR 0x1900000 63 64/* Sam460ex IRQ MAP: 65 IRQ0 = ETH_INT 66 IRQ1 = FPGA_INT 67 IRQ2 = PCI_INT (PCIA, PCIB, PCIC, PCIB) 68 IRQ3 = FPGA_INT2 69 IRQ11 = RTC_INT 70 IRQ12 = SM502_INT 71*/ 72 73#define CPU_FREQ 1150000000 74#define PLB_FREQ 230000000 75#define OPB_FREQ 115000000 76#define EBC_FREQ 115000000 77#define UART_FREQ 11059200 78#define SDRAM_NR_BANKS 4 79 80/* The SoC could also handle 4 GiB but firmware does not work with that. */ 81/* Maybe it overflows a signed 32 bit number somewhere? */ 82static const ram_addr_t ppc460ex_sdram_bank_sizes[] = { 83 2 * GiB, 1 * GiB, 512 * MiB, 256 * MiB, 128 * MiB, 64 * MiB, 84 32 * MiB, 0 85}; 86 87struct boot_info { 88 uint32_t dt_base; 89 uint32_t dt_size; 90 uint32_t entry; 91}; 92 93static int sam460ex_load_uboot(void) 94{ 95 /* 96 * This first creates 1MiB of flash memory mapped at the end of 97 * the 32-bit address space (0xFFF00000..0xFFFFFFFF). 98 * 99 * If_PFLASH unit 0 is defined, the flash memory is initialized 100 * from that block backend. 101 * 102 * Else, it's initialized to zero. And then 512KiB of ROM get 103 * mapped on top of its second half (0xFFF80000..0xFFFFFFFF), 104 * initialized from u-boot-sam460-20100605.bin. 105 * 106 * This doesn't smell right. 107 * 108 * The physical hardware appears to have 512KiB flash memory. 109 * 110 * TODO Figure out what we really need here, and clean this up. 111 */ 112 113 DriveInfo *dinfo; 114 115 dinfo = drive_get(IF_PFLASH, 0, 0); 116 if (!pflash_cfi01_register(FLASH_BASE | ((hwaddr)FLASH_BASE_H << 32), 117 "sam460ex.flash", FLASH_SIZE, 118 dinfo ? blk_by_legacy_dinfo(dinfo) : NULL, 119 64 * KiB, 1, 0x89, 0x18, 0x0000, 0x0, 1)) { 120 error_report("Error registering flash memory"); 121 /* XXX: return an error instead? */ 122 exit(1); 123 } 124 125 if (!dinfo) { 126 /*error_report("No flash image given with the 'pflash' parameter," 127 " using default u-boot image");*/ 128 rom_add_file_fixed(UBOOT_FILENAME, 129 UBOOT_LOAD_BASE | ((hwaddr)FLASH_BASE_H << 32), 130 -1); 131 } 132 133 return 0; 134} 135 136static int sam460ex_load_device_tree(hwaddr addr, 137 uint32_t ramsize, 138 hwaddr initrd_base, 139 hwaddr initrd_size, 140 const char *kernel_cmdline) 141{ 142 uint32_t mem_reg_property[] = { 0, 0, cpu_to_be32(ramsize) }; 143 char *filename; 144 int fdt_size; 145 void *fdt; 146 uint32_t tb_freq = CPU_FREQ; 147 uint32_t clock_freq = CPU_FREQ; 148 int offset; 149 150 filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, BINARY_DEVICE_TREE_FILE); 151 if (!filename) { 152 error_report("Couldn't find dtb file `%s'", BINARY_DEVICE_TREE_FILE); 153 exit(1); 154 } 155 fdt = load_device_tree(filename, &fdt_size); 156 if (!fdt) { 157 error_report("Couldn't load dtb file `%s'", filename); 158 g_free(filename); 159 exit(1); 160 } 161 g_free(filename); 162 163 /* Manipulate device tree in memory. */ 164 165 qemu_fdt_setprop(fdt, "/memory", "reg", mem_reg_property, 166 sizeof(mem_reg_property)); 167 168 /* default FDT doesn't have a /chosen node... */ 169 qemu_fdt_add_subnode(fdt, "/chosen"); 170 171 qemu_fdt_setprop_cell(fdt, "/chosen", "linux,initrd-start", initrd_base); 172 173 qemu_fdt_setprop_cell(fdt, "/chosen", "linux,initrd-end", 174 (initrd_base + initrd_size)); 175 176 qemu_fdt_setprop_string(fdt, "/chosen", "bootargs", kernel_cmdline); 177 178 /* Copy data from the host device tree into the guest. Since the guest can 179 * directly access the timebase without host involvement, we must expose 180 * the correct frequencies. */ 181 if (kvm_enabled()) { 182 tb_freq = kvmppc_get_tbfreq(); 183 clock_freq = kvmppc_get_clockfreq(); 184 } 185 186 qemu_fdt_setprop_cell(fdt, "/cpus/cpu@0", "clock-frequency", 187 clock_freq); 188 qemu_fdt_setprop_cell(fdt, "/cpus/cpu@0", "timebase-frequency", 189 tb_freq); 190 191 /* Remove cpm node if it exists (it is not emulated) */ 192 offset = fdt_path_offset(fdt, "/cpm"); 193 if (offset >= 0) { 194 _FDT(fdt_nop_node(fdt, offset)); 195 } 196 197 /* set serial port clocks */ 198 offset = fdt_node_offset_by_compatible(fdt, -1, "ns16550"); 199 while (offset >= 0) { 200 _FDT(fdt_setprop_cell(fdt, offset, "clock-frequency", UART_FREQ)); 201 offset = fdt_node_offset_by_compatible(fdt, offset, "ns16550"); 202 } 203 204 /* some more clocks */ 205 qemu_fdt_setprop_cell(fdt, "/plb", "clock-frequency", 206 PLB_FREQ); 207 qemu_fdt_setprop_cell(fdt, "/plb/opb", "clock-frequency", 208 OPB_FREQ); 209 qemu_fdt_setprop_cell(fdt, "/plb/opb/ebc", "clock-frequency", 210 EBC_FREQ); 211 212 rom_add_blob_fixed(BINARY_DEVICE_TREE_FILE, fdt, fdt_size, addr); 213 g_free(fdt); 214 215 return fdt_size; 216} 217 218/* Create reset TLB entries for BookE, mapping only the flash memory. */ 219static void mmubooke_create_initial_mapping_uboot(CPUPPCState *env) 220{ 221 ppcemb_tlb_t *tlb = &env->tlb.tlbe[0]; 222 223 /* on reset the flash is mapped by a shadow TLB, 224 * but since we don't implement them we need to use 225 * the same values U-Boot will use to avoid a fault. 226 */ 227 tlb->attr = 0; 228 tlb->prot = PAGE_VALID | ((PAGE_READ | PAGE_WRITE | PAGE_EXEC) << 4); 229 tlb->size = 0x10000000; /* up to 0xffffffff */ 230 tlb->EPN = 0xf0000000 & TARGET_PAGE_MASK; 231 tlb->RPN = (0xf0000000 & TARGET_PAGE_MASK) | 0x4; 232 tlb->PID = 0; 233} 234 235/* Create reset TLB entries for BookE, spanning the 32bit addr space. */ 236static void mmubooke_create_initial_mapping(CPUPPCState *env, 237 target_ulong va, 238 hwaddr pa) 239{ 240 ppcemb_tlb_t *tlb = &env->tlb.tlbe[0]; 241 242 tlb->attr = 0; 243 tlb->prot = PAGE_VALID | ((PAGE_READ | PAGE_WRITE | PAGE_EXEC) << 4); 244 tlb->size = 1 << 31; /* up to 0x80000000 */ 245 tlb->EPN = va & TARGET_PAGE_MASK; 246 tlb->RPN = pa & TARGET_PAGE_MASK; 247 tlb->PID = 0; 248} 249 250static void main_cpu_reset(void *opaque) 251{ 252 PowerPCCPU *cpu = opaque; 253 CPUPPCState *env = &cpu->env; 254 struct boot_info *bi = env->load_info; 255 256 cpu_reset(CPU(cpu)); 257 258 /* either we have a kernel to boot or we jump to U-Boot */ 259 if (bi->entry != UBOOT_ENTRY) { 260 env->gpr[1] = (16 * MiB) - 8; 261 env->gpr[3] = FDT_ADDR; 262 env->nip = bi->entry; 263 264 /* Create a mapping for the kernel. */ 265 mmubooke_create_initial_mapping(env, 0, 0); 266 env->gpr[6] = tswap32(EPAPR_MAGIC); 267 env->gpr[7] = (16 * MiB) - 8; /* bi->ima_size; */ 268 269 } else { 270 env->nip = UBOOT_ENTRY; 271 mmubooke_create_initial_mapping_uboot(env); 272 } 273} 274 275static void sam460ex_init(MachineState *machine) 276{ 277 MemoryRegion *address_space_mem = get_system_memory(); 278 MemoryRegion *isa = g_new(MemoryRegion, 1); 279 MemoryRegion *ram_memories = g_new(MemoryRegion, SDRAM_NR_BANKS); 280 hwaddr ram_bases[SDRAM_NR_BANKS] = {0}; 281 hwaddr ram_sizes[SDRAM_NR_BANKS] = {0}; 282 MemoryRegion *l2cache_ram = g_new(MemoryRegion, 1); 283 DeviceState *uic[4]; 284 qemu_irq mal_irqs[4]; 285 int i; 286 PCIBus *pci_bus; 287 PowerPCCPU *cpu; 288 CPUPPCState *env; 289 I2CBus *i2c; 290 hwaddr entry = UBOOT_ENTRY; 291 target_long initrd_size = 0; 292 DeviceState *dev; 293 SysBusDevice *sbdev; 294 struct boot_info *boot_info; 295 uint8_t *spd_data; 296 int success; 297 298 cpu = POWERPC_CPU(cpu_create(machine->cpu_type)); 299 env = &cpu->env; 300 if (env->mmu_model != POWERPC_MMU_BOOKE) { 301 error_report("Only MMU model BookE is supported by this machine."); 302 exit(1); 303 } 304 305 qemu_register_reset(main_cpu_reset, cpu); 306 boot_info = g_malloc0(sizeof(*boot_info)); 307 env->load_info = boot_info; 308 309 ppc_booke_timers_init(cpu, CPU_FREQ, 0); 310 ppc_dcr_init(env, NULL, NULL); 311 312 /* PLB arbitrer */ 313 ppc4xx_plb_init(env); 314 315 /* interrupt controllers */ 316 for (i = 0; i < ARRAY_SIZE(uic); i++) { 317 SysBusDevice *sbd; 318 /* 319 * UICs 1, 2 and 3 are cascaded through UIC 0. 320 * input_ints[n] is the interrupt number on UIC 0 which 321 * the INT output of UIC n is connected to. The CINT output 322 * of UIC n connects to input_ints[n] + 1. 323 * The entry in input_ints[] for UIC 0 is ignored, because UIC 0's 324 * INT and CINT outputs are connected to the CPU. 325 */ 326 const int input_ints[] = { -1, 30, 10, 16 }; 327 328 uic[i] = qdev_new(TYPE_PPC_UIC); 329 sbd = SYS_BUS_DEVICE(uic[i]); 330 331 qdev_prop_set_uint32(uic[i], "dcr-base", 0xc0 + i * 0x10); 332 object_property_set_link(OBJECT(uic[i]), "cpu", OBJECT(cpu), 333 &error_fatal); 334 sysbus_realize_and_unref(sbd, &error_fatal); 335 336 if (i == 0) { 337 sysbus_connect_irq(sbd, PPCUIC_OUTPUT_INT, 338 ((qemu_irq *)env->irq_inputs)[PPC40x_INPUT_INT]); 339 sysbus_connect_irq(sbd, PPCUIC_OUTPUT_CINT, 340 ((qemu_irq *)env->irq_inputs)[PPC40x_INPUT_CINT]); 341 } else { 342 sysbus_connect_irq(sbd, PPCUIC_OUTPUT_INT, 343 qdev_get_gpio_in(uic[0], input_ints[i])); 344 sysbus_connect_irq(sbd, PPCUIC_OUTPUT_CINT, 345 qdev_get_gpio_in(uic[0], input_ints[i] + 1)); 346 } 347 } 348 349 /* SDRAM controller */ 350 /* put all RAM on first bank because board has one slot 351 * and firmware only checks that */ 352 ppc4xx_sdram_banks(machine->ram, 1, ram_memories, ram_bases, ram_sizes, 353 ppc460ex_sdram_bank_sizes); 354 355 /* FIXME: does 460EX have ECC interrupts? */ 356 ppc440_sdram_init(env, SDRAM_NR_BANKS, ram_memories, 357 ram_bases, ram_sizes, 1); 358 359 /* IIC controllers and devices */ 360 dev = sysbus_create_simple(TYPE_PPC4xx_I2C, 0x4ef600700, 361 qdev_get_gpio_in(uic[0], 2)); 362 i2c = PPC4xx_I2C(dev)->bus; 363 /* SPD EEPROM on RAM module */ 364 spd_data = spd_data_generate(ram_sizes[0] < 128 * MiB ? DDR : DDR2, 365 ram_sizes[0]); 366 spd_data[20] = 4; /* SO-DIMM module */ 367 smbus_eeprom_init_one(i2c, 0x50, spd_data); 368 /* RTC */ 369 i2c_slave_create_simple(i2c, "m41t80", 0x68); 370 371 dev = sysbus_create_simple(TYPE_PPC4xx_I2C, 0x4ef600800, 372 qdev_get_gpio_in(uic[0], 3)); 373 374 /* External bus controller */ 375 ppc405_ebc_init(env); 376 377 /* CPR */ 378 ppc4xx_cpr_init(env); 379 380 /* PLB to AHB bridge */ 381 ppc4xx_ahb_init(env); 382 383 /* System DCRs */ 384 ppc4xx_sdr_init(env); 385 386 /* MAL */ 387 for (i = 0; i < ARRAY_SIZE(mal_irqs); i++) { 388 mal_irqs[0] = qdev_get_gpio_in(uic[2], 3 + i); 389 } 390 ppc4xx_mal_init(env, 4, 16, mal_irqs); 391 392 /* DMA */ 393 ppc4xx_dma_init(env, 0x200); 394 395 /* 256K of L2 cache as memory */ 396 ppc4xx_l2sram_init(env); 397 /* FIXME: remove this after fixing l2sram mapping in ppc440_uc.c? */ 398 memory_region_init_ram(l2cache_ram, NULL, "ppc440.l2cache_ram", 256 * KiB, 399 &error_abort); 400 memory_region_add_subregion(address_space_mem, 0x400000000LL, l2cache_ram); 401 402 /* USB */ 403 sysbus_create_simple(TYPE_PPC4xx_EHCI, 0x4bffd0400, 404 qdev_get_gpio_in(uic[2], 29)); 405 dev = qdev_new("sysbus-ohci"); 406 qdev_prop_set_string(dev, "masterbus", "usb-bus.0"); 407 qdev_prop_set_uint32(dev, "num-ports", 6); 408 sbdev = SYS_BUS_DEVICE(dev); 409 sysbus_realize_and_unref(sbdev, &error_fatal); 410 sysbus_mmio_map(sbdev, 0, 0x4bffd0000); 411 sysbus_connect_irq(sbdev, 0, qdev_get_gpio_in(uic[2], 30)); 412 usb_create_simple(usb_bus_find(-1), "usb-kbd"); 413 usb_create_simple(usb_bus_find(-1), "usb-mouse"); 414 415 /* PCI bus */ 416 ppc460ex_pcie_init(env); 417 /* All PCI irqs are connected to the same UIC pin (cf. UBoot source) */ 418 dev = sysbus_create_simple("ppc440-pcix-host", 0xc0ec00000, 419 qdev_get_gpio_in(uic[1], 0)); 420 pci_bus = PCI_BUS(qdev_get_child_bus(dev, "pci.0")); 421 422 memory_region_init_alias(isa, NULL, "isa_mmio", get_system_io(), 423 0, 0x10000); 424 memory_region_add_subregion(get_system_memory(), 0xc08000000, isa); 425 426 /* PCI devices */ 427 pci_create_simple(pci_bus, PCI_DEVFN(6, 0), "sm501"); 428 /* SoC has a single SATA port but we don't emulate that yet 429 * However, firmware and usual clients have driver for SiI311x 430 * so add one for convenience by default */ 431 if (defaults_enabled()) { 432 pci_create_simple(pci_bus, -1, "sii3112"); 433 } 434 435 /* SoC has 4 UARTs 436 * but board has only one wired and two are present in fdt */ 437 if (serial_hd(0) != NULL) { 438 serial_mm_init(address_space_mem, 0x4ef600300, 0, 439 qdev_get_gpio_in(uic[1], 1), 440 PPC_SERIAL_MM_BAUDBASE, serial_hd(0), 441 DEVICE_BIG_ENDIAN); 442 } 443 if (serial_hd(1) != NULL) { 444 serial_mm_init(address_space_mem, 0x4ef600400, 0, 445 qdev_get_gpio_in(uic[0], 1), 446 PPC_SERIAL_MM_BAUDBASE, serial_hd(1), 447 DEVICE_BIG_ENDIAN); 448 } 449 450 /* Load U-Boot image. */ 451 if (!machine->kernel_filename) { 452 success = sam460ex_load_uboot(); 453 if (success < 0) { 454 error_report("could not load firmware"); 455 exit(1); 456 } 457 } 458 459 /* Load kernel. */ 460 if (machine->kernel_filename) { 461 hwaddr loadaddr = LOAD_UIMAGE_LOADADDR_INVALID; 462 success = load_uimage(machine->kernel_filename, &entry, &loadaddr, 463 NULL, NULL, NULL); 464 if (success < 0) { 465 uint64_t elf_entry; 466 467 success = load_elf(machine->kernel_filename, NULL, NULL, NULL, 468 &elf_entry, NULL, NULL, NULL, 469 1, PPC_ELF_MACHINE, 0, 0); 470 entry = elf_entry; 471 } 472 /* XXX try again as binary */ 473 if (success < 0) { 474 error_report("could not load kernel '%s'", 475 machine->kernel_filename); 476 exit(1); 477 } 478 } 479 480 /* Load initrd. */ 481 if (machine->initrd_filename) { 482 initrd_size = load_image_targphys(machine->initrd_filename, 483 RAMDISK_ADDR, 484 machine->ram_size - RAMDISK_ADDR); 485 if (initrd_size < 0) { 486 error_report("could not load ram disk '%s' at %x", 487 machine->initrd_filename, RAMDISK_ADDR); 488 exit(1); 489 } 490 } 491 492 /* If we're loading a kernel directly, we must load the device tree too. */ 493 if (machine->kernel_filename) { 494 int dt_size; 495 496 dt_size = sam460ex_load_device_tree(FDT_ADDR, machine->ram_size, 497 RAMDISK_ADDR, initrd_size, 498 machine->kernel_cmdline); 499 500 boot_info->dt_base = FDT_ADDR; 501 boot_info->dt_size = dt_size; 502 } 503 504 boot_info->entry = entry; 505} 506 507static void sam460ex_machine_init(MachineClass *mc) 508{ 509 mc->desc = "aCube Sam460ex"; 510 mc->init = sam460ex_init; 511 mc->default_cpu_type = POWERPC_CPU_TYPE_NAME("460exb"); 512 mc->default_ram_size = 512 * MiB; 513 mc->default_ram_id = "ppc4xx.sdram"; 514} 515 516DEFINE_MACHINE("sam460ex", sam460ex_machine_init)