usb: fix use after free
[qemu.git] / hw / mips_jazz.c
blobf3c9f9320427cf13ccf1403cdd2f4de49776c2a8
1 /*
2 * QEMU MIPS Jazz support
4 * Copyright (c) 2007-2008 Hervé Poussineau
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
25 #include "hw.h"
26 #include "mips.h"
27 #include "mips_cpudevs.h"
28 #include "pc.h"
29 #include "isa.h"
30 #include "fdc.h"
31 #include "sysemu.h"
32 #include "arch_init.h"
33 #include "boards.h"
34 #include "net.h"
35 #include "esp.h"
36 #include "mips-bios.h"
37 #include "loader.h"
38 #include "mc146818rtc.h"
39 #include "blockdev.h"
40 #include "sysbus.h"
41 #include "exec-memory.h"
43 enum jazz_model_e
45 JAZZ_MAGNUM,
46 JAZZ_PICA61,
49 static void main_cpu_reset(void *opaque)
51 CPUState *env = opaque;
52 cpu_reset(env);
55 static uint32_t rtc_readb(void *opaque, target_phys_addr_t addr)
57 return cpu_inw(0x71);
60 static void rtc_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
62 cpu_outw(0x71, val & 0xff);
65 static CPUReadMemoryFunc * const rtc_read[3] = {
66 rtc_readb,
67 rtc_readb,
68 rtc_readb,
71 static CPUWriteMemoryFunc * const rtc_write[3] = {
72 rtc_writeb,
73 rtc_writeb,
74 rtc_writeb,
77 static void dma_dummy_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
79 /* Nothing to do. That is only to ensure that
80 * the current DMA acknowledge cycle is completed. */
83 static CPUReadMemoryFunc * const dma_dummy_read[3] = {
84 NULL,
85 NULL,
86 NULL,
89 static CPUWriteMemoryFunc * const dma_dummy_write[3] = {
90 dma_dummy_writeb,
91 dma_dummy_writeb,
92 dma_dummy_writeb,
95 #define MAGNUM_BIOS_SIZE_MAX 0x7e000
96 #define MAGNUM_BIOS_SIZE (BIOS_SIZE < MAGNUM_BIOS_SIZE_MAX ? BIOS_SIZE : MAGNUM_BIOS_SIZE_MAX)
98 static void cpu_request_exit(void *opaque, int irq, int level)
100 CPUState *env = cpu_single_env;
102 if (env && level) {
103 cpu_exit(env);
107 static
108 void mips_jazz_init (ram_addr_t ram_size,
109 const char *cpu_model,
110 enum jazz_model_e jazz_model)
112 char *filename;
113 int bios_size, n;
114 CPUState *env;
115 qemu_irq *rc4030, *i8259;
116 rc4030_dma *dmas;
117 void* rc4030_opaque;
118 int s_rtc, s_dma_dummy;
119 NICInfo *nd;
120 DeviceState *dev;
121 SysBusDevice *sysbus;
122 ISADevice *pit;
123 DriveInfo *fds[MAX_FD];
124 qemu_irq esp_reset, dma_enable;
125 qemu_irq *cpu_exit_irq;
126 ram_addr_t ram_offset;
127 ram_addr_t bios_offset;
129 /* init CPUs */
130 if (cpu_model == NULL) {
131 #ifdef TARGET_MIPS64
132 cpu_model = "R4000";
133 #else
134 /* FIXME: All wrong, this maybe should be R3000 for the older JAZZs. */
135 cpu_model = "24Kf";
136 #endif
138 env = cpu_init(cpu_model);
139 if (!env) {
140 fprintf(stderr, "Unable to find CPU definition\n");
141 exit(1);
143 qemu_register_reset(main_cpu_reset, env);
145 /* allocate RAM */
146 ram_offset = qemu_ram_alloc(NULL, "mips_jazz.ram", ram_size);
147 cpu_register_physical_memory(0, ram_size, ram_offset | IO_MEM_RAM);
149 bios_offset = qemu_ram_alloc(NULL, "mips_jazz.bios", MAGNUM_BIOS_SIZE);
150 cpu_register_physical_memory(0x1fc00000LL,
151 MAGNUM_BIOS_SIZE, bios_offset | IO_MEM_ROM);
152 cpu_register_physical_memory(0xfff00000LL,
153 MAGNUM_BIOS_SIZE, bios_offset | IO_MEM_ROM);
155 /* load the BIOS image. */
156 if (bios_name == NULL)
157 bios_name = BIOS_FILENAME;
158 filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
159 if (filename) {
160 bios_size = load_image_targphys(filename, 0xfff00000LL,
161 MAGNUM_BIOS_SIZE);
162 g_free(filename);
163 } else {
164 bios_size = -1;
166 if (bios_size < 0 || bios_size > MAGNUM_BIOS_SIZE) {
167 fprintf(stderr, "qemu: Could not load MIPS bios '%s'\n",
168 bios_name);
169 exit(1);
172 /* Init CPU internal devices */
173 cpu_mips_irq_init_cpu(env);
174 cpu_mips_clock_init(env);
176 /* Chipset */
177 rc4030_opaque = rc4030_init(env->irq[6], env->irq[3], &rc4030, &dmas);
178 s_dma_dummy = cpu_register_io_memory(dma_dummy_read, dma_dummy_write, NULL,
179 DEVICE_NATIVE_ENDIAN);
180 cpu_register_physical_memory(0x8000d000, 0x00001000, s_dma_dummy);
182 /* ISA devices */
183 i8259 = i8259_init(env->irq[4]);
184 isa_bus_new(NULL);
185 isa_bus_irqs(i8259);
186 cpu_exit_irq = qemu_allocate_irqs(cpu_request_exit, NULL, 1);
187 DMA_init(0, cpu_exit_irq);
188 pit = pit_init(0x40, 0);
189 pcspk_init(pit);
191 /* ISA IO space at 0x90000000 */
192 isa_mmio_init(0x90000000, 0x01000000);
193 isa_mem_base = 0x11000000;
195 /* Video card */
196 switch (jazz_model) {
197 case JAZZ_MAGNUM:
198 dev = qdev_create(NULL, "sysbus-g364");
199 qdev_init_nofail(dev);
200 sysbus = sysbus_from_qdev(dev);
201 sysbus_mmio_map(sysbus, 0, 0x60080000);
202 sysbus_mmio_map(sysbus, 1, 0x40000000);
203 sysbus_connect_irq(sysbus, 0, rc4030[3]);
205 /* Simple ROM, so user doesn't have to provide one */
206 ram_addr_t rom_offset = qemu_ram_alloc(NULL, "g364fb.rom", 0x80000);
207 uint8_t *rom = qemu_get_ram_ptr(rom_offset);
208 cpu_register_physical_memory(0x60000000, 0x80000,
209 rom_offset | IO_MEM_ROM);
210 rom[0] = 0x10; /* Mips G364 */
212 break;
213 case JAZZ_PICA61:
214 isa_vga_mm_init(0x40000000, 0x60000000, 0, get_system_memory());
215 break;
216 default:
217 break;
220 /* Network controller */
221 for (n = 0; n < nb_nics; n++) {
222 nd = &nd_table[n];
223 if (!nd->model)
224 nd->model = g_strdup("dp83932");
225 if (strcmp(nd->model, "dp83932") == 0) {
226 dp83932_init(nd, 0x80001000, 2, rc4030[4],
227 rc4030_opaque, rc4030_dma_memory_rw);
228 break;
229 } else if (strcmp(nd->model, "?") == 0) {
230 fprintf(stderr, "qemu: Supported NICs: dp83932\n");
231 exit(1);
232 } else {
233 fprintf(stderr, "qemu: Unsupported NIC: %s\n", nd->model);
234 exit(1);
238 /* SCSI adapter */
239 esp_init(0x80002000, 0,
240 rc4030_dma_read, rc4030_dma_write, dmas[0],
241 rc4030[5], &esp_reset, &dma_enable);
243 /* Floppy */
244 if (drive_get_max_bus(IF_FLOPPY) >= MAX_FD) {
245 fprintf(stderr, "qemu: too many floppy drives\n");
246 exit(1);
248 for (n = 0; n < MAX_FD; n++) {
249 fds[n] = drive_get(IF_FLOPPY, 0, n);
251 fdctrl_init_sysbus(rc4030[1], 0, 0x80003000, fds);
253 /* Real time clock */
254 rtc_init(1980, NULL);
255 s_rtc = cpu_register_io_memory(rtc_read, rtc_write, NULL,
256 DEVICE_NATIVE_ENDIAN);
257 cpu_register_physical_memory(0x80004000, 0x00001000, s_rtc);
259 /* Keyboard (i8042) */
260 i8042_mm_init(rc4030[6], rc4030[7], 0x80005000, 0x1000, 0x1);
262 /* Serial ports */
263 if (serial_hds[0]) {
264 #ifdef TARGET_WORDS_BIGENDIAN
265 serial_mm_init(0x80006000, 0, rc4030[8], 8000000/16, serial_hds[0], 1, 1);
266 #else
267 serial_mm_init(0x80006000, 0, rc4030[8], 8000000/16, serial_hds[0], 1, 0);
268 #endif
270 if (serial_hds[1]) {
271 #ifdef TARGET_WORDS_BIGENDIAN
272 serial_mm_init(0x80007000, 0, rc4030[9], 8000000/16, serial_hds[1], 1, 1);
273 #else
274 serial_mm_init(0x80007000, 0, rc4030[9], 8000000/16, serial_hds[1], 1, 0);
275 #endif
278 /* Parallel port */
279 if (parallel_hds[0])
280 parallel_mm_init(0x80008000, 0, rc4030[0], parallel_hds[0]);
282 /* Sound card */
283 /* FIXME: missing Jazz sound at 0x8000c000, rc4030[2] */
284 audio_init(i8259, NULL);
286 /* NVRAM */
287 dev = qdev_create(NULL, "ds1225y");
288 qdev_init_nofail(dev);
289 sysbus = sysbus_from_qdev(dev);
290 sysbus_mmio_map(sysbus, 0, 0x80009000);
292 /* LED indicator */
293 jazz_led_init(0x8000f000);
296 static
297 void mips_magnum_init (ram_addr_t ram_size,
298 const char *boot_device,
299 const char *kernel_filename, const char *kernel_cmdline,
300 const char *initrd_filename, const char *cpu_model)
302 mips_jazz_init(ram_size, cpu_model, JAZZ_MAGNUM);
305 static
306 void mips_pica61_init (ram_addr_t ram_size,
307 const char *boot_device,
308 const char *kernel_filename, const char *kernel_cmdline,
309 const char *initrd_filename, const char *cpu_model)
311 mips_jazz_init(ram_size, cpu_model, JAZZ_PICA61);
314 static QEMUMachine mips_magnum_machine = {
315 .name = "magnum",
316 .desc = "MIPS Magnum",
317 .init = mips_magnum_init,
318 .use_scsi = 1,
321 static QEMUMachine mips_pica61_machine = {
322 .name = "pica61",
323 .desc = "Acer Pica 61",
324 .init = mips_pica61_init,
325 .use_scsi = 1,
328 static void mips_jazz_machine_init(void)
330 qemu_register_machine(&mips_magnum_machine);
331 qemu_register_machine(&mips_pica61_machine);
334 machine_init(mips_jazz_machine_init);