search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Complete raspi/raspi2 and Windows support fixes, ported from qemu-ar7
[qemu/ar7.git] / hw / arm / raspi2.c
blobbcf03e3221f50a44c1b465f3f2912ac220ffc730
1 /*
2 * Rasperry Pi 2 emulation
3 * Copyright (c) 2015, Microsoft
4 * Written by Andrew Baumann
5 *
6 * Based on raspi.c (Raspberry Pi 1 emulation), copyright terms below:
7 *
8 * Raspberry Pi emulation (c) 2012 Gregory Estrade
9 * Upstreaming code cleanup [including bcm2835_*] (c) 2013 Jan Petrous
10 * This code is licensed under the GNU GPLv2 and later.
11 * Based on versatilepb.c, copyright terms below.
12 *
13 * ARM Versatile Platform/Application Baseboard System emulation.
14 *
15 * Copyright (c) 2005-2007 CodeSourcery.
16 * Written by Paul Brook
17 *
18 * This code is licensed under the GPL.
19 */
20
21 #include "hw/boards.h"
22 #include "hw/devices.h"
23 #include "hw/loader.h"
24 #include "hw/sysbus.h"
25 #include "hw/arm/arm.h"
26 #include "sysemu/sysemu.h"
27 #include "exec/address-spaces.h"
28 #include "hw/arm/bcm2836_platform.h"
29 #include "hw/arm/bcm2835_common.h"
30 #include "net/net.h"
31
32 #define BUS_ADDR(x) (((x) - BCM2708_PERI_BASE) + 0x7e000000)
33
34 static const uint32_t bootloader_0[] = {
35 0xea000006, // b 0x20 ; reset vector: branch to the bootloader below
36 0xe1a00000, // nop ; (mov r0, r0)
37 0xe1a00000, // nop ; (mov r0, r0)
38 0xe1a00000, // nop ; (mov r0, r0)
39 0xe1a00000, // nop ; (mov r0, r0)
40 0xe1a00000, // nop ; (mov r0, r0)
41 0xe1a00000, // nop ; (mov r0, r0)
42 0xe1a00000, // nop ; (mov r0, r0)
43
44 /* start of bootloader */
45 0xE3A03902, // mov r3, #0x8000 ; entry point for primary core
46
47 /* retrieve core ID */
48 0xEE100FB0, // mrc p15, 0, r0, c0, c0, 5 ; get core ID
49 0xE7E10050, // ubfx r0, r0, #0, #2 ; extract LSB
50 0xE3500000, // cmp r0, #0 ; if zero, we're the primary
51 0x0A000004, // beq 2f
52
53 /* busy-wait for mailbox set on secondary cores */
54 0xE59F501C, // ldr r4, =0x400000CC ; mailbox 3 read/clear base
55 0xE7953200, // 1: ldr r3, [r4, r0, lsl #4] ; read mailbox for our core
56 0xE3530000, // cmp r3, #0 ; spin while zero
57 0x0AFFFFFC, // beq 1b
58 0xE7853200, // str r3, [r4, r0, lsl #4] ; clear mailbox
59
60 /* enter image at [r3] */
61 0xE3A00000, // 2: mov r0, #0
62 0xE59F1008, // ldr r1, =0xc43 ; Linux machine type MACH_BCM2709 = 0xc43
63 0xE3A02C01, // ldr r2, =0x100 ; Address of ATAGS
64 0xE12FFF13, // bx r3
65
66 /* constants */
67 0x400000CC,
68 0x00000C43,
69 };
70
71 static uint32_t bootloader_100[] = { // this is the "tag list" in RAM at 0x100
72 // ref: http://www.simtec.co.uk/products/SWLINUX/files/booting_article.html
73 0x00000005, // length of core tag (words)
74 0x54410001, // ATAG_CORE
75 0x00000001, // flags
76 0x00001000, // page size (4k)
77 0x00000000, // root device
78 0x00000004, // length of mem tag (words)
79 0x54410002, // ATAG_MEM
80 /* It will be overwritten by dynamically calculated memory size */
81 0x08000000, // RAM size (to be overwritten)
82 0x00000000, // start of RAM
83 0x00000000, // "length" of none tag (magic)
84 0x00000000 // ATAG_NONE
85 };
86
87 static struct arm_boot_info raspi_binfo;
88
89 static void init_cpus(const char *cpu_model, DeviceState *icdev)
90 {
91 ObjectClass *cpu_oc = cpu_class_by_name(TYPE_ARM_CPU, cpu_model);
92 int n;
93
94 if (!cpu_oc) {
95 fprintf(stderr, "Unable to find CPU definition\n");
96 exit(1);
97 }
98
99 for (n = 0; n < smp_cpus; n++) {
100 Object *cpu = object_new(object_class_get_name(cpu_oc));
101 Error *err = NULL;
102
103 /* Mirror bcm2836, which has clusterid set to 0xf */
104 ARM_CPU(cpu)->mp_affinity = 0xF00 | n;
105
106 /* set periphbase/CBAR value for CPU-local registers */
107 object_property_set_int(cpu, MCORE_BASE,
108 "reset-cbar", &error_abort);
109
110 object_property_set_bool(cpu, true, "realized", &err);
111 if (err) {
112 error_report_err(err);
113 exit(1);
114 }
115
116 /* Connect irq/fiq outputs from the interrupt controller. */
117 qdev_connect_gpio_out_named(icdev, "irq", n,
118 qdev_get_gpio_in(DEVICE(cpu), ARM_CPU_IRQ));
119 qdev_connect_gpio_out_named(icdev, "fiq", n,
120 qdev_get_gpio_in(DEVICE(cpu), ARM_CPU_FIQ));
121
122 /* Connect timers from the CPU to the interrupt controller */
123 ARM_CPU(cpu)->gt_timer_outputs[GTIMER_PHYS]
124 = qdev_get_gpio_in_named(icdev, "cntpsirq", 0);
125 ARM_CPU(cpu)->gt_timer_outputs[GTIMER_VIRT]
126 = qdev_get_gpio_in_named(icdev, "cntvirq", 0);
127 }
128 }
129
130 static void raspi2_init(MachineState *machine)
131 {
132 MemoryRegion *sysmem = get_system_memory();
133
134 MemoryRegion *bcm2835_ram = g_new(MemoryRegion, 1);
135 MemoryRegion *bcm2835_vcram = g_new(MemoryRegion, 1);
136
137 MemoryRegion *ram_alias = g_new(MemoryRegion, 4);
138 MemoryRegion *vcram_alias = g_new(MemoryRegion, 4);
139
140 MemoryRegion *per_todo_bus = g_new(MemoryRegion, 1);
141 MemoryRegion *per_ic_bus = g_new(MemoryRegion, 1);
142 MemoryRegion *per_control_bus = g_new(MemoryRegion, 1);
143 MemoryRegion *per_uart0_bus = g_new(MemoryRegion, 1);
144 MemoryRegion *per_uart1_bus = g_new(MemoryRegion, 1);
145 MemoryRegion *per_st_bus = g_new(MemoryRegion, 1);
146 MemoryRegion *per_sbm_bus = g_new(MemoryRegion, 1);
147 MemoryRegion *per_power_bus = g_new(MemoryRegion, 1);
148 MemoryRegion *per_fb_bus = g_new(MemoryRegion, 1);
149 MemoryRegion *per_prop_bus = g_new(MemoryRegion, 1);
150 MemoryRegion *per_vchiq_bus = g_new(MemoryRegion, 1);
151 MemoryRegion *per_emmc_bus = g_new(MemoryRegion, 1);
152 MemoryRegion *per_dma1_bus = g_new(MemoryRegion, 1);
153 MemoryRegion *per_dma2_bus = g_new(MemoryRegion, 1);
154 MemoryRegion *per_timer_bus = g_new(MemoryRegion, 1);
155 MemoryRegion *per_usb_bus = g_new(MemoryRegion, 1);
156 MemoryRegion *per_mphi_bus = g_new(MemoryRegion, 1);
157
158 MemoryRegion *mr;
159
160 qemu_irq pic[72];
161 qemu_irq mbox_irq[MBOX_CHAN_COUNT];
162
163 DeviceState *dev, *icdev;
164 SysBusDevice *s;
165
166 int n;
167
168 bcm2835_vcram_base = machine->ram_size - VCRAM_SIZE;
169
170 /* Write real RAM size in ATAG structure */
171 bootloader_100[7] = bcm2835_vcram_base;
172
173 memory_region_allocate_system_memory(bcm2835_ram, NULL, "raspi.ram",
174 bcm2835_vcram_base);
175
176 memory_region_allocate_system_memory(bcm2835_vcram, NULL, "vcram.ram",
177 VCRAM_SIZE);
178
179 memory_region_add_subregion(sysmem, (0 << 30), bcm2835_ram);
180 memory_region_add_subregion(sysmem, (0 << 30) + bcm2835_vcram_base,
181 bcm2835_vcram);
182 for (n = 1; n < 4; n++) {
183 memory_region_init_alias(&ram_alias[n], NULL, NULL, bcm2835_ram,
184 0, bcm2835_vcram_base);
185 memory_region_init_alias(&vcram_alias[n], NULL, NULL, bcm2835_vcram,
186 0, VCRAM_SIZE);
187 memory_region_add_subregion(sysmem, (n << 30), &ram_alias[n]);
188 memory_region_add_subregion(sysmem, (n << 30) + bcm2835_vcram_base,
189 &vcram_alias[n]);
190 }
191
192 /* (Yet) unmapped I/O registers */
193 dev = sysbus_create_simple("bcm2835_todo", BCM2708_PERI_BASE, NULL);
194 s = SYS_BUS_DEVICE(dev);
195 mr = sysbus_mmio_get_region(s, 0);
196 memory_region_init_alias(per_todo_bus, NULL, NULL, mr,
197 0, memory_region_size(mr));
198 memory_region_add_subregion(sysmem, BUS_ADDR(BCM2708_PERI_BASE),
199 per_todo_bus);
200
201 /* Interrupt Controllers: BCM2835 chains to the new 2836 controller */
202 icdev = dev = sysbus_create_varargs("bcm2836_control", 0x40000000, NULL);
203
204 s = SYS_BUS_DEVICE(dev);
205 mr = sysbus_mmio_get_region(s, 0);
206 memory_region_init_alias(per_control_bus, NULL, NULL, mr,
207 0, memory_region_size(mr));
208 memory_region_add_subregion(sysmem, BUS_ADDR(0x40000000),
209 per_control_bus);
210
211 /* Create the child controller, which handles all the devices */
212 dev = sysbus_create_varargs("bcm2835_ic", ARMCTRL_IC_BASE,
213 qdev_get_gpio_in_named(icdev, "gpu_irq", 0),
214 qdev_get_gpio_in_named(icdev, "gpu_fiq", 0),
215 NULL);
216
217 s = SYS_BUS_DEVICE(dev);
218 mr = sysbus_mmio_get_region(s, 0);
219 memory_region_init_alias(per_ic_bus, NULL, NULL, mr,
220 0, memory_region_size(mr));
221 memory_region_add_subregion(sysmem, BUS_ADDR(ARMCTRL_IC_BASE),
222 per_ic_bus);
223
224 for (n = 0; n < 72; n++) {
225 pic[n] = qdev_get_gpio_in(dev, n);
226 }
227
228 /* Create the CPUs, and wire them up to the interrupt controller */
229 if (!machine->cpu_model) {
230 machine->cpu_model = "cortex-a15"; /* Closest architecturally to the A7 */
231 }
232
233 init_cpus(machine->cpu_model, icdev);
234
235 /* UART0 */
236 dev = sysbus_create_simple("pl011", UART0_BASE, pic[INTERRUPT_VC_UART]);
237 s = SYS_BUS_DEVICE(dev);
238 mr = sysbus_mmio_get_region(s, 0);
239 memory_region_init_alias(per_uart0_bus, NULL, NULL, mr,
240 0, memory_region_size(mr));
241 memory_region_add_subregion(sysmem, BUS_ADDR(UART0_BASE),
242 per_uart0_bus);
243
244 /* UART1 */
245 dev = sysbus_create_simple("bcm2835_aux", UART1_BASE, pic[INTERRUPT_AUX]);
246 s = SYS_BUS_DEVICE(dev);
247 mr = sysbus_mmio_get_region(s, 0);
248 memory_region_init_alias(per_uart1_bus, NULL, NULL, mr,
249 0, memory_region_size(mr));
250 memory_region_add_subregion(sysmem, BUS_ADDR(UART1_BASE),
251 per_uart1_bus);
252
253 /* System timer */
254 dev = sysbus_create_varargs("bcm2835_st", ST_BASE,
255 pic[INTERRUPT_TIMER0], pic[INTERRUPT_TIMER1],
256 pic[INTERRUPT_TIMER2], pic[INTERRUPT_TIMER3],
257 NULL);
258 s = SYS_BUS_DEVICE(dev);
259 mr = sysbus_mmio_get_region(s, 0);
260 memory_region_init_alias(per_st_bus, NULL, NULL, mr,
261 0, memory_region_size(mr));
262 memory_region_add_subregion(sysmem, BUS_ADDR(ST_BASE),
263 per_st_bus);
264
265 /* ARM timer */
266 dev = sysbus_create_simple("bcm2835_timer", ARMCTRL_TIMER0_1_BASE,
267 pic[INTERRUPT_ARM_TIMER]);
268 s = SYS_BUS_DEVICE(dev);
269 mr = sysbus_mmio_get_region(s, 0);
270 memory_region_init_alias(per_timer_bus, NULL, NULL, mr,
271 0, memory_region_size(mr));
272 memory_region_add_subregion(sysmem, BUS_ADDR(ARMCTRL_TIMER0_1_BASE),
273 per_timer_bus);
274
275 /* USB controller */
276 dev = sysbus_create_simple("bcm2835_usb", USB_BASE,
277 pic[INTERRUPT_VC_USB]);
278 s = SYS_BUS_DEVICE(dev);
279 mr = sysbus_mmio_get_region(s, 0);
280 memory_region_init_alias(per_usb_bus, NULL, NULL, mr,
281 0, memory_region_size(mr));
282 memory_region_add_subregion(sysmem, BUS_ADDR(USB_BASE),
283 per_usb_bus);
284
285 /* MPHI - Message-based Parallel Host Interface */
286 dev = sysbus_create_simple("bcm2835_mphi", MPHI_BASE,
287 pic[INTERRUPT_HOSTPORT]);
288 s = SYS_BUS_DEVICE(dev);
289 mr = sysbus_mmio_get_region(s, 0);
290 memory_region_init_alias(per_mphi_bus, NULL, NULL, mr,
291 0, memory_region_size(mr));
292 memory_region_add_subregion(sysmem, BUS_ADDR(MPHI_BASE),
293 per_mphi_bus);
294
295
296 /* Semaphores / Doorbells / Mailboxes */
297 dev = sysbus_create_simple("bcm2835_sbm", ARMCTRL_0_SBM_BASE,
298 pic[INTERRUPT_ARM_MAILBOX]);
299 s = SYS_BUS_DEVICE(dev);
300 mr = sysbus_mmio_get_region(s, 0);
301 memory_region_init_alias(per_sbm_bus, NULL, NULL, mr,
302 0, memory_region_size(mr));
303 memory_region_add_subregion(sysmem, BUS_ADDR(ARMCTRL_0_SBM_BASE),
304 per_sbm_bus);
305
306 for (n = 0; n < MBOX_CHAN_COUNT; n++) {
307 mbox_irq[n] = qdev_get_gpio_in(dev, n);
308 }
309
310 /* Mailbox-addressable peripherals using (hopefully) free address space */
311 /* locations and pseudo-irqs to dispatch mailbox requests and responses */
312 /* between them. */
313
314 /* Power management */
315 dev = sysbus_create_simple("bcm2835_power",
316 ARMCTRL_0_SBM_BASE + 0x400 + (MBOX_CHAN_POWER<<4),
317 mbox_irq[MBOX_CHAN_POWER]);
318 s = SYS_BUS_DEVICE(dev);
319 mr = sysbus_mmio_get_region(s, 0);
320 memory_region_init_alias(per_power_bus, NULL, NULL, mr,
321 0, memory_region_size(mr));
322 memory_region_add_subregion(sysmem,
323 BUS_ADDR(ARMCTRL_0_SBM_BASE + 0x400 + (MBOX_CHAN_POWER<<4)),
324 per_power_bus);
325
326 /* Framebuffer */
327 dev = sysbus_create_simple("bcm2835_fb",
328 ARMCTRL_0_SBM_BASE + 0x400 + (MBOX_CHAN_FB<<4),
329 mbox_irq[MBOX_CHAN_FB]);
330 s = SYS_BUS_DEVICE(dev);
331 mr = sysbus_mmio_get_region(s, 0);
332 memory_region_init_alias(per_fb_bus, NULL, NULL, mr,
333 0, memory_region_size(mr));
334 memory_region_add_subregion(sysmem,
335 BUS_ADDR(ARMCTRL_0_SBM_BASE + 0x400 + (MBOX_CHAN_FB<<4)),
336 per_fb_bus);
337
338 /* Property channel */
339 dev = sysbus_create_simple("bcm2835_property",
340 ARMCTRL_0_SBM_BASE + 0x400 + (MBOX_CHAN_PROPERTY<<4),
341 mbox_irq[MBOX_CHAN_PROPERTY]);
342 s = SYS_BUS_DEVICE(dev);
343 mr = sysbus_mmio_get_region(s, 0);
344 memory_region_init_alias(per_prop_bus, NULL, NULL, mr,
345 0, memory_region_size(mr));
346 memory_region_add_subregion(sysmem,
347 BUS_ADDR(ARMCTRL_0_SBM_BASE + 0x400 + (MBOX_CHAN_PROPERTY<<4)),
348 per_prop_bus);
349
350 /* VCHIQ */
351 dev = sysbus_create_simple("bcm2835_vchiq",
352 ARMCTRL_0_SBM_BASE + 0x400 + (MBOX_CHAN_VCHIQ<<4),
353 mbox_irq[MBOX_CHAN_VCHIQ]);
354 s = SYS_BUS_DEVICE(dev);
355 mr = sysbus_mmio_get_region(s, 0);
356 memory_region_init_alias(per_vchiq_bus, NULL, NULL, mr,
357 0, memory_region_size(mr));
358 memory_region_add_subregion(sysmem,
359 BUS_ADDR(ARMCTRL_0_SBM_BASE + 0x400 + (MBOX_CHAN_VCHIQ<<4)),
360 per_vchiq_bus);
361
362 /* Extended Mass Media Controller */
363 dev = sysbus_create_simple("bcm2835_emmc", EMMC_BASE,
364 pic[INTERRUPT_VC_ARASANSDIO]);
365 s = SYS_BUS_DEVICE(dev);
366 mr = sysbus_mmio_get_region(s, 0);
367 memory_region_init_alias(per_emmc_bus, NULL, NULL, mr,
368 0, memory_region_size(mr));
369 memory_region_add_subregion(sysmem, BUS_ADDR(EMMC_BASE),
370 per_emmc_bus);
371
372 /* DMA Channels */
373 dev = qdev_create(NULL, "bcm2835_dma");
374 s = SYS_BUS_DEVICE(dev);
375 qdev_init_nofail(dev);
376 sysbus_mmio_map(s, 0, DMA_BASE);
377 sysbus_mmio_map(s, 1, (BCM2708_PERI_BASE + 0xe05000));
378 s = SYS_BUS_DEVICE(dev);
379 mr = sysbus_mmio_get_region(s, 0);
380 memory_region_init_alias(per_dma1_bus, NULL, NULL, mr,
381 0, memory_region_size(mr));
382 memory_region_add_subregion(sysmem, BUS_ADDR(DMA_BASE),
383 per_dma1_bus);
384 mr = sysbus_mmio_get_region(s, 1);
385 memory_region_init_alias(per_dma2_bus, NULL, NULL, mr,
386 0, memory_region_size(mr));
387 memory_region_add_subregion(sysmem, BUS_ADDR(BCM2708_PERI_BASE + 0xe05000),
388 per_dma2_bus);
389 sysbus_connect_irq(s, 0, pic[INTERRUPT_DMA0]);
390 sysbus_connect_irq(s, 1, pic[INTERRUPT_DMA1]);
391 sysbus_connect_irq(s, 2, pic[INTERRUPT_VC_DMA2]);
392 sysbus_connect_irq(s, 3, pic[INTERRUPT_VC_DMA3]);
393 sysbus_connect_irq(s, 4, pic[INTERRUPT_DMA4]);
394 sysbus_connect_irq(s, 5, pic[INTERRUPT_DMA5]);
395 sysbus_connect_irq(s, 6, pic[INTERRUPT_DMA6]);
396 sysbus_connect_irq(s, 7, pic[INTERRUPT_DMA7]);
397 sysbus_connect_irq(s, 8, pic[INTERRUPT_DMA8]);
398 sysbus_connect_irq(s, 9, pic[INTERRUPT_DMA9]);
399 sysbus_connect_irq(s, 10, pic[INTERRUPT_DMA10]);
400 sysbus_connect_irq(s, 11, pic[INTERRUPT_DMA11]);
401 sysbus_connect_irq(s, 12, pic[INTERRUPT_DMA12]);
402
403 /* XXX: this is not present on a real pi, it's a kludge for Windows NIC/debug */
404 if (nd_table[0].used) {
405 lan9118_init(&nd_table[0], 0x3F900000, NULL); // no interrupt (yet)
406 }
407
408 /* Finally, the board itself */
409 raspi_binfo.ram_size = bcm2835_vcram_base;
410 raspi_binfo.board_id = 0xc43; // Linux MACH_BCM2709
411
412 /* If the user specified a "firmware" image (e.g. UEFI), we bypass
413 the normal Linux boot process */
414 if (machine->firmware) {
415 /* XXX: Kludge for Windows support: put framebuffer in BGR
416 * mode. We need a config switch somewhere to enable this. It
417 * should ultimately be emulated by looking in config.txt (as
418 * the real firmware does) for the relevant options */
419 bcm2835_fb.pixo = 0;
420
421 /* load the firmware image (typically kernel.img) at 0x8000 */
422 load_image_targphys(machine->firmware,
423 0x8000,
424 bcm2835_vcram_base - 0x8000);
425
426 /* copy over the bootloader */
427 for (n = 0; n < ARRAY_SIZE(bootloader_0); n++) {
428 stl_phys(&address_space_memory, (n << 2), bootloader_0[n]);
429 }
430 for (n = 0; n < ARRAY_SIZE(bootloader_100); n++) {
431 stl_phys(&address_space_memory, 0x100 + (n << 2), bootloader_100[n]);
432 }
433
434 /* set variables so arm_load_kernel does the right thing */
435 raspi_binfo.is_linux = false;
436 raspi_binfo.entry = 0x20;
437 raspi_binfo.firmware_loaded = true;
438 } else {
439 /* Just let arm_load_kernel do everything for us... */
440 raspi_binfo.kernel_filename = machine->kernel_filename;
441 raspi_binfo.kernel_cmdline = machine->kernel_cmdline;
442 raspi_binfo.initrd_filename = machine->initrd_filename;
443 }
444
445 arm_load_kernel(ARM_CPU(first_cpu), &raspi_binfo);
446 }
447
448 static void raspi2_machine_init(MachineClass *mc)
449 {
450 mc->desc = "Raspberry Pi 2";
451 mc->init = raspi2_init;
452 mc->block_default_type = IF_SD;
453 mc->max_cpus = 4;
454 };
455
456 DEFINE_MACHINE("raspi2", raspi2_machine_init)
AR7 emulation for QEMU