search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
esp: check dma length before reading scsi command(CVE-2016-4441)
[qemu/ar7.git] / hw / arm / vexpress.c
blob70b3e701e0b5a172d481cf558e0d727847f39bfb
1 /*
2 * ARM Versatile Express emulation.
3 *
4 * Copyright (c) 2010 - 2011 B Labs Ltd.
5 * Copyright (c) 2011 Linaro Limited
6 * Written by Bahadir Balban, Amit Mahajan, Peter Maydell
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License version 2 as
10 * published by the Free Software Foundation.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License along
18 * with this program; if not, see <http://www.gnu.org/licenses/>.
19 *
20 * Contributions after 2012-01-13 are licensed under the terms of the
21 * GNU GPL, version 2 or (at your option) any later version.
22 */
23
24 #include "qemu/osdep.h"
25 #include "qapi/error.h"
26 #include "qemu-common.h"
27 #include "cpu.h"
28 #include "hw/sysbus.h"
29 #include "hw/arm/arm.h"
30 #include "hw/arm/primecell.h"
31 #include "hw/devices.h"
32 #include "net/net.h"
33 #include "sysemu/sysemu.h"
34 #include "hw/boards.h"
35 #include "hw/loader.h"
36 #include "exec/address-spaces.h"
37 #include "sysemu/block-backend.h"
38 #include "hw/block/flash.h"
39 #include "sysemu/device_tree.h"
40 #include "qemu/error-report.h"
41 #include <libfdt.h>
42
43 #define VEXPRESS_BOARD_ID 0x8e0
44 #define VEXPRESS_FLASH_SIZE (64 * 1024 * 1024)
45 #define VEXPRESS_FLASH_SECT_SIZE (256 * 1024)
46
47 /* Number of virtio transports to create (0..8; limited by
48 * number of available IRQ lines).
49 */
50 #define NUM_VIRTIO_TRANSPORTS 4
51
52 /* Address maps for peripherals:
53 * the Versatile Express motherboard has two possible maps,
54 * the "legacy" one (used for A9) and the "Cortex-A Series"
55 * map (used for newer cores).
56 * Individual daughterboards can also have different maps for
57 * their peripherals.
58 */
59
60 enum {
61 VE_SYSREGS,
62 VE_SP810,
63 VE_SERIALPCI,
64 VE_PL041,
65 VE_MMCI,
66 VE_KMI0,
67 VE_KMI1,
68 VE_UART0,
69 VE_UART1,
70 VE_UART2,
71 VE_UART3,
72 VE_WDT,
73 VE_TIMER01,
74 VE_TIMER23,
75 VE_SERIALDVI,
76 VE_RTC,
77 VE_COMPACTFLASH,
78 VE_CLCD,
79 VE_NORFLASH0,
80 VE_NORFLASH1,
81 VE_NORFLASHALIAS,
82 VE_SRAM,
83 VE_VIDEORAM,
84 VE_ETHERNET,
85 VE_USB,
86 VE_DAPROM,
87 VE_VIRTIO,
88 };
89
90 static hwaddr motherboard_legacy_map[] = {
91 [VE_NORFLASHALIAS] = 0,
92 /* CS7: 0x10000000 .. 0x10020000 */
93 [VE_SYSREGS] = 0x10000000,
94 [VE_SP810] = 0x10001000,
95 [VE_SERIALPCI] = 0x10002000,
96 [VE_PL041] = 0x10004000,
97 [VE_MMCI] = 0x10005000,
98 [VE_KMI0] = 0x10006000,
99 [VE_KMI1] = 0x10007000,
100 [VE_UART0] = 0x10009000,
101 [VE_UART1] = 0x1000a000,
102 [VE_UART2] = 0x1000b000,
103 [VE_UART3] = 0x1000c000,
104 [VE_WDT] = 0x1000f000,
105 [VE_TIMER01] = 0x10011000,
106 [VE_TIMER23] = 0x10012000,
107 [VE_VIRTIO] = 0x10013000,
108 [VE_SERIALDVI] = 0x10016000,
109 [VE_RTC] = 0x10017000,
110 [VE_COMPACTFLASH] = 0x1001a000,
111 [VE_CLCD] = 0x1001f000,
112 /* CS0: 0x40000000 .. 0x44000000 */
113 [VE_NORFLASH0] = 0x40000000,
114 /* CS1: 0x44000000 .. 0x48000000 */
115 [VE_NORFLASH1] = 0x44000000,
116 /* CS2: 0x48000000 .. 0x4a000000 */
117 [VE_SRAM] = 0x48000000,
118 /* CS3: 0x4c000000 .. 0x50000000 */
119 [VE_VIDEORAM] = 0x4c000000,
120 [VE_ETHERNET] = 0x4e000000,
121 [VE_USB] = 0x4f000000,
122 };
123
124 static hwaddr motherboard_aseries_map[] = {
125 [VE_NORFLASHALIAS] = 0,
126 /* CS0: 0x08000000 .. 0x0c000000 */
127 [VE_NORFLASH0] = 0x08000000,
128 /* CS4: 0x0c000000 .. 0x10000000 */
129 [VE_NORFLASH1] = 0x0c000000,
130 /* CS5: 0x10000000 .. 0x14000000 */
131 /* CS1: 0x14000000 .. 0x18000000 */
132 [VE_SRAM] = 0x14000000,
133 /* CS2: 0x18000000 .. 0x1c000000 */
134 [VE_VIDEORAM] = 0x18000000,
135 [VE_ETHERNET] = 0x1a000000,
136 [VE_USB] = 0x1b000000,
137 /* CS3: 0x1c000000 .. 0x20000000 */
138 [VE_DAPROM] = 0x1c000000,
139 [VE_SYSREGS] = 0x1c010000,
140 [VE_SP810] = 0x1c020000,
141 [VE_SERIALPCI] = 0x1c030000,
142 [VE_PL041] = 0x1c040000,
143 [VE_MMCI] = 0x1c050000,
144 [VE_KMI0] = 0x1c060000,
145 [VE_KMI1] = 0x1c070000,
146 [VE_UART0] = 0x1c090000,
147 [VE_UART1] = 0x1c0a0000,
148 [VE_UART2] = 0x1c0b0000,
149 [VE_UART3] = 0x1c0c0000,
150 [VE_WDT] = 0x1c0f0000,
151 [VE_TIMER01] = 0x1c110000,
152 [VE_TIMER23] = 0x1c120000,
153 [VE_VIRTIO] = 0x1c130000,
154 [VE_SERIALDVI] = 0x1c160000,
155 [VE_RTC] = 0x1c170000,
156 [VE_COMPACTFLASH] = 0x1c1a0000,
157 [VE_CLCD] = 0x1c1f0000,
158 };
159
160 /* Structure defining the peculiarities of a specific daughterboard */
161
162 typedef struct VEDBoardInfo VEDBoardInfo;
163
164 typedef struct {
165 MachineClass parent;
166 VEDBoardInfo *daughterboard;
167 } VexpressMachineClass;
168
169 typedef struct {
170 MachineState parent;
171 bool secure;
172 } VexpressMachineState;
173
174 #define TYPE_VEXPRESS_MACHINE "vexpress"
175 #define TYPE_VEXPRESS_A9_MACHINE MACHINE_TYPE_NAME("vexpress-a9")
176 #define TYPE_VEXPRESS_A15_MACHINE MACHINE_TYPE_NAME("vexpress-a15")
177 #define VEXPRESS_MACHINE(obj) \
178 OBJECT_CHECK(VexpressMachineState, (obj), TYPE_VEXPRESS_MACHINE)
179 #define VEXPRESS_MACHINE_GET_CLASS(obj) \
180 OBJECT_GET_CLASS(VexpressMachineClass, obj, TYPE_VEXPRESS_MACHINE)
181 #define VEXPRESS_MACHINE_CLASS(klass) \
182 OBJECT_CLASS_CHECK(VexpressMachineClass, klass, TYPE_VEXPRESS_MACHINE)
183
184 typedef void DBoardInitFn(const VexpressMachineState *machine,
185 ram_addr_t ram_size,
186 const char *cpu_model,
187 qemu_irq *pic);
188
189 struct VEDBoardInfo {
190 struct arm_boot_info bootinfo;
191 const hwaddr *motherboard_map;
192 hwaddr loader_start;
193 const hwaddr gic_cpu_if_addr;
194 uint32_t proc_id;
195 uint32_t num_voltage_sensors;
196 const uint32_t *voltages;
197 uint32_t num_clocks;
198 const uint32_t *clocks;
199 DBoardInitFn *init;
200 };
201
202 static void init_cpus(const char *cpu_model, const char *privdev,
203 hwaddr periphbase, qemu_irq *pic, bool secure)
204 {
205 ObjectClass *cpu_oc = cpu_class_by_name(TYPE_ARM_CPU, cpu_model);
206 DeviceState *dev;
207 SysBusDevice *busdev;
208 int n;
209
210 if (!cpu_oc) {
211 fprintf(stderr, "Unable to find CPU definition\n");
212 exit(1);
213 }
214
215 /* Create the actual CPUs */
216 for (n = 0; n < smp_cpus; n++) {
217 Object *cpuobj = object_new(object_class_get_name(cpu_oc));
218
219 if (!secure) {
220 object_property_set_bool(cpuobj, false, "has_el3", NULL);
221 }
222
223 if (object_property_find(cpuobj, "reset-cbar", NULL)) {
224 object_property_set_int(cpuobj, periphbase,
225 "reset-cbar", &error_abort);
226 }
227 object_property_set_bool(cpuobj, true, "realized", &error_fatal);
228 }
229
230 /* Create the private peripheral devices (including the GIC);
231 * this must happen after the CPUs are created because a15mpcore_priv
232 * wires itself up to the CPU's generic_timer gpio out lines.
233 */
234 dev = qdev_create(NULL, privdev);
235 qdev_prop_set_uint32(dev, "num-cpu", smp_cpus);
236 qdev_init_nofail(dev);
237 busdev = SYS_BUS_DEVICE(dev);
238 sysbus_mmio_map(busdev, 0, periphbase);
239
240 /* Interrupts [42:0] are from the motherboard;
241 * [47:43] are reserved; [63:48] are daughterboard
242 * peripherals. Note that some documentation numbers
243 * external interrupts starting from 32 (because there
244 * are internal interrupts 0..31).
245 */
246 for (n = 0; n < 64; n++) {
247 pic[n] = qdev_get_gpio_in(dev, n);
248 }
249
250 /* Connect the CPUs to the GIC */
251 for (n = 0; n < smp_cpus; n++) {
252 DeviceState *cpudev = DEVICE(qemu_get_cpu(n));
253
254 sysbus_connect_irq(busdev, n, qdev_get_gpio_in(cpudev, ARM_CPU_IRQ));
255 sysbus_connect_irq(busdev, n + smp_cpus,
256 qdev_get_gpio_in(cpudev, ARM_CPU_FIQ));
257 }
258 }
259
260 static void a9_daughterboard_init(const VexpressMachineState *vms,
261 ram_addr_t ram_size,
262 const char *cpu_model,
263 qemu_irq *pic)
264 {
265 MemoryRegion *sysmem = get_system_memory();
266 MemoryRegion *ram = g_new(MemoryRegion, 1);
267 MemoryRegion *lowram = g_new(MemoryRegion, 1);
268 ram_addr_t low_ram_size;
269
270 if (!cpu_model) {
271 cpu_model = "cortex-a9";
272 }
273
274 if (ram_size > 0x40000000) {
275 /* 1GB is the maximum the address space permits */
276 fprintf(stderr, "vexpress-a9: cannot model more than 1GB RAM\n");
277 exit(1);
278 }
279
280 memory_region_allocate_system_memory(ram, NULL, "vexpress.highmem",
281 ram_size);
282 low_ram_size = ram_size;
283 if (low_ram_size > 0x4000000) {
284 low_ram_size = 0x4000000;
285 }
286 /* RAM is from 0x60000000 upwards. The bottom 64MB of the
287 * address space should in theory be remappable to various
288 * things including ROM or RAM; we always map the RAM there.
289 */
290 memory_region_init_alias(lowram, NULL, "vexpress.lowmem", ram, 0, low_ram_size);
291 memory_region_add_subregion(sysmem, 0x0, lowram);
292 memory_region_add_subregion(sysmem, 0x60000000, ram);
293
294 /* 0x1e000000 A9MPCore (SCU) private memory region */
295 init_cpus(cpu_model, "a9mpcore_priv", 0x1e000000, pic, vms->secure);
296
297 /* Daughterboard peripherals : 0x10020000 .. 0x20000000 */
298
299 /* 0x10020000 PL111 CLCD (daughterboard) */
300 sysbus_create_simple("pl111", 0x10020000, pic[44]);
301
302 /* 0x10060000 AXI RAM */
303 /* 0x100e0000 PL341 Dynamic Memory Controller */
304 /* 0x100e1000 PL354 Static Memory Controller */
305 /* 0x100e2000 System Configuration Controller */
306
307 sysbus_create_simple("sp804", 0x100e4000, pic[48]);
308 /* 0x100e5000 SP805 Watchdog module */
309 /* 0x100e6000 BP147 TrustZone Protection Controller */
310 /* 0x100e9000 PL301 'Fast' AXI matrix */
311 /* 0x100ea000 PL301 'Slow' AXI matrix */
312 /* 0x100ec000 TrustZone Address Space Controller */
313 /* 0x10200000 CoreSight debug APB */
314 /* 0x1e00a000 PL310 L2 Cache Controller */
315 sysbus_create_varargs("l2x0", 0x1e00a000, NULL);
316 }
317
318 /* Voltage values for SYS_CFG_VOLT daughterboard registers;
319 * values are in microvolts.
320 */
321 static const uint32_t a9_voltages[] = {
322 1000000, /* VD10 : 1.0V : SoC internal logic voltage */
323 1000000, /* VD10_S2 : 1.0V : PL310, L2 cache, RAM, non-PL310 logic */
324 1000000, /* VD10_S3 : 1.0V : Cortex-A9, cores, MPEs, SCU, PL310 logic */
325 1800000, /* VCC1V8 : 1.8V : DDR2 SDRAM, test chip DDR2 I/O supply */
326 900000, /* DDR2VTT : 0.9V : DDR2 SDRAM VTT termination voltage */
327 3300000, /* VCC3V3 : 3.3V : local board supply for misc external logic */
328 };
329
330 /* Reset values for daughterboard oscillators (in Hz) */
331 static const uint32_t a9_clocks[] = {
332 45000000, /* AMBA AXI ACLK: 45MHz */
333 23750000, /* daughterboard CLCD clock: 23.75MHz */
334 66670000, /* Test chip reference clock: 66.67MHz */
335 };
336
337 static VEDBoardInfo a9_daughterboard = {
338 .motherboard_map = motherboard_legacy_map,
339 .loader_start = 0x60000000,
340 .gic_cpu_if_addr = 0x1e000100,
341 .proc_id = 0x0c000191,
342 .num_voltage_sensors = ARRAY_SIZE(a9_voltages),
343 .voltages = a9_voltages,
344 .num_clocks = ARRAY_SIZE(a9_clocks),
345 .clocks = a9_clocks,
346 .init = a9_daughterboard_init,
347 };
348
349 static void a15_daughterboard_init(const VexpressMachineState *vms,
350 ram_addr_t ram_size,
351 const char *cpu_model,
352 qemu_irq *pic)
353 {
354 MemoryRegion *sysmem = get_system_memory();
355 MemoryRegion *ram = g_new(MemoryRegion, 1);
356 MemoryRegion *sram = g_new(MemoryRegion, 1);
357
358 if (!cpu_model) {
359 cpu_model = "cortex-a15";
360 }
361
362 {
363 /* We have to use a separate 64 bit variable here to avoid the gcc
364 * "comparison is always false due to limited range of data type"
365 * warning if we are on a host where ram_addr_t is 32 bits.
366 */
367 uint64_t rsz = ram_size;
368 if (rsz > (30ULL * 1024 * 1024 * 1024)) {
369 fprintf(stderr, "vexpress-a15: cannot model more than 30GB RAM\n");
370 exit(1);
371 }
372 }
373
374 memory_region_allocate_system_memory(ram, NULL, "vexpress.highmem",
375 ram_size);
376 /* RAM is from 0x80000000 upwards; there is no low-memory alias for it. */
377 memory_region_add_subregion(sysmem, 0x80000000, ram);
378
379 /* 0x2c000000 A15MPCore private memory region (GIC) */
380 init_cpus(cpu_model, "a15mpcore_priv", 0x2c000000, pic, vms->secure);
381
382 /* A15 daughterboard peripherals: */
383
384 /* 0x20000000: CoreSight interfaces: not modelled */
385 /* 0x2a000000: PL301 AXI interconnect: not modelled */
386 /* 0x2a420000: SCC: not modelled */
387 /* 0x2a430000: system counter: not modelled */
388 /* 0x2b000000: HDLCD controller: not modelled */
389 /* 0x2b060000: SP805 watchdog: not modelled */
390 /* 0x2b0a0000: PL341 dynamic memory controller: not modelled */
391 /* 0x2e000000: system SRAM */
392 memory_region_init_ram(sram, NULL, "vexpress.a15sram", 0x10000,
393 &error_fatal);
394 vmstate_register_ram_global(sram);
395 memory_region_add_subregion(sysmem, 0x2e000000, sram);
396
397 /* 0x7ffb0000: DMA330 DMA controller: not modelled */
398 /* 0x7ffd0000: PL354 static memory controller: not modelled */
399 }
400
401 static const uint32_t a15_voltages[] = {
402 900000, /* Vcore: 0.9V : CPU core voltage */
403 };
404
405 static const uint32_t a15_clocks[] = {
406 60000000, /* OSCCLK0: 60MHz : CPU_CLK reference */
407 0, /* OSCCLK1: reserved */
408 0, /* OSCCLK2: reserved */
409 0, /* OSCCLK3: reserved */
410 40000000, /* OSCCLK4: 40MHz : external AXI master clock */
411 23750000, /* OSCCLK5: 23.75MHz : HDLCD PLL reference */
412 50000000, /* OSCCLK6: 50MHz : static memory controller clock */
413 60000000, /* OSCCLK7: 60MHz : SYSCLK reference */
414 40000000, /* OSCCLK8: 40MHz : DDR2 PLL reference */
415 };
416
417 static VEDBoardInfo a15_daughterboard = {
418 .motherboard_map = motherboard_aseries_map,
419 .loader_start = 0x80000000,
420 .gic_cpu_if_addr = 0x2c002000,
421 .proc_id = 0x14000237,
422 .num_voltage_sensors = ARRAY_SIZE(a15_voltages),
423 .voltages = a15_voltages,
424 .num_clocks = ARRAY_SIZE(a15_clocks),
425 .clocks = a15_clocks,
426 .init = a15_daughterboard_init,
427 };
428
429 static int add_virtio_mmio_node(void *fdt, uint32_t acells, uint32_t scells,
430 hwaddr addr, hwaddr size, uint32_t intc,
431 int irq)
432 {
433 /* Add a virtio_mmio node to the device tree blob:
434 * virtio_mmio@ADDRESS {
435 * compatible = "virtio,mmio";
436 * reg = <ADDRESS, SIZE>;
437 * interrupt-parent = <&intc>;
438 * interrupts = <0, irq, 1>;
439 * }
440 * (Note that the format of the interrupts property is dependent on the
441 * interrupt controller that interrupt-parent points to; these are for
442 * the ARM GIC and indicate an SPI interrupt, rising-edge-triggered.)
443 */
444 int rc;
445 char *nodename = g_strdup_printf("/virtio_mmio@%" PRIx64, addr);
446
447 rc = qemu_fdt_add_subnode(fdt, nodename);
448 rc |= qemu_fdt_setprop_string(fdt, nodename,
449 "compatible", "virtio,mmio");
450 rc |= qemu_fdt_setprop_sized_cells(fdt, nodename, "reg",
451 acells, addr, scells, size);
452 qemu_fdt_setprop_cells(fdt, nodename, "interrupt-parent", intc);
453 qemu_fdt_setprop_cells(fdt, nodename, "interrupts", 0, irq, 1);
454 g_free(nodename);
455 if (rc) {
456 return -1;
457 }
458 return 0;
459 }
460
461 static uint32_t find_int_controller(void *fdt)
462 {
463 /* Find the FDT node corresponding to the interrupt controller
464 * for virtio-mmio devices. We do this by scanning the fdt for
465 * a node with the right compatibility, since we know there is
466 * only one GIC on a vexpress board.
467 * We return the phandle of the node, or 0 if none was found.
468 */
469 const char *compat = "arm,cortex-a9-gic";
470 int offset;
471
472 offset = fdt_node_offset_by_compatible(fdt, -1, compat);
473 if (offset >= 0) {
474 return fdt_get_phandle(fdt, offset);
475 }
476 return 0;
477 }
478
479 static void vexpress_modify_dtb(const struct arm_boot_info *info, void *fdt)
480 {
481 uint32_t acells, scells, intc;
482 const VEDBoardInfo *daughterboard = (const VEDBoardInfo *)info;
483
484 acells = qemu_fdt_getprop_cell(fdt, "/", "#address-cells",
485 NULL, &error_fatal);
486 scells = qemu_fdt_getprop_cell(fdt, "/", "#size-cells",
487 NULL, &error_fatal);
488 intc = find_int_controller(fdt);
489 if (!intc) {
490 /* Not fatal, we just won't provide virtio. This will
491 * happen with older device tree blobs.
492 */
493 fprintf(stderr, "QEMU: warning: couldn't find interrupt controller in "
494 "dtb; will not include virtio-mmio devices in the dtb.\n");
495 } else {
496 int i;
497 const hwaddr *map = daughterboard->motherboard_map;
498
499 /* We iterate backwards here because adding nodes
500 * to the dtb puts them in last-first.
501 */
502 for (i = NUM_VIRTIO_TRANSPORTS - 1; i >= 0; i--) {
503 add_virtio_mmio_node(fdt, acells, scells,
504 map[VE_VIRTIO] + 0x200 * i,
505 0x200, intc, 40 + i);
506 }
507 }
508 }
509
510
511 /* Open code a private version of pflash registration since we
512 * need to set non-default device width for VExpress platform.
513 */
514 static pflash_t *ve_pflash_cfi01_register(hwaddr base, const char *name,
515 DriveInfo *di)
516 {
517 DeviceState *dev = qdev_create(NULL, "cfi.pflash01");
518
519 if (di) {
520 qdev_prop_set_drive(dev, "drive", blk_by_legacy_dinfo(di),
521 &error_abort);
522 }
523
524 qdev_prop_set_uint32(dev, "num-blocks",
525 VEXPRESS_FLASH_SIZE / VEXPRESS_FLASH_SECT_SIZE);
526 qdev_prop_set_uint64(dev, "sector-length", VEXPRESS_FLASH_SECT_SIZE);
527 qdev_prop_set_uint8(dev, "width", 4);
528 qdev_prop_set_uint8(dev, "device-width", 2);
529 qdev_prop_set_bit(dev, "big-endian", false);
530 qdev_prop_set_uint16(dev, "id0", 0x89);
531 qdev_prop_set_uint16(dev, "id1", 0x18);
532 qdev_prop_set_uint16(dev, "id2", 0x00);
533 qdev_prop_set_uint16(dev, "id3", 0x00);
534 qdev_prop_set_string(dev, "name", name);
535 qdev_init_nofail(dev);
536
537 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);
538 return OBJECT_CHECK(pflash_t, (dev), "cfi.pflash01");
539 }
540
541 static void vexpress_common_init(MachineState *machine)
542 {
543 VexpressMachineState *vms = VEXPRESS_MACHINE(machine);
544 VexpressMachineClass *vmc = VEXPRESS_MACHINE_GET_CLASS(machine);
545 VEDBoardInfo *daughterboard = vmc->daughterboard;
546 DeviceState *dev, *sysctl, *pl041;
547 qemu_irq pic[64];
548 uint32_t sys_id;
549 DriveInfo *dinfo;
550 pflash_t *pflash0;
551 ram_addr_t vram_size, sram_size;
552 MemoryRegion *sysmem = get_system_memory();
553 MemoryRegion *vram = g_new(MemoryRegion, 1);
554 MemoryRegion *sram = g_new(MemoryRegion, 1);
555 MemoryRegion *flashalias = g_new(MemoryRegion, 1);
556 MemoryRegion *flash0mem;
557 const hwaddr *map = daughterboard->motherboard_map;
558 int i;
559
560 daughterboard->init(vms, machine->ram_size, machine->cpu_model, pic);
561
562 /*
563 * If a bios file was provided, attempt to map it into memory
564 */
565 if (bios_name) {
566 char *fn;
567 int image_size;
568
569 if (drive_get(IF_PFLASH, 0, 0)) {
570 error_report("The contents of the first flash device may be "
571 "specified with -bios or with -drive if=pflash... "
572 "but you cannot use both options at once");
573 exit(1);
574 }
575 fn = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
576 if (!fn) {
577 error_report("Could not find ROM image '%s'", bios_name);
578 exit(1);
579 }
580 image_size = load_image_targphys(fn, map[VE_NORFLASH0],
581 VEXPRESS_FLASH_SIZE);
582 g_free(fn);
583 if (image_size < 0) {
584 error_report("Could not load ROM image '%s'", bios_name);
585 exit(1);
586 }
587 }
588
589 /* Motherboard peripherals: the wiring is the same but the
590 * addresses vary between the legacy and A-Series memory maps.
591 */
592
593 sys_id = 0x1190f500;
594
595 sysctl = qdev_create(NULL, "realview_sysctl");
596 qdev_prop_set_uint32(sysctl, "sys_id", sys_id);
597 qdev_prop_set_uint32(sysctl, "proc_id", daughterboard->proc_id);
598 qdev_prop_set_uint32(sysctl, "len-db-voltage",
599 daughterboard->num_voltage_sensors);
600 for (i = 0; i < daughterboard->num_voltage_sensors; i++) {
601 char *propname = g_strdup_printf("db-voltage[%d]", i);
602 qdev_prop_set_uint32(sysctl, propname, daughterboard->voltages[i]);
603 g_free(propname);
604 }
605 qdev_prop_set_uint32(sysctl, "len-db-clock",
606 daughterboard->num_clocks);
607 for (i = 0; i < daughterboard->num_clocks; i++) {
608 char *propname = g_strdup_printf("db-clock[%d]", i);
609 qdev_prop_set_uint32(sysctl, propname, daughterboard->clocks[i]);
610 g_free(propname);
611 }
612 qdev_init_nofail(sysctl);
613 sysbus_mmio_map(SYS_BUS_DEVICE(sysctl), 0, map[VE_SYSREGS]);
614
615 /* VE_SP810: not modelled */
616 /* VE_SERIALPCI: not modelled */
617
618 pl041 = qdev_create(NULL, "pl041");
619 qdev_prop_set_uint32(pl041, "nc_fifo_depth", 512);
620 qdev_init_nofail(pl041);
621 sysbus_mmio_map(SYS_BUS_DEVICE(pl041), 0, map[VE_PL041]);
622 sysbus_connect_irq(SYS_BUS_DEVICE(pl041), 0, pic[11]);
623
624 dev = sysbus_create_varargs("pl181", map[VE_MMCI], pic[9], pic[10], NULL);
625 /* Wire up MMC card detect and read-only signals */
626 qdev_connect_gpio_out(dev, 0,
627 qdev_get_gpio_in(sysctl, ARM_SYSCTL_GPIO_MMC_WPROT));
628 qdev_connect_gpio_out(dev, 1,
629 qdev_get_gpio_in(sysctl, ARM_SYSCTL_GPIO_MMC_CARDIN));
630
631 sysbus_create_simple("pl050_keyboard", map[VE_KMI0], pic[12]);
632 sysbus_create_simple("pl050_mouse", map[VE_KMI1], pic[13]);
633
634 sysbus_create_simple("pl011", map[VE_UART0], pic[5]);
635 sysbus_create_simple("pl011", map[VE_UART1], pic[6]);
636 sysbus_create_simple("pl011", map[VE_UART2], pic[7]);
637 sysbus_create_simple("pl011", map[VE_UART3], pic[8]);
638
639 sysbus_create_simple("sp804", map[VE_TIMER01], pic[2]);
640 sysbus_create_simple("sp804", map[VE_TIMER23], pic[3]);
641
642 /* VE_SERIALDVI: not modelled */
643
644 sysbus_create_simple("pl031", map[VE_RTC], pic[4]); /* RTC */
645
646 /* VE_COMPACTFLASH: not modelled */
647
648 sysbus_create_simple("pl111", map[VE_CLCD], pic[14]);
649
650 dinfo = drive_get_next(IF_PFLASH);
651 pflash0 = ve_pflash_cfi01_register(map[VE_NORFLASH0], "vexpress.flash0",
652 dinfo);
653 if (!pflash0) {
654 fprintf(stderr, "vexpress: error registering flash 0.\n");
655 exit(1);
656 }
657
658 if (map[VE_NORFLASHALIAS] != -1) {
659 /* Map flash 0 as an alias into low memory */
660 flash0mem = sysbus_mmio_get_region(SYS_BUS_DEVICE(pflash0), 0);
661 memory_region_init_alias(flashalias, NULL, "vexpress.flashalias",
662 flash0mem, 0, VEXPRESS_FLASH_SIZE);
663 memory_region_add_subregion(sysmem, map[VE_NORFLASHALIAS], flashalias);
664 }
665
666 dinfo = drive_get_next(IF_PFLASH);
667 if (!ve_pflash_cfi01_register(map[VE_NORFLASH1], "vexpress.flash1",
668 dinfo)) {
669 fprintf(stderr, "vexpress: error registering flash 1.\n");
670 exit(1);
671 }
672
673 sram_size = 0x2000000;
674 memory_region_init_ram(sram, NULL, "vexpress.sram", sram_size,
675 &error_fatal);
676 vmstate_register_ram_global(sram);
677 memory_region_add_subregion(sysmem, map[VE_SRAM], sram);
678
679 vram_size = 0x800000;
680 memory_region_init_ram(vram, NULL, "vexpress.vram", vram_size,
681 &error_fatal);
682 vmstate_register_ram_global(vram);
683 memory_region_add_subregion(sysmem, map[VE_VIDEORAM], vram);
684
685 /* 0x4e000000 LAN9118 Ethernet */
686 if (nd_table[0].used) {
687 lan9118_init(&nd_table[0], map[VE_ETHERNET], pic[15]);
688 }
689
690 /* VE_USB: not modelled */
691
692 /* VE_DAPROM: not modelled */
693
694 /* Create mmio transports, so the user can create virtio backends
695 * (which will be automatically plugged in to the transports). If
696 * no backend is created the transport will just sit harmlessly idle.
697 */
698 for (i = 0; i < NUM_VIRTIO_TRANSPORTS; i++) {
699 sysbus_create_simple("virtio-mmio", map[VE_VIRTIO] + 0x200 * i,
700 pic[40 + i]);
701 }
702
703 daughterboard->bootinfo.ram_size = machine->ram_size;
704 daughterboard->bootinfo.kernel_filename = machine->kernel_filename;
705 daughterboard->bootinfo.kernel_cmdline = machine->kernel_cmdline;
706 daughterboard->bootinfo.initrd_filename = machine->initrd_filename;
707 daughterboard->bootinfo.nb_cpus = smp_cpus;
708 daughterboard->bootinfo.board_id = VEXPRESS_BOARD_ID;
709 daughterboard->bootinfo.loader_start = daughterboard->loader_start;
710 daughterboard->bootinfo.smp_loader_start = map[VE_SRAM];
711 daughterboard->bootinfo.smp_bootreg_addr = map[VE_SYSREGS] + 0x30;
712 daughterboard->bootinfo.gic_cpu_if_addr = daughterboard->gic_cpu_if_addr;
713 daughterboard->bootinfo.modify_dtb = vexpress_modify_dtb;
714 /* Indicate that when booting Linux we should be in secure state */
715 daughterboard->bootinfo.secure_boot = true;
716 arm_load_kernel(ARM_CPU(first_cpu), &daughterboard->bootinfo);
717 }
718
719 static bool vexpress_get_secure(Object *obj, Error **errp)
720 {
721 VexpressMachineState *vms = VEXPRESS_MACHINE(obj);
722
723 return vms->secure;
724 }
725
726 static void vexpress_set_secure(Object *obj, bool value, Error **errp)
727 {
728 VexpressMachineState *vms = VEXPRESS_MACHINE(obj);
729
730 vms->secure = value;
731 }
732
733 static void vexpress_instance_init(Object *obj)
734 {
735 VexpressMachineState *vms = VEXPRESS_MACHINE(obj);
736
737 /* EL3 is enabled by default on vexpress */
738 vms->secure = true;
739 object_property_add_bool(obj, "secure", vexpress_get_secure,
740 vexpress_set_secure, NULL);
741 object_property_set_description(obj, "secure",
742 "Set on/off to enable/disable the ARM "
743 "Security Extensions (TrustZone)",
744 NULL);
745 }
746
747 static void vexpress_class_init(ObjectClass *oc, void *data)
748 {
749 MachineClass *mc = MACHINE_CLASS(oc);
750
751 mc->desc = "ARM Versatile Express";
752 mc->init = vexpress_common_init;
753 mc->block_default_type = IF_SCSI;
754 mc->max_cpus = 4;
755 }
756
757 static void vexpress_a9_class_init(ObjectClass *oc, void *data)
758 {
759 MachineClass *mc = MACHINE_CLASS(oc);
760 VexpressMachineClass *vmc = VEXPRESS_MACHINE_CLASS(oc);
761
762 mc->desc = "ARM Versatile Express for Cortex-A9";
763
764 vmc->daughterboard = &a9_daughterboard;
765 }
766
767 static void vexpress_a15_class_init(ObjectClass *oc, void *data)
768 {
769 MachineClass *mc = MACHINE_CLASS(oc);
770 VexpressMachineClass *vmc = VEXPRESS_MACHINE_CLASS(oc);
771
772 mc->desc = "ARM Versatile Express for Cortex-A15";
773
774 vmc->daughterboard = &a15_daughterboard;
775 }
776
777 static const TypeInfo vexpress_info = {
778 .name = TYPE_VEXPRESS_MACHINE,
779 .parent = TYPE_MACHINE,
780 .abstract = true,
781 .instance_size = sizeof(VexpressMachineState),
782 .instance_init = vexpress_instance_init,
783 .class_size = sizeof(VexpressMachineClass),
784 .class_init = vexpress_class_init,
785 };
786
787 static const TypeInfo vexpress_a9_info = {
788 .name = TYPE_VEXPRESS_A9_MACHINE,
789 .parent = TYPE_VEXPRESS_MACHINE,
790 .class_init = vexpress_a9_class_init,
791 };
792
793 static const TypeInfo vexpress_a15_info = {
794 .name = TYPE_VEXPRESS_A15_MACHINE,
795 .parent = TYPE_VEXPRESS_MACHINE,
796 .class_init = vexpress_a15_class_init,
797 };
798
799 static void vexpress_machine_init(void)
800 {
801 type_register_static(&vexpress_info);
802 type_register_static(&vexpress_a9_info);
803 type_register_static(&vexpress_a15_info);
804 }
805
806 type_init(vexpress_machine_init);
AR7 emulation for QEMU