| #include "hw/sysbus.h" |
| #include "hw/devices.h" |
| #include "hw/mips/mips.h" |
| #include "hw/mips/cpudevs.h" |
| #include "net/net.h" |
| #include "sysemu/device_tree.h" |
| #include "sysemu/sysemu.h" |
| #include "sysemu/kvm.h" |
| #include "hw/boards.h" |
| #include "exec/address-spaces.h" |
| #include "qemu/bitops.h" |
| #include "qemu/error-report.h" |
| #include "qemu/config-file.h" |
| #include "sysemu/char.h" |
| #include "monitor/monitor.h" |
| #include "hw/misc/android_pipe.h" |
| #include "hw/loader.h" |
| #include "elf.h" |
| #include "hw/intc/goldfish_pic.h" |
| #include "hw/irq.h" |
| |
| #ifdef CONFIG_ANDROID |
| #include "android/android.h" |
| #endif // CONFIG_ANDROID |
| |
| #define PHYS_TO_VIRT(x) ((x) | ~(target_ulong)0x7fffffff) |
| |
| #define MIPS_CPU_SAVE_VERSION 1 |
| #define MIPS_CPU_IRQ_BASE 8 |
| |
| #define HIGHMEM_OFFSET 0x20000000 |
| #define GOLDFISH_IO_SPACE 0x1f000000 |
| |
| #define VIRTIO_TRANSPORTS 16 |
| #define MAX_GF_TTYS 3 |
| |
| #define TYPE_MIPS_RANCHU "mips-ranchu" |
| #define MIPS_RANCHU(obj) OBJECT_CHECK(RanchuState, (obj), TYPE_MIPS_RANCHU) |
| #define MIPS_RANCHU_REV "1" |
| |
| typedef struct { |
| SysBusDevice parent_obj; |
| |
| qemu_irq *gfpic; |
| } RanchuState; |
| |
| #define MAX_RAM_SIZE_MB 4079UL |
| |
| enum { |
| RANCHU_GF_PIC, |
| RANCHU_GF_TTY, |
| RANCHU_GF_TIMER, |
| RANCHU_GF_RTC, |
| RANCHU_GF_BATTERY, |
| RANCHU_GF_FB, |
| RANCHU_GF_EVDEV, |
| RANCHU_ANDROID_PIPE, |
| RANCHU_GF_AUDIO, |
| RANCHU_MMIO, |
| }; |
| |
| typedef struct DevMapEntry { |
| hwaddr base; |
| hwaddr size; |
| int irq; |
| const char* qemu_name; |
| const char* dt_name; |
| const char* dt_compatible; |
| } DevMapEntry; |
| |
| static DevMapEntry devmap[] = { |
| [RANCHU_GF_PIC] = { GOLDFISH_IO_SPACE, 0x1000, 0, |
| NULL, "goldfish_pic", "generic,goldfish-pic" }, |
| /* ttyGF0 base address remains hardcoded in the kernel. |
| * Early printing (prom_putchar()) relies on finding device |
| * mapped on this address. DT can not be used at that early stage |
| * for acquiring the base address of the device in the kernel. |
| */ |
| [RANCHU_GF_TTY] = { GOLDFISH_IO_SPACE + 0x02000, 0x1000, 2, |
| "goldfish_tty", "goldfish_tty", "generic,goldfish-tty" }, |
| /* repeats for a total of MAX_GF_TTYS */ |
| [RANCHU_GF_TIMER] = { GOLDFISH_IO_SPACE + 0x05000, 0x1000, 5, |
| "goldfish_timer", "goldfish_timer", "generic,goldfish-timer" }, |
| [RANCHU_GF_RTC] = { GOLDFISH_IO_SPACE + 0x06000, 0x1000, 6, |
| "goldfish_rtc", "goldfish_rtc", "generic,goldfish-rtc" }, |
| [RANCHU_GF_BATTERY] = { GOLDFISH_IO_SPACE + 0x07000, 0x1000, 7, |
| "goldfish_battery", "goldfish_battery", "generic,goldfish-battery" }, |
| [RANCHU_GF_FB] = { GOLDFISH_IO_SPACE + 0x08000, 0x0100, 8, |
| "goldfish_fb", "goldfish_fb", "generic,goldfish-fb" }, |
| [RANCHU_GF_EVDEV] = { GOLDFISH_IO_SPACE + 0x09000, 0x1000, 9, |
| "goldfish-events", "goldfish_events", "generic,goldfish-events-keypad" }, |
| [RANCHU_ANDROID_PIPE] = { GOLDFISH_IO_SPACE + 0x0A000, 0x2000, 10, |
| "android_pipe", "android_pipe", "generic,android-pipe" }, |
| [RANCHU_GF_AUDIO] = { GOLDFISH_IO_SPACE + 0x0C000, 0x0100, 11, |
| "goldfish_audio", "goldfish_audio", "generic,goldfish-audio" }, |
| [RANCHU_MMIO] = { GOLDFISH_IO_SPACE + 0x10000, 0x0200, 16, |
| "virtio-mmio", "virtio_mmio", "virtio,mmio" }, |
| /* ...repeating for a total of VIRTIO_TRANSPORTS, each of that size */ |
| }; |
| |
| struct machine_params { |
| uint64_t kernel_entry; |
| uint64_t cmdline_ptr; |
| unsigned ram_size; |
| unsigned highmem_size; |
| MIPSCPU *cpu; |
| } ranchu_params; |
| |
| static void main_cpu_reset(void* opaque1) |
| { |
| struct machine_params *opaque = (struct machine_params *)opaque1; |
| MIPSCPU *cpu = opaque->cpu; |
| |
| cpu_reset(CPU(cpu)); |
| |
| cpu->env.active_tc.PC = opaque->kernel_entry; |
| cpu->env.active_tc.gpr[4] = opaque->cmdline_ptr; /* a0 */ |
| cpu->env.active_tc.gpr[5] = opaque->ram_size; /* a1 */ |
| cpu->env.active_tc.gpr[6] = opaque->highmem_size;/* a2 */ |
| cpu->env.active_tc.gpr[7] = 0; /* a3 */ |
| |
| } |
| |
| static void android_load_kernel(CPUMIPSState *env, int ram_size, |
| const char *kernel_filename, |
| const char *kernel_cmdline, |
| const char *initrd_filename, |
| void* fdt, int fdt_size) |
| { |
| int initrd_size; |
| ram_addr_t initrd_offset; |
| uint64_t kernel_entry, kernel_low, kernel_high; |
| unsigned int cmdline; |
| |
| /* Load the kernel. */ |
| if (!kernel_filename) { |
| fprintf(stderr, "Kernel image must be specified\n"); |
| exit(1); |
| } |
| |
| if (load_elf(kernel_filename, cpu_mips_kseg0_to_phys, NULL, |
| (uint64_t *)&kernel_entry, (uint64_t *)&kernel_low, |
| (uint64_t *)&kernel_high, 0, ELF_MACHINE, 1) < 0) { |
| fprintf(stderr, "qemu: could not load kernel '%s'\n", kernel_filename); |
| exit(1); |
| } |
| |
| /* Load the DTB at the kernel_high address, that is the place where |
| * kernel with Appended DT support enabled will look for it |
| */ |
| if (fdt) { |
| cpu_physical_memory_write(kernel_high, fdt, fdt_size); |
| kernel_high += fdt_size; |
| } |
| |
| ranchu_params.kernel_entry = kernel_entry; |
| |
| /* load initrd */ |
| initrd_size = 0; |
| initrd_offset = 0; |
| if (initrd_filename) { |
| initrd_size = get_image_size (initrd_filename); |
| if (initrd_size > 0) { |
| initrd_offset = (kernel_high + ~TARGET_PAGE_MASK) & TARGET_PAGE_MASK; |
| if (initrd_offset + initrd_size > ram_size) { |
| fprintf(stderr, |
| "qemu: memory too small for initial ram disk '%s'\n", |
| initrd_filename); |
| exit(1); |
| } |
| initrd_size = load_image_targphys(initrd_filename, |
| initrd_offset, |
| ram_size - initrd_offset); |
| } |
| |
| if (initrd_size == (target_ulong) -1) { |
| fprintf(stderr, |
| "qemu: could not load initial ram disk '%s'\n", |
| initrd_filename); |
| exit(1); |
| } |
| } |
| |
| /* Store command line in top page of memory |
| * kernel will copy the command line to a local buffer |
| */ |
| cmdline = ram_size - TARGET_PAGE_SIZE; |
| char kernel_cmd[1024]; |
| if (initrd_size > 0) |
| sprintf (kernel_cmd, "%s rd_start=0x%" HWADDR_PRIx " rd_size=%li", |
| kernel_cmdline, |
| (hwaddr)PHYS_TO_VIRT(initrd_offset), |
| (long int)initrd_size); |
| else |
| strcpy (kernel_cmd, kernel_cmdline); |
| |
| /* Setup Highmem */ |
| char kernel_cmd2[1024]; |
| if (ranchu_params.highmem_size) { |
| sprintf (kernel_cmd2, "%s mem=%um@0x0 mem=%um@0x%x", |
| kernel_cmd, |
| GOLDFISH_IO_SPACE / (1024 * 1024), |
| ranchu_params.highmem_size / (1024 * 1024), |
| HIGHMEM_OFFSET); |
| } else { |
| strcpy (kernel_cmd2, kernel_cmd); |
| } |
| |
| cpu_physical_memory_write(ram_size - TARGET_PAGE_SIZE, |
| (void *)kernel_cmd2, |
| strlen(kernel_cmd2) + 1); |
| |
| ranchu_params.cmdline_ptr = PHYS_TO_VIRT(cmdline); |
| } |
| |
| /* create_device(void* fdt, DevMapEntry* dev, qemu_irq* pic, |
| * int num_devices, int is_virtio) |
| * |
| * In case of interrupt controller dev->irq stores |
| * dt handle previously referenced as interrupt-parent |
| * |
| * @fdt - Place where DT nodes will be stored |
| * @dev - Device information (base, irq, name) |
| * @pic - Interrupt controller parent. If NULL, 'intc' node assumed. |
| * @num_devices - If you want to allocate multiple continuous device mappings |
| */ |
| static void create_device(void* fdt, DevMapEntry* dev, qemu_irq* pic, |
| int num_devices, int is_virtio) |
| { |
| int i; |
| |
| for (i = 0; i < num_devices; i++) { |
| hwaddr base = dev->base + i * dev->size; |
| |
| char* nodename = g_strdup_printf("/%s@%" PRIx64, dev->dt_name, base); |
| qemu_fdt_add_subnode(fdt, nodename); |
| qemu_fdt_setprop(fdt, nodename, "compatible", |
| dev->dt_compatible, |
| strlen(dev->dt_compatible) + 1); |
| qemu_fdt_setprop_sized_cells(fdt, nodename, "reg", 1, base, 2, dev->size); |
| |
| if (pic == NULL) { |
| qemu_fdt_setprop(fdt, nodename, "interrupt-controller", NULL, 0); |
| qemu_fdt_setprop_cell(fdt, nodename, "phandle", dev->irq); |
| qemu_fdt_setprop_cell(fdt, nodename, "#interrupt-cells", 0x1); |
| } else { |
| qemu_fdt_setprop_cells(fdt, nodename, "interrupts", |
| dev->irq + i + MIPS_CPU_IRQ_BASE); |
| if (is_virtio) { |
| /* Note that we have to create the transports in forwards order |
| * so that command line devices are inserted lowest address first, |
| * and then add dtb nodes in reverse order so that they appear in |
| * the finished device tree lowest address first. |
| */ |
| sysbus_create_simple(dev->qemu_name, |
| dev->base + (num_devices - i - 1) * dev->size, |
| pic[dev->irq + num_devices - i - 1]); |
| } else { |
| sysbus_create_simple(dev->qemu_name, base, pic[dev->irq + i]); |
| } |
| } |
| g_free(nodename); |
| } |
| } |
| |
| static void ranchu_init(MachineState *machine) |
| { |
| MIPSCPU *cpu; |
| CPUMIPSState *env; |
| qemu_irq *goldfish_pic; |
| int i, fdt_size; |
| void *fdt; |
| |
| DeviceState *dev = qdev_create(NULL, TYPE_MIPS_RANCHU); |
| RanchuState *s = MIPS_RANCHU(dev); |
| |
| MemoryRegion *ram_lo = g_new(MemoryRegion, 1); |
| MemoryRegion *ram_hi = g_new(MemoryRegion, 1); |
| |
| /* init CPUs */ |
| if (machine->cpu_model == NULL) { |
| #ifdef TARGET_MIPS64 |
| machine->cpu_model = "MIPS64R2-generic"; |
| #else |
| machine->cpu_model = "74Kf"; |
| #endif |
| } |
| cpu = cpu_mips_init(machine->cpu_model); |
| if (cpu == NULL) { |
| fprintf(stderr, "Unable to find CPU definition\n"); |
| exit(1); |
| } |
| |
| env = &cpu->env; |
| |
| register_savevm(NULL, |
| "cpu", |
| 0, |
| MIPS_CPU_SAVE_VERSION, |
| cpu_save, |
| cpu_load, |
| env); |
| |
| qemu_register_reset(main_cpu_reset, &ranchu_params); |
| |
| if (ram_size > (MAX_RAM_SIZE_MB << 20)) { |
| fprintf(stderr, "qemu: Too much memory for this machine. " |
| "RAM size reduced to %lu MB\n", MAX_RAM_SIZE_MB); |
| ram_size = MAX_RAM_SIZE_MB << 20; |
| } |
| |
| fdt = create_device_tree(&fdt_size); |
| |
| if (!fdt) { |
| error_report("create_device_tree() failed"); |
| exit(1); |
| } |
| |
| memory_region_init_ram(ram_lo, NULL, "ranchu_low.ram", |
| MIN(ram_size, GOLDFISH_IO_SPACE), &error_abort); |
| vmstate_register_ram_global(ram_lo); |
| memory_region_add_subregion(get_system_memory(), 0, ram_lo); |
| |
| ranchu_params.ram_size = MIN(ram_size, GOLDFISH_IO_SPACE); |
| |
| /* post IO hole, if there is enough RAM */ |
| if (ram_size > GOLDFISH_IO_SPACE) { |
| memory_region_init_ram(ram_hi, NULL, "ranchu_high.ram", |
| ram_size - GOLDFISH_IO_SPACE, &error_abort); |
| vmstate_register_ram_global(ram_hi); |
| memory_region_add_subregion(get_system_memory(), HIGHMEM_OFFSET, ram_hi); |
| ranchu_params.highmem_size = ram_size - GOLDFISH_IO_SPACE; |
| } |
| |
| ranchu_params.cpu = cpu; |
| |
| cpu_mips_irq_init_cpu(env); |
| cpu_mips_clock_init(env); |
| |
| /* Initialize Goldfish PIC */ |
| s->gfpic = goldfish_pic = goldfish_interrupt_init(devmap[RANCHU_GF_PIC].base, |
| env->irq[2], env->irq[3]); |
| /* Alocate dt handle (label) for interrupt-parent */ |
| devmap[RANCHU_GF_PIC].irq = qemu_fdt_alloc_phandle(fdt); |
| |
| qemu_fdt_setprop_string(fdt, "/", "model", "ranchu"); |
| qemu_fdt_setprop_string(fdt, "/", "compatible", "mti,goldfish"); |
| qemu_fdt_setprop_cell(fdt, "/", "#address-cells", 0x1); |
| qemu_fdt_setprop_cell(fdt, "/", "#size-cells", 0x2); |
| qemu_fdt_setprop_cell(fdt, "/", "interrupt-parent", devmap[RANCHU_GF_PIC].irq); |
| |
| /* Firmware node */ |
| qemu_fdt_add_subnode(fdt, "/firmware"); |
| qemu_fdt_add_subnode(fdt, "/firmware/android"); |
| qemu_fdt_setprop_string(fdt, "/firmware/android", "compatible", "android,firmware"); |
| qemu_fdt_setprop_string(fdt, "/firmware/android", "hardware", "ranchu"); |
| qemu_fdt_setprop_string(fdt, "/firmware/android", "revision", MIPS_RANCHU_REV); |
| |
| /* CPU node */ |
| qemu_fdt_add_subnode(fdt, "/cpus"); |
| qemu_fdt_add_subnode(fdt, "/cpus/cpu@0"); |
| qemu_fdt_setprop_string(fdt, "/cpus/cpu@0", "device_type", "cpu"); |
| qemu_fdt_setprop_string(fdt, "/cpus/cpu@0", "compatible", "mti,5KEf"); |
| |
| /* Memory node */ |
| qemu_fdt_add_subnode(fdt, "/memory"); |
| qemu_fdt_setprop_string(fdt, "/memory", "device_type", "memory"); |
| if (ram_size > GOLDFISH_IO_SPACE) { |
| qemu_fdt_setprop_sized_cells(fdt, "/memory", "reg", |
| 1, 0, 2, GOLDFISH_IO_SPACE, |
| 1, HIGHMEM_OFFSET, 2, ram_size - GOLDFISH_IO_SPACE); |
| } else { |
| qemu_fdt_setprop_sized_cells(fdt, "/memory", "reg", 1, 0, 2, ram_size); |
| } |
| |
| /* Create goldfish_pic controller node in dt */ |
| create_device(fdt, &devmap[RANCHU_GF_PIC], NULL, 1, 0); |
| |
| /* Create 4 Goldfish TTYs */ |
| create_device(fdt, &devmap[RANCHU_GF_TTY], goldfish_pic, MAX_GF_TTYS, 0); |
| |
| /* Other Goldfish Platform devices */ |
| for (i = RANCHU_GF_AUDIO; i >= RANCHU_GF_TIMER ; i--) { |
| create_device(fdt, &devmap[i], goldfish_pic, 1, 0); |
| } |
| |
| /* Virtio MMIO devices */ |
| create_device(fdt, &devmap[RANCHU_MMIO], goldfish_pic, VIRTIO_TRANSPORTS, 1); |
| |
| qemu_fdt_dumpdtb(fdt, fdt_size); |
| |
| android_load_kernel(env, MIN(ram_size, GOLDFISH_IO_SPACE), |
| machine->kernel_filename, |
| machine->kernel_cmdline, |
| machine->initrd_filename, |
| fdt, fdt_size); |
| } |
| |
| static int mips_ranchu_sysbus_device_init(SysBusDevice *sysbusdev) |
| { |
| return 0; |
| } |
| |
| static void mips_ranchu_class_init(ObjectClass *klass, void *data) |
| { |
| SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass); |
| |
| k->init = mips_ranchu_sysbus_device_init; |
| } |
| |
| static const TypeInfo mips_ranchu_device = { |
| .name = TYPE_MIPS_RANCHU, |
| .parent = TYPE_SYS_BUS_DEVICE, |
| .instance_size = sizeof(RanchuState), |
| .class_init = mips_ranchu_class_init, |
| }; |
| |
| static QEMUMachine ranchu_machine = { |
| .name = "ranchu", |
| .desc = "Ranchu Virtual Machine for Android Emulator", |
| .init = ranchu_init, |
| .max_cpus = 1, |
| }; |
| |
| static void mips_ranchu_register_types(void) |
| { |
| type_register_static(&mips_ranchu_device); |
| } |
| |
| static void ranchu_machine_init(void) |
| { |
| qemu_register_machine(&ranchu_machine); |
| } |
| |
| type_init(mips_ranchu_register_types) |
| machine_init(ranchu_machine_init); |
