/* warning: addr must be aligned. The ram page is not masked as dirty
and the code inside is not invalidated. It is useful if the dirty
bits are used to track modified PTEs */
void glue(address_space_stl_notdirty, SUFFIX)(ARG1_DECL,
hwaddr addr, uint32_t val, MemTxAttrs attrs, MemTxResult *result)
{
uint8_t *ptr;
MemoryRegion *mr;
hwaddr l = 4;
hwaddr addr1;
MemTxResult r;
uint8_t dirty_log_mask;
bool release_lock = false;
RCU_READ_LOCK();
mr = TRANSLATE(addr, &addr1, &l, true);
if (l < 4 || !IS_DIRECT(mr, true)) {
release_lock |= prepare_mmio_access(mr);
r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
} else {
ptr = MAP_RAM(mr, addr1);
stl_p(ptr, val);
dirty_log_mask = memory_region_get_dirty_log_mask(mr);
dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
cpu_physical_memory_set_dirty_range(memory_region_get_ram_addr(mr) + addr,
4, dirty_log_mask);
r = MEMTX_OK;
}
if (result) {
*result = r;
}
if (release_lock) {
qemu_mutex_unlock_iothread();
}
RCU_READ_UNLOCK();
}
static void spin_kick(void *data)
{
SpinKick *kick = data;
CPUState *cpu = CPU(kick->cpu);
CPUPPCState *env = &kick->cpu->env;
SpinInfo *curspin = kick->spin;
hwaddr map_size = 64 * 1024 * 1024;
hwaddr map_start;
cpu_synchronize_state(cpu);
stl_p(&curspin->pir, env->spr[SPR_PIR]);
env->nip = ldq_p(&curspin->addr) & (map_size - 1);
env->gpr[3] = ldq_p(&curspin->r3);
env->gpr[4] = 0;
env->gpr[5] = 0;
env->gpr[6] = 0;
env->gpr[7] = map_size;
env->gpr[8] = 0;
env->gpr[9] = 0;
map_start = ldq_p(&curspin->addr) & ~(map_size - 1);
mmubooke_create_initial_mapping(env, 0, map_start, map_size);
cpu->halted = 0;
env->exception_index = -1;
cpu->stopped = false;
qemu_cpu_kick(cpu);
}
static void virtio_audio_cmd_result(uint32_t value, VirtQueueElement *elem,
size_t *out_bytes)
{
size_t offset = *out_bytes;
int len;
int n;
DPRINTF("cmd result %d\n", value);
for (n = 0; n < elem->in_num; n++) {
len = elem->in_sg[n].iov_len;
if (len < offset) {
offset -= len;
len = 0;
} else {
if (len - offset < 4) {
BADF("buffer too short\n");
return;
}
stl_p(elem->in_sg[n].iov_base + offset, value);
(*out_bytes) += 4;
return;
}
}
BADF("No space left\n");
}
static void mb_add_mod(MultibootState *s,
hwaddr start, hwaddr end,
hwaddr cmdline_phys)
{
char *p;
assert(s->mb_mods_count < s->mb_mods_avail);
p = (char *)s->mb_buf + s->offset_mbinfo + MB_MOD_SIZE * s->mb_mods_count;
stl_p(p + MB_MOD_START, start);
stl_p(p + MB_MOD_END, end);
stl_p(p + MB_MOD_CMDLINE, cmdline_phys);
mb_debug("mod%02d: "TARGET_FMT_plx" - "TARGET_FMT_plx"\n",
s->mb_mods_count, start, end);
s->mb_mods_count++;
}
void cpu_outl(pio_addr_t addr, uint32_t val)
{
uint8_t buf[4];
trace_cpu_out(addr, 'l', val);
stl_p(buf, val);
address_space_write(&address_space_io, addr, MEMTXATTRS_UNSPECIFIED,
buf, 4);
}
/* warning: addr must be aligned */
static inline void glue(address_space_stl_internal, SUFFIX)(ARG1_DECL,
hwaddr addr, uint32_t val, MemTxAttrs attrs,
MemTxResult *result, enum device_endian endian)
{
uint8_t *ptr;
MemoryRegion *mr;
hwaddr l = 4;
hwaddr addr1;
MemTxResult r;
bool release_lock = false;
RCU_READ_LOCK();
mr = TRANSLATE(addr, &addr1, &l, true);
if (l < 4 || !IS_DIRECT(mr, true)) {
release_lock |= prepare_mmio_access(mr);
#if defined(TARGET_WORDS_BIGENDIAN)
if (endian == DEVICE_LITTLE_ENDIAN) {
val = bswap32(val);
}
#else
if (endian == DEVICE_BIG_ENDIAN) {
val = bswap32(val);
}
#endif
r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
} else {
/* RAM case */
ptr = MAP_RAM(mr, addr1);
switch (endian) {
case DEVICE_LITTLE_ENDIAN:
stl_le_p(ptr, val);
break;
case DEVICE_BIG_ENDIAN:
stl_be_p(ptr, val);
break;
default:
stl_p(ptr, val);
break;
}
INVALIDATE(mr, addr1, 4);
r = MEMTX_OK;
}
if (result) {
*result = r;
}
if (release_lock) {
qemu_mutex_unlock_iothread();
}
RCU_READ_UNLOCK();
}
static void spin_write(void *opaque, hwaddr addr, uint64_t value,
unsigned len)
{
SpinState *s = opaque;
int env_idx = addr / sizeof(SpinInfo);
CPUPPCState *env;
SpinInfo *curspin = &s->spin[env_idx];
uint8_t *curspin_p = (uint8_t*)curspin;
for (env = first_cpu; env != NULL; env = env->next_cpu) {
if (env->cpu_index == env_idx) {
break;
}
}
if (!env) {
/* Unknown CPU */
return;
}
if (!env->cpu_index) {
/* primary CPU doesn't spin */
return;
}
curspin_p = &curspin_p[addr % sizeof(SpinInfo)];
switch (len) {
case 1:
stb_p(curspin_p, value);
break;
case 2:
stw_p(curspin_p, value);
break;
case 4:
stl_p(curspin_p, value);
break;
}
if (!(ldq_p(&curspin->addr) & 1)) {
/* run CPU */
SpinKick kick = {
.cpu = ppc_env_get_cpu(env),
.spin = curspin,
};
run_on_cpu(CPU(kick.cpu), spin_kick, &kick);
}
static void spin_write(void *opaque, hwaddr addr, uint64_t value,
unsigned len)
{
SpinState *s = opaque;
int env_idx = addr / sizeof(SpinInfo);
CPUState *cpu;
SpinInfo *curspin = &s->spin[env_idx];
uint8_t *curspin_p = (uint8_t*)curspin;
cpu = qemu_get_cpu(env_idx);
if (cpu == NULL) {
/* Unknown CPU */
return;
}
if (cpu->cpu_index == 0) {
/* primary CPU doesn't spin */
return;
}
curspin_p = &curspin_p[addr % sizeof(SpinInfo)];
switch (len) {
case 1:
stb_p(curspin_p, value);
break;
case 2:
stw_p(curspin_p, value);
break;
case 4:
stl_p(curspin_p, value);
break;
}
if (!(ldq_p(&curspin->addr) & 1)) {
/* run CPU */
SpinKick kick = {
.cpu = POWERPC_CPU(cpu),
.spin = curspin,
};
run_on_cpu(cpu, spin_kick, &kick);
}
static void virtio_blk_handle_scsi(VirtIOBlockReq *req)
{
struct sg_io_hdr hdr;
int ret;
int status;
int i;
/*
* We require at least one output segment each for the virtio_blk_outhdr
* and the SCSI command block.
*
* We also at least require the virtio_blk_inhdr, the virtio_scsi_inhdr
* and the sense buffer pointer in the input segments.
*/
if (req->elem.out_num < 2 || req->elem.in_num < 3) {
virtio_blk_req_complete(req, VIRTIO_BLK_S_IOERR);
return;
}
/*
* No support for bidirection commands yet.
*/
if (req->elem.out_num > 2 && req->elem.in_num > 3) {
virtio_blk_req_complete(req, VIRTIO_BLK_S_UNSUPP);
return;
}
/*
* The scsi inhdr is placed in the second-to-last input segment, just
* before the regular inhdr.
*/
req->scsi = (void *)req->elem.in_sg[req->elem.in_num - 2].iov_base;
memset(&hdr, 0, sizeof(struct sg_io_hdr));
hdr.interface_id = 'S';
hdr.cmd_len = req->elem.out_sg[1].iov_len;
hdr.cmdp = req->elem.out_sg[1].iov_base;
hdr.dxfer_len = 0;
if (req->elem.out_num > 2) {
/*
* If there are more than the minimally required 2 output segments
* there is write payload starting from the third iovec.
*/
hdr.dxfer_direction = SG_DXFER_TO_DEV;
hdr.iovec_count = req->elem.out_num - 2;
for (i = 0; i < hdr.iovec_count; i++)
hdr.dxfer_len += req->elem.out_sg[i + 2].iov_len;
hdr.dxferp = req->elem.out_sg + 2;
} else if (req->elem.in_num > 3) {
/*
* If we have more than 3 input segments the guest wants to actually
* read data.
*/
hdr.dxfer_direction = SG_DXFER_FROM_DEV;
hdr.iovec_count = req->elem.in_num - 3;
for (i = 0; i < hdr.iovec_count; i++)
hdr.dxfer_len += req->elem.in_sg[i].iov_len;
hdr.dxferp = req->elem.in_sg;
} else {
/*
* Some SCSI commands don't actually transfer any data.
*/
hdr.dxfer_direction = SG_DXFER_NONE;
}
hdr.sbp = req->elem.in_sg[req->elem.in_num - 3].iov_base;
hdr.mx_sb_len = req->elem.in_sg[req->elem.in_num - 3].iov_len;
ret = bdrv_ioctl(req->dev->bs, SG_IO, &hdr);
if (ret) {
status = VIRTIO_BLK_S_UNSUPP;
hdr.status = ret;
hdr.resid = hdr.dxfer_len;
} else if (hdr.status) {
status = VIRTIO_BLK_S_IOERR;
} else {
status = VIRTIO_BLK_S_OK;
}
stl_p(&req->scsi->errors, hdr.status);
stl_p(&req->scsi->residual, hdr.resid);
stl_p(&req->scsi->sense_len, hdr.sb_len_wr);
stl_p(&req->scsi->data_len, hdr.dxfer_len);
virtio_blk_req_complete(req, status);
}
static uint64_t sun4u_load_kernel(const char *kernel_filename,
const char *initrd_filename,
ram_addr_t RAM_size, uint64_t *initrd_size,
uint64_t *initrd_addr, uint64_t *kernel_addr,
uint64_t *kernel_entry)
{
int linux_boot;
unsigned int i;
long kernel_size;
uint8_t *ptr;
uint64_t kernel_top;
linux_boot = (kernel_filename != NULL);
kernel_size = 0;
if (linux_boot) {
int bswap_needed;
#ifdef BSWAP_NEEDED
bswap_needed = 1;
#else
bswap_needed = 0;
#endif
kernel_size = load_elf(kernel_filename, NULL, NULL, kernel_entry,
kernel_addr, &kernel_top, 1, ELF_MACHINE, 0);
if (kernel_size < 0) {
*kernel_addr = KERNEL_LOAD_ADDR;
*kernel_entry = KERNEL_LOAD_ADDR;
kernel_size = load_aout(kernel_filename, KERNEL_LOAD_ADDR,
RAM_size - KERNEL_LOAD_ADDR, bswap_needed,
TARGET_PAGE_SIZE);
}
if (kernel_size < 0) {
kernel_size = load_image_targphys(kernel_filename,
KERNEL_LOAD_ADDR,
RAM_size - KERNEL_LOAD_ADDR);
}
if (kernel_size < 0) {
fprintf(stderr, "qemu: could not load kernel '%s'\n",
kernel_filename);
exit(1);
}
/* load initrd above kernel */
*initrd_size = 0;
if (initrd_filename) {
*initrd_addr = TARGET_PAGE_ALIGN(kernel_top);
*initrd_size = load_image_targphys(initrd_filename,
*initrd_addr,
RAM_size - *initrd_addr);
if ((int)*initrd_size < 0) {
fprintf(stderr, "qemu: could not load initial ram disk '%s'\n",
initrd_filename);
exit(1);
}
}
if (*initrd_size > 0) {
for (i = 0; i < 64 * TARGET_PAGE_SIZE; i += TARGET_PAGE_SIZE) {
ptr = rom_ptr(*kernel_addr + i);
if (ldl_p(ptr + 8) == 0x48647253) { /* HdrS */
stl_p(ptr + 24, *initrd_addr + *kernel_addr);
stl_p(ptr + 28, *initrd_size);
break;
}
}
}
}
return kernel_size;
}
/* Store System Information */
uint32_t HELPER(stsi)(CPUS390XState *env, uint64_t a0, uint32_t r0,
uint32_t r1)
{
int cc = 0;
int sel1, sel2;
if ((r0 & STSI_LEVEL_MASK) <= STSI_LEVEL_3 &&
((r0 & STSI_R0_RESERVED_MASK) || (r1 & STSI_R1_RESERVED_MASK))) {
/* valid function code, invalid reserved bits */
program_interrupt(env, PGM_SPECIFICATION, 2);
}
sel1 = r0 & STSI_R0_SEL1_MASK;
sel2 = r1 & STSI_R1_SEL2_MASK;
/* XXX: spec exception if sysib is not 4k-aligned */
switch (r0 & STSI_LEVEL_MASK) {
case STSI_LEVEL_1:
if ((sel1 == 1) && (sel2 == 1)) {
/* Basic Machine Configuration */
struct sysib_111 sysib;
memset(&sysib, 0, sizeof(sysib));
ebcdic_put(sysib.manuf, "QEMU ", 16);
/* same as machine type number in STORE CPU ID */
ebcdic_put(sysib.type, "QEMU", 4);
/* same as model number in STORE CPU ID */
ebcdic_put(sysib.model, "QEMU ", 16);
ebcdic_put(sysib.sequence, "QEMU ", 16);
ebcdic_put(sysib.plant, "QEMU", 4);
cpu_physical_memory_rw(a0, (uint8_t *)&sysib, sizeof(sysib), 1);
} else if ((sel1 == 2) && (sel2 == 1)) {
/* Basic Machine CPU */
struct sysib_121 sysib;
memset(&sysib, 0, sizeof(sysib));
/* XXX make different for different CPUs? */
ebcdic_put(sysib.sequence, "QEMUQEMUQEMUQEMU", 16);
ebcdic_put(sysib.plant, "QEMU", 4);
stw_p(&sysib.cpu_addr, env->cpu_num);
cpu_physical_memory_rw(a0, (uint8_t *)&sysib, sizeof(sysib), 1);
} else if ((sel1 == 2) && (sel2 == 2)) {
/* Basic Machine CPUs */
struct sysib_122 sysib;
memset(&sysib, 0, sizeof(sysib));
stl_p(&sysib.capability, 0x443afc29);
/* XXX change when SMP comes */
stw_p(&sysib.total_cpus, 1);
stw_p(&sysib.active_cpus, 1);
stw_p(&sysib.standby_cpus, 0);
stw_p(&sysib.reserved_cpus, 0);
cpu_physical_memory_rw(a0, (uint8_t *)&sysib, sizeof(sysib), 1);
} else {
cc = 3;
}
break;
case STSI_LEVEL_2:
{
if ((sel1 == 2) && (sel2 == 1)) {
/* LPAR CPU */
struct sysib_221 sysib;
memset(&sysib, 0, sizeof(sysib));
/* XXX make different for different CPUs? */
ebcdic_put(sysib.sequence, "QEMUQEMUQEMUQEMU", 16);
ebcdic_put(sysib.plant, "QEMU", 4);
stw_p(&sysib.cpu_addr, env->cpu_num);
stw_p(&sysib.cpu_id, 0);
cpu_physical_memory_rw(a0, (uint8_t *)&sysib, sizeof(sysib), 1);
} else if ((sel1 == 2) && (sel2 == 2)) {
/* LPAR CPUs */
struct sysib_222 sysib;
memset(&sysib, 0, sizeof(sysib));
stw_p(&sysib.lpar_num, 0);
sysib.lcpuc = 0;
/* XXX change when SMP comes */
stw_p(&sysib.total_cpus, 1);
stw_p(&sysib.conf_cpus, 1);
stw_p(&sysib.standby_cpus, 0);
stw_p(&sysib.reserved_cpus, 0);
ebcdic_put(sysib.name, "QEMU ", 8);
stl_p(&sysib.caf, 1000);
stw_p(&sysib.dedicated_cpus, 0);
stw_p(&sysib.shared_cpus, 0);
cpu_physical_memory_rw(a0, (uint8_t *)&sysib, sizeof(sysib), 1);
} else {
cc = 3;
}
break;
}
case STSI_LEVEL_3:
{
if ((sel1 == 2) && (sel2 == 2)) {
/* VM CPUs */
struct sysib_322 sysib;
memset(&sysib, 0, sizeof(sysib));
sysib.count = 1;
/* XXX change when SMP comes */
stw_p(&sysib.vm[0].total_cpus, 1);
stw_p(&sysib.vm[0].conf_cpus, 1);
stw_p(&sysib.vm[0].standby_cpus, 0);
stw_p(&sysib.vm[0].reserved_cpus, 0);
ebcdic_put(sysib.vm[0].name, "KVMguest", 8);
stl_p(&sysib.vm[0].caf, 1000);
ebcdic_put(sysib.vm[0].cpi, "KVM/Linux ", 16);
cpu_physical_memory_rw(a0, (uint8_t *)&sysib, sizeof(sysib), 1);
} else {
cc = 3;
}
break;
}
case STSI_LEVEL_CURRENT:
env->regs[0] = STSI_LEVEL_3;
break;
default:
cc = 3;
break;
}
return cc;
}
static unsigned long sun4m_load_kernel(const char *kernel_filename,
const char *initrd_filename,
ram_addr_t RAM_size)
{
int linux_boot;
unsigned int i;
long initrd_size, kernel_size;
uint8_t *ptr;
linux_boot = (kernel_filename != NULL);
kernel_size = 0;
if (linux_boot) {
int bswap_needed;
#ifdef BSWAP_NEEDED
bswap_needed = 1;
#else
bswap_needed = 0;
#endif
kernel_size = load_elf(kernel_filename, translate_kernel_address, NULL,
NULL, NULL, NULL, 1, ELF_MACHINE, 0);
if (kernel_size < 0)
kernel_size = load_aout(kernel_filename, KERNEL_LOAD_ADDR,
RAM_size - KERNEL_LOAD_ADDR, bswap_needed,
TARGET_PAGE_SIZE);
if (kernel_size < 0)
kernel_size = load_image_targphys(kernel_filename,
KERNEL_LOAD_ADDR,
RAM_size - KERNEL_LOAD_ADDR);
if (kernel_size < 0) {
fprintf(stderr, "qemu: could not load kernel '%s'\n",
kernel_filename);
exit(1);
}
/* load initrd */
initrd_size = 0;
if (initrd_filename) {
initrd_size = load_image_targphys(initrd_filename,
INITRD_LOAD_ADDR,
RAM_size - INITRD_LOAD_ADDR);
if (initrd_size < 0) {
fprintf(stderr, "qemu: could not load initial ram disk '%s'\n",
initrd_filename);
exit(1);
}
}
if (initrd_size > 0) {
for (i = 0; i < 64 * TARGET_PAGE_SIZE; i += TARGET_PAGE_SIZE) {
ptr = rom_ptr(KERNEL_LOAD_ADDR + i);
if (ldl_p(ptr) == 0x48647253) { // HdrS
stl_p(ptr + 16, INITRD_LOAD_ADDR);
stl_p(ptr + 20, initrd_size);
break;
}
}
}
}
return kernel_size;
}
static void riscv_sifive_board_init(MachineState *args)
{
ram_addr_t ram_size = args->ram_size;
const char *cpu_model = args->cpu_model;
const char *kernel_filename = args->kernel_filename;
const char *kernel_cmdline = args->kernel_cmdline;
const char *initrd_filename = args->initrd_filename;
MemoryRegion *system_memory = get_system_memory();
MemoryRegion *main_mem = g_new(MemoryRegion, 1);
RISCVCPU *cpu;
CPURISCVState *env;
int i;
DeviceState *dev = qdev_create(NULL, TYPE_RISCV_SIFIVE_BOARD);
object_property_set_bool(OBJECT(dev), true, "realized", NULL);
/* Make sure the first 3 serial ports are associated with a device. */
for (i = 0; i < 3; i++) {
if (!serial_hds[i]) {
char label[32];
snprintf(label, sizeof(label), "serial%d", i);
serial_hds[i] = qemu_chr_new(label, "null", NULL);
}
}
/* init CPUs */
if (cpu_model == NULL) {
cpu_model = "any";
}
for (i = 0; i < smp_cpus; i++) {
cpu = cpu_riscv_init(cpu_model);
if (cpu == NULL) {
fprintf(stderr, "Unable to find CPU definition\n");
exit(1);
}
env = &cpu->env;
/* Init internal devices */
cpu_riscv_irq_init_cpu(env);
cpu_riscv_clock_init(env);
qemu_register_reset(main_cpu_reset, cpu);
}
cpu = RISCV_CPU(first_cpu);
env = &cpu->env;
/* register system main memory (actual RAM) */
memory_region_init_ram(main_mem, NULL, "riscv_sifive_board.ram", 2147483648ll +
ram_size, &error_fatal);
/* for phys mem size check in page table walk */
env->memsize = ram_size;
vmstate_register_ram_global(main_mem);
memory_region_add_subregion(system_memory, 0x0, main_mem);
if (kernel_filename) {
loaderparams.ram_size = ram_size;
loaderparams.kernel_filename = kernel_filename;
loaderparams.kernel_cmdline = kernel_cmdline;
loaderparams.initrd_filename = initrd_filename;
load_kernel();
}
uint32_t reset_vec[8] = {
0x297 + 0x80000000 - 0x1000, /* reset vector */
0x00028067, /* jump to DRAM_BASE */
0x00000000, /* reserved */
0x0, /* config string pointer */
0, 0, 0, 0 /* trap vector */
};
reset_vec[3] = 0x1000 + sizeof(reset_vec); /* config string pointer */
/* part one of config string - before memory size specified */
const char *config_string1 = "platform {\n"
" vendor ucb;\n"
" arch spike;\n"
"};\n"
"plic { \n"
" interface \"plic\"; \n"
" ndevs 2; \n"
" priority { mem { 0x60000000 0x60000fff; }; }; \n"
" pending { mem { 0x60001000 0x6000107f; }; }; \n"
" 0 { \n"
" 0 { \n"
" m { \n"
" ie { mem { 0x60002000 0x6000207f; }; }; \n"
" ctl { mem { 0x60200000 0x60200007; }; }; \n"
" }; \n"
" s { \n"
" ie { mem { 0x60002080 0x600020ff; }; }; \n"
" ctl { mem { 0x60201000 0x60201007; }; }; \n"
" }; \n"
" }; \n"
" }; \n"
"}; \n"
"rtc {\n"
" addr 0x" "40000000" ";\n"
"};\n"
"uart {\n"
" addr 0x40002000;\n"
"};\n"
"ram {\n"
" 0 {\n"
" addr 0x" "80000000" ";\n"
" size 0x";
/* part two of config string - after memory size specified */
const char *config_string2 = ";\n"
" };\n"
"};\n"
"core {\n"
" 0" " {\n"
" " "0 {\n"
" isa " "rv64imafd" ";\n"
" timecmp 0x" "40000008" ";\n"
" ipi 0x" "40001000" ";\n"
" };\n"
" };\n"
"};\n";
/* build config string with supplied memory size */
uint64_t rsz = ram_size;
char *ramsize_as_hex_str = malloc(17);
sprintf(ramsize_as_hex_str, "%016" PRIx64, rsz);
char *config_string = malloc(strlen(config_string1) +
strlen(ramsize_as_hex_str) +
strlen(config_string2) + 1);
config_string[0] = 0;
strcat(config_string, config_string1);
strcat(config_string, ramsize_as_hex_str);
strcat(config_string, config_string2);
/* copy in the reset vec and configstring */
int q;
for (q = 0; q < sizeof(reset_vec) / sizeof(reset_vec[0]); q++) {
stl_p(memory_region_get_ram_ptr(main_mem) + 0x1000 + q * 4,
reset_vec[q]);
}
int confstrlen = strlen(config_string);
for (q = 0; q < confstrlen; q++) {
stb_p(memory_region_get_ram_ptr(main_mem) + reset_vec[3] + q,
config_string[q]);
}
sifive_uart_create(0x40002000, serial_hds[0]);
/* timer device at 0x40000000, as specified in the config string above */
timer_mm_init(system_memory, 0x40000000, env);
/* TODO: VIRTIO */
}
int load_multiboot(FWCfgState *fw_cfg,
FILE *f,
const char *kernel_filename,
const char *initrd_filename,
const char *kernel_cmdline,
int kernel_file_size,
uint8_t *header)
{
int i, is_multiboot = 0;
uint32_t flags = 0;
uint32_t mh_entry_addr;
uint32_t mh_load_addr;
uint32_t mb_kernel_size;
MultibootState mbs;
uint8_t bootinfo[MBI_SIZE];
uint8_t *mb_bootinfo_data;
uint32_t cmdline_len;
/* Ok, let's see if it is a multiboot image.
The header is 12x32bit long, so the latest entry may be 8192 - 48. */
for (i = 0; i < (8192 - 48); i += 4) {
if (ldl_p(header+i) == 0x1BADB002) {
uint32_t checksum = ldl_p(header+i+8);
flags = ldl_p(header+i+4);
checksum += flags;
checksum += (uint32_t)0x1BADB002;
if (!checksum) {
is_multiboot = 1;
break;
}
}
}
if (!is_multiboot)
return 0; /* no multiboot */
mb_debug("qemu: I believe we found a multiboot image!\n");
memset(bootinfo, 0, sizeof(bootinfo));
memset(&mbs, 0, sizeof(mbs));
if (flags & 0x00000004) { /* MULTIBOOT_HEADER_HAS_VBE */
fprintf(stderr, "qemu: multiboot knows VBE. we don't.\n");
}
if (!(flags & 0x00010000)) { /* MULTIBOOT_HEADER_HAS_ADDR */
uint64_t elf_entry;
uint64_t elf_low, elf_high;
int kernel_size;
fclose(f);
if (((struct elf64_hdr*)header)->e_machine == EM_X86_64) {
fprintf(stderr, "Cannot load x86-64 image, give a 32bit one.\n");
exit(1);
}
kernel_size = load_elf(kernel_filename, NULL, NULL, &elf_entry,
&elf_low, &elf_high, 0, ELF_MACHINE, 0);
if (kernel_size < 0) {
fprintf(stderr, "Error while loading elf kernel\n");
exit(1);
}
mh_load_addr = elf_low;
mb_kernel_size = elf_high - elf_low;
mh_entry_addr = elf_entry;
mbs.mb_buf = g_malloc(mb_kernel_size);
if (rom_copy(mbs.mb_buf, mh_load_addr, mb_kernel_size) != mb_kernel_size) {
fprintf(stderr, "Error while fetching elf kernel from rom\n");
exit(1);
}
mb_debug("qemu: loading multiboot-elf kernel (%#x bytes) with entry %#zx\n",
mb_kernel_size, (size_t)mh_entry_addr);
} else {
/* Valid if mh_flags sets MULTIBOOT_HEADER_HAS_ADDR. */
uint32_t mh_header_addr = ldl_p(header+i+12);
uint32_t mh_load_end_addr = ldl_p(header+i+20);
uint32_t mh_bss_end_addr = ldl_p(header+i+24);
mh_load_addr = ldl_p(header+i+16);
uint32_t mb_kernel_text_offset = i - (mh_header_addr - mh_load_addr);
uint32_t mb_load_size = 0;
mh_entry_addr = ldl_p(header+i+28);
if (mh_load_end_addr) {
mb_kernel_size = mh_bss_end_addr - mh_load_addr;
mb_load_size = mh_load_end_addr - mh_load_addr;
} else {
mb_kernel_size = kernel_file_size - mb_kernel_text_offset;
mb_load_size = mb_kernel_size;
}
/* Valid if mh_flags sets MULTIBOOT_HEADER_HAS_VBE.
uint32_t mh_mode_type = ldl_p(header+i+32);
uint32_t mh_width = ldl_p(header+i+36);
uint32_t mh_height = ldl_p(header+i+40);
uint32_t mh_depth = ldl_p(header+i+44); */
mb_debug("multiboot: mh_header_addr = %#x\n", mh_header_addr);
mb_debug("multiboot: mh_load_addr = %#x\n", mh_load_addr);
mb_debug("multiboot: mh_load_end_addr = %#x\n", mh_load_end_addr);
mb_debug("multiboot: mh_bss_end_addr = %#x\n", mh_bss_end_addr);
mb_debug("qemu: loading multiboot kernel (%#x bytes) at %#x\n",
mb_load_size, mh_load_addr);
mbs.mb_buf = g_malloc(mb_kernel_size);
fseek(f, mb_kernel_text_offset, SEEK_SET);
if (fread(mbs.mb_buf, 1, mb_load_size, f) != mb_load_size) {
fprintf(stderr, "fread() failed\n");
exit(1);
}
memset(mbs.mb_buf + mb_load_size, 0, mb_kernel_size - mb_load_size);
fclose(f);
}
mbs.mb_buf_phys = mh_load_addr;
mbs.mb_buf_size = TARGET_PAGE_ALIGN(mb_kernel_size);
mbs.offset_mbinfo = mbs.mb_buf_size;
/* Calculate space for cmdlines, bootloader name, and mb_mods */
cmdline_len = strlen(kernel_filename) + 1;
cmdline_len += strlen(kernel_cmdline) + 1;
if (initrd_filename) {
const char *r = initrd_filename;
cmdline_len += strlen(r) + 1;
mbs.mb_mods_avail = 1;
while (*(r = get_opt_value(NULL, 0, r))) {
mbs.mb_mods_avail++;
r++;
}
}
mbs.mb_buf_size += cmdline_len;
mbs.mb_buf_size += MB_MOD_SIZE * mbs.mb_mods_avail;
mbs.mb_buf_size += strlen(bootloader_name) + 1;
mbs.mb_buf_size = TARGET_PAGE_ALIGN(mbs.mb_buf_size);
/* enlarge mb_buf to hold cmdlines, bootloader, mb-info structs */
mbs.mb_buf = g_realloc(mbs.mb_buf, mbs.mb_buf_size);
mbs.offset_cmdlines = mbs.offset_mbinfo + mbs.mb_mods_avail * MB_MOD_SIZE;
mbs.offset_bootloader = mbs.offset_cmdlines + cmdline_len;
if (initrd_filename) {
char *next_initrd, not_last;
mbs.offset_mods = mbs.mb_buf_size;
do {
char *next_space;
int mb_mod_length;
uint32_t offs = mbs.mb_buf_size;
next_initrd = (char *)get_opt_value(NULL, 0, initrd_filename);
not_last = *next_initrd;
*next_initrd = '\0';
/* if a space comes after the module filename, treat everything
after that as parameters */
hwaddr c = mb_add_cmdline(&mbs, initrd_filename);
if ((next_space = strchr(initrd_filename, ' ')))
*next_space = '\0';
mb_debug("multiboot loading module: %s\n", initrd_filename);
mb_mod_length = get_image_size(initrd_filename);
if (mb_mod_length < 0) {
fprintf(stderr, "Failed to open file '%s'\n", initrd_filename);
exit(1);
}
mbs.mb_buf_size = TARGET_PAGE_ALIGN(mb_mod_length + mbs.mb_buf_size);
mbs.mb_buf = g_realloc(mbs.mb_buf, mbs.mb_buf_size);
load_image(initrd_filename, (unsigned char *)mbs.mb_buf + offs);
mb_add_mod(&mbs, mbs.mb_buf_phys + offs,
mbs.mb_buf_phys + offs + mb_mod_length, c);
mb_debug("mod_start: %p\nmod_end: %p\n cmdline: "TARGET_FMT_plx"\n",
(char *)mbs.mb_buf + offs,
(char *)mbs.mb_buf + offs + mb_mod_length, c);
initrd_filename = next_initrd+1;
} while (not_last);
}
/* Commandline support */
char kcmdline[strlen(kernel_filename) + strlen(kernel_cmdline) + 2];
snprintf(kcmdline, sizeof(kcmdline), "%s %s",
kernel_filename, kernel_cmdline);
stl_p(bootinfo + MBI_CMDLINE, mb_add_cmdline(&mbs, kcmdline));
stl_p(bootinfo + MBI_BOOTLOADER, mb_add_bootloader(&mbs, bootloader_name));
stl_p(bootinfo + MBI_MODS_ADDR, mbs.mb_buf_phys + mbs.offset_mbinfo);
stl_p(bootinfo + MBI_MODS_COUNT, mbs.mb_mods_count); /* mods_count */
/* the kernel is where we want it to be now */
stl_p(bootinfo + MBI_FLAGS, MULTIBOOT_FLAGS_MEMORY
| MULTIBOOT_FLAGS_BOOT_DEVICE
| MULTIBOOT_FLAGS_CMDLINE
| MULTIBOOT_FLAGS_MODULES
| MULTIBOOT_FLAGS_MMAP
| MULTIBOOT_FLAGS_BOOTLOADER);
stl_p(bootinfo + MBI_BOOT_DEVICE, 0x8000ffff); /* XXX: use the -boot switch? */
stl_p(bootinfo + MBI_MMAP_ADDR, ADDR_E820_MAP);
mb_debug("multiboot: mh_entry_addr = %#x\n", mh_entry_addr);
mb_debug(" mb_buf_phys = "TARGET_FMT_plx"\n", mbs.mb_buf_phys);
mb_debug(" mod_start = "TARGET_FMT_plx"\n", mbs.mb_buf_phys + mbs.offset_mods);
mb_debug(" mb_mods_count = %d\n", mbs.mb_mods_count);
/* save bootinfo off the stack */
mb_bootinfo_data = g_malloc(sizeof(bootinfo));
memcpy(mb_bootinfo_data, bootinfo, sizeof(bootinfo));
/* Pass variables to option rom */
fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ENTRY, mh_entry_addr);
fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ADDR, mh_load_addr);
fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_SIZE, mbs.mb_buf_size);
fw_cfg_add_bytes(fw_cfg, FW_CFG_KERNEL_DATA,
mbs.mb_buf, mbs.mb_buf_size);
fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_ADDR, ADDR_MBI);
fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_SIZE, sizeof(bootinfo));
fw_cfg_add_bytes(fw_cfg, FW_CFG_INITRD_DATA, mb_bootinfo_data,
sizeof(bootinfo));
option_rom[nb_option_roms].name = "multiboot.bin";
option_rom[nb_option_roms].bootindex = 0;
nb_option_roms++;
return 1; /* yes, we are multiboot */
}
static void gen_firmware(uint32_t *p, hwaddr kernel_entry, hwaddr fdt_addr,
bool is_64b)
{
const uint32_t cm_base = 0x16100000;
const uint32_t gic_base = 0x16120000;
const uint32_t cpc_base = 0x16200000;
/* Move CM GCRs */
if (is_64b) {
stl_p(p++, 0x40287803); /* dmfc0 $8, CMGCRBase */
stl_p(p++, 0x00084138); /* dsll $8, $8, 4 */
} else {
stl_p(p++, 0x40087803); /* mfc0 $8, CMGCRBase */
stl_p(p++, 0x00084100); /* sll $8, $8, 4 */
}
stl_p(p++, 0x3c09a000); /* lui $9, 0xa000 */
stl_p(p++, 0x01094025); /* or $8, $9 */
stl_p(p++, 0x3c0a0000 | (cm_base >> 16)); /* lui $10, cm_base >> 16 */
if (is_64b) {
stl_p(p++, 0xfd0a0008); /* sd $10, 0x8($8) */
} else {
stl_p(p++, 0xad0a0008); /* sw $10, 0x8($8) */
}
stl_p(p++, 0x012a4025); /* or $8, $10 */
/* Move & enable GIC GCRs */
stl_p(p++, 0x3c090000 | (gic_base >> 16)); /* lui $9, gic_base >> 16 */
stl_p(p++, 0x35290001); /* ori $9, 0x1 */
if (is_64b) {
stl_p(p++, 0xfd090080); /* sd $9, 0x80($8) */
} else {
stl_p(p++, 0xad090080); /* sw $9, 0x80($8) */
}
/* Move & enable CPC GCRs */
stl_p(p++, 0x3c090000 | (cpc_base >> 16)); /* lui $9, cpc_base >> 16 */
stl_p(p++, 0x35290001); /* ori $9, 0x1 */
if (is_64b) {
stl_p(p++, 0xfd090088); /* sd $9, 0x88($8) */
} else {
stl_p(p++, 0xad090088); /* sw $9, 0x88($8) */
}
/*
* Setup argument registers to follow the UHI boot protocol:
*
* a0/$4 = -2
* a1/$5 = virtual address of FDT
* a2/$6 = 0
* a3/$7 = 0
*/
stl_p(p++, 0x2404fffe); /* li $4, -2 */
/* lui $5, hi(fdt_addr) */
stl_p(p++, 0x3c050000 | ((fdt_addr >> 16) & 0xffff));
if (fdt_addr & 0xffff) { /* ori $5, lo(fdt_addr) */
stl_p(p++, 0x34a50000 | (fdt_addr & 0xffff));
}
stl_p(p++, 0x34060000); /* li $6, 0 */
stl_p(p++, 0x34070000); /* li $7, 0 */
/* Load kernel entry address & jump to it */
/* lui $25, hi(kernel_entry) */
stl_p(p++, 0x3c190000 | ((kernel_entry >> 16) & 0xffff));
/* ori $25, lo(kernel_entry) */
stl_p(p++, 0x37390000 | (kernel_entry & 0xffff));
stl_p(p++, 0x03200009); /* jr $25 */
}
static void virtio_blk_handle_scsi(VirtIOBlockReq *req)
{
struct sg_io_hdr hdr;
int ret;
int status;
int i;
if ((req->dev->vdev.guest_features & (1 << VIRTIO_BLK_F_SCSI)) == 0) {
virtio_blk_req_complete(req, VIRTIO_BLK_S_UNSUPP);
g_free(req);
return;
}
/*
* We require at least one output segment each for the virtio_blk_outhdr
* and the SCSI command block.
*
* We also at least require the virtio_blk_inhdr, the virtio_scsi_inhdr
* and the sense buffer pointer in the input segments.
*/
if (req->elem.out_num < 2 || req->elem.in_num < 3) {
virtio_blk_req_complete(req, VIRTIO_BLK_S_IOERR);
g_free(req);
return;
}
/*
* No support for bidirection commands yet.
*/
if (req->elem.out_num > 2 && req->elem.in_num > 3) {
virtio_blk_req_complete(req, VIRTIO_BLK_S_UNSUPP);
g_free(req);
return;
}
/*
* The scsi inhdr is placed in the second-to-last input segment, just
* before the regular inhdr.
*/
req->scsi = (void *)req->elem.in_sg[req->elem.in_num - 2].iov_base;
memset(&hdr, 0, sizeof(struct sg_io_hdr));
hdr.interface_id = 'S';
hdr.cmd_len = req->elem.out_sg[1].iov_len;
hdr.cmdp = req->elem.out_sg[1].iov_base;
hdr.dxfer_len = 0;
if (req->elem.out_num > 2) {
/*
* If there are more than the minimally required 2 output segments
* there is write payload starting from the third iovec.
*/
hdr.dxfer_direction = SG_DXFER_TO_DEV;
hdr.iovec_count = req->elem.out_num - 2;
for (i = 0; i < hdr.iovec_count; i++)
hdr.dxfer_len += req->elem.out_sg[i + 2].iov_len;
hdr.dxferp = req->elem.out_sg + 2;
} else if (req->elem.in_num > 3) {
/*
* If we have more than 3 input segments the guest wants to actually
* read data.
*/
hdr.dxfer_direction = SG_DXFER_FROM_DEV;
hdr.iovec_count = req->elem.in_num - 3;
for (i = 0; i < hdr.iovec_count; i++)
hdr.dxfer_len += req->elem.in_sg[i].iov_len;
hdr.dxferp = req->elem.in_sg;
} else {
/*
* Some SCSI commands don't actually transfer any data.
*/
hdr.dxfer_direction = SG_DXFER_NONE;
}
hdr.sbp = req->elem.in_sg[req->elem.in_num - 3].iov_base;
hdr.mx_sb_len = req->elem.in_sg[req->elem.in_num - 3].iov_len;
ret = bdrv_ioctl(req->dev->bs, SG_IO, &hdr);
if (ret) {
status = VIRTIO_BLK_S_UNSUPP;
hdr.status = ret;
hdr.resid = hdr.dxfer_len;
} else if (hdr.status) {
status = VIRTIO_BLK_S_IOERR;
} else {
status = VIRTIO_BLK_S_OK;
}
/*
* From SCSI-Generic-HOWTO: "Some lower level drivers (e.g. ide-scsi)
* clear the masked_status field [hence status gets cleared too, see
* block/scsi_ioctl.c] even when a CHECK_CONDITION or COMMAND_TERMINATED
* status has occurred. However they do set DRIVER_SENSE in driver_status
* field. Also a (sb_len_wr > 0) indicates there is a sense buffer.
*/
if (hdr.status == 0 && hdr.sb_len_wr > 0) {
hdr.status = CHECK_CONDITION;
}
stl_p(&req->scsi->errors,
hdr.status | (hdr.msg_status << 8) |
(hdr.host_status << 16) | (hdr.driver_status << 24));
stl_p(&req->scsi->residual, hdr.resid);
stl_p(&req->scsi->sense_len, hdr.sb_len_wr);
stl_p(&req->scsi->data_len, hdr.dxfer_len);
virtio_blk_req_complete(req, status);
g_free(req);
}
static void load_linux(void *fw_cfg,
const char *kernel_filename,
const char *initrd_filename,
const char *kernel_cmdline,
target_phys_addr_t max_ram_size)
{
uint16_t protocol;
int setup_size, kernel_size, initrd_size = 0, cmdline_size;
uint32_t initrd_max;
uint8_t header[8192], *setup, *kernel, *initrd_data;
target_phys_addr_t real_addr, prot_addr, cmdline_addr, initrd_addr = 0;
FILE *f;
char *vmode;
/* Align to 16 bytes as a paranoia measure */
cmdline_size = (strlen(kernel_cmdline)+16) & ~15;
/* load the kernel header */
f = fopen(kernel_filename, "rb");
if (!f || !(kernel_size = get_file_size(f)) ||
fread(header, 1, MIN(ARRAY_SIZE(header), kernel_size), f) !=
MIN(ARRAY_SIZE(header), kernel_size)) {
fprintf(stderr, "qemu: could not load kernel '%s': %s\n",
kernel_filename, strerror(errno));
exit(1);
}
/* kernel protocol version */
#if 0
fprintf(stderr, "header magic: %#x\n", ldl_p(header+0x202));
#endif
if (ldl_p(header+0x202) == 0x53726448)
protocol = lduw_p(header+0x206);
else {
/* This looks like a multiboot kernel. If it is, let's stop
treating it like a Linux kernel. */
if (load_multiboot(fw_cfg, f, kernel_filename, initrd_filename,
kernel_cmdline, kernel_size, header))
return;
protocol = 0;
}
if (protocol < 0x200 || !(header[0x211] & 0x01)) {
/* Low kernel */
real_addr = 0x90000;
cmdline_addr = 0x9a000 - cmdline_size;
prot_addr = 0x10000;
} else if (protocol < 0x202) {
/* High but ancient kernel */
real_addr = 0x90000;
cmdline_addr = 0x9a000 - cmdline_size;
prot_addr = 0x100000;
} else {
/* High and recent kernel */
real_addr = 0x10000;
cmdline_addr = 0x20000;
prot_addr = 0x100000;
}
#if 0
fprintf(stderr,
"qemu: real_addr = 0x" TARGET_FMT_plx "\n"
"qemu: cmdline_addr = 0x" TARGET_FMT_plx "\n"
"qemu: prot_addr = 0x" TARGET_FMT_plx "\n",
real_addr,
cmdline_addr,
prot_addr);
#endif
/* highest address for loading the initrd */
if (protocol >= 0x203)
initrd_max = ldl_p(header+0x22c);
else
initrd_max = 0x37ffffff;
if (initrd_max >= max_ram_size-ACPI_DATA_SIZE)
initrd_max = max_ram_size-ACPI_DATA_SIZE-1;
fw_cfg_add_i32(fw_cfg, FW_CFG_CMDLINE_ADDR, cmdline_addr);
fw_cfg_add_i32(fw_cfg, FW_CFG_CMDLINE_SIZE, strlen(kernel_cmdline)+1);
fw_cfg_add_bytes(fw_cfg, FW_CFG_CMDLINE_DATA,
(uint8_t*)strdup(kernel_cmdline),
strlen(kernel_cmdline)+1);
if (protocol >= 0x202) {
stl_p(header+0x228, cmdline_addr);
} else {
stw_p(header+0x20, 0xA33F);
stw_p(header+0x22, cmdline_addr-real_addr);
}
/* handle vga= parameter */
vmode = strstr(kernel_cmdline, "vga=");
if (vmode) {
unsigned int video_mode;
/* skip "vga=" */
vmode += 4;
if (!strncmp(vmode, "normal", 6)) {
video_mode = 0xffff;
} else if (!strncmp(vmode, "ext", 3)) {
video_mode = 0xfffe;
} else if (!strncmp(vmode, "ask", 3)) {
video_mode = 0xfffd;
} else {
video_mode = strtol(vmode, NULL, 0);
}
stw_p(header+0x1fa, video_mode);
}
/* loader type */
/* High nybble = B reserved for Qemu; low nybble is revision number.
If this code is substantially changed, you may want to consider
incrementing the revision. */
if (protocol >= 0x200)
header[0x210] = 0xB0;
/* heap */
if (protocol >= 0x201) {
header[0x211] |= 0x80; /* CAN_USE_HEAP */
stw_p(header+0x224, cmdline_addr-real_addr-0x200);
}
/* load initrd */
if (initrd_filename) {
if (protocol < 0x200) {
fprintf(stderr, "qemu: linux kernel too old to load a ram disk\n");
exit(1);
}
initrd_size = get_image_size(initrd_filename);
if (initrd_size < 0) {
fprintf(stderr, "qemu: error reading initrd %s\n",
initrd_filename);
exit(1);
}
initrd_addr = (initrd_max-initrd_size) & ~4095;
initrd_data = qemu_malloc(initrd_size);
load_image(initrd_filename, initrd_data);
fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_ADDR, initrd_addr);
fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_SIZE, initrd_size);
fw_cfg_add_bytes(fw_cfg, FW_CFG_INITRD_DATA, initrd_data, initrd_size);
stl_p(header+0x218, initrd_addr);
stl_p(header+0x21c, initrd_size);
}
/* load kernel and setup */
setup_size = header[0x1f1];
if (setup_size == 0)
setup_size = 4;
setup_size = (setup_size+1)*512;
kernel_size -= setup_size;
setup = qemu_malloc(setup_size);
kernel = qemu_malloc(kernel_size);
fseek(f, 0, SEEK_SET);
if (fread(setup, 1, setup_size, f) != setup_size) {
fprintf(stderr, "fread() failed\n");
exit(1);
}
if (fread(kernel, 1, kernel_size, f) != kernel_size) {
fprintf(stderr, "fread() failed\n");
exit(1);
}
fclose(f);
memcpy(setup, header, MIN(sizeof(header), setup_size));
fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ADDR, prot_addr);
fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_SIZE, kernel_size);
fw_cfg_add_bytes(fw_cfg, FW_CFG_KERNEL_DATA, kernel, kernel_size);
fw_cfg_add_i32(fw_cfg, FW_CFG_SETUP_ADDR, real_addr);
fw_cfg_add_i32(fw_cfg, FW_CFG_SETUP_SIZE, setup_size);
fw_cfg_add_bytes(fw_cfg, FW_CFG_SETUP_DATA, setup, setup_size);
option_rom[nb_option_roms] = "linuxboot.bin";
nb_option_roms++;
}
