1/*
2 * Raspberry Pi emulation (c) 2012 Gregory Estrade
3 * Upstreaming code cleanup [including bcm2835_*] (c) 2013 Jan Petrous
4 *
5 * Rasperry Pi 2 emulation Copyright (c) 2015, Microsoft
6 * Written by Andrew Baumann
7 *
8 * Raspberry Pi 3 emulation Copyright (c) 2018 Zoltán Baldaszti
9 * Upstream code cleanup (c) 2018 Pekka Enberg
10 *
11 * This code is licensed under the GNU GPLv2 and later.
12 */
13
14#include "qemu/osdep.h"
15#include "qemu/units.h"
16#include "qapi/error.h"
17#include "cpu.h"
18#include "hw/arm/bcm2836.h"
19#include "qemu/error-report.h"
20#include "hw/boards.h"
21#include "hw/loader.h"
22#include "hw/arm/boot.h"
23#include "sysemu/sysemu.h"
24
25#define SMPBOOT_ADDR 0x300 /* this should leave enough space for ATAGS */
26#define MVBAR_ADDR 0x400 /* secure vectors */
27#define BOARDSETUP_ADDR (MVBAR_ADDR + 0x20) /* board setup code */
28#define FIRMWARE_ADDR_2 0x8000 /* Pi 2 loads kernel.img here by default */
29#define FIRMWARE_ADDR_3 0x80000 /* Pi 3 loads kernel.img here by default */
30#define SPINTABLE_ADDR 0xd8 /* Pi 3 bootloader spintable */
31
32/* Table of Linux board IDs for different Pi versions */
33static const int raspi_boardid[] = {[1] = 0xc42, [2] = 0xc43, [3] = 0xc44};
34
35typedef struct RasPiState {
36 BCM283XState soc;
37 MemoryRegion ram;
38} RasPiState;
39
40static void write_smpboot(ARMCPU *cpu, const struct arm_boot_info *info)
41{
42 static const uint32_t smpboot[] = {
43 0xe1a0e00f, /* mov lr, pc */
44 0xe3a0fe00 + (BOARDSETUP_ADDR >> 4), /* mov pc, BOARDSETUP_ADDR */
45 0xee100fb0, /* mrc p15, 0, r0, c0, c0, 5;get core ID */
46 0xe7e10050, /* ubfx r0, r0, #0, #2 ;extract LSB */
47 0xe59f5014, /* ldr r5, =0x400000CC ;load mbox base */
48 0xe320f001, /* 1: yield */
49 0xe7953200, /* ldr r3, [r5, r0, lsl #4] ;read mbox for our core*/
50 0xe3530000, /* cmp r3, #0 ;spin while zero */
51 0x0afffffb, /* beq 1b */
52 0xe7853200, /* str r3, [r5, r0, lsl #4] ;clear mbox */
53 0xe12fff13, /* bx r3 ;jump to target */
54 0x400000cc, /* (constant: mailbox 3 read/clear base) */
55 };
56
57 /* check that we don't overrun board setup vectors */
58 QEMU_BUILD_BUG_ON(SMPBOOT_ADDR + sizeof(smpboot) > MVBAR_ADDR);
59 /* check that board setup address is correctly relocated */
60 QEMU_BUILD_BUG_ON((BOARDSETUP_ADDR & 0xf) != 0
61 || (BOARDSETUP_ADDR >> 4) >= 0x100);
62
63 rom_add_blob_fixed("raspi_smpboot", smpboot, sizeof(smpboot),
64 info->smp_loader_start);
65}
66
67static void write_smpboot64(ARMCPU *cpu, const struct arm_boot_info *info)
68{
69 /* Unlike the AArch32 version we don't need to call the board setup hook.
70 * The mechanism for doing the spin-table is also entirely different.
71 * We must have four 64-bit fields at absolute addresses
72 * 0xd8, 0xe0, 0xe8, 0xf0 in RAM, which are the flag variables for
73 * our CPUs, and which we must ensure are zero initialized before
74 * the primary CPU goes into the kernel. We put these variables inside
75 * a rom blob, so that the reset for ROM contents zeroes them for us.
76 */
77 static const uint32_t smpboot[] = {
78 0xd2801b05, /* mov x5, 0xd8 */
79 0xd53800a6, /* mrs x6, mpidr_el1 */
80 0x924004c6, /* and x6, x6, #0x3 */
81 0xd503205f, /* spin: wfe */
82 0xf86678a4, /* ldr x4, [x5,x6,lsl #3] */
83 0xb4ffffc4, /* cbz x4, spin */
84 0xd2800000, /* mov x0, #0x0 */
85 0xd2800001, /* mov x1, #0x0 */
86 0xd2800002, /* mov x2, #0x0 */
87 0xd2800003, /* mov x3, #0x0 */
88 0xd61f0080, /* br x4 */
89 };
90
91 static const uint64_t spintables[] = {
92 0, 0, 0, 0
93 };
94
95 rom_add_blob_fixed("raspi_smpboot", smpboot, sizeof(smpboot),
96 info->smp_loader_start);
97 rom_add_blob_fixed("raspi_spintables", spintables, sizeof(spintables),
98 SPINTABLE_ADDR);
99}
100
101static void write_board_setup(ARMCPU *cpu, const struct arm_boot_info *info)
102{
103 arm_write_secure_board_setup_dummy_smc(cpu, info, MVBAR_ADDR);
104}
105
106static void reset_secondary(ARMCPU *cpu, const struct arm_boot_info *info)
107{
108 CPUState *cs = CPU(cpu);
109 cpu_set_pc(cs, info->smp_loader_start);
110}
111
112static void setup_boot(MachineState *machine, int version, size_t ram_size)
113{
114 static struct arm_boot_info binfo;
115 int r;
116
117 binfo.board_id = raspi_boardid[version];
118 binfo.ram_size = ram_size;
119 binfo.nb_cpus = machine->smp.cpus;
120
121 if (version <= 2) {
122 /* The rpi1 and 2 require some custom setup code to run in Secure
123 * mode before booting a kernel (to set up the SMC vectors so
124 * that we get a no-op SMC; this is used by Linux to call the
125 * firmware for some cache maintenance operations.
126 * The rpi3 doesn't need this.
127 */
128 binfo.board_setup_addr = BOARDSETUP_ADDR;
129 binfo.write_board_setup = write_board_setup;
130 binfo.secure_board_setup = true;
131 binfo.secure_boot = true;
132 }
133
134 /* Pi2 and Pi3 requires SMP setup */
135 if (version >= 2) {
136 binfo.smp_loader_start = SMPBOOT_ADDR;
137 if (version == 2) {
138 binfo.write_secondary_boot = write_smpboot;
139 } else {
140 binfo.write_secondary_boot = write_smpboot64;
141 }
142 binfo.secondary_cpu_reset_hook = reset_secondary;
143 }
144
145 /* If the user specified a "firmware" image (e.g. UEFI), we bypass
146 * the normal Linux boot process
147 */
148 if (machine->firmware) {
149 hwaddr firmware_addr = version == 3 ? FIRMWARE_ADDR_3 : FIRMWARE_ADDR_2;
150 /* load the firmware image (typically kernel.img) */
151 r = load_image_targphys(machine->firmware, firmware_addr,
152 ram_size - firmware_addr);
153 if (r < 0) {
154 error_report("Failed to load firmware from %s", machine->firmware);
155 exit(1);
156 }
157
158 binfo.entry = firmware_addr;
159 binfo.firmware_loaded = true;
160 }
161
162 arm_load_kernel(ARM_CPU(first_cpu), machine, &binfo);
163}
164
165static void raspi_init(MachineState *machine, int version)
166{
167 RasPiState *s = g_new0(RasPiState, 1);
168 uint32_t vcram_size;
169 DriveInfo *di;
170 BlockBackend *blk;
171 BusState *bus;
172 DeviceState *carddev;
173
174 if (machine->ram_size > 1 * GiB) {
175 error_report("Requested ram size is too large for this machine: "
176 "maximum is 1GB");
177 exit(1);
178 }
179
180 object_initialize_child(OBJECT(machine), "soc", &s->soc, sizeof(s->soc),
181 version == 3 ? TYPE_BCM2837 : TYPE_BCM2836,
182 &error_abort, NULL);
183
184 /* Allocate and map RAM */
185 memory_region_allocate_system_memory(&s->ram, OBJECT(machine), "ram",
186 machine->ram_size);
187 /* FIXME: Remove when we have custom CPU address space support */
188 memory_region_add_subregion_overlap(get_system_memory(), 0, &s->ram, 0);
189
190 /* Setup the SOC */
191 object_property_add_const_link(OBJECT(&s->soc), "ram", OBJECT(&s->ram),
192 &error_abort);
193 object_property_set_int(OBJECT(&s->soc), machine->smp.cpus, "enabled-cpus",
194 &error_abort);
195 int board_rev = version == 3 ? 0xa02082 : 0xa21041;
196 object_property_set_int(OBJECT(&s->soc), board_rev, "board-rev",
197 &error_abort);
198 object_property_set_bool(OBJECT(&s->soc), true, "realized", &error_abort);
199
200 /* Create and plug in the SD cards */
201 di = drive_get_next(IF_SD);
202 blk = di ? blk_by_legacy_dinfo(di) : NULL;
203 bus = qdev_get_child_bus(DEVICE(&s->soc), "sd-bus");
204 if (bus == NULL) {
205 error_report("No SD bus found in SOC object");
206 exit(1);
207 }
208 carddev = qdev_create(bus, TYPE_SD_CARD);
209 qdev_prop_set_drive(carddev, "drive", blk, &error_fatal);
210 object_property_set_bool(OBJECT(carddev), true, "realized", &error_fatal);
211
212 vcram_size = object_property_get_uint(OBJECT(&s->soc), "vcram-size",
213 &error_abort);
214 setup_boot(machine, version, machine->ram_size - vcram_size);
215}
216
217static void raspi2_init(MachineState *machine)
218{
219 raspi_init(machine, 2);
220}
221
222static void raspi2_machine_init(MachineClass *mc)
223{
224 mc->desc = "Raspberry Pi 2";
225 mc->init = raspi2_init;
226 mc->block_default_type = IF_SD;
227 mc->no_parallel = 1;
228 mc->no_floppy = 1;
229 mc->no_cdrom = 1;
230 mc->max_cpus = BCM283X_NCPUS;
231 mc->min_cpus = BCM283X_NCPUS;
232 mc->default_cpus = BCM283X_NCPUS;
233 mc->default_ram_size = 1024 * 1024 * 1024;
234 mc->ignore_memory_transaction_failures = true;
235};
236DEFINE_MACHINE("raspi2", raspi2_machine_init)
237
238#ifdef TARGET_AARCH64
239static void raspi3_init(MachineState *machine)
240{
241 raspi_init(machine, 3);
242}
243
244static void raspi3_machine_init(MachineClass *mc)
245{
246 mc->desc = "Raspberry Pi 3";
247 mc->init = raspi3_init;
248 mc->block_default_type = IF_SD;
249 mc->no_parallel = 1;
250 mc->no_floppy = 1;
251 mc->no_cdrom = 1;
252 mc->max_cpus = BCM283X_NCPUS;
253 mc->min_cpus = BCM283X_NCPUS;
254 mc->default_cpus = BCM283X_NCPUS;
255 mc->default_ram_size = 1024 * 1024 * 1024;
256}
257DEFINE_MACHINE("raspi3", raspi3_machine_init)
258#endif
259