qemu/hw/mips/jazz.c

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

459 lines
15 KiB
C
Raw Normal View History

/*
* QEMU MIPS Jazz support
*
* Copyright (c) 2007-2008 Hervé Poussineau
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
#include "qemu/osdep.h"
#include "qemu/datadir.h"
#include "hw/clock.h"
#include "hw/mips/mips.h"
#include "hw/intc/i8259.h"
#include "hw/dma/i8257.h"
#include "hw/char/serial.h"
#include "hw/char/parallel.h"
#include "hw/isa/isa.h"
#include "hw/block/fdc.h"
#include "sysemu/sysemu.h"
#include "hw/boards.h"
#include "net/net.h"
#include "hw/scsi/esp.h"
#include "hw/loader.h"
#include "hw/rtc/mc146818rtc.h"
#include "hw/timer/i8254.h"
#include "hw/display/vga.h"
#include "hw/display/bochs-vbe.h"
#include "hw/audio/pcspk.h"
#include "hw/input/i8042.h"
#include "hw/sysbus.h"
#include "sysemu/qtest.h"
#include "sysemu/reset.h"
#include "qapi/error.h"
#include "qemu/error-report.h"
#include "qemu/help_option.h"
#ifdef CONFIG_TCG
#include "hw/core/tcg-cpu-ops.h"
#endif /* CONFIG_TCG */
#include "cpu.h"
enum jazz_model_e {
JAZZ_MAGNUM,
JAZZ_PICA61,
};
#if TARGET_BIG_ENDIAN
#define BIOS_FILENAME "mips_bios.bin"
#else
#define BIOS_FILENAME "mipsel_bios.bin"
#endif
static void main_cpu_reset(void *opaque)
{
MIPSCPU *cpu = opaque;
cpu_reset(CPU(cpu));
}
static uint64_t rtc_read(void *opaque, hwaddr addr, unsigned size)
{
uint8_t val;
address_space_read(&address_space_memory, 0x90000071,
MEMTXATTRS_UNSPECIFIED, &val, 1);
return val;
}
static void rtc_write(void *opaque, hwaddr addr,
uint64_t val, unsigned size)
{
uint8_t buf = val & 0xff;
address_space_write(&address_space_memory, 0x90000071,
MEMTXATTRS_UNSPECIFIED, &buf, 1);
}
static const MemoryRegionOps rtc_ops = {
.read = rtc_read,
.write = rtc_write,
.endianness = DEVICE_NATIVE_ENDIAN,
};
static uint64_t dma_dummy_read(void *opaque, hwaddr addr,
unsigned size)
{
/*
* Nothing to do. That is only to ensure that
* the current DMA acknowledge cycle is completed.
*/
return 0xff;
}
static void dma_dummy_write(void *opaque, hwaddr addr,
uint64_t val, unsigned size)
{
/*
* Nothing to do. That is only to ensure that
* the current DMA acknowledge cycle is completed.
*/
}
static const MemoryRegionOps dma_dummy_ops = {
.read = dma_dummy_read,
.write = dma_dummy_write,
.endianness = DEVICE_NATIVE_ENDIAN,
};
static void mips_jazz_init_net(NICInfo *nd, IOMMUMemoryRegion *rc4030_dma_mr,
DeviceState *rc4030, MemoryRegion *dp8393x_prom)
{
DeviceState *dev;
SysBusDevice *sysbus;
int checksum, i;
uint8_t *prom;
qemu_check_nic_model(nd, "dp83932");
dev = qdev_new("dp8393x");
qdev_set_nic_properties(dev, nd);
qdev_prop_set_uint8(dev, "it_shift", 2);
qdev_prop_set_bit(dev, "big_endian", TARGET_BIG_ENDIAN);
object_property_set_link(OBJECT(dev), "dma_mr",
OBJECT(rc4030_dma_mr), &error_abort);
sysbus = SYS_BUS_DEVICE(dev);
sysbus_realize_and_unref(sysbus, &error_fatal);
sysbus_mmio_map(sysbus, 0, 0x80001000);
sysbus_connect_irq(sysbus, 0, qdev_get_gpio_in(rc4030, 4));
/* Add MAC address with valid checksum to PROM */
prom = memory_region_get_ram_ptr(dp8393x_prom);
checksum = 0;
for (i = 0; i < 6; i++) {
prom[i] = nd->macaddr.a[i];
checksum += prom[i];
if (checksum > 0xff) {
checksum = (checksum + 1) & 0xff;
}
}
prom[7] = 0xff - checksum;
}
#define BIOS_SIZE (4 * MiB)
#define MAGNUM_BIOS_SIZE_MAX 0x7e000
#define MAGNUM_BIOS_SIZE \
(BIOS_SIZE < MAGNUM_BIOS_SIZE_MAX ? BIOS_SIZE : MAGNUM_BIOS_SIZE_MAX)
#define SONIC_PROM_SIZE 0x1000
static void mips_jazz_init(MachineState *machine,
enum jazz_model_e jazz_model)
{
MemoryRegion *address_space = get_system_memory();
char *filename;
int bios_size, n;
Clock *cpuclk;
MIPSCPU *cpu;
MIPSCPUClass *mcc;
CPUMIPSState *env;
qemu_irq *i8259;
rc4030_dma *dmas;
IOMMUMemoryRegion *rc4030_dma_mr;
MemoryRegion *isa_mem = g_new(MemoryRegion, 1);
MemoryRegion *isa_io = g_new(MemoryRegion, 1);
MemoryRegion *rtc = g_new(MemoryRegion, 1);
MemoryRegion *dma_dummy = g_new(MemoryRegion, 1);
MemoryRegion *dp8393x_prom = g_new(MemoryRegion, 1);
DeviceState *dev, *rc4030;
MMIOKBDState *i8042;
SysBusDevice *sysbus;
ISABus *isa_bus;
ISADevice *pit;
ISADevice *pcspk;
DriveInfo *fds[MAX_FD];
MemoryRegion *bios = g_new(MemoryRegion, 1);
MemoryRegion *bios2 = g_new(MemoryRegion, 1);
SysBusESPState *sysbus_esp;
ESPState *esp;
static const struct {
unsigned freq_hz;
unsigned pll_mult;
} ext_clk[] = {
[JAZZ_MAGNUM] = {50000000, 2},
[JAZZ_PICA61] = {33333333, 4},
};
if (machine->ram_size > 256 * MiB) {
error_report("RAM size more than 256Mb is not supported");
exit(EXIT_FAILURE);
}
cpuclk = clock_new(OBJECT(machine), "cpu-refclk");
clock_set_hz(cpuclk, ext_clk[jazz_model].freq_hz
* ext_clk[jazz_model].pll_mult);
/* init CPUs */
cpu = mips_cpu_create_with_clock(machine->cpu_type, cpuclk);
env = &cpu->env;
qemu_register_reset(main_cpu_reset, cpu);
hw/mips/mips_jazz: Override do_transaction_failed hook The MIPS Jazz ('magnum' and 'pica61') boards have some code which overrides the CPU's do_unassigned_access hook, so they can intercept it and not raise exceptions on data accesses to invalid addresses, only for instruction fetches. We want to switch MIPS over to using the do_transaction_failed hook instead, so add an intercept for that as well, and make the board code install whichever hook the CPU is actually using. Once we've changed the CPU implementation we can remove the redundant code for the old hook. Note: I am suspicious that the behaviour as implemented here may not be what the hardware really does. It was added in commit 54e755588cf1e90f0b14 to restore the behaviour that was broken by commit c658b94f6e8c206c59d. But prior to commit c658b94f6e8c206c59d every MIPS board generated exceptions for instruction access to invalid addresses but not for data accesses; and other boards, notably Malta, were fixed by making all invalid accesses behave as reads-as-zero (see the call to empty_slot_init() in mips_malta_init()). Hardware that raises exceptions for instruction access and not data access seems to me to be an unlikely design, and it's possible that the right way to emulate this is to make the Jazz boards do what we did with Malta (or some variation of that). Nonetheless, since I don't have access to real hardware to test against I have taken the approach of "make QEMU continue to behave the same way it did before this commit". I have updated the comment to correct the parts that are no longer accurate and note that the hardware might behave differently. The test case for the need for the hook-hijacking is in https://bugs.launchpad.net/qemu/+bug/1245924 That BIOS will boot OK either with this overriding of both hooks, or with a simple "global memory region to ignore bad accesses of all types", so it doesn't provide evidence either way, unfortunately. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Hervé Poussineau <hpoussin@reactos.org> Message-Id: <20190802160458.25681-2-peter.maydell@linaro.org>
2019-08-02 19:04:56 +03:00
/*
* Chipset returns 0 in invalid reads and do not raise data exceptions.
* However, we can't simply add a global memory region to catch
hw/mips/mips_jazz: Override do_transaction_failed hook The MIPS Jazz ('magnum' and 'pica61') boards have some code which overrides the CPU's do_unassigned_access hook, so they can intercept it and not raise exceptions on data accesses to invalid addresses, only for instruction fetches. We want to switch MIPS over to using the do_transaction_failed hook instead, so add an intercept for that as well, and make the board code install whichever hook the CPU is actually using. Once we've changed the CPU implementation we can remove the redundant code for the old hook. Note: I am suspicious that the behaviour as implemented here may not be what the hardware really does. It was added in commit 54e755588cf1e90f0b14 to restore the behaviour that was broken by commit c658b94f6e8c206c59d. But prior to commit c658b94f6e8c206c59d every MIPS board generated exceptions for instruction access to invalid addresses but not for data accesses; and other boards, notably Malta, were fixed by making all invalid accesses behave as reads-as-zero (see the call to empty_slot_init() in mips_malta_init()). Hardware that raises exceptions for instruction access and not data access seems to me to be an unlikely design, and it's possible that the right way to emulate this is to make the Jazz boards do what we did with Malta (or some variation of that). Nonetheless, since I don't have access to real hardware to test against I have taken the approach of "make QEMU continue to behave the same way it did before this commit". I have updated the comment to correct the parts that are no longer accurate and note that the hardware might behave differently. The test case for the need for the hook-hijacking is in https://bugs.launchpad.net/qemu/+bug/1245924 That BIOS will boot OK either with this overriding of both hooks, or with a simple "global memory region to ignore bad accesses of all types", so it doesn't provide evidence either way, unfortunately. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Hervé Poussineau <hpoussin@reactos.org> Message-Id: <20190802160458.25681-2-peter.maydell@linaro.org>
2019-08-02 19:04:56 +03:00
* everything, as this would make all accesses including instruction
* accesses be ignored and not raise exceptions.
*
* NOTE: this behaviour of raising exceptions for bad instruction
* fetches but not bad data accesses was added in commit 54e755588cf1e9
* to restore behaviour broken by c658b94f6e8c206, but it is not clear
* whether the real hardware behaves this way. It is possible that
* real hardware ignores bad instruction fetches as well -- if so then
* we could replace this hijacking of CPU methods with a simple global
* memory region that catches all memory accesses, as we do on Malta.
*/
mcc = MIPS_CPU_GET_CLASS(cpu);
mcc->no_data_aborts = true;
/* allocate RAM */
memory_region_add_subregion(address_space, 0, machine->ram);
memory_region_init_rom(bios, NULL, "mips_jazz.bios", MAGNUM_BIOS_SIZE,
Fix bad error handling after memory_region_init_ram() Symptom: $ qemu-system-x86_64 -m 10000000 Unexpected error in ram_block_add() at /work/armbru/qemu/exec.c:1456: upstream-qemu: cannot set up guest memory 'pc.ram': Cannot allocate memory Aborted (core dumped) Root cause: commit ef701d7 screwed up handling of out-of-memory conditions. Before the commit, we report the error and exit(1), in one place, ram_block_add(). The commit lifts the error handling up the call chain some, to three places. Fine. Except it uses &error_abort in these places, changing the behavior from exit(1) to abort(), and thus undoing the work of commit 3922825 "exec: Don't abort when we can't allocate guest memory". The three places are: * memory_region_init_ram() Commit 4994653 (right after commit ef701d7) lifted the error handling further, through memory_region_init_ram(), multiplying the incorrect use of &error_abort. Later on, imitation of existing (bad) code may have created more. * memory_region_init_ram_ptr() The &error_abort is still there. * memory_region_init_rom_device() Doesn't need fixing, because commit 33e0eb5 (soon after commit ef701d7) lifted the error handling further, and in the process changed it from &error_abort to passing it up the call chain. Correct, because the callers are realize() methods. Fix the error handling after memory_region_init_ram() with a Coccinelle semantic patch: @r@ expression mr, owner, name, size, err; position p; @@ memory_region_init_ram(mr, owner, name, size, ( - &error_abort + &error_fatal | err@p ) ); @script:python@ p << r.p; @@ print "%s:%s:%s" % (p[0].file, p[0].line, p[0].column) When the last argument is &error_abort, it gets replaced by &error_fatal. This is the fix. If the last argument is anything else, its position is reported. This lets us check the fix is complete. Four positions get reported: * ram_backend_memory_alloc() Error is passed up the call chain, ultimately through user_creatable_complete(). As far as I can tell, it's callers all handle the error sanely. * fsl_imx25_realize(), fsl_imx31_realize(), dp8393x_realize() DeviceClass.realize() methods, errors handled sanely further up the call chain. We're good. Test case again behaves: $ qemu-system-x86_64 -m 10000000 qemu-system-x86_64: cannot set up guest memory 'pc.ram': Cannot allocate memory [Exit 1 ] The next commits will repair the rest of commit ef701d7's damage. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <1441983105-26376-3-git-send-email-armbru@redhat.com> Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
2015-09-11 17:51:43 +03:00
&error_fatal);
memory_region_init_alias(bios2, NULL, "mips_jazz.bios", bios,
0, MAGNUM_BIOS_SIZE);
memory_region_add_subregion(address_space, 0x1fc00000LL, bios);
memory_region_add_subregion(address_space, 0xfff00000LL, bios2);
/* load the BIOS image. */
filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, machine->firmware ?: BIOS_FILENAME);
if (filename) {
bios_size = load_image_targphys(filename, 0xfff00000LL,
MAGNUM_BIOS_SIZE);
g_free(filename);
} else {
bios_size = -1;
}
if ((bios_size < 0 || bios_size > MAGNUM_BIOS_SIZE)
&& machine->firmware && !qtest_enabled()) {
error_report("Could not load MIPS bios '%s'", machine->firmware);
exit(1);
}
/* Init CPU internal devices */
cpu_mips_irq_init_cpu(cpu);
cpu_mips_clock_init(cpu);
/* Chipset */
rc4030 = rc4030_init(&dmas, &rc4030_dma_mr);
sysbus = SYS_BUS_DEVICE(rc4030);
sysbus_connect_irq(sysbus, 0, env->irq[6]);
sysbus_connect_irq(sysbus, 1, env->irq[3]);
memory_region_add_subregion(address_space, 0x80000000,
sysbus_mmio_get_region(sysbus, 0));
memory_region_add_subregion(address_space, 0xf0000000,
sysbus_mmio_get_region(sysbus, 1));
memory_region_init_io(dma_dummy, NULL, &dma_dummy_ops,
NULL, "dummy_dma", 0x1000);
memory_region_add_subregion(address_space, 0x8000d000, dma_dummy);
memory_region_init_rom(dp8393x_prom, NULL, "dp8393x-jazz.prom",
SONIC_PROM_SIZE, &error_fatal);
memory_region_add_subregion(address_space, 0x8000b000, dp8393x_prom);
/* ISA bus: IO space at 0x90000000, mem space at 0x91000000 */
memory_region_init(isa_io, NULL, "isa-io", 0x00010000);
memory_region_init(isa_mem, NULL, "isa-mem", 0x01000000);
memory_region_add_subregion(address_space, 0x90000000, isa_io);
memory_region_add_subregion(address_space, 0x91000000, isa_mem);
isa: Clean up error handling around isa_bus_new() We can have at most one ISA bus. If you try to create another one, isa_bus_new() complains to stderr and returns null. isa_bus_new() is called in two contexts, machine's init() and device's realize() methods. Since complaining to stderr is not proper in the latter context, convert isa_bus_new() to Error. Machine's init(): * mips_jazz_init(), called from the init() methods of machines "magnum" and "pica" * mips_r4k_init(), the init() method of machine "mips" * pc_init1() called from the init() methods of non-q35 PC machines * typhoon_init(), called from clipper_init(), the init() method of machine "clipper" These callers always create the first ISA bus, hence isa_bus_new() can't fail. Simply pass &error_abort. Device's realize(): * i82378_realize(), of PCI device "i82378" * ich9_lpc_realize(), of PCI device "ICH9-LPC" * pci_ebus_realize(), of PCI device "ebus" * piix3_realize(), of PCI device "pci-piix3", abstract parent of "PIIX3" and "PIIX3-xen" * piix4_realize(), of PCI device "PIIX4" * vt82c686b_realize(), of PCI device "VT82C686B" Propagate the error. Note that these devices are typically created only by machine init() methods with qdev_init_nofail() or similar. If we screwed up and created an ISA bus before that call, we now give up right away. Before, we'd hobble on, and typically die in isa_bus_irqs(). Similar if someone finds a way to hot-plug one of these critters. Cc: Richard Henderson <rth@twiddle.net> Cc: "Michael S. Tsirkin" <mst@redhat.com> Cc: "Hervé Poussineau" <hpoussin@reactos.org> Cc: Aurelien Jarno <aurelien@aurel32.net> Cc: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Markus Armbruster <armbru@pond.sub.org> Reviewed-by: Marcel Apfelbaum <marcel@redhat.com> Reviewed-by: Hervé Poussineau <hpoussin@reactos.org> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Message-Id: <1450370121-5768-11-git-send-email-armbru@redhat.com>
2015-12-17 19:35:18 +03:00
isa_bus = isa_bus_new(NULL, isa_mem, isa_io, &error_abort);
/* ISA devices */
i8259 = i8259_init(isa_bus, env->irq[4]);
isa_bus_register_input_irqs(isa_bus, i8259);
i8257_dma_init(isa_bus, 0);
pit = i8254_pit_init(isa_bus, 0x40, 0, NULL);
pcspk = isa_new(TYPE_PC_SPEAKER);
object_property_set_link(OBJECT(pcspk), "pit", OBJECT(pit), &error_fatal);
isa_realize_and_unref(pcspk, isa_bus, &error_fatal);
/* Video card */
switch (jazz_model) {
case JAZZ_MAGNUM:
qdev: Convert uses of qdev_create() with Coccinelle This is the transformation explained in the commit before previous. Takes care of just one pattern that needs conversion. More to come in this series. Coccinelle script: @ depends on !(file in "hw/arm/highbank.c")@ expression bus, type_name, dev, expr; @@ - dev = qdev_create(bus, type_name); + dev = qdev_new(type_name); ... when != dev = expr - qdev_init_nofail(dev); + qdev_realize_and_unref(dev, bus, &error_fatal); @@ expression bus, type_name, dev, expr; identifier DOWN; @@ - dev = DOWN(qdev_create(bus, type_name)); + dev = DOWN(qdev_new(type_name)); ... when != dev = expr - qdev_init_nofail(DEVICE(dev)); + qdev_realize_and_unref(DEVICE(dev), bus, &error_fatal); @@ expression bus, type_name, expr; identifier dev; @@ - DeviceState *dev = qdev_create(bus, type_name); + DeviceState *dev = qdev_new(type_name); ... when != dev = expr - qdev_init_nofail(dev); + qdev_realize_and_unref(dev, bus, &error_fatal); @@ expression bus, type_name, dev, expr, errp; symbol true; @@ - dev = qdev_create(bus, type_name); + dev = qdev_new(type_name); ... when != dev = expr - object_property_set_bool(OBJECT(dev), true, "realized", errp); + qdev_realize_and_unref(dev, bus, errp); @@ expression bus, type_name, expr, errp; identifier dev; symbol true; @@ - DeviceState *dev = qdev_create(bus, type_name); + DeviceState *dev = qdev_new(type_name); ... when != dev = expr - object_property_set_bool(OBJECT(dev), true, "realized", errp); + qdev_realize_and_unref(dev, bus, errp); The first rule exempts hw/arm/highbank.c, because it matches along two control flow paths there, with different @type_name. Covered by the next commit's manual conversions. Missing #include "qapi/error.h" added manually. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20200610053247.1583243-10-armbru@redhat.com> [Conflicts in hw/misc/empty_slot.c and hw/sparc/leon3.c resolved]
2020-06-10 08:31:58 +03:00
dev = qdev_new("sysbus-g364");
sysbus = SYS_BUS_DEVICE(dev);
sysbus_realize_and_unref(sysbus, &error_fatal);
sysbus_mmio_map(sysbus, 0, 0x60080000);
sysbus_mmio_map(sysbus, 1, 0x40000000);
sysbus_connect_irq(sysbus, 0, qdev_get_gpio_in(rc4030, 3));
{
/* Simple ROM, so user doesn't have to provide one */
MemoryRegion *rom_mr = g_new(MemoryRegion, 1);
memory_region_init_rom(rom_mr, NULL, "g364fb.rom", 0x80000,
Fix bad error handling after memory_region_init_ram() Symptom: $ qemu-system-x86_64 -m 10000000 Unexpected error in ram_block_add() at /work/armbru/qemu/exec.c:1456: upstream-qemu: cannot set up guest memory 'pc.ram': Cannot allocate memory Aborted (core dumped) Root cause: commit ef701d7 screwed up handling of out-of-memory conditions. Before the commit, we report the error and exit(1), in one place, ram_block_add(). The commit lifts the error handling up the call chain some, to three places. Fine. Except it uses &error_abort in these places, changing the behavior from exit(1) to abort(), and thus undoing the work of commit 3922825 "exec: Don't abort when we can't allocate guest memory". The three places are: * memory_region_init_ram() Commit 4994653 (right after commit ef701d7) lifted the error handling further, through memory_region_init_ram(), multiplying the incorrect use of &error_abort. Later on, imitation of existing (bad) code may have created more. * memory_region_init_ram_ptr() The &error_abort is still there. * memory_region_init_rom_device() Doesn't need fixing, because commit 33e0eb5 (soon after commit ef701d7) lifted the error handling further, and in the process changed it from &error_abort to passing it up the call chain. Correct, because the callers are realize() methods. Fix the error handling after memory_region_init_ram() with a Coccinelle semantic patch: @r@ expression mr, owner, name, size, err; position p; @@ memory_region_init_ram(mr, owner, name, size, ( - &error_abort + &error_fatal | err@p ) ); @script:python@ p << r.p; @@ print "%s:%s:%s" % (p[0].file, p[0].line, p[0].column) When the last argument is &error_abort, it gets replaced by &error_fatal. This is the fix. If the last argument is anything else, its position is reported. This lets us check the fix is complete. Four positions get reported: * ram_backend_memory_alloc() Error is passed up the call chain, ultimately through user_creatable_complete(). As far as I can tell, it's callers all handle the error sanely. * fsl_imx25_realize(), fsl_imx31_realize(), dp8393x_realize() DeviceClass.realize() methods, errors handled sanely further up the call chain. We're good. Test case again behaves: $ qemu-system-x86_64 -m 10000000 qemu-system-x86_64: cannot set up guest memory 'pc.ram': Cannot allocate memory [Exit 1 ] The next commits will repair the rest of commit ef701d7's damage. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <1441983105-26376-3-git-send-email-armbru@redhat.com> Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
2015-09-11 17:51:43 +03:00
&error_fatal);
uint8_t *rom = memory_region_get_ram_ptr(rom_mr);
memory_region_add_subregion(address_space, 0x60000000, rom_mr);
rom[0] = 0x10; /* Mips G364 */
}
break;
case JAZZ_PICA61:
dev = qdev_new(TYPE_VGA_MMIO);
qdev_prop_set_uint8(dev, "it_shift", 0);
sysbus = SYS_BUS_DEVICE(dev);
sysbus_realize_and_unref(sysbus, &error_fatal);
sysbus_mmio_map(sysbus, 0, 0x60000000);
sysbus_mmio_map(sysbus, 1, 0x400a0000);
sysbus_mmio_map(sysbus, 2, VBE_DISPI_LFB_PHYSICAL_ADDRESS);
break;
default:
break;
}
/* Network controller */
if (nb_nics == 1) {
mips_jazz_init_net(&nd_table[0], rc4030_dma_mr, rc4030, dp8393x_prom);
} else if (nb_nics > 1) {
error_report("This machine only supports one NIC");
exit(1);
}
/* SCSI adapter */
dev = qdev_new(TYPE_SYSBUS_ESP);
sysbus_esp = SYSBUS_ESP(dev);
esp = &sysbus_esp->esp;
esp->dma_memory_read = rc4030_dma_read;
esp->dma_memory_write = rc4030_dma_write;
esp->dma_opaque = dmas[0];
sysbus_esp->it_shift = 0;
/* XXX for now until rc4030 has been changed to use DMA enable signal */
esp->dma_enabled = 1;
sysbus = SYS_BUS_DEVICE(dev);
sysbus_realize_and_unref(sysbus, &error_fatal);
sysbus_connect_irq(sysbus, 0, qdev_get_gpio_in(rc4030, 5));
sysbus_mmio_map(sysbus, 0, 0x80002000);
scsi_bus_legacy_handle_cmdline(&esp->bus);
/* Floppy */
for (n = 0; n < MAX_FD; n++) {
fds[n] = drive_get(IF_FLOPPY, 0, n);
}
/* FIXME: we should enable DMA with a custom IsaDma device */
hw/block/fdc-sysbus: Always mark sysbus floppy controllers as not having DMA The sysbus floppy controllers (devices sysbus-fdc and sun-fdtwo) don't support DMA. The core floppy controller code expects this to be indicated by setting FDCtrl::dma_chann to -1. This used to be done in the device instance_init functions sysbus_fdc_initfn() and sun4m_fdc_initfn(), but in commit 1430759ec3e we refactored this code and accidentally lost the setting of dma_chann. For sysbus-fdc this has no ill effects because we were redundantly also setting dma_chann in fdctrl_init_sysbus(), but for sun-fdtwo this means that guests which try to enable DMA on the floppy controller will cause QEMU to crash because FDCtrl::dma is NULL. Set dma_chann to -1 in the common instance init, and remove the redundant code in fdctrl_init_sysbus() that is also setting it. There is a six-year-old FIXME comment in the jazz board code to the effect that in theory it should support doing DMA via a custom DMA controller. If anybody ever chooses to fix that they can do it by adding support for setting both FDCtrl::dma_chann and FDCtrl::dma. (A QOM link property 'dma-controller' on the sysbus device which can be set to an instance of IsaDmaClass is probably the way to go.) Fixes: 1430759ec3 ("hw/block/fdc: Extract SysBus floppy controllers to fdc-sysbus.c") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/958 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Message-Id: <20220505101842.2757905-1-peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-05-05 13:18:42 +03:00
fdctrl_init_sysbus(qdev_get_gpio_in(rc4030, 1), 0x80003000, fds);
/* Real time clock */
mc146818_rtc_init(isa_bus, 1980, NULL);
memory_region_init_io(rtc, NULL, &rtc_ops, NULL, "rtc", 0x1000);
memory_region_add_subregion(address_space, 0x80004000, rtc);
/* Keyboard (i8042) */
i8042 = I8042_MMIO(qdev_new(TYPE_I8042_MMIO));
qdev_prop_set_uint64(DEVICE(i8042), "mask", 1);
qdev_prop_set_uint32(DEVICE(i8042), "size", 0x1000);
sysbus_realize_and_unref(SYS_BUS_DEVICE(i8042), &error_fatal);
qdev_connect_gpio_out(DEVICE(i8042), I8042_KBD_IRQ,
qdev_get_gpio_in(rc4030, 6));
qdev_connect_gpio_out(DEVICE(i8042), I8042_MOUSE_IRQ,
qdev_get_gpio_in(rc4030, 7));
memory_region_add_subregion(address_space, 0x80005000,
sysbus_mmio_get_region(SYS_BUS_DEVICE(i8042),
0));
/* Serial ports */
serial_mm_init(address_space, 0x80006000, 0,
qdev_get_gpio_in(rc4030, 8), 8000000 / 16,
serial_hd(0), DEVICE_NATIVE_ENDIAN);
serial_mm_init(address_space, 0x80007000, 0,
qdev_get_gpio_in(rc4030, 9), 8000000 / 16,
serial_hd(1), DEVICE_NATIVE_ENDIAN);
/* Parallel port */
if (parallel_hds[0])
parallel_mm_init(address_space, 0x80008000, 0,
qdev_get_gpio_in(rc4030, 0), parallel_hds[0]);
/* FIXME: missing Jazz sound at 0x8000c000, rc4030[2] */
/* NVRAM */
qdev: Convert uses of qdev_create() with Coccinelle This is the transformation explained in the commit before previous. Takes care of just one pattern that needs conversion. More to come in this series. Coccinelle script: @ depends on !(file in "hw/arm/highbank.c")@ expression bus, type_name, dev, expr; @@ - dev = qdev_create(bus, type_name); + dev = qdev_new(type_name); ... when != dev = expr - qdev_init_nofail(dev); + qdev_realize_and_unref(dev, bus, &error_fatal); @@ expression bus, type_name, dev, expr; identifier DOWN; @@ - dev = DOWN(qdev_create(bus, type_name)); + dev = DOWN(qdev_new(type_name)); ... when != dev = expr - qdev_init_nofail(DEVICE(dev)); + qdev_realize_and_unref(DEVICE(dev), bus, &error_fatal); @@ expression bus, type_name, expr; identifier dev; @@ - DeviceState *dev = qdev_create(bus, type_name); + DeviceState *dev = qdev_new(type_name); ... when != dev = expr - qdev_init_nofail(dev); + qdev_realize_and_unref(dev, bus, &error_fatal); @@ expression bus, type_name, dev, expr, errp; symbol true; @@ - dev = qdev_create(bus, type_name); + dev = qdev_new(type_name); ... when != dev = expr - object_property_set_bool(OBJECT(dev), true, "realized", errp); + qdev_realize_and_unref(dev, bus, errp); @@ expression bus, type_name, expr, errp; identifier dev; symbol true; @@ - DeviceState *dev = qdev_create(bus, type_name); + DeviceState *dev = qdev_new(type_name); ... when != dev = expr - object_property_set_bool(OBJECT(dev), true, "realized", errp); + qdev_realize_and_unref(dev, bus, errp); The first rule exempts hw/arm/highbank.c, because it matches along two control flow paths there, with different @type_name. Covered by the next commit's manual conversions. Missing #include "qapi/error.h" added manually. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20200610053247.1583243-10-armbru@redhat.com> [Conflicts in hw/misc/empty_slot.c and hw/sparc/leon3.c resolved]
2020-06-10 08:31:58 +03:00
dev = qdev_new("ds1225y");
sysbus = SYS_BUS_DEVICE(dev);
sysbus_realize_and_unref(sysbus, &error_fatal);
sysbus_mmio_map(sysbus, 0, 0x80009000);
/* LED indicator */
sysbus_create_simple("jazz-led", 0x8000f000, NULL);
g_free(dmas);
}
static
void mips_magnum_init(MachineState *machine)
{
mips_jazz_init(machine, JAZZ_MAGNUM);
}
static
void mips_pica61_init(MachineState *machine)
{
mips_jazz_init(machine, JAZZ_PICA61);
}
static void mips_magnum_class_init(ObjectClass *oc, void *data)
{
MachineClass *mc = MACHINE_CLASS(oc);
mc->desc = "MIPS Magnum";
mc->init = mips_magnum_init;
mc->block_default_type = IF_SCSI;
mc->default_cpu_type = MIPS_CPU_TYPE_NAME("R4000");
mc->default_ram_id = "mips_jazz.ram";
}
static const TypeInfo mips_magnum_type = {
.name = MACHINE_TYPE_NAME("magnum"),
.parent = TYPE_MACHINE,
.class_init = mips_magnum_class_init,
};
static void mips_pica61_class_init(ObjectClass *oc, void *data)
{
MachineClass *mc = MACHINE_CLASS(oc);
mc->desc = "Acer Pica 61";
mc->init = mips_pica61_init;
mc->block_default_type = IF_SCSI;
mc->default_cpu_type = MIPS_CPU_TYPE_NAME("R4000");
mc->default_ram_id = "mips_jazz.ram";
}
static const TypeInfo mips_pica61_type = {
.name = MACHINE_TYPE_NAME("pica61"),
.parent = TYPE_MACHINE,
.class_init = mips_pica61_class_init,
};
static void mips_jazz_machine_init(void)
{
type_register_static(&mips_magnum_type);
type_register_static(&mips_pica61_type);
}
type_init(mips_jazz_machine_init)