Archipelago » qemu

/*

 * QEMU System Emulator

 * 

 * Copyright (c) 2003-2007 Fabrice Bellard

 * 

 * Permission is hereby granted, free of charge, to any person obtaining a copy

 * of this software and associated documentation files (the "Software"), to deal

 * in the Software without restriction, including without limitation the rights

 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

 * copies of the Software, and to permit persons to whom the Software is

 * furnished to do so, subject to the following conditions:

 *

 * The above copyright notice and this permission notice shall be included in

 * all copies or substantial portions of the Software.

 *

 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL

 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN

 * THE SOFTWARE.

 */

#include "vl.h"

#include <unistd.h>

#include <fcntl.h>

#include <signal.h>

#include <time.h>

#include <errno.h>

#include <sys/time.h>

#include <zlib.h>

#ifndef _WIN32

#include <sys/times.h>

#include <sys/wait.h>

#include <termios.h>

#include <sys/poll.h>

#include <sys/mman.h>

#include <sys/ioctl.h>

#include <sys/socket.h>

#include <netinet/in.h>

#include <dirent.h>

#include <netdb.h>

#ifdef _BSD

#include <sys/stat.h>

#ifndef __APPLE__

#include <libutil.h>

#endif

#else

#ifndef __sun__

#include <linux/if.h>

#include <linux/if_tun.h>

#include <pty.h>

#include <malloc.h>

#include <linux/rtc.h>

#include <linux/ppdev.h>

#include <linux/parport.h>

#else

#include <sys/stat.h>

#include <sys/ethernet.h>

#include <sys/sockio.h>

#include <arpa/inet.h>

#include <netinet/arp.h>

#include <netinet/in.h>

#include <netinet/in_systm.h>

#include <netinet/ip.h>

#include <netinet/ip_icmp.h> // must come after ip.h

#include <netinet/udp.h>

#include <netinet/tcp.h>

#include <net/if.h>

#include <syslog.h>

#include <stropts.h>

#endif

#endif

#endif

#if defined(CONFIG_SLIRP)

#include "libslirp.h"

#endif

#ifdef _WIN32

#include <malloc.h>

#include <sys/timeb.h>

#include <windows.h>

#define getopt_long_only getopt_long

#define memalign(align, size) malloc(size)

#endif

#include "qemu_socket.h"

#ifdef CONFIG_SDL

#ifdef __APPLE__

#include <SDL/SDL.h>

#endif

#endif /* CONFIG_SDL */

#ifdef CONFIG_COCOA

#undef main

#define main qemu_main

#endif /* CONFIG_COCOA */

#include "disas.h"

#include "exec-all.h"

#define DEFAULT_NETWORK_SCRIPT "/etc/qemu-ifup"

#ifdef __sun__

#define SMBD_COMMAND "/usr/sfw/sbin/smbd"

#else

#define SMBD_COMMAND "/usr/sbin/smbd"

#endif

//#define DEBUG_UNUSED_IOPORT

//#define DEBUG_IOPORT

#define PHYS_RAM_MAX_SIZE (2047 * 1024 * 1024)

#ifdef TARGET_PPC

#define DEFAULT_RAM_SIZE 144

#else

#define DEFAULT_RAM_SIZE 128

#endif

/* in ms */

#define GUI_REFRESH_INTERVAL 30

/* Max number of USB devices that can be specified on the commandline.  */

#define MAX_USB_CMDLINE 8

/* XXX: use a two level table to limit memory usage */

#define MAX_IOPORTS 65536

const char *bios_dir = CONFIG_QEMU_SHAREDIR;

char phys_ram_file[1024];

void *ioport_opaque[MAX_IOPORTS];

IOPortReadFunc *ioport_read_table[3][MAX_IOPORTS];

IOPortWriteFunc *ioport_write_table[3][MAX_IOPORTS];

/* Note: bs_table[MAX_DISKS] is a dummy block driver if none available

   to store the VM snapshots */

BlockDriverState *bs_table[MAX_DISKS + 1], *fd_table[MAX_FD];

BlockDriverState *pflash_table[MAX_PFLASH];

BlockDriverState *sd_bdrv;

BlockDriverState *mtd_bdrv;

/* point to the block driver where the snapshots are managed */

BlockDriverState *bs_snapshots;

int vga_ram_size;

static DisplayState display_state;

int nographic;

const char* keyboard_layout = NULL;

int64_t ticks_per_sec;

int boot_device = 'c';

int ram_size;

int pit_min_timer_count = 0;

int nb_nics;

NICInfo nd_table[MAX_NICS];

QEMUTimer *gui_timer;

int vm_running;

int rtc_utc = 1;

int cirrus_vga_enabled = 1;

int vmsvga_enabled = 0;

#ifdef TARGET_SPARC

int graphic_width = 1024;

int graphic_height = 768;

int graphic_depth = 8;

#else

int graphic_width = 800;

int graphic_height = 600;

int graphic_depth = 15;

#endif

int full_screen = 0;

int no_frame = 0;

int no_quit = 0;

CharDriverState *serial_hds[MAX_SERIAL_PORTS];

CharDriverState *parallel_hds[MAX_PARALLEL_PORTS];

#ifdef TARGET_I386

int win2k_install_hack = 0;

#endif

int usb_enabled = 0;

static VLANState *first_vlan;

int smp_cpus = 1;

const char *vnc_display;

#if defined(TARGET_SPARC)

#define MAX_CPUS 16

#elif defined(TARGET_I386)

#define MAX_CPUS 255

#else

#define MAX_CPUS 1

#endif

int acpi_enabled = 1;

int fd_bootchk = 1;

int no_reboot = 0;

int cursor_hide = 1;

int graphic_rotate = 0;

int daemonize = 0;

const char *option_rom[MAX_OPTION_ROMS];

int nb_option_roms;

int semihosting_enabled = 0;

int autostart = 1;

const char *qemu_name;

#ifdef TARGET_SPARC

unsigned int nb_prom_envs = 0;

const char *prom_envs[MAX_PROM_ENVS];

#endif

/***********************************************************/

/* x86 ISA bus support */

target_phys_addr_t isa_mem_base = 0;

PicState2 *isa_pic;

uint32_t default_ioport_readb(void *opaque, uint32_t address)

{

#ifdef DEBUG_UNUSED_IOPORT

    fprintf(stderr, "unused inb: port=0x%04x\n", address);

#endif

    return 0xff;

}

void default_ioport_writeb(void *opaque, uint32_t address, uint32_t data)

{

#ifdef DEBUG_UNUSED_IOPORT

    fprintf(stderr, "unused outb: port=0x%04x data=0x%02x\n", address, data);

#endif

}

/* default is to make two byte accesses */

uint32_t default_ioport_readw(void *opaque, uint32_t address)

{

    uint32_t data;

    data = ioport_read_table[0][address](ioport_opaque[address], address);

    address = (address + 1) & (MAX_IOPORTS - 1);

    data |= ioport_read_table[0][address](ioport_opaque[address], address) << 8;

    return data;

}

void default_ioport_writew(void *opaque, uint32_t address, uint32_t data)

{

    ioport_write_table[0][address](ioport_opaque[address], address, data & 0xff);

    address = (address + 1) & (MAX_IOPORTS - 1);

    ioport_write_table[0][address](ioport_opaque[address], address, (data >> 8) & 0xff);

}

uint32_t default_ioport_readl(void *opaque, uint32_t address)

{

#ifdef DEBUG_UNUSED_IOPORT

    fprintf(stderr, "unused inl: port=0x%04x\n", address);

#endif

    return 0xffffffff;

}

void default_ioport_writel(void *opaque, uint32_t address, uint32_t data)

{

#ifdef DEBUG_UNUSED_IOPORT

    fprintf(stderr, "unused outl: port=0x%04x data=0x%02x\n", address, data);

#endif

}

void init_ioports(void)

{

    int i;

    for(i = 0; i < MAX_IOPORTS; i++) {

        ioport_read_table[0][i] = default_ioport_readb;

        ioport_write_table[0][i] = default_ioport_writeb;

        ioport_read_table[1][i] = default_ioport_readw;

        ioport_write_table[1][i] = default_ioport_writew;

        ioport_read_table[2][i] = default_ioport_readl;

        ioport_write_table[2][i] = default_ioport_writel;

    }

}

/* size is the word size in byte */

int register_ioport_read(int start, int length, int size, 

                         IOPortReadFunc *func, void *opaque)

{

    int i, bsize;

    if (size == 1) {

        bsize = 0;

    } else if (size == 2) {

        bsize = 1;

    } else if (size == 4) {

        bsize = 2;

    } else {

        hw_error("register_ioport_read: invalid size");

        return -1;

    }

    for(i = start; i < start + length; i += size) {

        ioport_read_table[bsize][i] = func;

        if (ioport_opaque[i] != NULL && ioport_opaque[i] != opaque)

            hw_error("register_ioport_read: invalid opaque");

        ioport_opaque[i] = opaque;

    }

    return 0;

}

/* size is the word size in byte */

int register_ioport_write(int start, int length, int size, 

                          IOPortWriteFunc *func, void *opaque)

{

    int i, bsize;

    if (size == 1) {

        bsize = 0;

    } else if (size == 2) {

        bsize = 1;

    } else if (size == 4) {

        bsize = 2;

    } else {

        hw_error("register_ioport_write: invalid size");

        return -1;

    }

    for(i = start; i < start + length; i += size) {

        ioport_write_table[bsize][i] = func;

        if (ioport_opaque[i] != NULL && ioport_opaque[i] != opaque)

            hw_error("register_ioport_write: invalid opaque");

        ioport_opaque[i] = opaque;

    }

    return 0;

}

void isa_unassign_ioport(int start, int length)

{

    int i;

    for(i = start; i < start + length; i++) {

        ioport_read_table[0][i] = default_ioport_readb;

        ioport_read_table[1][i] = default_ioport_readw;

        ioport_read_table[2][i] = default_ioport_readl;

        ioport_write_table[0][i] = default_ioport_writeb;

        ioport_write_table[1][i] = default_ioport_writew;

        ioport_write_table[2][i] = default_ioport_writel;

    }

}

/***********************************************************/

void cpu_outb(CPUState *env, int addr, int val)

{

#ifdef DEBUG_IOPORT

    if (loglevel & CPU_LOG_IOPORT)

        fprintf(logfile, "outb: %04x %02x\n", addr, val);

#endif    

    ioport_write_table[0][addr](ioport_opaque[addr], addr, val);

#ifdef USE_KQEMU

    if (env)

        env->last_io_time = cpu_get_time_fast();

#endif

}

void cpu_outw(CPUState *env, int addr, int val)

{

#ifdef DEBUG_IOPORT

    if (loglevel & CPU_LOG_IOPORT)

        fprintf(logfile, "outw: %04x %04x\n", addr, val);

#endif    

    ioport_write_table[1][addr](ioport_opaque[addr], addr, val);

#ifdef USE_KQEMU

    if (env)

        env->last_io_time = cpu_get_time_fast();

#endif

}

void cpu_outl(CPUState *env, int addr, int val)

{

#ifdef DEBUG_IOPORT

    if (loglevel & CPU_LOG_IOPORT)

        fprintf(logfile, "outl: %04x %08x\n", addr, val);

#endif

    ioport_write_table[2][addr](ioport_opaque[addr], addr, val);

#ifdef USE_KQEMU

    if (env)

        env->last_io_time = cpu_get_time_fast();

#endif

}

int cpu_inb(CPUState *env, int addr)

{

    int val;

    val = ioport_read_table[0][addr](ioport_opaque[addr], addr);

#ifdef DEBUG_IOPORT

    if (loglevel & CPU_LOG_IOPORT)

        fprintf(logfile, "inb : %04x %02x\n", addr, val);

#endif

#ifdef USE_KQEMU

    if (env)

        env->last_io_time = cpu_get_time_fast();

#endif

    return val;

}

int cpu_inw(CPUState *env, int addr)

{

    int val;

    val = ioport_read_table[1][addr](ioport_opaque[addr], addr);

#ifdef DEBUG_IOPORT

    if (loglevel & CPU_LOG_IOPORT)

        fprintf(logfile, "inw : %04x %04x\n", addr, val);

#endif

#ifdef USE_KQEMU

    if (env)

        env->last_io_time = cpu_get_time_fast();

#endif

    return val;

}

int cpu_inl(CPUState *env, int addr)

{

    int val;

    val = ioport_read_table[2][addr](ioport_opaque[addr], addr);

#ifdef DEBUG_IOPORT

    if (loglevel & CPU_LOG_IOPORT)

        fprintf(logfile, "inl : %04x %08x\n", addr, val);

#endif

#ifdef USE_KQEMU

    if (env)

        env->last_io_time = cpu_get_time_fast();

#endif

    return val;

}

/***********************************************************/

void hw_error(const char *fmt, ...)

{

    va_list ap;

    CPUState *env;

    va_start(ap, fmt);

    fprintf(stderr, "qemu: hardware error: ");

    vfprintf(stderr, fmt, ap);

    fprintf(stderr, "\n");

    for(env = first_cpu; env != NULL; env = env->next_cpu) {

        fprintf(stderr, "CPU #%d:\n", env->cpu_index);

#ifdef TARGET_I386

        cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU);

#else

        cpu_dump_state(env, stderr, fprintf, 0);

#endif

    }

    va_end(ap);

    abort();

}

/***********************************************************/

/* keyboard/mouse */

static QEMUPutKBDEvent *qemu_put_kbd_event;

static void *qemu_put_kbd_event_opaque;

static QEMUPutMouseEntry *qemu_put_mouse_event_head;

static QEMUPutMouseEntry *qemu_put_mouse_event_current;

void qemu_add_kbd_event_handler(QEMUPutKBDEvent *func, void *opaque)

{

    qemu_put_kbd_event_opaque = opaque;

    qemu_put_kbd_event = func;

}

QEMUPutMouseEntry *qemu_add_mouse_event_handler(QEMUPutMouseEvent *func,

                                                void *opaque, int absolute,

                                                const char *name)

{

    QEMUPutMouseEntry *s, *cursor;

    s = qemu_mallocz(sizeof(QEMUPutMouseEntry));

    if (!s)

        return NULL;

    s->qemu_put_mouse_event = func;

    s->qemu_put_mouse_event_opaque = opaque;

    s->qemu_put_mouse_event_absolute = absolute;

    s->qemu_put_mouse_event_name = qemu_strdup(name);

    s->next = NULL;

    if (!qemu_put_mouse_event_head) {

        qemu_put_mouse_event_head = qemu_put_mouse_event_current = s;

        return s;

    }

    cursor = qemu_put_mouse_event_head;

    while (cursor->next != NULL)

        cursor = cursor->next;

    cursor->next = s;

    qemu_put_mouse_event_current = s;

    return s;

}

void qemu_remove_mouse_event_handler(QEMUPutMouseEntry *entry)

{

    QEMUPutMouseEntry *prev = NULL, *cursor;

    if (!qemu_put_mouse_event_head || entry == NULL)

        return;

    cursor = qemu_put_mouse_event_head;

    while (cursor != NULL && cursor != entry) {

        prev = cursor;

        cursor = cursor->next;

    }

    if (cursor == NULL) // does not exist or list empty

        return;

    else if (prev == NULL) { // entry is head

        qemu_put_mouse_event_head = cursor->next;

        if (qemu_put_mouse_event_current == entry)

            qemu_put_mouse_event_current = cursor->next;

        qemu_free(entry->qemu_put_mouse_event_name);

        qemu_free(entry);

        return;

    }

    prev->next = entry->next;

    if (qemu_put_mouse_event_current == entry)

        qemu_put_mouse_event_current = prev;

    qemu_free(entry->qemu_put_mouse_event_name);

    qemu_free(entry);

}

void kbd_put_keycode(int keycode)

{

    if (qemu_put_kbd_event) {

        qemu_put_kbd_event(qemu_put_kbd_event_opaque, keycode);

    }

}

void kbd_mouse_event(int dx, int dy, int dz, int buttons_state)

{

    QEMUPutMouseEvent *mouse_event;

    void *mouse_event_opaque;

    int width;

    if (!qemu_put_mouse_event_current) {

        return;

    }

    mouse_event =

        qemu_put_mouse_event_current->qemu_put_mouse_event;

    mouse_event_opaque =

        qemu_put_mouse_event_current->qemu_put_mouse_event_opaque;

    if (mouse_event) {

        if (graphic_rotate) {

            if (qemu_put_mouse_event_current->qemu_put_mouse_event_absolute)

                width = 0x7fff;

            else

                width = graphic_width;

            mouse_event(mouse_event_opaque,

                                 width - dy, dx, dz, buttons_state);

        } else

            mouse_event(mouse_event_opaque,

                                 dx, dy, dz, buttons_state);

    }

}

int kbd_mouse_is_absolute(void)

{

    if (!qemu_put_mouse_event_current)

        return 0;

    return qemu_put_mouse_event_current->qemu_put_mouse_event_absolute;

}

void do_info_mice(void)

{

    QEMUPutMouseEntry *cursor;

    int index = 0;

    if (!qemu_put_mouse_event_head) {

        term_printf("No mouse devices connected\n");

        return;

    }

    term_printf("Mouse devices available:\n");

    cursor = qemu_put_mouse_event_head;

    while (cursor != NULL) {

        term_printf("%c Mouse #%d: %s\n",

                    (cursor == qemu_put_mouse_event_current ? '*' : ' '),

                    index, cursor->qemu_put_mouse_event_name);

        index++;

        cursor = cursor->next;

    }

}

void do_mouse_set(int index)

{

    QEMUPutMouseEntry *cursor;

    int i = 0;

    if (!qemu_put_mouse_event_head) {

        term_printf("No mouse devices connected\n");

        return;

    }

    cursor = qemu_put_mouse_event_head;

    while (cursor != NULL && index != i) {

        i++;

        cursor = cursor->next;

    }

    if (cursor != NULL)

        qemu_put_mouse_event_current = cursor;

    else

        term_printf("Mouse at given index not found\n");

}

/* compute with 96 bit intermediate result: (a*b)/c */

uint64_t muldiv64(uint64_t a, uint32_t b, uint32_t c)

{

    union {

        uint64_t ll;

        struct {

#ifdef WORDS_BIGENDIAN

            uint32_t high, low;

#else

            uint32_t low, high;

#endif            

        } l;

    } u, res;

    uint64_t rl, rh;

    u.ll = a;

    rl = (uint64_t)u.l.low * (uint64_t)b;

    rh = (uint64_t)u.l.high * (uint64_t)b;

    rh += (rl >> 32);

    res.l.high = rh / c;

    res.l.low = (((rh % c) << 32) + (rl & 0xffffffff)) / c;

    return res.ll;

}

/***********************************************************/

/* real time host monotonic timer */

#define QEMU_TIMER_BASE 1000000000LL

#ifdef WIN32

static int64_t clock_freq;

static void init_get_clock(void)

{

    LARGE_INTEGER freq;

    int ret;

    ret = QueryPerformanceFrequency(&freq);

    if (ret == 0) {

        fprintf(stderr, "Could not calibrate ticks\n");

        exit(1);

    }

    clock_freq = freq.QuadPart;

}

static int64_t get_clock(void)

{

    LARGE_INTEGER ti;

    QueryPerformanceCounter(&ti);

    return muldiv64(ti.QuadPart, QEMU_TIMER_BASE, clock_freq);

}

#else

static int use_rt_clock;

static void init_get_clock(void)

{

    use_rt_clock = 0;

#if defined(__linux__)

    {

        struct timespec ts;

        if (clock_gettime(CLOCK_MONOTONIC, &ts) == 0) {

            use_rt_clock = 1;

        }

    }

#endif

}

static int64_t get_clock(void)

{

#if defined(__linux__)

    if (use_rt_clock) {

        struct timespec ts;

        clock_gettime(CLOCK_MONOTONIC, &ts);

        return ts.tv_sec * 1000000000LL + ts.tv_nsec;

    } else 

#endif

    {

        /* XXX: using gettimeofday leads to problems if the date

           changes, so it should be avoided. */

        struct timeval tv;

        gettimeofday(&tv, NULL);

        return tv.tv_sec * 1000000000LL + (tv.tv_usec * 1000);

    }

}

#endif

/***********************************************************/

/* guest cycle counter */

static int64_t cpu_ticks_prev;

static int64_t cpu_ticks_offset;

static int64_t cpu_clock_offset;

static int cpu_ticks_enabled;

/* return the host CPU cycle counter and handle stop/restart */

int64_t cpu_get_ticks(void)

{

    if (!cpu_ticks_enabled) {

        return cpu_ticks_offset;

    } else {

        int64_t ticks;

        ticks = cpu_get_real_ticks();

        if (cpu_ticks_prev > ticks) {

            /* Note: non increasing ticks may happen if the host uses

               software suspend */

            cpu_ticks_offset += cpu_ticks_prev - ticks;

        }

        cpu_ticks_prev = ticks;

        return ticks + cpu_ticks_offset;

    }

}

/* return the host CPU monotonic timer and handle stop/restart */

static int64_t cpu_get_clock(void)

{

    int64_t ti;

    if (!cpu_ticks_enabled) {

        return cpu_clock_offset;

    } else {

        ti = get_clock();

        return ti + cpu_clock_offset;

    }

}

/* enable cpu_get_ticks() */

void cpu_enable_ticks(void)

{

    if (!cpu_ticks_enabled) {

        cpu_ticks_offset -= cpu_get_real_ticks();

        cpu_clock_offset -= get_clock();

        cpu_ticks_enabled = 1;

    }

}

/* disable cpu_get_ticks() : the clock is stopped. You must not call

   cpu_get_ticks() after that.  */

void cpu_disable_ticks(void)

{

    if (cpu_ticks_enabled) {

        cpu_ticks_offset = cpu_get_ticks();

        cpu_clock_offset = cpu_get_clock();

        cpu_ticks_enabled = 0;

    }

}

/***********************************************************/

/* timers */

#define QEMU_TIMER_REALTIME 0

#define QEMU_TIMER_VIRTUAL  1

struct QEMUClock {

    int type;

    /* XXX: add frequency */

};

struct QEMUTimer {

    QEMUClock *clock;

    int64_t expire_time;

    QEMUTimerCB *cb;

    void *opaque;

    struct QEMUTimer *next;

};

QEMUClock *rt_clock;

QEMUClock *vm_clock;

static QEMUTimer *active_timers[2];

#ifdef _WIN32

static MMRESULT timerID;

static HANDLE host_alarm = NULL;

static unsigned int period = 1;

#else

/* frequency of the times() clock tick */

static int timer_freq;

#endif

QEMUClock *qemu_new_clock(int type)

{

    QEMUClock *clock;

    clock = qemu_mallocz(sizeof(QEMUClock));

    if (!clock)

        return NULL;

    clock->type = type;

    return clock;

}

QEMUTimer *qemu_new_timer(QEMUClock *clock, QEMUTimerCB *cb, void *opaque)

{

    QEMUTimer *ts;

    ts = qemu_mallocz(sizeof(QEMUTimer));

    ts->clock = clock;

    ts->cb = cb;

    ts->opaque = opaque;

    return ts;

}

void qemu_free_timer(QEMUTimer *ts)

{

    qemu_free(ts);

}

/* stop a timer, but do not dealloc it */

void qemu_del_timer(QEMUTimer *ts)

{

    QEMUTimer **pt, *t;

    /* NOTE: this code must be signal safe because

       qemu_timer_expired() can be called from a signal. */

    pt = &active_timers[ts->clock->type];

    for(;;) {

        t = *pt;

        if (!t)

            break;

        if (t == ts) {

            *pt = t->next;

            break;

        }

        pt = &t->next;

    }

}

/* modify the current timer so that it will be fired when current_time

   >= expire_time. The corresponding callback will be called. */

void qemu_mod_timer(QEMUTimer *ts, int64_t expire_time)

{

    QEMUTimer **pt, *t;

    qemu_del_timer(ts);

    /* add the timer in the sorted list */

    /* NOTE: this code must be signal safe because

       qemu_timer_expired() can be called from a signal. */

    pt = &active_timers[ts->clock->type];

    for(;;) {

        t = *pt;

        if (!t)

            break;

        if (t->expire_time > expire_time) 

            break;

        pt = &t->next;

    }

    ts->expire_time = expire_time;

    ts->next = *pt;

    *pt = ts;

}

int qemu_timer_pending(QEMUTimer *ts)

{

    QEMUTimer *t;

    for(t = active_timers[ts->clock->type]; t != NULL; t = t->next) {

        if (t == ts)

            return 1;

    }

    return 0;

}

static inline int qemu_timer_expired(QEMUTimer *timer_head, int64_t current_time)

{

    if (!timer_head)

        return 0;

    return (timer_head->expire_time <= current_time);

}

static void qemu_run_timers(QEMUTimer **ptimer_head, int64_t current_time)

{

    QEMUTimer *ts;

    for(;;) {

        ts = *ptimer_head;

        if (!ts || ts->expire_time > current_time)

            break;

        /* remove timer from the list before calling the callback */

        *ptimer_head = ts->next;

        ts->next = NULL;

        /* run the callback (the timer list can be modified) */

        ts->cb(ts->opaque);

    }

}

int64_t qemu_get_clock(QEMUClock *clock)

{

    switch(clock->type) {

    case QEMU_TIMER_REALTIME:

        return get_clock() / 1000000;

    default:

    case QEMU_TIMER_VIRTUAL:

        return cpu_get_clock();

    }

}

static void init_timers(void)

{

    init_get_clock();

    ticks_per_sec = QEMU_TIMER_BASE;

    rt_clock = qemu_new_clock(QEMU_TIMER_REALTIME);

    vm_clock = qemu_new_clock(QEMU_TIMER_VIRTUAL);

}

/* save a timer */

void qemu_put_timer(QEMUFile *f, QEMUTimer *ts)

{

    uint64_t expire_time;

    if (qemu_timer_pending(ts)) {

        expire_time = ts->expire_time;

    } else {

        expire_time = -1;

    }

    qemu_put_be64(f, expire_time);

}

void qemu_get_timer(QEMUFile *f, QEMUTimer *ts)

{

    uint64_t expire_time;

    expire_time = qemu_get_be64(f);

    if (expire_time != -1) {

        qemu_mod_timer(ts, expire_time);

    } else {

        qemu_del_timer(ts);

    }

}

static void timer_save(QEMUFile *f, void *opaque)

{

    if (cpu_ticks_enabled) {

        hw_error("cannot save state if virtual timers are running");

    }

    qemu_put_be64s(f, &cpu_ticks_offset);

    qemu_put_be64s(f, &ticks_per_sec);

    qemu_put_be64s(f, &cpu_clock_offset);

}

static int timer_load(QEMUFile *f, void *opaque, int version_id)

{

    if (version_id != 1 && version_id != 2)

        return -EINVAL;

    if (cpu_ticks_enabled) {

        return -EINVAL;

    }

    qemu_get_be64s(f, &cpu_ticks_offset);

    qemu_get_be64s(f, &ticks_per_sec);

    if (version_id == 2) {

        qemu_get_be64s(f, &cpu_clock_offset);

    }

    return 0;

}

#ifdef _WIN32

void CALLBACK host_alarm_handler(UINT uTimerID, UINT uMsg, 

                                 DWORD_PTR dwUser, DWORD_PTR dw1, DWORD_PTR dw2)

#else

static void host_alarm_handler(int host_signum)

#endif

{

#if 0

#define DISP_FREQ 1000

    {

        static int64_t delta_min = INT64_MAX;

        static int64_t delta_max, delta_cum, last_clock, delta, ti;

        static int count;

        ti = qemu_get_clock(vm_clock);

        if (last_clock != 0) {

            delta = ti - last_clock;

            if (delta < delta_min)

                delta_min = delta;

            if (delta > delta_max)

                delta_max = delta;

            delta_cum += delta;

            if (++count == DISP_FREQ) {

                printf("timer: min=%" PRId64 " us max=%" PRId64 " us avg=%" PRId64 " us avg_freq=%0.3f Hz\n",

                       muldiv64(delta_min, 1000000, ticks_per_sec),

                       muldiv64(delta_max, 1000000, ticks_per_sec),

                       muldiv64(delta_cum, 1000000 / DISP_FREQ, ticks_per_sec),

                       (double)ticks_per_sec / ((double)delta_cum / DISP_FREQ));

                count = 0;

                delta_min = INT64_MAX;

                delta_max = 0;

                delta_cum = 0;

            }

        }

        last_clock = ti;

    }

#endif

    if (qemu_timer_expired(active_timers[QEMU_TIMER_VIRTUAL],

                           qemu_get_clock(vm_clock)) ||

        qemu_timer_expired(active_timers[QEMU_TIMER_REALTIME],

                           qemu_get_clock(rt_clock))) {

#ifdef _WIN32

        SetEvent(host_alarm);

#endif

        CPUState *env = cpu_single_env;

        if (env) {

            /* stop the currently executing cpu because a timer occured */

            cpu_interrupt(env, CPU_INTERRUPT_EXIT);

#ifdef USE_KQEMU

            if (env->kqemu_enabled) {

                kqemu_cpu_interrupt(env);

            }

#endif

        }

    }

}

#ifndef _WIN32

#if defined(__linux__)

#define RTC_FREQ 1024

static int rtc_fd;

static int start_rtc_timer(void)

{

    rtc_fd = open("/dev/rtc", O_RDONLY);

    if (rtc_fd < 0)

        return -1;

    if (ioctl(rtc_fd, RTC_IRQP_SET, RTC_FREQ) < 0) {

        fprintf(stderr, "Could not configure '/dev/rtc' to have a 1024 Hz timer. This is not a fatal\n"

                "error, but for better emulation accuracy either use a 2.6 host Linux kernel or\n"

                "type 'echo 1024 > /proc/sys/dev/rtc/max-user-freq' as root.\n");

        goto fail;

    }

    if (ioctl(rtc_fd, RTC_PIE_ON, 0) < 0) {

    fail:

        close(rtc_fd);

        return -1;

    }

    pit_min_timer_count = PIT_FREQ / RTC_FREQ;

    return 0;

}

#else

static int start_rtc_timer(void)

{

    return -1;

}

#endif /* !defined(__linux__) */

#endif /* !defined(_WIN32) */

static void init_timer_alarm(void)

{

#ifdef _WIN32

    {

        int count=0;

        TIMECAPS tc;

        ZeroMemory(&tc, sizeof(TIMECAPS));

        timeGetDevCaps(&tc, sizeof(TIMECAPS));

        if (period < tc.wPeriodMin)

            period = tc.wPeriodMin;

        timeBeginPeriod(period);

        timerID = timeSetEvent(1,     // interval (ms)

                               period,     // resolution

                               host_alarm_handler, // function

                               (DWORD)&count,  // user parameter

                               TIME_PERIODIC | TIME_CALLBACK_FUNCTION);

         if( !timerID ) {

            perror("failed timer alarm");

            exit(1);

         }

        host_alarm = CreateEvent(NULL, FALSE, FALSE, NULL);

        if (!host_alarm) {

            perror("failed CreateEvent");

            exit(1);

        }

        qemu_add_wait_object(host_alarm, NULL, NULL);

    }

    pit_min_timer_count = ((uint64_t)10000 * PIT_FREQ) / 1000000;

#else

    {

        struct sigaction act;

        struct itimerval itv;

        /* get times() syscall frequency */

        timer_freq = sysconf(_SC_CLK_TCK);

        /* timer signal */

        sigfillset(&act.sa_mask);

       act.sa_flags = 0;

#if defined (TARGET_I386) && defined(USE_CODE_COPY)

        act.sa_flags |= SA_ONSTACK;

#endif

        act.sa_handler = host_alarm_handler;

        sigaction(SIGALRM, &act, NULL);

        itv.it_interval.tv_sec = 0;

        itv.it_interval.tv_usec = 999; /* for i386 kernel 2.6 to get 1 ms */

        itv.it_value.tv_sec = 0;

        itv.it_value.tv_usec = 10 * 1000;

        setitimer(ITIMER_REAL, &itv, NULL);

        /* we probe the tick duration of the kernel to inform the user if

           the emulated kernel requested a too high timer frequency */

        getitimer(ITIMER_REAL, &itv);

#if defined(__linux__)

        /* XXX: force /dev/rtc usage because even 2.6 kernels may not

           have timers with 1 ms resolution. The correct solution will

           be to use the POSIX real time timers available in recent

           2.6 kernels */

        if (itv.it_interval.tv_usec > 1000 || 1) {

            /* try to use /dev/rtc to have a faster timer */

            if (start_rtc_timer() < 0)

                goto use_itimer;

            /* disable itimer */

            itv.it_interval.tv_sec = 0;

            itv.it_interval.tv_usec = 0;

            itv.it_value.tv_sec = 0;

            itv.it_value.tv_usec = 0;

            setitimer(ITIMER_REAL, &itv, NULL);

            /* use the RTC */

            sigaction(SIGIO, &act, NULL);

            fcntl(rtc_fd, F_SETFL, O_ASYNC);

            fcntl(rtc_fd, F_SETOWN, getpid());

        } else 

#endif /* defined(__linux__) */

        {

        use_itimer:

            pit_min_timer_count = ((uint64_t)itv.it_interval.tv_usec * 

                                   PIT_FREQ) / 1000000;

        }

    }

#endif

}

void quit_timers(void)

{

#ifdef _WIN32

    timeKillEvent(timerID);

    timeEndPeriod(period);

    if (host_alarm) {

        CloseHandle(host_alarm);

        host_alarm = NULL;

    }

#endif

}

/***********************************************************/

/* character device */

static void qemu_chr_event(CharDriverState *s, int event)

{

    if (!s->chr_event)

        return;

    s->chr_event(s->handler_opaque, event);

}

static void qemu_chr_reset_bh(void *opaque)

{

    CharDriverState *s = opaque;

    qemu_chr_event(s, CHR_EVENT_RESET);

    qemu_bh_delete(s->bh);

    s->bh = NULL;

}

void qemu_chr_reset(CharDriverState *s)

{

    if (s->bh == NULL) {

        s->bh = qemu_bh_new(qemu_chr_reset_bh, s);

        qemu_bh_schedule(s->bh);

    }

}

int qemu_chr_write(CharDriverState *s, const uint8_t *buf, int len)

{

    return s->chr_write(s, buf, len);

}

int qemu_chr_ioctl(CharDriverState *s, int cmd, void *arg)

{

    if (!s->chr_ioctl)

        return -ENOTSUP;

    return s->chr_ioctl(s, cmd, arg);

}

int qemu_chr_can_read(CharDriverState *s)

{

    if (!s->chr_can_read)

        return 0;

    return s->chr_can_read(s->handler_opaque);

}

void qemu_chr_read(CharDriverState *s, uint8_t *buf, int len)

{

    s->chr_read(s->handler_opaque, buf, len);

}

void qemu_chr_printf(CharDriverState *s, const char *fmt, ...)

{

    char buf[4096];

    va_list ap;

    va_start(ap, fmt);

    vsnprintf(buf, sizeof(buf), fmt, ap);

    qemu_chr_write(s, buf, strlen(buf));

    va_end(ap);

}

void qemu_chr_send_event(CharDriverState *s, int event)

{

    if (s->chr_send_event)

        s->chr_send_event(s, event);

}

void qemu_chr_add_handlers(CharDriverState *s, 

                           IOCanRWHandler *fd_can_read, 

                           IOReadHandler *fd_read,

                           IOEventHandler *fd_event,

                           void *opaque)

{

    s->chr_can_read = fd_can_read;

    s->chr_read = fd_read;

    s->chr_event = fd_event;

    s->handler_opaque = opaque;

    if (s->chr_update_read_handler)

        s->chr_update_read_handler(s);

}

static int null_chr_write(CharDriverState *chr, const uint8_t *buf, int len)

{

    return len;

}

static CharDriverState *qemu_chr_open_null(void)

{

    CharDriverState *chr;

    chr = qemu_mallocz(sizeof(CharDriverState));

    if (!chr)

        return NULL;

    chr->chr_write = null_chr_write;

    return chr;

}

/* MUX driver for serial I/O splitting */

static int term_timestamps;

static int64_t term_timestamps_start;

#define MAX_MUX 4

typedef struct {

    IOCanRWHandler *chr_can_read[MAX_MUX];

    IOReadHandler *chr_read[MAX_MUX];

    IOEventHandler *chr_event[MAX_MUX];

    void *ext_opaque[MAX_MUX];

    CharDriverState *drv;

    int mux_cnt;

    int term_got_escape;

    int max_size;

} MuxDriver;

static int mux_chr_write(CharDriverState *chr, const uint8_t *buf, int len)

{

    MuxDriver *d = chr->opaque;

    int ret;

    if (!term_timestamps) {

        ret = d->drv->chr_write(d->drv, buf, len);

    } else {

        int i;

        ret = 0;

        for(i = 0; i < len; i++) {

            ret += d->drv->chr_write(d->drv, buf+i, 1);

            if (buf[i] == '\n') {

                char buf1[64];

                int64_t ti;

                int secs;

                ti = get_clock();

                if (term_timestamps_start == -1)

                    term_timestamps_start = ti;

                ti -= term_timestamps_start;

                secs = ti / 1000000000;

                snprintf(buf1, sizeof(buf1),

                         "[%02d:%02d:%02d.%03d] ",

                         secs / 3600,

                         (secs / 60) % 60,

                         secs % 60,

                         (int)((ti / 1000000) % 1000));

                d->drv->chr_write(d->drv, buf1, strlen(buf1));

            }

        }

    }

    return ret;

}

static char *mux_help[] = {

    "% h    print this help\n\r",

    "% x    exit emulator\n\r",

    "% s    save disk data back to file (if -snapshot)\n\r",

    "% t    toggle console timestamps\n\r"

    "% b    send break (magic sysrq)\n\r",

    "% c    switch between console and monitor\n\r",

    "% %  sends %\n\r",

    NULL

};

static int term_escape_char = 0x01; /* ctrl-a is used for escape */

static void mux_print_help(CharDriverState *chr)

{

    int i, j;

    char ebuf[15] = "Escape-Char";

    char cbuf[50] = "\n\r";

    if (term_escape_char > 0 && term_escape_char < 26) {

        sprintf(cbuf,"\n\r");

        sprintf(ebuf,"C-%c", term_escape_char - 1 + 'a');

    } else {

        sprintf(cbuf,"\n\rEscape-Char set to Ascii: 0x%02x\n\r\n\r", term_escape_char);

    }

    chr->chr_write(chr, cbuf, strlen(cbuf));

    for (i = 0; mux_help[i] != NULL; i++) {

        for (j=0; mux_help[i][j] != '\0'; j++) {

            if (mux_help[i][j] == '%')

                chr->chr_write(chr, ebuf, strlen(ebuf));

            else