Archipelago » qemu

/*

 * QEMU SPARC iommu emulation

 *

 * Copyright (c) 2003 Fabrice Bellard

 * 

 * Permission is hereby granted, free of charge, to any person obtaining a copy

 * of this software and associated documentation files (the "Software"), to deal

 * in the Software without restriction, including without limitation the rights

 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

 * copies of the Software, and to permit persons to whom the Software is

 * furnished to do so, subject to the following conditions:

 *

 * The above copyright notice and this permission notice shall be included in

 * all copies or substantial portions of the Software.

 *

 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL

 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN

 * THE SOFTWARE.

 */

#include "vl.h"

/* debug iommu */

//#define DEBUG_IOMMU

/* The IOMMU registers occupy three pages in IO space. */

struct iommu_regs {

	/* First page */

	volatile unsigned long control;    /* IOMMU control */

	volatile unsigned long base;       /* Physical base of iopte page table */

	volatile unsigned long _unused1[3];

	volatile unsigned long tlbflush;   /* write only */

	volatile unsigned long pageflush;  /* write only */

	volatile unsigned long _unused2[1017];

	/* Second page */

	volatile unsigned long afsr;       /* Async-fault status register */

	volatile unsigned long afar;       /* Async-fault physical address */

	volatile unsigned long _unused3[2];

	volatile unsigned long sbuscfg0;   /* SBUS configuration registers, per-slot */

	volatile unsigned long sbuscfg1;

	volatile unsigned long sbuscfg2;

	volatile unsigned long sbuscfg3;

	volatile unsigned long mfsr;       /* Memory-fault status register */

	volatile unsigned long mfar;       /* Memory-fault physical address */

	volatile unsigned long _unused4[1014];

	/* Third page */

	volatile unsigned long mid;        /* IOMMU module-id */

};

#define IOMMU_CTRL_IMPL     0xf0000000 /* Implementation */

#define IOMMU_CTRL_VERS     0x0f000000 /* Version */

#define IOMMU_CTRL_RNGE     0x0000001c /* Mapping RANGE */

#define IOMMU_RNGE_16MB     0x00000000 /* 0xff000000 -> 0xffffffff */

#define IOMMU_RNGE_32MB     0x00000004 /* 0xfe000000 -> 0xffffffff */

#define IOMMU_RNGE_64MB     0x00000008 /* 0xfc000000 -> 0xffffffff */

#define IOMMU_RNGE_128MB    0x0000000c /* 0xf8000000 -> 0xffffffff */

#define IOMMU_RNGE_256MB    0x00000010 /* 0xf0000000 -> 0xffffffff */

#define IOMMU_RNGE_512MB    0x00000014 /* 0xe0000000 -> 0xffffffff */

#define IOMMU_RNGE_1GB      0x00000018 /* 0xc0000000 -> 0xffffffff */

#define IOMMU_RNGE_2GB      0x0000001c /* 0x80000000 -> 0xffffffff */

#define IOMMU_CTRL_ENAB     0x00000001 /* IOMMU Enable */

#define IOMMU_AFSR_ERR      0x80000000 /* LE, TO, or BE asserted */

#define IOMMU_AFSR_LE       0x40000000 /* SBUS reports error after transaction */

#define IOMMU_AFSR_TO       0x20000000 /* Write access took more than 12.8 us. */

#define IOMMU_AFSR_BE       0x10000000 /* Write access received error acknowledge */

#define IOMMU_AFSR_SIZE     0x0e000000 /* Size of transaction causing error */

#define IOMMU_AFSR_S        0x01000000 /* Sparc was in supervisor mode */

#define IOMMU_AFSR_RESV     0x00f00000 /* Reserver, forced to 0x8 by hardware */

#define IOMMU_AFSR_ME       0x00080000 /* Multiple errors occurred */

#define IOMMU_AFSR_RD       0x00040000 /* A read operation was in progress */

#define IOMMU_AFSR_FAV      0x00020000 /* IOMMU afar has valid contents */

#define IOMMU_SBCFG_SAB30   0x00010000 /* Phys-address bit 30 when bypass enabled */

#define IOMMU_SBCFG_BA16    0x00000004 /* Slave supports 16 byte bursts */

#define IOMMU_SBCFG_BA8     0x00000002 /* Slave supports 8 byte bursts */

#define IOMMU_SBCFG_BYPASS  0x00000001 /* Bypass IOMMU, treat all addresses

					  produced by this device as pure

					  physical. */

#define IOMMU_MFSR_ERR      0x80000000 /* One or more of PERR1 or PERR0 */

#define IOMMU_MFSR_S        0x01000000 /* Sparc was in supervisor mode */

#define IOMMU_MFSR_CPU      0x00800000 /* CPU transaction caused parity error */

#define IOMMU_MFSR_ME       0x00080000 /* Multiple parity errors occurred */

#define IOMMU_MFSR_PERR     0x00006000 /* high bit indicates parity error occurred

					  on the even word of the access, low bit

					  indicated odd word caused the parity error */

#define IOMMU_MFSR_BM       0x00001000 /* Error occurred while in boot mode */

#define IOMMU_MFSR_C        0x00000800 /* Address causing error was marked cacheable */

#define IOMMU_MFSR_RTYP     0x000000f0 /* Memory request transaction type */

#define IOMMU_MID_SBAE      0x001f0000 /* SBus arbitration enable */

#define IOMMU_MID_SE        0x00100000 /* Enables SCSI/ETHERNET arbitration */

#define IOMMU_MID_SB3       0x00080000 /* Enable SBUS device 3 arbitration */

#define IOMMU_MID_SB2       0x00040000 /* Enable SBUS device 2 arbitration */

#define IOMMU_MID_SB1       0x00020000 /* Enable SBUS device 1 arbitration */

#define IOMMU_MID_SB0       0x00010000 /* Enable SBUS device 0 arbitration */

#define IOMMU_MID_MID       0x0000000f /* Module-id, hardcoded to 0x8 */

/* The format of an iopte in the page tables */

#define IOPTE_PAGE          0x07ffff00 /* Physical page number (PA[30:12]) */

#define IOPTE_CACHE         0x00000080 /* Cached (in vme IOCACHE or Viking/MXCC) */

#define IOPTE_WRITE         0x00000004 /* Writeable */

#define IOPTE_VALID         0x00000002 /* IOPTE is valid */

#define IOPTE_WAZ           0x00000001 /* Write as zeros */

#define PHYS_JJ_IOMMU	0x10000000	/* First page of sun4m IOMMU */

#define PAGE_SHIFT      12

#define PAGE_SIZE       (1 << PAGE_SHIFT)

#define PAGE_MASK	(PAGE_SIZE - 1)

typedef struct IOMMUState {

    uint32_t regs[sizeof(struct iommu_regs)];

} IOMMUState;

static IOMMUState *ps;

static int iommu_io_memory;

static void iommu_reset(IOMMUState *s)

{

}

static uint32_t iommu_mem_readw(void *opaque, target_phys_addr_t addr)

{

    IOMMUState *s = opaque;

    uint32_t saddr;

    saddr = (addr - PHYS_JJ_IOMMU) >> 2;

    switch (saddr) {

    default:

	return s->regs[saddr];

	break;

    }

    return 0;

}

static void iommu_mem_writew(void *opaque, target_phys_addr_t addr, uint32_t val)

{

    IOMMUState *s = opaque;

    uint32_t saddr;

    saddr = (addr - PHYS_JJ_IOMMU) >> 2;

    switch (saddr) {

    default:

	s->regs[saddr] = val;

	break;

    }

}

static CPUReadMemoryFunc *iommu_mem_read[3] = {

    iommu_mem_readw,

    iommu_mem_readw,

    iommu_mem_readw,

};

static CPUWriteMemoryFunc *iommu_mem_write[3] = {

    iommu_mem_writew,

    iommu_mem_writew,

    iommu_mem_writew,

};

uint32_t iommu_translate(uint32_t addr)

{

    uint32_t *iopte = (void *)(ps->regs[1] << 4), pa, iostart;

    switch (ps->regs[0] & IOMMU_CTRL_RNGE) {

    case IOMMU_RNGE_16MB:

	iostart = 0xff000000;

	break;

    case IOMMU_RNGE_32MB:

	iostart = 0xfe000000;

	break;

    case IOMMU_RNGE_64MB:

	iostart = 0xfc000000;

	break;

    case IOMMU_RNGE_128MB:

	iostart = 0xf8000000;

	break;

    case IOMMU_RNGE_256MB:

	iostart = 0xf0000000;

	break;

    case IOMMU_RNGE_512MB:

	iostart = 0xe0000000;

	break;

    case IOMMU_RNGE_1GB:

	iostart = 0xc0000000;

	break;

    default:

    case IOMMU_RNGE_2GB:

	iostart = 0x80000000;

	break;

    }

    iopte += ((addr - iostart) >> PAGE_SHIFT);

    cpu_physical_memory_rw((uint32_t)iopte, (void *) &pa, 4, 0);

    bswap32s(&pa);

    pa = (pa & IOPTE_PAGE) << 4;		/* Loose higher bits of 36 */

    //return pa + PAGE_SIZE;

    return pa + (addr & PAGE_MASK);

}

void iommu_init()

{

    IOMMUState *s;

    s = qemu_mallocz(sizeof(IOMMUState));

    if (!s)

        return;

    iommu_io_memory = cpu_register_io_memory(0, iommu_mem_read, iommu_mem_write, s);

    cpu_register_physical_memory(PHYS_JJ_IOMMU, sizeof(struct iommu_regs),

                                 iommu_io_memory);

    iommu_reset(s);

    ps = s;

}

/*

 * QEMU Lance emulation

 * 

 * Copyright (c) 2003-2004 Fabrice Bellard

 * 

 * Permission is hereby granted, free of charge, to any person obtaining a copy

 * of this software and associated documentation files (the "Software"), to deal

 * in the Software without restriction, including without limitation the rights

 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

 * copies of the Software, and to permit persons to whom the Software is

 * furnished to do so, subject to the following conditions:

 *

 * The above copyright notice and this permission notice shall be included in

 * all copies or substantial portions of the Software.

 *

 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL

 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN

 * THE SOFTWARE.

 */

#include "vl.h"

/* debug LANCE card */

#define DEBUG_LANCE

#define PHYS_JJ_IOMMU	0x10000000	/* First page of sun4m IOMMU */

#define PHYS_JJ_LEDMA   0x78400010      /* ledma, off by 10 from unused SCSI */

#define PHYS_JJ_LE      0x78C00000      /* LANCE, typical sun4m */

#ifndef LANCE_LOG_TX_BUFFERS

#define LANCE_LOG_TX_BUFFERS 4

#define LANCE_LOG_RX_BUFFERS 4

#endif

#define CRC_POLYNOMIAL_BE 0x04c11db7UL  /* Ethernet CRC, big endian */

#define CRC_POLYNOMIAL_LE 0xedb88320UL  /* Ethernet CRC, little endian */

#define LE_CSR0 0

#define LE_CSR1 1

#define LE_CSR2 2

#define LE_CSR3 3

#define LE_MAXREG (LE_CSR3 + 1)

#define LE_RDP  0

#define LE_RAP  1

#define LE_MO_PROM      0x8000  /* Enable promiscuous mode */

#define	LE_C0_ERR	0x8000	/* Error: set if BAB, SQE, MISS or ME is set */

#define	LE_C0_BABL	0x4000	/* BAB:  Babble: tx timeout. */

#define	LE_C0_CERR	0x2000	/* SQE:  Signal quality error */

#define	LE_C0_MISS	0x1000	/* MISS: Missed a packet */

#define	LE_C0_MERR	0x0800	/* ME:   Memory error */

#define	LE_C0_RINT	0x0400	/* Received interrupt */

#define	LE_C0_TINT	0x0200	/* Transmitter Interrupt */

#define	LE_C0_IDON	0x0100	/* IFIN: Init finished. */

#define	LE_C0_INTR	0x0080	/* Interrupt or error */

#define	LE_C0_INEA	0x0040	/* Interrupt enable */

#define	LE_C0_RXON	0x0020	/* Receiver on */

#define	LE_C0_TXON	0x0010	/* Transmitter on */

#define	LE_C0_TDMD	0x0008	/* Transmitter demand */

#define	LE_C0_STOP	0x0004	/* Stop the card */

#define	LE_C0_STRT	0x0002	/* Start the card */

#define	LE_C0_INIT	0x0001	/* Init the card */

#define	LE_C3_BSWP	0x4     /* SWAP */

#define	LE_C3_ACON	0x2	/* ALE Control */

#define	LE_C3_BCON	0x1	/* Byte control */

/* Receive message descriptor 1 */

#define LE_R1_OWN       0x80    /* Who owns the entry */

#define LE_R1_ERR       0x40    /* Error: if FRA, OFL, CRC or BUF is set */

#define LE_R1_FRA       0x20    /* FRA: Frame error */

#define LE_R1_OFL       0x10    /* OFL: Frame overflow */

#define LE_R1_CRC       0x08    /* CRC error */

#define LE_R1_BUF       0x04    /* BUF: Buffer error */

#define LE_R1_SOP       0x02    /* Start of packet */

#define LE_R1_EOP       0x01    /* End of packet */

#define LE_R1_POK       0x03    /* Packet is complete: SOP + EOP */

#define LE_T1_OWN       0x80    /* Lance owns the packet */

#define LE_T1_ERR       0x40    /* Error summary */

#define LE_T1_EMORE     0x10    /* Error: more than one retry needed */

#define LE_T1_EONE      0x08    /* Error: one retry needed */

#define LE_T1_EDEF      0x04    /* Error: deferred */

#define LE_T1_SOP       0x02    /* Start of packet */

#define LE_T1_EOP       0x01    /* End of packet */

#define LE_T1_POK	0x03	/* Packet is complete: SOP + EOP */

#define LE_T3_BUF       0x8000  /* Buffer error */

#define LE_T3_UFL       0x4000  /* Error underflow */

#define LE_T3_LCOL      0x1000  /* Error late collision */

#define LE_T3_CLOS      0x0800  /* Error carrier loss */

#define LE_T3_RTY       0x0400  /* Error retry */

#define LE_T3_TDR       0x03ff  /* Time Domain Reflectometry counter */

#define TX_RING_SIZE			(1 << (LANCE_LOG_TX_BUFFERS))

#define TX_RING_MOD_MASK		(TX_RING_SIZE - 1)

#define TX_RING_LEN_BITS		((LANCE_LOG_TX_BUFFERS) << 29)

#define RX_RING_SIZE			(1 << (LANCE_LOG_RX_BUFFERS))

#define RX_RING_MOD_MASK		(RX_RING_SIZE - 1)

#define RX_RING_LEN_BITS		((LANCE_LOG_RX_BUFFERS) << 29)

#define PKT_BUF_SZ		1544

#define RX_BUFF_SIZE            PKT_BUF_SZ

#define TX_BUFF_SIZE            PKT_BUF_SZ

struct lance_rx_desc {

	unsigned short rmd0;        /* low address of packet */

	unsigned char  rmd1_bits;   /* descriptor bits */

	unsigned char  rmd1_hadr;   /* high address of packet */

	short    length;    	    /* This length is 2s complement (negative)!

				     * Buffer length

				     */

	unsigned short mblength;    /* This is the actual number of bytes received */

};

struct lance_tx_desc {

	unsigned short tmd0;        /* low address of packet */

	unsigned char  tmd1_bits;   /* descriptor bits */

	unsigned char  tmd1_hadr;   /* high address of packet */

	short length;          	    /* Length is 2s complement (negative)! */

	unsigned short misc;

};

/* The LANCE initialization block, described in databook. */

/* On the Sparc, this block should be on a DMA region     */

struct lance_init_block {

	unsigned short mode;		/* Pre-set mode (reg. 15) */

	unsigned char phys_addr[6];     /* Physical ethernet address */

	unsigned filter[2];		/* Multicast filter. */

	/* Receive and transmit ring base, along with extra bits. */

	unsigned short rx_ptr;		/* receive descriptor addr */

	unsigned short rx_len;		/* receive len and high addr */

	unsigned short tx_ptr;		/* transmit descriptor addr */

	unsigned short tx_len;		/* transmit len and high addr */

	/* The Tx and Rx ring entries must aligned on 8-byte boundaries. */

	struct lance_rx_desc brx_ring[RX_RING_SIZE];

	struct lance_tx_desc btx_ring[TX_RING_SIZE];

	char   tx_buf [TX_RING_SIZE][TX_BUFF_SIZE];

	char   pad[2];			/* align rx_buf for copy_and_sum(). */

	char   rx_buf [RX_RING_SIZE][RX_BUFF_SIZE];

};

#define LEDMA_REGS 4

#if 0

/* Structure to describe the current status of DMA registers on the Sparc */

struct sparc_dma_registers {

    uint32_t cond_reg;	/* DMA condition register */

    uint32_t st_addr;	/* Start address of this transfer */

    uint32_t cnt;	/* How many bytes to transfer */

    uint32_t dma_test;	/* DMA test register */

};

#endif

typedef struct LEDMAState {

    uint32_t regs[LEDMA_REGS];

} LEDMAState;

typedef struct LANCEState {

    NetDriverState *nd;

    uint32_t leptr;

    uint16_t addr;

    uint16_t regs[LE_MAXREG];

    uint8_t phys[6]; /* mac address */

    int irq;

    LEDMAState *ledma;

} LANCEState;

static int lance_io_memory;

static unsigned int rxptr, txptr;

static void lance_send(void *opaque);

static void lance_reset(LANCEState *s)

{

    memcpy(s->phys, s->nd->macaddr, 6);

    rxptr = 0;

    txptr = 0;

    s->regs[LE_CSR0] = LE_C0_STOP;

}

static uint32_t lance_mem_readw(void *opaque, target_phys_addr_t addr)

{

    LANCEState *s = opaque;

    uint32_t saddr;

    saddr = addr - PHYS_JJ_LE;

    switch (saddr >> 1) {

    case LE_RDP:

	return s->regs[s->addr];

    case LE_RAP:

	return s->addr;

    default:

	break;

    }

    return 0;

}

static void lance_mem_writew(void *opaque, target_phys_addr_t addr, uint32_t val)

{

    LANCEState *s = opaque;

    uint32_t saddr;

    uint16_t clear, reg;

    saddr = addr - PHYS_JJ_LE;

    switch (saddr >> 1) {

    case LE_RDP:

	switch(s->addr) {

	case LE_CSR0:

	    if (val & LE_C0_STOP) {

		s->regs[LE_CSR0] = LE_C0_STOP;

		break;

	    }

	    reg = s->regs[LE_CSR0];

	    // 1 = clear for some bits

	    reg &= ~(val & 0x7f00);

	    // generated bits

	    reg &= ~(LE_C0_ERR | LE_C0_INTR);

	    if (reg & 0x7100)

		reg |= LE_C0_ERR;

	    if (reg & 0x7f00)

		reg |= LE_C0_INTR;

	    // direct bit

	    reg &= ~LE_C0_INEA;

	    reg |= val & LE_C0_INEA;

	    // exclusive bits

	    if (val & LE_C0_INIT) {

		reg |= LE_C0_IDON | LE_C0_INIT;

		reg &= ~LE_C0_STOP;

	    }

	    else if (val & LE_C0_STRT) {

		reg |= LE_C0_STRT | LE_C0_RXON | LE_C0_TXON;

		reg &= ~LE_C0_STOP;

	    }

	    s->regs[LE_CSR0] = reg;

	    // trigger bits

	    //if (val & LE_C0_TDMD)

	    if ((s->regs[LE_CSR0] & LE_C0_INTR) && (s->regs[LE_CSR0] & LE_C0_INEA))

		pic_set_irq(s->irq, 1);

	    break;

	case LE_CSR1:

	    s->leptr = (s->leptr & 0xffff0000) | (val & 0xffff);

	    s->regs[s->addr] = val;

	    break;

	case LE_CSR2:

	    s->leptr = (s->leptr & 0xffff) | ((val & 0xffff) << 16);

	    s->regs[s->addr] = val;

	    break;

	case LE_CSR3:

	    s->regs[s->addr] = val;

	    break;

	}

	break;

    case LE_RAP:

	if (val < LE_MAXREG)

	    s->addr = val;

	break;

    default:

	break;

    }

    lance_send(s);

}

static CPUReadMemoryFunc *lance_mem_read[3] = {

    lance_mem_readw,

    lance_mem_readw,

    lance_mem_readw,

};

static CPUWriteMemoryFunc *lance_mem_write[3] = {

    lance_mem_writew,

    lance_mem_writew,

    lance_mem_writew,

};

/* return the max buffer size if the LANCE can receive more data */

static int lance_can_receive(void *opaque)

{

    LANCEState *s = opaque;

    void *dmaptr = (void *) (s->leptr + s->ledma->regs[3]);

    struct lance_init_block *ib;

    int i;

    uint16_t temp;

    if ((s->regs[LE_CSR0] & LE_C0_STOP) == LE_C0_STOP)

	return 0;

    ib = (void *) iommu_translate(dmaptr);

    for (i = 0; i < RX_RING_SIZE; i++) {

	cpu_physical_memory_read(&ib->brx_ring[i].rmd1_bits, (void *) &temp, 1);

	temp &= 0xff;

	if (temp == (LE_R1_OWN)) {

#ifdef DEBUG_LANCE

	    fprintf(stderr, "lance: can receive %d\n", RX_BUFF_SIZE);

#endif

	    return RX_BUFF_SIZE;

	}

    }

#ifdef DEBUG_LANCE

    fprintf(stderr, "lance: cannot receive\n");

#endif

    return 0;

}

#define MIN_BUF_SIZE 60

static void lance_receive(void *opaque, const uint8_t *buf, int size)

{

    LANCEState *s = opaque;

    void *dmaptr = (void *) (s->leptr + s->ledma->regs[3]);

    struct lance_init_block *ib;

    unsigned int i, old_rxptr, j;

    uint16_t temp;

    if ((s->regs[LE_CSR0] & LE_C0_STOP) == LE_C0_STOP)

	return;

    ib = (void *) iommu_translate(dmaptr);

    old_rxptr = rxptr;

    for (i = rxptr; i != ((old_rxptr - 1) & RX_RING_MOD_MASK); i = (i + 1) & RX_RING_MOD_MASK) {

	cpu_physical_memory_read(&ib->brx_ring[i].rmd1_bits, (void *) &temp, 1);

	if (temp == (LE_R1_OWN)) {

	    rxptr = (rxptr + 1) & RX_RING_MOD_MASK;

	    temp = size;

	    bswap16s(&temp);

	    cpu_physical_memory_write(&ib->brx_ring[i].mblength, (void *) &temp, 2);

#if 0

	    cpu_physical_memory_write(&ib->rx_buf[i], buf, size);

#else

	    for (j = 0; j < size; j++) {

		cpu_physical_memory_write(((void *)&ib->rx_buf[i]) + j, &buf[j], 1);

	    }

#endif

	    temp = LE_R1_POK;

	    cpu_physical_memory_write(&ib->brx_ring[i].rmd1_bits, (void *) &temp, 1);

	    s->regs[LE_CSR0] |= LE_C0_RINT | LE_C0_INTR;

	    if ((s->regs[LE_CSR0] & LE_C0_INTR) && (s->regs[LE_CSR0] & LE_C0_INEA))

		pic_set_irq(s->irq, 1);

#ifdef DEBUG_LANCE

	    fprintf(stderr, "lance: got packet, len %d\n", size);

#endif

	    return;

	}

    }

}

static void lance_send(void *opaque)

{

    LANCEState *s = opaque;

    void *dmaptr = (void *) (s->leptr + s->ledma->regs[3]);

    struct lance_init_block *ib;

    unsigned int i, old_txptr, j;

    uint16_t temp;

    char pkt_buf[PKT_BUF_SZ];

    if ((s->regs[LE_CSR0] & LE_C0_STOP) == LE_C0_STOP)

	return;

    ib = (void *) iommu_translate(dmaptr);

    old_txptr = txptr;

    for (i = txptr; i != ((old_txptr - 1) & TX_RING_MOD_MASK); i = (i + 1) & TX_RING_MOD_MASK) {

	cpu_physical_memory_read(&ib->btx_ring[i].tmd1_bits, (void *) &temp, 1);

	if (temp == (LE_T1_POK|LE_T1_OWN)) {

	    cpu_physical_memory_read(&ib->btx_ring[i].length, (void *) &temp, 2);

	    bswap16s(&temp);

	    temp = (~temp) + 1;

#if 0

	    cpu_physical_memory_read(&ib->tx_buf[i], pkt_buf, temp);

#else

	    for (j = 0; j < temp; j++) {

		cpu_physical_memory_read(((void *)&ib->tx_buf[i]) + j, &pkt_buf[j], 1);

	    }

#endif

#ifdef DEBUG_LANCE

	    fprintf(stderr, "lance: sending packet, len %d\n", temp);

#endif

	    qemu_send_packet(s->nd, pkt_buf, temp);

	    temp = LE_T1_POK;

	    cpu_physical_memory_write(&ib->btx_ring[i].tmd1_bits, (void *) &temp, 1);

	    txptr = (txptr + 1) & TX_RING_MOD_MASK;

	    s->regs[LE_CSR0] |= LE_C0_TINT | LE_C0_INTR;

	}

    }

}

static int ledma_io_memory;

static uint32_t ledma_mem_readl(void *opaque, target_phys_addr_t addr)

{

    LEDMAState *s = opaque;

    uint32_t saddr;

    saddr = (addr - PHYS_JJ_LEDMA) >> 2;

    if (saddr < LEDMA_REGS)

	return s->regs[saddr];

    else

	return 0;

}

static void ledma_mem_writel(void *opaque, target_phys_addr_t addr, uint32_t val)

{

    LEDMAState *s = opaque;

    uint32_t saddr;

    saddr = (addr - PHYS_JJ_LEDMA) >> 2;

    if (saddr < LEDMA_REGS)

	s->regs[saddr] = val;

}

static CPUReadMemoryFunc *ledma_mem_read[3] = {

    ledma_mem_readl,

    ledma_mem_readl,

    ledma_mem_readl,

};

static CPUWriteMemoryFunc *ledma_mem_write[3] = {

    ledma_mem_writel,

    ledma_mem_writel,

    ledma_mem_writel,

};

void lance_init(NetDriverState *nd, int irq)

{

    LANCEState *s;

    LEDMAState *led;

    s = qemu_mallocz(sizeof(LANCEState));

    if (!s)

        return;

    lance_io_memory = cpu_register_io_memory(0, lance_mem_read, lance_mem_write, s);

    cpu_register_physical_memory(PHYS_JJ_LE, 8,

                                 lance_io_memory);

    led = qemu_mallocz(sizeof(LEDMAState));

    if (!led)

        return;

    ledma_io_memory = cpu_register_io_memory(0, ledma_mem_read, ledma_mem_write, led);

    cpu_register_physical_memory(PHYS_JJ_LEDMA, 16,

                                 ledma_io_memory);

    s->nd = nd;

    s->ledma = led;

    s->irq = irq;

    lance_reset(s);

    qemu_add_read_packet(nd, lance_can_receive, lance_receive, s);

}

/*

 * QEMU M48T08 NVRAM emulation for Sparc platform

 * 

 * Copyright (c) 2003-2004 Jocelyn Mayer

 * 

 * Permission is hereby granted, free of charge, to any person obtaining a copy

 * of this software and associated documentation files (the "Software"), to deal

 * in the Software without restriction, including without limitation the rights

 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

 * copies of the Software, and to permit persons to whom the Software is

 * furnished to do so, subject to the following conditions:

 *

 * The above copyright notice and this permission notice shall be included in

 * all copies or substantial portions of the Software.

 *

 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL

 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN

 * THE SOFTWARE.

 */

#include "vl.h"

#include "m48t08.h"

//#define DEBUG_NVRAM

#if defined(DEBUG_NVRAM)

#define NVRAM_PRINTF(fmt, args...) do { printf(fmt , ##args); } while (0)

#else

#define NVRAM_PRINTF(fmt, args...) do { } while (0)

#endif

#define NVRAM_MAX_MEM 0xfff0

struct m48t08_t {

    /* Hardware parameters */

    int mem_index;

    uint32_t mem_base;

    uint16_t size;

    /* RTC management */

    time_t   time_offset;

    time_t   stop_time;

    /* NVRAM storage */

    uint8_t  lock;

    uint16_t addr;

    uint8_t *buffer;

};

/* Fake timer functions */

/* Generic helpers for BCD */

static inline uint8_t toBCD (uint8_t value)

{

    return (((value / 10) % 10) << 4) | (value % 10);

}

static inline uint8_t fromBCD (uint8_t BCD)

{

    return ((BCD >> 4) * 10) + (BCD & 0x0F);

}

/* RTC management helpers */

static void get_time (m48t08_t *NVRAM, struct tm *tm)

{

    time_t t;

    t = time(NULL) + NVRAM->time_offset;

#ifdef _WIN32

    memcpy(tm,localtime(&t),sizeof(*tm));

#else

    localtime_r (&t, tm) ;

#endif

}

static void set_time (m48t08_t *NVRAM, struct tm *tm)

{

    time_t now, new_time;

    new_time = mktime(tm);

    now = time(NULL);

    NVRAM->time_offset = new_time - now;

}

/* Direct access to NVRAM */

void m48t08_write (m48t08_t *NVRAM, uint32_t val)

{

    struct tm tm;

    int tmp;

    if (NVRAM->addr > NVRAM_MAX_MEM && NVRAM->addr < 0x2000)

	NVRAM_PRINTF("%s: 0x%08x => 0x%08x\n", __func__, NVRAM->addr, val);

    switch (NVRAM->addr) {

    case 0x1FF8:

        /* control */

	NVRAM->buffer[0x1FF8] = (val & ~0xA0) | 0x90;

        break;

    case 0x1FF9:

        /* seconds (BCD) */

	tmp = fromBCD(val & 0x7F);

	if (tmp >= 0 && tmp <= 59) {

	    get_time(NVRAM, &tm);

	    tm.tm_sec = tmp;

	    set_time(NVRAM, &tm);

	}

	if ((val & 0x80) ^ (NVRAM->buffer[0x1FF9] & 0x80)) {

	    if (val & 0x80) {

		NVRAM->stop_time = time(NULL);

	    } else {

		NVRAM->time_offset += NVRAM->stop_time - time(NULL);

		NVRAM->stop_time = 0;

	    }

	}

	NVRAM->buffer[0x1FF9] = val & 0x80;

        break;

    case 0x1FFA:

        /* minutes (BCD) */

	tmp = fromBCD(val & 0x7F);

	if (tmp >= 0 && tmp <= 59) {

	    get_time(NVRAM, &tm);

	    tm.tm_min = tmp;

	    set_time(NVRAM, &tm);

	}

        break;

    case 0x1FFB:

        /* hours (BCD) */

	tmp = fromBCD(val & 0x3F);

	if (tmp >= 0 && tmp <= 23) {

	    get_time(NVRAM, &tm);

	    tm.tm_hour = tmp;

	    set_time(NVRAM, &tm);

	}

        break;

    case 0x1FFC:

        /* day of the week / century */

	tmp = fromBCD(val & 0x07);

	get_time(NVRAM, &tm);

	tm.tm_wday = tmp;

	set_time(NVRAM, &tm);

        NVRAM->buffer[0x1FFC] = val & 0x40;

        break;

    case 0x1FFD:

        /* date */

	tmp = fromBCD(val & 0x1F);

	if (tmp != 0) {

	    get_time(NVRAM, &tm);

	    tm.tm_mday = tmp;

	    set_time(NVRAM, &tm);

	}

        break;

    case 0x1FFE:

        /* month */

	tmp = fromBCD(val & 0x1F);

	if (tmp >= 1 && tmp <= 12) {

	    get_time(NVRAM, &tm);

	    tm.tm_mon = tmp - 1;

	    set_time(NVRAM, &tm);

	}

        break;

    case 0x1FFF:

        /* year */

	tmp = fromBCD(val);

	if (tmp >= 0 && tmp <= 99) {

	    get_time(NVRAM, &tm);

	    tm.tm_year = fromBCD(val);

	    set_time(NVRAM, &tm);

	}

        break;

    default:

        /* Check lock registers state */

        if (NVRAM->addr >= 0x20 && NVRAM->addr <= 0x2F && (NVRAM->lock & 1))

            break;

        if (NVRAM->addr >= 0x30 && NVRAM->addr <= 0x3F && (NVRAM->lock & 2))

            break;

        if (NVRAM->addr < NVRAM_MAX_MEM ||

	    (NVRAM->addr > 0x1FFF && NVRAM->addr < NVRAM->size)) {

            NVRAM->buffer[NVRAM->addr] = val & 0xFF;

	}

        break;

    }

}

uint32_t m48t08_read (m48t08_t *NVRAM)

{

    struct tm tm;

    uint32_t retval = 0xFF;

    switch (NVRAM->addr) {

    case 0x1FF8:

        /* control */

	goto do_read;

    case 0x1FF9:

        /* seconds (BCD) */

        get_time(NVRAM, &tm);

        retval = (NVRAM->buffer[0x1FF9] & 0x80) | toBCD(tm.tm_sec);

        break;

    case 0x1FFA:

        /* minutes (BCD) */

        get_time(NVRAM, &tm);

        retval = toBCD(tm.tm_min);

        break;

    case 0x1FFB:

        /* hours (BCD) */

        get_time(NVRAM, &tm);

        retval = toBCD(tm.tm_hour);

        break;

    case 0x1FFC:

        /* day of the week / century */

        get_time(NVRAM, &tm);

        retval = NVRAM->buffer[0x1FFC] | tm.tm_wday;

        break;

    case 0x1FFD:

        /* date */

        get_time(NVRAM, &tm);

        retval = toBCD(tm.tm_mday);

        break;

    case 0x1FFE:

        /* month */

        get_time(NVRAM, &tm);

        retval = toBCD(tm.tm_mon + 1);

        break;

    case 0x1FFF:

        /* year */

        get_time(NVRAM, &tm);

        retval = toBCD(tm.tm_year);

        break;

    default:

        /* Check lock registers state */

        if (NVRAM->addr >= 0x20 && NVRAM->addr <= 0x2F && (NVRAM->lock & 1))

            break;

        if (NVRAM->addr >= 0x30 && NVRAM->addr <= 0x3F && (NVRAM->lock & 2))

            break;

        if (NVRAM->addr < NVRAM_MAX_MEM ||

	    (NVRAM->addr > 0x1FFF && NVRAM->addr < NVRAM->size)) {

	do_read:

            retval = NVRAM->buffer[NVRAM->addr];

	}

        break;

    }

    if (NVRAM->addr > NVRAM_MAX_MEM + 1 && NVRAM->addr < 0x2000)

	NVRAM_PRINTF("0x%08x <= 0x%08x\n", NVRAM->addr, retval);

    return retval;

}

void m48t08_set_addr (m48t08_t *NVRAM, uint32_t addr)

{

    NVRAM->addr = addr;

}

void m48t08_toggle_lock (m48t08_t *NVRAM, int lock)

{

    NVRAM->lock ^= 1 << lock;

}

static void nvram_writeb (void *opaque, target_phys_addr_t addr, uint32_t value)

{

    m48t08_t *NVRAM = opaque;

    addr -= NVRAM->mem_base;

    if (addr < NVRAM_MAX_MEM)

        NVRAM->buffer[addr] = value;

}

static void nvram_writew (void *opaque, target_phys_addr_t addr, uint32_t value)

{

    m48t08_t *NVRAM = opaque;

    addr -= NVRAM->mem_base;

    if (addr < NVRAM_MAX_MEM) {

        NVRAM->buffer[addr] = value >> 8;

        NVRAM->buffer[addr + 1] = value;

    }

}

static void nvram_writel (void *opaque, target_phys_addr_t addr, uint32_t value)

{

    m48t08_t *NVRAM = opaque;

    addr -= NVRAM->mem_base;

    if (addr < NVRAM_MAX_MEM) {

        NVRAM->buffer[addr] = value >> 24;

        NVRAM->buffer[addr + 1] = value >> 16;

        NVRAM->buffer[addr + 2] = value >> 8;

        NVRAM->buffer[addr + 3] = value;

    }

}

static uint32_t nvram_readb (void *opaque, target_phys_addr_t addr)

{

    m48t08_t *NVRAM = opaque;

    uint32_t retval = 0;

    addr -= NVRAM->mem_base;

    if (addr < NVRAM_MAX_MEM)

        retval = NVRAM->buffer[addr];

    return retval;

}

static uint32_t nvram_readw (void *opaque, target_phys_addr_t addr)

{

    m48t08_t *NVRAM = opaque;

    uint32_t retval = 0;

    addr -= NVRAM->mem_base;

    if (addr < NVRAM_MAX_MEM) {

        retval = NVRAM->buffer[addr] << 8;

        retval |= NVRAM->buffer[addr + 1];

    }

    return retval;

}

static uint32_t nvram_readl (void *opaque, target_phys_addr_t addr)

{

    m48t08_t *NVRAM = opaque;

    uint32_t retval = 0;

    addr -= NVRAM->mem_base;

    if (addr < NVRAM_MAX_MEM) {

        retval = NVRAM->buffer[addr] << 24;

        retval |= NVRAM->buffer[addr + 1] << 16;

        retval |= NVRAM->buffer[addr + 2] << 8;

        retval |= NVRAM->buffer[addr + 3];

    }

    return retval;

}

static CPUWriteMemoryFunc *nvram_write[] = {

    &nvram_writeb,

    &nvram_writew,

    &nvram_writel,

};

static CPUReadMemoryFunc *nvram_read[] = {

    &nvram_readb,

    &nvram_readw,

    &nvram_readl,

};

/* Initialisation routine */

m48t08_t *m48t08_init(uint32_t mem_base, uint16_t size)

{

    m48t08_t *s;

    int i;

    unsigned char tmp = 0;

    s = qemu_mallocz(sizeof(m48t08_t));

    if (!s)

	return NULL;

    s->buffer = qemu_mallocz(size);

    if (!s->buffer) {

        qemu_free(s);

        return NULL;

    }

    s->size = size;

    s->mem_base = mem_base;

    s->addr = 0;

    if (mem_base != 0) {

        s->mem_index = cpu_register_io_memory(0, nvram_read, nvram_write, s);

        cpu_register_physical_memory(mem_base, 0x4000, s->mem_index);

    }

    s->lock = 0;

    i = 0x1fd8;

    s->buffer[i++] = 0x01;

    s->buffer[i++] = 0x80; /* Sun4m OBP */

    /* XXX: Ethernet address, etc */

    /* Calculate checksum */

    for (i = 0x1fd8; i < 0x1fe7; i++) {

	tmp ^= s->buffer[i];

    }

    s->buffer[0x1fe7] = tmp;

    return s;

}

#if 0

struct idprom

{

        unsigned char   id_format;      /* Format identifier (always 0x01) */

        unsigned char   id_machtype;    /* Machine type */

        unsigned char   id_ethaddr[6];  /* Hardware ethernet address */

        long            id_date;        /* Date of manufacture */

        unsigned int    id_sernum:24;   /* Unique serial number */

        unsigned char   id_cksum;       /* Checksum - xor of the data bytes */

        unsigned char   reserved[16];

};

#endif

#if !defined (__M48T08_H__)

#define __M48T08_H__

typedef struct m48t08_t m48t08_t;

void m48t08_write (m48t08_t *NVRAM, uint32_t val);

uint32_t m48t08_read (m48t08_t *NVRAM);

void m48t08_set_addr (m48t08_t *NVRAM, uint32_t addr);

void m48t08_toggle_lock (m48t08_t *NVRAM, int lock);

m48t08_t *m48t08_init(uint32_t mem_base, uint16_t size);

#endif /* !defined (__M48T08_H__) */

/* This is the Linux kernel elf-loading code, ported into user space */

#include "vl.h"

#include "disas.h"

/* XXX: this code is not used as it is under the GPL license. Please

   remove or recode it */

//#define USE_ELF_LOADER

#ifdef USE_ELF_LOADER

/* should probably go in elf.h */

#ifndef ELIBBAD

#define ELIBBAD 80

#endif

#define ELF_START_MMAP 0x80000000

#define elf_check_arch(x) ( (x) == EM_SPARC )

#define ELF_CLASS   ELFCLASS32

#define ELF_DATA    ELFDATA2MSB

#define ELF_ARCH    EM_SPARC

#include "elf.h"

/*

 * This structure is used to hold the arguments that are 

 * used when loading binaries.

 */

struct linux_binprm {

        char buf[128];

	int fd;

};

#define TARGET_ELF_EXEC_PAGESIZE TARGET_PAGE_SIZE

#define TARGET_ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(TARGET_ELF_EXEC_PAGESIZE-1))

#define TARGET_ELF_PAGEOFFSET(_v) ((_v) & (TARGET_ELF_EXEC_PAGESIZE-1))

#ifdef BSWAP_NEEDED

static void bswap_ehdr(Elf32_Ehdr *ehdr)

{

    bswap16s(&ehdr->e_type);			/* Object file type */

    bswap16s(&ehdr->e_machine);		/* Architecture */

    bswap32s(&ehdr->e_version);		/* Object file version */

    bswap32s(&ehdr->e_entry);		/* Entry point virtual address */

    bswap32s(&ehdr->e_phoff);		/* Program header table file offset */

    bswap32s(&ehdr->e_shoff);		/* Section header table file offset */

    bswap32s(&ehdr->e_flags);		/* Processor-specific flags */

    bswap16s(&ehdr->e_ehsize);		/* ELF header size in bytes */

    bswap16s(&ehdr->e_phentsize);		/* Program header table entry size */

    bswap16s(&ehdr->e_phnum);		/* Program header table entry count */

    bswap16s(&ehdr->e_shentsize);		/* Section header table entry size */

    bswap16s(&ehdr->e_shnum);		/* Section header table entry count */

    bswap16s(&ehdr->e_shstrndx);		/* Section header string table index */

}

static void bswap_phdr(Elf32_Phdr *phdr)

{

    bswap32s(&phdr->p_type);			/* Segment type */

    bswap32s(&phdr->p_offset);		/* Segment file offset */

    bswap32s(&phdr->p_vaddr);		/* Segment virtual address */

    bswap32s(&phdr->p_paddr);		/* Segment physical address */

    bswap32s(&phdr->p_filesz);		/* Segment size in file */

    bswap32s(&phdr->p_memsz);		/* Segment size in memory */

    bswap32s(&phdr->p_flags);		/* Segment flags */

    bswap32s(&phdr->p_align);		/* Segment alignment */

}

static void bswap_shdr(Elf32_Shdr *shdr)

{

    bswap32s(&shdr->sh_name);

    bswap32s(&shdr->sh_type);

    bswap32s(&shdr->sh_flags);

    bswap32s(&shdr->sh_addr);

    bswap32s(&shdr->sh_offset);

    bswap32s(&shdr->sh_size);

    bswap32s(&shdr->sh_link);

    bswap32s(&shdr->sh_info);

    bswap32s(&shdr->sh_addralign);

    bswap32s(&shdr->sh_entsize);

}

static void bswap_sym(Elf32_Sym *sym)

{

    bswap32s(&sym->st_name);

    bswap32s(&sym->st_value);

    bswap32s(&sym->st_size);

    bswap16s(&sym->st_shndx);

}

#endif

static int prepare_binprm(struct linux_binprm *bprm)

{

    int retval;

    memset(bprm->buf, 0, sizeof(bprm->buf));

    retval = lseek(bprm->fd, 0L, SEEK_SET);

    if(retval >= 0) {

        retval = read(bprm->fd, bprm->buf, 128);

    }

    if(retval < 0) {

	perror("prepare_binprm");

	exit(-1);

	/* return(-errno); */

    }

    else {

	return(retval);

    }

}

/* Best attempt to load symbols from this ELF object. */

static void load_symbols(struct elfhdr *hdr, int fd)

{

    unsigned int i;

    struct elf_shdr sechdr, symtab, strtab;

    char *strings;

    lseek(fd, hdr->e_shoff, SEEK_SET);

    for (i = 0; i < hdr->e_shnum; i++) {

	if (read(fd, &sechdr, sizeof(sechdr)) != sizeof(sechdr))

	    return;

#ifdef BSWAP_NEEDED

	bswap_shdr(&sechdr);

#endif

	if (sechdr.sh_type == SHT_SYMTAB) {

	    symtab = sechdr;

	    lseek(fd, hdr->e_shoff

		  + sizeof(sechdr) * sechdr.sh_link, SEEK_SET);

	    if (read(fd, &strtab, sizeof(strtab))

		!= sizeof(strtab))

		return;

#ifdef BSWAP_NEEDED

	    bswap_shdr(&strtab);

#endif

	    goto found;

	}

    }

    return; /* Shouldn't happen... */

 found:

    /* Now know where the strtab and symtab are.  Snarf them. */

    disas_symtab = qemu_malloc(symtab.sh_size);

    disas_strtab = strings = qemu_malloc(strtab.sh_size);

    if (!disas_symtab || !disas_strtab)

	return;

    lseek(fd, symtab.sh_offset, SEEK_SET);

    if (read(fd, disas_symtab, symtab.sh_size) != symtab.sh_size)

	return;

#ifdef BSWAP_NEEDED

    for (i = 0; i < symtab.sh_size / sizeof(struct elf_sym); i++)

	bswap_sym(disas_symtab + sizeof(struct elf_sym)*i);

#endif

    lseek(fd, strtab.sh_offset, SEEK_SET);

    if (read(fd, strings, strtab.sh_size) != strtab.sh_size)

	return;

    disas_num_syms = symtab.sh_size / sizeof(struct elf_sym);

}

static int load_elf_binary(struct linux_binprm * bprm, uint8_t *addr)

{

    struct elfhdr elf_ex;

    unsigned long startaddr = addr;

    int i;

    struct elf_phdr * elf_ppnt;

    struct elf_phdr *elf_phdata;

    int retval;

    elf_ex = *((struct elfhdr *) bprm->buf);          /* exec-header */

#ifdef BSWAP_NEEDED

    bswap_ehdr(&elf_ex);

#endif

    if (elf_ex.e_ident[0] != 0x7f ||

	strncmp(&elf_ex.e_ident[1], "ELF",3) != 0) {

	return  -ENOEXEC;

    }

    /* First of all, some simple consistency checks */

    if (! elf_check_arch(elf_ex.e_machine)) {

	return -ENOEXEC;

    }

    /* Now read in all of the header information */

    elf_phdata = (struct elf_phdr *)qemu_malloc(elf_ex.e_phentsize*elf_ex.e_phnum);

    if (elf_phdata == NULL) {

	return -ENOMEM;

    }

    retval = lseek(bprm->fd, elf_ex.e_phoff, SEEK_SET);

    if(retval > 0) {

	retval = read(bprm->fd, (char *) elf_phdata, 

				elf_ex.e_phentsize * elf_ex.e_phnum);

    }

    if (retval < 0) {

	perror("load_elf_binary");

	exit(-1);

	qemu_free (elf_phdata);

	return -errno;

    }

#ifdef BSWAP_NEEDED

    elf_ppnt = elf_phdata;

    for (i=0; i<elf_ex.e_phnum; i++, elf_ppnt++) {

        bswap_phdr(elf_ppnt);

    }

#endif

    elf_ppnt = elf_phdata;

    /* Now we do a little grungy work by mmaping the ELF image into

     * the correct location in memory.  At this point, we assume that

     * the image should be loaded at fixed address, not at a variable

     * address.

     */

    for(i = 0, elf_ppnt = elf_phdata; i < elf_ex.e_phnum; i++, elf_ppnt++) {

        unsigned long error, offset, len;

	if (elf_ppnt->p_type != PT_LOAD)

            continue;

#if 0        

        error = target_mmap(TARGET_ELF_PAGESTART(load_bias + elf_ppnt->p_vaddr),

                            elf_prot,

                            (MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE),

                            bprm->fd,

                            (elf_ppnt->p_offset - 

                             TARGET_ELF_PAGEOFFSET(elf_ppnt->p_vaddr)));

#endif

	//offset = elf_ppnt->p_offset - TARGET_ELF_PAGEOFFSET(elf_ppnt->p_vaddr);

	offset = 0x4000;

	lseek(bprm->fd, offset, SEEK_SET);

	len = elf_ppnt->p_filesz + TARGET_ELF_PAGEOFFSET(elf_ppnt->p_vaddr);

	error = read(bprm->fd, addr, len); 

        if (error == -1) {

            perror("mmap");

            exit(-1);

        }

	addr += len;

    }

    qemu_free(elf_phdata);

    load_symbols(&elf_ex, bprm->fd);

    return addr-startaddr;

}

int elf_exec(const char * filename, uint8_t *addr)

{

        struct linux_binprm bprm;

        int retval;

        retval = open(filename, O_RDONLY);

        if (retval < 0)

            return retval;

        bprm.fd = retval;

        retval = prepare_binprm(&bprm);

        if(retval>=0) {

	    retval = load_elf_binary(&bprm, addr);

	}

	return retval;

}

#endif

int load_kernel(const char *filename, uint8_t *addr)

{

    int fd, size;

    fd = open(filename, O_RDONLY | O_BINARY);

    if (fd < 0)

        return -1;

    /* load 32 bit code */

    size = read(fd, addr, 16 * 1024 * 1024);

    if (size < 0)

        goto fail;

    close(fd);

    return size;

 fail:

    close(fd);

    return -1;

}

static char saved_kfn[1024];

static uint32_t saved_addr;

static int magic_state;

static uint32_t magic_mem_readl(void *opaque, target_phys_addr_t addr)

{

    int ret;

    if (magic_state == 0) {

#ifdef USE_ELF_LOADER

        ret = elf_exec(saved_kfn, saved_addr);

#else

        ret = load_kernel(saved_kfn, (uint8_t *)saved_addr);

#endif

        if (ret < 0) {

            fprintf(stderr, "qemu: could not load kernel '%s'\n", 

                    saved_kfn);

        }

	magic_state = 1; /* No more magic */

	tb_flush();

    }

    return ret;

}

static void magic_mem_writel(void *opaque, target_phys_addr_t addr, uint32_t val)

{

}

static CPUReadMemoryFunc *magic_mem_read[3] = {

    magic_mem_readl,

    magic_mem_readl,

    magic_mem_readl,

};

static CPUWriteMemoryFunc *magic_mem_write[3] = {

    magic_mem_writel,

    magic_mem_writel,

    magic_mem_writel,

};

void magic_init(const char *kfn, int kloadaddr)

{

    int magic_io_memory;

    strcpy(saved_kfn, kfn);

    saved_addr = kloadaddr;

    magic_state = 0;

    magic_io_memory = cpu_register_io_memory(0, magic_mem_read, magic_mem_write, 0);

    cpu_register_physical_memory(0x20000000, 4,

                                 magic_io_memory);

}

/*

 * QEMU interrupt controller & timer emulation

 * 

 * Copyright (c) 2003-2004 Fabrice Bellard

 * 

 * Permission is hereby granted, free of charge, to any person obtaining a copy

 * of this software and associated documentation files (the "Software"), to deal

 * in the Software without restriction, including without limitation the rights

 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

 * copies of the Software, and to permit persons to whom the Software is

 * furnished to do so, subject to the following conditions:

 *

 * The above copyright notice and this permission notice shall be included in

 * all copies or substantial portions of the Software.

 *

 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL

 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER