Archipelago » qemu

/*

 * QEMU PC System Emulator

 * 

 * Copyright (c) 2003 Fabrice Bellard

 * 

 * Permission is hereby granted, free of charge, to any person obtaining a copy

 * of this software and associated documentation files (the "Software"), to deal

 * in the Software without restriction, including without limitation the rights

 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

 * copies of the Software, and to permit persons to whom the Software is

 * furnished to do so, subject to the following conditions:

 *

 * The above copyright notice and this permission notice shall be included in

 * all copies or substantial portions of the Software.

 *

 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL

 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN

 * THE SOFTWARE.

 */

#include <stdlib.h>

#include <stdio.h>

#include <stdarg.h>

#include <string.h>

#include <getopt.h>

#include <inttypes.h>

#include <unistd.h>

#include <sys/mman.h>

#include <fcntl.h>

#include <signal.h>

#include <time.h>

#include <sys/time.h>

#include <malloc.h>

#include <termios.h>

#include <sys/poll.h>

#include <errno.h>

#include <sys/wait.h>

#include <sys/ioctl.h>

#include <sys/socket.h>

#include <linux/if.h>

#include <linux/if_tun.h>

#include "cpu-i386.h"

#include "disas.h"

#include "thunk.h"

#include "vl.h"

#define DEBUG_LOGFILE "/tmp/vl.log"

#define DEFAULT_NETWORK_SCRIPT "/etc/vl-ifup"

//#define DEBUG_UNUSED_IOPORT

//#define DEBUG_IRQ_LATENCY

#define PHYS_RAM_BASE 0xa8000000

#define KERNEL_LOAD_ADDR   0x00100000

#define INITRD_LOAD_ADDR   0x00400000

#define KERNEL_PARAMS_ADDR 0x00090000

/* from plex86 (BSD license) */

struct  __attribute__ ((packed)) linux_params {

  // For 0x00..0x3f, see 'struct screen_info' in linux/include/linux/tty.h.

  // I just padded out the VESA parts, rather than define them.

  /* 0x000 */ uint8_t   orig_x;

  /* 0x001 */ uint8_t   orig_y;

  /* 0x002 */ uint16_t  ext_mem_k;

  /* 0x004 */ uint16_t  orig_video_page;

  /* 0x006 */ uint8_t   orig_video_mode;

  /* 0x007 */ uint8_t   orig_video_cols;

  /* 0x008 */ uint16_t  unused1;

  /* 0x00a */ uint16_t  orig_video_ega_bx;

  /* 0x00c */ uint16_t  unused2;

  /* 0x00e */ uint8_t   orig_video_lines;

  /* 0x00f */ uint8_t   orig_video_isVGA;

  /* 0x010 */ uint16_t  orig_video_points;

  /* 0x012 */ uint8_t   pad0[0x20 - 0x12]; // VESA info.

  /* 0x020 */ uint16_t  cl_magic;  // Commandline magic number (0xA33F)

  /* 0x022 */ uint16_t  cl_offset; // Commandline offset.  Address of commandline

                                 // is calculated as 0x90000 + cl_offset, bu

                                 // only if cl_magic == 0xA33F.

  /* 0x024 */ uint8_t   pad1[0x40 - 0x24]; // VESA info.

  /* 0x040 */ uint8_t   apm_bios_info[20]; // struct apm_bios_info

  /* 0x054 */ uint8_t   pad2[0x80 - 0x54];

  // Following 2 from 'struct drive_info_struct' in drivers/block/cciss.h.

  // Might be truncated?

  /* 0x080 */ uint8_t   hd0_info[16]; // hd0-disk-parameter from intvector 0x41

  /* 0x090 */ uint8_t   hd1_info[16]; // hd1-disk-parameter from intvector 0x46

  // System description table truncated to 16 bytes

  // From 'struct sys_desc_table_struct' in linux/arch/i386/kernel/setup.c.

  /* 0x0a0 */ uint16_t  sys_description_len;

  /* 0x0a2 */ uint8_t   sys_description_table[14];

                        // [0] machine id

                        // [1] machine submodel id

                        // [2] BIOS revision

                        // [3] bit1: MCA bus

  /* 0x0b0 */ uint8_t   pad3[0x1e0 - 0xb0];

  /* 0x1e0 */ uint32_t  alt_mem_k;

  /* 0x1e4 */ uint8_t   pad4[4];

  /* 0x1e8 */ uint8_t   e820map_entries;

  /* 0x1e9 */ uint8_t   eddbuf_entries; // EDD_NR

  /* 0x1ea */ uint8_t   pad5[0x1f1 - 0x1ea];

  /* 0x1f1 */ uint8_t   setup_sects; // size of setup.S, number of sectors

  /* 0x1f2 */ uint16_t  mount_root_rdonly; // MOUNT_ROOT_RDONLY (if !=0)

  /* 0x1f4 */ uint16_t  sys_size; // size of compressed kernel-part in the

                                // (b)zImage-file (in 16 byte units, rounded up)

  /* 0x1f6 */ uint16_t  swap_dev; // (unused AFAIK)

  /* 0x1f8 */ uint16_t  ramdisk_flags;

  /* 0x1fa */ uint16_t  vga_mode; // (old one)

  /* 0x1fc */ uint16_t  orig_root_dev; // (high=Major, low=minor)

  /* 0x1fe */ uint8_t   pad6[1];

  /* 0x1ff */ uint8_t   aux_device_info;

  /* 0x200 */ uint16_t  jump_setup; // Jump to start of setup code,

                                  // aka "reserved" field.

  /* 0x202 */ uint8_t   setup_signature[4]; // Signature for SETUP-header, ="HdrS"

  /* 0x206 */ uint16_t  header_format_version; // Version number of header format;

  /* 0x208 */ uint8_t   setup_S_temp0[8]; // Used by setup.S for communication with

                                        // boot loaders, look there.

  /* 0x210 */ uint8_t   loader_type;

                        // 0 for old one.

                        // else 0xTV:

                        //   T=0: LILO

                        //   T=1: Loadlin

                        //   T=2: bootsect-loader

                        //   T=3: SYSLINUX

                        //   T=4: ETHERBOOT

                        //   V=version

  /* 0x211 */ uint8_t   loadflags;

                        // bit0 = 1: kernel is loaded high (bzImage)

                        // bit7 = 1: Heap and pointer (see below) set by boot

                        //   loader.

  /* 0x212 */ uint16_t  setup_S_temp1;

  /* 0x214 */ uint32_t  kernel_start;

  /* 0x218 */ uint32_t  initrd_start;

  /* 0x21c */ uint32_t  initrd_size;

  /* 0x220 */ uint8_t   setup_S_temp2[4];

  /* 0x224 */ uint16_t  setup_S_heap_end_pointer;

  /* 0x226 */ uint8_t   pad7[0x2d0 - 0x226];

  /* 0x2d0 : Int 15, ax=e820 memory map. */

  // (linux/include/asm-i386/e820.h, 'struct e820entry')

#define E820MAX  32

#define E820_RAM  1

#define E820_RESERVED 2

#define E820_ACPI 3 /* usable as RAM once ACPI tables have been read */

#define E820_NVS  4

  struct {

    uint64_t addr;

    uint64_t size;

    uint32_t type;

    } e820map[E820MAX];

  /* 0x550 */ uint8_t   pad8[0x600 - 0x550];

  // BIOS Enhanced Disk Drive Services.

  // (From linux/include/asm-i386/edd.h, 'struct edd_info')

  // Each 'struct edd_info is 78 bytes, times a max of 6 structs in array.

  /* 0x600 */ uint8_t   eddbuf[0x7d4 - 0x600];

  /* 0x7d4 */ uint8_t   pad9[0x800 - 0x7d4];

  /* 0x800 */ uint8_t   commandline[0x800];

  /* 0x1000 */

  uint64_t gdt_table[256];

  uint64_t idt_table[48];

};

#define KERNEL_CS     0x10

#define KERNEL_DS     0x18

typedef void (IOPortWriteFunc)(CPUX86State *env, uint32_t address, uint32_t data);

typedef uint32_t (IOPortReadFunc)(CPUX86State *env, uint32_t address);

#define MAX_IOPORTS 4096

char phys_ram_file[1024];

CPUX86State *global_env;

CPUX86State *cpu_single_env;

FILE *logfile = NULL;

int loglevel;

IOPortReadFunc *ioport_read_table[3][MAX_IOPORTS];

IOPortWriteFunc *ioport_write_table[3][MAX_IOPORTS];

/***********************************************************/

/* x86 io ports */

uint32_t default_ioport_readb(CPUX86State *env, uint32_t address)

{

#ifdef DEBUG_UNUSED_IOPORT

    fprintf(stderr, "inb: port=0x%04x\n", address);

#endif

    return 0xff;

}

void default_ioport_writeb(CPUX86State *env, uint32_t address, uint32_t data)

{

#ifdef DEBUG_UNUSED_IOPORT

    fprintf(stderr, "outb: port=0x%04x data=0x%02x\n", address, data);

#endif

}

/* default is to make two byte accesses */

uint32_t default_ioport_readw(CPUX86State *env, uint32_t address)

{

    uint32_t data;

    data = ioport_read_table[0][address](env, address);

    data |= ioport_read_table[0][address + 1](env, address + 1) << 8;

    return data;

}

void default_ioport_writew(CPUX86State *env, uint32_t address, uint32_t data)

{

    ioport_write_table[0][address](env, address, data & 0xff);

    ioport_write_table[0][address + 1](env, address + 1, (data >> 8) & 0xff);

}

uint32_t default_ioport_readl(CPUX86State *env, uint32_t address)

{

#ifdef DEBUG_UNUSED_IOPORT

    fprintf(stderr, "inl: port=0x%04x\n", address);

#endif

    return 0xffffffff;

}

void default_ioport_writel(CPUX86State *env, uint32_t address, uint32_t data)

{

#ifdef DEBUG_UNUSED_IOPORT

    fprintf(stderr, "outl: port=0x%04x data=0x%02x\n", address, data);

#endif

}

void init_ioports(void)

{

    int i;

    for(i = 0; i < MAX_IOPORTS; i++) {

        ioport_read_table[0][i] = default_ioport_readb;

        ioport_write_table[0][i] = default_ioport_writeb;

        ioport_read_table[1][i] = default_ioport_readw;

        ioport_write_table[1][i] = default_ioport_writew;

        ioport_read_table[2][i] = default_ioport_readl;

        ioport_write_table[2][i] = default_ioport_writel;

    }

}

/* size is the word size in byte */

int register_ioport_read(int start, int length, IOPortReadFunc *func, int size)

{

    int i, bsize;

    if (size == 1)

        bsize = 0;

    else if (size == 2)

        bsize = 1;

    else if (size == 4)

        bsize = 2;

    else

        return -1;

    for(i = start; i < start + length; i += size)

        ioport_read_table[bsize][i] = func;

    return 0;

}

/* size is the word size in byte */

int register_ioport_write(int start, int length, IOPortWriteFunc *func, int size)

{

    int i, bsize;

    if (size == 1)

        bsize = 0;

    else if (size == 2)

        bsize = 1;

    else if (size == 4)

        bsize = 2;

    else

        return -1;

    for(i = start; i < start + length; i += size)

        ioport_write_table[bsize][i] = func;

    return 0;

}

void pstrcpy(char *buf, int buf_size, const char *str)

{

    int c;

    char *q = buf;

    if (buf_size <= 0)

        return;

    for(;;) {

        c = *str++;

        if (c == 0 || q >= buf + buf_size - 1)

            break;

        *q++ = c;

    }

    *q = '\0';

}

/* strcat and truncate. */

char *pstrcat(char *buf, int buf_size, const char *s)

{

    int len;

    len = strlen(buf);

    if (len < buf_size) 

        pstrcpy(buf + len, buf_size - len, s);

    return buf;

}

int load_kernel(const char *filename, uint8_t *addr)

{

    int fd, size, setup_sects;

    uint8_t bootsect[512];

    fd = open(filename, O_RDONLY);

    if (fd < 0)

        return -1;

    if (read(fd, bootsect, 512) != 512)

        goto fail;

    setup_sects = bootsect[0x1F1];

    if (!setup_sects)

        setup_sects = 4;

    /* skip 16 bit setup code */

    lseek(fd, (setup_sects + 1) * 512, SEEK_SET);

    size = read(fd, addr, 16 * 1024 * 1024);

    if (size < 0)

        goto fail;

    close(fd);

    return size;

 fail:

    close(fd);

    return -1;

}

/* return the size or -1 if error */

int load_image(const char *filename, uint8_t *addr)

{

    int fd, size;

    fd = open(filename, O_RDONLY);

    if (fd < 0)

        return -1;

    size = lseek(fd, 0, SEEK_END);

    lseek(fd, 0, SEEK_SET);

    if (read(fd, addr, size) != size) {

        close(fd);

        return -1;

    }

    close(fd);

    return size;

}

void cpu_x86_outb(CPUX86State *env, int addr, int val)

{

    ioport_write_table[0][addr & (MAX_IOPORTS - 1)](env, addr, val);

}

void cpu_x86_outw(CPUX86State *env, int addr, int val)

{

    ioport_write_table[1][addr & (MAX_IOPORTS - 1)](env, addr, val);

}

void cpu_x86_outl(CPUX86State *env, int addr, int val)

{

    ioport_write_table[2][addr & (MAX_IOPORTS - 1)](env, addr, val);

}

int cpu_x86_inb(CPUX86State *env, int addr)

{

    return ioport_read_table[0][addr & (MAX_IOPORTS - 1)](env, addr);

}

int cpu_x86_inw(CPUX86State *env, int addr)

{

    return ioport_read_table[1][addr & (MAX_IOPORTS - 1)](env, addr);

}

int cpu_x86_inl(CPUX86State *env, int addr)

{

    return ioport_read_table[2][addr & (MAX_IOPORTS - 1)](env, addr);

}

/***********************************************************/

void ioport80_write(CPUX86State *env, uint32_t addr, uint32_t data)

{

}

void hw_error(const char *fmt, ...)

{

    va_list ap;

    va_start(ap, fmt);

    fprintf(stderr, "qemu: hardware error: ");

    vfprintf(stderr, fmt, ap);

    fprintf(stderr, "\n");

#ifdef TARGET_I386

    cpu_x86_dump_state(global_env, stderr, X86_DUMP_FPU | X86_DUMP_CCOP);

#endif

    va_end(ap);

    abort();

}

/***********************************************************/

/* vga emulation */

static uint8_t vga_index;

static uint8_t vga_regs[256];

static int last_cursor_pos;

void update_console_messages(void)

{

    int c, i, cursor_pos, eol;

    cursor_pos = vga_regs[0x0f] | (vga_regs[0x0e] << 8);

    eol = 0;

    for(i = last_cursor_pos; i < cursor_pos; i++) {

        c = phys_ram_base[0xb8000 + (i) * 2];

        if (c >= ' ') {

            putchar(c);

            eol = 0;

        } else {

            if (!eol)

                putchar('\n');

            eol = 1;

        }

    }

    fflush(stdout);

    last_cursor_pos = cursor_pos;

}

/* just to see first Linux console messages, we intercept cursor position */

void vga_ioport_write(CPUX86State *env, uint32_t addr, uint32_t data)

{

    switch(addr) {

    case 0x3d4:

        vga_index = data;

        break;

    case 0x3d5:

        vga_regs[vga_index] = data;

        if (vga_index == 0x0f)

            update_console_messages();

        break;

    }

}

/***********************************************************/

/* cmos emulation */

#define RTC_SECONDS             0

#define RTC_SECONDS_ALARM       1

#define RTC_MINUTES             2

#define RTC_MINUTES_ALARM       3

#define RTC_HOURS               4

#define RTC_HOURS_ALARM         5

#define RTC_ALARM_DONT_CARE    0xC0

#define RTC_DAY_OF_WEEK         6

#define RTC_DAY_OF_MONTH        7

#define RTC_MONTH               8

#define RTC_YEAR                9

#define RTC_REG_A               10

#define RTC_REG_B               11

#define RTC_REG_C               12

#define RTC_REG_D               13

/* PC cmos mappings */

#define REG_EQUIPMENT_BYTE          0x14

uint8_t cmos_data[128];

uint8_t cmos_index;

void cmos_ioport_write(CPUX86State *env, uint32_t addr, uint32_t data)

{

    if (addr == 0x70) {

        cmos_index = data & 0x7f;

    }

}

uint32_t cmos_ioport_read(CPUX86State *env, uint32_t addr)

{

    int ret;

    if (addr == 0x70) {

        return 0xff;

    } else {

        /* toggle update-in-progress bit for Linux (same hack as

           plex86) */

        ret = cmos_data[cmos_index];

        if (cmos_index == RTC_REG_A)

            cmos_data[RTC_REG_A] ^= 0x80; 

        else if (cmos_index == RTC_REG_C)

            cmos_data[RTC_REG_C] = 0x00; 

        return ret;

    }

}

static inline int to_bcd(int a)

{

    return ((a / 10) << 4) | (a % 10);

}

void cmos_init(void)

{

    struct tm *tm;

    time_t ti;

    ti = time(NULL);

    tm = gmtime(&ti);

    cmos_data[RTC_SECONDS] = to_bcd(tm->tm_sec);

    cmos_data[RTC_MINUTES] = to_bcd(tm->tm_min);

    cmos_data[RTC_HOURS] = to_bcd(tm->tm_hour);

    cmos_data[RTC_DAY_OF_WEEK] = to_bcd(tm->tm_wday);

    cmos_data[RTC_DAY_OF_MONTH] = to_bcd(tm->tm_mday);

    cmos_data[RTC_MONTH] = to_bcd(tm->tm_mon + 1);

    cmos_data[RTC_YEAR] = to_bcd(tm->tm_year % 100);

    cmos_data[RTC_REG_A] = 0x26;

    cmos_data[RTC_REG_B] = 0x02;

    cmos_data[RTC_REG_C] = 0x00;

    cmos_data[RTC_REG_D] = 0x80;

    cmos_data[REG_EQUIPMENT_BYTE] = 0x02; /* FPU is there */

    register_ioport_write(0x70, 2, cmos_ioport_write, 1);

    register_ioport_read(0x70, 2, cmos_ioport_read, 1);

}

/***********************************************************/

/* 8259 pic emulation */

//#define DEBUG_PIC

typedef struct PicState {

    uint8_t last_irr; /* edge detection */

    uint8_t irr; /* interrupt request register */

    uint8_t imr; /* interrupt mask register */

    uint8_t isr; /* interrupt service register */

    uint8_t priority_add; /* used to compute irq priority */

    uint8_t irq_base;

    uint8_t read_reg_select;

    uint8_t special_mask;

    uint8_t init_state;

    uint8_t auto_eoi;

    uint8_t rotate_on_autoeoi;

    uint8_t init4; /* true if 4 byte init */

} PicState;

/* 0 is master pic, 1 is slave pic */

PicState pics[2];

int pic_irq_requested;

/* set irq level. If an edge is detected, then the IRR is set to 1 */

static inline void pic_set_irq1(PicState *s, int irq, int level)

{

    int mask;

    mask = 1 << irq;

    if (level) {

        if ((s->last_irr & mask) == 0)

            s->irr |= mask;

        s->last_irr |= mask;

    } else {

        s->last_irr &= ~mask;

    }

}

static inline int get_priority(PicState *s, int mask)

{

    int priority;

    if (mask == 0)

        return -1;

    priority = 7;

    while ((mask & (1 << ((priority + s->priority_add) & 7))) == 0)

        priority--;

    return priority;

}

/* return the pic wanted interrupt. return -1 if none */

static int pic_get_irq(PicState *s)

{

    int mask, cur_priority, priority;

    mask = s->irr & ~s->imr;

    priority = get_priority(s, mask);

    if (priority < 0)

        return -1;

    /* compute current priority */

    cur_priority = get_priority(s, s->isr);

    if (priority > cur_priority) {

        /* higher priority found: an irq should be generated */

        return priority;

    } else {

        return -1;

    }

}

/* raise irq to CPU if necessary. must be called every time the active

   irq may change */

static void pic_update_irq(void)

{

    int irq2, irq;

    /* first look at slave pic */

    irq2 = pic_get_irq(&pics[1]);

    if (irq2 >= 0) {

        /* if irq request by slave pic, signal master PIC */

        pic_set_irq1(&pics[0], 2, 1);

        pic_set_irq1(&pics[0], 2, 0);

    }

    /* look at requested irq */

    irq = pic_get_irq(&pics[0]);

    if (irq >= 0) {

        if (irq == 2) {

            /* from slave pic */

            pic_irq_requested = 8 + irq2;

        } else {

            /* from master pic */

            pic_irq_requested = irq;

        }

        cpu_x86_interrupt(global_env, CPU_INTERRUPT_HARD);

    }

}

#ifdef DEBUG_IRQ_LATENCY

int64_t irq_time[16];

int64_t cpu_get_ticks(void);

#endif

#ifdef DEBUG_PIC

int irq_level[16];

#endif

void pic_set_irq(int irq, int level)

{

#ifdef DEBUG_PIC

    if (level != irq_level[irq]) {

        printf("pic_set_irq: irq=%d level=%d\n", irq, level);

        irq_level[irq] = level;

    }

#endif

#ifdef DEBUG_IRQ_LATENCY

    if (level) {

        irq_time[irq] = cpu_get_ticks();

    }

#endif

    pic_set_irq1(&pics[irq >> 3], irq & 7, level);

    pic_update_irq();

}

int cpu_x86_get_pic_interrupt(CPUX86State *env)

{

    int irq, irq2, intno;

    /* signal the pic that the irq was acked by the CPU */

    irq = pic_irq_requested;

#ifdef DEBUG_IRQ_LATENCY

    printf("IRQ%d latency=%Ld\n", irq, cpu_get_ticks() - irq_time[irq]);

#endif

#ifdef DEBUG_PIC

    printf("pic_interrupt: irq=%d\n", irq);

#endif

    if (irq >= 8) {

        irq2 = irq & 7;

        pics[1].isr |= (1 << irq2);

        pics[1].irr &= ~(1 << irq2);

        irq = 2;

        intno = pics[1].irq_base + irq2;

    } else {

        intno = pics[0].irq_base + irq;

    }

    pics[0].isr |= (1 << irq);

    pics[0].irr &= ~(1 << irq);

    return intno;

}

void pic_ioport_write(CPUX86State *env, uint32_t addr, uint32_t val)

{

    PicState *s;

    int priority;

#ifdef DEBUG_PIC

    printf("pic_write: addr=0x%02x val=0x%02x\n", addr, val);

#endif

    s = &pics[addr >> 7];

    addr &= 1;

    if (addr == 0) {

        if (val & 0x10) {

            /* init */

            memset(s, 0, sizeof(PicState));

            s->init_state = 1;

            s->init4 = val & 1;

            if (val & 0x02)

                hw_error("single mode not supported");

            if (val & 0x08)

                hw_error("level sensitive irq not supported");

        } else if (val & 0x08) {

            if (val & 0x02)

                s->read_reg_select = val & 1;

            if (val & 0x40)

                s->special_mask = (val >> 5) & 1;

        } else {

            switch(val) {

            case 0x00:

            case 0x80:

                s->rotate_on_autoeoi = val >> 7;

                break;

            case 0x20: /* end of interrupt */

            case 0xa0:

                priority = get_priority(s, s->isr);

                if (priority >= 0) {

                    s->isr &= ~(1 << ((priority + s->priority_add) & 7));

                }

                if (val == 0xa0)

                    s->priority_add = (s->priority_add + 1) & 7;

                break;

            case 0x60 ... 0x67:

                priority = val & 7;

                s->isr &= ~(1 << priority);

                break;

            case 0xc0 ... 0xc7:

                s->priority_add = (val + 1) & 7;

                break;

            case 0xe0 ... 0xe7:

                priority = val & 7;

                s->isr &= ~(1 << priority);

                s->priority_add = (priority + 1) & 7;

                break;

            }

        }

    } else {

        switch(s->init_state) {

        case 0:

            /* normal mode */

            s->imr = val;

            pic_update_irq();

            break;

        case 1:

            s->irq_base = val & 0xf8;

            s->init_state = 2;

            break;

        case 2:

            if (s->init4) {

                s->init_state = 3;

            } else {

                s->init_state = 0;

            }

            break;

        case 3:

            s->auto_eoi = (val >> 1) & 1;

            s->init_state = 0;

            break;

        }

    }

}

uint32_t pic_ioport_read(CPUX86State *env, uint32_t addr1)

{

    PicState *s;

    unsigned int addr;

    int ret;

    addr = addr1;

    s = &pics[addr >> 7];

    addr &= 1;

    if (addr == 0) {

        if (s->read_reg_select)

            ret = s->isr;

        else

            ret = s->irr;

    } else {

        ret = s->imr;

    }

#ifdef DEBUG_PIC

    printf("pic_read: addr=0x%02x val=0x%02x\n", addr1, ret);

#endif

    return ret;

}

void pic_init(void)

{

    register_ioport_write(0x20, 2, pic_ioport_write, 1);

    register_ioport_read(0x20, 2, pic_ioport_read, 1);

    register_ioport_write(0xa0, 2, pic_ioport_write, 1);

    register_ioport_read(0xa0, 2, pic_ioport_read, 1);

}

/***********************************************************/

/* 8253 PIT emulation */

#define PIT_FREQ 1193182

#define RW_STATE_LSB 0

#define RW_STATE_MSB 1

#define RW_STATE_WORD0 2

#define RW_STATE_WORD1 3

#define RW_STATE_LATCHED_WORD0 4

#define RW_STATE_LATCHED_WORD1 5

typedef struct PITChannelState {

    int count; /* can be 65536 */

    uint16_t latched_count;

    uint8_t rw_state;

    uint8_t mode;

    uint8_t bcd; /* not supported */

    uint8_t gate; /* timer start */

    int64_t count_load_time;

    int64_t count_last_edge_check_time;

} PITChannelState;

PITChannelState pit_channels[3];

int speaker_data_on;

int pit_min_timer_count = 0;

int64_t ticks_per_sec;

int64_t get_clock(void)

{

    struct timeval tv;

    gettimeofday(&tv, NULL);

    return tv.tv_sec * 1000000LL + tv.tv_usec;

}

int64_t cpu_get_ticks(void)

{

    int64_t val;

    asm("rdtsc" : "=A" (val));

    return val;

}

void cpu_calibrate_ticks(void)

{

    int64_t usec, ticks;

    usec = get_clock();

    ticks = cpu_get_ticks();

    usleep(50 * 1000);

    usec = get_clock() - usec;

    ticks = cpu_get_ticks() - ticks;

    ticks_per_sec = (ticks * 1000000LL + (usec >> 1)) / usec;

}

/* compute with 96 bit intermediate result: (a*b)/c */

static uint64_t muldiv64(uint64_t a, uint32_t b, uint32_t c)

{

    union {

        uint64_t ll;

        struct {

#ifdef WORDS_BIGENDIAN

            uint32_t high, low;

#else

            uint32_t low, high;

#endif            

        } l;

    } u, res;

    uint64_t rl, rh;

    u.ll = a;

    rl = (uint64_t)u.l.low * (uint64_t)b;

    rh = (uint64_t)u.l.high * (uint64_t)b;

    rh += (rl >> 32);

    res.l.high = rh / c;

    res.l.low = (((rh % c) << 32) + (rl & 0xffffffff)) / c;

    return res.ll;

}

static int pit_get_count(PITChannelState *s)

{

    uint64_t d;

    int counter;

    d = muldiv64(cpu_get_ticks() - s->count_load_time, PIT_FREQ, ticks_per_sec);

    switch(s->mode) {

    case 0:

    case 1:

    case 4:

    case 5:

        counter = (s->count - d) & 0xffff;

        break;

    default:

        counter = s->count - (d % s->count);

        break;

    }

    return counter;

}

/* get pit output bit */

static int pit_get_out(PITChannelState *s)

{

    uint64_t d;

    int out;

    d = muldiv64(cpu_get_ticks() - s->count_load_time, PIT_FREQ, ticks_per_sec);

    switch(s->mode) {

    default:

    case 0:

        out = (d >= s->count);

        break;

    case 1:

        out = (d < s->count);

        break;

    case 2:

        if ((d % s->count) == 0 && d != 0)

            out = 1;

        else

            out = 0;

        break;

    case 3:

        out = (d % s->count) < (s->count >> 1);

        break;

    case 4:

    case 5:

        out = (d == s->count);

        break;

    }

    return out;

}

/* get the number of 0 to 1 transitions we had since we call this

   function */

/* XXX: maybe better to use ticks precision to avoid getting edges

   twice if checks are done at very small intervals */

static int pit_get_out_edges(PITChannelState *s)

{

    uint64_t d1, d2;

    int64_t ticks;

    int ret, v;

    ticks = cpu_get_ticks();

    d1 = muldiv64(s->count_last_edge_check_time - s->count_load_time, 

                 PIT_FREQ, ticks_per_sec);

    d2 = muldiv64(ticks - s->count_load_time, 

                  PIT_FREQ, ticks_per_sec);

    s->count_last_edge_check_time = ticks;

    switch(s->mode) {

    default:

    case 0:

        if (d1 < s->count && d2 >= s->count)

            ret = 1;

        else

            ret = 0;

        break;

    case 1:

        ret = 0;

        break;

    case 2:

        d1 /= s->count;

        d2 /= s->count;

        ret = d2 - d1;

        break;

    case 3:

        v = s->count - (s->count >> 1);

        d1 = (d1 + v) / s->count;

        d2 = (d2 + v) / s->count;

        ret = d2 - d1;

        break;

    case 4:

    case 5:

        if (d1 < s->count && d2 >= s->count)

            ret = 1;

        else

            ret = 0;

        break;

    }

    return ret;

}

static inline void pit_load_count(PITChannelState *s, int val)

{

    if (val == 0)

        val = 0x10000;

    s->count_load_time = cpu_get_ticks();

    s->count_last_edge_check_time = s->count_load_time;

    s->count = val;

    if (s == &pit_channels[0] && val <= pit_min_timer_count) {

        fprintf(stderr, 

                "\nWARNING: vl: on your system, accurate timer emulation is impossible if its frequency is more than %d Hz. If using a 2.5.xx Linux kernel, you must patch asm/param.h to change HZ from 1000 to 100.\n\n", 

                PIT_FREQ / pit_min_timer_count);

    }

}

void pit_ioport_write(CPUX86State *env, uint32_t addr, uint32_t val)

{

    int channel, access;

    PITChannelState *s;

    addr &= 3;

    if (addr == 3) {

        channel = val >> 6;

        if (channel == 3)

            return;

        s = &pit_channels[channel];

        access = (val >> 4) & 3;

        switch(access) {

        case 0:

            s->latched_count = pit_get_count(s);

            s->rw_state = RW_STATE_LATCHED_WORD0;

            break;

        default:

            s->mode = (val >> 1) & 7;

            s->bcd = val & 1;

            s->rw_state = access - 1 +  RW_STATE_LSB;

            break;

        }

    } else {

        s = &pit_channels[addr];

        switch(s->rw_state) {

        case RW_STATE_LSB:

            pit_load_count(s, val);

            break;

        case RW_STATE_MSB:

            pit_load_count(s, val << 8);

            break;

        case RW_STATE_WORD0:

        case RW_STATE_WORD1:

            if (s->rw_state & 1) {

                pit_load_count(s, (s->latched_count & 0xff) | (val << 8));

            } else {

                s->latched_count = val;

            }

            s->rw_state ^= 1;

            break;

        }

    }

}

uint32_t pit_ioport_read(CPUX86State *env, uint32_t addr)

{

    int ret, count;

    PITChannelState *s;

    addr &= 3;

    s = &pit_channels[addr];

    switch(s->rw_state) {

    case RW_STATE_LSB:

    case RW_STATE_MSB:

    case RW_STATE_WORD0:

    case RW_STATE_WORD1:

        count = pit_get_count(s);

        if (s->rw_state & 1)

            ret = (count >> 8) & 0xff;

        else

            ret = count & 0xff;

        if (s->rw_state & 2)

            s->rw_state ^= 1;

        break;

    default:

    case RW_STATE_LATCHED_WORD0:

    case RW_STATE_LATCHED_WORD1:

        if (s->rw_state & 1)

            ret = s->latched_count >> 8;

        else

            ret = s->latched_count & 0xff;

        s->rw_state ^= 1;

        break;

    }

    return ret;

}

void speaker_ioport_write(CPUX86State *env, uint32_t addr, uint32_t val)

{

    speaker_data_on = (val >> 1) & 1;

    pit_channels[2].gate = val & 1;

}

uint32_t speaker_ioport_read(CPUX86State *env, uint32_t addr)

{

    int out;

    out = pit_get_out(&pit_channels[2]);

    return (speaker_data_on << 1) | pit_channels[2].gate | (out << 5);

}

void pit_init(void)

{

    PITChannelState *s;

    int i;

    cpu_calibrate_ticks();

    for(i = 0;i < 3; i++) {

        s = &pit_channels[i];

        s->mode = 3;

        s->gate = (i != 2);

        pit_load_count(s, 0);

    }

    register_ioport_write(0x40, 4, pit_ioport_write, 1);

    register_ioport_read(0x40, 3, pit_ioport_read, 1);

    register_ioport_read(0x61, 1, speaker_ioport_read, 1);

    register_ioport_write(0x61, 1, speaker_ioport_write, 1);

}

/***********************************************************/

/* serial port emulation */

#define UART_IRQ        4

#define UART_LCR_DLAB        0x80        /* Divisor latch access bit */

#define UART_IER_MSI        0x08        /* Enable Modem status interrupt */

#define UART_IER_RLSI        0x04        /* Enable receiver line status interrupt */

#define UART_IER_THRI        0x02        /* Enable Transmitter holding register int. */

#define UART_IER_RDI        0x01        /* Enable receiver data interrupt */

#define UART_IIR_NO_INT        0x01        /* No interrupts pending */

#define UART_IIR_ID        0x06        /* Mask for the interrupt ID */

#define UART_IIR_MSI        0x00        /* Modem status interrupt */

#define UART_IIR_THRI        0x02        /* Transmitter holding register empty */

#define UART_IIR_RDI        0x04        /* Receiver data interrupt */

#define UART_IIR_RLSI        0x06        /* Receiver line status interrupt */

#define UART_LSR_TEMT        0x40        /* Transmitter empty */

#define UART_LSR_THRE        0x20        /* Transmit-hold-register empty */

#define UART_LSR_BI        0x10        /* Break interrupt indicator */

#define UART_LSR_FE        0x08        /* Frame error indicator */

#define UART_LSR_PE        0x04        /* Parity error indicator */

#define UART_LSR_OE        0x02        /* Overrun error indicator */

#define UART_LSR_DR        0x01        /* Receiver data ready */

typedef struct SerialState {

    uint8_t divider;

    uint8_t rbr; /* receive register */

    uint8_t ier;

    uint8_t iir; /* read only */

    uint8_t lcr;

    uint8_t mcr;

    uint8_t lsr; /* read only */

    uint8_t msr;

    uint8_t scr;

} SerialState;

SerialState serial_ports[1];

void serial_update_irq(void)

{

    SerialState *s = &serial_ports[0];

    if ((s->lsr & UART_LSR_DR) && (s->ier & UART_IER_RDI)) {

        s->iir = UART_IIR_RDI;

    } else if ((s->lsr & UART_LSR_THRE) && (s->ier & UART_IER_THRI)) {

        s->iir = UART_IIR_THRI;

    } else {

        s->iir = UART_IIR_NO_INT;

    }

    if (s->iir != UART_IIR_NO_INT) {

        pic_set_irq(UART_IRQ, 1);

    } else {

        pic_set_irq(UART_IRQ, 0);

    }

}

void serial_ioport_write(CPUX86State *env, uint32_t addr, uint32_t val)

{

    SerialState *s = &serial_ports[0];

    unsigned char ch;

    int ret;

    addr &= 7;

    switch(addr) {

    default:

    case 0:

        if (s->lcr & UART_LCR_DLAB) {

            s->divider = (s->divider & 0xff00) | val;

        } else {

            s->lsr &= ~UART_LSR_THRE;

            serial_update_irq();

            ch = val;

            do {

                ret = write(1, &ch, 1);

            } while (ret != 1);

            s->lsr |= UART_LSR_THRE;

            s->lsr |= UART_LSR_TEMT;

            serial_update_irq();

        }

        break;

    case 1:

        if (s->lcr & UART_LCR_DLAB) {

            s->divider = (s->divider & 0x00ff) | (val << 8);

        } else {

            s->ier = val;

            serial_update_irq();

        }

        break;

    case 2:

        break;

    case 3:

        s->lcr = val;

        break;

    case 4:

        s->mcr = val;

        break;

    case 5:

        break;

    case 6:

        s->msr = val;

        break;

    case 7:

        s->scr = val;

        break;

    }

}

uint32_t serial_ioport_read(CPUX86State *env, uint32_t addr)

{

    SerialState *s = &serial_ports[0];

    uint32_t ret;

    addr &= 7;

    switch(addr) {

    default:

    case 0:

        if (s->lcr & UART_LCR_DLAB) {

            ret = s->divider & 0xff; 

        } else {

            ret = s->rbr;

            s->lsr &= ~(UART_LSR_DR | UART_LSR_BI);

            serial_update_irq();

        }

        break;

    case 1:

        if (s->lcr & UART_LCR_DLAB) {

            ret = (s->divider >> 8) & 0xff;

        } else {

            ret = s->ier;

        }

        break;

    case 2:

        ret = s->iir;

        break;

    case 3:

        ret = s->lcr;

        break;

    case 4:

        ret = s->mcr;

        break;

    case 5:

        ret = s->lsr;

        break;

    case 6:

        ret = s->msr;

        break;

    case 7:

        ret = s->scr;

        break;

    }

    return ret;

}

#define TERM_ESCAPE 0x01 /* ctrl-a is used for escape */

static int term_got_escape;

void term_print_help(void)

{

    printf("\n"

           "C-a h    print this help\n"

           "C-a x    exit emulatior\n"

           "C-a b    send break (magic sysrq)\n"

           "C-a C-a  send C-a\n"

           );

}

/* called when a char is received */

void serial_received_byte(SerialState *s, int ch)

{

    if (term_got_escape) {

        term_got_escape = 0;

        switch(ch) {

        case 'h':

            term_print_help();

            break;

        case 'x':

            exit(0);

            break;

        case 'b':

            /* send break */

            s->rbr = 0;

            s->lsr |= UART_LSR_BI | UART_LSR_DR;

            serial_update_irq();

            break;

        case TERM_ESCAPE:

            goto send_char;

        }

    } else if (ch == TERM_ESCAPE) {

        term_got_escape = 1;

    } else {

    send_char:

        s->rbr = ch;

        s->lsr |= UART_LSR_DR;

        serial_update_irq();

    }

}

/* init terminal so that we can grab keys */

static struct termios oldtty;

static void term_exit(void)

{

    tcsetattr (0, TCSANOW, &oldtty);

}

static void term_init(void)

{

    struct termios tty;

    tcgetattr (0, &tty);

    oldtty = tty;