/home/stefan/src/qemu/qemu.org/qemu/hw/ppc/prep.c

Bug Summary

File:	hw/ppc/prep.c
Location:	line 591, column 9
Description:	Access to field 'bus_model' results in a dereference of a null pointer (loaded from variable 'env')

Annotated Source Code

* QEMU PPC PREP hardware System Emulator

* Permission is hereby granted, free of charge, to any person obtaining a copy

* of this software and associated documentation files (the "Software"), to deal

* in the Software without restriction, including without limitation the rights

* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

* copies of the Software, and to permit persons to whom the Software is

* furnished to do so, subject to the following conditions:

* The above copyright notice and this permission notice shall be included in

* all copies or substantial portions of the Software.

* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL

* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN

* THE SOFTWARE.

#include "hw/hw.h"

#include "hw/timer/m48t59.h"

#include "hw/i386/pc.h"

#include "hw/char/serial.h"

#include "hw/block/fdc.h"

#include "net/net.h"

#include "sysemu/sysemu.h"

#include "hw/isa/isa.h"

#include "hw/pci/pci.h"

#include "hw/pci/pci_host.h"

#include "hw/ppc/ppc.h"

#include "hw/boards.h"

#include "qemu/log.h"

#include "hw/ide.h"

#include "hw/loader.h"

#include "hw/timer/mc146818rtc.h"

#include "hw/isa/pc87312.h"

#include "sysemu/blockdev.h"

#include "sysemu/arch_init.h"

#include "sysemu/qtest.h"

#include "exec/address-spaces.h"

#include "elf.h"

//#define HARD_DEBUG_PPC_IO

//#define DEBUG_PPC_IO

/* SMP is not enabled, for now */

#define MAX_CPUS1 1

#define MAX_IDE_BUS2 2

#define BIOS_SIZE(1024 * 1024) (1024 * 1024)

#define BIOS_FILENAME"ppc_rom.bin" "ppc_rom.bin"

#define KERNEL_LOAD_ADDR0x01000000 0x01000000

#define INITRD_LOAD_ADDR0x01800000 0x01800000

#if defined (HARD_DEBUG_PPC_IO) && !defined (DEBUG_PPC_IO)

#define DEBUG_PPC_IO

#endif

#if defined (HARD_DEBUG_PPC_IO)

#define PPC_IO_DPRINTF(fmt, ...)do { } while (0) \

do { \

if (qemu_loglevel_mask(CPU_LOG_IOPORT(1 << 7))) { \

qemu_log("%s: " fmt, __func__ , ## __VA_ARGS__); \

} else { \

printf("%s : " fmt, __func__ , ## __VA_ARGS__); \

} \

} while (0)

#elif defined (DEBUG_PPC_IO)

#define PPC_IO_DPRINTF(fmt, ...)do { } while (0) \

qemu_log_mask(CPU_LOG_IOPORT(1 << 7), fmt, ## __VA_ARGS__)

#else

#define PPC_IO_DPRINTF(fmt, ...)do { } while (0) do { } while (0)

#endif

/* Constants for devices init */

static const int ide_iobase[2] = { 0x1f0, 0x170 };

static const int ide_iobase2[2] = { 0x3f6, 0x376 };

static const int ide_irq[2] = { 13, 13 };

#define NE2000_NB_MAX6 6

static uint32_t ne2000_io[NE2000_NB_MAX6] = { 0x300, 0x320, 0x340, 0x360, 0x280, 0x380 };

static int ne2000_irq[NE2000_NB_MAX6] = { 9, 10, 11, 3, 4, 5 };

/* ISA IO ports bridge */

#define PPC_IO_BASE0x80000000 0x80000000

/* PowerPC control and status registers */

#if 0 // Not used

static struct {

/* IDs */

uint32_t veni_devi;

uint32_t revi;

/* Control and status */

100

uint32_t gcsr;

101

uint32_t xcfr;

102

uint32_t ct32;

103

uint32_t mcsr;

104

/* General purpose registers */

105

uint32_t gprg[6];

106

/* Exceptions */

107

uint32_t feen;

108

uint32_t fest;

109

uint32_t fema;

110

uint32_t fecl;

111

uint32_t eeen;

112

uint32_t eest;

113

uint32_t eecl;

114

uint32_t eeint;

115

uint32_t eemck0;

116

uint32_t eemck1;

117

/* Error diagnostic */

118

} XCSR;

119

120

static void PPC_XCSR_writeb (void *opaque,

121

hwaddr addr, uint32_t value)

122

{

123

printf("%s: 0x" TARGET_FMT_plx"%016" "l" "x" " => 0x%08" PRIx32"x" "\n", __func__, addr,

124

value);

125

}

126

127

static void PPC_XCSR_writew (void *opaque,

128

hwaddr addr, uint32_t value)

129

{

130

printf("%s: 0x" TARGET_FMT_plx"%016" "l" "x" " => 0x%08" PRIx32"x" "\n", __func__, addr,

131

value);

132

}

133

134

static void PPC_XCSR_writel (void *opaque,

135

hwaddr addr, uint32_t value)

136

{

137

printf("%s: 0x" TARGET_FMT_plx"%016" "l" "x" " => 0x%08" PRIx32"x" "\n", __func__, addr,

138

value);

139

}

140

141

static uint32_t PPC_XCSR_readb (void *opaque, hwaddr addr)

142

{

143

uint32_t retval = 0;

144

145

printf("%s: 0x" TARGET_FMT_plx"%016" "l" "x" " <= %08" PRIx32"x" "\n", __func__, addr,

146

retval);

147

148

return retval;

149

}

150

151

static uint32_t PPC_XCSR_readw (void *opaque, hwaddr addr)

152

{

153

uint32_t retval = 0;

154

155

printf("%s: 0x" TARGET_FMT_plx"%016" "l" "x" " <= %08" PRIx32"x" "\n", __func__, addr,

156

retval);

157

158

return retval;

159

}

160

161

static uint32_t PPC_XCSR_readl (void *opaque, hwaddr addr)

162

{

163

uint32_t retval = 0;

164

165

printf("%s: 0x" TARGET_FMT_plx"%016" "l" "x" " <= %08" PRIx32"x" "\n", __func__, addr,

166

retval);

167

168

return retval;

169

}

170

171

static const MemoryRegionOps PPC_XCSR_ops = {

172

.old_mmio = {

173

.read = { PPC_XCSR_readb, PPC_XCSR_readw, PPC_XCSR_readl, },

174

.write = { PPC_XCSR_writeb, PPC_XCSR_writew, PPC_XCSR_writel, },

175

176

.endianness = DEVICE_LITTLE_ENDIAN,

177

};

178

179

#endif

180

181

/* Fake super-io ports for PREP platform (Intel 82378ZB) */

182

typedef struct sysctrl_t {

183

qemu_irq reset_irq;

184

M48t59State *nvram;

185

uint8_t state;

186

uint8_t syscontrol;

187

int contiguous_map;

188

int endian;

189

} sysctrl_t;

190

191

enum {

192

STATE_HARDFILE = 0x01,

193

};

194

195

static sysctrl_t *sysctrl;

196

197

static void PREP_io_800_writeb (void *opaque, uint32_t addr, uint32_t val)

198

{

199

sysctrl_t *sysctrl = opaque;

200

201

PPC_IO_DPRINTF("0x%08" PRIx32 " => 0x%02" PRIx32 "\n",do { } while (0)

202

addr - PPC_IO_BASE, val)do { } while (0);

203

switch (addr) {

204

case 0x0092:

205

/* Special port 92 */

206

/* Check soft reset asked */

207

if (val & 0x01) {

208

qemu_irq_raise(sysctrl->reset_irq);

209

} else {

210

qemu_irq_lower(sysctrl->reset_irq);

211

}

212

/* Check LE mode */

213

if (val & 0x02) {

214

sysctrl->endian = 1;

215

} else {

216

sysctrl->endian = 0;

217

}

218

break;

219

case 0x0800:

220

/* Motorola CPU configuration register : read-only */

221

break;

222

case 0x0802:

223

/* Motorola base module feature register : read-only */

224

break;

225

case 0x0803:

226

/* Motorola base module status register : read-only */

227

break;

228

case 0x0808:

229

/* Hardfile light register */

230

if (val & 1)

231

sysctrl->state |= STATE_HARDFILE;

232

else

233

sysctrl->state &= ~STATE_HARDFILE;

234

break;

235

case 0x0810:

236

/* Password protect 1 register */

237

if (sysctrl->nvram != NULL((void*)0))

238

m48t59_toggle_lock(sysctrl->nvram, 1);

239

break;

240

case 0x0812:

241

/* Password protect 2 register */

242

if (sysctrl->nvram != NULL((void*)0))

243

m48t59_toggle_lock(sysctrl->nvram, 2);

244

break;

245

case 0x0814:

246

/* L2 invalidate register */

247

// tlb_flush(first_cpu, 1);

248

break;

249

case 0x081C:

250

/* system control register */

251

sysctrl->syscontrol = val & 0x0F;

252

break;

253

case 0x0850:

254

/* I/O map type register */

255

sysctrl->contiguous_map = val & 0x01;

256

break;

257

default:

258

printf("ERROR: unaffected IO port write: %04" PRIx32"x"

259

" => %02" PRIx32"x""\n", addr, val);

260

break;

261

}

262

}

263

264

static uint32_t PREP_io_800_readb (void *opaque, uint32_t addr)

265

{

266

sysctrl_t *sysctrl = opaque;

267

uint32_t retval = 0xFF;

268

269

switch (addr) {

270

case 0x0092:

271

/* Special port 92 */

272

retval = sysctrl->endian << 1;

273

break;

274

case 0x0800:

275

/* Motorola CPU configuration register */

276

retval = 0xEF; /* MPC750 */

277

break;

278

case 0x0802:

279

/* Motorola Base module feature register */

280

retval = 0xAD; /* No ESCC, PMC slot neither ethernet */

281

break;

282

case 0x0803:

283

/* Motorola base module status register */

284

retval = 0xE0; /* Standard MPC750 */

285

break;

286

case 0x080C:

287

/* Equipment present register:

288

* no L2 cache

289

* no upgrade processor

290

* no cards in PCI slots

291

* SCSI fuse is bad

292

293

retval = 0x3C;

294

break;

295

case 0x0810:

296

/* Motorola base module extended feature register */

297

retval = 0x39; /* No USB, CF and PCI bridge. NVRAM present */

298

break;

299

case 0x0814:

300

/* L2 invalidate: don't care */

301

break;

302

case 0x0818:

303

/* Keylock */

304

retval = 0x00;

305

break;

306

case 0x081C:

307

/* system control register

308

* 7 - 6 / 1 - 0: L2 cache enable

309

310

retval = sysctrl->syscontrol;

311

break;

312

case 0x0823:

313

/* */

314

retval = 0x03; /* no L2 cache */

315

break;

316

case 0x0850:

317

/* I/O map type register */

318

retval = sysctrl->contiguous_map;

319

break;

320

default:

321

printf("ERROR: unaffected IO port: %04" PRIx32"x" " read\n", addr);

322

break;

323

}

324

PPC_IO_DPRINTF("0x%08" PRIx32 " <= 0x%02" PRIx32 "\n",do { } while (0)

325

addr - PPC_IO_BASE, retval)do { } while (0);

326

327

return retval;

328

}

329

330

static inline hwaddr prep_IO_address(sysctrl_t *sysctrl,

331

hwaddr addr)

332

{

333

if (sysctrl->contiguous_map == 0) {

334

/* 64 KB contiguous space for IOs */

335

addr &= 0xFFFF;

336

} else {

337

/* 8 MB non-contiguous space for IOs */

338

addr = (addr & 0x1F) | ((addr & 0x007FFF000) >> 7);

339

}

340

341

return addr;

342

}

343

344

static void PPC_prep_io_writeb (void *opaque, hwaddr addr,

345

uint32_t value)

346

{

347

sysctrl_t *sysctrl = opaque;

348

349

addr = prep_IO_address(sysctrl, addr);

350

cpu_outb(addr, value);

351

}

352

353

static uint32_t PPC_prep_io_readb (void *opaque, hwaddr addr)

354

{

355

sysctrl_t *sysctrl = opaque;

356

uint32_t ret;

357

358

addr = prep_IO_address(sysctrl, addr);

359

ret = cpu_inb(addr);

360

361

return ret;

362

}

363

364

static void PPC_prep_io_writew (void *opaque, hwaddr addr,

365

uint32_t value)

366

{

367

sysctrl_t *sysctrl = opaque;

368

369

addr = prep_IO_address(sysctrl, addr);

370

PPC_IO_DPRINTF("0x" TARGET_FMT_plx " => 0x%08" PRIx32 "\n", addr, value)do { } while (0);

371

cpu_outw(addr, value);

372

}

373

374

static uint32_t PPC_prep_io_readw (void *opaque, hwaddr addr)

375

{

376

sysctrl_t *sysctrl = opaque;

377

uint32_t ret;

378

379

addr = prep_IO_address(sysctrl, addr);

380

ret = cpu_inw(addr);

381

PPC_IO_DPRINTF("0x" TARGET_FMT_plx " <= 0x%08" PRIx32 "\n", addr, ret)do { } while (0);

382

383

return ret;

384

}

385

386

static void PPC_prep_io_writel (void *opaque, hwaddr addr,

387

uint32_t value)

388

{

389

sysctrl_t *sysctrl = opaque;

390

391

addr = prep_IO_address(sysctrl, addr);

392

PPC_IO_DPRINTF("0x" TARGET_FMT_plx " => 0x%08" PRIx32 "\n", addr, value)do { } while (0);

393

cpu_outl(addr, value);

394

}

395

396

static uint32_t PPC_prep_io_readl (void *opaque, hwaddr addr)

397

{

398

sysctrl_t *sysctrl = opaque;

399

uint32_t ret;

400

401

addr = prep_IO_address(sysctrl, addr);

402

ret = cpu_inl(addr);

403

PPC_IO_DPRINTF("0x" TARGET_FMT_plx " <= 0x%08" PRIx32 "\n", addr, ret)do { } while (0);

404

405

return ret;

406

}

407

408

static const MemoryRegionOps PPC_prep_io_ops = {

409

.old_mmio = {

410

.read = { PPC_prep_io_readb, PPC_prep_io_readw, PPC_prep_io_readl },

411

.write = { PPC_prep_io_writeb, PPC_prep_io_writew, PPC_prep_io_writel },

412

413

.endianness = DEVICE_NATIVE_ENDIAN,

414

};

415

416

#define NVRAM_SIZE0x2000 0x2000

417

418

static void cpu_request_exit(void *opaque, int irq, int level)

419

{

420

CPUState *cpu = current_cputls__current_cpu;

421

422

if (cpu && level) {

423

cpu_exit(cpu);

424

}

425

}

426

427

static void ppc_prep_reset(void *opaque)

428

{

429

PowerPCCPU *cpu = opaque;

430

431

cpu_reset(CPU(cpu)((CPUState *)object_dynamic_cast_assert(((Object *)((cpu))), (
"cpu"), "/home/stefan/src/qemu/qemu.org/qemu/hw/ppc/prep.c", 431
, __func__)));

432

433

/* Reset address */

434

cpu->env.nip = 0xfffffffc;

435

}

436

437

static const MemoryRegionPortio prep_portio_list[] = {

438

/* System control ports */

439

{ 0x0092, 1, 1, .read = PREP_io_800_readb, .write = PREP_io_800_writeb, },

440

{ 0x0800, 0x52, 1,

441

.read = PREP_io_800_readb, .write = PREP_io_800_writeb, },

442

/* Special port to get debug messages from Open-Firmware */

443

{ 0x0F00, 4, 1, .write = PPC_debug_write, },

444

PORTIO_END_OF_LIST(){ },

445

};

446

447

/* PowerPC PREP hardware initialisation */

448

static void ppc_prep_init(QEMUMachineInitArgs *args)

449

{

450

ram_addr_t ram_size = args->ram_size;

451

const char *cpu_model = args->cpu_model;

452

const char *kernel_filename = args->kernel_filename;

453

const char *kernel_cmdline = args->kernel_cmdline;

454

const char *initrd_filename = args->initrd_filename;

455

const char *boot_device = args->boot_order;

456

MemoryRegion *sysmem = get_system_memory();

457

PowerPCCPU *cpu = NULL((void*)0);

458

CPUPPCState *env = NULL((void*)0);

'env' initialized to a null pointer value

→

459

char *filename;

460

nvram_t nvram;

461

M48t59State *m48t59;

462

MemoryRegion *PPC_io_memory = g_new(MemoryRegion, 1)((MemoryRegion *) g_malloc_n ((1), sizeof (MemoryRegion)));

463

PortioList *port_list = g_new(PortioList, 1)((PortioList *) g_malloc_n ((1), sizeof (PortioList)));

464

#if 0

465

MemoryRegion *xcsr = g_new(MemoryRegion, 1)((MemoryRegion *) g_malloc_n ((1), sizeof (MemoryRegion)));

466

#endif

467

int linux_boot, i, nb_nics1, bios_size;

468

MemoryRegion *ram = g_new(MemoryRegion, 1)((MemoryRegion *) g_malloc_n ((1), sizeof (MemoryRegion)));

469

MemoryRegion *bios = g_new(MemoryRegion, 1)((MemoryRegion *) g_malloc_n ((1), sizeof (MemoryRegion)));

470

uint32_t kernel_base, initrd_base;

471

long kernel_size, initrd_size;

472

DeviceState *dev;

473

PCIHostState *pcihost;

474

PCIBus *pci_bus;

475

PCIDevice *pci;

476

ISABus *isa_bus;

477

ISADevice *isa;

478

qemu_irq *cpu_exit_irq;

479

int ppc_boot_device;

480

DriveInfo *hd[MAX_IDE_BUS2 * MAX_IDE_DEVS2];

481

482

sysctrl = g_malloc0(sizeof(sysctrl_t));

483

484

linux_boot = (kernel_filename != NULL((void*)0));

←

Assuming 'kernel_filename' is equal to null

→

485

486

/* init CPUs */

487

if (cpu_model == NULL((void*)0))

←

Assuming 'cpu_model' is not equal to null

→

←

Taking false branch

→

488

cpu_model = "602";

489

for (i = 0; i < smp_cpus; i++) {

←

Assuming 'i' is >= 'smp_cpus'

→

←

Loop condition is false. Execution continues on line 508

→

490

cpu = cpu_ppc_init(cpu_model);

491

if (cpu == NULL((void*)0)) {

492

fprintf(stderrstderr, "Unable to find PowerPC CPU definition\n");

493

exit(1);

494

}

495

env = &cpu->env;

496

497

if (env->flags & POWERPC_FLAG_RTC_CLK) {

498

/* POWER / PowerPC 601 RTC clock frequency is 7.8125 MHz */

499

cpu_ppc_tb_init(env, 7812500UL);

500

} else {

501

/* Set time-base frequency to 100 Mhz */

502

cpu_ppc_tb_init(env, 100UL * 1000UL * 1000UL);

503

}

504

qemu_register_reset(ppc_prep_reset, cpu);

505

}

506

507

/* allocate RAM */

508

memory_region_init_ram(ram, NULL((void*)0), "ppc_prep.ram", ram_size);

509

vmstate_register_ram_global(ram);

510

memory_region_add_subregion(sysmem, 0, ram);

511

512

/* allocate and load BIOS */

513

memory_region_init_ram(bios, NULL((void*)0), "ppc_prep.bios", BIOS_SIZE(1024 * 1024));

514

memory_region_set_readonly(bios, true1);

515

memory_region_add_subregion(sysmem, (uint32_t)(-BIOS_SIZE(1024 * 1024)), bios);

516

vmstate_register_ram_global(bios);

517

if (bios_name == NULL((void*)0))

←

Assuming 'bios_name' is not equal to null

→

←

Taking false branch

→

518

bios_name = BIOS_FILENAME"ppc_rom.bin";

519

filename = qemu_find_file(QEMU_FILE_TYPE_BIOS0, bios_name);

520

if (filename) {

←

Assuming 'filename' is non-null

→

←

Taking true branch

→

521

bios_size = load_elf(filename, NULL((void*)0), NULL((void*)0), NULL((void*)0),

522

NULL((void*)0), NULL((void*)0), 1, ELF_MACHINE21, 0);

523

if (bios_size < 0) {

←

Assuming 'bios_size' is >= 0

→

←

Taking false branch

→

524

bios_size = get_image_size(filename);

525

if (bios_size > 0 && bios_size <= BIOS_SIZE(1024 * 1024)) {

526

hwaddr bios_addr;

527

bios_size = (bios_size + 0xfff) & ~0xfff;

528

bios_addr = (uint32_t)(-bios_size);

529

bios_size = load_image_targphys(filename, bios_addr, bios_size);

530

}

531

if (bios_size > BIOS_SIZE(1024 * 1024)) {

532

fprintf(stderrstderr, "qemu: PReP bios '%s' is too large (0x%x)\n",

533

bios_name, bios_size);

534

exit(1);

535

}

536

}

537

} else {

538

bios_size = -1;

539

}

540

if (bios_size < 0 && !qtest_enabled()) {

541

fprintf(stderrstderr, "qemu: could not load PPC PReP bios '%s'\n",

542

bios_name);

543

exit(1);

544

}

545

if (filename) {

←

Taking true branch

→

546

g_free(filename);

547

}

548

549

if (linux_boot) {

←

Taking false branch

→

550

kernel_base = KERNEL_LOAD_ADDR0x01000000;

551

/* now we can load the kernel */

552

kernel_size = load_image_targphys(kernel_filename, kernel_base,

553

ram_size - kernel_base);

554

if (kernel_size < 0) {

555

hw_error("qemu: could not load kernel '%s'\n", kernel_filename);

556

exit(1);

557

}

558

/* load initrd */

559

if (initrd_filename) {

560

initrd_base = INITRD_LOAD_ADDR0x01800000;

561

initrd_size = load_image_targphys(initrd_filename, initrd_base,

562

ram_size - initrd_base);

563

if (initrd_size < 0) {

564

hw_error("qemu: could not load initial ram disk '%s'\n",

565

initrd_filename);

566

}

567

} else {

568

initrd_base = 0;

569

initrd_size = 0;

570

}

571

ppc_boot_device = 'm';

572

} else {

573

kernel_base = 0;

574

kernel_size = 0;

575

initrd_base = 0;

576

initrd_size = 0;

577

ppc_boot_device = '\0';

578

/* For now, OHW cannot boot from the network. */

579

for (i = 0; boot_device[i] != '\0'; i++) {

←

Loop condition is true. Entering loop body

→

580

if (boot_device[i] >= 'a' && boot_device[i] <= 'f') {

←

Taking true branch

→

581

ppc_boot_device = boot_device[i];

582

break;

←

Execution continues on line 585

→

583

}

584

}

585

if (ppc_boot_device == '\0') {

←

Taking false branch

→

586

fprintf(stderrstderr, "No valid boot device for Mac99 machine\n");

587

exit(1);

588

}

589

}

590

591

if (PPC_INPUT(env)(env->bus_model) != PPC_FLAGS_INPUT_6xx) {

←

Within the expansion of the macro 'PPC_INPUT':

a	Access to field 'bus_model' results in a dereference of a null pointer (loaded from variable 'env')

592

hw_error("Only 6xx bus is supported on PREP machine\n");

593

}

594

595

dev = qdev_create(NULL((void*)0), "raven-pcihost");

596

pcihost = PCI_HOST_BRIDGE(dev)((PCIHostState *)object_dynamic_cast_assert(((Object *)((dev)
)), ("pci-host-bridge"), "/home/stefan/src/qemu/qemu.org/qemu/hw/ppc/prep.c"
, 596, __func__));

597

object_property_add_child(qdev_get_machine(), "raven", OBJECT(dev)((Object *)(dev)), NULL((void*)0));

598

qdev_init_nofail(dev);

599

pci_bus = (PCIBus *)qdev_get_child_bus(dev, "pci.0");

600

if (pci_bus == NULL((void*)0)) {

601

fprintf(stderrstderr, "Couldn't create PCI host controller.\n");

602

exit(1);

603

}

604

605

/* PCI -> ISA bridge */

606

pci = pci_create_simple(pci_bus, PCI_DEVFN(1, 0)((((1) & 0x1f) << 3) | ((0) & 0x07)), "i82378");

607

cpu_exit_irq = qemu_allocate_irqs(cpu_request_exit, NULL((void*)0), 1);

608

cpu = POWERPC_CPU(first_cpu)((PowerPCCPU *)object_dynamic_cast_assert(((Object *)((((&
cpus)->tqh_first)))), ("powerpc64-cpu"), "/home/stefan/src/qemu/qemu.org/qemu/hw/ppc/prep.c"
, 608, __func__));

609

qdev_connect_gpio_out(&pci->qdev, 0,

610

cpu->env.irq_inputs[PPC6xx_INPUT_INT]);

611

qdev_connect_gpio_out(&pci->qdev, 1, *cpu_exit_irq);

612

sysbus_connect_irq(&pcihost->busdev, 0, qdev_get_gpio_in(&pci->qdev, 9));

613

sysbus_connect_irq(&pcihost->busdev, 1, qdev_get_gpio_in(&pci->qdev, 11));

614

sysbus_connect_irq(&pcihost->busdev, 2, qdev_get_gpio_in(&pci->qdev, 9));

615

sysbus_connect_irq(&pcihost->busdev, 3, qdev_get_gpio_in(&pci->qdev, 11));

616

isa_bus = ISA_BUS(qdev_get_child_bus(DEVICE(pci), "isa.0"))((ISABus *)object_dynamic_cast_assert(((Object *)((qdev_get_child_bus
(((DeviceState *)object_dynamic_cast_assert(((Object *)((pci)
)), ("device"), "/home/stefan/src/qemu/qemu.org/qemu/hw/ppc/prep.c"
, 616, __func__)), "isa.0")))), ("ISA"), "/home/stefan/src/qemu/qemu.org/qemu/hw/ppc/prep.c"
, 616, __func__));

617

618

/* Super I/O (parallel + serial ports) */

619

isa = isa_create(isa_bus, TYPE_PC87312"pc87312");

620

dev = DEVICE(isa)((DeviceState *)object_dynamic_cast_assert(((Object *)((isa))
), ("device"), "/home/stefan/src/qemu/qemu.org/qemu/hw/ppc/prep.c"
, 620, __func__));

621

qdev_prop_set_uint8(dev, "config", 13); /* fdc, ser0, ser1, par0 */

622

qdev_init_nofail(dev);

623

624

/* Register 8 MB of ISA IO space (needed for non-contiguous map) */

625

memory_region_init_io(PPC_io_memory, NULL((void*)0), &PPC_prep_io_ops, sysctrl,

626

"ppc-io", 0x00800000);

627

memory_region_add_subregion(sysmem, 0x80000000, PPC_io_memory);

628

629

/* init basic PC hardware */

630

pci_vga_init(pci_bus);

631

632

nb_nics1 = nb_nics;

633

if (nb_nics1 > NE2000_NB_MAX6)

634

nb_nics1 = NE2000_NB_MAX6;

635

for(i = 0; i < nb_nics1; i++) {

636

if (nd_table[i].model == NULL((void*)0)) {

637

nd_table[i].model = g_strdup("ne2k_isa");

638

}

639

if (strcmp(nd_table[i].model, "ne2k_isa") == 0) {

640

isa_ne2000_init(isa_bus, ne2000_io[i], ne2000_irq[i],

641

&nd_table[i]);

642

} else {

643

pci_nic_init_nofail(&nd_table[i], pci_bus, "ne2k_pci", NULL((void*)0));

644

}

645

}

646

647

ide_drive_get(hd, MAX_IDE_BUS2);

648

for(i = 0; i < MAX_IDE_BUS2; i++) {

649

isa_ide_init(isa_bus, ide_iobase[i], ide_iobase2[i], ide_irq[i],

650

hd[2 * i],

651

hd[2 * i + 1]);

652

}

653

isa_create_simple(isa_bus, "i8042");

654

655

cpu = POWERPC_CPU(first_cpu)((PowerPCCPU *)object_dynamic_cast_assert(((Object *)((((&
cpus)->tqh_first)))), ("powerpc64-cpu"), "/home/stefan/src/qemu/qemu.org/qemu/hw/ppc/prep.c"
, 655, __func__));

656

sysctrl->reset_irq = cpu->env.irq_inputs[PPC6xx_INPUT_HRESET];

657

658

portio_list_init(port_list, NULL((void*)0), prep_portio_list, sysctrl, "prep");

659

portio_list_add(port_list, get_system_io(), 0x0);

660

661

/* PowerPC control and status register group */

662

#if 0

663

memory_region_init_io(xcsr, NULL((void*)0), &PPC_XCSR_ops, NULL((void*)0), "ppc-xcsr", 0x1000);

664

memory_region_add_subregion(sysmem, 0xFEFF0000, xcsr);

665

#endif

666

667

if (usb_enabled(false0)) {

668

pci_create_simple(pci_bus, -1, "pci-ohci");

669

}

670

671

m48t59 = m48t59_init_isa(isa_bus, 0x0074, NVRAM_SIZE0x2000, 59);

672

if (m48t59 == NULL((void*)0))

673

return;

674

sysctrl->nvram = m48t59;

675

676

/* Initialise NVRAM */

677

nvram.opaque = m48t59;

678

nvram.read_fn = &m48t59_read;

679

nvram.write_fn = &m48t59_write;

680

PPC_NVRAM_set_params(&nvram, NVRAM_SIZE0x2000, "PREP", ram_size, ppc_boot_device,

681

kernel_base, kernel_size,

682

kernel_cmdline,

683

initrd_base, initrd_size,

684

/* XXX: need an option to load a NVRAM image */

685

686

graphic_width, graphic_height, graphic_depth);

687

}

688

689

static QEMUMachine prep_machine = {

690

.name = "prep",

691

.desc = "PowerPC PREP platform",

692

.init = ppc_prep_init,

693

.max_cpus = MAX_CPUS1,

694

.default_boot_order = "cad",

695

};

696

697

static void prep_machine_init(void)

698

{

699

qemu_register_machine(&prep_machine);

700

}

701

702

machine_init(prep_machine_init)static void __attribute__((constructor)) do_qemu_init_prep_machine_init
(void) { register_module_init(prep_machine_init, MODULE_INIT_MACHINE
); };