Bug Summary

File:hw/ppc/mac_newworld.c
Location:line 310, column 17
Description:Access to field 'bus_model' results in a dereference of a null pointer (loaded from variable 'env')

Annotated Source Code

1/*
2 * QEMU PowerPC CHRP (currently NewWorld PowerMac) hardware System Emulator
3 *
4 * Copyright (c) 2004-2007 Fabrice Bellard
5 * Copyright (c) 2007 Jocelyn Mayer
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 *
25 * PCI bus layout on a real G5 (U3 based):
26 *
27 * 0000:f0:0b.0 Host bridge [0600]: Apple Computer Inc. U3 AGP [106b:004b]
28 * 0000:f0:10.0 VGA compatible controller [0300]: ATI Technologies Inc RV350 AP [Radeon 9600] [1002:4150]
29 * 0001:00:00.0 Host bridge [0600]: Apple Computer Inc. CPC945 HT Bridge [106b:004a]
30 * 0001:00:01.0 PCI bridge [0604]: Advanced Micro Devices [AMD] AMD-8131 PCI-X Bridge [1022:7450] (rev 12)
31 * 0001:00:02.0 PCI bridge [0604]: Advanced Micro Devices [AMD] AMD-8131 PCI-X Bridge [1022:7450] (rev 12)
32 * 0001:00:03.0 PCI bridge [0604]: Apple Computer Inc. K2 HT-PCI Bridge [106b:0045]
33 * 0001:00:04.0 PCI bridge [0604]: Apple Computer Inc. K2 HT-PCI Bridge [106b:0046]
34 * 0001:00:05.0 PCI bridge [0604]: Apple Computer Inc. K2 HT-PCI Bridge [106b:0047]
35 * 0001:00:06.0 PCI bridge [0604]: Apple Computer Inc. K2 HT-PCI Bridge [106b:0048]
36 * 0001:00:07.0 PCI bridge [0604]: Apple Computer Inc. K2 HT-PCI Bridge [106b:0049]
37 * 0001:01:07.0 Class [ff00]: Apple Computer Inc. K2 KeyLargo Mac/IO [106b:0041] (rev 20)
38 * 0001:01:08.0 USB Controller [0c03]: Apple Computer Inc. K2 KeyLargo USB [106b:0040]
39 * 0001:01:09.0 USB Controller [0c03]: Apple Computer Inc. K2 KeyLargo USB [106b:0040]
40 * 0001:02:0b.0 USB Controller [0c03]: NEC Corporation USB [1033:0035] (rev 43)
41 * 0001:02:0b.1 USB Controller [0c03]: NEC Corporation USB [1033:0035] (rev 43)
42 * 0001:02:0b.2 USB Controller [0c03]: NEC Corporation USB 2.0 [1033:00e0] (rev 04)
43 * 0001:03:0d.0 Class [ff00]: Apple Computer Inc. K2 ATA/100 [106b:0043]
44 * 0001:03:0e.0 FireWire (IEEE 1394) [0c00]: Apple Computer Inc. K2 FireWire [106b:0042]
45 * 0001:04:0f.0 Ethernet controller [0200]: Apple Computer Inc. K2 GMAC (Sun GEM) [106b:004c]
46 * 0001:05:0c.0 IDE interface [0101]: Broadcom K2 SATA [1166:0240]
47 *
48 */
49#include "hw/hw.h"
50#include "hw/ppc/ppc.h"
51#include "hw/ppc/mac.h"
52#include "hw/input/adb.h"
53#include "hw/ppc/mac_dbdma.h"
54#include "hw/timer/m48t59.h"
55#include "hw/pci/pci.h"
56#include "net/net.h"
57#include "sysemu/sysemu.h"
58#include "hw/boards.h"
59#include "hw/nvram/fw_cfg.h"
60#include "hw/char/escc.h"
61#include "hw/ppc/openpic.h"
62#include "hw/ide.h"
63#include "hw/loader.h"
64#include "elf.h"
65#include "sysemu/kvm.h"
66#include "kvm_ppc.h"
67#include "hw/usb.h"
68#include "sysemu/blockdev.h"
69#include "exec/address-spaces.h"
70#include "hw/sysbus.h"
71
72#define MAX_IDE_BUS2 2
73#define CFG_ADDR0xf0000510 0xf0000510
74#define TBFREQ(100UL * 1000UL * 1000UL) (100UL * 1000UL * 1000UL)
75
76/* debug UniNorth */
77//#define DEBUG_UNIN
78
79#ifdef DEBUG_UNIN
80#define UNIN_DPRINTF(fmt, ...) \
81 do { printf("UNIN: " fmt , ## __VA_ARGS__); } while (0)
82#else
83#define UNIN_DPRINTF(fmt, ...)
84#endif
85
86/* UniN device */
87static void unin_write(void *opaque, hwaddr addr, uint64_t value,
88 unsigned size)
89{
90 UNIN_DPRINTF("write addr " TARGET_FMT_plx " val %"PRIx64"\n", addr, value);
91 if (addr == 0x0) {
92 *(int*)opaque = value;
93 }
94}
95
96static uint64_t unin_read(void *opaque, hwaddr addr, unsigned size)
97{
98 uint32_t value;
99
100 value = 0;
101 switch (addr) {
102 case 0:
103 value = *(int*)opaque;
104 }
105
106 UNIN_DPRINTF("readl addr " TARGET_FMT_plx " val %x\n", addr, value);
107
108 return value;
109}
110
111static const MemoryRegionOps unin_ops = {
112 .read = unin_read,
113 .write = unin_write,
114 .endianness = DEVICE_NATIVE_ENDIAN,
115};
116
117static int fw_cfg_boot_set(void *opaque, const char *boot_device)
118{
119 fw_cfg_add_i16(opaque, FW_CFG_BOOT_DEVICE0x0c, boot_device[0]);
120 return 0;
121}
122
123static uint64_t translate_kernel_address(void *opaque, uint64_t addr)
124{
125 return (addr & 0x0fffffff) + KERNEL_LOAD_ADDR0x01000000;
126}
127
128static hwaddr round_page(hwaddr addr)
129{
130 return (addr + TARGET_PAGE_SIZE(1 << 10) - 1) & TARGET_PAGE_MASK~((1 << 10) - 1);
131}
132
133static void ppc_core99_reset(void *opaque)
134{
135 PowerPCCPU *cpu = opaque;
136
137 cpu_reset(CPU(cpu)((CPUState *)object_dynamic_cast_assert(((Object *)((cpu))), (
"cpu"), "/home/stefan/src/qemu/qemu.org/qemu/hw/ppc/mac_newworld.c"
, 137, __func__)));
138 /* 970 CPUs want to get their initial IP as part of their boot protocol */
139 cpu->env.nip = PROM_ADDR0xfff00000 + 0x100;
140}
141
142/* PowerPC Mac99 hardware initialisation */
143static void ppc_core99_init(QEMUMachineInitArgs *args)
144{
145 ram_addr_t ram_size = args->ram_size;
146 const char *cpu_model = args->cpu_model;
147 const char *kernel_filename = args->kernel_filename;
148 const char *kernel_cmdline = args->kernel_cmdline;
149 const char *initrd_filename = args->initrd_filename;
150 const char *boot_device = args->boot_order;
151 PowerPCCPU *cpu = NULL((void*)0);
152 CPUPPCState *env = NULL((void*)0);
1
'env' initialized to a null pointer value
153 char *filename;
154 qemu_irq *pic, **openpic_irqs;
155 MemoryRegion *isa = g_new(MemoryRegion, 1)((MemoryRegion *) g_malloc_n ((1), sizeof (MemoryRegion)));
156 MemoryRegion *unin_memory = g_new(MemoryRegion, 1)((MemoryRegion *) g_malloc_n ((1), sizeof (MemoryRegion)));
157 MemoryRegion *unin2_memory = g_new(MemoryRegion, 1)((MemoryRegion *) g_malloc_n ((1), sizeof (MemoryRegion)));
158 int linux_boot, i, j, k;
159 MemoryRegion *ram = g_new(MemoryRegion, 1)((MemoryRegion *) g_malloc_n ((1), sizeof (MemoryRegion))), *bios = g_new(MemoryRegion, 1)((MemoryRegion *) g_malloc_n ((1), sizeof (MemoryRegion)));
160 hwaddr kernel_base, initrd_base, cmdline_base = 0;
161 long kernel_size, initrd_size;
162 PCIBus *pci_bus;
163 PCIDevice *macio;
164 MACIOIDEState *macio_ide;
165 BusState *adb_bus;
166 MacIONVRAMState *nvr;
167 int bios_size;
168 MemoryRegion *pic_mem, *escc_mem;
169 MemoryRegion *escc_bar = g_new(MemoryRegion, 1)((MemoryRegion *) g_malloc_n ((1), sizeof (MemoryRegion)));
170 int ppc_boot_device;
171 DriveInfo *hd[MAX_IDE_BUS2 * MAX_IDE_DEVS2];
172 void *fw_cfg;
173 int machine_arch;
174 SysBusDevice *s;
175 DeviceState *dev;
176 int *token = g_new(int, 1)((int *) g_malloc_n ((1), sizeof (int)));
177
178 linux_boot = (kernel_filename != NULL((void*)0));
2
Assuming 'kernel_filename' is equal to null
179
180 /* init CPUs */
181 if (cpu_model == NULL((void*)0))
3
Assuming 'cpu_model' is not equal to null
4
Taking false branch
182#ifdef TARGET_PPC64
183 cpu_model = "970fx";
184#else
185 cpu_model = "G4";
186#endif
187 for (i = 0; i < smp_cpus; i++) {
5
Assuming 'i' is >= 'smp_cpus'
6
Loop condition is false. Execution continues on line 201
188 cpu = cpu_ppc_init(cpu_model);
189 if (cpu == NULL((void*)0)) {
190 fprintf(stderrstderr, "Unable to find PowerPC CPU definition\n");
191 exit(1);
192 }
193 env = &cpu->env;
194
195 /* Set time-base frequency to 100 Mhz */
196 cpu_ppc_tb_init(env, TBFREQ(100UL * 1000UL * 1000UL));
197 qemu_register_reset(ppc_core99_reset, cpu);
198 }
199
200 /* allocate RAM */
201 memory_region_init_ram(ram, NULL((void*)0), "ppc_core99.ram", ram_size);
202 vmstate_register_ram_global(ram);
203 memory_region_add_subregion(get_system_memory(), 0, ram);
204
205 /* allocate and load BIOS */
206 memory_region_init_ram(bios, NULL((void*)0), "ppc_core99.bios", BIOS_SIZE(1024 * 1024));
207 vmstate_register_ram_global(bios);
208 if (bios_name == NULL((void*)0))
7
Assuming 'bios_name' is not equal to null
8
Taking false branch
209 bios_name = PROM_FILENAME"openbios-ppc";
210 filename = qemu_find_file(QEMU_FILE_TYPE_BIOS0, bios_name);
211 memory_region_set_readonly(bios, true1);
212 memory_region_add_subregion(get_system_memory(), PROM_ADDR0xfff00000, bios);
213
214 /* Load OpenBIOS (ELF) */
215 if (filename) {
9
Assuming 'filename' is non-null
10
Taking true branch
216 bios_size = load_elf(filename, NULL((void*)0), NULL((void*)0), NULL((void*)0),
217 NULL((void*)0), NULL((void*)0), 1, ELF_MACHINE20, 0);
218
219 g_free(filename);
220 } else {
221 bios_size = -1;
222 }
223 if (bios_size < 0 || bios_size > BIOS_SIZE(1024 * 1024)) {
11
Assuming 'bios_size' is >= 0
12
Taking false branch
224 hw_error("qemu: could not load PowerPC bios '%s'\n", bios_name);
225 exit(1);
226 }
227
228 if (linux_boot) {
13
Taking false branch
229 uint64_t lowaddr = 0;
230 int bswap_needed;
231
232#ifdef BSWAP_NEEDED
233 bswap_needed = 1;
234#else
235 bswap_needed = 0;
236#endif
237 kernel_base = KERNEL_LOAD_ADDR0x01000000;
238
239 kernel_size = load_elf(kernel_filename, translate_kernel_address, NULL((void*)0),
240 NULL((void*)0), &lowaddr, NULL((void*)0), 1, ELF_MACHINE20, 0);
241 if (kernel_size < 0)
242 kernel_size = load_aout(kernel_filename, kernel_base,
243 ram_size - kernel_base, bswap_needed,
244 TARGET_PAGE_SIZE(1 << 10));
245 if (kernel_size < 0)
246 kernel_size = load_image_targphys(kernel_filename,
247 kernel_base,
248 ram_size - kernel_base);
249 if (kernel_size < 0) {
250 hw_error("qemu: could not load kernel '%s'\n", kernel_filename);
251 exit(1);
252 }
253 /* load initrd */
254 if (initrd_filename) {
255 initrd_base = round_page(kernel_base + kernel_size + KERNEL_GAP0x00100000);
256 initrd_size = load_image_targphys(initrd_filename, initrd_base,
257 ram_size - initrd_base);
258 if (initrd_size < 0) {
259 hw_error("qemu: could not load initial ram disk '%s'\n",
260 initrd_filename);
261 exit(1);
262 }
263 cmdline_base = round_page(initrd_base + initrd_size);
264 } else {
265 initrd_base = 0;
266 initrd_size = 0;
267 cmdline_base = round_page(kernel_base + kernel_size + KERNEL_GAP0x00100000);
268 }
269 ppc_boot_device = 'm';
270 } else {
271 kernel_base = 0;
272 kernel_size = 0;
273 initrd_base = 0;
274 initrd_size = 0;
275 ppc_boot_device = '\0';
276 /* We consider that NewWorld PowerMac never have any floppy drive
277 * For now, OHW cannot boot from the network.
278 */
279 for (i = 0; boot_device[i] != '\0'; i++) {
14
Loop condition is true. Entering loop body
280 if (boot_device[i] >= 'c' && boot_device[i] <= 'f') {
15
Taking true branch
281 ppc_boot_device = boot_device[i];
282 break;
16
 Execution continues on line 285
283 }
284 }
285 if (ppc_boot_device == '\0') {
17
Taking false branch
286 fprintf(stderrstderr, "No valid boot device for Mac99 machine\n");
287 exit(1);
288 }
289 }
290
291 /* Register 8 MB of ISA IO space */
292 memory_region_init_alias(isa, NULL((void*)0), "isa_mmio",
293 get_system_io(), 0, 0x00800000);
294 memory_region_add_subregion(get_system_memory(), 0xf2000000, isa);
295
296 /* UniN init: XXX should be a real device */
297 memory_region_init_io(unin_memory, NULL((void*)0), &unin_ops, token, "unin", 0x1000);
298 memory_region_add_subregion(get_system_memory(), 0xf8000000, unin_memory);
299
300 memory_region_init_io(unin2_memory, NULL((void*)0), &unin_ops, token, "unin", 0x1000);
301 memory_region_add_subregion(get_system_memory(), 0xf3000000, unin2_memory);
302
303 openpic_irqs = g_malloc0(smp_cpus * sizeof(qemu_irq *));
304 openpic_irqs[0] =
305 g_malloc0(smp_cpus * sizeof(qemu_irq) * OPENPIC_OUTPUT_NB);
306 for (i = 0; i < smp_cpus; i++) {
18
Assuming 'i' is < 'smp_cpus'
19
Loop condition is true. Entering loop body
307 /* Mac99 IRQ connection between OpenPIC outputs pins
308 * and PowerPC input pins
309 */
310 switch (PPC_INPUT(env)(env->bus_model)) {
20
Within the expansion of the macro 'PPC_INPUT':
a
Access to field 'bus_model' results in a dereference of a null pointer (loaded from variable 'env')
311 case PPC_FLAGS_INPUT_6xx:
312 openpic_irqs[i] = openpic_irqs[0] + (i * OPENPIC_OUTPUT_NB);
313 openpic_irqs[i][OPENPIC_OUTPUT_INT] =
314 ((qemu_irq *)env->irq_inputs)[PPC6xx_INPUT_INT];
315 openpic_irqs[i][OPENPIC_OUTPUT_CINT] =
316 ((qemu_irq *)env->irq_inputs)[PPC6xx_INPUT_INT];
317 openpic_irqs[i][OPENPIC_OUTPUT_MCK] =
318 ((qemu_irq *)env->irq_inputs)[PPC6xx_INPUT_MCP];
319 /* Not connected ? */
320 openpic_irqs[i][OPENPIC_OUTPUT_DEBUG] = NULL((void*)0);
321 /* Check this */
322 openpic_irqs[i][OPENPIC_OUTPUT_RESET] =
323 ((qemu_irq *)env->irq_inputs)[PPC6xx_INPUT_HRESET];
324 break;
325#if defined(TARGET_PPC64)
326 case PPC_FLAGS_INPUT_970:
327 openpic_irqs[i] = openpic_irqs[0] + (i * OPENPIC_OUTPUT_NB);
328 openpic_irqs[i][OPENPIC_OUTPUT_INT] =
329 ((qemu_irq *)env->irq_inputs)[PPC970_INPUT_INT];
330 openpic_irqs[i][OPENPIC_OUTPUT_CINT] =
331 ((qemu_irq *)env->irq_inputs)[PPC970_INPUT_INT];
332 openpic_irqs[i][OPENPIC_OUTPUT_MCK] =
333 ((qemu_irq *)env->irq_inputs)[PPC970_INPUT_MCP];
334 /* Not connected ? */
335 openpic_irqs[i][OPENPIC_OUTPUT_DEBUG] = NULL((void*)0);
336 /* Check this */
337 openpic_irqs[i][OPENPIC_OUTPUT_RESET] =
338 ((qemu_irq *)env->irq_inputs)[PPC970_INPUT_HRESET];
339 break;
340#endif /* defined(TARGET_PPC64) */
341 default:
342 hw_error("Bus model not supported on mac99 machine\n");
343 exit(1);
344 }
345 }
346
347 pic = g_new(qemu_irq, 64)((qemu_irq *) g_malloc_n ((64), sizeof (qemu_irq)));
348
349 dev = qdev_create(NULL((void*)0), TYPE_OPENPIC"openpic");
350 qdev_prop_set_uint32(dev, "model", OPENPIC_MODEL_RAVEN0);
351 qdev_init_nofail(dev);
352 s = SYS_BUS_DEVICE(dev)((SysBusDevice *)object_dynamic_cast_assert(((Object *)((dev)
)), ("sys-bus-device"), "/home/stefan/src/qemu/qemu.org/qemu/hw/ppc/mac_newworld.c"
, 352, __func__));
353 pic_mem = s->mmio[0].memory;
354 k = 0;
355 for (i = 0; i < smp_cpus; i++) {
356 for (j = 0; j < OPENPIC_OUTPUT_NB; j++) {
357 sysbus_connect_irq(s, k++, openpic_irqs[i][j]);
358 }
359 }
360
361 for (i = 0; i < 64; i++) {
362 pic[i] = qdev_get_gpio_in(dev, i);
363 }
364
365 if (PPC_INPUT(env)(env->bus_model) == PPC_FLAGS_INPUT_970) {
366 /* 970 gets a U3 bus */
367 pci_bus = pci_pmac_u3_init(pic, get_system_memory(), get_system_io());
368 machine_arch = ARCH_MAC99_U3;
369 } else {
370 pci_bus = pci_pmac_init(pic, get_system_memory(), get_system_io());
371 machine_arch = ARCH_MAC99;
372 }
373 /* init basic PC hardware */
374 pci_vga_init(pci_bus);
375
376 escc_mem = escc_init(0, pic[0x25], pic[0x24],
377 serial_hds[0], serial_hds[1], ESCC_CLOCK3686400, 4);
378 memory_region_init_alias(escc_bar, NULL((void*)0), "escc-bar",
379 escc_mem, 0, memory_region_size(escc_mem));
380
381 for(i = 0; i < nb_nics; i++)
382 pci_nic_init_nofail(&nd_table[i], pci_bus, "ne2k_pci", NULL((void*)0));
383
384 ide_drive_get(hd, MAX_IDE_BUS2);
385
386 macio = pci_create(pci_bus, -1, TYPE_NEWWORLD_MACIO"macio-newworld");
387 dev = DEVICE(macio)((DeviceState *)object_dynamic_cast_assert(((Object *)((macio
))), ("device"), "/home/stefan/src/qemu/qemu.org/qemu/hw/ppc/mac_newworld.c"
, 387, __func__));
388 qdev_connect_gpio_out(dev, 0, pic[0x19]); /* CUDA */
389 qdev_connect_gpio_out(dev, 1, pic[0x0d]); /* IDE */
390 qdev_connect_gpio_out(dev, 2, pic[0x02]); /* IDE DMA */
391 qdev_connect_gpio_out(dev, 3, pic[0x0e]); /* IDE */
392 qdev_connect_gpio_out(dev, 4, pic[0x03]); /* IDE DMA */
393 macio_init(macio, pic_mem, escc_bar);
394
395 /* We only emulate 2 out of 3 IDE controllers for now */
396 macio_ide = MACIO_IDE(object_resolve_path_component(OBJECT(macio),((MACIOIDEState *)object_dynamic_cast_assert(((Object *)((object_resolve_path_component
(((Object *)(macio)), "ide[0]")))), ("macio-ide"), "/home/stefan/src/qemu/qemu.org/qemu/hw/ppc/mac_newworld.c"
, 397, __func__))
397 "ide[0]"))((MACIOIDEState *)object_dynamic_cast_assert(((Object *)((object_resolve_path_component
(((Object *)(macio)), "ide[0]")))), ("macio-ide"), "/home/stefan/src/qemu/qemu.org/qemu/hw/ppc/mac_newworld.c"
, 397, __func__));
398 macio_ide_init_drives(macio_ide, hd);
399
400 macio_ide = MACIO_IDE(object_resolve_path_component(OBJECT(macio),((MACIOIDEState *)object_dynamic_cast_assert(((Object *)((object_resolve_path_component
(((Object *)(macio)), "ide[1]")))), ("macio-ide"), "/home/stefan/src/qemu/qemu.org/qemu/hw/ppc/mac_newworld.c"
, 401, __func__))
401 "ide[1]"))((MACIOIDEState *)object_dynamic_cast_assert(((Object *)((object_resolve_path_component
(((Object *)(macio)), "ide[1]")))), ("macio-ide"), "/home/stefan/src/qemu/qemu.org/qemu/hw/ppc/mac_newworld.c"
, 401, __func__));
402 macio_ide_init_drives(macio_ide, &hd[MAX_IDE_DEVS2]);
403
404 dev = DEVICE(object_resolve_path_component(OBJECT(macio), "cuda"))((DeviceState *)object_dynamic_cast_assert(((Object *)((object_resolve_path_component
(((Object *)(macio)), "cuda")))), ("device"), "/home/stefan/src/qemu/qemu.org/qemu/hw/ppc/mac_newworld.c"
, 404, __func__));
405 adb_bus = qdev_get_child_bus(dev, "adb.0");
406 dev = qdev_create(adb_bus, TYPE_ADB_KEYBOARD"adb-keyboard");
407 qdev_init_nofail(dev);
408 dev = qdev_create(adb_bus, TYPE_ADB_MOUSE"adb-mouse");
409 qdev_init_nofail(dev);
410
411 if (usb_enabled(machine_arch == ARCH_MAC99_U3)) {
412 pci_create_simple(pci_bus, -1, "pci-ohci");
413 /* U3 needs to use USB for input because Linux doesn't support via-cuda
414 on PPC64 */
415 if (machine_arch == ARCH_MAC99_U3) {
416 usbdevice_create("keyboard");
417 usbdevice_create("mouse");
418 }
419 }
420
421 if (graphic_depth != 15 && graphic_depth != 32 && graphic_depth != 8)
422 graphic_depth = 15;
423
424 /* The NewWorld NVRAM is not located in the MacIO device */
425 dev = qdev_create(NULL((void*)0), TYPE_MACIO_NVRAM"macio-nvram");
426 qdev_prop_set_uint32(dev, "size", 0x2000);
427 qdev_prop_set_uint32(dev, "it_shift", 1);
428 qdev_init_nofail(dev);
429 sysbus_mmio_map(SYS_BUS_DEVICE(dev)((SysBusDevice *)object_dynamic_cast_assert(((Object *)((dev)
)), ("sys-bus-device"), "/home/stefan/src/qemu/qemu.org/qemu/hw/ppc/mac_newworld.c"
, 429, __func__)), 0, 0xFFF04000);
430 nvr = MACIO_NVRAM(dev)((MacIONVRAMState *)object_dynamic_cast_assert(((Object *)((dev
))), ("macio-nvram"), "/home/stefan/src/qemu/qemu.org/qemu/hw/ppc/mac_newworld.c"
, 430, __func__));
431 pmac_format_nvram_partition(nvr, 0x2000);
432 /* No PCI init: the BIOS will do it */
433
434 fw_cfg = fw_cfg_init(0, 0, CFG_ADDR0xf0000510, CFG_ADDR0xf0000510 + 2);
435 fw_cfg_add_i16(fw_cfg, FW_CFG_MAX_CPUS0x0f, (uint16_t)max_cpus);
436 fw_cfg_add_i32(fw_cfg, FW_CFG_ID0x01, 1);
437 fw_cfg_add_i64(fw_cfg, FW_CFG_RAM_SIZE0x03, (uint64_t)ram_size);
438 fw_cfg_add_i16(fw_cfg, FW_CFG_MACHINE_ID0x06, machine_arch);
439 fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ADDR0x07, kernel_base);
440 fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_SIZE0x08, kernel_size);
441 if (kernel_cmdline) {
442 fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_CMDLINE0x09, cmdline_base);
443 pstrcpy_targphys("cmdline", cmdline_base, TARGET_PAGE_SIZE(1 << 10), kernel_cmdline);
444 } else {
445 fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_CMDLINE0x09, 0);
446 }
447 fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_ADDR0x0a, initrd_base);
448 fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_SIZE0x0b, initrd_size);
449 fw_cfg_add_i16(fw_cfg, FW_CFG_BOOT_DEVICE0x0c, ppc_boot_device);
450
451 fw_cfg_add_i16(fw_cfg, FW_CFG_PPC_WIDTH(0x8000 + 0x00), graphic_width);
452 fw_cfg_add_i16(fw_cfg, FW_CFG_PPC_HEIGHT(0x8000 + 0x01), graphic_height);
453 fw_cfg_add_i16(fw_cfg, FW_CFG_PPC_DEPTH(0x8000 + 0x02), graphic_depth);
454
455 fw_cfg_add_i32(fw_cfg, FW_CFG_PPC_IS_KVM(0x8000 + 0x05), kvm_enabled()(0));
456 if (kvm_enabled()(0)) {
457#ifdef CONFIG_KVM
458 uint8_t *hypercall;
459
460 fw_cfg_add_i32(fw_cfg, FW_CFG_PPC_TBFREQ(0x8000 + 0x03), kvmppc_get_tbfreq());
461 hypercall = g_malloc(16);
462 kvmppc_get_hypercall(env, hypercall, 16);
463 fw_cfg_add_bytes(fw_cfg, FW_CFG_PPC_KVM_HC(0x8000 + 0x06), hypercall, 16);
464 fw_cfg_add_i32(fw_cfg, FW_CFG_PPC_KVM_PID(0x8000 + 0x07), getpid());
465#endif
466 } else {
467 fw_cfg_add_i32(fw_cfg, FW_CFG_PPC_TBFREQ(0x8000 + 0x03), TBFREQ(100UL * 1000UL * 1000UL));
468 }
469 /* Mac OS X requires a "known good" clock-frequency value; pass it one. */
470 fw_cfg_add_i32(fw_cfg, FW_CFG_PPC_CLOCKFREQ(0x8000 + 0x04), 266000000);
471
472 qemu_register_boot_set(fw_cfg_boot_set, fw_cfg);
473}
474
475static QEMUMachine core99_machine = {
476 .name = "mac99",
477 .desc = "Mac99 based PowerMAC",
478 .init = ppc_core99_init,
479 .max_cpus = MAX_CPUS1,
480 .default_boot_order = "cd",
481};
482
483static void core99_machine_init(void)
484{
485 qemu_register_machine(&core99_machine);
486}
487
488machine_init(core99_machine_init)static void __attribute__((constructor)) do_qemu_init_core99_machine_init
(void) { register_module_init(core99_machine_init, MODULE_INIT_MACHINE
); };