r3555 - in trunk/src/host/qemu-neo1973: . hw linux-user linux-user/sh4 target-alpha target-mips target-sh4 target-sparc

andrew at sita.openmoko.org andrew at sita.openmoko.org
Tue Dec 4 04:17:39 CET 2007


Author: andrew
Date: 2007-12-04 04:17:20 +0100 (Tue, 04 Dec 2007)
New Revision: 3555

Added:
   trunk/src/host/qemu-neo1973/hw/mainstone.h
   trunk/src/host/qemu-neo1973/hw/mst_fpga.c
Modified:
   trunk/src/host/qemu-neo1973/Makefile.target
   trunk/src/host/qemu-neo1973/block.c
   trunk/src/host/qemu-neo1973/block.h
   trunk/src/host/qemu-neo1973/block_int.h
   trunk/src/host/qemu-neo1973/cpu-exec.c
   trunk/src/host/qemu-neo1973/hw/adlib.c
   trunk/src/host/qemu-neo1973/hw/esp.c
   trunk/src/host/qemu-neo1973/hw/gumstix.c
   trunk/src/host/qemu-neo1973/hw/integratorcp.c
   trunk/src/host/qemu-neo1973/hw/iommu.c
   trunk/src/host/qemu-neo1973/hw/lsi53c895a.c
   trunk/src/host/qemu-neo1973/hw/mainstone.c
   trunk/src/host/qemu-neo1973/hw/mips_malta.c
   trunk/src/host/qemu-neo1973/hw/mips_pica61.c
   trunk/src/host/qemu-neo1973/hw/mips_r4k.c
   trunk/src/host/qemu-neo1973/hw/nand.c
   trunk/src/host/qemu-neo1973/hw/omap.c
   trunk/src/host/qemu-neo1973/hw/pc.c
   trunk/src/host/qemu-neo1973/hw/pci.h
   trunk/src/host/qemu-neo1973/hw/ppc405_boards.c
   trunk/src/host/qemu-neo1973/hw/ppc_chrp.c
   trunk/src/host/qemu-neo1973/hw/ppc_oldworld.c
   trunk/src/host/qemu-neo1973/hw/ppc_prep.c
   trunk/src/host/qemu-neo1973/hw/pxa2xx.c
   trunk/src/host/qemu-neo1973/hw/realview.c
   trunk/src/host/qemu-neo1973/hw/s3c2410.c
   trunk/src/host/qemu-neo1973/hw/sd.c
   trunk/src/host/qemu-neo1973/hw/sh7750.c
   trunk/src/host/qemu-neo1973/hw/sh_intc.c
   trunk/src/host/qemu-neo1973/hw/sh_intc.h
   trunk/src/host/qemu-neo1973/hw/slavio_misc.c
   trunk/src/host/qemu-neo1973/hw/slavio_timer.c
   trunk/src/host/qemu-neo1973/hw/spitz.c
   trunk/src/host/qemu-neo1973/hw/stellaris.c
   trunk/src/host/qemu-neo1973/hw/sun4m.c
   trunk/src/host/qemu-neo1973/hw/sun4m.h
   trunk/src/host/qemu-neo1973/hw/sun4u.c
   trunk/src/host/qemu-neo1973/hw/versatilepb.c
   trunk/src/host/qemu-neo1973/linux-user/main.c
   trunk/src/host/qemu-neo1973/linux-user/sh4/target_signal.h
   trunk/src/host/qemu-neo1973/linux-user/signal.c
   trunk/src/host/qemu-neo1973/linux-user/syscall.c
   trunk/src/host/qemu-neo1973/monitor.c
   trunk/src/host/qemu-neo1973/sysemu.h
   trunk/src/host/qemu-neo1973/target-alpha/op_helper.c
   trunk/src/host/qemu-neo1973/target-alpha/op_helper.h
   trunk/src/host/qemu-neo1973/target-alpha/op_template.h
   trunk/src/host/qemu-neo1973/target-mips/mips-defs.h
   trunk/src/host/qemu-neo1973/target-sh4/cpu.h
   trunk/src/host/qemu-neo1973/target-sh4/helper.c
   trunk/src/host/qemu-neo1973/target-sh4/op.c
   trunk/src/host/qemu-neo1973/target-sh4/translate.c
   trunk/src/host/qemu-neo1973/target-sparc/cpu.h
   trunk/src/host/qemu-neo1973/target-sparc/exec.h
   trunk/src/host/qemu-neo1973/target-sparc/helper.c
   trunk/src/host/qemu-neo1973/target-sparc/op_helper.c
   trunk/src/host/qemu-neo1973/translate-all.c
   trunk/src/host/qemu-neo1973/vl.c
Log:
Pull changes from cvs.savannah.nongnu.org.
Bring snapshotting in sync with the -drive infrastructure.


Modified: trunk/src/host/qemu-neo1973/Makefile.target
===================================================================
--- trunk/src/host/qemu-neo1973/Makefile.target	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/Makefile.target	2007-12-04 03:17:20 UTC (rev 3555)
@@ -504,12 +504,13 @@
 VL_OBJS+= pxa2xx.o pxa2xx_pic.o pxa2xx_gpio.o pxa2xx_timer.o pxa2xx_dma.o
 VL_OBJS+= pxa2xx_lcd.o pxa2xx_mmci.o pxa2xx_pcmcia.o
 VL_OBJS+= pflash_cfi01.o gumstix.o
-VL_OBJS+= spitz.o ide.o serial.o nand.o ecc.o mainstone.o
+VL_OBJS+= spitz.o ide.o serial.o nand.o ecc.o
 VL_OBJS+= s3c2410.o s3c24xx_gpio.o s3c24xx_lcd.o s3c24xx_mmci.o s3c24xx_rtc.o
 VL_OBJS+= s3c24xx_udc.o
 VL_OBJS+= neo1973.o jbt6k74.o gps.o $(GSM_OBJS) modem.o
 VL_OBJS+= omap.o omap_lcdc.o omap1_clk.o omap_mmc.o omap_i2c.o
 VL_OBJS+= palm.o tsc210x.o
+VL_OBJS+= mst_fpga.o mainstone.o
 CPPFLAGS+= -DHAS_AUDIO $(GSM_CPPFLAGS)
 endif
 ifeq ($(TARGET_BASE_ARCH), sh4)

Modified: trunk/src/host/qemu-neo1973/block.c
===================================================================
--- trunk/src/host/qemu-neo1973/block.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/block.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -521,8 +521,11 @@
             return ret;
         else if (ret != len)
             return -EINVAL;
-        else
+        else {
+	    bs->rd_bytes += (unsigned) len;
+	    bs->rd_ops ++;
             return 0;
+	}
     } else {
         return drv->bdrv_read(bs, sector_num, buf, nb_sectors);
     }
@@ -553,8 +556,11 @@
             return ret;
         else if (ret != len)
             return -EIO;
-        else
+        else {
+	    bs->wr_bytes += (unsigned) len;
+	    bs->wr_ops ++;
             return 0;
+	}
     } else {
         return drv->bdrv_write(bs, sector_num, buf, nb_sectors);
     }
@@ -902,6 +908,24 @@
         term_printf("\n");
     }
 }
+
+/* The "info blockstats" command. */
+void bdrv_info_stats (void)
+{
+    BlockDriverState *bs;
+
+    for (bs = bdrv_first; bs != NULL; bs = bs->next) {
+	term_printf ("%s:"
+		     " rd_bytes=%" PRIu64
+		     " wr_bytes=%" PRIu64
+		     " rd_operations=%" PRIu64
+		     " wr_operations=%" PRIu64
+		     "\n",
+		     bs->device_name,
+		     bs->rd_bytes, bs->wr_bytes,
+		     bs->rd_ops, bs->wr_ops);
+    }
+}
 #endif
 
 void bdrv_get_backing_filename(BlockDriverState *bs,
@@ -1064,6 +1088,7 @@
                                 BlockDriverCompletionFunc *cb, void *opaque)
 {
     BlockDriver *drv = bs->drv;
+    BlockDriverAIOCB *ret;
 
     if (!drv)
         return NULL;
@@ -1076,7 +1101,15 @@
         buf += 512;
     }
 
-    return drv->bdrv_aio_read(bs, sector_num, buf, nb_sectors, cb, opaque);
+    ret = drv->bdrv_aio_read(bs, sector_num, buf, nb_sectors, cb, opaque);
+
+    if (ret) {
+	/* Update stats even though technically transfer has not happened. */
+	bs->rd_bytes += (unsigned) nb_sectors * SECTOR_SIZE;
+	bs->rd_ops ++;
+    }
+
+    return ret;
 }
 
 BlockDriverAIOCB *bdrv_aio_write(BlockDriverState *bs, int64_t sector_num,
@@ -1084,6 +1117,7 @@
                                  BlockDriverCompletionFunc *cb, void *opaque)
 {
     BlockDriver *drv = bs->drv;
+    BlockDriverAIOCB *ret;
 
     if (!drv)
         return NULL;
@@ -1093,7 +1127,15 @@
         memcpy(bs->boot_sector_data, buf, 512);
     }
 
-    return drv->bdrv_aio_write(bs, sector_num, buf, nb_sectors, cb, opaque);
+    ret = drv->bdrv_aio_write(bs, sector_num, buf, nb_sectors, cb, opaque);
+
+    if (ret) {
+	/* Update stats even though technically transfer has not happened. */
+	bs->wr_bytes += (unsigned) nb_sectors * SECTOR_SIZE;
+	bs->wr_ops ++;
+    }
+
+    return ret;
 }
 
 void bdrv_aio_cancel(BlockDriverAIOCB *acb)

Modified: trunk/src/host/qemu-neo1973/block.h
===================================================================
--- trunk/src/host/qemu-neo1973/block.h	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/block.h	2007-12-04 03:17:20 UTC (rev 3555)
@@ -47,6 +47,7 @@
 
 #ifndef QEMU_IMG
 void bdrv_info(void);
+void bdrv_info_stats(void);
 #endif
 
 void bdrv_init(void);

Modified: trunk/src/host/qemu-neo1973/block_int.h
===================================================================
--- trunk/src/host/qemu-neo1973/block_int.h	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/block_int.h	2007-12-04 03:17:20 UTC (rev 3555)
@@ -114,6 +114,12 @@
 
     void *sync_aiocb;
 
+    /* I/O stats (display with "info blockstats"). */
+    uint64_t rd_bytes;
+    uint64_t wr_bytes;
+    uint64_t rd_ops;
+    uint64_t wr_ops;
+
     /* NOTE: the following infos are only hints for real hardware
        drivers. They are not used by the block driver */
     int cyls, heads, secs, translation;

Modified: trunk/src/host/qemu-neo1973/cpu-exec.c
===================================================================
--- trunk/src/host/qemu-neo1973/cpu-exec.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/cpu-exec.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -202,8 +202,8 @@
     cs_base = 0;
     pc = env->pc;
 #elif defined(TARGET_SH4)
-    flags = env->sr & (SR_MD | SR_RB);
-    cs_base = 0;         /* XXXXX */
+    flags = env->flags;
+    cs_base = 0;
     pc = env->pc;
 #elif defined(TARGET_ALPHA)
     flags = env->ps;
@@ -511,7 +511,10 @@
                         BREAK_CHAIN;
                     }
 #elif defined(TARGET_SH4)
-		    /* XXXXX */
+                    if (interrupt_request & CPU_INTERRUPT_HARD) {
+                        do_interrupt(env);
+                        BREAK_CHAIN;
+                    }
 #elif defined(TARGET_ALPHA)
                     if (interrupt_request & CPU_INTERRUPT_HARD) {
                         do_interrupt(env);

Modified: trunk/src/host/qemu-neo1973/hw/adlib.c
===================================================================
--- trunk/src/host/qemu-neo1973/hw/adlib.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/hw/adlib.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -21,12 +21,20 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  * THE SOFTWARE.
  */
+
 #include <assert.h>
 #include "hw.h"
 #include "audiodev.h"
+#include "audio/audio.h"
 
+//#define DEBUG
+
 #define ADLIB_KILL_TIMERS 1
 
+#ifdef DEBUG
+#include "qemu-timer.h"
+#endif
+
 #define dolog(...) AUD_log ("adlib", __VA_ARGS__)
 #ifdef DEBUG
 #define ldebug(...) dolog (__VA_ARGS__)

Modified: trunk/src/host/qemu-neo1973/hw/esp.c
===================================================================
--- trunk/src/host/qemu-neo1973/hw/esp.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/hw/esp.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -32,8 +32,8 @@
 //#define DEBUG_ESP
 
 /*
- * On Sparc32, this is the ESP (NCR53C90) part of chip STP2000 (Master I/O), also
- * produced as NCR89C100. See
+ * On Sparc32, this is the ESP (NCR53C90) part of chip STP2000 (Master I/O),
+ * also produced as NCR89C100. See
  * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR89C100.txt
  * and
  * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR53C9X.txt
@@ -50,14 +50,11 @@
 #define ESP_REGS 16
 #define ESP_SIZE (ESP_REGS * 4)
 #define TI_BUFSZ 32
-/* The HBA is ID 7, so for simplicitly limit to 7 devices.  */
-#define ESP_MAX_DEVS      7
 
 typedef struct ESPState ESPState;
 
 struct ESPState {
     qemu_irq irq;
-    BlockDriverState **bd;
     uint8_t rregs[ESP_REGS];
     uint8_t wregs[ESP_REGS];
     int32_t ti_size;
@@ -65,7 +62,7 @@
     uint8_t ti_buf[TI_BUFSZ];
     int sense;
     int dma;
-    SCSIDevice *scsi_dev[MAX_DISKS];
+    SCSIDevice *scsi_dev[ESP_MAX_DEVS];
     SCSIDevice *current_dev;
     uint8_t cmdbuf[TI_BUFSZ];
     int cmdlen;
@@ -81,12 +78,51 @@
     void *dma_opaque;
 };
 
+#define ESP_TCLO   0x0
+#define ESP_TCMID  0x1
+#define ESP_FIFO   0x2
+#define ESP_CMD    0x3
+#define ESP_RSTAT  0x4
+#define ESP_WBUSID 0x4
+#define ESP_RINTR  0x5
+#define ESP_WSEL   0x5
+#define ESP_RSEQ   0x6
+#define ESP_WSYNTP 0x6
+#define ESP_RFLAGS 0x7
+#define ESP_WSYNO  0x7
+#define ESP_CFG1   0x8
+#define ESP_RRES1  0x9
+#define ESP_WCCF   0x9
+#define ESP_RRES2  0xa
+#define ESP_WTEST  0xa
+#define ESP_CFG2   0xb
+#define ESP_CFG3   0xc
+#define ESP_RES3   0xd
+#define ESP_TCHI   0xe
+#define ESP_RES4   0xf
+
+#define CMD_DMA 0x80
+#define CMD_CMD 0x7f
+
+#define CMD_NOP      0x00
+#define CMD_FLUSH    0x01
+#define CMD_RESET    0x02
+#define CMD_BUSRESET 0x03
+#define CMD_TI       0x10
+#define CMD_ICCS     0x11
+#define CMD_MSGACC   0x12
+#define CMD_SATN     0x1a
+#define CMD_SELATN   0x42
+#define CMD_SELATNS  0x43
+#define CMD_ENSEL    0x44
+
 #define STAT_DO 0x00
 #define STAT_DI 0x01
 #define STAT_CD 0x02
 #define STAT_ST 0x03
 #define STAT_MI 0x06
 #define STAT_MO 0x07
+#define STAT_PIO_MASK 0x06
 
 #define STAT_TC 0x10
 #define STAT_PE 0x20
@@ -101,13 +137,19 @@
 #define SEQ_0 0x0
 #define SEQ_CD 0x4
 
+#define CFG1_RESREPT 0x40
+
+#define CFG2_MASK 0x15
+
+#define TCHI_FAS100A 0x4
+
 static int get_cmd(ESPState *s, uint8_t *buf)
 {
     uint32_t dmalen;
     int target;
 
-    dmalen = s->rregs[0] | (s->rregs[1] << 8);
-    target = s->wregs[4] & 7;
+    dmalen = s->rregs[ESP_TCLO] | (s->rregs[ESP_TCMID] << 8);
+    target = s->wregs[ESP_WBUSID] & 7;
     DPRINTF("get_cmd: len %d target %d\n", dmalen, target);
     if (s->dma) {
         espdma_memory_read(s->dma_opaque, buf, dmalen);
@@ -127,11 +169,11 @@
         s->async_len = 0;
     }
 
-    if (target >= MAX_DISKS || !s->scsi_dev[target]) {
+    if (target >= ESP_MAX_DEVS || !s->scsi_dev[target]) {
         // No such drive
-        s->rregs[4] = STAT_IN;
-        s->rregs[5] = INTR_DC;
-        s->rregs[6] = SEQ_0;
+        s->rregs[ESP_RSTAT] = STAT_IN;
+        s->rregs[ESP_RINTR] = INTR_DC;
+        s->rregs[ESP_RSEQ] = SEQ_0;
         qemu_irq_raise(s->irq);
         return 0;
     }
@@ -149,19 +191,19 @@
     datalen = scsi_send_command(s->current_dev, 0, &buf[1], lun);
     s->ti_size = datalen;
     if (datalen != 0) {
-        s->rregs[4] = STAT_IN | STAT_TC;
+        s->rregs[ESP_RSTAT] = STAT_IN | STAT_TC;
         s->dma_left = 0;
         s->dma_counter = 0;
         if (datalen > 0) {
-            s->rregs[4] |= STAT_DI;
+            s->rregs[ESP_RSTAT] |= STAT_DI;
             scsi_read_data(s->current_dev, 0);
         } else {
-            s->rregs[4] |= STAT_DO;
+            s->rregs[ESP_RSTAT] |= STAT_DO;
             scsi_write_data(s->current_dev, 0);
         }
     }
-    s->rregs[5] = INTR_BS | INTR_FC;
-    s->rregs[6] = SEQ_CD;
+    s->rregs[ESP_RINTR] = INTR_BS | INTR_FC;
+    s->rregs[ESP_RSEQ] = SEQ_CD;
     qemu_irq_raise(s->irq);
 }
 
@@ -181,9 +223,9 @@
     if (s->cmdlen) {
         DPRINTF("Set ATN & Stop: cmdlen %d\n", s->cmdlen);
         s->do_cmd = 1;
-        s->rregs[4] = STAT_IN | STAT_TC | STAT_CD;
-        s->rregs[5] = INTR_BS | INTR_FC;
-        s->rregs[6] = SEQ_CD;
+        s->rregs[ESP_RSTAT] = STAT_IN | STAT_TC | STAT_CD;
+        s->rregs[ESP_RINTR] = INTR_BS | INTR_FC;
+        s->rregs[ESP_RSEQ] = SEQ_CD;
         qemu_irq_raise(s->irq);
     }
 }
@@ -195,26 +237,26 @@
     s->ti_buf[1] = 0;
     if (s->dma) {
         espdma_memory_write(s->dma_opaque, s->ti_buf, 2);
-        s->rregs[4] = STAT_IN | STAT_TC | STAT_ST;
-        s->rregs[5] = INTR_BS | INTR_FC;
-        s->rregs[6] = SEQ_CD;
+        s->rregs[ESP_RSTAT] = STAT_IN | STAT_TC | STAT_ST;
+        s->rregs[ESP_RINTR] = INTR_BS | INTR_FC;
+        s->rregs[ESP_RSEQ] = SEQ_CD;
     } else {
         s->ti_size = 2;
         s->ti_rptr = 0;
         s->ti_wptr = 0;
-        s->rregs[7] = 2;
+        s->rregs[ESP_RFLAGS] = 2;
     }
     qemu_irq_raise(s->irq);
 }
 
 static void esp_dma_done(ESPState *s)
 {
-    s->rregs[4] |= STAT_IN | STAT_TC;
-    s->rregs[5] = INTR_BS;
-    s->rregs[6] = 0;
-    s->rregs[7] = 0;
-    s->rregs[0] = 0;
-    s->rregs[1] = 0;
+    s->rregs[ESP_RSTAT] |= STAT_IN | STAT_TC;
+    s->rregs[ESP_RINTR] = INTR_BS;
+    s->rregs[ESP_RSEQ] = 0;
+    s->rregs[ESP_RFLAGS] = 0;
+    s->rregs[ESP_TCLO] = 0;
+    s->rregs[ESP_TCMID] = 0;
     qemu_irq_raise(s->irq);
 }
 
@@ -287,7 +329,7 @@
         if (arg)
             DPRINTF("Command failed\n");
         s->sense = arg;
-        s->rregs[4] = STAT_ST;
+        s->rregs[ESP_RSTAT] = STAT_ST;
         esp_dma_done(s);
         s->current_dev = NULL;
     } else {
@@ -308,7 +350,7 @@
 {
     uint32_t dmalen, minlen;
 
-    dmalen = s->rregs[0] | (s->rregs[1] << 8);
+    dmalen = s->rregs[ESP_TCLO] | (s->rregs[ESP_TCMID] << 8);
     if (dmalen==0) {
       dmalen=0x10000;
     }
@@ -323,7 +365,7 @@
     DPRINTF("Transfer Information len %d\n", minlen);
     if (s->dma) {
         s->dma_left = minlen;
-        s->rregs[4] &= ~STAT_TC;
+        s->rregs[ESP_RSTAT] &= ~STAT_TC;
         esp_do_dma(s);
     } else if (s->do_cmd) {
         DPRINTF("command len %d\n", s->cmdlen);
@@ -341,7 +383,7 @@
 
     memset(s->rregs, 0, ESP_REGS);
     memset(s->wregs, 0, ESP_REGS);
-    s->rregs[0x0e] = 0x4; // Indicate fas100a
+    s->rregs[ESP_TCHI] = TCHI_FAS100A; // Indicate fas100a
     s->ti_size = 0;
     s->ti_rptr = 0;
     s->ti_wptr = 0;
@@ -363,16 +405,15 @@
     saddr = (addr & ESP_MASK) >> 2;
     DPRINTF("read reg[%d]: 0x%2.2x\n", saddr, s->rregs[saddr]);
     switch (saddr) {
-    case 2:
-        // FIFO
+    case ESP_FIFO:
         if (s->ti_size > 0) {
             s->ti_size--;
-            if ((s->rregs[4] & 6) == 0) {
+            if ((s->rregs[ESP_RSTAT] & STAT_PIO_MASK) == 0) {
                 /* Data in/out.  */
                 fprintf(stderr, "esp: PIO data read not implemented\n");
-                s->rregs[2] = 0;
+                s->rregs[ESP_FIFO] = 0;
             } else {
-                s->rregs[2] = s->ti_buf[s->ti_rptr++];
+                s->rregs[ESP_FIFO] = s->ti_buf[s->ti_rptr++];
             }
             qemu_irq_raise(s->irq);
         }
@@ -381,10 +422,9 @@
             s->ti_wptr = 0;
         }
         break;
-    case 5:
-        // interrupt
+    case ESP_RINTR:
         // Clear interrupt/error status bits
-        s->rregs[4] &= ~(STAT_IN | STAT_GE | STAT_PE);
+        s->rregs[ESP_RSTAT] &= ~(STAT_IN | STAT_GE | STAT_PE);
         qemu_irq_lower(s->irq);
         break;
     default:
@@ -399,17 +439,17 @@
     uint32_t saddr;
 
     saddr = (addr & ESP_MASK) >> 2;
-    DPRINTF("write reg[%d]: 0x%2.2x -> 0x%2.2x\n", saddr, s->wregs[saddr], val);
+    DPRINTF("write reg[%d]: 0x%2.2x -> 0x%2.2x\n", saddr, s->wregs[saddr],
+            val);
     switch (saddr) {
-    case 0:
-    case 1:
-        s->rregs[4] &= ~STAT_TC;
+    case ESP_TCLO:
+    case ESP_TCMID:
+        s->rregs[ESP_RSTAT] &= ~STAT_TC;
         break;
-    case 2:
-        // FIFO
+    case ESP_FIFO:
         if (s->do_cmd) {
             s->cmdbuf[s->cmdlen++] = val & 0xff;
-        } else if ((s->rregs[4] & 6) == 0) {
+        } else if ((s->rregs[ESP_RSTAT] & STAT_PIO_MASK) == 0) {
             uint8_t buf;
             buf = val & 0xff;
             s->ti_size--;
@@ -419,63 +459,62 @@
             s->ti_buf[s->ti_wptr++] = val & 0xff;
         }
         break;
-    case 3:
+    case ESP_CMD:
         s->rregs[saddr] = val;
-        // Command
-        if (val & 0x80) {
+        if (val & CMD_DMA) {
             s->dma = 1;
             /* Reload DMA counter.  */
-            s->rregs[0] = s->wregs[0];
-            s->rregs[1] = s->wregs[1];
+            s->rregs[ESP_TCLO] = s->wregs[ESP_TCLO];
+            s->rregs[ESP_TCMID] = s->wregs[ESP_TCMID];
         } else {
             s->dma = 0;
         }
-        switch(val & 0x7f) {
-        case 0:
+        switch(val & CMD_CMD) {
+        case CMD_NOP:
             DPRINTF("NOP (%2.2x)\n", val);
             break;
-        case 1:
+        case CMD_FLUSH:
             DPRINTF("Flush FIFO (%2.2x)\n", val);
             //s->ti_size = 0;
-            s->rregs[5] = INTR_FC;
-            s->rregs[6] = 0;
+            s->rregs[ESP_RINTR] = INTR_FC;
+            s->rregs[ESP_RSEQ] = 0;
             break;
-        case 2:
+        case CMD_RESET:
             DPRINTF("Chip reset (%2.2x)\n", val);
             esp_reset(s);
             break;
-        case 3:
+        case CMD_BUSRESET:
             DPRINTF("Bus reset (%2.2x)\n", val);
-            s->rregs[5] = INTR_RST;
-            if (!(s->wregs[8] & 0x40)) {
+            s->rregs[ESP_RINTR] = INTR_RST;
+            if (!(s->wregs[ESP_CFG1] & CFG1_RESREPT)) {
                 qemu_irq_raise(s->irq);
             }
             break;
-        case 0x10:
+        case CMD_TI:
             handle_ti(s);
             break;
-        case 0x11:
+        case CMD_ICCS:
             DPRINTF("Initiator Command Complete Sequence (%2.2x)\n", val);
             write_response(s);
             break;
-        case 0x12:
+        case CMD_MSGACC:
             DPRINTF("Message Accepted (%2.2x)\n", val);
             write_response(s);
-            s->rregs[5] = INTR_DC;
-            s->rregs[6] = 0;
+            s->rregs[ESP_RINTR] = INTR_DC;
+            s->rregs[ESP_RSEQ] = 0;
             break;
-        case 0x1a:
+        case CMD_SATN:
             DPRINTF("Set ATN (%2.2x)\n", val);
             break;
-        case 0x42:
+        case CMD_SELATN:
             DPRINTF("Set ATN (%2.2x)\n", val);
             handle_satn(s);
             break;
-        case 0x43:
+        case CMD_SELATNS:
             DPRINTF("Set ATN & stop (%2.2x)\n", val);
             handle_satn_stop(s);
             break;
-        case 0x44:
+        case CMD_ENSEL:
             DPRINTF("Enable selection (%2.2x)\n", val);
             break;
         default:
@@ -483,17 +522,17 @@
             break;
         }
         break;
-    case 4 ... 7:
+    case ESP_WBUSID ... ESP_WSYNO:
         break;
-    case 8:
+    case ESP_CFG1:
         s->rregs[saddr] = val;
         break;
-    case 9 ... 10:
+    case ESP_WCCF ... ESP_WTEST:
         break;
-    case 11:
-        s->rregs[saddr] = val & 0x15;
+    case ESP_CFG2:
+        s->rregs[saddr] = val & CFG2_MASK;
         break;
-    case 12 ... 15:
+    case ESP_CFG3 ... ESP_RES4:
         s->rregs[saddr] = val;
         break;
     default:
@@ -579,7 +618,7 @@
     s->scsi_dev[id] = scsi_disk_init(bd, 0, esp_command_complete, s);
 }
 
-void *esp_init(BlockDriverState **bd, target_phys_addr_t espaddr,
+void *esp_init(target_phys_addr_t espaddr,
                void *dma_opaque, qemu_irq irq, qemu_irq *reset)
 {
     ESPState *s;
@@ -589,7 +628,6 @@
     if (!s)
         return NULL;
 
-    s->bd = bd;
     s->irq = irq;
     s->dma_opaque = dma_opaque;
 

Modified: trunk/src/host/qemu-neo1973/hw/gumstix.c
===================================================================
--- trunk/src/host/qemu-neo1973/hw/gumstix.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/hw/gumstix.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -47,6 +47,7 @@
                 const char *initrd_filename, const char *cpu_model)
 {
     struct pxa2xx_state_s *cpu;
+    int index;
 
     uint32_t connex_rom = 0x01000000;
     uint32_t connex_ram = 0x04000000;
@@ -59,14 +60,15 @@
 
     cpu = pxa255_init(connex_ram, ds);
 
-    if (pflash_table[0] == NULL) {
+    index = drive_get_index(IF_PFLASH, 0, 0);
+    if (index == -1) {
         fprintf(stderr, "A flash image must be given with the "
                 "'pflash' parameter\n");
         exit(1);
     }
 
     if (!pflash_register(0x00000000, qemu_ram_alloc(connex_rom),
-            pflash_table[0], sector_len, connex_rom / sector_len,
+            drives_table[index].bdrv, sector_len, connex_rom / sector_len,
             2, 0, 0, 0, 0)) {
         fprintf(stderr, "qemu: Error registering flash memory.\n");
         exit(1);
@@ -85,6 +87,7 @@
                 const char *initrd_filename, const char *cpu_model)
 {
     struct pxa2xx_state_s *cpu;
+    int index;
 
     uint32_t verdex_rom = 0x02000000;
     uint32_t verdex_ram = 0x10000000;
@@ -97,14 +100,15 @@
 
     cpu = pxa270_init(verdex_ram, ds, cpu_model ?: "pxa270-c0");
 
-    if (pflash_table[0] == NULL) {
+    index = drive_get_index(IF_PFLASH, 0, 0);
+    if (index == -1) {
         fprintf(stderr, "A flash image must be given with the "
                 "'pflash' parameter\n");
         exit(1);
     }
 
     if (!pflash_register(0x00000000, qemu_ram_alloc(verdex_rom),
-            pflash_table[0], sector_len, verdex_rom / sector_len,
+            drives_table[index].bdrv, sector_len, verdex_rom / sector_len,
             2, 0, 0, 0, 0)) {
         fprintf(stderr, "qemu: Error registering flash memory.\n");
         exit(1);

Modified: trunk/src/host/qemu-neo1973/hw/integratorcp.c
===================================================================
--- trunk/src/host/qemu-neo1973/hw/integratorcp.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/hw/integratorcp.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -478,6 +478,7 @@
     uint32_t bios_offset;
     qemu_irq *pic;
     qemu_irq *cpu_pic;
+    int sd;
 
     if (!cpu_model)
         cpu_model = "arm926";
@@ -506,7 +507,12 @@
     icp_control_init(0xcb000000);
     pl050_init(0x18000000, pic[3], 0);
     pl050_init(0x19000000, pic[4], 1);
-    pl181_init(0x1c000000, sd_bdrv, pic[23], pic[24]);
+    sd = drive_get_index(IF_SD, 0, 0);
+    if (sd == -1) {
+        fprintf(stderr, "qemu: missing SecureDigital card\n");
+        exit(1);
+    }
+    pl181_init(0x1c000000, drives_table[sd].bdrv, pic[23], pic[24]);
     if (nd_table[0].vlan) {
         if (nd_table[0].model == NULL
             || strcmp(nd_table[0].model, "smc91c111") == 0) {

Modified: trunk/src/host/qemu-neo1973/hw/iommu.c
===================================================================
--- trunk/src/host/qemu-neo1973/hw/iommu.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/hw/iommu.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -61,15 +61,20 @@
 
 #define IOMMU_AFSR          (0x1000 >> 2)
 #define IOMMU_AFSR_ERR      0x80000000 /* LE, TO, or BE asserted */
-#define IOMMU_AFSR_LE       0x40000000 /* SBUS reports error after transaction */
-#define IOMMU_AFSR_TO       0x20000000 /* Write access took more than 12.8 us. */
-#define IOMMU_AFSR_BE       0x10000000 /* Write access received error acknowledge */
+#define IOMMU_AFSR_LE       0x40000000 /* SBUS reports error after
+                                          transaction */
+#define IOMMU_AFSR_TO       0x20000000 /* Write access took more than
+                                          12.8 us. */
+#define IOMMU_AFSR_BE       0x10000000 /* Write access received error
+                                          acknowledge */
 #define IOMMU_AFSR_SIZE     0x0e000000 /* Size of transaction causing error */
 #define IOMMU_AFSR_S        0x01000000 /* Sparc was in supervisor mode */
-#define IOMMU_AFSR_RESV     0x00f00000 /* Reserved, forced to 0x8 by hardware */
+#define IOMMU_AFSR_RESV     0x00800000 /* Reserved, forced to 0x8 by
+                                          hardware */
 #define IOMMU_AFSR_ME       0x00080000 /* Multiple errors occurred */
 #define IOMMU_AFSR_RD       0x00040000 /* A read operation was in progress */
 #define IOMMU_AFSR_FAV      0x00020000 /* IOMMU afar has valid contents */
+#define IOMMU_AFSR_MASK     0xff0fffff
 
 #define IOMMU_AFAR          (0x1004 >> 2)
 
@@ -77,7 +82,8 @@
 #define IOMMU_SBCFG1        (0x1014 >> 2) /* SBUS configration per-slot */
 #define IOMMU_SBCFG2        (0x1018 >> 2) /* SBUS configration per-slot */
 #define IOMMU_SBCFG3        (0x101c >> 2) /* SBUS configration per-slot */
-#define IOMMU_SBCFG_SAB30   0x00010000 /* Phys-address bit 30 when bypass enabled */
+#define IOMMU_SBCFG_SAB30   0x00010000 /* Phys-address bit 30 when
+                                          bypass enabled */
 #define IOMMU_SBCFG_BA16    0x00000004 /* Slave supports 16 byte bursts */
 #define IOMMU_SBCFG_BA8     0x00000002 /* Slave supports 8 byte bursts */
 #define IOMMU_SBCFG_BYPASS  0x00000001 /* Bypass IOMMU, treat all addresses
@@ -90,8 +96,9 @@
 #define IOMMU_MID           0x00000008
 
 /* The format of an iopte in the page tables */
-#define IOPTE_PAGE          0x07ffff00 /* Physical page number (PA[30:12]) */
-#define IOPTE_CACHE         0x00000080 /* Cached (in vme IOCACHE or Viking/MXCC) */
+#define IOPTE_PAGE          0xffffff00 /* Physical page number (PA[35:12]) */
+#define IOPTE_CACHE         0x00000080 /* Cached (in vme IOCACHE or
+                                          Viking/MXCC) */
 #define IOPTE_WRITE         0x00000004 /* Writeable */
 #define IOPTE_VALID         0x00000002 /* IOPTE is valid */
 #define IOPTE_WAZ           0x00000001 /* Write as zeros */
@@ -122,7 +129,8 @@
     return 0;
 }
 
-static void iommu_mem_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
+static void iommu_mem_writew(void *opaque, target_phys_addr_t addr,
+                             uint32_t val)
 {
     IOMMUState *s = opaque;
     target_phys_addr_t saddr;
@@ -172,6 +180,9 @@
         DPRINTF("page flush %x\n", val);
         s->regs[saddr] = val & IOMMU_PGFLUSH_MASK;
         break;
+    case IOMMU_AFSR:
+        s->regs[saddr] = (val & IOMMU_AFSR_MASK) | IOMMU_AFSR_RESV;
+        break;
     case IOMMU_SBCFG0:
     case IOMMU_SBCFG1:
     case IOMMU_SBCFG2:
@@ -235,10 +246,11 @@
     return pa;
 }
 
-static void iommu_bad_addr(IOMMUState *s, target_phys_addr_t addr, int is_write)
+static void iommu_bad_addr(IOMMUState *s, target_phys_addr_t addr,
+                           int is_write)
 {
     DPRINTF("bad addr " TARGET_FMT_plx "\n", addr);
-    s->regs[IOMMU_AFSR] = IOMMU_AFSR_ERR | IOMMU_AFSR_LE | (8 << 20) |
+    s->regs[IOMMU_AFSR] = IOMMU_AFSR_ERR | IOMMU_AFSR_LE | IOMMU_AFSR_RESV |
         IOMMU_AFSR_FAV;
     if (!is_write)
         s->regs[IOMMU_AFSR] |= IOMMU_AFSR_RD;
@@ -311,7 +323,7 @@
     s->iostart = 0;
     s->regs[IOMMU_CTRL] = s->version;
     s->regs[IOMMU_ARBEN] = IOMMU_MID;
-    s->regs[IOMMU_AFSR] = 0x00800000;
+    s->regs[IOMMU_AFSR] = IOMMU_AFSR_RESV;
 }
 
 void *iommu_init(target_phys_addr_t addr, uint32_t version)
@@ -326,7 +338,8 @@
     s->addr = addr;
     s->version = version;
 
-    iommu_io_memory = cpu_register_io_memory(0, iommu_mem_read, iommu_mem_write, s);
+    iommu_io_memory = cpu_register_io_memory(0, iommu_mem_read,
+                                             iommu_mem_write, s);
     cpu_register_physical_memory(addr, IOMMU_NREGS * 4, iommu_io_memory);
 
     register_savevm("iommu", addr, 2, iommu_save, iommu_load, s);
@@ -334,4 +347,3 @@
     iommu_reset(s);
     return s;
 }
-

Modified: trunk/src/host/qemu-neo1973/hw/lsi53c895a.c
===================================================================
--- trunk/src/host/qemu-neo1973/hw/lsi53c895a.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/hw/lsi53c895a.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -151,9 +151,6 @@
 #define PHASE_MI          7
 #define PHASE_MASK        7
 
-/* The HBA is ID 7, so for simplicitly limit to 7 devices.  */
-#define LSI_MAX_DEVS      7
-
 /* Maximum length of MSG IN data.  */
 #define LSI_MAX_MSGIN_LEN 8
 

Modified: trunk/src/host/qemu-neo1973/hw/mainstone.c
===================================================================
--- trunk/src/host/qemu-neo1973/hw/mainstone.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/hw/mainstone.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -14,246 +14,10 @@
 #include "net.h"
 #include "devices.h"
 #include "boards.h"
+#include "mainstone.h"
+#include "sysemu.h"
+#include "flash.h"
 
-#define MST_ETH_PHYS	0x10000300
-#define MST_FPGA_PHYS	0x08000000
-
-/* Mainstone FPGA for extern irqs */
-#define FPGA_GPIO_PIN	0
-#define MST_NUM_IRQS	16
-#define MST_BASE	MST_FPGA_PHYS
-#define MST_LEDDAT1	0x10
-#define MST_LEDDAT2	0x14
-#define MST_LEDCTRL	0x40
-#define MST_GPSWR	0x60
-#define MST_MSCWR1	0x80
-#define MST_MSCWR2	0x84
-#define MST_MSCWR3	0x88
-#define MST_MSCRD	0x90
-#define MST_INTMSKENA	0xc0
-#define MST_INTSETCLR	0xd0
-#define MST_PCMCIA0	0xe0
-#define MST_PCMCIA1	0xe4
-
-/* IRQ definitions */
-#define ETHERNET_IRQ	3
-
-typedef struct mst_irq_state {
-    target_phys_addr_t target_base;
-    qemu_irq *parent;
-    qemu_irq *pins;
-
-    uint32_t prev_level;
-    uint32_t leddat1;
-    uint32_t leddat2;
-    uint32_t ledctrl;
-    uint32_t gpswr;
-    uint32_t mscwr1;
-    uint32_t mscwr2;
-    uint32_t mscwr3;
-    uint32_t mscrd;
-    uint32_t intmskena;
-    uint32_t intsetclr;
-    uint32_t pcmcia0;
-    uint32_t pcmcia1;
-} mst_irq_state;
-
-static void 
-mst_fpga_update_gpio(mst_irq_state *s)
-{
-    uint32_t level, diff;
-    int bit;
-    level = s->prev_level ^ s->intsetclr;
-
-    for (diff = s->prev_level ^ level; diff; diff ^= 1 << bit) {
-        bit = ffs(diff) - 1;
-        qemu_set_irq(s->pins[bit], (level >> bit) & 1 );
-    }
-    s->prev_level = level;
-}
-
-static void 
-mst_fpga_set_irq(void *opaque, int irq, int level)
-{
-    mst_irq_state *s = (mst_irq_state *)opaque;
-
-    if (level)
-        s->prev_level |= 1u << irq;
-    else
-        s->prev_level &= ~(1u << irq);
-
-    if(s->intmskena & (1u << irq)) {
-        s->intsetclr = 1u << irq;
-        qemu_set_irq(s->parent[0], level);
-    }
-}
-
-static uint32_t 
-mst_fpga_readb(void *opaque, target_phys_addr_t addr)
-{
-    mst_irq_state *s = (mst_irq_state *) opaque;
-    addr -= s->target_base;
-
-    switch (addr) {
-    case MST_LEDDAT1:
-        return s->leddat1;
-    case MST_LEDDAT2:
-        return s->leddat2;
-    case MST_LEDCTRL:
-        return s->ledctrl;
-    case MST_GPSWR:
-        return s->gpswr;
-    case MST_MSCWR1:
-        return s->mscwr1;
-    case MST_MSCWR2:
-        return s->mscwr2;
-    case MST_MSCWR3:
-        return s->mscwr3;
-    case MST_MSCRD:
-        return s->mscrd;
-    case MST_INTMSKENA:
-        return s->intmskena;
-    case MST_INTSETCLR:
-        return s->intsetclr;
-    case MST_PCMCIA0:
-        return s->pcmcia0;
-    case MST_PCMCIA1:
-        return s->pcmcia1;
-    default:
-        printf("Mainstone - mst_fpga_readb: Bad register offset " 
-                REG_FMT " \n", addr);
-    }
-    return 0;
-}
-
-static void 
-mst_fpga_writeb(void *opaque, target_phys_addr_t addr, uint32_t value)
-{
-    mst_irq_state *s = (mst_irq_state *) opaque;
-    addr -= s->target_base;
-    value &= 0xffffffff;
-
-    switch (addr) {
-    case MST_LEDDAT1:
-        s->leddat1 = value;
-        break;
-    case MST_LEDDAT2:
-        s->leddat2 = value;
-        break;
-    case MST_LEDCTRL:
-        s->ledctrl = value;
-        break;
-    case MST_GPSWR:
-        s->gpswr = value;
-        break;
-    case MST_MSCWR1:
-        s->mscwr1 = value;
-        break;
-    case MST_MSCWR2:
-        s->mscwr2 = value;
-        break;
-    case MST_MSCWR3:
-        s->mscwr3 = value;
-        break;
-    case MST_MSCRD:
-        s->mscrd =  value;
-        break;
-    case MST_INTMSKENA:	/* Mask interupt */
-        s->intmskena = (value & 0xFEEFF);
-        mst_fpga_update_gpio(s);
-        break;
-    case MST_INTSETCLR:	/* clear or set interrupt */
-        s->intsetclr = (value & 0xFEEFF);
-        break;
-    case MST_PCMCIA0:
-        s->pcmcia0 = value;
-        break;
-    case MST_PCMCIA1:
-        s->pcmcia1 = value;
-        break;
-    default:
-        printf("Mainstone - mst_fpga_writeb: Bad register offset "
-                REG_FMT " \n", addr);
-    }
-}
-
-CPUReadMemoryFunc *mst_fpga_readfn[] = {
-    mst_fpga_readb,
-    mst_fpga_readb,
-    mst_fpga_readb,
-};
-CPUWriteMemoryFunc *mst_fpga_writefn[] = {
-    mst_fpga_writeb,
-    mst_fpga_writeb,
-    mst_fpga_writeb,
-};
-
-static void 
-mst_fpga_save(QEMUFile *f, void *opaque)
-{
-    struct mst_irq_state *s = (mst_irq_state *) opaque;
-
-    qemu_put_be32s(f, &s->prev_level);
-    qemu_put_be32s(f, &s->leddat1);
-    qemu_put_be32s(f, &s->leddat2);
-    qemu_put_be32s(f, &s->ledctrl);
-    qemu_put_be32s(f, &s->gpswr);
-    qemu_put_be32s(f, &s->mscwr1);
-    qemu_put_be32s(f, &s->mscwr2);
-    qemu_put_be32s(f, &s->mscwr3);
-    qemu_put_be32s(f, &s->mscrd);
-    qemu_put_be32s(f, &s->intmskena);
-    qemu_put_be32s(f, &s->intsetclr);
-    qemu_put_be32s(f, &s->pcmcia0);
-    qemu_put_be32s(f, &s->pcmcia1);
-}
-
-static int 
-mst_fpga_load(QEMUFile *f, void *opaque, int version_id)
-{
-    mst_irq_state *s = (mst_irq_state *) opaque;
-
-    qemu_get_be32s(f, &s->prev_level);
-    qemu_get_be32s(f, &s->leddat1);
-    qemu_get_be32s(f, &s->leddat2);
-    qemu_get_be32s(f, &s->ledctrl);
-    qemu_get_be32s(f, &s->gpswr);
-    qemu_get_be32s(f, &s->mscwr1);
-    qemu_get_be32s(f, &s->mscwr2);
-    qemu_get_be32s(f, &s->mscwr3);
-    qemu_get_be32s(f, &s->mscrd);
-    qemu_get_be32s(f, &s->intmskena);
-    qemu_get_be32s(f, &s->intsetclr);
-    qemu_get_be32s(f, &s->pcmcia0);
-    qemu_get_be32s(f, &s->pcmcia1);
-    return 0;
-}
-
-static qemu_irq 
-*mst_irq_init(struct pxa2xx_state_s *cpu, uint32_t base, int irq)
-{
-    mst_irq_state *s;
-    int iomemtype;
-    qemu_irq *qi;
-
-    s = (mst_irq_state *) qemu_mallocz(sizeof(mst_irq_state));
-
-    if (!s)
-        return NULL;
-    s->target_base = base;
-    s->parent = &cpu->pic[irq];
-
-    /* alloc the external 16 irqs */
-    qi = qemu_allocate_irqs(mst_fpga_set_irq, s, MST_NUM_IRQS);
-    s->pins = qi;
-
-    iomemtype = cpu_register_io_memory(0, mst_fpga_readfn,
-                    mst_fpga_writefn, s);
-    cpu_register_physical_memory(MST_BASE, 0x00100000, iomemtype);
-    register_savevm("mainstone_fpga", 0, 0, mst_fpga_save, mst_fpga_load, s);
-    return qi;
-}
-
 enum mainstone_model_e { mainstone };
 
 static void mainstone_common_init(int ram_size, int vga_ram_size,
@@ -265,6 +29,7 @@
     uint32_t mainstone_rom = 0x00800000;
     struct pxa2xx_state_s *cpu;
     qemu_irq *mst_irq;
+    int index;
 
     if (!cpu_model)
         cpu_model = "pxa270-c5";
@@ -283,7 +48,34 @@
     /* Setup initial (reset) machine state */
     cpu->env->regs[15] = PXA2XX_SDRAM_BASE;
 
-    mst_irq = mst_irq_init(cpu, MST_BASE, PXA2XX_PIC_GPIO_0);
+    /* There are two 32MiB flash devices on the board */
+    index = drive_get_index(IF_PFLASH, 0, 0);
+    if (index == -1) {
+        fprintf(stderr, "Two flash images must be given with the "
+                "'pflash' parameter\n");
+        exit(1);
+    }
+    if (!pflash_register(MST_FLASH_0, mainstone_ram + PXA2XX_INTERNAL_SIZE,
+                         drives_table[index].bdrv,
+                         256 * 1024, 128, 4, 0, 0, 0, 0)) {
+        fprintf(stderr, "qemu: Error registering flash memory.\n");
+        exit(1);
+    }
+
+    index = drive_get_index(IF_PFLASH, 0, 1);
+    if (index == -1) {
+        fprintf(stderr, "Two flash images must be given with the "
+                "'pflash' parameter\n");
+        exit(1);
+    }
+    if (!pflash_register(MST_FLASH_1, mainstone_ram + PXA2XX_INTERNAL_SIZE,
+                         drives_table[index].bdrv,
+                         256 * 1024, 128, 4, 0, 0, 0, 0)) {
+        fprintf(stderr, "qemu: Error registering flash memory.\n");
+        exit(1);
+    }
+
+    mst_irq = mst_irq_init(cpu, MST_FPGA_PHYS, PXA2XX_PIC_GPIO_0);
     smc91c111_init(&nd_table[0], MST_ETH_PHYS, mst_irq[ETHERNET_IRQ]);
 
     arm_load_kernel(cpu->env, mainstone_ram, kernel_filename, kernel_cmdline,

Added: trunk/src/host/qemu-neo1973/hw/mainstone.h
===================================================================
--- trunk/src/host/qemu-neo1973/hw/mainstone.h	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/hw/mainstone.h	2007-12-04 03:17:20 UTC (rev 3555)
@@ -0,0 +1,25 @@
+/*
+ * PXA270-based Intel Mainstone platforms.
+ *
+ * Copyright (c) 2007 by Armin Kuster <akuster at kama-aina.net> or
+ *                                    <akuster at mvista.com>
+ *
+ * This code is licensed under the GNU GPL v2.
+ */
+
+#ifndef __MAINSTONE_H__
+#define __MAINSTONE_H__
+
+/* Device addresses */
+#define MST_FPGA_PHYS	0x08000000
+#define MST_ETH_PHYS	0x10000300
+#define MST_FLASH_0		0x00000000
+#define MST_FLASH_1		0x04000000
+
+/* IRQ definitions */
+#define ETHERNET_IRQ	3
+
+extern qemu_irq
+*mst_irq_init(struct pxa2xx_state_s *cpu, uint32_t base, int irq);
+
+#endif /* __MAINSTONE_H__ */

Modified: trunk/src/host/qemu-neo1973/hw/mips_malta.c
===================================================================
--- trunk/src/host/qemu-neo1973/hw/mips_malta.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/hw/mips_malta.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -53,6 +53,8 @@
 #define ENVP_NB_ENTRIES	 	16
 #define ENVP_ENTRY_SIZE	 	256
 
+#define MAX_IDE_BUS 2
+
 extern FILE *logfile;
 
 typedef struct {
@@ -776,6 +778,9 @@
     uint8_t *eeprom_buf;
     i2c_bus *smbus;
     int i;
+    int index;
+    BlockDriverState *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
+    BlockDriverState *fd[MAX_FD];
 
     /* init CPUs */
     if (cpu_model == NULL) {
@@ -862,8 +867,22 @@
     pci_bus = pci_gt64120_init(i8259);
 
     /* Southbridge */
+
+    if (drive_get_max_bus(IF_IDE) >= MAX_IDE_BUS) {
+        fprintf(stderr, "qemu: too many IDE bus\n");
+        exit(1);
+    }
+
+    for(i = 0; i < MAX_IDE_BUS * MAX_IDE_DEVS; i++) {
+        index = drive_get_index(IF_IDE, i / MAX_IDE_DEVS, i % MAX_IDE_DEVS);
+        if (index != -1)
+            hd[i] = drives_table[index].bdrv;
+        else
+            hd[i] = NULL;
+    }
+
     piix4_devfn = piix4_init(pci_bus, 80);
-    pci_piix4_ide_init(pci_bus, bs_table, piix4_devfn + 1, i8259);
+    pci_piix4_ide_init(pci_bus, hd, piix4_devfn + 1, i8259);
     usb_uhci_piix4_init(pci_bus, piix4_devfn + 2);
     smbus = piix4_pm_init(pci_bus, piix4_devfn + 3, 0x1100);
     eeprom_buf = qemu_mallocz(8 * 256); /* XXX: make this persistent */
@@ -883,7 +902,14 @@
         serial_init(0x2f8, i8259[3], serial_hds[1]);
     if (parallel_hds[0])
         parallel_init(0x378, i8259[7], parallel_hds[0]);
-    floppy_controller = fdctrl_init(i8259[6], 2, 0, 0x3f0, fd_table);
+    for(i = 0; i < MAX_FD; i++) {
+        index = drive_get_index(IF_FLOPPY, 0, i);
+       if (index != -1)
+           fd[i] = drives_table[index].bdrv;
+       else
+           fd[i] = NULL;
+    }
+    floppy_controller = fdctrl_init(i8259[6], 2, 0, 0x3f0, fd);
 
     /* Sound card */
 #ifdef HAS_AUDIO

Modified: trunk/src/host/qemu-neo1973/hw/mips_pica61.c
===================================================================
--- trunk/src/host/qemu-neo1973/hw/mips_pica61.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/hw/mips_pica61.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -44,6 +44,9 @@
 
 #define VIRT_TO_PHYS_ADDEND (-((int64_t)(int32_t)0x80000000))
 
+#define MAX_IDE_BUS 2
+#define MAX_FD 2
+
 static const int ide_iobase[2] = { 0x1f0, 0x170 };
 static const int ide_iobase2[2] = { 0x3f6, 0x376 };
 static const int ide_irq[2] = { 14, 15 };
@@ -72,6 +75,8 @@
     int i;
     int available_ram;
     qemu_irq *i8259;
+    int index;
+    BlockDriverState *fd[MAX_FD];
 
     /* init CPUs */
     if (cpu_model == NULL) {
@@ -141,9 +146,20 @@
     i8042_mm_init(i8259[6], i8259[7], 0x80005060, 0);
 
     /* IDE controller */
-    for(i = 0; i < 2; i++)
+
+    if (drive_get_max_bus(IF_IDE) >= MAX_IDE_BUS) {
+        fprintf(stderr, "qemu: too many IDE bus\n");
+        exit(1);
+    }
+
+    for(i = 0; i < MAX_IDE_BUS; i++) {
+        int hd0, hd1;
+        hd0 = drive_get_index(IF_IDE, i, 0);
+        hd1 = drive_get_index(IF_IDE, i, 1);
         isa_ide_init(ide_iobase[i], ide_iobase2[i], i8259[ide_irq[i]],
-                     bs_table[2 * i], bs_table[2 * i + 1]);
+                     hd0 == -1 ? NULL : drives_table[hd0].bdrv,
+                     hd1 == -1 ? NULL : drives_table[hd1].bdrv);
+    }
 
     /* Network controller */
     /* FIXME: missing NS SONIC DP83932 */
@@ -152,7 +168,15 @@
     /* FIXME: missing NCR 53C94 */
 
     /* ISA devices (floppy, serial, parallel) */
-    fdctrl_init(i8259[1], 1, 1, 0x80003000, fd_table);
+
+    for (i = 0; i < MAX_FD; i++) {
+        index = drive_get_index(IF_FLOPPY, 0, i);
+        if (index == -1)
+            fd[i] = NULL;
+        else
+            fd[i] = drives_table[index].bdrv;
+    }
+    fdctrl_init(i8259[1], 1, 1, 0x80003000, fd);
     for(i = 0; i < MAX_SERIAL_PORTS; i++) {
         if (serial_hds[i]) {
             serial_mm_init(serial_base[i], 0, i8259[serial_irq[i]], serial_hds[i], 1);

Modified: trunk/src/host/qemu-neo1973/hw/mips_r4k.c
===================================================================
--- trunk/src/host/qemu-neo1973/hw/mips_r4k.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/hw/mips_r4k.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -25,6 +25,8 @@
 
 #define VIRT_TO_PHYS_ADDEND (-((int64_t)(int32_t)0x80000000))
 
+#define MAX_IDE_BUS 2
+
 static const int ide_iobase[2] = { 0x1f0, 0x170 };
 static const int ide_iobase2[2] = { 0x3f6, 0x376 };
 static const int ide_irq[2] = { 14, 15 };
@@ -155,6 +157,8 @@
     RTCState *rtc_state;
     int i;
     qemu_irq *i8259;
+    int index;
+    BlockDriverState *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
 
     /* init CPUs */
     if (cpu_model == NULL) {
@@ -245,9 +249,23 @@
         }
     }
 
-    for(i = 0; i < 2; i++)
+    if (drive_get_max_bus(IF_IDE) >= MAX_IDE_BUS) {
+        fprintf(stderr, "qemu: too many IDE bus\n");
+        exit(1);
+    }
+
+    for(i = 0; i < MAX_IDE_BUS * MAX_IDE_DEVS; i++) {
+        index = drive_get_index(IF_IDE, i / MAX_IDE_DEVS, i % MAX_IDE_DEVS);
+        if (index != -1)
+            hd[i] = drives_table[index].bdrv;
+        else
+            hd[i] = NULL;
+    }
+
+    for(i = 0; i < MAX_IDE_BUS; i++)
         isa_ide_init(ide_iobase[i], ide_iobase2[i], i8259[ide_irq[i]],
-                     bs_table[2 * i], bs_table[2 * i + 1]);
+                     hd[MAX_IDE_DEVS * i],
+		     hd[MAX_IDE_DEVS * i + 1]);
 
     i8042_init(i8259[1], i8259[12], 0x60);
     ds1225y_init(0x9000, "nvram");

Added: trunk/src/host/qemu-neo1973/hw/mst_fpga.c
===================================================================
--- trunk/src/host/qemu-neo1973/hw/mst_fpga.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/hw/mst_fpga.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -0,0 +1,246 @@
+/*
+ * PXA270-based Intel Mainstone platforms.
+ * FPGA driver
+ *
+ * Copyright (c) 2007 by Armin Kuster <akuster at kama-aina.net> or
+ *                                    <akuster at mvista.com>
+ *
+ * This code is licensed under the GNU GPL v2.
+ */
+#include "hw.h"
+#include "pxa.h"
+#include "mainstone.h"
+
+/* Mainstone FPGA for extern irqs */
+#define FPGA_GPIO_PIN	0
+#define MST_NUM_IRQS	16
+#define MST_BASE		MST_FPGA_PHYS
+#define MST_LEDDAT1		0x10
+#define MST_LEDDAT2		0x14
+#define MST_LEDCTRL		0x40
+#define MST_GPSWR		0x60
+#define MST_MSCWR1		0x80
+#define MST_MSCWR2		0x84
+#define MST_MSCWR3		0x88
+#define MST_MSCRD		0x90
+#define MST_INTMSKENA	0xc0
+#define MST_INTSETCLR	0xd0
+#define MST_PCMCIA0		0xe0
+#define MST_PCMCIA1		0xe4
+
+typedef struct mst_irq_state{
+	target_phys_addr_t target_base;
+	qemu_irq *parent;
+	qemu_irq *pins;
+
+	uint32_t prev_level;
+	uint32_t leddat1;
+	uint32_t leddat2;
+	uint32_t ledctrl;
+	uint32_t gpswr;
+	uint32_t mscwr1;
+	uint32_t mscwr2;
+	uint32_t mscwr3;
+	uint32_t mscrd;
+	uint32_t intmskena;
+	uint32_t intsetclr;
+	uint32_t pcmcia0;
+	uint32_t pcmcia1;
+}mst_irq_state;
+
+static void
+mst_fpga_update_gpio(mst_irq_state *s)
+{
+	uint32_t level, diff;
+	int bit;
+	level = s->prev_level ^ s->intsetclr;
+
+	for (diff = s->prev_level ^ level; diff; diff ^= 1 << bit) {
+		bit = ffs(diff) - 1;
+		qemu_set_irq(s->pins[bit], (level >> bit) & 1 );
+	}
+	s->prev_level = level;
+}
+
+static void
+mst_fpga_set_irq(void *opaque, int irq, int level)
+{
+	mst_irq_state *s = (mst_irq_state *)opaque;
+
+	if (level)
+		s->prev_level |= 1u << irq;
+	else
+		s->prev_level &= ~(1u << irq);
+
+	if(s->intmskena & (1u << irq)) {
+		s->intsetclr = 1u << irq;
+		qemu_set_irq(s->parent[0], level);
+	}
+}
+
+
+static uint32_t
+mst_fpga_readb(void *opaque, target_phys_addr_t addr)
+{
+	mst_irq_state *s = (mst_irq_state *) opaque;
+	addr -= s->target_base;
+
+	switch (addr) {
+	case MST_LEDDAT1:
+		return s->leddat1;
+	case MST_LEDDAT2:
+		return s->leddat2;
+	case MST_LEDCTRL:
+		return s->ledctrl;
+	case MST_GPSWR:
+		return s->gpswr;
+	case MST_MSCWR1:
+		return s->mscwr1;
+	case MST_MSCWR2:
+		return s->mscwr2;
+	case MST_MSCWR3:
+		return s->mscwr3;
+	case MST_MSCRD:
+		return s->mscrd;
+	case MST_INTMSKENA:
+		return s->intmskena;
+	case MST_INTSETCLR:
+		return s->intsetclr;
+	case MST_PCMCIA0:
+		return s->pcmcia0;
+	case MST_PCMCIA1:
+		return s->pcmcia1;
+	default:
+		printf("Mainstone - mst_fpga_readb: Bad register offset "
+			REG_FMT " \n", addr);
+	}
+	return 0;
+}
+
+static void
+mst_fpga_writeb(void *opaque, target_phys_addr_t addr, uint32_t value)
+{
+	mst_irq_state *s = (mst_irq_state *) opaque;
+	addr -= s->target_base;
+	value &= 0xffffffff;
+
+	switch (addr) {
+	case MST_LEDDAT1:
+		s->leddat1 = value;
+		break;
+	case MST_LEDDAT2:
+		s->leddat2 = value;
+		break;
+	case MST_LEDCTRL:
+		s->ledctrl = value;
+		break;
+	case MST_GPSWR:
+		s->gpswr = value;
+		break;
+	case MST_MSCWR1:
+		s->mscwr1 = value;
+		break;
+	case MST_MSCWR2:
+		s->mscwr2 = value;
+		break;
+	case MST_MSCWR3:
+		s->mscwr3 = value;
+		break;
+	case MST_MSCRD:
+		s->mscrd =  value;
+		break;
+	case MST_INTMSKENA:	/* Mask interupt */
+		s->intmskena = (value & 0xFEEFF);
+		mst_fpga_update_gpio(s);
+		break;
+	case MST_INTSETCLR:	/* clear or set interrupt */
+		s->intsetclr = (value & 0xFEEFF);
+		break;
+	case MST_PCMCIA0:
+		s->pcmcia0 = value;
+		break;
+	case MST_PCMCIA1:
+		s->pcmcia1 = value;
+		break;
+	default:
+		printf("Mainstone - mst_fpga_writeb: Bad register offset "
+			REG_FMT " \n", addr);
+	}
+}
+
+CPUReadMemoryFunc *mst_fpga_readfn[] = {
+	mst_fpga_readb,
+	mst_fpga_readb,
+	mst_fpga_readb,
+};
+CPUWriteMemoryFunc *mst_fpga_writefn[] = {
+	mst_fpga_writeb,
+	mst_fpga_writeb,
+	mst_fpga_writeb,
+};
+
+static void
+mst_fpga_save(QEMUFile *f, void *opaque)
+{
+	struct mst_irq_state *s = (mst_irq_state *) opaque;
+
+	qemu_put_be32s(f, &s->prev_level);
+	qemu_put_be32s(f, &s->leddat1);
+	qemu_put_be32s(f, &s->leddat2);
+	qemu_put_be32s(f, &s->ledctrl);
+	qemu_put_be32s(f, &s->gpswr);
+	qemu_put_be32s(f, &s->mscwr1);
+	qemu_put_be32s(f, &s->mscwr2);
+	qemu_put_be32s(f, &s->mscwr3);
+	qemu_put_be32s(f, &s->mscrd);
+	qemu_put_be32s(f, &s->intmskena);
+	qemu_put_be32s(f, &s->intsetclr);
+	qemu_put_be32s(f, &s->pcmcia0);
+	qemu_put_be32s(f, &s->pcmcia1);
+}
+
+static int
+mst_fpga_load(QEMUFile *f, void *opaque, int version_id)
+{
+	mst_irq_state *s = (mst_irq_state *) opaque;
+
+	qemu_get_be32s(f, &s->prev_level);
+	qemu_get_be32s(f, &s->leddat1);
+	qemu_get_be32s(f, &s->leddat2);
+	qemu_get_be32s(f, &s->ledctrl);
+	qemu_get_be32s(f, &s->gpswr);
+	qemu_get_be32s(f, &s->mscwr1);
+	qemu_get_be32s(f, &s->mscwr2);
+	qemu_get_be32s(f, &s->mscwr3);
+	qemu_get_be32s(f, &s->mscrd);
+	qemu_get_be32s(f, &s->intmskena);
+	qemu_get_be32s(f, &s->intsetclr);
+	qemu_get_be32s(f, &s->pcmcia0);
+	qemu_get_be32s(f, &s->pcmcia1);
+	return 0;
+}
+
+qemu_irq *mst_irq_init(struct pxa2xx_state_s *cpu, uint32_t base, int irq)
+{
+	mst_irq_state *s;
+	int iomemtype;
+	qemu_irq *qi;
+
+	s = (mst_irq_state  *)
+		qemu_mallocz(sizeof(mst_irq_state));
+
+	if (!s)
+		return NULL;
+	s->target_base = base;
+	s->parent = &cpu->pic[irq];
+
+	/* alloc the external 16 irqs */
+	qi  = qemu_allocate_irqs(mst_fpga_set_irq, s, MST_NUM_IRQS);
+	s->pins = qi;
+
+	iomemtype = cpu_register_io_memory(0, mst_fpga_readfn,
+		mst_fpga_writefn, s);
+	cpu_register_physical_memory(MST_BASE, 0x00100000, iomemtype);
+	register_savevm("mainstone_fpga", 0, 0, mst_fpga_save, mst_fpga_load, s);
+	return qi;
+}

Modified: trunk/src/host/qemu-neo1973/hw/nand.c
===================================================================
--- trunk/src/host/qemu-neo1973/hw/nand.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/hw/nand.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -443,14 +443,20 @@
 {
     int pagesize;
     struct nand_flash_s *s;
+    int index;
 
     if (nand_flash_ids[chip_id].size == 0) {
         cpu_abort(cpu_single_env, "%s: Unsupported NAND chip ID.\n",
                         __FUNCTION__);
     }
+    index = drive_get_index(IF_MTD, 0, 0);
+    if (index == -1) {
+        cpu_abort(cpu_single_env, "%s: missing MTD device\n",
+                        __FUNCTION__);
+    }
 
     s = (struct nand_flash_s *) qemu_mallocz(sizeof(struct nand_flash_s));
-    s->bdrv = mtd_bdrv;
+    s->bdrv = drives_table[index].bdrv;
     s->manf_id = manf_id;
     s->chip_id = chip_id;
     s->size = nand_flash_ids[s->chip_id].size << 20;

Modified: trunk/src/host/qemu-neo1973/hw/omap.c
===================================================================
--- trunk/src/host/qemu-neo1973/hw/omap.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/hw/omap.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -4901,6 +4901,7 @@
     struct omap_mpu_state_s *s = (struct omap_mpu_state_s *)
             qemu_mallocz(sizeof(struct omap_mpu_state_s));
     ram_addr_t imif_base, emiff_base;
+    int sdindex;
     
     if (!core)
         core = "ti925t";
@@ -4997,8 +4998,14 @@
     omap_dpll_init(&s->dpll[1], 0xfffed000, omap_findclk(s, "dpll2"));
     omap_dpll_init(&s->dpll[2], 0xfffed100, omap_findclk(s, "dpll3"));
 
-    s->mmc = omap_mmc_init(0xfffb7800, sd_bdrv, s->irq[1][OMAP_INT_OQN],
-                    &s->drq[OMAP_DMA_MMC_TX], omap_findclk(s, "mmc_ck"));
+    sdindex = drive_get_index(IF_SD, 0, 0);
+    if (sdindex == -1) {
+        fprintf(stderr, "qemu: missing SecureDigital device\n");
+        exit(1);
+    }
+    s->mmc = omap_mmc_init(0xfffb7800, drives_table[sdindex].bdrv,
+                    s->irq[1][OMAP_INT_OQN], &s->drq[OMAP_DMA_MMC_TX],
+                    omap_findclk(s, "mmc_ck"));
 
     s->mpuio = omap_mpuio_init(0xfffb5000,
                     s->irq[1][OMAP_INT_KEYBOARD], s->irq[1][OMAP_INT_MPUIO],

Modified: trunk/src/host/qemu-neo1973/hw/pc.c
===================================================================
--- trunk/src/host/qemu-neo1973/hw/pc.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/hw/pc.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -42,6 +42,8 @@
 /* Leave a chunk of memory at the top of RAM for the BIOS ACPI tables.  */
 #define ACPI_DATA_SIZE       0x10000
 
+#define MAX_IDE_BUS 2
+
 static fdctrl_t *floppy_controller;
 static RTCState *rtc_state;
 static PITState *pit;
@@ -381,8 +383,10 @@
 {
     uint8_t bootsect[512], *p;
     int i;
+    int hda;
 
-    if (bs_table[0] == NULL) {
+    hda = drive_get_index(IF_IDE, 0, 0);
+    if (hda == -1) {
 	fprintf(stderr, "A disk image must be given for 'hda' when booting "
 		"a Linux kernel\n");
 	exit(1);
@@ -391,7 +395,7 @@
     memset(bootsect, 0, sizeof(bootsect));
 
     /* Copy the MSDOS partition table if possible */
-    bdrv_read(bs_table[0], 0, bootsect, 1);
+    bdrv_read(drives_table[hda].bdrv, 0, bootsect, 1);
 
     /* Make sure we have a partition signature */
     bootsect[510] = 0x55;
@@ -428,7 +432,7 @@
     *p++ = segs[1];		/* CS */
     *p++ = segs[1] >> 8;
 
-    bdrv_set_boot_sector(bs_table[0], bootsect, sizeof(bootsect));
+    bdrv_set_boot_sector(drives_table[hda].bdrv, bootsect, sizeof(bootsect));
 }
 
 static int load_kernel(const char *filename, uint8_t *addr,
@@ -709,6 +713,9 @@
     NICInfo *nd;
     qemu_irq *cpu_irq;
     qemu_irq *i8259;
+    int index;
+    BlockDriverState *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
+    BlockDriverState *fd[MAX_FD];
 
     linux_boot = (kernel_filename != NULL);
 
@@ -926,12 +933,25 @@
         }
     }
 
+    if (drive_get_max_bus(IF_IDE) >= MAX_IDE_BUS) {
+        fprintf(stderr, "qemu: too many IDE bus\n");
+        exit(1);
+    }
+
+    for(i = 0; i < MAX_IDE_BUS * MAX_IDE_DEVS; i++) {
+        index = drive_get_index(IF_IDE, i / MAX_IDE_DEVS, i % MAX_IDE_DEVS);
+	if (index != -1)
+	    hd[i] = drives_table[index].bdrv;
+	else
+	    hd[i] = NULL;
+    }
+
     if (pci_enabled) {
-        pci_piix3_ide_init(pci_bus, bs_table, piix3_devfn + 1, i8259);
+        pci_piix3_ide_init(pci_bus, hd, piix3_devfn + 1, i8259);
     } else {
-        for(i = 0; i < 2; i++) {
+        for(i = 0; i < MAX_IDE_BUS; i++) {
             isa_ide_init(ide_iobase[i], ide_iobase2[i], i8259[ide_irq[i]],
-                         bs_table[2 * i], bs_table[2 * i + 1]);
+	                 hd[MAX_IDE_DEVS * i], hd[MAX_IDE_DEVS * i + 1]);
         }
     }
 
@@ -941,9 +961,16 @@
     audio_init(pci_enabled ? pci_bus : NULL, i8259);
 #endif
 
-    floppy_controller = fdctrl_init(i8259[6], 2, 0, 0x3f0, fd_table);
+    for(i = 0; i < MAX_FD; i++) {
+        index = drive_get_index(IF_FLOPPY, 0, i);
+	if (index != -1)
+	    fd[i] = drives_table[index].bdrv;
+	else
+	    fd[i] = NULL;
+    }
+    floppy_controller = fdctrl_init(i8259[6], 2, 0, 0x3f0, fd);
 
-    cmos_init(ram_size, boot_device, bs_table);
+    cmos_init(ram_size, boot_device, hd);
 
     if (pci_enabled && usb_enabled) {
         usb_uhci_piix3_init(pci_bus, piix3_devfn + 2);
@@ -963,23 +990,24 @@
     if (i440fx_state) {
         i440fx_init_memory_mappings(i440fx_state);
     }
-#if 0
-    /* ??? Need to figure out some way for the user to
-       specify SCSI devices.  */
+
     if (pci_enabled) {
+	int max_bus;
+        int bus, unit;
         void *scsi;
-        BlockDriverState *bdrv;
 
-        scsi = lsi_scsi_init(pci_bus, -1);
-        bdrv = bdrv_new("scsidisk");
-        bdrv_open(bdrv, "scsi_disk.img", 0);
-        lsi_scsi_attach(scsi, bdrv, -1);
-        bdrv = bdrv_new("scsicd");
-        bdrv_open(bdrv, "scsi_cd.iso", 0);
-        bdrv_set_type_hint(bdrv, BDRV_TYPE_CDROM);
-        lsi_scsi_attach(scsi, bdrv, -1);
+        max_bus = drive_get_max_bus(IF_SCSI);
+
+	for (bus = 0; bus <= max_bus; bus++) {
+            scsi = lsi_scsi_init(pci_bus, -1);
+            for (unit = 0; unit < LSI_MAX_DEVS; unit++) {
+	        index = drive_get_index(IF_SCSI, bus, unit);
+		if (index == -1)
+		    continue;
+		lsi_scsi_attach(scsi, drives_table[index].bdrv, unit);
+	    }
+        }
     }
-#endif
 }
 
 static void pc_init_pci(int ram_size, int vga_ram_size,

Modified: trunk/src/host/qemu-neo1973/hw/pci.h
===================================================================
--- trunk/src/host/qemu-neo1973/hw/pci.h	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/hw/pci.h	2007-12-04 03:17:20 UTC (rev 3555)
@@ -97,6 +97,7 @@
                         pci_map_irq_fn map_irq, const char *name);
 
 /* lsi53c895a.c */
+#define LSI_MAX_DEVS 7
 void lsi_scsi_attach(void *opaque, BlockDriverState *bd, int id);
 void *lsi_scsi_init(PCIBus *bus, int devfn);
 

Modified: trunk/src/host/qemu-neo1973/hw/ppc405_boards.c
===================================================================
--- trunk/src/host/qemu-neo1973/hw/ppc405_boards.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/hw/ppc405_boards.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -197,6 +197,7 @@
     int linux_boot;
     int fl_idx, fl_sectors, len;
     int ppc_boot_device = boot_device[0];
+    int index;
 
     /* XXX: fix this */
     ram_bases[0] = 0x00000000;
@@ -223,17 +224,18 @@
     bios_offset = sram_offset + sram_size;
     fl_idx = 0;
 #ifdef USE_FLASH_BIOS
-    if (pflash_table[fl_idx] != NULL) {
-        bios_size = bdrv_getlength(pflash_table[fl_idx]);
+    index = drive_get_index(IF_PFLASH, 0, fl_idx);
+    if (index != -1) {
+        bios_size = bdrv_getlength(drives_table[index].bdrv);
         fl_sectors = (bios_size + 65535) >> 16;
 #ifdef DEBUG_BOARD_INIT
         printf("Register parallel flash %d size " ADDRX " at offset %08lx "
                " addr " ADDRX " '%s' %d\n",
                fl_idx, bios_size, bios_offset, -bios_size,
-               bdrv_get_device_name(pflash_table[fl_idx]), fl_sectors);
+               bdrv_get_device_name(drives_table[index].bdrv), fl_sectors);
 #endif
         pflash_register((uint32_t)(-bios_size), bios_offset,
-                        pflash_table[fl_idx], 65536, fl_sectors, 2,
+                        drives_table[index].bdrv, 65536, fl_sectors, 2,
                         0x0001, 0x22DA, 0x0000, 0x0000);
         fl_idx++;
     } else
@@ -519,6 +521,7 @@
     int linux_boot;
     int fl_idx, fl_sectors;
     int ppc_boot_device = boot_device[0];
+    int index;
 
     /* RAM is soldered to the board so the size cannot be changed */
     ram_bases[0] = 0x00000000;
@@ -536,8 +539,9 @@
 #endif
     fl_idx = 0;
 #if defined(USE_FLASH_BIOS)
-    if (pflash_table[fl_idx] != NULL) {
-        bios_size = bdrv_getlength(pflash_table[fl_idx]);
+    index = drive_get_index(IF_PFLASH, 0, fl_idx);
+    if (index != -1) {
+        bios_size = bdrv_getlength(drives_table[index].bdrv);
         /* XXX: should check that size is 2MB */
         //        bios_size = 2 * 1024 * 1024;
         fl_sectors = (bios_size + 65535) >> 16;
@@ -545,10 +549,10 @@
         printf("Register parallel flash %d size " ADDRX " at offset %08lx "
                " addr " ADDRX " '%s' %d\n",
                fl_idx, bios_size, bios_offset, -bios_size,
-               bdrv_get_device_name(pflash_table[fl_idx]), fl_sectors);
+               bdrv_get_device_name(drives_table[index].bdrv), fl_sectors);
 #endif
         pflash_register((uint32_t)(-bios_size), bios_offset,
-                        pflash_table[fl_idx], 65536, fl_sectors, 4,
+                        drives_table[index].bdrv, 65536, fl_sectors, 4,
                         0x0001, 0x22DA, 0x0000, 0x0000);
         fl_idx++;
     } else
@@ -571,8 +575,9 @@
     }
     bios_offset += bios_size;
     /* Register Linux flash */
-    if (pflash_table[fl_idx] != NULL) {
-        bios_size = bdrv_getlength(pflash_table[fl_idx]);
+    index = drive_get_index(IF_PFLASH, 0, fl_idx);
+    if (index != -1) {
+        bios_size = bdrv_getlength(drives_table[index].bdrv);
         /* XXX: should check that size is 32MB */
         bios_size = 32 * 1024 * 1024;
         fl_sectors = (bios_size + 65535) >> 16;
@@ -580,9 +585,9 @@
         printf("Register parallel flash %d size " ADDRX " at offset %08lx "
                " addr " ADDRX " '%s'\n",
                fl_idx, bios_size, bios_offset, (target_ulong)0xfc000000,
-               bdrv_get_device_name(pflash_table[fl_idx]));
+               bdrv_get_device_name(drives_table[index].bdrv));
 #endif
-        pflash_register(0xfc000000, bios_offset, pflash_table[fl_idx],
+        pflash_register(0xfc000000, bios_offset, drives_table[index].bdrv,
                         65536, fl_sectors, 4,
                         0x0001, 0x22DA, 0x0000, 0x0000);
         fl_idx++;

Modified: trunk/src/host/qemu-neo1973/hw/ppc_chrp.c
===================================================================
--- trunk/src/host/qemu-neo1973/hw/ppc_chrp.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/hw/ppc_chrp.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -32,6 +32,8 @@
 #include "sysemu.h"
 #include "boards.h"
 
+#define MAX_IDE_BUS 2
+
 /* UniN device */
 static void unin_writel (void *opaque, target_phys_addr_t addr, uint32_t value)
 {
@@ -81,6 +83,8 @@
     int pic_mem_index, dbdma_mem_index, cuda_mem_index;
     int ide_mem_index[2];
     int ppc_boot_device;
+    int index;
+    BlockDriverState *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
 
     linux_boot = (kernel_filename != NULL);
 
@@ -266,11 +270,22 @@
             nd_table[i].model = "ne2k_pci";
         pci_nic_init(pci_bus, &nd_table[i], -1);
     }
+    if (drive_get_max_bus(IF_IDE) >= MAX_IDE_BUS) {
+        fprintf(stderr, "qemu: too many IDE bus\n");
+        exit(1);
+    }
+    for(i = 0; i < MAX_IDE_BUS * MAX_IDE_DEVS; i++) {
+        index = drive_get_index(IF_IDE, i / MAX_IDE_DEVS, i % MAX_IDE_DEVS);
+        if (index != -1)
+            hd[i] = drives_table[index].bdrv;
+        else
+            hd[i] = NULL;
+    }
 #if 1
-    ide_mem_index[0] = pmac_ide_init(&bs_table[0], pic[0x13]);
-    ide_mem_index[1] = pmac_ide_init(&bs_table[2], pic[0x14]);
+    ide_mem_index[0] = pmac_ide_init(&hd[0], pic[0x13]);
+    ide_mem_index[1] = pmac_ide_init(&hd[2], pic[0x14]);
 #else
-    pci_cmd646_ide_init(pci_bus, &bs_table[0], 0);
+    pci_cmd646_ide_init(pci_bus, &hd[0], 0);
 #endif
     /* cuda also initialize ADB */
     cuda_init(&cuda_mem_index, pic[0x19]);

Modified: trunk/src/host/qemu-neo1973/hw/ppc_oldworld.c
===================================================================
--- trunk/src/host/qemu-neo1973/hw/ppc_oldworld.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/hw/ppc_oldworld.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -33,6 +33,8 @@
 #include "pci.h"
 #include "boards.h"
 
+#define MAX_IDE_BUS 2
+
 /* temporary frame buffer OSI calls for the video.x driver. The right
    solution is to modify the driver to use VGA PCI I/Os */
 /* XXX: to be removed. This is no way related to emulation */
@@ -123,6 +125,8 @@
     int pic_mem_index, nvram_mem_index, dbdma_mem_index, cuda_mem_index;
     int ide_mem_index[2];
     int ppc_boot_device;
+    BlockDriverState *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
+    int index;
 
     linux_boot = (kernel_filename != NULL);
 
@@ -292,10 +296,37 @@
     }
 
     /* First IDE channel is a CMD646 on the PCI bus */
-    pci_cmd646_ide_init(pci_bus, &bs_table[0], 0);
+
+    if (drive_get_max_bus(IF_IDE) >= MAX_IDE_BUS) {
+        fprintf(stderr, "qemu: too many IDE bus\n");
+        exit(1);
+    }
+    index = drive_get_index(IF_IDE, 0, 0);
+    if (index == -1)
+        hd[0] = NULL;
+    else
+        hd[0] =  drives_table[index].bdrv;
+    index = drive_get_index(IF_IDE, 0, 1);
+    if (index == -1)
+        hd[1] = NULL;
+    else
+        hd[1] =  drives_table[index].bdrv;
+    hd[3] = hd[2] = NULL;
+    pci_cmd646_ide_init(pci_bus, hd, 0);
+
     /* Second IDE channel is a MAC IDE on the MacIO bus */
+    index = drive_get_index(IF_IDE, 1, 0);
+    if (index == -1)
+        hd[0] = NULL;
+    else
+        hd[0] =  drives_table[index].bdrv;
+    index = drive_get_index(IF_IDE, 1, 1);
+    if (index == -1)
+        hd[1] = NULL;
+    else
+        hd[1] =  drives_table[index].bdrv;
     ide_mem_index[0] = -1;
-    ide_mem_index[1] = pmac_ide_init(&bs_table[2], pic[0x0D]);
+    ide_mem_index[1] = pmac_ide_init(hd, pic[0x0D]);
 
     /* cuda also initialize ADB */
     cuda_init(&cuda_mem_index, pic[0x12]);

Modified: trunk/src/host/qemu-neo1973/hw/ppc_prep.c
===================================================================
--- trunk/src/host/qemu-neo1973/hw/ppc_prep.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/hw/ppc_prep.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -38,6 +38,8 @@
 /* SMP is not enabled, for now */
 #define MAX_CPUS 1
 
+#define MAX_IDE_BUS 2
+
 #define BIOS_FILENAME "ppc_rom.bin"
 #define KERNEL_LOAD_ADDR 0x01000000
 #define INITRD_LOAD_ADDR 0x01800000
@@ -551,6 +553,9 @@
     PCIBus *pci_bus;
     qemu_irq *i8259;
     int ppc_boot_device;
+    int index;
+    BlockDriverState *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
+    BlockDriverState *fd[MAX_FD];
 
     sysctrl = qemu_mallocz(sizeof(sysctrl_t));
     if (sysctrl == NULL)
@@ -675,16 +680,37 @@
         }
     }
 
-    for(i = 0; i < 2; i++) {
+    if (drive_get_max_bus(IF_IDE) >= MAX_IDE_BUS) {
+        fprintf(stderr, "qemu: too many IDE bus\n");
+        exit(1);
+    }
+
+    for(i = 0; i < MAX_IDE_BUS * MAX_IDE_DEVS; i++) {
+        index = drive_get_index(IF_IDE, i / MAX_IDE_DEVS, i % MAX_IDE_DEVS);
+        if (index != -1)
+            hd[i] = drives_table[index].bdrv;
+        else
+            hd[i] = NULL;
+    }
+
+    for(i = 0; i < MAX_IDE_BUS; i++) {
         isa_ide_init(ide_iobase[i], ide_iobase2[i], i8259[ide_irq[i]],
-                     bs_table[2 * i], bs_table[2 * i + 1]);
+                     hd[2 * i],
+		     hd[2 * i + 1]);
     }
     i8042_init(i8259[1], i8259[12], 0x60);
     DMA_init(1);
     //    AUD_init();
     //    SB16_init();
 
-    fdctrl_init(i8259[6], 2, 0, 0x3f0, fd_table);
+    for(i = 0; i < MAX_FD; i++) {
+        index = drive_get_index(IF_FLOPPY, 0, i);
+        if (index != -1)
+            fd[i] = drives_table[index].bdrv;
+        else
+            fd[i] = NULL;
+    }
+    fdctrl_init(i8259[6], 2, 0, 0x3f0, fd);
 
     /* Register speaker port */
     register_ioport_read(0x61, 1, 1, speaker_ioport_read, NULL);

Modified: trunk/src/host/qemu-neo1973/hw/pxa2xx.c
===================================================================
--- trunk/src/host/qemu-neo1973/hw/pxa2xx.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/hw/pxa2xx.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -2037,6 +2037,7 @@
     struct pxa2xx_state_s *s;
     struct pxa2xx_ssp_s *ssp;
     int iomemtype, i;
+    int index;
     s = (struct pxa2xx_state_s *) qemu_mallocz(sizeof(struct pxa2xx_state_s));
 
     if (revision && strncmp(revision, "pxa27", 5)) {
@@ -2071,8 +2072,13 @@
 
     s->gpio = pxa2xx_gpio_init(0x40e00000, s->env, s->pic, 121);
 
-    s->mmc = pxa2xx_mmci_init(0x41100000, sd_bdrv, s->pic[PXA2XX_PIC_MMC],
-                              s->dma);
+    index = drive_get_index(IF_SD, 0, 0);
+    if (index == -1) {
+        fprintf(stderr, "qemu: missing SecureDigital device\n");
+        exit(1);
+    }
+    s->mmc = pxa2xx_mmci_init(0x41100000, drives_table[index].bdrv,
+                              s->pic[PXA2XX_PIC_MMC], s->dma);
 
     for (i = 0; pxa270_serial[i].io_base; i ++)
         if (serial_hds[i])
@@ -2161,6 +2167,7 @@
     struct pxa2xx_state_s *s;
     struct pxa2xx_ssp_s *ssp;
     int iomemtype, i;
+    int index;
 
     s = (struct pxa2xx_state_s *) qemu_mallocz(sizeof(struct pxa2xx_state_s));
 
@@ -2188,8 +2195,13 @@
 
     s->gpio = pxa2xx_gpio_init(0x40e00000, s->env, s->pic, 85);
 
-    s->mmc = pxa2xx_mmci_init(0x41100000, sd_bdrv, s->pic[PXA2XX_PIC_MMC],
-                              s->dma);
+    index = drive_get_index(IF_SD, 0, 0);
+    if (index == -1) {
+        fprintf(stderr, "qemu: missing SecureDigital device\n");
+        exit(1);
+    }
+    s->mmc = pxa2xx_mmci_init(0x41100000, drives_table[index].bdrv,
+                              s->pic[PXA2XX_PIC_MMC], s->dma);
 
     for (i = 0; pxa255_serial[i].io_base; i ++)
         if (serial_hds[i])

Modified: trunk/src/host/qemu-neo1973/hw/realview.c
===================================================================
--- trunk/src/host/qemu-neo1973/hw/realview.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/hw/realview.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -32,6 +32,7 @@
     int done_smc = 0;
     qemu_irq cpu_irq[4];
     int ncpu;
+    int index;
 
     if (!cpu_model)
         cpu_model = "arm926";
@@ -89,7 +90,12 @@
 
     pl110_init(ds, 0x10020000, pic[23], 1);
 
-    pl181_init(0x10005000, sd_bdrv, pic[17], pic[18]);
+    index = drive_get_index(IF_SD, 0, 0);
+    if (index == -1) {
+        fprintf(stderr, "qemu: missing SecureDigital card\n");
+        exit(1);
+    }
+    pl181_init(0x10005000, drives_table[index].bdrv, pic[17], pic[18]);
 
     pl031_init(0x10017000, pic[10]);
 
@@ -97,11 +103,16 @@
     if (usb_enabled) {
         usb_ohci_init_pci(pci_bus, 3, -1);
     }
+    if (drive_get_max_bus(IF_SCSI) > 0) {
+        fprintf(stderr, "qemu: too many SCSI bus\n");
+        exit(1);
+    }
     scsi_hba = lsi_scsi_init(pci_bus, -1);
-    for (n = 0; n < MAX_DISKS; n++) {
-        if (bs_table[n]) {
-            lsi_scsi_attach(scsi_hba, bs_table[n], n);
-        }
+    for (n = 0; n < LSI_MAX_DEVS; n++) {
+        index = drive_get_index(IF_SCSI, 0, n);
+        if (index == -1)
+            continue;
+        lsi_scsi_attach(scsi_hba, drives_table[index].bdrv, n);
     }
     for(n = 0; n < nb_nics; n++) {
         nd = &nd_table[n];

Modified: trunk/src/host/qemu-neo1973/hw/s3c2410.c
===================================================================
--- trunk/src/host/qemu-neo1973/hw/s3c2410.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/hw/s3c2410.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -2836,7 +2836,7 @@
 struct s3c_state_s *s3c2410_init(unsigned int sdram_size, DisplayState *ds)
 {
     struct s3c_state_s *s;
-    int iomemtype, i;
+    int iomemtype, i, sd_idx;
     s = (struct s3c_state_s *) qemu_mallocz(sizeof(struct s3c_state_s));
 
     s->env = cpu_init("arm920t");
@@ -2908,7 +2908,11 @@
                     s->irq[S3C_PIC_SPI0], s->drq[S3C_RQ_SPI0],
                     s->irq[S3C_PIC_SPI1], s->drq[S3C_RQ_SPI1], s->io);
 
-    s->mmci = s3c_mmci_init(0x5a000000, sd_bdrv, s->irq[S3C_PIC_SDI], s->drq);
+    sd_idx = drive_get_index(IF_SD, 0, 0);
+    if (sd_idx != -1) {
+        s->mmci = s3c_mmci_init(0x5a000000, drives_table[sd_idx].bdrv,
+                        s->irq[S3C_PIC_SDI], s->drq);
+    }
 
     if (usb_enabled) {
         usb_ohci_init_memio(0x49000000, 3, -1, s->irq[S3C_PIC_USBH]);

Modified: trunk/src/host/qemu-neo1973/hw/sd.c
===================================================================
--- trunk/src/host/qemu-neo1973/hw/sd.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/hw/sd.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -192,7 +192,7 @@
 
 static void sd_set_ocr(SDState *sd)
 {
-    sd->ocr = 0x80fffff0;
+    sd->ocr = 0x80ffff80;
 }
 
 static void sd_set_scr(SDState *sd)

Modified: trunk/src/host/qemu-neo1973/hw/sh7750.c
===================================================================
--- trunk/src/host/qemu-neo1973/hw/sh7750.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/hw/sh7750.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -551,6 +551,8 @@
 			     _INTC_ARRAY(vectors),
 			     _INTC_ARRAY(groups));
 
+    cpu->intc_handle = &s->intc;
+
     sh_serial_init(0x1fe00000, 0, s->periph_freq, serial_hds[0]);
     sh_serial_init(0x1fe80000, SH_SERIAL_FEAT_SCIF,
 		   s->periph_freq, serial_hds[1]);

Modified: trunk/src/host/qemu-neo1973/hw/sh_intc.c
===================================================================
--- trunk/src/host/qemu-neo1973/hw/sh_intc.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/hw/sh_intc.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -14,10 +14,91 @@
 #include "sh.h"
 
 //#define DEBUG_INTC
+//#define DEBUG_INTC_SOURCES
 
 #define INTC_A7(x) ((x) & 0x1fffffff)
 #define INTC_ARRAY(x) (sizeof(x) / sizeof(x[0]))
 
+void sh_intc_toggle_source(struct intc_source *source,
+			   int enable_adj, int assert_adj)
+{
+    int enable_changed = 0;
+    int pending_changed = 0;
+    int old_pending;
+
+    if ((source->enable_count == source->enable_max) && (enable_adj == -1))
+        enable_changed = -1;
+
+    source->enable_count += enable_adj;
+
+    if (source->enable_count == source->enable_max)
+        enable_changed = 1;
+
+    source->asserted += assert_adj;
+
+    old_pending = source->pending;
+    source->pending = source->asserted &&
+      (source->enable_count == source->enable_max);
+
+    if (old_pending != source->pending)
+        pending_changed = 1;
+
+    if (pending_changed) {
+        if (source->pending) {
+            source->parent->pending++;
+	    if (source->parent->pending == 1)
+                cpu_interrupt(first_cpu, CPU_INTERRUPT_HARD);
+	}
+	else {
+            source->parent->pending--;
+	    if (source->parent->pending == 0)
+                cpu_reset_interrupt(first_cpu, CPU_INTERRUPT_HARD);
+	}
+    }
+
+  if (enable_changed || assert_adj || pending_changed) {
+#ifdef DEBUG_INTC_SOURCES
+            printf("sh_intc: (%d/%d/%d/%d) interrupt source 0x%x %s%s%s\n",
+		   source->parent->pending,
+		   source->asserted,
+		   source->enable_count,
+		   source->enable_max,
+		   source->vect,
+		   source->asserted ? "asserted " :
+		   assert_adj ? "deasserted" : "",
+		   enable_changed == 1 ? "enabled " :
+		   enable_changed == -1 ? "disabled " : "",
+		   source->pending ? "pending" : "");
+#endif
+  }
+}
+
+int sh_intc_get_pending_vector(struct intc_desc *desc, int imask)
+{
+    unsigned int i;
+
+    /* slow: use a linked lists of pending sources instead */
+    /* wrong: take interrupt priority into account (one list per priority) */
+
+    if (imask == 0x0f) {
+        return -1; /* FIXME, update code to include priority per source */
+    }
+
+    for (i = 0; i < desc->nr_sources; i++) {
+        struct intc_source *source = desc->sources + i;
+
+	if (source->pending) {
+#ifdef DEBUG_INTC_SOURCES
+            printf("sh_intc: (%d) returning interrupt source 0x%x\n",
+		   desc->pending, source->vect);
+#endif
+            return source->vect;
+	}
+    }
+
+    assert(0);
+}
+
 #define INTC_MODE_NONE       0
 #define INTC_MODE_DUAL_SET   1
 #define INTC_MODE_DUAL_CLR   2
@@ -94,50 +175,32 @@
     assert(0);
 }
 
-static void sh_intc_toggle(struct intc_desc *desc, intc_enum id,
-			   int enable, int is_group)
+static void sh_intc_toggle_mask(struct intc_desc *desc, intc_enum id,
+				int enable, int is_group)
 {
     struct intc_source *source = desc->sources + id;
-    int old = source->enable_count;
 
     if (!id)
 	return;
 
     if (!source->next_enum_id && (!source->enable_max || !source->vect)) {
-#ifdef DEBUG_INTC
+#ifdef DEBUG_INTC_SOURCES
         printf("sh_intc: reserved interrupt source %d modified\n", id);
 #endif
 	return;
     }
 
-    if (source->vect) {
-        if (enable)
-            source->enable_count++;
-	else 
-            source->enable_count--;
+    if (source->vect)
+        sh_intc_toggle_source(source, enable ? 1 : -1, 0);
 
-        if (source->enable_count == source->enable_max) {
 #ifdef DEBUG_INTC
-            printf("sh_intc: enabling interrupt source %d -> 0x%04x\n",
-		   id, source->vect);
-#endif
-	}
-
-        if (old == source->enable_max) {
-#ifdef DEBUG_INTC
-            printf("sh_intc: disabling interrupt source %d -> 0x%04x\n",
-		   id, source->vect);
-#endif
-	}
-    }
-#ifdef DEBUG_INTC
     else {
         printf("setting interrupt group %d to %d\n", id, !!enable);
     }
 #endif
 
     if ((is_group || !source->vect) && source->next_enum_id) {
-        sh_intc_toggle(desc, source->next_enum_id, enable, 1);
+        sh_intc_toggle_mask(desc, source->next_enum_id, enable, 1);
     }
 
 #ifdef DEBUG_INTC
@@ -200,7 +263,7 @@
 	printf("k = %d, first = %d, enum = %d, mask = 0x%08x\n", 
 	       k, first, enum_ids[k], (unsigned int)mask);
 #endif
-        sh_intc_toggle(desc, enum_ids[k], value & mask, 0);
+        sh_intc_toggle_mask(desc, enum_ids[k], value & mask, 0);
     }
 
     *valuep = value;
@@ -309,7 +372,7 @@
 	if (s)
 	    s->vect = vect->vect;
 
-#ifdef DEBUG_INTC
+#ifdef DEBUG_INTC_SOURCES
 	printf("sh_intc: registered source %d -> 0x%04x (%d/%d)\n",
 	       vect->enum_id, s->vect, s->enable_count, s->enable_max);
 #endif
@@ -330,7 +393,7 @@
 		s->next_enum_id = gr->enum_ids[k];
 	    }
 
-#ifdef DEBUG_INTC
+#ifdef DEBUG_INTC_SOURCES
 	    printf("sh_intc: registered group %d (%d/%d)\n",
 		   gr->enum_id, s->enable_count, s->enable_max);
 #endif
@@ -347,6 +410,7 @@
 {
     unsigned int i;
 
+    desc->pending = 0;
     desc->nr_sources = nr_sources;
     desc->mask_regs = mask_regs;
     desc->nr_mask_regs = nr_mask_regs;
@@ -359,6 +423,11 @@
         return -1;
 
     memset(desc->sources, 0, i);
+    for (i = 0; i < desc->nr_sources; i++) {
+        struct intc_source *source = desc->sources + i;
+
+        source->parent = desc;
+    }
  
     desc->iomemtype = cpu_register_io_memory(0, sh_intc_readfn,
 					     sh_intc_writefn, desc);

Modified: trunk/src/host/qemu-neo1973/hw/sh_intc.h
===================================================================
--- trunk/src/host/qemu-neo1973/hw/sh_intc.h	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/hw/sh_intc.h	2007-12-04 03:17:20 UTC (rev 3555)
@@ -35,9 +35,11 @@
     unsigned short vect;
     intc_enum next_enum_id;
 
-    int asserted;
+    int asserted; /* emulates the interrupt signal line from device to intc */
     int enable_count;
     int enable_max;
+    int pending; /* emulates the result of signal and masking */
+    struct intc_desc *parent;
 };
 
 struct intc_desc {
@@ -49,9 +51,13 @@
     int nr_prio_regs;
 
     int iomemtype;
+    int pending; /* number of interrupt sources that has pending set */
 };
 
+int sh_intc_get_pending_vector(struct intc_desc *desc, int imask);
 struct intc_source *sh_intc_source(struct intc_desc *desc, intc_enum id);
+void sh_intc_toggle_source(struct intc_source *source,
+			   int enable_adj, int assert_adj);
 
 void sh_intc_register_sources(struct intc_desc *desc,
 			      struct intc_vect *vectors,

Modified: trunk/src/host/qemu-neo1973/hw/slavio_misc.c
===================================================================
--- trunk/src/host/qemu-neo1973/hw/slavio_misc.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/hw/slavio_misc.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -50,19 +50,38 @@
     uint8_t diag, mctrl;
     uint32_t sysctrl;
     uint16_t leds;
+    target_phys_addr_t power_base;
 } MiscState;
 
 #define MISC_SIZE 1
 #define SYSCTRL_MAXADDR 3
 #define SYSCTRL_SIZE (SYSCTRL_MAXADDR + 1)
-#define LED_MAXADDR 2
+#define LED_MAXADDR 1
 #define LED_SIZE (LED_MAXADDR + 1)
 
+#define MISC_MASK 0x0fff0000
+#define MISC_LEDS 0x01600000
+#define MISC_CFG  0x01800000
+#define MISC_AUX1 0x01900000
+#define MISC_AUX2 0x01910000
+#define MISC_DIAG 0x01a00000
+#define MISC_MDM  0x01b00000
+#define MISC_SYS  0x01f00000
+
+#define AUX2_PWROFF    0x01
+#define AUX2_PWRINTCLR 0x02
+#define AUX2_PWRFAIL   0x20
+
+#define CFG_PWRINTEN   0x08
+
+#define SYS_RESET      0x01
+#define SYS_RESETSTAT  0x02
+
 static void slavio_misc_update_irq(void *opaque)
 {
     MiscState *s = opaque;
 
-    if ((s->aux2 & 0x4) && (s->config & 0x8)) {
+    if ((s->aux2 & AUX2_PWRFAIL) && (s->config & CFG_PWRINTEN)) {
         MISC_DPRINTF("Raise IRQ\n");
         qemu_irq_raise(s->irq);
     } else {
@@ -84,10 +103,10 @@
     MiscState *s = opaque;
 
     MISC_DPRINTF("Power fail: %d, config: %d\n", power_failing, s->config);
-    if (power_failing && (s->config & 0x8)) {
-        s->aux2 |= 0x4;
+    if (power_failing && (s->config & CFG_PWRINTEN)) {
+        s->aux2 |= AUX2_PWRFAIL;
     } else {
-        s->aux2 &= ~0x4;
+        s->aux2 &= ~AUX2_PWRFAIL;
     }
     slavio_misc_update_irq(s);
 }
@@ -97,38 +116,40 @@
 {
     MiscState *s = opaque;
 
-    switch (addr & 0xfff0000) {
-    case 0x1800000:
+    switch (addr & MISC_MASK) {
+    case MISC_CFG:
         MISC_DPRINTF("Write config %2.2x\n", val & 0xff);
         s->config = val & 0xff;
         slavio_misc_update_irq(s);
         break;
-    case 0x1900000:
+    case MISC_AUX1:
         MISC_DPRINTF("Write aux1 %2.2x\n", val & 0xff);
         s->aux1 = val & 0xff;
         break;
-    case 0x1910000:
-        val &= 0x3;
+    case MISC_AUX2:
+        val &= AUX2_PWRINTCLR | AUX2_PWROFF;
         MISC_DPRINTF("Write aux2 %2.2x\n", val);
-        val |= s->aux2 & 0x4;
-        if (val & 0x2) // Clear Power Fail int
-            val &= 0x1;
+        val |= s->aux2 & AUX2_PWRFAIL;
+        if (val & AUX2_PWRINTCLR) // Clear Power Fail int
+            val &= AUX2_PWROFF;
         s->aux2 = val;
-        if (val & 1)
+        if (val & AUX2_PWROFF)
             qemu_system_shutdown_request();
         slavio_misc_update_irq(s);
         break;
-    case 0x1a00000:
+    case MISC_DIAG:
         MISC_DPRINTF("Write diag %2.2x\n", val & 0xff);
         s->diag = val & 0xff;
         break;
-    case 0x1b00000:
+    case MISC_MDM:
         MISC_DPRINTF("Write modem control %2.2x\n", val & 0xff);
         s->mctrl = val & 0xff;
         break;
-    case 0xa000000:
-        MISC_DPRINTF("Write power management %2.2x\n", val & 0xff);
-        cpu_interrupt(cpu_single_env, CPU_INTERRUPT_HALT);
+    default:
+        if (addr == s->power_base) {
+            MISC_DPRINTF("Write power management %2.2x\n", val & 0xff);
+            cpu_interrupt(cpu_single_env, CPU_INTERRUPT_HALT);
+        }
         break;
     }
 }
@@ -138,29 +159,31 @@
     MiscState *s = opaque;
     uint32_t ret = 0;
 
-    switch (addr & 0xfff0000) {
-    case 0x1800000:
+    switch (addr & MISC_MASK) {
+    case MISC_CFG:
         ret = s->config;
         MISC_DPRINTF("Read config %2.2x\n", ret);
         break;
-    case 0x1900000:
+    case MISC_AUX1:
         ret = s->aux1;
         MISC_DPRINTF("Read aux1 %2.2x\n", ret);
         break;
-    case 0x1910000:
+    case MISC_AUX2:
         ret = s->aux2;
         MISC_DPRINTF("Read aux2 %2.2x\n", ret);
         break;
-    case 0x1a00000:
+    case MISC_DIAG:
         ret = s->diag;
         MISC_DPRINTF("Read diag %2.2x\n", ret);
         break;
-    case 0x1b00000:
+    case MISC_MDM:
         ret = s->mctrl;
         MISC_DPRINTF("Read modem control %2.2x\n", ret);
         break;
-    case 0xa000000:
-        MISC_DPRINTF("Read power management %2.2x\n", ret);
+    default:
+        if (addr == s->power_base) {
+            MISC_DPRINTF("Read power management %2.2x\n", ret);
+        }
         break;
     }
     return ret;
@@ -207,8 +230,8 @@
                  val);
     switch (saddr) {
     case 0:
-        if (val & 1) {
-            s->sysctrl = 0x2;
+        if (val & SYS_RESET) {
+            s->sysctrl = SYS_RESETSTAT;
             qemu_system_reset_request();
         }
         break;
@@ -258,7 +281,7 @@
                  val);
     switch (saddr) {
     case 0:
-        s->sysctrl = val;
+        s->leds = val;
         break;
     default:
         break;
@@ -328,28 +351,29 @@
     slavio_misc_io_memory = cpu_register_io_memory(0, slavio_misc_mem_read,
                                                    slavio_misc_mem_write, s);
     // Slavio control
-    cpu_register_physical_memory(base + 0x1800000, MISC_SIZE,
+    cpu_register_physical_memory(base + MISC_CFG, MISC_SIZE,
                                  slavio_misc_io_memory);
     // AUX 1
-    cpu_register_physical_memory(base + 0x1900000, MISC_SIZE,
+    cpu_register_physical_memory(base + MISC_AUX1, MISC_SIZE,
                                  slavio_misc_io_memory);
     // AUX 2
-    cpu_register_physical_memory(base + 0x1910000, MISC_SIZE,
+    cpu_register_physical_memory(base + MISC_AUX2, MISC_SIZE,
                                  slavio_misc_io_memory);
     // Diagnostics
-    cpu_register_physical_memory(base + 0x1a00000, MISC_SIZE,
+    cpu_register_physical_memory(base + MISC_DIAG, MISC_SIZE,
                                  slavio_misc_io_memory);
     // Modem control
-    cpu_register_physical_memory(base + 0x1b00000, MISC_SIZE,
+    cpu_register_physical_memory(base + MISC_MDM, MISC_SIZE,
                                  slavio_misc_io_memory);
     // Power management
     cpu_register_physical_memory(power_base, MISC_SIZE, slavio_misc_io_memory);
+    s->power_base = power_base;
 
     /* 16 bit registers */
     slavio_misc_io_memory = cpu_register_io_memory(0, slavio_led_mem_read,
                                                    slavio_led_mem_write, s);
     /* ss600mp diag LEDs */
-    cpu_register_physical_memory(base + 0x1600000, MISC_SIZE,
+    cpu_register_physical_memory(base + MISC_LEDS, MISC_SIZE,
                                  slavio_misc_io_memory);
 
     /* 32 bit registers */
@@ -357,7 +381,7 @@
                                                    slavio_sysctrl_mem_write,
                                                    s);
     // System control
-    cpu_register_physical_memory(base + 0x1f00000, SYSCTRL_SIZE,
+    cpu_register_physical_memory(base + MISC_SYS, SYSCTRL_SIZE,
                                  slavio_misc_io_memory);
 
     s->irq = irq;

Modified: trunk/src/host/qemu-neo1973/hw/slavio_timer.c
===================================================================
--- trunk/src/host/qemu-neo1973/hw/slavio_timer.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/hw/slavio_timer.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -69,6 +69,24 @@
 #define SYS_TIMER_SIZE 0x14
 #define CPU_TIMER_SIZE 0x10
 
+#define SYS_TIMER_OFFSET      0x10000ULL
+#define CPU_TIMER_OFFSET(cpu) (0x1000ULL * cpu)
+
+#define TIMER_LIMIT         0
+#define TIMER_COUNTER       1
+#define TIMER_COUNTER_NORST 2
+#define TIMER_STATUS        3
+#define TIMER_MODE          4
+
+#define TIMER_COUNT_MASK32 0xfffffe00
+#define TIMER_LIMIT_MASK32 0x7fffffff
+#define TIMER_MAX_COUNT64  0x7ffffffffffffe00ULL
+#define TIMER_MAX_COUNT32  0x7ffffe00ULL
+#define TIMER_REACHED      0x80000000
+#define TIMER_PERIOD       500ULL // 500ns
+#define LIMIT_TO_PERIODS(l) ((l) >> 9)
+#define PERIODS_TO_LIMIT(l) ((l) << 9)
+
 static int slavio_timer_is_user(SLAVIO_TIMERState *s)
 {
     return s->master && (s->master->slave_mode & (1 << s->slave_index));
@@ -80,10 +98,10 @@
 {
     uint64_t count;
 
-    count = s->limit - (ptimer_get_count(s->timer) << 9);
-    DPRINTF("get_out: limit %" PRIx64 " count %x%08x\n", s->limit, s->counthigh,
-            s->count);
-    s->count = count & 0xfffffe00;
+    count = s->limit - PERIODS_TO_LIMIT(ptimer_get_count(s->timer));
+    DPRINTF("get_out: limit %" PRIx64 " count %x%08x\n", s->limit,
+            s->counthigh, s->count);
+    s->count = count & TIMER_COUNT_MASK32;
     s->counthigh = count >> 32;
 }
 
@@ -95,7 +113,7 @@
     slavio_timer_get_out(s);
     DPRINTF("callback: count %x%08x\n", s->counthigh, s->count);
     if (!slavio_timer_is_user(s)) {
-        s->reached = 0x80000000;
+        s->reached = TIMER_REACHED;
         qemu_irq_raise(s->irq);
     }
 }
@@ -107,7 +125,7 @@
 
     saddr = (addr & TIMER_MAXADDR) >> 2;
     switch (saddr) {
-    case 0:
+    case TIMER_LIMIT:
         // read limit (system counter mode) or read most signifying
         // part of counter (user mode)
         if (slavio_timer_is_user(s)) {
@@ -119,24 +137,24 @@
             // clear irq
             qemu_irq_lower(s->irq);
             s->reached = 0;
-            ret = s->limit & 0x7fffffff;
+            ret = s->limit & TIMER_LIMIT_MASK32;
         }
         break;
-    case 1:
+    case TIMER_COUNTER:
         // read counter and reached bit (system mode) or read lsbits
         // of counter (user mode)
         slavio_timer_get_out(s);
         if (slavio_timer_is_user(s)) // read user timer LSW
-            ret = s->count & 0xfffffe00;
+            ret = s->count & TIMER_COUNT_MASK32;
         else // read limit
-            ret = (s->count & 0x7ffffe00) | s->reached;
+            ret = (s->count & TIMER_MAX_COUNT32) | s->reached;
         break;
-    case 3:
+    case TIMER_STATUS:
         // only available in processor counter/timer
         // read start/stop status
         ret = s->running;
         break;
-    case 4:
+    case TIMER_MODE:
         // only available in system counter
         // read user/system mode
         ret = s->slave_mode;
@@ -151,7 +169,8 @@
     return ret;
 }
 
-static void slavio_timer_mem_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
+static void slavio_timer_mem_writel(void *opaque, target_phys_addr_t addr,
+                                    uint32_t val)
 {
     SLAVIO_TIMERState *s = opaque;
     uint32_t saddr;
@@ -160,40 +179,40 @@
     DPRINTF("write " TARGET_FMT_plx " %08x\n", addr, val);
     saddr = (addr & TIMER_MAXADDR) >> 2;
     switch (saddr) {
-    case 0:
+    case TIMER_LIMIT:
         if (slavio_timer_is_user(s)) {
             // set user counter MSW, reset counter
             qemu_irq_lower(s->irq);
-            s->limit = 0x7ffffffffffffe00ULL;
+            s->limit = TIMER_MAX_COUNT64;
             DPRINTF("processor %d user timer reset\n", s->slave_index);
-            ptimer_set_limit(s->timer, s->limit >> 9, 1);
+            ptimer_set_limit(s->timer, LIMIT_TO_PERIODS(s->limit), 1);
         } else {
             // set limit, reset counter
             qemu_irq_lower(s->irq);
-            s->limit = val & 0x7ffffe00ULL;
+            s->limit = val & TIMER_MAX_COUNT32;
             if (!s->limit)
-                s->limit = 0x7ffffe00ULL;
+                s->limit = TIMER_MAX_COUNT32;
             ptimer_set_limit(s->timer, s->limit >> 9, 1);
         }
         break;
-    case 1:
+    case TIMER_COUNTER:
         if (slavio_timer_is_user(s)) {
             // set user counter LSW, reset counter
             qemu_irq_lower(s->irq);
-            s->limit = 0x7ffffffffffffe00ULL;
+            s->limit = TIMER_MAX_COUNT64;
             DPRINTF("processor %d user timer reset\n", s->slave_index);
-            ptimer_set_limit(s->timer, s->limit >> 9, 1);
+            ptimer_set_limit(s->timer, LIMIT_TO_PERIODS(s->limit), 1);
         } else
             DPRINTF("not user timer\n");
         break;
-    case 2:
+    case TIMER_COUNTER_NORST:
         // set limit without resetting counter
-        s->limit = val & 0x7ffffe00ULL;
+        s->limit = val & TIMER_MAX_COUNT32;
         if (!s->limit)
-            s->limit = 0x7ffffe00ULL;
-        ptimer_set_limit(s->timer, s->limit >> 9, reload);
+            s->limit = TIMER_MAX_COUNT32;
+        ptimer_set_limit(s->timer, LIMIT_TO_PERIODS(s->limit), reload);
         break;
-    case 3:
+    case TIMER_STATUS:
         if (slavio_timer_is_user(s)) {
             // start/stop user counter
             if ((val & 1) && !s->running) {
@@ -207,7 +226,7 @@
             }
         }
         break;
-    case 4:
+    case TIMER_MODE:
         if (s->master == NULL) {
             unsigned int i;
 
@@ -218,8 +237,10 @@
                 }
                 if ((val & (1 << i)) != (s->slave_mode & (1 << i))) {
                     ptimer_stop(s->slave[i]->timer);
-                    ptimer_set_limit(s->slave[i]->timer, s->slave[i]->limit >> 9, 1);
-                    DPRINTF("processor %d timer changed\n", s->slave[i]->slave_index);
+                    ptimer_set_limit(s->slave[i]->timer,
+                                     LIMIT_TO_PERIODS(s->slave[i]->limit), 1);
+                    DPRINTF("processor %d timer changed\n",
+                            s->slave[i]->slave_index);
                     ptimer_run(s->slave[i]->timer, 0);
                 }
             }
@@ -284,12 +305,12 @@
     SLAVIO_TIMERState *s = opaque;
 
     if (slavio_timer_is_user(s))
-        s->limit = 0x7ffffffffffffe00ULL;
+        s->limit = TIMER_MAX_COUNT64;
     else
-        s->limit = 0x7ffffe00ULL;
+        s->limit = TIMER_MAX_COUNT32;
     s->count = 0;
     s->reached = 0;
-    ptimer_set_limit(s->timer, s->limit >> 9, 1);
+    ptimer_set_limit(s->timer, LIMIT_TO_PERIODS(s->limit), 1);
     ptimer_run(s->timer, 0);
     s->running = 1;
     qemu_irq_lower(s->irq);
@@ -312,15 +333,18 @@
     s->slave_index = slave_index;
     bh = qemu_bh_new(slavio_timer_irq, s);
     s->timer = ptimer_init(bh);
-    ptimer_set_period(s->timer, 500ULL);
+    ptimer_set_period(s->timer, TIMER_PERIOD);
 
     slavio_timer_io_memory = cpu_register_io_memory(0, slavio_timer_mem_read,
                                                     slavio_timer_mem_write, s);
     if (master)
-        cpu_register_physical_memory(addr, CPU_TIMER_SIZE, slavio_timer_io_memory);
+        cpu_register_physical_memory(addr, CPU_TIMER_SIZE,
+                                     slavio_timer_io_memory);
     else
-        cpu_register_physical_memory(addr, SYS_TIMER_SIZE, slavio_timer_io_memory);
-    register_savevm("slavio_timer", addr, 2, slavio_timer_save, slavio_timer_load, s);
+        cpu_register_physical_memory(addr, SYS_TIMER_SIZE,
+                                     slavio_timer_io_memory);
+    register_savevm("slavio_timer", addr, 2, slavio_timer_save,
+                    slavio_timer_load, s);
     qemu_register_reset(slavio_timer_reset, s);
     slavio_timer_reset(s);
 
@@ -333,11 +357,11 @@
     SLAVIO_TIMERState *master;
     unsigned int i;
 
-    master = slavio_timer_init(base + 0x10000ULL, master_irq, NULL, 0);
+    master = slavio_timer_init(base + SYS_TIMER_OFFSET, master_irq, NULL, 0);
 
     for (i = 0; i < MAX_CPUS; i++) {
         master->slave[i] = slavio_timer_init(base + (target_phys_addr_t)
-                                             (i * TARGET_PAGE_SIZE),
+                                             CPU_TIMER_OFFSET(i),
                                              cpu_irqs[i], master, i);
     }
 }

Modified: trunk/src/host/qemu-neo1973/hw/spitz.c
===================================================================
--- trunk/src/host/qemu-neo1973/hw/spitz.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/hw/spitz.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -940,9 +940,14 @@
 static void spitz_microdrive_attach(struct pxa2xx_state_s *cpu)
 {
     struct pcmcia_card_s *md;
-    BlockDriverState *bs = bs_table[0];
+    int index;
+    BlockDriverState *bs;
 
-    if (bs && bdrv_is_inserted(bs) && !bdrv_is_removable(bs)) {
+    index = drive_get_index(IF_IDE, 0, 0);
+    if (index == -1)
+        return;
+    bs = drives_table[index].bdrv;
+    if (bdrv_is_inserted(bs) && !bdrv_is_removable(bs)) {
         md = dscm1xxxx_init(bs);
         pxa2xx_pcmcia_attach(cpu->pcmcia[1], md);
     }

Modified: trunk/src/host/qemu-neo1973/hw/stellaris.c
===================================================================
--- trunk/src/host/qemu-neo1973/hw/stellaris.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/hw/stellaris.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -1133,9 +1133,11 @@
             void * oled;
             void * sd;
             void *ssi_bus;
+            int index;
 
             oled = ssd0323_init(ds, &gpio_out[GPIO_C][7]);
-            sd = ssi_sd_init(sd_bdrv);
+            index = drive_get_index(IF_SD, 0, 0);
+            sd = ssi_sd_init(drives_table[index].bdrv);
 
             ssi_bus = stellaris_ssi_bus_init(&gpio_out[GPIO_D][0],
                                              ssi_sd_xfer, sd,

Modified: trunk/src/host/qemu-neo1973/hw/sun4m.c
===================================================================
--- trunk/src/host/qemu-neo1973/hw/sun4m.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/hw/sun4m.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -60,7 +60,6 @@
 #define CMDLINE_ADDR         0x007ff000
 #define INITRD_LOAD_ADDR     0x00800000
 #define PROM_SIZE_MAX        (512 * 1024)
-#define PROM_PADDR           0xff0000000ULL
 #define PROM_VADDR           0xffd00000
 #define PROM_FILENAME        "openbios-sparc32"
 
@@ -81,6 +80,8 @@
     int machine_id; // For NVRAM
     uint32_t iommu_version;
     uint32_t intbit_to_level[32];
+    uint64_t max_mem;
+    const char * const default_cpu_model;
 };
 
 /* TSC handling */
@@ -273,9 +274,60 @@
     env->halted = 1;
 }
 
-static void *sun4m_hw_init(const struct hwdef *hwdef, int RAM_size,
-                           DisplayState *ds, const char *cpu_model)
+static unsigned long sun4m_load_kernel(const char *kernel_filename,
+                                       const char *kernel_cmdline,
+                                       const char *initrd_filename)
+{
+    int linux_boot;
+    unsigned int i;
+    long initrd_size, kernel_size;
 
+    linux_boot = (kernel_filename != NULL);
+
+    kernel_size = 0;
+    if (linux_boot) {
+        kernel_size = load_elf(kernel_filename, -0xf0000000ULL, NULL, NULL,
+                               NULL);
+        if (kernel_size < 0)
+            kernel_size = load_aout(kernel_filename, phys_ram_base + KERNEL_LOAD_ADDR);
+        if (kernel_size < 0)
+            kernel_size = load_image(kernel_filename, phys_ram_base + KERNEL_LOAD_ADDR);
+        if (kernel_size < 0) {
+            fprintf(stderr, "qemu: could not load kernel '%s'\n",
+                    kernel_filename);
+            exit(1);
+        }
+
+        /* load initrd */
+        initrd_size = 0;
+        if (initrd_filename) {
+            initrd_size = load_image(initrd_filename, phys_ram_base + INITRD_LOAD_ADDR);
+            if (initrd_size < 0) {
+                fprintf(stderr, "qemu: could not load initial ram disk '%s'\n",
+                        initrd_filename);
+                exit(1);
+            }
+        }
+        if (initrd_size > 0) {
+            for (i = 0; i < 64 * TARGET_PAGE_SIZE; i += TARGET_PAGE_SIZE) {
+                if (ldl_raw(phys_ram_base + KERNEL_LOAD_ADDR + i)
+                    == 0x48647253) { // HdrS
+                    stl_raw(phys_ram_base + KERNEL_LOAD_ADDR + i + 16, INITRD_LOAD_ADDR);
+                    stl_raw(phys_ram_base + KERNEL_LOAD_ADDR + i + 20, initrd_size);
+                    break;
+                }
+            }
+        }
+    }
+    return kernel_size;
+}
+
+static void sun4m_hw_init(const struct hwdef *hwdef, int RAM_size,
+                          const char *boot_device,
+                          DisplayState *ds, const char *kernel_filename,
+                          const char *kernel_cmdline,
+                          const char *initrd_filename, const char *cpu_model)
+
 {
     CPUState *env, *envs[MAX_CPUS];
     unsigned int i;
@@ -283,8 +335,15 @@
     qemu_irq *cpu_irqs[MAX_CPUS], *slavio_irq, *slavio_cpu_irq,
         *espdma_irq, *ledma_irq;
     qemu_irq *esp_reset, *le_reset;
+    unsigned long prom_offset, kernel_size;
+    int ret;
+    char buf[1024];
+    BlockDriverState *fd[MAX_FD];
+    int index;
 
     /* init CPUs */
+    if (!cpu_model)
+        cpu_model = hwdef->default_cpu_model;
 
     for(i = 0; i < smp_cpus; i++) {
         env = cpu_init(cpu_model);
@@ -302,14 +361,42 @@
         }
         register_savevm("cpu", i, 3, cpu_save, cpu_load, env);
         cpu_irqs[i] = qemu_allocate_irqs(cpu_set_irq, envs[i], MAX_PILS);
+        env->prom_addr = hwdef->slavio_base;
     }
 
     for (i = smp_cpus; i < MAX_CPUS; i++)
         cpu_irqs[i] = qemu_allocate_irqs(dummy_cpu_set_irq, NULL, MAX_PILS);
 
+
     /* allocate RAM */
+    if ((uint64_t)RAM_size > hwdef->max_mem) {
+        fprintf(stderr, "qemu: Too much memory for this machine: %d, maximum %d\n",
+                (unsigned int)RAM_size / (1024 * 1024),
+                (unsigned int)(hwdef->max_mem / (1024 * 1024)));
+        exit(1);
+    }
     cpu_register_physical_memory(0, RAM_size, 0);
 
+    /* load boot prom */
+    prom_offset = RAM_size + hwdef->vram_size;
+    cpu_register_physical_memory(hwdef->slavio_base,
+                                 (PROM_SIZE_MAX + TARGET_PAGE_SIZE - 1) &
+                                 TARGET_PAGE_MASK,
+                                 prom_offset | IO_MEM_ROM);
+
+    if (bios_name == NULL)
+        bios_name = PROM_FILENAME;
+    snprintf(buf, sizeof(buf), "%s/%s", bios_dir, bios_name);
+    ret = load_elf(buf, hwdef->slavio_base - PROM_VADDR, NULL, NULL, NULL);
+    if (ret < 0 || ret > PROM_SIZE_MAX)
+        ret = load_image(buf, phys_ram_base + prom_offset);
+    if (ret < 0 || ret > PROM_SIZE_MAX) {
+        fprintf(stderr, "qemu: could not load prom '%s'\n",
+                buf);
+        exit(1);
+    }
+
+    /* set up devices */
     iommu = iommu_init(hwdef->iommu_base, hwdef->iommu_version);
     slavio_intctl = slavio_intctl_init(hwdef->intctl_base,
                                        hwdef->intctl_base + 0x10000ULL,
@@ -355,16 +442,29 @@
     slavio_serial_init(hwdef->serial_base, slavio_irq[hwdef->ser_irq],
                        serial_hds[1], serial_hds[0]);
 
-    if (hwdef->fd_base != (target_phys_addr_t)-1)
-        sun4m_fdctrl_init(slavio_irq[hwdef->fd_irq], hwdef->fd_base, fd_table);
+    if (hwdef->fd_base != (target_phys_addr_t)-1) {
+        /* there is zero or one floppy drive */
+        fd[1] = fd[0] = NULL;
+        index = drive_get_index(IF_FLOPPY, 0, 0);
+        if (index != -1)
+            fd[0] = drives_table[index].bdrv;
 
-    main_esp = esp_init(bs_table, hwdef->esp_base, espdma, *espdma_irq,
+        sun4m_fdctrl_init(slavio_irq[hwdef->fd_irq], hwdef->fd_base, fd);
+    }
+
+    if (drive_get_max_bus(IF_SCSI) > 0) {
+        fprintf(stderr, "qemu: too many SCSI bus\n");
+        exit(1);
+    }
+
+    main_esp = esp_init(hwdef->esp_base, espdma, *espdma_irq,
                         esp_reset);
 
-    for (i = 0; i < MAX_DISKS; i++) {
-        if (bs_table[i]) {
-            esp_scsi_attach(main_esp, bs_table[i], i);
-        }
+    for (i = 0; i < ESP_MAX_DEVS; i++) {
+        index = drive_get_index(IF_SCSI, 0, i);
+        if (index == -1)
+            continue;
+        esp_scsi_attach(main_esp, drives_table[index].bdrv, i);
     }
 
     slavio_misc = slavio_misc_init(hwdef->slavio_base, hwdef->power_base,
@@ -372,79 +472,12 @@
     if (hwdef->cs_base != (target_phys_addr_t)-1)
         cs_init(hwdef->cs_base, hwdef->cs_irq, slavio_intctl);
 
-    return nvram;
-}
+    kernel_size = sun4m_load_kernel(kernel_filename, kernel_cmdline,
+                                    initrd_filename);
 
-static void sun4m_load_kernel(long vram_size, int RAM_size,
-                              const char *boot_device,
-                              const char *kernel_filename,
-                              const char *kernel_cmdline,
-                              const char *initrd_filename,
-                              int machine_id,
-                              void *nvram)
-{
-    int ret, linux_boot;
-    char buf[1024];
-    unsigned int i;
-    long prom_offset, initrd_size, kernel_size;
-
-    linux_boot = (kernel_filename != NULL);
-
-    prom_offset = RAM_size + vram_size;
-    cpu_register_physical_memory(PROM_PADDR,
-                                 (PROM_SIZE_MAX + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK,
-                                 prom_offset | IO_MEM_ROM);
-
-    if (bios_name == NULL)
-        bios_name = PROM_FILENAME;
-    snprintf(buf, sizeof(buf), "%s/%s", bios_dir, bios_name);
-    ret = load_elf(buf, PROM_PADDR - PROM_VADDR, NULL, NULL, NULL);
-    if (ret < 0 || ret > PROM_SIZE_MAX)
-        ret = load_image(buf, phys_ram_base + prom_offset);
-    if (ret < 0 || ret > PROM_SIZE_MAX) {
-        fprintf(stderr, "qemu: could not load prom '%s'\n",
-                buf);
-        exit(1);
-    }
-
-    kernel_size = 0;
-    if (linux_boot) {
-        kernel_size = load_elf(kernel_filename, -0xf0000000ULL, NULL, NULL,
-                               NULL);
-        if (kernel_size < 0)
-            kernel_size = load_aout(kernel_filename, phys_ram_base + KERNEL_LOAD_ADDR);
-        if (kernel_size < 0)
-            kernel_size = load_image(kernel_filename, phys_ram_base + KERNEL_LOAD_ADDR);
-        if (kernel_size < 0) {
-            fprintf(stderr, "qemu: could not load kernel '%s'\n",
-                    kernel_filename);
-            exit(1);
-        }
-
-        /* load initrd */
-        initrd_size = 0;
-        if (initrd_filename) {
-            initrd_size = load_image(initrd_filename, phys_ram_base + INITRD_LOAD_ADDR);
-            if (initrd_size < 0) {
-                fprintf(stderr, "qemu: could not load initial ram disk '%s'\n",
-                        initrd_filename);
-                exit(1);
-            }
-        }
-        if (initrd_size > 0) {
-            for (i = 0; i < 64 * TARGET_PAGE_SIZE; i += TARGET_PAGE_SIZE) {
-                if (ldl_raw(phys_ram_base + KERNEL_LOAD_ADDR + i)
-                    == 0x48647253) { // HdrS
-                    stl_raw(phys_ram_base + KERNEL_LOAD_ADDR + i + 16, INITRD_LOAD_ADDR);
-                    stl_raw(phys_ram_base + KERNEL_LOAD_ADDR + i + 20, initrd_size);
-                    break;
-                }
-            }
-        }
-    }
     nvram_init(nvram, (uint8_t *)&nd_table[0].macaddr, kernel_cmdline,
                boot_device, RAM_size, kernel_size, graphic_width,
-               graphic_height, graphic_depth, machine_id);
+               graphic_height, graphic_depth, hwdef->machine_id);
 }
 
 static const struct hwdef hwdefs[] = {
@@ -481,6 +514,8 @@
             2, 3, 5, 7, 9, 11, 0, 14,   3, 5, 7, 9, 11, 13, 12, 12,
             6, 0, 4, 10, 8, 0, 11, 0,   0, 0, 0, 0, 15, 0, 15, 0,
         },
+        .max_mem = 0x10000000,
+        .default_cpu_model = "Fujitsu MB86904",
     },
     /* SS-10 */
     {
@@ -515,6 +550,8 @@
             2, 3, 5, 7, 9, 11, 0, 14,   3, 5, 7, 9, 11, 13, 12, 12,
             6, 0, 4, 10, 8, 0, 11, 0,   0, 0, 0, 0, 15, 0, 15, 0,
         },
+        .max_mem = 0xffffffff, // XXX actually first 62GB ok
+        .default_cpu_model = "TI SuperSparc II",
     },
     /* SS-600MP */
     {
@@ -549,40 +586,19 @@
             2, 3, 5, 7, 9, 11, 0, 14,   3, 5, 7, 9, 11, 13, 12, 12,
             6, 0, 4, 10, 8, 0, 11, 0,   0, 0, 0, 0, 15, 0, 15, 0,
         },
+        .max_mem = 0xffffffff, // XXX actually first 62GB ok
+        .default_cpu_model = "TI SuperSparc II",
     },
 };
 
-static void sun4m_common_init(int RAM_size, const char *boot_device, DisplayState *ds,
-                              const char *kernel_filename, const char *kernel_cmdline,
-                              const char *initrd_filename, const char *cpu_model,
-                              unsigned int machine, int max_ram)
-{
-    void *nvram;
-
-    if ((unsigned int)RAM_size > (unsigned int)max_ram) {
-        fprintf(stderr, "qemu: Too much memory for this machine: %d, maximum %d\n",
-                (unsigned int)RAM_size / (1024 * 1024),
-                (unsigned int)max_ram / (1024 * 1024));
-        exit(1);
-    }
-    nvram = sun4m_hw_init(&hwdefs[machine], RAM_size, ds, cpu_model);
-
-    sun4m_load_kernel(hwdefs[machine].vram_size, RAM_size, boot_device,
-                      kernel_filename, kernel_cmdline, initrd_filename,
-                      hwdefs[machine].machine_id, nvram);
-}
-
 /* SPARCstation 5 hardware initialisation */
 static void ss5_init(int RAM_size, int vga_ram_size,
                      const char *boot_device, DisplayState *ds,
                      const char *kernel_filename, const char *kernel_cmdline,
                      const char *initrd_filename, const char *cpu_model)
 {
-    if (cpu_model == NULL)
-        cpu_model = "Fujitsu MB86904";
-    sun4m_common_init(RAM_size, boot_device, ds, kernel_filename,
-                      kernel_cmdline, initrd_filename, cpu_model,
-                      0, 0x10000000);
+    sun4m_hw_init(&hwdefs[0], RAM_size, boot_device, ds, kernel_filename,
+                  kernel_cmdline, initrd_filename, cpu_model);
 }
 
 /* SPARCstation 10 hardware initialisation */
@@ -591,11 +607,8 @@
                       const char *kernel_filename, const char *kernel_cmdline,
                       const char *initrd_filename, const char *cpu_model)
 {
-    if (cpu_model == NULL)
-        cpu_model = "TI SuperSparc II";
-    sun4m_common_init(RAM_size, boot_device, ds, kernel_filename,
-                      kernel_cmdline, initrd_filename, cpu_model,
-                      1, 0xffffffff); // XXX actually first 62GB ok
+    sun4m_hw_init(&hwdefs[1], RAM_size, boot_device, ds, kernel_filename,
+                  kernel_cmdline, initrd_filename, cpu_model);
 }
 
 /* SPARCserver 600MP hardware initialisation */
@@ -604,11 +617,8 @@
                          const char *kernel_filename, const char *kernel_cmdline,
                          const char *initrd_filename, const char *cpu_model)
 {
-    if (cpu_model == NULL)
-        cpu_model = "TI SuperSparc II";
-    sun4m_common_init(RAM_size, boot_device, ds, kernel_filename,
-                      kernel_cmdline, initrd_filename, cpu_model,
-                      2, 0xffffffff); // XXX actually first 62GB ok
+    sun4m_hw_init(&hwdefs[2], RAM_size, boot_device, ds, kernel_filename,
+                  kernel_cmdline, initrd_filename, cpu_model);
 }
 
 QEMUMachine ss5_machine = {

Modified: trunk/src/host/qemu-neo1973/hw/sun4m.h
===================================================================
--- trunk/src/host/qemu-neo1973/hw/sun4m.h	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/hw/sun4m.h	2007-12-04 03:17:20 UTC (rev 3555)
@@ -49,8 +49,9 @@
 void slavio_set_power_fail(void *opaque, int power_failing);
 
 /* esp.c */
+#define ESP_MAX_DEVS 7
 void esp_scsi_attach(void *opaque, BlockDriverState *bd, int id);
-void *esp_init(BlockDriverState **bd, target_phys_addr_t espaddr,
+void *esp_init(target_phys_addr_t espaddr,
                void *dma_opaque, qemu_irq irq, qemu_irq *reset);
 
 /* cs4231.c */

Modified: trunk/src/host/qemu-neo1973/hw/sun4u.c
===================================================================
--- trunk/src/host/qemu-neo1973/hw/sun4u.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/hw/sun4u.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -43,6 +43,7 @@
 #define VGA_BASE             (APB_MEM_BASE + 0x400000ULL)
 #define PROM_FILENAME        "openbios-sparc64"
 #define NVRAM_SIZE           0x2000
+#define MAX_IDE_BUS          2
 
 /* TSC handling */
 
@@ -240,6 +241,9 @@
     PCIBus *pci_bus;
     QEMUBH *bh;
     qemu_irq *irq;
+    int index;
+    BlockDriverState *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
+    BlockDriverState *fd[MAX_FD];
 
     linux_boot = (kernel_filename != NULL);
 
@@ -342,11 +346,30 @@
     }
 
     irq = qemu_allocate_irqs(dummy_cpu_set_irq, NULL, 32);
-    // XXX pci_cmd646_ide_init(pci_bus, bs_table, 1);
-    pci_piix3_ide_init(pci_bus, bs_table, -1, irq);
+    if (drive_get_max_bus(IF_IDE) >= MAX_IDE_BUS) {
+        fprintf(stderr, "qemu: too many IDE bus\n");
+        exit(1);
+    }
+    for(i = 0; i < MAX_IDE_BUS * MAX_IDE_DEVS; i++) {
+        index = drive_get_index(IF_IDE, i / MAX_IDE_DEVS, i % MAX_IDE_DEVS);
+       if (index != -1)
+           hd[i] = drives_table[index].bdrv;
+       else
+           hd[i] = NULL;
+    }
+
+    // XXX pci_cmd646_ide_init(pci_bus, hd, 1);
+    pci_piix3_ide_init(pci_bus, hd, -1, irq);
     /* FIXME: wire up interrupts.  */
     i8042_init(NULL/*1*/, NULL/*12*/, 0x60);
-    floppy_controller = fdctrl_init(NULL/*6*/, 2, 0, 0x3f0, fd_table);
+    for(i = 0; i < MAX_FD; i++) {
+        index = drive_get_index(IF_FLOPPY, 0, i);
+       if (index != -1)
+           fd[i] = drives_table[index].bdrv;
+       else
+           fd[i] = NULL;
+    }
+    floppy_controller = fdctrl_init(NULL/*6*/, 2, 0, 0x3f0, fd);
     nvram = m48t59_init(NULL/*8*/, 0, 0x0074, NVRAM_SIZE, 59);
     sun4u_NVRAM_set_params(nvram, NVRAM_SIZE, "Sun4u", ram_size, boot_devices,
                          KERNEL_LOAD_ADDR, kernel_size,

Modified: trunk/src/host/qemu-neo1973/hw/versatilepb.c
===================================================================
--- trunk/src/host/qemu-neo1973/hw/versatilepb.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/hw/versatilepb.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -171,6 +171,7 @@
     NICInfo *nd;
     int n;
     int done_smc = 0;
+    int index;
 
     if (!cpu_model)
         cpu_model = "arm926";
@@ -206,11 +207,16 @@
     if (usb_enabled) {
         usb_ohci_init_pci(pci_bus, 3, -1);
     }
+    if (drive_get_max_bus(IF_SCSI) > 0) {
+        fprintf(stderr, "qemu: too many SCSI bus\n");
+        exit(1);
+    }
     scsi_hba = lsi_scsi_init(pci_bus, -1);
-    for (n = 0; n < MAX_DISKS; n++) {
-        if (bs_table[n]) {
-            lsi_scsi_attach(scsi_hba, bs_table[n], n);
-        }
+    for (n = 0; n < LSI_MAX_DEVS; n++) {
+        index = drive_get_index(IF_SCSI, 0, n);
+        if (index == -1)
+            continue;
+        lsi_scsi_attach(scsi_hba, drives_table[index].bdrv, n);
     }
 
     pl011_init(0x101f1000, pic[12], serial_hds[0], PL011_ARM);
@@ -226,7 +232,13 @@
        that includes hardware cursor support from the PL111.  */
     pl110_init(ds, 0x10120000, pic[16], 1);
 
-    pl181_init(0x10005000, sd_bdrv, sic[22], sic[1]);
+    index = drive_get_index(IF_SD, 0, 0);
+    if (index == -1) {
+        fprintf(stderr, "qemu: missing SecureDigital card\n");
+        exit(1);
+    }
+
+    pl181_init(0x10005000, drives_table[index].bdrv, sic[22], sic[1]);
 #if 0
     /* Disabled because there's no way of specifying a block device.  */
     pl181_init(0x1000b000, NULL, sic, 23, 2);

Modified: trunk/src/host/qemu-neo1973/linux-user/main.c
===================================================================
--- trunk/src/host/qemu-neo1973/linux-user/main.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/linux-user/main.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -1617,6 +1617,9 @@
             env->gregs[0] = ret;
             env->pc += 2;
             break;
+        case EXCP_INTERRUPT:
+            /* just indicate that signals should be handled asap */
+            break;
         case EXCP_DEBUG:
             {
                 int sig;
@@ -1631,6 +1634,15 @@
                   }
             }
             break;
+	case 0xa0:
+	case 0xc0:
+            info.si_signo = SIGSEGV;
+            info.si_errno = 0;
+            info.si_code = TARGET_SEGV_MAPERR;
+            info._sifields._sigfault._addr = env->tea;
+            queue_signal(info.si_signo, &info);
+	    break;
+
         default:
             printf ("Unhandled trap: 0x%x\n", trapnr);
             cpu_dump_state(env, stderr, fprintf, 0);

Modified: trunk/src/host/qemu-neo1973/linux-user/sh4/target_signal.h
===================================================================
--- trunk/src/host/qemu-neo1973/linux-user/sh4/target_signal.h	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/linux-user/sh4/target_signal.h	2007-12-04 03:17:20 UTC (rev 3555)
@@ -21,4 +21,9 @@
 #define TARGET_MINSIGSTKSZ    2048
 #define TARGET_SIGSTKSZ       8192
 
+static inline abi_ulong get_sp_from_cpustate(CPUSH4State *state)
+{
+    return state->gregs[15];
+}
+
 #endif /* TARGET_SIGNAL_H */

Modified: trunk/src/host/qemu-neo1973/linux-user/signal.c
===================================================================
--- trunk/src/host/qemu-neo1973/linux-user/signal.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/linux-user/signal.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -562,6 +562,12 @@
     return 0;
 }
 
+static inline int current_exec_domain_sig(int sig)
+{
+    return /* current->exec_domain && current->exec_domain->signal_invmap
+	      && sig < 32 ? current->exec_domain->signal_invmap[sig] : */ sig;
+}
+
 #if defined(TARGET_I386) && TARGET_ABI_BITS == 32
 
 /* from the Linux kernel */
@@ -745,11 +751,7 @@
 	if (!lock_user_struct(VERIFY_WRITE, frame, frame_addr, 0))
 		goto give_sigsegv;
 
-	err |= __put_user((/*current->exec_domain
-		           && current->exec_domain->signal_invmap
-		           && sig < 32
-		           ? current->exec_domain->signal_invmap[sig]
-		           : */ sig),
+	err |= __put_user(current_exec_domain_sig(sig),
 		          &frame->sig);
 	if (err)
 		goto give_sigsegv;
@@ -819,11 +821,7 @@
 	if (!lock_user_struct(VERIFY_WRITE, frame, frame_addr, 0))
 		goto give_sigsegv;
 
-	err |= __put_user((/*current->exec_domain
-		    	   && current->exec_domain->signal_invmap
-		    	   && sig < 32
-		    	   ? current->exec_domain->signal_invmap[sig]
-			   : */sig),
+	err |= __put_user(current_exec_domain_sig(sig),
 			  &frame->sig);
         addr = frame_addr + offsetof(struct rt_sigframe, info);
 	err |= __put_user(addr, &frame->pinfo);
@@ -2406,6 +2404,309 @@
     return -TARGET_ENOSYS;
 }
 
+#elif defined(TARGET_SH4)
+
+/*
+ * code and data structures from linux kernel:
+ * include/asm-sh/sigcontext.h
+ * arch/sh/kernel/signal.c
+ */
+
+struct target_sigcontext {
+    target_ulong  oldmask;
+
+    /* CPU registers */
+    target_ulong  sc_gregs[16];
+    target_ulong  sc_pc;
+    target_ulong  sc_pr;
+    target_ulong  sc_sr;
+    target_ulong  sc_gbr;
+    target_ulong  sc_mach;
+    target_ulong  sc_macl;
+
+    /* FPU registers */
+    target_ulong  sc_fpregs[16];
+    target_ulong  sc_xfpregs[16];
+    unsigned int sc_fpscr;
+    unsigned int sc_fpul;
+    unsigned int sc_ownedfp;
+};
+
+struct target_sigframe
+{
+    struct target_sigcontext sc;
+    target_ulong extramask[TARGET_NSIG_WORDS-1];
+    uint16_t retcode[3];
+};
+
+
+struct target_ucontext {
+    target_ulong uc_flags;
+    struct target_ucontext *uc_link;
+    target_stack_t uc_stack;
+    struct target_sigcontext uc_mcontext;
+    target_sigset_t uc_sigmask;	/* mask last for extensibility */
+};
+
+struct target_rt_sigframe
+{
+    struct target_siginfo info;
+    struct target_ucontext uc;
+    uint16_t retcode[3];
+};
+
+
+#define MOVW(n)  (0x9300|((n)-2)) /* Move mem word at PC+n to R3 */
+#define TRAP_NOARG 0xc310         /* Syscall w/no args (NR in R3) SH3/4 */
+
+static abi_ulong get_sigframe(struct emulated_sigaction *ka,
+                         unsigned long sp, size_t frame_size)
+{
+    if ((ka->sa.sa_flags & TARGET_SA_ONSTACK) && (sas_ss_flags(sp) == 0)) {
+        sp = target_sigaltstack_used.ss_sp + target_sigaltstack_used.ss_size;
+    }
+
+    return (sp - frame_size) & -8ul;
+}
+
+static int setup_sigcontext(struct target_sigcontext *sc,
+			    CPUState *regs, unsigned long mask)
+{
+    int err = 0;
+
+#define COPY(x)         err |= __put_user(regs->x, &sc->sc_##x)
+    COPY(gregs[0]); COPY(gregs[1]);
+    COPY(gregs[2]); COPY(gregs[3]);
+    COPY(gregs[4]); COPY(gregs[5]);
+    COPY(gregs[6]); COPY(gregs[7]);
+    COPY(gregs[8]); COPY(gregs[9]);
+    COPY(gregs[10]); COPY(gregs[11]);
+    COPY(gregs[12]); COPY(gregs[13]);
+    COPY(gregs[14]); COPY(gregs[15]);
+    COPY(gbr); COPY(mach);
+    COPY(macl); COPY(pr);
+    COPY(sr); COPY(pc);
+#undef COPY
+
+    /* todo: save FPU registers here */
+
+    /* non-iBCS2 extensions.. */
+    err |= __put_user(mask, &sc->oldmask);
+
+    return err;
+}
+
+static int restore_sigcontext(struct CPUState *regs,
+			      struct target_sigcontext *sc)
+{
+    unsigned int err = 0;
+
+#define COPY(x)         err |= __get_user(regs->x, &sc->sc_##x)
+    COPY(gregs[1]);
+    COPY(gregs[2]); COPY(gregs[3]);
+    COPY(gregs[4]); COPY(gregs[5]);
+    COPY(gregs[6]); COPY(gregs[7]);
+    COPY(gregs[8]); COPY(gregs[9]);
+    COPY(gregs[10]); COPY(gregs[11]);
+    COPY(gregs[12]); COPY(gregs[13]);
+    COPY(gregs[14]); COPY(gregs[15]);
+    COPY(gbr); COPY(mach);
+    COPY(macl); COPY(pr);
+    COPY(sr); COPY(pc);
+#undef COPY
+
+    /* todo: restore FPU registers here */
+
+    regs->tra = -1;         /* disable syscall checks */
+    return err;
+}
+
+static void setup_frame(int sig, struct emulated_sigaction *ka,
+			target_sigset_t *set, CPUState *regs)
+{
+    struct target_sigframe *frame;
+    abi_ulong frame_addr;
+    int i;
+    int err = 0;
+    int signal;
+
+    frame_addr = get_sigframe(ka, regs->gregs[15], sizeof(*frame));
+    if (!lock_user_struct(VERIFY_WRITE, frame, frame_addr, 0))
+	goto give_sigsegv;
+
+    signal = current_exec_domain_sig(sig);
+
+    err |= setup_sigcontext(&frame->sc, regs, set->sig[0]);
+
+    for (i = 0; i < TARGET_NSIG_WORDS - 1; i++) {
+        err |= __put_user(set->sig[i + 1], &frame->extramask[i]);
+    }
+
+    /* Set up to return from userspace.  If provided, use a stub
+       already in userspace.  */
+    if (ka->sa.sa_flags & TARGET_SA_RESTORER) {
+        regs->pr = (unsigned long) ka->sa.sa_restorer;
+    } else {
+        /* Generate return code (system call to sigreturn) */
+        err |= __put_user(MOVW(2), &frame->retcode[0]);
+        err |= __put_user(TRAP_NOARG, &frame->retcode[1]);
+        err |= __put_user((TARGET_NR_sigreturn), &frame->retcode[2]);
+        regs->pr = (unsigned long) frame->retcode;
+    }
+
+    if (err)
+        goto give_sigsegv;
+
+    /* Set up registers for signal handler */
+    regs->gregs[15] = (unsigned long) frame;
+    regs->gregs[4] = signal; /* Arg for signal handler */
+    regs->gregs[5] = 0;
+    regs->gregs[6] = (unsigned long) &frame->sc;
+    regs->pc = (unsigned long) ka->sa._sa_handler;
+
+    unlock_user_struct(frame, frame_addr, 1);
+    return;
+
+give_sigsegv:
+    unlock_user_struct(frame, frame_addr, 1);
+    force_sig(SIGSEGV);
+}
+
+static void setup_rt_frame(int sig, struct emulated_sigaction *ka,
+                           target_siginfo_t *info,
+			   target_sigset_t *set, CPUState *regs)
+{
+    struct target_rt_sigframe *frame;
+    abi_ulong frame_addr;
+    int i;
+    int err = 0;
+    int signal;
+
+    frame_addr = get_sigframe(ka, regs->gregs[15], sizeof(*frame));
+    if (!lock_user_struct(VERIFY_WRITE, frame, frame_addr, 0))
+	goto give_sigsegv;
+
+    signal = current_exec_domain_sig(sig);
+
+    err |= copy_siginfo_to_user(&frame->info, info);
+
+    /* Create the ucontext.  */
+    err |= __put_user(0, &frame->uc.uc_flags);
+    err |= __put_user(0, (unsigned long *)&frame->uc.uc_link);
+    err |= __put_user((void *)target_sigaltstack_used.ss_sp,
+		      &frame->uc.uc_stack.ss_sp);
+    err |= __put_user(sas_ss_flags(regs->gregs[15]),
+		      &frame->uc.uc_stack.ss_flags);
+    err |= __put_user(target_sigaltstack_used.ss_size,
+		      &frame->uc.uc_stack.ss_size);
+    err |= setup_sigcontext(&frame->uc.uc_mcontext,
+			    regs, set->sig[0]);
+    for(i = 0; i < TARGET_NSIG_WORDS; i++) {
+        err |= __put_user(set->sig[i], &frame->uc.uc_sigmask.sig[i]);
+    }
+
+    /* Set up to return from userspace.  If provided, use a stub
+       already in userspace.  */
+    if (ka->sa.sa_flags & TARGET_SA_RESTORER) {
+        regs->pr = (unsigned long) ka->sa.sa_restorer;
+    } else {
+        /* Generate return code (system call to sigreturn) */
+        err |= __put_user(MOVW(2), &frame->retcode[0]);
+        err |= __put_user(TRAP_NOARG, &frame->retcode[1]);
+        err |= __put_user((TARGET_NR_rt_sigreturn), &frame->retcode[2]);
+        regs->pr = (unsigned long) frame->retcode;
+    }
+
+    if (err)
+        goto give_sigsegv;
+
+    /* Set up registers for signal handler */
+    regs->gregs[15] = (unsigned long) frame;
+    regs->gregs[4] = signal; /* Arg for signal handler */
+    regs->gregs[5] = (unsigned long) &frame->info;
+    regs->gregs[6] = (unsigned long) &frame->uc;
+    regs->pc = (unsigned long) ka->sa._sa_handler;
+
+    unlock_user_struct(frame, frame_addr, 1);
+    return;
+
+give_sigsegv:
+    unlock_user_struct(frame, frame_addr, 1);
+    force_sig(SIGSEGV);
+}
+
+long do_sigreturn(CPUState *regs)
+{
+    struct target_sigframe *frame;
+    abi_ulong frame_addr;
+    sigset_t blocked;
+    target_sigset_t target_set;
+    int i;
+    int err = 0;
+
+#if defined(DEBUG_SIGNAL)
+    fprintf(stderr, "do_sigreturn\n");
+#endif
+    frame_addr = regs->gregs[15];
+    if (!lock_user_struct(VERIFY_READ, frame, frame_addr, 1))
+   	goto badframe;
+
+    err |= __get_user(target_set.sig[0], &frame->sc.oldmask);
+    for(i = 1; i < TARGET_NSIG_WORDS; i++) {
+        err |= (__get_user(target_set.sig[i], &frame->extramask[i - 1]));
+    }
+
+    if (err)
+        goto badframe;
+
+    target_to_host_sigset_internal(&blocked, &target_set);
+    sigprocmask(SIG_SETMASK, &blocked, NULL);
+
+    if (restore_sigcontext(regs, &frame->sc))
+        goto badframe;
+
+    unlock_user_struct(frame, frame_addr, 0);
+    return regs->gregs[0];
+
+badframe:
+    unlock_user_struct(frame, frame_addr, 0);
+    force_sig(TARGET_SIGSEGV);
+    return 0;
+}
+
+long do_rt_sigreturn(CPUState *regs)
+{
+    struct target_rt_sigframe *frame;
+    abi_ulong frame_addr;
+    sigset_t blocked;
+
+#if defined(DEBUG_SIGNAL)
+    fprintf(stderr, "do_rt_sigreturn\n");
+#endif
+    frame_addr = regs->gregs[15];
+    if (!lock_user_struct(VERIFY_READ, frame, frame_addr, 1))
+   	goto badframe;
+
+    target_to_host_sigset(&blocked, &frame->uc.uc_sigmask);
+    sigprocmask(SIG_SETMASK, &blocked, NULL);
+
+    if (restore_sigcontext(regs, &frame->uc.uc_mcontext))
+        goto badframe;
+
+    if (do_sigaltstack(frame_addr +
+		       offsetof(struct target_rt_sigframe, uc.uc_stack),
+		       0, get_sp_from_cpustate(regs)) == -EFAULT)
+        goto badframe;
+
+    unlock_user_struct(frame, frame_addr, 0);
+    return regs->gregs[0];
+
+badframe:
+    unlock_user_struct(frame, frame_addr, 0);
+    force_sig(TARGET_SIGSEGV);
+    return 0;
+}
+
 #else
 
 static void setup_frame(int sig, struct emulated_sigaction *ka,

Modified: trunk/src/host/qemu-neo1973/linux-user/syscall.c
===================================================================
--- trunk/src/host/qemu-neo1973/linux-user/syscall.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/linux-user/syscall.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -3187,18 +3187,18 @@
             argc = 0;
             guest_argp = arg2;
             for (gp = guest_argp; ; gp++) {
-                if (get_user_ual(guest_argp, gp))
+                if (get_user_ual(addr, gp))
                     goto efault;
-                if (!guest_argp)
+                if (!addr)
                     break;
                 argc++;
             }
             envc = 0;
             guest_envp = arg3;
             for (gp = guest_envp; ; gp++) {
-                if (get_user_ual(guest_envp, gp))
+                if (get_user_ual(addr, gp))
                     goto efault;
-                if (!guest_envp)
+                if (!addr)
                     break;
                 envc++;
             }

Modified: trunk/src/host/qemu-neo1973/monitor.c
===================================================================
--- trunk/src/host/qemu-neo1973/monitor.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/monitor.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -36,6 +36,10 @@
 #include "disas.h"
 #include <dirent.h>
 
+#ifdef CONFIG_PROFILER
+#include "qemu-timer.h" /* for ticks_per_sec */
+#endif
+
 //#define DEBUG
 //#define DEBUG_COMPLETION
 
@@ -218,16 +222,11 @@
     int i, all_devices;
 
     all_devices = !strcmp(device, "all");
-    for (i = 0; i < MAX_DISKS; i++) {
-        if (bs_table[i]) {
+    for (i = 0; i < nb_drives; i++) {
             if (all_devices ||
-                !strcmp(bdrv_get_device_name(bs_table[i]), device))
-                bdrv_commit(bs_table[i]);
-        }
+                !strcmp(bdrv_get_device_name(drives_table[i].bdrv), device))
+                bdrv_commit(drives_table[i].bdrv);
     }
-    if (mtd_bdrv)
-        if (all_devices || !strcmp(bdrv_get_device_name(mtd_bdrv), device))
-            bdrv_commit(mtd_bdrv);
 }
 
 static void do_info(const char *item)
@@ -263,6 +262,11 @@
     bdrv_info();
 }
 
+static void do_info_blockstats(void)
+{
+    bdrv_info_stats();
+}
+
 /* get the current CPU defined by the user */
 static int mon_set_cpu(int cpu_index)
 {
@@ -1360,6 +1364,8 @@
       "", "show the network state" },
     { "block", "", do_info_block,
       "", "show the block devices" },
+    { "blockstats", "", do_info_blockstats,
+      "", "show block device statistics" },
     { "registers", "", do_info_registers,
       "", "show the cpu registers" },
     { "cpus", "", do_info_cpus,
@@ -2632,6 +2638,8 @@
     hide_banner = !show_banner;
 
     qemu_chr_add_handlers(hd, term_can_read, term_read, term_event, NULL);
+
+    readline_start("", 0, monitor_handle_command1, NULL);
 }
 
 /* XXX: use threads ? */

Modified: trunk/src/host/qemu-neo1973/sysemu.h
===================================================================
--- trunk/src/host/qemu-neo1973/sysemu.h	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/sysemu.h	2007-12-04 03:17:20 UTC (rev 3555)
@@ -116,16 +116,27 @@
 #define BIOS_SIZE (4 * 1024 * 1024)
 #endif
 
-#define MAX_DISKS 4
+typedef enum {
+    IF_IDE, IF_SCSI, IF_FLOPPY, IF_PFLASH, IF_MTD, IF_SD
+} BlockInterfaceType;
 
-extern BlockDriverState *bs_table[MAX_DISKS + 1];
-extern BlockDriverState *sd_bdrv;
-extern BlockDriverState *mtd_bdrv;
+typedef struct DriveInfo {
+    BlockDriverState *bdrv;
+    BlockInterfaceType interface;
+    int bus;
+    int unit;
+} DriveInfo;
 
-/* NOR flash devices */
-#define MAX_PFLASH 4
-extern BlockDriverState *pflash_table[MAX_PFLASH];
+#define MAX_IDE_DEVS	2
+#define MAX_SCSI_DEVS	7
+#define MAX_DRIVES 32
 
+int nb_drives;
+DriveInfo drives_table[MAX_DRIVES+1];
+
+extern int drive_get_index(BlockInterfaceType interface, int bus, int unit);
+extern int drive_get_max_bus(BlockInterfaceType interface);
+
 /* serial ports */
 
 #define MAX_SERIAL_PORTS 4

Modified: trunk/src/host/qemu-neo1973/target-alpha/op_helper.c
===================================================================
--- trunk/src/host/qemu-neo1973/target-alpha/op_helper.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/target-alpha/op_helper.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -1072,6 +1072,23 @@
 }
 #endif
 
+#if defined(HOST_SPARC) || defined(HOST_SPARC64)
+void helper_reset_FT0 (void)
+{
+    FT0 = 0;
+}
+
+void helper_reset_FT1 (void)
+{
+    FT1 = 0;
+}
+
+void helper_reset_FT2 (void)
+{
+    FT2 = 0;
+}
+#endif
+
 /*****************************************************************************/
 /* Softmmu support */
 #if !defined (CONFIG_USER_ONLY)

Modified: trunk/src/host/qemu-neo1973/target-alpha/op_helper.h
===================================================================
--- trunk/src/host/qemu-neo1973/target-alpha/op_helper.h	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/target-alpha/op_helper.h	2007-12-04 03:17:20 UTC (rev 3555)
@@ -138,3 +138,9 @@
 void helper_ld_phys_to_virt (void);
 void helper_st_phys_to_virt (void);
 void helper_tb_flush (void);
+
+#if defined(HOST_SPARC) || defined(HOST_SPARC64)
+void helper_reset_FT0 (void);
+void helper_reset_FT1 (void);
+void helper_reset_FT2 (void);
+#endif

Modified: trunk/src/host/qemu-neo1973/target-alpha/op_template.h
===================================================================
--- trunk/src/host/qemu-neo1973/target-alpha/op_template.h	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/target-alpha/op_template.h	2007-12-04 03:17:20 UTC (rev 3555)
@@ -26,11 +26,19 @@
     RETURN();
 }
 
+#if !defined(HOST_SPARC) && !defined(HOST_SPARC64)
 void OPPROTO glue(op_reset_FT, REG) (void)
 {
     glue(FT, REG) = 0;
     RETURN();
 }
+#else
+void OPPROTO glue(op_reset_FT, REG) (void)
+{
+    glue(helper_reset_FT, REG)();
+    RETURN();
+}
+#endif
 
 /* XXX: This can be great on most RISC machines */
 #if !defined(__i386__) && !defined(__x86_64__)

Modified: trunk/src/host/qemu-neo1973/target-mips/mips-defs.h
===================================================================
--- trunk/src/host/qemu-neo1973/target-mips/mips-defs.h	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/target-mips/mips-defs.h	2007-12-04 03:17:20 UTC (rev 3555)
@@ -14,6 +14,9 @@
 #define TARGET_LONG_BITS 32
 #endif
 
+/* Even MIPS32 can have 36 bits physical address space. */
+#define TARGET_PHYS_ADDR_BITS 64
+
 /* Masks used to mark instructions to indicate which ISA level they
    were introduced in. */
 #define		ISA_MIPS1	0x00000001

Modified: trunk/src/host/qemu-neo1973/target-sh4/cpu.h
===================================================================
--- trunk/src/host/qemu-neo1973/target-sh4/cpu.h	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/target-sh4/cpu.h	2007-12-04 03:17:20 UTC (rev 3555)
@@ -46,16 +46,16 @@
 #define FPSCR_SZ (1 << 20)
 #define FPSCR_PR (1 << 19)
 #define FPSCR_DN (1 << 18)
-
-#define DELAY_SLOT             (1 << 0) /* Must be the same as SR_T.  */
-/* This flag is set if the next insn is a delay slot for a conditional jump.
-   The dynamic value of the DELAY_SLOT determines whether the jup is taken. */
+#define DELAY_SLOT             (1 << 0)
 #define DELAY_SLOT_CONDITIONAL (1 << 1)
-/* Those are used in contexts only */
-#define BRANCH                 (1 << 2)
-#define BRANCH_CONDITIONAL     (1 << 3)
-#define MODE_CHANGE            (1 << 4)	/* Potential MD|RB change */
-#define BRANCH_EXCEPTION       (1 << 5)	/* Branch after exception */
+#define DELAY_SLOT_TRUE        (1 << 2)
+#define DELAY_SLOT_CLEARME     (1 << 3)
+/* The dynamic value of the DELAY_SLOT_TRUE flag determines whether the jump
+ * after the delay slot should be taken or not. It is calculated from SR_T.
+ *
+ * It is unclear if it is permitted to modify the SR_T flag in a delay slot.
+ * The use of DELAY_SLOT_TRUE flag makes us accept such SR_T modification.
+ */
 
 /* XXXXX The structure could be made more compact */
 typedef struct tlb_t {
@@ -121,6 +121,7 @@
     int exception_index;
      CPU_COMMON tlb_t utlb[UTLB_SIZE];	/* unified translation table */
     tlb_t itlb[ITLB_SIZE];	/* instruction translation table */
+    void *intc_handle;
 } CPUSH4State;
 
 CPUSH4State *cpu_sh4_init(const char *cpu_model);

Modified: trunk/src/host/qemu-neo1973/target-sh4/helper.c
===================================================================
--- trunk/src/host/qemu-neo1973/target-sh4/helper.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/target-sh4/helper.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -27,6 +27,7 @@
 
 #include "cpu.h"
 #include "exec-all.h"
+#include "hw/sh_intc.h"
 
 #if defined(CONFIG_USER_ONLY)
 
@@ -39,16 +40,16 @@
 			     int mmu_idx, int is_softmmu)
 {
     env->tea = address;
+    env->exception_index = 0;
     switch (rw) {
     case 0:
+	env->tea = address;
         env->exception_index = 0x0a0;
         break;
     case 1:
+	env->tea = address;
         env->exception_index = 0x0c0;
         break;
-    case 2:
-        env->exception_index = 0x0a0;
-        break;
     }
     return 1;
 }
@@ -74,6 +75,31 @@
 
 void do_interrupt(CPUState * env)
 {
+    int do_irq = env->interrupt_request & CPU_INTERRUPT_HARD;
+    int do_exp, irq_vector = env->exception_index;
+
+    /* prioritize exceptions over interrupts */
+
+    do_exp = env->exception_index != -1;
+    do_irq = do_irq && (env->exception_index == -1);
+
+    if (env->sr & SR_BL) {
+        if (do_exp && env->exception_index != 0x1e0) {
+            env->exception_index = 0x000; /* masked exception -> reset */
+        }
+        if (do_irq) {
+            return; /* masked */
+        }
+    }
+
+    if (do_irq) {
+        irq_vector = sh_intc_get_pending_vector(env->intc_handle,
+						(env->sr >> 4) & 0xf);
+        if (irq_vector == -1) {
+            return; /* masked */
+	}
+    }
+
     if (loglevel & CPU_LOG_INT) {
 	const char *expname;
 	switch (env->exception_index) {
@@ -117,33 +143,48 @@
 	    expname = "trapa";
 	    break;
 	default:
-	    expname = "???";
-	    break;
+            expname = do_irq ? "interrupt" : "???";
+            break;
 	}
 	fprintf(logfile, "exception 0x%03x [%s] raised\n",
-		env->exception_index, expname);
+		irq_vector, expname);
 	cpu_dump_state(env, logfile, fprintf, 0);
     }
 
     env->ssr = env->sr;
-    env->spc = env->spc;
+    env->spc = env->pc;
     env->sgr = env->gregs[15];
     env->sr |= SR_BL | SR_MD | SR_RB;
 
-    env->expevt = env->exception_index & 0x7ff;
-    switch (env->exception_index) {
-    case 0x040:
-    case 0x060:
-    case 0x080:
-	env->pc = env->vbr + 0x400;
-	break;
-    case 0x140:
-	env->pc = 0xa0000000;
-	break;
-    default:
-	env->pc = env->vbr + 0x100;
-	break;
+    if (do_exp) {
+        env->expevt = env->exception_index;
+        switch (env->exception_index) {
+        case 0x000:
+        case 0x020:
+        case 0x140:
+            env->sr &= ~SR_FD;
+            env->sr |= 0xf << 4; /* IMASK */
+            env->pc = 0xa0000000;
+            break;
+        case 0x040:
+        case 0x060:
+            env->pc = env->vbr + 0x400;
+            break;
+        case 0x160:
+            env->spc += 2; /* special case for TRAPA */
+            /* fall through */
+        default:
+            env->pc = env->vbr + 0x100;
+            break;
+        }
+        return;
     }
+
+    if (do_irq) {
+        env->intevt = irq_vector;
+        env->pc = env->vbr + 0x600;
+        return;
+    }
 }
 
 static void update_itlb_use(CPUState * env, int itlbnb)

Modified: trunk/src/host/qemu-neo1973/target-sh4/op.c
===================================================================
--- trunk/src/host/qemu-neo1973/target-sh4/op.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/target-sh4/op.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -19,16 +19,6 @@
  */
 #include "exec.h"
 
-static inline void set_flag(uint32_t flag)
-{
-    env->flags |= flag;
-}
-
-static inline void clr_flag(uint32_t flag)
-{
-    env->flags &= ~flag;
-}
-
 static inline void set_t(void)
 {
     env->sr |= SR_T;
@@ -110,28 +100,37 @@
 void OPPROTO op_bf_s(void)
 {
     env->delayed_pc = PARAM1;
-    set_flag(DELAY_SLOT_CONDITIONAL | ((~env->sr) & SR_T));
+    if (!(env->sr & SR_T)) {
+        env->flags |= DELAY_SLOT_TRUE;
+    }
     RETURN();
 }
 
 void OPPROTO op_bt_s(void)
 {
     env->delayed_pc = PARAM1;
-    set_flag(DELAY_SLOT_CONDITIONAL | (env->sr & SR_T));
+    if (env->sr & SR_T) {
+        env->flags |= DELAY_SLOT_TRUE;
+    }
     RETURN();
 }
 
+void OPPROTO op_store_flags(void)
+{
+    env->flags &= DELAY_SLOT_TRUE;
+    env->flags |= PARAM1;
+    RETURN();
+}
+
 void OPPROTO op_bra(void)
 {
     env->delayed_pc = PARAM1;
-    set_flag(DELAY_SLOT);
     RETURN();
 }
 
 void OPPROTO op_braf_T0(void)
 {
     env->delayed_pc = PARAM1 + T0;
-    set_flag(DELAY_SLOT);
     RETURN();
 }
 
@@ -139,7 +138,6 @@
 {
     env->pr = PARAM1;
     env->delayed_pc = PARAM2;
-    set_flag(DELAY_SLOT);
     RETURN();
 }
 
@@ -147,7 +145,6 @@
 {
     env->pr = PARAM1;
     env->delayed_pc = PARAM1 + T0;
-    set_flag(DELAY_SLOT);
     RETURN();
 }
 
@@ -155,29 +152,15 @@
 {
     env->pr = PARAM1;
     env->delayed_pc = T0;
-    set_flag(DELAY_SLOT);
     RETURN();
 }
 
 void OPPROTO op_rts(void)
 {
     env->delayed_pc = env->pr;
-    set_flag(DELAY_SLOT);
     RETURN();
 }
 
-void OPPROTO op_clr_delay_slot(void)
-{
-    clr_flag(DELAY_SLOT);
-    RETURN();
-}
-
-void OPPROTO op_clr_delay_slot_conditional(void)
-{
-    clr_flag(DELAY_SLOT_CONDITIONAL);
-    RETURN();
-}
-
 void OPPROTO op_exit_tb(void)
 {
     EXIT_TB();
@@ -242,7 +225,6 @@
 {
     env->sr = env->ssr;
     env->delayed_pc = env->spc;
-    set_flag(DELAY_SLOT);
     RETURN();
 }
 
@@ -437,7 +419,7 @@
 
 void OPPROTO op_trapa(void)
 {
-    env->tra = PARAM1 * 2;
+    env->tra = PARAM1 << 2;
     env->exception_index = 0x160;
     do_raise_exception();
     RETURN();
@@ -458,7 +440,6 @@
 void OPPROTO op_jmp_T0(void)
 {
     env->delayed_pc = T0;
-    set_flag(DELAY_SLOT);
     RETURN();
 }
 
@@ -993,11 +974,10 @@
 
 void OPPROTO op_jdelayed(void)
 {
-    uint32_t flags;
-    flags = env->flags;
-    env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
-    if (flags & DELAY_SLOT)
-	GOTO_LABEL_PARAM(1);
+    if (env->flags & DELAY_SLOT_TRUE) {
+        env->flags &= ~DELAY_SLOT_TRUE;
+        GOTO_LABEL_PARAM(1);
+    }
     RETURN();
 }
 

Modified: trunk/src/host/qemu-neo1973/target-sh4/translate.c
===================================================================
--- trunk/src/host/qemu-neo1973/target-sh4/translate.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/target-sh4/translate.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -57,11 +57,21 @@
     uint32_t fpscr;
     uint16_t opcode;
     uint32_t flags;
+    int bstate;
     int memidx;
     uint32_t delayed_pc;
     int singlestep_enabled;
 } DisasContext;
 
+enum {
+    BS_NONE     = 0, /* We go out of the TB without reaching a branch or an
+                      * exception condition
+                      */
+    BS_STOP     = 1, /* We want to stop translation for any reason */
+    BS_BRANCH   = 2, /* We reached a branch condition     */
+    BS_EXCP     = 3, /* We reached an exception condition */
+};
+
 #ifdef CONFIG_USER_ONLY
 
 #define GEN_OP_LD(width, reg) \
@@ -176,15 +186,6 @@
     gen_op_exit_tb();
 }
 
-/* Jump to pc after an exception */
-static void gen_jump_exception(DisasContext * ctx)
-{
-    gen_op_movl_imm_T0(0);
-    if (ctx->singlestep_enabled)
-	gen_op_debug();
-    gen_op_exit_tb();
-}
-
 static void gen_jump(DisasContext * ctx)
 {
     if (ctx->delayed_pc == (uint32_t) - 1) {
@@ -220,7 +221,7 @@
 
     l1 = gen_new_label();
     gen_op_jdelayed(l1);
-    gen_goto_tb(ctx, 1, ctx->pc);
+    gen_goto_tb(ctx, 1, ctx->pc + 2);
     gen_set_label(l1);
     gen_jump(ctx);
 }
@@ -248,10 +249,10 @@
 
 #define CHECK_NOT_DELAY_SLOT \
   if (ctx->flags & (DELAY_SLOT | DELAY_SLOT_CONDITIONAL)) \
-  {gen_op_raise_slot_illegal_instruction (); ctx->flags |= BRANCH_EXCEPTION; \
+  {gen_op_raise_slot_illegal_instruction (); ctx->bstate = BS_EXCP; \
    return;}
 
-void decode_opc(DisasContext * ctx)
+void _decode_opc(DisasContext * ctx)
 {
 #if 0
     fprintf(stderr, "Translating opcode 0x%04x\n", ctx->opcode);
@@ -290,11 +291,11 @@
 	return;
     case 0xfbfb:		/* frchg */
 	gen_op_frchg();
-	ctx->flags |= MODE_CHANGE;
+	ctx->bstate = BS_STOP;
 	return;
     case 0xf3fb:		/* fschg */
 	gen_op_fschg();
-	ctx->flags |= MODE_CHANGE;
+	ctx->bstate = BS_STOP;
 	return;
     case 0x0009:		/* nop */
 	return;
@@ -805,7 +806,7 @@
 	CHECK_NOT_DELAY_SLOT
 	    gen_conditional_jump(ctx, ctx->pc + 2,
 				 ctx->pc + 4 + B7_0s * 2);
-	ctx->flags |= BRANCH_CONDITIONAL;
+	ctx->bstate = BS_BRANCH;
 	return;
     case 0x8f00:		/* bf/s label */
 	CHECK_NOT_DELAY_SLOT
@@ -816,7 +817,7 @@
 	CHECK_NOT_DELAY_SLOT
 	    gen_conditional_jump(ctx, ctx->pc + 4 + B7_0s * 2,
 				 ctx->pc + 2);
-	ctx->flags |= BRANCH_CONDITIONAL;
+	ctx->bstate = BS_BRANCH;
 	return;
     case 0x8d00:		/* bt/s label */
 	CHECK_NOT_DELAY_SLOT
@@ -908,7 +909,7 @@
     case 0xc300:		/* trapa #imm */
 	CHECK_NOT_DELAY_SLOT gen_op_movl_imm_PC(ctx->pc);
 	gen_op_trapa(B7_0);
-	ctx->flags |= BRANCH;
+	ctx->bstate = BS_BRANCH;
 	return;
     case 0xc800:		/* tst #imm,R0 */
 	gen_op_tst_imm_rN(B7_0, REG(0));
@@ -1012,8 +1013,8 @@
     gen_op_movl_rN_T1 (REG(B11_8));				\
     gen_op_stl_T0_T1 (ctx);					\
     return;
-	LDST(sr, 0x400e, 0x4007, ldc, 0x0002, 0x4003, stc, ctx->flags |=
-	     MODE_CHANGE;)
+	LDST(sr, 0x400e, 0x4007, ldc, 0x0002, 0x4003, stc, ctx->bstate =
+	     BS_STOP;)
 	LDST(gbr, 0x401e, 0x4017, ldc, 0x0012, 0x4013, stc,)
 	LDST(vbr, 0x402e, 0x4027, ldc, 0x0022, 0x4023, stc,)
 	LDST(ssr, 0x403e, 0x4037, ldc, 0x0032, 0x4033, stc,)
@@ -1023,8 +1024,8 @@
 	LDST(macl, 0x401a, 0x4016, lds, 0x001a, 0x4012, sts,)
 	LDST(pr, 0x402a, 0x4026, lds, 0x002a, 0x4022, sts,)
 	LDST(fpul, 0x405a, 0x4056, lds, 0x005a, 0x4052, sts,)
-	LDST(fpscr, 0x406a, 0x4066, lds, 0x006a, 0x4062, sts, ctx->flags |=
-	     MODE_CHANGE;)
+	LDST(fpscr, 0x406a, 0x4066, lds, 0x006a, 0x4062, sts, ctx->bstate =
+	     BS_STOP;)
     case 0x00c3:		/* movca.l R0, at Rm */
 	gen_op_movl_rN_T0(REG(0));
 	gen_op_movl_rN_T1(REG(B11_8));
@@ -1141,9 +1142,30 @@
     fprintf(stderr, "unknown instruction 0x%04x at pc 0x%08x\n",
 	    ctx->opcode, ctx->pc);
     gen_op_raise_illegal_instruction();
-    ctx->flags |= BRANCH_EXCEPTION;
+    ctx->bstate = BS_EXCP;
 }
 
+void decode_opc(DisasContext * ctx)
+{
+    uint32_t old_flags = ctx->flags;
+
+    _decode_opc(ctx);
+
+    if (old_flags & (DELAY_SLOT | DELAY_SLOT_CONDITIONAL)) {
+        if (ctx->flags & DELAY_SLOT_CLEARME) {
+            gen_op_store_flags(0);
+        }
+        ctx->flags = 0;
+        ctx->bstate = BS_BRANCH;
+        if (old_flags & DELAY_SLOT_CONDITIONAL) {
+	    gen_delayed_conditional_jump(ctx);
+        } else if (old_flags & DELAY_SLOT) {
+            gen_jump(ctx);
+	}
+
+    }
+}
+
 static inline int
 gen_intermediate_code_internal(CPUState * env, TranslationBlock * tb,
                                int search_pc)
@@ -1151,7 +1173,6 @@
     DisasContext ctx;
     target_ulong pc_start;
     static uint16_t *gen_opc_end;
-    uint32_t old_flags;
     int i, ii;
 
     pc_start = tb->pc;
@@ -1159,14 +1180,14 @@
     gen_opc_end = gen_opc_buf + OPC_MAX_SIZE;
     gen_opparam_ptr = gen_opparam_buf;
     ctx.pc = pc_start;
-    ctx.flags = env->flags;
-    old_flags = 0;
+    ctx.flags = (uint32_t)tb->flags;
+    ctx.bstate = BS_NONE;
     ctx.sr = env->sr;
     ctx.fpscr = env->fpscr;
     ctx.memidx = (env->sr & SR_MD) ? 1 : 0;
     /* We don't know if the delayed pc came from a dynamic or static branch,
        so assume it is a dynamic branch.  */
-    ctx.delayed_pc = -1;
+    ctx.delayed_pc = -1; /* use delayed pc from env pointer */
     ctx.tb = tb;
     ctx.singlestep_enabled = env->singlestep_enabled;
     nb_gen_labels = 0;
@@ -1180,18 +1201,14 @@
 #endif
 
     ii = -1;
-    while ((old_flags & (DELAY_SLOT | DELAY_SLOT_CONDITIONAL)) == 0 &&
-	   (ctx.flags & (BRANCH | BRANCH_CONDITIONAL | MODE_CHANGE |
-			 BRANCH_EXCEPTION)) == 0 &&
-	   gen_opc_ptr < gen_opc_end && ctx.sr == env->sr) {
-	old_flags = ctx.flags;
+    while (ctx.bstate == BS_NONE && gen_opc_ptr < gen_opc_end) {
 	if (env->nb_breakpoints > 0) {
 	    for (i = 0; i < env->nb_breakpoints; i++) {
 		if (ctx.pc == env->breakpoints[i]) {
 		    /* We have hit a breakpoint - make sure PC is up-to-date */
 		    gen_op_movl_imm_PC(ctx.pc);
 		    gen_op_debug();
-		    ctx.flags |= BRANCH_EXCEPTION;
+		    ctx.bstate = BS_EXCP;
 		    break;
 		}
 	    }
@@ -1204,6 +1221,7 @@
                     gen_opc_instr_start[ii++] = 0;
             }
             gen_opc_pc[ii] = ctx.pc;
+            gen_opc_hflags[ii] = ctx.flags;
             gen_opc_instr_start[ii] = 1;
         }
 #if 0
@@ -1221,21 +1239,30 @@
 	break;
 #endif
     }
-
-    if (old_flags & DELAY_SLOT_CONDITIONAL) {
-	gen_delayed_conditional_jump(&ctx);
-    } else if (old_flags & DELAY_SLOT) {
-	gen_op_clr_delay_slot();
-	gen_jump(&ctx);
-    } else if (ctx.flags & BRANCH_EXCEPTION) {
-        gen_jump_exception(&ctx);
-    } else if ((ctx.flags & (BRANCH | BRANCH_CONDITIONAL)) == 0) {
-        gen_goto_tb(&ctx, 0, ctx.pc);
+    if (env->singlestep_enabled) {
+        gen_op_debug();
+    } else {
+	switch (ctx.bstate) {
+        case BS_STOP:
+            /* gen_op_interrupt_restart(); */
+            /* fall through */
+        case BS_NONE:
+            if (ctx.flags) {
+                gen_op_store_flags(ctx.flags | DELAY_SLOT_CLEARME);
+	    }
+            gen_goto_tb(&ctx, 0, ctx.pc);
+            break;
+        case BS_EXCP:
+            /* gen_op_interrupt_restart(); */
+            gen_op_movl_imm_T0(0);
+            gen_op_exit_tb();
+            break;
+        case BS_BRANCH:
+        default:
+            break;
+	}
     }
 
-    if (env->singlestep_enabled) {
-	gen_op_debug();
-    }
     *gen_opc_ptr = INDEX_op_end;
     if (search_pc) {
         i = gen_opc_ptr - gen_opc_buf;

Modified: trunk/src/host/qemu-neo1973/target-sparc/cpu.h
===================================================================
--- trunk/src/host/qemu-neo1973/target-sparc/cpu.h	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/target-sparc/cpu.h	2007-12-04 03:17:20 UTC (rev 3555)
@@ -218,6 +218,7 @@
     uint32_t mmuregs[32];
     uint64_t mxccdata[4];
     uint64_t mxccregs[8];
+    uint64_t prom_addr;
 #endif
     /* temporary float registers */
     float32 ft0, ft1;

Modified: trunk/src/host/qemu-neo1973/target-sparc/exec.h
===================================================================
--- trunk/src/host/qemu-neo1973/target-sparc/exec.h	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/target-sparc/exec.h	2007-12-04 03:17:20 UTC (rev 3555)
@@ -71,13 +71,14 @@
 void do_fcmped(void);
 #if defined(CONFIG_USER_ONLY)
 void do_fitoq(void);
-void do_fabsq(void);
 void do_fsqrtq(void);
 void do_fcmpq(void);
 void do_fcmpeq(void);
 #endif
 #ifdef TARGET_SPARC64
 void do_fabsd(void);
+void do_fxtos(void);
+void do_fxtod(void);
 void do_fcmps_fcc1(void);
 void do_fcmpd_fcc1(void);
 void do_fcmps_fcc2(void);
@@ -91,6 +92,8 @@
 void do_fcmpes_fcc3(void);
 void do_fcmped_fcc3(void);
 #if defined(CONFIG_USER_ONLY)
+void do_fabsq(void);
+void do_fxtoq(void);
 void do_fcmpq_fcc1(void);
 void do_fcmpq_fcc2(void);
 void do_fcmpq_fcc3(void);

Modified: trunk/src/host/qemu-neo1973/target-sparc/helper.c
===================================================================
--- trunk/src/host/qemu-neo1973/target-sparc/helper.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/target-sparc/helper.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -115,7 +115,7 @@
     if ((env->mmuregs[0] & MMU_E) == 0) { /* MMU disabled */
         // Boot mode: instruction fetches are taken from PROM
         if (rw == 2 && (env->mmuregs[0] & env->mmu_bm)) {
-            *physical = 0xff0000000ULL | (address & 0x3ffffULL);
+            *physical = env->prom_addr | (address & 0x7ffffULL);
             *prot = PAGE_READ | PAGE_EXEC;
             return 0;
         }

Modified: trunk/src/host/qemu-neo1973/target-sparc/op_helper.c
===================================================================
--- trunk/src/host/qemu-neo1973/target-sparc/op_helper.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/target-sparc/op_helper.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -70,6 +70,14 @@
 {
     DT0 = int32_to_float64(*((int32_t *)&FT1), &env->fp_status);
 }
+
+#if defined(CONFIG_USER_ONLY)
+void do_fitoq(void)
+{
+    QT0 = int32_to_float128(*((int32_t *)&FT1), &env->fp_status);
+}
+#endif
+
 #ifdef TARGET_SPARC64
 void do_fxtos(void)
 {
@@ -84,8 +92,17 @@
     DT0 = int64_to_float64(*((int64_t *)&DT1), &env->fp_status);
     check_ieee_exceptions();
 }
+
+#if defined(CONFIG_USER_ONLY)
+void do_fxtoq(void)
+{
+    set_float_exception_flags(0, &env->fp_status);
+    QT0 = int64_to_float128(*((int32_t *)&DT1), &env->fp_status);
+    check_ieee_exceptions();
+}
 #endif
 #endif
+#endif
 
 void do_fabss(void)
 {

Modified: trunk/src/host/qemu-neo1973/translate-all.c
===================================================================
--- trunk/src/host/qemu-neo1973/translate-all.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/translate-all.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -53,7 +53,7 @@
 #elif defined(TARGET_SPARC)
 target_ulong gen_opc_npc[OPC_BUF_SIZE];
 target_ulong gen_opc_jump_pc[2];
-#elif defined(TARGET_MIPS)
+#elif defined(TARGET_MIPS) || defined(TARGET_SH4)
 uint32_t gen_opc_hflags[OPC_BUF_SIZE];
 #endif
 
@@ -298,6 +298,9 @@
     env->hflags |= gen_opc_hflags[j];
 #elif defined(TARGET_ALPHA)
     env->pc = gen_opc_pc[j];
+#elif defined(TARGET_SH4)
+    env->pc = gen_opc_pc[j];
+    env->flags = gen_opc_hflags[j];
 #endif
     return 0;
 }

Modified: trunk/src/host/qemu-neo1973/vl.c
===================================================================
--- trunk/src/host/qemu-neo1973/vl.c	2007-12-03 23:16:08 UTC (rev 3554)
+++ trunk/src/host/qemu-neo1973/vl.c	2007-12-04 03:17:20 UTC (rev 3555)
@@ -163,12 +163,10 @@
 void *ioport_opaque[MAX_IOPORTS];
 IOPortReadFunc *ioport_read_table[3][MAX_IOPORTS];
 IOPortWriteFunc *ioport_write_table[3][MAX_IOPORTS];
-/* Note: bs_table[MAX_DISKS] is a dummy block driver if none available
+/* Note: drives_table[MAX_DRIVES] is a dummy block driver if none available
    to store the VM snapshots */
-BlockDriverState *bs_table[MAX_DISKS + 1], *fd_table[MAX_FD];
-BlockDriverState *pflash_table[MAX_PFLASH];
-BlockDriverState *sd_bdrv;
-BlockDriverState *mtd_bdrv;
+DriveInfo drives_table[MAX_DRIVES+1];
+int nb_drives;
 /* point to the block driver where the snapshots are managed */
 BlockDriverState *bs_snapshots;
 int vga_ram_size;
@@ -234,6 +232,8 @@
 #endif
 struct bt_piconet_s *local_piconet;
 struct modem_ops_s modem_ops;
+int nb_drives_opt;
+char drives_opt[MAX_DRIVES][1024];
 
 static CPUState *cur_cpu;
 static CPUState *next_cpu;
@@ -1764,12 +1764,9 @@
         case 's':
             {
                 int i;
-                for (i = 0; i < MAX_DISKS; i++) {
-                    if (bs_table[i])
-                        bdrv_commit(bs_table[i]);
+                for (i = 0; i < nb_drives; i++) {
+                        bdrv_commit(drives_table[i].bdrv);
                 }
-                if (mtd_bdrv)
-                    bdrv_commit(mtd_bdrv);
             }
             break;
         case 'b':
@@ -4560,38 +4557,51 @@
 
 }
 
+static const char *get_word(char *buf, int buf_size, const char *p)
+{
+    char *q;
+    int substring;
+
+    substring = 0;
+    q = buf;
+    while (*p != '\0') {
+        if (*p == '\\') {
+            p++;
+            if (*p == '\0')
+                break;
+        } else if (*p == '\"') {
+            substring = !substring;
+            p++;
+            continue;
+        } else if (!substring && (*p == ',' || *p == '='))
+            break;
+        if (q && (q - buf) < buf_size - 1)
+            *q++ = *p;
+        p++;
+    }
+    if (q)
+        *q = '\0';
+
+    return p;
+}
+
 static int get_param_value(char *buf, int buf_size,
                            const char *tag, const char *str)
 {
     const char *p;
-    char *q;
     char option[128];
 
     p = str;
     for(;;) {
-        q = option;
-        while (*p != '\0' && *p != '=') {
-            if ((q - option) < sizeof(option) - 1)
-                *q++ = *p;
-            p++;
-        }
-        *q = '\0';
+        p = get_word(option, sizeof(option), p);
         if (*p != '=')
             break;
         p++;
         if (!strcmp(tag, option)) {
-            q = buf;
-            while (*p != '\0' && *p != ',') {
-                if ((q - buf) < buf_size - 1)
-                    *q++ = *p;
-                p++;
-            }
-            *q = '\0';
-            return q - buf;
+            (void)get_word(buf, buf_size, p);
+            return strlen(buf);
         } else {
-            while (*p != '\0' && *p != ',') {
-                p++;
-            }
+            p = get_word(NULL, 0, p);
         }
         if (*p != ',')
             break;
@@ -4600,6 +4610,32 @@
     return 0;
 }
 
+static int check_params(char *buf, int buf_size,
+                        char **params, const char *str)
+{
+    const char *p;
+    int i;
+
+    p = str;
+    for(;;) {
+        p = get_word(buf, buf_size, p);
+        if (*p != '=')
+            return -1;
+        p++;
+        for(i = 0; params[i] != NULL; i++)
+            if (!strcmp(params[i], buf))
+                break;
+        if (params[i] == NULL)
+            return -1;
+        p = get_word(NULL, 0, p);
+        if (*p != ',')
+            break;
+        p++;
+    }
+    return 0;
+}
+
+
 static int net_client_init(const char *str)
 {
     const char *p;
@@ -4750,6 +4786,323 @@
     }
 }
 
+#define HD_ALIAS "file=\"%s\",index=%d,media=disk"
+#ifdef TARGET_PPC
+#define CDROM_ALIAS "index=1,media=cdrom"
+#else
+#define CDROM_ALIAS "index=2,media=cdrom"
+#endif
+#define FD_ALIAS "index=%d,if=floppy"
+#define PFLASH_ALIAS "file=\"%s\",if=pflash"
+#define MTD_ALIAS "file=\"%s\",if=mtd"
+#define SD_ALIAS "index=0,if=sd"
+
+static int drive_add(const char *fmt, ...)
+{
+    va_list ap;
+
+    if (nb_drives_opt >= MAX_DRIVES) {
+        fprintf(stderr, "qemu: too many drives\n");
+        exit(1);
+    }
+
+    va_start(ap, fmt);
+    vsnprintf(drives_opt[nb_drives_opt], sizeof(drives_opt[0]), fmt, ap);
+    va_end(ap);
+
+    return nb_drives_opt++;
+}
+
+int drive_get_index(BlockInterfaceType interface, int bus, int unit)
+{
+    int index;
+
+    /* seek interface, bus and unit */
+
+    for (index = 0; index < nb_drives; index++)
+        if (drives_table[index].interface == interface &&
+	    drives_table[index].bus == bus &&
+	    drives_table[index].unit == unit)
+        return index;
+
+    return -1;
+}
+
+int drive_get_max_bus(BlockInterfaceType interface)
+{
+    int max_bus;
+    int index;
+
+    max_bus = -1;
+    for (index = 0; index < nb_drives; index++) {
+        if(drives_table[index].interface == interface &&
+           drives_table[index].bus > max_bus)
+            max_bus = drives_table[index].bus;
+    }
+    return max_bus;
+}
+
+static int drive_init(const char *str, int snapshot, QEMUMachine *machine)
+{
+    char buf[128];
+    char file[1024];
+    BlockInterfaceType interface;
+    enum { MEDIA_DISK, MEDIA_CDROM } media;
+    int bus_id, unit_id;
+    int cyls, heads, secs, translation;
+    BlockDriverState *bdrv;
+    int max_devs;
+    int index;
+    char *params[] = { "bus", "unit", "if", "index", "cyls", "heads",
+                       "secs", "trans", "media", "snapshot", "file", NULL };
+
+    if (check_params(buf, sizeof(buf), params, str) < 0) {
+         fprintf(stderr, "qemu: unknowm parameter '%s' in '%s'\n",
+                         buf, str);
+         return -1;
+    }
+
+    file[0] = 0;
+    cyls = heads = secs = 0;
+    bus_id = 0;
+    unit_id = -1;
+    translation = BIOS_ATA_TRANSLATION_AUTO;
+    index = -1;
+
+    if (!strcmp(machine->name, "realview") ||
+        !strcmp(machine->name, "SS-5") ||
+        !strcmp(machine->name, "SS-10") ||
+        !strcmp(machine->name, "SS-600MP") ||
+        !strcmp(machine->name, "versatilepb") ||
+        !strcmp(machine->name, "versatileab")) {
+        interface = IF_SCSI;
+        max_devs = MAX_SCSI_DEVS;
+    } else {
+        interface = IF_IDE;
+        max_devs = MAX_IDE_DEVS;
+    }
+    media = MEDIA_DISK;
+
+    /* extract parameters */
+
+    if (get_param_value(buf, sizeof(buf), "bus", str)) {
+        bus_id = strtol(buf, NULL, 0);
+	if (bus_id < 0) {
+	    fprintf(stderr, "qemu: '%s' invalid bus id\n", str);
+	    return -1;
+	}
+    }
+
+    if (get_param_value(buf, sizeof(buf), "unit", str)) {
+        unit_id = strtol(buf, NULL, 0);
+	if (unit_id < 0) {
+	    fprintf(stderr, "qemu: '%s' invalid unit id\n", str);
+	    return -1;
+	}
+    }
+
+    if (get_param_value(buf, sizeof(buf), "if", str)) {
+        if (!strcmp(buf, "ide")) {
+	    interface = IF_IDE;
+            max_devs = MAX_IDE_DEVS;
+        } else if (!strcmp(buf, "scsi")) {
+	    interface = IF_SCSI;
+            max_devs = MAX_SCSI_DEVS;
+        } else if (!strcmp(buf, "floppy")) {
+	    interface = IF_FLOPPY;
+            max_devs = 0;
+        } else if (!strcmp(buf, "pflash")) {
+	    interface = IF_PFLASH;
+            max_devs = 0;
+	} else if (!strcmp(buf, "mtd")) {
+	    interface = IF_MTD;
+            max_devs = 0;
+	} else if (!strcmp(buf, "sd")) {
+	    interface = IF_SD;
+            max_devs = 0;
+	} else {
+            fprintf(stderr, "qemu: '%s' unsupported bus type '%s'\n", str, buf);
+            return -1;
+	}
+    }
+
+    if (get_param_value(buf, sizeof(buf), "index", str)) {
+        index = strtol(buf, NULL, 0);
+	if (index < 0) {
+	    fprintf(stderr, "qemu: '%s' invalid index\n", str);
+	    return -1;
+	}
+    }
+
+    if (get_param_value(buf, sizeof(buf), "cyls", str)) {
+        cyls = strtol(buf, NULL, 0);
+    }
+
+    if (get_param_value(buf, sizeof(buf), "heads", str)) {
+        heads = strtol(buf, NULL, 0);
+    }
+
+    if (get_param_value(buf, sizeof(buf), "secs", str)) {
+        secs = strtol(buf, NULL, 0);
+    }
+
+    if (cyls || heads || secs) {
+        if (cyls < 1 || cyls > 16383) {
+            fprintf(stderr, "qemu: '%s' invalid physical cyls number\n", str);
+	    return -1;
+	}
+        if (heads < 1 || heads > 16) {
+            fprintf(stderr, "qemu: '%s' invalid physical heads number\n", str);
+	    return -1;
+	}
+        if (secs < 1 || secs > 63) {
+            fprintf(stderr, "qemu: '%s' invalid physical secs number\n", str);
+	    return -1;
+	}
+    }
+
+    if (get_param_value(buf, sizeof(buf), "trans", str)) {
+        if (!cyls) {
+            fprintf(stderr,
+                    "qemu: '%s' trans must be used with cyls,heads and secs\n",
+                    str);
+            return -1;
+        }
+        if (!strcmp(buf, "none"))
+            translation = BIOS_ATA_TRANSLATION_NONE;
+        else if (!strcmp(buf, "lba"))
+            translation = BIOS_ATA_TRANSLATION_LBA;
+        else if (!strcmp(buf, "auto"))
+            translation = BIOS_ATA_TRANSLATION_AUTO;
+	else {
+            fprintf(stderr, "qemu: '%s' invalid translation type\n", str);
+	    return -1;
+	}
+    }
+
+    if (get_param_value(buf, sizeof(buf), "media", str)) {
+        if (!strcmp(buf, "disk")) {
+	    media = MEDIA_DISK;
+	} else if (!strcmp(buf, "cdrom")) {
+            if (cyls || secs || heads) {
+                fprintf(stderr,
+                        "qemu: '%s' invalid physical CHS format\n", str);
+	        return -1;
+            }
+	    media = MEDIA_CDROM;
+	} else {
+	    fprintf(stderr, "qemu: '%s' invalid media\n", str);
+	    return -1;
+	}
+    }
+
+    if (get_param_value(buf, sizeof(buf), "snapshot", str)) {
+        if (!strcmp(buf, "on"))
+	    snapshot = 1;
+        else if (!strcmp(buf, "off"))
+	    snapshot = 0;
+	else {
+	    fprintf(stderr, "qemu: '%s' invalid snapshot option\n", str);
+	    return -1;
+	}
+    }
+
+    get_param_value(file, sizeof(file), "file", str);
+
+    /* compute bus and unit according index */
+
+    if (index != -1) {
+        if (bus_id != 0 || unit_id != -1) {
+            fprintf(stderr,
+                    "qemu: '%s' index cannot be used with bus and unit\n", str);
+            return -1;
+        }
+        if (max_devs == 0)
+        {
+            unit_id = index;
+            bus_id = 0;
+        } else {
+            unit_id = index % max_devs;
+            bus_id = index / max_devs;
+        }
+    }
+
+    /* if user doesn't specify a unit_id,
+     * try to find the first free
+     */
+
+    if (unit_id == -1) {
+       unit_id = 0;
+       while (drive_get_index(interface, bus_id, unit_id) != -1) {
+           unit_id++;
+           if (max_devs && unit_id >= max_devs) {
+               unit_id -= max_devs;
+               bus_id++;
+           }
+       }
+    }
+
+    /* check unit id */
+
+    if (max_devs && unit_id >= max_devs) {
+        fprintf(stderr, "qemu: '%s' unit %d too big (max is %d)\n",
+                        str, unit_id, max_devs - 1);
+        return -1;
+    }
+
+    /*
+     * ignore multiple definitions
+     */
+
+    if (drive_get_index(interface, bus_id, unit_id) != -1)
+        return 0;
+
+    /* init */
+
+    snprintf(buf, sizeof(buf), "drive%d", nb_drives);
+    bdrv = bdrv_new(buf);
+    drives_table[nb_drives].bdrv = bdrv;
+    drives_table[nb_drives].interface = interface;
+    drives_table[nb_drives].bus = bus_id;
+    drives_table[nb_drives].unit = unit_id;
+    nb_drives++;
+
+    switch(interface) {
+    case IF_IDE:
+    case IF_SCSI:
+        switch(media) {
+	case MEDIA_DISK:
+            if (cyls != 0) {
+                bdrv_set_geometry_hint(bdrv, cyls, heads, secs);
+                bdrv_set_translation_hint(bdrv, translation);
+            }
+	    break;
+	case MEDIA_CDROM:
+            bdrv_set_type_hint(bdrv, BDRV_TYPE_CDROM);
+	    break;
+	}
+        break;
+    case IF_SD:
+        /* FIXME: This isn't really a floppy, but it's a reasonable
+           approximation.  */
+    case IF_FLOPPY:
+        bdrv_set_type_hint(bdrv, BDRV_TYPE_FLOPPY);
+        break;
+    case IF_PFLASH:
+    case IF_MTD:
+        break;
+    }
+    if (!file[0])
+        return 0;
+    if (bdrv_open(bdrv, file, snapshot ? BDRV_O_SNAPSHOT : 0) < 0 ||
+        qemu_key_check(bdrv, file)) {
+        fprintf(stderr, "qemu: could not open disk image %s\n",
+                        file);
+        return -1;
+    }
+    return 0;
+}
+
 /***********************************************************/
 /* USB devices */
 
@@ -5758,14 +6111,11 @@
 
     if (bs_snapshots)
         return bs_snapshots;
-    for(i = 0; i <= MAX_DISKS; i++) {
-        bs = bs_table[i];
+    for(i = 0; i <= nb_drives; i++) {
+        bs = drives_table[i].bdrv;
         if (bdrv_can_snapshot(bs))
             goto ok;
     }
-    bs = mtd_bdrv;
-    if (bdrv_can_snapshot(bs))
-        goto ok;
     return NULL;
  ok:
     bs_snapshots = bs;
@@ -5796,9 +6146,9 @@
 
 void do_savevm(const char *name)
 {
-    BlockDriverState *bs;
+    BlockDriverState *bs, *bs1;
     QEMUSnapshotInfo sn1, *sn = &sn1, old_sn1, *old_sn = &old_sn1;
-    int must_delete, ret;
+    int must_delete, ret, i;
     BlockDriverInfo bdi1, *bdi = &bdi1;
     QEMUFile *f;
     int saved_vm_running;
@@ -5870,19 +6220,22 @@
 
     /* create the snapshots */
 
-    if (bdrv_has_snapshot(bs)) {
-        if (must_delete) {
-            ret = bdrv_snapshot_delete(bs, old_sn->id_str);
+    for(i = 0; i < nb_drives; i++) {
+        bs1 = drives_table[i].bdrv;
+        if (bdrv_has_snapshot(bs1)) {
+            if (must_delete) {
+                ret = bdrv_snapshot_delete(bs1, old_sn->id_str);
+                if (ret < 0) {
+                    term_printf("Error while deleting snapshot on '%s'\n",
+                                bdrv_get_device_name(bs1));
+                }
+            }
+            ret = bdrv_snapshot_create(bs1, sn);
             if (ret < 0) {
-                term_printf("Error while deleting snapshot on '%s'\n",
-                            bdrv_get_device_name(bs));
+                term_printf("Error while creating snapshot on '%s'\n",
+                            bdrv_get_device_name(bs1));
             }
         }
-        ret = bdrv_snapshot_create(bs, sn);
-        if (ret < 0) {
-            term_printf("Error while creating snapshot on '%s'\n",
-                        bdrv_get_device_name(bs));
-        }
     }
 
  the_end:
@@ -5892,10 +6245,10 @@
 
 void do_loadvm(const char *name)
 {
-    BlockDriverState *bs;
+    BlockDriverState *bs, *bs1;
     BlockDriverInfo bdi1, *bdi = &bdi1;
     QEMUFile *f;
-    int ret;
+    int i, ret;
     int saved_vm_running;
 
     bs = get_bs_snapshots();
@@ -5910,25 +6263,31 @@
     saved_vm_running = vm_running;
     vm_stop(0);
 
-    if (bdrv_has_snapshot(bs)) {
-        ret = bdrv_snapshot_goto(bs, name);
-        if (ret < 0) {
-            switch(ret) {
-            case -ENOTSUP:
-                term_printf("Snapshots not supported on device '%s'\n",
-                            bdrv_get_device_name(bs));
-                break;
-            case -ENOENT:
-                term_printf("Could not find snapshot '%s' on device '%s'\n",
-                            name, bdrv_get_device_name(bs));
-                break;
-            default:
-                term_printf("Error %d while activating snapshot on '%s'\n",
-                            ret, bdrv_get_device_name(bs));
-                break;
+    for(i = 0; i <= nb_drives; i++) {
+        bs1 = drives_table[i].bdrv;
+        if (bdrv_has_snapshot(bs1)) {
+            ret = bdrv_snapshot_goto(bs1, name);
+            if (ret < 0) {
+                if (bs != bs1)
+                    term_printf("Warning: ");
+                switch(ret) {
+                case -ENOTSUP:
+                    term_printf("Snapshots not supported on device '%s'\n",
+                                bdrv_get_device_name(bs1));
+                    break;
+                case -ENOENT:
+                    term_printf("Could not find snapshot '%s' on device '%s'\n",
+                                name, bdrv_get_device_name(bs1));
+                    break;
+                default:
+                    term_printf("Error %d while activating snapshot on '%s'\n",
+                                ret, bdrv_get_device_name(bs1));
+                    break;
+                }
+                /* fatal on snapshot block device */
+                if (bs == bs1)
+                    goto the_end;
             }
-            /* fatal on snapshot block device */
-            goto the_end;
         }
     }
 
@@ -5956,8 +6315,8 @@
 
 void do_delvm(const char *name)
 {
-    BlockDriverState *bs;
-    int ret, i;
+    BlockDriverState *bs, *bs1;
+    int i, ret;
 
     bs = get_bs_snapshots();
     if (!bs) {
@@ -5965,17 +6324,17 @@
         return;
     }
 
-    for(i = 0; i <= MAX_DISKS; i++) {
-        bs = bs_table[i];
-        if (bdrv_has_snapshot(bs)) {
-            ret = bdrv_snapshot_delete(bs, name);
+    for(i = 0; i <= nb_drives; i++) {
+        bs1 = drives_table[i].bdrv;
+        if (bdrv_has_snapshot(bs1)) {
+            ret = bdrv_snapshot_delete(bs1, name);
             if (ret < 0) {
                 if (ret == -ENOTSUP)
                     term_printf("Snapshots not supported on device '%s'\n",
-                                bdrv_get_device_name(bs));
+                                bdrv_get_device_name(bs1));
                 else
                     term_printf("Error %d while deleting snapshot on '%s'\n",
-                                ret, bdrv_get_device_name(bs));
+                                ret, bdrv_get_device_name(bs1));
             }
         }
     }
@@ -5983,7 +6342,7 @@
 
 void do_info_snapshots(void)
 {
-    BlockDriverState *bs;
+    BlockDriverState *bs, *bs1;
     QEMUSnapshotInfo *sn_tab, *sn;
     int nb_sns, i;
     char buf[256];
@@ -5994,8 +6353,13 @@
         return;
     }
     term_printf("Snapshot devices:");
-    if (bdrv_has_snapshot(bs))
-        term_printf(" %s", bdrv_get_device_name(bs));
+    for(i = 0; i <= nb_drives; i++) {
+        bs1 = drives_table[i].bdrv;
+        if (bdrv_has_snapshot(bs1)) {
+            if (bs == bs1)
+                term_printf(" %s", bdrv_get_device_name(bs1));
+        }
+    }
     term_printf("\n");
 
     nb_sns = bdrv_snapshot_list(bs, &sn_tab);
@@ -6740,15 +7104,14 @@
             /* find if the memory block is available on a virtual
                block device */
             sector_num = -1;
-            for(j = 0; j < MAX_DISKS; j++) {
-                if (bs_table[j]) {
-                    sector_num = bdrv_hash_find(bs_table[j],
-                                                phys_ram_base + i, BDRV_HASH_BLOCK_SIZE);
-                    if (sector_num >= 0)
-                        break;
-                }
+            for(j = 0; j < nb_drives; j++) {
+                sector_num = bdrv_hash_find(drives_table[j].bdrv,
+                                            phys_ram_base + i,
+					    BDRV_HASH_BLOCK_SIZE);
+                if (sector_num >= 0)
+                    break;
             }
-            if (j == MAX_DISKS)
+            if (j == nb_drives)
                 goto normal_compress;
             buf[0] = 1;
             buf[1] = j;
@@ -6799,11 +7162,12 @@
             ram_decompress_buf(s, buf + 1, 9);
             bs_index = buf[1];
             sector_num = be64_to_cpupu((const uint64_t *)(buf + 2));
-            if (bs_index >= MAX_DISKS || bs_table[bs_index] == NULL) {
+            if (bs_index >= nb_drives) {
                 fprintf(stderr, "Invalid block device index %d\n", bs_index);
                 goto error;
             }
-            if (bdrv_read(bs_table[bs_index], sector_num, phys_ram_base + i,
+            if (bdrv_read(drives_table[bs_index].bdrv, sector_num,
+	                  phys_ram_base + i,
                           BDRV_HASH_BLOCK_SIZE / 512) < 0) {
                 fprintf(stderr, "Error while reading sector %d:%" PRId64 "\n",
                         bs_index, sector_num);
@@ -7302,6 +7666,9 @@
            "-hda/-hdb file  use 'file' as IDE hard disk 0/1 image\n"
            "-hdc/-hdd file  use 'file' as IDE hard disk 2/3 image\n"
            "-cdrom file     use 'file' as IDE cdrom image (cdrom is ide1 master)\n"
+	   "-drive [file=file][,if=type][,bus=n][,unit=m][,media=d][index=i]\n"
+           "       [,cyls=c,heads=h,secs=s[,trans=t]][snapshot=on|off]\n"
+	   "                use 'file' as a drive image\n"
            "-mtdblock file  use 'file' as on-board Flash memory image\n"
            "-sd file        use 'file' as SecureDigital card image\n"
            "-pflash file    use 'file' as a parallel flash image\n"
@@ -7448,6 +7815,7 @@
     QEMU_OPTION_hdb,
     QEMU_OPTION_hdc,
     QEMU_OPTION_hdd,
+    QEMU_OPTION_drive,
     QEMU_OPTION_cdrom,
     QEMU_OPTION_mtdblock,
     QEMU_OPTION_sd,
@@ -7538,6 +7906,7 @@
     { "hdb", HAS_ARG, QEMU_OPTION_hdb },
     { "hdc", HAS_ARG, QEMU_OPTION_hdc },
     { "hdd", HAS_ARG, QEMU_OPTION_hdd },
+    { "drive", HAS_ARG, QEMU_OPTION_drive },
     { "cdrom", HAS_ARG, QEMU_OPTION_cdrom },
     { "mtdblock", HAS_ARG, QEMU_OPTION_mtdblock },
     { "sd", HAS_ARG, QEMU_OPTION_sd },
@@ -7651,16 +8020,9 @@
 
 static BlockDriverState *get_bdrv(int index)
 {
-    BlockDriverState *bs;
-
-    if (index < 4) {
-        bs = bs_table[index];
-    } else if (index < 6) {
-        bs = fd_table[index - 4];
-    } else {
-        bs = NULL;
-    }
-    return bs;
+    if (index > nb_drives)
+        return NULL;
+    return drives_table[index].bdrv;
 }
 
 static void read_passwords(void)
@@ -7864,19 +8226,16 @@
     const char *gdbstub_port;
 #endif
     uint32_t boot_devices_bitmap = 0;
-    int i, cdrom_index, pflash_index;
+    int i;
     int snapshot, linux_boot, net_boot;
     const char *initrd_filename;
-    const char *hd_filename[MAX_DISKS], *fd_filename[MAX_FD];
-    const char *pflash_filename[MAX_PFLASH];
-    const char *sd_filename;
-    const char *mtd_filename;
     const char *kernel_filename, *kernel_cmdline;
     const char *boot_devices = "";
     DisplayState *ds = &display_state;
     int cyls, heads, secs, translation;
     char net_clients[MAX_NET_CLIENTS][256];
     int nb_net_clients;
+    int hda_index;
     int optind;
     const char *r, *optarg;
     CharDriverState *monitor_hd;
@@ -7930,15 +8289,6 @@
     machine = first_machine;
     cpu_model = NULL;
     initrd_filename = NULL;
-    for(i = 0; i < MAX_FD; i++)
-        fd_filename[i] = NULL;
-    for(i = 0; i < MAX_DISKS; i++)
-        hd_filename[i] = NULL;
-    for(i = 0; i < MAX_PFLASH; i++)
-        pflash_filename[i] = NULL;
-    pflash_index = 0;
-    sd_filename = NULL;
-    mtd_filename = NULL;
     ram_size = DEFAULT_RAM_SIZE * 1024 * 1024;
     vga_ram_size = VGA_RAM_SIZE;
 #ifdef CONFIG_GDBSTUB
@@ -7949,11 +8299,6 @@
     nographic = 0;
     kernel_filename = NULL;
     kernel_cmdline = "";
-#ifdef TARGET_PPC
-    cdrom_index = 1;
-#else
-    cdrom_index = 2;
-#endif
     cyls = heads = secs = 0;
     translation = BIOS_ATA_TRANSLATION_AUTO;
     pstrcpy(monitor_device, sizeof(monitor_device), "vc");
@@ -7971,6 +8316,9 @@
     usb_devices_index = 0;
 
     nb_net_clients = 0;
+    nb_drives = 0;
+    nb_drives_opt = 0;
+    hda_index = -1;
 
     nb_nics = 0;
     /* default mac address of the first network interface */
@@ -7981,7 +8329,7 @@
             break;
         r = argv[optind];
         if (r[0] != '-') {
-            hd_filename[0] = argv[optind++];
+	    hda_index = drive_add(HD_ALIAS, argv[optind++], 0);
         } else {
             const QEMUOption *popt;
 
@@ -8041,29 +8389,33 @@
                 initrd_filename = optarg;
                 break;
             case QEMU_OPTION_hda:
+                if (cyls == 0)
+                    hda_index = drive_add(HD_ALIAS, optarg, 0);
+                else
+                    hda_index = drive_add(HD_ALIAS
+			     ",cyls=%d,heads=%d,secs=%d%s",
+                             optarg, 0, cyls, heads, secs,
+                             translation == BIOS_ATA_TRANSLATION_LBA ?
+                                 ",trans=lba" :
+                             translation == BIOS_ATA_TRANSLATION_NONE ?
+                                 ",trans=none" : "");
+                 break;
             case QEMU_OPTION_hdb:
             case QEMU_OPTION_hdc:
             case QEMU_OPTION_hdd:
-                {
-                    int hd_index;
-                    hd_index = popt->index - QEMU_OPTION_hda;
-                    hd_filename[hd_index] = optarg;
-                    if (hd_index == cdrom_index)
-                        cdrom_index = -1;
-                }
+		drive_add(HD_ALIAS, optarg, popt->index - QEMU_OPTION_hda);
                 break;
+            case QEMU_OPTION_drive:
+                drive_add("%s", optarg);
+	        break;
             case QEMU_OPTION_mtdblock:
-                mtd_filename = optarg;
+	        drive_add(MTD_ALIAS, optarg);
                 break;
             case QEMU_OPTION_sd:
-                sd_filename = optarg;
+                drive_add("file=\"%s\"," SD_ALIAS, optarg);
                 break;
             case QEMU_OPTION_pflash:
-                if (pflash_index >= MAX_PFLASH) {
-                    fprintf(stderr, "qemu: too many parallel flash images\n");
-                    exit(1);
-                }
-                pflash_filename[pflash_index++] = optarg;
+	        drive_add(PFLASH_ALIAS, optarg);
                 break;
             case QEMU_OPTION_snapshot:
                 snapshot = 1;
@@ -8102,6 +8454,17 @@
                         fprintf(stderr, "qemu: invalid physical CHS format\n");
                         exit(1);
                     }
+		    if (hda_index != -1)
+		        snprintf(drives_opt[hda_index] +
+			         strlen(drives_opt[hda_index]),
+			         sizeof(drives_opt[0]) -
+				 strlen(drives_opt[hda_index]),
+		                 ",cyls=%d,heads=%d,secs=%d%s",
+			         cyls, heads, secs,
+			         translation == BIOS_ATA_TRANSLATION_LBA ?
+			     	    ",trans=lba" :
+			         translation == BIOS_ATA_TRANSLATION_NONE ?
+			             ",trans=none" : "");
                 }
                 break;
             case QEMU_OPTION_nographic:
@@ -8120,9 +8483,7 @@
                 kernel_cmdline = optarg;
                 break;
             case QEMU_OPTION_cdrom:
-                if (cdrom_index >= 0) {
-                    hd_filename[cdrom_index] = optarg;
-                }
+		drive_add("file=\"%s\"," CDROM_ALIAS, optarg);
                 break;
             case QEMU_OPTION_boot:
                 boot_devices = optarg;
@@ -8156,10 +8517,9 @@
                 }
                 break;
             case QEMU_OPTION_fda:
-                fd_filename[0] = optarg;
-                break;
             case QEMU_OPTION_fdb:
-                fd_filename[1] = optarg;
+		drive_add("file=\"%s\"," FD_ALIAS, optarg,
+		          popt->index - QEMU_OPTION_fda);
                 break;
 #ifdef TARGET_I386
             case QEMU_OPTION_no_fd_bootchk:
@@ -8554,20 +8914,12 @@
 
     /* XXX: this should not be: some embedded targets just have flash */
     if (!linux_boot && net_boot == 0 &&
-        hd_filename[0] == NULL &&
-        (cdrom_index >= 0 && hd_filename[cdrom_index] == NULL) &&
-        fd_filename[0] == NULL &&
-        pflash_filename[0] == NULL)
+        nb_drives_opt == 0)
         help(1);
 
     /* boot to floppy or the default cd if no hard disk defined yet */
     if (!boot_devices[0]) {
-        if (hd_filename[0] != NULL)
-            boot_devices = "c";
-        else if (fd_filename[0] != NULL)
-            boot_devices = "a";
-        else
-            boot_devices = "d";
+        boot_devices = "cad";
     }
     setvbuf(stdout, NULL, _IOLBF, 0);
 
@@ -8644,98 +8996,29 @@
         exit(1);
     }
 
-    /* we always create the cdrom drive, even if no disk is there */
     bdrv_init();
-    if (cdrom_index >= 0) {
-        bs_table[cdrom_index] = bdrv_new("cdrom");
-        bdrv_set_type_hint(bs_table[cdrom_index], BDRV_TYPE_CDROM);
-    }
 
-    /* open the virtual block devices */
-    for(i = 0; i < MAX_DISKS; i++) {
-        if (hd_filename[i]) {
-            if (!bs_table[i]) {
-                char buf[64];
-                snprintf(buf, sizeof(buf), "hd%c", i + 'a');
-                bs_table[i] = bdrv_new(buf);
-            }
-            if (bdrv_open(bs_table[i], hd_filename[i], snapshot ? BDRV_O_SNAPSHOT : 0) < 0) {
-                fprintf(stderr, "qemu: could not open hard disk image '%s'\n",
-                        hd_filename[i]);
-                exit(1);
-            }
-            if (i == 0 && cyls != 0) {
-                bdrv_set_geometry_hint(bs_table[i], cyls, heads, secs);
-                bdrv_set_translation_hint(bs_table[i], translation);
-            }
-        }
-    }
+    /* we always create the cdrom drive, even if no disk is there */
 
-    /* we always create at least one floppy disk */
-    fd_table[0] = bdrv_new("fda");
-    bdrv_set_type_hint(fd_table[0], BDRV_TYPE_FLOPPY);
+    if (nb_drives_opt < MAX_DRIVES)
+        drive_add(CDROM_ALIAS);
 
-    for(i = 0; i < MAX_FD; i++) {
-        if (fd_filename[i]) {
-            if (!fd_table[i]) {
-                char buf[64];
-                snprintf(buf, sizeof(buf), "fd%c", i + 'a');
-                fd_table[i] = bdrv_new(buf);
-                bdrv_set_type_hint(fd_table[i], BDRV_TYPE_FLOPPY);
-            }
-            if (fd_filename[i][0] != '\0') {
-                if (bdrv_open(fd_table[i], fd_filename[i],
-                              snapshot ? BDRV_O_SNAPSHOT : 0) < 0) {
-                    fprintf(stderr, "qemu: could not open floppy disk image '%s'\n",
-                            fd_filename[i]);
-                    exit(1);
-                }
-            }
-        }
-    }
+    /* we always create at least one floppy */
 
-    /* Open the virtual parallel flash block devices */
-    for(i = 0; i < MAX_PFLASH; i++) {
-        if (pflash_filename[i]) {
-            if (!pflash_table[i]) {
-                char buf[64];
-                snprintf(buf, sizeof(buf), "fl%c", i + 'a');
-                pflash_table[i] = bdrv_new(buf);
-            }
-            if (bdrv_open(pflash_table[i], pflash_filename[i],
-                          snapshot ? BDRV_O_SNAPSHOT : 0) < 0) {
-                fprintf(stderr, "qemu: could not open flash image '%s'\n",
-                        pflash_filename[i]);
-                exit(1);
-            }
-        }
-    }
+    if (nb_drives_opt < MAX_DRIVES)
+        drive_add(FD_ALIAS, 0);
 
-    sd_bdrv = bdrv_new ("sd");
-    /* FIXME: This isn't really a floppy, but it's a reasonable
-       approximation.  */
-    bdrv_set_type_hint(sd_bdrv, BDRV_TYPE_FLOPPY);
-    if (sd_filename) {
-        if (bdrv_open(sd_bdrv, sd_filename,
-                      snapshot ? BDRV_O_SNAPSHOT : 0) < 0) {
-            fprintf(stderr, "qemu: could not open SD card image %s\n",
-                    sd_filename);
-        } else
-            qemu_key_check(sd_bdrv, sd_filename);
-    }
+    /* we always create one sd slot, even if no card is in it */
 
-    if (mtd_filename) {
-        mtd_bdrv = bdrv_new ("mtd");
-        if (bdrv_open(mtd_bdrv, mtd_filename,
-                      snapshot ? BDRV_O_SNAPSHOT : 0) < 0 ||
-            qemu_key_check(mtd_bdrv, mtd_filename)) {
-            fprintf(stderr, "qemu: could not open Flash image %s\n",
-                    mtd_filename);
-            bdrv_delete(mtd_bdrv);
-            mtd_bdrv = 0;
-        }
-    }
+    if (nb_drives_opt < MAX_DRIVES)
+        drive_add(SD_ALIAS);
 
+    /* open the virtual block devices */
+
+    for(i = 0; i < nb_drives_opt; i++)
+        if (drive_init(drives_opt[i], snapshot, machine) == -1)
+	    exit(1);
+
     register_savevm("timer", 0, 2, timer_save, timer_load, NULL);
     register_savevm("ram", 0, 2, ram_save, ram_load, NULL);
 





More information about the commitlog mailing list