This is a large patch from Eric Valette <valette@crf.canon.fr> that was

described in the message following this paragraph.  This patch also includes
a mcp750 BSP.

From valette@crf.canon.fr Mon Jun 14 10:03:08 1999
Date: Tue, 18 May 1999 01:30:14 +0200 (CEST)
From: VALETTE Eric <valette@crf.canon.fr>
To: joel@oarcorp.com
Cc: raguet@crf.canon.fr, rtems-snapshots@oarcorp.com, valette@crf.canon.fr
Subject: Questions/Suggestion regarding RTEMS PowerPC code (long)


Dear knowledgeable RTEMS powerpc users,

As some of you may know, I'm currently finalizing a port
of RTEMS on a MCP750 Motorola board. I have done most
of it but have some questions to ask before submitting
the port.

In order to understand some of the changes I have made
or would like to make, maybe it is worth describing the
MCP750 Motorola board.

the MCP750 is a COMPACT PCI powerpc board with :

	1) a MPC750 233 MHz processor,
	2) a raven bus bridge/PCI controller that
	implement an OPENPIC compliant interrupt controller,
	3) a VIA 82C586 PCI/ISA bridge that offers a PC
	compliant IO for keyboard, serial line, IDE, and
	the well known PC 8259 cascaded PIC interrupt
	architecture model,
	4) a DEC 21140 Ethernet controller,
	5) the PPCBUG Motorola firmware in flash,
	6) A DEC PCI bridge,

This architecture is common to most Motorola 60x/7xx
board except that :
	1) on VME board, the DEC PCI bridge is replaced by
	a VME chipset,
	2) the VIA 82C586 PCI/ISA bridge is replaced by
	another bridge that is almost fully compatible
	with the via bridge...

So the port should be a rather close basis for many
60x/7xx motorola board...

On this board, I already have ported Linux 2.2.3 and
use it both as a development and target board.

Now the questions/suggestions I have :

1)  EXCEPTION CODE
-------------------

As far as I know exceptions on PPC are handled like
interrupts. I dislike this very much as :

	a) Except for the decrementer exception (and
	maybe some other on mpc8xx), exceptions are
	not recoverable and the handler just need to print
	the full context and go to the firmware or debugger...
	b) The interrupt switch is only necessary for the
	decrementer and external interrupt (at least on
	6xx,7xx).
	c) The full context for exception is never saved and
	thus cannot be used by debugger... I do understand
	the most important for interrupts low level code
	is to save the minimal context enabling	to call C
	code for performance reasons. On non recoverable
	exception on the other hand, the most important is
	to save the maximum information concerning proc status
	in order to analyze the reason of the fault. At
	least we will need this in order to implement the
	port of RGDB on PPC

==> I wrote an API for connecting raw exceptions (and thus
raw interrupts) for mpc750. It should be valid for most
powerpc processors... I hope to find a way to make this coexist
with actual code layout. The code is actually located
in lib/libcpu/powerpc/mpc750 and is thus optional
(provided I write my own version of exec/score/cpu/powerpc/cpu.c ...)

See remark about files/directory layout organization in 4)

2) Current Implementation of ISR low level code
-----------------------------------------------

I do not understand why the MSR EE flags is cleared
again in exec/score/cpu/powerpc/irq_stubs.S

#if (PPC_USE_SPRG)
	mfmsr	r5
	mfspr   r6, sprg2
#else
        lwz	r6,msr_initial(r11)
	lis     r5,~PPC_MSR_DISABLE_MASK@ha
        ori     r5,r5,~PPC_MSR_DISABLE_MASK@l
	and	r6,r6,r5
	mfmsr	r5
#endif

Reading the doc, when a decrementer interrupt or an
external interrupt is active, the MSR EE flag is already
cleared. BTW if exception/interrupt could occur, it would
trash SRR0 and SRR1. In fact the code may be useful to set
MSR[RI] that re-enables exception processing. BTW I will need
to set other value in MSR to handle interrupts :

	a) I want the MSR[IR] and MSR[DR] to be set for
	performance reasons and also because I need DBAT
	support to have access to PCI memory space as the
	interrupt controller is in the PCI space.

Reading the code, I see others have the same kind of request :

/* SCE 980217
 *
 * We need address translation ON when we call our ISR routine

	mtmsr	r5

 */

This is just another prof that even the lowest level
IRQ code is fundamentally board dependent and
not simply processor dependent especially when
the processor use external interrupt controller
because it has a single interrupt request line...

Note that if you look at the PPC code high level interrupt
handling code, as the "set_vector" routine that really connects
the interrupt is in the BSP/startup/genpvec.c,
the fact that IRQ handling is BSP specific is DE-FACTO
acknowledged.

I know I have already expressed this and understand that this
would require some heavy change in the code but believe
me you will reach a point where you will not be able
to find a compatible while optimum implementation for low level
interrupt handling code...) In my case this is already true...

So please consider removing low level IRQ handling from
exec/score/cpu/* and only let there exception handling code...
Exceptions are usually only processor dependent and do
not depend on external hardware mechanism to be masked or
acknowledged or re-enabled (there are probably exception but ...)

I have already done this for pc386 bsp but need to make it again.
This time I will even propose an API.

3) R2/R13 manipulation for EABI implementation
----------------------------------------------

I do not understand the handling of r2 and r13 in the
EABI case. The specification for r2 says pointer to sdata2,
sbss2 section => constant. However I do not see -ffixed-r2
passed to any compilation system in make/custom/*
(for info linux does this on PPC).

So either this is a default compiler option when choosing
powerpc-rtems and thus we do not need to do anything with
this register as all the code is compiled with this compiler
and linked together OR this register may be used by rtems code
and then we do not need any special initialization or
handling.

The specification for r13 says pointer to the small data
area. r13 argumentation is the same except that as far
as I know the usage of the small data area requires
specific compiler support so that access to variables is
compiled via loading the LSB in a register and then
using r13 to get full address... It is like a small
memory model and it was present in IBM C compilers.

=> I propose to suppress any specific code for r2 and
r13 in the EABI case.

4) Code layout organization (yes again :-))
-------------------------------------------

I think there are a number of design flaws in the way
the code is for ppc organized and I will try to point them out.
I have been beaten by this again on this new port, and
was beaten last year while modifying code for pc386.

a) exec/score/cpu/* vs lib/libcpu/cpu/*.

I think that too many things are put in exec/score/cpu that
have nothing to do with RTEMS internals but are rather
related to CPU feature.

This include at least :

	a) registers access routine (e.g GET_MSR_Value),
	b) interrupt masking/unmasking routines,
	c) cache_mngt_routine,
	d) mmu_mngt_routine,
	e) Routines to connect the raw_exception, raw_interrupt
	handler,

b) lib/libcpu/cpu/powerpc/*

With a processor family as exuberant as the powerpc family,
and their well known subtle differences (604 vs 750) or
unfortunately majors (8xx vs 60x)  the directory structure
is fine (except maybe the names that are not homogeneous)

	powerpc

ppc421 mpc821 ...

I only needed to add mpc750. But the fact that libcpu.a was not
produced was a pain and the fact that this organization may
duplicates code is also problematic.

So, except if the support of automake provides a better solution
I would like to propose something like this :

		powerpc

mpc421 	mpc821	...	mpc750	shared wrapup

with the following rules :

	a) "shared" would act as a source container for sources that may
	be shared among processors. Needed files would be compiled inside
	the processor specific directory using the vpath Makefile
	mechanism. "shared" may also contain compilation code
	for routine that are really shared and not worth to inline...
	(did not found many things so far as registers access routine
	ARE WORTH INLINING)... In the case something is compiled there,
	it should create libcpushared.a

	b) layout under processor specific directory is free provided
	that
		1)the result of the compilation process exports :

		libcpu/powerpc/"PROC"/*.h in $(PROJECT_INCLUDE)/libcpu

		2) each processor specific directory creates
		a library called libcpuspecific.a
	Note that this organization enables to have a file that
	is nearly the same than in shared but that must differ
	because of processor differences...

	c) "wrapup" should create libcpu.a using libcpushared.a
	libcpuspecific.a and export it $(PROJECT_INCLUDE)/libcpu

The only thing I have no ideal solution is the way to put shared
definitions in "shared" and only processor specific definition
in "proc". To give a concrete example, most MSR bit definition
are shared among PPC processors and only some differs. if we create
a single msr.h in shared it will have ifdef. If in msr.h we
include libcpu/msr_c.h we will need to have it in each prowerpc
specific directory (even empty). Opinions are welcomed ...

Note that a similar mechanism exist in libbsp/i386 that also
contains a shared directory that is used by several bsp
like pc386 and i386ex and a similar wrapup mechanism...

NB: I have done this for mpc750 and other processors could just use
similar Makefiles...

c) The exec/score/cpu/powerpc directory layout.

I think the directory layout should be the same than the
libcpu/powerpc. As it is not, there are a lot of ifdefs
inside the code... And of course low level interrupt handling
code should be removed...

Besides that I do not understand why

	1) things are compiled in the wrap directory,
	2) some includes are moved to rtems/score,

I think the "preinstall" mechanism enables to put
everything in the current directory (or better in a per processor
directory),


5) Interrupt handling API
-------------------------

Again :-). But I think that using all the features the PIC
offers is a MUST for RT system. I already explained in the
prologue of this (long and probably boring) mail that the MCP750
boards offers an OPENPIC compliant architecture and that
the VIA 82586 PCI/ISA bridge offers a PC compatible IO and
PIC mapping. Here is a logical view of the RAVEN/VIA 82586
interrupt mapping :


---------    0  ------
| OPEN	| <-----|8259|
| PIC	|	|    |    2  ------
|(RAVEN)|	|    | <-----|8259|
|	|	|    |	     |    |   11
|	|	|    |	     |    | <----
|	|	|    |	     |    |
|	|	|    |	     |    |
---------       ------	     |    |
    ^			     ------
    |		VIA PCI/ISA bridge
    |  x
    -------- PCI interrupts

OPENPIC offers interrupt priorities among PCI interrupts
and interrupt selective masking. The 8259 offers the same kind
of feature. With actual powerpc interrupt code :

	1) there is no way to specify priorities among
	interrupts handler. This is REALLY a bad thing.
	For me it is as importnat as having priorities
	for threads...
	2) for my implementation, each ISR should
	contain the code that acknowledge the RAVEN
	and 8259 cascade, modify interrupt mask on both
	chips, and reenable interrupt at processor level,
	..., restore then on interrupt return,.... This code
	is actually similar to code located in some
	genpvec.c powerpc files,
	3) I must update _ISR_Nesting_level because
	irq.inl use it...
	4) the libchip code connects the ISR via set_vector
	but the libchip handler code does not contain any code to
	manipulate external interrupt controller hardware
	in order to acknoledge the interrupt or re-enable
	them (except for the target hardware of course)
	So this code is broken unless set_vector adds an
	additionnal prologue/epilogue before calling/returning
	from in order to acknoledge/mask the raven and the
	8259 PICS... => Anyway already EACH BSP MUST REWRITE
	PART OF INTERRUPT HANDLING CODE TO CORRECTLY IMPLEMENT
	SET_VECTOR.

I would rather offer an API similar to the one provided
in libbsp/i386/shared/irq/irq.h so that :

	1) Once the driver supplied methods is called the
	only things the ISR has to do is to worry about the
	external hardware that triggered the interrupt.
	Everything on openpic/VIA/processor would have been
	done by the low levels (same things as set-vector)
	2) The caller will need to supply the on/off/isOn
	routine that are fundamental to correctly implements
	debuggers/performance monitoring is a portable way
	3) A globally configurable interrupt priorities
	mechanism...

I have nothing against providing a compatible
set_vector just to make libchip happy but
as I have already explained in  other
mails (months ago), I really think that the ISR
connection should be handled by the BSP and that no
code containing irq connection should exist the
rtems generic layers... Thus I really dislike
libchip on this aspect because in a long term
it will force to adopt the less reach API
for interrupt handling that exists (set_vector).

Additional note : I think the _ISR_Is_in_progress()
inline routine should be :

	1) Put in a processor specific section,
	2) Should not rely on a global variable,

As :
	a) on symmetric MP, there is one interrupt level
	per CPU,
	b) On processor that have an ISP (e,g 68040),
	this variable is useless (MSR bit testing could
	be used)
	c) On PPC, instead of using the address of the
	variable via __CPU_IRQ_info.Nest_level a dedicated
	SPR could be used.

NOTE:	most of this is also true for _Thread_Dispatch_disable_level


END NOTE
--------

Please do not take what I said in the mail as a criticism for
anyone who submitted ppc code. Any code present helped me
a lot understanding PPC behavior. I just wanted by this
mail to :
	1) try to better understand the actual code,
	2) propose concrete ways of enhancing current code
	by providing an alternative implementation for MCP750. I
	will make my best effort to try to brake nothing but this
	is actually hard due to the file layout organisation.
	3) make understandable some changes I will probably make
	if joel let me do them :-)

Any comments/objections are welcomed as usual.



--
   __
  /  `                   	Eric Valette
 /--   __  o _.          	Canon CRF
(___, / (_(_(__         	Rue de la touche lambert
				35517 Cesson-Sevigne  Cedex
				FRANCE
Tel: +33 (0)2 99 87 68 91	Fax: +33 (0)2 99 84 11 30
E-mail: valette@crf.canon.fr

1 files changed, 563 insertions, 0 deletions

diff --git a/c/src/lib/libbsp/powerpc/mcp750/bootloader/em86.c b/c/src/lib/libbsp/powerpc/mcp750/bootloader/em86.c
new file mode 100644
index 0000000000..9b0f34db24
--- /dev/null
+++ b/c/src/lib/libbsp/powerpc/mcp750/bootloader/em86.c
@@ -0,0 +1,563 @@
+/*****************************************************************************
+* 
+* Code to interpret Video BIOS ROM routines.
+*
+*
+******************************************************************************/
+
+/* These include are for the development version only */
+#include <sys/types.h>
+#include "pci.h"
+#include <libcpu/byteorder.h>
+#ifdef __BOOT__
+#include "bootldr.h"
+#include <limits.h>
+#endif
+
+/* Code options,  put them on the compiler command line */	
+/* #define EIP_STATS */	/* EIP based profiling */
+/* #undef EIP_STATS */
+
+typedef union _reg_type1 {
+ 	unsigned e;
+  	unsigned short x;
+  	struct {
+		unsigned char l, h;
+	} lh;
+} reg_type1;
+
+typedef union _reg_type2 {
+ 	unsigned e;
+  	unsigned short x;
+} reg_type2;
+
+typedef struct _x86 {
+	reg_type1
+	  _eax, _ecx, _edx, _ebx;
+	reg_type2
+	  _esp, _ebp, _esi, _edi;
+  	unsigned
+	  es, cs, ss, ds, fs, gs, eip, eflags;
+	unsigned char
+	  *esbase, *csbase, *ssbase, *dsbase, *fsbase, *gsbase;
+	volatile unsigned char *iobase;
+	unsigned char *ioperm;
+	unsigned 
+	  reason, nexteip, parm1, parm2, opcode, base;
+	unsigned *optable, opreg; /* no more used! */
+	unsigned char* vbase; 
+	unsigned instructions;
+#ifdef __BOOT__
+	u_char * ram;
+	u_char * rom;
+	struct pci_dev * dev;
+#else
+        unsigned filler[14]; /* Skip to  next 64 byte boundary */
+        unsigned eipstats[32768][2];
+#endif
+} x86;
+
+x86 v86_private __attribute__((aligned(32)));
+
+
+/* Emulator is in another source file */
+extern 
+void em86_enter(x86 * p);
+
+#define EAX (p->_eax.e)
+#define ECX (p->_ecx.e)
+#define EDX (p->_edx.e)
+#define EBX (p->_ebx.e)
+#define ESP (p->_esp.e)
+#define EBP (p->_ebp.e)
+#define ESI (p->_esi.e)
+#define EDI (p->_edi.e)
+#define AX (p->_eax.x)
+#define CX (p->_ecx.x)
+#define DX (p->_edx.x)
+#define BX (p->_ebx.x)
+#define SP (p->_esp.x)
+#define BP (p->_ebp.x)
+#define SI (p->_esi.x)
+#define DI (p->_edi.x)
+#define AL (p->_eax.lh.l)
+#define CL (p->_ecx.lh.l)
+#define DL (p->_edx.lh.l)
+#define BL (p->_ebx.lh.l)
+#define AH (p->_eax.lh.h)
+#define CH (p->_ecx.lh.h)
+#define DH (p->_edx.lh.h)
+#define BH (p->_ebx.lh.h)
+
+/* Function used to debug */
+#ifdef __BOOT__
+#define printf printk
+#endif
+#ifdef DEBUG
+static void dump86(x86 * p){
+	unsigned char *s = p->csbase + p->eip;
+	printf("cs:eip=%04x:%08x, eax=%08x, ecx=%08x, edx=%08x, ebx=%08x\n",
+	       p->cs, p->eip, ld_le32(&EAX), 
+	       ld_le32(&ECX), ld_le32(&EDX), ld_le32(&EBX));
+	printf("ss:esp=%04x:%08x, ebp=%08x, esi=%08x, edi=%08x, efl=%08x\n",
+	       p->ss, ld_le32(&ESP), ld_le32(&EBP), 
+	       ld_le32(&ESI), ld_le32(&EDI), p->eflags);
+	printf("nip=%08x, ds=%04x, es=%04x, fs=%04x, gs=%04x, total=%d\n",
+	       p->nexteip, p->ds, p->es, p->fs, p->gs, p->instructions);
+	printf("code: %02x %02x %02x %02x %02x %02x " 
+	       "%02x %02x %02x %02x %02x %02x\n",
+	       s[0], s[1], s[2], s[3], s[4], s[5], 
+	       s[6], s[7], s[8], s[9], s[10], s[11]);
+#ifndef __BOOT__
+	printf("op1=%08x, op2=%08x, result=%08x, flags=%08x\n", 
+	       p->filler[11], p->filler[12], p->filler[13], p->filler[14]);
+#endif
+}
+#else
+#define dump86(x)
+#endif
+
+int bios86pci(x86 * p) {
+	unsigned reg=ld_le16(&DI);
+	reg_type2 tmp;
+	
+	if (AL>=8 && AL<=13 && reg>0xff) {
+	  	AH = PCIBIOS_BAD_REGISTER_NUMBER;
+	} else { 
+		switch(AL) {
+		case 2:	/* find_device */
+		  /* Should be improved for BIOS able to handle
+		   * multiple devices. We simply suppose the BIOS
+		   * inits a single device, and return an error
+		   * if it tries to find more...
+		   */
+		  if (SI) {
+		  	AH=PCIBIOS_DEVICE_NOT_FOUND;
+		  } else {
+		  	BH = p->dev->bus->number;
+			BL = p->dev->devfn;
+			AH = 0;
+		  }
+		  break;
+		/*
+		case 3: find_class not implemented for now.
+		*/
+		case 8:	      /* read_config_byte */
+		  AH=pcibios_read_config_byte(BH, BL, reg, &CL);
+		  break;
+		case 9:       /* read_config_word */
+		  AH=pcibios_read_config_word(BH, BL, reg, &tmp.x);
+		  CX=ld_le16(&tmp.x);
+		  break;
+		case 10:      /* read_config_dword */
+		  AH=pcibios_read_config_dword(BH, BL, reg, &tmp.e);
+		  ECX=ld_le32(&tmp.e);
+		  break;
+		case 11:      /* write_config_byte */
+		  AH=pcibios_write_config_byte(BH, BL, reg, CL);
+		  break;
+		case 12:      /* write_config_word */
+		  AH=pcibios_write_config_word(BH, BL, reg, ld_le16(&CX));
+		  break;
+		case 13:      /* write_config_dword */
+		  AH=pcibios_write_config_dword(BH, BL, reg, ld_le32(&ECX));
+		  break;
+		default:
+		  printf("Unimplemented or illegal PCI service call #%d!\n",
+			 AL);
+		  return 1;
+		}
+	}
+	p->eip = p->nexteip;
+	/* Set/clear carry according to result */
+	if (AH) p->eflags |= 1; else p->eflags &=~1;
+	return 0;
+}
+
+void push2(x86 *p, unsigned value) {
+  	unsigned char * sbase= p->ssbase;
+	unsigned newsp = (ld_le16(&SP)-2)&0xffff;
+	st_le16(&SP,newsp);
+	st_le16((unsigned short *)(sbase+newsp), value);
+}
+
+unsigned pop2(x86 *p) {
+  	unsigned char * sbase=p->ssbase;
+	unsigned oldsp = ld_le16(&SP);
+	st_le16(&SP,oldsp+2);
+	return ld_le16((unsigned short *)(sbase+oldsp));
+}
+
+int int10h(x86 * p) { /* Process BIOS video interrupt */
+  	unsigned vector;
+	vector=ld_le32((unsigned *)p->vbase+0x10);
+	if (((vector&0xffff0000)>>16)==0xc000) {
+		push2(p, p->eflags);
+		push2(p, p->cs);
+		push2(p, p->nexteip);
+		p->cs=vector>>16;
+		p->csbase=p->vbase + (p->cs<<4);
+		p->eip=vector&0xffff;
+#if 1
+		p->eflags&=0xfcff;  /* Clear AC/TF/IF */
+#else
+		p->eflags = (p->eflags&0xfcff)|0x100;  /* Set TF for debugging */
+#endif
+		/* p->eflags|=0x100; uncomment to force a trap */ 
+		return(0);
+	} else {
+	  	switch(AH) {
+		case 0x12:
+		  switch(BL){
+		  case 0x32: 
+		    p->eip=p->nexteip;
+		    return(0);
+		    break;
+		  default:
+		    break;
+		  }
+		default:
+		  break;
+		}
+		printf("unhandled soft interrupt 0x10: vector=%x\n", vector); 
+		return(1);
+	}
+}
+
+int process_softint(x86 * p) {
+#if 0
+  	if (p->parm1!=0x10 || AH!=0x0e) {
+		printf("Soft interrupt\n");
+		dump86(p);
+	}
+#endif
+	switch(p->parm1) {
+	case 0x10: /* BIOS video interrupt */
+	  return int10h(p);
+	case 0x1a:
+	  if(AH==0xb1) return bios86pci(p);
+	  break;
+	default:
+	  break;
+	}
+	dump86(p);
+	printf("Unhandled soft interrupt number 0x%04x, AX=0x%04x\n",
+	     p->parm1, ld_le16(&AX)); 
+	return(1);
+}
+
+/* The only function called back by the emulator is em86_trap, all 
+   instructions may that change the code segment are trapped here.
+   p->reason is one of the following codes.  */
+#define code_zerdiv	0
+#define code_trap	1
+#define code_int3	3
+#define code_into	4
+#define code_bound	5
+#define code_ud		6
+#define code_dna	7
+	
+#define code_iretw	256
+#define code_iretl	257
+#define code_lcallw	258
+#define code_lcalll	259
+#define code_ljmpw	260
+#define code_ljmpl	261
+#define code_lretw	262
+#define code_lretl	263
+#define code_softint	264
+#define code_lock	265	/* Lock prefix */
+/* Codes 1024 to 2047 are used for I/O port access instructions:
+ - The three LSB define the port size (1, 2 or 4)
+ - bit of weight 512 means out if set, in if clear
+ - bit of weight 256 means ins/outs if set, in/out if clear
+ - bit of weight 128 means use esi/edi if set, si/di if clear 
+   (only used for ins/outs instructions, always clear for in/out) 	
+ */
+#define code_inb	1024+1
+#define code_inw	1024+2
+#define code_inl	1024+4
+#define code_outb	1024+512+1
+#define code_outw	1024+512+2
+#define code_outl	1024+512+4
+#define code_insb_a16	1024+256+1
+#define code_insw_a16	1024+256+2
+#define code_insl_a16	1024+256+4
+#define code_outsb_a16	1024+512+256+1
+#define code_outsw_a16	1024+512+256+2
+#define code_outsl_a16	1024+512+256+4
+#define code_insb_a32	1024+256+128+1
+#define code_insw_a32	1024+256+128+2
+#define code_insl_a32	1024+256+128+4
+#define code_outsb_a32	1024+512+256+128+1
+#define code_outsw_a32	1024+512+256+128+2
+#define code_outsl_a32	1024+512+256+128+4
+
+int em86_trap(x86 *p) {
+#ifndef __BOOT__
+	  int i;
+	  unsigned char command[80];
+	  unsigned char *verb, *t;
+	  unsigned short *fp;
+	  static unsigned char def=0;
+	  static unsigned char * bptaddr=NULL;  /* Breakpoint address */
+	  static unsigned char bptopc; /* Replaced breakpoint opcode */
+	  unsigned char cmd;
+	  unsigned tmp;
+#endif
+	  switch(p->reason) {
+	  case code_int3:
+#ifndef __BOOT__
+	    if(p->csbase+p->eip == bptaddr) { 
+	      *bptaddr=bptopc;
+	      bptaddr=NULL;
+	    }
+	    else printf("Unexpected ");
+#endif
+	    printf("Breakpoint Interrupt !\n");
+	    /* Note that this fallthrough (no break;) is on purpose */
+#ifdef __BOOT__
+	    return 0;
+#else
+	  case code_trap:
+	    dump86(p);
+	    for(;;) {
+	      	printf("b(reakpoint, g(o, q(uit, s(tack, t(race ? [%c] ", def);
+		fgets(command,sizeof(command),stdin);
+		verb = strtok(command," 	\n");
+		if(verb) cmd=*verb; else cmd=def;
+		def=0;
+		switch(cmd) {
+		case 'b':
+		case 'B':
+		  if(bptaddr) *bptaddr=bptopc;
+		  t=strtok(0," 	\n");
+		  i=sscanf(t,"%x",&tmp);
+		  if(i==1) { 
+		    bptaddr=p->vbase + tmp; 
+		    bptopc=*bptaddr;
+		    *bptaddr=0xcc;
+		  } else bptaddr=NULL;
+		  break;
+		case 'q':
+		case 'Q':
+		  return 1;
+		  break;
+		  
+		case 'g':
+		case 'G':
+		  p->eflags &= ~0x100;
+		  return 0;
+		  break;
+		  
+		case 's':
+		case 'S': /* Print the 8 stack top words */
+		  fp = (unsigned short *)(p->ssbase+ld_le16(&SP));
+		  printf("Stack [%04x:%04x]: %04x %04x %04x %04x %04x %04x %04x %04x\n",
+			 p->ss, ld_le16(&SP),
+			 ld_le16(fp+0), ld_le16(fp+1), ld_le16(fp+2), ld_le16(fp+3),
+			 ld_le16(fp+4), ld_le16(fp+5), ld_le16(fp+6), ld_le16(fp+7));
+		  break;
+		case 't':
+		case 'T':
+		  p->eflags |= 0x10100;  /* Set the resume and trap flags */
+		  def='t';
+		  return 0;
+		  break;
+		  /* Should add some code to edit registers */
+		}
+	    }
+#endif
+	    break;
+	  case code_ud:
+	    printf("Attempt to execute an unimplemented"
+		   "or undefined opcode!\n"); 
+	    dump86(p);
+	    return(1); /* exit interpreter */
+	    break;
+	  case code_dna:
+	    printf("Attempt to execute a floating point instruction!\n");
+	    dump86(p);
+	    return(1);
+	    break;
+	  case code_softint:
+	    return process_softint(p);
+	    break;
+	  case code_iretw:
+	    p->eip=pop2(p);
+	    p->cs=pop2(p);
+	    p->csbase=p->vbase + (p->cs<<4);
+	    p->eflags= (p->eflags&0xfffe0000)|pop2(p);
+	    /* p->eflags|= 0x100; */ /* Uncomment to trap after iretws */
+	    return(0);
+	    break;
+#ifndef __BOOT__
+	  case code_inb:
+	  case code_inw:
+	  case code_inl:
+	  case code_insb_a16:
+	  case code_insw_a16:
+	  case code_insl_a16:
+	  case code_insb_a32:
+	  case code_insw_a32:
+	  case code_insl_a32:
+	  case code_outb:
+	  case code_outw:
+	  case code_outl:
+	  case code_outsb_a16:
+	  case code_outsw_a16:
+	  case code_outsl_a16:
+	  case code_outsb_a32:
+	  case code_outsw_a32:
+	  case code_outsl_a32:
+	    /* For now we simply enable I/O to the ports and continue */
+	    for(i=p->parm1; i<p->parm1+(p->reason&7); i++) {
+	      p->ioperm[i/8] &= ~(1<<i%8);
+	    }
+	    printf("Access to ports %04x-%04x enabled.\n", 
+		   p->parm1, p->parm1+(p->reason&7)-1);
+	    return(0);
+#endif
+	  case code_lretw:
+	    /* Check for the exit eyecatcher */
+	    if ( *(u_int *)(p->ssbase+ld_le16(&SP)) == UINT_MAX) return 1;
+	    /* No break on purpose */
+	  default:
+	    dump86(p);
+	    printf("em86_trap called with unhandled reason code !\n");
+	    return(1);
+
+	  }
+}
+
+void cleanup_v86_mess(void) {
+	x86 *p = (x86 *) bd->v86_private;
+	
+	/* This automatically removes the mappings ! */
+	vfree(p->vbase);
+	p->vbase = 0;
+	pfree(p->ram);
+	p->ram = 0;
+	sfree(p->ioperm);
+	p->ioperm=0;
+}
+     
+
+int init_v86(void) {
+	x86 *p = (x86 *) bd->v86_private;
+	
+	/* p->vbase is non null when the v86 is properly set-up */
+	if (p->vbase) return 0;
+
+	/* Set everything to 0 */
+	memset(p, 0, sizeof(*p));
+	p->ioperm = salloc(65536/8+1);
+	p->ram = palloc(0xa0000);
+	p->iobase = ptr_mem_map->io_base;
+
+	if (!p->ram || !p->ioperm) return 1;
+
+	/* The ioperm array must have an additional byte at the end ! */
+	p->ioperm[65536/8] = 0xff;
+
+	p->vbase = valloc(0x110000);
+	if (!p->vbase) return 1;
+
+	/* These calls should never fail. */
+	vmap(p->vbase, (u_long)p->ram|PTE_RAM, 0xa0000);
+	vmap(p->vbase+0x100000, (u_long)p->ram|PTE_RAM, 0x10000);
+	vmap(p->vbase+0xa0000, 
+	     ((u_long)ptr_mem_map->isa_mem_base+0xa0000)|PTE_IO, 0x20000);
+	return 0;
+}
+
+void em86_main(struct pci_dev *dev){
+	x86 *p = (x86 *) bd->v86_private;
+	u_short signature;
+	u_char length;
+	volatile u_int *src;
+	u_int *dst, left, saved_rom;
+#if defined(MONITOR_IO) && !defined(__BOOT__)
+#define IOMASK 0xff
+#else
+#define IOMASK 0
+#endif
+
+	
+#ifndef __BOOT__
+	int i;
+	/* Allow or disable access to all ports */
+	for(i=0; i<65536/8; i++) p->ioperm[i]=IOMASK;
+	p->ioperm[i] = 0xff; /* Last unused byte must have this value */
+#endif
+	p->dev = dev;
+	memset(p->vbase, 0, 0xa0000);
+	/* Set up a few registers */
+	p->cs = 0xc000; p->csbase = p->vbase + 0xc0000;
+	p->ss = 0x1000; p->ssbase = p->vbase + 0x10000;
+	p->eflags=0x200;
+	st_le16(&SP,0xfffc); p->eip=3;
+
+	p->dsbase = p->esbase = p->fsbase = p->gsbase = p->vbase;
+
+	/* Follow the PCI BIOS specification */
+	AH=dev->bus->number;
+	AL=dev->devfn;
+
+	/* All other registers are irrelevant except ES:DI which 
+	 * should point to a PnP installation check block. This
+	 * is not yet implemented due to lack of references. */
+
+	/* Store a return address of 0xffff:0xffff as eyecatcher */
+	*(u_int *)(p->ssbase+ld_le16(&SP)) = UINT_MAX;
+	
+	/* Interrupt for BIOS EGA services is 0xf000:0xf065 (int 0x10) */
+	st_le32((u_int *)p->vbase + 0x10, 0xf000f065);
+	
+	/* Enable the ROM, read it and disable it immediately */
+	pci_read_config_dword(dev, PCI_ROM_ADDRESS, &saved_rom);
+	pci_write_config_dword(dev, PCI_ROM_ADDRESS, 0x000c0001);
+
+	/* Check that there is an Intel ROM. Should we also check that 
+	 * the first instruction is a jump (0xe9 or 0xeb) ?
+	 */
+	signature = *(u_short *)(ptr_mem_map->isa_mem_base+0xc0000);
+	if (signature!=0x55aa) {
+	  	printf("bad signature: %04x.\n", signature);
+		return;
+	}
+	/* Allocate memory and copy the video rom to vbase+0xc0000; */
+	length = ptr_mem_map->isa_mem_base[0xc0002];
+	p->rom = palloc(length*512);
+	if (!p->rom) return;
+
+
+	for(dst=(u_int *) p->rom, 
+	    src=(volatile u_int *)(ptr_mem_map->isa_mem_base+0xc0000),
+	    left = length*512/sizeof(u_int); 
+	    left--; 
+	    *dst++=*src++);
+	
+	/* Disable the ROM and map the copy in virtual address space, note 
+	 * that the ROM has to be mapped as RAM since some BIOSes (at least
+	 * Cirrus) perform write accesses to their own ROM. The reason seems
+	 * to be that they check that they must execute from shadow RAM
+	 * because accessing the ROM prevents accessing the video RAM       
+	 * according to comments in linux/arch/alpha/kernel/bios32.c.
+	 */
+	
+	pci_write_config_dword(dev, PCI_ROM_ADDRESS, saved_rom);
+	vmap(p->vbase+0xc0000, (u_long)p->rom|PTE_RAM, length*512);
+
+	/* Now actually emulate the ROM init routine */
+	em86_enter(p);
+	
+	/* Free the acquired resources */
+	vunmap(p->vbase+0xc0000);
+	pfree(p->rom);
+}
+
+
+
+
+