2 * QEMU Malta board support
4 * Copyright (c) 2006 Aurelien Jarno
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
25 #include "qemu/osdep.h"
26 #include "qemu-common.h"
29 #include "hw/i386/pc.h"
30 #include "hw/char/serial.h"
31 #include "hw/block/fdc.h"
33 #include "hw/boards.h"
34 #include "hw/i2c/smbus.h"
35 #include "sysemu/block-backend.h"
36 #include "hw/block/flash.h"
37 #include "hw/mips/mips.h"
38 #include "hw/mips/cpudevs.h"
39 #include "hw/pci/pci.h"
40 #include "sysemu/char.h"
41 #include "sysemu/sysemu.h"
42 #include "sysemu/arch_init.h"
44 #include "hw/mips/bios.h"
46 #include "hw/loader.h"
48 #include "hw/timer/mc146818rtc.h"
49 #include "hw/timer/i8254.h"
50 #include "sysemu/block-backend.h"
51 #include "sysemu/blockdev.h"
52 #include "exec/address-spaces.h"
53 #include "hw/sysbus.h" /* SysBusDevice */
54 #include "qemu/host-utils.h"
55 #include "sysemu/qtest.h"
56 #include "qemu/error-report.h"
57 #include "hw/empty_slot.h"
58 #include "sysemu/kvm.h"
59 #include "exec/semihost.h"
60 #include "hw/mips/cps.h"
62 //#define DEBUG_BOARD_INIT
64 #define ENVP_ADDR 0x80002000l
65 #define ENVP_NB_ENTRIES 16
66 #define ENVP_ENTRY_SIZE 256
68 /* Hardware addresses */
69 #define FLASH_ADDRESS 0x1e000000ULL
70 #define FPGA_ADDRESS 0x1f000000ULL
71 #define RESET_ADDRESS 0x1fc00000ULL
73 #define FLASH_SIZE 0x400000
79 MemoryRegion iomem_lo; /* 0 - 0x900 */
80 MemoryRegion iomem_hi; /* 0xa00 - 0x100000 */
88 CharDriverState *display;
93 #define TYPE_MIPS_MALTA "mips-malta"
94 #define MIPS_MALTA(obj) OBJECT_CHECK(MaltaState, (obj), TYPE_MIPS_MALTA)
97 SysBusDevice parent_obj;
103 static ISADevice *pit;
105 static struct _loaderparams {
106 int ram_size, ram_low_size;
107 const char *kernel_filename;
108 const char *kernel_cmdline;
109 const char *initrd_filename;
113 static void malta_fpga_update_display(void *opaque)
117 MaltaFPGAState *s = opaque;
119 for (i = 7 ; i >= 0 ; i--) {
120 if (s->leds & (1 << i))
127 qemu_chr_fe_printf(s->display, "\e[H\n\n|\e[32m%-8.8s\e[00m|\r\n", leds_text);
128 qemu_chr_fe_printf(s->display, "\n\n\n\n|\e[31m%-8.8s\e[00m|", s->display_text);
132 * EEPROM 24C01 / 24C02 emulation.
134 * Emulation for serial EEPROMs:
135 * 24C01 - 1024 bit (128 x 8)
136 * 24C02 - 2048 bit (256 x 8)
138 * Typical device names include Microchip 24C02SC or SGS Thomson ST24C02.
144 # define logout(fmt, ...) fprintf(stderr, "MALTA\t%-24s" fmt, __func__, ## __VA_ARGS__)
146 # define logout(fmt, ...) ((void)0)
149 struct _eeprom24c0x_t {
158 uint8_t contents[256];
161 typedef struct _eeprom24c0x_t eeprom24c0x_t;
163 static eeprom24c0x_t spd_eeprom = {
165 /* 00000000: */ 0x80,0x08,0xFF,0x0D,0x0A,0xFF,0x40,0x00,
166 /* 00000008: */ 0x01,0x75,0x54,0x00,0x82,0x08,0x00,0x01,
167 /* 00000010: */ 0x8F,0x04,0x02,0x01,0x01,0x00,0x00,0x00,
168 /* 00000018: */ 0x00,0x00,0x00,0x14,0x0F,0x14,0x2D,0xFF,
169 /* 00000020: */ 0x15,0x08,0x15,0x08,0x00,0x00,0x00,0x00,
170 /* 00000028: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
171 /* 00000030: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
172 /* 00000038: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x12,0xD0,
173 /* 00000040: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
174 /* 00000048: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
175 /* 00000050: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
176 /* 00000058: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
177 /* 00000060: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
178 /* 00000068: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
179 /* 00000070: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
180 /* 00000078: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x64,0xF4,
184 static void generate_eeprom_spd(uint8_t *eeprom, ram_addr_t ram_size)
186 enum { SDR = 0x4, DDR2 = 0x8 } type;
187 uint8_t *spd = spd_eeprom.contents;
189 uint16_t density = 0;
192 /* work in terms of MB */
195 while ((ram_size >= 4) && (nbanks <= 2)) {
196 int sz_log2 = MIN(31 - clz32(ram_size), 14);
198 density |= 1 << (sz_log2 - 2);
199 ram_size -= 1 << sz_log2;
202 /* split to 2 banks if possible */
203 if ((nbanks == 1) && (density > 1)) {
208 if (density & 0xff00) {
209 density = (density & 0xe0) | ((density >> 8) & 0x1f);
211 } else if (!(density & 0x1f)) {
218 fprintf(stderr, "Warning: SPD cannot represent final %dMB"
219 " of SDRAM\n", (int)ram_size);
222 /* fill in SPD memory information */
229 for (i = 0; i < 63; i++) {
234 memcpy(eeprom, spd, sizeof(spd_eeprom.contents));
237 static void generate_eeprom_serial(uint8_t *eeprom)
240 uint8_t mac[6] = { 0x00 };
241 uint8_t sn[5] = { 0x01, 0x23, 0x45, 0x67, 0x89 };
244 eeprom[pos++] = 0x01;
247 eeprom[pos++] = 0x02;
250 eeprom[pos++] = 0x01; /* MAC */
251 eeprom[pos++] = 0x06; /* length */
252 memcpy(&eeprom[pos], mac, sizeof(mac));
256 eeprom[pos++] = 0x02; /* serial */
257 eeprom[pos++] = 0x05; /* length */
258 memcpy(&eeprom[pos], sn, sizeof(sn));
263 for (i = 0; i < pos; i++) {
264 eeprom[pos] += eeprom[i];
268 static uint8_t eeprom24c0x_read(eeprom24c0x_t *eeprom)
270 logout("%u: scl = %u, sda = %u, data = 0x%02x\n",
271 eeprom->tick, eeprom->scl, eeprom->sda, eeprom->data);
275 static void eeprom24c0x_write(eeprom24c0x_t *eeprom, int scl, int sda)
277 if (eeprom->scl && scl && (eeprom->sda != sda)) {
278 logout("%u: scl = %u->%u, sda = %u->%u i2c %s\n",
279 eeprom->tick, eeprom->scl, scl, eeprom->sda, sda,
280 sda ? "stop" : "start");
285 } else if (eeprom->tick == 0 && !eeprom->ack) {
286 /* Waiting for start. */
287 logout("%u: scl = %u->%u, sda = %u->%u wait for i2c start\n",
288 eeprom->tick, eeprom->scl, scl, eeprom->sda, sda);
289 } else if (!eeprom->scl && scl) {
290 logout("%u: scl = %u->%u, sda = %u->%u trigger bit\n",
291 eeprom->tick, eeprom->scl, scl, eeprom->sda, sda);
293 logout("\ti2c ack bit = 0\n");
296 } else if (eeprom->sda == sda) {
297 uint8_t bit = (sda != 0);
298 logout("\ti2c bit = %d\n", bit);
299 if (eeprom->tick < 9) {
300 eeprom->command <<= 1;
301 eeprom->command += bit;
303 if (eeprom->tick == 9) {
304 logout("\tcommand 0x%04x, %s\n", eeprom->command,
305 bit ? "read" : "write");
308 } else if (eeprom->tick < 17) {
309 if (eeprom->command & 1) {
310 sda = ((eeprom->data & 0x80) != 0);
312 eeprom->address <<= 1;
313 eeprom->address += bit;
316 if (eeprom->tick == 17) {
317 eeprom->data = eeprom->contents[eeprom->address];
318 logout("\taddress 0x%04x, data 0x%02x\n",
319 eeprom->address, eeprom->data);
323 } else if (eeprom->tick >= 17) {
327 logout("\tsda changed with raising scl\n");
330 logout("%u: scl = %u->%u, sda = %u->%u\n", eeprom->tick, eeprom->scl,
331 scl, eeprom->sda, sda);
337 static uint64_t malta_fpga_read(void *opaque, hwaddr addr,
340 MaltaFPGAState *s = opaque;
344 saddr = (addr & 0xfffff);
348 /* SWITCH Register */
350 val = 0x00000000; /* All switches closed */
353 /* STATUS Register */
355 #ifdef TARGET_WORDS_BIGENDIAN
367 /* LEDBAR Register */
372 /* BRKRES Register */
377 /* UART Registers are handled directly by the serial device */
384 /* XXX: implement a real I2C controller */
388 /* IN = OUT until a real I2C control is implemented */
395 /* I2CINP Register */
397 val = ((s->i2cin & ~1) | eeprom24c0x_read(&spd_eeprom));
405 /* I2COUT Register */
410 /* I2CSEL Register */
417 printf ("malta_fpga_read: Bad register offset 0x" TARGET_FMT_lx "\n",
425 static void malta_fpga_write(void *opaque, hwaddr addr,
426 uint64_t val, unsigned size)
428 MaltaFPGAState *s = opaque;
431 saddr = (addr & 0xfffff);
435 /* SWITCH Register */
443 /* LEDBAR Register */
445 s->leds = val & 0xff;
446 malta_fpga_update_display(s);
449 /* ASCIIWORD Register */
451 snprintf(s->display_text, 9, "%08X", (uint32_t)val);
452 malta_fpga_update_display(s);
455 /* ASCIIPOS0 to ASCIIPOS7 Registers */
464 s->display_text[(saddr - 0x00418) >> 3] = (char) val;
465 malta_fpga_update_display(s);
468 /* SOFTRES Register */
471 qemu_system_reset_request ();
474 /* BRKRES Register */
479 /* UART Registers are handled directly by the serial device */
483 s->gpout = val & 0xff;
488 s->i2coe = val & 0x03;
491 /* I2COUT Register */
493 eeprom24c0x_write(&spd_eeprom, val & 0x02, val & 0x01);
497 /* I2CSEL Register */
499 s->i2csel = val & 0x01;
504 printf ("malta_fpga_write: Bad register offset 0x" TARGET_FMT_lx "\n",
511 static const MemoryRegionOps malta_fpga_ops = {
512 .read = malta_fpga_read,
513 .write = malta_fpga_write,
514 .endianness = DEVICE_NATIVE_ENDIAN,
517 static void malta_fpga_reset(void *opaque)
519 MaltaFPGAState *s = opaque;
529 s->display_text[8] = '\0';
530 snprintf(s->display_text, 9, " ");
533 static void malta_fpga_led_init(CharDriverState *chr)
535 qemu_chr_fe_printf(chr, "\e[HMalta LEDBAR\r\n");
536 qemu_chr_fe_printf(chr, "+--------+\r\n");
537 qemu_chr_fe_printf(chr, "+ +\r\n");
538 qemu_chr_fe_printf(chr, "+--------+\r\n");
539 qemu_chr_fe_printf(chr, "\n");
540 qemu_chr_fe_printf(chr, "Malta ASCII\r\n");
541 qemu_chr_fe_printf(chr, "+--------+\r\n");
542 qemu_chr_fe_printf(chr, "+ +\r\n");
543 qemu_chr_fe_printf(chr, "+--------+\r\n");
546 static MaltaFPGAState *malta_fpga_init(MemoryRegion *address_space,
547 hwaddr base, qemu_irq uart_irq, CharDriverState *uart_chr)
551 s = (MaltaFPGAState *)g_malloc0(sizeof(MaltaFPGAState));
553 memory_region_init_io(&s->iomem, NULL, &malta_fpga_ops, s,
554 "malta-fpga", 0x100000);
555 memory_region_init_alias(&s->iomem_lo, NULL, "malta-fpga",
556 &s->iomem, 0, 0x900);
557 memory_region_init_alias(&s->iomem_hi, NULL, "malta-fpga",
558 &s->iomem, 0xa00, 0x10000-0xa00);
560 memory_region_add_subregion(address_space, base, &s->iomem_lo);
561 memory_region_add_subregion(address_space, base + 0xa00, &s->iomem_hi);
563 s->display = qemu_chr_new("fpga", "vc:320x200", malta_fpga_led_init);
565 s->uart = serial_mm_init(address_space, base + 0x900, 3, uart_irq,
566 230400, uart_chr, DEVICE_NATIVE_ENDIAN);
569 qemu_register_reset(malta_fpga_reset, s);
574 /* Network support */
575 static void network_init(PCIBus *pci_bus)
579 for(i = 0; i < nb_nics; i++) {
580 NICInfo *nd = &nd_table[i];
581 const char *default_devaddr = NULL;
583 if (i == 0 && (!nd->model || strcmp(nd->model, "pcnet") == 0))
584 /* The malta board has a PCNet card using PCI SLOT 11 */
585 default_devaddr = "0b";
587 pci_nic_init_nofail(nd, pci_bus, "pcnet", default_devaddr);
591 /* ROM and pseudo bootloader
593 The following code implements a very very simple bootloader. It first
594 loads the registers a0 to a3 to the values expected by the OS, and
595 then jump at the kernel address.
597 The bootloader should pass the locations of the kernel arguments and
598 environment variables tables. Those tables contain the 32-bit address
599 of NULL terminated strings. The environment variables table should be
600 terminated by a NULL address.
602 For a simpler implementation, the number of kernel arguments is fixed
603 to two (the name of the kernel and the command line), and the two
604 tables are actually the same one.
606 The registers a0 to a3 should contain the following values:
607 a0 - number of kernel arguments
608 a1 - 32-bit address of the kernel arguments table
609 a2 - 32-bit address of the environment variables table
610 a3 - RAM size in bytes
613 static void write_bootloader(uint8_t *base, int64_t run_addr,
614 int64_t kernel_entry)
618 /* Small bootloader */
619 p = (uint32_t *)base;
621 stl_p(p++, 0x08000000 | /* j 0x1fc00580 */
622 ((run_addr + 0x580) & 0x0fffffff) >> 2);
623 stl_p(p++, 0x00000000); /* nop */
625 /* YAMON service vector */
626 stl_p(base + 0x500, run_addr + 0x0580); /* start: */
627 stl_p(base + 0x504, run_addr + 0x083c); /* print_count: */
628 stl_p(base + 0x520, run_addr + 0x0580); /* start: */
629 stl_p(base + 0x52c, run_addr + 0x0800); /* flush_cache: */
630 stl_p(base + 0x534, run_addr + 0x0808); /* print: */
631 stl_p(base + 0x538, run_addr + 0x0800); /* reg_cpu_isr: */
632 stl_p(base + 0x53c, run_addr + 0x0800); /* unred_cpu_isr: */
633 stl_p(base + 0x540, run_addr + 0x0800); /* reg_ic_isr: */
634 stl_p(base + 0x544, run_addr + 0x0800); /* unred_ic_isr: */
635 stl_p(base + 0x548, run_addr + 0x0800); /* reg_esr: */
636 stl_p(base + 0x54c, run_addr + 0x0800); /* unreg_esr: */
637 stl_p(base + 0x550, run_addr + 0x0800); /* getchar: */
638 stl_p(base + 0x554, run_addr + 0x0800); /* syscon_read: */
641 /* Second part of the bootloader */
642 p = (uint32_t *) (base + 0x580);
644 if (semihosting_get_argc()) {
645 /* Preserve a0 content as arguments have been passed */
646 stl_p(p++, 0x00000000); /* nop */
648 stl_p(p++, 0x24040002); /* addiu a0, zero, 2 */
650 stl_p(p++, 0x3c1d0000 | (((ENVP_ADDR - 64) >> 16) & 0xffff)); /* lui sp, high(ENVP_ADDR) */
651 stl_p(p++, 0x37bd0000 | ((ENVP_ADDR - 64) & 0xffff)); /* ori sp, sp, low(ENVP_ADDR) */
652 stl_p(p++, 0x3c050000 | ((ENVP_ADDR >> 16) & 0xffff)); /* lui a1, high(ENVP_ADDR) */
653 stl_p(p++, 0x34a50000 | (ENVP_ADDR & 0xffff)); /* ori a1, a1, low(ENVP_ADDR) */
654 stl_p(p++, 0x3c060000 | (((ENVP_ADDR + 8) >> 16) & 0xffff)); /* lui a2, high(ENVP_ADDR + 8) */
655 stl_p(p++, 0x34c60000 | ((ENVP_ADDR + 8) & 0xffff)); /* ori a2, a2, low(ENVP_ADDR + 8) */
656 stl_p(p++, 0x3c070000 | (loaderparams.ram_low_size >> 16)); /* lui a3, high(ram_low_size) */
657 stl_p(p++, 0x34e70000 | (loaderparams.ram_low_size & 0xffff)); /* ori a3, a3, low(ram_low_size) */
659 /* Load BAR registers as done by YAMON */
660 stl_p(p++, 0x3c09b400); /* lui t1, 0xb400 */
662 #ifdef TARGET_WORDS_BIGENDIAN
663 stl_p(p++, 0x3c08df00); /* lui t0, 0xdf00 */
665 stl_p(p++, 0x340800df); /* ori t0, r0, 0x00df */
667 stl_p(p++, 0xad280068); /* sw t0, 0x0068(t1) */
669 stl_p(p++, 0x3c09bbe0); /* lui t1, 0xbbe0 */
671 #ifdef TARGET_WORDS_BIGENDIAN
672 stl_p(p++, 0x3c08c000); /* lui t0, 0xc000 */
674 stl_p(p++, 0x340800c0); /* ori t0, r0, 0x00c0 */
676 stl_p(p++, 0xad280048); /* sw t0, 0x0048(t1) */
677 #ifdef TARGET_WORDS_BIGENDIAN
678 stl_p(p++, 0x3c084000); /* lui t0, 0x4000 */
680 stl_p(p++, 0x34080040); /* ori t0, r0, 0x0040 */
682 stl_p(p++, 0xad280050); /* sw t0, 0x0050(t1) */
684 #ifdef TARGET_WORDS_BIGENDIAN
685 stl_p(p++, 0x3c088000); /* lui t0, 0x8000 */
687 stl_p(p++, 0x34080080); /* ori t0, r0, 0x0080 */
689 stl_p(p++, 0xad280058); /* sw t0, 0x0058(t1) */
690 #ifdef TARGET_WORDS_BIGENDIAN
691 stl_p(p++, 0x3c083f00); /* lui t0, 0x3f00 */
693 stl_p(p++, 0x3408003f); /* ori t0, r0, 0x003f */
695 stl_p(p++, 0xad280060); /* sw t0, 0x0060(t1) */
697 #ifdef TARGET_WORDS_BIGENDIAN
698 stl_p(p++, 0x3c08c100); /* lui t0, 0xc100 */
700 stl_p(p++, 0x340800c1); /* ori t0, r0, 0x00c1 */
702 stl_p(p++, 0xad280080); /* sw t0, 0x0080(t1) */
703 #ifdef TARGET_WORDS_BIGENDIAN
704 stl_p(p++, 0x3c085e00); /* lui t0, 0x5e00 */
706 stl_p(p++, 0x3408005e); /* ori t0, r0, 0x005e */
708 stl_p(p++, 0xad280088); /* sw t0, 0x0088(t1) */
710 /* Jump to kernel code */
711 stl_p(p++, 0x3c1f0000 | ((kernel_entry >> 16) & 0xffff)); /* lui ra, high(kernel_entry) */
712 stl_p(p++, 0x37ff0000 | (kernel_entry & 0xffff)); /* ori ra, ra, low(kernel_entry) */
713 stl_p(p++, 0x03e00009); /* jalr ra */
714 stl_p(p++, 0x00000000); /* nop */
716 /* YAMON subroutines */
717 p = (uint32_t *) (base + 0x800);
718 stl_p(p++, 0x03e00009); /* jalr ra */
719 stl_p(p++, 0x24020000); /* li v0,0 */
720 /* 808 YAMON print */
721 stl_p(p++, 0x03e06821); /* move t5,ra */
722 stl_p(p++, 0x00805821); /* move t3,a0 */
723 stl_p(p++, 0x00a05021); /* move t2,a1 */
724 stl_p(p++, 0x91440000); /* lbu a0,0(t2) */
725 stl_p(p++, 0x254a0001); /* addiu t2,t2,1 */
726 stl_p(p++, 0x10800005); /* beqz a0,834 */
727 stl_p(p++, 0x00000000); /* nop */
728 stl_p(p++, 0x0ff0021c); /* jal 870 */
729 stl_p(p++, 0x00000000); /* nop */
730 stl_p(p++, 0x08000205); /* j 814 */
731 stl_p(p++, 0x00000000); /* nop */
732 stl_p(p++, 0x01a00009); /* jalr t5 */
733 stl_p(p++, 0x01602021); /* move a0,t3 */
734 /* 0x83c YAMON print_count */
735 stl_p(p++, 0x03e06821); /* move t5,ra */
736 stl_p(p++, 0x00805821); /* move t3,a0 */
737 stl_p(p++, 0x00a05021); /* move t2,a1 */
738 stl_p(p++, 0x00c06021); /* move t4,a2 */
739 stl_p(p++, 0x91440000); /* lbu a0,0(t2) */
740 stl_p(p++, 0x0ff0021c); /* jal 870 */
741 stl_p(p++, 0x00000000); /* nop */
742 stl_p(p++, 0x254a0001); /* addiu t2,t2,1 */
743 stl_p(p++, 0x258cffff); /* addiu t4,t4,-1 */
744 stl_p(p++, 0x1580fffa); /* bnez t4,84c */
745 stl_p(p++, 0x00000000); /* nop */
746 stl_p(p++, 0x01a00009); /* jalr t5 */
747 stl_p(p++, 0x01602021); /* move a0,t3 */
749 stl_p(p++, 0x3c08b800); /* lui t0,0xb400 */
750 stl_p(p++, 0x350803f8); /* ori t0,t0,0x3f8 */
751 stl_p(p++, 0x91090005); /* lbu t1,5(t0) */
752 stl_p(p++, 0x00000000); /* nop */
753 stl_p(p++, 0x31290040); /* andi t1,t1,0x40 */
754 stl_p(p++, 0x1120fffc); /* beqz t1,878 <outch+0x8> */
755 stl_p(p++, 0x00000000); /* nop */
756 stl_p(p++, 0x03e00009); /* jalr ra */
757 stl_p(p++, 0xa1040000); /* sb a0,0(t0) */
761 static void GCC_FMT_ATTR(3, 4) prom_set(uint32_t* prom_buf, int index,
762 const char *string, ...)
767 if (index >= ENVP_NB_ENTRIES)
770 if (string == NULL) {
775 table_addr = sizeof(int32_t) * ENVP_NB_ENTRIES + index * ENVP_ENTRY_SIZE;
776 prom_buf[index] = tswap32(ENVP_ADDR + table_addr);
778 va_start(ap, string);
779 vsnprintf((char *)prom_buf + table_addr, ENVP_ENTRY_SIZE, string, ap);
784 static int64_t load_kernel (void)
786 int64_t kernel_entry, kernel_high;
788 ram_addr_t initrd_offset;
793 uint64_t (*xlate_to_kseg0) (void *opaque, uint64_t addr);
795 #ifdef TARGET_WORDS_BIGENDIAN
801 if (load_elf(loaderparams.kernel_filename, cpu_mips_kseg0_to_phys, NULL,
802 (uint64_t *)&kernel_entry, NULL, (uint64_t *)&kernel_high,
803 big_endian, EM_MIPS, 1, 0) < 0) {
804 fprintf(stderr, "qemu: could not load kernel '%s'\n",
805 loaderparams.kernel_filename);
809 /* Sanity check where the kernel has been linked */
811 if (kernel_entry & 0x80000000ll) {
812 error_report("KVM guest kernels must be linked in useg. "
813 "Did you forget to enable CONFIG_KVM_GUEST?");
817 xlate_to_kseg0 = cpu_mips_kvm_um_phys_to_kseg0;
819 if (!(kernel_entry & 0x80000000ll)) {
820 error_report("KVM guest kernels aren't supported with TCG. "
821 "Did you unintentionally enable CONFIG_KVM_GUEST?");
825 xlate_to_kseg0 = cpu_mips_phys_to_kseg0;
831 if (loaderparams.initrd_filename) {
832 initrd_size = get_image_size (loaderparams.initrd_filename);
833 if (initrd_size > 0) {
834 initrd_offset = (kernel_high + ~INITRD_PAGE_MASK) & INITRD_PAGE_MASK;
835 if (initrd_offset + initrd_size > ram_size) {
837 "qemu: memory too small for initial ram disk '%s'\n",
838 loaderparams.initrd_filename);
841 initrd_size = load_image_targphys(loaderparams.initrd_filename,
843 ram_size - initrd_offset);
845 if (initrd_size == (target_ulong) -1) {
846 fprintf(stderr, "qemu: could not load initial ram disk '%s'\n",
847 loaderparams.initrd_filename);
852 /* Setup prom parameters. */
853 prom_size = ENVP_NB_ENTRIES * (sizeof(int32_t) + ENVP_ENTRY_SIZE);
854 prom_buf = g_malloc(prom_size);
856 prom_set(prom_buf, prom_index++, "%s", loaderparams.kernel_filename);
857 if (initrd_size > 0) {
858 prom_set(prom_buf, prom_index++, "rd_start=0x%" PRIx64 " rd_size=%li %s",
859 xlate_to_kseg0(NULL, initrd_offset), initrd_size,
860 loaderparams.kernel_cmdline);
862 prom_set(prom_buf, prom_index++, "%s", loaderparams.kernel_cmdline);
865 prom_set(prom_buf, prom_index++, "memsize");
866 prom_set(prom_buf, prom_index++, "%u", loaderparams.ram_low_size);
868 prom_set(prom_buf, prom_index++, "ememsize");
869 prom_set(prom_buf, prom_index++, "%u", loaderparams.ram_size);
871 prom_set(prom_buf, prom_index++, "modetty0");
872 prom_set(prom_buf, prom_index++, "38400n8r");
873 prom_set(prom_buf, prom_index++, NULL);
875 rom_add_blob_fixed("prom", prom_buf, prom_size,
876 cpu_mips_kseg0_to_phys(NULL, ENVP_ADDR));
882 static void malta_mips_config(MIPSCPU *cpu)
884 CPUMIPSState *env = &cpu->env;
885 CPUState *cs = CPU(cpu);
887 env->mvp->CP0_MVPConf0 |= ((smp_cpus - 1) << CP0MVPC0_PVPE) |
888 ((smp_cpus * cs->nr_threads - 1) << CP0MVPC0_PTC);
891 static void main_cpu_reset(void *opaque)
893 MIPSCPU *cpu = opaque;
894 CPUMIPSState *env = &cpu->env;
898 /* The bootloader does not need to be rewritten as it is located in a
899 read only location. The kernel location and the arguments table
900 location does not change. */
901 if (loaderparams.kernel_filename) {
902 env->CP0_Status &= ~(1 << CP0St_ERL);
905 malta_mips_config(cpu);
908 /* Start running from the bootloader we wrote to end of RAM */
909 env->active_tc.PC = 0x40000000 + loaderparams.ram_low_size;
913 static void create_cpu_without_cps(const char *cpu_model,
914 qemu_irq *cbus_irq, qemu_irq *i8259_irq)
920 for (i = 0; i < smp_cpus; i++) {
921 cpu = cpu_mips_init(cpu_model);
923 fprintf(stderr, "Unable to find CPU definition\n");
928 /* Init internal devices */
929 cpu_mips_irq_init_cpu(env);
930 cpu_mips_clock_init(env);
931 qemu_register_reset(main_cpu_reset, cpu);
934 cpu = MIPS_CPU(first_cpu);
936 *i8259_irq = env->irq[2];
937 *cbus_irq = env->irq[4];
940 static void create_cps(MaltaState *s, const char *cpu_model,
941 qemu_irq *cbus_irq, qemu_irq *i8259_irq)
944 s->cps = g_new0(MIPSCPSState, 1);
946 object_initialize(s->cps, sizeof(MIPSCPSState), TYPE_MIPS_CPS);
947 qdev_set_parent_bus(DEVICE(s->cps), sysbus_get_default());
949 object_property_set_str(OBJECT(s->cps), cpu_model, "cpu-model", &err);
950 object_property_set_int(OBJECT(s->cps), smp_cpus, "num-vp", &err);
951 object_property_set_bool(OBJECT(s->cps), true, "realized", &err);
953 error_report("%s", error_get_pretty(err));
957 sysbus_mmio_map_overlap(SYS_BUS_DEVICE(s->cps), 0, 0, 1);
959 /* FIXME: When GIC is present then we should use GIC's IRQ 3.
960 Until then CPS exposes CPU's IRQs thus use the default IRQ 2. */
961 *i8259_irq = get_cps_irq(s->cps, 2);
965 static void create_cpu(MaltaState *s, const char *cpu_model,
966 qemu_irq *cbus_irq, qemu_irq *i8259_irq)
968 if (cpu_model == NULL) {
976 if ((smp_cpus > 1) && cpu_supports_cps_smp(cpu_model)) {
977 create_cps(s, cpu_model, cbus_irq, i8259_irq);
979 create_cpu_without_cps(cpu_model, cbus_irq, i8259_irq);
984 void mips_malta_init(MachineState *machine)
986 ram_addr_t ram_size = machine->ram_size;
987 ram_addr_t ram_low_size;
988 const char *kernel_filename = machine->kernel_filename;
989 const char *kernel_cmdline = machine->kernel_cmdline;
990 const char *initrd_filename = machine->initrd_filename;
993 MemoryRegion *system_memory = get_system_memory();
994 MemoryRegion *ram_high = g_new(MemoryRegion, 1);
995 MemoryRegion *ram_low_preio = g_new(MemoryRegion, 1);
996 MemoryRegion *ram_low_postio;
997 MemoryRegion *bios, *bios_copy = g_new(MemoryRegion, 1);
998 target_long bios_size = FLASH_SIZE;
999 const size_t smbus_eeprom_size = 8 * 256;
1000 uint8_t *smbus_eeprom_buf = g_malloc0(smbus_eeprom_size);
1001 int64_t kernel_entry, bootloader_run_addr;
1005 qemu_irq cbus_irq, i8259_irq;
1010 DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
1011 DriveInfo *fd[MAX_FD];
1013 int fl_sectors = bios_size >> 16;
1016 DeviceState *dev = qdev_create(NULL, TYPE_MIPS_MALTA);
1017 MaltaState *s = MIPS_MALTA(dev);
1019 /* The whole address space decoded by the GT-64120A doesn't generate
1020 exception when accessing invalid memory. Create an empty slot to
1021 emulate this feature. */
1022 empty_slot_init(0, 0x20000000);
1024 qdev_init_nofail(dev);
1026 /* Make sure the first 3 serial ports are associated with a device. */
1027 for(i = 0; i < 3; i++) {
1028 if (!serial_hds[i]) {
1030 snprintf(label, sizeof(label), "serial%d", i);
1031 serial_hds[i] = qemu_chr_new(label, "null", NULL);
1036 create_cpu(s, machine->cpu_model, &cbus_irq, &i8259_irq);
1039 if (ram_size > (2048u << 20)) {
1041 "qemu: Too much memory for this machine: %d MB, maximum 2048 MB\n",
1042 ((unsigned int)ram_size / (1 << 20)));
1046 /* register RAM at high address where it is undisturbed by IO */
1047 memory_region_allocate_system_memory(ram_high, NULL, "mips_malta.ram",
1049 memory_region_add_subregion(system_memory, 0x80000000, ram_high);
1051 /* alias for pre IO hole access */
1052 memory_region_init_alias(ram_low_preio, NULL, "mips_malta_low_preio.ram",
1053 ram_high, 0, MIN(ram_size, (256 << 20)));
1054 memory_region_add_subregion(system_memory, 0, ram_low_preio);
1056 /* alias for post IO hole access, if there is enough RAM */
1057 if (ram_size > (512 << 20)) {
1058 ram_low_postio = g_new(MemoryRegion, 1);
1059 memory_region_init_alias(ram_low_postio, NULL,
1060 "mips_malta_low_postio.ram",
1061 ram_high, 512 << 20,
1062 ram_size - (512 << 20));
1063 memory_region_add_subregion(system_memory, 512 << 20, ram_low_postio);
1066 /* generate SPD EEPROM data */
1067 generate_eeprom_spd(&smbus_eeprom_buf[0 * 256], ram_size);
1068 generate_eeprom_serial(&smbus_eeprom_buf[6 * 256]);
1070 #ifdef TARGET_WORDS_BIGENDIAN
1076 /* The CBUS UART is attached to the MIPS CPU INT2 pin, ie interrupt 4 */
1077 malta_fpga_init(system_memory, FPGA_ADDRESS, cbus_irq, serial_hds[2]);
1079 /* Load firmware in flash / BIOS. */
1080 dinfo = drive_get(IF_PFLASH, 0, fl_idx);
1081 #ifdef DEBUG_BOARD_INIT
1083 printf("Register parallel flash %d size " TARGET_FMT_lx " at "
1084 "addr %08llx '%s' %x\n",
1085 fl_idx, bios_size, FLASH_ADDRESS,
1086 blk_name(dinfo->bdrv), fl_sectors);
1089 fl = pflash_cfi01_register(FLASH_ADDRESS, NULL, "mips_malta.bios",
1091 dinfo ? blk_by_legacy_dinfo(dinfo) : NULL,
1093 4, 0x0000, 0x0000, 0x0000, 0x0000, be);
1094 bios = pflash_cfi01_get_memory(fl);
1096 if (kernel_filename) {
1097 ram_low_size = MIN(ram_size, 256 << 20);
1098 /* For KVM we reserve 1MB of RAM for running bootloader */
1099 if (kvm_enabled()) {
1100 ram_low_size -= 0x100000;
1101 bootloader_run_addr = 0x40000000 + ram_low_size;
1103 bootloader_run_addr = 0xbfc00000;
1106 /* Write a small bootloader to the flash location. */
1107 loaderparams.ram_size = ram_size;
1108 loaderparams.ram_low_size = ram_low_size;
1109 loaderparams.kernel_filename = kernel_filename;
1110 loaderparams.kernel_cmdline = kernel_cmdline;
1111 loaderparams.initrd_filename = initrd_filename;
1112 kernel_entry = load_kernel();
1114 write_bootloader(memory_region_get_ram_ptr(bios),
1115 bootloader_run_addr, kernel_entry);
1116 if (kvm_enabled()) {
1117 /* Write the bootloader code @ the end of RAM, 1MB reserved */
1118 write_bootloader(memory_region_get_ram_ptr(ram_low_preio) +
1120 bootloader_run_addr, kernel_entry);
1123 /* The flash region isn't executable from a KVM guest */
1124 if (kvm_enabled()) {
1125 error_report("KVM enabled but no -kernel argument was specified. "
1126 "Booting from flash is not supported with KVM.");
1129 /* Load firmware from flash. */
1131 /* Load a BIOS image. */
1132 if (bios_name == NULL) {
1133 bios_name = BIOS_FILENAME;
1135 filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
1137 bios_size = load_image_targphys(filename, FLASH_ADDRESS,
1143 if ((bios_size < 0 || bios_size > BIOS_SIZE) &&
1144 !kernel_filename && !qtest_enabled()) {
1145 error_report("Could not load MIPS bios '%s', and no "
1146 "-kernel argument was specified", bios_name);
1150 /* In little endian mode the 32bit words in the bios are swapped,
1151 a neat trick which allows bi-endian firmware. */
1152 #ifndef TARGET_WORDS_BIGENDIAN
1154 uint32_t *end, *addr = rom_ptr(FLASH_ADDRESS);
1156 addr = memory_region_get_ram_ptr(bios);
1158 end = (void *)addr + MIN(bios_size, 0x3e0000);
1159 while (addr < end) {
1168 * Map the BIOS at a 2nd physical location, as on the real board.
1169 * Copy it so that we can patch in the MIPS revision, which cannot be
1170 * handled by an overlapping region as the resulting ROM code subpage
1171 * regions are not executable.
1173 memory_region_init_ram(bios_copy, NULL, "bios.1fc", BIOS_SIZE,
1175 if (!rom_copy(memory_region_get_ram_ptr(bios_copy),
1176 FLASH_ADDRESS, BIOS_SIZE)) {
1177 memcpy(memory_region_get_ram_ptr(bios_copy),
1178 memory_region_get_ram_ptr(bios), BIOS_SIZE);
1180 memory_region_set_readonly(bios_copy, true);
1181 memory_region_add_subregion(system_memory, RESET_ADDRESS, bios_copy);
1183 /* Board ID = 0x420 (Malta Board with CoreLV) */
1184 stl_p(memory_region_get_ram_ptr(bios_copy) + 0x10, 0x00000420);
1187 * We have a circular dependency problem: pci_bus depends on isa_irq,
1188 * isa_irq is provided by i8259, i8259 depends on ISA, ISA depends
1189 * on piix4, and piix4 depends on pci_bus. To stop the cycle we have
1190 * qemu_irq_proxy() adds an extra bit of indirection, allowing us
1191 * to resolve the isa_irq -> i8259 dependency after i8259 is initialized.
1193 isa_irq = qemu_irq_proxy(&s->i8259, 16);
1196 pci_bus = gt64120_register(isa_irq);
1199 ide_drive_get(hd, ARRAY_SIZE(hd));
1201 piix4_devfn = piix4_init(pci_bus, &isa_bus, 80);
1203 /* Interrupt controller */
1204 /* The 8259 is attached to the MIPS CPU INT0 pin, ie interrupt 2 */
1205 s->i8259 = i8259_init(isa_bus, i8259_irq);
1207 isa_bus_irqs(isa_bus, s->i8259);
1208 pci_piix4_ide_init(pci_bus, hd, piix4_devfn + 1);
1209 pci_create_simple(pci_bus, piix4_devfn + 2, "piix4-usb-uhci");
1210 smbus = piix4_pm_init(pci_bus, piix4_devfn + 3, 0x1100,
1211 isa_get_irq(NULL, 9), NULL, 0, NULL);
1212 smbus_eeprom_init(smbus, 8, smbus_eeprom_buf, smbus_eeprom_size);
1213 g_free(smbus_eeprom_buf);
1214 pit = pit_init(isa_bus, 0x40, 0, NULL);
1215 DMA_init(isa_bus, 0);
1218 isa_create_simple(isa_bus, "i8042");
1220 rtc_init(isa_bus, 2000, NULL);
1221 serial_hds_isa_init(isa_bus, 2);
1222 parallel_hds_isa_init(isa_bus, 1);
1224 for(i = 0; i < MAX_FD; i++) {
1225 fd[i] = drive_get(IF_FLOPPY, 0, i);
1227 fdctrl_init_isa(isa_bus, fd);
1230 network_init(pci_bus);
1232 /* Optional PCI video card */
1233 pci_vga_init(pci_bus);
1236 static int mips_malta_sysbus_device_init(SysBusDevice *sysbusdev)
1241 static void mips_malta_class_init(ObjectClass *klass, void *data)
1243 SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
1245 k->init = mips_malta_sysbus_device_init;
1248 static const TypeInfo mips_malta_device = {
1249 .name = TYPE_MIPS_MALTA,
1250 .parent = TYPE_SYS_BUS_DEVICE,
1251 .instance_size = sizeof(MaltaState),
1252 .class_init = mips_malta_class_init,
1255 static void mips_malta_machine_init(MachineClass *mc)
1257 mc->desc = "MIPS Malta Core LV";
1258 mc->init = mips_malta_init;
1263 DEFINE_MACHINE("malta", mips_malta_machine_init)
1265 static void mips_malta_register_types(void)
1267 type_register_static(&mips_malta_device);
1270 type_init(mips_malta_register_types)
Code Review / kvmfornfv.git / blob