2 * QEMU Malta board support
4 * Copyright (c) 2006 Aurelien Jarno
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
25 #include "qemu/osdep.h"
26 #include "qemu-common.h"
29 #include "hw/i386/pc.h"
30 #include "hw/char/serial.h"
31 #include "hw/block/fdc.h"
33 #include "hw/boards.h"
34 #include "hw/i2c/smbus.h"
35 #include "sysemu/block-backend.h"
36 #include "hw/block/flash.h"
37 #include "hw/mips/mips.h"
38 #include "hw/mips/cpudevs.h"
39 #include "hw/pci/pci.h"
40 #include "sysemu/sysemu.h"
41 #include "sysemu/arch_init.h"
43 #include "hw/mips/bios.h"
45 #include "hw/loader.h"
47 #include "hw/timer/mc146818rtc.h"
48 #include "hw/timer/i8254.h"
49 #include "sysemu/blockdev.h"
50 #include "exec/address-spaces.h"
51 #include "hw/sysbus.h" /* SysBusDevice */
52 #include "qemu/host-utils.h"
53 #include "sysemu/qtest.h"
54 #include "qemu/error-report.h"
55 #include "hw/empty_slot.h"
56 #include "sysemu/kvm.h"
57 #include "exec/semihost.h"
58 #include "hw/mips/cps.h"
60 //#define DEBUG_BOARD_INIT
62 #define ENVP_ADDR 0x80002000l
63 #define ENVP_NB_ENTRIES 16
64 #define ENVP_ENTRY_SIZE 256
66 /* Hardware addresses */
67 #define FLASH_ADDRESS 0x1e000000ULL
68 #define FPGA_ADDRESS 0x1f000000ULL
69 #define RESET_ADDRESS 0x1fc00000ULL
71 #define FLASH_SIZE 0x400000
77 MemoryRegion iomem_lo; /* 0 - 0x900 */
78 MemoryRegion iomem_hi; /* 0xa00 - 0x100000 */
92 #define TYPE_MIPS_MALTA "mips-malta"
93 #define MIPS_MALTA(obj) OBJECT_CHECK(MaltaState, (obj), TYPE_MIPS_MALTA)
96 SysBusDevice parent_obj;
102 static ISADevice *pit;
104 static struct _loaderparams {
105 int ram_size, ram_low_size;
106 const char *kernel_filename;
107 const char *kernel_cmdline;
108 const char *initrd_filename;
112 static void malta_fpga_update_display(void *opaque)
116 MaltaFPGAState *s = opaque;
118 for (i = 7 ; i >= 0 ; i--) {
119 if (s->leds & (1 << i))
126 qemu_chr_fe_printf(&s->display, "\e[H\n\n|\e[32m%-8.8s\e[00m|\r\n",
128 qemu_chr_fe_printf(&s->display, "\n\n\n\n|\e[31m%-8.8s\e[00m|",
133 * EEPROM 24C01 / 24C02 emulation.
135 * Emulation for serial EEPROMs:
136 * 24C01 - 1024 bit (128 x 8)
137 * 24C02 - 2048 bit (256 x 8)
139 * Typical device names include Microchip 24C02SC or SGS Thomson ST24C02.
145 # define logout(fmt, ...) fprintf(stderr, "MALTA\t%-24s" fmt, __func__, ## __VA_ARGS__)
147 # define logout(fmt, ...) ((void)0)
150 struct _eeprom24c0x_t {
159 uint8_t contents[256];
162 typedef struct _eeprom24c0x_t eeprom24c0x_t;
164 static eeprom24c0x_t spd_eeprom = {
166 /* 00000000: */ 0x80,0x08,0xFF,0x0D,0x0A,0xFF,0x40,0x00,
167 /* 00000008: */ 0x01,0x75,0x54,0x00,0x82,0x08,0x00,0x01,
168 /* 00000010: */ 0x8F,0x04,0x02,0x01,0x01,0x00,0x00,0x00,
169 /* 00000018: */ 0x00,0x00,0x00,0x14,0x0F,0x14,0x2D,0xFF,
170 /* 00000020: */ 0x15,0x08,0x15,0x08,0x00,0x00,0x00,0x00,
171 /* 00000028: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
172 /* 00000030: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
173 /* 00000038: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x12,0xD0,
174 /* 00000040: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
175 /* 00000048: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
176 /* 00000050: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
177 /* 00000058: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
178 /* 00000060: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
179 /* 00000068: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
180 /* 00000070: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
181 /* 00000078: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x64,0xF4,
185 static void generate_eeprom_spd(uint8_t *eeprom, ram_addr_t ram_size)
187 enum { SDR = 0x4, DDR2 = 0x8 } type;
188 uint8_t *spd = spd_eeprom.contents;
190 uint16_t density = 0;
193 /* work in terms of MB */
196 while ((ram_size >= 4) && (nbanks <= 2)) {
197 int sz_log2 = MIN(31 - clz32(ram_size), 14);
199 density |= 1 << (sz_log2 - 2);
200 ram_size -= 1 << sz_log2;
203 /* split to 2 banks if possible */
204 if ((nbanks == 1) && (density > 1)) {
209 if (density & 0xff00) {
210 density = (density & 0xe0) | ((density >> 8) & 0x1f);
212 } else if (!(density & 0x1f)) {
219 fprintf(stderr, "Warning: SPD cannot represent final %dMB"
220 " of SDRAM\n", (int)ram_size);
223 /* fill in SPD memory information */
230 for (i = 0; i < 63; i++) {
235 memcpy(eeprom, spd, sizeof(spd_eeprom.contents));
238 static void generate_eeprom_serial(uint8_t *eeprom)
241 uint8_t mac[6] = { 0x00 };
242 uint8_t sn[5] = { 0x01, 0x23, 0x45, 0x67, 0x89 };
245 eeprom[pos++] = 0x01;
248 eeprom[pos++] = 0x02;
251 eeprom[pos++] = 0x01; /* MAC */
252 eeprom[pos++] = 0x06; /* length */
253 memcpy(&eeprom[pos], mac, sizeof(mac));
257 eeprom[pos++] = 0x02; /* serial */
258 eeprom[pos++] = 0x05; /* length */
259 memcpy(&eeprom[pos], sn, sizeof(sn));
264 for (i = 0; i < pos; i++) {
265 eeprom[pos] += eeprom[i];
269 static uint8_t eeprom24c0x_read(eeprom24c0x_t *eeprom)
271 logout("%u: scl = %u, sda = %u, data = 0x%02x\n",
272 eeprom->tick, eeprom->scl, eeprom->sda, eeprom->data);
276 static void eeprom24c0x_write(eeprom24c0x_t *eeprom, int scl, int sda)
278 if (eeprom->scl && scl && (eeprom->sda != sda)) {
279 logout("%u: scl = %u->%u, sda = %u->%u i2c %s\n",
280 eeprom->tick, eeprom->scl, scl, eeprom->sda, sda,
281 sda ? "stop" : "start");
286 } else if (eeprom->tick == 0 && !eeprom->ack) {
287 /* Waiting for start. */
288 logout("%u: scl = %u->%u, sda = %u->%u wait for i2c start\n",
289 eeprom->tick, eeprom->scl, scl, eeprom->sda, sda);
290 } else if (!eeprom->scl && scl) {
291 logout("%u: scl = %u->%u, sda = %u->%u trigger bit\n",
292 eeprom->tick, eeprom->scl, scl, eeprom->sda, sda);
294 logout("\ti2c ack bit = 0\n");
297 } else if (eeprom->sda == sda) {
298 uint8_t bit = (sda != 0);
299 logout("\ti2c bit = %d\n", bit);
300 if (eeprom->tick < 9) {
301 eeprom->command <<= 1;
302 eeprom->command += bit;
304 if (eeprom->tick == 9) {
305 logout("\tcommand 0x%04x, %s\n", eeprom->command,
306 bit ? "read" : "write");
309 } else if (eeprom->tick < 17) {
310 if (eeprom->command & 1) {
311 sda = ((eeprom->data & 0x80) != 0);
313 eeprom->address <<= 1;
314 eeprom->address += bit;
317 if (eeprom->tick == 17) {
318 eeprom->data = eeprom->contents[eeprom->address];
319 logout("\taddress 0x%04x, data 0x%02x\n",
320 eeprom->address, eeprom->data);
324 } else if (eeprom->tick >= 17) {
328 logout("\tsda changed with raising scl\n");
331 logout("%u: scl = %u->%u, sda = %u->%u\n", eeprom->tick, eeprom->scl,
332 scl, eeprom->sda, sda);
338 static uint64_t malta_fpga_read(void *opaque, hwaddr addr,
341 MaltaFPGAState *s = opaque;
345 saddr = (addr & 0xfffff);
349 /* SWITCH Register */
351 val = 0x00000000; /* All switches closed */
354 /* STATUS Register */
356 #ifdef TARGET_WORDS_BIGENDIAN
368 /* LEDBAR Register */
373 /* BRKRES Register */
378 /* UART Registers are handled directly by the serial device */
385 /* XXX: implement a real I2C controller */
389 /* IN = OUT until a real I2C control is implemented */
396 /* I2CINP Register */
398 val = ((s->i2cin & ~1) | eeprom24c0x_read(&spd_eeprom));
406 /* I2COUT Register */
411 /* I2CSEL Register */
418 printf ("malta_fpga_read: Bad register offset 0x" TARGET_FMT_lx "\n",
426 static void malta_fpga_write(void *opaque, hwaddr addr,
427 uint64_t val, unsigned size)
429 MaltaFPGAState *s = opaque;
432 saddr = (addr & 0xfffff);
436 /* SWITCH Register */
444 /* LEDBAR Register */
446 s->leds = val & 0xff;
447 malta_fpga_update_display(s);
450 /* ASCIIWORD Register */
452 snprintf(s->display_text, 9, "%08X", (uint32_t)val);
453 malta_fpga_update_display(s);
456 /* ASCIIPOS0 to ASCIIPOS7 Registers */
465 s->display_text[(saddr - 0x00418) >> 3] = (char) val;
466 malta_fpga_update_display(s);
469 /* SOFTRES Register */
472 qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET);
475 /* BRKRES Register */
480 /* UART Registers are handled directly by the serial device */
484 s->gpout = val & 0xff;
489 s->i2coe = val & 0x03;
492 /* I2COUT Register */
494 eeprom24c0x_write(&spd_eeprom, val & 0x02, val & 0x01);
498 /* I2CSEL Register */
500 s->i2csel = val & 0x01;
505 printf ("malta_fpga_write: Bad register offset 0x" TARGET_FMT_lx "\n",
512 static const MemoryRegionOps malta_fpga_ops = {
513 .read = malta_fpga_read,
514 .write = malta_fpga_write,
515 .endianness = DEVICE_NATIVE_ENDIAN,
518 static void malta_fpga_reset(void *opaque)
520 MaltaFPGAState *s = opaque;
530 s->display_text[8] = '\0';
531 snprintf(s->display_text, 9, " ");
534 static void malta_fgpa_display_event(void *opaque, int event)
536 MaltaFPGAState *s = opaque;
538 if (event == CHR_EVENT_OPENED && !s->display_inited) {
539 qemu_chr_fe_printf(&s->display, "\e[HMalta LEDBAR\r\n");
540 qemu_chr_fe_printf(&s->display, "+--------+\r\n");
541 qemu_chr_fe_printf(&s->display, "+ +\r\n");
542 qemu_chr_fe_printf(&s->display, "+--------+\r\n");
543 qemu_chr_fe_printf(&s->display, "\n");
544 qemu_chr_fe_printf(&s->display, "Malta ASCII\r\n");
545 qemu_chr_fe_printf(&s->display, "+--------+\r\n");
546 qemu_chr_fe_printf(&s->display, "+ +\r\n");
547 qemu_chr_fe_printf(&s->display, "+--------+\r\n");
548 s->display_inited = true;
552 static MaltaFPGAState *malta_fpga_init(MemoryRegion *address_space,
553 hwaddr base, qemu_irq uart_irq, Chardev *uart_chr)
558 s = (MaltaFPGAState *)g_malloc0(sizeof(MaltaFPGAState));
560 memory_region_init_io(&s->iomem, NULL, &malta_fpga_ops, s,
561 "malta-fpga", 0x100000);
562 memory_region_init_alias(&s->iomem_lo, NULL, "malta-fpga",
563 &s->iomem, 0, 0x900);
564 memory_region_init_alias(&s->iomem_hi, NULL, "malta-fpga",
565 &s->iomem, 0xa00, 0x10000-0xa00);
567 memory_region_add_subregion(address_space, base, &s->iomem_lo);
568 memory_region_add_subregion(address_space, base + 0xa00, &s->iomem_hi);
570 chr = qemu_chr_new("fpga", "vc:320x200");
571 qemu_chr_fe_init(&s->display, chr, NULL);
572 qemu_chr_fe_set_handlers(&s->display, NULL, NULL,
573 malta_fgpa_display_event, NULL, s, NULL, true);
575 s->uart = serial_mm_init(address_space, base + 0x900, 3, uart_irq,
576 230400, uart_chr, DEVICE_NATIVE_ENDIAN);
579 qemu_register_reset(malta_fpga_reset, s);
584 /* Network support */
585 static void network_init(PCIBus *pci_bus)
589 for(i = 0; i < nb_nics; i++) {
590 NICInfo *nd = &nd_table[i];
591 const char *default_devaddr = NULL;
593 if (i == 0 && (!nd->model || strcmp(nd->model, "pcnet") == 0))
594 /* The malta board has a PCNet card using PCI SLOT 11 */
595 default_devaddr = "0b";
597 pci_nic_init_nofail(nd, pci_bus, "pcnet", default_devaddr);
601 /* ROM and pseudo bootloader
603 The following code implements a very very simple bootloader. It first
604 loads the registers a0 to a3 to the values expected by the OS, and
605 then jump at the kernel address.
607 The bootloader should pass the locations of the kernel arguments and
608 environment variables tables. Those tables contain the 32-bit address
609 of NULL terminated strings. The environment variables table should be
610 terminated by a NULL address.
612 For a simpler implementation, the number of kernel arguments is fixed
613 to two (the name of the kernel and the command line), and the two
614 tables are actually the same one.
616 The registers a0 to a3 should contain the following values:
617 a0 - number of kernel arguments
618 a1 - 32-bit address of the kernel arguments table
619 a2 - 32-bit address of the environment variables table
620 a3 - RAM size in bytes
623 static void write_bootloader(uint8_t *base, int64_t run_addr,
624 int64_t kernel_entry)
628 /* Small bootloader */
629 p = (uint32_t *)base;
631 stl_p(p++, 0x08000000 | /* j 0x1fc00580 */
632 ((run_addr + 0x580) & 0x0fffffff) >> 2);
633 stl_p(p++, 0x00000000); /* nop */
635 /* YAMON service vector */
636 stl_p(base + 0x500, run_addr + 0x0580); /* start: */
637 stl_p(base + 0x504, run_addr + 0x083c); /* print_count: */
638 stl_p(base + 0x520, run_addr + 0x0580); /* start: */
639 stl_p(base + 0x52c, run_addr + 0x0800); /* flush_cache: */
640 stl_p(base + 0x534, run_addr + 0x0808); /* print: */
641 stl_p(base + 0x538, run_addr + 0x0800); /* reg_cpu_isr: */
642 stl_p(base + 0x53c, run_addr + 0x0800); /* unred_cpu_isr: */
643 stl_p(base + 0x540, run_addr + 0x0800); /* reg_ic_isr: */
644 stl_p(base + 0x544, run_addr + 0x0800); /* unred_ic_isr: */
645 stl_p(base + 0x548, run_addr + 0x0800); /* reg_esr: */
646 stl_p(base + 0x54c, run_addr + 0x0800); /* unreg_esr: */
647 stl_p(base + 0x550, run_addr + 0x0800); /* getchar: */
648 stl_p(base + 0x554, run_addr + 0x0800); /* syscon_read: */
651 /* Second part of the bootloader */
652 p = (uint32_t *) (base + 0x580);
654 if (semihosting_get_argc()) {
655 /* Preserve a0 content as arguments have been passed */
656 stl_p(p++, 0x00000000); /* nop */
658 stl_p(p++, 0x24040002); /* addiu a0, zero, 2 */
660 stl_p(p++, 0x3c1d0000 | (((ENVP_ADDR - 64) >> 16) & 0xffff)); /* lui sp, high(ENVP_ADDR) */
661 stl_p(p++, 0x37bd0000 | ((ENVP_ADDR - 64) & 0xffff)); /* ori sp, sp, low(ENVP_ADDR) */
662 stl_p(p++, 0x3c050000 | ((ENVP_ADDR >> 16) & 0xffff)); /* lui a1, high(ENVP_ADDR) */
663 stl_p(p++, 0x34a50000 | (ENVP_ADDR & 0xffff)); /* ori a1, a1, low(ENVP_ADDR) */
664 stl_p(p++, 0x3c060000 | (((ENVP_ADDR + 8) >> 16) & 0xffff)); /* lui a2, high(ENVP_ADDR + 8) */
665 stl_p(p++, 0x34c60000 | ((ENVP_ADDR + 8) & 0xffff)); /* ori a2, a2, low(ENVP_ADDR + 8) */
666 stl_p(p++, 0x3c070000 | (loaderparams.ram_low_size >> 16)); /* lui a3, high(ram_low_size) */
667 stl_p(p++, 0x34e70000 | (loaderparams.ram_low_size & 0xffff)); /* ori a3, a3, low(ram_low_size) */
669 /* Load BAR registers as done by YAMON */
670 stl_p(p++, 0x3c09b400); /* lui t1, 0xb400 */
672 #ifdef TARGET_WORDS_BIGENDIAN
673 stl_p(p++, 0x3c08df00); /* lui t0, 0xdf00 */
675 stl_p(p++, 0x340800df); /* ori t0, r0, 0x00df */
677 stl_p(p++, 0xad280068); /* sw t0, 0x0068(t1) */
679 stl_p(p++, 0x3c09bbe0); /* lui t1, 0xbbe0 */
681 #ifdef TARGET_WORDS_BIGENDIAN
682 stl_p(p++, 0x3c08c000); /* lui t0, 0xc000 */
684 stl_p(p++, 0x340800c0); /* ori t0, r0, 0x00c0 */
686 stl_p(p++, 0xad280048); /* sw t0, 0x0048(t1) */
687 #ifdef TARGET_WORDS_BIGENDIAN
688 stl_p(p++, 0x3c084000); /* lui t0, 0x4000 */
690 stl_p(p++, 0x34080040); /* ori t0, r0, 0x0040 */
692 stl_p(p++, 0xad280050); /* sw t0, 0x0050(t1) */
694 #ifdef TARGET_WORDS_BIGENDIAN
695 stl_p(p++, 0x3c088000); /* lui t0, 0x8000 */
697 stl_p(p++, 0x34080080); /* ori t0, r0, 0x0080 */
699 stl_p(p++, 0xad280058); /* sw t0, 0x0058(t1) */
700 #ifdef TARGET_WORDS_BIGENDIAN
701 stl_p(p++, 0x3c083f00); /* lui t0, 0x3f00 */
703 stl_p(p++, 0x3408003f); /* ori t0, r0, 0x003f */
705 stl_p(p++, 0xad280060); /* sw t0, 0x0060(t1) */
707 #ifdef TARGET_WORDS_BIGENDIAN
708 stl_p(p++, 0x3c08c100); /* lui t0, 0xc100 */
710 stl_p(p++, 0x340800c1); /* ori t0, r0, 0x00c1 */
712 stl_p(p++, 0xad280080); /* sw t0, 0x0080(t1) */
713 #ifdef TARGET_WORDS_BIGENDIAN
714 stl_p(p++, 0x3c085e00); /* lui t0, 0x5e00 */
716 stl_p(p++, 0x3408005e); /* ori t0, r0, 0x005e */
718 stl_p(p++, 0xad280088); /* sw t0, 0x0088(t1) */
720 /* Jump to kernel code */
721 stl_p(p++, 0x3c1f0000 | ((kernel_entry >> 16) & 0xffff)); /* lui ra, high(kernel_entry) */
722 stl_p(p++, 0x37ff0000 | (kernel_entry & 0xffff)); /* ori ra, ra, low(kernel_entry) */
723 stl_p(p++, 0x03e00009); /* jalr ra */
724 stl_p(p++, 0x00000000); /* nop */
726 /* YAMON subroutines */
727 p = (uint32_t *) (base + 0x800);
728 stl_p(p++, 0x03e00009); /* jalr ra */
729 stl_p(p++, 0x24020000); /* li v0,0 */
730 /* 808 YAMON print */
731 stl_p(p++, 0x03e06821); /* move t5,ra */
732 stl_p(p++, 0x00805821); /* move t3,a0 */
733 stl_p(p++, 0x00a05021); /* move t2,a1 */
734 stl_p(p++, 0x91440000); /* lbu a0,0(t2) */
735 stl_p(p++, 0x254a0001); /* addiu t2,t2,1 */
736 stl_p(p++, 0x10800005); /* beqz a0,834 */
737 stl_p(p++, 0x00000000); /* nop */
738 stl_p(p++, 0x0ff0021c); /* jal 870 */
739 stl_p(p++, 0x00000000); /* nop */
740 stl_p(p++, 0x1000fff9); /* b 814 */
741 stl_p(p++, 0x00000000); /* nop */
742 stl_p(p++, 0x01a00009); /* jalr t5 */
743 stl_p(p++, 0x01602021); /* move a0,t3 */
744 /* 0x83c YAMON print_count */
745 stl_p(p++, 0x03e06821); /* move t5,ra */
746 stl_p(p++, 0x00805821); /* move t3,a0 */
747 stl_p(p++, 0x00a05021); /* move t2,a1 */
748 stl_p(p++, 0x00c06021); /* move t4,a2 */
749 stl_p(p++, 0x91440000); /* lbu a0,0(t2) */
750 stl_p(p++, 0x0ff0021c); /* jal 870 */
751 stl_p(p++, 0x00000000); /* nop */
752 stl_p(p++, 0x254a0001); /* addiu t2,t2,1 */
753 stl_p(p++, 0x258cffff); /* addiu t4,t4,-1 */
754 stl_p(p++, 0x1580fffa); /* bnez t4,84c */
755 stl_p(p++, 0x00000000); /* nop */
756 stl_p(p++, 0x01a00009); /* jalr t5 */
757 stl_p(p++, 0x01602021); /* move a0,t3 */
759 stl_p(p++, 0x3c08b800); /* lui t0,0xb400 */
760 stl_p(p++, 0x350803f8); /* ori t0,t0,0x3f8 */
761 stl_p(p++, 0x91090005); /* lbu t1,5(t0) */
762 stl_p(p++, 0x00000000); /* nop */
763 stl_p(p++, 0x31290040); /* andi t1,t1,0x40 */
764 stl_p(p++, 0x1120fffc); /* beqz t1,878 <outch+0x8> */
765 stl_p(p++, 0x00000000); /* nop */
766 stl_p(p++, 0x03e00009); /* jalr ra */
767 stl_p(p++, 0xa1040000); /* sb a0,0(t0) */
771 static void GCC_FMT_ATTR(3, 4) prom_set(uint32_t* prom_buf, int index,
772 const char *string, ...)
777 if (index >= ENVP_NB_ENTRIES)
780 if (string == NULL) {
785 table_addr = sizeof(int32_t) * ENVP_NB_ENTRIES + index * ENVP_ENTRY_SIZE;
786 prom_buf[index] = tswap32(ENVP_ADDR + table_addr);
788 va_start(ap, string);
789 vsnprintf((char *)prom_buf + table_addr, ENVP_ENTRY_SIZE, string, ap);
794 static int64_t load_kernel (void)
796 int64_t kernel_entry, kernel_high;
798 ram_addr_t initrd_offset;
803 uint64_t (*xlate_to_kseg0) (void *opaque, uint64_t addr);
805 #ifdef TARGET_WORDS_BIGENDIAN
811 if (load_elf(loaderparams.kernel_filename, cpu_mips_kseg0_to_phys, NULL,
812 (uint64_t *)&kernel_entry, NULL, (uint64_t *)&kernel_high,
813 big_endian, EM_MIPS, 1, 0) < 0) {
814 fprintf(stderr, "qemu: could not load kernel '%s'\n",
815 loaderparams.kernel_filename);
819 /* Sanity check where the kernel has been linked */
821 if (kernel_entry & 0x80000000ll) {
822 error_report("KVM guest kernels must be linked in useg. "
823 "Did you forget to enable CONFIG_KVM_GUEST?");
827 xlate_to_kseg0 = cpu_mips_kvm_um_phys_to_kseg0;
829 if (!(kernel_entry & 0x80000000ll)) {
830 error_report("KVM guest kernels aren't supported with TCG. "
831 "Did you unintentionally enable CONFIG_KVM_GUEST?");
835 xlate_to_kseg0 = cpu_mips_phys_to_kseg0;
841 if (loaderparams.initrd_filename) {
842 initrd_size = get_image_size (loaderparams.initrd_filename);
843 if (initrd_size > 0) {
844 initrd_offset = (loaderparams.ram_low_size - initrd_size
845 - ~INITRD_PAGE_MASK) & INITRD_PAGE_MASK;
846 if (kernel_high >= initrd_offset) {
848 "qemu: memory too small for initial ram disk '%s'\n",
849 loaderparams.initrd_filename);
852 initrd_size = load_image_targphys(loaderparams.initrd_filename,
854 ram_size - initrd_offset);
856 if (initrd_size == (target_ulong) -1) {
857 fprintf(stderr, "qemu: could not load initial ram disk '%s'\n",
858 loaderparams.initrd_filename);
863 /* Setup prom parameters. */
864 prom_size = ENVP_NB_ENTRIES * (sizeof(int32_t) + ENVP_ENTRY_SIZE);
865 prom_buf = g_malloc(prom_size);
867 prom_set(prom_buf, prom_index++, "%s", loaderparams.kernel_filename);
868 if (initrd_size > 0) {
869 prom_set(prom_buf, prom_index++, "rd_start=0x%" PRIx64 " rd_size=%li %s",
870 xlate_to_kseg0(NULL, initrd_offset), initrd_size,
871 loaderparams.kernel_cmdline);
873 prom_set(prom_buf, prom_index++, "%s", loaderparams.kernel_cmdline);
876 prom_set(prom_buf, prom_index++, "memsize");
877 prom_set(prom_buf, prom_index++, "%u", loaderparams.ram_low_size);
879 prom_set(prom_buf, prom_index++, "ememsize");
880 prom_set(prom_buf, prom_index++, "%u", loaderparams.ram_size);
882 prom_set(prom_buf, prom_index++, "modetty0");
883 prom_set(prom_buf, prom_index++, "38400n8r");
884 prom_set(prom_buf, prom_index++, NULL);
886 rom_add_blob_fixed("prom", prom_buf, prom_size,
887 cpu_mips_kseg0_to_phys(NULL, ENVP_ADDR));
893 static void malta_mips_config(MIPSCPU *cpu)
895 CPUMIPSState *env = &cpu->env;
896 CPUState *cs = CPU(cpu);
898 env->mvp->CP0_MVPConf0 |= ((smp_cpus - 1) << CP0MVPC0_PVPE) |
899 ((smp_cpus * cs->nr_threads - 1) << CP0MVPC0_PTC);
902 static void main_cpu_reset(void *opaque)
904 MIPSCPU *cpu = opaque;
905 CPUMIPSState *env = &cpu->env;
909 /* The bootloader does not need to be rewritten as it is located in a
910 read only location. The kernel location and the arguments table
911 location does not change. */
912 if (loaderparams.kernel_filename) {
913 env->CP0_Status &= ~(1 << CP0St_ERL);
916 malta_mips_config(cpu);
919 /* Start running from the bootloader we wrote to end of RAM */
920 env->active_tc.PC = 0x40000000 + loaderparams.ram_low_size;
924 static void create_cpu_without_cps(const char *cpu_model,
925 qemu_irq *cbus_irq, qemu_irq *i8259_irq)
931 for (i = 0; i < smp_cpus; i++) {
932 cpu = cpu_mips_init(cpu_model);
934 fprintf(stderr, "Unable to find CPU definition\n");
938 /* Init internal devices */
939 cpu_mips_irq_init_cpu(cpu);
940 cpu_mips_clock_init(cpu);
941 qemu_register_reset(main_cpu_reset, cpu);
944 cpu = MIPS_CPU(first_cpu);
946 *i8259_irq = env->irq[2];
947 *cbus_irq = env->irq[4];
950 static void create_cps(MaltaState *s, const char *cpu_model,
951 qemu_irq *cbus_irq, qemu_irq *i8259_irq)
954 s->cps = g_new0(MIPSCPSState, 1);
956 object_initialize(s->cps, sizeof(MIPSCPSState), TYPE_MIPS_CPS);
957 qdev_set_parent_bus(DEVICE(s->cps), sysbus_get_default());
959 object_property_set_str(OBJECT(s->cps), cpu_model, "cpu-model", &err);
960 object_property_set_int(OBJECT(s->cps), smp_cpus, "num-vp", &err);
961 object_property_set_bool(OBJECT(s->cps), true, "realized", &err);
963 error_report("%s", error_get_pretty(err));
967 sysbus_mmio_map_overlap(SYS_BUS_DEVICE(s->cps), 0, 0, 1);
969 *i8259_irq = get_cps_irq(s->cps, 3);
973 static void create_cpu(MaltaState *s, const char *cpu_model,
974 qemu_irq *cbus_irq, qemu_irq *i8259_irq)
976 if (cpu_model == NULL) {
984 if ((smp_cpus > 1) && cpu_supports_cps_smp(cpu_model)) {
985 create_cps(s, cpu_model, cbus_irq, i8259_irq);
987 create_cpu_without_cps(cpu_model, cbus_irq, i8259_irq);
992 void mips_malta_init(MachineState *machine)
994 ram_addr_t ram_size = machine->ram_size;
995 ram_addr_t ram_low_size;
996 const char *kernel_filename = machine->kernel_filename;
997 const char *kernel_cmdline = machine->kernel_cmdline;
998 const char *initrd_filename = machine->initrd_filename;
1001 MemoryRegion *system_memory = get_system_memory();
1002 MemoryRegion *ram_high = g_new(MemoryRegion, 1);
1003 MemoryRegion *ram_low_preio = g_new(MemoryRegion, 1);
1004 MemoryRegion *ram_low_postio;
1005 MemoryRegion *bios, *bios_copy = g_new(MemoryRegion, 1);
1006 target_long bios_size = FLASH_SIZE;
1007 const size_t smbus_eeprom_size = 8 * 256;
1008 uint8_t *smbus_eeprom_buf = g_malloc0(smbus_eeprom_size);
1009 int64_t kernel_entry, bootloader_run_addr;
1013 qemu_irq cbus_irq, i8259_irq;
1018 DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
1019 DriveInfo *fd[MAX_FD];
1021 int fl_sectors = bios_size >> 16;
1024 DeviceState *dev = qdev_create(NULL, TYPE_MIPS_MALTA);
1025 MaltaState *s = MIPS_MALTA(dev);
1027 /* The whole address space decoded by the GT-64120A doesn't generate
1028 exception when accessing invalid memory. Create an empty slot to
1029 emulate this feature. */
1030 empty_slot_init(0, 0x20000000);
1032 qdev_init_nofail(dev);
1034 /* Make sure the first 3 serial ports are associated with a device. */
1035 for(i = 0; i < 3; i++) {
1036 if (!serial_hds[i]) {
1038 snprintf(label, sizeof(label), "serial%d", i);
1039 serial_hds[i] = qemu_chr_new(label, "null");
1044 create_cpu(s, machine->cpu_model, &cbus_irq, &i8259_irq);
1047 if (ram_size > (2048u << 20)) {
1049 "qemu: Too much memory for this machine: %d MB, maximum 2048 MB\n",
1050 ((unsigned int)ram_size / (1 << 20)));
1054 /* register RAM at high address where it is undisturbed by IO */
1055 memory_region_allocate_system_memory(ram_high, NULL, "mips_malta.ram",
1057 memory_region_add_subregion(system_memory, 0x80000000, ram_high);
1059 /* alias for pre IO hole access */
1060 memory_region_init_alias(ram_low_preio, NULL, "mips_malta_low_preio.ram",
1061 ram_high, 0, MIN(ram_size, (256 << 20)));
1062 memory_region_add_subregion(system_memory, 0, ram_low_preio);
1064 /* alias for post IO hole access, if there is enough RAM */
1065 if (ram_size > (512 << 20)) {
1066 ram_low_postio = g_new(MemoryRegion, 1);
1067 memory_region_init_alias(ram_low_postio, NULL,
1068 "mips_malta_low_postio.ram",
1069 ram_high, 512 << 20,
1070 ram_size - (512 << 20));
1071 memory_region_add_subregion(system_memory, 512 << 20, ram_low_postio);
1074 /* generate SPD EEPROM data */
1075 generate_eeprom_spd(&smbus_eeprom_buf[0 * 256], ram_size);
1076 generate_eeprom_serial(&smbus_eeprom_buf[6 * 256]);
1078 #ifdef TARGET_WORDS_BIGENDIAN
1084 /* The CBUS UART is attached to the MIPS CPU INT2 pin, ie interrupt 4 */
1085 malta_fpga_init(system_memory, FPGA_ADDRESS, cbus_irq, serial_hds[2]);
1087 /* Load firmware in flash / BIOS. */
1088 dinfo = drive_get(IF_PFLASH, 0, fl_idx);
1089 #ifdef DEBUG_BOARD_INIT
1091 printf("Register parallel flash %d size " TARGET_FMT_lx " at "
1092 "addr %08llx '%s' %x\n",
1093 fl_idx, bios_size, FLASH_ADDRESS,
1094 blk_name(dinfo->bdrv), fl_sectors);
1097 fl = pflash_cfi01_register(FLASH_ADDRESS, NULL, "mips_malta.bios",
1099 dinfo ? blk_by_legacy_dinfo(dinfo) : NULL,
1101 4, 0x0000, 0x0000, 0x0000, 0x0000, be);
1102 bios = pflash_cfi01_get_memory(fl);
1104 if (kernel_filename) {
1105 ram_low_size = MIN(ram_size, 256 << 20);
1106 /* For KVM we reserve 1MB of RAM for running bootloader */
1107 if (kvm_enabled()) {
1108 ram_low_size -= 0x100000;
1109 bootloader_run_addr = 0x40000000 + ram_low_size;
1111 bootloader_run_addr = 0xbfc00000;
1114 /* Write a small bootloader to the flash location. */
1115 loaderparams.ram_size = ram_size;
1116 loaderparams.ram_low_size = ram_low_size;
1117 loaderparams.kernel_filename = kernel_filename;
1118 loaderparams.kernel_cmdline = kernel_cmdline;
1119 loaderparams.initrd_filename = initrd_filename;
1120 kernel_entry = load_kernel();
1122 write_bootloader(memory_region_get_ram_ptr(bios),
1123 bootloader_run_addr, kernel_entry);
1124 if (kvm_enabled()) {
1125 /* Write the bootloader code @ the end of RAM, 1MB reserved */
1126 write_bootloader(memory_region_get_ram_ptr(ram_low_preio) +
1128 bootloader_run_addr, kernel_entry);
1131 /* The flash region isn't executable from a KVM guest */
1132 if (kvm_enabled()) {
1133 error_report("KVM enabled but no -kernel argument was specified. "
1134 "Booting from flash is not supported with KVM.");
1137 /* Load firmware from flash. */
1139 /* Load a BIOS image. */
1140 if (bios_name == NULL) {
1141 bios_name = BIOS_FILENAME;
1143 filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
1145 bios_size = load_image_targphys(filename, FLASH_ADDRESS,
1151 if ((bios_size < 0 || bios_size > BIOS_SIZE) &&
1152 !kernel_filename && !qtest_enabled()) {
1153 error_report("Could not load MIPS bios '%s', and no "
1154 "-kernel argument was specified", bios_name);
1158 /* In little endian mode the 32bit words in the bios are swapped,
1159 a neat trick which allows bi-endian firmware. */
1160 #ifndef TARGET_WORDS_BIGENDIAN
1162 uint32_t *end, *addr = rom_ptr(FLASH_ADDRESS);
1164 addr = memory_region_get_ram_ptr(bios);
1166 end = (void *)addr + MIN(bios_size, 0x3e0000);
1167 while (addr < end) {
1176 * Map the BIOS at a 2nd physical location, as on the real board.
1177 * Copy it so that we can patch in the MIPS revision, which cannot be
1178 * handled by an overlapping region as the resulting ROM code subpage
1179 * regions are not executable.
1181 memory_region_init_ram_nomigrate(bios_copy, NULL, "bios.1fc", BIOS_SIZE,
1183 if (!rom_copy(memory_region_get_ram_ptr(bios_copy),
1184 FLASH_ADDRESS, BIOS_SIZE)) {
1185 memcpy(memory_region_get_ram_ptr(bios_copy),
1186 memory_region_get_ram_ptr(bios), BIOS_SIZE);
1188 memory_region_set_readonly(bios_copy, true);
1189 memory_region_add_subregion(system_memory, RESET_ADDRESS, bios_copy);
1191 /* Board ID = 0x420 (Malta Board with CoreLV) */
1192 stl_p(memory_region_get_ram_ptr(bios_copy) + 0x10, 0x00000420);
1195 * We have a circular dependency problem: pci_bus depends on isa_irq,
1196 * isa_irq is provided by i8259, i8259 depends on ISA, ISA depends
1197 * on piix4, and piix4 depends on pci_bus. To stop the cycle we have
1198 * qemu_irq_proxy() adds an extra bit of indirection, allowing us
1199 * to resolve the isa_irq -> i8259 dependency after i8259 is initialized.
1201 isa_irq = qemu_irq_proxy(&s->i8259, 16);
1204 pci_bus = gt64120_register(isa_irq);
1207 ide_drive_get(hd, ARRAY_SIZE(hd));
1209 piix4_devfn = piix4_init(pci_bus, &isa_bus, 80);
1211 /* Interrupt controller */
1212 /* The 8259 is attached to the MIPS CPU INT0 pin, ie interrupt 2 */
1213 s->i8259 = i8259_init(isa_bus, i8259_irq);
1215 isa_bus_irqs(isa_bus, s->i8259);
1216 pci_piix4_ide_init(pci_bus, hd, piix4_devfn + 1);
1217 pci_create_simple(pci_bus, piix4_devfn + 2, "piix4-usb-uhci");
1218 smbus = piix4_pm_init(pci_bus, piix4_devfn + 3, 0x1100,
1219 isa_get_irq(NULL, 9), NULL, 0, NULL);
1220 smbus_eeprom_init(smbus, 8, smbus_eeprom_buf, smbus_eeprom_size);
1221 g_free(smbus_eeprom_buf);
1222 pit = pit_init(isa_bus, 0x40, 0, NULL);
1223 DMA_init(isa_bus, 0);
1226 isa_create_simple(isa_bus, "i8042");
1228 rtc_init(isa_bus, 2000, NULL);
1229 serial_hds_isa_init(isa_bus, 0, 2);
1230 parallel_hds_isa_init(isa_bus, 1);
1232 for(i = 0; i < MAX_FD; i++) {
1233 fd[i] = drive_get(IF_FLOPPY, 0, i);
1235 fdctrl_init_isa(isa_bus, fd);
1238 network_init(pci_bus);
1240 /* Optional PCI video card */
1241 pci_vga_init(pci_bus);
1244 static int mips_malta_sysbus_device_init(SysBusDevice *sysbusdev)
1249 static void mips_malta_class_init(ObjectClass *klass, void *data)
1251 SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
1253 k->init = mips_malta_sysbus_device_init;
1256 static const TypeInfo mips_malta_device = {
1257 .name = TYPE_MIPS_MALTA,
1258 .parent = TYPE_SYS_BUS_DEVICE,
1259 .instance_size = sizeof(MaltaState),
1260 .class_init = mips_malta_class_init,
1263 static void mips_malta_machine_init(MachineClass *mc)
1265 mc->desc = "MIPS Malta Core LV";
1266 mc->init = mips_malta_init;
1267 mc->block_default_type = IF_IDE;
1272 DEFINE_MACHINE("malta", mips_malta_machine_init)
1274 static void mips_malta_register_types(void)
1276 type_register_static(&mips_malta_device);
1279 type_init(mips_malta_register_types)
projects / qemu.git / blob