2 * QEMU Malta board support
4 * Copyright (c) 2006 Aurelien Jarno
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
25 #include "qemu/osdep.h"
26 #include "qemu-common.h"
29 #include "hw/i386/pc.h"
30 #include "hw/char/serial.h"
31 #include "hw/block/fdc.h"
33 #include "hw/boards.h"
34 #include "hw/i2c/smbus.h"
35 #include "sysemu/block-backend.h"
36 #include "hw/block/flash.h"
37 #include "hw/mips/mips.h"
38 #include "hw/mips/cpudevs.h"
39 #include "hw/pci/pci.h"
40 #include "sysemu/char.h"
41 #include "sysemu/sysemu.h"
42 #include "sysemu/arch_init.h"
44 #include "hw/mips/bios.h"
46 #include "hw/loader.h"
48 #include "hw/timer/mc146818rtc.h"
49 #include "hw/timer/i8254.h"
50 #include "sysemu/blockdev.h"
51 #include "exec/address-spaces.h"
52 #include "hw/sysbus.h" /* SysBusDevice */
53 #include "qemu/host-utils.h"
54 #include "sysemu/qtest.h"
55 #include "qemu/error-report.h"
56 #include "hw/empty_slot.h"
57 #include "sysemu/kvm.h"
58 #include "exec/semihost.h"
59 #include "hw/mips/cps.h"
61 //#define DEBUG_BOARD_INIT
63 #define ENVP_ADDR 0x80002000l
64 #define ENVP_NB_ENTRIES 16
65 #define ENVP_ENTRY_SIZE 256
67 /* Hardware addresses */
68 #define FLASH_ADDRESS 0x1e000000ULL
69 #define FPGA_ADDRESS 0x1f000000ULL
70 #define RESET_ADDRESS 0x1fc00000ULL
72 #define FLASH_SIZE 0x400000
78 MemoryRegion iomem_lo; /* 0 - 0x900 */
79 MemoryRegion iomem_hi; /* 0xa00 - 0x100000 */
93 #define TYPE_MIPS_MALTA "mips-malta"
94 #define MIPS_MALTA(obj) OBJECT_CHECK(MaltaState, (obj), TYPE_MIPS_MALTA)
97 SysBusDevice parent_obj;
103 static ISADevice *pit;
105 static struct _loaderparams {
106 int ram_size, ram_low_size;
107 const char *kernel_filename;
108 const char *kernel_cmdline;
109 const char *initrd_filename;
113 static void malta_fpga_update_display(void *opaque)
117 MaltaFPGAState *s = opaque;
119 for (i = 7 ; i >= 0 ; i--) {
120 if (s->leds & (1 << i))
127 qemu_chr_fe_printf(&s->display, "\e[H\n\n|\e[32m%-8.8s\e[00m|\r\n",
129 qemu_chr_fe_printf(&s->display, "\n\n\n\n|\e[31m%-8.8s\e[00m|",
134 * EEPROM 24C01 / 24C02 emulation.
136 * Emulation for serial EEPROMs:
137 * 24C01 - 1024 bit (128 x 8)
138 * 24C02 - 2048 bit (256 x 8)
140 * Typical device names include Microchip 24C02SC or SGS Thomson ST24C02.
146 # define logout(fmt, ...) fprintf(stderr, "MALTA\t%-24s" fmt, __func__, ## __VA_ARGS__)
148 # define logout(fmt, ...) ((void)0)
151 struct _eeprom24c0x_t {
160 uint8_t contents[256];
163 typedef struct _eeprom24c0x_t eeprom24c0x_t;
165 static eeprom24c0x_t spd_eeprom = {
167 /* 00000000: */ 0x80,0x08,0xFF,0x0D,0x0A,0xFF,0x40,0x00,
168 /* 00000008: */ 0x01,0x75,0x54,0x00,0x82,0x08,0x00,0x01,
169 /* 00000010: */ 0x8F,0x04,0x02,0x01,0x01,0x00,0x00,0x00,
170 /* 00000018: */ 0x00,0x00,0x00,0x14,0x0F,0x14,0x2D,0xFF,
171 /* 00000020: */ 0x15,0x08,0x15,0x08,0x00,0x00,0x00,0x00,
172 /* 00000028: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
173 /* 00000030: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
174 /* 00000038: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x12,0xD0,
175 /* 00000040: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
176 /* 00000048: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
177 /* 00000050: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
178 /* 00000058: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
179 /* 00000060: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
180 /* 00000068: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
181 /* 00000070: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
182 /* 00000078: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x64,0xF4,
186 static void generate_eeprom_spd(uint8_t *eeprom, ram_addr_t ram_size)
188 enum { SDR = 0x4, DDR2 = 0x8 } type;
189 uint8_t *spd = spd_eeprom.contents;
191 uint16_t density = 0;
194 /* work in terms of MB */
197 while ((ram_size >= 4) && (nbanks <= 2)) {
198 int sz_log2 = MIN(31 - clz32(ram_size), 14);
200 density |= 1 << (sz_log2 - 2);
201 ram_size -= 1 << sz_log2;
204 /* split to 2 banks if possible */
205 if ((nbanks == 1) && (density > 1)) {
210 if (density & 0xff00) {
211 density = (density & 0xe0) | ((density >> 8) & 0x1f);
213 } else if (!(density & 0x1f)) {
220 fprintf(stderr, "Warning: SPD cannot represent final %dMB"
221 " of SDRAM\n", (int)ram_size);
224 /* fill in SPD memory information */
231 for (i = 0; i < 63; i++) {
236 memcpy(eeprom, spd, sizeof(spd_eeprom.contents));
239 static void generate_eeprom_serial(uint8_t *eeprom)
242 uint8_t mac[6] = { 0x00 };
243 uint8_t sn[5] = { 0x01, 0x23, 0x45, 0x67, 0x89 };
246 eeprom[pos++] = 0x01;
249 eeprom[pos++] = 0x02;
252 eeprom[pos++] = 0x01; /* MAC */
253 eeprom[pos++] = 0x06; /* length */
254 memcpy(&eeprom[pos], mac, sizeof(mac));
258 eeprom[pos++] = 0x02; /* serial */
259 eeprom[pos++] = 0x05; /* length */
260 memcpy(&eeprom[pos], sn, sizeof(sn));
265 for (i = 0; i < pos; i++) {
266 eeprom[pos] += eeprom[i];
270 static uint8_t eeprom24c0x_read(eeprom24c0x_t *eeprom)
272 logout("%u: scl = %u, sda = %u, data = 0x%02x\n",
273 eeprom->tick, eeprom->scl, eeprom->sda, eeprom->data);
277 static void eeprom24c0x_write(eeprom24c0x_t *eeprom, int scl, int sda)
279 if (eeprom->scl && scl && (eeprom->sda != sda)) {
280 logout("%u: scl = %u->%u, sda = %u->%u i2c %s\n",
281 eeprom->tick, eeprom->scl, scl, eeprom->sda, sda,
282 sda ? "stop" : "start");
287 } else if (eeprom->tick == 0 && !eeprom->ack) {
288 /* Waiting for start. */
289 logout("%u: scl = %u->%u, sda = %u->%u wait for i2c start\n",
290 eeprom->tick, eeprom->scl, scl, eeprom->sda, sda);
291 } else if (!eeprom->scl && scl) {
292 logout("%u: scl = %u->%u, sda = %u->%u trigger bit\n",
293 eeprom->tick, eeprom->scl, scl, eeprom->sda, sda);
295 logout("\ti2c ack bit = 0\n");
298 } else if (eeprom->sda == sda) {
299 uint8_t bit = (sda != 0);
300 logout("\ti2c bit = %d\n", bit);
301 if (eeprom->tick < 9) {
302 eeprom->command <<= 1;
303 eeprom->command += bit;
305 if (eeprom->tick == 9) {
306 logout("\tcommand 0x%04x, %s\n", eeprom->command,
307 bit ? "read" : "write");
310 } else if (eeprom->tick < 17) {
311 if (eeprom->command & 1) {
312 sda = ((eeprom->data & 0x80) != 0);
314 eeprom->address <<= 1;
315 eeprom->address += bit;
318 if (eeprom->tick == 17) {
319 eeprom->data = eeprom->contents[eeprom->address];
320 logout("\taddress 0x%04x, data 0x%02x\n",
321 eeprom->address, eeprom->data);
325 } else if (eeprom->tick >= 17) {
329 logout("\tsda changed with raising scl\n");
332 logout("%u: scl = %u->%u, sda = %u->%u\n", eeprom->tick, eeprom->scl,
333 scl, eeprom->sda, sda);
339 static uint64_t malta_fpga_read(void *opaque, hwaddr addr,
342 MaltaFPGAState *s = opaque;
346 saddr = (addr & 0xfffff);
350 /* SWITCH Register */
352 val = 0x00000000; /* All switches closed */
355 /* STATUS Register */
357 #ifdef TARGET_WORDS_BIGENDIAN
369 /* LEDBAR Register */
374 /* BRKRES Register */
379 /* UART Registers are handled directly by the serial device */
386 /* XXX: implement a real I2C controller */
390 /* IN = OUT until a real I2C control is implemented */
397 /* I2CINP Register */
399 val = ((s->i2cin & ~1) | eeprom24c0x_read(&spd_eeprom));
407 /* I2COUT Register */
412 /* I2CSEL Register */
419 printf ("malta_fpga_read: Bad register offset 0x" TARGET_FMT_lx "\n",
427 static void malta_fpga_write(void *opaque, hwaddr addr,
428 uint64_t val, unsigned size)
430 MaltaFPGAState *s = opaque;
433 saddr = (addr & 0xfffff);
437 /* SWITCH Register */
445 /* LEDBAR Register */
447 s->leds = val & 0xff;
448 malta_fpga_update_display(s);
451 /* ASCIIWORD Register */
453 snprintf(s->display_text, 9, "%08X", (uint32_t)val);
454 malta_fpga_update_display(s);
457 /* ASCIIPOS0 to ASCIIPOS7 Registers */
466 s->display_text[(saddr - 0x00418) >> 3] = (char) val;
467 malta_fpga_update_display(s);
470 /* SOFTRES Register */
473 qemu_system_reset_request ();
476 /* BRKRES Register */
481 /* UART Registers are handled directly by the serial device */
485 s->gpout = val & 0xff;
490 s->i2coe = val & 0x03;
493 /* I2COUT Register */
495 eeprom24c0x_write(&spd_eeprom, val & 0x02, val & 0x01);
499 /* I2CSEL Register */
501 s->i2csel = val & 0x01;
506 printf ("malta_fpga_write: Bad register offset 0x" TARGET_FMT_lx "\n",
513 static const MemoryRegionOps malta_fpga_ops = {
514 .read = malta_fpga_read,
515 .write = malta_fpga_write,
516 .endianness = DEVICE_NATIVE_ENDIAN,
519 static void malta_fpga_reset(void *opaque)
521 MaltaFPGAState *s = opaque;
531 s->display_text[8] = '\0';
532 snprintf(s->display_text, 9, " ");
535 static void malta_fgpa_display_event(void *opaque, int event)
537 MaltaFPGAState *s = opaque;
539 if (event == CHR_EVENT_OPENED && !s->display_inited) {
540 qemu_chr_fe_printf(&s->display, "\e[HMalta LEDBAR\r\n");
541 qemu_chr_fe_printf(&s->display, "+--------+\r\n");
542 qemu_chr_fe_printf(&s->display, "+ +\r\n");
543 qemu_chr_fe_printf(&s->display, "+--------+\r\n");
544 qemu_chr_fe_printf(&s->display, "\n");
545 qemu_chr_fe_printf(&s->display, "Malta ASCII\r\n");
546 qemu_chr_fe_printf(&s->display, "+--------+\r\n");
547 qemu_chr_fe_printf(&s->display, "+ +\r\n");
548 qemu_chr_fe_printf(&s->display, "+--------+\r\n");
549 s->display_inited = true;
553 static MaltaFPGAState *malta_fpga_init(MemoryRegion *address_space,
554 hwaddr base, qemu_irq uart_irq, Chardev *uart_chr)
559 s = (MaltaFPGAState *)g_malloc0(sizeof(MaltaFPGAState));
561 memory_region_init_io(&s->iomem, NULL, &malta_fpga_ops, s,
562 "malta-fpga", 0x100000);
563 memory_region_init_alias(&s->iomem_lo, NULL, "malta-fpga",
564 &s->iomem, 0, 0x900);
565 memory_region_init_alias(&s->iomem_hi, NULL, "malta-fpga",
566 &s->iomem, 0xa00, 0x10000-0xa00);
568 memory_region_add_subregion(address_space, base, &s->iomem_lo);
569 memory_region_add_subregion(address_space, base + 0xa00, &s->iomem_hi);
571 chr = qemu_chr_new("fpga", "vc:320x200");
572 qemu_chr_fe_init(&s->display, chr, NULL);
573 qemu_chr_fe_set_handlers(&s->display, NULL, NULL,
574 malta_fgpa_display_event, s, NULL, true);
576 s->uart = serial_mm_init(address_space, base + 0x900, 3, uart_irq,
577 230400, uart_chr, DEVICE_NATIVE_ENDIAN);
580 qemu_register_reset(malta_fpga_reset, s);
585 /* Network support */
586 static void network_init(PCIBus *pci_bus)
590 for(i = 0; i < nb_nics; i++) {
591 NICInfo *nd = &nd_table[i];
592 const char *default_devaddr = NULL;
594 if (i == 0 && (!nd->model || strcmp(nd->model, "pcnet") == 0))
595 /* The malta board has a PCNet card using PCI SLOT 11 */
596 default_devaddr = "0b";
598 pci_nic_init_nofail(nd, pci_bus, "pcnet", default_devaddr);
602 /* ROM and pseudo bootloader
604 The following code implements a very very simple bootloader. It first
605 loads the registers a0 to a3 to the values expected by the OS, and
606 then jump at the kernel address.
608 The bootloader should pass the locations of the kernel arguments and
609 environment variables tables. Those tables contain the 32-bit address
610 of NULL terminated strings. The environment variables table should be
611 terminated by a NULL address.
613 For a simpler implementation, the number of kernel arguments is fixed
614 to two (the name of the kernel and the command line), and the two
615 tables are actually the same one.
617 The registers a0 to a3 should contain the following values:
618 a0 - number of kernel arguments
619 a1 - 32-bit address of the kernel arguments table
620 a2 - 32-bit address of the environment variables table
621 a3 - RAM size in bytes
624 static void write_bootloader(uint8_t *base, int64_t run_addr,
625 int64_t kernel_entry)
629 /* Small bootloader */
630 p = (uint32_t *)base;
632 stl_p(p++, 0x08000000 | /* j 0x1fc00580 */
633 ((run_addr + 0x580) & 0x0fffffff) >> 2);
634 stl_p(p++, 0x00000000); /* nop */
636 /* YAMON service vector */
637 stl_p(base + 0x500, run_addr + 0x0580); /* start: */
638 stl_p(base + 0x504, run_addr + 0x083c); /* print_count: */
639 stl_p(base + 0x520, run_addr + 0x0580); /* start: */
640 stl_p(base + 0x52c, run_addr + 0x0800); /* flush_cache: */
641 stl_p(base + 0x534, run_addr + 0x0808); /* print: */
642 stl_p(base + 0x538, run_addr + 0x0800); /* reg_cpu_isr: */
643 stl_p(base + 0x53c, run_addr + 0x0800); /* unred_cpu_isr: */
644 stl_p(base + 0x540, run_addr + 0x0800); /* reg_ic_isr: */
645 stl_p(base + 0x544, run_addr + 0x0800); /* unred_ic_isr: */
646 stl_p(base + 0x548, run_addr + 0x0800); /* reg_esr: */
647 stl_p(base + 0x54c, run_addr + 0x0800); /* unreg_esr: */
648 stl_p(base + 0x550, run_addr + 0x0800); /* getchar: */
649 stl_p(base + 0x554, run_addr + 0x0800); /* syscon_read: */
652 /* Second part of the bootloader */
653 p = (uint32_t *) (base + 0x580);
655 if (semihosting_get_argc()) {
656 /* Preserve a0 content as arguments have been passed */
657 stl_p(p++, 0x00000000); /* nop */
659 stl_p(p++, 0x24040002); /* addiu a0, zero, 2 */
661 stl_p(p++, 0x3c1d0000 | (((ENVP_ADDR - 64) >> 16) & 0xffff)); /* lui sp, high(ENVP_ADDR) */
662 stl_p(p++, 0x37bd0000 | ((ENVP_ADDR - 64) & 0xffff)); /* ori sp, sp, low(ENVP_ADDR) */
663 stl_p(p++, 0x3c050000 | ((ENVP_ADDR >> 16) & 0xffff)); /* lui a1, high(ENVP_ADDR) */
664 stl_p(p++, 0x34a50000 | (ENVP_ADDR & 0xffff)); /* ori a1, a1, low(ENVP_ADDR) */
665 stl_p(p++, 0x3c060000 | (((ENVP_ADDR + 8) >> 16) & 0xffff)); /* lui a2, high(ENVP_ADDR + 8) */
666 stl_p(p++, 0x34c60000 | ((ENVP_ADDR + 8) & 0xffff)); /* ori a2, a2, low(ENVP_ADDR + 8) */
667 stl_p(p++, 0x3c070000 | (loaderparams.ram_low_size >> 16)); /* lui a3, high(ram_low_size) */
668 stl_p(p++, 0x34e70000 | (loaderparams.ram_low_size & 0xffff)); /* ori a3, a3, low(ram_low_size) */
670 /* Load BAR registers as done by YAMON */
671 stl_p(p++, 0x3c09b400); /* lui t1, 0xb400 */
673 #ifdef TARGET_WORDS_BIGENDIAN
674 stl_p(p++, 0x3c08df00); /* lui t0, 0xdf00 */
676 stl_p(p++, 0x340800df); /* ori t0, r0, 0x00df */
678 stl_p(p++, 0xad280068); /* sw t0, 0x0068(t1) */
680 stl_p(p++, 0x3c09bbe0); /* lui t1, 0xbbe0 */
682 #ifdef TARGET_WORDS_BIGENDIAN
683 stl_p(p++, 0x3c08c000); /* lui t0, 0xc000 */
685 stl_p(p++, 0x340800c0); /* ori t0, r0, 0x00c0 */
687 stl_p(p++, 0xad280048); /* sw t0, 0x0048(t1) */
688 #ifdef TARGET_WORDS_BIGENDIAN
689 stl_p(p++, 0x3c084000); /* lui t0, 0x4000 */
691 stl_p(p++, 0x34080040); /* ori t0, r0, 0x0040 */
693 stl_p(p++, 0xad280050); /* sw t0, 0x0050(t1) */
695 #ifdef TARGET_WORDS_BIGENDIAN
696 stl_p(p++, 0x3c088000); /* lui t0, 0x8000 */
698 stl_p(p++, 0x34080080); /* ori t0, r0, 0x0080 */
700 stl_p(p++, 0xad280058); /* sw t0, 0x0058(t1) */
701 #ifdef TARGET_WORDS_BIGENDIAN
702 stl_p(p++, 0x3c083f00); /* lui t0, 0x3f00 */
704 stl_p(p++, 0x3408003f); /* ori t0, r0, 0x003f */
706 stl_p(p++, 0xad280060); /* sw t0, 0x0060(t1) */
708 #ifdef TARGET_WORDS_BIGENDIAN
709 stl_p(p++, 0x3c08c100); /* lui t0, 0xc100 */
711 stl_p(p++, 0x340800c1); /* ori t0, r0, 0x00c1 */
713 stl_p(p++, 0xad280080); /* sw t0, 0x0080(t1) */
714 #ifdef TARGET_WORDS_BIGENDIAN
715 stl_p(p++, 0x3c085e00); /* lui t0, 0x5e00 */
717 stl_p(p++, 0x3408005e); /* ori t0, r0, 0x005e */
719 stl_p(p++, 0xad280088); /* sw t0, 0x0088(t1) */
721 /* Jump to kernel code */
722 stl_p(p++, 0x3c1f0000 | ((kernel_entry >> 16) & 0xffff)); /* lui ra, high(kernel_entry) */
723 stl_p(p++, 0x37ff0000 | (kernel_entry & 0xffff)); /* ori ra, ra, low(kernel_entry) */
724 stl_p(p++, 0x03e00009); /* jalr ra */
725 stl_p(p++, 0x00000000); /* nop */
727 /* YAMON subroutines */
728 p = (uint32_t *) (base + 0x800);
729 stl_p(p++, 0x03e00009); /* jalr ra */
730 stl_p(p++, 0x24020000); /* li v0,0 */
731 /* 808 YAMON print */
732 stl_p(p++, 0x03e06821); /* move t5,ra */
733 stl_p(p++, 0x00805821); /* move t3,a0 */
734 stl_p(p++, 0x00a05021); /* move t2,a1 */
735 stl_p(p++, 0x91440000); /* lbu a0,0(t2) */
736 stl_p(p++, 0x254a0001); /* addiu t2,t2,1 */
737 stl_p(p++, 0x10800005); /* beqz a0,834 */
738 stl_p(p++, 0x00000000); /* nop */
739 stl_p(p++, 0x0ff0021c); /* jal 870 */
740 stl_p(p++, 0x00000000); /* nop */
741 stl_p(p++, 0x1000fff9); /* b 814 */
742 stl_p(p++, 0x00000000); /* nop */
743 stl_p(p++, 0x01a00009); /* jalr t5 */
744 stl_p(p++, 0x01602021); /* move a0,t3 */
745 /* 0x83c YAMON print_count */
746 stl_p(p++, 0x03e06821); /* move t5,ra */
747 stl_p(p++, 0x00805821); /* move t3,a0 */
748 stl_p(p++, 0x00a05021); /* move t2,a1 */
749 stl_p(p++, 0x00c06021); /* move t4,a2 */
750 stl_p(p++, 0x91440000); /* lbu a0,0(t2) */
751 stl_p(p++, 0x0ff0021c); /* jal 870 */
752 stl_p(p++, 0x00000000); /* nop */
753 stl_p(p++, 0x254a0001); /* addiu t2,t2,1 */
754 stl_p(p++, 0x258cffff); /* addiu t4,t4,-1 */
755 stl_p(p++, 0x1580fffa); /* bnez t4,84c */
756 stl_p(p++, 0x00000000); /* nop */
757 stl_p(p++, 0x01a00009); /* jalr t5 */
758 stl_p(p++, 0x01602021); /* move a0,t3 */
760 stl_p(p++, 0x3c08b800); /* lui t0,0xb400 */
761 stl_p(p++, 0x350803f8); /* ori t0,t0,0x3f8 */
762 stl_p(p++, 0x91090005); /* lbu t1,5(t0) */
763 stl_p(p++, 0x00000000); /* nop */
764 stl_p(p++, 0x31290040); /* andi t1,t1,0x40 */
765 stl_p(p++, 0x1120fffc); /* beqz t1,878 <outch+0x8> */
766 stl_p(p++, 0x00000000); /* nop */
767 stl_p(p++, 0x03e00009); /* jalr ra */
768 stl_p(p++, 0xa1040000); /* sb a0,0(t0) */
772 static void GCC_FMT_ATTR(3, 4) prom_set(uint32_t* prom_buf, int index,
773 const char *string, ...)
778 if (index >= ENVP_NB_ENTRIES)
781 if (string == NULL) {
786 table_addr = sizeof(int32_t) * ENVP_NB_ENTRIES + index * ENVP_ENTRY_SIZE;
787 prom_buf[index] = tswap32(ENVP_ADDR + table_addr);
789 va_start(ap, string);
790 vsnprintf((char *)prom_buf + table_addr, ENVP_ENTRY_SIZE, string, ap);
795 static int64_t load_kernel (void)
797 int64_t kernel_entry, kernel_high;
799 ram_addr_t initrd_offset;
804 uint64_t (*xlate_to_kseg0) (void *opaque, uint64_t addr);
806 #ifdef TARGET_WORDS_BIGENDIAN
812 if (load_elf(loaderparams.kernel_filename, cpu_mips_kseg0_to_phys, NULL,
813 (uint64_t *)&kernel_entry, NULL, (uint64_t *)&kernel_high,
814 big_endian, EM_MIPS, 1, 0) < 0) {
815 fprintf(stderr, "qemu: could not load kernel '%s'\n",
816 loaderparams.kernel_filename);
820 /* Sanity check where the kernel has been linked */
822 if (kernel_entry & 0x80000000ll) {
823 error_report("KVM guest kernels must be linked in useg. "
824 "Did you forget to enable CONFIG_KVM_GUEST?");
828 xlate_to_kseg0 = cpu_mips_kvm_um_phys_to_kseg0;
830 if (!(kernel_entry & 0x80000000ll)) {
831 error_report("KVM guest kernels aren't supported with TCG. "
832 "Did you unintentionally enable CONFIG_KVM_GUEST?");
836 xlate_to_kseg0 = cpu_mips_phys_to_kseg0;
842 if (loaderparams.initrd_filename) {
843 initrd_size = get_image_size (loaderparams.initrd_filename);
844 if (initrd_size > 0) {
845 initrd_offset = (kernel_high + ~INITRD_PAGE_MASK) & INITRD_PAGE_MASK;
846 if (initrd_offset + initrd_size > ram_size) {
848 "qemu: memory too small for initial ram disk '%s'\n",
849 loaderparams.initrd_filename);
852 initrd_size = load_image_targphys(loaderparams.initrd_filename,
854 ram_size - initrd_offset);
856 if (initrd_size == (target_ulong) -1) {
857 fprintf(stderr, "qemu: could not load initial ram disk '%s'\n",
858 loaderparams.initrd_filename);
863 /* Setup prom parameters. */
864 prom_size = ENVP_NB_ENTRIES * (sizeof(int32_t) + ENVP_ENTRY_SIZE);
865 prom_buf = g_malloc(prom_size);
867 prom_set(prom_buf, prom_index++, "%s", loaderparams.kernel_filename);
868 if (initrd_size > 0) {
869 prom_set(prom_buf, prom_index++, "rd_start=0x%" PRIx64 " rd_size=%li %s",
870 xlate_to_kseg0(NULL, initrd_offset), initrd_size,
871 loaderparams.kernel_cmdline);
873 prom_set(prom_buf, prom_index++, "%s", loaderparams.kernel_cmdline);
876 prom_set(prom_buf, prom_index++, "memsize");
877 prom_set(prom_buf, prom_index++, "%u", loaderparams.ram_low_size);
879 prom_set(prom_buf, prom_index++, "ememsize");
880 prom_set(prom_buf, prom_index++, "%u", loaderparams.ram_size);
882 prom_set(prom_buf, prom_index++, "modetty0");
883 prom_set(prom_buf, prom_index++, "38400n8r");
884 prom_set(prom_buf, prom_index++, NULL);
886 rom_add_blob_fixed("prom", prom_buf, prom_size,
887 cpu_mips_kseg0_to_phys(NULL, ENVP_ADDR));
893 static void malta_mips_config(MIPSCPU *cpu)
895 CPUMIPSState *env = &cpu->env;
896 CPUState *cs = CPU(cpu);
898 env->mvp->CP0_MVPConf0 |= ((smp_cpus - 1) << CP0MVPC0_PVPE) |
899 ((smp_cpus * cs->nr_threads - 1) << CP0MVPC0_PTC);
902 static void main_cpu_reset(void *opaque)
904 MIPSCPU *cpu = opaque;
905 CPUMIPSState *env = &cpu->env;
909 /* The bootloader does not need to be rewritten as it is located in a
910 read only location. The kernel location and the arguments table
911 location does not change. */
912 if (loaderparams.kernel_filename) {
913 env->CP0_Status &= ~(1 << CP0St_ERL);
916 malta_mips_config(cpu);
919 /* Start running from the bootloader we wrote to end of RAM */
920 env->active_tc.PC = 0x40000000 + loaderparams.ram_low_size;
924 static void create_cpu_without_cps(const char *cpu_model,
925 qemu_irq *cbus_irq, qemu_irq *i8259_irq)
931 for (i = 0; i < smp_cpus; i++) {
932 cpu = cpu_mips_init(cpu_model);
934 fprintf(stderr, "Unable to find CPU definition\n");
938 /* Init internal devices */
939 cpu_mips_irq_init_cpu(cpu);
940 cpu_mips_clock_init(cpu);
941 qemu_register_reset(main_cpu_reset, cpu);
944 cpu = MIPS_CPU(first_cpu);
946 *i8259_irq = env->irq[2];
947 *cbus_irq = env->irq[4];
950 static void create_cps(MaltaState *s, const char *cpu_model,
951 qemu_irq *cbus_irq, qemu_irq *i8259_irq)
954 s->cps = g_new0(MIPSCPSState, 1);
956 object_initialize(s->cps, sizeof(MIPSCPSState), TYPE_MIPS_CPS);
957 qdev_set_parent_bus(DEVICE(s->cps), sysbus_get_default());
959 object_property_set_str(OBJECT(s->cps), cpu_model, "cpu-model", &err);
960 object_property_set_int(OBJECT(s->cps), smp_cpus, "num-vp", &err);
961 object_property_set_bool(OBJECT(s->cps), true, "realized", &err);
963 error_report("%s", error_get_pretty(err));
967 sysbus_mmio_map_overlap(SYS_BUS_DEVICE(s->cps), 0, 0, 1);
969 *i8259_irq = get_cps_irq(s->cps, 3);
973 static void create_cpu(MaltaState *s, const char *cpu_model,
974 qemu_irq *cbus_irq, qemu_irq *i8259_irq)
976 if (cpu_model == NULL) {
984 if ((smp_cpus > 1) && cpu_supports_cps_smp(cpu_model)) {
985 create_cps(s, cpu_model, cbus_irq, i8259_irq);
987 create_cpu_without_cps(cpu_model, cbus_irq, i8259_irq);
992 void mips_malta_init(MachineState *machine)
994 ram_addr_t ram_size = machine->ram_size;
995 ram_addr_t ram_low_size;
996 const char *kernel_filename = machine->kernel_filename;
997 const char *kernel_cmdline = machine->kernel_cmdline;
998 const char *initrd_filename = machine->initrd_filename;
1001 MemoryRegion *system_memory = get_system_memory();
1002 MemoryRegion *ram_high = g_new(MemoryRegion, 1);
1003 MemoryRegion *ram_low_preio = g_new(MemoryRegion, 1);
1004 MemoryRegion *ram_low_postio;
1005 MemoryRegion *bios, *bios_copy = g_new(MemoryRegion, 1);
1006 target_long bios_size = FLASH_SIZE;
1007 const size_t smbus_eeprom_size = 8 * 256;
1008 uint8_t *smbus_eeprom_buf = g_malloc0(smbus_eeprom_size);
1009 int64_t kernel_entry, bootloader_run_addr;
1013 qemu_irq cbus_irq, i8259_irq;
1018 DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
1019 DriveInfo *fd[MAX_FD];
1021 int fl_sectors = bios_size >> 16;
1024 DeviceState *dev = qdev_create(NULL, TYPE_MIPS_MALTA);
1025 MaltaState *s = MIPS_MALTA(dev);
1027 /* The whole address space decoded by the GT-64120A doesn't generate
1028 exception when accessing invalid memory. Create an empty slot to
1029 emulate this feature. */
1030 empty_slot_init(0, 0x20000000);
1032 qdev_init_nofail(dev);
1034 /* Make sure the first 3 serial ports are associated with a device. */
1035 for(i = 0; i < 3; i++) {
1036 if (!serial_hds[i]) {
1038 snprintf(label, sizeof(label), "serial%d", i);
1039 serial_hds[i] = qemu_chr_new(label, "null");
1044 create_cpu(s, machine->cpu_model, &cbus_irq, &i8259_irq);
1047 if (ram_size > (2048u << 20)) {
1049 "qemu: Too much memory for this machine: %d MB, maximum 2048 MB\n",
1050 ((unsigned int)ram_size / (1 << 20)));
1054 /* register RAM at high address where it is undisturbed by IO */
1055 memory_region_allocate_system_memory(ram_high, NULL, "mips_malta.ram",
1057 memory_region_add_subregion(system_memory, 0x80000000, ram_high);
1059 /* alias for pre IO hole access */
1060 memory_region_init_alias(ram_low_preio, NULL, "mips_malta_low_preio.ram",
1061 ram_high, 0, MIN(ram_size, (256 << 20)));
1062 memory_region_add_subregion(system_memory, 0, ram_low_preio);
1064 /* alias for post IO hole access, if there is enough RAM */
1065 if (ram_size > (512 << 20)) {
1066 ram_low_postio = g_new(MemoryRegion, 1);
1067 memory_region_init_alias(ram_low_postio, NULL,
1068 "mips_malta_low_postio.ram",
1069 ram_high, 512 << 20,
1070 ram_size - (512 << 20));
1071 memory_region_add_subregion(system_memory, 512 << 20, ram_low_postio);
1074 /* generate SPD EEPROM data */
1075 generate_eeprom_spd(&smbus_eeprom_buf[0 * 256], ram_size);
1076 generate_eeprom_serial(&smbus_eeprom_buf[6 * 256]);
1078 #ifdef TARGET_WORDS_BIGENDIAN
1084 /* The CBUS UART is attached to the MIPS CPU INT2 pin, ie interrupt 4 */
1085 malta_fpga_init(system_memory, FPGA_ADDRESS, cbus_irq, serial_hds[2]);
1087 /* Load firmware in flash / BIOS. */
1088 dinfo = drive_get(IF_PFLASH, 0, fl_idx);
1089 #ifdef DEBUG_BOARD_INIT
1091 printf("Register parallel flash %d size " TARGET_FMT_lx " at "
1092 "addr %08llx '%s' %x\n",
1093 fl_idx, bios_size, FLASH_ADDRESS,
1094 blk_name(dinfo->bdrv), fl_sectors);
1097 fl = pflash_cfi01_register(FLASH_ADDRESS, NULL, "mips_malta.bios",
1099 dinfo ? blk_by_legacy_dinfo(dinfo) : NULL,
1101 4, 0x0000, 0x0000, 0x0000, 0x0000, be);
1102 bios = pflash_cfi01_get_memory(fl);
1104 if (kernel_filename) {
1105 ram_low_size = MIN(ram_size, 256 << 20);
1106 /* For KVM we reserve 1MB of RAM for running bootloader */
1107 if (kvm_enabled()) {
1108 ram_low_size -= 0x100000;
1109 bootloader_run_addr = 0x40000000 + ram_low_size;
1111 bootloader_run_addr = 0xbfc00000;
1114 /* Write a small bootloader to the flash location. */
1115 loaderparams.ram_size = ram_size;
1116 loaderparams.ram_low_size = ram_low_size;
1117 loaderparams.kernel_filename = kernel_filename;
1118 loaderparams.kernel_cmdline = kernel_cmdline;
1119 loaderparams.initrd_filename = initrd_filename;
1120 kernel_entry = load_kernel();
1122 write_bootloader(memory_region_get_ram_ptr(bios),
1123 bootloader_run_addr, kernel_entry);
1124 if (kvm_enabled()) {
1125 /* Write the bootloader code @ the end of RAM, 1MB reserved */
1126 write_bootloader(memory_region_get_ram_ptr(ram_low_preio) +
1128 bootloader_run_addr, kernel_entry);
1131 /* The flash region isn't executable from a KVM guest */
1132 if (kvm_enabled()) {
1133 error_report("KVM enabled but no -kernel argument was specified. "
1134 "Booting from flash is not supported with KVM.");
1137 /* Load firmware from flash. */
1139 /* Load a BIOS image. */
1140 if (bios_name == NULL) {
1141 bios_name = BIOS_FILENAME;
1143 filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
1145 bios_size = load_image_targphys(filename, FLASH_ADDRESS,
1151 if ((bios_size < 0 || bios_size > BIOS_SIZE) &&
1152 !kernel_filename && !qtest_enabled()) {
1153 error_report("Could not load MIPS bios '%s', and no "
1154 "-kernel argument was specified", bios_name);
1158 /* In little endian mode the 32bit words in the bios are swapped,
1159 a neat trick which allows bi-endian firmware. */
1160 #ifndef TARGET_WORDS_BIGENDIAN
1162 uint32_t *end, *addr = rom_ptr(FLASH_ADDRESS);
1164 addr = memory_region_get_ram_ptr(bios);
1166 end = (void *)addr + MIN(bios_size, 0x3e0000);
1167 while (addr < end) {
1176 * Map the BIOS at a 2nd physical location, as on the real board.
1177 * Copy it so that we can patch in the MIPS revision, which cannot be
1178 * handled by an overlapping region as the resulting ROM code subpage
1179 * regions are not executable.
1181 memory_region_init_ram(bios_copy, NULL, "bios.1fc", BIOS_SIZE,
1183 if (!rom_copy(memory_region_get_ram_ptr(bios_copy),
1184 FLASH_ADDRESS, BIOS_SIZE)) {
1185 memcpy(memory_region_get_ram_ptr(bios_copy),
1186 memory_region_get_ram_ptr(bios), BIOS_SIZE);
1188 memory_region_set_readonly(bios_copy, true);
1189 memory_region_add_subregion(system_memory, RESET_ADDRESS, bios_copy);
1191 /* Board ID = 0x420 (Malta Board with CoreLV) */
1192 stl_p(memory_region_get_ram_ptr(bios_copy) + 0x10, 0x00000420);
1195 * We have a circular dependency problem: pci_bus depends on isa_irq,
1196 * isa_irq is provided by i8259, i8259 depends on ISA, ISA depends
1197 * on piix4, and piix4 depends on pci_bus. To stop the cycle we have
1198 * qemu_irq_proxy() adds an extra bit of indirection, allowing us
1199 * to resolve the isa_irq -> i8259 dependency after i8259 is initialized.
1201 isa_irq = qemu_irq_proxy(&s->i8259, 16);
1204 pci_bus = gt64120_register(isa_irq);
1207 ide_drive_get(hd, ARRAY_SIZE(hd));
1209 piix4_devfn = piix4_init(pci_bus, &isa_bus, 80);
1211 /* Interrupt controller */
1212 /* The 8259 is attached to the MIPS CPU INT0 pin, ie interrupt 2 */
1213 s->i8259 = i8259_init(isa_bus, i8259_irq);
1215 isa_bus_irqs(isa_bus, s->i8259);
1216 pci_piix4_ide_init(pci_bus, hd, piix4_devfn + 1);
1217 pci_create_simple(pci_bus, piix4_devfn + 2, "piix4-usb-uhci");
1218 smbus = piix4_pm_init(pci_bus, piix4_devfn + 3, 0x1100,
1219 isa_get_irq(NULL, 9), NULL, 0, NULL);
1220 smbus_eeprom_init(smbus, 8, smbus_eeprom_buf, smbus_eeprom_size);
1221 g_free(smbus_eeprom_buf);
1222 pit = pit_init(isa_bus, 0x40, 0, NULL);
1223 DMA_init(isa_bus, 0);
1226 isa_create_simple(isa_bus, "i8042");
1228 rtc_init(isa_bus, 2000, NULL);
1229 serial_hds_isa_init(isa_bus, 0, 2);
1230 parallel_hds_isa_init(isa_bus, 1);
1232 for(i = 0; i < MAX_FD; i++) {
1233 fd[i] = drive_get(IF_FLOPPY, 0, i);
1235 fdctrl_init_isa(isa_bus, fd);
1238 network_init(pci_bus);
1240 /* Optional PCI video card */
1241 pci_vga_init(pci_bus);
1244 static int mips_malta_sysbus_device_init(SysBusDevice *sysbusdev)
1249 static void mips_malta_class_init(ObjectClass *klass, void *data)
1251 SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
1253 k->init = mips_malta_sysbus_device_init;
1256 static const TypeInfo mips_malta_device = {
1257 .name = TYPE_MIPS_MALTA,
1258 .parent = TYPE_SYS_BUS_DEVICE,
1259 .instance_size = sizeof(MaltaState),
1260 .class_init = mips_malta_class_init,
1263 static void mips_malta_machine_init(MachineClass *mc)
1265 mc->desc = "MIPS Malta Core LV";
1266 mc->init = mips_malta_init;
1267 mc->block_default_type = IF_IDE;
1272 DEFINE_MACHINE("malta", mips_malta_machine_init)
1274 static void mips_malta_register_types(void)
1276 type_register_static(&mips_malta_device);
1279 type_init(mips_malta_register_types)
projects / qemu.git / blob