]> git.proxmox.com Git - mirror_qemu.git/blame - hw/mips/mips_malta.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
serial: serial_hds_isa_init() shouldn't fail
[mirror_qemu.git] / hw / mips / mips_malta.c
CommitLineData
5856de80
TS		 1/*
2 * QEMU Malta board support
3 *
4 * Copyright (c) 2006 Aurelien Jarno
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
24
83c9f4ca 25#include "hw/hw.h"
0d09e41a
PB		 26#include "hw/i386/pc.h"
27#include "hw/char/serial.h"
28#include "hw/block/fdc.h"
1422e32d 29#include "net/net.h"
83c9f4ca 30#include "hw/boards.h"
0d09e41a 31#include "hw/i2c/smbus.h"
4be74634 32#include "sysemu/block-backend.h"
0d09e41a
PB		 33#include "hw/block/flash.h"
34#include "hw/mips/mips.h"
35#include "hw/mips/cpudevs.h"
83c9f4ca 36#include "hw/pci/pci.h"
dccfcd0e 37#include "sysemu/char.h"
9c17d615
PB		 38#include "sysemu/sysemu.h"
39#include "sysemu/arch_init.h"
1de7afc9 40#include "qemu/log.h"
0d09e41a 41#include "hw/mips/bios.h"
83c9f4ca
PB		 42#include "hw/ide.h"
43#include "hw/loader.h"
ca20cf32 44#include "elf.h"
0d09e41a
PB		 45#include "hw/timer/mc146818rtc.h"
46#include "hw/timer/i8254.h"
fa1d36df 47#include "sysemu/block-backend.h"
9c17d615 48#include "sysemu/blockdev.h"
022c62cb 49#include "exec/address-spaces.h"
83c9f4ca 50#include "hw/sysbus.h" /* SysBusDevice */
02bccc77 51#include "qemu/host-utils.h"
2c57bd9b 52#include "sysemu/qtest.h"
2e985fe0 53#include "qemu/error-report.h"
cc413a39 54#include "hw/empty_slot.h"
b0311811 55#include "sysemu/kvm.h"
5856de80 56
c8b153d7
TS		 57//#define DEBUG_BOARD_INIT
58
409dbce5 59#define ENVP_ADDR 0x80002000l
5856de80
TS		 60#define ENVP_NB_ENTRIES 16
61#define ENVP_ENTRY_SIZE 256
62
03a1a8e1
SW		 63/* Hardware addresses */
64#define FLASH_ADDRESS 0x1e000000ULL
65#define FPGA_ADDRESS 0x1f000000ULL
66#define RESET_ADDRESS 0x1fc00000ULL
67
68#define FLASH_SIZE 0x400000
69
e4bcb14c
TS		 70#define MAX_IDE_BUS 2
71
5856de80 72typedef struct {
ea85df72
AK		 73 MemoryRegion iomem;
74 MemoryRegion iomem_lo; /* 0 - 0x900 */
75 MemoryRegion iomem_hi; /* 0xa00 - 0x100000 */
5856de80
TS		 76 uint32_t leds;
77 uint32_t brk;
78 uint32_t gpout;
130751ee 79 uint32_t i2cin;
5856de80
TS		 80 uint32_t i2coe;
81 uint32_t i2cout;
82 uint32_t i2csel;
83 CharDriverState *display;
84 char display_text[9];
a4bc3afc 85 SerialState *uart;
5856de80
TS		 86} MaltaFPGAState;
87
cba5cb67
AF		 88#define TYPE_MIPS_MALTA "mips-malta"
89#define MIPS_MALTA(obj) OBJECT_CHECK(MaltaState, (obj), TYPE_MIPS_MALTA)
90
e9b40fd3 91typedef struct {
cba5cb67
AF		 92 SysBusDevice parent_obj;
93
e9b40fd3
SW		 94 qemu_irq *i8259;
95} MaltaState;
96
64d7e9a4 97static ISADevice *pit;
5856de80 98
7df526e3
TS		 99static struct _loaderparams {
100 int ram_size;
101 const char *kernel_filename;
102 const char *kernel_cmdline;
103 const char *initrd_filename;
104} loaderparams;
105
5856de80
TS		 106/* Malta FPGA */
107static void malta_fpga_update_display(void *opaque)
108{
109 char leds_text[9];
110 int i;
111 MaltaFPGAState *s = opaque;
112
07cf0ba0
TS		 113 for (i = 7 ; i >= 0 ; i--) {
114 if (s->leds & (1 << i))
115 leds_text[i] = '#';
116 else
117 leds_text[i] = ' ';
87ee1669 118 }
07cf0ba0
TS		 119 leds_text[8] = '\0';
120
e7e71b0e
AL		 121 qemu_chr_fe_printf(s->display, "\e[H\n\n|\e[32m%-8.8s\e[00m|\r\n", leds_text);
122 qemu_chr_fe_printf(s->display, "\n\n\n\n|\e[31m%-8.8s\e[00m|", s->display_text);
5856de80
TS		 123}
124
130751ee
TS		 125/*
126 * EEPROM 24C01 / 24C02 emulation.
127 *
128 * Emulation for serial EEPROMs:
129 * 24C01 - 1024 bit (128 x 8)
130 * 24C02 - 2048 bit (256 x 8)
131 *
132 * Typical device names include Microchip 24C02SC or SGS Thomson ST24C02.
133 */
134
135//~ #define DEBUG
136
137#if defined(DEBUG)
001faf32 138# define logout(fmt, ...) fprintf(stderr, "MALTA\t%-24s" fmt, __func__, ## __VA_ARGS__)
130751ee 139#else
001faf32 140# define logout(fmt, ...) ((void)0)
130751ee
TS		 141#endif
142
c227f099 143struct _eeprom24c0x_t {
130751ee
TS		 144 uint8_t tick;
145 uint8_t address;
146 uint8_t command;
147 uint8_t ack;
148 uint8_t scl;
149 uint8_t sda;
150 uint8_t data;
151 //~ uint16_t size;
152 uint8_t contents[256];
153};
154
c227f099 155typedef struct _eeprom24c0x_t eeprom24c0x_t;
130751ee 156
35c64807 157static eeprom24c0x_t spd_eeprom = {
284b08f1 158 .contents = {
02bccc77 159 /* 00000000: */ 0x80,0x08,0xFF,0x0D,0x0A,0xFF,0x40,0x00,
130751ee 160 /* 00000008: */ 0x01,0x75,0x54,0x00,0x82,0x08,0x00,0x01,
02bccc77
PB		 161 /* 00000010: */ 0x8F,0x04,0x02,0x01,0x01,0x00,0x00,0x00,
162 /* 00000018: */ 0x00,0x00,0x00,0x14,0x0F,0x14,0x2D,0xFF,
130751ee
TS		 163 /* 00000020: */ 0x15,0x08,0x15,0x08,0x00,0x00,0x00,0x00,
164 /* 00000028: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
165 /* 00000030: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
166 /* 00000038: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x12,0xD0,
167 /* 00000040: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
168 /* 00000048: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
169 /* 00000050: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
170 /* 00000058: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
171 /* 00000060: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
172 /* 00000068: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
173 /* 00000070: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
174 /* 00000078: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x64,0xF4,
175 },
176};
177
35c64807 178static void generate_eeprom_spd(uint8_t *eeprom, ram_addr_t ram_size)
02bccc77
PB		 179{
180 enum { SDR = 0x4, DDR2 = 0x8 } type;
35c64807 181 uint8_t *spd = spd_eeprom.contents;
02bccc77
PB		 182 uint8_t nbanks = 0;
183 uint16_t density = 0;
184 int i;
185
186 /* work in terms of MB */
187 ram_size >>= 20;
188
189 while ((ram_size >= 4) && (nbanks <= 2)) {
190 int sz_log2 = MIN(31 - clz32(ram_size), 14);
191 nbanks++;
192 density |= 1 << (sz_log2 - 2);
193 ram_size -= 1 << sz_log2;
194 }
195
196 /* split to 2 banks if possible */
197 if ((nbanks == 1) && (density > 1)) {
198 nbanks++;
199 density >>= 1;
200 }
201
202 if (density & 0xff00) {
203 density = (density & 0xe0) | ((density >> 8) & 0x1f);
204 type = DDR2;
205 } else if (!(density & 0x1f)) {
206 type = DDR2;
207 } else {
208 type = SDR;
209 }
210
211 if (ram_size) {
212 fprintf(stderr, "Warning: SPD cannot represent final %dMB"
213 " of SDRAM\n", (int)ram_size);
214 }
215
216 /* fill in SPD memory information */
217 spd[2] = type;
218 spd[5] = nbanks;
219 spd[31] = density;
220
221 /* checksum */
222 spd[63] = 0;
223 for (i = 0; i < 63; i++) {
224 spd[63] += spd[i];
225 }
35c64807
PB		 226
227 /* copy for SMBUS */
228 memcpy(eeprom, spd, sizeof(spd_eeprom.contents));
229}
230
231static void generate_eeprom_serial(uint8_t *eeprom)
232{
233 int i, pos = 0;
234 uint8_t mac[6] = { 0x00 };
235 uint8_t sn[5] = { 0x01, 0x23, 0x45, 0x67, 0x89 };
236
237 /* version */
238 eeprom[pos++] = 0x01;
239
240 /* count */
241 eeprom[pos++] = 0x02;
242
243 /* MAC address */
244 eeprom[pos++] = 0x01; /* MAC */
245 eeprom[pos++] = 0x06; /* length */
246 memcpy(&eeprom[pos], mac, sizeof(mac));
247 pos += sizeof(mac);
248
249 /* serial number */
250 eeprom[pos++] = 0x02; /* serial */
251 eeprom[pos++] = 0x05; /* length */
252 memcpy(&eeprom[pos], sn, sizeof(sn));
253 pos += sizeof(sn);
254
255 /* checksum */
256 eeprom[pos] = 0;
257 for (i = 0; i < pos; i++) {
258 eeprom[pos] += eeprom[i];
259 }
02bccc77
PB		 260}
261
35c64807 262static uint8_t eeprom24c0x_read(eeprom24c0x_t *eeprom)
130751ee
TS		 263{
264 logout("%u: scl = %u, sda = %u, data = 0x%02x\n",
35c64807
PB		 265 eeprom->tick, eeprom->scl, eeprom->sda, eeprom->data);
266 return eeprom->sda;
130751ee
TS		 267}
268
35c64807 269static void eeprom24c0x_write(eeprom24c0x_t *eeprom, int scl, int sda)
130751ee 270{
35c64807 271 if (eeprom->scl && scl && (eeprom->sda != sda)) {
130751ee 272 logout("%u: scl = %u->%u, sda = %u->%u i2c %s\n",
35c64807
PB		 273 eeprom->tick, eeprom->scl, scl, eeprom->sda, sda,
274 sda ? "stop" : "start");
130751ee 275 if (!sda) {
35c64807
PB		 276 eeprom->tick = 1;
277 eeprom->command = 0;
130751ee 278 }
35c64807 279 } else if (eeprom->tick == 0 && !eeprom->ack) {
130751ee
TS		 280 /* Waiting for start. */
281 logout("%u: scl = %u->%u, sda = %u->%u wait for i2c start\n",
35c64807
PB		 282 eeprom->tick, eeprom->scl, scl, eeprom->sda, sda);
283 } else if (!eeprom->scl && scl) {
130751ee 284 logout("%u: scl = %u->%u, sda = %u->%u trigger bit\n",
35c64807
PB		 285 eeprom->tick, eeprom->scl, scl, eeprom->sda, sda);
286 if (eeprom->ack) {
130751ee
TS		 287 logout("\ti2c ack bit = 0\n");
288 sda = 0;
35c64807
PB		 289 eeprom->ack = 0;
290 } else if (eeprom->sda == sda) {
130751ee
TS		 291 uint8_t bit = (sda != 0);
292 logout("\ti2c bit = %d\n", bit);
35c64807
PB		 293 if (eeprom->tick < 9) {
294 eeprom->command <<= 1;
295 eeprom->command += bit;
296 eeprom->tick++;
297 if (eeprom->tick == 9) {
298 logout("\tcommand 0x%04x, %s\n", eeprom->command,
299 bit ? "read" : "write");
300 eeprom->ack = 1;
130751ee 301 }
35c64807
PB		 302 } else if (eeprom->tick < 17) {
303 if (eeprom->command & 1) {
304 sda = ((eeprom->data & 0x80) != 0);
130751ee 305 }
35c64807
PB		 306 eeprom->address <<= 1;
307 eeprom->address += bit;
308 eeprom->tick++;
309 eeprom->data <<= 1;
310 if (eeprom->tick == 17) {
311 eeprom->data = eeprom->contents[eeprom->address];
312 logout("\taddress 0x%04x, data 0x%02x\n",
313 eeprom->address, eeprom->data);
314 eeprom->ack = 1;
315 eeprom->tick = 0;
130751ee 316 }
35c64807 317 } else if (eeprom->tick >= 17) {
130751ee
TS		 318 sda = 0;
319 }
320 } else {
321 logout("\tsda changed with raising scl\n");
322 }
323 } else {
35c64807
PB		 324 logout("%u: scl = %u->%u, sda = %u->%u\n", eeprom->tick, eeprom->scl,
325 scl, eeprom->sda, sda);
130751ee 326 }
35c64807
PB		 327 eeprom->scl = scl;
328 eeprom->sda = sda;
130751ee
TS		 329}
330
a8170e5e 331static uint64_t malta_fpga_read(void *opaque, hwaddr addr,
ea85df72 332 unsigned size)
5856de80
TS		 333{
334 MaltaFPGAState *s = opaque;
335 uint32_t val = 0;
336 uint32_t saddr;
337
338 saddr = (addr & 0xfffff);
339
340 switch (saddr) {
341
342 /* SWITCH Register */
343 case 0x00200:
344 val = 0x00000000; /* All switches closed */
593c0d10 345 break;
5856de80
TS		 346
347 /* STATUS Register */
348 case 0x00208:
349#ifdef TARGET_WORDS_BIGENDIAN
350 val = 0x00000012;
351#else
352 val = 0x00000010;
353#endif
354 break;
355
356 /* JMPRS Register */
357 case 0x00210:
358 val = 0x00;
359 break;
360
361 /* LEDBAR Register */
362 case 0x00408:
363 val = s->leds;
364 break;
365
366 /* BRKRES Register */
367 case 0x00508:
368 val = s->brk;
369 break;
370
b6dc7ebb 371 /* UART Registers are handled directly by the serial device */
a4bc3afc 372
5856de80
TS		 373 /* GPOUT Register */
374 case 0x00a00:
375 val = s->gpout;
376 break;
377
378 /* XXX: implement a real I2C controller */
379
380 /* GPINP Register */
381 case 0x00a08:
382 /* IN = OUT until a real I2C control is implemented */
383 if (s->i2csel)
384 val = s->i2cout;
385 else
386 val = 0x00;
387 break;
388
389 /* I2CINP Register */
390 case 0x00b00:
35c64807 391 val = ((s->i2cin & ~1) | eeprom24c0x_read(&spd_eeprom));
5856de80
TS		 392 break;
393
394 /* I2COE Register */
395 case 0x00b08:
396 val = s->i2coe;
397 break;
398
399 /* I2COUT Register */
400 case 0x00b10:
401 val = s->i2cout;
402 break;
403
404 /* I2CSEL Register */
405 case 0x00b18:
130751ee 406 val = s->i2csel;
5856de80
TS		 407 break;
408
409 default:
410#if 0
3594c774 411 printf ("malta_fpga_read: Bad register offset 0x" TARGET_FMT_lx "\n",
593c0d10 412 addr);
5856de80
TS		 413#endif
414 break;
415 }
416 return val;
417}
418
a8170e5e 419static void malta_fpga_write(void *opaque, hwaddr addr,
ea85df72 420 uint64_t val, unsigned size)
5856de80
TS		 421{
422 MaltaFPGAState *s = opaque;
423 uint32_t saddr;
424
425 saddr = (addr & 0xfffff);
426
427 switch (saddr) {
428
429 /* SWITCH Register */
430 case 0x00200:
431 break;
432
433 /* JMPRS Register */
434 case 0x00210:
435 break;
436
437 /* LEDBAR Register */
5856de80
TS		 438 case 0x00408:
439 s->leds = val & 0xff;
1d7a1197 440 malta_fpga_update_display(s);
5856de80
TS		 441 break;
442
443 /* ASCIIWORD Register */
444 case 0x00410:
ea85df72 445 snprintf(s->display_text, 9, "%08X", (uint32_t)val);
5856de80
TS		 446 malta_fpga_update_display(s);
447 break;
448
449 /* ASCIIPOS0 to ASCIIPOS7 Registers */
450 case 0x00418:
451 case 0x00420:
452 case 0x00428:
453 case 0x00430:
454 case 0x00438:
455 case 0x00440:
456 case 0x00448:
457 case 0x00450:
458 s->display_text[(saddr - 0x00418) >> 3] = (char) val;
459 malta_fpga_update_display(s);
460 break;
461
462 /* SOFTRES Register */
463 case 0x00500:
464 if (val == 0x42)
465 qemu_system_reset_request ();
466 break;
467
468 /* BRKRES Register */
469 case 0x00508:
470 s->brk = val & 0xff;
471 break;
472
b6dc7ebb 473 /* UART Registers are handled directly by the serial device */
a4bc3afc 474
5856de80
TS		 475 /* GPOUT Register */
476 case 0x00a00:
477 s->gpout = val & 0xff;
478 break;
479
480 /* I2COE Register */
481 case 0x00b08:
482 s->i2coe = val & 0x03;
483 break;
484
485 /* I2COUT Register */
486 case 0x00b10:
35c64807 487 eeprom24c0x_write(&spd_eeprom, val & 0x02, val & 0x01);
130751ee 488 s->i2cout = val;
5856de80
TS		 489 break;
490
491 /* I2CSEL Register */
492 case 0x00b18:
130751ee 493 s->i2csel = val & 0x01;
5856de80
TS		 494 break;
495
496 default:
497#if 0
3594c774 498 printf ("malta_fpga_write: Bad register offset 0x" TARGET_FMT_lx "\n",
593c0d10 499 addr);
5856de80
TS		 500#endif
501 break;
502 }
503}
504
ea85df72
AK		 505static const MemoryRegionOps malta_fpga_ops = {
506 .read = malta_fpga_read,
507 .write = malta_fpga_write,
508 .endianness = DEVICE_NATIVE_ENDIAN,
5856de80
TS		 509};
510
9596ebb7 511static void malta_fpga_reset(void *opaque)
5856de80
TS		 512{
513 MaltaFPGAState *s = opaque;
514
515 s->leds = 0x00;
516 s->brk = 0x0a;
517 s->gpout = 0x00;
130751ee 518 s->i2cin = 0x3;
5856de80
TS		 519 s->i2coe = 0x0;
520 s->i2cout = 0x3;
521 s->i2csel = 0x1;
522
523 s->display_text[8] = '\0';
524 snprintf(s->display_text, 9, " ");
ceecf1d1
AJ		 525}
526
ceecf1d1
AJ		 527static void malta_fpga_led_init(CharDriverState *chr)
528{
e7e71b0e
AL		 529 qemu_chr_fe_printf(chr, "\e[HMalta LEDBAR\r\n");
530 qemu_chr_fe_printf(chr, "+--------+\r\n");
531 qemu_chr_fe_printf(chr, "+ +\r\n");
532 qemu_chr_fe_printf(chr, "+--------+\r\n");
533 qemu_chr_fe_printf(chr, "\n");
534 qemu_chr_fe_printf(chr, "Malta ASCII\r\n");
535 qemu_chr_fe_printf(chr, "+--------+\r\n");
536 qemu_chr_fe_printf(chr, "+ +\r\n");
537 qemu_chr_fe_printf(chr, "+--------+\r\n");
5856de80
TS		 538}
539
ea85df72 540static MaltaFPGAState *malta_fpga_init(MemoryRegion *address_space,
a8170e5e 541 hwaddr base, qemu_irq uart_irq, CharDriverState *uart_chr)
5856de80
TS		 542{
543 MaltaFPGAState *s;
5856de80 544
7267c094 545 s = (MaltaFPGAState *)g_malloc0(sizeof(MaltaFPGAState));
5856de80 546
2c9b15ca 547 memory_region_init_io(&s->iomem, NULL, &malta_fpga_ops, s,
ea85df72 548 "malta-fpga", 0x100000);
2c9b15ca 549 memory_region_init_alias(&s->iomem_lo, NULL, "malta-fpga",
ea85df72 550 &s->iomem, 0, 0x900);
2c9b15ca 551 memory_region_init_alias(&s->iomem_hi, NULL, "malta-fpga",
ea85df72 552 &s->iomem, 0xa00, 0x10000-0xa00);
a4bc3afc 553
ea85df72
AK		 554 memory_region_add_subregion(address_space, base, &s->iomem_lo);
555 memory_region_add_subregion(address_space, base + 0xa00, &s->iomem_hi);
5856de80 556
27143a44 557 s->display = qemu_chr_new("fpga", "vc:320x200", malta_fpga_led_init);
ceecf1d1 558
39186d8a
RH		 559 s->uart = serial_mm_init(address_space, base + 0x900, 3, uart_irq,
560 230400, uart_chr, DEVICE_NATIVE_ENDIAN);
a4bc3afc 561
5856de80 562 malta_fpga_reset(s);
a08d4367 563 qemu_register_reset(malta_fpga_reset, s);
5856de80
TS		 564
565 return s;
566}
567
5856de80 568/* Network support */
29b358f9 569static void network_init(PCIBus *pci_bus)
5856de80
TS		 570{
571 int i;
5856de80
TS		 572
573 for(i = 0; i < nb_nics; i++) {
cb457d76 574 NICInfo *nd = &nd_table[i];
5607c388 575 const char *default_devaddr = NULL;
cb457d76
AL		 576
577 if (i == 0 && (!nd->model || strcmp(nd->model, "pcnet") == 0))
5856de80 578 /* The malta board has a PCNet card using PCI SLOT 11 */
5607c388 579 default_devaddr = "0b";
cb457d76 580
29b358f9 581 pci_nic_init_nofail(nd, pci_bus, "pcnet", default_devaddr);
5856de80
TS		 582 }
583}
584
585/* ROM and pseudo bootloader
586
587 The following code implements a very very simple bootloader. It first
588 loads the registers a0 to a3 to the values expected by the OS, and
589 then jump at the kernel address.
590
591 The bootloader should pass the locations of the kernel arguments and
592 environment variables tables. Those tables contain the 32-bit address
593 of NULL terminated strings. The environment variables table should be
594 terminated by a NULL address.
595
596 For a simpler implementation, the number of kernel arguments is fixed
597 to two (the name of the kernel and the command line), and the two
598 tables are actually the same one.
599
600 The registers a0 to a3 should contain the following values:
601 a0 - number of kernel arguments
602 a1 - 32-bit address of the kernel arguments table
603 a2 - 32-bit address of the environment variables table
604 a3 - RAM size in bytes
605*/
606
61c56c8c 607static void write_bootloader (CPUMIPSState *env, uint8_t *base,
b0311811 608 int64_t run_addr, int64_t kernel_entry)
5856de80
TS		 609{
610 uint32_t *p;
611
612 /* Small bootloader */
d7585251 613 p = (uint32_t *)base;
b0311811
JH		 614
615 stl_p(p++, 0x08000000 | /* j 0x1fc00580 */
616 ((run_addr + 0x580) & 0x0fffffff) >> 2);
0983979b 617 stl_p(p++, 0x00000000); /* nop */
5856de80 618
26ea0918 619 /* YAMON service vector */
b0311811
JH		 620 stl_p(base + 0x500, run_addr + 0x0580); /* start: */
621 stl_p(base + 0x504, run_addr + 0x083c); /* print_count: */
622 stl_p(base + 0x520, run_addr + 0x0580); /* start: */
623 stl_p(base + 0x52c, run_addr + 0x0800); /* flush_cache: */
624 stl_p(base + 0x534, run_addr + 0x0808); /* print: */
625 stl_p(base + 0x538, run_addr + 0x0800); /* reg_cpu_isr: */
626 stl_p(base + 0x53c, run_addr + 0x0800); /* unred_cpu_isr: */
627 stl_p(base + 0x540, run_addr + 0x0800); /* reg_ic_isr: */
628 stl_p(base + 0x544, run_addr + 0x0800); /* unred_ic_isr: */
629 stl_p(base + 0x548, run_addr + 0x0800); /* reg_esr: */
630 stl_p(base + 0x54c, run_addr + 0x0800); /* unreg_esr: */
631 stl_p(base + 0x550, run_addr + 0x0800); /* getchar: */
632 stl_p(base + 0x554, run_addr + 0x0800); /* syscon_read: */
26ea0918
TS		 633
634
5856de80 635 /* Second part of the bootloader */
d7585251 636 p = (uint32_t *) (base + 0x580);
0983979b
PB		 637 stl_p(p++, 0x24040002); /* addiu a0, zero, 2 */
638 stl_p(p++, 0x3c1d0000 | (((ENVP_ADDR - 64) >> 16) & 0xffff)); /* lui sp, high(ENVP_ADDR) */
639 stl_p(p++, 0x37bd0000 | ((ENVP_ADDR - 64) & 0xffff)); /* ori sp, sp, low(ENVP_ADDR) */
640 stl_p(p++, 0x3c050000 | ((ENVP_ADDR >> 16) & 0xffff)); /* lui a1, high(ENVP_ADDR) */
641 stl_p(p++, 0x34a50000 | (ENVP_ADDR & 0xffff)); /* ori a1, a1, low(ENVP_ADDR) */
642 stl_p(p++, 0x3c060000 | (((ENVP_ADDR + 8) >> 16) & 0xffff)); /* lui a2, high(ENVP_ADDR + 8) */
643 stl_p(p++, 0x34c60000 | ((ENVP_ADDR + 8) & 0xffff)); /* ori a2, a2, low(ENVP_ADDR + 8) */
644 stl_p(p++, 0x3c070000 | (loaderparams.ram_size >> 16)); /* lui a3, high(ram_size) */
645 stl_p(p++, 0x34e70000 | (loaderparams.ram_size & 0xffff)); /* ori a3, a3, low(ram_size) */
2802bfe3
TS		 646
647 /* Load BAR registers as done by YAMON */
0983979b 648 stl_p(p++, 0x3c09b400); /* lui t1, 0xb400 */
a0a8793e
TS		 649
650#ifdef TARGET_WORDS_BIGENDIAN
0983979b 651 stl_p(p++, 0x3c08df00); /* lui t0, 0xdf00 */
a0a8793e 652#else
0983979b 653 stl_p(p++, 0x340800df); /* ori t0, r0, 0x00df */
a0a8793e 654#endif
0983979b 655 stl_p(p++, 0xad280068); /* sw t0, 0x0068(t1) */
a0a8793e 656
0983979b 657 stl_p(p++, 0x3c09bbe0); /* lui t1, 0xbbe0 */
2802bfe3
TS		 658
659#ifdef TARGET_WORDS_BIGENDIAN
0983979b 660 stl_p(p++, 0x3c08c000); /* lui t0, 0xc000 */
2802bfe3 661#else
0983979b 662 stl_p(p++, 0x340800c0); /* ori t0, r0, 0x00c0 */
2802bfe3 663#endif
0983979b 664 stl_p(p++, 0xad280048); /* sw t0, 0x0048(t1) */
2802bfe3 665#ifdef TARGET_WORDS_BIGENDIAN
0983979b 666 stl_p(p++, 0x3c084000); /* lui t0, 0x4000 */
2802bfe3 667#else
0983979b 668 stl_p(p++, 0x34080040); /* ori t0, r0, 0x0040 */
2802bfe3 669#endif
0983979b 670 stl_p(p++, 0xad280050); /* sw t0, 0x0050(t1) */
2802bfe3
TS		 671
672#ifdef TARGET_WORDS_BIGENDIAN
0983979b 673 stl_p(p++, 0x3c088000); /* lui t0, 0x8000 */
2802bfe3 674#else
0983979b 675 stl_p(p++, 0x34080080); /* ori t0, r0, 0x0080 */
2802bfe3 676#endif
0983979b 677 stl_p(p++, 0xad280058); /* sw t0, 0x0058(t1) */
2802bfe3 678#ifdef TARGET_WORDS_BIGENDIAN
0983979b 679 stl_p(p++, 0x3c083f00); /* lui t0, 0x3f00 */
2802bfe3 680#else
0983979b 681 stl_p(p++, 0x3408003f); /* ori t0, r0, 0x003f */
2802bfe3 682#endif
0983979b 683 stl_p(p++, 0xad280060); /* sw t0, 0x0060(t1) */
2802bfe3
TS		 684
685#ifdef TARGET_WORDS_BIGENDIAN
0983979b 686 stl_p(p++, 0x3c08c100); /* lui t0, 0xc100 */
2802bfe3 687#else
0983979b 688 stl_p(p++, 0x340800c1); /* ori t0, r0, 0x00c1 */
2802bfe3 689#endif
0983979b 690 stl_p(p++, 0xad280080); /* sw t0, 0x0080(t1) */
2802bfe3 691#ifdef TARGET_WORDS_BIGENDIAN
0983979b 692 stl_p(p++, 0x3c085e00); /* lui t0, 0x5e00 */
2802bfe3 693#else
0983979b 694 stl_p(p++, 0x3408005e); /* ori t0, r0, 0x005e */
2802bfe3 695#endif
0983979b 696 stl_p(p++, 0xad280088); /* sw t0, 0x0088(t1) */
2802bfe3
TS		 697
698 /* Jump to kernel code */
0983979b
PB		 699 stl_p(p++, 0x3c1f0000 | ((kernel_entry >> 16) & 0xffff)); /* lui ra, high(kernel_entry) */
700 stl_p(p++, 0x37ff0000 | (kernel_entry & 0xffff)); /* ori ra, ra, low(kernel_entry) */
9fba1500 701 stl_p(p++, 0x03e00009); /* jalr ra */
0983979b 702 stl_p(p++, 0x00000000); /* nop */
26ea0918
TS		 703
704 /* YAMON subroutines */
d7585251 705 p = (uint32_t *) (base + 0x800);
9fba1500 706 stl_p(p++, 0x03e00009); /* jalr ra */
0983979b 707 stl_p(p++, 0x24020000); /* li v0,0 */
b0311811 708 /* 808 YAMON print */
0983979b
PB		 709 stl_p(p++, 0x03e06821); /* move t5,ra */
710 stl_p(p++, 0x00805821); /* move t3,a0 */
711 stl_p(p++, 0x00a05021); /* move t2,a1 */
712 stl_p(p++, 0x91440000); /* lbu a0,0(t2) */
713 stl_p(p++, 0x254a0001); /* addiu t2,t2,1 */
714 stl_p(p++, 0x10800005); /* beqz a0,834 */
715 stl_p(p++, 0x00000000); /* nop */
716 stl_p(p++, 0x0ff0021c); /* jal 870 */
717 stl_p(p++, 0x00000000); /* nop */
718 stl_p(p++, 0x08000205); /* j 814 */
719 stl_p(p++, 0x00000000); /* nop */
9fba1500 720 stl_p(p++, 0x01a00009); /* jalr t5 */
0983979b 721 stl_p(p++, 0x01602021); /* move a0,t3 */
26ea0918 722 /* 0x83c YAMON print_count */
0983979b
PB		 723 stl_p(p++, 0x03e06821); /* move t5,ra */
724 stl_p(p++, 0x00805821); /* move t3,a0 */
725 stl_p(p++, 0x00a05021); /* move t2,a1 */
726 stl_p(p++, 0x00c06021); /* move t4,a2 */
727 stl_p(p++, 0x91440000); /* lbu a0,0(t2) */
728 stl_p(p++, 0x0ff0021c); /* jal 870 */
729 stl_p(p++, 0x00000000); /* nop */
730 stl_p(p++, 0x254a0001); /* addiu t2,t2,1 */
731 stl_p(p++, 0x258cffff); /* addiu t4,t4,-1 */
732 stl_p(p++, 0x1580fffa); /* bnez t4,84c */
733 stl_p(p++, 0x00000000); /* nop */
9fba1500 734 stl_p(p++, 0x01a00009); /* jalr t5 */
0983979b 735 stl_p(p++, 0x01602021); /* move a0,t3 */
26ea0918 736 /* 0x870 */
0983979b
PB		 737 stl_p(p++, 0x3c08b800); /* lui t0,0xb400 */
738 stl_p(p++, 0x350803f8); /* ori t0,t0,0x3f8 */
739 stl_p(p++, 0x91090005); /* lbu t1,5(t0) */
740 stl_p(p++, 0x00000000); /* nop */
741 stl_p(p++, 0x31290040); /* andi t1,t1,0x40 */
742 stl_p(p++, 0x1120fffc); /* beqz t1,878 <outch+0x8> */
743 stl_p(p++, 0x00000000); /* nop */
9fba1500 744 stl_p(p++, 0x03e00009); /* jalr ra */
0983979b 745 stl_p(p++, 0xa1040000); /* sb a0,0(t0) */
26ea0918 746
5856de80
TS		 747}
748
8b7968f7
SW		 749static void GCC_FMT_ATTR(3, 4) prom_set(uint32_t* prom_buf, int index,
750 const char *string, ...)
5856de80
TS		 751{
752 va_list ap;
3ddd0065 753 int32_t table_addr;
5856de80
TS		 754
755 if (index >= ENVP_NB_ENTRIES)
756 return;
757
5856de80 758 if (string == NULL) {
c938ada2 759 prom_buf[index] = 0;
5856de80
TS		 760 return;
761 }
762
c938ada2
AJ		 763 table_addr = sizeof(int32_t) * ENVP_NB_ENTRIES + index * ENVP_ENTRY_SIZE;
764 prom_buf[index] = tswap32(ENVP_ADDR + table_addr);
5856de80
TS		 765
766 va_start(ap, string);
c938ada2 767 vsnprintf((char *)prom_buf + table_addr, ENVP_ENTRY_SIZE, string, ap);
5856de80
TS		 768 va_end(ap);
769}
770
771/* Kernel */
e16ad5b0 772static int64_t load_kernel (void)
5856de80 773{
409dbce5 774 int64_t kernel_entry, kernel_high;
5856de80 775 long initrd_size;
c227f099 776 ram_addr_t initrd_offset;
ca20cf32 777 int big_endian;
c938ada2
AJ		 778 uint32_t *prom_buf;
779 long prom_size;
780 int prom_index = 0;
b0311811 781 uint64_t (*xlate_to_kseg0) (void *opaque, uint64_t addr);
ca20cf32
BS		 782
783#ifdef TARGET_WORDS_BIGENDIAN
784 big_endian = 1;
785#else
786 big_endian = 0;
787#endif
5856de80 788
409dbce5
AJ		 789 if (load_elf(loaderparams.kernel_filename, cpu_mips_kseg0_to_phys, NULL,
790 (uint64_t *)&kernel_entry, NULL, (uint64_t *)&kernel_high,
791 big_endian, ELF_MACHINE, 1) < 0) {
5856de80 792 fprintf(stderr, "qemu: could not load kernel '%s'\n",
7df526e3 793 loaderparams.kernel_filename);
acdf72bb 794 exit(1);
5856de80 795 }
f7f15245
JH		 796
797 /* Sanity check where the kernel has been linked */
b0311811 798 if (kvm_enabled()) {
f7f15245
JH		 799 if (kernel_entry & 0x80000000ll) {
800 error_report("KVM guest kernels must be linked in useg. "
801 "Did you forget to enable CONFIG_KVM_GUEST?");
802 exit(1);
803 }
804
b0311811
JH		 805 xlate_to_kseg0 = cpu_mips_kvm_um_phys_to_kseg0;
806 } else {
f7f15245
JH		 807 if (!(kernel_entry & 0x80000000ll)) {
808 error_report("KVM guest kernels aren't supported with TCG. "
809 "Did you unintentionally enable CONFIG_KVM_GUEST?");
810 exit(1);
811 }
812
b0311811
JH		 813 xlate_to_kseg0 = cpu_mips_phys_to_kseg0;
814 }
5856de80
TS		 815
816 /* load initrd */
817 initrd_size = 0;
74287114 818 initrd_offset = 0;
7df526e3
TS		 819 if (loaderparams.initrd_filename) {
820 initrd_size = get_image_size (loaderparams.initrd_filename);
74287114 821 if (initrd_size > 0) {
05b3274b 822 initrd_offset = (kernel_high + ~INITRD_PAGE_MASK) & INITRD_PAGE_MASK;
7df526e3 823 if (initrd_offset + initrd_size > ram_size) {
74287114
TS		 824 fprintf(stderr,
825 "qemu: memory too small for initial ram disk '%s'\n",
7df526e3 826 loaderparams.initrd_filename);
74287114
TS		 827 exit(1);
828 }
dcac9679
PB		 829 initrd_size = load_image_targphys(loaderparams.initrd_filename,
830 initrd_offset,
831 ram_size - initrd_offset);
74287114 832 }
5856de80
TS		 833 if (initrd_size == (target_ulong) -1) {
834 fprintf(stderr, "qemu: could not load initial ram disk '%s'\n",
7df526e3 835 loaderparams.initrd_filename);
5856de80
TS		 836 exit(1);
837 }
838 }
839
c938ada2
AJ		 840 /* Setup prom parameters. */
841 prom_size = ENVP_NB_ENTRIES * (sizeof(int32_t) + ENVP_ENTRY_SIZE);
7267c094 842 prom_buf = g_malloc(prom_size);
c938ada2 843
f36d53ef 844 prom_set(prom_buf, prom_index++, "%s", loaderparams.kernel_filename);
c938ada2 845 if (initrd_size > 0) {
409dbce5 846 prom_set(prom_buf, prom_index++, "rd_start=0x%" PRIx64 " rd_size=%li %s",
b0311811 847 xlate_to_kseg0(NULL, initrd_offset), initrd_size,
7df526e3 848 loaderparams.kernel_cmdline);
c938ada2 849 } else {
f36d53ef 850 prom_set(prom_buf, prom_index++, "%s", loaderparams.kernel_cmdline);
c938ada2
AJ		 851 }
852
853 prom_set(prom_buf, prom_index++, "memsize");
94c2b6af
PB		 854 prom_set(prom_buf, prom_index++, "%i",
855 MIN(loaderparams.ram_size, 256 << 20));
b0311811 856
c938ada2
AJ		 857 prom_set(prom_buf, prom_index++, "modetty0");
858 prom_set(prom_buf, prom_index++, "38400n8r");
859 prom_set(prom_buf, prom_index++, NULL);
860
861 rom_add_blob_fixed("prom", prom_buf, prom_size,
409dbce5 862 cpu_mips_kseg0_to_phys(NULL, ENVP_ADDR));
5856de80 863
74287114 864 return kernel_entry;
5856de80
TS		 865}
866
ce3960eb 867static void malta_mips_config(MIPSCPU *cpu)
c4cb2578 868{
ce3960eb
AF		 869 CPUMIPSState *env = &cpu->env;
870 CPUState *cs = CPU(cpu);
871
c4cb2578 872 env->mvp->CP0_MVPConf0 |= ((smp_cpus - 1) << CP0MVPC0_PVPE) |
ce3960eb 873 ((smp_cpus * cs->nr_threads - 1) << CP0MVPC0_PTC);
c4cb2578
EI		 874}
875
5856de80
TS		 876static void main_cpu_reset(void *opaque)
877{
1004ee8d
AF		 878 MIPSCPU *cpu = opaque;
879 CPUMIPSState *env = &cpu->env;
880
881 cpu_reset(CPU(cpu));
5856de80 882
5c43485f 883 /* The bootloader does not need to be rewritten as it is located in a
5856de80
TS		 884 read only location. The kernel location and the arguments table
885 location does not change. */
7df526e3 886 if (loaderparams.kernel_filename) {
fb82fea0 887 env->CP0_Status &= ~((1 << CP0St_BEV) | (1 << CP0St_ERL));
fb82fea0 888 }
c4cb2578 889
ce3960eb 890 malta_mips_config(cpu);
b0311811
JH		 891
892 if (kvm_enabled()) {
893 /* Start running from the bootloader we wrote to end of RAM */
894 env->active_tc.PC = 0x40000000 + loaderparams.ram_size;
895 }
5856de80
TS		 896}
897
4556bd8b
BS		 898static void cpu_request_exit(void *opaque, int irq, int level)
899{
4917cf44 900 CPUState *cpu = current_cpu;
4556bd8b 901
4917cf44
AF		 902 if (cpu && level) {
903 cpu_exit(cpu);
4556bd8b
BS		 904 }
905}
906
70705261 907static
3ef96221 908void mips_malta_init(MachineState *machine)
5856de80 909{
3ef96221 910 ram_addr_t ram_size = machine->ram_size;
b0311811 911 ram_addr_t ram_low_size;
3ef96221
MA		 912 const char *cpu_model = machine->cpu_model;
913 const char *kernel_filename = machine->kernel_filename;
914 const char *kernel_cmdline = machine->kernel_cmdline;
915 const char *initrd_filename = machine->initrd_filename;
5cea8590 916 char *filename;
cfe5f011 917 pflash_t *fl;
cfe5f011 918 MemoryRegion *system_memory = get_system_memory();
94c2b6af
PB		 919 MemoryRegion *ram_high = g_new(MemoryRegion, 1);
920 MemoryRegion *ram_low_preio = g_new(MemoryRegion, 1);
921 MemoryRegion *ram_low_postio;
a427338b 922 MemoryRegion *bios, *bios_copy = g_new(MemoryRegion, 1);
03a1a8e1 923 target_long bios_size = FLASH_SIZE;
35c64807
PB		 924 const size_t smbus_eeprom_size = 8 * 256;
925 uint8_t *smbus_eeprom_buf = g_malloc0(smbus_eeprom_size);
b0311811 926 int64_t kernel_entry, bootloader_run_addr;
5856de80 927 PCIBus *pci_bus;
48a18b3c 928 ISABus *isa_bus;
7688b134 929 MIPSCPU *cpu;
61c56c8c 930 CPUMIPSState *env;
e9b40fd3 931 qemu_irq *isa_irq;
4556bd8b 932 qemu_irq *cpu_exit_irq;
7b717336 933 int piix4_devfn;
a5c82852 934 I2CBus *smbus;
7b717336 935 int i;
751c6a17 936 DriveInfo *dinfo;
f455e98c 937 DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
fd8014e1 938 DriveInfo *fd[MAX_FD];
c8b153d7 939 int fl_idx = 0;
bb4b3358 940 int fl_sectors = bios_size >> 16;
01e0451a 941 int be;
5856de80 942
cba5cb67
AF		 943 DeviceState *dev = qdev_create(NULL, TYPE_MIPS_MALTA);
944 MaltaState *s = MIPS_MALTA(dev);
e9b40fd3 945
cc413a39
AJ		 946 /* The whole address space decoded by the GT-64120A doesn't generate
947 exception when accessing invalid memory. Create an empty slot to
948 emulate this feature. */
949 empty_slot_init(0, 0x20000000);
950
e9b40fd3
SW		 951 qdev_init_nofail(dev);
952
ffabf037
AJ		 953 /* Make sure the first 3 serial ports are associated with a device. */
954 for(i = 0; i < 3; i++) {
955 if (!serial_hds[i]) {
956 char label[32];
957 snprintf(label, sizeof(label), "serial%d", i);
27143a44 958 serial_hds[i] = qemu_chr_new(label, "null", NULL);
ffabf037
AJ		 959 }
960 }
961
33d68b5f
TS		 962 /* init CPUs */
963 if (cpu_model == NULL) {
60aa19ab 964#ifdef TARGET_MIPS64
c9c1a064 965 cpu_model = "20Kc";
33d68b5f 966#else
1c32f43e 967 cpu_model = "24Kf";
33d68b5f
TS		 968#endif
969 }
c4cb2578
EI		 970
971 for (i = 0; i < smp_cpus; i++) {
7688b134
AF		 972 cpu = cpu_mips_init(cpu_model);
973 if (cpu == NULL) {
c4cb2578
EI		 974 fprintf(stderr, "Unable to find CPU definition\n");
975 exit(1);
976 }
7688b134
AF		 977 env = &cpu->env;
978
c4cb2578
EI		 979 /* Init internal devices */
980 cpu_mips_irq_init_cpu(env);
981 cpu_mips_clock_init(env);
1004ee8d 982 qemu_register_reset(main_cpu_reset, cpu);
aaed909a 983 }
182735ef
AF		 984 cpu = MIPS_CPU(first_cpu);
985 env = &cpu->env;
5856de80
TS		 986
987 /* allocate RAM */
94c2b6af 988 if (ram_size > (2048u << 20)) {
0ccff151 989 fprintf(stderr,
94c2b6af 990 "qemu: Too much memory for this machine: %d MB, maximum 2048 MB\n",
0ccff151
AJ		 991 ((unsigned int)ram_size / (1 << 20)));
992 exit(1);
993 }
94c2b6af
PB		 994
995 /* register RAM at high address where it is undisturbed by IO */
49946538
HT		 996 memory_region_init_ram(ram_high, NULL, "mips_malta.ram", ram_size,
997 &error_abort);
94c2b6af
PB		 998 vmstate_register_ram_global(ram_high);
999 memory_region_add_subregion(system_memory, 0x80000000, ram_high);
1000
1001 /* alias for pre IO hole access */
1002 memory_region_init_alias(ram_low_preio, NULL, "mips_malta_low_preio.ram",
1003 ram_high, 0, MIN(ram_size, (256 << 20)));
1004 memory_region_add_subregion(system_memory, 0, ram_low_preio);
1005
1006 /* alias for post IO hole access, if there is enough RAM */
1007 if (ram_size > (512 << 20)) {
1008 ram_low_postio = g_new(MemoryRegion, 1);
1009 memory_region_init_alias(ram_low_postio, NULL,
1010 "mips_malta_low_postio.ram",
1011 ram_high, 512 << 20,
1012 ram_size - (512 << 20));
1013 memory_region_add_subregion(system_memory, 512 << 20, ram_low_postio);
1014 }
5856de80 1015
02bccc77 1016 /* generate SPD EEPROM data */
35c64807
PB		 1017 generate_eeprom_spd(&smbus_eeprom_buf[0 * 256], ram_size);
1018 generate_eeprom_serial(&smbus_eeprom_buf[6 * 256]);
02bccc77 1019
01e0451a
AL		 1020#ifdef TARGET_WORDS_BIGENDIAN
1021 be = 1;
1022#else
1023 be = 0;
1024#endif
070ce5ed 1025 /* FPGA */
68d00192
AJ		 1026 /* The CBUS UART is attached to the MIPS CPU INT2 pin, ie interrupt 4 */
1027 malta_fpga_init(system_memory, FPGA_ADDRESS, env->irq[4], serial_hds[2]);
070ce5ed 1028
bb4b3358
SW		 1029 /* Load firmware in flash / BIOS. */
1030 dinfo = drive_get(IF_PFLASH, 0, fl_idx);
1031#ifdef DEBUG_BOARD_INIT
1032 if (dinfo) {
1033 printf("Register parallel flash %d size " TARGET_FMT_lx " at "
1034 "addr %08llx '%s' %x\n",
03a1a8e1 1035 fl_idx, bios_size, FLASH_ADDRESS,
4be74634 1036 blk_name(dinfo->bdrv), fl_sectors);
bb4b3358
SW		 1037 }
1038#endif
03a1a8e1 1039 fl = pflash_cfi01_register(FLASH_ADDRESS, NULL, "mips_malta.bios",
fa1d36df 1040 BIOS_SIZE,
4be74634 1041 dinfo ? blk_by_legacy_dinfo(dinfo) : NULL,
bb4b3358
SW		 1042 65536, fl_sectors,
1043 4, 0x0000, 0x0000, 0x0000, 0x0000, be);
1044 bios = pflash_cfi01_get_memory(fl);
1045 fl_idx++;
c8b153d7 1046 if (kernel_filename) {
b0311811 1047 ram_low_size = MIN(ram_size, 256 << 20);
fbdb1d95 1048 /* For KVM we reserve 1MB of RAM for running bootloader */
b0311811
JH		 1049 if (kvm_enabled()) {
1050 ram_low_size -= 0x100000;
1051 bootloader_run_addr = 0x40000000 + ram_low_size;
1052 } else {
1053 bootloader_run_addr = 0xbfc00000;
1054 }
1055
c8b153d7 1056 /* Write a small bootloader to the flash location. */
b0311811 1057 loaderparams.ram_size = ram_low_size;
c8b153d7
TS		 1058 loaderparams.kernel_filename = kernel_filename;
1059 loaderparams.kernel_cmdline = kernel_cmdline;
1060 loaderparams.initrd_filename = initrd_filename;
e16ad5b0 1061 kernel_entry = load_kernel();
b0311811
JH		 1062
1063 write_bootloader(env, memory_region_get_ram_ptr(bios),
1064 bootloader_run_addr, kernel_entry);
1065 if (kvm_enabled()) {
1066 /* Write the bootloader code @ the end of RAM, 1MB reserved */
1067 write_bootloader(env, memory_region_get_ram_ptr(ram_low_preio) +
1068 ram_low_size,
1069 bootloader_run_addr, kernel_entry);
1070 }
c8b153d7 1071 } else {
fbdb1d95 1072 /* The flash region isn't executable from a KVM guest */
3c5d0be5
JH		 1073 if (kvm_enabled()) {
1074 error_report("KVM enabled but no -kernel argument was specified. "
fbdb1d95 1075 "Booting from flash is not supported with KVM.");
3c5d0be5
JH		 1076 exit(1);
1077 }
bb4b3358
SW		 1078 /* Load firmware from flash. */
1079 if (!dinfo) {
c8b153d7 1080 /* Load a BIOS image. */
bb4b3358 1081 if (bios_name == NULL) {
c8b153d7 1082 bios_name = BIOS_FILENAME;
bb4b3358 1083 }
5cea8590
PB		 1084 filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
1085 if (filename) {
03a1a8e1 1086 bios_size = load_image_targphys(filename, FLASH_ADDRESS,
5cea8590 1087 BIOS_SIZE);
7267c094 1088 g_free(filename);
5cea8590
PB		 1089 } else {
1090 bios_size = -1;
1091 }
2c57bd9b
AF		 1092 if ((bios_size < 0 || bios_size > BIOS_SIZE) &&
1093 !kernel_filename && !qtest_enabled()) {
2e985fe0
AJ		 1094 error_report("Could not load MIPS bios '%s', and no "
1095 "-kernel argument was specified", bios_name);
1096 exit(1);
c8b153d7 1097 }
070ce5ed 1098 }
3187ef03
TS		 1099 /* In little endian mode the 32bit words in the bios are swapped,
1100 a neat trick which allows bi-endian firmware. */
1101#ifndef TARGET_WORDS_BIGENDIAN
1102 {
a2b8813d
PB		 1103 uint32_t *end, *addr = rom_ptr(FLASH_ADDRESS);
1104 if (!addr) {
1105 addr = memory_region_get_ram_ptr(bios);
1106 }
1817f56a 1107 end = (void *)addr + MIN(bios_size, 0x3e0000);
d7585251
PB		 1108 while (addr < end) {
1109 bswap32s(addr);
a30cfee5 1110 addr++;
3187ef03
TS		 1111 }
1112 }
1113#endif
070ce5ed
TS		 1114 }
1115
a427338b
PB		 1116 /*
1117 * Map the BIOS at a 2nd physical location, as on the real board.
1118 * Copy it so that we can patch in the MIPS revision, which cannot be
1119 * handled by an overlapping region as the resulting ROM code subpage
1120 * regions are not executable.
1121 */
49946538
HT		 1122 memory_region_init_ram(bios_copy, NULL, "bios.1fc", BIOS_SIZE,
1123 &error_abort);
a427338b 1124 if (!rom_copy(memory_region_get_ram_ptr(bios_copy),
f05d4d94 1125 FLASH_ADDRESS, BIOS_SIZE)) {
a427338b 1126 memcpy(memory_region_get_ram_ptr(bios_copy),
f05d4d94 1127 memory_region_get_ram_ptr(bios), BIOS_SIZE);
a427338b
PB		 1128 }
1129 memory_region_set_readonly(bios_copy, true);
1130 memory_region_add_subregion(system_memory, RESET_ADDRESS, bios_copy);
82a9807b 1131
a427338b
PB		 1132 /* Board ID = 0x420 (Malta Board with CoreLV) */
1133 stl_p(memory_region_get_ram_ptr(bios_copy) + 0x10, 0x00000420);
5856de80
TS		 1134
1135 /* Init internal devices */
d537cf6c 1136 cpu_mips_irq_init_cpu(env);
5856de80 1137 cpu_mips_clock_init(env);
5856de80 1138
5632ae46
AK		 1139 /*
1140 * We have a circular dependency problem: pci_bus depends on isa_irq,
1141 * isa_irq is provided by i8259, i8259 depends on ISA, ISA depends
1142 * on piix4, and piix4 depends on pci_bus. To stop the cycle we have
1143 * qemu_irq_proxy() adds an extra bit of indirection, allowing us
1144 * to resolve the isa_irq -> i8259 dependency after i8259 is initialized.
1145 */
e9b40fd3 1146 isa_irq = qemu_irq_proxy(&s->i8259, 16);
5856de80
TS		 1147
1148 /* Northbridge */
5632ae46 1149 pci_bus = gt64120_register(isa_irq);
5856de80
TS		 1150
1151 /* Southbridge */
d8f94e1b 1152 ide_drive_get(hd, ARRAY_SIZE(hd));
e4bcb14c 1153
142e9787 1154 piix4_devfn = piix4_init(pci_bus, &isa_bus, 80);
5632ae46
AK		 1155
1156 /* Interrupt controller */
1157 /* The 8259 is attached to the MIPS CPU INT0 pin, ie interrupt 2 */
e9b40fd3 1158 s->i8259 = i8259_init(isa_bus, env->irq[2]);
5632ae46 1159
e9b40fd3 1160 isa_bus_irqs(isa_bus, s->i8259);
ae027ad3 1161 pci_piix4_ide_init(pci_bus, hd, piix4_devfn + 1);
afb9a60e 1162 pci_create_simple(pci_bus, piix4_devfn + 2, "piix4-usb-uhci");
48a18b3c 1163 smbus = piix4_pm_init(pci_bus, piix4_devfn + 3, 0x1100,
781bbd6b 1164 isa_get_irq(NULL, 9), NULL, 0, NULL, NULL);
35c64807
PB		 1165 smbus_eeprom_init(smbus, 8, smbus_eeprom_buf, smbus_eeprom_size);
1166 g_free(smbus_eeprom_buf);
319ba9f5 1167 pit = pit_init(isa_bus, 0x40, 0, NULL);
4556bd8b
BS		 1168 cpu_exit_irq = qemu_allocate_irqs(cpu_request_exit, NULL, 1);
1169 DMA_init(0, cpu_exit_irq);
5856de80
TS		 1170
1171 /* Super I/O */
48a18b3c 1172 isa_create_simple(isa_bus, "i8042");
49a2942d 1173
48a18b3c 1174 rtc_init(isa_bus, 2000, NULL);
b6607a1a 1175 serial_hds_isa_init(isa_bus, 2);
7bcc17dc 1176 if (parallel_hds[0])
48a18b3c 1177 parallel_init(isa_bus, 0, parallel_hds[0]);
e4bcb14c 1178 for(i = 0; i < MAX_FD; i++) {
fd8014e1 1179 fd[i] = drive_get(IF_FLOPPY, 0, i);
e4bcb14c 1180 }
48a18b3c 1181 fdctrl_init_isa(isa_bus, fd);
5856de80 1182
5856de80 1183 /* Network card */
29b358f9 1184 network_init(pci_bus);
11f29511
TS		 1185
1186 /* Optional PCI video card */
9c59864d 1187 pci_vga_init(pci_bus);
5856de80
TS		 1188}
1189
e9b40fd3
SW		 1190static int mips_malta_sysbus_device_init(SysBusDevice *sysbusdev)
1191{
1192 return 0;
1193}
1194
999e12bb
AL		 1195static void mips_malta_class_init(ObjectClass *klass, void *data)
1196{
1197 SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
1198
1199 k->init = mips_malta_sysbus_device_init;
1200}
1201
8c43a6f0 1202static const TypeInfo mips_malta_device = {
cba5cb67 1203 .name = TYPE_MIPS_MALTA,
39bffca2
AL		 1204 .parent = TYPE_SYS_BUS_DEVICE,
1205 .instance_size = sizeof(MaltaState),
1206 .class_init = mips_malta_class_init,
e9b40fd3
SW		 1207};
1208
f80f9ec9 1209static QEMUMachine mips_malta_machine = {
eec2743e
TS		 1210 .name = "malta",
1211 .desc = "MIPS Malta Core LV",
1212 .init = mips_malta_init,
c4cb2578 1213 .max_cpus = 16,
0c257437 1214 .is_default = 1,
5856de80 1215};
f80f9ec9 1216
83f7d43a 1217static void mips_malta_register_types(void)
e9b40fd3 1218{
39bffca2 1219 type_register_static(&mips_malta_device);
e9b40fd3
SW		 1220}
1221
f80f9ec9
AL		 1222static void mips_malta_machine_init(void)
1223{
1224 qemu_register_machine(&mips_malta_machine);
1225}
1226
83f7d43a 1227type_init(mips_malta_register_types)
f80f9ec9 1228machine_init(mips_malta_machine_init);
QEMU mirror