2 * QEMU Malta board support
4 * Copyright (c) 2006 Aurelien Jarno
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
25 #include "qemu/osdep.h"
26 #include "qemu-common.h"
29 #include "hw/i386/pc.h"
30 #include "hw/char/serial.h"
31 #include "hw/block/fdc.h"
33 #include "hw/boards.h"
34 #include "hw/i2c/smbus.h"
35 #include "sysemu/block-backend.h"
36 #include "hw/block/flash.h"
37 #include "hw/mips/mips.h"
38 #include "hw/mips/cpudevs.h"
39 #include "hw/pci/pci.h"
40 #include "sysemu/char.h"
41 #include "sysemu/sysemu.h"
42 #include "sysemu/arch_init.h"
44 #include "hw/mips/bios.h"
46 #include "hw/loader.h"
48 #include "hw/timer/mc146818rtc.h"
49 #include "hw/timer/i8254.h"
50 #include "sysemu/block-backend.h"
51 #include "sysemu/blockdev.h"
52 #include "exec/address-spaces.h"
53 #include "hw/sysbus.h" /* SysBusDevice */
54 #include "qemu/host-utils.h"
55 #include "sysemu/qtest.h"
56 #include "qemu/error-report.h"
57 #include "hw/empty_slot.h"
58 #include "sysemu/kvm.h"
59 #include "exec/semihost.h"
61 //#define DEBUG_BOARD_INIT
63 #define ENVP_ADDR 0x80002000l
64 #define ENVP_NB_ENTRIES 16
65 #define ENVP_ENTRY_SIZE 256
67 /* Hardware addresses */
68 #define FLASH_ADDRESS 0x1e000000ULL
69 #define FPGA_ADDRESS 0x1f000000ULL
70 #define RESET_ADDRESS 0x1fc00000ULL
72 #define FLASH_SIZE 0x400000
78 MemoryRegion iomem_lo
; /* 0 - 0x900 */
79 MemoryRegion iomem_hi
; /* 0xa00 - 0x100000 */
87 CharDriverState
*display
;
92 #define TYPE_MIPS_MALTA "mips-malta"
93 #define MIPS_MALTA(obj) OBJECT_CHECK(MaltaState, (obj), TYPE_MIPS_MALTA)
96 SysBusDevice parent_obj
;
101 static ISADevice
*pit
;
103 static struct _loaderparams
{
104 int ram_size
, ram_low_size
;
105 const char *kernel_filename
;
106 const char *kernel_cmdline
;
107 const char *initrd_filename
;
111 static void malta_fpga_update_display(void *opaque
)
115 MaltaFPGAState
*s
= opaque
;
117 for (i
= 7 ; i
>= 0 ; i
--) {
118 if (s
->leds
& (1 << i
))
125 qemu_chr_fe_printf(s
->display
, "\e[H\n\n|\e[32m%-8.8s\e[00m|\r\n", leds_text
);
126 qemu_chr_fe_printf(s
->display
, "\n\n\n\n|\e[31m%-8.8s\e[00m|", s
->display_text
);
130 * EEPROM 24C01 / 24C02 emulation.
132 * Emulation for serial EEPROMs:
133 * 24C01 - 1024 bit (128 x 8)
134 * 24C02 - 2048 bit (256 x 8)
136 * Typical device names include Microchip 24C02SC or SGS Thomson ST24C02.
142 # define logout(fmt, ...) fprintf(stderr, "MALTA\t%-24s" fmt, __func__, ## __VA_ARGS__)
144 # define logout(fmt, ...) ((void)0)
147 struct _eeprom24c0x_t
{
156 uint8_t contents
[256];
159 typedef struct _eeprom24c0x_t eeprom24c0x_t
;
161 static eeprom24c0x_t spd_eeprom
= {
163 /* 00000000: */ 0x80,0x08,0xFF,0x0D,0x0A,0xFF,0x40,0x00,
164 /* 00000008: */ 0x01,0x75,0x54,0x00,0x82,0x08,0x00,0x01,
165 /* 00000010: */ 0x8F,0x04,0x02,0x01,0x01,0x00,0x00,0x00,
166 /* 00000018: */ 0x00,0x00,0x00,0x14,0x0F,0x14,0x2D,0xFF,
167 /* 00000020: */ 0x15,0x08,0x15,0x08,0x00,0x00,0x00,0x00,
168 /* 00000028: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
169 /* 00000030: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
170 /* 00000038: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x12,0xD0,
171 /* 00000040: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
172 /* 00000048: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
173 /* 00000050: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
174 /* 00000058: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
175 /* 00000060: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
176 /* 00000068: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
177 /* 00000070: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
178 /* 00000078: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x64,0xF4,
182 static void generate_eeprom_spd(uint8_t *eeprom
, ram_addr_t ram_size
)
184 enum { SDR
= 0x4, DDR2
= 0x8 } type
;
185 uint8_t *spd
= spd_eeprom
.contents
;
187 uint16_t density
= 0;
190 /* work in terms of MB */
193 while ((ram_size
>= 4) && (nbanks
<= 2)) {
194 int sz_log2
= MIN(31 - clz32(ram_size
), 14);
196 density
|= 1 << (sz_log2
- 2);
197 ram_size
-= 1 << sz_log2
;
200 /* split to 2 banks if possible */
201 if ((nbanks
== 1) && (density
> 1)) {
206 if (density
& 0xff00) {
207 density
= (density
& 0xe0) | ((density
>> 8) & 0x1f);
209 } else if (!(density
& 0x1f)) {
216 fprintf(stderr
, "Warning: SPD cannot represent final %dMB"
217 " of SDRAM\n", (int)ram_size
);
220 /* fill in SPD memory information */
227 for (i
= 0; i
< 63; i
++) {
232 memcpy(eeprom
, spd
, sizeof(spd_eeprom
.contents
));
235 static void generate_eeprom_serial(uint8_t *eeprom
)
238 uint8_t mac
[6] = { 0x00 };
239 uint8_t sn
[5] = { 0x01, 0x23, 0x45, 0x67, 0x89 };
242 eeprom
[pos
++] = 0x01;
245 eeprom
[pos
++] = 0x02;
248 eeprom
[pos
++] = 0x01; /* MAC */
249 eeprom
[pos
++] = 0x06; /* length */
250 memcpy(&eeprom
[pos
], mac
, sizeof(mac
));
254 eeprom
[pos
++] = 0x02; /* serial */
255 eeprom
[pos
++] = 0x05; /* length */
256 memcpy(&eeprom
[pos
], sn
, sizeof(sn
));
261 for (i
= 0; i
< pos
; i
++) {
262 eeprom
[pos
] += eeprom
[i
];
266 static uint8_t eeprom24c0x_read(eeprom24c0x_t
*eeprom
)
268 logout("%u: scl = %u, sda = %u, data = 0x%02x\n",
269 eeprom
->tick
, eeprom
->scl
, eeprom
->sda
, eeprom
->data
);
273 static void eeprom24c0x_write(eeprom24c0x_t
*eeprom
, int scl
, int sda
)
275 if (eeprom
->scl
&& scl
&& (eeprom
->sda
!= sda
)) {
276 logout("%u: scl = %u->%u, sda = %u->%u i2c %s\n",
277 eeprom
->tick
, eeprom
->scl
, scl
, eeprom
->sda
, sda
,
278 sda
? "stop" : "start");
283 } else if (eeprom
->tick
== 0 && !eeprom
->ack
) {
284 /* Waiting for start. */
285 logout("%u: scl = %u->%u, sda = %u->%u wait for i2c start\n",
286 eeprom
->tick
, eeprom
->scl
, scl
, eeprom
->sda
, sda
);
287 } else if (!eeprom
->scl
&& scl
) {
288 logout("%u: scl = %u->%u, sda = %u->%u trigger bit\n",
289 eeprom
->tick
, eeprom
->scl
, scl
, eeprom
->sda
, sda
);
291 logout("\ti2c ack bit = 0\n");
294 } else if (eeprom
->sda
== sda
) {
295 uint8_t bit
= (sda
!= 0);
296 logout("\ti2c bit = %d\n", bit
);
297 if (eeprom
->tick
< 9) {
298 eeprom
->command
<<= 1;
299 eeprom
->command
+= bit
;
301 if (eeprom
->tick
== 9) {
302 logout("\tcommand 0x%04x, %s\n", eeprom
->command
,
303 bit
? "read" : "write");
306 } else if (eeprom
->tick
< 17) {
307 if (eeprom
->command
& 1) {
308 sda
= ((eeprom
->data
& 0x80) != 0);
310 eeprom
->address
<<= 1;
311 eeprom
->address
+= bit
;
314 if (eeprom
->tick
== 17) {
315 eeprom
->data
= eeprom
->contents
[eeprom
->address
];
316 logout("\taddress 0x%04x, data 0x%02x\n",
317 eeprom
->address
, eeprom
->data
);
321 } else if (eeprom
->tick
>= 17) {
325 logout("\tsda changed with raising scl\n");
328 logout("%u: scl = %u->%u, sda = %u->%u\n", eeprom
->tick
, eeprom
->scl
,
329 scl
, eeprom
->sda
, sda
);
335 static uint64_t malta_fpga_read(void *opaque
, hwaddr addr
,
338 MaltaFPGAState
*s
= opaque
;
342 saddr
= (addr
& 0xfffff);
346 /* SWITCH Register */
348 val
= 0x00000000; /* All switches closed */
351 /* STATUS Register */
353 #ifdef TARGET_WORDS_BIGENDIAN
365 /* LEDBAR Register */
370 /* BRKRES Register */
375 /* UART Registers are handled directly by the serial device */
382 /* XXX: implement a real I2C controller */
386 /* IN = OUT until a real I2C control is implemented */
393 /* I2CINP Register */
395 val
= ((s
->i2cin
& ~1) | eeprom24c0x_read(&spd_eeprom
));
403 /* I2COUT Register */
408 /* I2CSEL Register */
415 printf ("malta_fpga_read: Bad register offset 0x" TARGET_FMT_lx
"\n",
423 static void malta_fpga_write(void *opaque
, hwaddr addr
,
424 uint64_t val
, unsigned size
)
426 MaltaFPGAState
*s
= opaque
;
429 saddr
= (addr
& 0xfffff);
433 /* SWITCH Register */
441 /* LEDBAR Register */
443 s
->leds
= val
& 0xff;
444 malta_fpga_update_display(s
);
447 /* ASCIIWORD Register */
449 snprintf(s
->display_text
, 9, "%08X", (uint32_t)val
);
450 malta_fpga_update_display(s
);
453 /* ASCIIPOS0 to ASCIIPOS7 Registers */
462 s
->display_text
[(saddr
- 0x00418) >> 3] = (char) val
;
463 malta_fpga_update_display(s
);
466 /* SOFTRES Register */
469 qemu_system_reset_request ();
472 /* BRKRES Register */
477 /* UART Registers are handled directly by the serial device */
481 s
->gpout
= val
& 0xff;
486 s
->i2coe
= val
& 0x03;
489 /* I2COUT Register */
491 eeprom24c0x_write(&spd_eeprom
, val
& 0x02, val
& 0x01);
495 /* I2CSEL Register */
497 s
->i2csel
= val
& 0x01;
502 printf ("malta_fpga_write: Bad register offset 0x" TARGET_FMT_lx
"\n",
509 static const MemoryRegionOps malta_fpga_ops
= {
510 .read
= malta_fpga_read
,
511 .write
= malta_fpga_write
,
512 .endianness
= DEVICE_NATIVE_ENDIAN
,
515 static void malta_fpga_reset(void *opaque
)
517 MaltaFPGAState
*s
= opaque
;
527 s
->display_text
[8] = '\0';
528 snprintf(s
->display_text
, 9, " ");
531 static void malta_fpga_led_init(CharDriverState
*chr
)
533 qemu_chr_fe_printf(chr
, "\e[HMalta LEDBAR\r\n");
534 qemu_chr_fe_printf(chr
, "+--------+\r\n");
535 qemu_chr_fe_printf(chr
, "+ +\r\n");
536 qemu_chr_fe_printf(chr
, "+--------+\r\n");
537 qemu_chr_fe_printf(chr
, "\n");
538 qemu_chr_fe_printf(chr
, "Malta ASCII\r\n");
539 qemu_chr_fe_printf(chr
, "+--------+\r\n");
540 qemu_chr_fe_printf(chr
, "+ +\r\n");
541 qemu_chr_fe_printf(chr
, "+--------+\r\n");
544 static MaltaFPGAState
*malta_fpga_init(MemoryRegion
*address_space
,
545 hwaddr base
, qemu_irq uart_irq
, CharDriverState
*uart_chr
)
549 s
= (MaltaFPGAState
*)g_malloc0(sizeof(MaltaFPGAState
));
551 memory_region_init_io(&s
->iomem
, NULL
, &malta_fpga_ops
, s
,
552 "malta-fpga", 0x100000);
553 memory_region_init_alias(&s
->iomem_lo
, NULL
, "malta-fpga",
554 &s
->iomem
, 0, 0x900);
555 memory_region_init_alias(&s
->iomem_hi
, NULL
, "malta-fpga",
556 &s
->iomem
, 0xa00, 0x10000-0xa00);
558 memory_region_add_subregion(address_space
, base
, &s
->iomem_lo
);
559 memory_region_add_subregion(address_space
, base
+ 0xa00, &s
->iomem_hi
);
561 s
->display
= qemu_chr_new("fpga", "vc:320x200", malta_fpga_led_init
);
563 s
->uart
= serial_mm_init(address_space
, base
+ 0x900, 3, uart_irq
,
564 230400, uart_chr
, DEVICE_NATIVE_ENDIAN
);
567 qemu_register_reset(malta_fpga_reset
, s
);
572 /* Network support */
573 static void network_init(PCIBus
*pci_bus
)
577 for(i
= 0; i
< nb_nics
; i
++) {
578 NICInfo
*nd
= &nd_table
[i
];
579 const char *default_devaddr
= NULL
;
581 if (i
== 0 && (!nd
->model
|| strcmp(nd
->model
, "pcnet") == 0))
582 /* The malta board has a PCNet card using PCI SLOT 11 */
583 default_devaddr
= "0b";
585 pci_nic_init_nofail(nd
, pci_bus
, "pcnet", default_devaddr
);
589 /* ROM and pseudo bootloader
591 The following code implements a very very simple bootloader. It first
592 loads the registers a0 to a3 to the values expected by the OS, and
593 then jump at the kernel address.
595 The bootloader should pass the locations of the kernel arguments and
596 environment variables tables. Those tables contain the 32-bit address
597 of NULL terminated strings. The environment variables table should be
598 terminated by a NULL address.
600 For a simpler implementation, the number of kernel arguments is fixed
601 to two (the name of the kernel and the command line), and the two
602 tables are actually the same one.
604 The registers a0 to a3 should contain the following values:
605 a0 - number of kernel arguments
606 a1 - 32-bit address of the kernel arguments table
607 a2 - 32-bit address of the environment variables table
608 a3 - RAM size in bytes
611 static void write_bootloader (CPUMIPSState
*env
, uint8_t *base
,
612 int64_t run_addr
, int64_t kernel_entry
)
616 /* Small bootloader */
617 p
= (uint32_t *)base
;
619 stl_p(p
++, 0x08000000 | /* j 0x1fc00580 */
620 ((run_addr
+ 0x580) & 0x0fffffff) >> 2);
621 stl_p(p
++, 0x00000000); /* nop */
623 /* YAMON service vector */
624 stl_p(base
+ 0x500, run_addr
+ 0x0580); /* start: */
625 stl_p(base
+ 0x504, run_addr
+ 0x083c); /* print_count: */
626 stl_p(base
+ 0x520, run_addr
+ 0x0580); /* start: */
627 stl_p(base
+ 0x52c, run_addr
+ 0x0800); /* flush_cache: */
628 stl_p(base
+ 0x534, run_addr
+ 0x0808); /* print: */
629 stl_p(base
+ 0x538, run_addr
+ 0x0800); /* reg_cpu_isr: */
630 stl_p(base
+ 0x53c, run_addr
+ 0x0800); /* unred_cpu_isr: */
631 stl_p(base
+ 0x540, run_addr
+ 0x0800); /* reg_ic_isr: */
632 stl_p(base
+ 0x544, run_addr
+ 0x0800); /* unred_ic_isr: */
633 stl_p(base
+ 0x548, run_addr
+ 0x0800); /* reg_esr: */
634 stl_p(base
+ 0x54c, run_addr
+ 0x0800); /* unreg_esr: */
635 stl_p(base
+ 0x550, run_addr
+ 0x0800); /* getchar: */
636 stl_p(base
+ 0x554, run_addr
+ 0x0800); /* syscon_read: */
639 /* Second part of the bootloader */
640 p
= (uint32_t *) (base
+ 0x580);
642 if (semihosting_get_argc()) {
643 /* Preserve a0 content as arguments have been passed */
644 stl_p(p
++, 0x00000000); /* nop */
646 stl_p(p
++, 0x24040002); /* addiu a0, zero, 2 */
648 stl_p(p
++, 0x3c1d0000 | (((ENVP_ADDR
- 64) >> 16) & 0xffff)); /* lui sp, high(ENVP_ADDR) */
649 stl_p(p
++, 0x37bd0000 | ((ENVP_ADDR
- 64) & 0xffff)); /* ori sp, sp, low(ENVP_ADDR) */
650 stl_p(p
++, 0x3c050000 | ((ENVP_ADDR
>> 16) & 0xffff)); /* lui a1, high(ENVP_ADDR) */
651 stl_p(p
++, 0x34a50000 | (ENVP_ADDR
& 0xffff)); /* ori a1, a1, low(ENVP_ADDR) */
652 stl_p(p
++, 0x3c060000 | (((ENVP_ADDR
+ 8) >> 16) & 0xffff)); /* lui a2, high(ENVP_ADDR + 8) */
653 stl_p(p
++, 0x34c60000 | ((ENVP_ADDR
+ 8) & 0xffff)); /* ori a2, a2, low(ENVP_ADDR + 8) */
654 stl_p(p
++, 0x3c070000 | (loaderparams
.ram_low_size
>> 16)); /* lui a3, high(ram_low_size) */
655 stl_p(p
++, 0x34e70000 | (loaderparams
.ram_low_size
& 0xffff)); /* ori a3, a3, low(ram_low_size) */
657 /* Load BAR registers as done by YAMON */
658 stl_p(p
++, 0x3c09b400); /* lui t1, 0xb400 */
660 #ifdef TARGET_WORDS_BIGENDIAN
661 stl_p(p
++, 0x3c08df00); /* lui t0, 0xdf00 */
663 stl_p(p
++, 0x340800df); /* ori t0, r0, 0x00df */
665 stl_p(p
++, 0xad280068); /* sw t0, 0x0068(t1) */
667 stl_p(p
++, 0x3c09bbe0); /* lui t1, 0xbbe0 */
669 #ifdef TARGET_WORDS_BIGENDIAN
670 stl_p(p
++, 0x3c08c000); /* lui t0, 0xc000 */
672 stl_p(p
++, 0x340800c0); /* ori t0, r0, 0x00c0 */
674 stl_p(p
++, 0xad280048); /* sw t0, 0x0048(t1) */
675 #ifdef TARGET_WORDS_BIGENDIAN
676 stl_p(p
++, 0x3c084000); /* lui t0, 0x4000 */
678 stl_p(p
++, 0x34080040); /* ori t0, r0, 0x0040 */
680 stl_p(p
++, 0xad280050); /* sw t0, 0x0050(t1) */
682 #ifdef TARGET_WORDS_BIGENDIAN
683 stl_p(p
++, 0x3c088000); /* lui t0, 0x8000 */
685 stl_p(p
++, 0x34080080); /* ori t0, r0, 0x0080 */
687 stl_p(p
++, 0xad280058); /* sw t0, 0x0058(t1) */
688 #ifdef TARGET_WORDS_BIGENDIAN
689 stl_p(p
++, 0x3c083f00); /* lui t0, 0x3f00 */
691 stl_p(p
++, 0x3408003f); /* ori t0, r0, 0x003f */
693 stl_p(p
++, 0xad280060); /* sw t0, 0x0060(t1) */
695 #ifdef TARGET_WORDS_BIGENDIAN
696 stl_p(p
++, 0x3c08c100); /* lui t0, 0xc100 */
698 stl_p(p
++, 0x340800c1); /* ori t0, r0, 0x00c1 */
700 stl_p(p
++, 0xad280080); /* sw t0, 0x0080(t1) */
701 #ifdef TARGET_WORDS_BIGENDIAN
702 stl_p(p
++, 0x3c085e00); /* lui t0, 0x5e00 */
704 stl_p(p
++, 0x3408005e); /* ori t0, r0, 0x005e */
706 stl_p(p
++, 0xad280088); /* sw t0, 0x0088(t1) */
708 /* Jump to kernel code */
709 stl_p(p
++, 0x3c1f0000 | ((kernel_entry
>> 16) & 0xffff)); /* lui ra, high(kernel_entry) */
710 stl_p(p
++, 0x37ff0000 | (kernel_entry
& 0xffff)); /* ori ra, ra, low(kernel_entry) */
711 stl_p(p
++, 0x03e00009); /* jalr ra */
712 stl_p(p
++, 0x00000000); /* nop */
714 /* YAMON subroutines */
715 p
= (uint32_t *) (base
+ 0x800);
716 stl_p(p
++, 0x03e00009); /* jalr ra */
717 stl_p(p
++, 0x24020000); /* li v0,0 */
718 /* 808 YAMON print */
719 stl_p(p
++, 0x03e06821); /* move t5,ra */
720 stl_p(p
++, 0x00805821); /* move t3,a0 */
721 stl_p(p
++, 0x00a05021); /* move t2,a1 */
722 stl_p(p
++, 0x91440000); /* lbu a0,0(t2) */
723 stl_p(p
++, 0x254a0001); /* addiu t2,t2,1 */
724 stl_p(p
++, 0x10800005); /* beqz a0,834 */
725 stl_p(p
++, 0x00000000); /* nop */
726 stl_p(p
++, 0x0ff0021c); /* jal 870 */
727 stl_p(p
++, 0x00000000); /* nop */
728 stl_p(p
++, 0x08000205); /* j 814 */
729 stl_p(p
++, 0x00000000); /* nop */
730 stl_p(p
++, 0x01a00009); /* jalr t5 */
731 stl_p(p
++, 0x01602021); /* move a0,t3 */
732 /* 0x83c YAMON print_count */
733 stl_p(p
++, 0x03e06821); /* move t5,ra */
734 stl_p(p
++, 0x00805821); /* move t3,a0 */
735 stl_p(p
++, 0x00a05021); /* move t2,a1 */
736 stl_p(p
++, 0x00c06021); /* move t4,a2 */
737 stl_p(p
++, 0x91440000); /* lbu a0,0(t2) */
738 stl_p(p
++, 0x0ff0021c); /* jal 870 */
739 stl_p(p
++, 0x00000000); /* nop */
740 stl_p(p
++, 0x254a0001); /* addiu t2,t2,1 */
741 stl_p(p
++, 0x258cffff); /* addiu t4,t4,-1 */
742 stl_p(p
++, 0x1580fffa); /* bnez t4,84c */
743 stl_p(p
++, 0x00000000); /* nop */
744 stl_p(p
++, 0x01a00009); /* jalr t5 */
745 stl_p(p
++, 0x01602021); /* move a0,t3 */
747 stl_p(p
++, 0x3c08b800); /* lui t0,0xb400 */
748 stl_p(p
++, 0x350803f8); /* ori t0,t0,0x3f8 */
749 stl_p(p
++, 0x91090005); /* lbu t1,5(t0) */
750 stl_p(p
++, 0x00000000); /* nop */
751 stl_p(p
++, 0x31290040); /* andi t1,t1,0x40 */
752 stl_p(p
++, 0x1120fffc); /* beqz t1,878 <outch+0x8> */
753 stl_p(p
++, 0x00000000); /* nop */
754 stl_p(p
++, 0x03e00009); /* jalr ra */
755 stl_p(p
++, 0xa1040000); /* sb a0,0(t0) */
759 static void GCC_FMT_ATTR(3, 4) prom_set(uint32_t* prom_buf
, int index
,
760 const char *string
, ...)
765 if (index
>= ENVP_NB_ENTRIES
)
768 if (string
== NULL
) {
773 table_addr
= sizeof(int32_t) * ENVP_NB_ENTRIES
+ index
* ENVP_ENTRY_SIZE
;
774 prom_buf
[index
] = tswap32(ENVP_ADDR
+ table_addr
);
776 va_start(ap
, string
);
777 vsnprintf((char *)prom_buf
+ table_addr
, ENVP_ENTRY_SIZE
, string
, ap
);
782 static int64_t load_kernel (void)
784 int64_t kernel_entry
, kernel_high
;
786 ram_addr_t initrd_offset
;
791 uint64_t (*xlate_to_kseg0
) (void *opaque
, uint64_t addr
);
793 #ifdef TARGET_WORDS_BIGENDIAN
799 if (load_elf(loaderparams
.kernel_filename
, cpu_mips_kseg0_to_phys
, NULL
,
800 (uint64_t *)&kernel_entry
, NULL
, (uint64_t *)&kernel_high
,
801 big_endian
, EM_MIPS
, 1, 0) < 0) {
802 fprintf(stderr
, "qemu: could not load kernel '%s'\n",
803 loaderparams
.kernel_filename
);
807 /* Sanity check where the kernel has been linked */
809 if (kernel_entry
& 0x80000000ll
) {
810 error_report("KVM guest kernels must be linked in useg. "
811 "Did you forget to enable CONFIG_KVM_GUEST?");
815 xlate_to_kseg0
= cpu_mips_kvm_um_phys_to_kseg0
;
817 if (!(kernel_entry
& 0x80000000ll
)) {
818 error_report("KVM guest kernels aren't supported with TCG. "
819 "Did you unintentionally enable CONFIG_KVM_GUEST?");
823 xlate_to_kseg0
= cpu_mips_phys_to_kseg0
;
829 if (loaderparams
.initrd_filename
) {
830 initrd_size
= get_image_size (loaderparams
.initrd_filename
);
831 if (initrd_size
> 0) {
832 initrd_offset
= (kernel_high
+ ~INITRD_PAGE_MASK
) & INITRD_PAGE_MASK
;
833 if (initrd_offset
+ initrd_size
> ram_size
) {
835 "qemu: memory too small for initial ram disk '%s'\n",
836 loaderparams
.initrd_filename
);
839 initrd_size
= load_image_targphys(loaderparams
.initrd_filename
,
841 ram_size
- initrd_offset
);
843 if (initrd_size
== (target_ulong
) -1) {
844 fprintf(stderr
, "qemu: could not load initial ram disk '%s'\n",
845 loaderparams
.initrd_filename
);
850 /* Setup prom parameters. */
851 prom_size
= ENVP_NB_ENTRIES
* (sizeof(int32_t) + ENVP_ENTRY_SIZE
);
852 prom_buf
= g_malloc(prom_size
);
854 prom_set(prom_buf
, prom_index
++, "%s", loaderparams
.kernel_filename
);
855 if (initrd_size
> 0) {
856 prom_set(prom_buf
, prom_index
++, "rd_start=0x%" PRIx64
" rd_size=%li %s",
857 xlate_to_kseg0(NULL
, initrd_offset
), initrd_size
,
858 loaderparams
.kernel_cmdline
);
860 prom_set(prom_buf
, prom_index
++, "%s", loaderparams
.kernel_cmdline
);
863 prom_set(prom_buf
, prom_index
++, "memsize");
864 prom_set(prom_buf
, prom_index
++, "%u", loaderparams
.ram_low_size
);
866 prom_set(prom_buf
, prom_index
++, "ememsize");
867 prom_set(prom_buf
, prom_index
++, "%u", loaderparams
.ram_size
);
869 prom_set(prom_buf
, prom_index
++, "modetty0");
870 prom_set(prom_buf
, prom_index
++, "38400n8r");
871 prom_set(prom_buf
, prom_index
++, NULL
);
873 rom_add_blob_fixed("prom", prom_buf
, prom_size
,
874 cpu_mips_kseg0_to_phys(NULL
, ENVP_ADDR
));
880 static void malta_mips_config(MIPSCPU
*cpu
)
882 CPUMIPSState
*env
= &cpu
->env
;
883 CPUState
*cs
= CPU(cpu
);
885 env
->mvp
->CP0_MVPConf0
|= ((smp_cpus
- 1) << CP0MVPC0_PVPE
) |
886 ((smp_cpus
* cs
->nr_threads
- 1) << CP0MVPC0_PTC
);
889 static void main_cpu_reset(void *opaque
)
891 MIPSCPU
*cpu
= opaque
;
892 CPUMIPSState
*env
= &cpu
->env
;
896 /* The bootloader does not need to be rewritten as it is located in a
897 read only location. The kernel location and the arguments table
898 location does not change. */
899 if (loaderparams
.kernel_filename
) {
900 env
->CP0_Status
&= ~(1 << CP0St_ERL
);
903 malta_mips_config(cpu
);
906 /* Start running from the bootloader we wrote to end of RAM */
907 env
->active_tc
.PC
= 0x40000000 + loaderparams
.ram_low_size
;
912 void mips_malta_init(MachineState
*machine
)
914 ram_addr_t ram_size
= machine
->ram_size
;
915 ram_addr_t ram_low_size
;
916 const char *cpu_model
= machine
->cpu_model
;
917 const char *kernel_filename
= machine
->kernel_filename
;
918 const char *kernel_cmdline
= machine
->kernel_cmdline
;
919 const char *initrd_filename
= machine
->initrd_filename
;
922 MemoryRegion
*system_memory
= get_system_memory();
923 MemoryRegion
*ram_high
= g_new(MemoryRegion
, 1);
924 MemoryRegion
*ram_low_preio
= g_new(MemoryRegion
, 1);
925 MemoryRegion
*ram_low_postio
;
926 MemoryRegion
*bios
, *bios_copy
= g_new(MemoryRegion
, 1);
927 target_long bios_size
= FLASH_SIZE
;
928 const size_t smbus_eeprom_size
= 8 * 256;
929 uint8_t *smbus_eeprom_buf
= g_malloc0(smbus_eeprom_size
);
930 int64_t kernel_entry
, bootloader_run_addr
;
940 DriveInfo
*hd
[MAX_IDE_BUS
* MAX_IDE_DEVS
];
941 DriveInfo
*fd
[MAX_FD
];
943 int fl_sectors
= bios_size
>> 16;
946 DeviceState
*dev
= qdev_create(NULL
, TYPE_MIPS_MALTA
);
947 MaltaState
*s
= MIPS_MALTA(dev
);
949 /* The whole address space decoded by the GT-64120A doesn't generate
950 exception when accessing invalid memory. Create an empty slot to
951 emulate this feature. */
952 empty_slot_init(0, 0x20000000);
954 qdev_init_nofail(dev
);
956 /* Make sure the first 3 serial ports are associated with a device. */
957 for(i
= 0; i
< 3; i
++) {
958 if (!serial_hds
[i
]) {
960 snprintf(label
, sizeof(label
), "serial%d", i
);
961 serial_hds
[i
] = qemu_chr_new(label
, "null", NULL
);
966 if (cpu_model
== NULL
) {
974 for (i
= 0; i
< smp_cpus
; i
++) {
975 cpu
= cpu_mips_init(cpu_model
);
977 fprintf(stderr
, "Unable to find CPU definition\n");
982 /* Init internal devices */
983 cpu_mips_irq_init_cpu(env
);
984 cpu_mips_clock_init(env
);
985 qemu_register_reset(main_cpu_reset
, cpu
);
987 cpu
= MIPS_CPU(first_cpu
);
991 if (ram_size
> (2048u << 20)) {
993 "qemu: Too much memory for this machine: %d MB, maximum 2048 MB\n",
994 ((unsigned int)ram_size
/ (1 << 20)));
998 /* register RAM at high address where it is undisturbed by IO */
999 memory_region_allocate_system_memory(ram_high
, NULL
, "mips_malta.ram",
1001 memory_region_add_subregion(system_memory
, 0x80000000, ram_high
);
1003 /* alias for pre IO hole access */
1004 memory_region_init_alias(ram_low_preio
, NULL
, "mips_malta_low_preio.ram",
1005 ram_high
, 0, MIN(ram_size
, (256 << 20)));
1006 memory_region_add_subregion(system_memory
, 0, ram_low_preio
);
1008 /* alias for post IO hole access, if there is enough RAM */
1009 if (ram_size
> (512 << 20)) {
1010 ram_low_postio
= g_new(MemoryRegion
, 1);
1011 memory_region_init_alias(ram_low_postio
, NULL
,
1012 "mips_malta_low_postio.ram",
1013 ram_high
, 512 << 20,
1014 ram_size
- (512 << 20));
1015 memory_region_add_subregion(system_memory
, 512 << 20, ram_low_postio
);
1018 /* generate SPD EEPROM data */
1019 generate_eeprom_spd(&smbus_eeprom_buf
[0 * 256], ram_size
);
1020 generate_eeprom_serial(&smbus_eeprom_buf
[6 * 256]);
1022 #ifdef TARGET_WORDS_BIGENDIAN
1028 /* The CBUS UART is attached to the MIPS CPU INT2 pin, ie interrupt 4 */
1029 malta_fpga_init(system_memory
, FPGA_ADDRESS
, env
->irq
[4], serial_hds
[2]);
1031 /* Load firmware in flash / BIOS. */
1032 dinfo
= drive_get(IF_PFLASH
, 0, fl_idx
);
1033 #ifdef DEBUG_BOARD_INIT
1035 printf("Register parallel flash %d size " TARGET_FMT_lx
" at "
1036 "addr %08llx '%s' %x\n",
1037 fl_idx
, bios_size
, FLASH_ADDRESS
,
1038 blk_name(dinfo
->bdrv
), fl_sectors
);
1041 fl
= pflash_cfi01_register(FLASH_ADDRESS
, NULL
, "mips_malta.bios",
1043 dinfo
? blk_by_legacy_dinfo(dinfo
) : NULL
,
1045 4, 0x0000, 0x0000, 0x0000, 0x0000, be
);
1046 bios
= pflash_cfi01_get_memory(fl
);
1048 if (kernel_filename
) {
1049 ram_low_size
= MIN(ram_size
, 256 << 20);
1050 /* For KVM we reserve 1MB of RAM for running bootloader */
1051 if (kvm_enabled()) {
1052 ram_low_size
-= 0x100000;
1053 bootloader_run_addr
= 0x40000000 + ram_low_size
;
1055 bootloader_run_addr
= 0xbfc00000;
1058 /* Write a small bootloader to the flash location. */
1059 loaderparams
.ram_size
= ram_size
;
1060 loaderparams
.ram_low_size
= ram_low_size
;
1061 loaderparams
.kernel_filename
= kernel_filename
;
1062 loaderparams
.kernel_cmdline
= kernel_cmdline
;
1063 loaderparams
.initrd_filename
= initrd_filename
;
1064 kernel_entry
= load_kernel();
1066 write_bootloader(env
, memory_region_get_ram_ptr(bios
),
1067 bootloader_run_addr
, kernel_entry
);
1068 if (kvm_enabled()) {
1069 /* Write the bootloader code @ the end of RAM, 1MB reserved */
1070 write_bootloader(env
, memory_region_get_ram_ptr(ram_low_preio
) +
1072 bootloader_run_addr
, kernel_entry
);
1075 /* The flash region isn't executable from a KVM guest */
1076 if (kvm_enabled()) {
1077 error_report("KVM enabled but no -kernel argument was specified. "
1078 "Booting from flash is not supported with KVM.");
1081 /* Load firmware from flash. */
1083 /* Load a BIOS image. */
1084 if (bios_name
== NULL
) {
1085 bios_name
= BIOS_FILENAME
;
1087 filename
= qemu_find_file(QEMU_FILE_TYPE_BIOS
, bios_name
);
1089 bios_size
= load_image_targphys(filename
, FLASH_ADDRESS
,
1095 if ((bios_size
< 0 || bios_size
> BIOS_SIZE
) &&
1096 !kernel_filename
&& !qtest_enabled()) {
1097 error_report("Could not load MIPS bios '%s', and no "
1098 "-kernel argument was specified", bios_name
);
1102 /* In little endian mode the 32bit words in the bios are swapped,
1103 a neat trick which allows bi-endian firmware. */
1104 #ifndef TARGET_WORDS_BIGENDIAN
1106 uint32_t *end
, *addr
= rom_ptr(FLASH_ADDRESS
);
1108 addr
= memory_region_get_ram_ptr(bios
);
1110 end
= (void *)addr
+ MIN(bios_size
, 0x3e0000);
1111 while (addr
< end
) {
1120 * Map the BIOS at a 2nd physical location, as on the real board.
1121 * Copy it so that we can patch in the MIPS revision, which cannot be
1122 * handled by an overlapping region as the resulting ROM code subpage
1123 * regions are not executable.
1125 memory_region_init_ram(bios_copy
, NULL
, "bios.1fc", BIOS_SIZE
,
1127 if (!rom_copy(memory_region_get_ram_ptr(bios_copy
),
1128 FLASH_ADDRESS
, BIOS_SIZE
)) {
1129 memcpy(memory_region_get_ram_ptr(bios_copy
),
1130 memory_region_get_ram_ptr(bios
), BIOS_SIZE
);
1132 memory_region_set_readonly(bios_copy
, true);
1133 memory_region_add_subregion(system_memory
, RESET_ADDRESS
, bios_copy
);
1135 /* Board ID = 0x420 (Malta Board with CoreLV) */
1136 stl_p(memory_region_get_ram_ptr(bios_copy
) + 0x10, 0x00000420);
1138 /* Init internal devices */
1139 cpu_mips_irq_init_cpu(env
);
1140 cpu_mips_clock_init(env
);
1143 * We have a circular dependency problem: pci_bus depends on isa_irq,
1144 * isa_irq is provided by i8259, i8259 depends on ISA, ISA depends
1145 * on piix4, and piix4 depends on pci_bus. To stop the cycle we have
1146 * qemu_irq_proxy() adds an extra bit of indirection, allowing us
1147 * to resolve the isa_irq -> i8259 dependency after i8259 is initialized.
1149 isa_irq
= qemu_irq_proxy(&s
->i8259
, 16);
1152 pci_bus
= gt64120_register(isa_irq
);
1155 ide_drive_get(hd
, ARRAY_SIZE(hd
));
1157 piix4_devfn
= piix4_init(pci_bus
, &isa_bus
, 80);
1159 /* Interrupt controller */
1160 /* The 8259 is attached to the MIPS CPU INT0 pin, ie interrupt 2 */
1161 s
->i8259
= i8259_init(isa_bus
, env
->irq
[2]);
1163 isa_bus_irqs(isa_bus
, s
->i8259
);
1164 pci_piix4_ide_init(pci_bus
, hd
, piix4_devfn
+ 1);
1165 pci_create_simple(pci_bus
, piix4_devfn
+ 2, "piix4-usb-uhci");
1166 smbus
= piix4_pm_init(pci_bus
, piix4_devfn
+ 3, 0x1100,
1167 isa_get_irq(NULL
, 9), NULL
, 0, NULL
);
1168 smbus_eeprom_init(smbus
, 8, smbus_eeprom_buf
, smbus_eeprom_size
);
1169 g_free(smbus_eeprom_buf
);
1170 pit
= pit_init(isa_bus
, 0x40, 0, NULL
);
1171 DMA_init(isa_bus
, 0);
1174 isa_create_simple(isa_bus
, "i8042");
1176 rtc_init(isa_bus
, 2000, NULL
);
1177 serial_hds_isa_init(isa_bus
, 2);
1178 parallel_hds_isa_init(isa_bus
, 1);
1180 for(i
= 0; i
< MAX_FD
; i
++) {
1181 fd
[i
] = drive_get(IF_FLOPPY
, 0, i
);
1183 fdctrl_init_isa(isa_bus
, fd
);
1186 network_init(pci_bus
);
1188 /* Optional PCI video card */
1189 pci_vga_init(pci_bus
);
1192 static int mips_malta_sysbus_device_init(SysBusDevice
*sysbusdev
)
1197 static void mips_malta_class_init(ObjectClass
*klass
, void *data
)
1199 SysBusDeviceClass
*k
= SYS_BUS_DEVICE_CLASS(klass
);
1201 k
->init
= mips_malta_sysbus_device_init
;
1204 static const TypeInfo mips_malta_device
= {
1205 .name
= TYPE_MIPS_MALTA
,
1206 .parent
= TYPE_SYS_BUS_DEVICE
,
1207 .instance_size
= sizeof(MaltaState
),
1208 .class_init
= mips_malta_class_init
,
1211 static void mips_malta_machine_init(MachineClass
*mc
)
1213 mc
->desc
= "MIPS Malta Core LV";
1214 mc
->init
= mips_malta_init
;
1219 DEFINE_MACHINE("malta", mips_malta_machine_init
)
1221 static void mips_malta_register_types(void)
1223 type_register_static(&mips_malta_device
);
1226 type_init(mips_malta_register_types
)