]> git.proxmox.com Git - mirror_qemu.git/blob - hw/mips/mips_malta.c
projects / mirror_qemu.git / blob
? search:


f261dd6a941699eb22af2220ecab7651628d1505
[mirror_qemu.git] / hw / mips / mips_malta.c
1 /*
2 * QEMU Malta board support
3 *
4 * Copyright (c) 2006 Aurelien Jarno
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
24
25 #include "qemu/osdep.h"
26 #include "qemu/units.h"
27 #include "qemu-common.h"
28 #include "cpu.h"
29 #include "hw/hw.h"
30 #include "hw/i386/pc.h"
31 #include "hw/isa/superio.h"
32 #include "hw/dma/i8257.h"
33 #include "hw/char/serial.h"
34 #include "net/net.h"
35 #include "hw/boards.h"
36 #include "hw/i2c/smbus.h"
37 #include "hw/block/flash.h"
38 #include "hw/mips/mips.h"
39 #include "hw/mips/cpudevs.h"
40 #include "hw/pci/pci.h"
41 #include "sysemu/sysemu.h"
42 #include "sysemu/arch_init.h"
43 #include "qemu/log.h"
44 #include "hw/mips/bios.h"
45 #include "hw/ide.h"
46 #include "hw/loader.h"
47 #include "elf.h"
48 #include "hw/timer/mc146818rtc.h"
49 #include "hw/timer/i8254.h"
50 #include "exec/address-spaces.h"
51 #include "hw/sysbus.h" /* SysBusDevice */
52 #include "qemu/host-utils.h"
53 #include "sysemu/qtest.h"
54 #include "qapi/error.h"
55 #include "qemu/error-report.h"
56 #include "hw/empty_slot.h"
57 #include "sysemu/kvm.h"
58 #include "exec/semihost.h"
59 #include "hw/mips/cps.h"
60
61 //#define DEBUG_BOARD_INIT
62
63 #define ENVP_ADDR 0x80002000l
64 #define ENVP_NB_ENTRIES 16
65 #define ENVP_ENTRY_SIZE 256
66
67 /* Hardware addresses */
68 #define FLASH_ADDRESS 0x1e000000ULL
69 #define FPGA_ADDRESS 0x1f000000ULL
70 #define RESET_ADDRESS 0x1fc00000ULL
71
72 #define FLASH_SIZE 0x400000
73
74 #define MAX_IDE_BUS 2
75
76 typedef struct {
77 MemoryRegion iomem;
78 MemoryRegion iomem_lo; /* 0 - 0x900 */
79 MemoryRegion iomem_hi; /* 0xa00 - 0x100000 */
80 uint32_t leds;
81 uint32_t brk;
82 uint32_t gpout;
83 uint32_t i2cin;
84 uint32_t i2coe;
85 uint32_t i2cout;
86 uint32_t i2csel;
87 CharBackend display;
88 char display_text[9];
89 SerialState *uart;
90 bool display_inited;
91 } MaltaFPGAState;
92
93 #define TYPE_MIPS_MALTA "mips-malta"
94 #define MIPS_MALTA(obj) OBJECT_CHECK(MaltaState, (obj), TYPE_MIPS_MALTA)
95
96 typedef struct {
97 SysBusDevice parent_obj;
98
99 MIPSCPSState *cps;
100 qemu_irq *i8259;
101 } MaltaState;
102
103 static ISADevice *pit;
104
105 static struct _loaderparams {
106 int ram_size, ram_low_size;
107 const char *kernel_filename;
108 const char *kernel_cmdline;
109 const char *initrd_filename;
110 } loaderparams;
111
112 /* Malta FPGA */
113 static void malta_fpga_update_display(void *opaque)
114 {
115 char leds_text[9];
116 int i;
117 MaltaFPGAState *s = opaque;
118
119 for (i = 7 ; i >= 0 ; i--) {
120 if (s->leds & (1 << i))
121 leds_text[i] = '#';
122 else
123 leds_text[i] = ' ';
124 }
125 leds_text[8] = '\0';
126
127 qemu_chr_fe_printf(&s->display, "\e[H\n\n|\e[32m%-8.8s\e[00m|\r\n",
128 leds_text);
129 qemu_chr_fe_printf(&s->display, "\n\n\n\n|\e[31m%-8.8s\e[00m|",
130 s->display_text);
131 }
132
133 /*
134 * EEPROM 24C01 / 24C02 emulation.
135 *
136 * Emulation for serial EEPROMs:
137 * 24C01 - 1024 bit (128 x 8)
138 * 24C02 - 2048 bit (256 x 8)
139 *
140 * Typical device names include Microchip 24C02SC or SGS Thomson ST24C02.
141 */
142
143 //~ #define DEBUG
144
145 #if defined(DEBUG)
146 # define logout(fmt, ...) fprintf(stderr, "MALTA\t%-24s" fmt, __func__, ## __VA_ARGS__)
147 #else
148 # define logout(fmt, ...) ((void)0)
149 #endif
150
151 struct _eeprom24c0x_t {
152 uint8_t tick;
153 uint8_t address;
154 uint8_t command;
155 uint8_t ack;
156 uint8_t scl;
157 uint8_t sda;
158 uint8_t data;
159 //~ uint16_t size;
160 uint8_t contents[256];
161 };
162
163 typedef struct _eeprom24c0x_t eeprom24c0x_t;
164
165 static eeprom24c0x_t spd_eeprom = {
166 .contents = {
167 /* 00000000: */ 0x80,0x08,0xFF,0x0D,0x0A,0xFF,0x40,0x00,
168 /* 00000008: */ 0x01,0x75,0x54,0x00,0x82,0x08,0x00,0x01,
169 /* 00000010: */ 0x8F,0x04,0x02,0x01,0x01,0x00,0x00,0x00,
170 /* 00000018: */ 0x00,0x00,0x00,0x14,0x0F,0x14,0x2D,0xFF,
171 /* 00000020: */ 0x15,0x08,0x15,0x08,0x00,0x00,0x00,0x00,
172 /* 00000028: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
173 /* 00000030: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
174 /* 00000038: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x12,0xD0,
175 /* 00000040: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
176 /* 00000048: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
177 /* 00000050: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
178 /* 00000058: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
179 /* 00000060: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
180 /* 00000068: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
181 /* 00000070: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
182 /* 00000078: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x64,0xF4,
183 },
184 };
185
186 static void generate_eeprom_spd(uint8_t *eeprom, ram_addr_t ram_size)
187 {
188 enum { SDR = 0x4, DDR2 = 0x8 } type;
189 uint8_t *spd = spd_eeprom.contents;
190 uint8_t nbanks = 0;
191 uint16_t density = 0;
192 int i;
193
194 /* work in terms of MB */
195 ram_size /= MiB;
196
197 while ((ram_size >= 4) && (nbanks <= 2)) {
198 int sz_log2 = MIN(31 - clz32(ram_size), 14);
199 nbanks++;
200 density |= 1 << (sz_log2 - 2);
201 ram_size -= 1 << sz_log2;
202 }
203
204 /* split to 2 banks if possible */
205 if ((nbanks == 1) && (density > 1)) {
206 nbanks++;
207 density >>= 1;
208 }
209
210 if (density & 0xff00) {
211 density = (density & 0xe0) | ((density >> 8) & 0x1f);
212 type = DDR2;
213 } else if (!(density & 0x1f)) {
214 type = DDR2;
215 } else {
216 type = SDR;
217 }
218
219 if (ram_size) {
220 warn_report("SPD cannot represent final " RAM_ADDR_FMT "MB"
221 " of SDRAM", ram_size);
222 }
223
224 /* fill in SPD memory information */
225 spd[2] = type;
226 spd[5] = nbanks;
227 spd[31] = density;
228
229 /* checksum */
230 spd[63] = 0;
231 for (i = 0; i < 63; i++) {
232 spd[63] += spd[i];
233 }
234
235 /* copy for SMBUS */
236 memcpy(eeprom, spd, sizeof(spd_eeprom.contents));
237 }
238
239 static void generate_eeprom_serial(uint8_t *eeprom)
240 {
241 int i, pos = 0;
242 uint8_t mac[6] = { 0x00 };
243 uint8_t sn[5] = { 0x01, 0x23, 0x45, 0x67, 0x89 };
244
245 /* version */
246 eeprom[pos++] = 0x01;
247
248 /* count */
249 eeprom[pos++] = 0x02;
250
251 /* MAC address */
252 eeprom[pos++] = 0x01; /* MAC */
253 eeprom[pos++] = 0x06; /* length */
254 memcpy(&eeprom[pos], mac, sizeof(mac));
255 pos += sizeof(mac);
256
257 /* serial number */
258 eeprom[pos++] = 0x02; /* serial */
259 eeprom[pos++] = 0x05; /* length */
260 memcpy(&eeprom[pos], sn, sizeof(sn));
261 pos += sizeof(sn);
262
263 /* checksum */
264 eeprom[pos] = 0;
265 for (i = 0; i < pos; i++) {
266 eeprom[pos] += eeprom[i];
267 }
268 }
269
270 static uint8_t eeprom24c0x_read(eeprom24c0x_t *eeprom)
271 {
272 logout("%u: scl = %u, sda = %u, data = 0x%02x\n",
273 eeprom->tick, eeprom->scl, eeprom->sda, eeprom->data);
274 return eeprom->sda;
275 }
276
277 static void eeprom24c0x_write(eeprom24c0x_t *eeprom, int scl, int sda)
278 {
279 if (eeprom->scl && scl && (eeprom->sda != sda)) {
280 logout("%u: scl = %u->%u, sda = %u->%u i2c %s\n",
281 eeprom->tick, eeprom->scl, scl, eeprom->sda, sda,
282 sda ? "stop" : "start");
283 if (!sda) {
284 eeprom->tick = 1;
285 eeprom->command = 0;
286 }
287 } else if (eeprom->tick == 0 && !eeprom->ack) {
288 /* Waiting for start. */
289 logout("%u: scl = %u->%u, sda = %u->%u wait for i2c start\n",
290 eeprom->tick, eeprom->scl, scl, eeprom->sda, sda);
291 } else if (!eeprom->scl && scl) {
292 logout("%u: scl = %u->%u, sda = %u->%u trigger bit\n",
293 eeprom->tick, eeprom->scl, scl, eeprom->sda, sda);
294 if (eeprom->ack) {
295 logout("\ti2c ack bit = 0\n");
296 sda = 0;
297 eeprom->ack = 0;
298 } else if (eeprom->sda == sda) {
299 uint8_t bit = (sda != 0);
300 logout("\ti2c bit = %d\n", bit);
301 if (eeprom->tick < 9) {
302 eeprom->command <<= 1;
303 eeprom->command += bit;
304 eeprom->tick++;
305 if (eeprom->tick == 9) {
306 logout("\tcommand 0x%04x, %s\n", eeprom->command,
307 bit ? "read" : "write");
308 eeprom->ack = 1;
309 }
310 } else if (eeprom->tick < 17) {
311 if (eeprom->command & 1) {
312 sda = ((eeprom->data & 0x80) != 0);
313 }
314 eeprom->address <<= 1;
315 eeprom->address += bit;
316 eeprom->tick++;
317 eeprom->data <<= 1;
318 if (eeprom->tick == 17) {
319 eeprom->data = eeprom->contents[eeprom->address];
320 logout("\taddress 0x%04x, data 0x%02x\n",
321 eeprom->address, eeprom->data);
322 eeprom->ack = 1;
323 eeprom->tick = 0;
324 }
325 } else if (eeprom->tick >= 17) {
326 sda = 0;
327 }
328 } else {
329 logout("\tsda changed with raising scl\n");
330 }
331 } else {
332 logout("%u: scl = %u->%u, sda = %u->%u\n", eeprom->tick, eeprom->scl,
333 scl, eeprom->sda, sda);
334 }
335 eeprom->scl = scl;
336 eeprom->sda = sda;
337 }
338
339 static uint64_t malta_fpga_read(void *opaque, hwaddr addr,
340 unsigned size)
341 {
342 MaltaFPGAState *s = opaque;
343 uint32_t val = 0;
344 uint32_t saddr;
345
346 saddr = (addr & 0xfffff);
347
348 switch (saddr) {
349
350 /* SWITCH Register */
351 case 0x00200:
352 val = 0x00000000; /* All switches closed */
353 break;
354
355 /* STATUS Register */
356 case 0x00208:
357 #ifdef TARGET_WORDS_BIGENDIAN
358 val = 0x00000012;
359 #else
360 val = 0x00000010;
361 #endif
362 break;
363
364 /* JMPRS Register */
365 case 0x00210:
366 val = 0x00;
367 break;
368
369 /* LEDBAR Register */
370 case 0x00408:
371 val = s->leds;
372 break;
373
374 /* BRKRES Register */
375 case 0x00508:
376 val = s->brk;
377 break;
378
379 /* UART Registers are handled directly by the serial device */
380
381 /* GPOUT Register */
382 case 0x00a00:
383 val = s->gpout;
384 break;
385
386 /* XXX: implement a real I2C controller */
387
388 /* GPINP Register */
389 case 0x00a08:
390 /* IN = OUT until a real I2C control is implemented */
391 if (s->i2csel)
392 val = s->i2cout;
393 else
394 val = 0x00;
395 break;
396
397 /* I2CINP Register */
398 case 0x00b00:
399 val = ((s->i2cin & ~1) | eeprom24c0x_read(&spd_eeprom));
400 break;
401
402 /* I2COE Register */
403 case 0x00b08:
404 val = s->i2coe;
405 break;
406
407 /* I2COUT Register */
408 case 0x00b10:
409 val = s->i2cout;
410 break;
411
412 /* I2CSEL Register */
413 case 0x00b18:
414 val = s->i2csel;
415 break;
416
417 default:
418 #if 0
419 printf ("malta_fpga_read: Bad register offset 0x" TARGET_FMT_lx "\n",
420 addr);
421 #endif
422 break;
423 }
424 return val;
425 }
426
427 static void malta_fpga_write(void *opaque, hwaddr addr,
428 uint64_t val, unsigned size)
429 {
430 MaltaFPGAState *s = opaque;
431 uint32_t saddr;
432
433 saddr = (addr & 0xfffff);
434
435 switch (saddr) {
436
437 /* SWITCH Register */
438 case 0x00200:
439 break;
440
441 /* JMPRS Register */
442 case 0x00210:
443 break;
444
445 /* LEDBAR Register */
446 case 0x00408:
447 s->leds = val & 0xff;
448 malta_fpga_update_display(s);
449 break;
450
451 /* ASCIIWORD Register */
452 case 0x00410:
453 snprintf(s->display_text, 9, "%08X", (uint32_t)val);
454 malta_fpga_update_display(s);
455 break;
456
457 /* ASCIIPOS0 to ASCIIPOS7 Registers */
458 case 0x00418:
459 case 0x00420:
460 case 0x00428:
461 case 0x00430:
462 case 0x00438:
463 case 0x00440:
464 case 0x00448:
465 case 0x00450:
466 s->display_text[(saddr - 0x00418) >> 3] = (char) val;
467 malta_fpga_update_display(s);
468 break;
469
470 /* SOFTRES Register */
471 case 0x00500:
472 if (val == 0x42)
473 qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET);
474 break;
475
476 /* BRKRES Register */
477 case 0x00508:
478 s->brk = val & 0xff;
479 break;
480
481 /* UART Registers are handled directly by the serial device */
482
483 /* GPOUT Register */
484 case 0x00a00:
485 s->gpout = val & 0xff;
486 break;
487
488 /* I2COE Register */
489 case 0x00b08:
490 s->i2coe = val & 0x03;
491 break;
492
493 /* I2COUT Register */
494 case 0x00b10:
495 eeprom24c0x_write(&spd_eeprom, val & 0x02, val & 0x01);
496 s->i2cout = val;
497 break;
498
499 /* I2CSEL Register */
500 case 0x00b18:
501 s->i2csel = val & 0x01;
502 break;
503
504 default:
505 #if 0
506 printf ("malta_fpga_write: Bad register offset 0x" TARGET_FMT_lx "\n",
507 addr);
508 #endif
509 break;
510 }
511 }
512
513 static const MemoryRegionOps malta_fpga_ops = {
514 .read = malta_fpga_read,
515 .write = malta_fpga_write,
516 .endianness = DEVICE_NATIVE_ENDIAN,
517 };
518
519 static void malta_fpga_reset(void *opaque)
520 {
521 MaltaFPGAState *s = opaque;
522
523 s->leds = 0x00;
524 s->brk = 0x0a;
525 s->gpout = 0x00;
526 s->i2cin = 0x3;
527 s->i2coe = 0x0;
528 s->i2cout = 0x3;
529 s->i2csel = 0x1;
530
531 s->display_text[8] = '\0';
532 snprintf(s->display_text, 9, " ");
533 }
534
535 static void malta_fgpa_display_event(void *opaque, int event)
536 {
537 MaltaFPGAState *s = opaque;
538
539 if (event == CHR_EVENT_OPENED && !s->display_inited) {
540 qemu_chr_fe_printf(&s->display, "\e[HMalta LEDBAR\r\n");
541 qemu_chr_fe_printf(&s->display, "+--------+\r\n");
542 qemu_chr_fe_printf(&s->display, "+ +\r\n");
543 qemu_chr_fe_printf(&s->display, "+--------+\r\n");
544 qemu_chr_fe_printf(&s->display, "\n");
545 qemu_chr_fe_printf(&s->display, "Malta ASCII\r\n");
546 qemu_chr_fe_printf(&s->display, "+--------+\r\n");
547 qemu_chr_fe_printf(&s->display, "+ +\r\n");
548 qemu_chr_fe_printf(&s->display, "+--------+\r\n");
549 s->display_inited = true;
550 }
551 }
552
553 static MaltaFPGAState *malta_fpga_init(MemoryRegion *address_space,
554 hwaddr base, qemu_irq uart_irq, Chardev *uart_chr)
555 {
556 MaltaFPGAState *s;
557 Chardev *chr;
558
559 s = (MaltaFPGAState *)g_malloc0(sizeof(MaltaFPGAState));
560
561 memory_region_init_io(&s->iomem, NULL, &malta_fpga_ops, s,
562 "malta-fpga", 0x100000);
563 memory_region_init_alias(&s->iomem_lo, NULL, "malta-fpga",
564 &s->iomem, 0, 0x900);
565 memory_region_init_alias(&s->iomem_hi, NULL, "malta-fpga",
566 &s->iomem, 0xa00, 0x10000-0xa00);
567
568 memory_region_add_subregion(address_space, base, &s->iomem_lo);
569 memory_region_add_subregion(address_space, base + 0xa00, &s->iomem_hi);
570
571 chr = qemu_chr_new("fpga", "vc:320x200");
572 qemu_chr_fe_init(&s->display, chr, NULL);
573 qemu_chr_fe_set_handlers(&s->display, NULL, NULL,
574 malta_fgpa_display_event, NULL, s, NULL, true);
575
576 s->uart = serial_mm_init(address_space, base + 0x900, 3, uart_irq,
577 230400, uart_chr, DEVICE_NATIVE_ENDIAN);
578
579 malta_fpga_reset(s);
580 qemu_register_reset(malta_fpga_reset, s);
581
582 return s;
583 }
584
585 /* Network support */
586 static void network_init(PCIBus *pci_bus)
587 {
588 int i;
589
590 for(i = 0; i < nb_nics; i++) {
591 NICInfo *nd = &nd_table[i];
592 const char *default_devaddr = NULL;
593
594 if (i == 0 && (!nd->model || strcmp(nd->model, "pcnet") == 0))
595 /* The malta board has a PCNet card using PCI SLOT 11 */
596 default_devaddr = "0b";
597
598 pci_nic_init_nofail(nd, pci_bus, "pcnet", default_devaddr);
599 }
600 }
601
602 static void write_bootloader_nanomips(uint8_t *base, int64_t run_addr,
603 int64_t kernel_entry)
604 {
605 uint16_t *p;
606
607 /* Small bootloader */
608 p = (uint16_t *)base;
609
610 #define NM_HI1(VAL) (((VAL) >> 16) & 0x1f)
611 #define NM_HI2(VAL) \
612 (((VAL) & 0xf000) | (((VAL) >> 19) & 0xffc) | (((VAL) >> 31) & 0x1))
613 #define NM_LO(VAL) ((VAL) & 0xfff)
614
615 stw_p(p++, 0x2800); stw_p(p++, 0x001c);
616 /* bc to_here */
617 stw_p(p++, 0x8000); stw_p(p++, 0xc000);
618 /* nop */
619 stw_p(p++, 0x8000); stw_p(p++, 0xc000);
620 /* nop */
621 stw_p(p++, 0x8000); stw_p(p++, 0xc000);
622 /* nop */
623 stw_p(p++, 0x8000); stw_p(p++, 0xc000);
624 /* nop */
625 stw_p(p++, 0x8000); stw_p(p++, 0xc000);
626 /* nop */
627 stw_p(p++, 0x8000); stw_p(p++, 0xc000);
628 /* nop */
629 stw_p(p++, 0x8000); stw_p(p++, 0xc000);
630 /* nop */
631
632 /* to_here: */
633 stw_p(p++, 0x0080); stw_p(p++, 0x0002);
634 /* li a0,2 */
635
636 stw_p(p++, 0xe3a0 | NM_HI1(ENVP_ADDR - 64));
637
638 stw_p(p++, NM_HI2(ENVP_ADDR - 64));
639 /* lui sp,%hi(ENVP_ADDR - 64) */
640
641 stw_p(p++, 0x83bd); stw_p(p++, NM_LO(ENVP_ADDR - 64));
642 /* ori sp,sp,%lo(ENVP_ADDR - 64) */
643
644 stw_p(p++, 0xe0a0 | NM_HI1(ENVP_ADDR));
645
646 stw_p(p++, NM_HI2(ENVP_ADDR));
647 /* lui a1,%hi(ENVP_ADDR) */
648
649 stw_p(p++, 0x80a5); stw_p(p++, NM_LO(ENVP_ADDR));
650 /* ori a1,a1,%lo(ENVP_ADDR) */
651
652 stw_p(p++, 0xe0c0 | NM_HI1(ENVP_ADDR + 8));
653
654 stw_p(p++, NM_HI2(ENVP_ADDR + 8));
655 /* lui a2,%hi(ENVP_ADDR + 8) */
656
657 stw_p(p++, 0x80c6); stw_p(p++, NM_LO(ENVP_ADDR + 8));
658 /* ori a2,a2,%lo(ENVP_ADDR + 8) */
659
660 stw_p(p++, 0xe0e0 | NM_HI1(loaderparams.ram_low_size));
661
662 stw_p(p++, NM_HI2(loaderparams.ram_low_size));
663 /* lui a3,%hi(loaderparams.ram_low_size) */
664
665 stw_p(p++, 0x80e7); stw_p(p++, NM_LO(loaderparams.ram_low_size));
666 /* ori a3,a3,%lo(loaderparams.ram_low_size) */
667
668 /*
669 * Load BAR registers as done by YAMON:
670 *
671 * - set up PCI0 I/O BARs from 0x18000000 to 0x181fffff
672 * - set up PCI0 MEM0 at 0x10000000, size 0x8000000
673 * - set up PCI0 MEM1 at 0x18200000, size 0xbe00000
674 *
675 */
676 stw_p(p++, 0xe040); stw_p(p++, 0x0681);
677 /* lui t1, %hi(0xb4000000) */
678
679 #ifdef TARGET_WORDS_BIGENDIAN
680
681 stw_p(p++, 0xe020); stw_p(p++, 0x0be1);
682 /* lui t0, %hi(0xdf000000) */
683
684 /* 0x68 corresponds to GT_ISD (from hw/mips/gt64xxx_pci.c) */
685 stw_p(p++, 0x8422); stw_p(p++, 0x9068);
686 /* sw t0, 0x68(t1) */
687
688 stw_p(p++, 0xe040); stw_p(p++, 0x077d);
689 /* lui t1, %hi(0xbbe00000) */
690
691 stw_p(p++, 0xe020); stw_p(p++, 0x0801);
692 /* lui t0, %hi(0xc0000000) */
693
694 /* 0x48 corresponds to GT_PCI0IOLD */
695 stw_p(p++, 0x8422); stw_p(p++, 0x9048);
696 /* sw t0, 0x48(t1) */
697
698 stw_p(p++, 0xe020); stw_p(p++, 0x0800);
699 /* lui t0, %hi(0x40000000) */
700
701 /* 0x50 corresponds to GT_PCI0IOHD */
702 stw_p(p++, 0x8422); stw_p(p++, 0x9050);
703 /* sw t0, 0x50(t1) */
704
705 stw_p(p++, 0xe020); stw_p(p++, 0x0001);
706 /* lui t0, %hi(0x80000000) */
707
708 /* 0x58 corresponds to GT_PCI0M0LD */
709 stw_p(p++, 0x8422); stw_p(p++, 0x9058);
710 /* sw t0, 0x58(t1) */
711
712 stw_p(p++, 0xe020); stw_p(p++, 0x07e0);
713 /* lui t0, %hi(0x3f000000) */
714
715 /* 0x60 corresponds to GT_PCI0M0HD */
716 stw_p(p++, 0x8422); stw_p(p++, 0x9060);
717 /* sw t0, 0x60(t1) */
718
719 stw_p(p++, 0xe020); stw_p(p++, 0x0821);
720 /* lui t0, %hi(0xc1000000) */
721
722 /* 0x80 corresponds to GT_PCI0M1LD */
723 stw_p(p++, 0x8422); stw_p(p++, 0x9080);
724 /* sw t0, 0x80(t1) */
725
726 stw_p(p++, 0xe020); stw_p(p++, 0x0bc0);
727 /* lui t0, %hi(0x5e000000) */
728
729 #else
730
731 stw_p(p++, 0x0020); stw_p(p++, 0x00df);
732 /* addiu[32] t0, $0, 0xdf */
733
734 /* 0x68 corresponds to GT_ISD */
735 stw_p(p++, 0x8422); stw_p(p++, 0x9068);
736 /* sw t0, 0x68(t1) */
737
738 /* Use kseg2 remapped address 0x1be00000 */
739 stw_p(p++, 0xe040); stw_p(p++, 0x077d);
740 /* lui t1, %hi(0xbbe00000) */
741
742 stw_p(p++, 0x0020); stw_p(p++, 0x00c0);
743 /* addiu[32] t0, $0, 0xc0 */
744
745 /* 0x48 corresponds to GT_PCI0IOLD */
746 stw_p(p++, 0x8422); stw_p(p++, 0x9048);
747 /* sw t0, 0x48(t1) */
748
749 stw_p(p++, 0x0020); stw_p(p++, 0x0040);
750 /* addiu[32] t0, $0, 0x40 */
751
752 /* 0x50 corresponds to GT_PCI0IOHD */
753 stw_p(p++, 0x8422); stw_p(p++, 0x9050);
754 /* sw t0, 0x50(t1) */
755
756 stw_p(p++, 0x0020); stw_p(p++, 0x0080);
757 /* addiu[32] t0, $0, 0x80 */
758
759 /* 0x58 corresponds to GT_PCI0M0LD */
760 stw_p(p++, 0x8422); stw_p(p++, 0x9058);
761 /* sw t0, 0x58(t1) */
762
763 stw_p(p++, 0x0020); stw_p(p++, 0x003f);
764 /* addiu[32] t0, $0, 0x3f */
765
766 /* 0x60 corresponds to GT_PCI0M0HD */
767 stw_p(p++, 0x8422); stw_p(p++, 0x9060);
768 /* sw t0, 0x60(t1) */
769
770 stw_p(p++, 0x0020); stw_p(p++, 0x00c1);
771 /* addiu[32] t0, $0, 0xc1 */
772
773 /* 0x80 corresponds to GT_PCI0M1LD */
774 stw_p(p++, 0x8422); stw_p(p++, 0x9080);
775 /* sw t0, 0x80(t1) */
776
777 stw_p(p++, 0x0020); stw_p(p++, 0x005e);
778 /* addiu[32] t0, $0, 0x5e */
779
780 #endif
781
782 /* 0x88 corresponds to GT_PCI0M1HD */
783 stw_p(p++, 0x8422); stw_p(p++, 0x9088);
784 /* sw t0, 0x88(t1) */
785
786 stw_p(p++, 0xe320 | NM_HI1(kernel_entry));
787
788 stw_p(p++, NM_HI2(kernel_entry));
789 /* lui t9,%hi(kernel_entry) */
790
791 stw_p(p++, 0x8339); stw_p(p++, NM_LO(kernel_entry));
792 /* ori t9,t9,%lo(kernel_entry) */
793
794 stw_p(p++, 0x4bf9); stw_p(p++, 0x0000);
795 /* jalrc t8 */
796 }
797
798 /* ROM and pseudo bootloader
799
800 The following code implements a very very simple bootloader. It first
801 loads the registers a0 to a3 to the values expected by the OS, and
802 then jump at the kernel address.
803
804 The bootloader should pass the locations of the kernel arguments and
805 environment variables tables. Those tables contain the 32-bit address
806 of NULL terminated strings. The environment variables table should be
807 terminated by a NULL address.
808
809 For a simpler implementation, the number of kernel arguments is fixed
810 to two (the name of the kernel and the command line), and the two
811 tables are actually the same one.
812
813 The registers a0 to a3 should contain the following values:
814 a0 - number of kernel arguments
815 a1 - 32-bit address of the kernel arguments table
816 a2 - 32-bit address of the environment variables table
817 a3 - RAM size in bytes
818 */
819 static void write_bootloader(uint8_t *base, int64_t run_addr,
820 int64_t kernel_entry)
821 {
822 uint32_t *p;
823
824 /* Small bootloader */
825 p = (uint32_t *)base;
826
827 stl_p(p++, 0x08000000 | /* j 0x1fc00580 */
828 ((run_addr + 0x580) & 0x0fffffff) >> 2);
829 stl_p(p++, 0x00000000); /* nop */
830
831 /* YAMON service vector */
832 stl_p(base + 0x500, run_addr + 0x0580); /* start: */
833 stl_p(base + 0x504, run_addr + 0x083c); /* print_count: */
834 stl_p(base + 0x520, run_addr + 0x0580); /* start: */
835 stl_p(base + 0x52c, run_addr + 0x0800); /* flush_cache: */
836 stl_p(base + 0x534, run_addr + 0x0808); /* print: */
837 stl_p(base + 0x538, run_addr + 0x0800); /* reg_cpu_isr: */
838 stl_p(base + 0x53c, run_addr + 0x0800); /* unred_cpu_isr: */
839 stl_p(base + 0x540, run_addr + 0x0800); /* reg_ic_isr: */
840 stl_p(base + 0x544, run_addr + 0x0800); /* unred_ic_isr: */
841 stl_p(base + 0x548, run_addr + 0x0800); /* reg_esr: */
842 stl_p(base + 0x54c, run_addr + 0x0800); /* unreg_esr: */
843 stl_p(base + 0x550, run_addr + 0x0800); /* getchar: */
844 stl_p(base + 0x554, run_addr + 0x0800); /* syscon_read: */
845
846
847 /* Second part of the bootloader */
848 p = (uint32_t *) (base + 0x580);
849
850 if (semihosting_get_argc()) {
851 /* Preserve a0 content as arguments have been passed */
852 stl_p(p++, 0x00000000); /* nop */
853 } else {
854 stl_p(p++, 0x24040002); /* addiu a0, zero, 2 */
855 }
856 stl_p(p++, 0x3c1d0000 | (((ENVP_ADDR - 64) >> 16) & 0xffff)); /* lui sp, high(ENVP_ADDR) */
857 stl_p(p++, 0x37bd0000 | ((ENVP_ADDR - 64) & 0xffff)); /* ori sp, sp, low(ENVP_ADDR) */
858 stl_p(p++, 0x3c050000 | ((ENVP_ADDR >> 16) & 0xffff)); /* lui a1, high(ENVP_ADDR) */
859 stl_p(p++, 0x34a50000 | (ENVP_ADDR & 0xffff)); /* ori a1, a1, low(ENVP_ADDR) */
860 stl_p(p++, 0x3c060000 | (((ENVP_ADDR + 8) >> 16) & 0xffff)); /* lui a2, high(ENVP_ADDR + 8) */
861 stl_p(p++, 0x34c60000 | ((ENVP_ADDR + 8) & 0xffff)); /* ori a2, a2, low(ENVP_ADDR + 8) */
862 stl_p(p++, 0x3c070000 | (loaderparams.ram_low_size >> 16)); /* lui a3, high(ram_low_size) */
863 stl_p(p++, 0x34e70000 | (loaderparams.ram_low_size & 0xffff)); /* ori a3, a3, low(ram_low_size) */
864
865 /* Load BAR registers as done by YAMON */
866 stl_p(p++, 0x3c09b400); /* lui t1, 0xb400 */
867
868 #ifdef TARGET_WORDS_BIGENDIAN
869 stl_p(p++, 0x3c08df00); /* lui t0, 0xdf00 */
870 #else
871 stl_p(p++, 0x340800df); /* ori t0, r0, 0x00df */
872 #endif
873 stl_p(p++, 0xad280068); /* sw t0, 0x0068(t1) */
874
875 stl_p(p++, 0x3c09bbe0); /* lui t1, 0xbbe0 */
876
877 #ifdef TARGET_WORDS_BIGENDIAN
878 stl_p(p++, 0x3c08c000); /* lui t0, 0xc000 */
879 #else
880 stl_p(p++, 0x340800c0); /* ori t0, r0, 0x00c0 */
881 #endif
882 stl_p(p++, 0xad280048); /* sw t0, 0x0048(t1) */
883 #ifdef TARGET_WORDS_BIGENDIAN
884 stl_p(p++, 0x3c084000); /* lui t0, 0x4000 */
885 #else
886 stl_p(p++, 0x34080040); /* ori t0, r0, 0x0040 */
887 #endif
888 stl_p(p++, 0xad280050); /* sw t0, 0x0050(t1) */
889
890 #ifdef TARGET_WORDS_BIGENDIAN
891 stl_p(p++, 0x3c088000); /* lui t0, 0x8000 */
892 #else
893 stl_p(p++, 0x34080080); /* ori t0, r0, 0x0080 */
894 #endif
895 stl_p(p++, 0xad280058); /* sw t0, 0x0058(t1) */
896 #ifdef TARGET_WORDS_BIGENDIAN
897 stl_p(p++, 0x3c083f00); /* lui t0, 0x3f00 */
898 #else
899 stl_p(p++, 0x3408003f); /* ori t0, r0, 0x003f */
900 #endif
901 stl_p(p++, 0xad280060); /* sw t0, 0x0060(t1) */
902
903 #ifdef TARGET_WORDS_BIGENDIAN
904 stl_p(p++, 0x3c08c100); /* lui t0, 0xc100 */
905 #else
906 stl_p(p++, 0x340800c1); /* ori t0, r0, 0x00c1 */
907 #endif
908 stl_p(p++, 0xad280080); /* sw t0, 0x0080(t1) */
909 #ifdef TARGET_WORDS_BIGENDIAN
910 stl_p(p++, 0x3c085e00); /* lui t0, 0x5e00 */
911 #else
912 stl_p(p++, 0x3408005e); /* ori t0, r0, 0x005e */
913 #endif
914 stl_p(p++, 0xad280088); /* sw t0, 0x0088(t1) */
915
916 /* Jump to kernel code */
917 stl_p(p++, 0x3c1f0000 | ((kernel_entry >> 16) & 0xffff)); /* lui ra, high(kernel_entry) */
918 stl_p(p++, 0x37ff0000 | (kernel_entry & 0xffff)); /* ori ra, ra, low(kernel_entry) */
919 stl_p(p++, 0x03e00009); /* jalr ra */
920 stl_p(p++, 0x00000000); /* nop */
921
922 /* YAMON subroutines */
923 p = (uint32_t *) (base + 0x800);
924 stl_p(p++, 0x03e00009); /* jalr ra */
925 stl_p(p++, 0x24020000); /* li v0,0 */
926 /* 808 YAMON print */
927 stl_p(p++, 0x03e06821); /* move t5,ra */
928 stl_p(p++, 0x00805821); /* move t3,a0 */
929 stl_p(p++, 0x00a05021); /* move t2,a1 */
930 stl_p(p++, 0x91440000); /* lbu a0,0(t2) */
931 stl_p(p++, 0x254a0001); /* addiu t2,t2,1 */
932 stl_p(p++, 0x10800005); /* beqz a0,834 */
933 stl_p(p++, 0x00000000); /* nop */
934 stl_p(p++, 0x0ff0021c); /* jal 870 */
935 stl_p(p++, 0x00000000); /* nop */
936 stl_p(p++, 0x1000fff9); /* b 814 */
937 stl_p(p++, 0x00000000); /* nop */
938 stl_p(p++, 0x01a00009); /* jalr t5 */
939 stl_p(p++, 0x01602021); /* move a0,t3 */
940 /* 0x83c YAMON print_count */
941 stl_p(p++, 0x03e06821); /* move t5,ra */
942 stl_p(p++, 0x00805821); /* move t3,a0 */
943 stl_p(p++, 0x00a05021); /* move t2,a1 */
944 stl_p(p++, 0x00c06021); /* move t4,a2 */
945 stl_p(p++, 0x91440000); /* lbu a0,0(t2) */
946 stl_p(p++, 0x0ff0021c); /* jal 870 */
947 stl_p(p++, 0x00000000); /* nop */
948 stl_p(p++, 0x254a0001); /* addiu t2,t2,1 */
949 stl_p(p++, 0x258cffff); /* addiu t4,t4,-1 */
950 stl_p(p++, 0x1580fffa); /* bnez t4,84c */
951 stl_p(p++, 0x00000000); /* nop */
952 stl_p(p++, 0x01a00009); /* jalr t5 */
953 stl_p(p++, 0x01602021); /* move a0,t3 */
954 /* 0x870 */
955 stl_p(p++, 0x3c08b800); /* lui t0,0xb400 */
956 stl_p(p++, 0x350803f8); /* ori t0,t0,0x3f8 */
957 stl_p(p++, 0x91090005); /* lbu t1,5(t0) */
958 stl_p(p++, 0x00000000); /* nop */
959 stl_p(p++, 0x31290040); /* andi t1,t1,0x40 */
960 stl_p(p++, 0x1120fffc); /* beqz t1,878 <outch+0x8> */
961 stl_p(p++, 0x00000000); /* nop */
962 stl_p(p++, 0x03e00009); /* jalr ra */
963 stl_p(p++, 0xa1040000); /* sb a0,0(t0) */
964
965 }
966
967 static void GCC_FMT_ATTR(3, 4) prom_set(uint32_t* prom_buf, int index,
968 const char *string, ...)
969 {
970 va_list ap;
971 int32_t table_addr;
972
973 if (index >= ENVP_NB_ENTRIES)
974 return;
975
976 if (string == NULL) {
977 prom_buf[index] = 0;
978 return;
979 }
980
981 table_addr = sizeof(int32_t) * ENVP_NB_ENTRIES + index * ENVP_ENTRY_SIZE;
982 prom_buf[index] = tswap32(ENVP_ADDR + table_addr);
983
984 va_start(ap, string);
985 vsnprintf((char *)prom_buf + table_addr, ENVP_ENTRY_SIZE, string, ap);
986 va_end(ap);
987 }
988
989 /* Kernel */
990 static int64_t load_kernel (void)
991 {
992 int64_t kernel_entry, kernel_high;
993 long kernel_size, initrd_size;
994 ram_addr_t initrd_offset;
995 int big_endian;
996 uint32_t *prom_buf;
997 long prom_size;
998 int prom_index = 0;
999 uint64_t (*xlate_to_kseg0) (void *opaque, uint64_t addr);
1000
1001 #ifdef TARGET_WORDS_BIGENDIAN
1002 big_endian = 1;
1003 #else
1004 big_endian = 0;
1005 #endif
1006
1007 kernel_size = load_elf(loaderparams.kernel_filename, cpu_mips_kseg0_to_phys,
1008 NULL, (uint64_t *)&kernel_entry, NULL,
1009 (uint64_t *)&kernel_high, big_endian, EM_MIPS, 1, 0);
1010 if (kernel_size < 0) {
1011 error_report("could not load kernel '%s': %s",
1012 loaderparams.kernel_filename,
1013 load_elf_strerror(kernel_size));
1014 exit(1);
1015 }
1016
1017 /* Check where the kernel has been linked */
1018 if (kernel_entry & 0x80000000ll) {
1019 if (kvm_enabled()) {
1020 error_report("KVM guest kernels must be linked in useg. "
1021 "Did you forget to enable CONFIG_KVM_GUEST?");
1022 exit(1);
1023 }
1024
1025 xlate_to_kseg0 = cpu_mips_phys_to_kseg0;
1026 } else {
1027 /* if kernel entry is in useg it is probably a KVM T&E kernel */
1028 mips_um_ksegs_enable();
1029
1030 xlate_to_kseg0 = cpu_mips_kvm_um_phys_to_kseg0;
1031 }
1032
1033 /* load initrd */
1034 initrd_size = 0;
1035 initrd_offset = 0;
1036 if (loaderparams.initrd_filename) {
1037 initrd_size = get_image_size (loaderparams.initrd_filename);
1038 if (initrd_size > 0) {
1039 /* The kernel allocates the bootmap memory in the low memory after
1040 the initrd. It takes at most 128kiB for 2GB RAM and 4kiB
1041 pages. */
1042 initrd_offset = (loaderparams.ram_low_size - initrd_size
1043 - (128 * KiB)
1044 - ~INITRD_PAGE_MASK) & INITRD_PAGE_MASK;
1045 if (kernel_high >= initrd_offset) {
1046 error_report("memory too small for initial ram disk '%s'",
1047 loaderparams.initrd_filename);
1048 exit(1);
1049 }
1050 initrd_size = load_image_targphys(loaderparams.initrd_filename,
1051 initrd_offset,
1052 ram_size - initrd_offset);
1053 }
1054 if (initrd_size == (target_ulong) -1) {
1055 error_report("could not load initial ram disk '%s'",
1056 loaderparams.initrd_filename);
1057 exit(1);
1058 }
1059 }
1060
1061 /* Setup prom parameters. */
1062 prom_size = ENVP_NB_ENTRIES * (sizeof(int32_t) + ENVP_ENTRY_SIZE);
1063 prom_buf = g_malloc(prom_size);
1064
1065 prom_set(prom_buf, prom_index++, "%s", loaderparams.kernel_filename);
1066 if (initrd_size > 0) {
1067 prom_set(prom_buf, prom_index++, "rd_start=0x%" PRIx64 " rd_size=%li %s",
1068 xlate_to_kseg0(NULL, initrd_offset), initrd_size,
1069 loaderparams.kernel_cmdline);
1070 } else {
1071 prom_set(prom_buf, prom_index++, "%s", loaderparams.kernel_cmdline);
1072 }
1073
1074 prom_set(prom_buf, prom_index++, "memsize");
1075 prom_set(prom_buf, prom_index++, "%u", loaderparams.ram_low_size);
1076
1077 prom_set(prom_buf, prom_index++, "ememsize");
1078 prom_set(prom_buf, prom_index++, "%u", loaderparams.ram_size);
1079
1080 prom_set(prom_buf, prom_index++, "modetty0");
1081 prom_set(prom_buf, prom_index++, "38400n8r");
1082 prom_set(prom_buf, prom_index++, NULL);
1083
1084 rom_add_blob_fixed("prom", prom_buf, prom_size,
1085 cpu_mips_kseg0_to_phys(NULL, ENVP_ADDR));
1086
1087 g_free(prom_buf);
1088 return kernel_entry;
1089 }
1090
1091 static void malta_mips_config(MIPSCPU *cpu)
1092 {
1093 CPUMIPSState *env = &cpu->env;
1094 CPUState *cs = CPU(cpu);
1095
1096 env->mvp->CP0_MVPConf0 |= ((smp_cpus - 1) << CP0MVPC0_PVPE) |
1097 ((smp_cpus * cs->nr_threads - 1) << CP0MVPC0_PTC);
1098 }
1099
1100 static void main_cpu_reset(void *opaque)
1101 {
1102 MIPSCPU *cpu = opaque;
1103 CPUMIPSState *env = &cpu->env;
1104
1105 cpu_reset(CPU(cpu));
1106
1107 /* The bootloader does not need to be rewritten as it is located in a
1108 read only location. The kernel location and the arguments table
1109 location does not change. */
1110 if (loaderparams.kernel_filename) {
1111 env->CP0_Status &= ~(1 << CP0St_ERL);
1112 }
1113
1114 malta_mips_config(cpu);
1115
1116 if (kvm_enabled()) {
1117 /* Start running from the bootloader we wrote to end of RAM */
1118 env->active_tc.PC = 0x40000000 + loaderparams.ram_low_size;
1119 }
1120 }
1121
1122 static void create_cpu_without_cps(const char *cpu_type,
1123 qemu_irq *cbus_irq, qemu_irq *i8259_irq)
1124 {
1125 CPUMIPSState *env;
1126 MIPSCPU *cpu;
1127 int i;
1128
1129 for (i = 0; i < smp_cpus; i++) {
1130 cpu = MIPS_CPU(cpu_create(cpu_type));
1131
1132 /* Init internal devices */
1133 cpu_mips_irq_init_cpu(cpu);
1134 cpu_mips_clock_init(cpu);
1135 qemu_register_reset(main_cpu_reset, cpu);
1136 }
1137
1138 cpu = MIPS_CPU(first_cpu);
1139 env = &cpu->env;
1140 *i8259_irq = env->irq[2];
1141 *cbus_irq = env->irq[4];
1142 }
1143
1144 static void create_cps(MaltaState *s, const char *cpu_type,
1145 qemu_irq *cbus_irq, qemu_irq *i8259_irq)
1146 {
1147 Error *err = NULL;
1148
1149 s->cps = MIPS_CPS(object_new(TYPE_MIPS_CPS));
1150 qdev_set_parent_bus(DEVICE(s->cps), sysbus_get_default());
1151
1152 object_property_set_str(OBJECT(s->cps), cpu_type, "cpu-type", &err);
1153 object_property_set_int(OBJECT(s->cps), smp_cpus, "num-vp", &err);
1154 object_property_set_bool(OBJECT(s->cps), true, "realized", &err);
1155 if (err != NULL) {
1156 error_report("%s", error_get_pretty(err));
1157 exit(1);
1158 }
1159
1160 sysbus_mmio_map_overlap(SYS_BUS_DEVICE(s->cps), 0, 0, 1);
1161
1162 *i8259_irq = get_cps_irq(s->cps, 3);
1163 *cbus_irq = NULL;
1164 }
1165
1166 static void mips_create_cpu(MaltaState *s, const char *cpu_type,
1167 qemu_irq *cbus_irq, qemu_irq *i8259_irq)
1168 {
1169 if ((smp_cpus > 1) && cpu_supports_cps_smp(cpu_type)) {
1170 create_cps(s, cpu_type, cbus_irq, i8259_irq);
1171 } else {
1172 create_cpu_without_cps(cpu_type, cbus_irq, i8259_irq);
1173 }
1174 }
1175
1176 static
1177 void mips_malta_init(MachineState *machine)
1178 {
1179 ram_addr_t ram_size = machine->ram_size;
1180 ram_addr_t ram_low_size;
1181 const char *kernel_filename = machine->kernel_filename;
1182 const char *kernel_cmdline = machine->kernel_cmdline;
1183 const char *initrd_filename = machine->initrd_filename;
1184 char *filename;
1185 pflash_t *fl;
1186 MemoryRegion *system_memory = get_system_memory();
1187 MemoryRegion *ram_high = g_new(MemoryRegion, 1);
1188 MemoryRegion *ram_low_preio = g_new(MemoryRegion, 1);
1189 MemoryRegion *ram_low_postio;
1190 MemoryRegion *bios, *bios_copy = g_new(MemoryRegion, 1);
1191 target_long bios_size = FLASH_SIZE;
1192 const size_t smbus_eeprom_size = 8 * 256;
1193 uint8_t *smbus_eeprom_buf = g_malloc0(smbus_eeprom_size);
1194 int64_t kernel_entry, bootloader_run_addr;
1195 PCIBus *pci_bus;
1196 ISABus *isa_bus;
1197 qemu_irq *isa_irq;
1198 qemu_irq cbus_irq, i8259_irq;
1199 int piix4_devfn;
1200 I2CBus *smbus;
1201 DriveInfo *dinfo;
1202 DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
1203 int fl_idx = 0;
1204 int fl_sectors = bios_size >> 16;
1205 int be;
1206
1207 DeviceState *dev = qdev_create(NULL, TYPE_MIPS_MALTA);
1208 MaltaState *s = MIPS_MALTA(dev);
1209
1210 /* The whole address space decoded by the GT-64120A doesn't generate
1211 exception when accessing invalid memory. Create an empty slot to
1212 emulate this feature. */
1213 empty_slot_init(0, 0x20000000);
1214
1215 qdev_init_nofail(dev);
1216
1217 /* create CPU */
1218 mips_create_cpu(s, machine->cpu_type, &cbus_irq, &i8259_irq);
1219
1220 /* allocate RAM */
1221 if (ram_size > 2 * GiB) {
1222 error_report("Too much memory for this machine: %" PRId64 "MB,"
1223 " maximum 2048MB", ram_size / MiB);
1224 exit(1);
1225 }
1226
1227 /* register RAM at high address where it is undisturbed by IO */
1228 memory_region_allocate_system_memory(ram_high, NULL, "mips_malta.ram",
1229 ram_size);
1230 memory_region_add_subregion(system_memory, 0x80000000, ram_high);
1231
1232 /* alias for pre IO hole access */
1233 memory_region_init_alias(ram_low_preio, NULL, "mips_malta_low_preio.ram",
1234 ram_high, 0, MIN(ram_size, 256 * MiB));
1235 memory_region_add_subregion(system_memory, 0, ram_low_preio);
1236
1237 /* alias for post IO hole access, if there is enough RAM */
1238 if (ram_size > 512 * MiB) {
1239 ram_low_postio = g_new(MemoryRegion, 1);
1240 memory_region_init_alias(ram_low_postio, NULL,
1241 "mips_malta_low_postio.ram",
1242 ram_high, 512 * MiB,
1243 ram_size - 512 * MiB);
1244 memory_region_add_subregion(system_memory, 512 * MiB,
1245 ram_low_postio);
1246 }
1247
1248 #ifdef TARGET_WORDS_BIGENDIAN
1249 be = 1;
1250 #else
1251 be = 0;
1252 #endif
1253
1254 /* FPGA */
1255
1256 /* The CBUS UART is attached to the MIPS CPU INT2 pin, ie interrupt 4 */
1257 malta_fpga_init(system_memory, FPGA_ADDRESS, cbus_irq, serial_hd(2));
1258
1259 /* Load firmware in flash / BIOS. */
1260 dinfo = drive_get(IF_PFLASH, 0, fl_idx);
1261 #ifdef DEBUG_BOARD_INIT
1262 if (dinfo) {
1263 printf("Register parallel flash %d size " TARGET_FMT_lx " at "
1264 "addr %08llx '%s' %x\n",
1265 fl_idx, bios_size, FLASH_ADDRESS,
1266 blk_name(dinfo->bdrv), fl_sectors);
1267 }
1268 #endif
1269 fl = pflash_cfi01_register(FLASH_ADDRESS, NULL, "mips_malta.bios",
1270 BIOS_SIZE,
1271 dinfo ? blk_by_legacy_dinfo(dinfo) : NULL,
1272 65536, fl_sectors,
1273 4, 0x0000, 0x0000, 0x0000, 0x0000, be);
1274 bios = pflash_cfi01_get_memory(fl);
1275 fl_idx++;
1276 if (kernel_filename) {
1277 ram_low_size = MIN(ram_size, 256 * MiB);
1278 /* For KVM we reserve 1MB of RAM for running bootloader */
1279 if (kvm_enabled()) {
1280 ram_low_size -= 0x100000;
1281 bootloader_run_addr = 0x40000000 + ram_low_size;
1282 } else {
1283 bootloader_run_addr = 0xbfc00000;
1284 }
1285
1286 /* Write a small bootloader to the flash location. */
1287 loaderparams.ram_size = ram_size;
1288 loaderparams.ram_low_size = ram_low_size;
1289 loaderparams.kernel_filename = kernel_filename;
1290 loaderparams.kernel_cmdline = kernel_cmdline;
1291 loaderparams.initrd_filename = initrd_filename;
1292 kernel_entry = load_kernel();
1293
1294 if (!cpu_supports_isa(machine->cpu_type, ISA_NANOMIPS32)) {
1295 write_bootloader(memory_region_get_ram_ptr(bios),
1296 bootloader_run_addr, kernel_entry);
1297 } else {
1298 write_bootloader_nanomips(memory_region_get_ram_ptr(bios),
1299 bootloader_run_addr, kernel_entry);
1300 }
1301 if (kvm_enabled()) {
1302 /* Write the bootloader code @ the end of RAM, 1MB reserved */
1303 write_bootloader(memory_region_get_ram_ptr(ram_low_preio) +
1304 ram_low_size,
1305 bootloader_run_addr, kernel_entry);
1306 }
1307 } else {
1308 /* The flash region isn't executable from a KVM guest */
1309 if (kvm_enabled()) {
1310 error_report("KVM enabled but no -kernel argument was specified. "
1311 "Booting from flash is not supported with KVM.");
1312 exit(1);
1313 }
1314 /* Load firmware from flash. */
1315 if (!dinfo) {
1316 /* Load a BIOS image. */
1317 if (bios_name == NULL) {
1318 bios_name = BIOS_FILENAME;
1319 }
1320 filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
1321 if (filename) {
1322 bios_size = load_image_targphys(filename, FLASH_ADDRESS,
1323 BIOS_SIZE);
1324 g_free(filename);
1325 } else {
1326 bios_size = -1;
1327 }
1328 if ((bios_size < 0 || bios_size > BIOS_SIZE) &&
1329 !kernel_filename && !qtest_enabled()) {
1330 error_report("Could not load MIPS bios '%s', and no "
1331 "-kernel argument was specified", bios_name);
1332 exit(1);
1333 }
1334 }
1335 /* In little endian mode the 32bit words in the bios are swapped,
1336 a neat trick which allows bi-endian firmware. */
1337 #ifndef TARGET_WORDS_BIGENDIAN
1338 {
1339 uint32_t *end, *addr;
1340 const size_t swapsize = MIN(bios_size, 0x3e0000);
1341 addr = rom_ptr(FLASH_ADDRESS, swapsize);
1342 if (!addr) {
1343 addr = memory_region_get_ram_ptr(bios);
1344 }
1345 end = (void *)addr + swapsize;
1346 while (addr < end) {
1347 bswap32s(addr);
1348 addr++;
1349 }
1350 }
1351 #endif
1352 }
1353
1354 /*
1355 * Map the BIOS at a 2nd physical location, as on the real board.
1356 * Copy it so that we can patch in the MIPS revision, which cannot be
1357 * handled by an overlapping region as the resulting ROM code subpage
1358 * regions are not executable.
1359 */
1360 memory_region_init_ram(bios_copy, NULL, "bios.1fc", BIOS_SIZE,
1361 &error_fatal);
1362 if (!rom_copy(memory_region_get_ram_ptr(bios_copy),
1363 FLASH_ADDRESS, BIOS_SIZE)) {
1364 memcpy(memory_region_get_ram_ptr(bios_copy),
1365 memory_region_get_ram_ptr(bios), BIOS_SIZE);
1366 }
1367 memory_region_set_readonly(bios_copy, true);
1368 memory_region_add_subregion(system_memory, RESET_ADDRESS, bios_copy);
1369
1370 /* Board ID = 0x420 (Malta Board with CoreLV) */
1371 stl_p(memory_region_get_ram_ptr(bios_copy) + 0x10, 0x00000420);
1372
1373 /*
1374 * We have a circular dependency problem: pci_bus depends on isa_irq,
1375 * isa_irq is provided by i8259, i8259 depends on ISA, ISA depends
1376 * on piix4, and piix4 depends on pci_bus. To stop the cycle we have
1377 * qemu_irq_proxy() adds an extra bit of indirection, allowing us
1378 * to resolve the isa_irq -> i8259 dependency after i8259 is initialized.
1379 */
1380 isa_irq = qemu_irq_proxy(&s->i8259, 16);
1381
1382 /* Northbridge */
1383 pci_bus = gt64120_register(isa_irq);
1384
1385 /* Southbridge */
1386 ide_drive_get(hd, ARRAY_SIZE(hd));
1387
1388 piix4_devfn = piix4_init(pci_bus, &isa_bus, 80);
1389
1390 /* Interrupt controller */
1391 /* The 8259 is attached to the MIPS CPU INT0 pin, ie interrupt 2 */
1392 s->i8259 = i8259_init(isa_bus, i8259_irq);
1393
1394 isa_bus_irqs(isa_bus, s->i8259);
1395 pci_piix4_ide_init(pci_bus, hd, piix4_devfn + 1);
1396 pci_create_simple(pci_bus, piix4_devfn + 2, "piix4-usb-uhci");
1397 smbus = piix4_pm_init(pci_bus, piix4_devfn + 3, 0x1100,
1398 isa_get_irq(NULL, 9), NULL, 0, NULL);
1399 pit = i8254_pit_init(isa_bus, 0x40, 0, NULL);
1400 i8257_dma_init(isa_bus, 0);
1401 mc146818_rtc_init(isa_bus, 2000, NULL);
1402
1403 /* generate SPD EEPROM data */
1404 generate_eeprom_spd(&smbus_eeprom_buf[0 * 256], ram_size);
1405 generate_eeprom_serial(&smbus_eeprom_buf[6 * 256]);
1406 smbus_eeprom_init(smbus, 8, smbus_eeprom_buf, smbus_eeprom_size);
1407 g_free(smbus_eeprom_buf);
1408
1409 /* Super I/O: SMS FDC37M817 */
1410 isa_create_simple(isa_bus, TYPE_FDC37M81X_SUPERIO);
1411
1412 /* Network card */
1413 network_init(pci_bus);
1414
1415 /* Optional PCI video card */
1416 pci_vga_init(pci_bus);
1417 }
1418
1419 static int mips_malta_sysbus_device_init(SysBusDevice *sysbusdev)
1420 {
1421 return 0;
1422 }
1423
1424 static void mips_malta_class_init(ObjectClass *klass, void *data)
1425 {
1426 SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
1427
1428 k->init = mips_malta_sysbus_device_init;
1429 }
1430
1431 static const TypeInfo mips_malta_device = {
1432 .name = TYPE_MIPS_MALTA,
1433 .parent = TYPE_SYS_BUS_DEVICE,
1434 .instance_size = sizeof(MaltaState),
1435 .class_init = mips_malta_class_init,
1436 };
1437
1438 static void mips_malta_machine_init(MachineClass *mc)
1439 {
1440 mc->desc = "MIPS Malta Core LV";
1441 mc->init = mips_malta_init;
1442 mc->block_default_type = IF_IDE;
1443 mc->max_cpus = 16;
1444 mc->is_default = 1;
1445 #ifdef TARGET_MIPS64
1446 mc->default_cpu_type = MIPS_CPU_TYPE_NAME("20Kc");
1447 #else
1448 mc->default_cpu_type = MIPS_CPU_TYPE_NAME("24Kf");
1449 #endif
1450 }
1451
1452 DEFINE_MACHINE("malta", mips_malta_machine_init)
1453
1454 static void mips_malta_register_types(void)
1455 {
1456 type_register_static(&mips_malta_device);
1457 }
1458
1459 type_init(mips_malta_register_types)
QEMU mirror