2 * QEMU Malta board support
4 * Copyright (c) 2006 Aurelien Jarno
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
25 #include "qemu/osdep.h"
26 #include "qemu-common.h"
29 #include "hw/i386/pc.h"
30 #include "hw/char/serial.h"
31 #include "hw/block/fdc.h"
33 #include "hw/boards.h"
34 #include "hw/i2c/smbus.h"
35 #include "sysemu/block-backend.h"
36 #include "hw/block/flash.h"
37 #include "hw/mips/mips.h"
38 #include "hw/mips/cpudevs.h"
39 #include "hw/pci/pci.h"
40 #include "sysemu/char.h"
41 #include "sysemu/sysemu.h"
42 #include "sysemu/arch_init.h"
44 #include "hw/mips/bios.h"
46 #include "hw/loader.h"
48 #include "hw/timer/mc146818rtc.h"
49 #include "hw/timer/i8254.h"
50 #include "sysemu/block-backend.h"
51 #include "sysemu/blockdev.h"
52 #include "exec/address-spaces.h"
53 #include "hw/sysbus.h" /* SysBusDevice */
54 #include "qemu/host-utils.h"
55 #include "sysemu/qtest.h"
56 #include "qemu/error-report.h"
57 #include "hw/empty_slot.h"
58 #include "sysemu/kvm.h"
59 #include "exec/semihost.h"
60 #include "hw/mips/cps.h"
62 //#define DEBUG_BOARD_INIT
64 #define ENVP_ADDR 0x80002000l
65 #define ENVP_NB_ENTRIES 16
66 #define ENVP_ENTRY_SIZE 256
68 /* Hardware addresses */
69 #define FLASH_ADDRESS 0x1e000000ULL
70 #define FPGA_ADDRESS 0x1f000000ULL
71 #define RESET_ADDRESS 0x1fc00000ULL
73 #define FLASH_SIZE 0x400000
79 MemoryRegion iomem_lo
; /* 0 - 0x900 */
80 MemoryRegion iomem_hi
; /* 0xa00 - 0x100000 */
88 CharDriverState
*display
;
93 #define TYPE_MIPS_MALTA "mips-malta"
94 #define MIPS_MALTA(obj) OBJECT_CHECK(MaltaState, (obj), TYPE_MIPS_MALTA)
97 SysBusDevice parent_obj
;
103 static ISADevice
*pit
;
105 static struct _loaderparams
{
106 int ram_size
, ram_low_size
;
107 const char *kernel_filename
;
108 const char *kernel_cmdline
;
109 const char *initrd_filename
;
113 static void malta_fpga_update_display(void *opaque
)
117 MaltaFPGAState
*s
= opaque
;
119 for (i
= 7 ; i
>= 0 ; i
--) {
120 if (s
->leds
& (1 << i
))
127 qemu_chr_fe_printf(s
->display
, "\e[H\n\n|\e[32m%-8.8s\e[00m|\r\n", leds_text
);
128 qemu_chr_fe_printf(s
->display
, "\n\n\n\n|\e[31m%-8.8s\e[00m|", s
->display_text
);
132 * EEPROM 24C01 / 24C02 emulation.
134 * Emulation for serial EEPROMs:
135 * 24C01 - 1024 bit (128 x 8)
136 * 24C02 - 2048 bit (256 x 8)
138 * Typical device names include Microchip 24C02SC or SGS Thomson ST24C02.
144 # define logout(fmt, ...) fprintf(stderr, "MALTA\t%-24s" fmt, __func__, ## __VA_ARGS__)
146 # define logout(fmt, ...) ((void)0)
149 struct _eeprom24c0x_t
{
158 uint8_t contents
[256];
161 typedef struct _eeprom24c0x_t eeprom24c0x_t
;
163 static eeprom24c0x_t spd_eeprom
= {
165 /* 00000000: */ 0x80,0x08,0xFF,0x0D,0x0A,0xFF,0x40,0x00,
166 /* 00000008: */ 0x01,0x75,0x54,0x00,0x82,0x08,0x00,0x01,
167 /* 00000010: */ 0x8F,0x04,0x02,0x01,0x01,0x00,0x00,0x00,
168 /* 00000018: */ 0x00,0x00,0x00,0x14,0x0F,0x14,0x2D,0xFF,
169 /* 00000020: */ 0x15,0x08,0x15,0x08,0x00,0x00,0x00,0x00,
170 /* 00000028: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
171 /* 00000030: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
172 /* 00000038: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x12,0xD0,
173 /* 00000040: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
174 /* 00000048: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
175 /* 00000050: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
176 /* 00000058: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
177 /* 00000060: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
178 /* 00000068: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
179 /* 00000070: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
180 /* 00000078: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x64,0xF4,
184 static void generate_eeprom_spd(uint8_t *eeprom
, ram_addr_t ram_size
)
186 enum { SDR
= 0x4, DDR2
= 0x8 } type
;
187 uint8_t *spd
= spd_eeprom
.contents
;
189 uint16_t density
= 0;
192 /* work in terms of MB */
195 while ((ram_size
>= 4) && (nbanks
<= 2)) {
196 int sz_log2
= MIN(31 - clz32(ram_size
), 14);
198 density
|= 1 << (sz_log2
- 2);
199 ram_size
-= 1 << sz_log2
;
202 /* split to 2 banks if possible */
203 if ((nbanks
== 1) && (density
> 1)) {
208 if (density
& 0xff00) {
209 density
= (density
& 0xe0) | ((density
>> 8) & 0x1f);
211 } else if (!(density
& 0x1f)) {
218 fprintf(stderr
, "Warning: SPD cannot represent final %dMB"
219 " of SDRAM\n", (int)ram_size
);
222 /* fill in SPD memory information */
229 for (i
= 0; i
< 63; i
++) {
234 memcpy(eeprom
, spd
, sizeof(spd_eeprom
.contents
));
237 static void generate_eeprom_serial(uint8_t *eeprom
)
240 uint8_t mac
[6] = { 0x00 };
241 uint8_t sn
[5] = { 0x01, 0x23, 0x45, 0x67, 0x89 };
244 eeprom
[pos
++] = 0x01;
247 eeprom
[pos
++] = 0x02;
250 eeprom
[pos
++] = 0x01; /* MAC */
251 eeprom
[pos
++] = 0x06; /* length */
252 memcpy(&eeprom
[pos
], mac
, sizeof(mac
));
256 eeprom
[pos
++] = 0x02; /* serial */
257 eeprom
[pos
++] = 0x05; /* length */
258 memcpy(&eeprom
[pos
], sn
, sizeof(sn
));
263 for (i
= 0; i
< pos
; i
++) {
264 eeprom
[pos
] += eeprom
[i
];
268 static uint8_t eeprom24c0x_read(eeprom24c0x_t
*eeprom
)
270 logout("%u: scl = %u, sda = %u, data = 0x%02x\n",
271 eeprom
->tick
, eeprom
->scl
, eeprom
->sda
, eeprom
->data
);
275 static void eeprom24c0x_write(eeprom24c0x_t
*eeprom
, int scl
, int sda
)
277 if (eeprom
->scl
&& scl
&& (eeprom
->sda
!= sda
)) {
278 logout("%u: scl = %u->%u, sda = %u->%u i2c %s\n",
279 eeprom
->tick
, eeprom
->scl
, scl
, eeprom
->sda
, sda
,
280 sda
? "stop" : "start");
285 } else if (eeprom
->tick
== 0 && !eeprom
->ack
) {
286 /* Waiting for start. */
287 logout("%u: scl = %u->%u, sda = %u->%u wait for i2c start\n",
288 eeprom
->tick
, eeprom
->scl
, scl
, eeprom
->sda
, sda
);
289 } else if (!eeprom
->scl
&& scl
) {
290 logout("%u: scl = %u->%u, sda = %u->%u trigger bit\n",
291 eeprom
->tick
, eeprom
->scl
, scl
, eeprom
->sda
, sda
);
293 logout("\ti2c ack bit = 0\n");
296 } else if (eeprom
->sda
== sda
) {
297 uint8_t bit
= (sda
!= 0);
298 logout("\ti2c bit = %d\n", bit
);
299 if (eeprom
->tick
< 9) {
300 eeprom
->command
<<= 1;
301 eeprom
->command
+= bit
;
303 if (eeprom
->tick
== 9) {
304 logout("\tcommand 0x%04x, %s\n", eeprom
->command
,
305 bit
? "read" : "write");
308 } else if (eeprom
->tick
< 17) {
309 if (eeprom
->command
& 1) {
310 sda
= ((eeprom
->data
& 0x80) != 0);
312 eeprom
->address
<<= 1;
313 eeprom
->address
+= bit
;
316 if (eeprom
->tick
== 17) {
317 eeprom
->data
= eeprom
->contents
[eeprom
->address
];
318 logout("\taddress 0x%04x, data 0x%02x\n",
319 eeprom
->address
, eeprom
->data
);
323 } else if (eeprom
->tick
>= 17) {
327 logout("\tsda changed with raising scl\n");
330 logout("%u: scl = %u->%u, sda = %u->%u\n", eeprom
->tick
, eeprom
->scl
,
331 scl
, eeprom
->sda
, sda
);
337 static uint64_t malta_fpga_read(void *opaque
, hwaddr addr
,
340 MaltaFPGAState
*s
= opaque
;
344 saddr
= (addr
& 0xfffff);
348 /* SWITCH Register */
350 val
= 0x00000000; /* All switches closed */
353 /* STATUS Register */
355 #ifdef TARGET_WORDS_BIGENDIAN
367 /* LEDBAR Register */
372 /* BRKRES Register */
377 /* UART Registers are handled directly by the serial device */
384 /* XXX: implement a real I2C controller */
388 /* IN = OUT until a real I2C control is implemented */
395 /* I2CINP Register */
397 val
= ((s
->i2cin
& ~1) | eeprom24c0x_read(&spd_eeprom
));
405 /* I2COUT Register */
410 /* I2CSEL Register */
417 printf ("malta_fpga_read: Bad register offset 0x" TARGET_FMT_lx
"\n",
425 static void malta_fpga_write(void *opaque
, hwaddr addr
,
426 uint64_t val
, unsigned size
)
428 MaltaFPGAState
*s
= opaque
;
431 saddr
= (addr
& 0xfffff);
435 /* SWITCH Register */
443 /* LEDBAR Register */
445 s
->leds
= val
& 0xff;
446 malta_fpga_update_display(s
);
449 /* ASCIIWORD Register */
451 snprintf(s
->display_text
, 9, "%08X", (uint32_t)val
);
452 malta_fpga_update_display(s
);
455 /* ASCIIPOS0 to ASCIIPOS7 Registers */
464 s
->display_text
[(saddr
- 0x00418) >> 3] = (char) val
;
465 malta_fpga_update_display(s
);
468 /* SOFTRES Register */
471 qemu_system_reset_request ();
474 /* BRKRES Register */
479 /* UART Registers are handled directly by the serial device */
483 s
->gpout
= val
& 0xff;
488 s
->i2coe
= val
& 0x03;
491 /* I2COUT Register */
493 eeprom24c0x_write(&spd_eeprom
, val
& 0x02, val
& 0x01);
497 /* I2CSEL Register */
499 s
->i2csel
= val
& 0x01;
504 printf ("malta_fpga_write: Bad register offset 0x" TARGET_FMT_lx
"\n",
511 static const MemoryRegionOps malta_fpga_ops
= {
512 .read
= malta_fpga_read
,
513 .write
= malta_fpga_write
,
514 .endianness
= DEVICE_NATIVE_ENDIAN
,
517 static void malta_fpga_reset(void *opaque
)
519 MaltaFPGAState
*s
= opaque
;
529 s
->display_text
[8] = '\0';
530 snprintf(s
->display_text
, 9, " ");
533 static void malta_fpga_led_init(CharDriverState
*chr
)
535 qemu_chr_fe_printf(chr
, "\e[HMalta LEDBAR\r\n");
536 qemu_chr_fe_printf(chr
, "+--------+\r\n");
537 qemu_chr_fe_printf(chr
, "+ +\r\n");
538 qemu_chr_fe_printf(chr
, "+--------+\r\n");
539 qemu_chr_fe_printf(chr
, "\n");
540 qemu_chr_fe_printf(chr
, "Malta ASCII\r\n");
541 qemu_chr_fe_printf(chr
, "+--------+\r\n");
542 qemu_chr_fe_printf(chr
, "+ +\r\n");
543 qemu_chr_fe_printf(chr
, "+--------+\r\n");
546 static MaltaFPGAState
*malta_fpga_init(MemoryRegion
*address_space
,
547 hwaddr base
, qemu_irq uart_irq
, CharDriverState
*uart_chr
)
551 s
= (MaltaFPGAState
*)g_malloc0(sizeof(MaltaFPGAState
));
553 memory_region_init_io(&s
->iomem
, NULL
, &malta_fpga_ops
, s
,
554 "malta-fpga", 0x100000);
555 memory_region_init_alias(&s
->iomem_lo
, NULL
, "malta-fpga",
556 &s
->iomem
, 0, 0x900);
557 memory_region_init_alias(&s
->iomem_hi
, NULL
, "malta-fpga",
558 &s
->iomem
, 0xa00, 0x10000-0xa00);
560 memory_region_add_subregion(address_space
, base
, &s
->iomem_lo
);
561 memory_region_add_subregion(address_space
, base
+ 0xa00, &s
->iomem_hi
);
563 s
->display
= qemu_chr_new("fpga", "vc:320x200", malta_fpga_led_init
);
565 s
->uart
= serial_mm_init(address_space
, base
+ 0x900, 3, uart_irq
,
566 230400, uart_chr
, DEVICE_NATIVE_ENDIAN
);
569 qemu_register_reset(malta_fpga_reset
, s
);
574 /* Network support */
575 static void network_init(PCIBus
*pci_bus
)
579 for(i
= 0; i
< nb_nics
; i
++) {
580 NICInfo
*nd
= &nd_table
[i
];
581 const char *default_devaddr
= NULL
;
583 if (i
== 0 && (!nd
->model
|| strcmp(nd
->model
, "pcnet") == 0))
584 /* The malta board has a PCNet card using PCI SLOT 11 */
585 default_devaddr
= "0b";
587 pci_nic_init_nofail(nd
, pci_bus
, "pcnet", default_devaddr
);
591 /* ROM and pseudo bootloader
593 The following code implements a very very simple bootloader. It first
594 loads the registers a0 to a3 to the values expected by the OS, and
595 then jump at the kernel address.
597 The bootloader should pass the locations of the kernel arguments and
598 environment variables tables. Those tables contain the 32-bit address
599 of NULL terminated strings. The environment variables table should be
600 terminated by a NULL address.
602 For a simpler implementation, the number of kernel arguments is fixed
603 to two (the name of the kernel and the command line), and the two
604 tables are actually the same one.
606 The registers a0 to a3 should contain the following values:
607 a0 - number of kernel arguments
608 a1 - 32-bit address of the kernel arguments table
609 a2 - 32-bit address of the environment variables table
610 a3 - RAM size in bytes
613 static void write_bootloader(uint8_t *base
, int64_t run_addr
,
614 int64_t kernel_entry
)
618 /* Small bootloader */
619 p
= (uint32_t *)base
;
621 stl_p(p
++, 0x08000000 | /* j 0x1fc00580 */
622 ((run_addr
+ 0x580) & 0x0fffffff) >> 2);
623 stl_p(p
++, 0x00000000); /* nop */
625 /* YAMON service vector */
626 stl_p(base
+ 0x500, run_addr
+ 0x0580); /* start: */
627 stl_p(base
+ 0x504, run_addr
+ 0x083c); /* print_count: */
628 stl_p(base
+ 0x520, run_addr
+ 0x0580); /* start: */
629 stl_p(base
+ 0x52c, run_addr
+ 0x0800); /* flush_cache: */
630 stl_p(base
+ 0x534, run_addr
+ 0x0808); /* print: */
631 stl_p(base
+ 0x538, run_addr
+ 0x0800); /* reg_cpu_isr: */
632 stl_p(base
+ 0x53c, run_addr
+ 0x0800); /* unred_cpu_isr: */
633 stl_p(base
+ 0x540, run_addr
+ 0x0800); /* reg_ic_isr: */
634 stl_p(base
+ 0x544, run_addr
+ 0x0800); /* unred_ic_isr: */
635 stl_p(base
+ 0x548, run_addr
+ 0x0800); /* reg_esr: */
636 stl_p(base
+ 0x54c, run_addr
+ 0x0800); /* unreg_esr: */
637 stl_p(base
+ 0x550, run_addr
+ 0x0800); /* getchar: */
638 stl_p(base
+ 0x554, run_addr
+ 0x0800); /* syscon_read: */
641 /* Second part of the bootloader */
642 p
= (uint32_t *) (base
+ 0x580);
644 if (semihosting_get_argc()) {
645 /* Preserve a0 content as arguments have been passed */
646 stl_p(p
++, 0x00000000); /* nop */
648 stl_p(p
++, 0x24040002); /* addiu a0, zero, 2 */
650 stl_p(p
++, 0x3c1d0000 | (((ENVP_ADDR
- 64) >> 16) & 0xffff)); /* lui sp, high(ENVP_ADDR) */
651 stl_p(p
++, 0x37bd0000 | ((ENVP_ADDR
- 64) & 0xffff)); /* ori sp, sp, low(ENVP_ADDR) */
652 stl_p(p
++, 0x3c050000 | ((ENVP_ADDR
>> 16) & 0xffff)); /* lui a1, high(ENVP_ADDR) */
653 stl_p(p
++, 0x34a50000 | (ENVP_ADDR
& 0xffff)); /* ori a1, a1, low(ENVP_ADDR) */
654 stl_p(p
++, 0x3c060000 | (((ENVP_ADDR
+ 8) >> 16) & 0xffff)); /* lui a2, high(ENVP_ADDR + 8) */
655 stl_p(p
++, 0x34c60000 | ((ENVP_ADDR
+ 8) & 0xffff)); /* ori a2, a2, low(ENVP_ADDR + 8) */
656 stl_p(p
++, 0x3c070000 | (loaderparams
.ram_low_size
>> 16)); /* lui a3, high(ram_low_size) */
657 stl_p(p
++, 0x34e70000 | (loaderparams
.ram_low_size
& 0xffff)); /* ori a3, a3, low(ram_low_size) */
659 /* Load BAR registers as done by YAMON */
660 stl_p(p
++, 0x3c09b400); /* lui t1, 0xb400 */
662 #ifdef TARGET_WORDS_BIGENDIAN
663 stl_p(p
++, 0x3c08df00); /* lui t0, 0xdf00 */
665 stl_p(p
++, 0x340800df); /* ori t0, r0, 0x00df */
667 stl_p(p
++, 0xad280068); /* sw t0, 0x0068(t1) */
669 stl_p(p
++, 0x3c09bbe0); /* lui t1, 0xbbe0 */
671 #ifdef TARGET_WORDS_BIGENDIAN
672 stl_p(p
++, 0x3c08c000); /* lui t0, 0xc000 */
674 stl_p(p
++, 0x340800c0); /* ori t0, r0, 0x00c0 */
676 stl_p(p
++, 0xad280048); /* sw t0, 0x0048(t1) */
677 #ifdef TARGET_WORDS_BIGENDIAN
678 stl_p(p
++, 0x3c084000); /* lui t0, 0x4000 */
680 stl_p(p
++, 0x34080040); /* ori t0, r0, 0x0040 */
682 stl_p(p
++, 0xad280050); /* sw t0, 0x0050(t1) */
684 #ifdef TARGET_WORDS_BIGENDIAN
685 stl_p(p
++, 0x3c088000); /* lui t0, 0x8000 */
687 stl_p(p
++, 0x34080080); /* ori t0, r0, 0x0080 */
689 stl_p(p
++, 0xad280058); /* sw t0, 0x0058(t1) */
690 #ifdef TARGET_WORDS_BIGENDIAN
691 stl_p(p
++, 0x3c083f00); /* lui t0, 0x3f00 */
693 stl_p(p
++, 0x3408003f); /* ori t0, r0, 0x003f */
695 stl_p(p
++, 0xad280060); /* sw t0, 0x0060(t1) */
697 #ifdef TARGET_WORDS_BIGENDIAN
698 stl_p(p
++, 0x3c08c100); /* lui t0, 0xc100 */
700 stl_p(p
++, 0x340800c1); /* ori t0, r0, 0x00c1 */
702 stl_p(p
++, 0xad280080); /* sw t0, 0x0080(t1) */
703 #ifdef TARGET_WORDS_BIGENDIAN
704 stl_p(p
++, 0x3c085e00); /* lui t0, 0x5e00 */
706 stl_p(p
++, 0x3408005e); /* ori t0, r0, 0x005e */
708 stl_p(p
++, 0xad280088); /* sw t0, 0x0088(t1) */
710 /* Jump to kernel code */
711 stl_p(p
++, 0x3c1f0000 | ((kernel_entry
>> 16) & 0xffff)); /* lui ra, high(kernel_entry) */
712 stl_p(p
++, 0x37ff0000 | (kernel_entry
& 0xffff)); /* ori ra, ra, low(kernel_entry) */
713 stl_p(p
++, 0x03e00009); /* jalr ra */
714 stl_p(p
++, 0x00000000); /* nop */
716 /* YAMON subroutines */
717 p
= (uint32_t *) (base
+ 0x800);
718 stl_p(p
++, 0x03e00009); /* jalr ra */
719 stl_p(p
++, 0x24020000); /* li v0,0 */
720 /* 808 YAMON print */
721 stl_p(p
++, 0x03e06821); /* move t5,ra */
722 stl_p(p
++, 0x00805821); /* move t3,a0 */
723 stl_p(p
++, 0x00a05021); /* move t2,a1 */
724 stl_p(p
++, 0x91440000); /* lbu a0,0(t2) */
725 stl_p(p
++, 0x254a0001); /* addiu t2,t2,1 */
726 stl_p(p
++, 0x10800005); /* beqz a0,834 */
727 stl_p(p
++, 0x00000000); /* nop */
728 stl_p(p
++, 0x0ff0021c); /* jal 870 */
729 stl_p(p
++, 0x00000000); /* nop */
730 stl_p(p
++, 0x08000205); /* j 814 */
731 stl_p(p
++, 0x00000000); /* nop */
732 stl_p(p
++, 0x01a00009); /* jalr t5 */
733 stl_p(p
++, 0x01602021); /* move a0,t3 */
734 /* 0x83c YAMON print_count */
735 stl_p(p
++, 0x03e06821); /* move t5,ra */
736 stl_p(p
++, 0x00805821); /* move t3,a0 */
737 stl_p(p
++, 0x00a05021); /* move t2,a1 */
738 stl_p(p
++, 0x00c06021); /* move t4,a2 */
739 stl_p(p
++, 0x91440000); /* lbu a0,0(t2) */
740 stl_p(p
++, 0x0ff0021c); /* jal 870 */
741 stl_p(p
++, 0x00000000); /* nop */
742 stl_p(p
++, 0x254a0001); /* addiu t2,t2,1 */
743 stl_p(p
++, 0x258cffff); /* addiu t4,t4,-1 */
744 stl_p(p
++, 0x1580fffa); /* bnez t4,84c */
745 stl_p(p
++, 0x00000000); /* nop */
746 stl_p(p
++, 0x01a00009); /* jalr t5 */
747 stl_p(p
++, 0x01602021); /* move a0,t3 */
749 stl_p(p
++, 0x3c08b800); /* lui t0,0xb400 */
750 stl_p(p
++, 0x350803f8); /* ori t0,t0,0x3f8 */
751 stl_p(p
++, 0x91090005); /* lbu t1,5(t0) */
752 stl_p(p
++, 0x00000000); /* nop */
753 stl_p(p
++, 0x31290040); /* andi t1,t1,0x40 */
754 stl_p(p
++, 0x1120fffc); /* beqz t1,878 <outch+0x8> */
755 stl_p(p
++, 0x00000000); /* nop */
756 stl_p(p
++, 0x03e00009); /* jalr ra */
757 stl_p(p
++, 0xa1040000); /* sb a0,0(t0) */
761 static void GCC_FMT_ATTR(3, 4) prom_set(uint32_t* prom_buf
, int index
,
762 const char *string
, ...)
767 if (index
>= ENVP_NB_ENTRIES
)
770 if (string
== NULL
) {
775 table_addr
= sizeof(int32_t) * ENVP_NB_ENTRIES
+ index
* ENVP_ENTRY_SIZE
;
776 prom_buf
[index
] = tswap32(ENVP_ADDR
+ table_addr
);
778 va_start(ap
, string
);
779 vsnprintf((char *)prom_buf
+ table_addr
, ENVP_ENTRY_SIZE
, string
, ap
);
784 static int64_t load_kernel (void)
786 int64_t kernel_entry
, kernel_high
;
788 ram_addr_t initrd_offset
;
793 uint64_t (*xlate_to_kseg0
) (void *opaque
, uint64_t addr
);
795 #ifdef TARGET_WORDS_BIGENDIAN
801 if (load_elf(loaderparams
.kernel_filename
, cpu_mips_kseg0_to_phys
, NULL
,
802 (uint64_t *)&kernel_entry
, NULL
, (uint64_t *)&kernel_high
,
803 big_endian
, EM_MIPS
, 1, 0) < 0) {
804 fprintf(stderr
, "qemu: could not load kernel '%s'\n",
805 loaderparams
.kernel_filename
);
809 /* Sanity check where the kernel has been linked */
811 if (kernel_entry
& 0x80000000ll
) {
812 error_report("KVM guest kernels must be linked in useg. "
813 "Did you forget to enable CONFIG_KVM_GUEST?");
817 xlate_to_kseg0
= cpu_mips_kvm_um_phys_to_kseg0
;
819 if (!(kernel_entry
& 0x80000000ll
)) {
820 error_report("KVM guest kernels aren't supported with TCG. "
821 "Did you unintentionally enable CONFIG_KVM_GUEST?");
825 xlate_to_kseg0
= cpu_mips_phys_to_kseg0
;
831 if (loaderparams
.initrd_filename
) {
832 initrd_size
= get_image_size (loaderparams
.initrd_filename
);
833 if (initrd_size
> 0) {
834 initrd_offset
= (kernel_high
+ ~INITRD_PAGE_MASK
) & INITRD_PAGE_MASK
;
835 if (initrd_offset
+ initrd_size
> ram_size
) {
837 "qemu: memory too small for initial ram disk '%s'\n",
838 loaderparams
.initrd_filename
);
841 initrd_size
= load_image_targphys(loaderparams
.initrd_filename
,
843 ram_size
- initrd_offset
);
845 if (initrd_size
== (target_ulong
) -1) {
846 fprintf(stderr
, "qemu: could not load initial ram disk '%s'\n",
847 loaderparams
.initrd_filename
);
852 /* Setup prom parameters. */
853 prom_size
= ENVP_NB_ENTRIES
* (sizeof(int32_t) + ENVP_ENTRY_SIZE
);
854 prom_buf
= g_malloc(prom_size
);
856 prom_set(prom_buf
, prom_index
++, "%s", loaderparams
.kernel_filename
);
857 if (initrd_size
> 0) {
858 prom_set(prom_buf
, prom_index
++, "rd_start=0x%" PRIx64
" rd_size=%li %s",
859 xlate_to_kseg0(NULL
, initrd_offset
), initrd_size
,
860 loaderparams
.kernel_cmdline
);
862 prom_set(prom_buf
, prom_index
++, "%s", loaderparams
.kernel_cmdline
);
865 prom_set(prom_buf
, prom_index
++, "memsize");
866 prom_set(prom_buf
, prom_index
++, "%u", loaderparams
.ram_low_size
);
868 prom_set(prom_buf
, prom_index
++, "ememsize");
869 prom_set(prom_buf
, prom_index
++, "%u", loaderparams
.ram_size
);
871 prom_set(prom_buf
, prom_index
++, "modetty0");
872 prom_set(prom_buf
, prom_index
++, "38400n8r");
873 prom_set(prom_buf
, prom_index
++, NULL
);
875 rom_add_blob_fixed("prom", prom_buf
, prom_size
,
876 cpu_mips_kseg0_to_phys(NULL
, ENVP_ADDR
));
882 static void malta_mips_config(MIPSCPU
*cpu
)
884 CPUMIPSState
*env
= &cpu
->env
;
885 CPUState
*cs
= CPU(cpu
);
887 env
->mvp
->CP0_MVPConf0
|= ((smp_cpus
- 1) << CP0MVPC0_PVPE
) |
888 ((smp_cpus
* cs
->nr_threads
- 1) << CP0MVPC0_PTC
);
891 static void main_cpu_reset(void *opaque
)
893 MIPSCPU
*cpu
= opaque
;
894 CPUMIPSState
*env
= &cpu
->env
;
898 /* The bootloader does not need to be rewritten as it is located in a
899 read only location. The kernel location and the arguments table
900 location does not change. */
901 if (loaderparams
.kernel_filename
) {
902 env
->CP0_Status
&= ~(1 << CP0St_ERL
);
905 malta_mips_config(cpu
);
908 /* Start running from the bootloader we wrote to end of RAM */
909 env
->active_tc
.PC
= 0x40000000 + loaderparams
.ram_low_size
;
913 static void create_cpu_without_cps(const char *cpu_model
,
914 qemu_irq
*cbus_irq
, qemu_irq
*i8259_irq
)
920 for (i
= 0; i
< smp_cpus
; i
++) {
921 cpu
= cpu_mips_init(cpu_model
);
923 fprintf(stderr
, "Unable to find CPU definition\n");
927 /* Init internal devices */
928 cpu_mips_irq_init_cpu(cpu
);
929 cpu_mips_clock_init(cpu
);
930 qemu_register_reset(main_cpu_reset
, cpu
);
933 cpu
= MIPS_CPU(first_cpu
);
935 *i8259_irq
= env
->irq
[2];
936 *cbus_irq
= env
->irq
[4];
939 static void create_cps(MaltaState
*s
, const char *cpu_model
,
940 qemu_irq
*cbus_irq
, qemu_irq
*i8259_irq
)
943 s
->cps
= g_new0(MIPSCPSState
, 1);
945 object_initialize(s
->cps
, sizeof(MIPSCPSState
), TYPE_MIPS_CPS
);
946 qdev_set_parent_bus(DEVICE(s
->cps
), sysbus_get_default());
948 object_property_set_str(OBJECT(s
->cps
), cpu_model
, "cpu-model", &err
);
949 object_property_set_int(OBJECT(s
->cps
), smp_cpus
, "num-vp", &err
);
950 object_property_set_bool(OBJECT(s
->cps
), true, "realized", &err
);
952 error_report("%s", error_get_pretty(err
));
956 sysbus_mmio_map_overlap(SYS_BUS_DEVICE(s
->cps
), 0, 0, 1);
958 /* FIXME: When GIC is present then we should use GIC's IRQ 3.
959 Until then CPS exposes CPU's IRQs thus use the default IRQ 2. */
960 *i8259_irq
= get_cps_irq(s
->cps
, 2);
964 static void create_cpu(MaltaState
*s
, const char *cpu_model
,
965 qemu_irq
*cbus_irq
, qemu_irq
*i8259_irq
)
967 if (cpu_model
== NULL
) {
975 if ((smp_cpus
> 1) && cpu_supports_cps_smp(cpu_model
)) {
976 create_cps(s
, cpu_model
, cbus_irq
, i8259_irq
);
978 create_cpu_without_cps(cpu_model
, cbus_irq
, i8259_irq
);
983 void mips_malta_init(MachineState
*machine
)
985 ram_addr_t ram_size
= machine
->ram_size
;
986 ram_addr_t ram_low_size
;
987 const char *kernel_filename
= machine
->kernel_filename
;
988 const char *kernel_cmdline
= machine
->kernel_cmdline
;
989 const char *initrd_filename
= machine
->initrd_filename
;
992 MemoryRegion
*system_memory
= get_system_memory();
993 MemoryRegion
*ram_high
= g_new(MemoryRegion
, 1);
994 MemoryRegion
*ram_low_preio
= g_new(MemoryRegion
, 1);
995 MemoryRegion
*ram_low_postio
;
996 MemoryRegion
*bios
, *bios_copy
= g_new(MemoryRegion
, 1);
997 target_long bios_size
= FLASH_SIZE
;
998 const size_t smbus_eeprom_size
= 8 * 256;
999 uint8_t *smbus_eeprom_buf
= g_malloc0(smbus_eeprom_size
);
1000 int64_t kernel_entry
, bootloader_run_addr
;
1004 qemu_irq cbus_irq
, i8259_irq
;
1009 DriveInfo
*hd
[MAX_IDE_BUS
* MAX_IDE_DEVS
];
1010 DriveInfo
*fd
[MAX_FD
];
1012 int fl_sectors
= bios_size
>> 16;
1015 DeviceState
*dev
= qdev_create(NULL
, TYPE_MIPS_MALTA
);
1016 MaltaState
*s
= MIPS_MALTA(dev
);
1018 /* The whole address space decoded by the GT-64120A doesn't generate
1019 exception when accessing invalid memory. Create an empty slot to
1020 emulate this feature. */
1021 empty_slot_init(0, 0x20000000);
1023 qdev_init_nofail(dev
);
1025 /* Make sure the first 3 serial ports are associated with a device. */
1026 for(i
= 0; i
< 3; i
++) {
1027 if (!serial_hds
[i
]) {
1029 snprintf(label
, sizeof(label
), "serial%d", i
);
1030 serial_hds
[i
] = qemu_chr_new(label
, "null", NULL
);
1035 create_cpu(s
, machine
->cpu_model
, &cbus_irq
, &i8259_irq
);
1038 if (ram_size
> (2048u << 20)) {
1040 "qemu: Too much memory for this machine: %d MB, maximum 2048 MB\n",
1041 ((unsigned int)ram_size
/ (1 << 20)));
1045 /* register RAM at high address where it is undisturbed by IO */
1046 memory_region_allocate_system_memory(ram_high
, NULL
, "mips_malta.ram",
1048 memory_region_add_subregion(system_memory
, 0x80000000, ram_high
);
1050 /* alias for pre IO hole access */
1051 memory_region_init_alias(ram_low_preio
, NULL
, "mips_malta_low_preio.ram",
1052 ram_high
, 0, MIN(ram_size
, (256 << 20)));
1053 memory_region_add_subregion(system_memory
, 0, ram_low_preio
);
1055 /* alias for post IO hole access, if there is enough RAM */
1056 if (ram_size
> (512 << 20)) {
1057 ram_low_postio
= g_new(MemoryRegion
, 1);
1058 memory_region_init_alias(ram_low_postio
, NULL
,
1059 "mips_malta_low_postio.ram",
1060 ram_high
, 512 << 20,
1061 ram_size
- (512 << 20));
1062 memory_region_add_subregion(system_memory
, 512 << 20, ram_low_postio
);
1065 /* generate SPD EEPROM data */
1066 generate_eeprom_spd(&smbus_eeprom_buf
[0 * 256], ram_size
);
1067 generate_eeprom_serial(&smbus_eeprom_buf
[6 * 256]);
1069 #ifdef TARGET_WORDS_BIGENDIAN
1075 /* The CBUS UART is attached to the MIPS CPU INT2 pin, ie interrupt 4 */
1076 malta_fpga_init(system_memory
, FPGA_ADDRESS
, cbus_irq
, serial_hds
[2]);
1078 /* Load firmware in flash / BIOS. */
1079 dinfo
= drive_get(IF_PFLASH
, 0, fl_idx
);
1080 #ifdef DEBUG_BOARD_INIT
1082 printf("Register parallel flash %d size " TARGET_FMT_lx
" at "
1083 "addr %08llx '%s' %x\n",
1084 fl_idx
, bios_size
, FLASH_ADDRESS
,
1085 blk_name(dinfo
->bdrv
), fl_sectors
);
1088 fl
= pflash_cfi01_register(FLASH_ADDRESS
, NULL
, "mips_malta.bios",
1090 dinfo
? blk_by_legacy_dinfo(dinfo
) : NULL
,
1092 4, 0x0000, 0x0000, 0x0000, 0x0000, be
);
1093 bios
= pflash_cfi01_get_memory(fl
);
1095 if (kernel_filename
) {
1096 ram_low_size
= MIN(ram_size
, 256 << 20);
1097 /* For KVM we reserve 1MB of RAM for running bootloader */
1098 if (kvm_enabled()) {
1099 ram_low_size
-= 0x100000;
1100 bootloader_run_addr
= 0x40000000 + ram_low_size
;
1102 bootloader_run_addr
= 0xbfc00000;
1105 /* Write a small bootloader to the flash location. */
1106 loaderparams
.ram_size
= ram_size
;
1107 loaderparams
.ram_low_size
= ram_low_size
;
1108 loaderparams
.kernel_filename
= kernel_filename
;
1109 loaderparams
.kernel_cmdline
= kernel_cmdline
;
1110 loaderparams
.initrd_filename
= initrd_filename
;
1111 kernel_entry
= load_kernel();
1113 write_bootloader(memory_region_get_ram_ptr(bios
),
1114 bootloader_run_addr
, kernel_entry
);
1115 if (kvm_enabled()) {
1116 /* Write the bootloader code @ the end of RAM, 1MB reserved */
1117 write_bootloader(memory_region_get_ram_ptr(ram_low_preio
) +
1119 bootloader_run_addr
, kernel_entry
);
1122 /* The flash region isn't executable from a KVM guest */
1123 if (kvm_enabled()) {
1124 error_report("KVM enabled but no -kernel argument was specified. "
1125 "Booting from flash is not supported with KVM.");
1128 /* Load firmware from flash. */
1130 /* Load a BIOS image. */
1131 if (bios_name
== NULL
) {
1132 bios_name
= BIOS_FILENAME
;
1134 filename
= qemu_find_file(QEMU_FILE_TYPE_BIOS
, bios_name
);
1136 bios_size
= load_image_targphys(filename
, FLASH_ADDRESS
,
1142 if ((bios_size
< 0 || bios_size
> BIOS_SIZE
) &&
1143 !kernel_filename
&& !qtest_enabled()) {
1144 error_report("Could not load MIPS bios '%s', and no "
1145 "-kernel argument was specified", bios_name
);
1149 /* In little endian mode the 32bit words in the bios are swapped,
1150 a neat trick which allows bi-endian firmware. */
1151 #ifndef TARGET_WORDS_BIGENDIAN
1153 uint32_t *end
, *addr
= rom_ptr(FLASH_ADDRESS
);
1155 addr
= memory_region_get_ram_ptr(bios
);
1157 end
= (void *)addr
+ MIN(bios_size
, 0x3e0000);
1158 while (addr
< end
) {
1167 * Map the BIOS at a 2nd physical location, as on the real board.
1168 * Copy it so that we can patch in the MIPS revision, which cannot be
1169 * handled by an overlapping region as the resulting ROM code subpage
1170 * regions are not executable.
1172 memory_region_init_ram(bios_copy
, NULL
, "bios.1fc", BIOS_SIZE
,
1174 if (!rom_copy(memory_region_get_ram_ptr(bios_copy
),
1175 FLASH_ADDRESS
, BIOS_SIZE
)) {
1176 memcpy(memory_region_get_ram_ptr(bios_copy
),
1177 memory_region_get_ram_ptr(bios
), BIOS_SIZE
);
1179 memory_region_set_readonly(bios_copy
, true);
1180 memory_region_add_subregion(system_memory
, RESET_ADDRESS
, bios_copy
);
1182 /* Board ID = 0x420 (Malta Board with CoreLV) */
1183 stl_p(memory_region_get_ram_ptr(bios_copy
) + 0x10, 0x00000420);
1186 * We have a circular dependency problem: pci_bus depends on isa_irq,
1187 * isa_irq is provided by i8259, i8259 depends on ISA, ISA depends
1188 * on piix4, and piix4 depends on pci_bus. To stop the cycle we have
1189 * qemu_irq_proxy() adds an extra bit of indirection, allowing us
1190 * to resolve the isa_irq -> i8259 dependency after i8259 is initialized.
1192 isa_irq
= qemu_irq_proxy(&s
->i8259
, 16);
1195 pci_bus
= gt64120_register(isa_irq
);
1198 ide_drive_get(hd
, ARRAY_SIZE(hd
));
1200 piix4_devfn
= piix4_init(pci_bus
, &isa_bus
, 80);
1202 /* Interrupt controller */
1203 /* The 8259 is attached to the MIPS CPU INT0 pin, ie interrupt 2 */
1204 s
->i8259
= i8259_init(isa_bus
, i8259_irq
);
1206 isa_bus_irqs(isa_bus
, s
->i8259
);
1207 pci_piix4_ide_init(pci_bus
, hd
, piix4_devfn
+ 1);
1208 pci_create_simple(pci_bus
, piix4_devfn
+ 2, "piix4-usb-uhci");
1209 smbus
= piix4_pm_init(pci_bus
, piix4_devfn
+ 3, 0x1100,
1210 isa_get_irq(NULL
, 9), NULL
, 0, NULL
);
1211 smbus_eeprom_init(smbus
, 8, smbus_eeprom_buf
, smbus_eeprom_size
);
1212 g_free(smbus_eeprom_buf
);
1213 pit
= pit_init(isa_bus
, 0x40, 0, NULL
);
1214 DMA_init(isa_bus
, 0);
1217 isa_create_simple(isa_bus
, "i8042");
1219 rtc_init(isa_bus
, 2000, NULL
);
1220 serial_hds_isa_init(isa_bus
, 2);
1221 parallel_hds_isa_init(isa_bus
, 1);
1223 for(i
= 0; i
< MAX_FD
; i
++) {
1224 fd
[i
] = drive_get(IF_FLOPPY
, 0, i
);
1226 fdctrl_init_isa(isa_bus
, fd
);
1229 network_init(pci_bus
);
1231 /* Optional PCI video card */
1232 pci_vga_init(pci_bus
);
1235 static int mips_malta_sysbus_device_init(SysBusDevice
*sysbusdev
)
1240 static void mips_malta_class_init(ObjectClass
*klass
, void *data
)
1242 SysBusDeviceClass
*k
= SYS_BUS_DEVICE_CLASS(klass
);
1244 k
->init
= mips_malta_sysbus_device_init
;
1247 static const TypeInfo mips_malta_device
= {
1248 .name
= TYPE_MIPS_MALTA
,
1249 .parent
= TYPE_SYS_BUS_DEVICE
,
1250 .instance_size
= sizeof(MaltaState
),
1251 .class_init
= mips_malta_class_init
,
1254 static void mips_malta_machine_init(MachineClass
*mc
)
1256 mc
->desc
= "MIPS Malta Core LV";
1257 mc
->init
= mips_malta_init
;
1262 DEFINE_MACHINE("malta", mips_malta_machine_init
)
1264 static void mips_malta_register_types(void)
1266 type_register_static(&mips_malta_device
);
1269 type_init(mips_malta_register_types
)