]> git.proxmox.com Git - mirror_qemu.git/blame - hw/mips/mips_malta.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
hw/lm32: Replace fprintf(stderr, "*\n" with error_report()
[mirror_qemu.git] / hw / mips / mips_malta.c
CommitLineData
5856de80
TS		 1/*
2 * QEMU Malta board support
3 *
4 * Copyright (c) 2006 Aurelien Jarno
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
24
c684822a 25#include "qemu/osdep.h"
4771d756
PB		 26#include "qemu-common.h"
27#include "cpu.h"
83c9f4ca 28#include "hw/hw.h"
0d09e41a
PB		 29#include "hw/i386/pc.h"
30#include "hw/char/serial.h"
31#include "hw/block/fdc.h"
1422e32d 32#include "net/net.h"
83c9f4ca 33#include "hw/boards.h"
0d09e41a 34#include "hw/i2c/smbus.h"
4be74634 35#include "sysemu/block-backend.h"
0d09e41a
PB		 36#include "hw/block/flash.h"
37#include "hw/mips/mips.h"
38#include "hw/mips/cpudevs.h"
83c9f4ca 39#include "hw/pci/pci.h"
9c17d615
PB		 40#include "sysemu/sysemu.h"
41#include "sysemu/arch_init.h"
1de7afc9 42#include "qemu/log.h"
0d09e41a 43#include "hw/mips/bios.h"
83c9f4ca
PB		 44#include "hw/ide.h"
45#include "hw/loader.h"
ca20cf32 46#include "elf.h"
0d09e41a
PB		 47#include "hw/timer/mc146818rtc.h"
48#include "hw/timer/i8254.h"
9c17d615 49#include "sysemu/blockdev.h"
022c62cb 50#include "exec/address-spaces.h"
83c9f4ca 51#include "hw/sysbus.h" /* SysBusDevice */
02bccc77 52#include "qemu/host-utils.h"
2c57bd9b 53#include "sysemu/qtest.h"
2e985fe0 54#include "qemu/error-report.h"
cc413a39 55#include "hw/empty_slot.h"
b0311811 56#include "sysemu/kvm.h"
3b3c1694 57#include "exec/semihost.h"
bff384a4 58#include "hw/mips/cps.h"
5856de80 59
c8b153d7
TS		 60//#define DEBUG_BOARD_INIT
61
409dbce5 62#define ENVP_ADDR 0x80002000l
5856de80
TS		 63#define ENVP_NB_ENTRIES 16
64#define ENVP_ENTRY_SIZE 256
65
03a1a8e1
SW		 66/* Hardware addresses */
67#define FLASH_ADDRESS 0x1e000000ULL
68#define FPGA_ADDRESS 0x1f000000ULL
69#define RESET_ADDRESS 0x1fc00000ULL
70
71#define FLASH_SIZE 0x400000
72
e4bcb14c
TS		 73#define MAX_IDE_BUS 2
74
5856de80 75typedef struct {
ea85df72
AK		 76 MemoryRegion iomem;
77 MemoryRegion iomem_lo; /* 0 - 0x900 */
78 MemoryRegion iomem_hi; /* 0xa00 - 0x100000 */
5856de80
TS		 79 uint32_t leds;
80 uint32_t brk;
81 uint32_t gpout;
130751ee 82 uint32_t i2cin;
5856de80
TS		 83 uint32_t i2coe;
84 uint32_t i2cout;
85 uint32_t i2csel;
32a6ebec 86 CharBackend display;
5856de80 87 char display_text[9];
a4bc3afc 88 SerialState *uart;
9850b05d 89 bool display_inited;
5856de80
TS		 90} MaltaFPGAState;
91
cba5cb67
AF		 92#define TYPE_MIPS_MALTA "mips-malta"
93#define MIPS_MALTA(obj) OBJECT_CHECK(MaltaState, (obj), TYPE_MIPS_MALTA)
94
e9b40fd3 95typedef struct {
cba5cb67
AF		 96 SysBusDevice parent_obj;
97
bff384a4 98 MIPSCPSState *cps;
e9b40fd3
SW		 99 qemu_irq *i8259;
100} MaltaState;
101
64d7e9a4 102static ISADevice *pit;
5856de80 103
7df526e3 104static struct _loaderparams {
71c199c8 105 int ram_size, ram_low_size;
7df526e3
TS		 106 const char *kernel_filename;
107 const char *kernel_cmdline;
108 const char *initrd_filename;
109} loaderparams;
110
5856de80
TS		 111/* Malta FPGA */
112static void malta_fpga_update_display(void *opaque)
113{
114 char leds_text[9];
115 int i;
116 MaltaFPGAState *s = opaque;
117
07cf0ba0
TS		 118 for (i = 7 ; i >= 0 ; i--) {
119 if (s->leds & (1 << i))
120 leds_text[i] = '#';
121 else
122 leds_text[i] = ' ';
87ee1669 123 }
07cf0ba0
TS		 124 leds_text[8] = '\0';
125
5345fdb4 126 qemu_chr_fe_printf(&s->display, "\e[H\n\n|\e[32m%-8.8s\e[00m|\r\n",
32a6ebec 127 leds_text);
5345fdb4 128 qemu_chr_fe_printf(&s->display, "\n\n\n\n|\e[31m%-8.8s\e[00m|",
32a6ebec 129 s->display_text);
5856de80
TS		 130}
131
130751ee
TS		 132/*
133 * EEPROM 24C01 / 24C02 emulation.
134 *
135 * Emulation for serial EEPROMs:
136 * 24C01 - 1024 bit (128 x 8)
137 * 24C02 - 2048 bit (256 x 8)
138 *
139 * Typical device names include Microchip 24C02SC or SGS Thomson ST24C02.
140 */
141
142//~ #define DEBUG
143
144#if defined(DEBUG)
001faf32 145# define logout(fmt, ...) fprintf(stderr, "MALTA\t%-24s" fmt, __func__, ## __VA_ARGS__)
130751ee 146#else
001faf32 147# define logout(fmt, ...) ((void)0)
130751ee
TS		 148#endif
149
c227f099 150struct _eeprom24c0x_t {
130751ee
TS		 151 uint8_t tick;
152 uint8_t address;
153 uint8_t command;
154 uint8_t ack;
155 uint8_t scl;
156 uint8_t sda;
157 uint8_t data;
158 //~ uint16_t size;
159 uint8_t contents[256];
160};
161
c227f099 162typedef struct _eeprom24c0x_t eeprom24c0x_t;
130751ee 163
35c64807 164static eeprom24c0x_t spd_eeprom = {
284b08f1 165 .contents = {
02bccc77 166 /* 00000000: */ 0x80,0x08,0xFF,0x0D,0x0A,0xFF,0x40,0x00,
130751ee 167 /* 00000008: */ 0x01,0x75,0x54,0x00,0x82,0x08,0x00,0x01,
02bccc77
PB		 168 /* 00000010: */ 0x8F,0x04,0x02,0x01,0x01,0x00,0x00,0x00,
169 /* 00000018: */ 0x00,0x00,0x00,0x14,0x0F,0x14,0x2D,0xFF,
130751ee
TS		 170 /* 00000020: */ 0x15,0x08,0x15,0x08,0x00,0x00,0x00,0x00,
171 /* 00000028: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
172 /* 00000030: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
173 /* 00000038: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x12,0xD0,
174 /* 00000040: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
175 /* 00000048: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
176 /* 00000050: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
177 /* 00000058: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
178 /* 00000060: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
179 /* 00000068: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
180 /* 00000070: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
181 /* 00000078: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x64,0xF4,
182 },
183};
184
35c64807 185static void generate_eeprom_spd(uint8_t *eeprom, ram_addr_t ram_size)
02bccc77
PB		 186{
187 enum { SDR = 0x4, DDR2 = 0x8 } type;
35c64807 188 uint8_t *spd = spd_eeprom.contents;
02bccc77
PB		 189 uint8_t nbanks = 0;
190 uint16_t density = 0;
191 int i;
192
193 /* work in terms of MB */
194 ram_size >>= 20;
195
196 while ((ram_size >= 4) && (nbanks <= 2)) {
197 int sz_log2 = MIN(31 - clz32(ram_size), 14);
198 nbanks++;
199 density |= 1 << (sz_log2 - 2);
200 ram_size -= 1 << sz_log2;
201 }
202
203 /* split to 2 banks if possible */
204 if ((nbanks == 1) && (density > 1)) {
205 nbanks++;
206 density >>= 1;
207 }
208
209 if (density & 0xff00) {
210 density = (density & 0xe0) | ((density >> 8) & 0x1f);
211 type = DDR2;
212 } else if (!(density & 0x1f)) {
213 type = DDR2;
214 } else {
215 type = SDR;
216 }
217
218 if (ram_size) {
b62e39b4
AF		 219 warn_report("SPD cannot represent final " RAM_ADDR_FMT "MB"
220 " of SDRAM", ram_size);
02bccc77
PB		 221 }
222
223 /* fill in SPD memory information */
224 spd[2] = type;
225 spd[5] = nbanks;
226 spd[31] = density;
227
228 /* checksum */
229 spd[63] = 0;
230 for (i = 0; i < 63; i++) {
231 spd[63] += spd[i];
232 }
35c64807
PB		 233
234 /* copy for SMBUS */
235 memcpy(eeprom, spd, sizeof(spd_eeprom.contents));
236}
237
238static void generate_eeprom_serial(uint8_t *eeprom)
239{
240 int i, pos = 0;
241 uint8_t mac[6] = { 0x00 };
242 uint8_t sn[5] = { 0x01, 0x23, 0x45, 0x67, 0x89 };
243
244 /* version */
245 eeprom[pos++] = 0x01;
246
247 /* count */
248 eeprom[pos++] = 0x02;
249
250 /* MAC address */
251 eeprom[pos++] = 0x01; /* MAC */
252 eeprom[pos++] = 0x06; /* length */
253 memcpy(&eeprom[pos], mac, sizeof(mac));
254 pos += sizeof(mac);
255
256 /* serial number */
257 eeprom[pos++] = 0x02; /* serial */
258 eeprom[pos++] = 0x05; /* length */
259 memcpy(&eeprom[pos], sn, sizeof(sn));
260 pos += sizeof(sn);
261
262 /* checksum */
263 eeprom[pos] = 0;
264 for (i = 0; i < pos; i++) {
265 eeprom[pos] += eeprom[i];
266 }
02bccc77
PB		 267}
268
35c64807 269static uint8_t eeprom24c0x_read(eeprom24c0x_t *eeprom)
130751ee
TS		 270{
271 logout("%u: scl = %u, sda = %u, data = 0x%02x\n",
35c64807
PB		 272 eeprom->tick, eeprom->scl, eeprom->sda, eeprom->data);
273 return eeprom->sda;
130751ee
TS		 274}
275
35c64807 276static void eeprom24c0x_write(eeprom24c0x_t *eeprom, int scl, int sda)
130751ee 277{
35c64807 278 if (eeprom->scl && scl && (eeprom->sda != sda)) {
130751ee 279 logout("%u: scl = %u->%u, sda = %u->%u i2c %s\n",
35c64807
PB		 280 eeprom->tick, eeprom->scl, scl, eeprom->sda, sda,
281 sda ? "stop" : "start");
130751ee 282 if (!sda) {
35c64807
PB		 283 eeprom->tick = 1;
284 eeprom->command = 0;
130751ee 285 }
35c64807 286 } else if (eeprom->tick == 0 && !eeprom->ack) {
130751ee
TS		 287 /* Waiting for start. */
288 logout("%u: scl = %u->%u, sda = %u->%u wait for i2c start\n",
35c64807
PB		 289 eeprom->tick, eeprom->scl, scl, eeprom->sda, sda);
290 } else if (!eeprom->scl && scl) {
130751ee 291 logout("%u: scl = %u->%u, sda = %u->%u trigger bit\n",
35c64807
PB		 292 eeprom->tick, eeprom->scl, scl, eeprom->sda, sda);
293 if (eeprom->ack) {
130751ee
TS		 294 logout("\ti2c ack bit = 0\n");
295 sda = 0;
35c64807
PB		 296 eeprom->ack = 0;
297 } else if (eeprom->sda == sda) {
130751ee
TS		 298 uint8_t bit = (sda != 0);
299 logout("\ti2c bit = %d\n", bit);
35c64807
PB		 300 if (eeprom->tick < 9) {
301 eeprom->command <<= 1;
302 eeprom->command += bit;
303 eeprom->tick++;
304 if (eeprom->tick == 9) {
305 logout("\tcommand 0x%04x, %s\n", eeprom->command,
306 bit ? "read" : "write");
307 eeprom->ack = 1;
130751ee 308 }
35c64807
PB		 309 } else if (eeprom->tick < 17) {
310 if (eeprom->command & 1) {
311 sda = ((eeprom->data & 0x80) != 0);
130751ee 312 }
35c64807
PB		 313 eeprom->address <<= 1;
314 eeprom->address += bit;
315 eeprom->tick++;
316 eeprom->data <<= 1;
317 if (eeprom->tick == 17) {
318 eeprom->data = eeprom->contents[eeprom->address];
319 logout("\taddress 0x%04x, data 0x%02x\n",
320 eeprom->address, eeprom->data);
321 eeprom->ack = 1;
322 eeprom->tick = 0;
130751ee 323 }
35c64807 324 } else if (eeprom->tick >= 17) {
130751ee
TS		 325 sda = 0;
326 }
327 } else {
328 logout("\tsda changed with raising scl\n");
329 }
330 } else {
35c64807
PB		 331 logout("%u: scl = %u->%u, sda = %u->%u\n", eeprom->tick, eeprom->scl,
332 scl, eeprom->sda, sda);
130751ee 333 }
35c64807
PB		 334 eeprom->scl = scl;
335 eeprom->sda = sda;
130751ee
TS		 336}
337
a8170e5e 338static uint64_t malta_fpga_read(void *opaque, hwaddr addr,
ea85df72 339 unsigned size)
5856de80
TS		 340{
341 MaltaFPGAState *s = opaque;
342 uint32_t val = 0;
343 uint32_t saddr;
344
345 saddr = (addr & 0xfffff);
346
347 switch (saddr) {
348
349 /* SWITCH Register */
350 case 0x00200:
351 val = 0x00000000; /* All switches closed */
593c0d10 352 break;
5856de80
TS		 353
354 /* STATUS Register */
355 case 0x00208:
356#ifdef TARGET_WORDS_BIGENDIAN
357 val = 0x00000012;
358#else
359 val = 0x00000010;
360#endif
361 break;
362
363 /* JMPRS Register */
364 case 0x00210:
365 val = 0x00;
366 break;
367
368 /* LEDBAR Register */
369 case 0x00408:
370 val = s->leds;
371 break;
372
373 /* BRKRES Register */
374 case 0x00508:
375 val = s->brk;
376 break;
377
b6dc7ebb 378 /* UART Registers are handled directly by the serial device */
a4bc3afc 379
5856de80
TS		 380 /* GPOUT Register */
381 case 0x00a00:
382 val = s->gpout;
383 break;
384
385 /* XXX: implement a real I2C controller */
386
387 /* GPINP Register */
388 case 0x00a08:
389 /* IN = OUT until a real I2C control is implemented */
390 if (s->i2csel)
391 val = s->i2cout;
392 else
393 val = 0x00;
394 break;
395
396 /* I2CINP Register */
397 case 0x00b00:
35c64807 398 val = ((s->i2cin & ~1) | eeprom24c0x_read(&spd_eeprom));
5856de80
TS		 399 break;
400
401 /* I2COE Register */
402 case 0x00b08:
403 val = s->i2coe;
404 break;
405
406 /* I2COUT Register */
407 case 0x00b10:
408 val = s->i2cout;
409 break;
410
411 /* I2CSEL Register */
412 case 0x00b18:
130751ee 413 val = s->i2csel;
5856de80
TS		 414 break;
415
416 default:
417#if 0
3594c774 418 printf ("malta_fpga_read: Bad register offset 0x" TARGET_FMT_lx "\n",
593c0d10 419 addr);
5856de80
TS		 420#endif
421 break;
422 }
423 return val;
424}
425
a8170e5e 426static void malta_fpga_write(void *opaque, hwaddr addr,
ea85df72 427 uint64_t val, unsigned size)
5856de80
TS		 428{
429 MaltaFPGAState *s = opaque;
430 uint32_t saddr;
431
432 saddr = (addr & 0xfffff);
433
434 switch (saddr) {
435
436 /* SWITCH Register */
437 case 0x00200:
438 break;
439
440 /* JMPRS Register */
441 case 0x00210:
442 break;
443
444 /* LEDBAR Register */
5856de80
TS		 445 case 0x00408:
446 s->leds = val & 0xff;
1d7a1197 447 malta_fpga_update_display(s);
5856de80
TS		 448 break;
449
450 /* ASCIIWORD Register */
451 case 0x00410:
ea85df72 452 snprintf(s->display_text, 9, "%08X", (uint32_t)val);
5856de80
TS		 453 malta_fpga_update_display(s);
454 break;
455
456 /* ASCIIPOS0 to ASCIIPOS7 Registers */
457 case 0x00418:
458 case 0x00420:
459 case 0x00428:
460 case 0x00430:
461 case 0x00438:
462 case 0x00440:
463 case 0x00448:
464 case 0x00450:
465 s->display_text[(saddr - 0x00418) >> 3] = (char) val;
466 malta_fpga_update_display(s);
467 break;
468
469 /* SOFTRES Register */
470 case 0x00500:
471 if (val == 0x42)
cf83f140 472 qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET);
5856de80
TS		 473 break;
474
475 /* BRKRES Register */
476 case 0x00508:
477 s->brk = val & 0xff;
478 break;
479
b6dc7ebb 480 /* UART Registers are handled directly by the serial device */
a4bc3afc 481
5856de80
TS		 482 /* GPOUT Register */
483 case 0x00a00:
484 s->gpout = val & 0xff;
485 break;
486
487 /* I2COE Register */
488 case 0x00b08:
489 s->i2coe = val & 0x03;
490 break;
491
492 /* I2COUT Register */
493 case 0x00b10:
35c64807 494 eeprom24c0x_write(&spd_eeprom, val & 0x02, val & 0x01);
130751ee 495 s->i2cout = val;
5856de80
TS		 496 break;
497
498 /* I2CSEL Register */
499 case 0x00b18:
130751ee 500 s->i2csel = val & 0x01;
5856de80
TS		 501 break;
502
503 default:
504#if 0
3594c774 505 printf ("malta_fpga_write: Bad register offset 0x" TARGET_FMT_lx "\n",
593c0d10 506 addr);
5856de80
TS		 507#endif
508 break;
509 }
510}
511
ea85df72
AK		 512static const MemoryRegionOps malta_fpga_ops = {
513 .read = malta_fpga_read,
514 .write = malta_fpga_write,
515 .endianness = DEVICE_NATIVE_ENDIAN,
5856de80
TS		 516};
517
9596ebb7 518static void malta_fpga_reset(void *opaque)
5856de80
TS		 519{
520 MaltaFPGAState *s = opaque;
521
522 s->leds = 0x00;
523 s->brk = 0x0a;
524 s->gpout = 0x00;
130751ee 525 s->i2cin = 0x3;
5856de80
TS		 526 s->i2coe = 0x0;
527 s->i2cout = 0x3;
528 s->i2csel = 0x1;
529
530 s->display_text[8] = '\0';
531 snprintf(s->display_text, 9, " ");
ceecf1d1
AJ		 532}
533
9850b05d 534static void malta_fgpa_display_event(void *opaque, int event)
ceecf1d1 535{
9850b05d
MAL		 536 MaltaFPGAState *s = opaque;
537
538 if (event == CHR_EVENT_OPENED && !s->display_inited) {
5345fdb4
MAL		 539 qemu_chr_fe_printf(&s->display, "\e[HMalta LEDBAR\r\n");
540 qemu_chr_fe_printf(&s->display, "+--------+\r\n");
541 qemu_chr_fe_printf(&s->display, "+ +\r\n");
542 qemu_chr_fe_printf(&s->display, "+--------+\r\n");
543 qemu_chr_fe_printf(&s->display, "\n");
544 qemu_chr_fe_printf(&s->display, "Malta ASCII\r\n");
545 qemu_chr_fe_printf(&s->display, "+--------+\r\n");
546 qemu_chr_fe_printf(&s->display, "+ +\r\n");
547 qemu_chr_fe_printf(&s->display, "+--------+\r\n");
9850b05d
MAL		 548 s->display_inited = true;
549 }
5856de80
TS		 550}
551
ea85df72 552static MaltaFPGAState *malta_fpga_init(MemoryRegion *address_space,
0ec7b3e7 553 hwaddr base, qemu_irq uart_irq, Chardev *uart_chr)
5856de80
TS		 554{
555 MaltaFPGAState *s;
0ec7b3e7 556 Chardev *chr;
5856de80 557
7267c094 558 s = (MaltaFPGAState *)g_malloc0(sizeof(MaltaFPGAState));
5856de80 559
2c9b15ca 560 memory_region_init_io(&s->iomem, NULL, &malta_fpga_ops, s,
ea85df72 561 "malta-fpga", 0x100000);
2c9b15ca 562 memory_region_init_alias(&s->iomem_lo, NULL, "malta-fpga",
ea85df72 563 &s->iomem, 0, 0x900);
2c9b15ca 564 memory_region_init_alias(&s->iomem_hi, NULL, "malta-fpga",
ea85df72 565 &s->iomem, 0xa00, 0x10000-0xa00);
a4bc3afc 566
ea85df72
AK		 567 memory_region_add_subregion(address_space, base, &s->iomem_lo);
568 memory_region_add_subregion(address_space, base + 0xa00, &s->iomem_hi);
5856de80 569
32a6ebec 570 chr = qemu_chr_new("fpga", "vc:320x200");
5345fdb4
MAL		 571 qemu_chr_fe_init(&s->display, chr, NULL);
572 qemu_chr_fe_set_handlers(&s->display, NULL, NULL,
81517ba3 573 malta_fgpa_display_event, NULL, s, NULL, true);
ceecf1d1 574
39186d8a
RH		 575 s->uart = serial_mm_init(address_space, base + 0x900, 3, uart_irq,
576 230400, uart_chr, DEVICE_NATIVE_ENDIAN);
a4bc3afc 577
5856de80 578 malta_fpga_reset(s);
a08d4367 579 qemu_register_reset(malta_fpga_reset, s);
5856de80
TS		 580
581 return s;
582}
583
5856de80 584/* Network support */
29b358f9 585static void network_init(PCIBus *pci_bus)
5856de80
TS		 586{
587 int i;
5856de80
TS		 588
589 for(i = 0; i < nb_nics; i++) {
cb457d76 590 NICInfo *nd = &nd_table[i];
5607c388 591 const char *default_devaddr = NULL;
cb457d76
AL		 592
593 if (i == 0 && (!nd->model || strcmp(nd->model, "pcnet") == 0))
5856de80 594 /* The malta board has a PCNet card using PCI SLOT 11 */
5607c388 595 default_devaddr = "0b";
cb457d76 596
29b358f9 597 pci_nic_init_nofail(nd, pci_bus, "pcnet", default_devaddr);
5856de80
TS		 598 }
599}
600
601/* ROM and pseudo bootloader
602
603 The following code implements a very very simple bootloader. It first
604 loads the registers a0 to a3 to the values expected by the OS, and
605 then jump at the kernel address.
606
607 The bootloader should pass the locations of the kernel arguments and
608 environment variables tables. Those tables contain the 32-bit address
609 of NULL terminated strings. The environment variables table should be
610 terminated by a NULL address.
611
612 For a simpler implementation, the number of kernel arguments is fixed
613 to two (the name of the kernel and the command line), and the two
614 tables are actually the same one.
615
616 The registers a0 to a3 should contain the following values:
617 a0 - number of kernel arguments
618 a1 - 32-bit address of the kernel arguments table
619 a2 - 32-bit address of the environment variables table
620 a3 - RAM size in bytes
621*/
622
cc518af0
LA		 623static void write_bootloader(uint8_t *base, int64_t run_addr,
624 int64_t kernel_entry)
5856de80
TS		 625{
626 uint32_t *p;
627
628 /* Small bootloader */
d7585251 629 p = (uint32_t *)base;
b0311811
JH		 630
631 stl_p(p++, 0x08000000 | /* j 0x1fc00580 */
632 ((run_addr + 0x580) & 0x0fffffff) >> 2);
0983979b 633 stl_p(p++, 0x00000000); /* nop */
5856de80 634
26ea0918 635 /* YAMON service vector */
b0311811
JH		 636 stl_p(base + 0x500, run_addr + 0x0580); /* start: */
637 stl_p(base + 0x504, run_addr + 0x083c); /* print_count: */
638 stl_p(base + 0x520, run_addr + 0x0580); /* start: */
639 stl_p(base + 0x52c, run_addr + 0x0800); /* flush_cache: */
640 stl_p(base + 0x534, run_addr + 0x0808); /* print: */
641 stl_p(base + 0x538, run_addr + 0x0800); /* reg_cpu_isr: */
642 stl_p(base + 0x53c, run_addr + 0x0800); /* unred_cpu_isr: */
643 stl_p(base + 0x540, run_addr + 0x0800); /* reg_ic_isr: */
644 stl_p(base + 0x544, run_addr + 0x0800); /* unred_ic_isr: */
645 stl_p(base + 0x548, run_addr + 0x0800); /* reg_esr: */
646 stl_p(base + 0x54c, run_addr + 0x0800); /* unreg_esr: */
647 stl_p(base + 0x550, run_addr + 0x0800); /* getchar: */
648 stl_p(base + 0x554, run_addr + 0x0800); /* syscon_read: */
26ea0918
TS		 649
650
5856de80 651 /* Second part of the bootloader */
d7585251 652 p = (uint32_t *) (base + 0x580);
3b3c1694
LA		 653
654 if (semihosting_get_argc()) {
655 /* Preserve a0 content as arguments have been passed */
656 stl_p(p++, 0x00000000); /* nop */
657 } else {
658 stl_p(p++, 0x24040002); /* addiu a0, zero, 2 */
659 }
0983979b
PB		 660 stl_p(p++, 0x3c1d0000 | (((ENVP_ADDR - 64) >> 16) & 0xffff)); /* lui sp, high(ENVP_ADDR) */
661 stl_p(p++, 0x37bd0000 | ((ENVP_ADDR - 64) & 0xffff)); /* ori sp, sp, low(ENVP_ADDR) */
662 stl_p(p++, 0x3c050000 | ((ENVP_ADDR >> 16) & 0xffff)); /* lui a1, high(ENVP_ADDR) */
663 stl_p(p++, 0x34a50000 | (ENVP_ADDR & 0xffff)); /* ori a1, a1, low(ENVP_ADDR) */
664 stl_p(p++, 0x3c060000 | (((ENVP_ADDR + 8) >> 16) & 0xffff)); /* lui a2, high(ENVP_ADDR + 8) */
665 stl_p(p++, 0x34c60000 | ((ENVP_ADDR + 8) & 0xffff)); /* ori a2, a2, low(ENVP_ADDR + 8) */
71c199c8
PB		 666 stl_p(p++, 0x3c070000 | (loaderparams.ram_low_size >> 16)); /* lui a3, high(ram_low_size) */
667 stl_p(p++, 0x34e70000 | (loaderparams.ram_low_size & 0xffff)); /* ori a3, a3, low(ram_low_size) */
2802bfe3
TS		 668
669 /* Load BAR registers as done by YAMON */
0983979b 670 stl_p(p++, 0x3c09b400); /* lui t1, 0xb400 */
a0a8793e
TS		 671
672#ifdef TARGET_WORDS_BIGENDIAN
0983979b 673 stl_p(p++, 0x3c08df00); /* lui t0, 0xdf00 */
a0a8793e 674#else
0983979b 675 stl_p(p++, 0x340800df); /* ori t0, r0, 0x00df */
a0a8793e 676#endif
0983979b 677 stl_p(p++, 0xad280068); /* sw t0, 0x0068(t1) */
a0a8793e 678
0983979b 679 stl_p(p++, 0x3c09bbe0); /* lui t1, 0xbbe0 */
2802bfe3
TS		 680
681#ifdef TARGET_WORDS_BIGENDIAN
0983979b 682 stl_p(p++, 0x3c08c000); /* lui t0, 0xc000 */
2802bfe3 683#else
0983979b 684 stl_p(p++, 0x340800c0); /* ori t0, r0, 0x00c0 */
2802bfe3 685#endif
0983979b 686 stl_p(p++, 0xad280048); /* sw t0, 0x0048(t1) */
2802bfe3 687#ifdef TARGET_WORDS_BIGENDIAN
0983979b 688 stl_p(p++, 0x3c084000); /* lui t0, 0x4000 */
2802bfe3 689#else
0983979b 690 stl_p(p++, 0x34080040); /* ori t0, r0, 0x0040 */
2802bfe3 691#endif
0983979b 692 stl_p(p++, 0xad280050); /* sw t0, 0x0050(t1) */
2802bfe3
TS		 693
694#ifdef TARGET_WORDS_BIGENDIAN
0983979b 695 stl_p(p++, 0x3c088000); /* lui t0, 0x8000 */
2802bfe3 696#else
0983979b 697 stl_p(p++, 0x34080080); /* ori t0, r0, 0x0080 */
2802bfe3 698#endif
0983979b 699 stl_p(p++, 0xad280058); /* sw t0, 0x0058(t1) */
2802bfe3 700#ifdef TARGET_WORDS_BIGENDIAN
0983979b 701 stl_p(p++, 0x3c083f00); /* lui t0, 0x3f00 */
2802bfe3 702#else
0983979b 703 stl_p(p++, 0x3408003f); /* ori t0, r0, 0x003f */
2802bfe3 704#endif
0983979b 705 stl_p(p++, 0xad280060); /* sw t0, 0x0060(t1) */
2802bfe3
TS		 706
707#ifdef TARGET_WORDS_BIGENDIAN
0983979b 708 stl_p(p++, 0x3c08c100); /* lui t0, 0xc100 */
2802bfe3 709#else
0983979b 710 stl_p(p++, 0x340800c1); /* ori t0, r0, 0x00c1 */
2802bfe3 711#endif
0983979b 712 stl_p(p++, 0xad280080); /* sw t0, 0x0080(t1) */
2802bfe3 713#ifdef TARGET_WORDS_BIGENDIAN
0983979b 714 stl_p(p++, 0x3c085e00); /* lui t0, 0x5e00 */
2802bfe3 715#else
0983979b 716 stl_p(p++, 0x3408005e); /* ori t0, r0, 0x005e */
2802bfe3 717#endif
0983979b 718 stl_p(p++, 0xad280088); /* sw t0, 0x0088(t1) */
2802bfe3
TS		 719
720 /* Jump to kernel code */
0983979b
PB		 721 stl_p(p++, 0x3c1f0000 | ((kernel_entry >> 16) & 0xffff)); /* lui ra, high(kernel_entry) */
722 stl_p(p++, 0x37ff0000 | (kernel_entry & 0xffff)); /* ori ra, ra, low(kernel_entry) */
9fba1500 723 stl_p(p++, 0x03e00009); /* jalr ra */
0983979b 724 stl_p(p++, 0x00000000); /* nop */
26ea0918
TS		 725
726 /* YAMON subroutines */
d7585251 727 p = (uint32_t *) (base + 0x800);
9fba1500 728 stl_p(p++, 0x03e00009); /* jalr ra */
0983979b 729 stl_p(p++, 0x24020000); /* li v0,0 */
b0311811 730 /* 808 YAMON print */
0983979b
PB		 731 stl_p(p++, 0x03e06821); /* move t5,ra */
732 stl_p(p++, 0x00805821); /* move t3,a0 */
733 stl_p(p++, 0x00a05021); /* move t2,a1 */
734 stl_p(p++, 0x91440000); /* lbu a0,0(t2) */
735 stl_p(p++, 0x254a0001); /* addiu t2,t2,1 */
736 stl_p(p++, 0x10800005); /* beqz a0,834 */
737 stl_p(p++, 0x00000000); /* nop */
738 stl_p(p++, 0x0ff0021c); /* jal 870 */
739 stl_p(p++, 0x00000000); /* nop */
7f81dbb9 740 stl_p(p++, 0x1000fff9); /* b 814 */
0983979b 741 stl_p(p++, 0x00000000); /* nop */
9fba1500 742 stl_p(p++, 0x01a00009); /* jalr t5 */
0983979b 743 stl_p(p++, 0x01602021); /* move a0,t3 */
26ea0918 744 /* 0x83c YAMON print_count */
0983979b
PB		 745 stl_p(p++, 0x03e06821); /* move t5,ra */
746 stl_p(p++, 0x00805821); /* move t3,a0 */
747 stl_p(p++, 0x00a05021); /* move t2,a1 */
748 stl_p(p++, 0x00c06021); /* move t4,a2 */
749 stl_p(p++, 0x91440000); /* lbu a0,0(t2) */
750 stl_p(p++, 0x0ff0021c); /* jal 870 */
751 stl_p(p++, 0x00000000); /* nop */
752 stl_p(p++, 0x254a0001); /* addiu t2,t2,1 */
753 stl_p(p++, 0x258cffff); /* addiu t4,t4,-1 */
754 stl_p(p++, 0x1580fffa); /* bnez t4,84c */
755 stl_p(p++, 0x00000000); /* nop */
9fba1500 756 stl_p(p++, 0x01a00009); /* jalr t5 */
0983979b 757 stl_p(p++, 0x01602021); /* move a0,t3 */
26ea0918 758 /* 0x870 */
0983979b
PB		 759 stl_p(p++, 0x3c08b800); /* lui t0,0xb400 */
760 stl_p(p++, 0x350803f8); /* ori t0,t0,0x3f8 */
761 stl_p(p++, 0x91090005); /* lbu t1,5(t0) */
762 stl_p(p++, 0x00000000); /* nop */
763 stl_p(p++, 0x31290040); /* andi t1,t1,0x40 */
764 stl_p(p++, 0x1120fffc); /* beqz t1,878 <outch+0x8> */
765 stl_p(p++, 0x00000000); /* nop */
9fba1500 766 stl_p(p++, 0x03e00009); /* jalr ra */
0983979b 767 stl_p(p++, 0xa1040000); /* sb a0,0(t0) */
26ea0918 768
5856de80
TS		 769}
770
8b7968f7
SW		 771static void GCC_FMT_ATTR(3, 4) prom_set(uint32_t* prom_buf, int index,
772 const char *string, ...)
5856de80
TS		 773{
774 va_list ap;
3ddd0065 775 int32_t table_addr;
5856de80
TS		 776
777 if (index >= ENVP_NB_ENTRIES)
778 return;
779
5856de80 780 if (string == NULL) {
c938ada2 781 prom_buf[index] = 0;
5856de80
TS		 782 return;
783 }
784
c938ada2
AJ		 785 table_addr = sizeof(int32_t) * ENVP_NB_ENTRIES + index * ENVP_ENTRY_SIZE;
786 prom_buf[index] = tswap32(ENVP_ADDR + table_addr);
5856de80
TS		 787
788 va_start(ap, string);
c938ada2 789 vsnprintf((char *)prom_buf + table_addr, ENVP_ENTRY_SIZE, string, ap);
5856de80
TS		 790 va_end(ap);
791}
792
793/* Kernel */
e16ad5b0 794static int64_t load_kernel (void)
5856de80 795{
409dbce5 796 int64_t kernel_entry, kernel_high;
3ee3122c 797 long kernel_size, initrd_size;
c227f099 798 ram_addr_t initrd_offset;
ca20cf32 799 int big_endian;
c938ada2
AJ		 800 uint32_t *prom_buf;
801 long prom_size;
802 int prom_index = 0;
b0311811 803 uint64_t (*xlate_to_kseg0) (void *opaque, uint64_t addr);
ca20cf32
BS		 804
805#ifdef TARGET_WORDS_BIGENDIAN
806 big_endian = 1;
807#else
808 big_endian = 0;
809#endif
5856de80 810
3ee3122c
AJ		 811 kernel_size = load_elf(loaderparams.kernel_filename, cpu_mips_kseg0_to_phys,
812 NULL, (uint64_t *)&kernel_entry, NULL,
813 (uint64_t *)&kernel_high, big_endian, EM_MIPS, 1, 0);
814 if (kernel_size < 0) {
815 error_report("qemu: could not load kernel '%s': %s",
816 loaderparams.kernel_filename,
817 load_elf_strerror(kernel_size));
acdf72bb 818 exit(1);
5856de80 819 }
f7f15245 820
d3d93c6c
JH		 821 /* Check where the kernel has been linked */
822 if (kernel_entry & 0x80000000ll) {
823 if (kvm_enabled()) {
f7f15245
JH		 824 error_report("KVM guest kernels must be linked in useg. "
825 "Did you forget to enable CONFIG_KVM_GUEST?");
826 exit(1);
827 }
828
d3d93c6c 829 xlate_to_kseg0 = cpu_mips_phys_to_kseg0;
b0311811 830 } else {
d3d93c6c
JH		 831 /* if kernel entry is in useg it is probably a KVM T&E kernel */
832 mips_um_ksegs_enable();
f7f15245 833
d3d93c6c 834 xlate_to_kseg0 = cpu_mips_kvm_um_phys_to_kseg0;
b0311811 835 }
5856de80
TS		 836
837 /* load initrd */
838 initrd_size = 0;
74287114 839 initrd_offset = 0;
7df526e3
TS		 840 if (loaderparams.initrd_filename) {
841 initrd_size = get_image_size (loaderparams.initrd_filename);
74287114 842 if (initrd_size > 0) {
9652ef24
AJ		 843 /* The kernel allocates the bootmap memory in the low memory after
844 the initrd. It takes at most 128kiB for 2GB RAM and 4kiB
845 pages. */
846 initrd_offset = (loaderparams.ram_low_size - initrd_size - 131072
9768e2ab
AJ		 847 - ~INITRD_PAGE_MASK) & INITRD_PAGE_MASK;
848 if (kernel_high >= initrd_offset) {
74287114
TS		 849 fprintf(stderr,
850 "qemu: memory too small for initial ram disk '%s'\n",
7df526e3 851 loaderparams.initrd_filename);
74287114
TS		 852 exit(1);
853 }
dcac9679
PB		 854 initrd_size = load_image_targphys(loaderparams.initrd_filename,
855 initrd_offset,
856 ram_size - initrd_offset);
74287114 857 }
5856de80
TS		 858 if (initrd_size == (target_ulong) -1) {
859 fprintf(stderr, "qemu: could not load initial ram disk '%s'\n",
7df526e3 860 loaderparams.initrd_filename);
5856de80
TS		 861 exit(1);
862 }
863 }
864
c938ada2
AJ		 865 /* Setup prom parameters. */
866 prom_size = ENVP_NB_ENTRIES * (sizeof(int32_t) + ENVP_ENTRY_SIZE);
7267c094 867 prom_buf = g_malloc(prom_size);
c938ada2 868
f36d53ef 869 prom_set(prom_buf, prom_index++, "%s", loaderparams.kernel_filename);
c938ada2 870 if (initrd_size > 0) {
409dbce5 871 prom_set(prom_buf, prom_index++, "rd_start=0x%" PRIx64 " rd_size=%li %s",
b0311811 872 xlate_to_kseg0(NULL, initrd_offset), initrd_size,
7df526e3 873 loaderparams.kernel_cmdline);
c938ada2 874 } else {
f36d53ef 875 prom_set(prom_buf, prom_index++, "%s", loaderparams.kernel_cmdline);
c938ada2
AJ		 876 }
877
878 prom_set(prom_buf, prom_index++, "memsize");
71c199c8
PB		 879 prom_set(prom_buf, prom_index++, "%u", loaderparams.ram_low_size);
880
881 prom_set(prom_buf, prom_index++, "ememsize");
882 prom_set(prom_buf, prom_index++, "%u", loaderparams.ram_size);
b0311811 883
c938ada2
AJ		 884 prom_set(prom_buf, prom_index++, "modetty0");
885 prom_set(prom_buf, prom_index++, "38400n8r");
886 prom_set(prom_buf, prom_index++, NULL);
887
888 rom_add_blob_fixed("prom", prom_buf, prom_size,
409dbce5 889 cpu_mips_kseg0_to_phys(NULL, ENVP_ADDR));
5856de80 890
3ad9fd5a 891 g_free(prom_buf);
74287114 892 return kernel_entry;
5856de80
TS		 893}
894
ce3960eb 895static void malta_mips_config(MIPSCPU *cpu)
c4cb2578 896{
ce3960eb
AF		 897 CPUMIPSState *env = &cpu->env;
898 CPUState *cs = CPU(cpu);
899
c4cb2578 900 env->mvp->CP0_MVPConf0 |= ((smp_cpus - 1) << CP0MVPC0_PVPE) |
ce3960eb 901 ((smp_cpus * cs->nr_threads - 1) << CP0MVPC0_PTC);
c4cb2578
EI		 902}
903
5856de80
TS		 904static void main_cpu_reset(void *opaque)
905{
1004ee8d
AF		 906 MIPSCPU *cpu = opaque;
907 CPUMIPSState *env = &cpu->env;
908
909 cpu_reset(CPU(cpu));
5856de80 910
5c43485f 911 /* The bootloader does not need to be rewritten as it is located in a
5856de80
TS		 912 read only location. The kernel location and the arguments table
913 location does not change. */
7df526e3 914 if (loaderparams.kernel_filename) {
d6ca4277 915 env->CP0_Status &= ~(1 << CP0St_ERL);
fb82fea0 916 }
c4cb2578 917
ce3960eb 918 malta_mips_config(cpu);
b0311811
JH		 919
920 if (kvm_enabled()) {
921 /* Start running from the bootloader we wrote to end of RAM */
ca2f6bbb 922 env->active_tc.PC = 0x40000000 + loaderparams.ram_low_size;
b0311811 923 }
5856de80
TS		 924}
925
a7519f2b 926static void create_cpu_without_cps(const char *cpu_type,
bff384a4 927 qemu_irq *cbus_irq, qemu_irq *i8259_irq)
67a54961
LA		 928{
929 CPUMIPSState *env;
930 MIPSCPU *cpu;
931 int i;
67a54961
LA		 932
933 for (i = 0; i < smp_cpus; i++) {
a7519f2b 934 cpu = MIPS_CPU(cpu_create(cpu_type));
67a54961
LA		 935
936 /* Init internal devices */
5a975d43
PB		 937 cpu_mips_irq_init_cpu(cpu);
938 cpu_mips_clock_init(cpu);
67a54961
LA		 939 qemu_register_reset(main_cpu_reset, cpu);
940 }
941
942 cpu = MIPS_CPU(first_cpu);
943 env = &cpu->env;
944 *i8259_irq = env->irq[2];
945 *cbus_irq = env->irq[4];
946}
947
a7519f2b 948static void create_cps(MaltaState *s, const char *cpu_type,
bff384a4
LA		 949 qemu_irq *cbus_irq, qemu_irq *i8259_irq)
950{
951 Error *err = NULL;
bff384a4 952
81491c28 953 s->cps = MIPS_CPS(object_new(TYPE_MIPS_CPS));
bff384a4
LA		 954 qdev_set_parent_bus(DEVICE(s->cps), sysbus_get_default());
955
a7519f2b 956 object_property_set_str(OBJECT(s->cps), cpu_type, "cpu-type", &err);
bff384a4
LA		 957 object_property_set_int(OBJECT(s->cps), smp_cpus, "num-vp", &err);
958 object_property_set_bool(OBJECT(s->cps), true, "realized", &err);
959 if (err != NULL) {
960 error_report("%s", error_get_pretty(err));
961 exit(1);
962 }
963
964 sysbus_mmio_map_overlap(SYS_BUS_DEVICE(s->cps), 0, 0, 1);
965
19494f81 966 *i8259_irq = get_cps_irq(s->cps, 3);
bff384a4
LA		 967 *cbus_irq = NULL;
968}
969
a7519f2b
IM		 970static void mips_create_cpu(MaltaState *s, const char *cpu_type,
971 qemu_irq *cbus_irq, qemu_irq *i8259_irq)
bff384a4 972{
a7519f2b
IM		 973 if ((smp_cpus > 1) && cpu_supports_cps_smp(cpu_type)) {
974 create_cps(s, cpu_type, cbus_irq, i8259_irq);
bff384a4 975 } else {
a7519f2b 976 create_cpu_without_cps(cpu_type, cbus_irq, i8259_irq);
bff384a4
LA		 977 }
978}
979
70705261 980static
3ef96221 981void mips_malta_init(MachineState *machine)
5856de80 982{
3ef96221 983 ram_addr_t ram_size = machine->ram_size;
b0311811 984 ram_addr_t ram_low_size;
3ef96221
MA		 985 const char *kernel_filename = machine->kernel_filename;
986 const char *kernel_cmdline = machine->kernel_cmdline;
987 const char *initrd_filename = machine->initrd_filename;
5cea8590 988 char *filename;
cfe5f011 989 pflash_t *fl;
cfe5f011 990 MemoryRegion *system_memory = get_system_memory();
94c2b6af
PB		 991 MemoryRegion *ram_high = g_new(MemoryRegion, 1);
992 MemoryRegion *ram_low_preio = g_new(MemoryRegion, 1);
993 MemoryRegion *ram_low_postio;
a427338b 994 MemoryRegion *bios, *bios_copy = g_new(MemoryRegion, 1);
03a1a8e1 995 target_long bios_size = FLASH_SIZE;
35c64807
PB		 996 const size_t smbus_eeprom_size = 8 * 256;
997 uint8_t *smbus_eeprom_buf = g_malloc0(smbus_eeprom_size);
b0311811 998 int64_t kernel_entry, bootloader_run_addr;
5856de80 999 PCIBus *pci_bus;
48a18b3c 1000 ISABus *isa_bus;
e9b40fd3 1001 qemu_irq *isa_irq;
67a54961 1002 qemu_irq cbus_irq, i8259_irq;
7b717336 1003 int piix4_devfn;
a5c82852 1004 I2CBus *smbus;
7b717336 1005 int i;
751c6a17 1006 DriveInfo *dinfo;
f455e98c 1007 DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
fd8014e1 1008 DriveInfo *fd[MAX_FD];
c8b153d7 1009 int fl_idx = 0;
bb4b3358 1010 int fl_sectors = bios_size >> 16;
01e0451a 1011 int be;
5856de80 1012
cba5cb67
AF		 1013 DeviceState *dev = qdev_create(NULL, TYPE_MIPS_MALTA);
1014 MaltaState *s = MIPS_MALTA(dev);
e9b40fd3 1015
cc413a39
AJ		 1016 /* The whole address space decoded by the GT-64120A doesn't generate
1017 exception when accessing invalid memory. Create an empty slot to
1018 emulate this feature. */
1019 empty_slot_init(0, 0x20000000);
1020
e9b40fd3
SW		 1021 qdev_init_nofail(dev);
1022
ffabf037
AJ		 1023 /* Make sure the first 3 serial ports are associated with a device. */
1024 for(i = 0; i < 3; i++) {
1025 if (!serial_hds[i]) {
1026 char label[32];
1027 snprintf(label, sizeof(label), "serial%d", i);
b4948be9 1028 serial_hds[i] = qemu_chr_new(label, "null");
ffabf037
AJ		 1029 }
1030 }
1031
bff384a4 1032 /* create CPU */
a7519f2b 1033 mips_create_cpu(s, machine->cpu_type, &cbus_irq, &i8259_irq);
5856de80
TS		 1034
1035 /* allocate RAM */
94c2b6af 1036 if (ram_size > (2048u << 20)) {
0ccff151 1037 fprintf(stderr,
94c2b6af 1038 "qemu: Too much memory for this machine: %d MB, maximum 2048 MB\n",
0ccff151
AJ		 1039 ((unsigned int)ram_size / (1 << 20)));
1040 exit(1);
1041 }
94c2b6af
PB		 1042
1043 /* register RAM at high address where it is undisturbed by IO */
6a926fbc
DM		 1044 memory_region_allocate_system_memory(ram_high, NULL, "mips_malta.ram",
1045 ram_size);
94c2b6af
PB		 1046 memory_region_add_subregion(system_memory, 0x80000000, ram_high);
1047
1048 /* alias for pre IO hole access */
1049 memory_region_init_alias(ram_low_preio, NULL, "mips_malta_low_preio.ram",
1050 ram_high, 0, MIN(ram_size, (256 << 20)));
1051 memory_region_add_subregion(system_memory, 0, ram_low_preio);
1052
1053 /* alias for post IO hole access, if there is enough RAM */
1054 if (ram_size > (512 << 20)) {
1055 ram_low_postio = g_new(MemoryRegion, 1);
1056 memory_region_init_alias(ram_low_postio, NULL,
1057 "mips_malta_low_postio.ram",
1058 ram_high, 512 << 20,
1059 ram_size - (512 << 20));
1060 memory_region_add_subregion(system_memory, 512 << 20, ram_low_postio);
1061 }
5856de80 1062
02bccc77 1063 /* generate SPD EEPROM data */
35c64807
PB		 1064 generate_eeprom_spd(&smbus_eeprom_buf[0 * 256], ram_size);
1065 generate_eeprom_serial(&smbus_eeprom_buf[6 * 256]);
02bccc77 1066
01e0451a
AL		 1067#ifdef TARGET_WORDS_BIGENDIAN
1068 be = 1;
1069#else
1070 be = 0;
1071#endif
070ce5ed 1072 /* FPGA */
68d00192 1073 /* The CBUS UART is attached to the MIPS CPU INT2 pin, ie interrupt 4 */
67a54961 1074 malta_fpga_init(system_memory, FPGA_ADDRESS, cbus_irq, serial_hds[2]);
070ce5ed 1075
bb4b3358
SW		 1076 /* Load firmware in flash / BIOS. */
1077 dinfo = drive_get(IF_PFLASH, 0, fl_idx);
1078#ifdef DEBUG_BOARD_INIT
1079 if (dinfo) {
1080 printf("Register parallel flash %d size " TARGET_FMT_lx " at "
1081 "addr %08llx '%s' %x\n",
03a1a8e1 1082 fl_idx, bios_size, FLASH_ADDRESS,
4be74634 1083 blk_name(dinfo->bdrv), fl_sectors);
bb4b3358
SW		 1084 }
1085#endif
03a1a8e1 1086 fl = pflash_cfi01_register(FLASH_ADDRESS, NULL, "mips_malta.bios",
fa1d36df 1087 BIOS_SIZE,
4be74634 1088 dinfo ? blk_by_legacy_dinfo(dinfo) : NULL,
bb4b3358
SW		 1089 65536, fl_sectors,
1090 4, 0x0000, 0x0000, 0x0000, 0x0000, be);
1091 bios = pflash_cfi01_get_memory(fl);
1092 fl_idx++;
c8b153d7 1093 if (kernel_filename) {
b0311811 1094 ram_low_size = MIN(ram_size, 256 << 20);
fbdb1d95 1095 /* For KVM we reserve 1MB of RAM for running bootloader */
b0311811
JH		 1096 if (kvm_enabled()) {
1097 ram_low_size -= 0x100000;
1098 bootloader_run_addr = 0x40000000 + ram_low_size;
1099 } else {
1100 bootloader_run_addr = 0xbfc00000;
1101 }
1102
c8b153d7 1103 /* Write a small bootloader to the flash location. */
71c199c8
PB		 1104 loaderparams.ram_size = ram_size;
1105 loaderparams.ram_low_size = ram_low_size;
c8b153d7
TS		 1106 loaderparams.kernel_filename = kernel_filename;
1107 loaderparams.kernel_cmdline = kernel_cmdline;
1108 loaderparams.initrd_filename = initrd_filename;
e16ad5b0 1109 kernel_entry = load_kernel();
b0311811 1110
cc518af0 1111 write_bootloader(memory_region_get_ram_ptr(bios),
b0311811
JH		 1112 bootloader_run_addr, kernel_entry);
1113 if (kvm_enabled()) {
1114 /* Write the bootloader code @ the end of RAM, 1MB reserved */
cc518af0 1115 write_bootloader(memory_region_get_ram_ptr(ram_low_preio) +
b0311811
JH		 1116 ram_low_size,
1117 bootloader_run_addr, kernel_entry);
1118 }
c8b153d7 1119 } else {
fbdb1d95 1120 /* The flash region isn't executable from a KVM guest */
3c5d0be5
JH		 1121 if (kvm_enabled()) {
1122 error_report("KVM enabled but no -kernel argument was specified. "
fbdb1d95 1123 "Booting from flash is not supported with KVM.");
3c5d0be5
JH		 1124 exit(1);
1125 }
bb4b3358
SW		 1126 /* Load firmware from flash. */
1127 if (!dinfo) {
c8b153d7 1128 /* Load a BIOS image. */
bb4b3358 1129 if (bios_name == NULL) {
c8b153d7 1130 bios_name = BIOS_FILENAME;
bb4b3358 1131 }
5cea8590
PB		 1132 filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
1133 if (filename) {
03a1a8e1 1134 bios_size = load_image_targphys(filename, FLASH_ADDRESS,
5cea8590 1135 BIOS_SIZE);
7267c094 1136 g_free(filename);
5cea8590
PB		 1137 } else {
1138 bios_size = -1;
1139 }
2c57bd9b
AF		 1140 if ((bios_size < 0 || bios_size > BIOS_SIZE) &&
1141 !kernel_filename && !qtest_enabled()) {
2e985fe0
AJ		 1142 error_report("Could not load MIPS bios '%s', and no "
1143 "-kernel argument was specified", bios_name);
1144 exit(1);
c8b153d7 1145 }
070ce5ed 1146 }
3187ef03
TS		 1147 /* In little endian mode the 32bit words in the bios are swapped,
1148 a neat trick which allows bi-endian firmware. */
1149#ifndef TARGET_WORDS_BIGENDIAN
1150 {
a2b8813d
PB		 1151 uint32_t *end, *addr = rom_ptr(FLASH_ADDRESS);
1152 if (!addr) {
1153 addr = memory_region_get_ram_ptr(bios);
1154 }
1817f56a 1155 end = (void *)addr + MIN(bios_size, 0x3e0000);
d7585251
PB		 1156 while (addr < end) {
1157 bswap32s(addr);
a30cfee5 1158 addr++;
3187ef03
TS		 1159 }
1160 }
1161#endif
070ce5ed
TS		 1162 }
1163
a427338b
PB		 1164 /*
1165 * Map the BIOS at a 2nd physical location, as on the real board.
1166 * Copy it so that we can patch in the MIPS revision, which cannot be
1167 * handled by an overlapping region as the resulting ROM code subpage
1168 * regions are not executable.
1169 */
1cfe48c1 1170 memory_region_init_ram_nomigrate(bios_copy, NULL, "bios.1fc", BIOS_SIZE,
f8ed85ac 1171 &error_fatal);
a427338b 1172 if (!rom_copy(memory_region_get_ram_ptr(bios_copy),
f05d4d94 1173 FLASH_ADDRESS, BIOS_SIZE)) {
a427338b 1174 memcpy(memory_region_get_ram_ptr(bios_copy),
f05d4d94 1175 memory_region_get_ram_ptr(bios), BIOS_SIZE);
a427338b
PB		 1176 }
1177 memory_region_set_readonly(bios_copy, true);
1178 memory_region_add_subregion(system_memory, RESET_ADDRESS, bios_copy);
82a9807b 1179
a427338b
PB		 1180 /* Board ID = 0x420 (Malta Board with CoreLV) */
1181 stl_p(memory_region_get_ram_ptr(bios_copy) + 0x10, 0x00000420);
5856de80 1182
5632ae46
AK		 1183 /*
1184 * We have a circular dependency problem: pci_bus depends on isa_irq,
1185 * isa_irq is provided by i8259, i8259 depends on ISA, ISA depends
1186 * on piix4, and piix4 depends on pci_bus. To stop the cycle we have
1187 * qemu_irq_proxy() adds an extra bit of indirection, allowing us
1188 * to resolve the isa_irq -> i8259 dependency after i8259 is initialized.
1189 */
e9b40fd3 1190 isa_irq = qemu_irq_proxy(&s->i8259, 16);
5856de80
TS		 1191
1192 /* Northbridge */
5632ae46 1193 pci_bus = gt64120_register(isa_irq);
5856de80
TS		 1194
1195 /* Southbridge */
d8f94e1b 1196 ide_drive_get(hd, ARRAY_SIZE(hd));
e4bcb14c 1197
142e9787 1198 piix4_devfn = piix4_init(pci_bus, &isa_bus, 80);
5632ae46
AK		 1199
1200 /* Interrupt controller */
1201 /* The 8259 is attached to the MIPS CPU INT0 pin, ie interrupt 2 */
67a54961 1202 s->i8259 = i8259_init(isa_bus, i8259_irq);
5632ae46 1203
e9b40fd3 1204 isa_bus_irqs(isa_bus, s->i8259);
ae027ad3 1205 pci_piix4_ide_init(pci_bus, hd, piix4_devfn + 1);
afb9a60e 1206 pci_create_simple(pci_bus, piix4_devfn + 2, "piix4-usb-uhci");
48a18b3c 1207 smbus = piix4_pm_init(pci_bus, piix4_devfn + 3, 0x1100,
6e7d8249 1208 isa_get_irq(NULL, 9), NULL, 0, NULL);
35c64807
PB		 1209 smbus_eeprom_init(smbus, 8, smbus_eeprom_buf, smbus_eeprom_size);
1210 g_free(smbus_eeprom_buf);
acf695ec 1211 pit = i8254_pit_init(isa_bus, 0x40, 0, NULL);
57146941 1212 DMA_init(isa_bus, 0);
5856de80
TS		 1213
1214 /* Super I/O */
48a18b3c 1215 isa_create_simple(isa_bus, "i8042");
49a2942d 1216
6c646a11 1217 mc146818_rtc_init(isa_bus, 2000, NULL);
4496dc49 1218 serial_hds_isa_init(isa_bus, 0, 2);
07dc7880
MA		 1219 parallel_hds_isa_init(isa_bus, 1);
1220
e4bcb14c 1221 for(i = 0; i < MAX_FD; i++) {
fd8014e1 1222 fd[i] = drive_get(IF_FLOPPY, 0, i);
e4bcb14c 1223 }
48a18b3c 1224 fdctrl_init_isa(isa_bus, fd);
5856de80 1225
5856de80 1226 /* Network card */
29b358f9 1227 network_init(pci_bus);
11f29511
TS		 1228
1229 /* Optional PCI video card */
9c59864d 1230 pci_vga_init(pci_bus);
5856de80
TS		 1231}
1232
e9b40fd3
SW		 1233static int mips_malta_sysbus_device_init(SysBusDevice *sysbusdev)
1234{
1235 return 0;
1236}
1237
999e12bb
AL		 1238static void mips_malta_class_init(ObjectClass *klass, void *data)
1239{
1240 SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
1241
1242 k->init = mips_malta_sysbus_device_init;
1243}
1244
8c43a6f0 1245static const TypeInfo mips_malta_device = {
cba5cb67 1246 .name = TYPE_MIPS_MALTA,
39bffca2
AL		 1247 .parent = TYPE_SYS_BUS_DEVICE,
1248 .instance_size = sizeof(MaltaState),
1249 .class_init = mips_malta_class_init,
e9b40fd3
SW		 1250};
1251
e264d29d 1252static void mips_malta_machine_init(MachineClass *mc)
e9b40fd3 1253{
e264d29d
EH		 1254 mc->desc = "MIPS Malta Core LV";
1255 mc->init = mips_malta_init;
2059839b 1256 mc->block_default_type = IF_IDE;
e264d29d
EH		 1257 mc->max_cpus = 16;
1258 mc->is_default = 1;
a7519f2b
IM		 1259#ifdef TARGET_MIPS64
1260 mc->default_cpu_type = MIPS_CPU_TYPE_NAME("20Kc");
1261#else
1262 mc->default_cpu_type = MIPS_CPU_TYPE_NAME("24Kf");
1263#endif
e9b40fd3
SW		 1264}
1265
e264d29d
EH		 1266DEFINE_MACHINE("malta", mips_malta_machine_init)
1267
1268static void mips_malta_register_types(void)
f80f9ec9 1269{
e264d29d 1270 type_register_static(&mips_malta_device);
f80f9ec9
AL		 1271}
1272
83f7d43a 1273type_init(mips_malta_register_types)
QEMU mirror