search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
scsi-disk: Remove duplicate cdb parsing
[qemu/ar7.git] / hw / mips_malta.c
blob6be8aa70f974ad6dedf9c51570af75647638628e
1 /*
2 * QEMU Malta board support
3 *
4 * Copyright (c) 2006 Aurelien Jarno
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
24
25 #include "hw.h"
26 #include "pc.h"
27 #include "fdc.h"
28 #include "net.h"
29 #include "boards.h"
30 #include "smbus.h"
31 #include "block.h"
32 #include "flash.h"
33 #include "mips.h"
34 #include "mips_cpudevs.h"
35 #include "pci.h"
36 #include "usb-uhci.h"
37 #include "vmware_vga.h"
38 #include "qemu-char.h"
39 #include "sysemu.h"
40 #include "audio/audio.h"
41 #include "boards.h"
42 #include "qemu-log.h"
43 #include "mips-bios.h"
44 #include "ide.h"
45 #include "loader.h"
46 #include "elf.h"
47 #include "mc146818rtc.h"
48 #include "blockdev.h"
49
50 //#define DEBUG_BOARD_INIT
51
52 #define ENVP_ADDR 0x80002000l
53 #define ENVP_NB_ENTRIES 16
54 #define ENVP_ENTRY_SIZE 256
55
56 #define MAX_IDE_BUS 2
57
58 typedef struct {
59 uint32_t leds;
60 uint32_t brk;
61 uint32_t gpout;
62 uint32_t i2cin;
63 uint32_t i2coe;
64 uint32_t i2cout;
65 uint32_t i2csel;
66 CharDriverState *display;
67 char display_text[9];
68 SerialState *uart;
69 } MaltaFPGAState;
70
71 static PITState *pit;
72
73 static struct _loaderparams {
74 int ram_size;
75 const char *kernel_filename;
76 const char *kernel_cmdline;
77 const char *initrd_filename;
78 } loaderparams;
79
80 /* Malta FPGA */
81 static void malta_fpga_update_display(void *opaque)
82 {
83 char leds_text[9];
84 int i;
85 MaltaFPGAState *s = opaque;
86
87 for (i = 7 ; i >= 0 ; i--) {
88 if (s->leds & (1 << i))
89 leds_text[i] = '#';
90 else
91 leds_text[i] = ' ';
92 }
93 leds_text[8] = '\0';
94
95 qemu_chr_printf(s->display, "\e[H\n\n|\e[32m%-8.8s\e[00m|\r\n", leds_text);
96 qemu_chr_printf(s->display, "\n\n\n\n|\e[31m%-8.8s\e[00m|", s->display_text);
97 }
98
99 /*
100 * EEPROM 24C01 / 24C02 emulation.
101 *
102 * Emulation for serial EEPROMs:
103 * 24C01 - 1024 bit (128 x 8)
104 * 24C02 - 2048 bit (256 x 8)
105 *
106 * Typical device names include Microchip 24C02SC or SGS Thomson ST24C02.
107 */
108
109 //~ #define DEBUG
110
111 #if defined(DEBUG)
112 # define logout(fmt, ...) fprintf(stderr, "MALTA\t%-24s" fmt, __func__, ## __VA_ARGS__)
113 #else
114 # define logout(fmt, ...) ((void)0)
115 #endif
116
117 struct _eeprom24c0x_t {
118 uint8_t tick;
119 uint8_t address;
120 uint8_t command;
121 uint8_t ack;
122 uint8_t scl;
123 uint8_t sda;
124 uint8_t data;
125 //~ uint16_t size;
126 uint8_t contents[256];
127 };
128
129 typedef struct _eeprom24c0x_t eeprom24c0x_t;
130
131 static eeprom24c0x_t eeprom = {
132 .contents = {
133 /* 00000000: */ 0x80,0x08,0x04,0x0D,0x0A,0x01,0x40,0x00,
134 /* 00000008: */ 0x01,0x75,0x54,0x00,0x82,0x08,0x00,0x01,
135 /* 00000010: */ 0x8F,0x04,0x02,0x01,0x01,0x00,0x0E,0x00,
136 /* 00000018: */ 0x00,0x00,0x00,0x14,0x0F,0x14,0x2D,0x40,
137 /* 00000020: */ 0x15,0x08,0x15,0x08,0x00,0x00,0x00,0x00,
138 /* 00000028: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
139 /* 00000030: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
140 /* 00000038: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x12,0xD0,
141 /* 00000040: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
142 /* 00000048: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
143 /* 00000050: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
144 /* 00000058: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
145 /* 00000060: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
146 /* 00000068: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
147 /* 00000070: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
148 /* 00000078: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x64,0xF4,
149 },
150 };
151
152 static uint8_t eeprom24c0x_read(void)
153 {
154 logout("%u: scl = %u, sda = %u, data = 0x%02x\n",
155 eeprom.tick, eeprom.scl, eeprom.sda, eeprom.data);
156 return eeprom.sda;
157 }
158
159 static void eeprom24c0x_write(int scl, int sda)
160 {
161 if (eeprom.scl && scl && (eeprom.sda != sda)) {
162 logout("%u: scl = %u->%u, sda = %u->%u i2c %s\n",
163 eeprom.tick, eeprom.scl, scl, eeprom.sda, sda, sda ? "stop" : "start");
164 if (!sda) {
165 eeprom.tick = 1;
166 eeprom.command = 0;
167 }
168 } else if (eeprom.tick == 0 && !eeprom.ack) {
169 /* Waiting for start. */
170 logout("%u: scl = %u->%u, sda = %u->%u wait for i2c start\n",
171 eeprom.tick, eeprom.scl, scl, eeprom.sda, sda);
172 } else if (!eeprom.scl && scl) {
173 logout("%u: scl = %u->%u, sda = %u->%u trigger bit\n",
174 eeprom.tick, eeprom.scl, scl, eeprom.sda, sda);
175 if (eeprom.ack) {
176 logout("\ti2c ack bit = 0\n");
177 sda = 0;
178 eeprom.ack = 0;
179 } else if (eeprom.sda == sda) {
180 uint8_t bit = (sda != 0);
181 logout("\ti2c bit = %d\n", bit);
182 if (eeprom.tick < 9) {
183 eeprom.command <<= 1;
184 eeprom.command += bit;
185 eeprom.tick++;
186 if (eeprom.tick == 9) {
187 logout("\tcommand 0x%04x, %s\n", eeprom.command, bit ? "read" : "write");
188 eeprom.ack = 1;
189 }
190 } else if (eeprom.tick < 17) {
191 if (eeprom.command & 1) {
192 sda = ((eeprom.data & 0x80) != 0);
193 }
194 eeprom.address <<= 1;
195 eeprom.address += bit;
196 eeprom.tick++;
197 eeprom.data <<= 1;
198 if (eeprom.tick == 17) {
199 eeprom.data = eeprom.contents[eeprom.address];
200 logout("\taddress 0x%04x, data 0x%02x\n", eeprom.address, eeprom.data);
201 eeprom.ack = 1;
202 eeprom.tick = 0;
203 }
204 } else if (eeprom.tick >= 17) {
205 sda = 0;
206 }
207 } else {
208 logout("\tsda changed with raising scl\n");
209 }
210 } else {
211 logout("%u: scl = %u->%u, sda = %u->%u\n", eeprom.tick, eeprom.scl, scl, eeprom.sda, sda);
212 }
213 eeprom.scl = scl;
214 eeprom.sda = sda;
215 }
216
217 static uint32_t malta_fpga_readl(void *opaque, target_phys_addr_t addr)
218 {
219 MaltaFPGAState *s = opaque;
220 uint32_t val = 0;
221 uint32_t saddr;
222
223 saddr = (addr & 0xfffff);
224
225 switch (saddr) {
226
227 /* SWITCH Register */
228 case 0x00200:
229 val = 0x00000000; /* All switches closed */
230 break;
231
232 /* STATUS Register */
233 case 0x00208:
234 #ifdef TARGET_WORDS_BIGENDIAN
235 val = 0x00000012;
236 #else
237 val = 0x00000010;
238 #endif
239 break;
240
241 /* JMPRS Register */
242 case 0x00210:
243 val = 0x00;
244 break;
245
246 /* LEDBAR Register */
247 case 0x00408:
248 val = s->leds;
249 break;
250
251 /* BRKRES Register */
252 case 0x00508:
253 val = s->brk;
254 break;
255
256 /* UART Registers are handled directly by the serial device */
257
258 /* GPOUT Register */
259 case 0x00a00:
260 val = s->gpout;
261 break;
262
263 /* XXX: implement a real I2C controller */
264
265 /* GPINP Register */
266 case 0x00a08:
267 /* IN = OUT until a real I2C control is implemented */
268 if (s->i2csel)
269 val = s->i2cout;
270 else
271 val = 0x00;
272 break;
273
274 /* I2CINP Register */
275 case 0x00b00:
276 val = ((s->i2cin & ~1) | eeprom24c0x_read());
277 break;
278
279 /* I2COE Register */
280 case 0x00b08:
281 val = s->i2coe;
282 break;
283
284 /* I2COUT Register */
285 case 0x00b10:
286 val = s->i2cout;
287 break;
288
289 /* I2CSEL Register */
290 case 0x00b18:
291 val = s->i2csel;
292 break;
293
294 default:
295 #if 0
296 printf ("malta_fpga_read: Bad register offset 0x" TARGET_FMT_lx "\n",
297 addr);
298 #endif
299 break;
300 }
301 return val;
302 }
303
304 static void malta_fpga_writel(void *opaque, target_phys_addr_t addr,
305 uint32_t val)
306 {
307 MaltaFPGAState *s = opaque;
308 uint32_t saddr;
309
310 saddr = (addr & 0xfffff);
311
312 switch (saddr) {
313
314 /* SWITCH Register */
315 case 0x00200:
316 break;
317
318 /* JMPRS Register */
319 case 0x00210:
320 break;
321
322 /* LEDBAR Register */
323 /* XXX: implement a 8-LED array */
324 case 0x00408:
325 s->leds = val & 0xff;
326 break;
327
328 /* ASCIIWORD Register */
329 case 0x00410:
330 snprintf(s->display_text, 9, "%08X", val);
331 malta_fpga_update_display(s);
332 break;
333
334 /* ASCIIPOS0 to ASCIIPOS7 Registers */
335 case 0x00418:
336 case 0x00420:
337 case 0x00428:
338 case 0x00430:
339 case 0x00438:
340 case 0x00440:
341 case 0x00448:
342 case 0x00450:
343 s->display_text[(saddr - 0x00418) >> 3] = (char) val;
344 malta_fpga_update_display(s);
345 break;
346
347 /* SOFTRES Register */
348 case 0x00500:
349 if (val == 0x42)
350 qemu_system_reset_request ();
351 break;
352
353 /* BRKRES Register */
354 case 0x00508:
355 s->brk = val & 0xff;
356 break;
357
358 /* UART Registers are handled directly by the serial device */
359
360 /* GPOUT Register */
361 case 0x00a00:
362 s->gpout = val & 0xff;
363 break;
364
365 /* I2COE Register */
366 case 0x00b08:
367 s->i2coe = val & 0x03;
368 break;
369
370 /* I2COUT Register */
371 case 0x00b10:
372 eeprom24c0x_write(val & 0x02, val & 0x01);
373 s->i2cout = val;
374 break;
375
376 /* I2CSEL Register */
377 case 0x00b18:
378 s->i2csel = val & 0x01;
379 break;
380
381 default:
382 #if 0
383 printf ("malta_fpga_write: Bad register offset 0x" TARGET_FMT_lx "\n",
384 addr);
385 #endif
386 break;
387 }
388 }
389
390 static CPUReadMemoryFunc * const malta_fpga_read[] = {
391 malta_fpga_readl,
392 malta_fpga_readl,
393 malta_fpga_readl
394 };
395
396 static CPUWriteMemoryFunc * const malta_fpga_write[] = {
397 malta_fpga_writel,
398 malta_fpga_writel,
399 malta_fpga_writel
400 };
401
402 static void malta_fpga_reset(void *opaque)
403 {
404 MaltaFPGAState *s = opaque;
405
406 s->leds = 0x00;
407 s->brk = 0x0a;
408 s->gpout = 0x00;
409 s->i2cin = 0x3;
410 s->i2coe = 0x0;
411 s->i2cout = 0x3;
412 s->i2csel = 0x1;
413
414 s->display_text[8] = '\0';
415 snprintf(s->display_text, 9, " ");
416 }
417
418 static void malta_fpga_led_init(CharDriverState *chr)
419 {
420 qemu_chr_printf(chr, "\e[HMalta LEDBAR\r\n");
421 qemu_chr_printf(chr, "+--------+\r\n");
422 qemu_chr_printf(chr, "+ +\r\n");
423 qemu_chr_printf(chr, "+--------+\r\n");
424 qemu_chr_printf(chr, "\n");
425 qemu_chr_printf(chr, "Malta ASCII\r\n");
426 qemu_chr_printf(chr, "+--------+\r\n");
427 qemu_chr_printf(chr, "+ +\r\n");
428 qemu_chr_printf(chr, "+--------+\r\n");
429 }
430
431 static MaltaFPGAState *malta_fpga_init(target_phys_addr_t base, qemu_irq uart_irq, CharDriverState *uart_chr)
432 {
433 MaltaFPGAState *s;
434 int malta;
435
436 s = (MaltaFPGAState *)qemu_mallocz(sizeof(MaltaFPGAState));
437
438 malta = cpu_register_io_memory(malta_fpga_read,
439 malta_fpga_write, s);
440
441 cpu_register_physical_memory(base, 0x900, malta);
442 /* 0xa00 is less than a page, so will still get the right offsets. */
443 cpu_register_physical_memory(base + 0xa00, 0x100000 - 0xa00, malta);
444
445 s->display = qemu_chr_open("fpga", "vc:320x200", malta_fpga_led_init);
446
447 #ifdef TARGET_WORDS_BIGENDIAN
448 s->uart = serial_mm_init(base + 0x900, 3, uart_irq, 230400, uart_chr, 1, 1);
449 #else
450 s->uart = serial_mm_init(base + 0x900, 3, uart_irq, 230400, uart_chr, 1, 0);
451 #endif
452
453 malta_fpga_reset(s);
454 qemu_register_reset(malta_fpga_reset, s);
455
456 return s;
457 }
458
459 /* Audio support */
460 static void audio_init (PCIBus *pci_bus)
461 {
462 struct soundhw *c;
463 int audio_enabled = 0;
464
465 for (c = soundhw; !audio_enabled && c->name; ++c) {
466 audio_enabled = c->enabled;
467 }
468
469 if (audio_enabled) {
470 for (c = soundhw; c->name; ++c) {
471 if (c->enabled) {
472 c->init.init_pci(pci_bus);
473 }
474 }
475 }
476 }
477
478 /* Network support */
479 static void network_init(void)
480 {
481 int i;
482
483 for(i = 0; i < nb_nics; i++) {
484 NICInfo *nd = &nd_table[i];
485 const char *default_devaddr = NULL;
486
487 if (i == 0 && (!nd->model || strcmp(nd->model, "pcnet") == 0))
488 /* The malta board has a PCNet card using PCI SLOT 11 */
489 default_devaddr = "0b";
490
491 pci_nic_init_nofail(nd, "pcnet", default_devaddr);
492 }
493 }
494
495 /* ROM and pseudo bootloader
496
497 The following code implements a very very simple bootloader. It first
498 loads the registers a0 to a3 to the values expected by the OS, and
499 then jump at the kernel address.
500
501 The bootloader should pass the locations of the kernel arguments and
502 environment variables tables. Those tables contain the 32-bit address
503 of NULL terminated strings. The environment variables table should be
504 terminated by a NULL address.
505
506 For a simpler implementation, the number of kernel arguments is fixed
507 to two (the name of the kernel and the command line), and the two
508 tables are actually the same one.
509
510 The registers a0 to a3 should contain the following values:
511 a0 - number of kernel arguments
512 a1 - 32-bit address of the kernel arguments table
513 a2 - 32-bit address of the environment variables table
514 a3 - RAM size in bytes
515 */
516
517 static void write_bootloader (CPUState *env, uint8_t *base,
518 int64_t kernel_entry)
519 {
520 uint32_t *p;
521
522 /* Small bootloader */
523 p = (uint32_t *)base;
524 stl_raw(p++, 0x0bf00160); /* j 0x1fc00580 */
525 stl_raw(p++, 0x00000000); /* nop */
526
527 /* YAMON service vector */
528 stl_raw(base + 0x500, 0xbfc00580); /* start: */
529 stl_raw(base + 0x504, 0xbfc0083c); /* print_count: */
530 stl_raw(base + 0x520, 0xbfc00580); /* start: */
531 stl_raw(base + 0x52c, 0xbfc00800); /* flush_cache: */
532 stl_raw(base + 0x534, 0xbfc00808); /* print: */
533 stl_raw(base + 0x538, 0xbfc00800); /* reg_cpu_isr: */
534 stl_raw(base + 0x53c, 0xbfc00800); /* unred_cpu_isr: */
535 stl_raw(base + 0x540, 0xbfc00800); /* reg_ic_isr: */
536 stl_raw(base + 0x544, 0xbfc00800); /* unred_ic_isr: */
537 stl_raw(base + 0x548, 0xbfc00800); /* reg_esr: */
538 stl_raw(base + 0x54c, 0xbfc00800); /* unreg_esr: */
539 stl_raw(base + 0x550, 0xbfc00800); /* getchar: */
540 stl_raw(base + 0x554, 0xbfc00800); /* syscon_read: */
541
542
543 /* Second part of the bootloader */
544 p = (uint32_t *) (base + 0x580);
545 stl_raw(p++, 0x24040002); /* addiu a0, zero, 2 */
546 stl_raw(p++, 0x3c1d0000 | (((ENVP_ADDR - 64) >> 16) & 0xffff)); /* lui sp, high(ENVP_ADDR) */
547 stl_raw(p++, 0x37bd0000 | ((ENVP_ADDR - 64) & 0xffff)); /* ori sp, sp, low(ENVP_ADDR) */
548 stl_raw(p++, 0x3c050000 | ((ENVP_ADDR >> 16) & 0xffff)); /* lui a1, high(ENVP_ADDR) */
549 stl_raw(p++, 0x34a50000 | (ENVP_ADDR & 0xffff)); /* ori a1, a1, low(ENVP_ADDR) */
550 stl_raw(p++, 0x3c060000 | (((ENVP_ADDR + 8) >> 16) & 0xffff)); /* lui a2, high(ENVP_ADDR + 8) */
551 stl_raw(p++, 0x34c60000 | ((ENVP_ADDR + 8) & 0xffff)); /* ori a2, a2, low(ENVP_ADDR + 8) */
552 stl_raw(p++, 0x3c070000 | (loaderparams.ram_size >> 16)); /* lui a3, high(ram_size) */
553 stl_raw(p++, 0x34e70000 | (loaderparams.ram_size & 0xffff)); /* ori a3, a3, low(ram_size) */
554
555 /* Load BAR registers as done by YAMON */
556 stl_raw(p++, 0x3c09b400); /* lui t1, 0xb400 */
557
558 #ifdef TARGET_WORDS_BIGENDIAN
559 stl_raw(p++, 0x3c08df00); /* lui t0, 0xdf00 */
560 #else
561 stl_raw(p++, 0x340800df); /* ori t0, r0, 0x00df */
562 #endif
563 stl_raw(p++, 0xad280068); /* sw t0, 0x0068(t1) */
564
565 stl_raw(p++, 0x3c09bbe0); /* lui t1, 0xbbe0 */
566
567 #ifdef TARGET_WORDS_BIGENDIAN
568 stl_raw(p++, 0x3c08c000); /* lui t0, 0xc000 */
569 #else
570 stl_raw(p++, 0x340800c0); /* ori t0, r0, 0x00c0 */
571 #endif
572 stl_raw(p++, 0xad280048); /* sw t0, 0x0048(t1) */
573 #ifdef TARGET_WORDS_BIGENDIAN
574 stl_raw(p++, 0x3c084000); /* lui t0, 0x4000 */
575 #else
576 stl_raw(p++, 0x34080040); /* ori t0, r0, 0x0040 */
577 #endif
578 stl_raw(p++, 0xad280050); /* sw t0, 0x0050(t1) */
579
580 #ifdef TARGET_WORDS_BIGENDIAN
581 stl_raw(p++, 0x3c088000); /* lui t0, 0x8000 */
582 #else
583 stl_raw(p++, 0x34080080); /* ori t0, r0, 0x0080 */
584 #endif
585 stl_raw(p++, 0xad280058); /* sw t0, 0x0058(t1) */
586 #ifdef TARGET_WORDS_BIGENDIAN
587 stl_raw(p++, 0x3c083f00); /* lui t0, 0x3f00 */
588 #else
589 stl_raw(p++, 0x3408003f); /* ori t0, r0, 0x003f */
590 #endif
591 stl_raw(p++, 0xad280060); /* sw t0, 0x0060(t1) */
592
593 #ifdef TARGET_WORDS_BIGENDIAN
594 stl_raw(p++, 0x3c08c100); /* lui t0, 0xc100 */
595 #else
596 stl_raw(p++, 0x340800c1); /* ori t0, r0, 0x00c1 */
597 #endif
598 stl_raw(p++, 0xad280080); /* sw t0, 0x0080(t1) */
599 #ifdef TARGET_WORDS_BIGENDIAN
600 stl_raw(p++, 0x3c085e00); /* lui t0, 0x5e00 */
601 #else
602 stl_raw(p++, 0x3408005e); /* ori t0, r0, 0x005e */
603 #endif
604 stl_raw(p++, 0xad280088); /* sw t0, 0x0088(t1) */
605
606 /* Jump to kernel code */
607 stl_raw(p++, 0x3c1f0000 | ((kernel_entry >> 16) & 0xffff)); /* lui ra, high(kernel_entry) */
608 stl_raw(p++, 0x37ff0000 | (kernel_entry & 0xffff)); /* ori ra, ra, low(kernel_entry) */
609 stl_raw(p++, 0x03e00008); /* jr ra */
610 stl_raw(p++, 0x00000000); /* nop */
611
612 /* YAMON subroutines */
613 p = (uint32_t *) (base + 0x800);
614 stl_raw(p++, 0x03e00008); /* jr ra */
615 stl_raw(p++, 0x24020000); /* li v0,0 */
616 /* 808 YAMON print */
617 stl_raw(p++, 0x03e06821); /* move t5,ra */
618 stl_raw(p++, 0x00805821); /* move t3,a0 */
619 stl_raw(p++, 0x00a05021); /* move t2,a1 */
620 stl_raw(p++, 0x91440000); /* lbu a0,0(t2) */
621 stl_raw(p++, 0x254a0001); /* addiu t2,t2,1 */
622 stl_raw(p++, 0x10800005); /* beqz a0,834 */
623 stl_raw(p++, 0x00000000); /* nop */
624 stl_raw(p++, 0x0ff0021c); /* jal 870 */
625 stl_raw(p++, 0x00000000); /* nop */
626 stl_raw(p++, 0x08000205); /* j 814 */
627 stl_raw(p++, 0x00000000); /* nop */
628 stl_raw(p++, 0x01a00008); /* jr t5 */
629 stl_raw(p++, 0x01602021); /* move a0,t3 */
630 /* 0x83c YAMON print_count */
631 stl_raw(p++, 0x03e06821); /* move t5,ra */
632 stl_raw(p++, 0x00805821); /* move t3,a0 */
633 stl_raw(p++, 0x00a05021); /* move t2,a1 */
634 stl_raw(p++, 0x00c06021); /* move t4,a2 */
635 stl_raw(p++, 0x91440000); /* lbu a0,0(t2) */
636 stl_raw(p++, 0x0ff0021c); /* jal 870 */
637 stl_raw(p++, 0x00000000); /* nop */
638 stl_raw(p++, 0x254a0001); /* addiu t2,t2,1 */
639 stl_raw(p++, 0x258cffff); /* addiu t4,t4,-1 */
640 stl_raw(p++, 0x1580fffa); /* bnez t4,84c */
641 stl_raw(p++, 0x00000000); /* nop */
642 stl_raw(p++, 0x01a00008); /* jr t5 */
643 stl_raw(p++, 0x01602021); /* move a0,t3 */
644 /* 0x870 */
645 stl_raw(p++, 0x3c08b800); /* lui t0,0xb400 */
646 stl_raw(p++, 0x350803f8); /* ori t0,t0,0x3f8 */
647 stl_raw(p++, 0x91090005); /* lbu t1,5(t0) */
648 stl_raw(p++, 0x00000000); /* nop */
649 stl_raw(p++, 0x31290040); /* andi t1,t1,0x40 */
650 stl_raw(p++, 0x1120fffc); /* beqz t1,878 <outch+0x8> */
651 stl_raw(p++, 0x00000000); /* nop */
652 stl_raw(p++, 0x03e00008); /* jr ra */
653 stl_raw(p++, 0xa1040000); /* sb a0,0(t0) */
654
655 }
656
657 static void GCC_FMT_ATTR(3, 4) prom_set(uint32_t* prom_buf, int index,
658 const char *string, ...)
659 {
660 va_list ap;
661 int32_t table_addr;
662
663 if (index >= ENVP_NB_ENTRIES)
664 return;
665
666 if (string == NULL) {
667 prom_buf[index] = 0;
668 return;
669 }
670
671 table_addr = sizeof(int32_t) * ENVP_NB_ENTRIES + index * ENVP_ENTRY_SIZE;
672 prom_buf[index] = tswap32(ENVP_ADDR + table_addr);
673
674 va_start(ap, string);
675 vsnprintf((char *)prom_buf + table_addr, ENVP_ENTRY_SIZE, string, ap);
676 va_end(ap);
677 }
678
679 /* Kernel */
680 static int64_t load_kernel (void)
681 {
682 int64_t kernel_entry, kernel_high;
683 long initrd_size;
684 ram_addr_t initrd_offset;
685 int big_endian;
686 uint32_t *prom_buf;
687 long prom_size;
688 int prom_index = 0;
689
690 #ifdef TARGET_WORDS_BIGENDIAN
691 big_endian = 1;
692 #else
693 big_endian = 0;
694 #endif
695
696 if (load_elf(loaderparams.kernel_filename, cpu_mips_kseg0_to_phys, NULL,
697 (uint64_t *)&kernel_entry, NULL, (uint64_t *)&kernel_high,
698 big_endian, ELF_MACHINE, 1) < 0) {
699 fprintf(stderr, "qemu: could not load kernel '%s'\n",
700 loaderparams.kernel_filename);
701 exit(1);
702 }
703
704 /* load initrd */
705 initrd_size = 0;
706 initrd_offset = 0;
707 if (loaderparams.initrd_filename) {
708 initrd_size = get_image_size (loaderparams.initrd_filename);
709 if (initrd_size > 0) {
710 initrd_offset = (kernel_high + ~TARGET_PAGE_MASK) & TARGET_PAGE_MASK;
711 if (initrd_offset + initrd_size > ram_size) {
712 fprintf(stderr,
713 "qemu: memory too small for initial ram disk '%s'\n",
714 loaderparams.initrd_filename);
715 exit(1);
716 }
717 initrd_size = load_image_targphys(loaderparams.initrd_filename,
718 initrd_offset,
719 ram_size - initrd_offset);
720 }
721 if (initrd_size == (target_ulong) -1) {
722 fprintf(stderr, "qemu: could not load initial ram disk '%s'\n",
723 loaderparams.initrd_filename);
724 exit(1);
725 }
726 }
727
728 /* Setup prom parameters. */
729 prom_size = ENVP_NB_ENTRIES * (sizeof(int32_t) + ENVP_ENTRY_SIZE);
730 prom_buf = qemu_malloc(prom_size);
731
732 prom_set(prom_buf, prom_index++, "%s", loaderparams.kernel_filename);
733 if (initrd_size > 0) {
734 prom_set(prom_buf, prom_index++, "rd_start=0x%" PRIx64 " rd_size=%li %s",
735 cpu_mips_phys_to_kseg0(NULL, initrd_offset), initrd_size,
736 loaderparams.kernel_cmdline);
737 } else {
738 prom_set(prom_buf, prom_index++, "%s", loaderparams.kernel_cmdline);
739 }
740
741 prom_set(prom_buf, prom_index++, "memsize");
742 prom_set(prom_buf, prom_index++, "%i", loaderparams.ram_size);
743 prom_set(prom_buf, prom_index++, "modetty0");
744 prom_set(prom_buf, prom_index++, "38400n8r");
745 prom_set(prom_buf, prom_index++, NULL);
746
747 rom_add_blob_fixed("prom", prom_buf, prom_size,
748 cpu_mips_kseg0_to_phys(NULL, ENVP_ADDR));
749
750 return kernel_entry;
751 }
752
753 static void main_cpu_reset(void *opaque)
754 {
755 CPUState *env = opaque;
756 cpu_reset(env);
757
758 /* The bootloader does not need to be rewritten as it is located in a
759 read only location. The kernel location and the arguments table
760 location does not change. */
761 if (loaderparams.kernel_filename) {
762 env->CP0_Status &= ~((1 << CP0St_BEV) | (1 << CP0St_ERL));
763 }
764 }
765
766 static void cpu_request_exit(void *opaque, int irq, int level)
767 {
768 CPUState *env = cpu_single_env;
769
770 if (env && level) {
771 cpu_exit(env);
772 }
773 }
774
775 static
776 void mips_malta_init (ram_addr_t ram_size,
777 const char *boot_device,
778 const char *kernel_filename, const char *kernel_cmdline,
779 const char *initrd_filename, const char *cpu_model)
780 {
781 char *filename;
782 ram_addr_t ram_offset;
783 ram_addr_t bios_offset;
784 target_long bios_size;
785 int64_t kernel_entry;
786 PCIBus *pci_bus;
787 CPUState *env;
788 qemu_irq *i8259;
789 qemu_irq *cpu_exit_irq;
790 int piix4_devfn;
791 uint8_t *eeprom_buf;
792 i2c_bus *smbus;
793 int i;
794 DriveInfo *dinfo;
795 DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
796 DriveInfo *fd[MAX_FD];
797 int fl_idx = 0;
798 int fl_sectors = 0;
799 int be;
800
801 /* Make sure the first 3 serial ports are associated with a device. */
802 for(i = 0; i < 3; i++) {
803 if (!serial_hds[i]) {
804 char label[32];
805 snprintf(label, sizeof(label), "serial%d", i);
806 serial_hds[i] = qemu_chr_open(label, "null", NULL);
807 }
808 }
809
810 /* init CPUs */
811 if (cpu_model == NULL) {
812 #ifdef TARGET_MIPS64
813 cpu_model = "20Kc";
814 #else
815 cpu_model = "24Kf";
816 #endif
817 }
818 env = cpu_init(cpu_model);
819 if (!env) {
820 fprintf(stderr, "Unable to find CPU definition\n");
821 exit(1);
822 }
823 qemu_register_reset(main_cpu_reset, env);
824
825 /* allocate RAM */
826 if (ram_size > (256 << 20)) {
827 fprintf(stderr,
828 "qemu: Too much memory for this machine: %d MB, maximum 256 MB\n",
829 ((unsigned int)ram_size / (1 << 20)));
830 exit(1);
831 }
832 ram_offset = qemu_ram_alloc(NULL, "mips_malta.ram", ram_size);
833 bios_offset = qemu_ram_alloc(NULL, "mips_malta.bios", BIOS_SIZE);
834
835
836 cpu_register_physical_memory(0, ram_size, ram_offset | IO_MEM_RAM);
837
838 /* Map the bios at two physical locations, as on the real board. */
839 cpu_register_physical_memory(0x1e000000LL,
840 BIOS_SIZE, bios_offset | IO_MEM_ROM);
841 cpu_register_physical_memory(0x1fc00000LL,
842 BIOS_SIZE, bios_offset | IO_MEM_ROM);
843
844 #ifdef TARGET_WORDS_BIGENDIAN
845 be = 1;
846 #else
847 be = 0;
848 #endif
849 /* FPGA */
850 malta_fpga_init(0x1f000000LL, env->irq[2], serial_hds[2]);
851
852 /* Load firmware in flash / BIOS unless we boot directly into a kernel. */
853 if (kernel_filename) {
854 /* Write a small bootloader to the flash location. */
855 loaderparams.ram_size = ram_size;
856 loaderparams.kernel_filename = kernel_filename;
857 loaderparams.kernel_cmdline = kernel_cmdline;
858 loaderparams.initrd_filename = initrd_filename;
859 kernel_entry = load_kernel();
860 write_bootloader(env, qemu_get_ram_ptr(bios_offset), kernel_entry);
861 } else {
862 dinfo = drive_get(IF_PFLASH, 0, fl_idx);
863 if (dinfo) {
864 /* Load firmware from flash. */
865 bios_size = 0x400000;
866 fl_sectors = bios_size >> 16;
867 #ifdef DEBUG_BOARD_INIT
868 printf("Register parallel flash %d size " TARGET_FMT_lx " at "
869 "offset %08lx addr %08llx '%s' %x\n",
870 fl_idx, bios_size, bios_offset, 0x1e000000LL,
871 bdrv_get_device_name(dinfo->bdrv), fl_sectors);
872 #endif
873 pflash_cfi01_register(0x1e000000LL, bios_offset,
874 dinfo->bdrv, 65536, fl_sectors,
875 4, 0x0000, 0x0000, 0x0000, 0x0000, be);
876 fl_idx++;
877 } else {
878 /* Load a BIOS image. */
879 if (bios_name == NULL)
880 bios_name = BIOS_FILENAME;
881 filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
882 if (filename) {
883 bios_size = load_image_targphys(filename, 0x1fc00000LL,
884 BIOS_SIZE);
885 qemu_free(filename);
886 } else {
887 bios_size = -1;
888 }
889 if ((bios_size < 0 || bios_size > BIOS_SIZE) && !kernel_filename) {
890 fprintf(stderr,
891 "qemu: Could not load MIPS bios '%s', and no -kernel argument was specified\n",
892 bios_name);
893 exit(1);
894 }
895 }
896 /* In little endian mode the 32bit words in the bios are swapped,
897 a neat trick which allows bi-endian firmware. */
898 #ifndef TARGET_WORDS_BIGENDIAN
899 {
900 uint32_t *addr = qemu_get_ram_ptr(bios_offset);;
901 uint32_t *end = addr + bios_size;
902 while (addr < end) {
903 bswap32s(addr);
904 }
905 }
906 #endif
907 }
908
909 /* Board ID = 0x420 (Malta Board with CoreLV)
910 XXX: theoretically 0x1e000010 should map to flash and 0x1fc00010 should
911 map to the board ID. */
912 stl_phys(0x1fc00010LL, 0x00000420);
913
914 /* Init internal devices */
915 cpu_mips_irq_init_cpu(env);
916 cpu_mips_clock_init(env);
917
918 /* Interrupt controller */
919 /* The 8259 is attached to the MIPS CPU INT0 pin, ie interrupt 2 */
920 i8259 = i8259_init(env->irq[2]);
921
922 /* Northbridge */
923 pci_bus = pci_gt64120_init(i8259);
924
925 /* Southbridge */
926
927 if (drive_get_max_bus(IF_IDE) >= MAX_IDE_BUS) {
928 fprintf(stderr, "qemu: too many IDE bus\n");
929 exit(1);
930 }
931
932 for(i = 0; i < MAX_IDE_BUS * MAX_IDE_DEVS; i++) {
933 hd[i] = drive_get(IF_IDE, i / MAX_IDE_DEVS, i % MAX_IDE_DEVS);
934 }
935
936 piix4_devfn = piix4_init(pci_bus, 80);
937 isa_bus_irqs(i8259);
938 pci_piix4_ide_init(pci_bus, hd, piix4_devfn + 1);
939 usb_uhci_piix4_init(pci_bus, piix4_devfn + 2);
940 smbus = piix4_pm_init(pci_bus, piix4_devfn + 3, 0x1100, isa_reserve_irq(9),
941 NULL, NULL, 0);
942 eeprom_buf = qemu_mallocz(8 * 256); /* XXX: make this persistent */
943 for (i = 0; i < 8; i++) {
944 /* TODO: Populate SPD eeprom data. */
945 DeviceState *eeprom;
946 eeprom = qdev_create((BusState *)smbus, "smbus-eeprom");
947 qdev_prop_set_uint8(eeprom, "address", 0x50 + i);
948 qdev_prop_set_ptr(eeprom, "data", eeprom_buf + (i * 256));
949 qdev_init_nofail(eeprom);
950 }
951 pit = pit_init(0x40, isa_reserve_irq(0));
952 cpu_exit_irq = qemu_allocate_irqs(cpu_request_exit, NULL, 1);
953 DMA_init(0, cpu_exit_irq);
954
955 /* Super I/O */
956 isa_create_simple("i8042");
957
958 rtc_init(2000, NULL);
959 serial_isa_init(0, serial_hds[0]);
960 serial_isa_init(1, serial_hds[1]);
961 if (parallel_hds[0])
962 parallel_init(0, parallel_hds[0]);
963 for(i = 0; i < MAX_FD; i++) {
964 fd[i] = drive_get(IF_FLOPPY, 0, i);
965 }
966 fdctrl_init_isa(fd);
967
968 /* Sound card */
969 audio_init(pci_bus);
970
971 /* Network card */
972 network_init();
973
974 /* Optional PCI video card */
975 if (cirrus_vga_enabled) {
976 pci_cirrus_vga_init(pci_bus);
977 } else if (vmsvga_enabled) {
978 pci_vmsvga_init(pci_bus);
979 } else if (std_vga_enabled) {
980 pci_vga_init(pci_bus);
981 }
982 }
983
984 static QEMUMachine mips_malta_machine = {
985 .name = "malta",
986 .desc = "MIPS Malta Core LV",
987 .init = mips_malta_init,
988 .is_default = 1,
989 };
990
991 static void mips_malta_machine_init(void)
992 {
993 qemu_register_machine(&mips_malta_machine);
994 }
995
996 machine_init(mips_malta_machine_init);
AR7 emulation for QEMU