2 * QEMU Malta board support
4 * Copyright (c) 2006 Aurelien Jarno
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
25 #include "qemu/osdep.h"
27 #include "hw/i386/pc.h"
28 #include "hw/char/serial.h"
29 #include "hw/block/fdc.h"
31 #include "hw/boards.h"
32 #include "hw/i2c/smbus.h"
33 #include "sysemu/block-backend.h"
34 #include "hw/block/flash.h"
35 #include "hw/mips/mips.h"
36 #include "hw/mips/cpudevs.h"
37 #include "hw/pci/pci.h"
38 #include "sysemu/char.h"
39 #include "sysemu/sysemu.h"
40 #include "sysemu/arch_init.h"
42 #include "hw/mips/bios.h"
44 #include "hw/loader.h"
46 #include "hw/timer/mc146818rtc.h"
47 #include "hw/timer/i8254.h"
48 #include "sysemu/block-backend.h"
49 #include "sysemu/blockdev.h"
50 #include "exec/address-spaces.h"
51 #include "hw/sysbus.h" /* SysBusDevice */
52 #include "qemu/host-utils.h"
53 #include "sysemu/qtest.h"
54 #include "qemu/error-report.h"
55 #include "hw/empty_slot.h"
56 #include "sysemu/kvm.h"
57 #include "exec/semihost.h"
59 //#define DEBUG_BOARD_INIT
61 #define ENVP_ADDR 0x80002000l
62 #define ENVP_NB_ENTRIES 16
63 #define ENVP_ENTRY_SIZE 256
65 /* Hardware addresses */
66 #define FLASH_ADDRESS 0x1e000000ULL
67 #define FPGA_ADDRESS 0x1f000000ULL
68 #define RESET_ADDRESS 0x1fc00000ULL
70 #define FLASH_SIZE 0x400000
76 MemoryRegion iomem_lo
; /* 0 - 0x900 */
77 MemoryRegion iomem_hi
; /* 0xa00 - 0x100000 */
85 CharDriverState
*display
;
90 #define TYPE_MIPS_MALTA "mips-malta"
91 #define MIPS_MALTA(obj) OBJECT_CHECK(MaltaState, (obj), TYPE_MIPS_MALTA)
94 SysBusDevice parent_obj
;
99 static ISADevice
*pit
;
101 static struct _loaderparams
{
102 int ram_size
, ram_low_size
;
103 const char *kernel_filename
;
104 const char *kernel_cmdline
;
105 const char *initrd_filename
;
109 static void malta_fpga_update_display(void *opaque
)
113 MaltaFPGAState
*s
= opaque
;
115 for (i
= 7 ; i
>= 0 ; i
--) {
116 if (s
->leds
& (1 << i
))
123 qemu_chr_fe_printf(s
->display
, "\e[H\n\n|\e[32m%-8.8s\e[00m|\r\n", leds_text
);
124 qemu_chr_fe_printf(s
->display
, "\n\n\n\n|\e[31m%-8.8s\e[00m|", s
->display_text
);
128 * EEPROM 24C01 / 24C02 emulation.
130 * Emulation for serial EEPROMs:
131 * 24C01 - 1024 bit (128 x 8)
132 * 24C02 - 2048 bit (256 x 8)
134 * Typical device names include Microchip 24C02SC or SGS Thomson ST24C02.
140 # define logout(fmt, ...) fprintf(stderr, "MALTA\t%-24s" fmt, __func__, ## __VA_ARGS__)
142 # define logout(fmt, ...) ((void)0)
145 struct _eeprom24c0x_t
{
154 uint8_t contents
[256];
157 typedef struct _eeprom24c0x_t eeprom24c0x_t
;
159 static eeprom24c0x_t spd_eeprom
= {
161 /* 00000000: */ 0x80,0x08,0xFF,0x0D,0x0A,0xFF,0x40,0x00,
162 /* 00000008: */ 0x01,0x75,0x54,0x00,0x82,0x08,0x00,0x01,
163 /* 00000010: */ 0x8F,0x04,0x02,0x01,0x01,0x00,0x00,0x00,
164 /* 00000018: */ 0x00,0x00,0x00,0x14,0x0F,0x14,0x2D,0xFF,
165 /* 00000020: */ 0x15,0x08,0x15,0x08,0x00,0x00,0x00,0x00,
166 /* 00000028: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
167 /* 00000030: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
168 /* 00000038: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x12,0xD0,
169 /* 00000040: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
170 /* 00000048: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
171 /* 00000050: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
172 /* 00000058: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
173 /* 00000060: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
174 /* 00000068: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
175 /* 00000070: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
176 /* 00000078: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x64,0xF4,
180 static void generate_eeprom_spd(uint8_t *eeprom
, ram_addr_t ram_size
)
182 enum { SDR
= 0x4, DDR2
= 0x8 } type
;
183 uint8_t *spd
= spd_eeprom
.contents
;
185 uint16_t density
= 0;
188 /* work in terms of MB */
191 while ((ram_size
>= 4) && (nbanks
<= 2)) {
192 int sz_log2
= MIN(31 - clz32(ram_size
), 14);
194 density
|= 1 << (sz_log2
- 2);
195 ram_size
-= 1 << sz_log2
;
198 /* split to 2 banks if possible */
199 if ((nbanks
== 1) && (density
> 1)) {
204 if (density
& 0xff00) {
205 density
= (density
& 0xe0) | ((density
>> 8) & 0x1f);
207 } else if (!(density
& 0x1f)) {
214 fprintf(stderr
, "Warning: SPD cannot represent final %dMB"
215 " of SDRAM\n", (int)ram_size
);
218 /* fill in SPD memory information */
225 for (i
= 0; i
< 63; i
++) {
230 memcpy(eeprom
, spd
, sizeof(spd_eeprom
.contents
));
233 static void generate_eeprom_serial(uint8_t *eeprom
)
236 uint8_t mac
[6] = { 0x00 };
237 uint8_t sn
[5] = { 0x01, 0x23, 0x45, 0x67, 0x89 };
240 eeprom
[pos
++] = 0x01;
243 eeprom
[pos
++] = 0x02;
246 eeprom
[pos
++] = 0x01; /* MAC */
247 eeprom
[pos
++] = 0x06; /* length */
248 memcpy(&eeprom
[pos
], mac
, sizeof(mac
));
252 eeprom
[pos
++] = 0x02; /* serial */
253 eeprom
[pos
++] = 0x05; /* length */
254 memcpy(&eeprom
[pos
], sn
, sizeof(sn
));
259 for (i
= 0; i
< pos
; i
++) {
260 eeprom
[pos
] += eeprom
[i
];
264 static uint8_t eeprom24c0x_read(eeprom24c0x_t
*eeprom
)
266 logout("%u: scl = %u, sda = %u, data = 0x%02x\n",
267 eeprom
->tick
, eeprom
->scl
, eeprom
->sda
, eeprom
->data
);
271 static void eeprom24c0x_write(eeprom24c0x_t
*eeprom
, int scl
, int sda
)
273 if (eeprom
->scl
&& scl
&& (eeprom
->sda
!= sda
)) {
274 logout("%u: scl = %u->%u, sda = %u->%u i2c %s\n",
275 eeprom
->tick
, eeprom
->scl
, scl
, eeprom
->sda
, sda
,
276 sda
? "stop" : "start");
281 } else if (eeprom
->tick
== 0 && !eeprom
->ack
) {
282 /* Waiting for start. */
283 logout("%u: scl = %u->%u, sda = %u->%u wait for i2c start\n",
284 eeprom
->tick
, eeprom
->scl
, scl
, eeprom
->sda
, sda
);
285 } else if (!eeprom
->scl
&& scl
) {
286 logout("%u: scl = %u->%u, sda = %u->%u trigger bit\n",
287 eeprom
->tick
, eeprom
->scl
, scl
, eeprom
->sda
, sda
);
289 logout("\ti2c ack bit = 0\n");
292 } else if (eeprom
->sda
== sda
) {
293 uint8_t bit
= (sda
!= 0);
294 logout("\ti2c bit = %d\n", bit
);
295 if (eeprom
->tick
< 9) {
296 eeprom
->command
<<= 1;
297 eeprom
->command
+= bit
;
299 if (eeprom
->tick
== 9) {
300 logout("\tcommand 0x%04x, %s\n", eeprom
->command
,
301 bit
? "read" : "write");
304 } else if (eeprom
->tick
< 17) {
305 if (eeprom
->command
& 1) {
306 sda
= ((eeprom
->data
& 0x80) != 0);
308 eeprom
->address
<<= 1;
309 eeprom
->address
+= bit
;
312 if (eeprom
->tick
== 17) {
313 eeprom
->data
= eeprom
->contents
[eeprom
->address
];
314 logout("\taddress 0x%04x, data 0x%02x\n",
315 eeprom
->address
, eeprom
->data
);
319 } else if (eeprom
->tick
>= 17) {
323 logout("\tsda changed with raising scl\n");
326 logout("%u: scl = %u->%u, sda = %u->%u\n", eeprom
->tick
, eeprom
->scl
,
327 scl
, eeprom
->sda
, sda
);
333 static uint64_t malta_fpga_read(void *opaque
, hwaddr addr
,
336 MaltaFPGAState
*s
= opaque
;
340 saddr
= (addr
& 0xfffff);
344 /* SWITCH Register */
346 val
= 0x00000000; /* All switches closed */
349 /* STATUS Register */
351 #ifdef TARGET_WORDS_BIGENDIAN
363 /* LEDBAR Register */
368 /* BRKRES Register */
373 /* UART Registers are handled directly by the serial device */
380 /* XXX: implement a real I2C controller */
384 /* IN = OUT until a real I2C control is implemented */
391 /* I2CINP Register */
393 val
= ((s
->i2cin
& ~1) | eeprom24c0x_read(&spd_eeprom
));
401 /* I2COUT Register */
406 /* I2CSEL Register */
413 printf ("malta_fpga_read: Bad register offset 0x" TARGET_FMT_lx
"\n",
421 static void malta_fpga_write(void *opaque
, hwaddr addr
,
422 uint64_t val
, unsigned size
)
424 MaltaFPGAState
*s
= opaque
;
427 saddr
= (addr
& 0xfffff);
431 /* SWITCH Register */
439 /* LEDBAR Register */
441 s
->leds
= val
& 0xff;
442 malta_fpga_update_display(s
);
445 /* ASCIIWORD Register */
447 snprintf(s
->display_text
, 9, "%08X", (uint32_t)val
);
448 malta_fpga_update_display(s
);
451 /* ASCIIPOS0 to ASCIIPOS7 Registers */
460 s
->display_text
[(saddr
- 0x00418) >> 3] = (char) val
;
461 malta_fpga_update_display(s
);
464 /* SOFTRES Register */
467 qemu_system_reset_request ();
470 /* BRKRES Register */
475 /* UART Registers are handled directly by the serial device */
479 s
->gpout
= val
& 0xff;
484 s
->i2coe
= val
& 0x03;
487 /* I2COUT Register */
489 eeprom24c0x_write(&spd_eeprom
, val
& 0x02, val
& 0x01);
493 /* I2CSEL Register */
495 s
->i2csel
= val
& 0x01;
500 printf ("malta_fpga_write: Bad register offset 0x" TARGET_FMT_lx
"\n",
507 static const MemoryRegionOps malta_fpga_ops
= {
508 .read
= malta_fpga_read
,
509 .write
= malta_fpga_write
,
510 .endianness
= DEVICE_NATIVE_ENDIAN
,
513 static void malta_fpga_reset(void *opaque
)
515 MaltaFPGAState
*s
= opaque
;
525 s
->display_text
[8] = '\0';
526 snprintf(s
->display_text
, 9, " ");
529 static void malta_fpga_led_init(CharDriverState
*chr
)
531 qemu_chr_fe_printf(chr
, "\e[HMalta LEDBAR\r\n");
532 qemu_chr_fe_printf(chr
, "+--------+\r\n");
533 qemu_chr_fe_printf(chr
, "+ +\r\n");
534 qemu_chr_fe_printf(chr
, "+--------+\r\n");
535 qemu_chr_fe_printf(chr
, "\n");
536 qemu_chr_fe_printf(chr
, "Malta ASCII\r\n");
537 qemu_chr_fe_printf(chr
, "+--------+\r\n");
538 qemu_chr_fe_printf(chr
, "+ +\r\n");
539 qemu_chr_fe_printf(chr
, "+--------+\r\n");
542 static MaltaFPGAState
*malta_fpga_init(MemoryRegion
*address_space
,
543 hwaddr base
, qemu_irq uart_irq
, CharDriverState
*uart_chr
)
547 s
= (MaltaFPGAState
*)g_malloc0(sizeof(MaltaFPGAState
));
549 memory_region_init_io(&s
->iomem
, NULL
, &malta_fpga_ops
, s
,
550 "malta-fpga", 0x100000);
551 memory_region_init_alias(&s
->iomem_lo
, NULL
, "malta-fpga",
552 &s
->iomem
, 0, 0x900);
553 memory_region_init_alias(&s
->iomem_hi
, NULL
, "malta-fpga",
554 &s
->iomem
, 0xa00, 0x10000-0xa00);
556 memory_region_add_subregion(address_space
, base
, &s
->iomem_lo
);
557 memory_region_add_subregion(address_space
, base
+ 0xa00, &s
->iomem_hi
);
559 s
->display
= qemu_chr_new("fpga", "vc:320x200", malta_fpga_led_init
);
561 s
->uart
= serial_mm_init(address_space
, base
+ 0x900, 3, uart_irq
,
562 230400, uart_chr
, DEVICE_NATIVE_ENDIAN
);
565 qemu_register_reset(malta_fpga_reset
, s
);
570 /* Network support */
571 static void network_init(PCIBus
*pci_bus
)
575 for(i
= 0; i
< nb_nics
; i
++) {
576 NICInfo
*nd
= &nd_table
[i
];
577 const char *default_devaddr
= NULL
;
579 if (i
== 0 && (!nd
->model
|| strcmp(nd
->model
, "pcnet") == 0))
580 /* The malta board has a PCNet card using PCI SLOT 11 */
581 default_devaddr
= "0b";
583 pci_nic_init_nofail(nd
, pci_bus
, "pcnet", default_devaddr
);
587 /* ROM and pseudo bootloader
589 The following code implements a very very simple bootloader. It first
590 loads the registers a0 to a3 to the values expected by the OS, and
591 then jump at the kernel address.
593 The bootloader should pass the locations of the kernel arguments and
594 environment variables tables. Those tables contain the 32-bit address
595 of NULL terminated strings. The environment variables table should be
596 terminated by a NULL address.
598 For a simpler implementation, the number of kernel arguments is fixed
599 to two (the name of the kernel and the command line), and the two
600 tables are actually the same one.
602 The registers a0 to a3 should contain the following values:
603 a0 - number of kernel arguments
604 a1 - 32-bit address of the kernel arguments table
605 a2 - 32-bit address of the environment variables table
606 a3 - RAM size in bytes
609 static void write_bootloader (CPUMIPSState
*env
, uint8_t *base
,
610 int64_t run_addr
, int64_t kernel_entry
)
614 /* Small bootloader */
615 p
= (uint32_t *)base
;
617 stl_p(p
++, 0x08000000 | /* j 0x1fc00580 */
618 ((run_addr
+ 0x580) & 0x0fffffff) >> 2);
619 stl_p(p
++, 0x00000000); /* nop */
621 /* YAMON service vector */
622 stl_p(base
+ 0x500, run_addr
+ 0x0580); /* start: */
623 stl_p(base
+ 0x504, run_addr
+ 0x083c); /* print_count: */
624 stl_p(base
+ 0x520, run_addr
+ 0x0580); /* start: */
625 stl_p(base
+ 0x52c, run_addr
+ 0x0800); /* flush_cache: */
626 stl_p(base
+ 0x534, run_addr
+ 0x0808); /* print: */
627 stl_p(base
+ 0x538, run_addr
+ 0x0800); /* reg_cpu_isr: */
628 stl_p(base
+ 0x53c, run_addr
+ 0x0800); /* unred_cpu_isr: */
629 stl_p(base
+ 0x540, run_addr
+ 0x0800); /* reg_ic_isr: */
630 stl_p(base
+ 0x544, run_addr
+ 0x0800); /* unred_ic_isr: */
631 stl_p(base
+ 0x548, run_addr
+ 0x0800); /* reg_esr: */
632 stl_p(base
+ 0x54c, run_addr
+ 0x0800); /* unreg_esr: */
633 stl_p(base
+ 0x550, run_addr
+ 0x0800); /* getchar: */
634 stl_p(base
+ 0x554, run_addr
+ 0x0800); /* syscon_read: */
637 /* Second part of the bootloader */
638 p
= (uint32_t *) (base
+ 0x580);
640 if (semihosting_get_argc()) {
641 /* Preserve a0 content as arguments have been passed */
642 stl_p(p
++, 0x00000000); /* nop */
644 stl_p(p
++, 0x24040002); /* addiu a0, zero, 2 */
646 stl_p(p
++, 0x3c1d0000 | (((ENVP_ADDR
- 64) >> 16) & 0xffff)); /* lui sp, high(ENVP_ADDR) */
647 stl_p(p
++, 0x37bd0000 | ((ENVP_ADDR
- 64) & 0xffff)); /* ori sp, sp, low(ENVP_ADDR) */
648 stl_p(p
++, 0x3c050000 | ((ENVP_ADDR
>> 16) & 0xffff)); /* lui a1, high(ENVP_ADDR) */
649 stl_p(p
++, 0x34a50000 | (ENVP_ADDR
& 0xffff)); /* ori a1, a1, low(ENVP_ADDR) */
650 stl_p(p
++, 0x3c060000 | (((ENVP_ADDR
+ 8) >> 16) & 0xffff)); /* lui a2, high(ENVP_ADDR + 8) */
651 stl_p(p
++, 0x34c60000 | ((ENVP_ADDR
+ 8) & 0xffff)); /* ori a2, a2, low(ENVP_ADDR + 8) */
652 stl_p(p
++, 0x3c070000 | (loaderparams
.ram_low_size
>> 16)); /* lui a3, high(ram_low_size) */
653 stl_p(p
++, 0x34e70000 | (loaderparams
.ram_low_size
& 0xffff)); /* ori a3, a3, low(ram_low_size) */
655 /* Load BAR registers as done by YAMON */
656 stl_p(p
++, 0x3c09b400); /* lui t1, 0xb400 */
658 #ifdef TARGET_WORDS_BIGENDIAN
659 stl_p(p
++, 0x3c08df00); /* lui t0, 0xdf00 */
661 stl_p(p
++, 0x340800df); /* ori t0, r0, 0x00df */
663 stl_p(p
++, 0xad280068); /* sw t0, 0x0068(t1) */
665 stl_p(p
++, 0x3c09bbe0); /* lui t1, 0xbbe0 */
667 #ifdef TARGET_WORDS_BIGENDIAN
668 stl_p(p
++, 0x3c08c000); /* lui t0, 0xc000 */
670 stl_p(p
++, 0x340800c0); /* ori t0, r0, 0x00c0 */
672 stl_p(p
++, 0xad280048); /* sw t0, 0x0048(t1) */
673 #ifdef TARGET_WORDS_BIGENDIAN
674 stl_p(p
++, 0x3c084000); /* lui t0, 0x4000 */
676 stl_p(p
++, 0x34080040); /* ori t0, r0, 0x0040 */
678 stl_p(p
++, 0xad280050); /* sw t0, 0x0050(t1) */
680 #ifdef TARGET_WORDS_BIGENDIAN
681 stl_p(p
++, 0x3c088000); /* lui t0, 0x8000 */
683 stl_p(p
++, 0x34080080); /* ori t0, r0, 0x0080 */
685 stl_p(p
++, 0xad280058); /* sw t0, 0x0058(t1) */
686 #ifdef TARGET_WORDS_BIGENDIAN
687 stl_p(p
++, 0x3c083f00); /* lui t0, 0x3f00 */
689 stl_p(p
++, 0x3408003f); /* ori t0, r0, 0x003f */
691 stl_p(p
++, 0xad280060); /* sw t0, 0x0060(t1) */
693 #ifdef TARGET_WORDS_BIGENDIAN
694 stl_p(p
++, 0x3c08c100); /* lui t0, 0xc100 */
696 stl_p(p
++, 0x340800c1); /* ori t0, r0, 0x00c1 */
698 stl_p(p
++, 0xad280080); /* sw t0, 0x0080(t1) */
699 #ifdef TARGET_WORDS_BIGENDIAN
700 stl_p(p
++, 0x3c085e00); /* lui t0, 0x5e00 */
702 stl_p(p
++, 0x3408005e); /* ori t0, r0, 0x005e */
704 stl_p(p
++, 0xad280088); /* sw t0, 0x0088(t1) */
706 /* Jump to kernel code */
707 stl_p(p
++, 0x3c1f0000 | ((kernel_entry
>> 16) & 0xffff)); /* lui ra, high(kernel_entry) */
708 stl_p(p
++, 0x37ff0000 | (kernel_entry
& 0xffff)); /* ori ra, ra, low(kernel_entry) */
709 stl_p(p
++, 0x03e00009); /* jalr ra */
710 stl_p(p
++, 0x00000000); /* nop */
712 /* YAMON subroutines */
713 p
= (uint32_t *) (base
+ 0x800);
714 stl_p(p
++, 0x03e00009); /* jalr ra */
715 stl_p(p
++, 0x24020000); /* li v0,0 */
716 /* 808 YAMON print */
717 stl_p(p
++, 0x03e06821); /* move t5,ra */
718 stl_p(p
++, 0x00805821); /* move t3,a0 */
719 stl_p(p
++, 0x00a05021); /* move t2,a1 */
720 stl_p(p
++, 0x91440000); /* lbu a0,0(t2) */
721 stl_p(p
++, 0x254a0001); /* addiu t2,t2,1 */
722 stl_p(p
++, 0x10800005); /* beqz a0,834 */
723 stl_p(p
++, 0x00000000); /* nop */
724 stl_p(p
++, 0x0ff0021c); /* jal 870 */
725 stl_p(p
++, 0x00000000); /* nop */
726 stl_p(p
++, 0x08000205); /* j 814 */
727 stl_p(p
++, 0x00000000); /* nop */
728 stl_p(p
++, 0x01a00009); /* jalr t5 */
729 stl_p(p
++, 0x01602021); /* move a0,t3 */
730 /* 0x83c YAMON print_count */
731 stl_p(p
++, 0x03e06821); /* move t5,ra */
732 stl_p(p
++, 0x00805821); /* move t3,a0 */
733 stl_p(p
++, 0x00a05021); /* move t2,a1 */
734 stl_p(p
++, 0x00c06021); /* move t4,a2 */
735 stl_p(p
++, 0x91440000); /* lbu a0,0(t2) */
736 stl_p(p
++, 0x0ff0021c); /* jal 870 */
737 stl_p(p
++, 0x00000000); /* nop */
738 stl_p(p
++, 0x254a0001); /* addiu t2,t2,1 */
739 stl_p(p
++, 0x258cffff); /* addiu t4,t4,-1 */
740 stl_p(p
++, 0x1580fffa); /* bnez t4,84c */
741 stl_p(p
++, 0x00000000); /* nop */
742 stl_p(p
++, 0x01a00009); /* jalr t5 */
743 stl_p(p
++, 0x01602021); /* move a0,t3 */
745 stl_p(p
++, 0x3c08b800); /* lui t0,0xb400 */
746 stl_p(p
++, 0x350803f8); /* ori t0,t0,0x3f8 */
747 stl_p(p
++, 0x91090005); /* lbu t1,5(t0) */
748 stl_p(p
++, 0x00000000); /* nop */
749 stl_p(p
++, 0x31290040); /* andi t1,t1,0x40 */
750 stl_p(p
++, 0x1120fffc); /* beqz t1,878 <outch+0x8> */
751 stl_p(p
++, 0x00000000); /* nop */
752 stl_p(p
++, 0x03e00009); /* jalr ra */
753 stl_p(p
++, 0xa1040000); /* sb a0,0(t0) */
757 static void GCC_FMT_ATTR(3, 4) prom_set(uint32_t* prom_buf
, int index
,
758 const char *string
, ...)
763 if (index
>= ENVP_NB_ENTRIES
)
766 if (string
== NULL
) {
771 table_addr
= sizeof(int32_t) * ENVP_NB_ENTRIES
+ index
* ENVP_ENTRY_SIZE
;
772 prom_buf
[index
] = tswap32(ENVP_ADDR
+ table_addr
);
774 va_start(ap
, string
);
775 vsnprintf((char *)prom_buf
+ table_addr
, ENVP_ENTRY_SIZE
, string
, ap
);
780 static int64_t load_kernel (void)
782 int64_t kernel_entry
, kernel_high
;
784 ram_addr_t initrd_offset
;
789 uint64_t (*xlate_to_kseg0
) (void *opaque
, uint64_t addr
);
791 #ifdef TARGET_WORDS_BIGENDIAN
797 if (load_elf(loaderparams
.kernel_filename
, cpu_mips_kseg0_to_phys
, NULL
,
798 (uint64_t *)&kernel_entry
, NULL
, (uint64_t *)&kernel_high
,
799 big_endian
, EM_MIPS
, 1) < 0) {
800 fprintf(stderr
, "qemu: could not load kernel '%s'\n",
801 loaderparams
.kernel_filename
);
805 /* Sanity check where the kernel has been linked */
807 if (kernel_entry
& 0x80000000ll
) {
808 error_report("KVM guest kernels must be linked in useg. "
809 "Did you forget to enable CONFIG_KVM_GUEST?");
813 xlate_to_kseg0
= cpu_mips_kvm_um_phys_to_kseg0
;
815 if (!(kernel_entry
& 0x80000000ll
)) {
816 error_report("KVM guest kernels aren't supported with TCG. "
817 "Did you unintentionally enable CONFIG_KVM_GUEST?");
821 xlate_to_kseg0
= cpu_mips_phys_to_kseg0
;
827 if (loaderparams
.initrd_filename
) {
828 initrd_size
= get_image_size (loaderparams
.initrd_filename
);
829 if (initrd_size
> 0) {
830 initrd_offset
= (kernel_high
+ ~INITRD_PAGE_MASK
) & INITRD_PAGE_MASK
;
831 if (initrd_offset
+ initrd_size
> ram_size
) {
833 "qemu: memory too small for initial ram disk '%s'\n",
834 loaderparams
.initrd_filename
);
837 initrd_size
= load_image_targphys(loaderparams
.initrd_filename
,
839 ram_size
- initrd_offset
);
841 if (initrd_size
== (target_ulong
) -1) {
842 fprintf(stderr
, "qemu: could not load initial ram disk '%s'\n",
843 loaderparams
.initrd_filename
);
848 /* Setup prom parameters. */
849 prom_size
= ENVP_NB_ENTRIES
* (sizeof(int32_t) + ENVP_ENTRY_SIZE
);
850 prom_buf
= g_malloc(prom_size
);
852 prom_set(prom_buf
, prom_index
++, "%s", loaderparams
.kernel_filename
);
853 if (initrd_size
> 0) {
854 prom_set(prom_buf
, prom_index
++, "rd_start=0x%" PRIx64
" rd_size=%li %s",
855 xlate_to_kseg0(NULL
, initrd_offset
), initrd_size
,
856 loaderparams
.kernel_cmdline
);
858 prom_set(prom_buf
, prom_index
++, "%s", loaderparams
.kernel_cmdline
);
861 prom_set(prom_buf
, prom_index
++, "memsize");
862 prom_set(prom_buf
, prom_index
++, "%u", loaderparams
.ram_low_size
);
864 prom_set(prom_buf
, prom_index
++, "ememsize");
865 prom_set(prom_buf
, prom_index
++, "%u", loaderparams
.ram_size
);
867 prom_set(prom_buf
, prom_index
++, "modetty0");
868 prom_set(prom_buf
, prom_index
++, "38400n8r");
869 prom_set(prom_buf
, prom_index
++, NULL
);
871 rom_add_blob_fixed("prom", prom_buf
, prom_size
,
872 cpu_mips_kseg0_to_phys(NULL
, ENVP_ADDR
));
878 static void malta_mips_config(MIPSCPU
*cpu
)
880 CPUMIPSState
*env
= &cpu
->env
;
881 CPUState
*cs
= CPU(cpu
);
883 env
->mvp
->CP0_MVPConf0
|= ((smp_cpus
- 1) << CP0MVPC0_PVPE
) |
884 ((smp_cpus
* cs
->nr_threads
- 1) << CP0MVPC0_PTC
);
887 static void main_cpu_reset(void *opaque
)
889 MIPSCPU
*cpu
= opaque
;
890 CPUMIPSState
*env
= &cpu
->env
;
894 /* The bootloader does not need to be rewritten as it is located in a
895 read only location. The kernel location and the arguments table
896 location does not change. */
897 if (loaderparams
.kernel_filename
) {
898 env
->CP0_Status
&= ~(1 << CP0St_ERL
);
901 malta_mips_config(cpu
);
904 /* Start running from the bootloader we wrote to end of RAM */
905 env
->active_tc
.PC
= 0x40000000 + loaderparams
.ram_low_size
;
910 void mips_malta_init(MachineState
*machine
)
912 ram_addr_t ram_size
= machine
->ram_size
;
913 ram_addr_t ram_low_size
;
914 const char *cpu_model
= machine
->cpu_model
;
915 const char *kernel_filename
= machine
->kernel_filename
;
916 const char *kernel_cmdline
= machine
->kernel_cmdline
;
917 const char *initrd_filename
= machine
->initrd_filename
;
920 MemoryRegion
*system_memory
= get_system_memory();
921 MemoryRegion
*ram_high
= g_new(MemoryRegion
, 1);
922 MemoryRegion
*ram_low_preio
= g_new(MemoryRegion
, 1);
923 MemoryRegion
*ram_low_postio
;
924 MemoryRegion
*bios
, *bios_copy
= g_new(MemoryRegion
, 1);
925 target_long bios_size
= FLASH_SIZE
;
926 const size_t smbus_eeprom_size
= 8 * 256;
927 uint8_t *smbus_eeprom_buf
= g_malloc0(smbus_eeprom_size
);
928 int64_t kernel_entry
, bootloader_run_addr
;
938 DriveInfo
*hd
[MAX_IDE_BUS
* MAX_IDE_DEVS
];
939 DriveInfo
*fd
[MAX_FD
];
941 int fl_sectors
= bios_size
>> 16;
944 DeviceState
*dev
= qdev_create(NULL
, TYPE_MIPS_MALTA
);
945 MaltaState
*s
= MIPS_MALTA(dev
);
947 /* The whole address space decoded by the GT-64120A doesn't generate
948 exception when accessing invalid memory. Create an empty slot to
949 emulate this feature. */
950 empty_slot_init(0, 0x20000000);
952 qdev_init_nofail(dev
);
954 /* Make sure the first 3 serial ports are associated with a device. */
955 for(i
= 0; i
< 3; i
++) {
956 if (!serial_hds
[i
]) {
958 snprintf(label
, sizeof(label
), "serial%d", i
);
959 serial_hds
[i
] = qemu_chr_new(label
, "null", NULL
);
964 if (cpu_model
== NULL
) {
972 for (i
= 0; i
< smp_cpus
; i
++) {
973 cpu
= cpu_mips_init(cpu_model
);
975 fprintf(stderr
, "Unable to find CPU definition\n");
980 /* Init internal devices */
981 cpu_mips_irq_init_cpu(env
);
982 cpu_mips_clock_init(env
);
983 qemu_register_reset(main_cpu_reset
, cpu
);
985 cpu
= MIPS_CPU(first_cpu
);
989 if (ram_size
> (2048u << 20)) {
991 "qemu: Too much memory for this machine: %d MB, maximum 2048 MB\n",
992 ((unsigned int)ram_size
/ (1 << 20)));
996 /* register RAM at high address where it is undisturbed by IO */
997 memory_region_allocate_system_memory(ram_high
, NULL
, "mips_malta.ram",
999 memory_region_add_subregion(system_memory
, 0x80000000, ram_high
);
1001 /* alias for pre IO hole access */
1002 memory_region_init_alias(ram_low_preio
, NULL
, "mips_malta_low_preio.ram",
1003 ram_high
, 0, MIN(ram_size
, (256 << 20)));
1004 memory_region_add_subregion(system_memory
, 0, ram_low_preio
);
1006 /* alias for post IO hole access, if there is enough RAM */
1007 if (ram_size
> (512 << 20)) {
1008 ram_low_postio
= g_new(MemoryRegion
, 1);
1009 memory_region_init_alias(ram_low_postio
, NULL
,
1010 "mips_malta_low_postio.ram",
1011 ram_high
, 512 << 20,
1012 ram_size
- (512 << 20));
1013 memory_region_add_subregion(system_memory
, 512 << 20, ram_low_postio
);
1016 /* generate SPD EEPROM data */
1017 generate_eeprom_spd(&smbus_eeprom_buf
[0 * 256], ram_size
);
1018 generate_eeprom_serial(&smbus_eeprom_buf
[6 * 256]);
1020 #ifdef TARGET_WORDS_BIGENDIAN
1026 /* The CBUS UART is attached to the MIPS CPU INT2 pin, ie interrupt 4 */
1027 malta_fpga_init(system_memory
, FPGA_ADDRESS
, env
->irq
[4], serial_hds
[2]);
1029 /* Load firmware in flash / BIOS. */
1030 dinfo
= drive_get(IF_PFLASH
, 0, fl_idx
);
1031 #ifdef DEBUG_BOARD_INIT
1033 printf("Register parallel flash %d size " TARGET_FMT_lx
" at "
1034 "addr %08llx '%s' %x\n",
1035 fl_idx
, bios_size
, FLASH_ADDRESS
,
1036 blk_name(dinfo
->bdrv
), fl_sectors
);
1039 fl
= pflash_cfi01_register(FLASH_ADDRESS
, NULL
, "mips_malta.bios",
1041 dinfo
? blk_by_legacy_dinfo(dinfo
) : NULL
,
1043 4, 0x0000, 0x0000, 0x0000, 0x0000, be
);
1044 bios
= pflash_cfi01_get_memory(fl
);
1046 if (kernel_filename
) {
1047 ram_low_size
= MIN(ram_size
, 256 << 20);
1048 /* For KVM we reserve 1MB of RAM for running bootloader */
1049 if (kvm_enabled()) {
1050 ram_low_size
-= 0x100000;
1051 bootloader_run_addr
= 0x40000000 + ram_low_size
;
1053 bootloader_run_addr
= 0xbfc00000;
1056 /* Write a small bootloader to the flash location. */
1057 loaderparams
.ram_size
= ram_size
;
1058 loaderparams
.ram_low_size
= ram_low_size
;
1059 loaderparams
.kernel_filename
= kernel_filename
;
1060 loaderparams
.kernel_cmdline
= kernel_cmdline
;
1061 loaderparams
.initrd_filename
= initrd_filename
;
1062 kernel_entry
= load_kernel();
1064 write_bootloader(env
, memory_region_get_ram_ptr(bios
),
1065 bootloader_run_addr
, kernel_entry
);
1066 if (kvm_enabled()) {
1067 /* Write the bootloader code @ the end of RAM, 1MB reserved */
1068 write_bootloader(env
, memory_region_get_ram_ptr(ram_low_preio
) +
1070 bootloader_run_addr
, kernel_entry
);
1073 /* The flash region isn't executable from a KVM guest */
1074 if (kvm_enabled()) {
1075 error_report("KVM enabled but no -kernel argument was specified. "
1076 "Booting from flash is not supported with KVM.");
1079 /* Load firmware from flash. */
1081 /* Load a BIOS image. */
1082 if (bios_name
== NULL
) {
1083 bios_name
= BIOS_FILENAME
;
1085 filename
= qemu_find_file(QEMU_FILE_TYPE_BIOS
, bios_name
);
1087 bios_size
= load_image_targphys(filename
, FLASH_ADDRESS
,
1093 if ((bios_size
< 0 || bios_size
> BIOS_SIZE
) &&
1094 !kernel_filename
&& !qtest_enabled()) {
1095 error_report("Could not load MIPS bios '%s', and no "
1096 "-kernel argument was specified", bios_name
);
1100 /* In little endian mode the 32bit words in the bios are swapped,
1101 a neat trick which allows bi-endian firmware. */
1102 #ifndef TARGET_WORDS_BIGENDIAN
1104 uint32_t *end
, *addr
= rom_ptr(FLASH_ADDRESS
);
1106 addr
= memory_region_get_ram_ptr(bios
);
1108 end
= (void *)addr
+ MIN(bios_size
, 0x3e0000);
1109 while (addr
< end
) {
1118 * Map the BIOS at a 2nd physical location, as on the real board.
1119 * Copy it so that we can patch in the MIPS revision, which cannot be
1120 * handled by an overlapping region as the resulting ROM code subpage
1121 * regions are not executable.
1123 memory_region_init_ram(bios_copy
, NULL
, "bios.1fc", BIOS_SIZE
,
1125 if (!rom_copy(memory_region_get_ram_ptr(bios_copy
),
1126 FLASH_ADDRESS
, BIOS_SIZE
)) {
1127 memcpy(memory_region_get_ram_ptr(bios_copy
),
1128 memory_region_get_ram_ptr(bios
), BIOS_SIZE
);
1130 memory_region_set_readonly(bios_copy
, true);
1131 memory_region_add_subregion(system_memory
, RESET_ADDRESS
, bios_copy
);
1133 /* Board ID = 0x420 (Malta Board with CoreLV) */
1134 stl_p(memory_region_get_ram_ptr(bios_copy
) + 0x10, 0x00000420);
1136 /* Init internal devices */
1137 cpu_mips_irq_init_cpu(env
);
1138 cpu_mips_clock_init(env
);
1141 * We have a circular dependency problem: pci_bus depends on isa_irq,
1142 * isa_irq is provided by i8259, i8259 depends on ISA, ISA depends
1143 * on piix4, and piix4 depends on pci_bus. To stop the cycle we have
1144 * qemu_irq_proxy() adds an extra bit of indirection, allowing us
1145 * to resolve the isa_irq -> i8259 dependency after i8259 is initialized.
1147 isa_irq
= qemu_irq_proxy(&s
->i8259
, 16);
1150 pci_bus
= gt64120_register(isa_irq
);
1153 ide_drive_get(hd
, ARRAY_SIZE(hd
));
1155 piix4_devfn
= piix4_init(pci_bus
, &isa_bus
, 80);
1157 /* Interrupt controller */
1158 /* The 8259 is attached to the MIPS CPU INT0 pin, ie interrupt 2 */
1159 s
->i8259
= i8259_init(isa_bus
, env
->irq
[2]);
1161 isa_bus_irqs(isa_bus
, s
->i8259
);
1162 pci_piix4_ide_init(pci_bus
, hd
, piix4_devfn
+ 1);
1163 pci_create_simple(pci_bus
, piix4_devfn
+ 2, "piix4-usb-uhci");
1164 smbus
= piix4_pm_init(pci_bus
, piix4_devfn
+ 3, 0x1100,
1165 isa_get_irq(NULL
, 9), NULL
, 0, NULL
);
1166 smbus_eeprom_init(smbus
, 8, smbus_eeprom_buf
, smbus_eeprom_size
);
1167 g_free(smbus_eeprom_buf
);
1168 pit
= pit_init(isa_bus
, 0x40, 0, NULL
);
1172 isa_create_simple(isa_bus
, "i8042");
1174 rtc_init(isa_bus
, 2000, NULL
);
1175 serial_hds_isa_init(isa_bus
, 2);
1176 parallel_hds_isa_init(isa_bus
, 1);
1178 for(i
= 0; i
< MAX_FD
; i
++) {
1179 fd
[i
] = drive_get(IF_FLOPPY
, 0, i
);
1181 fdctrl_init_isa(isa_bus
, fd
);
1184 network_init(pci_bus
);
1186 /* Optional PCI video card */
1187 pci_vga_init(pci_bus
);
1190 static int mips_malta_sysbus_device_init(SysBusDevice
*sysbusdev
)
1195 static void mips_malta_class_init(ObjectClass
*klass
, void *data
)
1197 SysBusDeviceClass
*k
= SYS_BUS_DEVICE_CLASS(klass
);
1199 k
->init
= mips_malta_sysbus_device_init
;
1202 static const TypeInfo mips_malta_device
= {
1203 .name
= TYPE_MIPS_MALTA
,
1204 .parent
= TYPE_SYS_BUS_DEVICE
,
1205 .instance_size
= sizeof(MaltaState
),
1206 .class_init
= mips_malta_class_init
,
1209 static void mips_malta_machine_init(MachineClass
*mc
)
1211 mc
->desc
= "MIPS Malta Core LV";
1212 mc
->init
= mips_malta_init
;
1217 DEFINE_MACHINE("malta", mips_malta_machine_init
)
1219 static void mips_malta_register_types(void)
1221 type_register_static(&mips_malta_device
);
1224 type_init(mips_malta_register_types
)