search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge remote-tracking branch 'qemu/master'
[qemu/ar7.git] / hw / mips / mips_malta.c
blobf046d44605be74bb38a29ea1df75fe3440e0cdc4
1 /*
2 * QEMU Malta board support
3 *
4 * Copyright (c) 2006 Aurelien Jarno
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
24
25 #include "qemu/osdep.h"
26 #include "qemu-common.h"
27 #include "cpu.h"
28 #include "hw/hw.h"
29 #include "hw/i386/pc.h"
30 #include "hw/char/serial.h"
31 #include "hw/block/fdc.h"
32 #include "net/net.h"
33 #include "hw/boards.h"
34 #include "hw/i2c/smbus.h"
35 #include "sysemu/block-backend.h"
36 #include "hw/block/flash.h"
37 #include "hw/mips/mips.h"
38 #include "hw/mips/cpudevs.h"
39 #include "hw/pci/pci.h"
40 #include "sysemu/sysemu.h"
41 #include "sysemu/arch_init.h"
42 #include "qemu/log.h"
43 #include "hw/mips/bios.h"
44 #include "hw/ide.h"
45 #include "hw/loader.h"
46 #include "elf.h"
47 #include "hw/timer/mc146818rtc.h"
48 #include "hw/timer/i8254.h"
49 #include "sysemu/blockdev.h"
50 #include "exec/address-spaces.h"
51 #include "hw/sysbus.h" /* SysBusDevice */
52 #include "qemu/host-utils.h"
53 #include "sysemu/qtest.h"
54 #include "qemu/error-report.h"
55 #include "hw/empty_slot.h"
56 #include "sysemu/kvm.h"
57 #include "exec/semihost.h"
58 #include "hw/mips/cps.h"
59
60 #undef BIOS_SIZE
61 #define BIOS_SIZE (16 * MiB)
62
63 //#define DEBUG_BOARD_INIT
64
65 #define ENVP_ADDR 0x80002000l
66 #define ENVP_NB_ENTRIES 16
67 #define ENVP_ENTRY_SIZE 256
68
69 /* Hardware addresses */
70 #define FLASH_ADDRESS 0x1e000000ULL
71 #define FPGA_ADDRESS 0x1f000000ULL
72 #define RESET_ADDRESS 0x1fc00000ULL
73
74 #define MAX_IDE_BUS 2
75
76 //~ #define DEBUG
77
78 #if defined(DEBUG)
79 # define TRACE(flag, command) ((flag) ? (command) : (void)0)
80 # define logout(fmt, ...) fprintf(stderr, "MALTA\t%-24s" fmt, __func__, ## __VA_ARGS__)
81 #else
82 # define TRACE(flag, command) ((void)0)
83 # define logout(fmt, ...) ((void)0)
84 #endif
85
86 #define EEPROM 1
87 #define FPGA 0
88
89 typedef struct {
90 MemoryRegion iomem;
91 MemoryRegion iomem_lo; /* 0 - 0x900 */
92 MemoryRegion iomem_hi; /* 0xa00 - 0x100000 */
93 uint32_t leds;
94 uint32_t brk;
95 uint32_t gpout;
96 uint32_t i2cin;
97 uint32_t i2coe;
98 uint32_t i2cout;
99 uint32_t i2csel;
100 CharBackend display;
101 char display_text[9];
102 SerialState *uart;
103 int bigendian;
104 bool display_inited;
105 } MaltaFPGAState;
106
107 #define TYPE_MIPS_MALTA "mips-malta"
108 #define MIPS_MALTA(obj) OBJECT_CHECK(MaltaState, (obj), TYPE_MIPS_MALTA)
109
110 typedef struct {
111 SysBusDevice parent_obj;
112
113 MIPSCPSState *cps;
114 qemu_irq *i8259;
115 } MaltaState;
116
117 static ISADevice *pit;
118
119 static struct _loaderparams {
120 int ram_size, ram_low_size;
121 const char *kernel_filename;
122 const char *kernel_cmdline;
123 const char *initrd_filename;
124 } loaderparams;
125
126 /* Malta FPGA */
127 static void malta_fpga_update_display(void *opaque)
128 {
129 char leds_text[9];
130 int i;
131 MaltaFPGAState *s = opaque;
132
133 for (i = 7 ; i >= 0 ; i--) {
134 if (s->leds & (1 << i))
135 leds_text[i] = '#';
136 else
137 leds_text[i] = ' ';
138 }
139 leds_text[8] = '\0';
140
141 qemu_chr_fe_printf(&s->display, "\e[3;2H\e[0;32m%-8.8s", leds_text);
142 qemu_chr_fe_printf(&s->display, "\e[8;2H\e[0;31m%-8.8s\r\n\n\e[0;37m", s->display_text);
143 }
144
145 /*
146 * EEPROM 24C01 / 24C02 emulation.
147 *
148 * Emulation for serial EEPROMs:
149 * 24C01 - 1024 bit (128 x 8)
150 * 24C02 - 2048 bit (256 x 8)
151 *
152 * Typical device names include Microchip 24C02SC or SGS Thomson ST24C02.
153 */
154
155 struct _eeprom24c0x_t {
156 uint8_t tick;
157 uint8_t address;
158 uint8_t command;
159 uint8_t ack;
160 uint8_t scl;
161 uint8_t sda;
162 uint8_t data;
163 //~ uint16_t size;
164 uint8_t contents[256];
165 };
166
167 typedef struct _eeprom24c0x_t eeprom24c0x_t;
168
169 static eeprom24c0x_t spd_eeprom = {
170 .contents = {
171 /* 00000000: */ 0x80,0x08,0xFF,0x0D,0x0A,0xFF,0x40,0x00,
172 /* 00000008: */ 0x01,0x75,0x54,0x00,0x82,0x08,0x00,0x01,
173 /* 00000010: */ 0x8F,0x04,0x02,0x01,0x01,0x00,0x00,0x00,
174 /* 00000018: */ 0x00,0x00,0x00,0x14,0x0F,0x14,0x2D,0xFF,
175 /* 00000020: */ 0x15,0x08,0x15,0x08,0x00,0x00,0x00,0x00,
176 /* 00000028: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
177 /* 00000030: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
178 /* 00000038: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x12,0xD0,
179 /* 00000040: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
180 /* 00000048: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
181 /* 00000050: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
182 /* 00000058: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
183 /* 00000060: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
184 /* 00000068: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
185 /* 00000070: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
186 /* 00000078: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x64,0xF4,
187 },
188 };
189
190 static void generate_eeprom_spd(uint8_t *eeprom, ram_addr_t ram_size)
191 {
192 enum { SDR = 0x4, DDR2 = 0x8 } type;
193 uint8_t *spd = spd_eeprom.contents;
194 uint8_t nbanks = 0;
195 uint16_t density = 0;
196 int i;
197
198 /* work in terms of MB */
199 ram_size >>= 20;
200
201 while ((ram_size >= 4) && (nbanks <= 2)) {
202 int sz_log2 = MIN(31 - clz32(ram_size), 14);
203 nbanks++;
204 density |= 1 << (sz_log2 - 2);
205 ram_size -= 1 << sz_log2;
206 }
207
208 /* split to 2 banks if possible */
209 if ((nbanks == 1) && (density > 1)) {
210 nbanks++;
211 density >>= 1;
212 }
213
214 if (density & 0xff00) {
215 density = (density & 0xe0) | ((density >> 8) & 0x1f);
216 type = DDR2;
217 } else if (!(density & 0x1f)) {
218 type = DDR2;
219 } else {
220 type = SDR;
221 }
222
223 if (ram_size) {
224 warn_report("SPD cannot represent final " RAM_ADDR_FMT "MB"
225 " of SDRAM", ram_size);
226 }
227
228 /* fill in SPD memory information */
229 spd[2] = type;
230 spd[5] = nbanks;
231 spd[31] = density;
232
233 /* checksum */
234 spd[63] = 0;
235 for (i = 0; i < 63; i++) {
236 spd[63] += spd[i];
237 }
238
239 /* copy for SMBUS */
240 memcpy(eeprom, spd, sizeof(spd_eeprom.contents));
241 }
242
243 static void generate_eeprom_serial(uint8_t *eeprom)
244 {
245 int i, pos = 0;
246 uint8_t mac[6] = { 0x00 };
247 uint8_t sn[5] = { 0x01, 0x23, 0x45, 0x67, 0x89 };
248
249 /* version */
250 eeprom[pos++] = 0x01;
251
252 /* count */
253 eeprom[pos++] = 0x02;
254
255 /* MAC address */
256 eeprom[pos++] = 0x01; /* MAC */
257 eeprom[pos++] = 0x06; /* length */
258 memcpy(&eeprom[pos], mac, sizeof(mac));
259 pos += sizeof(mac);
260
261 /* serial number */
262 eeprom[pos++] = 0x02; /* serial */
263 eeprom[pos++] = 0x05; /* length */
264 memcpy(&eeprom[pos], sn, sizeof(sn));
265 pos += sizeof(sn);
266
267 /* checksum */
268 eeprom[pos] = 0;
269 for (i = 0; i < pos; i++) {
270 eeprom[pos] += eeprom[i];
271 }
272 }
273
274 static uint8_t eeprom24c0x_read(eeprom24c0x_t *eeprom)
275 {
276 TRACE(EEPROM, logout("%u: scl = %u, sda = %u, data = 0x%02x\n",
277 eeprom->tick, eeprom->scl, eeprom->sda, eeprom->data));
278 return eeprom->sda;
279 }
280
281 static void eeprom24c0x_write(eeprom24c0x_t *eeprom, int scl, int sda)
282 {
283 if (eeprom->scl && scl && (eeprom->sda != sda)) {
284 TRACE(EEPROM, logout("%u: scl = %u->%u, sda = %u->%u i2c %s\n",
285 eeprom->tick, eeprom->scl, scl, eeprom->sda, sda,
286 sda ? "stop" : "start"));
287 if (!sda) {
288 eeprom->tick = 1;
289 eeprom->command = 0;
290 }
291 } else if (eeprom->tick == 0 && !eeprom->ack) {
292 /* Waiting for start. */
293 TRACE(EEPROM, logout("%u: scl = %u->%u, sda = %u->%u wait for i2c start\n",
294 eeprom->tick, eeprom->scl, scl, eeprom->sda, sda));
295 } else if (!eeprom->scl && scl) {
296 TRACE(EEPROM, logout("%u: scl = %u->%u, sda = %u->%u trigger bit\n",
297 eeprom->tick, eeprom->scl, scl, eeprom->sda, sda));
298 if (eeprom->ack) {
299 TRACE(EEPROM, logout("\ti2c ack bit = 0\n"));
300 sda = 0;
301 eeprom->ack = 0;
302 } else if (eeprom->sda == sda) {
303 uint8_t bit = (sda != 0);
304 TRACE(EEPROM, logout("\ti2c bit = %d\n", bit));
305 if (eeprom->tick < 9) {
306 eeprom->command <<= 1;
307 eeprom->command += bit;
308 eeprom->tick++;
309 if (eeprom->tick == 9) {
310 TRACE(EEPROM, logout("\tcommand 0x%04x, %s\n",
311 bit ? "read" : "write"));
312 eeprom->ack = 1;
313 }
314 } else if (eeprom->tick < 17) {
315 if (eeprom->command & 1) {
316 sda = ((eeprom->data & 0x80) != 0);
317 }
318 eeprom->address <<= 1;
319 eeprom->address += bit;
320 eeprom->tick++;
321 eeprom->data <<= 1;
322 if (eeprom->tick == 17) {
323 eeprom->data = eeprom->contents[eeprom->address];
324 TRACE(EEPROM, logout("\taddress 0x%04x, data 0x%02x\n",
325 eeprom->address, eeprom->data));
326 eeprom->ack = 1;
327 eeprom->tick = 0;
328 }
329 } else if (eeprom->tick >= 17) {
330 sda = 0;
331 }
332 } else {
333 TRACE(EEPROM, logout("\tsda changed with raising scl\n"));
334 }
335 } else {
336 TRACE(EEPROM, logout("%u: scl = %u->%u, sda = %u->%u\n",
337 eeprom->tick, eeprom->scl, scl, eeprom->sda, sda));
338 }
339 eeprom->scl = scl;
340 eeprom->sda = sda;
341 }
342
343 static uint64_t malta_fpga_read(void *opaque, hwaddr addr,
344 unsigned size)
345 {
346 MaltaFPGAState *s = opaque;
347 uint32_t val = 0;
348 uint32_t saddr;
349
350 saddr = (addr & 0xfffff);
351
352 switch (saddr) {
353
354 /* SWITCH Register */
355 case 0x00200:
356 val = 0x00000000; /* All switches closed */
357 break;
358
359 /* STATUS Register */
360 case 0x00208:
361 val = 0x00000010;
362 if (s->bigendian) {
363 val |= 2;
364 }
365 break;
366
367 /* JMPRS Register */
368 case 0x00210:
369 val = 0x00;
370 break;
371
372 /* LEDBAR Register */
373 case 0x00408:
374 val = s->leds;
375 break;
376
377 /* BRKRES Register */
378 case 0x00508:
379 val = s->brk;
380 break;
381
382 /* UART Registers are handled directly by the serial device */
383
384 /* GPOUT Register */
385 case 0x00a00:
386 val = s->gpout;
387 break;
388
389 /* XXX: implement a real I2C controller */
390
391 /* GPINP Register */
392 case 0x00a08:
393 /* IN = OUT until a real I2C control is implemented */
394 if (s->i2csel)
395 val = s->i2cout;
396 else
397 val = 0x00;
398 break;
399
400 /* I2CINP Register */
401 case 0x00b00:
402 val = ((s->i2cin & ~1) | eeprom24c0x_read(&spd_eeprom));
403 break;
404
405 /* I2COE Register */
406 case 0x00b08:
407 val = s->i2coe;
408 break;
409
410 /* I2COUT Register */
411 case 0x00b10:
412 val = s->i2cout;
413 break;
414
415 /* I2CSEL Register */
416 case 0x00b18:
417 val = s->i2csel;
418 break;
419
420 default:
421 #if 1
422 fprintf (stderr, "%s: Bad register offset 0x" TARGET_FMT_plx "\n",
423 __func__, addr);
424 #endif
425 break;
426 }
427 TRACE(FPGA, logout("0x%08x = 0x%08x\n", saddr, val));
428 return val;
429 }
430
431 static void malta_fpga_write(void *opaque, hwaddr addr,
432 uint64_t val, unsigned size)
433 {
434 MaltaFPGAState *s = opaque;
435 uint32_t saddr;
436 int logging = 1;
437
438 saddr = (addr & 0xfffff);
439
440 switch (saddr) {
441
442 /* SWITCH Register */
443 case 0x00200:
444 break;
445
446 /* JMPRS Register */
447 case 0x00210:
448 break;
449
450 /* LEDBAR Register */
451 case 0x00408:
452 s->leds = val & 0xff;
453 malta_fpga_update_display(s);
454 break;
455
456 /* ASCIIWORD Register */
457 case 0x00410:
458 snprintf(s->display_text, 9, "%08X", (uint32_t)val);
459 malta_fpga_update_display(s);
460 break;
461
462 /* ASCIIPOS0 to ASCIIPOS7 Registers */
463 case 0x00418:
464 case 0x00420:
465 case 0x00428:
466 case 0x00430:
467 case 0x00438:
468 case 0x00440:
469 case 0x00448:
470 case 0x00450:
471 s->display_text[(saddr - 0x00418) >> 3] = (char) val;
472 malta_fpga_update_display(s);
473 break;
474
475 /* SOFTRES Register */
476 case 0x00500:
477 if (val == 0x42)
478 qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET);
479 break;
480
481 /* BRKRES Register */
482 case 0x00508:
483 s->brk = val & 0xff;
484 break;
485
486 /* UART Registers are handled directly by the serial device */
487
488 /* GPOUT Register */
489 case 0x00a00:
490 s->gpout = val & 0xff;
491 break;
492
493 /* I2COE Register */
494 case 0x00b08:
495 s->i2coe = val & 0x03;
496 break;
497
498 /* I2COUT Register */
499 case 0x00b10:
500 eeprom24c0x_write(&spd_eeprom, val & 0x02, val & 0x01);
501 s->i2cout = val;
502 logging = 0;
503 break;
504
505 /* I2CSEL Register */
506 case 0x00b18:
507 s->i2csel = val & 0x01;
508 break;
509
510 default:
511 #if 1
512 fprintf(stderr, "%s: Bad register offset 0x" TARGET_FMT_plx "\n",
513 __func__, addr);
514 #endif
515 break;
516 }
517
518 if (logging) {
519 TRACE(FPGA, logout("0x%08x = 0x%08x (oe = 0x%08x, out = 0x%08x, sel = 0x%08x)\n",
520 saddr, val, s->i2coe, s->i2cout, s->i2csel));
521 }
522 }
523
524 static const MemoryRegionOps malta_fpga_ops = {
525 .read = malta_fpga_read,
526 .write = malta_fpga_write,
527 .endianness = DEVICE_NATIVE_ENDIAN,
528 };
529
530 static void malta_fpga_reset(void *opaque)
531 {
532 MaltaFPGAState *s = opaque;
533
534 s->leds = 0x00;
535 s->brk = 0x0a;
536 s->gpout = 0x00;
537 s->i2cin = 0x3;
538 s->i2coe = 0x0;
539 s->i2cout = 0x3;
540 s->i2csel = 0x1;
541
542 s->display_text[8] = '\0';
543 snprintf(s->display_text, 9, " ");
544 }
545
546 static void malta_fgpa_display_event(void *opaque, int event)
547 {
548 MaltaFPGAState *s = opaque;
549
550 if (event == CHR_EVENT_OPENED && !s->display_inited) {
551 qemu_chr_fe_printf(&s->display, "\e[HMalta LEDBAR\r\n");
552 qemu_chr_fe_printf(&s->display, "+--------+\r\n");
553 qemu_chr_fe_printf(&s->display, "+ +\r\n");
554 qemu_chr_fe_printf(&s->display, "+--------+\r\n");
555 qemu_chr_fe_printf(&s->display, "\n");
556 qemu_chr_fe_printf(&s->display, "Malta ASCII\r\n");
557 qemu_chr_fe_printf(&s->display, "+--------+\r\n");
558 qemu_chr_fe_printf(&s->display, "+ +\r\n");
559 qemu_chr_fe_printf(&s->display, "+--------+\r\n");
560 s->display_inited = true;
561 }
562 }
563
564 static MaltaFPGAState *malta_fpga_init(MemoryRegion *address_space,
565 hwaddr base, qemu_irq uart_irq, Chardev *uart_chr, int bigendian)
566 {
567 MaltaFPGAState *s;
568 Chardev *chr;
569
570 s = (MaltaFPGAState *)g_malloc0(sizeof(MaltaFPGAState));
571
572 memory_region_init_io(&s->iomem, NULL, &malta_fpga_ops, s,
573 "malta-fpga", 0x100000);
574 memory_region_init_alias(&s->iomem_lo, NULL, "malta-fpga",
575 &s->iomem, 0, 0x900);
576 memory_region_init_alias(&s->iomem_hi, NULL, "malta-fpga",
577 &s->iomem, 0xa00, 0x10000-0xa00);
578
579 memory_region_add_subregion(address_space, base, &s->iomem_lo);
580 memory_region_add_subregion(address_space, base + 0xa00, &s->iomem_hi);
581
582 s->bigendian = bigendian;
583 chr = qemu_chr_new("fpga", "vc:320x200");
584 qemu_chr_fe_init(&s->display, chr, NULL);
585 qemu_chr_fe_set_handlers(&s->display, NULL, NULL,
586 malta_fgpa_display_event, NULL, s, NULL, true);
587
588 s->uart = serial_mm_init(address_space, base + 0x900, 3, uart_irq,
589 230400, uart_chr, DEVICE_NATIVE_ENDIAN);
590
591 malta_fpga_reset(s);
592 qemu_register_reset(malta_fpga_reset, s);
593
594 return s;
595 }
596
597 /* Network support */
598 static void network_init(PCIBus *pci_bus)
599 {
600 int i;
601
602 for(i = 0; i < nb_nics; i++) {
603 NICInfo *nd = &nd_table[i];
604 const char *default_devaddr = NULL;
605
606 if (i == 0 && (!nd->model || strcmp(nd->model, "pcnet") == 0))
607 /* The malta board has a PCNet card using PCI SLOT 11 */
608 default_devaddr = "0b";
609
610 pci_nic_init_nofail(nd, pci_bus, "pcnet", default_devaddr);
611 }
612 }
613
614 /* ROM and pseudo bootloader
615
616 The following code implements a very very simple bootloader. It first
617 loads the registers a0 to a3 to the values expected by the OS, and
618 then jump at the kernel address.
619
620 The bootloader should pass the locations of the kernel arguments and
621 environment variables tables. Those tables contain the 32-bit address
622 of NULL terminated strings. The environment variables table should be
623 terminated by a NULL address.
624
625 For a simpler implementation, the number of kernel arguments is fixed
626 to two (the name of the kernel and the command line), and the two
627 tables are actually the same one.
628
629 The registers a0 to a3 should contain the following values:
630 a0 - number of kernel arguments
631 a1 - 32-bit address of the kernel arguments table
632 a2 - 32-bit address of the environment variables table
633 a3 - RAM size in bytes
634 */
635
636 static void write_bootloader(uint8_t *base, int64_t run_addr,
637 int64_t kernel_entry)
638 {
639 uint32_t *p;
640 bool bigendian = first_cpu->bigendian;
641
642 if (cpu_mips_phys_to_kseg0(NULL, kernel_entry) == cpu_mips_phys_to_kseg0(NULL, 0x1fc00000LL)) {
643 return;
644 }
645
646 /* Small bootloader */
647 p = (uint32_t *)base;
648
649 stl_p(p++, 0x08000000 | /* j 0x1fc00580 */
650 ((run_addr + 0x580) & 0x0fffffff) >> 2);
651 stl_p(p++, 0x00000000); /* nop */
652
653 /* YAMON service vector */
654 stl_p(base + 0x500, run_addr + 0x0580); /* start: */
655 stl_p(base + 0x504, run_addr + 0x083c); /* print_count: */
656 stl_p(base + 0x520, run_addr + 0x0580); /* start: */
657 stl_p(base + 0x52c, run_addr + 0x0800); /* flush_cache: */
658 stl_p(base + 0x534, run_addr + 0x0808); /* print: */
659 stl_p(base + 0x538, run_addr + 0x0800); /* reg_cpu_isr: */
660 stl_p(base + 0x53c, run_addr + 0x0800); /* unred_cpu_isr: */
661 stl_p(base + 0x540, run_addr + 0x0800); /* reg_ic_isr: */
662 stl_p(base + 0x544, run_addr + 0x0800); /* unred_ic_isr: */
663 stl_p(base + 0x548, run_addr + 0x0800); /* reg_esr: */
664 stl_p(base + 0x54c, run_addr + 0x0800); /* unreg_esr: */
665 stl_p(base + 0x550, run_addr + 0x0800); /* getchar: */
666 stl_p(base + 0x554, run_addr + 0x0800); /* syscon_read: */
667
668
669 /* Second part of the bootloader */
670 p = (uint32_t *) (base + 0x580);
671 if (semihosting_get_argc()) {
672 /* Preserve a0 content as arguments have been passed */
673 stl_p(p++, 0x00000000); /* nop */
674 } else {
675 stl_p(p++, 0x24040002); /* addiu a0, zero, 2 */
676 }
677 stl_p(p++, 0x3c1d0000 | (((ENVP_ADDR - 64) >> 16) & 0xffff)); /* lui sp, high(ENVP_ADDR - 64) */
678 stl_p(p++, 0x37bd0000 | ((ENVP_ADDR - 64) & 0xffff)); /* ori sp, sp, low(ENVP_ADDR - 64) */
679 stl_p(p++, 0x3c050000 | ((ENVP_ADDR >> 16) & 0xffff)); /* lui a1, high(ENVP_ADDR) */
680 stl_p(p++, 0x34a50000 | (ENVP_ADDR & 0xffff)); /* ori a1, a1, low(ENVP_ADDR) */
681 stl_p(p++, 0x3c060000 | (((ENVP_ADDR + 8) >> 16) & 0xffff)); /* lui a2, high(ENVP_ADDR + 8) */
682 stl_p(p++, 0x34c60000 | ((ENVP_ADDR + 8) & 0xffff)); /* ori a2, a2, low(ENVP_ADDR + 8) */
683 stl_p(p++, 0x3c070000 | (loaderparams.ram_low_size >> 16)); /* lui a3, high(ram_low_size) */
684 stl_p(p++, 0x34e70000 | (loaderparams.ram_low_size & 0xffff)); /* ori a3, a3, low(ram_low_size) */
685
686 /* Load BAR registers as done by YAMON */
687 stl_p(p++, 0x3c09b400); /* lui t1, 0xb400 */
688
689 if (bigendian) {
690 stl_p(p++, 0x3c08df00); /* lui t0, 0xdf00 */
691 } else {
692 stl_p(p++, 0x340800df); /* ori t0, r0, 0x00df */
693 }
694 stl_p(p++, 0xad280068); /* sw t0, 0x0068(t1) */
695
696 stl_p(p++, 0x3c09bbe0); /* lui t1, 0xbbe0 */
697
698 if (bigendian) {
699 stl_p(p++, 0x3c08c000); /* lui t0, 0xc000 */
700 } else {
701 stl_p(p++, 0x340800c0); /* ori t0, r0, 0x00c0 */
702 }
703 stl_p(p++, 0xad280048); /* sw t0, 0x0048(t1) */
704 if (bigendian) {
705 stl_p(p++, 0x3c084000); /* lui t0, 0x4000 */
706 } else {
707 stl_p(p++, 0x34080040); /* ori t0, r0, 0x0040 */
708 }
709 stl_p(p++, 0xad280050); /* sw t0, 0x0050(t1) */
710
711 if (bigendian) {
712 stl_p(p++, 0x3c088000); /* lui t0, 0x8000 */
713 } else {
714 stl_p(p++, 0x34080080); /* ori t0, r0, 0x0080 */
715 }
716 stl_p(p++, 0xad280058); /* sw t0, 0x0058(t1) */
717 if (bigendian) {
718 stl_p(p++, 0x3c083f00); /* lui t0, 0x3f00 */
719 } else {
720 stl_p(p++, 0x3408003f); /* ori t0, r0, 0x003f */
721 }
722 stl_p(p++, 0xad280060); /* sw t0, 0x0060(t1) */
723
724 if (bigendian) {
725 stl_p(p++, 0x3c08c100); /* lui t0, 0xc100 */
726 } else {
727 stl_p(p++, 0x340800c1); /* ori t0, r0, 0x00c1 */
728 }
729 stl_p(p++, 0xad280080); /* sw t0, 0x0080(t1) */
730 if (bigendian) {
731 stl_p(p++, 0x3c085e00); /* lui t0, 0x5e00 */
732 } else {
733 stl_p(p++, 0x3408005e); /* ori t0, r0, 0x005e */
734 }
735 stl_p(p++, 0xad280088); /* sw t0, 0x0088(t1) */
736
737 /* Jump to kernel code */
738 stl_p(p++, 0x3c1f0000 | ((kernel_entry >> 16) & 0xffff)); /* lui ra, high(kernel_entry) */
739 stl_p(p++, 0x37ff0000 | (kernel_entry & 0xffff)); /* ori ra, ra, low(kernel_entry) */
740 stl_p(p++, 0x03e00009); /* jalr ra */
741 stl_p(p++, 0x00000000); /* nop */
742
743 /* YAMON subroutines */
744 p = (uint32_t *) (base + 0x800);
745 stl_p(p++, 0x03e00009); /* jalr ra */
746 stl_p(p++, 0x24020000); /* li v0,0 */
747 /* 808 YAMON print */
748 stl_p(p++, 0x03e06821); /* move t5,ra */
749 stl_p(p++, 0x00805821); /* move t3,a0 */
750 stl_p(p++, 0x00a05021); /* move t2,a1 */
751 stl_p(p++, 0x91440000); /* lbu a0,0(t2) */
752 stl_p(p++, 0x254a0001); /* addiu t2,t2,1 */
753 stl_p(p++, 0x10800005); /* beqz a0,834 */
754 stl_p(p++, 0x00000000); /* nop */
755 stl_p(p++, 0x0ff0021c); /* jal 870 */
756 stl_p(p++, 0x00000000); /* nop */
757 stl_p(p++, 0x1000fff9); /* b 814 */
758 stl_p(p++, 0x00000000); /* nop */
759 stl_p(p++, 0x01a00009); /* jalr t5 */
760 stl_p(p++, 0x01602021); /* move a0,t3 */
761 /* 0x83c YAMON print_count */
762 stl_p(p++, 0x03e06821); /* move t5,ra */
763 stl_p(p++, 0x00805821); /* move t3,a0 */
764 stl_p(p++, 0x00a05021); /* move t2,a1 */
765 stl_p(p++, 0x00c06021); /* move t4,a2 */
766 stl_p(p++, 0x91440000); /* lbu a0,0(t2) */
767 stl_p(p++, 0x0ff0021c); /* jal 870 */
768 stl_p(p++, 0x00000000); /* nop */
769 stl_p(p++, 0x254a0001); /* addiu t2,t2,1 */
770 stl_p(p++, 0x258cffff); /* addiu t4,t4,-1 */
771 stl_p(p++, 0x1580fffa); /* bnez t4,84c */
772 stl_p(p++, 0x00000000); /* nop */
773 stl_p(p++, 0x01a00009); /* jalr t5 */
774 stl_p(p++, 0x01602021); /* move a0,t3 */
775 /* 0x870 */
776 stl_p(p++, 0x3c08b800); /* lui t0,0xb400 */
777 stl_p(p++, 0x350803f8); /* ori t0,t0,0x3f8 */
778 stl_p(p++, 0x91090005); /* lbu t1,5(t0) */
779 stl_p(p++, 0x00000000); /* nop */
780 stl_p(p++, 0x31290040); /* andi t1,t1,0x40 */
781 stl_p(p++, 0x1120fffc); /* beqz t1,878 <outch+0x8> */
782 stl_p(p++, 0x00000000); /* nop */
783 stl_p(p++, 0x03e00009); /* jalr ra */
784 stl_p(p++, 0xa1040000); /* sb a0,0(t0) */
785 }
786
787 static void GCC_FMT_ATTR(3, 4) prom_set(uint32_t* prom_buf, int index,
788 const char *string, ...)
789 {
790 va_list ap;
791 int32_t table_addr;
792
793 if (index >= ENVP_NB_ENTRIES)
794 return;
795
796 if (string == NULL) {
797 prom_buf[index] = 0;
798 return;
799 }
800
801 table_addr = sizeof(int32_t) * ENVP_NB_ENTRIES + index * ENVP_ENTRY_SIZE;
802 prom_buf[index] = tswap32(ENVP_ADDR + table_addr);
803
804 va_start(ap, string);
805 vsnprintf((char *)prom_buf + table_addr, ENVP_ENTRY_SIZE, string, ap);
806 va_end(ap);
807 }
808
809 /* Kernel */
810 static int64_t load_kernel(int big_endian)
811 {
812 int64_t kernel_entry, kernel_high;
813 long kernel_size, initrd_size;
814 ram_addr_t initrd_offset;
815 uint32_t *prom_buf;
816 long prom_size;
817 int prom_index = 0;
818 uint64_t (*xlate_to_kseg0) (void *opaque, uint64_t addr);
819
820 kernel_size = load_elf(loaderparams.kernel_filename, cpu_mips_kseg0_to_phys,
821 NULL, (uint64_t *)&kernel_entry, NULL,
822 (uint64_t *)&kernel_high, big_endian, EM_MIPS, 1, 0);
823 if (kernel_size < 0) {
824 error_report("qemu: could not load kernel '%s': %s",
825 loaderparams.kernel_filename,
826 load_elf_strerror(kernel_size));
827 exit(1);
828 }
829
830 /* Check where the kernel has been linked */
831 if (kernel_entry & 0x80000000ll) {
832 if (kvm_enabled()) {
833 error_report("KVM guest kernels must be linked in useg. "
834 "Did you forget to enable CONFIG_KVM_GUEST?");
835 exit(1);
836 }
837
838 xlate_to_kseg0 = cpu_mips_phys_to_kseg0;
839 } else {
840 /* if kernel entry is in useg it is probably a KVM T&E kernel */
841 mips_um_ksegs_enable();
842
843 xlate_to_kseg0 = cpu_mips_kvm_um_phys_to_kseg0;
844 }
845
846 /* load initrd */
847 initrd_size = 0;
848 initrd_offset = 0;
849 if (loaderparams.initrd_filename) {
850 initrd_size = get_image_size (loaderparams.initrd_filename);
851 if (initrd_size > 0) {
852 /* The kernel allocates the bootmap memory in the low memory after
853 the initrd. It takes at most 128kiB for 2GB RAM and 4kiB
854 pages. */
855 initrd_offset = (loaderparams.ram_low_size - initrd_size - 131072
856 - ~INITRD_PAGE_MASK) & INITRD_PAGE_MASK;
857 if (kernel_high >= initrd_offset) {
858 fprintf(stderr,
859 "qemu: memory too small for initial ram disk '%s'\n",
860 loaderparams.initrd_filename);
861 exit(1);
862 }
863 initrd_size = load_image_targphys(loaderparams.initrd_filename,
864 initrd_offset,
865 ram_size - initrd_offset);
866 }
867 if (initrd_size == (target_ulong) -1) {
868 fprintf(stderr, "qemu: could not load initial ram disk '%s'\n",
869 loaderparams.initrd_filename);
870 exit(1);
871 }
872 }
873
874 /* Setup prom parameters. */
875 prom_size = ENVP_NB_ENTRIES * (sizeof(int32_t) + ENVP_ENTRY_SIZE);
876 prom_buf = g_malloc(prom_size);
877
878 prom_set(prom_buf, prom_index++, "%s", loaderparams.kernel_filename);
879 if (initrd_size > 0) {
880 prom_set(prom_buf, prom_index++, "rd_start=0x%" PRIx64 " rd_size=%li %s",
881 xlate_to_kseg0(NULL, initrd_offset), initrd_size,
882 loaderparams.kernel_cmdline);
883 } else {
884 prom_set(prom_buf, prom_index++, "%s", loaderparams.kernel_cmdline);
885 }
886
887 prom_set(prom_buf, prom_index++, "memsize");
888 prom_set(prom_buf, prom_index++, "%u", loaderparams.ram_low_size);
889
890 prom_set(prom_buf, prom_index++, "ememsize");
891 prom_set(prom_buf, prom_index++, "%u", loaderparams.ram_size);
892
893 prom_set(prom_buf, prom_index++, "modetty0");
894 prom_set(prom_buf, prom_index++, "38400n8r");
895 prom_set(prom_buf, prom_index++, NULL);
896
897 rom_add_blob_fixed("prom", prom_buf, prom_size,
898 cpu_mips_kseg0_to_phys(NULL, ENVP_ADDR));
899
900 g_free(prom_buf);
901 return kernel_entry;
902 }
903
904 static void malta_mips_config(MIPSCPU *cpu)
905 {
906 CPUMIPSState *env = &cpu->env;
907 CPUState *cs = CPU(cpu);
908
909 env->mvp->CP0_MVPConf0 |= ((smp_cpus - 1) << CP0MVPC0_PVPE) |
910 ((smp_cpus * cs->nr_threads - 1) << CP0MVPC0_PTC);
911 }
912
913 static void main_cpu_reset(void *opaque)
914 {
915 MIPSCPU *cpu = opaque;
916 CPUMIPSState *env = &cpu->env;
917
918 cpu_reset(CPU(cpu));
919
920 /* The bootloader does not need to be rewritten as it is located in a
921 read only location. The kernel location and the arguments table
922 location does not change. */
923 if (loaderparams.kernel_filename) {
924 env->CP0_Status &= ~(1 << CP0St_ERL);
925 }
926
927 malta_mips_config(cpu);
928
929 if (kvm_enabled()) {
930 /* Start running from the bootloader we wrote to end of RAM */
931 env->active_tc.PC = 0x40000000 + loaderparams.ram_low_size;
932 }
933 }
934
935 static void create_cpu_without_cps(const char *cpu_type,
936 qemu_irq *cbus_irq, qemu_irq *i8259_irq)
937 {
938 CPUMIPSState *env;
939 MIPSCPU *cpu;
940 int i;
941
942 for (i = 0; i < smp_cpus; i++) {
943 cpu = MIPS_CPU(cpu_create(cpu_type));
944
945 /* Init internal devices */
946 cpu_mips_irq_init_cpu(cpu);
947 cpu_mips_clock_init(cpu);
948 qemu_register_reset(main_cpu_reset, cpu);
949 }
950
951 cpu = MIPS_CPU(first_cpu);
952 env = &cpu->env;
953 *i8259_irq = env->irq[2];
954 *cbus_irq = env->irq[4];
955 }
956
957 static void create_cps(MaltaState *s, const char *cpu_type,
958 qemu_irq *cbus_irq, qemu_irq *i8259_irq)
959 {
960 Error *err = NULL;
961
962 s->cps = MIPS_CPS(object_new(TYPE_MIPS_CPS));
963 qdev_set_parent_bus(DEVICE(s->cps), sysbus_get_default());
964
965 object_property_set_str(OBJECT(s->cps), cpu_type, "cpu-type", &err);
966 object_property_set_int(OBJECT(s->cps), smp_cpus, "num-vp", &err);
967 object_property_set_bool(OBJECT(s->cps), true, "realized", &err);
968 if (err != NULL) {
969 error_report("%s", error_get_pretty(err));
970 exit(1);
971 }
972
973 sysbus_mmio_map_overlap(SYS_BUS_DEVICE(s->cps), 0, 0, 1);
974
975 *i8259_irq = get_cps_irq(s->cps, 3);
976 *cbus_irq = NULL;
977 }
978
979 static void mips_create_cpu(MaltaState *s, const char *cpu_type,
980 qemu_irq *cbus_irq, qemu_irq *i8259_irq)
981 {
982 if ((smp_cpus > 1) && cpu_supports_cps_smp(cpu_type)) {
983 create_cps(s, cpu_type, cbus_irq, i8259_irq);
984 } else {
985 create_cpu_without_cps(cpu_type, cbus_irq, i8259_irq);
986 }
987 }
988
989 static
990 void mips_malta_init(MachineState *machine)
991 {
992 ram_addr_t ram_size = machine->ram_size;
993 ram_addr_t ram_low_size;
994 const char *kernel_filename = machine->kernel_filename;
995 const char *kernel_cmdline = machine->kernel_cmdline;
996 const char *initrd_filename = machine->initrd_filename;
997 char *filename;
998 pflash_t *fl;
999 MemoryRegion *system_memory = get_system_memory();
1000 MemoryRegion *ram_high = g_new(MemoryRegion, 1);
1001 MemoryRegion *ram_low_preio = g_new(MemoryRegion, 1);
1002 MemoryRegion *ram_low_postio;
1003 MemoryRegion *bios, *bios_copy = g_new(MemoryRegion, 1);
1004 target_long bios_size = BIOS_SIZE;
1005 const size_t smbus_eeprom_size = 8 * 256;
1006 uint8_t *smbus_eeprom_buf = g_malloc0(smbus_eeprom_size);
1007 int64_t kernel_entry, bootloader_run_addr;
1008 PCIBus *pci_bus;
1009 ISABus *isa_bus;
1010 qemu_irq *isa_irq;
1011 qemu_irq cbus_irq, i8259_irq;
1012 int piix4_devfn;
1013 I2CBus *smbus;
1014 int i;
1015 DriveInfo *dinfo;
1016 DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
1017 DriveInfo *fd[MAX_FD];
1018 int fl_idx = 0;
1019 int fl_sectors = bios_size >> 16;
1020
1021 DeviceState *dev = qdev_create(NULL, TYPE_MIPS_MALTA);
1022 MaltaState *s = MIPS_MALTA(dev);
1023
1024 /* The whole address space decoded by the GT-64120A doesn't generate
1025 exception when accessing invalid memory. Create an empty slot to
1026 emulate this feature. */
1027 empty_slot_init(0, 0x20000000);
1028
1029 qdev_init_nofail(dev);
1030
1031 /* Make sure the first 3 serial ports are associated with a device. */
1032 for(i = 0; i < 3; i++) {
1033 if (!serial_hds[i]) {
1034 char label[32];
1035 snprintf(label, sizeof(label), "serial%d", i);
1036 serial_hds[i] = qemu_chr_new(label, "null");
1037 }
1038 }
1039
1040 /* create CPU */
1041 mips_create_cpu(s, machine->cpu_type, &cbus_irq, &i8259_irq);
1042
1043 /* allocate RAM */
1044 if (ram_size > (2048u << 20)) {
1045 fprintf(stderr,
1046 "qemu: Too much memory for this machine: %d MB, maximum 2048 MB\n",
1047 ((unsigned int)ram_size / (1 << 20)));
1048 exit(1);
1049 }
1050
1051 /* register RAM at high address where it is undisturbed by IO */
1052 memory_region_allocate_system_memory(ram_high, NULL, "mips_malta.ram",
1053 ram_size);
1054 memory_region_add_subregion(system_memory, 0x80000000, ram_high);
1055
1056 /* alias for pre IO hole access */
1057 memory_region_init_alias(ram_low_preio, NULL, "mips_malta_low_preio.ram",
1058 ram_high, 0, MIN(ram_size, (256 << 20)));
1059 memory_region_add_subregion(system_memory, 0, ram_low_preio);
1060
1061 /* alias for post IO hole access, if there is enough RAM */
1062 if (ram_size > (512 << 20)) {
1063 ram_low_postio = g_new(MemoryRegion, 1);
1064 memory_region_init_alias(ram_low_postio, NULL,
1065 "mips_malta_low_postio.ram",
1066 ram_high, 512 << 20,
1067 ram_size - (512 << 20));
1068 memory_region_add_subregion(system_memory, 512 << 20, ram_low_postio);
1069 }
1070
1071 /* generate SPD EEPROM data */
1072 generate_eeprom_spd(&smbus_eeprom_buf[0 * 256], ram_size);
1073 generate_eeprom_serial(&smbus_eeprom_buf[6 * 256]);
1074
1075 /* FPGA */
1076 /* The CBUS UART is attached to the MIPS CPU INT2 pin, ie interrupt 4 */
1077 malta_fpga_init(system_memory, FPGA_ADDRESS, cbus_irq, serial_hds[2],
1078 first_cpu->bigendian);
1079
1080 /* Load firmware in flash / BIOS. */
1081 dinfo = drive_get(IF_PFLASH, 0, fl_idx);
1082 #ifdef DEBUG_BOARD_INIT
1083 if (dinfo) {
1084 printf("Register parallel flash %d size " TARGET_FMT_lx " at "
1085 "addr %08llx '%s' %x\n",
1086 fl_idx, bios_size, FLASH_ADDRESS,
1087 blk_name(dinfo->bdrv), fl_sectors);
1088 }
1089 #endif
1090 fl = pflash_cfi01_register(FLASH_ADDRESS, NULL, "mips_malta.bios",
1091 BIOS_SIZE,
1092 dinfo ? blk_by_legacy_dinfo(dinfo) : NULL,
1093 65536, fl_sectors,
1094 4, 0x0000, 0x0000, 0x0000, 0x0000,
1095 first_cpu->bigendian);
1096 bios = pflash_cfi01_get_memory(fl);
1097 fl_idx++;
1098 if (kernel_filename) {
1099 ram_low_size = MIN(ram_size, 256 << 20);
1100 /* For KVM we reserve 1MB of RAM for running bootloader */
1101 if (kvm_enabled()) {
1102 ram_low_size -= 0x100000;
1103 bootloader_run_addr = 0x40000000 + ram_low_size;
1104 } else {
1105 bootloader_run_addr = 0xbfc00000;
1106 }
1107
1108 /* Write a small bootloader to the flash location. */
1109 loaderparams.ram_size = ram_size;
1110 loaderparams.ram_low_size = ram_low_size;
1111 loaderparams.kernel_filename = kernel_filename;
1112 loaderparams.kernel_cmdline = kernel_cmdline;
1113 loaderparams.initrd_filename = initrd_filename;
1114 kernel_entry = load_kernel(first_cpu->bigendian);
1115
1116 write_bootloader(memory_region_get_ram_ptr(bios),
1117 bootloader_run_addr, kernel_entry);
1118 if (kvm_enabled()) {
1119 /* Write the bootloader code @ the end of RAM, 1MB reserved */
1120 write_bootloader(memory_region_get_ram_ptr(ram_low_preio) +
1121 ram_low_size,
1122 bootloader_run_addr, kernel_entry);
1123 }
1124 } else {
1125 /* The flash region isn't executable from a KVM guest */
1126 if (kvm_enabled()) {
1127 error_report("KVM enabled but no -kernel argument was specified. "
1128 "Booting from flash is not supported with KVM.");
1129 exit(1);
1130 }
1131 /* Load firmware from flash. */
1132 if (!dinfo) {
1133 /* Load a BIOS image. */
1134 if (bios_name == NULL) {
1135 bios_name = BIOS_FILENAME;
1136 }
1137 filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
1138 if (filename) {
1139 bios_size = load_image_targphys(filename, FLASH_ADDRESS,
1140 BIOS_SIZE);
1141 g_free(filename);
1142 } else {
1143 bios_size = -1;
1144 }
1145 if ((bios_size < 0 || bios_size > BIOS_SIZE) &&
1146 !kernel_filename && !qtest_enabled()) {
1147 error_report("Could not load MIPS bios '%s', and no "
1148 "-kernel argument was specified", bios_name);
1149 exit(1);
1150 }
1151 }
1152 /* In little endian mode the 32bit words in the bios are swapped,
1153 a neat trick which allows bi-endian firmware. */
1154 #if !defined(TARGET_WORDS_BIGENDIAN) && 0
1155 {
1156 uint32_t *end, *addr = rom_ptr(FLASH_ADDRESS);
1157 if (!addr) {
1158 addr = memory_region_get_ram_ptr(bios);
1159 }
1160 end = (void *)addr + MIN(bios_size, 0x3e0000);
1161 while (addr < end) {
1162 fprintf(stderr, "0x%08x\n", *addr);
1163 bswap32s(addr);
1164 addr++;
1165 }
1166 }
1167 #endif
1168 }
1169
1170 /*
1171 * Map the BIOS at a 2nd physical location, as on the real board.
1172 * Copy it so that we can patch in the MIPS revision, which cannot be
1173 * handled by an overlapping region as the resulting ROM code subpage
1174 * regions are not executable.
1175 */
1176 memory_region_init_ram_nomigrate(bios_copy, NULL, "bios.1fc", BIOS_SIZE,
1177 &error_fatal);
1178 if (!rom_copy(memory_region_get_ram_ptr(bios_copy),
1179 FLASH_ADDRESS, BIOS_SIZE)) {
1180 memcpy(memory_region_get_ram_ptr(bios_copy),
1181 memory_region_get_ram_ptr(bios), BIOS_SIZE);
1182 }
1183 memory_region_set_readonly(bios_copy, true);
1184 memory_region_add_subregion(system_memory, RESET_ADDRESS, bios_copy);
1185
1186 /* Board ID = 0x420 (Malta Board with CoreLV) */
1187 stl_p(memory_region_get_ram_ptr(bios_copy) + 0x10, 0x00000420);
1188
1189 /*
1190 * We have a circular dependency problem: pci_bus depends on isa_irq,
1191 * isa_irq is provided by i8259, i8259 depends on ISA, ISA depends
1192 * on piix4, and piix4 depends on pci_bus. To stop the cycle we have
1193 * qemu_irq_proxy() adds an extra bit of indirection, allowing us
1194 * to resolve the isa_irq -> i8259 dependency after i8259 is initialized.
1195 */
1196 isa_irq = qemu_irq_proxy(&s->i8259, 16);
1197
1198 /* Northbridge */
1199 pci_bus = gt64120_register(isa_irq);
1200
1201 /* Southbridge */
1202 ide_drive_get(hd, ARRAY_SIZE(hd));
1203
1204 piix4_devfn = piix4_init(pci_bus, &isa_bus, 80);
1205
1206 /* Interrupt controller */
1207 /* The 8259 is attached to the MIPS CPU INT0 pin, ie interrupt 2 */
1208 s->i8259 = i8259_init(isa_bus, i8259_irq);
1209
1210 isa_bus_irqs(isa_bus, s->i8259);
1211 pci_piix4_ide_init(pci_bus, hd, piix4_devfn + 1);
1212 pci_create_simple(pci_bus, piix4_devfn + 2, "piix4-usb-uhci");
1213 smbus = piix4_pm_init(pci_bus, piix4_devfn + 3, 0x1100,
1214 isa_get_irq(NULL, 9), NULL, 0, NULL);
1215 smbus_eeprom_init(smbus, 8, smbus_eeprom_buf, smbus_eeprom_size);
1216 g_free(smbus_eeprom_buf);
1217 pit = i8254_pit_init(isa_bus, 0x40, 0, NULL);
1218 DMA_init(isa_bus, 0);
1219
1220 /* Super I/O */
1221 isa_create_simple(isa_bus, "i8042");
1222
1223 mc146818_rtc_init(isa_bus, 2000, NULL);
1224 serial_hds_isa_init(isa_bus, 0, 2);
1225 parallel_hds_isa_init(isa_bus, 1);
1226
1227 for(i = 0; i < MAX_FD; i++) {
1228 fd[i] = drive_get(IF_FLOPPY, 0, i);
1229 }
1230 fdctrl_init_isa(isa_bus, fd);
1231
1232 /* Network card */
1233 network_init(pci_bus);
1234
1235 /* Optional PCI video card */
1236 pci_vga_init(pci_bus);
1237 }
1238
1239 static void mips_malta_reset(DeviceState *dev)
1240 {
1241 /* TODO: fix code. */
1242 MaltaState *s = MIPS_MALTA(dev);
1243 (void)s;
1244 logout("%s:%u\n", __FILE__, __LINE__);
1245 //~ env->exception_index = EXCP_RESET;
1246 //~ env->exception_index = EXCP_SRESET;
1247 //~ do_interrupt(env);
1248 //~ env->CP0_Cause |= 0x00000400;
1249 //~ cpu_interrupt(env, CPU_INTERRUPT_RESET);
1250 }
1251
1252 static const VMStateDescription vmstate_mips_malta = {
1253 .name ="malta",
1254 .version_id = 1,
1255 .minimum_version_id = 1,
1256 .minimum_version_id_old = 1,
1257 .fields = (VMStateField []) {
1258 VMSTATE_END_OF_LIST()
1259 }
1260 };
1261
1262 static Property mips_malta_properties[] = {
1263 DEFINE_PROP_END_OF_LIST()
1264 };
1265
1266 static int mips_malta_sysbus_device_init(SysBusDevice *sysbusdev)
1267 {
1268 /* TODO */
1269 //MaltaState *s = FROM_SYSBUS(MaltaState, sysbusdev);
1270 return 0;
1271 }
1272
1273 static void mips_malta_class_init(ObjectClass *klass, void *data)
1274 {
1275 DeviceClass *dc = DEVICE_CLASS(klass);
1276 SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
1277 dc->props = mips_malta_properties;
1278 dc->reset = mips_malta_reset;
1279 dc->vmsd = &vmstate_mips_malta;
1280 k->init = mips_malta_sysbus_device_init;
1281 }
1282
1283 static const TypeInfo mips_malta_device = {
1284 .name = TYPE_MIPS_MALTA,
1285 .parent = TYPE_SYS_BUS_DEVICE,
1286 .instance_size = sizeof(MaltaState),
1287 .class_init = mips_malta_class_init,
1288 };
1289
1290 static void mips_malta_machine_init(MachineClass *mc)
1291 {
1292 mc->desc = "MIPS Malta Core LV";
1293 mc->init = mips_malta_init;
1294 mc->block_default_type = IF_IDE;
1295 mc->max_cpus = 16;
1296 mc->is_default = 1;
1297 #ifdef TARGET_MIPS64
1298 mc->default_cpu_type = MIPS_CPU_TYPE_NAME("20Kc");
1299 #else
1300 mc->default_cpu_type = MIPS_CPU_TYPE_NAME("24Kf");
1301 #endif
1302 }
1303
1304 DEFINE_MACHINE("malta", mips_malta_machine_init)
1305
1306 static void mips_malta_register_types(void)
1307 {
1308 type_register_static(&mips_malta_device);
1309 }
1310
1311 type_init(mips_malta_register_types)
1312
1313 /*
1314 http://memorytesters.com/ramcheck/rc_ap3.htm
1315
1316 9fc00c64 <hal_malta_init_sdram>:
1317 9fc00c64: 03e0f021 move s8,ra
1318 9fc00c68: 3c17b400 lui s7,0xb400
1319 9fc00c6c: 240800df li t0,223
1320 9fc00c70: aee80068 sw t0,104(s7)
1321 9fc00c74: 3c17bbe0 lui s7,0xbbe0
1322 9fc00c78: 3c080001 lui t0,0x1
1323 9fc00c7c: 35080001 ori t0,t0,0x1
1324 9fc00c80: aee80c00 sw t0,3072(s7)
1325 9fc00c84: 3c0800ff lui t0,0xff
1326 9fc00c88: 3508ffff ori t0,t0,0xffff
1327
1328 9fc00ecc: 1000006c b 9fc01080 <error>
1329
1330 9fc0106c <noerror>:
1331 9fc0106c: 00001021 move v0,zero
1332 9fc01070: 02111820 add v1,s0,s1
1333 9fc01074: 03c0f821 move ra,s8
1334 9fc01078: 03e00008 jr ra
1335 9fc0107c: 00000000 nop
1336 */
AR7 emulation for QEMU