search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
target/arm: Move CPU state dumping routines to cpu.c
[qemu/ar7.git] / hw / mips / mips_malta.c
blob37ec89b07e92f0101ac66a8566033217ac9e266a
1 /*
2 * QEMU Malta board support
3 *
4 * Copyright (c) 2006 Aurelien Jarno
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
24
25 #include "qemu/osdep.h"
26 #include "qemu/units.h"
27 #include "qemu-common.h"
28 #include "cpu.h"
29 #include "hw/hw.h"
30 #include "hw/i386/pc.h"
31 #include "hw/isa/superio.h"
32 #include "hw/dma/i8257.h"
33 #include "hw/char/serial.h"
34 #include "net/net.h"
35 #include "hw/boards.h"
36 #include "hw/i2c/smbus_eeprom.h"
37 #include "hw/block/flash.h"
38 #include "hw/mips/mips.h"
39 #include "hw/mips/cpudevs.h"
40 #include "hw/pci/pci.h"
41 #include "sysemu/sysemu.h"
42 #include "sysemu/arch_init.h"
43 #include "qemu/log.h"
44 #include "hw/mips/bios.h"
45 #include "hw/ide.h"
46 #include "hw/loader.h"
47 #include "elf.h"
48 #include "hw/timer/mc146818rtc.h"
49 #include "hw/timer/i8254.h"
50 #include "exec/address-spaces.h"
51 #include "hw/sysbus.h" /* SysBusDevice */
52 #include "qemu/host-utils.h"
53 #include "sysemu/qtest.h"
54 #include "qapi/error.h"
55 #include "qemu/error-report.h"
56 #include "hw/empty_slot.h"
57 #include "sysemu/kvm.h"
58 #include "hw/semihosting/semihost.h"
59 #include "hw/mips/cps.h"
60
61 #define ENVP_ADDR 0x80002000l
62 #define ENVP_NB_ENTRIES 16
63 #define ENVP_ENTRY_SIZE 256
64
65 /* Hardware addresses */
66 #define FLASH_ADDRESS 0x1e000000ULL
67 #define FPGA_ADDRESS 0x1f000000ULL
68 #define RESET_ADDRESS 0x1fc00000ULL
69
70 #define FLASH_SIZE 0x400000
71
72 #define MAX_IDE_BUS 2
73
74 typedef struct {
75 MemoryRegion iomem;
76 MemoryRegion iomem_lo; /* 0 - 0x900 */
77 MemoryRegion iomem_hi; /* 0xa00 - 0x100000 */
78 uint32_t leds;
79 uint32_t brk;
80 uint32_t gpout;
81 uint32_t i2cin;
82 uint32_t i2coe;
83 uint32_t i2cout;
84 uint32_t i2csel;
85 CharBackend display;
86 char display_text[9];
87 SerialState *uart;
88 bool display_inited;
89 } MaltaFPGAState;
90
91 #define TYPE_MIPS_MALTA "mips-malta"
92 #define MIPS_MALTA(obj) OBJECT_CHECK(MaltaState, (obj), TYPE_MIPS_MALTA)
93
94 typedef struct {
95 SysBusDevice parent_obj;
96
97 MIPSCPSState cps;
98 qemu_irq *i8259;
99 } MaltaState;
100
101 static ISADevice *pit;
102
103 static struct _loaderparams {
104 int ram_size, ram_low_size;
105 const char *kernel_filename;
106 const char *kernel_cmdline;
107 const char *initrd_filename;
108 } loaderparams;
109
110 /* Malta FPGA */
111 static void malta_fpga_update_display(void *opaque)
112 {
113 char leds_text[9];
114 int i;
115 MaltaFPGAState *s = opaque;
116
117 for (i = 7 ; i >= 0 ; i--) {
118 if (s->leds & (1 << i))
119 leds_text[i] = '#';
120 else
121 leds_text[i] = ' ';
122 }
123 leds_text[8] = '\0';
124
125 qemu_chr_fe_printf(&s->display, "\e[H\n\n|\e[32m%-8.8s\e[00m|\r\n",
126 leds_text);
127 qemu_chr_fe_printf(&s->display, "\n\n\n\n|\e[31m%-8.8s\e[00m|",
128 s->display_text);
129 }
130
131 /*
132 * EEPROM 24C01 / 24C02 emulation.
133 *
134 * Emulation for serial EEPROMs:
135 * 24C01 - 1024 bit (128 x 8)
136 * 24C02 - 2048 bit (256 x 8)
137 *
138 * Typical device names include Microchip 24C02SC or SGS Thomson ST24C02.
139 */
140
141 //~ #define DEBUG
142
143 #if defined(DEBUG)
144 # define logout(fmt, ...) fprintf(stderr, "MALTA\t%-24s" fmt, __func__, ## __VA_ARGS__)
145 #else
146 # define logout(fmt, ...) ((void)0)
147 #endif
148
149 struct _eeprom24c0x_t {
150 uint8_t tick;
151 uint8_t address;
152 uint8_t command;
153 uint8_t ack;
154 uint8_t scl;
155 uint8_t sda;
156 uint8_t data;
157 //~ uint16_t size;
158 uint8_t contents[256];
159 };
160
161 typedef struct _eeprom24c0x_t eeprom24c0x_t;
162
163 static eeprom24c0x_t spd_eeprom = {
164 .contents = {
165 /* 00000000: */ 0x80,0x08,0xFF,0x0D,0x0A,0xFF,0x40,0x00,
166 /* 00000008: */ 0x01,0x75,0x54,0x00,0x82,0x08,0x00,0x01,
167 /* 00000010: */ 0x8F,0x04,0x02,0x01,0x01,0x00,0x00,0x00,
168 /* 00000018: */ 0x00,0x00,0x00,0x14,0x0F,0x14,0x2D,0xFF,
169 /* 00000020: */ 0x15,0x08,0x15,0x08,0x00,0x00,0x00,0x00,
170 /* 00000028: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
171 /* 00000030: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
172 /* 00000038: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x12,0xD0,
173 /* 00000040: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
174 /* 00000048: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
175 /* 00000050: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
176 /* 00000058: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
177 /* 00000060: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
178 /* 00000068: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
179 /* 00000070: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
180 /* 00000078: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x64,0xF4,
181 },
182 };
183
184 static void generate_eeprom_spd(uint8_t *eeprom, ram_addr_t ram_size)
185 {
186 enum { SDR = 0x4, DDR2 = 0x8 } type;
187 uint8_t *spd = spd_eeprom.contents;
188 uint8_t nbanks = 0;
189 uint16_t density = 0;
190 int i;
191
192 /* work in terms of MB */
193 ram_size /= MiB;
194
195 while ((ram_size >= 4) && (nbanks <= 2)) {
196 int sz_log2 = MIN(31 - clz32(ram_size), 14);
197 nbanks++;
198 density |= 1 << (sz_log2 - 2);
199 ram_size -= 1 << sz_log2;
200 }
201
202 /* split to 2 banks if possible */
203 if ((nbanks == 1) && (density > 1)) {
204 nbanks++;
205 density >>= 1;
206 }
207
208 if (density & 0xff00) {
209 density = (density & 0xe0) | ((density >> 8) & 0x1f);
210 type = DDR2;
211 } else if (!(density & 0x1f)) {
212 type = DDR2;
213 } else {
214 type = SDR;
215 }
216
217 if (ram_size) {
218 warn_report("SPD cannot represent final " RAM_ADDR_FMT "MB"
219 " of SDRAM", ram_size);
220 }
221
222 /* fill in SPD memory information */
223 spd[2] = type;
224 spd[5] = nbanks;
225 spd[31] = density;
226
227 /* checksum */
228 spd[63] = 0;
229 for (i = 0; i < 63; i++) {
230 spd[63] += spd[i];
231 }
232
233 /* copy for SMBUS */
234 memcpy(eeprom, spd, sizeof(spd_eeprom.contents));
235 }
236
237 static void generate_eeprom_serial(uint8_t *eeprom)
238 {
239 int i, pos = 0;
240 uint8_t mac[6] = { 0x00 };
241 uint8_t sn[5] = { 0x01, 0x23, 0x45, 0x67, 0x89 };
242
243 /* version */
244 eeprom[pos++] = 0x01;
245
246 /* count */
247 eeprom[pos++] = 0x02;
248
249 /* MAC address */
250 eeprom[pos++] = 0x01; /* MAC */
251 eeprom[pos++] = 0x06; /* length */
252 memcpy(&eeprom[pos], mac, sizeof(mac));
253 pos += sizeof(mac);
254
255 /* serial number */
256 eeprom[pos++] = 0x02; /* serial */
257 eeprom[pos++] = 0x05; /* length */
258 memcpy(&eeprom[pos], sn, sizeof(sn));
259 pos += sizeof(sn);
260
261 /* checksum */
262 eeprom[pos] = 0;
263 for (i = 0; i < pos; i++) {
264 eeprom[pos] += eeprom[i];
265 }
266 }
267
268 static uint8_t eeprom24c0x_read(eeprom24c0x_t *eeprom)
269 {
270 logout("%u: scl = %u, sda = %u, data = 0x%02x\n",
271 eeprom->tick, eeprom->scl, eeprom->sda, eeprom->data);
272 return eeprom->sda;
273 }
274
275 static void eeprom24c0x_write(eeprom24c0x_t *eeprom, int scl, int sda)
276 {
277 if (eeprom->scl && scl && (eeprom->sda != sda)) {
278 logout("%u: scl = %u->%u, sda = %u->%u i2c %s\n",
279 eeprom->tick, eeprom->scl, scl, eeprom->sda, sda,
280 sda ? "stop" : "start");
281 if (!sda) {
282 eeprom->tick = 1;
283 eeprom->command = 0;
284 }
285 } else if (eeprom->tick == 0 && !eeprom->ack) {
286 /* Waiting for start. */
287 logout("%u: scl = %u->%u, sda = %u->%u wait for i2c start\n",
288 eeprom->tick, eeprom->scl, scl, eeprom->sda, sda);
289 } else if (!eeprom->scl && scl) {
290 logout("%u: scl = %u->%u, sda = %u->%u trigger bit\n",
291 eeprom->tick, eeprom->scl, scl, eeprom->sda, sda);
292 if (eeprom->ack) {
293 logout("\ti2c ack bit = 0\n");
294 sda = 0;
295 eeprom->ack = 0;
296 } else if (eeprom->sda == sda) {
297 uint8_t bit = (sda != 0);
298 logout("\ti2c bit = %d\n", bit);
299 if (eeprom->tick < 9) {
300 eeprom->command <<= 1;
301 eeprom->command += bit;
302 eeprom->tick++;
303 if (eeprom->tick == 9) {
304 logout("\tcommand 0x%04x, %s\n", eeprom->command,
305 bit ? "read" : "write");
306 eeprom->ack = 1;
307 }
308 } else if (eeprom->tick < 17) {
309 if (eeprom->command & 1) {
310 sda = ((eeprom->data & 0x80) != 0);
311 }
312 eeprom->address <<= 1;
313 eeprom->address += bit;
314 eeprom->tick++;
315 eeprom->data <<= 1;
316 if (eeprom->tick == 17) {
317 eeprom->data = eeprom->contents[eeprom->address];
318 logout("\taddress 0x%04x, data 0x%02x\n",
319 eeprom->address, eeprom->data);
320 eeprom->ack = 1;
321 eeprom->tick = 0;
322 }
323 } else if (eeprom->tick >= 17) {
324 sda = 0;
325 }
326 } else {
327 logout("\tsda changed with raising scl\n");
328 }
329 } else {
330 logout("%u: scl = %u->%u, sda = %u->%u\n", eeprom->tick, eeprom->scl,
331 scl, eeprom->sda, sda);
332 }
333 eeprom->scl = scl;
334 eeprom->sda = sda;
335 }
336
337 static uint64_t malta_fpga_read(void *opaque, hwaddr addr,
338 unsigned size)
339 {
340 MaltaFPGAState *s = opaque;
341 uint32_t val = 0;
342 uint32_t saddr;
343
344 saddr = (addr & 0xfffff);
345
346 switch (saddr) {
347
348 /* SWITCH Register */
349 case 0x00200:
350 val = 0x00000000; /* All switches closed */
351 break;
352
353 /* STATUS Register */
354 case 0x00208:
355 #ifdef TARGET_WORDS_BIGENDIAN
356 val = 0x00000012;
357 #else
358 val = 0x00000010;
359 #endif
360 break;
361
362 /* JMPRS Register */
363 case 0x00210:
364 val = 0x00;
365 break;
366
367 /* LEDBAR Register */
368 case 0x00408:
369 val = s->leds;
370 break;
371
372 /* BRKRES Register */
373 case 0x00508:
374 val = s->brk;
375 break;
376
377 /* UART Registers are handled directly by the serial device */
378
379 /* GPOUT Register */
380 case 0x00a00:
381 val = s->gpout;
382 break;
383
384 /* XXX: implement a real I2C controller */
385
386 /* GPINP Register */
387 case 0x00a08:
388 /* IN = OUT until a real I2C control is implemented */
389 if (s->i2csel)
390 val = s->i2cout;
391 else
392 val = 0x00;
393 break;
394
395 /* I2CINP Register */
396 case 0x00b00:
397 val = ((s->i2cin & ~1) | eeprom24c0x_read(&spd_eeprom));
398 break;
399
400 /* I2COE Register */
401 case 0x00b08:
402 val = s->i2coe;
403 break;
404
405 /* I2COUT Register */
406 case 0x00b10:
407 val = s->i2cout;
408 break;
409
410 /* I2CSEL Register */
411 case 0x00b18:
412 val = s->i2csel;
413 break;
414
415 default:
416 #if 0
417 printf ("malta_fpga_read: Bad register offset 0x" TARGET_FMT_lx "\n",
418 addr);
419 #endif
420 break;
421 }
422 return val;
423 }
424
425 static void malta_fpga_write(void *opaque, hwaddr addr,
426 uint64_t val, unsigned size)
427 {
428 MaltaFPGAState *s = opaque;
429 uint32_t saddr;
430
431 saddr = (addr & 0xfffff);
432
433 switch (saddr) {
434
435 /* SWITCH Register */
436 case 0x00200:
437 break;
438
439 /* JMPRS Register */
440 case 0x00210:
441 break;
442
443 /* LEDBAR Register */
444 case 0x00408:
445 s->leds = val & 0xff;
446 malta_fpga_update_display(s);
447 break;
448
449 /* ASCIIWORD Register */
450 case 0x00410:
451 snprintf(s->display_text, 9, "%08X", (uint32_t)val);
452 malta_fpga_update_display(s);
453 break;
454
455 /* ASCIIPOS0 to ASCIIPOS7 Registers */
456 case 0x00418:
457 case 0x00420:
458 case 0x00428:
459 case 0x00430:
460 case 0x00438:
461 case 0x00440:
462 case 0x00448:
463 case 0x00450:
464 s->display_text[(saddr - 0x00418) >> 3] = (char) val;
465 malta_fpga_update_display(s);
466 break;
467
468 /* SOFTRES Register */
469 case 0x00500:
470 if (val == 0x42)
471 qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET);
472 break;
473
474 /* BRKRES Register */
475 case 0x00508:
476 s->brk = val & 0xff;
477 break;
478
479 /* UART Registers are handled directly by the serial device */
480
481 /* GPOUT Register */
482 case 0x00a00:
483 s->gpout = val & 0xff;
484 break;
485
486 /* I2COE Register */
487 case 0x00b08:
488 s->i2coe = val & 0x03;
489 break;
490
491 /* I2COUT Register */
492 case 0x00b10:
493 eeprom24c0x_write(&spd_eeprom, val & 0x02, val & 0x01);
494 s->i2cout = val;
495 break;
496
497 /* I2CSEL Register */
498 case 0x00b18:
499 s->i2csel = val & 0x01;
500 break;
501
502 default:
503 #if 0
504 printf ("malta_fpga_write: Bad register offset 0x" TARGET_FMT_lx "\n",
505 addr);
506 #endif
507 break;
508 }
509 }
510
511 static const MemoryRegionOps malta_fpga_ops = {
512 .read = malta_fpga_read,
513 .write = malta_fpga_write,
514 .endianness = DEVICE_NATIVE_ENDIAN,
515 };
516
517 static void malta_fpga_reset(void *opaque)
518 {
519 MaltaFPGAState *s = opaque;
520
521 s->leds = 0x00;
522 s->brk = 0x0a;
523 s->gpout = 0x00;
524 s->i2cin = 0x3;
525 s->i2coe = 0x0;
526 s->i2cout = 0x3;
527 s->i2csel = 0x1;
528
529 s->display_text[8] = '\0';
530 snprintf(s->display_text, 9, " ");
531 }
532
533 static void malta_fgpa_display_event(void *opaque, int event)
534 {
535 MaltaFPGAState *s = opaque;
536
537 if (event == CHR_EVENT_OPENED && !s->display_inited) {
538 qemu_chr_fe_printf(&s->display, "\e[HMalta LEDBAR\r\n");
539 qemu_chr_fe_printf(&s->display, "+--------+\r\n");
540 qemu_chr_fe_printf(&s->display, "+ +\r\n");
541 qemu_chr_fe_printf(&s->display, "+--------+\r\n");
542 qemu_chr_fe_printf(&s->display, "\n");
543 qemu_chr_fe_printf(&s->display, "Malta ASCII\r\n");
544 qemu_chr_fe_printf(&s->display, "+--------+\r\n");
545 qemu_chr_fe_printf(&s->display, "+ +\r\n");
546 qemu_chr_fe_printf(&s->display, "+--------+\r\n");
547 s->display_inited = true;
548 }
549 }
550
551 static MaltaFPGAState *malta_fpga_init(MemoryRegion *address_space,
552 hwaddr base, qemu_irq uart_irq, Chardev *uart_chr)
553 {
554 MaltaFPGAState *s;
555 Chardev *chr;
556
557 s = (MaltaFPGAState *)g_malloc0(sizeof(MaltaFPGAState));
558
559 memory_region_init_io(&s->iomem, NULL, &malta_fpga_ops, s,
560 "malta-fpga", 0x100000);
561 memory_region_init_alias(&s->iomem_lo, NULL, "malta-fpga",
562 &s->iomem, 0, 0x900);
563 memory_region_init_alias(&s->iomem_hi, NULL, "malta-fpga",
564 &s->iomem, 0xa00, 0x10000-0xa00);
565
566 memory_region_add_subregion(address_space, base, &s->iomem_lo);
567 memory_region_add_subregion(address_space, base + 0xa00, &s->iomem_hi);
568
569 chr = qemu_chr_new("fpga", "vc:320x200", NULL);
570 qemu_chr_fe_init(&s->display, chr, NULL);
571 qemu_chr_fe_set_handlers(&s->display, NULL, NULL,
572 malta_fgpa_display_event, NULL, s, NULL, true);
573
574 s->uart = serial_mm_init(address_space, base + 0x900, 3, uart_irq,
575 230400, uart_chr, DEVICE_NATIVE_ENDIAN);
576
577 malta_fpga_reset(s);
578 qemu_register_reset(malta_fpga_reset, s);
579
580 return s;
581 }
582
583 /* Network support */
584 static void network_init(PCIBus *pci_bus)
585 {
586 int i;
587
588 for(i = 0; i < nb_nics; i++) {
589 NICInfo *nd = &nd_table[i];
590 const char *default_devaddr = NULL;
591
592 if (i == 0 && (!nd->model || strcmp(nd->model, "pcnet") == 0))
593 /* The malta board has a PCNet card using PCI SLOT 11 */
594 default_devaddr = "0b";
595
596 pci_nic_init_nofail(nd, pci_bus, "pcnet", default_devaddr);
597 }
598 }
599
600 static void write_bootloader_nanomips(uint8_t *base, int64_t run_addr,
601 int64_t kernel_entry)
602 {
603 uint16_t *p;
604
605 /* Small bootloader */
606 p = (uint16_t *)base;
607
608 #define NM_HI1(VAL) (((VAL) >> 16) & 0x1f)
609 #define NM_HI2(VAL) \
610 (((VAL) & 0xf000) | (((VAL) >> 19) & 0xffc) | (((VAL) >> 31) & 0x1))
611 #define NM_LO(VAL) ((VAL) & 0xfff)
612
613 stw_p(p++, 0x2800); stw_p(p++, 0x001c);
614 /* bc to_here */
615 stw_p(p++, 0x8000); stw_p(p++, 0xc000);
616 /* nop */
617 stw_p(p++, 0x8000); stw_p(p++, 0xc000);
618 /* nop */
619 stw_p(p++, 0x8000); stw_p(p++, 0xc000);
620 /* nop */
621 stw_p(p++, 0x8000); stw_p(p++, 0xc000);
622 /* nop */
623 stw_p(p++, 0x8000); stw_p(p++, 0xc000);
624 /* nop */
625 stw_p(p++, 0x8000); stw_p(p++, 0xc000);
626 /* nop */
627 stw_p(p++, 0x8000); stw_p(p++, 0xc000);
628 /* nop */
629
630 /* to_here: */
631 if (semihosting_get_argc()) {
632 /* Preserve a0 content as arguments have been passed */
633 stw_p(p++, 0x8000); stw_p(p++, 0xc000);
634 /* nop */
635 } else {
636 stw_p(p++, 0x0080); stw_p(p++, 0x0002);
637 /* li a0,2 */
638 }
639
640 stw_p(p++, 0xe3a0 | NM_HI1(ENVP_ADDR - 64));
641
642 stw_p(p++, NM_HI2(ENVP_ADDR - 64));
643 /* lui sp,%hi(ENVP_ADDR - 64) */
644
645 stw_p(p++, 0x83bd); stw_p(p++, NM_LO(ENVP_ADDR - 64));
646 /* ori sp,sp,%lo(ENVP_ADDR - 64) */
647
648 stw_p(p++, 0xe0a0 | NM_HI1(ENVP_ADDR));
649
650 stw_p(p++, NM_HI2(ENVP_ADDR));
651 /* lui a1,%hi(ENVP_ADDR) */
652
653 stw_p(p++, 0x80a5); stw_p(p++, NM_LO(ENVP_ADDR));
654 /* ori a1,a1,%lo(ENVP_ADDR) */
655
656 stw_p(p++, 0xe0c0 | NM_HI1(ENVP_ADDR + 8));
657
658 stw_p(p++, NM_HI2(ENVP_ADDR + 8));
659 /* lui a2,%hi(ENVP_ADDR + 8) */
660
661 stw_p(p++, 0x80c6); stw_p(p++, NM_LO(ENVP_ADDR + 8));
662 /* ori a2,a2,%lo(ENVP_ADDR + 8) */
663
664 stw_p(p++, 0xe0e0 | NM_HI1(loaderparams.ram_low_size));
665
666 stw_p(p++, NM_HI2(loaderparams.ram_low_size));
667 /* lui a3,%hi(loaderparams.ram_low_size) */
668
669 stw_p(p++, 0x80e7); stw_p(p++, NM_LO(loaderparams.ram_low_size));
670 /* ori a3,a3,%lo(loaderparams.ram_low_size) */
671
672 /*
673 * Load BAR registers as done by YAMON:
674 *
675 * - set up PCI0 I/O BARs from 0x18000000 to 0x181fffff
676 * - set up PCI0 MEM0 at 0x10000000, size 0x8000000
677 * - set up PCI0 MEM1 at 0x18200000, size 0xbe00000
678 *
679 */
680 stw_p(p++, 0xe040); stw_p(p++, 0x0681);
681 /* lui t1, %hi(0xb4000000) */
682
683 #ifdef TARGET_WORDS_BIGENDIAN
684
685 stw_p(p++, 0xe020); stw_p(p++, 0x0be1);
686 /* lui t0, %hi(0xdf000000) */
687
688 /* 0x68 corresponds to GT_ISD (from hw/mips/gt64xxx_pci.c) */
689 stw_p(p++, 0x8422); stw_p(p++, 0x9068);
690 /* sw t0, 0x68(t1) */
691
692 stw_p(p++, 0xe040); stw_p(p++, 0x077d);
693 /* lui t1, %hi(0xbbe00000) */
694
695 stw_p(p++, 0xe020); stw_p(p++, 0x0801);
696 /* lui t0, %hi(0xc0000000) */
697
698 /* 0x48 corresponds to GT_PCI0IOLD */
699 stw_p(p++, 0x8422); stw_p(p++, 0x9048);
700 /* sw t0, 0x48(t1) */
701
702 stw_p(p++, 0xe020); stw_p(p++, 0x0800);
703 /* lui t0, %hi(0x40000000) */
704
705 /* 0x50 corresponds to GT_PCI0IOHD */
706 stw_p(p++, 0x8422); stw_p(p++, 0x9050);
707 /* sw t0, 0x50(t1) */
708
709 stw_p(p++, 0xe020); stw_p(p++, 0x0001);
710 /* lui t0, %hi(0x80000000) */
711
712 /* 0x58 corresponds to GT_PCI0M0LD */
713 stw_p(p++, 0x8422); stw_p(p++, 0x9058);
714 /* sw t0, 0x58(t1) */
715
716 stw_p(p++, 0xe020); stw_p(p++, 0x07e0);
717 /* lui t0, %hi(0x3f000000) */
718
719 /* 0x60 corresponds to GT_PCI0M0HD */
720 stw_p(p++, 0x8422); stw_p(p++, 0x9060);
721 /* sw t0, 0x60(t1) */
722
723 stw_p(p++, 0xe020); stw_p(p++, 0x0821);
724 /* lui t0, %hi(0xc1000000) */
725
726 /* 0x80 corresponds to GT_PCI0M1LD */
727 stw_p(p++, 0x8422); stw_p(p++, 0x9080);
728 /* sw t0, 0x80(t1) */
729
730 stw_p(p++, 0xe020); stw_p(p++, 0x0bc0);
731 /* lui t0, %hi(0x5e000000) */
732
733 #else
734
735 stw_p(p++, 0x0020); stw_p(p++, 0x00df);
736 /* addiu[32] t0, $0, 0xdf */
737
738 /* 0x68 corresponds to GT_ISD */
739 stw_p(p++, 0x8422); stw_p(p++, 0x9068);
740 /* sw t0, 0x68(t1) */
741
742 /* Use kseg2 remapped address 0x1be00000 */
743 stw_p(p++, 0xe040); stw_p(p++, 0x077d);
744 /* lui t1, %hi(0xbbe00000) */
745
746 stw_p(p++, 0x0020); stw_p(p++, 0x00c0);
747 /* addiu[32] t0, $0, 0xc0 */
748
749 /* 0x48 corresponds to GT_PCI0IOLD */
750 stw_p(p++, 0x8422); stw_p(p++, 0x9048);
751 /* sw t0, 0x48(t1) */
752
753 stw_p(p++, 0x0020); stw_p(p++, 0x0040);
754 /* addiu[32] t0, $0, 0x40 */
755
756 /* 0x50 corresponds to GT_PCI0IOHD */
757 stw_p(p++, 0x8422); stw_p(p++, 0x9050);
758 /* sw t0, 0x50(t1) */
759
760 stw_p(p++, 0x0020); stw_p(p++, 0x0080);
761 /* addiu[32] t0, $0, 0x80 */
762
763 /* 0x58 corresponds to GT_PCI0M0LD */
764 stw_p(p++, 0x8422); stw_p(p++, 0x9058);
765 /* sw t0, 0x58(t1) */
766
767 stw_p(p++, 0x0020); stw_p(p++, 0x003f);
768 /* addiu[32] t0, $0, 0x3f */
769
770 /* 0x60 corresponds to GT_PCI0M0HD */
771 stw_p(p++, 0x8422); stw_p(p++, 0x9060);
772 /* sw t0, 0x60(t1) */
773
774 stw_p(p++, 0x0020); stw_p(p++, 0x00c1);
775 /* addiu[32] t0, $0, 0xc1 */
776
777 /* 0x80 corresponds to GT_PCI0M1LD */
778 stw_p(p++, 0x8422); stw_p(p++, 0x9080);
779 /* sw t0, 0x80(t1) */
780
781 stw_p(p++, 0x0020); stw_p(p++, 0x005e);
782 /* addiu[32] t0, $0, 0x5e */
783
784 #endif
785
786 /* 0x88 corresponds to GT_PCI0M1HD */
787 stw_p(p++, 0x8422); stw_p(p++, 0x9088);
788 /* sw t0, 0x88(t1) */
789
790 stw_p(p++, 0xe320 | NM_HI1(kernel_entry));
791
792 stw_p(p++, NM_HI2(kernel_entry));
793 /* lui t9,%hi(kernel_entry) */
794
795 stw_p(p++, 0x8339); stw_p(p++, NM_LO(kernel_entry));
796 /* ori t9,t9,%lo(kernel_entry) */
797
798 stw_p(p++, 0x4bf9); stw_p(p++, 0x0000);
799 /* jalrc t8 */
800 }
801
802 /* ROM and pseudo bootloader
803
804 The following code implements a very very simple bootloader. It first
805 loads the registers a0 to a3 to the values expected by the OS, and
806 then jump at the kernel address.
807
808 The bootloader should pass the locations of the kernel arguments and
809 environment variables tables. Those tables contain the 32-bit address
810 of NULL terminated strings. The environment variables table should be
811 terminated by a NULL address.
812
813 For a simpler implementation, the number of kernel arguments is fixed
814 to two (the name of the kernel and the command line), and the two
815 tables are actually the same one.
816
817 The registers a0 to a3 should contain the following values:
818 a0 - number of kernel arguments
819 a1 - 32-bit address of the kernel arguments table
820 a2 - 32-bit address of the environment variables table
821 a3 - RAM size in bytes
822 */
823 static void write_bootloader(uint8_t *base, int64_t run_addr,
824 int64_t kernel_entry)
825 {
826 uint32_t *p;
827
828 /* Small bootloader */
829 p = (uint32_t *)base;
830
831 stl_p(p++, 0x08000000 | /* j 0x1fc00580 */
832 ((run_addr + 0x580) & 0x0fffffff) >> 2);
833 stl_p(p++, 0x00000000); /* nop */
834
835 /* YAMON service vector */
836 stl_p(base + 0x500, run_addr + 0x0580); /* start: */
837 stl_p(base + 0x504, run_addr + 0x083c); /* print_count: */
838 stl_p(base + 0x520, run_addr + 0x0580); /* start: */
839 stl_p(base + 0x52c, run_addr + 0x0800); /* flush_cache: */
840 stl_p(base + 0x534, run_addr + 0x0808); /* print: */
841 stl_p(base + 0x538, run_addr + 0x0800); /* reg_cpu_isr: */
842 stl_p(base + 0x53c, run_addr + 0x0800); /* unred_cpu_isr: */
843 stl_p(base + 0x540, run_addr + 0x0800); /* reg_ic_isr: */
844 stl_p(base + 0x544, run_addr + 0x0800); /* unred_ic_isr: */
845 stl_p(base + 0x548, run_addr + 0x0800); /* reg_esr: */
846 stl_p(base + 0x54c, run_addr + 0x0800); /* unreg_esr: */
847 stl_p(base + 0x550, run_addr + 0x0800); /* getchar: */
848 stl_p(base + 0x554, run_addr + 0x0800); /* syscon_read: */
849
850
851 /* Second part of the bootloader */
852 p = (uint32_t *) (base + 0x580);
853
854 if (semihosting_get_argc()) {
855 /* Preserve a0 content as arguments have been passed */
856 stl_p(p++, 0x00000000); /* nop */
857 } else {
858 stl_p(p++, 0x24040002); /* addiu a0, zero, 2 */
859 }
860 stl_p(p++, 0x3c1d0000 | (((ENVP_ADDR - 64) >> 16) & 0xffff)); /* lui sp, high(ENVP_ADDR) */
861 stl_p(p++, 0x37bd0000 | ((ENVP_ADDR - 64) & 0xffff)); /* ori sp, sp, low(ENVP_ADDR) */
862 stl_p(p++, 0x3c050000 | ((ENVP_ADDR >> 16) & 0xffff)); /* lui a1, high(ENVP_ADDR) */
863 stl_p(p++, 0x34a50000 | (ENVP_ADDR & 0xffff)); /* ori a1, a1, low(ENVP_ADDR) */
864 stl_p(p++, 0x3c060000 | (((ENVP_ADDR + 8) >> 16) & 0xffff)); /* lui a2, high(ENVP_ADDR + 8) */
865 stl_p(p++, 0x34c60000 | ((ENVP_ADDR + 8) & 0xffff)); /* ori a2, a2, low(ENVP_ADDR + 8) */
866 stl_p(p++, 0x3c070000 | (loaderparams.ram_low_size >> 16)); /* lui a3, high(ram_low_size) */
867 stl_p(p++, 0x34e70000 | (loaderparams.ram_low_size & 0xffff)); /* ori a3, a3, low(ram_low_size) */
868
869 /* Load BAR registers as done by YAMON */
870 stl_p(p++, 0x3c09b400); /* lui t1, 0xb400 */
871
872 #ifdef TARGET_WORDS_BIGENDIAN
873 stl_p(p++, 0x3c08df00); /* lui t0, 0xdf00 */
874 #else
875 stl_p(p++, 0x340800df); /* ori t0, r0, 0x00df */
876 #endif
877 stl_p(p++, 0xad280068); /* sw t0, 0x0068(t1) */
878
879 stl_p(p++, 0x3c09bbe0); /* lui t1, 0xbbe0 */
880
881 #ifdef TARGET_WORDS_BIGENDIAN
882 stl_p(p++, 0x3c08c000); /* lui t0, 0xc000 */
883 #else
884 stl_p(p++, 0x340800c0); /* ori t0, r0, 0x00c0 */
885 #endif
886 stl_p(p++, 0xad280048); /* sw t0, 0x0048(t1) */
887 #ifdef TARGET_WORDS_BIGENDIAN
888 stl_p(p++, 0x3c084000); /* lui t0, 0x4000 */
889 #else
890 stl_p(p++, 0x34080040); /* ori t0, r0, 0x0040 */
891 #endif
892 stl_p(p++, 0xad280050); /* sw t0, 0x0050(t1) */
893
894 #ifdef TARGET_WORDS_BIGENDIAN
895 stl_p(p++, 0x3c088000); /* lui t0, 0x8000 */
896 #else
897 stl_p(p++, 0x34080080); /* ori t0, r0, 0x0080 */
898 #endif
899 stl_p(p++, 0xad280058); /* sw t0, 0x0058(t1) */
900 #ifdef TARGET_WORDS_BIGENDIAN
901 stl_p(p++, 0x3c083f00); /* lui t0, 0x3f00 */
902 #else
903 stl_p(p++, 0x3408003f); /* ori t0, r0, 0x003f */
904 #endif
905 stl_p(p++, 0xad280060); /* sw t0, 0x0060(t1) */
906
907 #ifdef TARGET_WORDS_BIGENDIAN
908 stl_p(p++, 0x3c08c100); /* lui t0, 0xc100 */
909 #else
910 stl_p(p++, 0x340800c1); /* ori t0, r0, 0x00c1 */
911 #endif
912 stl_p(p++, 0xad280080); /* sw t0, 0x0080(t1) */
913 #ifdef TARGET_WORDS_BIGENDIAN
914 stl_p(p++, 0x3c085e00); /* lui t0, 0x5e00 */
915 #else
916 stl_p(p++, 0x3408005e); /* ori t0, r0, 0x005e */
917 #endif
918 stl_p(p++, 0xad280088); /* sw t0, 0x0088(t1) */
919
920 /* Jump to kernel code */
921 stl_p(p++, 0x3c1f0000 | ((kernel_entry >> 16) & 0xffff)); /* lui ra, high(kernel_entry) */
922 stl_p(p++, 0x37ff0000 | (kernel_entry & 0xffff)); /* ori ra, ra, low(kernel_entry) */
923 stl_p(p++, 0x03e00009); /* jalr ra */
924 stl_p(p++, 0x00000000); /* nop */
925
926 /* YAMON subroutines */
927 p = (uint32_t *) (base + 0x800);
928 stl_p(p++, 0x03e00009); /* jalr ra */
929 stl_p(p++, 0x24020000); /* li v0,0 */
930 /* 808 YAMON print */
931 stl_p(p++, 0x03e06821); /* move t5,ra */
932 stl_p(p++, 0x00805821); /* move t3,a0 */
933 stl_p(p++, 0x00a05021); /* move t2,a1 */
934 stl_p(p++, 0x91440000); /* lbu a0,0(t2) */
935 stl_p(p++, 0x254a0001); /* addiu t2,t2,1 */
936 stl_p(p++, 0x10800005); /* beqz a0,834 */
937 stl_p(p++, 0x00000000); /* nop */
938 stl_p(p++, 0x0ff0021c); /* jal 870 */
939 stl_p(p++, 0x00000000); /* nop */
940 stl_p(p++, 0x1000fff9); /* b 814 */
941 stl_p(p++, 0x00000000); /* nop */
942 stl_p(p++, 0x01a00009); /* jalr t5 */
943 stl_p(p++, 0x01602021); /* move a0,t3 */
944 /* 0x83c YAMON print_count */
945 stl_p(p++, 0x03e06821); /* move t5,ra */
946 stl_p(p++, 0x00805821); /* move t3,a0 */
947 stl_p(p++, 0x00a05021); /* move t2,a1 */
948 stl_p(p++, 0x00c06021); /* move t4,a2 */
949 stl_p(p++, 0x91440000); /* lbu a0,0(t2) */
950 stl_p(p++, 0x0ff0021c); /* jal 870 */
951 stl_p(p++, 0x00000000); /* nop */
952 stl_p(p++, 0x254a0001); /* addiu t2,t2,1 */
953 stl_p(p++, 0x258cffff); /* addiu t4,t4,-1 */
954 stl_p(p++, 0x1580fffa); /* bnez t4,84c */
955 stl_p(p++, 0x00000000); /* nop */
956 stl_p(p++, 0x01a00009); /* jalr t5 */
957 stl_p(p++, 0x01602021); /* move a0,t3 */
958 /* 0x870 */
959 stl_p(p++, 0x3c08b800); /* lui t0,0xb400 */
960 stl_p(p++, 0x350803f8); /* ori t0,t0,0x3f8 */
961 stl_p(p++, 0x91090005); /* lbu t1,5(t0) */
962 stl_p(p++, 0x00000000); /* nop */
963 stl_p(p++, 0x31290040); /* andi t1,t1,0x40 */
964 stl_p(p++, 0x1120fffc); /* beqz t1,878 <outch+0x8> */
965 stl_p(p++, 0x00000000); /* nop */
966 stl_p(p++, 0x03e00009); /* jalr ra */
967 stl_p(p++, 0xa1040000); /* sb a0,0(t0) */
968
969 }
970
971 static void GCC_FMT_ATTR(3, 4) prom_set(uint32_t* prom_buf, int index,
972 const char *string, ...)
973 {
974 va_list ap;
975 int32_t table_addr;
976
977 if (index >= ENVP_NB_ENTRIES)
978 return;
979
980 if (string == NULL) {
981 prom_buf[index] = 0;
982 return;
983 }
984
985 table_addr = sizeof(int32_t) * ENVP_NB_ENTRIES + index * ENVP_ENTRY_SIZE;
986 prom_buf[index] = tswap32(ENVP_ADDR + table_addr);
987
988 va_start(ap, string);
989 vsnprintf((char *)prom_buf + table_addr, ENVP_ENTRY_SIZE, string, ap);
990 va_end(ap);
991 }
992
993 /* Kernel */
994 static int64_t load_kernel (void)
995 {
996 int64_t kernel_entry, kernel_high, initrd_size;
997 long kernel_size;
998 ram_addr_t initrd_offset;
999 int big_endian;
1000 uint32_t *prom_buf;
1001 long prom_size;
1002 int prom_index = 0;
1003 uint64_t (*xlate_to_kseg0) (void *opaque, uint64_t addr);
1004
1005 #ifdef TARGET_WORDS_BIGENDIAN
1006 big_endian = 1;
1007 #else
1008 big_endian = 0;
1009 #endif
1010
1011 kernel_size = load_elf(loaderparams.kernel_filename, NULL,
1012 cpu_mips_kseg0_to_phys, NULL,
1013 (uint64_t *)&kernel_entry, NULL,
1014 (uint64_t *)&kernel_high, big_endian, EM_MIPS, 1, 0);
1015 if (kernel_size < 0) {
1016 error_report("could not load kernel '%s': %s",
1017 loaderparams.kernel_filename,
1018 load_elf_strerror(kernel_size));
1019 exit(1);
1020 }
1021
1022 /* Check where the kernel has been linked */
1023 if (kernel_entry & 0x80000000ll) {
1024 if (kvm_enabled()) {
1025 error_report("KVM guest kernels must be linked in useg. "
1026 "Did you forget to enable CONFIG_KVM_GUEST?");
1027 exit(1);
1028 }
1029
1030 xlate_to_kseg0 = cpu_mips_phys_to_kseg0;
1031 } else {
1032 /* if kernel entry is in useg it is probably a KVM T&E kernel */
1033 mips_um_ksegs_enable();
1034
1035 xlate_to_kseg0 = cpu_mips_kvm_um_phys_to_kseg0;
1036 }
1037
1038 /* load initrd */
1039 initrd_size = 0;
1040 initrd_offset = 0;
1041 if (loaderparams.initrd_filename) {
1042 initrd_size = get_image_size (loaderparams.initrd_filename);
1043 if (initrd_size > 0) {
1044 /* The kernel allocates the bootmap memory in the low memory after
1045 the initrd. It takes at most 128kiB for 2GB RAM and 4kiB
1046 pages. */
1047 initrd_offset = (loaderparams.ram_low_size - initrd_size
1048 - (128 * KiB)
1049 - ~INITRD_PAGE_MASK) & INITRD_PAGE_MASK;
1050 if (kernel_high >= initrd_offset) {
1051 error_report("memory too small for initial ram disk '%s'",
1052 loaderparams.initrd_filename);
1053 exit(1);
1054 }
1055 initrd_size = load_image_targphys(loaderparams.initrd_filename,
1056 initrd_offset,
1057 ram_size - initrd_offset);
1058 }
1059 if (initrd_size == (target_ulong) -1) {
1060 error_report("could not load initial ram disk '%s'",
1061 loaderparams.initrd_filename);
1062 exit(1);
1063 }
1064 }
1065
1066 /* Setup prom parameters. */
1067 prom_size = ENVP_NB_ENTRIES * (sizeof(int32_t) + ENVP_ENTRY_SIZE);
1068 prom_buf = g_malloc(prom_size);
1069
1070 prom_set(prom_buf, prom_index++, "%s", loaderparams.kernel_filename);
1071 if (initrd_size > 0) {
1072 prom_set(prom_buf, prom_index++, "rd_start=0x%" PRIx64 " rd_size=%" PRId64 " %s",
1073 xlate_to_kseg0(NULL, initrd_offset), initrd_size,
1074 loaderparams.kernel_cmdline);
1075 } else {
1076 prom_set(prom_buf, prom_index++, "%s", loaderparams.kernel_cmdline);
1077 }
1078
1079 prom_set(prom_buf, prom_index++, "memsize");
1080 prom_set(prom_buf, prom_index++, "%u", loaderparams.ram_low_size);
1081
1082 prom_set(prom_buf, prom_index++, "ememsize");
1083 prom_set(prom_buf, prom_index++, "%u", loaderparams.ram_size);
1084
1085 prom_set(prom_buf, prom_index++, "modetty0");
1086 prom_set(prom_buf, prom_index++, "38400n8r");
1087 prom_set(prom_buf, prom_index++, NULL);
1088
1089 rom_add_blob_fixed("prom", prom_buf, prom_size,
1090 cpu_mips_kseg0_to_phys(NULL, ENVP_ADDR));
1091
1092 g_free(prom_buf);
1093 return kernel_entry;
1094 }
1095
1096 static void malta_mips_config(MIPSCPU *cpu)
1097 {
1098 CPUMIPSState *env = &cpu->env;
1099 CPUState *cs = CPU(cpu);
1100
1101 env->mvp->CP0_MVPConf0 |= ((smp_cpus - 1) << CP0MVPC0_PVPE) |
1102 ((smp_cpus * cs->nr_threads - 1) << CP0MVPC0_PTC);
1103 }
1104
1105 static void main_cpu_reset(void *opaque)
1106 {
1107 MIPSCPU *cpu = opaque;
1108 CPUMIPSState *env = &cpu->env;
1109
1110 cpu_reset(CPU(cpu));
1111
1112 /* The bootloader does not need to be rewritten as it is located in a
1113 read only location. The kernel location and the arguments table
1114 location does not change. */
1115 if (loaderparams.kernel_filename) {
1116 env->CP0_Status &= ~(1 << CP0St_ERL);
1117 }
1118
1119 malta_mips_config(cpu);
1120
1121 if (kvm_enabled()) {
1122 /* Start running from the bootloader we wrote to end of RAM */
1123 env->active_tc.PC = 0x40000000 + loaderparams.ram_low_size;
1124 }
1125 }
1126
1127 static void create_cpu_without_cps(const char *cpu_type,
1128 qemu_irq *cbus_irq, qemu_irq *i8259_irq)
1129 {
1130 CPUMIPSState *env;
1131 MIPSCPU *cpu;
1132 int i;
1133
1134 for (i = 0; i < smp_cpus; i++) {
1135 cpu = MIPS_CPU(cpu_create(cpu_type));
1136
1137 /* Init internal devices */
1138 cpu_mips_irq_init_cpu(cpu);
1139 cpu_mips_clock_init(cpu);
1140 qemu_register_reset(main_cpu_reset, cpu);
1141 }
1142
1143 cpu = MIPS_CPU(first_cpu);
1144 env = &cpu->env;
1145 *i8259_irq = env->irq[2];
1146 *cbus_irq = env->irq[4];
1147 }
1148
1149 static void create_cps(MaltaState *s, const char *cpu_type,
1150 qemu_irq *cbus_irq, qemu_irq *i8259_irq)
1151 {
1152 Error *err = NULL;
1153
1154 sysbus_init_child_obj(OBJECT(s), "cps", OBJECT(&s->cps), sizeof(s->cps),
1155 TYPE_MIPS_CPS);
1156 object_property_set_str(OBJECT(&s->cps), cpu_type, "cpu-type", &err);
1157 object_property_set_int(OBJECT(&s->cps), smp_cpus, "num-vp", &err);
1158 object_property_set_bool(OBJECT(&s->cps), true, "realized", &err);
1159 if (err != NULL) {
1160 error_report("%s", error_get_pretty(err));
1161 exit(1);
1162 }
1163
1164 sysbus_mmio_map_overlap(SYS_BUS_DEVICE(&s->cps), 0, 0, 1);
1165
1166 *i8259_irq = get_cps_irq(&s->cps, 3);
1167 *cbus_irq = NULL;
1168 }
1169
1170 static void mips_create_cpu(MaltaState *s, const char *cpu_type,
1171 qemu_irq *cbus_irq, qemu_irq *i8259_irq)
1172 {
1173 if ((smp_cpus > 1) && cpu_supports_cps_smp(cpu_type)) {
1174 create_cps(s, cpu_type, cbus_irq, i8259_irq);
1175 } else {
1176 create_cpu_without_cps(cpu_type, cbus_irq, i8259_irq);
1177 }
1178 }
1179
1180 static
1181 void mips_malta_init(MachineState *machine)
1182 {
1183 ram_addr_t ram_size = machine->ram_size;
1184 ram_addr_t ram_low_size;
1185 const char *kernel_filename = machine->kernel_filename;
1186 const char *kernel_cmdline = machine->kernel_cmdline;
1187 const char *initrd_filename = machine->initrd_filename;
1188 char *filename;
1189 PFlashCFI01 *fl;
1190 MemoryRegion *system_memory = get_system_memory();
1191 MemoryRegion *ram_high = g_new(MemoryRegion, 1);
1192 MemoryRegion *ram_low_preio = g_new(MemoryRegion, 1);
1193 MemoryRegion *ram_low_postio;
1194 MemoryRegion *bios, *bios_copy = g_new(MemoryRegion, 1);
1195 const size_t smbus_eeprom_size = 8 * 256;
1196 uint8_t *smbus_eeprom_buf = g_malloc0(smbus_eeprom_size);
1197 int64_t kernel_entry, bootloader_run_addr;
1198 PCIBus *pci_bus;
1199 ISABus *isa_bus;
1200 qemu_irq *isa_irq;
1201 qemu_irq cbus_irq, i8259_irq;
1202 int piix4_devfn;
1203 I2CBus *smbus;
1204 DriveInfo *dinfo;
1205 DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
1206 int fl_idx = 0;
1207 int be;
1208
1209 DeviceState *dev = qdev_create(NULL, TYPE_MIPS_MALTA);
1210 MaltaState *s = MIPS_MALTA(dev);
1211
1212 /* The whole address space decoded by the GT-64120A doesn't generate
1213 exception when accessing invalid memory. Create an empty slot to
1214 emulate this feature. */
1215 empty_slot_init(0, 0x20000000);
1216
1217 qdev_init_nofail(dev);
1218
1219 /* create CPU */
1220 mips_create_cpu(s, machine->cpu_type, &cbus_irq, &i8259_irq);
1221
1222 /* allocate RAM */
1223 if (ram_size > 2 * GiB) {
1224 error_report("Too much memory for this machine: %" PRId64 "MB,"
1225 " maximum 2048MB", ram_size / MiB);
1226 exit(1);
1227 }
1228
1229 /* register RAM at high address where it is undisturbed by IO */
1230 memory_region_allocate_system_memory(ram_high, NULL, "mips_malta.ram",
1231 ram_size);
1232 memory_region_add_subregion(system_memory, 0x80000000, ram_high);
1233
1234 /* alias for pre IO hole access */
1235 memory_region_init_alias(ram_low_preio, NULL, "mips_malta_low_preio.ram",
1236 ram_high, 0, MIN(ram_size, 256 * MiB));
1237 memory_region_add_subregion(system_memory, 0, ram_low_preio);
1238
1239 /* alias for post IO hole access, if there is enough RAM */
1240 if (ram_size > 512 * MiB) {
1241 ram_low_postio = g_new(MemoryRegion, 1);
1242 memory_region_init_alias(ram_low_postio, NULL,
1243 "mips_malta_low_postio.ram",
1244 ram_high, 512 * MiB,
1245 ram_size - 512 * MiB);
1246 memory_region_add_subregion(system_memory, 512 * MiB,
1247 ram_low_postio);
1248 }
1249
1250 #ifdef TARGET_WORDS_BIGENDIAN
1251 be = 1;
1252 #else
1253 be = 0;
1254 #endif
1255
1256 /* FPGA */
1257
1258 /* The CBUS UART is attached to the MIPS CPU INT2 pin, ie interrupt 4 */
1259 malta_fpga_init(system_memory, FPGA_ADDRESS, cbus_irq, serial_hd(2));
1260
1261 /* Load firmware in flash / BIOS. */
1262 dinfo = drive_get(IF_PFLASH, 0, fl_idx);
1263 fl = pflash_cfi01_register(FLASH_ADDRESS, "mips_malta.bios",
1264 FLASH_SIZE,
1265 dinfo ? blk_by_legacy_dinfo(dinfo) : NULL,
1266 65536,
1267 4, 0x0000, 0x0000, 0x0000, 0x0000, be);
1268 bios = pflash_cfi01_get_memory(fl);
1269 fl_idx++;
1270 if (kernel_filename) {
1271 ram_low_size = MIN(ram_size, 256 * MiB);
1272 /* For KVM we reserve 1MB of RAM for running bootloader */
1273 if (kvm_enabled()) {
1274 ram_low_size -= 0x100000;
1275 bootloader_run_addr = 0x40000000 + ram_low_size;
1276 } else {
1277 bootloader_run_addr = 0xbfc00000;
1278 }
1279
1280 /* Write a small bootloader to the flash location. */
1281 loaderparams.ram_size = ram_size;
1282 loaderparams.ram_low_size = ram_low_size;
1283 loaderparams.kernel_filename = kernel_filename;
1284 loaderparams.kernel_cmdline = kernel_cmdline;
1285 loaderparams.initrd_filename = initrd_filename;
1286 kernel_entry = load_kernel();
1287
1288 if (!cpu_supports_isa(machine->cpu_type, ISA_NANOMIPS32)) {
1289 write_bootloader(memory_region_get_ram_ptr(bios),
1290 bootloader_run_addr, kernel_entry);
1291 } else {
1292 write_bootloader_nanomips(memory_region_get_ram_ptr(bios),
1293 bootloader_run_addr, kernel_entry);
1294 }
1295 if (kvm_enabled()) {
1296 /* Write the bootloader code @ the end of RAM, 1MB reserved */
1297 write_bootloader(memory_region_get_ram_ptr(ram_low_preio) +
1298 ram_low_size,
1299 bootloader_run_addr, kernel_entry);
1300 }
1301 } else {
1302 target_long bios_size = FLASH_SIZE;
1303 /* The flash region isn't executable from a KVM guest */
1304 if (kvm_enabled()) {
1305 error_report("KVM enabled but no -kernel argument was specified. "
1306 "Booting from flash is not supported with KVM.");
1307 exit(1);
1308 }
1309 /* Load firmware from flash. */
1310 if (!dinfo) {
1311 /* Load a BIOS image. */
1312 if (bios_name == NULL) {
1313 bios_name = BIOS_FILENAME;
1314 }
1315 filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
1316 if (filename) {
1317 bios_size = load_image_targphys(filename, FLASH_ADDRESS,
1318 BIOS_SIZE);
1319 g_free(filename);
1320 } else {
1321 bios_size = -1;
1322 }
1323 if ((bios_size < 0 || bios_size > BIOS_SIZE) &&
1324 !kernel_filename && !qtest_enabled()) {
1325 error_report("Could not load MIPS bios '%s', and no "
1326 "-kernel argument was specified", bios_name);
1327 exit(1);
1328 }
1329 }
1330 /* In little endian mode the 32bit words in the bios are swapped,
1331 a neat trick which allows bi-endian firmware. */
1332 #ifndef TARGET_WORDS_BIGENDIAN
1333 {
1334 uint32_t *end, *addr;
1335 const size_t swapsize = MIN(bios_size, 0x3e0000);
1336 addr = rom_ptr(FLASH_ADDRESS, swapsize);
1337 if (!addr) {
1338 addr = memory_region_get_ram_ptr(bios);
1339 }
1340 end = (void *)addr + swapsize;
1341 while (addr < end) {
1342 bswap32s(addr);
1343 addr++;
1344 }
1345 }
1346 #endif
1347 }
1348
1349 /*
1350 * Map the BIOS at a 2nd physical location, as on the real board.
1351 * Copy it so that we can patch in the MIPS revision, which cannot be
1352 * handled by an overlapping region as the resulting ROM code subpage
1353 * regions are not executable.
1354 */
1355 memory_region_init_ram(bios_copy, NULL, "bios.1fc", BIOS_SIZE,
1356 &error_fatal);
1357 if (!rom_copy(memory_region_get_ram_ptr(bios_copy),
1358 FLASH_ADDRESS, BIOS_SIZE)) {
1359 memcpy(memory_region_get_ram_ptr(bios_copy),
1360 memory_region_get_ram_ptr(bios), BIOS_SIZE);
1361 }
1362 memory_region_set_readonly(bios_copy, true);
1363 memory_region_add_subregion(system_memory, RESET_ADDRESS, bios_copy);
1364
1365 /* Board ID = 0x420 (Malta Board with CoreLV) */
1366 stl_p(memory_region_get_ram_ptr(bios_copy) + 0x10, 0x00000420);
1367
1368 /*
1369 * We have a circular dependency problem: pci_bus depends on isa_irq,
1370 * isa_irq is provided by i8259, i8259 depends on ISA, ISA depends
1371 * on piix4, and piix4 depends on pci_bus. To stop the cycle we have
1372 * qemu_irq_proxy() adds an extra bit of indirection, allowing us
1373 * to resolve the isa_irq -> i8259 dependency after i8259 is initialized.
1374 */
1375 isa_irq = qemu_irq_proxy(&s->i8259, 16);
1376
1377 /* Northbridge */
1378 pci_bus = gt64120_register(isa_irq);
1379
1380 /* Southbridge */
1381 ide_drive_get(hd, ARRAY_SIZE(hd));
1382
1383 piix4_devfn = piix4_init(pci_bus, &isa_bus, 80);
1384
1385 /* Interrupt controller */
1386 /* The 8259 is attached to the MIPS CPU INT0 pin, ie interrupt 2 */
1387 s->i8259 = i8259_init(isa_bus, i8259_irq);
1388
1389 isa_bus_irqs(isa_bus, s->i8259);
1390 pci_piix4_ide_init(pci_bus, hd, piix4_devfn + 1);
1391 pci_create_simple(pci_bus, piix4_devfn + 2, "piix4-usb-uhci");
1392 smbus = piix4_pm_init(pci_bus, piix4_devfn + 3, 0x1100,
1393 isa_get_irq(NULL, 9), NULL, 0, NULL);
1394 pit = i8254_pit_init(isa_bus, 0x40, 0, NULL);
1395 i8257_dma_init(isa_bus, 0);
1396 mc146818_rtc_init(isa_bus, 2000, NULL);
1397
1398 /* generate SPD EEPROM data */
1399 generate_eeprom_spd(&smbus_eeprom_buf[0 * 256], ram_size);
1400 generate_eeprom_serial(&smbus_eeprom_buf[6 * 256]);
1401 smbus_eeprom_init(smbus, 8, smbus_eeprom_buf, smbus_eeprom_size);
1402 g_free(smbus_eeprom_buf);
1403
1404 /* Super I/O: SMS FDC37M817 */
1405 isa_create_simple(isa_bus, TYPE_FDC37M81X_SUPERIO);
1406
1407 /* Network card */
1408 network_init(pci_bus);
1409
1410 /* Optional PCI video card */
1411 pci_vga_init(pci_bus);
1412 }
1413
1414 static const TypeInfo mips_malta_device = {
1415 .name = TYPE_MIPS_MALTA,
1416 .parent = TYPE_SYS_BUS_DEVICE,
1417 .instance_size = sizeof(MaltaState),
1418 };
1419
1420 static void mips_malta_machine_init(MachineClass *mc)
1421 {
1422 mc->desc = "MIPS Malta Core LV";
1423 mc->init = mips_malta_init;
1424 mc->block_default_type = IF_IDE;
1425 mc->max_cpus = 16;
1426 mc->is_default = 1;
1427 #ifdef TARGET_MIPS64
1428 mc->default_cpu_type = MIPS_CPU_TYPE_NAME("20Kc");
1429 #else
1430 mc->default_cpu_type = MIPS_CPU_TYPE_NAME("24Kf");
1431 #endif
1432 }
1433
1434 DEFINE_MACHINE("malta", mips_malta_machine_init)
1435
1436 static void mips_malta_register_types(void)
1437 {
1438 type_register_static(&mips_malta_device);
1439 }
1440
1441 type_init(mips_malta_register_types)
AR7 emulation for QEMU