2 * QEMU Malta board support
4 * Copyright (c) 2006 Aurelien Jarno
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
25 #include "qemu/osdep.h"
26 #include "qemu/units.h"
27 #include "qemu-common.h"
29 #include "hw/i386/pc.h"
30 #include "hw/isa/superio.h"
31 #include "hw/dma/i8257.h"
32 #include "hw/char/serial.h"
34 #include "hw/boards.h"
35 #include "hw/i2c/smbus_eeprom.h"
36 #include "hw/block/flash.h"
37 #include "hw/mips/mips.h"
38 #include "hw/mips/cpudevs.h"
39 #include "hw/pci/pci.h"
40 #include "sysemu/sysemu.h"
41 #include "sysemu/arch_init.h"
43 #include "hw/mips/bios.h"
46 #include "hw/loader.h"
48 #include "hw/timer/mc146818rtc.h"
49 #include "hw/timer/i8254.h"
50 #include "exec/address-spaces.h"
51 #include "hw/sysbus.h" /* SysBusDevice */
52 #include "qemu/host-utils.h"
53 #include "sysemu/qtest.h"
54 #include "sysemu/reset.h"
55 #include "sysemu/runstate.h"
56 #include "qapi/error.h"
57 #include "qemu/error-report.h"
58 #include "hw/empty_slot.h"
59 #include "sysemu/kvm.h"
60 #include "hw/semihosting/semihost.h"
61 #include "hw/mips/cps.h"
63 #define ENVP_ADDR 0x80002000l
64 #define ENVP_NB_ENTRIES 16
65 #define ENVP_ENTRY_SIZE 256
67 /* Hardware addresses */
68 #define FLASH_ADDRESS 0x1e000000ULL
69 #define FPGA_ADDRESS 0x1f000000ULL
70 #define RESET_ADDRESS 0x1fc00000ULL
72 #define FLASH_SIZE 0x400000
78 MemoryRegion iomem_lo
; /* 0 - 0x900 */
79 MemoryRegion iomem_hi
; /* 0xa00 - 0x100000 */
93 #define TYPE_MIPS_MALTA "mips-malta"
94 #define MIPS_MALTA(obj) OBJECT_CHECK(MaltaState, (obj), TYPE_MIPS_MALTA)
97 SysBusDevice parent_obj
;
103 static ISADevice
*pit
;
105 static struct _loaderparams
{
106 int ram_size
, ram_low_size
;
107 const char *kernel_filename
;
108 const char *kernel_cmdline
;
109 const char *initrd_filename
;
113 static void malta_fpga_update_display(void *opaque
)
117 MaltaFPGAState
*s
= opaque
;
119 for (i
= 7 ; i
>= 0 ; i
--) {
120 if (s
->leds
& (1 << i
)) {
128 qemu_chr_fe_printf(&s
->display
, "\e[H\n\n|\e[32m%-8.8s\e[00m|\r\n",
130 qemu_chr_fe_printf(&s
->display
, "\n\n\n\n|\e[31m%-8.8s\e[00m|",
135 * EEPROM 24C01 / 24C02 emulation.
137 * Emulation for serial EEPROMs:
138 * 24C01 - 1024 bit (128 x 8)
139 * 24C02 - 2048 bit (256 x 8)
141 * Typical device names include Microchip 24C02SC or SGS Thomson ST24C02.
145 # define logout(fmt, ...) fprintf(stderr, "MALTA\t%-24s" fmt, __func__, ## __VA_ARGS__)
147 # define logout(fmt, ...) ((void)0)
150 struct _eeprom24c0x_t
{
159 uint8_t contents
[256];
162 typedef struct _eeprom24c0x_t eeprom24c0x_t
;
164 static eeprom24c0x_t spd_eeprom
= {
167 0x80, 0x08, 0xFF, 0x0D, 0x0A, 0xFF, 0x40, 0x00,
169 0x01, 0x75, 0x54, 0x00, 0x82, 0x08, 0x00, 0x01,
171 0x8F, 0x04, 0x02, 0x01, 0x01, 0x00, 0x00, 0x00,
173 0x00, 0x00, 0x00, 0x14, 0x0F, 0x14, 0x2D, 0xFF,
175 0x15, 0x08, 0x15, 0x08, 0x00, 0x00, 0x00, 0x00,
177 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
179 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
181 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0xD0,
183 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
185 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
187 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
189 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
191 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
193 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
195 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
197 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x64, 0xF4,
201 static void generate_eeprom_spd(uint8_t *eeprom
, ram_addr_t ram_size
)
203 enum { SDR
= 0x4, DDR2
= 0x8 } type
;
204 uint8_t *spd
= spd_eeprom
.contents
;
206 uint16_t density
= 0;
209 /* work in terms of MB */
212 while ((ram_size
>= 4) && (nbanks
<= 2)) {
213 int sz_log2
= MIN(31 - clz32(ram_size
), 14);
215 density
|= 1 << (sz_log2
- 2);
216 ram_size
-= 1 << sz_log2
;
219 /* split to 2 banks if possible */
220 if ((nbanks
== 1) && (density
> 1)) {
225 if (density
& 0xff00) {
226 density
= (density
& 0xe0) | ((density
>> 8) & 0x1f);
228 } else if (!(density
& 0x1f)) {
235 warn_report("SPD cannot represent final " RAM_ADDR_FMT
"MB"
236 " of SDRAM", ram_size
);
239 /* fill in SPD memory information */
246 for (i
= 0; i
< 63; i
++) {
251 memcpy(eeprom
, spd
, sizeof(spd_eeprom
.contents
));
254 static void generate_eeprom_serial(uint8_t *eeprom
)
257 uint8_t mac
[6] = { 0x00 };
258 uint8_t sn
[5] = { 0x01, 0x23, 0x45, 0x67, 0x89 };
261 eeprom
[pos
++] = 0x01;
264 eeprom
[pos
++] = 0x02;
267 eeprom
[pos
++] = 0x01; /* MAC */
268 eeprom
[pos
++] = 0x06; /* length */
269 memcpy(&eeprom
[pos
], mac
, sizeof(mac
));
273 eeprom
[pos
++] = 0x02; /* serial */
274 eeprom
[pos
++] = 0x05; /* length */
275 memcpy(&eeprom
[pos
], sn
, sizeof(sn
));
280 for (i
= 0; i
< pos
; i
++) {
281 eeprom
[pos
] += eeprom
[i
];
285 static uint8_t eeprom24c0x_read(eeprom24c0x_t
*eeprom
)
287 logout("%u: scl = %u, sda = %u, data = 0x%02x\n",
288 eeprom
->tick
, eeprom
->scl
, eeprom
->sda
, eeprom
->data
);
292 static void eeprom24c0x_write(eeprom24c0x_t
*eeprom
, int scl
, int sda
)
294 if (eeprom
->scl
&& scl
&& (eeprom
->sda
!= sda
)) {
295 logout("%u: scl = %u->%u, sda = %u->%u i2c %s\n",
296 eeprom
->tick
, eeprom
->scl
, scl
, eeprom
->sda
, sda
,
297 sda
? "stop" : "start");
302 } else if (eeprom
->tick
== 0 && !eeprom
->ack
) {
303 /* Waiting for start. */
304 logout("%u: scl = %u->%u, sda = %u->%u wait for i2c start\n",
305 eeprom
->tick
, eeprom
->scl
, scl
, eeprom
->sda
, sda
);
306 } else if (!eeprom
->scl
&& scl
) {
307 logout("%u: scl = %u->%u, sda = %u->%u trigger bit\n",
308 eeprom
->tick
, eeprom
->scl
, scl
, eeprom
->sda
, sda
);
310 logout("\ti2c ack bit = 0\n");
313 } else if (eeprom
->sda
== sda
) {
314 uint8_t bit
= (sda
!= 0);
315 logout("\ti2c bit = %d\n", bit
);
316 if (eeprom
->tick
< 9) {
317 eeprom
->command
<<= 1;
318 eeprom
->command
+= bit
;
320 if (eeprom
->tick
== 9) {
321 logout("\tcommand 0x%04x, %s\n", eeprom
->command
,
322 bit
? "read" : "write");
325 } else if (eeprom
->tick
< 17) {
326 if (eeprom
->command
& 1) {
327 sda
= ((eeprom
->data
& 0x80) != 0);
329 eeprom
->address
<<= 1;
330 eeprom
->address
+= bit
;
333 if (eeprom
->tick
== 17) {
334 eeprom
->data
= eeprom
->contents
[eeprom
->address
];
335 logout("\taddress 0x%04x, data 0x%02x\n",
336 eeprom
->address
, eeprom
->data
);
340 } else if (eeprom
->tick
>= 17) {
344 logout("\tsda changed with raising scl\n");
347 logout("%u: scl = %u->%u, sda = %u->%u\n", eeprom
->tick
, eeprom
->scl
,
348 scl
, eeprom
->sda
, sda
);
354 static uint64_t malta_fpga_read(void *opaque
, hwaddr addr
,
357 MaltaFPGAState
*s
= opaque
;
361 saddr
= (addr
& 0xfffff);
365 /* SWITCH Register */
367 /* ori a3, a3, low(ram_low_size) */
371 /* STATUS Register */
373 #ifdef TARGET_WORDS_BIGENDIAN
385 /* LEDBAR Register */
390 /* BRKRES Register */
395 /* UART Registers are handled directly by the serial device */
402 /* XXX: implement a real I2C controller */
406 /* IN = OUT until a real I2C control is implemented */
414 /* I2CINP Register */
416 val
= ((s
->i2cin
& ~1) | eeprom24c0x_read(&spd_eeprom
));
424 /* I2COUT Register */
429 /* I2CSEL Register */
436 printf("malta_fpga_read: Bad register offset 0x" TARGET_FMT_lx
"\n",
444 static void malta_fpga_write(void *opaque
, hwaddr addr
,
445 uint64_t val
, unsigned size
)
447 MaltaFPGAState
*s
= opaque
;
450 saddr
= (addr
& 0xfffff);
454 /* SWITCH Register */
462 /* LEDBAR Register */
464 s
->leds
= val
& 0xff;
465 malta_fpga_update_display(s
);
468 /* ASCIIWORD Register */
470 snprintf(s
->display_text
, 9, "%08X", (uint32_t)val
);
471 malta_fpga_update_display(s
);
474 /* ASCIIPOS0 to ASCIIPOS7 Registers */
483 s
->display_text
[(saddr
- 0x00418) >> 3] = (char) val
;
484 malta_fpga_update_display(s
);
487 /* SOFTRES Register */
490 qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET
);
494 /* BRKRES Register */
499 /* UART Registers are handled directly by the serial device */
503 s
->gpout
= val
& 0xff;
508 s
->i2coe
= val
& 0x03;
511 /* I2COUT Register */
513 eeprom24c0x_write(&spd_eeprom
, val
& 0x02, val
& 0x01);
517 /* I2CSEL Register */
519 s
->i2csel
= val
& 0x01;
524 printf("malta_fpga_write: Bad register offset 0x" TARGET_FMT_lx
"\n",
531 static const MemoryRegionOps malta_fpga_ops
= {
532 .read
= malta_fpga_read
,
533 .write
= malta_fpga_write
,
534 .endianness
= DEVICE_NATIVE_ENDIAN
,
537 static void malta_fpga_reset(void *opaque
)
539 MaltaFPGAState
*s
= opaque
;
549 s
->display_text
[8] = '\0';
550 snprintf(s
->display_text
, 9, " ");
553 static void malta_fgpa_display_event(void *opaque
, int event
)
555 MaltaFPGAState
*s
= opaque
;
557 if (event
== CHR_EVENT_OPENED
&& !s
->display_inited
) {
558 qemu_chr_fe_printf(&s
->display
, "\e[HMalta LEDBAR\r\n");
559 qemu_chr_fe_printf(&s
->display
, "+--------+\r\n");
560 qemu_chr_fe_printf(&s
->display
, "+ +\r\n");
561 qemu_chr_fe_printf(&s
->display
, "+--------+\r\n");
562 qemu_chr_fe_printf(&s
->display
, "\n");
563 qemu_chr_fe_printf(&s
->display
, "Malta ASCII\r\n");
564 qemu_chr_fe_printf(&s
->display
, "+--------+\r\n");
565 qemu_chr_fe_printf(&s
->display
, "+ +\r\n");
566 qemu_chr_fe_printf(&s
->display
, "+--------+\r\n");
567 s
->display_inited
= true;
571 static MaltaFPGAState
*malta_fpga_init(MemoryRegion
*address_space
,
572 hwaddr base
, qemu_irq uart_irq
, Chardev
*uart_chr
)
577 s
= (MaltaFPGAState
*)g_malloc0(sizeof(MaltaFPGAState
));
579 memory_region_init_io(&s
->iomem
, NULL
, &malta_fpga_ops
, s
,
580 "malta-fpga", 0x100000);
581 memory_region_init_alias(&s
->iomem_lo
, NULL
, "malta-fpga",
582 &s
->iomem
, 0, 0x900);
583 memory_region_init_alias(&s
->iomem_hi
, NULL
, "malta-fpga",
584 &s
->iomem
, 0xa00, 0x10000 - 0xa00);
586 memory_region_add_subregion(address_space
, base
, &s
->iomem_lo
);
587 memory_region_add_subregion(address_space
, base
+ 0xa00, &s
->iomem_hi
);
589 chr
= qemu_chr_new("fpga", "vc:320x200", NULL
);
590 qemu_chr_fe_init(&s
->display
, chr
, NULL
);
591 qemu_chr_fe_set_handlers(&s
->display
, NULL
, NULL
,
592 malta_fgpa_display_event
, NULL
, s
, NULL
, true);
594 s
->uart
= serial_mm_init(address_space
, base
+ 0x900, 3, uart_irq
,
595 230400, uart_chr
, DEVICE_NATIVE_ENDIAN
);
598 qemu_register_reset(malta_fpga_reset
, s
);
603 /* Network support */
604 static void network_init(PCIBus
*pci_bus
)
608 for (i
= 0; i
< nb_nics
; i
++) {
609 NICInfo
*nd
= &nd_table
[i
];
610 const char *default_devaddr
= NULL
;
612 if (i
== 0 && (!nd
->model
|| strcmp(nd
->model
, "pcnet") == 0))
613 /* The malta board has a PCNet card using PCI SLOT 11 */
614 default_devaddr
= "0b";
616 pci_nic_init_nofail(nd
, pci_bus
, "pcnet", default_devaddr
);
620 static void write_bootloader_nanomips(uint8_t *base
, int64_t run_addr
,
621 int64_t kernel_entry
)
625 /* Small bootloader */
626 p
= (uint16_t *)base
;
628 #define NM_HI1(VAL) (((VAL) >> 16) & 0x1f)
629 #define NM_HI2(VAL) \
630 (((VAL) & 0xf000) | (((VAL) >> 19) & 0xffc) | (((VAL) >> 31) & 0x1))
631 #define NM_LO(VAL) ((VAL) & 0xfff)
633 stw_p(p
++, 0x2800); stw_p(p
++, 0x001c);
635 stw_p(p
++, 0x8000); stw_p(p
++, 0xc000);
637 stw_p(p
++, 0x8000); stw_p(p
++, 0xc000);
639 stw_p(p
++, 0x8000); stw_p(p
++, 0xc000);
641 stw_p(p
++, 0x8000); stw_p(p
++, 0xc000);
643 stw_p(p
++, 0x8000); stw_p(p
++, 0xc000);
645 stw_p(p
++, 0x8000); stw_p(p
++, 0xc000);
647 stw_p(p
++, 0x8000); stw_p(p
++, 0xc000);
651 if (semihosting_get_argc()) {
652 /* Preserve a0 content as arguments have been passed */
653 stw_p(p
++, 0x8000); stw_p(p
++, 0xc000);
656 stw_p(p
++, 0x0080); stw_p(p
++, 0x0002);
660 stw_p(p
++, 0xe3a0 | NM_HI1(ENVP_ADDR
- 64));
662 stw_p(p
++, NM_HI2(ENVP_ADDR
- 64));
663 /* lui sp,%hi(ENVP_ADDR - 64) */
665 stw_p(p
++, 0x83bd); stw_p(p
++, NM_LO(ENVP_ADDR
- 64));
666 /* ori sp,sp,%lo(ENVP_ADDR - 64) */
668 stw_p(p
++, 0xe0a0 | NM_HI1(ENVP_ADDR
));
670 stw_p(p
++, NM_HI2(ENVP_ADDR
));
671 /* lui a1,%hi(ENVP_ADDR) */
673 stw_p(p
++, 0x80a5); stw_p(p
++, NM_LO(ENVP_ADDR
));
674 /* ori a1,a1,%lo(ENVP_ADDR) */
676 stw_p(p
++, 0xe0c0 | NM_HI1(ENVP_ADDR
+ 8));
678 stw_p(p
++, NM_HI2(ENVP_ADDR
+ 8));
679 /* lui a2,%hi(ENVP_ADDR + 8) */
681 stw_p(p
++, 0x80c6); stw_p(p
++, NM_LO(ENVP_ADDR
+ 8));
682 /* ori a2,a2,%lo(ENVP_ADDR + 8) */
684 stw_p(p
++, 0xe0e0 | NM_HI1(loaderparams
.ram_low_size
));
686 stw_p(p
++, NM_HI2(loaderparams
.ram_low_size
));
687 /* lui a3,%hi(loaderparams.ram_low_size) */
689 stw_p(p
++, 0x80e7); stw_p(p
++, NM_LO(loaderparams
.ram_low_size
));
690 /* ori a3,a3,%lo(loaderparams.ram_low_size) */
693 * Load BAR registers as done by YAMON:
695 * - set up PCI0 I/O BARs from 0x18000000 to 0x181fffff
696 * - set up PCI0 MEM0 at 0x10000000, size 0x8000000
697 * - set up PCI0 MEM1 at 0x18200000, size 0xbe00000
700 stw_p(p
++, 0xe040); stw_p(p
++, 0x0681);
701 /* lui t1, %hi(0xb4000000) */
703 #ifdef TARGET_WORDS_BIGENDIAN
705 stw_p(p
++, 0xe020); stw_p(p
++, 0x0be1);
706 /* lui t0, %hi(0xdf000000) */
708 /* 0x68 corresponds to GT_ISD (from hw/mips/gt64xxx_pci.c) */
709 stw_p(p
++, 0x8422); stw_p(p
++, 0x9068);
710 /* sw t0, 0x68(t1) */
712 stw_p(p
++, 0xe040); stw_p(p
++, 0x077d);
713 /* lui t1, %hi(0xbbe00000) */
715 stw_p(p
++, 0xe020); stw_p(p
++, 0x0801);
716 /* lui t0, %hi(0xc0000000) */
718 /* 0x48 corresponds to GT_PCI0IOLD */
719 stw_p(p
++, 0x8422); stw_p(p
++, 0x9048);
720 /* sw t0, 0x48(t1) */
722 stw_p(p
++, 0xe020); stw_p(p
++, 0x0800);
723 /* lui t0, %hi(0x40000000) */
725 /* 0x50 corresponds to GT_PCI0IOHD */
726 stw_p(p
++, 0x8422); stw_p(p
++, 0x9050);
727 /* sw t0, 0x50(t1) */
729 stw_p(p
++, 0xe020); stw_p(p
++, 0x0001);
730 /* lui t0, %hi(0x80000000) */
732 /* 0x58 corresponds to GT_PCI0M0LD */
733 stw_p(p
++, 0x8422); stw_p(p
++, 0x9058);
734 /* sw t0, 0x58(t1) */
736 stw_p(p
++, 0xe020); stw_p(p
++, 0x07e0);
737 /* lui t0, %hi(0x3f000000) */
739 /* 0x60 corresponds to GT_PCI0M0HD */
740 stw_p(p
++, 0x8422); stw_p(p
++, 0x9060);
741 /* sw t0, 0x60(t1) */
743 stw_p(p
++, 0xe020); stw_p(p
++, 0x0821);
744 /* lui t0, %hi(0xc1000000) */
746 /* 0x80 corresponds to GT_PCI0M1LD */
747 stw_p(p
++, 0x8422); stw_p(p
++, 0x9080);
748 /* sw t0, 0x80(t1) */
750 stw_p(p
++, 0xe020); stw_p(p
++, 0x0bc0);
751 /* lui t0, %hi(0x5e000000) */
755 stw_p(p
++, 0x0020); stw_p(p
++, 0x00df);
756 /* addiu[32] t0, $0, 0xdf */
758 /* 0x68 corresponds to GT_ISD */
759 stw_p(p
++, 0x8422); stw_p(p
++, 0x9068);
760 /* sw t0, 0x68(t1) */
762 /* Use kseg2 remapped address 0x1be00000 */
763 stw_p(p
++, 0xe040); stw_p(p
++, 0x077d);
764 /* lui t1, %hi(0xbbe00000) */
766 stw_p(p
++, 0x0020); stw_p(p
++, 0x00c0);
767 /* addiu[32] t0, $0, 0xc0 */
769 /* 0x48 corresponds to GT_PCI0IOLD */
770 stw_p(p
++, 0x8422); stw_p(p
++, 0x9048);
771 /* sw t0, 0x48(t1) */
773 stw_p(p
++, 0x0020); stw_p(p
++, 0x0040);
774 /* addiu[32] t0, $0, 0x40 */
776 /* 0x50 corresponds to GT_PCI0IOHD */
777 stw_p(p
++, 0x8422); stw_p(p
++, 0x9050);
778 /* sw t0, 0x50(t1) */
780 stw_p(p
++, 0x0020); stw_p(p
++, 0x0080);
781 /* addiu[32] t0, $0, 0x80 */
783 /* 0x58 corresponds to GT_PCI0M0LD */
784 stw_p(p
++, 0x8422); stw_p(p
++, 0x9058);
785 /* sw t0, 0x58(t1) */
787 stw_p(p
++, 0x0020); stw_p(p
++, 0x003f);
788 /* addiu[32] t0, $0, 0x3f */
790 /* 0x60 corresponds to GT_PCI0M0HD */
791 stw_p(p
++, 0x8422); stw_p(p
++, 0x9060);
792 /* sw t0, 0x60(t1) */
794 stw_p(p
++, 0x0020); stw_p(p
++, 0x00c1);
795 /* addiu[32] t0, $0, 0xc1 */
797 /* 0x80 corresponds to GT_PCI0M1LD */
798 stw_p(p
++, 0x8422); stw_p(p
++, 0x9080);
799 /* sw t0, 0x80(t1) */
801 stw_p(p
++, 0x0020); stw_p(p
++, 0x005e);
802 /* addiu[32] t0, $0, 0x5e */
806 /* 0x88 corresponds to GT_PCI0M1HD */
807 stw_p(p
++, 0x8422); stw_p(p
++, 0x9088);
808 /* sw t0, 0x88(t1) */
810 stw_p(p
++, 0xe320 | NM_HI1(kernel_entry
));
812 stw_p(p
++, NM_HI2(kernel_entry
));
813 /* lui t9,%hi(kernel_entry) */
815 stw_p(p
++, 0x8339); stw_p(p
++, NM_LO(kernel_entry
));
816 /* ori t9,t9,%lo(kernel_entry) */
818 stw_p(p
++, 0x4bf9); stw_p(p
++, 0x0000);
823 * ROM and pseudo bootloader
825 * The following code implements a very very simple bootloader. It first
826 * loads the registers a0 to a3 to the values expected by the OS, and
827 * then jump at the kernel address.
829 * The bootloader should pass the locations of the kernel arguments and
830 * environment variables tables. Those tables contain the 32-bit address
831 * of NULL terminated strings. The environment variables table should be
832 * terminated by a NULL address.
834 * For a simpler implementation, the number of kernel arguments is fixed
835 * to two (the name of the kernel and the command line), and the two
836 * tables are actually the same one.
838 * The registers a0 to a3 should contain the following values:
839 * a0 - number of kernel arguments
840 * a1 - 32-bit address of the kernel arguments table
841 * a2 - 32-bit address of the environment variables table
842 * a3 - RAM size in bytes
844 static void write_bootloader(uint8_t *base
, int64_t run_addr
,
845 int64_t kernel_entry
)
849 /* Small bootloader */
850 p
= (uint32_t *)base
;
852 stl_p(p
++, 0x08000000 | /* j 0x1fc00580 */
853 ((run_addr
+ 0x580) & 0x0fffffff) >> 2);
854 stl_p(p
++, 0x00000000); /* nop */
856 /* YAMON service vector */
857 stl_p(base
+ 0x500, run_addr
+ 0x0580); /* start: */
858 stl_p(base
+ 0x504, run_addr
+ 0x083c); /* print_count: */
859 stl_p(base
+ 0x520, run_addr
+ 0x0580); /* start: */
860 stl_p(base
+ 0x52c, run_addr
+ 0x0800); /* flush_cache: */
861 stl_p(base
+ 0x534, run_addr
+ 0x0808); /* print: */
862 stl_p(base
+ 0x538, run_addr
+ 0x0800); /* reg_cpu_isr: */
863 stl_p(base
+ 0x53c, run_addr
+ 0x0800); /* unred_cpu_isr: */
864 stl_p(base
+ 0x540, run_addr
+ 0x0800); /* reg_ic_isr: */
865 stl_p(base
+ 0x544, run_addr
+ 0x0800); /* unred_ic_isr: */
866 stl_p(base
+ 0x548, run_addr
+ 0x0800); /* reg_esr: */
867 stl_p(base
+ 0x54c, run_addr
+ 0x0800); /* unreg_esr: */
868 stl_p(base
+ 0x550, run_addr
+ 0x0800); /* getchar: */
869 stl_p(base
+ 0x554, run_addr
+ 0x0800); /* syscon_read: */
872 /* Second part of the bootloader */
873 p
= (uint32_t *) (base
+ 0x580);
875 if (semihosting_get_argc()) {
876 /* Preserve a0 content as arguments have been passed */
877 stl_p(p
++, 0x00000000); /* nop */
879 stl_p(p
++, 0x24040002); /* addiu a0, zero, 2 */
882 /* lui sp, high(ENVP_ADDR) */
883 stl_p(p
++, 0x3c1d0000 | (((ENVP_ADDR
- 64) >> 16) & 0xffff));
884 /* ori sp, sp, low(ENVP_ADDR) */
885 stl_p(p
++, 0x37bd0000 | ((ENVP_ADDR
- 64) & 0xffff));
886 /* lui a1, high(ENVP_ADDR) */
887 stl_p(p
++, 0x3c050000 | ((ENVP_ADDR
>> 16) & 0xffff));
888 /* ori a1, a1, low(ENVP_ADDR) */
889 stl_p(p
++, 0x34a50000 | (ENVP_ADDR
& 0xffff));
890 /* lui a2, high(ENVP_ADDR + 8) */
891 stl_p(p
++, 0x3c060000 | (((ENVP_ADDR
+ 8) >> 16) & 0xffff));
892 /* ori a2, a2, low(ENVP_ADDR + 8) */
893 stl_p(p
++, 0x34c60000 | ((ENVP_ADDR
+ 8) & 0xffff));
894 /* lui a3, high(ram_low_size) */
895 stl_p(p
++, 0x3c070000 | (loaderparams
.ram_low_size
>> 16));
896 /* ori a3, a3, low(ram_low_size) */
897 stl_p(p
++, 0x34e70000 | (loaderparams
.ram_low_size
& 0xffff));
899 /* Load BAR registers as done by YAMON */
900 stl_p(p
++, 0x3c09b400); /* lui t1, 0xb400 */
902 #ifdef TARGET_WORDS_BIGENDIAN
903 stl_p(p
++, 0x3c08df00); /* lui t0, 0xdf00 */
905 stl_p(p
++, 0x340800df); /* ori t0, r0, 0x00df */
907 stl_p(p
++, 0xad280068); /* sw t0, 0x0068(t1) */
909 stl_p(p
++, 0x3c09bbe0); /* lui t1, 0xbbe0 */
911 #ifdef TARGET_WORDS_BIGENDIAN
912 stl_p(p
++, 0x3c08c000); /* lui t0, 0xc000 */
914 stl_p(p
++, 0x340800c0); /* ori t0, r0, 0x00c0 */
916 stl_p(p
++, 0xad280048); /* sw t0, 0x0048(t1) */
917 #ifdef TARGET_WORDS_BIGENDIAN
918 stl_p(p
++, 0x3c084000); /* lui t0, 0x4000 */
920 stl_p(p
++, 0x34080040); /* ori t0, r0, 0x0040 */
922 stl_p(p
++, 0xad280050); /* sw t0, 0x0050(t1) */
924 #ifdef TARGET_WORDS_BIGENDIAN
925 stl_p(p
++, 0x3c088000); /* lui t0, 0x8000 */
927 stl_p(p
++, 0x34080080); /* ori t0, r0, 0x0080 */
929 stl_p(p
++, 0xad280058); /* sw t0, 0x0058(t1) */
930 #ifdef TARGET_WORDS_BIGENDIAN
931 stl_p(p
++, 0x3c083f00); /* lui t0, 0x3f00 */
933 stl_p(p
++, 0x3408003f); /* ori t0, r0, 0x003f */
935 stl_p(p
++, 0xad280060); /* sw t0, 0x0060(t1) */
937 #ifdef TARGET_WORDS_BIGENDIAN
938 stl_p(p
++, 0x3c08c100); /* lui t0, 0xc100 */
940 stl_p(p
++, 0x340800c1); /* ori t0, r0, 0x00c1 */
942 stl_p(p
++, 0xad280080); /* sw t0, 0x0080(t1) */
943 #ifdef TARGET_WORDS_BIGENDIAN
944 stl_p(p
++, 0x3c085e00); /* lui t0, 0x5e00 */
946 stl_p(p
++, 0x3408005e); /* ori t0, r0, 0x005e */
948 stl_p(p
++, 0xad280088); /* sw t0, 0x0088(t1) */
950 /* Jump to kernel code */
951 stl_p(p
++, 0x3c1f0000 | ((kernel_entry
>> 16) & 0xffff)); /* lui ra, high(kernel_entry) */
952 stl_p(p
++, 0x37ff0000 | (kernel_entry
& 0xffff)); /* ori ra, ra, low(kernel_entry) */
953 stl_p(p
++, 0x03e00009); /* jalr ra */
954 stl_p(p
++, 0x00000000); /* nop */
956 /* YAMON subroutines */
957 p
= (uint32_t *) (base
+ 0x800);
958 stl_p(p
++, 0x03e00009); /* jalr ra */
959 stl_p(p
++, 0x24020000); /* li v0,0 */
960 /* 808 YAMON print */
961 stl_p(p
++, 0x03e06821); /* move t5,ra */
962 stl_p(p
++, 0x00805821); /* move t3,a0 */
963 stl_p(p
++, 0x00a05021); /* move t2,a1 */
964 stl_p(p
++, 0x91440000); /* lbu a0,0(t2) */
965 stl_p(p
++, 0x254a0001); /* addiu t2,t2,1 */
966 stl_p(p
++, 0x10800005); /* beqz a0,834 */
967 stl_p(p
++, 0x00000000); /* nop */
968 stl_p(p
++, 0x0ff0021c); /* jal 870 */
969 stl_p(p
++, 0x00000000); /* nop */
970 stl_p(p
++, 0x1000fff9); /* b 814 */
971 stl_p(p
++, 0x00000000); /* nop */
972 stl_p(p
++, 0x01a00009); /* jalr t5 */
973 stl_p(p
++, 0x01602021); /* move a0,t3 */
974 /* 0x83c YAMON print_count */
975 stl_p(p
++, 0x03e06821); /* move t5,ra */
976 stl_p(p
++, 0x00805821); /* move t3,a0 */
977 stl_p(p
++, 0x00a05021); /* move t2,a1 */
978 stl_p(p
++, 0x00c06021); /* move t4,a2 */
979 stl_p(p
++, 0x91440000); /* lbu a0,0(t2) */
980 stl_p(p
++, 0x0ff0021c); /* jal 870 */
981 stl_p(p
++, 0x00000000); /* nop */
982 stl_p(p
++, 0x254a0001); /* addiu t2,t2,1 */
983 stl_p(p
++, 0x258cffff); /* addiu t4,t4,-1 */
984 stl_p(p
++, 0x1580fffa); /* bnez t4,84c */
985 stl_p(p
++, 0x00000000); /* nop */
986 stl_p(p
++, 0x01a00009); /* jalr t5 */
987 stl_p(p
++, 0x01602021); /* move a0,t3 */
989 stl_p(p
++, 0x3c08b800); /* lui t0,0xb400 */
990 stl_p(p
++, 0x350803f8); /* ori t0,t0,0x3f8 */
991 stl_p(p
++, 0x91090005); /* lbu t1,5(t0) */
992 stl_p(p
++, 0x00000000); /* nop */
993 stl_p(p
++, 0x31290040); /* andi t1,t1,0x40 */
994 stl_p(p
++, 0x1120fffc); /* beqz t1,878 <outch+0x8> */
995 stl_p(p
++, 0x00000000); /* nop */
996 stl_p(p
++, 0x03e00009); /* jalr ra */
997 stl_p(p
++, 0xa1040000); /* sb a0,0(t0) */
1001 static void GCC_FMT_ATTR(3, 4) prom_set(uint32_t *prom_buf
, int index
,
1002 const char *string
, ...)
1007 if (index
>= ENVP_NB_ENTRIES
) {
1011 if (string
== NULL
) {
1012 prom_buf
[index
] = 0;
1016 table_addr
= sizeof(int32_t) * ENVP_NB_ENTRIES
+ index
* ENVP_ENTRY_SIZE
;
1017 prom_buf
[index
] = tswap32(ENVP_ADDR
+ table_addr
);
1019 va_start(ap
, string
);
1020 vsnprintf((char *)prom_buf
+ table_addr
, ENVP_ENTRY_SIZE
, string
, ap
);
1025 static int64_t load_kernel(void)
1027 int64_t kernel_entry
, kernel_high
, initrd_size
;
1029 ram_addr_t initrd_offset
;
1034 uint64_t (*xlate_to_kseg0
) (void *opaque
, uint64_t addr
);
1036 #ifdef TARGET_WORDS_BIGENDIAN
1042 kernel_size
= load_elf(loaderparams
.kernel_filename
, NULL
,
1043 cpu_mips_kseg0_to_phys
, NULL
,
1044 (uint64_t *)&kernel_entry
, NULL
,
1045 (uint64_t *)&kernel_high
, big_endian
, EM_MIPS
, 1, 0);
1046 if (kernel_size
< 0) {
1047 error_report("could not load kernel '%s': %s",
1048 loaderparams
.kernel_filename
,
1049 load_elf_strerror(kernel_size
));
1053 /* Check where the kernel has been linked */
1054 if (kernel_entry
& 0x80000000ll
) {
1055 if (kvm_enabled()) {
1056 error_report("KVM guest kernels must be linked in useg. "
1057 "Did you forget to enable CONFIG_KVM_GUEST?");
1061 xlate_to_kseg0
= cpu_mips_phys_to_kseg0
;
1063 /* if kernel entry is in useg it is probably a KVM T&E kernel */
1064 mips_um_ksegs_enable();
1066 xlate_to_kseg0
= cpu_mips_kvm_um_phys_to_kseg0
;
1072 if (loaderparams
.initrd_filename
) {
1073 initrd_size
= get_image_size(loaderparams
.initrd_filename
);
1074 if (initrd_size
> 0) {
1076 * The kernel allocates the bootmap memory in the low memory after
1077 * the initrd. It takes at most 128kiB for 2GB RAM and 4kiB
1080 initrd_offset
= (loaderparams
.ram_low_size
- initrd_size
1082 - ~INITRD_PAGE_MASK
) & INITRD_PAGE_MASK
;
1083 if (kernel_high
>= initrd_offset
) {
1084 error_report("memory too small for initial ram disk '%s'",
1085 loaderparams
.initrd_filename
);
1088 initrd_size
= load_image_targphys(loaderparams
.initrd_filename
,
1090 ram_size
- initrd_offset
);
1092 if (initrd_size
== (target_ulong
) -1) {
1093 error_report("could not load initial ram disk '%s'",
1094 loaderparams
.initrd_filename
);
1099 /* Setup prom parameters. */
1100 prom_size
= ENVP_NB_ENTRIES
* (sizeof(int32_t) + ENVP_ENTRY_SIZE
);
1101 prom_buf
= g_malloc(prom_size
);
1103 prom_set(prom_buf
, prom_index
++, "%s", loaderparams
.kernel_filename
);
1104 if (initrd_size
> 0) {
1105 prom_set(prom_buf
, prom_index
++,
1106 "rd_start=0x%" PRIx64
" rd_size=%" PRId64
" %s",
1107 xlate_to_kseg0(NULL
, initrd_offset
),
1108 initrd_size
, loaderparams
.kernel_cmdline
);
1110 prom_set(prom_buf
, prom_index
++, "%s", loaderparams
.kernel_cmdline
);
1113 prom_set(prom_buf
, prom_index
++, "memsize");
1114 prom_set(prom_buf
, prom_index
++, "%u", loaderparams
.ram_low_size
);
1116 prom_set(prom_buf
, prom_index
++, "ememsize");
1117 prom_set(prom_buf
, prom_index
++, "%u", loaderparams
.ram_size
);
1119 prom_set(prom_buf
, prom_index
++, "modetty0");
1120 prom_set(prom_buf
, prom_index
++, "38400n8r");
1121 prom_set(prom_buf
, prom_index
++, NULL
);
1123 rom_add_blob_fixed("prom", prom_buf
, prom_size
,
1124 cpu_mips_kseg0_to_phys(NULL
, ENVP_ADDR
));
1127 return kernel_entry
;
1130 static void malta_mips_config(MIPSCPU
*cpu
)
1132 MachineState
*ms
= MACHINE(qdev_get_machine());
1133 unsigned int smp_cpus
= ms
->smp
.cpus
;
1134 CPUMIPSState
*env
= &cpu
->env
;
1135 CPUState
*cs
= CPU(cpu
);
1137 env
->mvp
->CP0_MVPConf0
|= ((smp_cpus
- 1) << CP0MVPC0_PVPE
) |
1138 ((smp_cpus
* cs
->nr_threads
- 1) << CP0MVPC0_PTC
);
1141 static void main_cpu_reset(void *opaque
)
1143 MIPSCPU
*cpu
= opaque
;
1144 CPUMIPSState
*env
= &cpu
->env
;
1146 cpu_reset(CPU(cpu
));
1149 * The bootloader does not need to be rewritten as it is located in a
1150 * read only location. The kernel location and the arguments table
1151 * location does not change.
1153 if (loaderparams
.kernel_filename
) {
1154 env
->CP0_Status
&= ~(1 << CP0St_ERL
);
1157 malta_mips_config(cpu
);
1159 if (kvm_enabled()) {
1160 /* Start running from the bootloader we wrote to end of RAM */
1161 env
->active_tc
.PC
= 0x40000000 + loaderparams
.ram_low_size
;
1165 static void create_cpu_without_cps(MachineState
*ms
,
1166 qemu_irq
*cbus_irq
, qemu_irq
*i8259_irq
)
1172 for (i
= 0; i
< ms
->smp
.cpus
; i
++) {
1173 cpu
= MIPS_CPU(cpu_create(ms
->cpu_type
));
1175 /* Init internal devices */
1176 cpu_mips_irq_init_cpu(cpu
);
1177 cpu_mips_clock_init(cpu
);
1178 qemu_register_reset(main_cpu_reset
, cpu
);
1181 cpu
= MIPS_CPU(first_cpu
);
1183 *i8259_irq
= env
->irq
[2];
1184 *cbus_irq
= env
->irq
[4];
1187 static void create_cps(MachineState
*ms
, MaltaState
*s
,
1188 qemu_irq
*cbus_irq
, qemu_irq
*i8259_irq
)
1192 sysbus_init_child_obj(OBJECT(s
), "cps", OBJECT(&s
->cps
), sizeof(s
->cps
),
1194 object_property_set_str(OBJECT(&s
->cps
), ms
->cpu_type
, "cpu-type", &err
);
1195 object_property_set_int(OBJECT(&s
->cps
), ms
->smp
.cpus
, "num-vp", &err
);
1196 object_property_set_bool(OBJECT(&s
->cps
), true, "realized", &err
);
1198 error_report("%s", error_get_pretty(err
));
1202 sysbus_mmio_map_overlap(SYS_BUS_DEVICE(&s
->cps
), 0, 0, 1);
1204 *i8259_irq
= get_cps_irq(&s
->cps
, 3);
1208 static void mips_create_cpu(MachineState
*ms
, MaltaState
*s
,
1209 qemu_irq
*cbus_irq
, qemu_irq
*i8259_irq
)
1211 if ((ms
->smp
.cpus
> 1) && cpu_supports_cps_smp(ms
->cpu_type
)) {
1212 create_cps(ms
, s
, cbus_irq
, i8259_irq
);
1214 create_cpu_without_cps(ms
, cbus_irq
, i8259_irq
);
1219 void mips_malta_init(MachineState
*machine
)
1221 ram_addr_t ram_size
= machine
->ram_size
;
1222 ram_addr_t ram_low_size
;
1223 const char *kernel_filename
= machine
->kernel_filename
;
1224 const char *kernel_cmdline
= machine
->kernel_cmdline
;
1225 const char *initrd_filename
= machine
->initrd_filename
;
1228 MemoryRegion
*system_memory
= get_system_memory();
1229 MemoryRegion
*ram_high
= g_new(MemoryRegion
, 1);
1230 MemoryRegion
*ram_low_preio
= g_new(MemoryRegion
, 1);
1231 MemoryRegion
*ram_low_postio
;
1232 MemoryRegion
*bios
, *bios_copy
= g_new(MemoryRegion
, 1);
1233 const size_t smbus_eeprom_size
= 8 * 256;
1234 uint8_t *smbus_eeprom_buf
= g_malloc0(smbus_eeprom_size
);
1235 int64_t kernel_entry
, bootloader_run_addr
;
1239 qemu_irq cbus_irq
, i8259_irq
;
1243 DriveInfo
*hd
[MAX_IDE_BUS
* MAX_IDE_DEVS
];
1247 DeviceState
*dev
= qdev_create(NULL
, TYPE_MIPS_MALTA
);
1248 MaltaState
*s
= MIPS_MALTA(dev
);
1251 * The whole address space decoded by the GT-64120A doesn't generate
1252 * exception when accessing invalid memory. Create an empty slot to
1253 * emulate this feature.\
1255 empty_slot_init(0, 0x20000000);
1257 qdev_init_nofail(dev
);
1260 mips_create_cpu(machine
, s
, &cbus_irq
, &i8259_irq
);
1263 if (ram_size
> 2 * GiB
) {
1264 error_report("Too much memory for this machine: %" PRId64
"MB,"
1265 " maximum 2048MB", ram_size
/ MiB
);
1269 /* register RAM at high address where it is undisturbed by IO */
1270 memory_region_allocate_system_memory(ram_high
, NULL
, "mips_malta.ram",
1272 memory_region_add_subregion(system_memory
, 0x80000000, ram_high
);
1274 /* alias for pre IO hole access */
1275 memory_region_init_alias(ram_low_preio
, NULL
, "mips_malta_low_preio.ram",
1276 ram_high
, 0, MIN(ram_size
, 256 * MiB
));
1277 memory_region_add_subregion(system_memory
, 0, ram_low_preio
);
1279 /* alias for post IO hole access, if there is enough RAM */
1280 if (ram_size
> 512 * MiB
) {
1281 ram_low_postio
= g_new(MemoryRegion
, 1);
1282 memory_region_init_alias(ram_low_postio
, NULL
,
1283 "mips_malta_low_postio.ram",
1284 ram_high
, 512 * MiB
,
1285 ram_size
- 512 * MiB
);
1286 memory_region_add_subregion(system_memory
, 512 * MiB
,
1290 #ifdef TARGET_WORDS_BIGENDIAN
1298 /* The CBUS UART is attached to the MIPS CPU INT2 pin, ie interrupt 4 */
1299 malta_fpga_init(system_memory
, FPGA_ADDRESS
, cbus_irq
, serial_hd(2));
1301 /* Load firmware in flash / BIOS. */
1302 dinfo
= drive_get(IF_PFLASH
, 0, fl_idx
);
1303 fl
= pflash_cfi01_register(FLASH_ADDRESS
, "mips_malta.bios",
1305 dinfo
? blk_by_legacy_dinfo(dinfo
) : NULL
,
1307 4, 0x0000, 0x0000, 0x0000, 0x0000, be
);
1308 bios
= pflash_cfi01_get_memory(fl
);
1310 if (kernel_filename
) {
1311 ram_low_size
= MIN(ram_size
, 256 * MiB
);
1312 /* For KVM we reserve 1MB of RAM for running bootloader */
1313 if (kvm_enabled()) {
1314 ram_low_size
-= 0x100000;
1315 bootloader_run_addr
= 0x40000000 + ram_low_size
;
1317 bootloader_run_addr
= 0xbfc00000;
1320 /* Write a small bootloader to the flash location. */
1321 loaderparams
.ram_size
= ram_size
;
1322 loaderparams
.ram_low_size
= ram_low_size
;
1323 loaderparams
.kernel_filename
= kernel_filename
;
1324 loaderparams
.kernel_cmdline
= kernel_cmdline
;
1325 loaderparams
.initrd_filename
= initrd_filename
;
1326 kernel_entry
= load_kernel();
1328 if (!cpu_supports_isa(machine
->cpu_type
, ISA_NANOMIPS32
)) {
1329 write_bootloader(memory_region_get_ram_ptr(bios
),
1330 bootloader_run_addr
, kernel_entry
);
1332 write_bootloader_nanomips(memory_region_get_ram_ptr(bios
),
1333 bootloader_run_addr
, kernel_entry
);
1335 if (kvm_enabled()) {
1336 /* Write the bootloader code @ the end of RAM, 1MB reserved */
1337 write_bootloader(memory_region_get_ram_ptr(ram_low_preio
) +
1339 bootloader_run_addr
, kernel_entry
);
1342 target_long bios_size
= FLASH_SIZE
;
1343 /* The flash region isn't executable from a KVM guest */
1344 if (kvm_enabled()) {
1345 error_report("KVM enabled but no -kernel argument was specified. "
1346 "Booting from flash is not supported with KVM.");
1349 /* Load firmware from flash. */
1351 /* Load a BIOS image. */
1352 if (bios_name
== NULL
) {
1353 bios_name
= BIOS_FILENAME
;
1355 filename
= qemu_find_file(QEMU_FILE_TYPE_BIOS
, bios_name
);
1357 bios_size
= load_image_targphys(filename
, FLASH_ADDRESS
,
1363 if ((bios_size
< 0 || bios_size
> BIOS_SIZE
) &&
1364 !kernel_filename
&& !qtest_enabled()) {
1365 error_report("Could not load MIPS bios '%s', and no "
1366 "-kernel argument was specified", bios_name
);
1371 * In little endian mode the 32bit words in the bios are swapped,
1372 * a neat trick which allows bi-endian firmware.
1374 #ifndef TARGET_WORDS_BIGENDIAN
1376 uint32_t *end
, *addr
;
1377 const size_t swapsize
= MIN(bios_size
, 0x3e0000);
1378 addr
= rom_ptr(FLASH_ADDRESS
, swapsize
);
1380 addr
= memory_region_get_ram_ptr(bios
);
1382 end
= (void *)addr
+ swapsize
;
1383 while (addr
< end
) {
1392 * Map the BIOS at a 2nd physical location, as on the real board.
1393 * Copy it so that we can patch in the MIPS revision, which cannot be
1394 * handled by an overlapping region as the resulting ROM code subpage
1395 * regions are not executable.
1397 memory_region_init_ram(bios_copy
, NULL
, "bios.1fc", BIOS_SIZE
,
1399 if (!rom_copy(memory_region_get_ram_ptr(bios_copy
),
1400 FLASH_ADDRESS
, BIOS_SIZE
)) {
1401 memcpy(memory_region_get_ram_ptr(bios_copy
),
1402 memory_region_get_ram_ptr(bios
), BIOS_SIZE
);
1404 memory_region_set_readonly(bios_copy
, true);
1405 memory_region_add_subregion(system_memory
, RESET_ADDRESS
, bios_copy
);
1407 /* Board ID = 0x420 (Malta Board with CoreLV) */
1408 stl_p(memory_region_get_ram_ptr(bios_copy
) + 0x10, 0x00000420);
1411 * We have a circular dependency problem: pci_bus depends on isa_irq,
1412 * isa_irq is provided by i8259, i8259 depends on ISA, ISA depends
1413 * on piix4, and piix4 depends on pci_bus. To stop the cycle we have
1414 * qemu_irq_proxy() adds an extra bit of indirection, allowing us
1415 * to resolve the isa_irq -> i8259 dependency after i8259 is initialized.
1417 isa_irq
= qemu_irq_proxy(&s
->i8259
, 16);
1420 pci_bus
= gt64120_register(isa_irq
);
1423 ide_drive_get(hd
, ARRAY_SIZE(hd
));
1425 piix4_devfn
= piix4_init(pci_bus
, &isa_bus
, 80);
1428 * Interrupt controller
1429 * The 8259 is attached to the MIPS CPU INT0 pin, ie interrupt 2
1431 s
->i8259
= i8259_init(isa_bus
, i8259_irq
);
1433 isa_bus_irqs(isa_bus
, s
->i8259
);
1434 pci_piix4_ide_init(pci_bus
, hd
, piix4_devfn
+ 1);
1435 pci_create_simple(pci_bus
, piix4_devfn
+ 2, "piix4-usb-uhci");
1436 smbus
= piix4_pm_init(pci_bus
, piix4_devfn
+ 3, 0x1100,
1437 isa_get_irq(NULL
, 9), NULL
, 0, NULL
);
1438 pit
= i8254_pit_init(isa_bus
, 0x40, 0, NULL
);
1439 i8257_dma_init(isa_bus
, 0);
1440 mc146818_rtc_init(isa_bus
, 2000, NULL
);
1442 /* generate SPD EEPROM data */
1443 generate_eeprom_spd(&smbus_eeprom_buf
[0 * 256], ram_size
);
1444 generate_eeprom_serial(&smbus_eeprom_buf
[6 * 256]);
1445 smbus_eeprom_init(smbus
, 8, smbus_eeprom_buf
, smbus_eeprom_size
);
1446 g_free(smbus_eeprom_buf
);
1448 /* Super I/O: SMS FDC37M817 */
1449 isa_create_simple(isa_bus
, TYPE_FDC37M81X_SUPERIO
);
1452 network_init(pci_bus
);
1454 /* Optional PCI video card */
1455 pci_vga_init(pci_bus
);
1458 static const TypeInfo mips_malta_device
= {
1459 .name
= TYPE_MIPS_MALTA
,
1460 .parent
= TYPE_SYS_BUS_DEVICE
,
1461 .instance_size
= sizeof(MaltaState
),
1464 static void mips_malta_machine_init(MachineClass
*mc
)
1466 mc
->desc
= "MIPS Malta Core LV";
1467 mc
->init
= mips_malta_init
;
1468 mc
->block_default_type
= IF_IDE
;
1471 #ifdef TARGET_MIPS64
1472 mc
->default_cpu_type
= MIPS_CPU_TYPE_NAME("20Kc");
1474 mc
->default_cpu_type
= MIPS_CPU_TYPE_NAME("24Kf");
1478 DEFINE_MACHINE("malta", mips_malta_machine_init
)
1480 static void mips_malta_register_types(void)
1482 type_register_static(&mips_malta_device
);
1485 type_init(mips_malta_register_types
)