2 * QEMU Malta board support
4 * Copyright (c) 2006 Aurelien Jarno
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
25 #include "qemu/osdep.h"
26 #include "qemu/units.h"
27 #include "qemu/bitops.h"
28 #include "qemu/datadir.h"
29 #include "qemu/guest-random.h"
31 #include "hw/southbridge/piix.h"
32 #include "hw/isa/superio.h"
33 #include "hw/char/serial.h"
35 #include "hw/boards.h"
36 #include "hw/i2c/smbus_eeprom.h"
37 #include "hw/block/flash.h"
38 #include "hw/mips/mips.h"
39 #include "hw/mips/bootloader.h"
40 #include "hw/mips/cpudevs.h"
41 #include "hw/pci/pci.h"
42 #include "hw/pci/pci_bus.h"
44 #include "hw/mips/bios.h"
45 #include "hw/ide/pci.h"
47 #include "hw/loader.h"
49 #include "qom/object.h"
50 #include "hw/sysbus.h" /* SysBusDevice */
51 #include "qemu/host-utils.h"
52 #include "sysemu/qtest.h"
53 #include "sysemu/reset.h"
54 #include "sysemu/runstate.h"
55 #include "qapi/error.h"
56 #include "qemu/error-report.h"
57 #include "sysemu/kvm.h"
58 #include "semihosting/semihost.h"
59 #include "hw/mips/cps.h"
60 #include "hw/qdev-clock.h"
61 #include "target/mips/internal.h"
64 #define ENVP_PADDR 0x2000
65 #define ENVP_VADDR cpu_mips_phys_to_kseg0(NULL, ENVP_PADDR)
66 #define ENVP_NB_ENTRIES 16
67 #define ENVP_ENTRY_SIZE 256
69 /* Hardware addresses */
70 #define FLASH_ADDRESS 0x1e000000ULL
71 #define FPGA_ADDRESS 0x1f000000ULL
72 #define RESET_ADDRESS 0x1fc00000ULL
74 #define FLASH_SIZE 0x400000
76 #define PIIX4_PCI_DEVFN PCI_DEVFN(10, 0)
80 MemoryRegion iomem_lo
; /* 0 - 0x900 */
81 MemoryRegion iomem_hi
; /* 0xa00 - 0x100000 */
95 #define TYPE_MIPS_MALTA "mips-malta"
96 OBJECT_DECLARE_SIMPLE_TYPE(MaltaState
, MIPS_MALTA
)
99 SysBusDevice parent_obj
;
105 static struct _loaderparams
{
106 int ram_size
, ram_low_size
;
107 const char *kernel_filename
;
108 const char *kernel_cmdline
;
109 const char *initrd_filename
;
113 static void malta_fpga_update_display_leds(MaltaFPGAState
*s
)
118 for (i
= 7 ; i
>= 0 ; i
--) {
119 if (s
->leds
& (1 << i
)) {
127 trace_malta_fpga_leds(leds_text
);
128 qemu_chr_fe_printf(&s
->display
, "\e[H\n\n|\e[32m%-8.8s\e[00m|\r\n",
132 static void malta_fpga_update_display_ascii(MaltaFPGAState
*s
)
134 trace_malta_fpga_display(s
->display_text
);
135 qemu_chr_fe_printf(&s
->display
, "\n\n\n\n|\e[31m%-8.8s\e[00m|",
140 * EEPROM 24C01 / 24C02 emulation.
142 * Emulation for serial EEPROMs:
143 * 24C01 - 1024 bit (128 x 8)
144 * 24C02 - 2048 bit (256 x 8)
146 * Typical device names include Microchip 24C02SC or SGS Thomson ST24C02.
150 # define logout(fmt, ...) \
151 fprintf(stderr, "MALTA\t%-24s" fmt, __func__, ## __VA_ARGS__)
153 # define logout(fmt, ...) ((void)0)
156 struct _eeprom24c0x_t
{
165 uint8_t contents
[256];
168 typedef struct _eeprom24c0x_t eeprom24c0x_t
;
170 static eeprom24c0x_t spd_eeprom
= {
173 0x80, 0x08, 0xFF, 0x0D, 0x0A, 0xFF, 0x40, 0x00,
175 0x01, 0x75, 0x54, 0x00, 0x82, 0x08, 0x00, 0x01,
177 0x8F, 0x04, 0x02, 0x01, 0x01, 0x00, 0x00, 0x00,
179 0x00, 0x00, 0x00, 0x14, 0x0F, 0x14, 0x2D, 0xFF,
181 0x15, 0x08, 0x15, 0x08, 0x00, 0x00, 0x00, 0x00,
183 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
185 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
187 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0xD0,
189 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
191 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
193 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
195 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
197 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
199 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
201 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
203 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x64, 0xF4,
207 static void generate_eeprom_spd(uint8_t *eeprom
, ram_addr_t ram_size
)
209 enum { SDR
= 0x4, DDR2
= 0x8 } type
;
210 uint8_t *spd
= spd_eeprom
.contents
;
212 uint16_t density
= 0;
215 /* work in terms of MB */
218 while ((ram_size
>= 4) && (nbanks
<= 2)) {
219 int sz_log2
= MIN(31 - clz32(ram_size
), 14);
221 density
|= 1 << (sz_log2
- 2);
222 ram_size
-= 1 << sz_log2
;
225 /* split to 2 banks if possible */
226 if ((nbanks
== 1) && (density
> 1)) {
231 if (density
& 0xff00) {
232 density
= (density
& 0xe0) | ((density
>> 8) & 0x1f);
234 } else if (!(density
& 0x1f)) {
241 warn_report("SPD cannot represent final " RAM_ADDR_FMT
"MB"
242 " of SDRAM", ram_size
);
245 /* fill in SPD memory information */
252 for (i
= 0; i
< 63; i
++) {
257 memcpy(eeprom
, spd
, sizeof(spd_eeprom
.contents
));
260 static void generate_eeprom_serial(uint8_t *eeprom
)
263 uint8_t mac
[6] = { 0x00 };
264 uint8_t sn
[5] = { 0x01, 0x23, 0x45, 0x67, 0x89 };
267 eeprom
[pos
++] = 0x01;
270 eeprom
[pos
++] = 0x02;
273 eeprom
[pos
++] = 0x01; /* MAC */
274 eeprom
[pos
++] = 0x06; /* length */
275 memcpy(&eeprom
[pos
], mac
, sizeof(mac
));
279 eeprom
[pos
++] = 0x02; /* serial */
280 eeprom
[pos
++] = 0x05; /* length */
281 memcpy(&eeprom
[pos
], sn
, sizeof(sn
));
286 for (i
= 0; i
< pos
; i
++) {
287 eeprom
[pos
] += eeprom
[i
];
291 static uint8_t eeprom24c0x_read(eeprom24c0x_t
*eeprom
)
293 logout("%u: scl = %u, sda = %u, data = 0x%02x\n",
294 eeprom
->tick
, eeprom
->scl
, eeprom
->sda
, eeprom
->data
);
298 static void eeprom24c0x_write(eeprom24c0x_t
*eeprom
, int scl
, int sda
)
300 if (eeprom
->scl
&& scl
&& (eeprom
->sda
!= sda
)) {
301 logout("%u: scl = %u->%u, sda = %u->%u i2c %s\n",
302 eeprom
->tick
, eeprom
->scl
, scl
, eeprom
->sda
, sda
,
303 sda
? "stop" : "start");
308 } else if (eeprom
->tick
== 0 && !eeprom
->ack
) {
309 /* Waiting for start. */
310 logout("%u: scl = %u->%u, sda = %u->%u wait for i2c start\n",
311 eeprom
->tick
, eeprom
->scl
, scl
, eeprom
->sda
, sda
);
312 } else if (!eeprom
->scl
&& scl
) {
313 logout("%u: scl = %u->%u, sda = %u->%u trigger bit\n",
314 eeprom
->tick
, eeprom
->scl
, scl
, eeprom
->sda
, sda
);
316 logout("\ti2c ack bit = 0\n");
319 } else if (eeprom
->sda
== sda
) {
320 uint8_t bit
= (sda
!= 0);
321 logout("\ti2c bit = %d\n", bit
);
322 if (eeprom
->tick
< 9) {
323 eeprom
->command
<<= 1;
324 eeprom
->command
+= bit
;
326 if (eeprom
->tick
== 9) {
327 logout("\tcommand 0x%04x, %s\n", eeprom
->command
,
328 bit
? "read" : "write");
331 } else if (eeprom
->tick
< 17) {
332 if (eeprom
->command
& 1) {
333 sda
= ((eeprom
->data
& 0x80) != 0);
335 eeprom
->address
<<= 1;
336 eeprom
->address
+= bit
;
339 if (eeprom
->tick
== 17) {
340 eeprom
->data
= eeprom
->contents
[eeprom
->address
];
341 logout("\taddress 0x%04x, data 0x%02x\n",
342 eeprom
->address
, eeprom
->data
);
346 } else if (eeprom
->tick
>= 17) {
350 logout("\tsda changed with raising scl\n");
353 logout("%u: scl = %u->%u, sda = %u->%u\n", eeprom
->tick
, eeprom
->scl
,
354 scl
, eeprom
->sda
, sda
);
360 static uint64_t malta_fpga_read(void *opaque
, hwaddr addr
,
363 MaltaFPGAState
*s
= opaque
;
367 saddr
= (addr
& 0xfffff);
371 /* SWITCH Register */
376 /* STATUS Register */
378 #if TARGET_BIG_ENDIAN
390 /* LEDBAR Register */
395 /* BRKRES Register */
400 /* UART Registers are handled directly by the serial device */
407 /* XXX: implement a real I2C controller */
411 /* IN = OUT until a real I2C control is implemented */
419 /* I2CINP Register */
421 val
= ((s
->i2cin
& ~1) | eeprom24c0x_read(&spd_eeprom
));
429 /* I2COUT Register */
434 /* I2CSEL Register */
440 qemu_log_mask(LOG_GUEST_ERROR
,
441 "malta_fpga_read: Bad register addr 0x%"HWADDR_PRIX
"\n",
448 static void malta_fpga_write(void *opaque
, hwaddr addr
,
449 uint64_t val
, unsigned size
)
451 MaltaFPGAState
*s
= opaque
;
454 saddr
= (addr
& 0xfffff);
458 /* SWITCH Register */
466 /* LEDBAR Register */
468 s
->leds
= val
& 0xff;
469 malta_fpga_update_display_leds(s
);
472 /* ASCIIWORD Register */
474 snprintf(s
->display_text
, 9, "%08X", (uint32_t)val
);
475 malta_fpga_update_display_ascii(s
);
478 /* ASCIIPOS0 to ASCIIPOS7 Registers */
487 s
->display_text
[(saddr
- 0x00418) >> 3] = (char) val
;
488 malta_fpga_update_display_ascii(s
);
491 /* SOFTRES Register */
494 qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET
);
498 /* BRKRES Register */
503 /* UART Registers are handled directly by the serial device */
507 s
->gpout
= val
& 0xff;
512 s
->i2coe
= val
& 0x03;
515 /* I2COUT Register */
517 eeprom24c0x_write(&spd_eeprom
, val
& 0x02, val
& 0x01);
521 /* I2CSEL Register */
523 s
->i2csel
= val
& 0x01;
527 qemu_log_mask(LOG_GUEST_ERROR
,
528 "malta_fpga_write: Bad register addr 0x%"HWADDR_PRIX
"\n",
534 static const MemoryRegionOps malta_fpga_ops
= {
535 .read
= malta_fpga_read
,
536 .write
= malta_fpga_write
,
537 .endianness
= DEVICE_NATIVE_ENDIAN
,
540 static void malta_fpga_reset(void *opaque
)
542 MaltaFPGAState
*s
= opaque
;
552 s
->display_text
[8] = '\0';
553 snprintf(s
->display_text
, 9, " ");
556 static void malta_fgpa_display_event(void *opaque
, QEMUChrEvent event
)
558 MaltaFPGAState
*s
= opaque
;
560 if (event
== CHR_EVENT_OPENED
&& !s
->display_inited
) {
561 qemu_chr_fe_printf(&s
->display
, "\e[HMalta LEDBAR\r\n");
562 qemu_chr_fe_printf(&s
->display
, "+--------+\r\n");
563 qemu_chr_fe_printf(&s
->display
, "+ +\r\n");
564 qemu_chr_fe_printf(&s
->display
, "+--------+\r\n");
565 qemu_chr_fe_printf(&s
->display
, "\n");
566 qemu_chr_fe_printf(&s
->display
, "Malta ASCII\r\n");
567 qemu_chr_fe_printf(&s
->display
, "+--------+\r\n");
568 qemu_chr_fe_printf(&s
->display
, "+ +\r\n");
569 qemu_chr_fe_printf(&s
->display
, "+--------+\r\n");
570 s
->display_inited
= true;
574 static MaltaFPGAState
*malta_fpga_init(MemoryRegion
*address_space
,
575 hwaddr base
, qemu_irq uart_irq
, Chardev
*uart_chr
)
580 s
= g_new0(MaltaFPGAState
, 1);
582 memory_region_init_io(&s
->iomem
, NULL
, &malta_fpga_ops
, s
,
583 "malta-fpga", 0x100000);
584 memory_region_init_alias(&s
->iomem_lo
, NULL
, "malta-fpga",
585 &s
->iomem
, 0, 0x900);
586 memory_region_init_alias(&s
->iomem_hi
, NULL
, "malta-fpga",
587 &s
->iomem
, 0xa00, 0x100000 - 0xa00);
589 memory_region_add_subregion(address_space
, base
, &s
->iomem_lo
);
590 memory_region_add_subregion(address_space
, base
+ 0xa00, &s
->iomem_hi
);
592 chr
= qemu_chr_new("fpga", "vc:320x200", NULL
);
593 qemu_chr_fe_init(&s
->display
, chr
, NULL
);
594 qemu_chr_fe_set_handlers(&s
->display
, NULL
, NULL
,
595 malta_fgpa_display_event
, NULL
, s
, NULL
, true);
597 s
->uart
= serial_mm_init(address_space
, base
+ 0x900, 3, uart_irq
,
598 230400, uart_chr
, DEVICE_NATIVE_ENDIAN
);
601 qemu_register_reset(malta_fpga_reset
, s
);
606 /* Network support */
607 static void network_init(PCIBus
*pci_bus
)
611 for (i
= 0; i
< nb_nics
; i
++) {
612 NICInfo
*nd
= &nd_table
[i
];
613 const char *default_devaddr
= NULL
;
615 if (i
== 0 && (!nd
->model
|| strcmp(nd
->model
, "pcnet") == 0))
616 /* The malta board has a PCNet card using PCI SLOT 11 */
617 default_devaddr
= "0b";
619 pci_nic_init_nofail(nd
, pci_bus
, "pcnet", default_devaddr
);
623 static void bl_setup_gt64120_jump_kernel(void **p
, uint64_t run_addr
,
624 uint64_t kernel_entry
)
626 static const char pci_pins_cfg
[PCI_NUM_PINS
] = {
627 10, 10, 11, 11 /* PIIX IRQRC[A:D] */
630 /* Bus endianness is always reversed */
631 #if TARGET_BIG_ENDIAN
632 #define cpu_to_gt32(x) (x)
634 #define cpu_to_gt32(x) bswap32(x)
637 /* setup MEM-to-PCI0 mapping as done by YAMON */
639 /* move GT64120 registers from 0x14000000 to 0x1be00000 */
640 bl_gen_write_u32(p
, /* GT_ISD */
641 cpu_mips_phys_to_kseg1(NULL
, 0x14000000 + 0x68),
642 cpu_to_gt32(0x1be00000 << 3));
644 /* setup PCI0 io window to 0x18000000-0x181fffff */
645 bl_gen_write_u32(p
, /* GT_PCI0IOLD */
646 cpu_mips_phys_to_kseg1(NULL
, 0x1be00000 + 0x48),
647 cpu_to_gt32(0x18000000 << 3));
648 bl_gen_write_u32(p
, /* GT_PCI0IOHD */
649 cpu_mips_phys_to_kseg1(NULL
, 0x1be00000 + 0x50),
650 cpu_to_gt32(0x08000000 << 3));
652 /* setup PCI0 mem windows */
653 bl_gen_write_u32(p
, /* GT_PCI0M0LD */
654 cpu_mips_phys_to_kseg1(NULL
, 0x1be00000 + 0x58),
655 cpu_to_gt32(0x10000000 << 3));
656 bl_gen_write_u32(p
, /* GT_PCI0M0HD */
657 cpu_mips_phys_to_kseg1(NULL
, 0x1be00000 + 0x60),
658 cpu_to_gt32(0x07e00000 << 3));
659 bl_gen_write_u32(p
, /* GT_PCI0M1LD */
660 cpu_mips_phys_to_kseg1(NULL
, 0x1be00000 + 0x80),
661 cpu_to_gt32(0x18200000 << 3));
662 bl_gen_write_u32(p
, /* GT_PCI0M1HD */
663 cpu_mips_phys_to_kseg1(NULL
, 0x1be00000 + 0x88),
664 cpu_to_gt32(0x0bc00000 << 3));
669 * The PIIX ISA bridge is on PCI bus 0 dev 10 func 0.
670 * Load the PIIX IRQC[A:D] routing config address, then
671 * write routing configuration to the config data register.
673 bl_gen_write_u32(p
, /* GT_PCI0_CFGADDR */
674 cpu_mips_phys_to_kseg1(NULL
, 0x1be00000 + 0xcf8),
675 tswap32((1 << 31) /* ConfigEn */
676 | PCI_BUILD_BDF(0, PIIX4_PCI_DEVFN
) << 8
678 bl_gen_write_u32(p
, /* GT_PCI0_CFGDATA */
679 cpu_mips_phys_to_kseg1(NULL
, 0x1be00000 + 0xcfc),
680 tswap32(ldl_be_p(pci_pins_cfg
)));
682 bl_gen_jump_kernel(p
,
683 true, ENVP_VADDR
- 64,
685 * If semihosting is used, arguments have already
686 * been passed, so we preserve $a0.
688 !semihosting_get_argc(), 2,
690 true, ENVP_VADDR
+ 8,
691 true, loaderparams
.ram_low_size
,
695 static void write_bootloader_nanomips(uint8_t *base
, uint64_t run_addr
,
696 uint64_t kernel_entry
)
700 /* Small bootloader */
701 p
= (uint16_t *)base
;
703 stw_p(p
++, 0x2800); stw_p(p
++, 0x001c);
705 stw_p(p
++, 0x8000); stw_p(p
++, 0xc000);
707 stw_p(p
++, 0x8000); stw_p(p
++, 0xc000);
709 stw_p(p
++, 0x8000); stw_p(p
++, 0xc000);
711 stw_p(p
++, 0x8000); stw_p(p
++, 0xc000);
713 stw_p(p
++, 0x8000); stw_p(p
++, 0xc000);
715 stw_p(p
++, 0x8000); stw_p(p
++, 0xc000);
717 stw_p(p
++, 0x8000); stw_p(p
++, 0xc000);
722 bl_setup_gt64120_jump_kernel((void **)&p
, run_addr
, kernel_entry
);
726 * ROM and pseudo bootloader
728 * The following code implements a very very simple bootloader. It first
729 * loads the registers a0 to a3 to the values expected by the OS, and
730 * then jump at the kernel address.
732 * The bootloader should pass the locations of the kernel arguments and
733 * environment variables tables. Those tables contain the 32-bit address
734 * of NULL terminated strings. The environment variables table should be
735 * terminated by a NULL address.
737 * For a simpler implementation, the number of kernel arguments is fixed
738 * to two (the name of the kernel and the command line), and the two
739 * tables are actually the same one.
741 * The registers a0 to a3 should contain the following values:
742 * a0 - number of kernel arguments
743 * a1 - 32-bit address of the kernel arguments table
744 * a2 - 32-bit address of the environment variables table
745 * a3 - RAM size in bytes
747 static void write_bootloader(uint8_t *base
, uint64_t run_addr
,
748 uint64_t kernel_entry
)
752 /* Small bootloader */
753 p
= (uint32_t *)base
;
755 stl_p(p
++, 0x08000000 | /* j 0x1fc00580 */
756 ((run_addr
+ 0x580) & 0x0fffffff) >> 2);
757 stl_p(p
++, 0x00000000); /* nop */
759 /* YAMON service vector */
760 stl_p(base
+ 0x500, run_addr
+ 0x0580); /* start: */
761 stl_p(base
+ 0x504, run_addr
+ 0x083c); /* print_count: */
762 stl_p(base
+ 0x520, run_addr
+ 0x0580); /* start: */
763 stl_p(base
+ 0x52c, run_addr
+ 0x0800); /* flush_cache: */
764 stl_p(base
+ 0x534, run_addr
+ 0x0808); /* print: */
765 stl_p(base
+ 0x538, run_addr
+ 0x0800); /* reg_cpu_isr: */
766 stl_p(base
+ 0x53c, run_addr
+ 0x0800); /* unred_cpu_isr: */
767 stl_p(base
+ 0x540, run_addr
+ 0x0800); /* reg_ic_isr: */
768 stl_p(base
+ 0x544, run_addr
+ 0x0800); /* unred_ic_isr: */
769 stl_p(base
+ 0x548, run_addr
+ 0x0800); /* reg_esr: */
770 stl_p(base
+ 0x54c, run_addr
+ 0x0800); /* unreg_esr: */
771 stl_p(base
+ 0x550, run_addr
+ 0x0800); /* getchar: */
772 stl_p(base
+ 0x554, run_addr
+ 0x0800); /* syscon_read: */
775 /* Second part of the bootloader */
776 p
= (uint32_t *) (base
+ 0x580);
779 * Load BAR registers as done by YAMON:
781 * - set up PCI0 I/O BARs from 0x18000000 to 0x181fffff
782 * - set up PCI0 MEM0 at 0x10000000, size 0x7e00000
783 * - set up PCI0 MEM1 at 0x18200000, size 0xbc00000
787 bl_setup_gt64120_jump_kernel((void **)&p
, run_addr
, kernel_entry
);
789 /* YAMON subroutines */
790 p
= (uint32_t *) (base
+ 0x800);
791 stl_p(p
++, 0x03e00009); /* jalr ra */
792 stl_p(p
++, 0x24020000); /* li v0,0 */
793 /* 808 YAMON print */
794 stl_p(p
++, 0x03e06821); /* move t5,ra */
795 stl_p(p
++, 0x00805821); /* move t3,a0 */
796 stl_p(p
++, 0x00a05021); /* move t2,a1 */
797 stl_p(p
++, 0x91440000); /* lbu a0,0(t2) */
798 stl_p(p
++, 0x254a0001); /* addiu t2,t2,1 */
799 stl_p(p
++, 0x10800005); /* beqz a0,834 */
800 stl_p(p
++, 0x00000000); /* nop */
801 stl_p(p
++, 0x0ff0021c); /* jal 870 */
802 stl_p(p
++, 0x00000000); /* nop */
803 stl_p(p
++, 0x1000fff9); /* b 814 */
804 stl_p(p
++, 0x00000000); /* nop */
805 stl_p(p
++, 0x01a00009); /* jalr t5 */
806 stl_p(p
++, 0x01602021); /* move a0,t3 */
807 /* 0x83c YAMON print_count */
808 stl_p(p
++, 0x03e06821); /* move t5,ra */
809 stl_p(p
++, 0x00805821); /* move t3,a0 */
810 stl_p(p
++, 0x00a05021); /* move t2,a1 */
811 stl_p(p
++, 0x00c06021); /* move t4,a2 */
812 stl_p(p
++, 0x91440000); /* lbu a0,0(t2) */
813 stl_p(p
++, 0x0ff0021c); /* jal 870 */
814 stl_p(p
++, 0x00000000); /* nop */
815 stl_p(p
++, 0x254a0001); /* addiu t2,t2,1 */
816 stl_p(p
++, 0x258cffff); /* addiu t4,t4,-1 */
817 stl_p(p
++, 0x1580fffa); /* bnez t4,84c */
818 stl_p(p
++, 0x00000000); /* nop */
819 stl_p(p
++, 0x01a00009); /* jalr t5 */
820 stl_p(p
++, 0x01602021); /* move a0,t3 */
822 stl_p(p
++, 0x3c08b800); /* lui t0,0xb400 */
823 stl_p(p
++, 0x350803f8); /* ori t0,t0,0x3f8 */
824 stl_p(p
++, 0x91090005); /* lbu t1,5(t0) */
825 stl_p(p
++, 0x00000000); /* nop */
826 stl_p(p
++, 0x31290040); /* andi t1,t1,0x40 */
827 stl_p(p
++, 0x1120fffc); /* beqz t1,878 <outch+0x8> */
828 stl_p(p
++, 0x00000000); /* nop */
829 stl_p(p
++, 0x03e00009); /* jalr ra */
830 stl_p(p
++, 0xa1040000); /* sb a0,0(t0) */
833 static void G_GNUC_PRINTF(3, 4) prom_set(uint32_t *prom_buf
, int index
,
834 const char *string
, ...)
839 if (index
>= ENVP_NB_ENTRIES
) {
843 if (string
== NULL
) {
848 table_addr
= sizeof(uint32_t) * ENVP_NB_ENTRIES
+ index
* ENVP_ENTRY_SIZE
;
849 prom_buf
[index
] = tswap32(ENVP_VADDR
+ table_addr
);
851 va_start(ap
, string
);
852 vsnprintf((char *)prom_buf
+ table_addr
, ENVP_ENTRY_SIZE
, string
, ap
);
856 static void reinitialize_rng_seed(void *opaque
)
858 char *rng_seed_hex
= opaque
;
859 uint8_t rng_seed
[32];
861 qemu_guest_getrandom_nofail(rng_seed
, sizeof(rng_seed
));
862 for (size_t i
= 0; i
< sizeof(rng_seed
); ++i
) {
863 sprintf(rng_seed_hex
+ i
* 2, "%02x", rng_seed
[i
]);
868 static uint64_t load_kernel(void)
870 uint64_t kernel_entry
, kernel_high
, initrd_size
;
872 ram_addr_t initrd_offset
;
876 uint8_t rng_seed
[32];
877 char rng_seed_hex
[sizeof(rng_seed
) * 2 + 1];
878 size_t rng_seed_prom_offset
;
880 kernel_size
= load_elf(loaderparams
.kernel_filename
, NULL
,
881 cpu_mips_kseg0_to_phys
, NULL
,
883 &kernel_high
, NULL
, TARGET_BIG_ENDIAN
, EM_MIPS
,
885 if (kernel_size
< 0) {
886 error_report("could not load kernel '%s': %s",
887 loaderparams
.kernel_filename
,
888 load_elf_strerror(kernel_size
));
892 /* Check where the kernel has been linked */
893 if (kernel_entry
<= USEG_LIMIT
) {
894 error_report("Trap-and-Emul kernels (Linux CONFIG_KVM_GUEST)"
895 " are not supported");
902 if (loaderparams
.initrd_filename
) {
903 initrd_size
= get_image_size(loaderparams
.initrd_filename
);
904 if (initrd_size
> 0) {
906 * The kernel allocates the bootmap memory in the low memory after
907 * the initrd. It takes at most 128kiB for 2GB RAM and 4kiB
910 initrd_offset
= ROUND_UP(loaderparams
.ram_low_size
911 - (initrd_size
+ 128 * KiB
),
913 if (kernel_high
>= initrd_offset
) {
914 error_report("memory too small for initial ram disk '%s'",
915 loaderparams
.initrd_filename
);
918 initrd_size
= load_image_targphys(loaderparams
.initrd_filename
,
920 loaderparams
.ram_size
- initrd_offset
);
922 if (initrd_size
== (target_ulong
) -1) {
923 error_report("could not load initial ram disk '%s'",
924 loaderparams
.initrd_filename
);
929 /* Setup prom parameters. */
930 prom_size
= ENVP_NB_ENTRIES
* (sizeof(int32_t) + ENVP_ENTRY_SIZE
);
931 prom_buf
= g_malloc(prom_size
);
933 prom_set(prom_buf
, prom_index
++, "%s", loaderparams
.kernel_filename
);
934 if (initrd_size
> 0) {
935 prom_set(prom_buf
, prom_index
++,
936 "rd_start=0x%" PRIx64
" rd_size=%" PRId64
" %s",
937 cpu_mips_phys_to_kseg0(NULL
, initrd_offset
),
938 initrd_size
, loaderparams
.kernel_cmdline
);
940 prom_set(prom_buf
, prom_index
++, "%s", loaderparams
.kernel_cmdline
);
943 prom_set(prom_buf
, prom_index
++, "memsize");
944 prom_set(prom_buf
, prom_index
++, "%u", loaderparams
.ram_low_size
);
946 prom_set(prom_buf
, prom_index
++, "ememsize");
947 prom_set(prom_buf
, prom_index
++, "%u", loaderparams
.ram_size
);
949 prom_set(prom_buf
, prom_index
++, "modetty0");
950 prom_set(prom_buf
, prom_index
++, "38400n8r");
952 qemu_guest_getrandom_nofail(rng_seed
, sizeof(rng_seed
));
953 for (size_t i
= 0; i
< sizeof(rng_seed
); ++i
) {
954 sprintf(rng_seed_hex
+ i
* 2, "%02x", rng_seed
[i
]);
956 prom_set(prom_buf
, prom_index
++, "rngseed");
957 rng_seed_prom_offset
= prom_index
* ENVP_ENTRY_SIZE
+
958 sizeof(uint32_t) * ENVP_NB_ENTRIES
;
959 prom_set(prom_buf
, prom_index
++, "%s", rng_seed_hex
);
961 prom_set(prom_buf
, prom_index
++, NULL
);
963 rom_add_blob_fixed("prom", prom_buf
, prom_size
, ENVP_PADDR
);
964 qemu_register_reset_nosnapshotload(reinitialize_rng_seed
,
965 rom_ptr(ENVP_PADDR
, prom_size
) + rng_seed_prom_offset
);
971 static void malta_mips_config(MIPSCPU
*cpu
)
973 MachineState
*ms
= MACHINE(qdev_get_machine());
974 unsigned int smp_cpus
= ms
->smp
.cpus
;
975 CPUMIPSState
*env
= &cpu
->env
;
976 CPUState
*cs
= CPU(cpu
);
978 if (ase_mt_available(env
)) {
979 env
->mvp
->CP0_MVPConf0
= deposit32(env
->mvp
->CP0_MVPConf0
,
981 smp_cpus
* cs
->nr_threads
- 1);
982 env
->mvp
->CP0_MVPConf0
= deposit32(env
->mvp
->CP0_MVPConf0
,
983 CP0MVPC0_PVPE
, 4, smp_cpus
- 1);
987 static int malta_pci_slot_get_pirq(PCIDevice
*pci_dev
, int irq_num
)
991 slot
= PCI_SLOT(pci_dev
->devfn
);
997 /* AMD 79C973 Ethernet */
1000 /* Crystal 4281 Sound */
1003 /* PCI slot 1 to 4 */
1005 return ((slot
- 18) + irq_num
) & 0x03;
1006 /* Unknown device, don't do any translation */
1012 static void main_cpu_reset(void *opaque
)
1014 MIPSCPU
*cpu
= opaque
;
1015 CPUMIPSState
*env
= &cpu
->env
;
1017 cpu_reset(CPU(cpu
));
1020 * The bootloader does not need to be rewritten as it is located in a
1021 * read only location. The kernel location and the arguments table
1022 * location does not change.
1024 if (loaderparams
.kernel_filename
) {
1025 env
->CP0_Status
&= ~(1 << CP0St_ERL
);
1028 malta_mips_config(cpu
);
1031 static void create_cpu_without_cps(MachineState
*ms
, MaltaState
*s
,
1032 qemu_irq
*cbus_irq
, qemu_irq
*i8259_irq
)
1038 for (i
= 0; i
< ms
->smp
.cpus
; i
++) {
1039 cpu
= mips_cpu_create_with_clock(ms
->cpu_type
, s
->cpuclk
);
1041 /* Init internal devices */
1042 cpu_mips_irq_init_cpu(cpu
);
1043 cpu_mips_clock_init(cpu
);
1044 qemu_register_reset(main_cpu_reset
, cpu
);
1047 cpu
= MIPS_CPU(first_cpu
);
1049 *i8259_irq
= env
->irq
[2];
1050 *cbus_irq
= env
->irq
[4];
1053 static void create_cps(MachineState
*ms
, MaltaState
*s
,
1054 qemu_irq
*cbus_irq
, qemu_irq
*i8259_irq
)
1056 object_initialize_child(OBJECT(s
), "cps", &s
->cps
, TYPE_MIPS_CPS
);
1057 object_property_set_str(OBJECT(&s
->cps
), "cpu-type", ms
->cpu_type
,
1059 object_property_set_uint(OBJECT(&s
->cps
), "num-vp", ms
->smp
.cpus
,
1061 qdev_connect_clock_in(DEVICE(&s
->cps
), "clk-in", s
->cpuclk
);
1062 sysbus_realize(SYS_BUS_DEVICE(&s
->cps
), &error_fatal
);
1064 sysbus_mmio_map_overlap(SYS_BUS_DEVICE(&s
->cps
), 0, 0, 1);
1066 *i8259_irq
= get_cps_irq(&s
->cps
, 3);
1070 static void mips_create_cpu(MachineState
*ms
, MaltaState
*s
,
1071 qemu_irq
*cbus_irq
, qemu_irq
*i8259_irq
)
1073 if ((ms
->smp
.cpus
> 1) && cpu_type_supports_cps_smp(ms
->cpu_type
)) {
1074 create_cps(ms
, s
, cbus_irq
, i8259_irq
);
1076 create_cpu_without_cps(ms
, s
, cbus_irq
, i8259_irq
);
1081 void mips_malta_init(MachineState
*machine
)
1083 ram_addr_t ram_size
= machine
->ram_size
;
1084 ram_addr_t ram_low_size
;
1085 const char *kernel_filename
= machine
->kernel_filename
;
1086 const char *kernel_cmdline
= machine
->kernel_cmdline
;
1087 const char *initrd_filename
= machine
->initrd_filename
;
1090 MemoryRegion
*system_memory
= get_system_memory();
1091 MemoryRegion
*ram_low_preio
= g_new(MemoryRegion
, 1);
1092 MemoryRegion
*ram_low_postio
;
1093 MemoryRegion
*bios
, *bios_copy
= g_new(MemoryRegion
, 1);
1094 const size_t smbus_eeprom_size
= 8 * 256;
1095 uint8_t *smbus_eeprom_buf
= g_malloc0(smbus_eeprom_size
);
1096 uint64_t kernel_entry
, bootloader_run_addr
;
1099 qemu_irq cbus_irq
, i8259_irq
;
1107 s
= MIPS_MALTA(qdev_new(TYPE_MIPS_MALTA
));
1108 sysbus_realize_and_unref(SYS_BUS_DEVICE(s
), &error_fatal
);
1111 mips_create_cpu(machine
, s
, &cbus_irq
, &i8259_irq
);
1114 if (ram_size
> 2 * GiB
) {
1115 error_report("Too much memory for this machine: %" PRId64
"MB,"
1116 " maximum 2048MB", ram_size
/ MiB
);
1120 /* register RAM at high address where it is undisturbed by IO */
1121 memory_region_add_subregion(system_memory
, 0x80000000, machine
->ram
);
1123 /* alias for pre IO hole access */
1124 memory_region_init_alias(ram_low_preio
, NULL
, "mips_malta_low_preio.ram",
1125 machine
->ram
, 0, MIN(ram_size
, 256 * MiB
));
1126 memory_region_add_subregion(system_memory
, 0, ram_low_preio
);
1128 /* alias for post IO hole access, if there is enough RAM */
1129 if (ram_size
> 512 * MiB
) {
1130 ram_low_postio
= g_new(MemoryRegion
, 1);
1131 memory_region_init_alias(ram_low_postio
, NULL
,
1132 "mips_malta_low_postio.ram",
1133 machine
->ram
, 512 * MiB
,
1134 ram_size
- 512 * MiB
);
1135 memory_region_add_subregion(system_memory
, 512 * MiB
,
1141 /* The CBUS UART is attached to the MIPS CPU INT2 pin, ie interrupt 4 */
1142 malta_fpga_init(system_memory
, FPGA_ADDRESS
, cbus_irq
, serial_hd(2));
1144 /* Load firmware in flash / BIOS. */
1145 dinfo
= drive_get(IF_PFLASH
, 0, fl_idx
);
1146 fl
= pflash_cfi01_register(FLASH_ADDRESS
, "mips_malta.bios",
1148 dinfo
? blk_by_legacy_dinfo(dinfo
) : NULL
,
1150 4, 0x0000, 0x0000, 0x0000, 0x0000,
1152 bios
= pflash_cfi01_get_memory(fl
);
1154 if (kernel_filename
) {
1155 ram_low_size
= MIN(ram_size
, 256 * MiB
);
1156 bootloader_run_addr
= cpu_mips_phys_to_kseg0(NULL
, RESET_ADDRESS
);
1158 /* Write a small bootloader to the flash location. */
1159 loaderparams
.ram_size
= ram_size
;
1160 loaderparams
.ram_low_size
= ram_low_size
;
1161 loaderparams
.kernel_filename
= kernel_filename
;
1162 loaderparams
.kernel_cmdline
= kernel_cmdline
;
1163 loaderparams
.initrd_filename
= initrd_filename
;
1164 kernel_entry
= load_kernel();
1166 if (!cpu_type_supports_isa(machine
->cpu_type
, ISA_NANOMIPS32
)) {
1167 write_bootloader(memory_region_get_ram_ptr(bios
),
1168 bootloader_run_addr
, kernel_entry
);
1170 write_bootloader_nanomips(memory_region_get_ram_ptr(bios
),
1171 bootloader_run_addr
, kernel_entry
);
1174 target_long bios_size
= FLASH_SIZE
;
1175 /* Load firmware from flash. */
1177 /* Load a BIOS image. */
1178 filename
= qemu_find_file(QEMU_FILE_TYPE_BIOS
,
1179 machine
->firmware
?: BIOS_FILENAME
);
1181 bios_size
= load_image_targphys(filename
, FLASH_ADDRESS
,
1187 if ((bios_size
< 0 || bios_size
> BIOS_SIZE
) &&
1188 machine
->firmware
&& !qtest_enabled()) {
1189 error_report("Could not load MIPS bios '%s'", machine
->firmware
);
1194 * In little endian mode the 32bit words in the bios are swapped,
1195 * a neat trick which allows bi-endian firmware.
1197 #if !TARGET_BIG_ENDIAN
1199 uint32_t *end
, *addr
;
1200 const size_t swapsize
= MIN(bios_size
, 0x3e0000);
1201 addr
= rom_ptr(FLASH_ADDRESS
, swapsize
);
1203 addr
= memory_region_get_ram_ptr(bios
);
1205 end
= (void *)addr
+ swapsize
;
1206 while (addr
< end
) {
1215 * Map the BIOS at a 2nd physical location, as on the real board.
1216 * Copy it so that we can patch in the MIPS revision, which cannot be
1217 * handled by an overlapping region as the resulting ROM code subpage
1218 * regions are not executable.
1220 memory_region_init_ram(bios_copy
, NULL
, "bios.1fc", BIOS_SIZE
,
1222 if (!rom_copy(memory_region_get_ram_ptr(bios_copy
),
1223 FLASH_ADDRESS
, BIOS_SIZE
)) {
1224 memcpy(memory_region_get_ram_ptr(bios_copy
),
1225 memory_region_get_ram_ptr(bios
), BIOS_SIZE
);
1227 memory_region_set_readonly(bios_copy
, true);
1228 memory_region_add_subregion(system_memory
, RESET_ADDRESS
, bios_copy
);
1230 /* Board ID = 0x420 (Malta Board with CoreLV) */
1231 stl_p(memory_region_get_ram_ptr(bios_copy
) + 0x10, 0x00000420);
1234 dev
= qdev_new("gt64120");
1235 qdev_prop_set_bit(dev
, "cpu-little-endian", !TARGET_BIG_ENDIAN
);
1236 sysbus_realize_and_unref(SYS_BUS_DEVICE(dev
), &error_fatal
);
1237 pci_bus
= PCI_BUS(qdev_get_child_bus(dev
, "pci"));
1238 pci_bus_map_irqs(pci_bus
, malta_pci_slot_get_pirq
);
1241 piix4
= pci_create_simple_multifunction(pci_bus
, PIIX4_PCI_DEVFN
,
1242 TYPE_PIIX4_PCI_DEVICE
);
1243 isa_bus
= ISA_BUS(qdev_get_child_bus(DEVICE(piix4
), "isa.0"));
1245 dev
= DEVICE(object_resolve_path_component(OBJECT(piix4
), "ide"));
1246 pci_ide_create_devs(PCI_DEVICE(dev
));
1248 /* Interrupt controller */
1249 qdev_connect_gpio_out_named(DEVICE(piix4
), "intr", 0, i8259_irq
);
1251 /* generate SPD EEPROM data */
1252 dev
= DEVICE(object_resolve_path_component(OBJECT(piix4
), "pm"));
1253 smbus
= I2C_BUS(qdev_get_child_bus(dev
, "i2c"));
1254 generate_eeprom_spd(&smbus_eeprom_buf
[0 * 256], ram_size
);
1255 generate_eeprom_serial(&smbus_eeprom_buf
[6 * 256]);
1256 smbus_eeprom_init(smbus
, 8, smbus_eeprom_buf
, smbus_eeprom_size
);
1257 g_free(smbus_eeprom_buf
);
1259 /* Super I/O: SMS FDC37M817 */
1260 isa_create_simple(isa_bus
, TYPE_FDC37M81X_SUPERIO
);
1263 network_init(pci_bus
);
1265 /* Optional PCI video card */
1266 pci_vga_init(pci_bus
);
1269 static void mips_malta_instance_init(Object
*obj
)
1271 MaltaState
*s
= MIPS_MALTA(obj
);
1273 s
->cpuclk
= qdev_init_clock_out(DEVICE(obj
), "cpu-refclk");
1274 clock_set_hz(s
->cpuclk
, 320000000); /* 320 MHz */
1277 static const TypeInfo mips_malta_device
= {
1278 .name
= TYPE_MIPS_MALTA
,
1279 .parent
= TYPE_SYS_BUS_DEVICE
,
1280 .instance_size
= sizeof(MaltaState
),
1281 .instance_init
= mips_malta_instance_init
,
1284 GlobalProperty malta_compat
[] = {
1285 { "PIIX4_PM", "memory-hotplug-support", "off" },
1286 { "PIIX4_PM", "acpi-pci-hotplug-with-bridge-support", "off" },
1287 { "PIIX4_PM", "acpi-root-pci-hotplug", "off" },
1288 { "PIIX4_PM", "x-not-migrate-acpi-index", "true" },
1290 const size_t malta_compat_len
= G_N_ELEMENTS(malta_compat
);
1292 static void mips_malta_machine_init(MachineClass
*mc
)
1294 mc
->desc
= "MIPS Malta Core LV";
1295 mc
->init
= mips_malta_init
;
1296 mc
->block_default_type
= IF_IDE
;
1298 mc
->is_default
= true;
1299 #ifdef TARGET_MIPS64
1300 mc
->default_cpu_type
= MIPS_CPU_TYPE_NAME("20Kc");
1302 mc
->default_cpu_type
= MIPS_CPU_TYPE_NAME("24Kf");
1304 mc
->default_ram_id
= "mips_malta.ram";
1305 compat_props_add(mc
->compat_props
, malta_compat
, malta_compat_len
);
1308 DEFINE_MACHINE("malta", mips_malta_machine_init
)
1310 static void mips_malta_register_types(void)
1312 type_register_static(&mips_malta_device
);
1315 type_init(mips_malta_register_types
)