qemu/hw/mips/malta.c
<<
>>
Prefs 
   1/*
   2 * QEMU Malta board support
   3 *
   4 * Copyright (c) 2006 Aurelien Jarno
   5 *
   6 * Permission is hereby granted, free of charge, to any person obtaining a copy
   7 * of this software and associated documentation files (the "Software"), to deal
   8 * in the Software without restriction, including without limitation the rights
   9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  10 * copies of the Software, and to permit persons to whom the Software is
  11 * furnished to do so, subject to the following conditions:
  12 *
  13 * The above copyright notice and this permission notice shall be included in
  14 * all copies or substantial portions of the Software.
  15 *
  16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
  19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  22 * THE SOFTWARE.
  23 */
  24
  25#include "qemu/osdep.h"
  26#include "qemu/units.h"
  27#include "qemu-common.h"
  28#include "cpu.h"
  29#include "hw/southbridge/piix.h"
  30#include "hw/isa/superio.h"
  31#include "hw/char/serial.h"
  32#include "net/net.h"
  33#include "hw/boards.h"
  34#include "hw/i2c/smbus_eeprom.h"
  35#include "hw/block/flash.h"
  36#include "hw/mips/mips.h"
  37#include "hw/mips/cpudevs.h"
  38#include "hw/pci/pci.h"
  39#include "sysemu/sysemu.h"
  40#include "sysemu/arch_init.h"
  41#include "qemu/log.h"
  42#include "hw/mips/bios.h"
  43#include "hw/ide.h"
  44#include "hw/irq.h"
  45#include "hw/loader.h"
  46#include "elf.h"
  47#include "exec/address-spaces.h"
  48#include "hw/sysbus.h"             /* SysBusDevice */
  49#include "qemu/host-utils.h"
  50#include "sysemu/qtest.h"
  51#include "sysemu/reset.h"
  52#include "sysemu/runstate.h"
  53#include "qapi/error.h"
  54#include "qemu/error-report.h"
  55#include "hw/misc/empty_slot.h"
  56#include "sysemu/kvm.h"
  57#include "hw/semihosting/semihost.h"
  58#include "hw/mips/cps.h"
  59
  60#define ENVP_ADDR           0x80002000l
  61#define ENVP_NB_ENTRIES     16
  62#define ENVP_ENTRY_SIZE     256
  63
  64/* Hardware addresses */
  65#define FLASH_ADDRESS       0x1e000000ULL
  66#define FPGA_ADDRESS        0x1f000000ULL
  67#define RESET_ADDRESS       0x1fc00000ULL
  68
  69#define FLASH_SIZE          0x400000
  70
  71#define MAX_IDE_BUS         2
  72
  73typedef struct {
  74    MemoryRegion iomem;
  75    MemoryRegion iomem_lo; /* 0 - 0x900 */
  76    MemoryRegion iomem_hi; /* 0xa00 - 0x100000 */
  77    uint32_t leds;
  78    uint32_t brk;
  79    uint32_t gpout;
  80    uint32_t i2cin;
  81    uint32_t i2coe;
  82    uint32_t i2cout;
  83    uint32_t i2csel;
  84    CharBackend display;
  85    char display_text[9];
  86    SerialMM *uart;
  87    bool display_inited;
  88} MaltaFPGAState;
  89
  90#define TYPE_MIPS_MALTA "mips-malta"
  91#define MIPS_MALTA(obj) OBJECT_CHECK(MaltaState, (obj), TYPE_MIPS_MALTA)
  92
  93typedef struct {
  94    SysBusDevice parent_obj;
  95
  96    MIPSCPSState cps;
  97    qemu_irq i8259[ISA_NUM_IRQS];
  98} MaltaState;
  99
 100static struct _loaderparams {
 101    int ram_size, ram_low_size;
 102    const char *kernel_filename;
 103    const char *kernel_cmdline;
 104    const char *initrd_filename;
 105} loaderparams;
 106
 107/* Malta FPGA */
 108static void malta_fpga_update_display(void *opaque)
 109{
 110    char leds_text[9];
 111    int i;
 112    MaltaFPGAState *s = opaque;
 113
 114    for (i = 7 ; i >= 0 ; i--) {
 115        if (s->leds & (1 << i)) {
 116            leds_text[i] = '#';
 117        } else {
 118            leds_text[i] = ' ';
 119        }
 120    }
 121    leds_text[8] = '\0';
 122
 123    qemu_chr_fe_printf(&s->display, "\e[H\n\n|\e[32m%-8.8s\e[00m|\r\n",
 124                       leds_text);
 125    qemu_chr_fe_printf(&s->display, "\n\n\n\n|\e[31m%-8.8s\e[00m|",
 126                       s->display_text);
 127}
 128
 129/*
 130 * EEPROM 24C01 / 24C02 emulation.
 131 *
 132 * Emulation for serial EEPROMs:
 133 * 24C01 - 1024 bit (128 x 8)
 134 * 24C02 - 2048 bit (256 x 8)
 135 *
 136 * Typical device names include Microchip 24C02SC or SGS Thomson ST24C02.
 137 */
 138
 139#if defined(DEBUG)
 140#  define logout(fmt, ...) \
 141          fprintf(stderr, "MALTA\t%-24s" fmt, __func__, ## __VA_ARGS__)
 142#else
 143#  define logout(fmt, ...) ((void)0)
 144#endif
 145
 146struct _eeprom24c0x_t {
 147  uint8_t tick;
 148  uint8_t address;
 149  uint8_t command;
 150  uint8_t ack;
 151  uint8_t scl;
 152  uint8_t sda;
 153  uint8_t data;
 154  /* uint16_t size; */
 155  uint8_t contents[256];
 156};
 157
 158typedef struct _eeprom24c0x_t eeprom24c0x_t;
 159
 160static eeprom24c0x_t spd_eeprom = {
 161    .contents = {
 162        /* 00000000: */
 163        0x80, 0x08, 0xFF, 0x0D, 0x0A, 0xFF, 0x40, 0x00,
 164        /* 00000008: */
 165        0x01, 0x75, 0x54, 0x00, 0x82, 0x08, 0x00, 0x01,
 166        /* 00000010: */
 167        0x8F, 0x04, 0x02, 0x01, 0x01, 0x00, 0x00, 0x00,
 168        /* 00000018: */
 169        0x00, 0x00, 0x00, 0x14, 0x0F, 0x14, 0x2D, 0xFF,
 170        /* 00000020: */
 171        0x15, 0x08, 0x15, 0x08, 0x00, 0x00, 0x00, 0x00,
 172        /* 00000028: */
 173        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 174        /* 00000030: */
 175        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 176        /* 00000038: */
 177        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0xD0,
 178        /* 00000040: */
 179        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 180        /* 00000048: */
 181        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 182        /* 00000050: */
 183        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 184        /* 00000058: */
 185        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 186        /* 00000060: */
 187        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 188        /* 00000068: */
 189        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 190        /* 00000070: */
 191        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 192        /* 00000078: */
 193        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x64, 0xF4,
 194    },
 195};
 196
 197static void generate_eeprom_spd(uint8_t *eeprom, ram_addr_t ram_size)
 198{
 199    enum { SDR = 0x4, DDR2 = 0x8 } type;
 200    uint8_t *spd = spd_eeprom.contents;
 201    uint8_t nbanks = 0;
 202    uint16_t density = 0;
 203    int i;
 204
 205    /* work in terms of MB */
 206    ram_size /= MiB;
 207
 208    while ((ram_size >= 4) && (nbanks <= 2)) {
 209        int sz_log2 = MIN(31 - clz32(ram_size), 14);
 210        nbanks++;
 211        density |= 1 << (sz_log2 - 2);
 212        ram_size -= 1 << sz_log2;
 213    }
 214
 215    /* split to 2 banks if possible */
 216    if ((nbanks == 1) && (density > 1)) {
 217        nbanks++;
 218        density >>= 1;
 219    }
 220
 221    if (density & 0xff00) {
 222        density = (density & 0xe0) | ((density >> 8) & 0x1f);
 223        type = DDR2;
 224    } else if (!(density & 0x1f)) {
 225        type = DDR2;
 226    } else {
 227        type = SDR;
 228    }
 229
 230    if (ram_size) {
 231        warn_report("SPD cannot represent final " RAM_ADDR_FMT "MB"
 232                    " of SDRAM", ram_size);
 233    }
 234
 235    /* fill in SPD memory information */
 236    spd[2] = type;
 237    spd[5] = nbanks;
 238    spd[31] = density;
 239
 240    /* checksum */
 241    spd[63] = 0;
 242    for (i = 0; i < 63; i++) {
 243        spd[63] += spd[i];
 244    }
 245
 246    /* copy for SMBUS */
 247    memcpy(eeprom, spd, sizeof(spd_eeprom.contents));
 248}
 249
 250static void generate_eeprom_serial(uint8_t *eeprom)
 251{
 252    int i, pos = 0;
 253    uint8_t mac[6] = { 0x00 };
 254    uint8_t sn[5] = { 0x01, 0x23, 0x45, 0x67, 0x89 };
 255
 256    /* version */
 257    eeprom[pos++] = 0x01;
 258
 259    /* count */
 260    eeprom[pos++] = 0x02;
 261
 262    /* MAC address */
 263    eeprom[pos++] = 0x01; /* MAC */
 264    eeprom[pos++] = 0x06; /* length */
 265    memcpy(&eeprom[pos], mac, sizeof(mac));
 266    pos += sizeof(mac);
 267
 268    /* serial number */
 269    eeprom[pos++] = 0x02; /* serial */
 270    eeprom[pos++] = 0x05; /* length */
 271    memcpy(&eeprom[pos], sn, sizeof(sn));
 272    pos += sizeof(sn);
 273
 274    /* checksum */
 275    eeprom[pos] = 0;
 276    for (i = 0; i < pos; i++) {
 277        eeprom[pos] += eeprom[i];
 278    }
 279}
 280
 281static uint8_t eeprom24c0x_read(eeprom24c0x_t *eeprom)
 282{
 283    logout("%u: scl = %u, sda = %u, data = 0x%02x\n",
 284        eeprom->tick, eeprom->scl, eeprom->sda, eeprom->data);
 285    return eeprom->sda;
 286}
 287
 288static void eeprom24c0x_write(eeprom24c0x_t *eeprom, int scl, int sda)
 289{
 290    if (eeprom->scl && scl && (eeprom->sda != sda)) {
 291        logout("%u: scl = %u->%u, sda = %u->%u i2c %s\n",
 292                eeprom->tick, eeprom->scl, scl, eeprom->sda, sda,
 293                sda ? "stop" : "start");
 294        if (!sda) {
 295            eeprom->tick = 1;
 296            eeprom->command = 0;
 297        }
 298    } else if (eeprom->tick == 0 && !eeprom->ack) {
 299        /* Waiting for start. */
 300        logout("%u: scl = %u->%u, sda = %u->%u wait for i2c start\n",
 301                eeprom->tick, eeprom->scl, scl, eeprom->sda, sda);
 302    } else if (!eeprom->scl && scl) {
 303        logout("%u: scl = %u->%u, sda = %u->%u trigger bit\n",
 304                eeprom->tick, eeprom->scl, scl, eeprom->sda, sda);
 305        if (eeprom->ack) {
 306            logout("\ti2c ack bit = 0\n");
 307            sda = 0;
 308            eeprom->ack = 0;
 309        } else if (eeprom->sda == sda) {
 310            uint8_t bit = (sda != 0);
 311            logout("\ti2c bit = %d\n", bit);
 312            if (eeprom->tick < 9) {
 313                eeprom->command <<= 1;
 314                eeprom->command += bit;
 315                eeprom->tick++;
 316                if (eeprom->tick == 9) {
 317                    logout("\tcommand 0x%04x, %s\n", eeprom->command,
 318                           bit ? "read" : "write");
 319                    eeprom->ack = 1;
 320                }
 321            } else if (eeprom->tick < 17) {
 322                if (eeprom->command & 1) {
 323                    sda = ((eeprom->data & 0x80) != 0);
 324                }
 325                eeprom->address <<= 1;
 326                eeprom->address += bit;
 327                eeprom->tick++;
 328                eeprom->data <<= 1;
 329                if (eeprom->tick == 17) {
 330                    eeprom->data = eeprom->contents[eeprom->address];
 331                    logout("\taddress 0x%04x, data 0x%02x\n",
 332                           eeprom->address, eeprom->data);
 333                    eeprom->ack = 1;
 334                    eeprom->tick = 0;
 335                }
 336            } else if (eeprom->tick >= 17) {
 337                sda = 0;
 338            }
 339        } else {
 340            logout("\tsda changed with raising scl\n");
 341        }
 342    } else {
 343        logout("%u: scl = %u->%u, sda = %u->%u\n", eeprom->tick, eeprom->scl,
 344               scl, eeprom->sda, sda);
 345    }
 346    eeprom->scl = scl;
 347    eeprom->sda = sda;
 348}
 349
 350static uint64_t malta_fpga_read(void *opaque, hwaddr addr,
 351                                unsigned size)
 352{
 353    MaltaFPGAState *s = opaque;
 354    uint32_t val = 0;
 355    uint32_t saddr;
 356
 357    saddr = (addr & 0xfffff);
 358
 359    switch (saddr) {
 360
 361    /* SWITCH Register */
 362    case 0x00200:
 363        val = 0x00000000;
 364        break;
 365
 366    /* STATUS Register */
 367    case 0x00208:
 368#ifdef TARGET_WORDS_BIGENDIAN
 369        val = 0x00000012;
 370#else
 371        val = 0x00000010;
 372#endif
 373        break;
 374
 375    /* JMPRS Register */
 376    case 0x00210:
 377        val = 0x00;
 378        break;
 379
 380    /* LEDBAR Register */
 381    case 0x00408:
 382        val = s->leds;
 383        break;
 384
 385    /* BRKRES Register */
 386    case 0x00508:
 387        val = s->brk;
 388        break;
 389
 390    /* UART Registers are handled directly by the serial device */
 391
 392    /* GPOUT Register */
 393    case 0x00a00:
 394        val = s->gpout;
 395        break;
 396
 397    /* XXX: implement a real I2C controller */
 398
 399    /* GPINP Register */
 400    case 0x00a08:
 401        /* IN = OUT until a real I2C control is implemented */
 402        if (s->i2csel) {
 403            val = s->i2cout;
 404        } else {
 405            val = 0x00;
 406        }
 407        break;
 408
 409    /* I2CINP Register */
 410    case 0x00b00:
 411        val = ((s->i2cin & ~1) | eeprom24c0x_read(&spd_eeprom));
 412        break;
 413
 414    /* I2COE Register */
 415    case 0x00b08:
 416        val = s->i2coe;
 417        break;
 418
 419    /* I2COUT Register */
 420    case 0x00b10:
 421        val = s->i2cout;
 422        break;
 423
 424    /* I2CSEL Register */
 425    case 0x00b18:
 426        val = s->i2csel;
 427        break;
 428
 429    default:
 430        qemu_log_mask(LOG_GUEST_ERROR,
 431                      "malta_fpga_read: Bad register addr 0x%"HWADDR_PRIX"\n",
 432                      addr);
 433        break;
 434    }
 435    return val;
 436}
 437
 438static void malta_fpga_write(void *opaque, hwaddr addr,
 439                             uint64_t val, unsigned size)
 440{
 441    MaltaFPGAState *s = opaque;
 442    uint32_t saddr;
 443
 444    saddr = (addr & 0xfffff);
 445
 446    switch (saddr) {
 447
 448    /* SWITCH Register */
 449    case 0x00200:
 450        break;
 451
 452    /* JMPRS Register */
 453    case 0x00210:
 454        break;
 455
 456    /* LEDBAR Register */
 457    case 0x00408:
 458        s->leds = val & 0xff;
 459        malta_fpga_update_display(s);
 460        break;
 461
 462    /* ASCIIWORD Register */
 463    case 0x00410:
 464        snprintf(s->display_text, 9, "%08X", (uint32_t)val);
 465        malta_fpga_update_display(s);
 466        break;
 467
 468    /* ASCIIPOS0 to ASCIIPOS7 Registers */
 469    case 0x00418:
 470    case 0x00420:
 471    case 0x00428:
 472    case 0x00430:
 473    case 0x00438:
 474    case 0x00440:
 475    case 0x00448:
 476    case 0x00450:
 477        s->display_text[(saddr - 0x00418) >> 3] = (char) val;
 478        malta_fpga_update_display(s);
 479        break;
 480
 481    /* SOFTRES Register */
 482    case 0x00500:
 483        if (val == 0x42) {
 484            qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET);
 485        }
 486        break;
 487
 488    /* BRKRES Register */
 489    case 0x00508:
 490        s->brk = val & 0xff;
 491        break;
 492
 493    /* UART Registers are handled directly by the serial device */
 494
 495    /* GPOUT Register */
 496    case 0x00a00:
 497        s->gpout = val & 0xff;
 498        break;
 499
 500    /* I2COE Register */
 501    case 0x00b08:
 502        s->i2coe = val & 0x03;
 503        break;
 504
 505    /* I2COUT Register */
 506    case 0x00b10:
 507        eeprom24c0x_write(&spd_eeprom, val & 0x02, val & 0x01);
 508        s->i2cout = val;
 509        break;
 510
 511    /* I2CSEL Register */
 512    case 0x00b18:
 513        s->i2csel = val & 0x01;
 514        break;
 515
 516    default:
 517        qemu_log_mask(LOG_GUEST_ERROR,
 518                      "malta_fpga_write: Bad register addr 0x%"HWADDR_PRIX"\n",
 519                      addr);
 520        break;
 521    }
 522}
 523
 524static const MemoryRegionOps malta_fpga_ops = {
 525    .read = malta_fpga_read,
 526    .write = malta_fpga_write,
 527    .endianness = DEVICE_NATIVE_ENDIAN,
 528};
 529
 530static void malta_fpga_reset(void *opaque)
 531{
 532    MaltaFPGAState *s = opaque;
 533
 534    s->leds   = 0x00;
 535    s->brk    = 0x0a;
 536    s->gpout  = 0x00;
 537    s->i2cin  = 0x3;
 538    s->i2coe  = 0x0;
 539    s->i2cout = 0x3;
 540    s->i2csel = 0x1;
 541
 542    s->display_text[8] = '\0';
 543    snprintf(s->display_text, 9, "        ");
 544}
 545
 546static void malta_fgpa_display_event(void *opaque, QEMUChrEvent event)
 547{
 548    MaltaFPGAState *s = opaque;
 549
 550    if (event == CHR_EVENT_OPENED && !s->display_inited) {
 551        qemu_chr_fe_printf(&s->display, "\e[HMalta LEDBAR\r\n");
 552        qemu_chr_fe_printf(&s->display, "+--------+\r\n");
 553        qemu_chr_fe_printf(&s->display, "+        +\r\n");
 554        qemu_chr_fe_printf(&s->display, "+--------+\r\n");
 555        qemu_chr_fe_printf(&s->display, "\n");
 556        qemu_chr_fe_printf(&s->display, "Malta ASCII\r\n");
 557        qemu_chr_fe_printf(&s->display, "+--------+\r\n");
 558        qemu_chr_fe_printf(&s->display, "+        +\r\n");
 559        qemu_chr_fe_printf(&s->display, "+--------+\r\n");
 560        s->display_inited = true;
 561    }
 562}
 563
 564static MaltaFPGAState *malta_fpga_init(MemoryRegion *address_space,
 565         hwaddr base, qemu_irq uart_irq, Chardev *uart_chr)
 566{
 567    MaltaFPGAState *s;
 568    Chardev *chr;
 569
 570    s = g_new0(MaltaFPGAState, 1);
 571
 572    memory_region_init_io(&s->iomem, NULL, &malta_fpga_ops, s,
 573                          "malta-fpga", 0x100000);
 574    memory_region_init_alias(&s->iomem_lo, NULL, "malta-fpga",
 575                             &s->iomem, 0, 0x900);
 576    memory_region_init_alias(&s->iomem_hi, NULL, "malta-fpga",
 577                             &s->iomem, 0xa00, 0x10000 - 0xa00);
 578
 579    memory_region_add_subregion(address_space, base, &s->iomem_lo);
 580    memory_region_add_subregion(address_space, base + 0xa00, &s->iomem_hi);
 581
 582    chr = qemu_chr_new("fpga", "vc:320x200", NULL);
 583    qemu_chr_fe_init(&s->display, chr, NULL);
 584    qemu_chr_fe_set_handlers(&s->display, NULL, NULL,
 585                             malta_fgpa_display_event, NULL, s, NULL, true);
 586
 587    s->uart = serial_mm_init(address_space, base + 0x900, 3, uart_irq,
 588                             230400, uart_chr, DEVICE_NATIVE_ENDIAN);
 589
 590    malta_fpga_reset(s);
 591    qemu_register_reset(malta_fpga_reset, s);
 592
 593    return s;
 594}
 595
 596/* Network support */
 597static void network_init(PCIBus *pci_bus)
 598{
 599    int i;
 600
 601    for (i = 0; i < nb_nics; i++) {
 602        NICInfo *nd = &nd_table[i];
 603        const char *default_devaddr = NULL;
 604
 605        if (i == 0 && (!nd->model || strcmp(nd->model, "pcnet") == 0))
 606            /* The malta board has a PCNet card using PCI SLOT 11 */
 607            default_devaddr = "0b";
 608
 609        pci_nic_init_nofail(nd, pci_bus, "pcnet", default_devaddr);
 610    }
 611}
 612
 613static void write_bootloader_nanomips(uint8_t *base, int64_t run_addr,
 614                                      int64_t kernel_entry)
 615{
 616    uint16_t *p;
 617
 618    /* Small bootloader */
 619    p = (uint16_t *)base;
 620
 621#define NM_HI1(VAL) (((VAL) >> 16) & 0x1f)
 622#define NM_HI2(VAL) \
 623          (((VAL) & 0xf000) | (((VAL) >> 19) & 0xffc) | (((VAL) >> 31) & 0x1))
 624#define NM_LO(VAL)  ((VAL) & 0xfff)
 625
 626    stw_p(p++, 0x2800); stw_p(p++, 0x001c);
 627                                /* bc to_here */
 628    stw_p(p++, 0x8000); stw_p(p++, 0xc000);
 629                                /* nop */
 630    stw_p(p++, 0x8000); stw_p(p++, 0xc000);
 631                                /* nop */
 632    stw_p(p++, 0x8000); stw_p(p++, 0xc000);
 633                                /* nop */
 634    stw_p(p++, 0x8000); stw_p(p++, 0xc000);
 635                                /* nop */
 636    stw_p(p++, 0x8000); stw_p(p++, 0xc000);
 637                                /* nop */
 638    stw_p(p++, 0x8000); stw_p(p++, 0xc000);
 639                                /* nop */
 640    stw_p(p++, 0x8000); stw_p(p++, 0xc000);
 641                                /* nop */
 642
 643    /* to_here: */
 644    if (semihosting_get_argc()) {
 645        /* Preserve a0 content as arguments have been passed    */
 646        stw_p(p++, 0x8000); stw_p(p++, 0xc000);
 647                                /* nop                          */
 648    } else {
 649        stw_p(p++, 0x0080); stw_p(p++, 0x0002);
 650                                /* li a0,2                      */
 651    }
 652
 653    stw_p(p++, 0xe3a0 | NM_HI1(ENVP_ADDR - 64));
 654
 655    stw_p(p++, NM_HI2(ENVP_ADDR - 64));
 656                                /* lui sp,%hi(ENVP_ADDR - 64)   */
 657
 658    stw_p(p++, 0x83bd); stw_p(p++, NM_LO(ENVP_ADDR - 64));
 659                                /* ori sp,sp,%lo(ENVP_ADDR - 64) */
 660
 661    stw_p(p++, 0xe0a0 | NM_HI1(ENVP_ADDR));
 662
 663    stw_p(p++, NM_HI2(ENVP_ADDR));
 664                                /* lui a1,%hi(ENVP_ADDR)        */
 665
 666    stw_p(p++, 0x80a5); stw_p(p++, NM_LO(ENVP_ADDR));
 667                                /* ori a1,a1,%lo(ENVP_ADDR)     */
 668
 669    stw_p(p++, 0xe0c0 | NM_HI1(ENVP_ADDR + 8));
 670
 671    stw_p(p++, NM_HI2(ENVP_ADDR + 8));
 672                                /* lui a2,%hi(ENVP_ADDR + 8)    */
 673
 674    stw_p(p++, 0x80c6); stw_p(p++, NM_LO(ENVP_ADDR + 8));
 675                                /* ori a2,a2,%lo(ENVP_ADDR + 8) */
 676
 677    stw_p(p++, 0xe0e0 | NM_HI1(loaderparams.ram_low_size));
 678
 679    stw_p(p++, NM_HI2(loaderparams.ram_low_size));
 680                                /* lui a3,%hi(loaderparams.ram_low_size) */
 681
 682    stw_p(p++, 0x80e7); stw_p(p++, NM_LO(loaderparams.ram_low_size));
 683                                /* ori a3,a3,%lo(loaderparams.ram_low_size) */
 684
 685    /*
 686     * Load BAR registers as done by YAMON:
 687     *
 688     *  - set up PCI0 I/O BARs from 0x18000000 to 0x181fffff
 689     *  - set up PCI0 MEM0 at 0x10000000, size 0x8000000
 690     *  - set up PCI0 MEM1 at 0x18200000, size 0xbe00000
 691     *
 692     */
 693    stw_p(p++, 0xe040); stw_p(p++, 0x0681);
 694                                /* lui t1, %hi(0xb4000000)      */
 695
 696#ifdef TARGET_WORDS_BIGENDIAN
 697
 698    stw_p(p++, 0xe020); stw_p(p++, 0x0be1);
 699                                /* lui t0, %hi(0xdf000000)      */
 700
 701    /* 0x68 corresponds to GT_ISD (from hw/mips/gt64xxx_pci.c)  */
 702    stw_p(p++, 0x8422); stw_p(p++, 0x9068);
 703                                /* sw t0, 0x68(t1)              */
 704
 705    stw_p(p++, 0xe040); stw_p(p++, 0x077d);
 706                                /* lui t1, %hi(0xbbe00000)      */
 707
 708    stw_p(p++, 0xe020); stw_p(p++, 0x0801);
 709                                /* lui t0, %hi(0xc0000000)      */
 710
 711    /* 0x48 corresponds to GT_PCI0IOLD                          */
 712    stw_p(p++, 0x8422); stw_p(p++, 0x9048);
 713                                /* sw t0, 0x48(t1)              */
 714
 715    stw_p(p++, 0xe020); stw_p(p++, 0x0800);
 716                                /* lui t0, %hi(0x40000000)      */
 717
 718    /* 0x50 corresponds to GT_PCI0IOHD                          */
 719    stw_p(p++, 0x8422); stw_p(p++, 0x9050);
 720                                /* sw t0, 0x50(t1)              */
 721
 722    stw_p(p++, 0xe020); stw_p(p++, 0x0001);
 723                                /* lui t0, %hi(0x80000000)      */
 724
 725    /* 0x58 corresponds to GT_PCI0M0LD                          */
 726    stw_p(p++, 0x8422); stw_p(p++, 0x9058);
 727                                /* sw t0, 0x58(t1)              */
 728
 729    stw_p(p++, 0xe020); stw_p(p++, 0x07e0);
 730                                /* lui t0, %hi(0x3f000000)      */
 731
 732    /* 0x60 corresponds to GT_PCI0M0HD                          */
 733    stw_p(p++, 0x8422); stw_p(p++, 0x9060);
 734                                /* sw t0, 0x60(t1)              */
 735
 736    stw_p(p++, 0xe020); stw_p(p++, 0x0821);
 737                                /* lui t0, %hi(0xc1000000)      */
 738
 739    /* 0x80 corresponds to GT_PCI0M1LD                          */
 740    stw_p(p++, 0x8422); stw_p(p++, 0x9080);
 741                                /* sw t0, 0x80(t1)              */
 742
 743    stw_p(p++, 0xe020); stw_p(p++, 0x0bc0);
 744                                /* lui t0, %hi(0x5e000000)      */
 745
 746#else
 747
 748    stw_p(p++, 0x0020); stw_p(p++, 0x00df);
 749                                /* addiu[32] t0, $0, 0xdf       */
 750
 751    /* 0x68 corresponds to GT_ISD                               */
 752    stw_p(p++, 0x8422); stw_p(p++, 0x9068);
 753                                /* sw t0, 0x68(t1)              */
 754
 755    /* Use kseg2 remapped address 0x1be00000                    */
 756    stw_p(p++, 0xe040); stw_p(p++, 0x077d);
 757                                /* lui t1, %hi(0xbbe00000)      */
 758
 759    stw_p(p++, 0x0020); stw_p(p++, 0x00c0);
 760                                /* addiu[32] t0, $0, 0xc0       */
 761
 762    /* 0x48 corresponds to GT_PCI0IOLD                          */
 763    stw_p(p++, 0x8422); stw_p(p++, 0x9048);
 764                                /* sw t0, 0x48(t1)              */
 765
 766    stw_p(p++, 0x0020); stw_p(p++, 0x0040);
 767                                /* addiu[32] t0, $0, 0x40       */
 768
 769    /* 0x50 corresponds to GT_PCI0IOHD                          */
 770    stw_p(p++, 0x8422); stw_p(p++, 0x9050);
 771                                /* sw t0, 0x50(t1)              */
 772
 773    stw_p(p++, 0x0020); stw_p(p++, 0x0080);
 774                                /* addiu[32] t0, $0, 0x80       */
 775
 776    /* 0x58 corresponds to GT_PCI0M0LD                          */
 777    stw_p(p++, 0x8422); stw_p(p++, 0x9058);
 778                                /* sw t0, 0x58(t1)              */
 779
 780    stw_p(p++, 0x0020); stw_p(p++, 0x003f);
 781                                /* addiu[32] t0, $0, 0x3f       */
 782
 783    /* 0x60 corresponds to GT_PCI0M0HD                          */
 784    stw_p(p++, 0x8422); stw_p(p++, 0x9060);
 785                                /* sw t0, 0x60(t1)              */
 786
 787    stw_p(p++, 0x0020); stw_p(p++, 0x00c1);
 788                                /* addiu[32] t0, $0, 0xc1       */
 789
 790    /* 0x80 corresponds to GT_PCI0M1LD                          */
 791    stw_p(p++, 0x8422); stw_p(p++, 0x9080);
 792                                /* sw t0, 0x80(t1)              */
 793
 794    stw_p(p++, 0x0020); stw_p(p++, 0x005e);
 795                                /* addiu[32] t0, $0, 0x5e       */
 796
 797#endif
 798
 799    /* 0x88 corresponds to GT_PCI0M1HD                          */
 800    stw_p(p++, 0x8422); stw_p(p++, 0x9088);
 801                                /* sw t0, 0x88(t1)              */
 802
 803    stw_p(p++, 0xe320 | NM_HI1(kernel_entry));
 804
 805    stw_p(p++, NM_HI2(kernel_entry));
 806                                /* lui t9,%hi(kernel_entry)     */
 807
 808    stw_p(p++, 0x8339); stw_p(p++, NM_LO(kernel_entry));
 809                                /* ori t9,t9,%lo(kernel_entry)  */
 810
 811    stw_p(p++, 0x4bf9); stw_p(p++, 0x0000);
 812                                /* jalrc   t8                   */
 813}
 814
 815/*
 816 * ROM and pseudo bootloader
 817 *
 818 * The following code implements a very very simple bootloader. It first
 819 * loads the registers a0 to a3 to the values expected by the OS, and
 820 * then jump at the kernel address.
 821 *
 822 * The bootloader should pass the locations of the kernel arguments and
 823 * environment variables tables. Those tables contain the 32-bit address
 824 * of NULL terminated strings. The environment variables table should be
 825 * terminated by a NULL address.
 826 *
 827 * For a simpler implementation, the number of kernel arguments is fixed
 828 * to two (the name of the kernel and the command line), and the two
 829 * tables are actually the same one.
 830 *
 831 * The registers a0 to a3 should contain the following values:
 832 *   a0 - number of kernel arguments
 833 *   a1 - 32-bit address of the kernel arguments table
 834 *   a2 - 32-bit address of the environment variables table
 835 *   a3 - RAM size in bytes
 836 */
 837static void write_bootloader(uint8_t *base, int64_t run_addr,
 838                             int64_t kernel_entry)
 839{
 840    uint32_t *p;
 841
 842    /* Small bootloader */
 843    p = (uint32_t *)base;
 844
 845    stl_p(p++, 0x08000000 |                  /* j 0x1fc00580 */
 846                 ((run_addr + 0x580) & 0x0fffffff) >> 2);
 847    stl_p(p++, 0x00000000);                  /* nop */
 848
 849    /* YAMON service vector */
 850    stl_p(base + 0x500, run_addr + 0x0580);  /* start: */
 851    stl_p(base + 0x504, run_addr + 0x083c);  /* print_count: */
 852    stl_p(base + 0x520, run_addr + 0x0580);  /* start: */
 853    stl_p(base + 0x52c, run_addr + 0x0800);  /* flush_cache: */
 854    stl_p(base + 0x534, run_addr + 0x0808);  /* print: */
 855    stl_p(base + 0x538, run_addr + 0x0800);  /* reg_cpu_isr: */
 856    stl_p(base + 0x53c, run_addr + 0x0800);  /* unred_cpu_isr: */
 857    stl_p(base + 0x540, run_addr + 0x0800);  /* reg_ic_isr: */
 858    stl_p(base + 0x544, run_addr + 0x0800);  /* unred_ic_isr: */
 859    stl_p(base + 0x548, run_addr + 0x0800);  /* reg_esr: */
 860    stl_p(base + 0x54c, run_addr + 0x0800);  /* unreg_esr: */
 861    stl_p(base + 0x550, run_addr + 0x0800);  /* getchar: */
 862    stl_p(base + 0x554, run_addr + 0x0800);  /* syscon_read: */
 863
 864
 865    /* Second part of the bootloader */
 866    p = (uint32_t *) (base + 0x580);
 867
 868    if (semihosting_get_argc()) {
 869        /* Preserve a0 content as arguments have been passed */
 870        stl_p(p++, 0x00000000);              /* nop */
 871    } else {
 872        stl_p(p++, 0x24040002);              /* addiu a0, zero, 2 */
 873    }
 874
 875    /* lui sp, high(ENVP_ADDR) */
 876    stl_p(p++, 0x3c1d0000 | (((ENVP_ADDR - 64) >> 16) & 0xffff));
 877    /* ori sp, sp, low(ENVP_ADDR) */
 878    stl_p(p++, 0x37bd0000 | ((ENVP_ADDR - 64) & 0xffff));
 879    /* lui a1, high(ENVP_ADDR) */
 880    stl_p(p++, 0x3c050000 | ((ENVP_ADDR >> 16) & 0xffff));
 881    /* ori a1, a1, low(ENVP_ADDR) */
 882    stl_p(p++, 0x34a50000 | (ENVP_ADDR & 0xffff));
 883    /* lui a2, high(ENVP_ADDR + 8) */
 884    stl_p(p++, 0x3c060000 | (((ENVP_ADDR + 8) >> 16) & 0xffff));
 885    /* ori a2, a2, low(ENVP_ADDR + 8) */
 886    stl_p(p++, 0x34c60000 | ((ENVP_ADDR + 8) & 0xffff));
 887    /* lui a3, high(ram_low_size) */
 888    stl_p(p++, 0x3c070000 | (loaderparams.ram_low_size >> 16));
 889    /* ori a3, a3, low(ram_low_size) */
 890    stl_p(p++, 0x34e70000 | (loaderparams.ram_low_size & 0xffff));
 891
 892    /* Load BAR registers as done by YAMON */
 893    stl_p(p++, 0x3c09b400);                  /* lui t1, 0xb400 */
 894
 895#ifdef TARGET_WORDS_BIGENDIAN
 896    stl_p(p++, 0x3c08df00);                  /* lui t0, 0xdf00 */
 897#else
 898    stl_p(p++, 0x340800df);                  /* ori t0, r0, 0x00df */
 899#endif
 900    stl_p(p++, 0xad280068);                  /* sw t0, 0x0068(t1) */
 901
 902    stl_p(p++, 0x3c09bbe0);                  /* lui t1, 0xbbe0 */
 903
 904#ifdef TARGET_WORDS_BIGENDIAN
 905    stl_p(p++, 0x3c08c000);                  /* lui t0, 0xc000 */
 906#else
 907    stl_p(p++, 0x340800c0);                  /* ori t0, r0, 0x00c0 */
 908#endif
 909    stl_p(p++, 0xad280048);                  /* sw t0, 0x0048(t1) */
 910#ifdef TARGET_WORDS_BIGENDIAN
 911    stl_p(p++, 0x3c084000);                  /* lui t0, 0x4000 */
 912#else
 913    stl_p(p++, 0x34080040);                  /* ori t0, r0, 0x0040 */
 914#endif
 915    stl_p(p++, 0xad280050);                  /* sw t0, 0x0050(t1) */
 916
 917#ifdef TARGET_WORDS_BIGENDIAN
 918    stl_p(p++, 0x3c088000);                  /* lui t0, 0x8000 */
 919#else
 920    stl_p(p++, 0x34080080);                  /* ori t0, r0, 0x0080 */
 921#endif
 922    stl_p(p++, 0xad280058);                  /* sw t0, 0x0058(t1) */
 923#ifdef TARGET_WORDS_BIGENDIAN
 924    stl_p(p++, 0x3c083f00);                  /* lui t0, 0x3f00 */
 925#else
 926    stl_p(p++, 0x3408003f);                  /* ori t0, r0, 0x003f */
 927#endif
 928    stl_p(p++, 0xad280060);                  /* sw t0, 0x0060(t1) */
 929
 930#ifdef TARGET_WORDS_BIGENDIAN
 931    stl_p(p++, 0x3c08c100);                  /* lui t0, 0xc100 */
 932#else
 933    stl_p(p++, 0x340800c1);                  /* ori t0, r0, 0x00c1 */
 934#endif
 935    stl_p(p++, 0xad280080);                  /* sw t0, 0x0080(t1) */
 936#ifdef TARGET_WORDS_BIGENDIAN
 937    stl_p(p++, 0x3c085e00);                  /* lui t0, 0x5e00 */
 938#else
 939    stl_p(p++, 0x3408005e);                  /* ori t0, r0, 0x005e */
 940#endif
 941    stl_p(p++, 0xad280088);                  /* sw t0, 0x0088(t1) */
 942
 943    /* Jump to kernel code */
 944    stl_p(p++, 0x3c1f0000 |
 945          ((kernel_entry >> 16) & 0xffff));  /* lui ra, high(kernel_entry) */
 946    stl_p(p++, 0x37ff0000 |
 947          (kernel_entry & 0xffff));          /* ori ra, ra, low(kernel_entry) */
 948    stl_p(p++, 0x03e00009);                  /* jalr ra */
 949    stl_p(p++, 0x00000000);                  /* nop */
 950
 951    /* YAMON subroutines */
 952    p = (uint32_t *) (base + 0x800);
 953    stl_p(p++, 0x03e00009);                  /* jalr ra */
 954    stl_p(p++, 0x24020000);                  /* li v0,0 */
 955    /* 808 YAMON print */
 956    stl_p(p++, 0x03e06821);                  /* move t5,ra */
 957    stl_p(p++, 0x00805821);                  /* move t3,a0 */
 958    stl_p(p++, 0x00a05021);                  /* move t2,a1 */
 959    stl_p(p++, 0x91440000);                  /* lbu a0,0(t2) */
 960    stl_p(p++, 0x254a0001);                  /* addiu t2,t2,1 */
 961    stl_p(p++, 0x10800005);                  /* beqz a0,834 */
 962    stl_p(p++, 0x00000000);                  /* nop */
 963    stl_p(p++, 0x0ff0021c);                  /* jal 870 */
 964    stl_p(p++, 0x00000000);                  /* nop */
 965    stl_p(p++, 0x1000fff9);                  /* b 814 */
 966    stl_p(p++, 0x00000000);                  /* nop */
 967    stl_p(p++, 0x01a00009);                  /* jalr t5 */
 968    stl_p(p++, 0x01602021);                  /* move a0,t3 */
 969    /* 0x83c YAMON print_count */
 970    stl_p(p++, 0x03e06821);                  /* move t5,ra */
 971    stl_p(p++, 0x00805821);                  /* move t3,a0 */
 972    stl_p(p++, 0x00a05021);                  /* move t2,a1 */
 973    stl_p(p++, 0x00c06021);                  /* move t4,a2 */
 974    stl_p(p++, 0x91440000);                  /* lbu a0,0(t2) */
 975    stl_p(p++, 0x0ff0021c);                  /* jal 870 */
 976    stl_p(p++, 0x00000000);                  /* nop */
 977    stl_p(p++, 0x254a0001);                  /* addiu t2,t2,1 */
 978    stl_p(p++, 0x258cffff);                  /* addiu t4,t4,-1 */
 979    stl_p(p++, 0x1580fffa);                  /* bnez t4,84c */
 980    stl_p(p++, 0x00000000);                  /* nop */
 981    stl_p(p++, 0x01a00009);                  /* jalr t5 */
 982    stl_p(p++, 0x01602021);                  /* move a0,t3 */
 983    /* 0x870 */
 984    stl_p(p++, 0x3c08b800);                  /* lui t0,0xb400 */
 985    stl_p(p++, 0x350803f8);                  /* ori t0,t0,0x3f8 */
 986    stl_p(p++, 0x91090005);                  /* lbu t1,5(t0) */
 987    stl_p(p++, 0x00000000);                  /* nop */
 988    stl_p(p++, 0x31290040);                  /* andi t1,t1,0x40 */
 989    stl_p(p++, 0x1120fffc);                  /* beqz t1,878 <outch+0x8> */
 990    stl_p(p++, 0x00000000);                  /* nop */
 991    stl_p(p++, 0x03e00009);                  /* jalr ra */
 992    stl_p(p++, 0xa1040000);                  /* sb a0,0(t0) */
 993
 994}
 995
 996static void GCC_FMT_ATTR(3, 4) prom_set(uint32_t *prom_buf, int index,
 997                                        const char *string, ...)
 998{
 999    va_list ap;
1000    int32_t table_addr;

1001
1002    if (index >= ENVP_NB_ENTRIES) {
1003        return;
1004    }
1005
1006    if (string == NULL) {
1007        prom_buf[index] = 0;
1008        return;
1009    }
1010
1011    table_addr = sizeof(int32_t) * ENVP_NB_ENTRIES + index * ENVP_ENTRY_SIZE;
1012    prom_buf[index] = tswap32(ENVP_ADDR + table_addr);
1013
1014    va_start(ap, string);
1015    vsnprintf((char *)prom_buf + table_addr, ENVP_ENTRY_SIZE, string, ap);
1016    va_end(ap);
1017}
1018
1019/* Kernel */
1020static int64_t load_kernel(void)
1021{
1022    int64_t kernel_entry, kernel_high, initrd_size;
1023    long kernel_size;
1024    ram_addr_t initrd_offset;
1025    int big_endian;
1026    uint32_t *prom_buf;
1027    long prom_size;
1028    int prom_index = 0;
1029    uint64_t (*xlate_to_kseg0) (void *opaque, uint64_t addr);
1030
1031#ifdef TARGET_WORDS_BIGENDIAN
1032    big_endian = 1;
1033#else
1034    big_endian = 0;
1035#endif
1036
1037    kernel_size = load_elf(loaderparams.kernel_filename, NULL,
1038                           cpu_mips_kseg0_to_phys, NULL,
1039                           (uint64_t *)&kernel_entry, NULL,
1040                           (uint64_t *)&kernel_high, NULL, big_endian, EM_MIPS,
1041                           1, 0);
1042    if (kernel_size < 0) {
1043        error_report("could not load kernel '%s': %s",
1044                     loaderparams.kernel_filename,
1045                     load_elf_strerror(kernel_size));
1046        exit(1);
1047    }
1048
1049    /* Check where the kernel has been linked */
1050    if (kernel_entry & 0x80000000ll) {
1051        if (kvm_enabled()) {
1052            error_report("KVM guest kernels must be linked in useg. "
1053                         "Did you forget to enable CONFIG_KVM_GUEST?");
1054            exit(1);
1055        }
1056
1057        xlate_to_kseg0 = cpu_mips_phys_to_kseg0;
1058    } else {
1059        /* if kernel entry is in useg it is probably a KVM T&E kernel */
1060        mips_um_ksegs_enable();
1061
1062        xlate_to_kseg0 = cpu_mips_kvm_um_phys_to_kseg0;
1063    }
1064
1065    /* load initrd */
1066    initrd_size = 0;
1067    initrd_offset = 0;
1068    if (loaderparams.initrd_filename) {
1069        initrd_size = get_image_size(loaderparams.initrd_filename);
1070        if (initrd_size > 0) {
1071            /*
1072             * The kernel allocates the bootmap memory in the low memory after
1073             * the initrd.  It takes at most 128kiB for 2GB RAM and 4kiB
1074             * pages.
1075             */
1076            initrd_offset = (loaderparams.ram_low_size - initrd_size
1077                             - (128 * KiB)
1078                             - ~INITRD_PAGE_MASK) & INITRD_PAGE_MASK;
1079            if (kernel_high >= initrd_offset) {
1080                error_report("memory too small for initial ram disk '%s'",
1081                             loaderparams.initrd_filename);
1082                exit(1);
1083            }
1084            initrd_size = load_image_targphys(loaderparams.initrd_filename,
1085                                              initrd_offset,
1086                                              ram_size - initrd_offset);
1087        }
1088        if (initrd_size == (target_ulong) -1) {
1089            error_report("could not load initial ram disk '%s'",
1090                         loaderparams.initrd_filename);
1091            exit(1);
1092        }
1093    }
1094
1095    /* Setup prom parameters. */
1096    prom_size = ENVP_NB_ENTRIES * (sizeof(int32_t) + ENVP_ENTRY_SIZE);
1097    prom_buf = g_malloc(prom_size);
1098
1099    prom_set(prom_buf, prom_index++, "%s", loaderparams.kernel_filename);
1100    if (initrd_size > 0) {
1101        prom_set(prom_buf, prom_index++,
1102                 "rd_start=0x%" PRIx64 " rd_size=%" PRId64 " %s",
1103                 xlate_to_kseg0(NULL, initrd_offset),
1104                 initrd_size, loaderparams.kernel_cmdline);
1105    } else {
1106        prom_set(prom_buf, prom_index++, "%s", loaderparams.kernel_cmdline);
1107    }
1108
1109    prom_set(prom_buf, prom_index++, "memsize");
1110    prom_set(prom_buf, prom_index++, "%u", loaderparams.ram_low_size);
1111
1112    prom_set(prom_buf, prom_index++, "ememsize");
1113    prom_set(prom_buf, prom_index++, "%u", loaderparams.ram_size);
1114
1115    prom_set(prom_buf, prom_index++, "modetty0");
1116    prom_set(prom_buf, prom_index++, "38400n8r");
1117    prom_set(prom_buf, prom_index++, NULL);
1118
1119    rom_add_blob_fixed("prom", prom_buf, prom_size,
1120                       cpu_mips_kseg0_to_phys(NULL, ENVP_ADDR));
1121
1122    g_free(prom_buf);
1123    return kernel_entry;
1124}
1125
1126static void malta_mips_config(MIPSCPU *cpu)
1127{
1128    MachineState *ms = MACHINE(qdev_get_machine());
1129    unsigned int smp_cpus = ms->smp.cpus;
1130    CPUMIPSState *env = &cpu->env;
1131    CPUState *cs = CPU(cpu);
1132
1133    env->mvp->CP0_MVPConf0 |= ((smp_cpus - 1) << CP0MVPC0_PVPE) |
1134                         ((smp_cpus * cs->nr_threads - 1) << CP0MVPC0_PTC);
1135}
1136
1137static void main_cpu_reset(void *opaque)
1138{
1139    MIPSCPU *cpu = opaque;
1140    CPUMIPSState *env = &cpu->env;
1141
1142    cpu_reset(CPU(cpu));
1143
1144    /*
1145     * The bootloader does not need to be rewritten as it is located in a
1146     * read only location. The kernel location and the arguments table
1147     * location does not change.
1148     */
1149    if (loaderparams.kernel_filename) {
1150        env->CP0_Status &= ~(1 << CP0St_ERL);
1151    }
1152
1153    malta_mips_config(cpu);
1154
1155    if (kvm_enabled()) {
1156        /* Start running from the bootloader we wrote to end of RAM */
1157        env->active_tc.PC = 0x40000000 + loaderparams.ram_low_size;
1158    }
1159}
1160
1161static void create_cpu_without_cps(MachineState *ms,
1162                                   qemu_irq *cbus_irq, qemu_irq *i8259_irq)
1163{
1164    CPUMIPSState *env;
1165    MIPSCPU *cpu;
1166    int i;
1167
1168    for (i = 0; i < ms->smp.cpus; i++) {
1169        cpu = MIPS_CPU(cpu_create(ms->cpu_type));
1170
1171        /* Init internal devices */
1172        cpu_mips_irq_init_cpu(cpu);
1173        cpu_mips_clock_init(cpu);
1174        qemu_register_reset(main_cpu_reset, cpu);
1175    }
1176
1177    cpu = MIPS_CPU(first_cpu);
1178    env = &cpu->env;
1179    *i8259_irq = env->irq[2];
1180    *cbus_irq = env->irq[4];
1181}
1182
1183static void create_cps(MachineState *ms, MaltaState *s,
1184                       qemu_irq *cbus_irq, qemu_irq *i8259_irq)
1185{
1186    object_initialize_child(OBJECT(s), "cps", &s->cps, TYPE_MIPS_CPS);
1187    object_property_set_str(OBJECT(&s->cps), "cpu-type", ms->cpu_type,
1188                            &error_fatal);
1189    object_property_set_int(OBJECT(&s->cps), "num-vp", ms->smp.cpus,
1190                            &error_fatal);
1191    sysbus_realize(SYS_BUS_DEVICE(&s->cps), &error_fatal);
1192
1193    sysbus_mmio_map_overlap(SYS_BUS_DEVICE(&s->cps), 0, 0, 1);
1194
1195    *i8259_irq = get_cps_irq(&s->cps, 3);
1196    *cbus_irq = NULL;
1197}
1198
1199static void mips_create_cpu(MachineState *ms, MaltaState *s,
1200                            qemu_irq *cbus_irq, qemu_irq *i8259_irq)
1201{
1202    if ((ms->smp.cpus > 1) && cpu_supports_cps_smp(ms->cpu_type)) {
1203        create_cps(ms, s, cbus_irq, i8259_irq);
1204    } else {
1205        create_cpu_without_cps(ms, cbus_irq, i8259_irq);
1206    }
1207}
1208
1209static
1210void mips_malta_init(MachineState *machine)
1211{
1212    ram_addr_t ram_size = machine->ram_size;
1213    ram_addr_t ram_low_size;
1214    const char *kernel_filename = machine->kernel_filename;
1215    const char *kernel_cmdline = machine->kernel_cmdline;
1216    const char *initrd_filename = machine->initrd_filename;
1217    char *filename;
1218    PFlashCFI01 *fl;
1219    MemoryRegion *system_memory = get_system_memory();
1220    MemoryRegion *ram_low_preio = g_new(MemoryRegion, 1);
1221    MemoryRegion *ram_low_postio;
1222    MemoryRegion *bios, *bios_copy = g_new(MemoryRegion, 1);
1223    const size_t smbus_eeprom_size = 8 * 256;
1224    uint8_t *smbus_eeprom_buf = g_malloc0(smbus_eeprom_size);
1225    int64_t kernel_entry, bootloader_run_addr;
1226    PCIBus *pci_bus;
1227    ISABus *isa_bus;
1228    qemu_irq cbus_irq, i8259_irq;
1229    I2CBus *smbus;
1230    DriveInfo *dinfo;
1231    int fl_idx = 0;
1232    int be;
1233
1234    DeviceState *dev = qdev_new(TYPE_MIPS_MALTA);
1235    MaltaState *s = MIPS_MALTA(dev);
1236
1237    /*
1238     * The whole address space decoded by the GT-64120A doesn't generate
1239     * exception when accessing invalid memory. Create an empty slot to
1240     * emulate this feature.
1241     */
1242    empty_slot_init("GT64120", 0, 0x20000000);
1243
1244    sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
1245
1246    /* create CPU */
1247    mips_create_cpu(machine, s, &cbus_irq, &i8259_irq);
1248
1249    /* allocate RAM */
1250    if (ram_size > 2 * GiB) {
1251        error_report("Too much memory for this machine: %" PRId64 "MB,"
1252                     " maximum 2048MB", ram_size / MiB);
1253        exit(1);
1254    }
1255
1256    /* register RAM at high address where it is undisturbed by IO */
1257    memory_region_add_subregion(system_memory, 0x80000000, machine->ram);
1258
1259    /* alias for pre IO hole access */
1260    memory_region_init_alias(ram_low_preio, NULL, "mips_malta_low_preio.ram",
1261                             machine->ram, 0, MIN(ram_size, 256 * MiB));
1262    memory_region_add_subregion(system_memory, 0, ram_low_preio);
1263
1264    /* alias for post IO hole access, if there is enough RAM */
1265    if (ram_size > 512 * MiB) {
1266        ram_low_postio = g_new(MemoryRegion, 1);
1267        memory_region_init_alias(ram_low_postio, NULL,
1268                                 "mips_malta_low_postio.ram",
1269                                 machine->ram, 512 * MiB,
1270                                 ram_size - 512 * MiB);
1271        memory_region_add_subregion(system_memory, 512 * MiB,
1272                                    ram_low_postio);
1273    }
1274
1275#ifdef TARGET_WORDS_BIGENDIAN
1276    be = 1;
1277#else
1278    be = 0;
1279#endif
1280
1281    /* FPGA */
1282
1283    /* The CBUS UART is attached to the MIPS CPU INT2 pin, ie interrupt 4 */
1284    malta_fpga_init(system_memory, FPGA_ADDRESS, cbus_irq, serial_hd(2));
1285
1286    /* Load firmware in flash / BIOS. */
1287    dinfo = drive_get(IF_PFLASH, 0, fl_idx);
1288    fl = pflash_cfi01_register(FLASH_ADDRESS, "mips_malta.bios",
1289                               FLASH_SIZE,
1290                               dinfo ? blk_by_legacy_dinfo(dinfo) : NULL,
1291                               65536,
1292                               4, 0x0000, 0x0000, 0x0000, 0x0000, be);
1293    bios = pflash_cfi01_get_memory(fl);
1294    fl_idx++;
1295    if (kernel_filename) {
1296        ram_low_size = MIN(ram_size, 256 * MiB);
1297        /* For KVM we reserve 1MB of RAM for running bootloader */
1298        if (kvm_enabled()) {
1299            ram_low_size -= 0x100000;
1300            bootloader_run_addr = 0x40000000 + ram_low_size;
1301        } else {
1302            bootloader_run_addr = 0xbfc00000;
1303        }
1304
1305        /* Write a small bootloader to the flash location. */
1306        loaderparams.ram_size = ram_size;
1307        loaderparams.ram_low_size = ram_low_size;
1308        loaderparams.kernel_filename = kernel_filename;
1309        loaderparams.kernel_cmdline = kernel_cmdline;
1310        loaderparams.initrd_filename = initrd_filename;
1311        kernel_entry = load_kernel();
1312
1313        if (!cpu_supports_isa(machine->cpu_type, ISA_NANOMIPS32)) {
1314            write_bootloader(memory_region_get_ram_ptr(bios),
1315                             bootloader_run_addr, kernel_entry);
1316        } else {
1317            write_bootloader_nanomips(memory_region_get_ram_ptr(bios),
1318                                      bootloader_run_addr, kernel_entry);
1319        }
1320        if (kvm_enabled()) {
1321            /* Write the bootloader code @ the end of RAM, 1MB reserved */
1322            write_bootloader(memory_region_get_ram_ptr(ram_low_preio) +
1323                                    ram_low_size,
1324                             bootloader_run_addr, kernel_entry);
1325        }
1326    } else {
1327        target_long bios_size = FLASH_SIZE;
1328        /* The flash region isn't executable from a KVM guest */
1329        if (kvm_enabled()) {
1330            error_report("KVM enabled but no -kernel argument was specified. "
1331                         "Booting from flash is not supported with KVM.");
1332            exit(1);
1333        }
1334        /* Load firmware from flash. */
1335        if (!dinfo) {
1336            /* Load a BIOS image. */
1337            if (bios_name == NULL) {
1338                bios_name = BIOS_FILENAME;
1339            }
1340            filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
1341            if (filename) {
1342                bios_size = load_image_targphys(filename, FLASH_ADDRESS,
1343                                                BIOS_SIZE);
1344                g_free(filename);
1345            } else {
1346                bios_size = -1;
1347            }
1348            if ((bios_size < 0 || bios_size > BIOS_SIZE) &&
1349                !kernel_filename && !qtest_enabled()) {
1350                error_report("Could not load MIPS bios '%s', and no "
1351                             "-kernel argument was specified", bios_name);
1352                exit(1);
1353            }
1354        }
1355        /*
1356         * In little endian mode the 32bit words in the bios are swapped,
1357         * a neat trick which allows bi-endian firmware.
1358         */
1359#ifndef TARGET_WORDS_BIGENDIAN
1360        {
1361            uint32_t *end, *addr;
1362            const size_t swapsize = MIN(bios_size, 0x3e0000);
1363            addr = rom_ptr(FLASH_ADDRESS, swapsize);
1364            if (!addr) {
1365                addr = memory_region_get_ram_ptr(bios);
1366            }
1367            end = (void *)addr + swapsize;
1368            while (addr < end) {
1369                bswap32s(addr);
1370                addr++;
1371            }
1372        }
1373#endif
1374    }
1375
1376    /*
1377     * Map the BIOS at a 2nd physical location, as on the real board.
1378     * Copy it so that we can patch in the MIPS revision, which cannot be
1379     * handled by an overlapping region as the resulting ROM code subpage
1380     * regions are not executable.
1381     */
1382    memory_region_init_ram(bios_copy, NULL, "bios.1fc", BIOS_SIZE,
1383                           &error_fatal);
1384    if (!rom_copy(memory_region_get_ram_ptr(bios_copy),
1385                  FLASH_ADDRESS, BIOS_SIZE)) {
1386        memcpy(memory_region_get_ram_ptr(bios_copy),
1387               memory_region_get_ram_ptr(bios), BIOS_SIZE);
1388    }
1389    memory_region_set_readonly(bios_copy, true);
1390    memory_region_add_subregion(system_memory, RESET_ADDRESS, bios_copy);
1391
1392    /* Board ID = 0x420 (Malta Board with CoreLV) */
1393    stl_p(memory_region_get_ram_ptr(bios_copy) + 0x10, 0x00000420);
1394
1395    /* Northbridge */
1396    pci_bus = gt64120_register(s->i8259);
1397
1398    /* Southbridge */
1399    dev = piix4_create(pci_bus, &isa_bus, &smbus);
1400
1401    /* Interrupt controller */
1402    qdev_connect_gpio_out_named(dev, "intr", 0, i8259_irq);
1403    for (int i = 0; i < ISA_NUM_IRQS; i++) {
1404        s->i8259[i] = qdev_get_gpio_in_named(dev, "isa", i);
1405    }
1406
1407    /* generate SPD EEPROM data */
1408    generate_eeprom_spd(&smbus_eeprom_buf[0 * 256], ram_size);
1409    generate_eeprom_serial(&smbus_eeprom_buf[6 * 256]);
1410    smbus_eeprom_init(smbus, 8, smbus_eeprom_buf, smbus_eeprom_size);
1411    g_free(smbus_eeprom_buf);
1412
1413    /* Super I/O: SMS FDC37M817 */
1414    isa_create_simple(isa_bus, TYPE_FDC37M81X_SUPERIO);
1415
1416    /* Network card */
1417    network_init(pci_bus);
1418
1419    /* Optional PCI video card */
1420    pci_vga_init(pci_bus);
1421}
1422
1423static const TypeInfo mips_malta_device = {
1424    .name          = TYPE_MIPS_MALTA,
1425    .parent        = TYPE_SYS_BUS_DEVICE,
1426    .instance_size = sizeof(MaltaState),
1427};
1428
1429static void mips_malta_machine_init(MachineClass *mc)
1430{
1431    mc->desc = "MIPS Malta Core LV";
1432    mc->init = mips_malta_init;
1433    mc->block_default_type = IF_IDE;
1434    mc->max_cpus = 16;
1435    mc->is_default = true;
1436#ifdef TARGET_MIPS64
1437    mc->default_cpu_type = MIPS_CPU_TYPE_NAME("20Kc");
1438#else
1439    mc->default_cpu_type = MIPS_CPU_TYPE_NAME("24Kf");
1440#endif
1441    mc->default_ram_id = "mips_malta.ram";
1442}
1443
1444DEFINE_MACHINE("malta", mips_malta_machine_init)
1445
1446static void mips_malta_register_types(void)
1447{
1448    type_register_static(&mips_malta_device);
1449}
1450
1451type_init(mips_malta_register_types)
1452
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.