loader: Check access size when calling rom_ptr() to avoid crashes
[qemu.git] / hw / mips / mips_malta.c
1 /*
2 * QEMU Malta board support
3 *
4 * Copyright (c) 2006 Aurelien Jarno
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
24
25 #include "qemu/osdep.h"
26 #include "qemu-common.h"
27 #include "cpu.h"
28 #include "hw/hw.h"
29 #include "hw/i386/pc.h"
30 #include "hw/isa/superio.h"
31 #include "hw/dma/i8257.h"
32 #include "hw/char/serial.h"
33 #include "net/net.h"
34 #include "hw/boards.h"
35 #include "hw/i2c/smbus.h"
36 #include "hw/block/flash.h"
37 #include "hw/mips/mips.h"
38 #include "hw/mips/cpudevs.h"
39 #include "hw/pci/pci.h"
40 #include "sysemu/sysemu.h"
41 #include "sysemu/arch_init.h"
42 #include "qemu/log.h"
43 #include "hw/mips/bios.h"
44 #include "hw/ide.h"
45 #include "hw/loader.h"
46 #include "elf.h"
47 #include "hw/timer/mc146818rtc.h"
48 #include "hw/timer/i8254.h"
49 #include "exec/address-spaces.h"
50 #include "hw/sysbus.h" /* SysBusDevice */
51 #include "qemu/host-utils.h"
52 #include "sysemu/qtest.h"
53 #include "qapi/error.h"
54 #include "qemu/error-report.h"
55 #include "hw/empty_slot.h"
56 #include "sysemu/kvm.h"
57 #include "exec/semihost.h"
58 #include "hw/mips/cps.h"
59
60 //#define DEBUG_BOARD_INIT
61
62 #define ENVP_ADDR 0x80002000l
63 #define ENVP_NB_ENTRIES 16
64 #define ENVP_ENTRY_SIZE 256
65
66 /* Hardware addresses */
67 #define FLASH_ADDRESS 0x1e000000ULL
68 #define FPGA_ADDRESS 0x1f000000ULL
69 #define RESET_ADDRESS 0x1fc00000ULL
70
71 #define FLASH_SIZE 0x400000
72
73 #define MAX_IDE_BUS 2
74
75 typedef struct {
76 MemoryRegion iomem;
77 MemoryRegion iomem_lo; /* 0 - 0x900 */
78 MemoryRegion iomem_hi; /* 0xa00 - 0x100000 */
79 uint32_t leds;
80 uint32_t brk;
81 uint32_t gpout;
82 uint32_t i2cin;
83 uint32_t i2coe;
84 uint32_t i2cout;
85 uint32_t i2csel;
86 CharBackend display;
87 char display_text[9];
88 SerialState *uart;
89 bool display_inited;
90 } MaltaFPGAState;
91
92 #define TYPE_MIPS_MALTA "mips-malta"
93 #define MIPS_MALTA(obj) OBJECT_CHECK(MaltaState, (obj), TYPE_MIPS_MALTA)
94
95 typedef struct {
96 SysBusDevice parent_obj;
97
98 MIPSCPSState *cps;
99 qemu_irq *i8259;
100 } MaltaState;
101
102 static ISADevice *pit;
103
104 static struct _loaderparams {
105 int ram_size, ram_low_size;
106 const char *kernel_filename;
107 const char *kernel_cmdline;
108 const char *initrd_filename;
109 } loaderparams;
110
111 /* Malta FPGA */
112 static void malta_fpga_update_display(void *opaque)
113 {
114 char leds_text[9];
115 int i;
116 MaltaFPGAState *s = opaque;
117
118 for (i = 7 ; i >= 0 ; i--) {
119 if (s->leds & (1 << i))
120 leds_text[i] = '#';
121 else
122 leds_text[i] = ' ';
123 }
124 leds_text[8] = '\0';
125
126 qemu_chr_fe_printf(&s->display, "\e[H\n\n|\e[32m%-8.8s\e[00m|\r\n",
127 leds_text);
128 qemu_chr_fe_printf(&s->display, "\n\n\n\n|\e[31m%-8.8s\e[00m|",
129 s->display_text);
130 }
131
132 /*
133 * EEPROM 24C01 / 24C02 emulation.
134 *
135 * Emulation for serial EEPROMs:
136 * 24C01 - 1024 bit (128 x 8)
137 * 24C02 - 2048 bit (256 x 8)
138 *
139 * Typical device names include Microchip 24C02SC or SGS Thomson ST24C02.
140 */
141
142 //~ #define DEBUG
143
144 #if defined(DEBUG)
145 # define logout(fmt, ...) fprintf(stderr, "MALTA\t%-24s" fmt, __func__, ## __VA_ARGS__)
146 #else
147 # define logout(fmt, ...) ((void)0)
148 #endif
149
150 struct _eeprom24c0x_t {
151 uint8_t tick;
152 uint8_t address;
153 uint8_t command;
154 uint8_t ack;
155 uint8_t scl;
156 uint8_t sda;
157 uint8_t data;
158 //~ uint16_t size;
159 uint8_t contents[256];
160 };
161
162 typedef struct _eeprom24c0x_t eeprom24c0x_t;
163
164 static eeprom24c0x_t spd_eeprom = {
165 .contents = {
166 /* 00000000: */ 0x80,0x08,0xFF,0x0D,0x0A,0xFF,0x40,0x00,
167 /* 00000008: */ 0x01,0x75,0x54,0x00,0x82,0x08,0x00,0x01,
168 /* 00000010: */ 0x8F,0x04,0x02,0x01,0x01,0x00,0x00,0x00,
169 /* 00000018: */ 0x00,0x00,0x00,0x14,0x0F,0x14,0x2D,0xFF,
170 /* 00000020: */ 0x15,0x08,0x15,0x08,0x00,0x00,0x00,0x00,
171 /* 00000028: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
172 /* 00000030: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
173 /* 00000038: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x12,0xD0,
174 /* 00000040: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
175 /* 00000048: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
176 /* 00000050: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
177 /* 00000058: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
178 /* 00000060: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
179 /* 00000068: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
180 /* 00000070: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
181 /* 00000078: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x64,0xF4,
182 },
183 };
184
185 static void generate_eeprom_spd(uint8_t *eeprom, ram_addr_t ram_size)
186 {
187 enum { SDR = 0x4, DDR2 = 0x8 } type;
188 uint8_t *spd = spd_eeprom.contents;
189 uint8_t nbanks = 0;
190 uint16_t density = 0;
191 int i;
192
193 /* work in terms of MB */
194 ram_size >>= 20;
195
196 while ((ram_size >= 4) && (nbanks <= 2)) {
197 int sz_log2 = MIN(31 - clz32(ram_size), 14);
198 nbanks++;
199 density |= 1 << (sz_log2 - 2);
200 ram_size -= 1 << sz_log2;
201 }
202
203 /* split to 2 banks if possible */
204 if ((nbanks == 1) && (density > 1)) {
205 nbanks++;
206 density >>= 1;
207 }
208
209 if (density & 0xff00) {
210 density = (density & 0xe0) | ((density >> 8) & 0x1f);
211 type = DDR2;
212 } else if (!(density & 0x1f)) {
213 type = DDR2;
214 } else {
215 type = SDR;
216 }
217
218 if (ram_size) {
219 warn_report("SPD cannot represent final " RAM_ADDR_FMT "MB"
220 " of SDRAM", ram_size);
221 }
222
223 /* fill in SPD memory information */
224 spd[2] = type;
225 spd[5] = nbanks;
226 spd[31] = density;
227
228 /* checksum */
229 spd[63] = 0;
230 for (i = 0; i < 63; i++) {
231 spd[63] += spd[i];
232 }
233
234 /* copy for SMBUS */
235 memcpy(eeprom, spd, sizeof(spd_eeprom.contents));
236 }
237
238 static void generate_eeprom_serial(uint8_t *eeprom)
239 {
240 int i, pos = 0;
241 uint8_t mac[6] = { 0x00 };
242 uint8_t sn[5] = { 0x01, 0x23, 0x45, 0x67, 0x89 };
243
244 /* version */
245 eeprom[pos++] = 0x01;
246
247 /* count */
248 eeprom[pos++] = 0x02;
249
250 /* MAC address */
251 eeprom[pos++] = 0x01; /* MAC */
252 eeprom[pos++] = 0x06; /* length */
253 memcpy(&eeprom[pos], mac, sizeof(mac));
254 pos += sizeof(mac);
255
256 /* serial number */
257 eeprom[pos++] = 0x02; /* serial */
258 eeprom[pos++] = 0x05; /* length */
259 memcpy(&eeprom[pos], sn, sizeof(sn));
260 pos += sizeof(sn);
261
262 /* checksum */
263 eeprom[pos] = 0;
264 for (i = 0; i < pos; i++) {
265 eeprom[pos] += eeprom[i];
266 }
267 }
268
269 static uint8_t eeprom24c0x_read(eeprom24c0x_t *eeprom)
270 {
271 logout("%u: scl = %u, sda = %u, data = 0x%02x\n",
272 eeprom->tick, eeprom->scl, eeprom->sda, eeprom->data);
273 return eeprom->sda;
274 }
275
276 static void eeprom24c0x_write(eeprom24c0x_t *eeprom, int scl, int sda)
277 {
278 if (eeprom->scl && scl && (eeprom->sda != sda)) {
279 logout("%u: scl = %u->%u, sda = %u->%u i2c %s\n",
280 eeprom->tick, eeprom->scl, scl, eeprom->sda, sda,
281 sda ? "stop" : "start");
282 if (!sda) {
283 eeprom->tick = 1;
284 eeprom->command = 0;
285 }
286 } else if (eeprom->tick == 0 && !eeprom->ack) {
287 /* Waiting for start. */
288 logout("%u: scl = %u->%u, sda = %u->%u wait for i2c start\n",
289 eeprom->tick, eeprom->scl, scl, eeprom->sda, sda);
290 } else if (!eeprom->scl && scl) {
291 logout("%u: scl = %u->%u, sda = %u->%u trigger bit\n",
292 eeprom->tick, eeprom->scl, scl, eeprom->sda, sda);
293 if (eeprom->ack) {
294 logout("\ti2c ack bit = 0\n");
295 sda = 0;
296 eeprom->ack = 0;
297 } else if (eeprom->sda == sda) {
298 uint8_t bit = (sda != 0);
299 logout("\ti2c bit = %d\n", bit);
300 if (eeprom->tick < 9) {
301 eeprom->command <<= 1;
302 eeprom->command += bit;
303 eeprom->tick++;
304 if (eeprom->tick == 9) {
305 logout("\tcommand 0x%04x, %s\n", eeprom->command,
306 bit ? "read" : "write");
307 eeprom->ack = 1;
308 }
309 } else if (eeprom->tick < 17) {
310 if (eeprom->command & 1) {
311 sda = ((eeprom->data & 0x80) != 0);
312 }
313 eeprom->address <<= 1;
314 eeprom->address += bit;
315 eeprom->tick++;
316 eeprom->data <<= 1;
317 if (eeprom->tick == 17) {
318 eeprom->data = eeprom->contents[eeprom->address];
319 logout("\taddress 0x%04x, data 0x%02x\n",
320 eeprom->address, eeprom->data);
321 eeprom->ack = 1;
322 eeprom->tick = 0;
323 }
324 } else if (eeprom->tick >= 17) {
325 sda = 0;
326 }
327 } else {
328 logout("\tsda changed with raising scl\n");
329 }
330 } else {
331 logout("%u: scl = %u->%u, sda = %u->%u\n", eeprom->tick, eeprom->scl,
332 scl, eeprom->sda, sda);
333 }
334 eeprom->scl = scl;
335 eeprom->sda = sda;
336 }
337
338 static uint64_t malta_fpga_read(void *opaque, hwaddr addr,
339 unsigned size)
340 {
341 MaltaFPGAState *s = opaque;
342 uint32_t val = 0;
343 uint32_t saddr;
344
345 saddr = (addr & 0xfffff);
346
347 switch (saddr) {
348
349 /* SWITCH Register */
350 case 0x00200:
351 val = 0x00000000; /* All switches closed */
352 break;
353
354 /* STATUS Register */
355 case 0x00208:
356 #ifdef TARGET_WORDS_BIGENDIAN
357 val = 0x00000012;
358 #else
359 val = 0x00000010;
360 #endif
361 break;
362
363 /* JMPRS Register */
364 case 0x00210:
365 val = 0x00;
366 break;
367
368 /* LEDBAR Register */
369 case 0x00408:
370 val = s->leds;
371 break;
372
373 /* BRKRES Register */
374 case 0x00508:
375 val = s->brk;
376 break;
377
378 /* UART Registers are handled directly by the serial device */
379
380 /* GPOUT Register */
381 case 0x00a00:
382 val = s->gpout;
383 break;
384
385 /* XXX: implement a real I2C controller */
386
387 /* GPINP Register */
388 case 0x00a08:
389 /* IN = OUT until a real I2C control is implemented */
390 if (s->i2csel)
391 val = s->i2cout;
392 else
393 val = 0x00;
394 break;
395
396 /* I2CINP Register */
397 case 0x00b00:
398 val = ((s->i2cin & ~1) | eeprom24c0x_read(&spd_eeprom));
399 break;
400
401 /* I2COE Register */
402 case 0x00b08:
403 val = s->i2coe;
404 break;
405
406 /* I2COUT Register */
407 case 0x00b10:
408 val = s->i2cout;
409 break;
410
411 /* I2CSEL Register */
412 case 0x00b18:
413 val = s->i2csel;
414 break;
415
416 default:
417 #if 0
418 printf ("malta_fpga_read: Bad register offset 0x" TARGET_FMT_lx "\n",
419 addr);
420 #endif
421 break;
422 }
423 return val;
424 }
425
426 static void malta_fpga_write(void *opaque, hwaddr addr,
427 uint64_t val, unsigned size)
428 {
429 MaltaFPGAState *s = opaque;
430 uint32_t saddr;
431
432 saddr = (addr & 0xfffff);
433
434 switch (saddr) {
435
436 /* SWITCH Register */
437 case 0x00200:
438 break;
439
440 /* JMPRS Register */
441 case 0x00210:
442 break;
443
444 /* LEDBAR Register */
445 case 0x00408:
446 s->leds = val & 0xff;
447 malta_fpga_update_display(s);
448 break;
449
450 /* ASCIIWORD Register */
451 case 0x00410:
452 snprintf(s->display_text, 9, "%08X", (uint32_t)val);
453 malta_fpga_update_display(s);
454 break;
455
456 /* ASCIIPOS0 to ASCIIPOS7 Registers */
457 case 0x00418:
458 case 0x00420:
459 case 0x00428:
460 case 0x00430:
461 case 0x00438:
462 case 0x00440:
463 case 0x00448:
464 case 0x00450:
465 s->display_text[(saddr - 0x00418) >> 3] = (char) val;
466 malta_fpga_update_display(s);
467 break;
468
469 /* SOFTRES Register */
470 case 0x00500:
471 if (val == 0x42)
472 qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET);
473 break;
474
475 /* BRKRES Register */
476 case 0x00508:
477 s->brk = val & 0xff;
478 break;
479
480 /* UART Registers are handled directly by the serial device */
481
482 /* GPOUT Register */
483 case 0x00a00:
484 s->gpout = val & 0xff;
485 break;
486
487 /* I2COE Register */
488 case 0x00b08:
489 s->i2coe = val & 0x03;
490 break;
491
492 /* I2COUT Register */
493 case 0x00b10:
494 eeprom24c0x_write(&spd_eeprom, val & 0x02, val & 0x01);
495 s->i2cout = val;
496 break;
497
498 /* I2CSEL Register */
499 case 0x00b18:
500 s->i2csel = val & 0x01;
501 break;
502
503 default:
504 #if 0
505 printf ("malta_fpga_write: Bad register offset 0x" TARGET_FMT_lx "\n",
506 addr);
507 #endif
508 break;
509 }
510 }
511
512 static const MemoryRegionOps malta_fpga_ops = {
513 .read = malta_fpga_read,
514 .write = malta_fpga_write,
515 .endianness = DEVICE_NATIVE_ENDIAN,
516 };
517
518 static void malta_fpga_reset(void *opaque)
519 {
520 MaltaFPGAState *s = opaque;
521
522 s->leds = 0x00;
523 s->brk = 0x0a;
524 s->gpout = 0x00;
525 s->i2cin = 0x3;
526 s->i2coe = 0x0;
527 s->i2cout = 0x3;
528 s->i2csel = 0x1;
529
530 s->display_text[8] = '\0';
531 snprintf(s->display_text, 9, " ");
532 }
533
534 static void malta_fgpa_display_event(void *opaque, int event)
535 {
536 MaltaFPGAState *s = opaque;
537
538 if (event == CHR_EVENT_OPENED && !s->display_inited) {
539 qemu_chr_fe_printf(&s->display, "\e[HMalta LEDBAR\r\n");
540 qemu_chr_fe_printf(&s->display, "+--------+\r\n");
541 qemu_chr_fe_printf(&s->display, "+ +\r\n");
542 qemu_chr_fe_printf(&s->display, "+--------+\r\n");
543 qemu_chr_fe_printf(&s->display, "\n");
544 qemu_chr_fe_printf(&s->display, "Malta ASCII\r\n");
545 qemu_chr_fe_printf(&s->display, "+--------+\r\n");
546 qemu_chr_fe_printf(&s->display, "+ +\r\n");
547 qemu_chr_fe_printf(&s->display, "+--------+\r\n");
548 s->display_inited = true;
549 }
550 }
551
552 static MaltaFPGAState *malta_fpga_init(MemoryRegion *address_space,
553 hwaddr base, qemu_irq uart_irq, Chardev *uart_chr)
554 {
555 MaltaFPGAState *s;
556 Chardev *chr;
557
558 s = (MaltaFPGAState *)g_malloc0(sizeof(MaltaFPGAState));
559
560 memory_region_init_io(&s->iomem, NULL, &malta_fpga_ops, s,
561 "malta-fpga", 0x100000);
562 memory_region_init_alias(&s->iomem_lo, NULL, "malta-fpga",
563 &s->iomem, 0, 0x900);
564 memory_region_init_alias(&s->iomem_hi, NULL, "malta-fpga",
565 &s->iomem, 0xa00, 0x10000-0xa00);
566
567 memory_region_add_subregion(address_space, base, &s->iomem_lo);
568 memory_region_add_subregion(address_space, base + 0xa00, &s->iomem_hi);
569
570 chr = qemu_chr_new("fpga", "vc:320x200");
571 qemu_chr_fe_init(&s->display, chr, NULL);
572 qemu_chr_fe_set_handlers(&s->display, NULL, NULL,
573 malta_fgpa_display_event, NULL, s, NULL, true);
574
575 s->uart = serial_mm_init(address_space, base + 0x900, 3, uart_irq,
576 230400, uart_chr, DEVICE_NATIVE_ENDIAN);
577
578 malta_fpga_reset(s);
579 qemu_register_reset(malta_fpga_reset, s);
580
581 return s;
582 }
583
584 /* Network support */
585 static void network_init(PCIBus *pci_bus)
586 {
587 int i;
588
589 for(i = 0; i < nb_nics; i++) {
590 NICInfo *nd = &nd_table[i];
591 const char *default_devaddr = NULL;
592
593 if (i == 0 && (!nd->model || strcmp(nd->model, "pcnet") == 0))
594 /* The malta board has a PCNet card using PCI SLOT 11 */
595 default_devaddr = "0b";
596
597 pci_nic_init_nofail(nd, pci_bus, "pcnet", default_devaddr);
598 }
599 }
600
601 /* ROM and pseudo bootloader
602
603 The following code implements a very very simple bootloader. It first
604 loads the registers a0 to a3 to the values expected by the OS, and
605 then jump at the kernel address.
606
607 The bootloader should pass the locations of the kernel arguments and
608 environment variables tables. Those tables contain the 32-bit address
609 of NULL terminated strings. The environment variables table should be
610 terminated by a NULL address.
611
612 For a simpler implementation, the number of kernel arguments is fixed
613 to two (the name of the kernel and the command line), and the two
614 tables are actually the same one.
615
616 The registers a0 to a3 should contain the following values:
617 a0 - number of kernel arguments
618 a1 - 32-bit address of the kernel arguments table
619 a2 - 32-bit address of the environment variables table
620 a3 - RAM size in bytes
621 */
622
623 static void write_bootloader(uint8_t *base, int64_t run_addr,
624 int64_t kernel_entry)
625 {
626 uint32_t *p;
627
628 /* Small bootloader */
629 p = (uint32_t *)base;
630
631 stl_p(p++, 0x08000000 | /* j 0x1fc00580 */
632 ((run_addr + 0x580) & 0x0fffffff) >> 2);
633 stl_p(p++, 0x00000000); /* nop */
634
635 /* YAMON service vector */
636 stl_p(base + 0x500, run_addr + 0x0580); /* start: */
637 stl_p(base + 0x504, run_addr + 0x083c); /* print_count: */
638 stl_p(base + 0x520, run_addr + 0x0580); /* start: */
639 stl_p(base + 0x52c, run_addr + 0x0800); /* flush_cache: */
640 stl_p(base + 0x534, run_addr + 0x0808); /* print: */
641 stl_p(base + 0x538, run_addr + 0x0800); /* reg_cpu_isr: */
642 stl_p(base + 0x53c, run_addr + 0x0800); /* unred_cpu_isr: */
643 stl_p(base + 0x540, run_addr + 0x0800); /* reg_ic_isr: */
644 stl_p(base + 0x544, run_addr + 0x0800); /* unred_ic_isr: */
645 stl_p(base + 0x548, run_addr + 0x0800); /* reg_esr: */
646 stl_p(base + 0x54c, run_addr + 0x0800); /* unreg_esr: */
647 stl_p(base + 0x550, run_addr + 0x0800); /* getchar: */
648 stl_p(base + 0x554, run_addr + 0x0800); /* syscon_read: */
649
650
651 /* Second part of the bootloader */
652 p = (uint32_t *) (base + 0x580);
653
654 if (semihosting_get_argc()) {
655 /* Preserve a0 content as arguments have been passed */
656 stl_p(p++, 0x00000000); /* nop */
657 } else {
658 stl_p(p++, 0x24040002); /* addiu a0, zero, 2 */
659 }
660 stl_p(p++, 0x3c1d0000 | (((ENVP_ADDR - 64) >> 16) & 0xffff)); /* lui sp, high(ENVP_ADDR) */
661 stl_p(p++, 0x37bd0000 | ((ENVP_ADDR - 64) & 0xffff)); /* ori sp, sp, low(ENVP_ADDR) */
662 stl_p(p++, 0x3c050000 | ((ENVP_ADDR >> 16) & 0xffff)); /* lui a1, high(ENVP_ADDR) */
663 stl_p(p++, 0x34a50000 | (ENVP_ADDR & 0xffff)); /* ori a1, a1, low(ENVP_ADDR) */
664 stl_p(p++, 0x3c060000 | (((ENVP_ADDR + 8) >> 16) & 0xffff)); /* lui a2, high(ENVP_ADDR + 8) */
665 stl_p(p++, 0x34c60000 | ((ENVP_ADDR + 8) & 0xffff)); /* ori a2, a2, low(ENVP_ADDR + 8) */
666 stl_p(p++, 0x3c070000 | (loaderparams.ram_low_size >> 16)); /* lui a3, high(ram_low_size) */
667 stl_p(p++, 0x34e70000 | (loaderparams.ram_low_size & 0xffff)); /* ori a3, a3, low(ram_low_size) */
668
669 /* Load BAR registers as done by YAMON */
670 stl_p(p++, 0x3c09b400); /* lui t1, 0xb400 */
671
672 #ifdef TARGET_WORDS_BIGENDIAN
673 stl_p(p++, 0x3c08df00); /* lui t0, 0xdf00 */
674 #else
675 stl_p(p++, 0x340800df); /* ori t0, r0, 0x00df */
676 #endif
677 stl_p(p++, 0xad280068); /* sw t0, 0x0068(t1) */
678
679 stl_p(p++, 0x3c09bbe0); /* lui t1, 0xbbe0 */
680
681 #ifdef TARGET_WORDS_BIGENDIAN
682 stl_p(p++, 0x3c08c000); /* lui t0, 0xc000 */
683 #else
684 stl_p(p++, 0x340800c0); /* ori t0, r0, 0x00c0 */
685 #endif
686 stl_p(p++, 0xad280048); /* sw t0, 0x0048(t1) */
687 #ifdef TARGET_WORDS_BIGENDIAN
688 stl_p(p++, 0x3c084000); /* lui t0, 0x4000 */
689 #else
690 stl_p(p++, 0x34080040); /* ori t0, r0, 0x0040 */
691 #endif
692 stl_p(p++, 0xad280050); /* sw t0, 0x0050(t1) */
693
694 #ifdef TARGET_WORDS_BIGENDIAN
695 stl_p(p++, 0x3c088000); /* lui t0, 0x8000 */
696 #else
697 stl_p(p++, 0x34080080); /* ori t0, r0, 0x0080 */
698 #endif
699 stl_p(p++, 0xad280058); /* sw t0, 0x0058(t1) */
700 #ifdef TARGET_WORDS_BIGENDIAN
701 stl_p(p++, 0x3c083f00); /* lui t0, 0x3f00 */
702 #else
703 stl_p(p++, 0x3408003f); /* ori t0, r0, 0x003f */
704 #endif
705 stl_p(p++, 0xad280060); /* sw t0, 0x0060(t1) */
706
707 #ifdef TARGET_WORDS_BIGENDIAN
708 stl_p(p++, 0x3c08c100); /* lui t0, 0xc100 */
709 #else
710 stl_p(p++, 0x340800c1); /* ori t0, r0, 0x00c1 */
711 #endif
712 stl_p(p++, 0xad280080); /* sw t0, 0x0080(t1) */
713 #ifdef TARGET_WORDS_BIGENDIAN
714 stl_p(p++, 0x3c085e00); /* lui t0, 0x5e00 */
715 #else
716 stl_p(p++, 0x3408005e); /* ori t0, r0, 0x005e */
717 #endif
718 stl_p(p++, 0xad280088); /* sw t0, 0x0088(t1) */
719
720 /* Jump to kernel code */
721 stl_p(p++, 0x3c1f0000 | ((kernel_entry >> 16) & 0xffff)); /* lui ra, high(kernel_entry) */
722 stl_p(p++, 0x37ff0000 | (kernel_entry & 0xffff)); /* ori ra, ra, low(kernel_entry) */
723 stl_p(p++, 0x03e00009); /* jalr ra */
724 stl_p(p++, 0x00000000); /* nop */
725
726 /* YAMON subroutines */
727 p = (uint32_t *) (base + 0x800);
728 stl_p(p++, 0x03e00009); /* jalr ra */
729 stl_p(p++, 0x24020000); /* li v0,0 */
730 /* 808 YAMON print */
731 stl_p(p++, 0x03e06821); /* move t5,ra */
732 stl_p(p++, 0x00805821); /* move t3,a0 */
733 stl_p(p++, 0x00a05021); /* move t2,a1 */
734 stl_p(p++, 0x91440000); /* lbu a0,0(t2) */
735 stl_p(p++, 0x254a0001); /* addiu t2,t2,1 */
736 stl_p(p++, 0x10800005); /* beqz a0,834 */
737 stl_p(p++, 0x00000000); /* nop */
738 stl_p(p++, 0x0ff0021c); /* jal 870 */
739 stl_p(p++, 0x00000000); /* nop */
740 stl_p(p++, 0x1000fff9); /* b 814 */
741 stl_p(p++, 0x00000000); /* nop */
742 stl_p(p++, 0x01a00009); /* jalr t5 */
743 stl_p(p++, 0x01602021); /* move a0,t3 */
744 /* 0x83c YAMON print_count */
745 stl_p(p++, 0x03e06821); /* move t5,ra */
746 stl_p(p++, 0x00805821); /* move t3,a0 */
747 stl_p(p++, 0x00a05021); /* move t2,a1 */
748 stl_p(p++, 0x00c06021); /* move t4,a2 */
749 stl_p(p++, 0x91440000); /* lbu a0,0(t2) */
750 stl_p(p++, 0x0ff0021c); /* jal 870 */
751 stl_p(p++, 0x00000000); /* nop */
752 stl_p(p++, 0x254a0001); /* addiu t2,t2,1 */
753 stl_p(p++, 0x258cffff); /* addiu t4,t4,-1 */
754 stl_p(p++, 0x1580fffa); /* bnez t4,84c */
755 stl_p(p++, 0x00000000); /* nop */
756 stl_p(p++, 0x01a00009); /* jalr t5 */
757 stl_p(p++, 0x01602021); /* move a0,t3 */
758 /* 0x870 */
759 stl_p(p++, 0x3c08b800); /* lui t0,0xb400 */
760 stl_p(p++, 0x350803f8); /* ori t0,t0,0x3f8 */
761 stl_p(p++, 0x91090005); /* lbu t1,5(t0) */
762 stl_p(p++, 0x00000000); /* nop */
763 stl_p(p++, 0x31290040); /* andi t1,t1,0x40 */
764 stl_p(p++, 0x1120fffc); /* beqz t1,878 <outch+0x8> */
765 stl_p(p++, 0x00000000); /* nop */
766 stl_p(p++, 0x03e00009); /* jalr ra */
767 stl_p(p++, 0xa1040000); /* sb a0,0(t0) */
768
769 }
770
771 static void GCC_FMT_ATTR(3, 4) prom_set(uint32_t* prom_buf, int index,
772 const char *string, ...)
773 {
774 va_list ap;
775 int32_t table_addr;
776
777 if (index >= ENVP_NB_ENTRIES)
778 return;
779
780 if (string == NULL) {
781 prom_buf[index] = 0;
782 return;
783 }
784
785 table_addr = sizeof(int32_t) * ENVP_NB_ENTRIES + index * ENVP_ENTRY_SIZE;
786 prom_buf[index] = tswap32(ENVP_ADDR + table_addr);
787
788 va_start(ap, string);
789 vsnprintf((char *)prom_buf + table_addr, ENVP_ENTRY_SIZE, string, ap);
790 va_end(ap);
791 }
792
793 /* Kernel */
794 static int64_t load_kernel (void)
795 {
796 int64_t kernel_entry, kernel_high;
797 long kernel_size, initrd_size;
798 ram_addr_t initrd_offset;
799 int big_endian;
800 uint32_t *prom_buf;
801 long prom_size;
802 int prom_index = 0;
803 uint64_t (*xlate_to_kseg0) (void *opaque, uint64_t addr);
804
805 #ifdef TARGET_WORDS_BIGENDIAN
806 big_endian = 1;
807 #else
808 big_endian = 0;
809 #endif
810
811 kernel_size = load_elf(loaderparams.kernel_filename, cpu_mips_kseg0_to_phys,
812 NULL, (uint64_t *)&kernel_entry, NULL,
813 (uint64_t *)&kernel_high, big_endian, EM_MIPS, 1, 0);
814 if (kernel_size < 0) {
815 error_report("could not load kernel '%s': %s",
816 loaderparams.kernel_filename,
817 load_elf_strerror(kernel_size));
818 exit(1);
819 }
820
821 /* Check where the kernel has been linked */
822 if (kernel_entry & 0x80000000ll) {
823 if (kvm_enabled()) {
824 error_report("KVM guest kernels must be linked in useg. "
825 "Did you forget to enable CONFIG_KVM_GUEST?");
826 exit(1);
827 }
828
829 xlate_to_kseg0 = cpu_mips_phys_to_kseg0;
830 } else {
831 /* if kernel entry is in useg it is probably a KVM T&E kernel */
832 mips_um_ksegs_enable();
833
834 xlate_to_kseg0 = cpu_mips_kvm_um_phys_to_kseg0;
835 }
836
837 /* load initrd */
838 initrd_size = 0;
839 initrd_offset = 0;
840 if (loaderparams.initrd_filename) {
841 initrd_size = get_image_size (loaderparams.initrd_filename);
842 if (initrd_size > 0) {
843 /* The kernel allocates the bootmap memory in the low memory after
844 the initrd. It takes at most 128kiB for 2GB RAM and 4kiB
845 pages. */
846 initrd_offset = (loaderparams.ram_low_size - initrd_size - 131072
847 - ~INITRD_PAGE_MASK) & INITRD_PAGE_MASK;
848 if (kernel_high >= initrd_offset) {
849 error_report("memory too small for initial ram disk '%s'",
850 loaderparams.initrd_filename);
851 exit(1);
852 }
853 initrd_size = load_image_targphys(loaderparams.initrd_filename,
854 initrd_offset,
855 ram_size - initrd_offset);
856 }
857 if (initrd_size == (target_ulong) -1) {
858 error_report("could not load initial ram disk '%s'",
859 loaderparams.initrd_filename);
860 exit(1);
861 }
862 }
863
864 /* Setup prom parameters. */
865 prom_size = ENVP_NB_ENTRIES * (sizeof(int32_t) + ENVP_ENTRY_SIZE);
866 prom_buf = g_malloc(prom_size);
867
868 prom_set(prom_buf, prom_index++, "%s", loaderparams.kernel_filename);
869 if (initrd_size > 0) {
870 prom_set(prom_buf, prom_index++, "rd_start=0x%" PRIx64 " rd_size=%li %s",
871 xlate_to_kseg0(NULL, initrd_offset), initrd_size,
872 loaderparams.kernel_cmdline);
873 } else {
874 prom_set(prom_buf, prom_index++, "%s", loaderparams.kernel_cmdline);
875 }
876
877 prom_set(prom_buf, prom_index++, "memsize");
878 prom_set(prom_buf, prom_index++, "%u", loaderparams.ram_low_size);
879
880 prom_set(prom_buf, prom_index++, "ememsize");
881 prom_set(prom_buf, prom_index++, "%u", loaderparams.ram_size);
882
883 prom_set(prom_buf, prom_index++, "modetty0");
884 prom_set(prom_buf, prom_index++, "38400n8r");
885 prom_set(prom_buf, prom_index++, NULL);
886
887 rom_add_blob_fixed("prom", prom_buf, prom_size,
888 cpu_mips_kseg0_to_phys(NULL, ENVP_ADDR));
889
890 g_free(prom_buf);
891 return kernel_entry;
892 }
893
894 static void malta_mips_config(MIPSCPU *cpu)
895 {
896 CPUMIPSState *env = &cpu->env;
897 CPUState *cs = CPU(cpu);
898
899 env->mvp->CP0_MVPConf0 |= ((smp_cpus - 1) << CP0MVPC0_PVPE) |
900 ((smp_cpus * cs->nr_threads - 1) << CP0MVPC0_PTC);
901 }
902
903 static void main_cpu_reset(void *opaque)
904 {
905 MIPSCPU *cpu = opaque;
906 CPUMIPSState *env = &cpu->env;
907
908 cpu_reset(CPU(cpu));
909
910 /* The bootloader does not need to be rewritten as it is located in a
911 read only location. The kernel location and the arguments table
912 location does not change. */
913 if (loaderparams.kernel_filename) {
914 env->CP0_Status &= ~(1 << CP0St_ERL);
915 }
916
917 malta_mips_config(cpu);
918
919 if (kvm_enabled()) {
920 /* Start running from the bootloader we wrote to end of RAM */
921 env->active_tc.PC = 0x40000000 + loaderparams.ram_low_size;
922 }
923 }
924
925 static void create_cpu_without_cps(const char *cpu_type,
926 qemu_irq *cbus_irq, qemu_irq *i8259_irq)
927 {
928 CPUMIPSState *env;
929 MIPSCPU *cpu;
930 int i;
931
932 for (i = 0; i < smp_cpus; i++) {
933 cpu = MIPS_CPU(cpu_create(cpu_type));
934
935 /* Init internal devices */
936 cpu_mips_irq_init_cpu(cpu);
937 cpu_mips_clock_init(cpu);
938 qemu_register_reset(main_cpu_reset, cpu);
939 }
940
941 cpu = MIPS_CPU(first_cpu);
942 env = &cpu->env;
943 *i8259_irq = env->irq[2];
944 *cbus_irq = env->irq[4];
945 }
946
947 static void create_cps(MaltaState *s, const char *cpu_type,
948 qemu_irq *cbus_irq, qemu_irq *i8259_irq)
949 {
950 Error *err = NULL;
951
952 s->cps = MIPS_CPS(object_new(TYPE_MIPS_CPS));
953 qdev_set_parent_bus(DEVICE(s->cps), sysbus_get_default());
954
955 object_property_set_str(OBJECT(s->cps), cpu_type, "cpu-type", &err);
956 object_property_set_int(OBJECT(s->cps), smp_cpus, "num-vp", &err);
957 object_property_set_bool(OBJECT(s->cps), true, "realized", &err);
958 if (err != NULL) {
959 error_report("%s", error_get_pretty(err));
960 exit(1);
961 }
962
963 sysbus_mmio_map_overlap(SYS_BUS_DEVICE(s->cps), 0, 0, 1);
964
965 *i8259_irq = get_cps_irq(s->cps, 3);
966 *cbus_irq = NULL;
967 }
968
969 static void mips_create_cpu(MaltaState *s, const char *cpu_type,
970 qemu_irq *cbus_irq, qemu_irq *i8259_irq)
971 {
972 if ((smp_cpus > 1) && cpu_supports_cps_smp(cpu_type)) {
973 create_cps(s, cpu_type, cbus_irq, i8259_irq);
974 } else {
975 create_cpu_without_cps(cpu_type, cbus_irq, i8259_irq);
976 }
977 }
978
979 static
980 void mips_malta_init(MachineState *machine)
981 {
982 ram_addr_t ram_size = machine->ram_size;
983 ram_addr_t ram_low_size;
984 const char *kernel_filename = machine->kernel_filename;
985 const char *kernel_cmdline = machine->kernel_cmdline;
986 const char *initrd_filename = machine->initrd_filename;
987 char *filename;
988 pflash_t *fl;
989 MemoryRegion *system_memory = get_system_memory();
990 MemoryRegion *ram_high = g_new(MemoryRegion, 1);
991 MemoryRegion *ram_low_preio = g_new(MemoryRegion, 1);
992 MemoryRegion *ram_low_postio;
993 MemoryRegion *bios, *bios_copy = g_new(MemoryRegion, 1);
994 target_long bios_size = FLASH_SIZE;
995 const size_t smbus_eeprom_size = 8 * 256;
996 uint8_t *smbus_eeprom_buf = g_malloc0(smbus_eeprom_size);
997 int64_t kernel_entry, bootloader_run_addr;
998 PCIBus *pci_bus;
999 ISABus *isa_bus;
1000 qemu_irq *isa_irq;
1001 qemu_irq cbus_irq, i8259_irq;
1002 int piix4_devfn;
1003 I2CBus *smbus;
1004 DriveInfo *dinfo;
1005 DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
1006 int fl_idx = 0;
1007 int fl_sectors = bios_size >> 16;
1008 int be;
1009
1010 DeviceState *dev = qdev_create(NULL, TYPE_MIPS_MALTA);
1011 MaltaState *s = MIPS_MALTA(dev);
1012
1013 /* The whole address space decoded by the GT-64120A doesn't generate
1014 exception when accessing invalid memory. Create an empty slot to
1015 emulate this feature. */
1016 empty_slot_init(0, 0x20000000);
1017
1018 qdev_init_nofail(dev);
1019
1020 /* create CPU */
1021 mips_create_cpu(s, machine->cpu_type, &cbus_irq, &i8259_irq);
1022
1023 /* allocate RAM */
1024 if (ram_size > (2048u << 20)) {
1025 error_report("Too much memory for this machine: %dMB, maximum 2048MB",
1026 ((unsigned int)ram_size / (1 << 20)));
1027 exit(1);
1028 }
1029
1030 /* register RAM at high address where it is undisturbed by IO */
1031 memory_region_allocate_system_memory(ram_high, NULL, "mips_malta.ram",
1032 ram_size);
1033 memory_region_add_subregion(system_memory, 0x80000000, ram_high);
1034
1035 /* alias for pre IO hole access */
1036 memory_region_init_alias(ram_low_preio, NULL, "mips_malta_low_preio.ram",
1037 ram_high, 0, MIN(ram_size, (256 << 20)));
1038 memory_region_add_subregion(system_memory, 0, ram_low_preio);
1039
1040 /* alias for post IO hole access, if there is enough RAM */
1041 if (ram_size > (512 << 20)) {
1042 ram_low_postio = g_new(MemoryRegion, 1);
1043 memory_region_init_alias(ram_low_postio, NULL,
1044 "mips_malta_low_postio.ram",
1045 ram_high, 512 << 20,
1046 ram_size - (512 << 20));
1047 memory_region_add_subregion(system_memory, 512 << 20, ram_low_postio);
1048 }
1049
1050 #ifdef TARGET_WORDS_BIGENDIAN
1051 be = 1;
1052 #else
1053 be = 0;
1054 #endif
1055
1056 /* FPGA */
1057
1058 /* The CBUS UART is attached to the MIPS CPU INT2 pin, ie interrupt 4 */
1059 malta_fpga_init(system_memory, FPGA_ADDRESS, cbus_irq, serial_hd(2));
1060
1061 /* Load firmware in flash / BIOS. */
1062 dinfo = drive_get(IF_PFLASH, 0, fl_idx);
1063 #ifdef DEBUG_BOARD_INIT
1064 if (dinfo) {
1065 printf("Register parallel flash %d size " TARGET_FMT_lx " at "
1066 "addr %08llx '%s' %x\n",
1067 fl_idx, bios_size, FLASH_ADDRESS,
1068 blk_name(dinfo->bdrv), fl_sectors);
1069 }
1070 #endif
1071 fl = pflash_cfi01_register(FLASH_ADDRESS, NULL, "mips_malta.bios",
1072 BIOS_SIZE,
1073 dinfo ? blk_by_legacy_dinfo(dinfo) : NULL,
1074 65536, fl_sectors,
1075 4, 0x0000, 0x0000, 0x0000, 0x0000, be);
1076 bios = pflash_cfi01_get_memory(fl);
1077 fl_idx++;
1078 if (kernel_filename) {
1079 ram_low_size = MIN(ram_size, 256 << 20);
1080 /* For KVM we reserve 1MB of RAM for running bootloader */
1081 if (kvm_enabled()) {
1082 ram_low_size -= 0x100000;
1083 bootloader_run_addr = 0x40000000 + ram_low_size;
1084 } else {
1085 bootloader_run_addr = 0xbfc00000;
1086 }
1087
1088 /* Write a small bootloader to the flash location. */
1089 loaderparams.ram_size = ram_size;
1090 loaderparams.ram_low_size = ram_low_size;
1091 loaderparams.kernel_filename = kernel_filename;
1092 loaderparams.kernel_cmdline = kernel_cmdline;
1093 loaderparams.initrd_filename = initrd_filename;
1094 kernel_entry = load_kernel();
1095
1096 write_bootloader(memory_region_get_ram_ptr(bios),
1097 bootloader_run_addr, kernel_entry);
1098 if (kvm_enabled()) {
1099 /* Write the bootloader code @ the end of RAM, 1MB reserved */
1100 write_bootloader(memory_region_get_ram_ptr(ram_low_preio) +
1101 ram_low_size,
1102 bootloader_run_addr, kernel_entry);
1103 }
1104 } else {
1105 /* The flash region isn't executable from a KVM guest */
1106 if (kvm_enabled()) {
1107 error_report("KVM enabled but no -kernel argument was specified. "
1108 "Booting from flash is not supported with KVM.");
1109 exit(1);
1110 }
1111 /* Load firmware from flash. */
1112 if (!dinfo) {
1113 /* Load a BIOS image. */
1114 if (bios_name == NULL) {
1115 bios_name = BIOS_FILENAME;
1116 }
1117 filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
1118 if (filename) {
1119 bios_size = load_image_targphys(filename, FLASH_ADDRESS,
1120 BIOS_SIZE);
1121 g_free(filename);
1122 } else {
1123 bios_size = -1;
1124 }
1125 if ((bios_size < 0 || bios_size > BIOS_SIZE) &&
1126 !kernel_filename && !qtest_enabled()) {
1127 error_report("Could not load MIPS bios '%s', and no "
1128 "-kernel argument was specified", bios_name);
1129 exit(1);
1130 }
1131 }
1132 /* In little endian mode the 32bit words in the bios are swapped,
1133 a neat trick which allows bi-endian firmware. */
1134 #ifndef TARGET_WORDS_BIGENDIAN
1135 {
1136 uint32_t *end, *addr;
1137 const size_t swapsize = MIN(bios_size, 0x3e0000);
1138 addr = rom_ptr(FLASH_ADDRESS, swapsize);
1139 if (!addr) {
1140 addr = memory_region_get_ram_ptr(bios);
1141 }
1142 end = (void *)addr + swapsize;
1143 while (addr < end) {
1144 bswap32s(addr);
1145 addr++;
1146 }
1147 }
1148 #endif
1149 }
1150
1151 /*
1152 * Map the BIOS at a 2nd physical location, as on the real board.
1153 * Copy it so that we can patch in the MIPS revision, which cannot be
1154 * handled by an overlapping region as the resulting ROM code subpage
1155 * regions are not executable.
1156 */
1157 memory_region_init_ram(bios_copy, NULL, "bios.1fc", BIOS_SIZE,
1158 &error_fatal);
1159 if (!rom_copy(memory_region_get_ram_ptr(bios_copy),
1160 FLASH_ADDRESS, BIOS_SIZE)) {
1161 memcpy(memory_region_get_ram_ptr(bios_copy),
1162 memory_region_get_ram_ptr(bios), BIOS_SIZE);
1163 }
1164 memory_region_set_readonly(bios_copy, true);
1165 memory_region_add_subregion(system_memory, RESET_ADDRESS, bios_copy);
1166
1167 /* Board ID = 0x420 (Malta Board with CoreLV) */
1168 stl_p(memory_region_get_ram_ptr(bios_copy) + 0x10, 0x00000420);
1169
1170 /*
1171 * We have a circular dependency problem: pci_bus depends on isa_irq,
1172 * isa_irq is provided by i8259, i8259 depends on ISA, ISA depends
1173 * on piix4, and piix4 depends on pci_bus. To stop the cycle we have
1174 * qemu_irq_proxy() adds an extra bit of indirection, allowing us
1175 * to resolve the isa_irq -> i8259 dependency after i8259 is initialized.
1176 */
1177 isa_irq = qemu_irq_proxy(&s->i8259, 16);
1178
1179 /* Northbridge */
1180 pci_bus = gt64120_register(isa_irq);
1181
1182 /* Southbridge */
1183 ide_drive_get(hd, ARRAY_SIZE(hd));
1184
1185 piix4_devfn = piix4_init(pci_bus, &isa_bus, 80);
1186
1187 /* Interrupt controller */
1188 /* The 8259 is attached to the MIPS CPU INT0 pin, ie interrupt 2 */
1189 s->i8259 = i8259_init(isa_bus, i8259_irq);
1190
1191 isa_bus_irqs(isa_bus, s->i8259);
1192 pci_piix4_ide_init(pci_bus, hd, piix4_devfn + 1);
1193 pci_create_simple(pci_bus, piix4_devfn + 2, "piix4-usb-uhci");
1194 smbus = piix4_pm_init(pci_bus, piix4_devfn + 3, 0x1100,
1195 isa_get_irq(NULL, 9), NULL, 0, NULL);
1196 pit = i8254_pit_init(isa_bus, 0x40, 0, NULL);
1197 i8257_dma_init(isa_bus, 0);
1198 mc146818_rtc_init(isa_bus, 2000, NULL);
1199
1200 /* generate SPD EEPROM data */
1201 generate_eeprom_spd(&smbus_eeprom_buf[0 * 256], ram_size);
1202 generate_eeprom_serial(&smbus_eeprom_buf[6 * 256]);
1203 smbus_eeprom_init(smbus, 8, smbus_eeprom_buf, smbus_eeprom_size);
1204 g_free(smbus_eeprom_buf);
1205
1206 /* Super I/O: SMS FDC37M817 */
1207 isa_create_simple(isa_bus, TYPE_FDC37M81X_SUPERIO);
1208
1209 /* Network card */
1210 network_init(pci_bus);
1211
1212 /* Optional PCI video card */
1213 pci_vga_init(pci_bus);
1214 }
1215
1216 static int mips_malta_sysbus_device_init(SysBusDevice *sysbusdev)
1217 {
1218 return 0;
1219 }
1220
1221 static void mips_malta_class_init(ObjectClass *klass, void *data)
1222 {
1223 SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
1224
1225 k->init = mips_malta_sysbus_device_init;
1226 }
1227
1228 static const TypeInfo mips_malta_device = {
1229 .name = TYPE_MIPS_MALTA,
1230 .parent = TYPE_SYS_BUS_DEVICE,
1231 .instance_size = sizeof(MaltaState),
1232 .class_init = mips_malta_class_init,
1233 };
1234
1235 static void mips_malta_machine_init(MachineClass *mc)
1236 {
1237 mc->desc = "MIPS Malta Core LV";
1238 mc->init = mips_malta_init;
1239 mc->block_default_type = IF_IDE;
1240 mc->max_cpus = 16;
1241 mc->is_default = 1;
1242 #ifdef TARGET_MIPS64
1243 mc->default_cpu_type = MIPS_CPU_TYPE_NAME("20Kc");
1244 #else
1245 mc->default_cpu_type = MIPS_CPU_TYPE_NAME("24Kf");
1246 #endif
1247 }
1248
1249 DEFINE_MACHINE("malta", mips_malta_machine_init)
1250
1251 static void mips_malta_register_types(void)
1252 {
1253 type_register_static(&mips_malta_device);
1254 }
1255
1256 type_init(mips_malta_register_types)