[Qemu-devel] [PATCH] PPC: Get -M bamboo work with TCG

[Qemu-devel] [PATCH] PPC: Get -M bamboo work with TCG

[Alexander Graf]

The -M bamboo target got introduced by Hollis back in the day as a way
to run KVM code on ppc440. Unfortunately, since then it's been bitrot
quite a bit.

One of the reasons for this is that nobody without a ppc440 board can
actually run the code, so even if there were volunteers to improve the
code, they couldn't because they can't test their changes.

This patch set is enough to at least get a Linux guest kernel up for me.
I hope with this we can have a successfully working 440 target in QEMU.

Thanks to Anthony for the reminder that this is a serious issue.

Alex

Alexander Graf (4):
  PPC: 440EP: Initialize timer
  PPC: Bamboo: Register CPU reset
  PPC: Bamboo: Set initial TLB entry
  PPC: 440: Ignore invalid PCI IRQs

 hw/ppc440.c        |    1 +
 hw/ppc440_bamboo.c |   46 +++++++++++++++++++++++++++++++++++++++-------
 hw/ppc4xx_pci.c    |    4 ++++
 3 files changed, 44 insertions(+), 7 deletions(-)

[Qemu-devel] [PATCH] PPC: 440EP: Initialize timer

[Alexander Graf]

When using TCG with a BookE PowerPC core, we need to explicitly initialize
the BookE timers with the correct frequencies.

This was missing for 440EP, since that code came from KVM and was never used
with TCG.

Signed-off-by: Alexander Graf <agraf@suse.de>
---
 hw/ppc440.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/hw/ppc440.c b/hw/ppc440.c
index cd8a95d..f7779bf 100644
--- a/hw/ppc440.c
+++ b/hw/ppc440.c
@@ -56,6 +56,7 @@ CPUState *ppc440ep_init(MemoryRegion *address_space_mem, ram_addr_t *ram_size,
         exit(1);
     }
 
+    ppc_booke_timers_init(env, 400000000, 0);
     ppc_dcr_init(env, NULL, NULL);
 
     /* interrupt controller */
-- 
1.6.0.2

[Qemu-devel] [PATCH] PPC: Bamboo: Register CPU reset

[Alexander Graf]

To be able to support CPU reset, we need to put all register initialization
and initial state into a CPU reset hook instead of a function that is only
called once on bootup.

This is a preparation step for the initial TLB setting code and brings bamboo
more in line with what e500 and virtex already do.

Signed-off-by: Alexander Graf <agraf@suse.de>
---
 hw/ppc440_bamboo.c |   19 +++++++++++++------
 1 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/hw/ppc440_bamboo.c b/hw/ppc440_bamboo.c
index b734e3a..f82d587 100644
--- a/hw/ppc440_bamboo.c
+++ b/hw/ppc440_bamboo.c
@@ -32,6 +32,8 @@
 #define FDT_ADDR     0x1800000
 #define RAMDISK_ADDR 0x1900000
 
+static target_phys_addr_t entry;
+
 static int bamboo_load_device_tree(target_phys_addr_t addr,
                                      uint32_t ramsize,
                                      target_phys_addr_t initrd_base,
@@ -101,6 +103,16 @@ out:
     return ret;
 }
 
+static void main_cpu_reset(void *opaque)
+{
+    CPUState *env = opaque;
+
+    cpu_reset(env);
+    env->gpr[1] = (16<<20) - 8;
+    env->gpr[3] = FDT_ADDR;
+    env->nip = entry;
+}
+
 static void bamboo_init(ram_addr_t ram_size,
                         const char *boot_device,
                         const char *kernel_filename,
@@ -114,7 +126,6 @@ static void bamboo_init(ram_addr_t ram_size,
     CPUState *env;
     uint64_t elf_entry;
     uint64_t elf_lowaddr;
-    target_phys_addr_t entry = 0;
     target_phys_addr_t loadaddr = 0;
     target_long initrd_size = 0;
     int success;
@@ -123,6 +134,7 @@ static void bamboo_init(ram_addr_t ram_size,
     /* Setup CPU. */
     env = ppc440ep_init(address_space_mem, &ram_size, &pcibus,
                         pci_irq_nrs, 1, cpu_model);
+    qemu_register_reset(main_cpu_reset, env);
 
     if (pcibus) {
         /* Register network interfaces. */
@@ -169,11 +181,6 @@ static void bamboo_init(ram_addr_t ram_size,
             fprintf(stderr, "couldn't load device tree\n");
             exit(1);
         }
-
-        /* Set initial guest state. */
-        env->gpr[1] = (16<<20) - 8;
-        env->gpr[3] = FDT_ADDR;
-        env->nip = entry;
         /* XXX we currently depend on KVM to create some initial TLB entries. */
     }
 
-- 
1.6.0.2

[Qemu-devel] [PATCH] PPC: Bamboo: Set initial TLB entry

[Alexander Graf]

Back in the day when the bamboo target got introduced, the initial TLB was
dictated by KVM. TCG has been missing initial TLB values ever since, rendering
the target unusable for TCG usage.

This patch adds linear TLB maps the way Linux expects them, making the target
work.

Signed-off-by: Alexander Graf <agraf@suse.de>
---
 hw/ppc440_bamboo.c |   27 ++++++++++++++++++++++++++-
 1 files changed, 26 insertions(+), 1 deletions(-)

diff --git a/hw/ppc440_bamboo.c b/hw/ppc440_bamboo.c
index f82d587..c17f6f7 100644
--- a/hw/ppc440_bamboo.c
+++ b/hw/ppc440_bamboo.c
@@ -103,6 +103,29 @@ out:
     return ret;
 }
 
+/* Create reset TLB entries for BookE, spanning the 32bit addr space.  */
+static void mmubooke_create_initial_mapping(CPUState *env,
+                                     target_ulong va,
+                                     target_phys_addr_t pa)
+{
+    ppcemb_tlb_t *tlb = &env->tlb.tlbe[0];
+
+    tlb->attr = 0;
+    tlb->prot = PAGE_VALID | ((PAGE_READ | PAGE_WRITE | PAGE_EXEC) << 4);
+    tlb->size = 1 << 31; /* up to 0x80000000  */
+    tlb->EPN = va & TARGET_PAGE_MASK;
+    tlb->RPN = pa & TARGET_PAGE_MASK;
+    tlb->PID = 0;
+
+    tlb = &env->tlb.tlbe[1];
+    tlb->attr = 0;
+    tlb->prot = PAGE_VALID | ((PAGE_READ | PAGE_WRITE | PAGE_EXEC) << 4);
+    tlb->size = 1 << 31; /* up to 0xffffffff  */
+    tlb->EPN = 0x80000000 & TARGET_PAGE_MASK;
+    tlb->RPN = 0x80000000 & TARGET_PAGE_MASK;
+    tlb->PID = 0;
+}
+
 static void main_cpu_reset(void *opaque)
 {
     CPUState *env = opaque;
@@ -111,6 +134,9 @@ static void main_cpu_reset(void *opaque)
     env->gpr[1] = (16<<20) - 8;
     env->gpr[3] = FDT_ADDR;
     env->nip = entry;
+
+    /* Create a mapping for the kernel.  */
+    mmubooke_create_initial_mapping(env, 0, 0);
 }
 
 static void bamboo_init(ram_addr_t ram_size,
@@ -181,7 +207,6 @@ static void bamboo_init(ram_addr_t ram_size,
             fprintf(stderr, "couldn't load device tree\n");
             exit(1);
         }
-        /* XXX we currently depend on KVM to create some initial TLB entries. */
     }
 
     if (kvm_enabled())
-- 
1.6.0.2

[Qemu-devel] [PATCH] PPC: 440: Ignore invalid PCI IRQs

[Alexander Graf]

When running a 440 target, we currently get invalid irq_num values (-1)
which completely confuse the IRQ setting code.

This is most likely due to the missing qdev conversion.

While this shouldn't happen in the first place and should really rather
be fixed by converting the target, I dislike segfaults. So for now, let's
just print a warning and ignore invalid irq_num values.

Signed-off-by: Alexander Graf <agraf@suse.de>
---
 hw/ppc4xx_pci.c |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/hw/ppc4xx_pci.c b/hw/ppc4xx_pci.c
index 2c69210..1bf785b 100644
--- a/hw/ppc4xx_pci.c
+++ b/hw/ppc4xx_pci.c
@@ -275,6 +275,10 @@ static void ppc4xx_pci_set_irq(void *opaque, int irq_num, int level)
     qemu_irq *pci_irqs = opaque;
 
     DPRINTF("%s: PCI irq %d\n", __func__, irq_num);
+    if (irq_num < 0) {
+        fprintf(stderr, "%s: PCI irq %d\n", __func__, irq_num);
+        return;
+    }
     qemu_set_irq(pci_irqs[irq_num], level);
 }
 
-- 
1.6.0.2