From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:40336)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Leon.Alrae@imgtec.com>) id 1bT3pe-00077V-7c
	for qemu-devel@nongnu.org; Fri, 29 Jul 2016 05:11:51 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Leon.Alrae@imgtec.com>) id 1bT3pb-0003yI-Hh
	for qemu-devel@nongnu.org; Fri, 29 Jul 2016 05:11:49 -0400
Received: from mailapp01.imgtec.com ([195.59.15.196]:7750)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Leon.Alrae@imgtec.com>) id 1bT3pb-0003y4-Bj
	for qemu-devel@nongnu.org; Fri, 29 Jul 2016 05:11:47 -0400
From: Leon Alrae <leon.alrae@imgtec.com>
Date: Fri, 29 Jul 2016 10:11:11 +0100
Message-ID: <1469783472-18639-2-git-send-email-leon.alrae@imgtec.com>
In-Reply-To: <1469783472-18639-1-git-send-email-leon.alrae@imgtec.com>
References: <1469783472-18639-1-git-send-email-leon.alrae@imgtec.com>
MIME-Version: 1.0
Content-Type: text/plain
Subject: [Qemu-devel] [PULL 1/2] hw/mips_malta: Fix YAMON API print routine
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: Paul Burton <paul.burton@imgtec.com>, Aurelien Jarno <aurelien@aurel32.net>

From: Paul Burton <paul.burton@imgtec.com>

The print routine provided as part of the in-built bootloader had a bug
in that it attempted to use a jump instruction as part of a loop, but
the target has its upper bits zeroed leading to control flow
transferring to 0xb0000814 rather than the intended 0xbfc00814. Fix this
by using a branch instruction instead, which seems more fit for purpose.

A simple way to test this is to build a Linux kernel with EVA enabled &
attempt to boot it in QEMU. It will attempt to print a message
indicating the configuration mismatch but QEMU would previously
incorrectly jump & wind up printing a continuous stream of the letter E.

Signed-off-by: Paul Burton <paul.burton@imgtec.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Cc: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
---
 hw/mips/mips_malta.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index 34d41ef..e90857e 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -727,7 +727,7 @@ static void write_bootloader(uint8_t *base, int64_t run_addr,
     stl_p(p++, 0x00000000);                                     /* nop */
     stl_p(p++, 0x0ff0021c);                                     /* jal 870 */
     stl_p(p++, 0x00000000);                                     /* nop */
-    stl_p(p++, 0x08000205);                                     /* j 814 */
+    stl_p(p++, 0x1000fff9);                                     /* b 814 */
     stl_p(p++, 0x00000000);                                     /* nop */
     stl_p(p++, 0x01a00009);                                     /* jalr t5 */
     stl_p(p++, 0x01602021);                                     /* move a0,t3 */
-- 
2.7.4