From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1MG3wW-0004t9-Cm
	for qemu-devel@nongnu.org; Mon, 15 Jun 2009 00:37:12 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1MG3wT-0004mU-19
	for qemu-devel@nongnu.org; Mon, 15 Jun 2009 00:37:12 -0400
Received: from [199.232.76.173] (port=58508 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1MG3wS-0004mM-MS
	for qemu-devel@nongnu.org; Mon, 15 Jun 2009 00:37:08 -0400
Received: from wf-out-1314.google.com ([209.85.200.169]:11598)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <wangbj@gmail.com>) id 1MG3wS-0005rU-4d
	for qemu-devel@nongnu.org; Mon, 15 Jun 2009 00:37:08 -0400
Received: by wf-out-1314.google.com with SMTP id 26so1376359wfd.4
	for <qemu-devel@nongnu.org>; Sun, 14 Jun 2009 21:37:06 -0700 (PDT)
MIME-Version: 1.0
In-Reply-To: <f43fc5580906141133q750f4f6dg5e5eda27eeb5d2e8@mail.gmail.com>
References: <fb412d760906141028n65e50602kd6e5fb08a1510fba@mail.gmail.com>
	<f43fc5580906141133q750f4f6dg5e5eda27eeb5d2e8@mail.gmail.com>
Date: Mon, 15 Jun 2009 12:37:06 +0800
Message-ID: <3cdfa5bc0906142137o31db2bcj2e00f2123bd07fc1@mail.gmail.com>
Subject: Re: [Qemu-devel] PowerPC 440 support
From: Baojun Wang <wangbj@gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Blue Swirl <blauwirbel@gmail.com>
Cc: qemu-devel@nongnu.org, "Richard W.M. Jones" <rjones@redhat.com>, Hollis Blanchard <hollis@penguinppc.org>

I think we can use u-boot as the firmware for testing, but to compile
u-boot, we have to choose a board first..

for bamboo (440ep) or mpc8544ds, we could compile a u-boot like:

make ARCH=3Dppc bamboo_config
or
make ARCH=3Dppc MPC8544DS_config

then

make ARCH=3Dppc CROSS_COMPILE=3Dpowerpc-unknown-linux-gnu-

this will produce u-boot.bin, and we could use

qemu-system-ppcemb -m bamboo -kernel u-boot.bin -net nic -net tap

to verify if qemu-works.

during reset, the ppc processor start (ip) at address 0xFFFF_FFFC, so
I think we need a firmware be loaded at that address.
I have check ppc_oldworld.c, it tries to load the firmware first
openbios-ppc (should be of compatible) :

    snprintf(buf, sizeof(buf), "%s/%s", bios_dir, bios_name);
    cpu_register_physical_memory(PROM_ADDR, BIOS_SIZE, bios_offset |
IO_MEM_ROM);

    /* Load OpenBIOS (ELF) */
    bios_size =3D load_elf(buf, 0, NULL, NULL, NULL);

PROM_ADDR is at 0xFFF0_0000 and BIOS_SIZE is 1MB (last 1MB, mpc85xx
default ROM location is last 8MB from 0xFF80_0000, but boot loader
like u-boot only use the last 512KB), and the openbios-ppc should be a
crafted ELF file just like u-boot which have put some _magic_ at
0xFFFF_FFFC so that the CPU could go on during reset.

I have ever used qemu-system-arm to start the integratorcp board's
u-boot, and then use the u-boot to start a linux kernel (integratorcp)
successfully.

Few days ago I haved tried to uncomment the CONFIG_USER_ONLY macro in
ppc/translate_init.c, but qemu-system-ppcemb still failed, so I guess
the ppc booke softmmu still have some minor problem.

  Best Regards,
Wang

On Mon, Jun 15, 2009 at 2:33 AM, Blue Swirl<blauwirbel@gmail.com> wrote:
> Sorry, I was very confused (I didn't look at ppc440.c).
>
> For some reason, CPU model can't be specified on the command line. The
> patch allows this, does it look OK?
>
> Is there a kernel and initrd somewhere, so I could test this?
>
> Currently I get (no kernel or ROM, so nothing to execute):
> Truncating memory to 128 MiB to fit SDRAM controller limits.
> ppc405_serial_init: offset 0000000000000300
> QEMU 0.10.50 monitor - type 'help' for more information
> (qemu) qemu: fatal: Trying to execute code outside RAM or ROM at
> 0x00000000fffffffc
>
> NIP 00000000fffffffc =C2=A0 LR 0000000000000000 CTR 0000000000000000 XER =
00000000
> MSR 0000000000000000 HID0 0000000000000300 =C2=A0HF 0000000000000000 idx =
1
> Segmentation fault
>
> On 6/14/09, Hollis Blanchard <hollis@penguinppc.org> wrote:
>> Yes, I wrote the code you quoted.
>>
>> =C2=A0In case there is any confusion, let me restate: You can boot a Bam=
boo
>> =C2=A0(PowerPC 440) guest under KVM on a PowerPC 440 host. KVM bypasses
>> =C2=A0qemu's CPU emulation (TCG), but uses qemu's device emulation.
>> =C2=A0Therefore, if someone were to implement 440 core emulation in qemu=
,
>> =C2=A0you could boot a 440 kernel with qemu without KVM.
>>
>> =C2=A0Most devices found on 440 SoCs are the same as or very similar to =
the
>> =C2=A0devices found on 405 SoCs. Qemu's 440 device emulation isn't perfe=
ct,
>> =C2=A0but because Linux is highly modular, with a modified device tree y=
ou
>> =C2=A0can boot it. See pc-bios/bamboo.dts.
>>
>> =C2=A0-Hollis
>>
>> =C2=A0On Sat, Jun 13, 2009 at 10:47 PM, Baojun Wang <wangbj@gmail.com> w=
rote:
>> =C2=A0>
>> =C2=A0> in hw/ppc440.c:
>> =C2=A0>
>> =C2=A0> =C2=A0 =C2=A0env =3D cpu_ppc_init("440EP");
>> =C2=A0> =C2=A0 =C2=A0if (!env && kvm_enabled()) {
>> =C2=A0> =C2=A0 =C2=A0 =C2=A0 =C2=A0/* XXX Since qemu doesn't yet emulate=
 440, we just say it's a 405.
>> =C2=A0> =C2=A0 =C2=A0 =C2=A0 =C2=A0 * Since KVM doesn't use qemu's CPU e=
mulation it seems to be working
>> =C2=A0> =C2=A0 =C2=A0 =C2=A0 =C2=A0 * OK. */
>> =C2=A0> =C2=A0 =C2=A0 =C2=A0 =C2=A0env =3D cpu_ppc_init("405");
>> =C2=A0> =C2=A0 =C2=A0}
>> =C2=A0> =C2=A0 =C2=A0if (!env) {
>> =C2=A0> =C2=A0 =C2=A0 =C2=A0 =C2=A0fprintf(stderr, "Unable to initialize=
 CPU!\n");
>> =C2=A0> =C2=A0 =C2=A0 =C2=A0 =C2=A0exit(1);
>> =C2=A0> =C2=A0 =C2=A0}
>> =C2=A0>
>> =C2=A0> also in hw/ppc.c:
>> =C2=A0>
>> =C2=A0> I can find ppc40x_irq_init/e500_irq_init(used mpc8544ds), but th=
ere is
>> =C2=A0> no ppcbooke_irq_init? It seems hw/ppc405_uc.c is emulation for D=
CRs,
>> =C2=A0> PLB, DMA, GPIO, I2C.., but there is no hw/ppc44x_uc.c.
>> =C2=A0>
>> =C2=A0> the qemu source I used is 0.10.5.
>> =C2=A0>
>> =C2=A0> Also in ppc/translate_init.c, there lots of CONFIG_USER_ONLY, bu=
t I
>> =C2=A0> many of them are DEBUG or CACHE related SPR emulation, and since=
 qemu
>> =C2=A0> doesn't emulate cache, I think it's OK.
>> =C2=A0>
>> =C2=A0> =C2=A0Thanks,
>> =C2=A0> Wang
>> =C2=A0>
>> =C2=A0> On Sun, Jun 14, 2009 at 1:47 AM, Hollis Blanchard<hollis@penguin=
ppc.org> wrote:
>> =C2=A0> > On Fri, Jun 12, 2009 at 10:48 AM, Blue Swirl <blauwirbel@gmail=
.com> wrote:
>> =C2=A0> >>
>> =C2=A0> >> On 6/11/09, Baojun Wang <wangbj@gmail.com> wrote:
>> =C2=A0> >> > could qemu emulate some board like bamboo (without kvm) or =
MPC8544ds
>> =C2=A0> >> > now? Thanks
>> =C2=A0> >>
>> =C2=A0> >> Yes, if someone adds emulation for these devices: UIC, PLB, D=
MA, POB,
>> =C2=A0> >> EBC, IIC, ZMII. Maybe some are not needed in all cases.
>> =C2=A0> >
>> =C2=A0> > No, qemu still doesn't emulate Book E cores, such as the Power=
PC 440 in a
>> =C2=A0> > Bamboo board.
>> =C2=A0> >
>> =C2=A0> > UIC is of course emulated, otherwise KVM guests on 440 wouldn'=
t get very
>> =C2=A0> > far. :) Enough 440 SoC devices are emulated to support Linux b=
oot with a
>> =C2=A0> > properly stripped device tree.
>> =C2=A0> >
>> =C2=A0> > -Hollis
>> =C2=A0> >
>>
>