From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1L9M60-0002Kq-W5 for qemu-devel@nongnu.org; Sun, 07 Dec 2008 11:03:01 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1L9M5z-0002KL-Cx for qemu-devel@nongnu.org; Sun, 07 Dec 2008 11:03:00 -0500 Received: from [199.232.76.173] (port=38557 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1L9M5z-0002KI-7w for qemu-devel@nongnu.org; Sun, 07 Dec 2008 11:02:59 -0500 Received: from fg-out-1718.google.com ([72.14.220.154]:35049) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1L9M5y-0006sD-Ia for qemu-devel@nongnu.org; Sun, 07 Dec 2008 11:02:58 -0500 Received: by fg-out-1718.google.com with SMTP id l26so594446fgb.8 for ; Sun, 07 Dec 2008 08:02:56 -0800 (PST) Message-ID: Date: Sun, 7 Dec 2008 18:02:56 +0200 From: "Blue Swirl" Subject: Re: [Qemu-devel] PowerPC reset vector? In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20081207140239.GU4440@hall.aurel32.net> Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Hollis Blanchard Cc: Laurent Vivier , qemu-devel@nongnu.org On 12/7/08, Hollis Blanchard wrote: > On Sun, Dec 7, 2008 at 8:02 AM, Aurelien Jarno wrote: > > On Sun, Dec 07, 2008 at 02:58:40PM +0200, Blue Swirl wrote: > >> Hi, > > Hi! > > > >> Currently PPC hard reset vector is 0xfffffffc for most cases. I can't > >> find this vector in the few PPC docs I have. Instead all docs point to > >> 0x00100 + base, where base can be 0xfff00000 or zero. Is the vector > >> correct? > > > > According to the PowerISA manual, the reset exception vector is the one > > you define. However on power-up, the CPU does not jump to the reset > > exception vector but instead: > > - initialize msr > > - empty all TLB > > - create a boot TLB that maps the last 4kB page in the implemented > > effective storage address space that maps to the last 4kB page of the > > physical address space > > - start execution of instruction at the last word address of the page > > mapped by the boot TLB entry. > > > Hang on, that's not the whole story. > > There are a number of supervisor-level difference between server (now > called "Book III-S") and embedded ("Book III-E") PowerPC, and this is > one of them. The behavior you describe is true for Book E, and also > happens to be true for 405 (which predates Book E and is not similar > in other respects). > > However, it is *not* true for "classic" or "server" PowerPC, such as > 604 or 970. Those processors reset as Blue described, with the NIP at > 0xfff00100. (Actually, I think some may do even different things, like > start at 0xfff00000, but I'm not sure.) PowerISA actually only mentions zero-based reset vector. This is also possible (Sparc32 boots at address 0 with only boot ROM visible), but then there should be a way to switch to RAM early (like before PCI probe). > Since qemu emulates both types of PowerPC, the reset vector must not > be hardcoded. It should be possible to handle all three cases (0xfff00100, 0xfffffffc, 0x00000100) with one ROM image.