From patchwork Wed Aug 28 12:39:52 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Leon Alrae <leon.alrae@imgtec.com>
X-Patchwork-Id: 270495
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by ozlabs.org (Postfix) with ESMTPS id C5FAA2C00A1
	for <incoming@patchwork.ozlabs.org>;
	Wed, 28 Aug 2013 22:41:20 +1000 (EST)
Received: from localhost ([::1]:34463 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)
	id 1VEf3m-0006pF-Sa
	for incoming@patchwork.ozlabs.org; Wed, 28 Aug 2013 08:41:18 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:54935)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Leon.Alrae@imgtec.com>) id 1VEf3S-0006mU-Va
	for qemu-devel@nongnu.org; Wed, 28 Aug 2013 08:41:03 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Leon.Alrae@imgtec.com>) id 1VEf3N-0002oI-Fp
	for qemu-devel@nongnu.org; Wed, 28 Aug 2013 08:40:58 -0400
Received: from multi.imgtec.com ([194.200.65.239]:45158)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Leon.Alrae@imgtec.com>) id 1VEf3N-0002nT-98
	for qemu-devel@nongnu.org; Wed, 28 Aug 2013 08:40:53 -0400
From: Leon Alrae <leon.alrae@imgtec.com>
To: <qemu-devel@nongnu.org>
Date: Wed, 28 Aug 2013 13:39:52 +0100
Message-ID: <1377693592-40643-1-git-send-email-leon.alrae@imgtec.com>
X-Mailer: git-send-email 1.7.5.4
MIME-Version: 1.0
X-Originating-IP: [192.168.14.85]
X-SEF-Processed: 7_3_0_01192__2013_08_28_13_40_50
X-detected-operating-system: by eggs.gnu.org: Windows XP
X-Received-From: 194.200.65.239
Cc: james.hogan@imgtec.com, paul.burton@imgtec.com, yongbok.kim@imgtec.com,
	cristian.cuna@imgtec.com, leon.alrae@imgtec.com,
	afaerber@suse.de, aurelien@aurel32.net
Subject: [Qemu-devel] [PATCH v2] mips/malta: allow volatile writes to reset
	flash
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

From: James Hogan <james.hogan@imgtec.com>

Commit a427338 (mips_malta: correct reading MIPS revision at 0x1fc00010)
altered the behaviour of the monitor flash mapping at the reset address
by making it read only. However this causes data bus error exceptions
when it is written to since it is effectively unassigned memory for
writes. This isn't how the real hardware behaves. That memory can be
written to (even with the MFWR jumper not fitted) and the new value read
back from, but it doesn't get written back to the monitor flash so is
volatile and may be lost after reading other parts of the flash.

This is fixed by making the bios copy ram writeable, but loaded via
rom_add_blob_fixed() so that it it restored on reset. That's not as
volatile as real hardware but should be good enough.

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Paul Burton <paul.burton@imgtec.com>
Cc: Leon Alrae <leon.alrae@imgtec.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Cc: Andreas Färber <afaerber@suse.de>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
---
Changes in v2:
- This fixes it slightly differently, but is cleaner I think. The bios
  copy region is now writable, but is restored on reset. The revision ID
  is now possible to overwrite (temporarily).

 hw/mips/mips_malta.c |   18 +++++++++++-------
 1 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index f8d064c..06e5b50 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -905,6 +905,7 @@ void mips_malta_init(QEMUMachineInitArgs *args)
     int fl_idx = 0;
     int fl_sectors = bios_size >> 16;
     int be;
+    void *bios_start;
 
     DeviceState *dev = qdev_create(NULL, TYPE_MIPS_MALTA);
     MaltaState *s = MIPS_MALTA(dev);
@@ -1044,16 +1045,19 @@ void mips_malta_init(QEMUMachineInitArgs *args)
      * regions are not executable.
      */
     memory_region_init_ram(bios_copy, NULL, "bios.1fc", BIOS_SIZE);
-    if (!rom_copy(memory_region_get_ram_ptr(bios_copy),
-                  FLASH_ADDRESS, BIOS_SIZE)) {
-        memcpy(memory_region_get_ram_ptr(bios_copy),
-               memory_region_get_ram_ptr(bios), BIOS_SIZE);
-    }
-    memory_region_set_readonly(bios_copy, true);
     memory_region_add_subregion(system_memory, RESET_ADDRESS, bios_copy);
+    bios_start = rom_ptr(FLASH_ADDRESS);
+    if (!bios_start) {
+        bios_start = memory_region_get_ram_ptr(bios);
+        /* in case qtest_enabled() */
+        if (bios_size < 0) {
+            bios_size = BIOS_SIZE;
+        }
+    }
+    rom_add_blob_fixed("bios.1fc", bios_start, bios_size, RESET_ADDRESS);
 
     /* Board ID = 0x420 (Malta Board with CoreLV) */
-    stl_p(memory_region_get_ram_ptr(bios_copy) + 0x10, 0x00000420);
+    stl_p(rom_ptr(RESET_ADDRESS + 0x10), 0x00000420);
 
     /* Init internal devices */
     cpu_mips_irq_init_cpu(env);