aboutsummaryrefslogtreecommitdiff
path: root/hw/sh4
diff options
context:
space:
mode:
authorGuenter Roeck <linux@roeck-us.net>2020-02-18 12:10:50 -0800
committerPeter Maydell <peter.maydell@linaro.org>2020-02-21 16:07:02 +0000
commit47d2d36cd84c88f6c72f7800aa9201c45789a2c2 (patch)
treee4587815cd8511ebf9e3e417daddf947049f3fbd /hw/sh4
parent33e2c4d8d3ff99af2280706dee5ce3385b78ff6d (diff)
downloadqemu-47d2d36cd84c88f6c72f7800aa9201c45789a2c2.zip
qemu-47d2d36cd84c88f6c72f7800aa9201c45789a2c2.tar.gz
qemu-47d2d36cd84c88f6c72f7800aa9201c45789a2c2.tar.bz2
sh4: Fix PCI ISA IO memory subregion
Booting the r2d machine from flash fails because flash is not discovered. Looking at the flattened memory tree, we see the following. FlatView #1 AS "memory", root: system AS "cpu-memory-0", root: system AS "sh_pci_host", root: bus master container Root memory region: system 0000000000000000-000000000000ffff (prio 0, i/o): io 0000000000010000-0000000000ffffff (prio 0, i/o): r2d.flash @0000000000010000 The overlapping memory region is sh_pci.isa, ie the ISA I/O region bridge. This region is initially assigned to address 0xfe240000, but overwritten with a write into the PCIIOBR register. This write is expected to adjust the PCI memory window, but not to change the region's base adddress. Peter Maydell provided the following detailed explanation. "Section 22.3.7 and in particular figure 22.3 (of "SSH7751R user's manual: hardware") are clear about how this is supposed to work: there is a window at 0xfe240000 in the system register space for PCI I/O space. When the CPU makes an access into that area, the PCI controller calculates the PCI address to use by combining bits 0..17 of the system address with the bits 31..18 value that the guest has put into the PCIIOBR. That is, writing to the PCIIOBR changes which section of the IO address space is visible in the 0xfe240000 window. Instead what QEMU's implementation does is move the window to whatever value the guest writes to the PCIIOBR register -- so if the guest writes 0 we put the window at 0 in system address space." Fix the problem by calling memory_region_set_alias_offset() instead of removing and re-adding the PCI ISA subregion on writes into PCIIOBR. At the same time, in sh_pci_device_realize(), don't set iobr since it is overwritten later anyway. Instead, pass the base address to memory_region_add_subregion() directly. Many thanks to Peter Maydell for the detailed problem analysis, and for providing suggestions on how to fix the problem. Signed-off-by: Guenter Roeck <linux@roeck-us.net> Message-id: 20200218201050.15273-1-linux@roeck-us.net Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'hw/sh4')
-rw-r--r--hw/sh4/sh_pci.c11
1 files changed, 3 insertions, 8 deletions
diff --git a/hw/sh4/sh_pci.c b/hw/sh4/sh_pci.c
index 71afd23..08f2fc1 100644
--- a/hw/sh4/sh_pci.c
+++ b/hw/sh4/sh_pci.c
@@ -67,12 +67,8 @@ static void sh_pci_reg_write (void *p, hwaddr addr, uint64_t val,
pcic->mbr = val & 0xff000001;
break;
case 0x1c8:
- if ((val & 0xfffc0000) != (pcic->iobr & 0xfffc0000)) {
- memory_region_del_subregion(get_system_memory(), &pcic->isa);
- pcic->iobr = val & 0xfffc0001;
- memory_region_add_subregion(get_system_memory(),
- pcic->iobr & 0xfffc0000, &pcic->isa);
- }
+ pcic->iobr = val & 0xfffc0001;
+ memory_region_set_alias_offset(&pcic->isa, val & 0xfffc0000);
break;
case 0x220:
pci_data_write(phb->bus, pcic->par, val, 4);
@@ -147,8 +143,7 @@ static void sh_pci_device_realize(DeviceState *dev, Error **errp)
get_system_io(), 0, 0x40000);
sysbus_init_mmio(sbd, &s->memconfig_p4);
sysbus_init_mmio(sbd, &s->memconfig_a7);
- s->iobr = 0xfe240000;
- memory_region_add_subregion(get_system_memory(), s->iobr, &s->isa);
+ memory_region_add_subregion(get_system_memory(), 0xfe240000, &s->isa);
s->dev = pci_create_simple(phb->bus, PCI_DEVFN(0, 0), "sh_pci_host");
}