@@ -16,6 +16,7 @@
#include "qemu/units.h"
#include "qemu/cutils.h"
#include "qapi/error.h"
+#include "hw/arm/boot.h"
#include "hw/arm/bcm2836.h"
#include "hw/registerfields.h"
#include "qemu/error-report.h"
@@ -124,20 +125,22 @@ static const char *board_type(uint32_t board_rev)
static void write_smpboot(ARMCPU *cpu, const struct arm_boot_info *info)
{
- static const uint32_t smpboot[] = {
- 0xe1a0e00f, /* mov lr, pc */
- 0xe3a0fe00 + (BOARDSETUP_ADDR >> 4), /* mov pc, BOARDSETUP_ADDR */
- 0xee100fb0, /* mrc p15, 0, r0, c0, c0, 5;get core ID */
- 0xe7e10050, /* ubfx r0, r0, #0, #2 ;extract LSB */
- 0xe59f5014, /* ldr r5, =0x400000CC ;load mbox base */
- 0xe320f001, /* 1: yield */
- 0xe7953200, /* ldr r3, [r5, r0, lsl #4] ;read mbox for our core*/
- 0xe3530000, /* cmp r3, #0 ;spin while zero */
- 0x0afffffb, /* beq 1b */
- 0xe7853200, /* str r3, [r5, r0, lsl #4] ;clear mbox */
- 0xe12fff13, /* bx r3 ;jump to target */
- 0x400000cc, /* (constant: mailbox 3 read/clear base) */
+ static const ARMInsnFixup smpboot[] = {
+ { 0xe1a0e00f }, /* mov lr, pc */
+ { 0xe3a0fe00 + (BOARDSETUP_ADDR >> 4) }, /* mov pc, BOARDSETUP_ADDR */
+ { 0xee100fb0 }, /* mrc p15, 0, r0, c0, c0, 5;get core ID */
+ { 0xe7e10050 }, /* ubfx r0, r0, #0, #2 ;extract LSB */
+ { 0xe59f5014 }, /* ldr r5, =0x400000CC ;load mbox base */
+ { 0xe320f001 }, /* 1: yield */
+ { 0xe7953200 }, /* ldr r3, [r5, r0, lsl #4] ;read mbox for our core */
+ { 0xe3530000 }, /* cmp r3, #0 ;spin while zero */
+ { 0x0afffffb }, /* beq 1b */
+ { 0xe7853200 }, /* str r3, [r5, r0, lsl #4] ;clear mbox */
+ { 0xe12fff13 }, /* bx r3 ;jump to target */
+ { 0x400000cc }, /* (constant: mailbox 3 read/clear base) */
+ { 0, FIXUP_TERMINATOR }
};
+ static const uint32_t fixupcontext[FIXUP_MAX] = { 0 };
/* check that we don't overrun board setup vectors */
QEMU_BUILD_BUG_ON(SMPBOOT_ADDR + sizeof(smpboot) > MVBAR_ADDR);
@@ -145,9 +148,8 @@ static void write_smpboot(ARMCPU *cpu, const struct arm_boot_info *info)
QEMU_BUILD_BUG_ON((BOARDSETUP_ADDR & 0xf) != 0
|| (BOARDSETUP_ADDR >> 4) >= 0x100);
- rom_add_blob_fixed_as("raspi_smpboot", smpboot, sizeof(smpboot),
- info->smp_loader_start,
- arm_boot_address_space(cpu, info));
+ arm_write_bootloader("raspi_smpboot", arm_boot_address_space(cpu, info),
+ info->smp_loader_start, smpboot, fixupcontext);
}
static void write_smpboot64(ARMCPU *cpu, const struct arm_boot_info *info)
@@ -161,26 +163,28 @@ static void write_smpboot64(ARMCPU *cpu, const struct arm_boot_info *info)
* the primary CPU goes into the kernel. We put these variables inside
* a rom blob, so that the reset for ROM contents zeroes them for us.
*/
- static const uint32_t smpboot[] = {
- 0xd2801b05, /* mov x5, 0xd8 */
- 0xd53800a6, /* mrs x6, mpidr_el1 */
- 0x924004c6, /* and x6, x6, #0x3 */
- 0xd503205f, /* spin: wfe */
- 0xf86678a4, /* ldr x4, [x5,x6,lsl #3] */
- 0xb4ffffc4, /* cbz x4, spin */
- 0xd2800000, /* mov x0, #0x0 */
- 0xd2800001, /* mov x1, #0x0 */
- 0xd2800002, /* mov x2, #0x0 */
- 0xd2800003, /* mov x3, #0x0 */
- 0xd61f0080, /* br x4 */
+ static const ARMInsnFixup smpboot[] = {
+ { 0xd2801b05 }, /* mov x5, 0xd8 */
+ { 0xd53800a6 }, /* mrs x6, mpidr_el1 */
+ { 0x924004c6 }, /* and x6, x6, #0x3 */
+ { 0xd503205f }, /* spin: wfe */
+ { 0xf86678a4 }, /* ldr x4, [x5,x6,lsl #3] */
+ { 0xb4ffffc4 }, /* cbz x4, spin */
+ { 0xd2800000 }, /* mov x0, #0x0 */
+ { 0xd2800001 }, /* mov x1, #0x0 */
+ { 0xd2800002 }, /* mov x2, #0x0 */
+ { 0xd2800003 }, /* mov x3, #0x0 */
+ { 0xd61f0080 }, /* br x4 */
+ { 0, FIXUP_TERMINATOR }
};
+ static const uint32_t fixupcontext[FIXUP_MAX] = { 0 };
static const uint64_t spintables[] = {
0, 0, 0, 0
};
- rom_add_blob_fixed_as("raspi_smpboot", smpboot, sizeof(smpboot),
- info->smp_loader_start, as);
+ arm_write_bootloader("raspi_smpboot", as, info->smp_loader_start,
+ smpboot, fixupcontext);
rom_add_blob_fixed_as("raspi_spintables", spintables, sizeof(spintables),
SPINTABLE_ADDR, as);
}
When writing the secondary-CPU stub boot loader code to the guest, use arm_write_bootloader() instead of directly calling rom_add_blob_fixed(). This fixes a bug on big-endian hosts, because arm_write_bootloader() will correctly byte-swap the host-byte-order array values into the guest-byte-order to write into the guest memory. Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/arm/raspi.c | 64 +++++++++++++++++++++++++++----------------------- 1 file changed, 34 insertions(+), 30 deletions(-)