Re: [Qemu-ppc] How to write to the serial device on the ppce500 board?

[Alexander Graf]

Hi Andreas,

On 08/27/15 11:19, Andreas Rasmusson wrote:
> Hi
>
> I'm using qemu 2.3.93 and I'm experimenting with the ppce500 board,
> booting with it u-boot.e500.
> It starts ok and prints to the console.

Welcome to the wonderful world of e500 emulation :).

> My own bare-metal hello-world program that simply writes to 0xe0004500
> does not, unfortunately :-/,
> so I suspect that u-boot does some more initialisation of the hardware
> before it writes to 0xe0004500.

So first off, you have 2 different address types: virtual and physical. 
To figure out where a physical device resides, check out the device tree 
that QEMU passes into your payload (u-boot or Linux). For easy 
availability of it, just run

  $ qemu-system-ppc -nographic -machine ppce500,dumpdtb=dump.dtb
  $ dtc -I dtb -O dts dump.dtb | less

There you can see that the UART is at 0xfe0004500 - 0xfe0004600. The 
device tree is the way OSs usually find out where devices are.

Now the second part to this is the virtual address map. To see what that 
one looks like, run QEMU, then go into the qemu monitor (ctrl-a c) and 
type "info tlb".

QEMU 2.4.50 monitor - type 'help' for more information
(qemu) info tlb

TLB0:
Effective          Physical           Size TID   TS SRWX URWX WIMGE U0123

TLB1:
Effective          Physical           Size TID   TS SRWX URWX WIMGE U0123
0x00000000e0000000 0x0000000fe0000000   1M 0     0  SRW-U--- -I-G- U----
0x0000000000000000 0x0000000000000000  64M 0     0  SRWXU--- --M-- U----
0x0000000004000000 0x0000000004000000  64M 0     0  SRWXU--- --M-- U----
0x00000000e8000000 0x0000000002700000   1M 0     0  SRWXU--- --M-- U----
0x0000000080000000 0x0000000c00000000 256M 0     0  SRW-U--- -I-G- U----
0x0000000090000000 0x0000000c10000000 256M 0     0  SRW-U--- -I-G- U----
0x00000000a0000000 0x0000000c00000000 256M 0     0  SRW-U--- -I-G- U----
0x00000000b0000000 0x0000000c10000000 256M 0     0  SRW-U--- -I-G- U----

So in order to access the UART, you need to access address 0xe0004500 if 
the mappings are alive at the point you're at.

> u-boot.e500 is only included as a binary file in qemu's source-tree
> http://git.qemu.org/?p=qemu.git;a=history;f=pc-bios/u-boot.e500;hb=HEAD
>
> My questions.
> 1. Is its source code available for me to study somewhere?

Yes, everything's just part of the normal upstream u-boot git tree!

> 2. Do I need to configure something before I can write to the serial port?
>   (I'm suspecting the MMU since when I write to 0xe0004500 I get
>   a POWERPC_EXCP_DTLB (set in  mmu_helper.c:1647)

That means that at the point in time when your code is running, the TLB 
entry for the 0xe0000000 map is not available. Just check with info tlb 
what your TLB looks like and if necessary add a TLB entry for the UART.

Depending on how you start your payload, there's a good chance u-boot 
cleans up the TLB before it calls your program.


Alex