On 2016-07-22 10:55, Paul Burton wrote: > The print routine provided as part of the in-built bootloader had a bug > in that it attempted to use a jump instruction as part of a loop, but > the target has its upper bits zeroed leading to control flow > transferring to 0xb0000814 rather than the intended 0xbfc00814. Fix this > by using a branch instruction instead, which seems more fit for purpose. > > A simple way to test this is to build a Linux kernel with EVA enabled & > attempt to boot it in QEMU. It will attempt to print a message > indicating the configuration mismatch but QEMU would previously > incorrectly jump & wind up printing a continuous stream of the letter E. > > Signed-off-by: Paul Burton <paul.bur...@imgtec.com> > Cc: Aurelien Jarno <aurel...@aurel32.net> > Cc: Leon Alrae <leon.al...@imgtec.com> > --- > hw/mips/mips_malta.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c > index 34d41ef..e90857e 100644 > --- a/hw/mips/mips_malta.c > +++ b/hw/mips/mips_malta.c > @@ -727,7 +727,7 @@ static void write_bootloader(uint8_t *base, int64_t > run_addr, > stl_p(p++, 0x00000000); /* nop */ > stl_p(p++, 0x0ff0021c); /* jal 870 */ > stl_p(p++, 0x00000000); /* nop */ > - stl_p(p++, 0x08000205); /* j 814 */ > + stl_p(p++, 0x1000fff9); /* b 814 */ > stl_p(p++, 0x00000000); /* nop */ > stl_p(p++, 0x01a00009); /* jalr t5 */ > stl_p(p++, 0x01602021); /* move > a0,t3 */
This looks fine. The switch from jump to branch is questionable given there are other jumps around in the code, but that's just nitpicking. Reviewed-by: Aurelien Jarno <aurel...@aurel32.net> -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://www.aurel32.net