I've done some more debugging and tracked down the problem a little further.
I've also fixed up (I think) the memory mappings, from looking at the setup
code from some of the other MIPS machines:
Determined physical RAM map:
memory: 01800000 @ 00000000 (usable)
memory: 00040000 @ 1fc00000 (ROM data)
TLB refill exception PC = 40024094 address = 7FFFF000
This is not too surprising since the kernel is executing at an address
must have a TLB entry to be accessible.
The boot loader refuses to execute the ELF image unless the load address is
set to 0x40020000 ("Load address out of range"), so it appears the kernel is
being executed at this address. The problem seems to be that there is nothing
mapped at 0x7FFFF000.
I've tracked the code that accesses this memory address to the
init_bootmem_core() function in mm/bootmem.c line ~109:
memset(bdata->node_bootmem_map, 0xff, mapsize);
This is being executed as:
memset(0x7ffff000, 0xff, 768);
Which is where the problem is coming from. Working backwards, I have narrowed
it down to arch/mips/kernel/setup.c line ~293. This is a loop which does some
calculations with memory (not sure exactly what) but the "mapstart" variable
is initialised to ~0UL, and it never gets updated before being passed through
to eventually the memset() line above.
The problem seems to be inside the loop. These lines:
if (end <= reserved_end)
Cause the loop to break out *before* setting mapstart, and since there is only
one RAM element in the array the loop does not run again. It seems that the
end of the kernel (reserved_end) is so big (it'll be 0x40020000 + size of
kernel) that it sits way after the end of the RAM mapping (0x01800000).
I'm not sure how to solve this issue, and I'm still a bit confused about MIPS
memory mapping (does the TLB mean that 0x40020000 could be mapped anywhere in
memory? Will this break things when Linux starts reprogramming it? Or does
Linux leave the TLB alone?) I've tried changing the memory from appearing at
offset 0 to offset 0x40020000 but it didn't change anything (just a message
about 8MB wasted on tracking unused pages.)
Any pointers would be greatly appreciated!