Re: [OpenBIOS] SOLVED: the mystery of Solaris on SPARC32 and the missing Forth arguments

Mark Cave-Ayland wrote:

...

I don't think ROM area is in play, but no-fault mode.

Here's an excerpt from a gdb session stepping through the problem area in the qemu code:

Breakpoint 1, cpu_sparc_handle_mmu_fault (env=0x10579f0, address=4028890828, rw=1, mmu_idx=1, is_softmmu=1) at /home/build/src/qemu/git/qemu/target-sparc/helper.c:261 261 vaddr = address & TARGET_PAGE_MASK; (gdb) bt #0 cpu_sparc_handle_mmu_fault (env=0x10579f0, address=4028890828, rw=1, mmu_idx=1, is_softmmu=1) at /home/build/src/qemu/git/qemu/target-sparc/helper.c:261 #1 0x0000000000521563 in tlb_fill (addr=4028890828, is_write=1, mmu_idx=1, retaddr=0x408ef5ad) at /home/build/src/qemu/git/qemu/target-sparc/op_helper.c:4204 #2 0x00000000005208f9 in __stl_mmu (addr=4028890828, val=2056, mmu_idx=1) at /home/build/src/qemu/git/qemu/softmmu_template.h:272 #3 0x00000000408ef5ae in ?? () #4 0x00000000408f1b15 in ?? () #5 0x0000000000000001 in ?? () #6 0xff0a000000000000 in ?? () #7 0x000000000084a4e0 in ss5_machine () #8 0x0000000001057cf8 in ?? () #9 0x0000000001057af8 in ?? () #10 0x00007ffff8068434 in ?? () #11 0x00007ffff806843c in ?? () #12 0x00007ffff8068438 in ?? () #13 0xf004127c010579f0 in ?? () #14 0xf3c4023500000475 in ?? () #15 0xff0a000000000000 in ?? () #16 0x00007ffff8068450 in ?? () #17 0x00000000004f6e72 in tb_find_fast () at /home/build/src/qemu/git/qemu/cpu-exec.c:185 Backtrace stopped: previous frame inner to this frame (corrupt stack?) (gdb) next 262 prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC; (gdb) 263 tlb_set_page(env, vaddr, paddr, prot, mmu_idx, TARGET_PAGE_SIZE); (gdb) p/x vaddr $1 = 0xf023f000 (gdb) p/x paddr $2 = 0xfef1f0fef1ff0000 (gdb) next tlb_set_page: vaddr=f023f000 paddr=0xfef1f0fef1ff0000 prot=7 idx=1 pd=0x00000010 [Thread 0x42939950 (LWP 29874) exited] 264 return 0; (gdb) 272 } (gdb) tlb_fill (addr=4028890828, is_write=1, mmu_idx=1, retaddr=0x403d94cd) at /home/build/src/qemu/git/qemu/target-sparc/op_helper.c:4205 4205 if (ret) { (gdb) next 4209 env = saved_env; (gdb) 4210 } (gdb) __stl_mmu (addr=4028890828, val=2056, mmu_idx=1) at /home/build/src/qemu/git/qemu/softmmu_template.h:237 237 tlb_addr = env->tlb_table[mmu_idx][index].addr_write; (gdb) 238 if ((addr & TARGET_PAGE_MASK) == (tlb_addr & (TARGET_PAGE_MASK | TLB_INVALID_MASK))) { (gdb) 239 if (tlb_addr & ~TARGET_PAGE_MASK) { (gdb) 241 if ((addr & (DATA_SIZE - 1)) != 0) (gdb) 243 retaddr = GETPC(); (gdb) 244 ioaddr = env->iotlb[mmu_idx][index]; (gdb) 245 glue(io_write, SUFFIX)(ioaddr, val, addr, retaddr); (gdb) step io_writel (physaddr=18370729328764456976, val=2056, addr=4028890828, retaddr=0x403d94cd) at /home/build/src/qemu/git/qemu/softmmu_template.h:201 201 { (gdb) step 203 index = (physaddr >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1); (gdb) 204 physaddr = (physaddr & TARGET_PAGE_MASK) + addr; (gdb) 205 if (index > (IO_MEM_NOTDIRTY >> IO_MEM_SHIFT) (gdb) 210 env->mem_io_vaddr = addr; (gdb) 211 env->mem_io_pc = (unsigned long)retaddr; (gdb) 213 io_mem_write[index][SHIFT](io_mem_opaque[index], physaddr, val); (gdb) unassigned_mem_writel (opaque=0x0, addr=18370729332793347788, val=2056) at /home/build/src/qemu/git/qemu/exec.c:3014 3014 { (gdb) 3019 do_unassigned_access(addr, 1, 0, 0, 4); (gdb) do_unassigned_access (addr=18370729332793347788, is_write=1, is_exec=0, is_asi=0, size=4) at /home/build/src/qemu/git/qemu/target-sparc/op_helper.c:4218 4218 { (gdb) 4224 saved_env = env; (gdb) 4225 env = cpu_single_env; (gdb) 4227 if (is_asi) (gdb) 4233 printf("Unassigned mem %s access of %d byte%s to " TARGET_FMT_plx (gdb) Unassigned mem write access of 4 bytes to fef1f0fef1ff0ecc from f004127c 4239 fault_type = (env->mmuregs[3] & 0x1c) >> 2; (gdb) 4240 if ((fault_type > 4) || (fault_type == 0)) { (gdb) 4257 if (fault_type == ((env->mmuregs[3] & 0x1c)) >> 2) { (gdb) 4258 env->mmuregs[3] |= 1; (gdb) 4261 if ((env->mmuregs[0] & MMU_E) && !(env->mmuregs[0] & MMU_NF)) { (gdb) 4262 if (is_exec) (gdb) 4265 raise_exception(TT_DATA_ACCESS); (gdb) raise_exception (tt=41) at /home/build/src/qemu/git/qemu/target-sparc/op_helper.c:287 287 { (gdb) 288 env->exception_index = tt; (gdb) 289 cpu_loop_exit(); (gdb) cpu_loop_exit () at /home/build/src/qemu/git/qemu/cpu-exec.c:59 59 { (gdb) 60 env->current_tb = NULL; (gdb) 61 longjmp(env->jmp_env, 1); (gdb) qemu: fatal: Trap 0x29 while interrupts disabled, Error state pc: f004127c npc: f0041280 General Registers: %g0-7: 00000000 00000808 00000001 f0041b74 00000000 f0243b88 00000000 f0244020

Current Register Window: %o0-7: f025831c f5a2f00c f0240374 f0240370 f024036c 00000004 f0240300 f005bd84 %l0-7: 04400cc2 f005bf94 f005bf98 00000004 00000209 00000004 00000000 f023fe60 %i0-7: 00000001 f02403f4 f5a2f00c f025831c 00000001 00000009 f023ff08 f005c6b8

Floating Point Registers: %f00: 000000000.000000 000000000.000000 000000000.000000 000000000.000000 %f04: 000000000.000000 000000000.000000 000000000.000000 000000000.000000 %f08: 000000000.000000 000000000.000000 000000000.000000 000000000.000000 %f12: 000000000.000000 000000000.000000 000000000.000000 000000000.000000 %f16: 000000000.000000 000000000.000000 000000000.000000 000000000.000000 %f20: 000000000.000000 000000000.000000 000000000.000000 000000000.000000 %f24: 000000000.000000 000000000.000000 000000000.000000 000000000.000000 %f28: 000000000.000000 000000000.000000 000000000.000000 000000000.000000 psr: 04000cc2 (icc: ---- SPE: SP-) wim: 00000004 fsr: 00080000 y: 00000000

Program received signal SIGABRT, Aborted. 0x00007ff3fde68ed5 in raise () from /lib/libc.so.6 (gdb)

I'm not sure exactly what's happening, although it seems like some kind of I/O memory access is triggering the error before the neverland mapping is removed?

ATB,

Mark.