On Fri, Oct 29, 2010 at 8:28 PM, Mark Cave-Ayland mark.cave-ayland@siriusit.co.uk wrote:
Blue Swirl wrote:
So it would be useful to have someone who understands both SPARC32 and qemu to take a look (hint, hint!) ;)
Trap 0x29 is TT_DATA_ACCESS, invoked on access to unassigned memory by QEMU. Perhaps enabling DEBUG_UNASSIGNED in target-sparc/op_helper.c may reveal something.
It has been suspected that QEMU may be a bit too trigger happy with unassigned memory accesses. There may also be an undocumented device, or Solaris just tries to access a device which does not exist on SS-5.
Okay. With that DEBUG_UNASSIGNED enabled I get the following message as the trap is invoked:
Unassigned mem write access of 4 bytes to ffffffffffff0ecc from f004127c
That seems to be a 'neverland' mapping, accessed using MMU no-fault mode. This is very poorly documented. In QEMU the code for the mode is in target-sparc/helper.c, functions get_physical_address() and cpu_sparc_handle_mmu_fault().
Is there some kind of device map for SPARC32 somewhere so we can lookup what kind of device this is?
For QEMU, this kind of information is in hw/sun4m.c, otherwise there's the Sun4m System Architecture manual.