[OpenBIOS] Faulty Qemu SPARC64 IDE emulation?
Mark Cave-Ayland
mark.cave-ayland at siriusit.co.uk
Wed Dec 9 19:56:07 CET 2009
Nick Couchman wrote:
> Curiously the PC location for the error has changed - according to the output above, here's the gdb location:
>
> (gdb) l *0x00000000ffd1bad0
> 0xffd1bad0 is in ob_ide_insw (./target/include/asm/io.h:165).
> 160 {
> 161 uint16_t *b = (uint16_t *) buf;
> 162
> 163 while (ns > 0) {
> 164 *b++ = in_le16(port);
> 165 ns--;
> 166 }
> 167 }
> 168
> 169 static inline void _outsw_ns(volatile uint16_t * port, const void *buf,
>
> -Nick
Okay - I've just committed a "fix" for the missing alarm word since
OpenBIOS wasn't removing the parameters from the stack as alarm should.
Now I get slightly further with Milax, but I too am seeing a crash in
the IDE inteface code trying to load a file. It seems that the crash
manages to kill the Qemu instance too.
Here's a Forth debugger trace reading in the first sector of the CDROM
from the beginning of the boot process which we know works:
: read ( ffffffffffffffff 1 0 ffffffffffffffff 0 0 0 ffe0b9e8 0 0 0 0 0
0 0 800 800 8000000 ffe6b200 )
00000000ffe28d28: >r ( ffffffffffffffff 1 0 ffffffffffffffff 0 0 0
ffe0b9e8 0 0 0 0 0 0 0 800 800 8000000 )
00000000ffe28d30: swap ( ffffffffffffffff 1 0 ffffffffffffffff 0 0 0
ffe0b9e8 0 0 0 0 0 0 0 800 8000000 800 )
00000000ffe28d38: r> ( ffffffffffffffff 1 0 ffffffffffffffff 0 0 0
ffe0b9e8 0 0 0 0 0 0 0 800 8000000 800 ffe6b200 )
00000000ffe28d40: dup ( ffffffffffffffff 1 0 ffffffffffffffff 0 0 0
ffe0b9e8 0 0 0 0 0 0 0 800 8000000 800 ffe6b200 ffe6b200 )
00000000ffe28d48: ihandle>phandle ( ffffffffffffffff 1 0
ffffffffffffffff 0 0 0 ffe0b9e8 0 0 0 0 0 0 0 800 8000000 800 ffe6b200
ffe2b600 )
00000000ffe28d50: (") ( ffffffffffffffff 1 0 ffffffffffffffff 0 0 0
ffe0b9e8 0 0 0 0 0 0 0 800 8000000 800 ffe6b200 ffe2b600 ffe28d60 4 )
00000000ffe28d68: rot ( ffffffffffffffff 1 0 ffffffffffffffff 0 0 0
ffe0b9e8 0 0 0 0 0 0 0 800 8000000 800 ffe6b200 ffe28d60 4 ffe2b600 )
00000000ffe28d70: find-method ( ffffffffffffffff 1 0 ffffffffffffffff 0
0 0 ffe0b9e8 0 0 0 0 0 0 0 800 8000000 800 ffe6b200 ffe2b838
ffffffffffffffff )
00000000ffe28d78: do?branch ( ffffffffffffffff 1 0 ffffffffffffffff 0 0
0 ffe0b9e8 0 0 0 0 0 0 0 800 8000000 800 ffe6b200 ffe2b838 )
00000000ffe28d88: swap ( ffffffffffffffff 1 0 ffffffffffffffff 0 0 0
ffe0b9e8 0 0 0 0 0 0 0 800 8000000 800 ffe2b838 ffe6b200 )
00000000ffe28d90: call-package ( ffffffffffffffff 1 0 ffffffffffffffff
0 0 0 ffe0b9e8 0 0 0 0 0 0 0 800 800 )
00000000ffe28d98: dobranch ( ffffffffffffffff 1 0 ffffffffffffffff 0 0
0 ffe0b9e8 0 0 0 0 0 0 0 800 800 )
00000000ffe28db8: (semis)
And here's a Forth debugger trace trying to read in
/platform/sun4u/boot_archive:
: read ( ffffffffffffffff 1 0 ffffffffffffffff 0 0 0 ffe0b9e8 0 0 0 0 0
0 0 0 0 51000000 554c800 554c800 554c800 554c800 554c800 51000000 ffe6b200 )
00000000ffe28d28: >r ( ffffffffffffffff 1 0 ffffffffffffffff 0 0 0
ffe0b9e8 0 0 0 0 0 0 0 0 0 51000000 554c800 554c800 554c800 554c800
554c800 51000000 )
00000000ffe28d30: swap ( ffffffffffffffff 1 0 ffffffffffffffff 0 0 0
ffe0b9e8 0 0 0 0 0 0 0 0 0 51000000 554c800 554c800 554c800 554c800
51000000 554c800 )
00000000ffe28d38: r> ( ffffffffffffffff 1 0 ffffffffffffffff 0 0 0
ffe0b9e8 0 0 0 0 0 0 0 0 0 51000000 554c800 554c800 554c800 554c800
51000000 554c800 ffe6b200 )
00000000ffe28d40: dup ( ffffffffffffffff 1 0 ffffffffffffffff 0 0 0
ffe0b9e8 0 0 0 0 0 0 0 0 0 51000000 554c800 554c800 554c800 554c800
51000000 554c800 ffe6b200 ffe6b200 )
00000000ffe28d48: ihandle>phandle ( ffffffffffffffff 1 0
ffffffffffffffff 0 0 0 ffe0b9e8 0 0 0 0 0 0 0 0 0 51000000 554c800
554c800 554c800 554c800 51000000 554c800 ffe6b200 ffe2b600 )
00000000ffe28d50: (") ( ffffffffffffffff 1 0 ffffffffffffffff 0 0 0
ffe0b9e8 0 0 0 0 0 0 0 0 0 51000000 554c800 554c800 554c800 554c800
51000000 554c800 ffe6b200 ffe2b600 ffe28d60 4 )
00000000ffe28d68: rot ( ffffffffffffffff 1 0 ffffffffffffffff 0 0 0
ffe0b9e8 0 0 0 0 0 0 0 0 0 51000000 554c800 554c800 554c800 554c800
51000000 554c800 ffe6b200 ffe28d60 4 ffe2b600 )
00000000ffe28d70: find-method ( ffffffffffffffff 1 0 ffffffffffffffff 0
0 0 ffe0b9e8 0 0 0 0 0 0 0 0 0 51000000 554c800 554c800 554c800 554c800
51000000 554c800 ffe6b200 ffe2b838 ffffffffffffffff )
00000000ffe28d78: do?branch ( ffffffffffffffff 1 0 ffffffffffffffff 0 0
0 ffe0b9e8 0 0 0 0 0 0 0 0 0 51000000 554c800 554c800 554c800 554c800
51000000 554c800 ffe6b200 ffe2b838 )
00000000ffe28d88: swap ( ffffffffffffffff 1 0 ffffffffffffffff 0 0 0
ffe0b9e8 0 0 0 0 0 0 0 0 0 51000000 554c800 554c800 554c800 554c800
51000000 554c800 ffe2b838 ffe6b200 )
00000000ffe28d90: call-package qemu: unsupported keyboard cmd=0x57
sSegmentation fault
In the case of reading the first sector of the Milax CDROM, 0x800 bytes
are being read to memory at 0x8000000 which works fine. When trying to
read in boot_archive then we see that 0x554c800 bytes are being read
into memory at 0x51000000 and this is where the crash happens. I wonder
if we're finding some kind of IDE I/O emulation bug for SPARC64 Qemu?
If you switch back to GDB and poke around where the segfault happens,
can you see any values that look obviously broken at your end?
ATB,
Mark.
--
Mark Cave-Ayland - Senior Technical Architect
PostgreSQL - PostGIS
Sirius Corporation plc - control through freedom
http://www.siriusit.co.uk
t: +44 870 608 0063
Sirius Labs: http://www.siriusit.co.uk/labs
More information about the OpenBIOS
mailing list