[OpenBIOS] SOLVED: the mystery of Solaris on SPARC32 and the missing Forth arguments

Mark Cave-Ayland mark.cave-ayland at siriusit.co.uk
Sun Oct 31 13:33:10 CET 2010


Mark Cave-Ayland wrote:

>> I don't think ROM area is in play, but no-fault mode.

Here's an excerpt from a gdb session stepping through the problem area 
in the qemu code:


Breakpoint 1, cpu_sparc_handle_mmu_fault (env=0x10579f0, 
address=4028890828, rw=1, mmu_idx=1, is_softmmu=1)
     at /home/build/src/qemu/git/qemu/target-sparc/helper.c:261
261             vaddr = address & TARGET_PAGE_MASK;
(gdb) bt
#0  cpu_sparc_handle_mmu_fault (env=0x10579f0, address=4028890828, rw=1, 
mmu_idx=1, is_softmmu=1)
     at /home/build/src/qemu/git/qemu/target-sparc/helper.c:261
#1  0x0000000000521563 in tlb_fill (addr=4028890828, is_write=1, 
mmu_idx=1, retaddr=0x408ef5ad)
     at /home/build/src/qemu/git/qemu/target-sparc/op_helper.c:4204
#2  0x00000000005208f9 in __stl_mmu (addr=4028890828, val=2056, 
mmu_idx=1) at /home/build/src/qemu/git/qemu/softmmu_template.h:272
#3  0x00000000408ef5ae in ?? ()
#4  0x00000000408f1b15 in ?? ()
#5  0x0000000000000001 in ?? ()
#6  0xff0a000000000000 in ?? ()
#7  0x000000000084a4e0 in ss5_machine ()
#8  0x0000000001057cf8 in ?? ()
#9  0x0000000001057af8 in ?? ()
#10 0x00007ffff8068434 in ?? ()
#11 0x00007ffff806843c in ?? ()
#12 0x00007ffff8068438 in ?? ()
#13 0xf004127c010579f0 in ?? ()
#14 0xf3c4023500000475 in ?? ()
#15 0xff0a000000000000 in ?? ()
#16 0x00007ffff8068450 in ?? ()
#17 0x00000000004f6e72 in tb_find_fast () at 
/home/build/src/qemu/git/qemu/cpu-exec.c:185
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb) next
262             prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
(gdb)
263             tlb_set_page(env, vaddr, paddr, prot, mmu_idx, 
TARGET_PAGE_SIZE);
(gdb) p/x vaddr
$1 = 0xf023f000
(gdb) p/x paddr
$2 = 0xfef1f0fef1ff0000
(gdb) next
tlb_set_page: vaddr=f023f000 paddr=0xfef1f0fef1ff0000 prot=7 idx=1 
pd=0x00000010
[Thread 0x42939950 (LWP 29874) exited]
264             return 0;
(gdb)
272     }
(gdb)
tlb_fill (addr=4028890828, is_write=1, mmu_idx=1, retaddr=0x403d94cd) at 
/home/build/src/qemu/git/qemu/target-sparc/op_helper.c:4205
4205        if (ret) {
(gdb) next
4209        env = saved_env;
(gdb)
4210    }
(gdb)
__stl_mmu (addr=4028890828, val=2056, mmu_idx=1) at 
/home/build/src/qemu/git/qemu/softmmu_template.h:237
237         tlb_addr = env->tlb_table[mmu_idx][index].addr_write;
(gdb)
238         if ((addr & TARGET_PAGE_MASK) == (tlb_addr & 
(TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
(gdb)
239             if (tlb_addr & ~TARGET_PAGE_MASK) {
(gdb)
241                 if ((addr & (DATA_SIZE - 1)) != 0)
(gdb)
243                 retaddr = GETPC();
(gdb)
244                 ioaddr = env->iotlb[mmu_idx][index];
(gdb)
245                 glue(io_write, SUFFIX)(ioaddr, val, addr, retaddr);
(gdb) step
io_writel (physaddr=18370729328764456976, val=2056, addr=4028890828, 
retaddr=0x403d94cd)
     at /home/build/src/qemu/git/qemu/softmmu_template.h:201
201     {
(gdb) step
203         index = (physaddr >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
(gdb)
204         physaddr = (physaddr & TARGET_PAGE_MASK) + addr;
(gdb)
205         if (index > (IO_MEM_NOTDIRTY >> IO_MEM_SHIFT)
(gdb)
210         env->mem_io_vaddr = addr;
(gdb)
211         env->mem_io_pc = (unsigned long)retaddr;
(gdb)
213         io_mem_write[index][SHIFT](io_mem_opaque[index], physaddr, val);
(gdb)
unassigned_mem_writel (opaque=0x0, addr=18370729332793347788, val=2056) 
at /home/build/src/qemu/git/qemu/exec.c:3014
3014    {
(gdb)
3019        do_unassigned_access(addr, 1, 0, 0, 4);
(gdb)
do_unassigned_access (addr=18370729332793347788, is_write=1, is_exec=0, 
is_asi=0, size=4)
     at /home/build/src/qemu/git/qemu/target-sparc/op_helper.c:4218
4218    {
(gdb)
4224        saved_env = env;
(gdb)
4225        env = cpu_single_env;
(gdb)
4227        if (is_asi)
(gdb)
4233            printf("Unassigned mem %s access of %d byte%s to " 
TARGET_FMT_plx
(gdb)
Unassigned mem write access of 4 bytes to fef1f0fef1ff0ecc from f004127c
4239        fault_type = (env->mmuregs[3] & 0x1c) >> 2;
(gdb)
4240        if ((fault_type > 4) || (fault_type == 0)) {
(gdb)
4257        if (fault_type == ((env->mmuregs[3] & 0x1c)) >> 2) {
(gdb)
4258            env->mmuregs[3] |= 1;
(gdb)
4261        if ((env->mmuregs[0] & MMU_E) && !(env->mmuregs[0] & MMU_NF)) {
(gdb)
4262            if (is_exec)
(gdb)
4265                raise_exception(TT_DATA_ACCESS);
(gdb)
raise_exception (tt=41) at 
/home/build/src/qemu/git/qemu/target-sparc/op_helper.c:287
287     {
(gdb)
288         env->exception_index = tt;
(gdb)
289         cpu_loop_exit();
(gdb)
cpu_loop_exit () at /home/build/src/qemu/git/qemu/cpu-exec.c:59
59      {
(gdb)
60          env->current_tb = NULL;
(gdb)
61          longjmp(env->jmp_env, 1);
(gdb)
qemu: fatal: Trap 0x29 while interrupts disabled, Error state
pc: f004127c  npc: f0041280
General Registers:
%g0-7: 00000000 00000808 00000001 f0041b74 00000000 f0243b88 00000000 
f0244020

Current Register Window:
%o0-7: f025831c f5a2f00c f0240374 f0240370 f024036c 00000004 f0240300 
f005bd84
%l0-7: 04400cc2 f005bf94 f005bf98 00000004 00000209 00000004 00000000 
f023fe60
%i0-7: 00000001 f02403f4 f5a2f00c f025831c 00000001 00000009 f023ff08 
f005c6b8

Floating Point Registers:
%f00: 000000000.000000 000000000.000000 000000000.000000 000000000.000000
%f04: 000000000.000000 000000000.000000 000000000.000000 000000000.000000
%f08: 000000000.000000 000000000.000000 000000000.000000 000000000.000000
%f12: 000000000.000000 000000000.000000 000000000.000000 000000000.000000
%f16: 000000000.000000 000000000.000000 000000000.000000 000000000.000000
%f20: 000000000.000000 000000000.000000 000000000.000000 000000000.000000
%f24: 000000000.000000 000000000.000000 000000000.000000 000000000.000000
%f28: 000000000.000000 000000000.000000 000000000.000000 000000000.000000
psr: 04000cc2 (icc: ---- SPE: SP-) wim: 00000004
fsr: 00080000 y: 00000000

Program received signal SIGABRT, Aborted.
0x00007ff3fde68ed5 in raise () from /lib/libc.so.6
(gdb)


I'm not sure exactly what's happening, although it seems like some kind 
of I/O memory access is triggering the error before the neverland 
mapping is removed?


ATB,

Mark.

-- 
Mark Cave-Ayland - Senior Technical Architect
PostgreSQL - PostGIS
Sirius Corporation plc - control through freedom
http://www.siriusit.co.uk
t: +44 870 608 0063

Sirius Labs: http://www.siriusit.co.uk/labs



More information about the OpenBIOS mailing list