[OpenBIOS] SOLVED: the mystery of Solaris on SPARC32 and the missing Forth arguments
Mark Cave-Ayland
mark.cave-ayland at siriusit.co.uk
Sun Oct 31 13:33:10 CET 2010
Mark Cave-Ayland wrote:
>> I don't think ROM area is in play, but no-fault mode.
Here's an excerpt from a gdb session stepping through the problem area
in the qemu code:
Breakpoint 1, cpu_sparc_handle_mmu_fault (env=0x10579f0,
address=4028890828, rw=1, mmu_idx=1, is_softmmu=1)
at /home/build/src/qemu/git/qemu/target-sparc/helper.c:261
261 vaddr = address & TARGET_PAGE_MASK;
(gdb) bt
#0 cpu_sparc_handle_mmu_fault (env=0x10579f0, address=4028890828, rw=1,
mmu_idx=1, is_softmmu=1)
at /home/build/src/qemu/git/qemu/target-sparc/helper.c:261
#1 0x0000000000521563 in tlb_fill (addr=4028890828, is_write=1,
mmu_idx=1, retaddr=0x408ef5ad)
at /home/build/src/qemu/git/qemu/target-sparc/op_helper.c:4204
#2 0x00000000005208f9 in __stl_mmu (addr=4028890828, val=2056,
mmu_idx=1) at /home/build/src/qemu/git/qemu/softmmu_template.h:272
#3 0x00000000408ef5ae in ?? ()
#4 0x00000000408f1b15 in ?? ()
#5 0x0000000000000001 in ?? ()
#6 0xff0a000000000000 in ?? ()
#7 0x000000000084a4e0 in ss5_machine ()
#8 0x0000000001057cf8 in ?? ()
#9 0x0000000001057af8 in ?? ()
#10 0x00007ffff8068434 in ?? ()
#11 0x00007ffff806843c in ?? ()
#12 0x00007ffff8068438 in ?? ()
#13 0xf004127c010579f0 in ?? ()
#14 0xf3c4023500000475 in ?? ()
#15 0xff0a000000000000 in ?? ()
#16 0x00007ffff8068450 in ?? ()
#17 0x00000000004f6e72 in tb_find_fast () at
/home/build/src/qemu/git/qemu/cpu-exec.c:185
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb) next
262 prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
(gdb)
263 tlb_set_page(env, vaddr, paddr, prot, mmu_idx,
TARGET_PAGE_SIZE);
(gdb) p/x vaddr
$1 = 0xf023f000
(gdb) p/x paddr
$2 = 0xfef1f0fef1ff0000
(gdb) next
tlb_set_page: vaddr=f023f000 paddr=0xfef1f0fef1ff0000 prot=7 idx=1
pd=0x00000010
[Thread 0x42939950 (LWP 29874) exited]
264 return 0;
(gdb)
272 }
(gdb)
tlb_fill (addr=4028890828, is_write=1, mmu_idx=1, retaddr=0x403d94cd) at
/home/build/src/qemu/git/qemu/target-sparc/op_helper.c:4205
4205 if (ret) {
(gdb) next
4209 env = saved_env;
(gdb)
4210 }
(gdb)
__stl_mmu (addr=4028890828, val=2056, mmu_idx=1) at
/home/build/src/qemu/git/qemu/softmmu_template.h:237
237 tlb_addr = env->tlb_table[mmu_idx][index].addr_write;
(gdb)
238 if ((addr & TARGET_PAGE_MASK) == (tlb_addr &
(TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
(gdb)
239 if (tlb_addr & ~TARGET_PAGE_MASK) {
(gdb)
241 if ((addr & (DATA_SIZE - 1)) != 0)
(gdb)
243 retaddr = GETPC();
(gdb)
244 ioaddr = env->iotlb[mmu_idx][index];
(gdb)
245 glue(io_write, SUFFIX)(ioaddr, val, addr, retaddr);
(gdb) step
io_writel (physaddr=18370729328764456976, val=2056, addr=4028890828,
retaddr=0x403d94cd)
at /home/build/src/qemu/git/qemu/softmmu_template.h:201
201 {
(gdb) step
203 index = (physaddr >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
(gdb)
204 physaddr = (physaddr & TARGET_PAGE_MASK) + addr;
(gdb)
205 if (index > (IO_MEM_NOTDIRTY >> IO_MEM_SHIFT)
(gdb)
210 env->mem_io_vaddr = addr;
(gdb)
211 env->mem_io_pc = (unsigned long)retaddr;
(gdb)
213 io_mem_write[index][SHIFT](io_mem_opaque[index], physaddr, val);
(gdb)
unassigned_mem_writel (opaque=0x0, addr=18370729332793347788, val=2056)
at /home/build/src/qemu/git/qemu/exec.c:3014
3014 {
(gdb)
3019 do_unassigned_access(addr, 1, 0, 0, 4);
(gdb)
do_unassigned_access (addr=18370729332793347788, is_write=1, is_exec=0,
is_asi=0, size=4)
at /home/build/src/qemu/git/qemu/target-sparc/op_helper.c:4218
4218 {
(gdb)
4224 saved_env = env;
(gdb)
4225 env = cpu_single_env;
(gdb)
4227 if (is_asi)
(gdb)
4233 printf("Unassigned mem %s access of %d byte%s to "
TARGET_FMT_plx
(gdb)
Unassigned mem write access of 4 bytes to fef1f0fef1ff0ecc from f004127c
4239 fault_type = (env->mmuregs[3] & 0x1c) >> 2;
(gdb)
4240 if ((fault_type > 4) || (fault_type == 0)) {
(gdb)
4257 if (fault_type == ((env->mmuregs[3] & 0x1c)) >> 2) {
(gdb)
4258 env->mmuregs[3] |= 1;
(gdb)
4261 if ((env->mmuregs[0] & MMU_E) && !(env->mmuregs[0] & MMU_NF)) {
(gdb)
4262 if (is_exec)
(gdb)
4265 raise_exception(TT_DATA_ACCESS);
(gdb)
raise_exception (tt=41) at
/home/build/src/qemu/git/qemu/target-sparc/op_helper.c:287
287 {
(gdb)
288 env->exception_index = tt;
(gdb)
289 cpu_loop_exit();
(gdb)
cpu_loop_exit () at /home/build/src/qemu/git/qemu/cpu-exec.c:59
59 {
(gdb)
60 env->current_tb = NULL;
(gdb)
61 longjmp(env->jmp_env, 1);
(gdb)
qemu: fatal: Trap 0x29 while interrupts disabled, Error state
pc: f004127c npc: f0041280
General Registers:
%g0-7: 00000000 00000808 00000001 f0041b74 00000000 f0243b88 00000000
f0244020
Current Register Window:
%o0-7: f025831c f5a2f00c f0240374 f0240370 f024036c 00000004 f0240300
f005bd84
%l0-7: 04400cc2 f005bf94 f005bf98 00000004 00000209 00000004 00000000
f023fe60
%i0-7: 00000001 f02403f4 f5a2f00c f025831c 00000001 00000009 f023ff08
f005c6b8
Floating Point Registers:
%f00: 000000000.000000 000000000.000000 000000000.000000 000000000.000000
%f04: 000000000.000000 000000000.000000 000000000.000000 000000000.000000
%f08: 000000000.000000 000000000.000000 000000000.000000 000000000.000000
%f12: 000000000.000000 000000000.000000 000000000.000000 000000000.000000
%f16: 000000000.000000 000000000.000000 000000000.000000 000000000.000000
%f20: 000000000.000000 000000000.000000 000000000.000000 000000000.000000
%f24: 000000000.000000 000000000.000000 000000000.000000 000000000.000000
%f28: 000000000.000000 000000000.000000 000000000.000000 000000000.000000
psr: 04000cc2 (icc: ---- SPE: SP-) wim: 00000004
fsr: 00080000 y: 00000000
Program received signal SIGABRT, Aborted.
0x00007ff3fde68ed5 in raise () from /lib/libc.so.6
(gdb)
I'm not sure exactly what's happening, although it seems like some kind
of I/O memory access is triggering the error before the neverland
mapping is removed?
ATB,
Mark.
--
Mark Cave-Ayland - Senior Technical Architect
PostgreSQL - PostGIS
Sirius Corporation plc - control through freedom
http://www.siriusit.co.uk
t: +44 870 608 0063
Sirius Labs: http://www.siriusit.co.uk/labs
More information about the OpenBIOS
mailing list