[OpenBIOS] Running client with MMU off

BALATON Zoltan balaton at eik.bme.hu
Fri Jun 6 02:55:28 CEST 2014 

I'm trying to solve the last bigger outstanding problem for MorphOS to run 
with OpenBIOS. This is that it modifies exception vectors without first 
turning the MMU off (probably expecting it to be off as happens on real 
hardware). OpenBIOS on the other hand turns the MMU on and needs this for 
client interface calls to work so calling the client boot code with MMU 
off results in a hang. There is disabled code in the quiesce method to 
clear the MMU bits but this is not sufficient/correct because MorphOS 
continues to call client interface callbacks after calling quiesce. Thus I 
was trying to save MSR, turn MMU on then restore MSR on client callbacks 
with the patch below but it does not work and leads to writes to wrong 
addresses and a crash on restore. (Probably the stack location is wrong 
after the patch?) Can anyone tell why it's not working and what could be 
done instead?

Regards,
BALATON Zoltan

diff --git a/openbios-devel/arch/ppc/qemu/start.S 
b/openbios-devel/arch/ppc/qemu
index ae2fd53..384a8a6 100644
--- a/openbios-devel/arch/ppc/qemu/start.S
+++ b/openbios-devel/arch/ppc/qemu/start.S
@@ -515,13 +515,13 @@ _GLOBAL(call_elf):
         LOAD_REG_IMMEDIATE(r5, of_client_callback)      // r5 = callback
         li      r6,0                    // r6 = address of client program 
argume
         li      r7,0                    // r7 = length of client program 
argumen
-       li      r0,MSR_FP | MSR_ME | MSR_DR | MSR_IR
+       li      r0,MSR_FP | MSR_ME
         MTMSRD(r0)
         blrl

  #ifdef CONFIG_PPC64
      /* Restore SF bit */
-    LOAD_REG_IMMEDIATE(r0, MSR_SF | MSR_FP | MSR_ME | MSR_DR | MSR_IR)
+    LOAD_REG_IMMEDIATE(r0, MSR_SF | MSR_FP | MSR_ME)
      MTMSRD(r0)
  #endif
         LOAD_REG_IMMEDIATE(r8, saved_stack)             // restore stack 
pointer
@@ -535,10 +535,10 @@ _GLOBAL(call_elf):

  #ifdef __powerpc64__
  #define STKOFF STACKFRAME_MINSIZE
-#define SAVE_SPACE 320
+#define SAVE_SPACE 328
  #else
  #define STKOFF 8
-#define SAVE_SPACE 144
+#define SAVE_SPACE 148
  #endif
  GLOBL(of_client_callback):

@@ -607,6 +607,10 @@ GLOBL(of_client_callback):
      PPC_STL r29, (STKOFF + 30 * ULONG_SIZE)(r1)
      PPC_STL r30, (STKOFF + 31 * ULONG_SIZE)(r1)
      PPC_STL r31, (STKOFF + 32 * ULONG_SIZE)(r1)
+    mfmsr r2
+    PPC_STL r2,  (STKOFF + 33 * ULONG_SIZE)(r1)
+    ori r2, r2, (MSR_DR | MSR_IR)
+    mtmsr r2

  #ifdef CONFIG_PPC64
      LOAD_REG_IMMEDIATE(r2, of_client_interface)
@@ -643,6 +647,8 @@ GLOBL(of_client_callback):
      PPC_LL  r29, (STKOFF + 30 * ULONG_SIZE)(r1)
      PPC_LL  r30, (STKOFF + 31 * ULONG_SIZE)(r1)
      PPC_LL  r31, (STKOFF + 32 * ULONG_SIZE)(r1)
+    PPC_LL  r2,  (STKOFF + 33 * ULONG_SIZE)(r1)
+    mtmsr r2

         /* restore ctr, cr and xer */


This results in:

Unassigned mem write 00000000100fff6c = 0x0
Unassigned mem write 00000000100fff74 = 0xfde7e90
Unassigned mem write 00000000100fff78 = 0x0
Unassigned mem write 00000000100fff7c = 0x4311d0
Unassigned mem write 00000000100fff80 = 0x0
Unassigned mem write 00000000100fff84 = 0x22000042
Unassigned mem write 00000000100fff88 = 0x20000000
Unassigned mem write 00000000100fff8c = 0x0
Unassigned mem write 00000000100fff90 = 0x8
Unassigned mem write 00000000100fff94 = 0x2
Unassigned mem write 00000000100fff98 = 0x0
Unassigned mem write 00000000100fff9c = 0x680000
Unassigned mem write 00000000100fffa0 = 0xfde7f98
Unassigned mem write 00000000100fffa4 = 0xfdf7e70
Unassigned mem write 00000000100fffa8 = 0x22000042
Unassigned mem write 00000000100fffac = 0x0
Unassigned mem write 00000000100fffb0 = 0xfff32687
Unassigned mem write 00000000100fffb4 = 0xfde7f60
Unassigned mem write 00000000100fffb8 = 0xfde7f20
Unassigned mem write 00000000100fffbc = 0x0
Unassigned mem write 00000000100fffc0 = 0xfffb0000
Unassigned mem write 00000000100fffc4 = 0x688000
Unassigned mem write 00000000100fffc8 = 0x3000
Unassigned mem write 00000000100fffcc = 0xfffb601c
Unassigned mem write 00000000100fffd0 = 0x0
Unassigned mem write 00000000100fffd4 = 0xfffb601c
Unassigned mem write 00000000100fffd8 = 0xfffb0000
Unassigned mem write 00000000100fffdc = 0x0
Unassigned mem write 00000000100fffe0 = 0xfff02620
Unassigned mem write 00000000100fffe4 = 0xfde7f60
Unassigned mem write 00000000100fffe8 = 0xfde7f20
Unassigned mem write 00000000100fffec = 0x688000
Unassigned mem write 00000000100ffff0 = 0xfffb0000
Unassigned mem write 00000000100ffff4 = 0x67bd80
Unassigned mem write 00000000100ffff8 = 0x3000
Unassigned mem read 0000000060000000
qemu: fatal: Trying to execute code outside RAM or ROM at 0x60000000

NIP 60000000   LR 60000000 CTR 00000000 XER 00000000
MSR 00000000 HID0 00000000  HF 00000000 idx 1
TB 00000000 836520711 DECR 3458446955
GPR00 0000000000000000 0000000060000000 0000000000000000 0000000000000000
GPR04 000000004bfffffc 0000000000000000 0000000000000000 0000000000000000
GPR08 0000000000000000 0000000000000000 0000000000000000 0000000000000000
GPR12 0000000000000000 0000000000000000 0000000000000000 0000000000000000
GPR16 0000000000000000 0000000000000000 0000000000000000 0000000000000000
GPR20 0000000000000000 0000000000000000 0000000000000000 0000000000000000
GPR24 0000000000000000 0000000000000000 0000000000000000 0000000000000000
GPR28 0000000000000000 0000000000000000 0000000000000000 0000000000000000
CR 00000000  [ -  -  -  -  -  -  -  -  ]             RES ffffffff
FPR00 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR04 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR08 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR12 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR16 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR20 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR24 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR28 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPSCR 00000000
  SRR0 fff0db1c  SRR1 00003030    PVR 000c0209 VRSAVE 00000000
SPRG0 0fe00000 SPRG1 ffffff6c  SPRG2 22000042  SPRG3 00000000
SPRG4 00000000 SPRG5 00000000  SPRG6 00000000  SPRG7 00000000
  SDR1 0fe00000   DAR ffffff3c  DSISR 42000000

end of dissassembly before the error:

0xfff02750:  lwz     r31,136(r1)
0xfff02754:  lwz     r2,140(r1)
0xfff02758:  mtmsr   r2

IN:
0xfff0275c:  lwz     r2,20(r1)
0xfff02760:  mtctr   r2
0xfff02764:  lwz     r2,24(r1)
0xfff02768:  mtcr    r2
0xfff0276c:  lwz     r2,28(r1)
0xfff02770:  mtxer   r2
0xfff02774:  lwz     r2,12(r1)
0xfff02778:  lwz     r0,16(r1)
0xfff0277c:  lwz     r1,8(r1)
0xfff02780:  lwz     r4,4(r1)
0xfff02784:  mtlr    r4
0xfff02788:  lwz     r4,8(r1)
0xfff0278c:  lwz     r1,0(r1)
0xfff02790:  blr

qemu: fatal: Trying to execute code outside RAM or ROM at 0x60000000

More information about the OpenBIOS mailing list