From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1M8YkK-0007ax-Kl
	for qemu-devel@nongnu.org; Mon, 25 May 2009 07:53:36 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1M8YkF-0007QU-NC
	for qemu-devel@nongnu.org; Mon, 25 May 2009 07:53:35 -0400
Received: from [199.232.76.173] (port=37637 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1M8YkF-0007QO-KN
	for qemu-devel@nongnu.org; Mon, 25 May 2009 07:53:31 -0400
Received: from atlas.informatik.uni-freiburg.de ([132.230.150.3]:53121)
	by monty-python.gnu.org with esmtps
	(TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60)
	(envelope-from <the.real.hik@gmx.net>) id 1M8YkF-0001sZ-2l
	for qemu-devel@nongnu.org; Mon, 25 May 2009 07:53:31 -0400
Received: from mafia.informatik.uni-freiburg.de ([132.230.150.87])
	by atlas.informatik.uni-freiburg.de with esmtpsa (TLSv1:AES256-SHA:256)
	(Exim 4.68) (envelope-from <the.real.hik@gmx.net>)
	id 1M8Yk9-0007Vi-Hk
	for qemu-devel@nongnu.org; Mon, 25 May 2009 13:53:25 +0200
Message-ID: <4A1A86B4.4010200@gmx.net>
Date: Mon, 25 May 2009 13:53:24 +0200
From: Thorsten Zitterell <the.real.hik@gmx.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: [Qemu-devel] Fatal error on accessing IO memory of smc91c111 NIC
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

Hi,

there seems to be a problem when accessing the IO memory of an emulated gumstix 
(PXA) with smc91c111 NIC. I suspect that it has to do with the base address 
which is not a multiple of the page size. Here, the NIC is registered at base 
address 0x04000300:

     smc91c111_init(&nd_table[0], 0x04000300,
                     pxa2xx_gpio_in_get(cpu->gpio)[99]);

According to the last two lines of qemu.log, the NIC is correctly accessed 
during guest system boot at address 0400030e (r4+#14):

0xa3f07fdc:  strh       r5, [r4, #14]
0xa3f07fe0:  bl 0xa3f00f5c

Then, qemu panics:

qemu: fatal: smc91c111_write: Bad reg 0:30e

R00=a3ee01f0 R01=a3edefb8 R02=00000001 R03=00008000
R04=04000300 R05=00000000 R06=a3edefb8 R07=a3edefb8
R08=a3edefdc R09=a3ee0230 R10=a3ee01f0 R11=00000000
R12=a3f27488 R13=a3edec34 R14=a3f04148 R15=a3f07fac
PSR=600001d3 -ZC- A svc32

However, the correct reg should be 0:0e - not 0:30e. The fatal error also occurs 
with disabled MMU. I have debugged the smc91c111 driver and it gets the wrong 
offset value from the calling qemu core.

Could this wrong offset be related cpu_register_physical_memory_offset(...) as 
addresses are rounded down to page boundaries?

exec.c:2325:

/* register physical memory. 'size' must be a multiple of the target
    page size. If (phys_offset & ~TARGET_PAGE_MASK) != 0, then it is an
    io memory page.  The address used when calling the IO function is
    the offset from the start of the region, plus region_offset.  Both
    start_addr and region_offset are rounded down to a page boundary
    before calculating this offset.  This should not be a problem unless
    the low bits of start_addr and region_offset differ.  */

Can this be fixed by another driver initialization?

Thorsten