From: Igor Kovalenko <igor.v.kovalenko@gmail.com>
To: Blue Swirl <blauwirbel@gmail.com>
Cc: Juan Quintela <quintela@redhat.com>,
qemu-devel@nongnu.org, Nick Couchman <Nick.Couchman@seakr.com>
Subject: Re: [Qemu-devel] Bug in Sparc64/IDE Code
Date: Sat, 12 Dec 2009 16:22:37 +0300 [thread overview]
Message-ID: <b2fa41d60912120522x6048ea5dgada03ba551df35c3@mail.gmail.com> (raw)
In-Reply-To: <b2fa41d60912120418t72b18ed9p737b7efed5efe740@mail.gmail.com>
On Sat, Dec 12, 2009 at 3:18 PM, Igor Kovalenko
<igor.v.kovalenko@gmail.com> wrote:
> On Sat, Dec 12, 2009 at 1:12 PM, Blue Swirl <blauwirbel@gmail.com> wrote:
>> On Fri, Dec 11, 2009 at 10:16 PM, Nick Couchman <Nick.Couchman@seakr.com> wrote:
>>> In working to try to get Sparc64 system emulation developed, we seem to have run into an issue with the IDE code in Qemu. The OpenBIOS folks have been working quite a few issues with the OpenBIOS code that need to be resolved in order to boot 64-bit Solaris kernels correctly, but the most recent issue indicates that the IDE code for the Sparc64 emulator is reading from and writing to the wrong memory locations. The end result is the following output when trying to boot off an ISO image in Qemu:
>>
>>> bmdma_cmd_writeb: 0x00000054
>>> bmdma: writeb 0x701 : 0xd7
>>> bmdma: writeb 0x702 : 0x79
>>> bmdma: writeb 0x703 : 0xfe
>>> bmdma_addr_writew: 0x0000ddef
>>> bmdma_addr_writew: 0x0000b12b
>>> bmdma_cmd_writeb: 0x000000da
>>> bmdma: writeb 0x709 : 0x95
>>> Segmentation fault
>>
>> I can't reproduce this with milaX 0.3.1, QEMU git HEAD and OpenBIOS
>> svn r644. The bug could be that the BMDMA address may need BE to LE
>> conversion, or OpenBIOS could just clobber BMDMA registers with
>> garbage (the DMA address candidates 0xddefb12b and 0xb12bddef do not
>> look valid).
>>
>> Another possibility is that the PCI host bridge should have an IOMMU
>> which is not implemented yet, but I doubt we are at that stage.
>>
>> Could you run QEMU in a GDB session and send the backtrace from the segfault?
>>
>
> There seems to be an issue with pci_from_bm cast: bm->unit is not
> assigned anywhere
> in the code so it is zero for second unit, and pci_from_bm returns
> wrong address.
> Crash happens writing to address mapped for second unit.
This appears to be a regression in cmd646. After removal of pci_dev from
BMDMAState structure we cannot do much to work around this issue.
The problem here is that we cannot rely on bm->unit value since it is getting
changed while dma operations are in progress, f.e. it is set to -1 on
dma cancel.
Thus we cannot get to pci_dev from BMDMAState passed to i/o read/write
callbacks.
Juan, can you please take a look at this issue?
--
Kind regards,
Igor V. Kovalenko
next prev parent reply other threads:[~2009-12-12 13:22 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-12-11 20:16 [Qemu-devel] Bug in Sparc64/IDE Code Nick Couchman
2009-12-12 10:12 ` Blue Swirl
2009-12-12 12:18 ` Igor Kovalenko
2009-12-12 13:22 ` Igor Kovalenko [this message]
2009-12-13 19:06 ` [Qemu-devel] " Juan Quintela
2009-12-13 21:14 ` Igor Kovalenko
2009-12-13 22:41 ` Juan Quintela
2009-12-15 14:30 ` Nick Couchman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b2fa41d60912120522x6048ea5dgada03ba551df35c3@mail.gmail.com \
--to=igor.v.kovalenko@gmail.com \
--cc=Nick.Couchman@seakr.com \
--cc=blauwirbel@gmail.com \
--cc=qemu-devel@nongnu.org \
--cc=quintela@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).