From patchwork Sun Dec 13 21:14:10 2009 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Igor V. Kovalenko" X-Patchwork-Id: 41049 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [199.232.76.165]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id A4753B6F15 for ; Mon, 14 Dec 2009 08:15:19 +1100 (EST) Received: from localhost ([127.0.0.1]:36748 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1NJvme-0003bq-Ca for incoming@patchwork.ozlabs.org; Sun, 13 Dec 2009 16:15:16 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1NJvm6-0003b2-O5 for qemu-devel@nongnu.org; Sun, 13 Dec 2009 16:14:42 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1NJvm2-0003WG-0c for qemu-devel@nongnu.org; Sun, 13 Dec 2009 16:14:42 -0500 Received: from [199.232.76.173] (port=40018 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1NJvm1-0003W4-Sz for qemu-devel@nongnu.org; Sun, 13 Dec 2009 16:14:37 -0500 Received: from mail-bw0-f212.google.com ([209.85.218.212]:53817) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1NJvm1-0000Ze-Ev for qemu-devel@nongnu.org; Sun, 13 Dec 2009 16:14:37 -0500 Received: by bwz4 with SMTP id 4so1644712bwz.2 for ; Sun, 13 Dec 2009 13:14:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=CfiBJgkWSVMR2tGy3VM3BKadorm4AXrdDES0ZmMII9I=; b=I5n1lniCtsfPjaXwlyDwqY7UZG5pkYJeuc40aguAW9wnmI3yFyJqVwtI9oQA0ptFye 21yGCNgoMvfgtvCgJPPTiFb/cHMob3gpJzW9G2CEX8rcstAuLUaEYPvMGr5ju+mvaE8d WdKVqS/5SKIQf3HnWiQ/GEvG1XNv2xH7tk70U= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=AToD2U8ebBEv9qDLVanGN4tE+21ATwqG0+7ImlLMz4Tn+UPqO66F7H72TIgMPxAjJt BbTicytNjudrICnj8bQ26Ed9xmlMU1Pl3/xIASxxOuyyoMS8YR/3quN5CObLMzRQproZ QbUaYHoHkLti7P1Q4C/hoGJr+u/jgkX/Jo0QA= MIME-Version: 1.0 Received: by 10.204.3.22 with SMTP id 22mr211775bkl.181.1260738850794; Sun, 13 Dec 2009 13:14:10 -0800 (PST) In-Reply-To: References: <4B22461602000099000327DE@collaborate.seakr.com> Date: Mon, 14 Dec 2009 00:14:10 +0300 Message-ID: From: Igor Kovalenko To: Juan Quintela X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 2) Cc: Blue Swirl , qemu-devel@nongnu.org, Nick Couchman Subject: [Qemu-devel] Re: Bug in Sparc64/IDE Code X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org On Sun, Dec 13, 2009 at 10:06 PM, Juan Quintela wrote: > Igor Kovalenko wrote: >> On Sat, Dec 12, 2009 at 3:18 PM, Igor Kovalenko >> wrote: >>> On Sat, Dec 12, 2009 at 1:12 PM, Blue Swirl wrote: >>>> On Fri, Dec 11, 2009 at 10:16 PM, Nick Couchman wrote: >>>>> In working to try to get Sparc64 system emulation developed, we seem to have run into an issue with the IDE code in Qemu.  The OpenBIOS folks have been working quite a few issues with the OpenBIOS code that need to be resolved in order to boot 64-bit Solaris kernels correctly, but the most recent issue indicates that the IDE code for the Sparc64 emulator is reading from and writing to the wrong memory locations.  The end result is the following output when trying to boot off an ISO image in Qemu: >>>> >>>>> bmdma_cmd_writeb: 0x00000054 >>>>> bmdma: writeb 0x701 : 0xd7 >>>>> bmdma: writeb 0x702 : 0x79 >>>>> bmdma: writeb 0x703 : 0xfe >>>>> bmdma_addr_writew: 0x0000ddef >>>>> bmdma_addr_writew: 0x0000b12b >>>>> bmdma_cmd_writeb: 0x000000da >>>>> bmdma: writeb 0x709 : 0x95 >>>>> Segmentation fault >>>> >>>> I can't reproduce this with milaX 0.3.1, QEMU git HEAD and OpenBIOS >>>> svn r644. The bug could be that the BMDMA address may need BE to LE >>>> conversion, or OpenBIOS could just clobber BMDMA registers with >>>> garbage (the DMA address candidates 0xddefb12b and 0xb12bddef do not >>>> look valid). >>>> >>>> Another possibility is that the PCI host bridge should have an IOMMU >>>> which is not implemented yet, but I doubt we are at that stage. >>>> >>>> Could you run QEMU in a GDB session and send the backtrace from the segfault? >>>> >>> >>> There seems to be an issue with pci_from_bm cast: bm->unit is not >>> assigned anywhere >>> in the code so it is zero for second unit, and pci_from_bm returns >>> wrong address. >>> Crash happens writing to address mapped for second unit. >> >> This appears to be a regression in cmd646. After removal of pci_dev from >> BMDMAState structure we cannot do much to work around this issue. >> >> The problem here is that we cannot rely on bm->unit value since it is getting >> changed while dma operations are in progress, f.e. it is set to -1 on >> dma cancel. >> Thus we cannot get to pci_dev from BMDMAState passed to i/o read/write >> callbacks. >> >> Juan, can you please take a look at this issue? > >   I don't have a sparc setup, but could you try this patch?  It also fixes >   the test for bm. Looks good, but runtime aborts in register_ioport_read. You cannot install different opaque for read and write of the same i/o address. Seems like every other device has the same driver for reading and writing, but in cmd646 it calls out to ide/pci.c code for bmdma_cmd_writeb write method, whereas it reads with own bmdma_readb_0 method. Probably bmdma_writeb_* should call out to bmdma_cmd_writeb for address 0 and whole 4 byte is to be mapped to bmdma_writeb_* I tested the following fix on top of yours patch with my previous workaround reverted. Both my workaround and these two combined show the same qemu.log trace. commit 26c618af44c91a806d88044d468733b86028e352 Author: Igor V. Kovalenko Date: Mon Dec 14 00:05:10 2009 +0300 cmd646 fix abort due to changed opaque pointer for ioport read Signed-off-by: Igor V. Kovalenko (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30); @@ -168,13 +171,11 @@ static void bmdma_map(PCIDevice *pci_dev, int region_num, bm->bus = d->bus+i; qemu_add_vm_change_state_handler(ide_dma_restart_cb, bm); - register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm); - if (i == 0) { - register_ioport_write(addr + 1, 3, 1, bmdma_writeb_0, d); + register_ioport_write(addr, 4, 1, bmdma_writeb_0, d); register_ioport_read(addr, 4, 1, bmdma_readb_0, d); } else { - register_ioport_write(addr + 1, 3, 1, bmdma_writeb_1, d); + register_ioport_write(addr, 4, 1, bmdma_writeb_1, d); register_ioport_read(addr, 4, 1, bmdma_readb_1, d); } diff --git a/hw/ide/cmd646.c b/hw/ide/cmd646.c index 9d60590..07fcf4d 100644 --- a/hw/ide/cmd646.c +++ b/hw/ide/cmd646.c @@ -123,6 +123,9 @@ static void bmdma_writeb_common(PCIIDEState *pci_dev, BMDMAState *bm, printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val); #endif switch(addr & 3) { + case 0: + bmdma_cmd_writeb(bm, addr, val); + break; case 1: pci_dev->dev.config[MRDMODE] =