Re: [Qemu-devel] MIPS little endian - Bug when decoding physaddr

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] MIPS little endian - Bug when decoding physaddr

From:	Philippe Mathieu-Daudé
Subject:	Re: [Qemu-devel] MIPS little endian - Bug when decoding physaddr
Date:	Sat, 13 May 2017 18:57:07 -0300
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0

Hi Vinicius,

On 2017-05-12 19:52, Vinicius Maciel wrote:

Hi all,

I'm trying to emulate a MIPS 74Kc using a custom machine in order to run a
CFE bootloader from broadcom. The CPU is Broadcom BCM5357. The problem


Here is your problem, there is no such model in QEMU.

happens when Qemu calculates physaddr inside io_readx(), cputlb.c:line 784

physaddr = (physaddr & TARGET_PAGE_MASK) + addr;

After run this line the the value is 0x18000000, which is clearly wrong.


The Broadcom BCM5357 is a WiSoc (Wireless System-On-Chip).

A SoC (System-On-Chip) is not limited to a MIPS CPU but has a large setof embedded peripherals.


QEMU does models the MIPS 74Kf cpu, but not the BCM5357 peripherals.

At this physical address this SoC family maps a bus calledSiliconBackplane (BP).The first peripheral mapped in the BP region is the ChipCommon (CC).Common meaning this core registers intend to be consistent betweendifferent models/releases using this BP bus, so a firmware can check itis running the correct hardware or check if peripherals/features areavailable/enabled to configure/use them.

My guess is your CFE function board_earlyinit() is trying to determinethe chip model by reading the ChipID from the CC it supposed isphysically mapped at 0x18000000, which is not modeled in QEMU.


Phil.


I don't think it's wrong, see below:

More informations:

BUG function: io_readx
Assembly instruction: lw t1,0(a2)
Machine code: 0x8cc90000 (Little endian)
Access address: 0xb8000000

Assembly code:
80702f30 <board_earlyinit>:
80702f30: 3c06b800 lui a2,0xb800


This load 0xb8000000 in a2

80702f34: 24075350 li a3,21328
80702f38: 8cc90000 lw t1,0(a2) <----


Now this try to load a value from the virtual address 0xb8000000. This
address corresponds to kseg1 (Kernel Unmapped Uncached) and is mapped
to the physical address 0x18000000. See the MIPS32 Privileged Resource
Architecture Manual for more details how the virtual to physical mapping
works.

Aurelien

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] MIPS little endian - Bug when decoding physaddr, Vinicius Maciel, 2017/05/13
- Re: [Qemu-devel] MIPS little endian - Bug when decoding physaddr, Aurelien Jarno, 2017/05/13
  - Re: [Qemu-devel] MIPS little endian - Bug when decoding physaddr, Philippe Mathieu-Daudé <=
    - Re: [Qemu-devel] MIPS little endian - Bug when decoding physaddr, Vinicius Maciel, 2017/05/13

Prev by Date: Re: [Qemu-devel] [PATCH 00/17] qobject/qapi: add uint type
Next by Date: Re: [Qemu-devel] [PATCH] libvixl: Correct ordering of includes and fix NetBSD build
Previous by thread: Re: [Qemu-devel] MIPS little endian - Bug when decoding physaddr
Next by thread: Re: [Qemu-devel] MIPS little endian - Bug when decoding physaddr
Index(es):
- Date
- Thread