qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [Question]Support of China loogson processor


From: Peter Maydell
Subject: Re: [Qemu-devel] [Question]Support of China loogson processor
Date: Thu, 16 Apr 2015 23:00:12 +0100

On 16 April 2015 at 16:17, Paolo Bonzini <address@hidden> wrote:
>
>
> On 16/04/2015 17:05, Leon Alrae wrote:
>> On 16/04/2015 13:02, Paolo Bonzini wrote:
>>>
>>>
>>> On 16/04/2015 13:07, Leon Alrae wrote:
>>>> Since I also haven't had a chance to test Loongson emulation, I thought
>>>> I'd give it a try (TCG only, Loongson-2E cpu and fulong2e machine).
>>>>
>>>> Good news is that I'm able to get to the login prompt using ancient QEMU
>>>> v1.0, kernel 2.6.33 (with additional patch from
>>>> https://lists.gnu.org/archive/html/qemu-devel/2010-06/msg02566.html) and
>>>> some old debian image I had handy. However, in any newer version
>>>> starting from v1.1.0 of QEMU something goes horribly wrong and it just
>>>> segfaults somewhere inside hw/bonito.c quite early during kernel
>>>> booting.
>>>
>>> Where exactly?  If it's related to the memory API conversion, it may be
>>> easy to fix.  I can look at a backtrace (or you can just put the Debian
>>> image somewhere I can grab it).
>>
>> Bisect points at: 5312bd8b3152f8d4fcf9389ba54e32b09f4b4093
>>
>> Crash occurs during the first access, below there is backtrace from
>> working and not working case:
>
> This is my best guess...
>
> diff --git a/hw/pci-host/bonito.c b/hw/pci-host/bonito.c
> index 8bdd569..8134d0b 100644
> --- a/hw/pci-host/bonito.c
> +++ b/hw/pci-host/bonito.c
> @@ -233,7 +233,7 @@ static void bonito_writel(void *opaque, hwaddr addr,
>      uint32_t saddr;
>      int reset = 0;
>
> -    saddr = (addr - BONITO_REGBASE) >> 2;
> +    saddr = addr >> 2;
>
>      DPRINTF("bonito_writel "TARGET_FMT_plx" val %x saddr %x\n", addr, val, 
> saddr);
>      switch (saddr) {
> @@ -295,7 +295,7 @@ static uint64_t bonito_readl(void *opaque, hwaddr addr,
>      PCIBonitoState *s = opaque;
>      uint32_t saddr;
>
> -    saddr = (addr - BONITO_REGBASE) >> 2;
> +    saddr = addr >> 2;
>
>      DPRINTF("bonito_readl "TARGET_FMT_plx"\n", addr);
>      switch (saddr) {

Wow, I thought we'd fixed all those "non-page-aligned mmio
region broke when the memory core was fixed to actual pass
the correct address to it" bugs years ago. I wonder if there's
a way to find out if we have any more (coccinelle search pattern?)

Incidentally, this device will happily let the guest
overwrite arbitrary chunks of its state struct via
bonito_cop_writel and bonito_ldma_writel, so I hope
nobody runs untrusted guests on this model :-)

(Its realize function maps its own MMIO regions into
system memory, too, which is a huge style error these days.)

-- PMM



reply via email to

[Prev in Thread] Current Thread [Next in Thread]