qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [Qemu-ppc] macio ide question/bug report


From: BALATON Zoltan
Subject: Re: [Qemu-devel] [Qemu-ppc] macio ide question/bug report
Date: Thu, 15 May 2014 22:14:14 +0200 (CEST)
User-agent: Alpine 2.02 (LMD 1266 2009-07-14)

On Thu, 15 May 2014, Mark Cave-Ayland wrote:
On 15/05/14 18:28, BALATON Zoltan wrote:
#0  pmac_ide_atapi_transfer_cb (opaque=0x5555563ccc68, ret=0)
     at hw/ide/macio.c:55
#1  0x00005555556da6d0 in pmac_ide_transfer (io=0x5555563ccc68)
     at hw/ide/macio.c:225
#2  0x00005555556eeee2 in start_input (ch=0x5555563ccc18, key=0, addr=
     14777932, req_count=804, is_last=1) at hw/misc/macio/mac_dbdma.c:334
#3  0x00005555556ef444 in channel_run (ch=0x5555563ccc18)
     at hw/misc/macio/mac_dbdma.c:489
#4  0x00005555556ef599 in DBDMA_run (s=0x5555563cba40)
     at hw/misc/macio/mac_dbdma.c:531
#5  0x00005555556ef5f4 in DBDMA_run_bh (opaque=0x5555563cba40)
     at hw/misc/macio/mac_dbdma.c:542
#6  0x00005555555f8200 in aio_bh_poll (ctx=0x55555637fc00) at async.c:81
#7  0x00005555555f7e59 in aio_poll (ctx=0x55555637fc00, blocking=false)
     at aio-posix.c:188
#8  0x00005555555f8617 in aio_ctx_dispatch (source=0x55555637fc00,
callback=
     0x0, user_data=0x0) at async.c:205
#9  0x00007ffff78ca6d5 in g_main_context_dispatch ()
    from /lib64/libglib-2.0.so.0
#10 0x00005555557a0fde in glib_pollfds_poll () at main-loop.c:190
#11 0x00005555557a10de in os_host_main_loop_wait (timeout=15883632)
     at main-loop.c:235
#12 0x00005555557a11b1 in main_loop_wait (nonblocking=0) at main-loop.c:484
#13 0x000055555584422c in main_loop () at vl.c:2075
#14 0x000055555584bcbf in main (argc=32, argv=0x7fffffffdc48, envp=
     0x7fffffffdd50) at vl.c:4556

(lots cut)

So that looks like the correct request based upon it's size so what happened when you stepped into pmac_ide_atapi_transfer_cb()...?

Did not follow it to the end because we know it would fail and the sense value returned seems to be just a remnant of previous failures as can be seen from the structures I've printed.

My testing was done with commit 80fc95d8bdaf3392106b131a97ca701fd374489a
already reverted as that was established before that it is not needed
any more which simplifies pmac_ide_atapi_transfer_cb() quite a bit

Sadly I've now found that this isn't the case (email to the qemu-devel list to follow, but I've run out of time today) :(

OK, I'm back to the HEAD version and testing with that with your patch applied.

Well my understanding is that it's impossible to boot a MorphOS image directly and requires all sorts of tricks with debuggers etc. Unless you can provide a "run this and it breaks" test case, then the time barrier for trying to fix bugs like this is exceptionally high.

Unfortunately it is not straightforward to test with MorphOS but I think it could be reproduced with other OS-es if they can be made to do a read TOC with DMA. I can try to find a way to reproduce it with Linux but hopefully we can get to the end of it now. (I think we are close.)

You mention that you don't understand the fields and sizes, so explain which ones you don't understand and ask. Search around for guides to how ATAPI/IDE

The ones used in pmac_ide_atapi_transfer_cb(). It's not clear to me where is the source buffer where is the destination and what is the correct lenght to use. Your patch helps but it's not correct yet. See below.

Please see above. FWIW based upon the your gdb output I've put together the following patch which compiles, but that's all I can vouch for it. Further testing and debugging will have to be done by you, although I will try and respond to specific questions where possible.

Thanks a lot. I've tested your patch and it comes closer but not quite there yet. Running it in a debugger I've seen this:

Breakpoint 1, pmac_ide_transfer (io=0x5555563d1068) at hw/ide/macio.c:340
340     {
(gdb) n
341         MACIOIDEState *m = io->opaque;
342         IDEState *s = idebus_active_if(&m->bus);
344         MACIO_DPRINTF("pmac_ide_transfer%s lba=%x, buffer_index=%x, 
len=%x\n",
pmac_ide_transfer(ATAPI) lba=ffffffff, buffer_index=0, len=324
348         s->io_buffer_size = 0;
349         if (s->drive_kind == IDE_CD) {
350             bdrv_acct_start(s->bs, &s->acct, io->len, BDRV_ACCT_READ);
351             pmac_ide_atapi_transfer_cb(io, 0);
(gdb) s
pmac_ide_atapi_transfer_cb (opaque=0x5555563d1068, ret=0) at hw/ide/macio.c:55
55      {
56          DBDMA_io *io = opaque;
57          MACIOIDEState *m = io->opaque;
58          IDEState *s = idebus_active_if(&m->bus);
61          if (ret < 0) {
69          if (!m->dma_active) {
77          MACIO_DPRINTF("io_buffer_size = %#x\n", s->io_buffer_size);
io_buffer_size = 0
79          if (s->io_buffer_size > 0) {
90          s->io_buffer_size = MIN(io->len, s->packet_transfer_size);
92          MACIO_DPRINTF("remainder: %d io->len: %d size: %d\n", 
io->remainder_len,
remainder: 0 io->len: 804 size: 20
94          if (io->remainder_len && io->len) {
114         if (s->packet_transfer_size && s->lba == -1) {
115             MACIO_DPRINTF("non-IO ATAPI DMA transfer size: %d\n", io->len);
non-IO ATAPI DMA transfer size: 804
117             cpu_physical_memory_write(io->addr, s->io_buffer, io->len);
(gdb) x/40x s->io_buffer
0x7ffff7e4e800: 0x01011200      0x00011400      0x00000000      0x00aa1600
0x7ffff7e4e810: 0xc8b80100      0x00000000      0x00000000      0x00000000
0x7ffff7e4e820: 0x2e300000      0x20202020      0x02000003      0x322e0004
0x7ffff7e4e830: 0x3530302e      0x51452020      0x20444d55      0x2d525644
0x7ffff7e4e840: 0x20204f4d      0x20202020      0x20202020      0x20202020
0x7ffff7e4e850: 0x20202020      0x20202020      0x20202020      0x00002020
0x7ffff7e4e860: 0x03000001      0x00000000      0x00070000      0x00000000
0x7ffff7e4e870: 0x00000000      0x00000000      0x00000000      0x00070007
0x7ffff7e4e880: 0x00b40003      0x012c00b4      0x000000b4      0x001e0000
0x7ffff7e4e890: 0x0000001e      0x00000000      0x00000000      0x00000000
(gdb) n
118             s->packet_transfer_size -= io->len;
(gdb) p s->packet_transfer_size
$2 = 20
(gdb) n
119             MACIO_DPRINTF("end of non-IO ATAPI DMA transfer\n");
end of non-IO ATAPI DMA transfer
122         if (!s->packet_transfer_size) {
(gdb) p s->io_buffer_size
$3 = 20
(gdb) l
117             cpu_physical_memory_write(io->addr, s->io_buffer, io->len);
118             s->packet_transfer_size -= io->len;
119             MACIO_DPRINTF("end of non-IO ATAPI DMA transfer\n");
120         }
121
122         if (!s->packet_transfer_size) {
123             MACIO_DPRINTF("end of transfer\n");
124             ide_atapi_cmd_ok(s);
125             m->dma_active = false;
126         }
127
128         if (io->len == 0) {
129             MACIO_DPRINTF("end of DMA\n");
130             goto done;
131         }
132
133         /* launch next transfer */
134
135         /* handle unaligned accesses first, get them over with and only do 
the
136            remaining bulk transfer using our async DMA helpers */
(gdb) c
Continuing.
precopying unaligned 292 bytes to 0xe4f064
io->len = 0x200
set remainder to: -804
sector_num=-4 size=-784, cmd_cmd=0
atapi_cmd_error: sense=0x5 asc=0x21
done DMA
DBDMA: dbdma_end
DBDMA: conditional_wait
DBDMA: dbdma_cmdptr_save 0x00e51bb0
DBDMA: xfer_status 0x00008400 res_count 0x0000
DBDMA: conditional_interrupt
DBDMA: conditional_branch
DBDMA: dbdma_cmdptr_load 0x00e51bc0
DBDMA: channel_run
dbdma_cmd 0x5555563d12b0
    req_count 0x0000
    command 0x7000
    phy_addr 0x00000000
    cmd_dep 0x00000000
    res_count 0x0000
    xfer_status 0x0000
DBDMA: writel 0x0000000000000d00 <= 0x98000000
DBDMA: channel 0x1a reg 0x0
DBDMA:     status 0x00000000
ATAPI limit=0x8000 packet: 00 00 00 00 00 00 00 00 00 00 00 00

So it still fails but maybe only because the wrong size is used (io->len). (That's what I meant when I said these values are not clear to me and very confusing.) Do you think that replacing io->len in your patch with s->io_buffer_size would be the correct thing to do?

Regards,
BALATON Zoltan



reply via email to

[Prev in Thread] Current Thread [Next in Thread]