Re: [Qemu-devel] MIPS little endian - Bug when decoding physaddr

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] MIPS little endian - Bug when decoding physaddr

From:	Vinicius Maciel
Subject:	Re: [Qemu-devel] MIPS little endian - Bug when decoding physaddr
Date:	Sat, 13 May 2017 19:10:36 -0300

Hi Philippe and Aurelien,

You are right. I have created a simple SYSBUS using sysbus_create_simple
at 0x18000000 and now my read function works!

Thanks for help. I am attaching my code if you are interested.

Vinicius

2017-05-13 18:57 GMT-03:00 Philippe Mathieu-Daudé <address@hidden>:

> Hi Vinicius,
>
> On 2017-05-12 19:52, Vinicius Maciel wrote:
>>
>>> Hi all,
>>>
>>> I'm trying to emulate a MIPS 74Kc using a custom machine in order to run
>>> a
>>> CFE bootloader from broadcom. The CPU is Broadcom BCM5357. The problem
>>>
>>
> Here is your problem, there is no such model in QEMU.
>
> happens when Qemu calculates physaddr inside io_readx(), cputlb.c:line 784
>>>
>>> physaddr = (physaddr & TARGET_PAGE_MASK) + addr;
>>>
>>> After run this line the the value is 0x18000000, which is clearly wrong.
>>>
>>
> The Broadcom BCM5357 is a WiSoc (Wireless System-On-Chip).
>
> A SoC (System-On-Chip) is not limited to a MIPS CPU but has a large set of
> embedded peripherals.
>
> QEMU does models the MIPS 74Kf cpu, but not the BCM5357 peripherals.
>
> At this physical address this SoC family maps a bus called
> SiliconBackplane (BP).
> The first peripheral mapped in the BP region is the ChipCommon (CC).
> Common meaning this core registers intend to be consistent between
> different models/releases using this BP bus, so a firmware can check it is
> running the correct hardware or check if peripherals/features are
> available/enabled to configure/use them.
>
> My guess is your CFE function board_earlyinit() is trying to determine the
> chip model by reading the ChipID from the CC it supposed is physically
> mapped at 0x18000000, which is not modeled in QEMU.
>
> Phil.
>
>
>
>> I don't think it's wrong, see below:
>>
>> More informations:
>>>
>>> BUG function: io_readx
>>> Assembly instruction: lw t1,0(a2)
>>> Machine code: 0x8cc90000 (Little endian)
>>> Access address: 0xb8000000
>>>
>>> Assembly code:
>>> 80702f30 <board_earlyinit>:
>>> 80702f30: 3c06b800 lui a2,0xb800
>>>
>>
>> This load 0xb8000000 in a2
>>
>> 80702f34: 24075350 li a3,21328
>>> 80702f38: 8cc90000 lw t1,0(a2) <----
>>>
>>
>> Now this try to load a value from the virtual address 0xb8000000. This
>> address corresponds to kseg1 (Kernel Unmapped Uncached) and is mapped
>> to the physical address 0x18000000. See the MIPS32 Privileged Resource
>> Architecture Manual for more details how the virtual to physical mapping
>> works.
>>
>> Aurelien
>>
>>

bcm_router.c
Description: Text Data

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] MIPS little endian - Bug when decoding physaddr, Vinicius Maciel, 2017/05/13
- Re: [Qemu-devel] MIPS little endian - Bug when decoding physaddr, Aurelien Jarno, 2017/05/13
  - Re: [Qemu-devel] MIPS little endian - Bug when decoding physaddr, Philippe Mathieu-Daudé, 2017/05/13
    - Re: [Qemu-devel] MIPS little endian - Bug when decoding physaddr, Vinicius Maciel <=

Prev by Date: Re: [Qemu-devel] [PATCH] libvixl: Correct ordering of includes and fix NetBSD build
Next by Date: Re: [Qemu-devel] [PATCH v3 4/5] mc146818rtc: drop unnecessary '#ifdef TARGET_I386'
Previous by thread: Re: [Qemu-devel] MIPS little endian - Bug when decoding physaddr
Next by thread: [Qemu-devel] [PATCH] tcg/i386: 'nop' instruction with 'lock' prefix is illegal
Index(es):
- Date
- Thread