qemu-discuss
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How to run different firmware in a machine with 2 cpu?


From: Huang Canming
Subject: Re: How to run different firmware in a machine with 2 cpu?
Date: Wed, 12 Apr 2023 15:46:30 +0800

I seem to find the cause.

when qemu read init-sp and init-pc from rom:

        rom = rom_ptr_for_as(s->as, vecbase, 8);       (target/arm/cpu.c)

the func rom_ptr_for_as did not check for the Addressspace,  as the comment says
     * Note that we do not check @as against the 'as' member in the
     * 'struct Rom' returned by rom_ptr(). The Rom::as is the
     * AddressSpace which the rom blob should be written to, whereas
     * our @as argument is the AddressSpace which we are (effectively)
     * reading from, and the same underlying RAM will often be visible
     * in multiple AddressSpaces. (A common example is a ROM blob
     * written to the 'system' address space but then read back via a
     * CPU's cpu->as pointer.) This does mean we might potentially
     * return a false-positive match if a ROM blob was loaded into an
     * AS which is entirely separate and distinct from the one we're
     * querying, but this issue exists also for rom_ptr() and hasn't
     * caused any problems in practice.
 
So in this case above, the second cpu would load the rom of the first cpu, 
and set the wrong stackpointer when reset.

For now, I add a func called rom_ptr_with_as, to find a rom and check its AddressSpace, 
and now the 2 cpu could work normally. And I don't know this is a QEMU issue or not. 
Seems that there were not such problems before?

--Canming Huang


Huang Canming <huangcmzzk@gmail.com> 于2023年4月10日周一 15:11写道:
Thank you very much for this explanation! For now, I use the generic loader and it could almost work now.

./qemu-system-arm -M mymachine -smp 2 \
-device loader,file=./scp_fast_model.elf,addr=0x0,cpu-num=0 \
 -device loader,file=./mcp_fast_model.elf,addr=0x0,cpu-num=1  \
-serial stdio -serial tcp::5678,server=on,wait=off 

the 2 cpu(or SOC), one is called "mcp",  the other is "scp"

while there are still problems:
The ram size of "mcp" is 0x20000, and the ram size of "scp" is 0x40000 (In real machine).  
If I use the cmd above, QEMU will still abort:
qemu-system-arm: ../target/arm/cpu.h:2396: arm_is_secure_below_el3: Assertion failed.

When I used gdb to debug, I found that the "mcp" seem to be trying  to access 0x3FFF0  of ram, which is out of its range.
While the program of mcp is correct because I have run it in singly before( comment all the "scp" related code).

And If I edit the ram size of "mcp" to 0x40000, then the programs of mcp and scp could all run well.

the code to create rom and ram:
create_ram(&scp_mem,0x00,"scp.rom",0x40000);
create_ram(&scp_mem,0x20000000,"scp.ram",0x40000);

create_ram(&mcp_mem,0x00,"mcp.rom",0x20000);
create_ram(&mcp_mem,0x20000000,"mcp.ram",0x40000);

static MemoryRegion *create_ram(MemoryRegion *mr,hwaddr addr, const char *name,uint64_t size){
MemoryRegion *mem = g_new(MemoryRegion, 1);
memory_region_init_ram(mem, NULL, name,size,
&error_fatal);
memory_region_add_subregion(mr, addr, mem);
return mem;
}

I have no idea what is wrong. Do you have any ideas?




reply via email to

[Prev in Thread] Current Thread [Next in Thread]