[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] MIPS emulation
From: |
Thiemo Seufer |
Subject: |
Re: [Qemu-devel] MIPS emulation |
Date: |
Sun, 6 Jul 2008 05:52:13 +0100 |
User-agent: |
Mutt/1.5.18 (2008-05-17) |
Luke -Jr wrote:
> I've attached a log of my qemu session... it gives the same results I
> expected
> from manual disassembly. Does anyone have any clues as to why this works on
> real hardware?
[snip]
> cpu_mips_handle_mmu_fault pc bfc008d8 ad 9fc00398 rw 0 mmu_idx 0 smmu 1
> cpu_mips_handle_mmu_fault address=9fc00398 ret 0 physical 1fc00398 prot 3
> cpu_mips_handle_mmu_fault pc bfc008d8 ad bfc00064 rw 0 mmu_idx 0 smmu 1
> cpu_mips_handle_mmu_fault address=bfc00064 ret 0 physical 1fc00064 prot 3
> ------------------------------------------------
> pc=0xbfc0096c HI=0x08428ec4 LO=0x08428ed4 ds 0090 bfc0096c 0
> GPR00: r0 00000000 at 00000000 v0 00000000 v1 00000000
> GPR04: a0 00003351 a1 fffe0000 a2 80a0f0ff a3 00000000
> GPR08: t0 9fc00398 t1 bfc0096c t2 00000000 t3 00000000
> GPR12: t4 00000000 t5 00000000 t6 00000000 t7 00000000
> GPR16: s0 bfc0043c s1 00000000 s2 00000000 s3 00000000
> GPR20: s4 00000000 s5 00000000 s6 00000000 s7 00000000
> GPR24: t8 00000000 t9 a0000000 k0 bfc00050 k1 bfc00020
> GPR28: gp 00000000 sp 00000000 s8 00000000 ra bfc008fc
> CP0 Status 0x00400000 Cause 0x00000400 EPC 0x00000000
> Config0 0x80008482 Config1 0x9e190c8b LLAddr 0x00000000
> IN:
> 0xbfc0096c: lhu t0,0(a1)
> 0xbfc00970: bne t0,a0,0xbfc009c4
> 0xbfc00974: nop
>
> ---------------- 2 00000090
> cpu_mips_handle_mmu_fault pc bfc0096c ad fffe0000 rw 0 mmu_idx 0 smmu 1
> cpu_mips_handle_mmu_fault address=fffe0000 ret -2 physical b7ceca12 prot
> 138223624
> search pc 1
Apparently it wants to read from 0xfffe0000, which is IIRC the EJTAG
address space. EJTAG debugging isn't implemented in Qemu. The address
space is reserved, therefore...
> ------------------------------------------------
> pc=0xbfc0096c HI=0x08428ec4 LO=0x08428ed4 ds 0090 bfc0096c 0
> GPR00: r0 00000000 at 00000000 v0 00000000 v1 00000000
> GPR04: a0 00003351 a1 fffe0000 a2 80a0f0ff a3 00000000
> GPR08: t0 9fc00398 t1 bfc0096c t2 00000000 t3 00000000
> GPR12: t4 00000000 t5 00000000 t6 00000000 t7 00000000
> GPR16: s0 bfc0043c s1 00000000 s2 00000000 s3 00000000
> GPR20: s4 00000000 s5 00000000 s6 00000000 s7 00000000
> GPR24: t8 00000000 t9 a0000000 k0 bfc00050 k1 bfc00020
> GPR28: gp 00000000 sp 00000000 s8 00000000 ra bfc008fc
> CP0 Status 0x00400000 Cause 0x00000400 EPC 0x00000000
> Config0 0x80008482 Config1 0x9e190c8b LLAddr 0x00000000
> IN:
> 0xbfc0096c: lhu t0,0(a1)
> 0xbfc00970: bne t0,a0,0xbfc009c4
> 0xbfc00974: nop
>
> ---------------- 2 00000090
> do_raise_exception_err: 26 1
> do_interrupt enter: PC bfc0096c EPC 00000000 TLB load exception
... a TLB exception occurs ...
> do_interrupt: PC bfc00200 EPC bfc0096c cause 2
> S 00400002 C 00000408 A fffe0000 D 00000000
> ------------------------------------------------
> pc=0xbfc00200 HI=0x08428ec4 LO=0x08428ed4 ds 0098 bfc0096c 0
> GPR00: r0 00000000 at 00000000 v0 00000000 v1 00000000
> GPR04: a0 00003351 a1 fffe0000 a2 80a0f0ff a3 00000000
> GPR08: t0 9fc00398 t1 bfc0096c t2 00000000 t3 00000000
> GPR12: t4 00000000 t5 00000000 t6 00000000 t7 00000000
> GPR16: s0 bfc0043c s1 00000000 s2 00000000 s3 00000000
> GPR20: s4 00000000 s5 00000000 s6 00000000 s7 00000000
> GPR24: t8 00000000 t9 a0000000 k0 bfc00050 k1 bfc00020
> GPR28: gp 00000000 sp 00000000 s8 00000000 ra bfc008fc
> CP0 Status 0x00400002 Cause 0x00000408 EPC 0xbfc0096c
> Config0 0x80008482 Config1 0x9e190c8b LLAddr 0x00000000
> IN:
> 0xbfc00200: lwu zero,984(s8)
> 0xbfc00204: 0x1ab3f00
> 0xbfc00208: lwu zero,2412(s8)
> 0xbfc0020c: lwu zero,2512(s8)
> 0xbfc00210: lwu zero,2684(s8)
> 0xbfc00214: alni.ob $f23,$f6,$f1,1
> 0xbfc00218: lwu zero,3404(s8)
> 0xbfc0021c: lwu zero,3008(s8)
> 0xbfc00220: lwu zero,3120(s8)
> 0xbfc00224: lwu zero,4124(s8)
> 0xbfc00228: nop
> 0xbfc0022c: ll zero,0(zero)
> 0xbfc00230: nop
> 0xbfc00234: j 0xb8180004
> 0xbfc00238: lwu zero,3496(s8)
>
> ---------------- 2 00000098
> do_raise_exception_err: 20 0
> do_interrupt enter: PC bfc00200 EPC bfc0096c reserved instruction exception
... which finally kills it because the firmware doesn't handle TLB
exceptions that early in the boot process (when the BEV bit is still set).
Thiemo
- Re: [Qemu-devel] MIPS emulation, Luke -Jr, 2008/07/03
- Re: [Qemu-devel] MIPS emulation, Thiemo Seufer, 2008/07/03
- Re: [Qemu-devel] MIPS emulation, Luke -Jr, 2008/07/03
- Re: [Qemu-devel] MIPS emulation, Luke -Jr, 2008/07/05
- Re: [Qemu-devel] MIPS emulation,
Thiemo Seufer <=
- Re: [Qemu-devel] MIPS emulation, Luke -Jr, 2008/07/06
- Re: [Qemu-devel] MIPS emulation, Luke -Jr, 2008/07/06
- Re: [Qemu-devel] MIPS emulation, Luke -Jr, 2008/07/07
- [Qemu-devel] mapping devices to 0xfffe0000+, Luke -Jr, 2008/07/08