Re: Emulating Solaris 10 on SPARC64 sun4u

[John Snow]

On 2/10/20 10:38 AM, BALATON Zoltan wrote:
> On Sat, 8 Feb 2020, BALATON Zoltan wrote:
>> Not sure if my problem I see on other machine emulation I'm working on
>> is related at all but there's a possibility it might be. I got this
>> with different arch (ppc but could also reproduce something similar
>> with mips) and ide controller emulation (via-ide) but the PCI bmdma
>> code is shared by CMD646, via-ide and sii3112 and also the ide-cdrom
>> emulation is the same so if there's a bug in these that could cause
>> similar problems for different components. Or it could be that we get
>> similar symptoms due to different reasons in which case sorry for the
>> distracion but maybe we can learn from the experience of each other
>> even in that case.
>>
>> What I get is tracked here:
>>
>> https://osdn.net/projects/qmiga/ticket/38949
>>
>> (background on emulated machine:
>> https://osdn.net/projects/qmiga/wiki/SubprojectPegasos2 )
>>
>> Originally I had both Linux and MorphOS fail after enabling BMDMA
>> before I had interrupt controller emulation (so that means it could be
>> a problem with that in your case as well so something to check). Now
>> that I've implemented interrupts Linux boots with DMA from CDROM but
>> MorphOS is still not happy.
> 
> I could now also reproduce the same with AmigaOS4 on pegasos2 where I
> got same missing interrupt problem:
> 
> ---> Port 1
> IOBase 00001010, AltBase 0000101E
> bmcr_base 00001028
> MMIOBase 00000000
> Config not forced, scanning ...
> 1 device(s) on port
>  0 Master : 'ATAPI'

"unit 2", I assume

>  1 Slave  : 'unknown type'

"unit 3", I assume

> Starting 'peg2ide.device - chip 0 port 1' task
> bmdma_addr_write data: 0x0000000002290000
> Trying to configure unit 2
> 
> Hangs here waiting for interrupt which does not seem to arrive, then:
> 
> [peg2ide/irq_wait] timed out
> [peg2ide/exec_pio_data_in_cmd] <- here
> [peg2ide/ata_read_drive_properties] unit 2 returned error 255, failbits
> 00000000h, timeout 0
> Trying to configure unit 3
> [peg2ide/ata_read_drive_properties] After-reset signature invalid for
> unit 3
> 
> So there's definitely a problem with interrupts but not sure where. Also
> don't know why it detects an unknown slave device which then it decides
> is invalid. Maybe this is normal on an IDE bus with only one device or
> is it a problem in emulation?
> 

I don't actually know myself. We *do* always have two IDEState objects
per port, but maybe we're letting some unknown state sneak through --
filling in a register improperly, perhaps?

It's probably not ide_ioport_read -- but I see complaints about the
reset signature too, so maybe we've gotten that wrong.

You can look at ide_set_signature to see how we set the drive
signatures; called from ide_reset (and many other places too)

I think ide_init_drive is only meant to be called on devices that
actually exist and are plugged in. It initializes drive_kind to one of
IDE_HD, IDE_CD, or IDE_CFATA -- empty or missing isn't an option here.

(Hm, this means it defaults to IDE_HD actually.)

The tricky thing is that IDEState belongs to the parent bus -- not the
drive object itself -- and the bus always has two slots.

We select between the two by setting bus->unit; and we don't appear to
do any kind of actual guarding that the drive actually exists.

(I suppose guests are free to issue commands to non-existant drives if
they want to, but they're not going to be able to perform work.)

...but ide_reset_bus calls ide_reset on both slots regardless of the
presence of a device or not.

(This is probably just a side effect of the interrupt getting lost and
having the guest try to reset the controller, then noticing weird state
after the reset.)

It sounds like the real problem is either in the bmdma controller (or
its unique interaction with hw/ide/core.c -- which is possible) or in
the interrupt routing somewhere else.

If you have any IDE traces from a hang, feel free to throw them up on a
pastebin for me to take a peek at; it might help for me to see the exact
sequence that causes a hang in QEMU's IDE terms to see if I can't
"reverse engineer" what the guest is hoping to have happen. Maybe I can
trace this to a bad register value.

(Hm, it's failing on pio_in? It's using PIO on an IDE drive with a DMA
controller? Is it failing to enable DMA and then failing to use PIO as a
backup too? Maybe there are two bugs.)

--js

> To locate the problem further I've then tried the same with ide-cd
> connected to the sii3112 SATA emulation that also shares the same IDE
> BMDMA code with CMD646 and via-ide but as a PCI card the interrupt
> routing is different. So if I don't get the problem with it then that
> can prove common code is correct. If I get the problem it may come from
> common code or be another interrupt routing problem.
> 
> I did not have PCI interrupts correctly implemented in pegasos2 yet so I
> had to fix that first but I'm not sure it's correct yet. I got similar
> results but the interrupt seems to fire in this case but does not get to
> the CPU as it does not seem to be enabled:
> 
> sii3112ide.device 53.3 (05.02.2009)
> Found chip #0
> ---> Port 0
> IOBase 00001030, AltBase 0000103A
> bmcr_base 00001090
> MMIOBase 81004000
> Config not forced, scanning ...
> sii3112_write bmdma: write (size 1) 0x8a : 0x02
> sii3112_write bmdma: write (size 1) 0x86 : 0x00
> sii3112_write bmdma: write (size 1) 0x82 : 0x55
> sii3112_write bmdma: write (size 1) 0x83 : 0xaa
> sii3112_write bmdma: write (size 1) 0x82 : 0xaa
> sii3112_write bmdma: write (size 1) 0x83 : 0x55
> sii3112_write bmdma: write (size 1) 0x82 : 0x55
> sii3112_write bmdma: write (size 1) 0x83 : 0xaa
> sii3112_read bmdma: read (size 1) 0x82 : 0x55
> sii3112_read bmdma: read (size 1) 0x83 : 0xaa
> sii3112_write bmdma: write (size 1) 0x86 : 0x00
> sii3112_write bmdma: write (size 1) 0x8a : 0x06
> sii3112_write bmdma: write (size 1) 0x8a : 0x02
> sii3112_set_irq channel 0 level 0
> sii3112_read bmdma: read (size 1) 0x87 : 0x00
> sii3112_write bmdma: write (size 1) 0x86 : 0x00
> sii3112_write bmdma: write (size 1) 0x86 : 0x00
> sii3112_write bmdma: write (size 1) 0x86 : 0x00
> sii3112_read bmdma: read (size 1) 0x82 : 0x01
> sii3112_read bmdma: read (size 1) 0x83 : 0x01
> sii3112_read bmdma: read (size 1) 0x84 : 0x14
> sii3112_read bmdma: read (size 1) 0x85 : 0xeb
> sii3112_set_irq channel 0 level 0
> sii3112_read bmdma: read (size 1) 0x87 : 0x00
> sii3112_write bmdma: write (size 1) 0x86 : 0x00
> 1 device(s) on port
>  0 Master : 'ATAPI'
> Starting 'sii3112ide.device - chip 0 port 0' task
> sii3112_write bmdma: write (size 4) 0x4 : 0x22c0000
> bmdma_addr_write data: 0x00000000022c0000
> Installing handler for irq 25
> mv64361_gpp_irq(0x5654b950c1a0, 31, 1) levels=80000000 mask=80000000
> mv64361_update_irq(0x5654b950c1a0, 59, 1)
> mv64361_gpp_irq(0x5654b950c1a0, 31, 0) levels=0
> mv64361_update_irq(0x5654b950c1a0, 59, 0)
> Unassigned mem read 00000000810040a1
> Trying to configure unit 0
> sii3112_write bmdma: write (size 1) 0x86 : 0x00
> sii3112_set_irq channel 0 level 0
> sii3112_read bmdma: read (size 1) 0x87 : 0x00
> sii3112_write bmdma: write (size 1) 0x8a : 0x00
> sii3112_write bmdma: write (size 1) 0x81 : 0x00
> sii3112_write bmdma: write (size 1) 0x82 : 0x00
> sii3112_write bmdma: write (size 1) 0x83 : 0x00
> sii3112_write bmdma: write (size 1) 0x84 : 0x00
> sii3112_write bmdma: write (size 1) 0x85 : 0x00
> sii3112_write bmdma: write (size 1) 0x86 : 0x40
> sii3112_write bmdma: write (size 1) 0x87 : 0xa1
> sii3112_set_irq channel 0 level 1
> mv64361_pcihost_set_irq(0x5654b950ce00, 1, 1)
> mv64361_gpp_irq(0x5654b950c1a0, 13, 1) levels=2000 mask=80000000
> 
> [sii3112ide/irq_wait] timed out
> [sii3112ide/exec_pio_data_in_cmd] <- here
> sii3112_set_irq channel 0 level 0
> mv64361_pcihost_set_irq(0x5654b950ce00, 1, 0)
> mv64361_gpp_irq(0x5654b950c1a0, 13, 0) levels=0
> mv64361_update_irq(0x5654b950c1a0, 57, 0)
> sii3112_read bmdma: read (size 1) 0x87 : 0x58
> [sii3112ide/ata_read_drive_properties] unit 0 returned error 255,
> failbits 00000000h, timeout 0
> 
> So here I see there's an interrupt raised by the card which does also
> get to the mv64361 system controller that's also the interrupt
> controller on pegasos2 but CPU IRQ is not raised because the
> corresponding mask bit is not set for some reason.
> 
> This suggests the common IDE bmdma and ide-cd code is likely OK and
> problem is somewhere in irq routing. What's relevant for this thread and
> sparc64 is that then you should also check interrupt controller and
> routing if an interrupt raised by the IDE controller could get to the
> CPU in your case as that could be where the problem is and maybe not in
> common code as I've suspected before.
> 
> For my case I'm not sure. On pegasos2 irqs come in via the mv64361 gpio
> ports, the irq pin of the VIA south bridge (containing via-ide and the
> 16 isa interrupts) is connected to gpp_irq 31 while the PCI INTA-D lines
> are connected to gpp_irq 12-15. These are mapped to interrupt cause bits
> 56-59 so that gpp0-7 gets 56, gpp8-15 57, gpp16-23 58 and gpp 24-31 gets
> 59. Thus the IRQ numbers seem correct in the above but the expected
> interrupt on 59 is only raised when the sii3112 driver is insalling its
> interrupt handler (not sure why does it call that irq 25?). This should
> have been raised when talking to device on via-ide much earlier. Then
> when talking to device on sii3112 the interrupt arrives from PCI on the
> expected 57 but CPU IRQ is not raised because it is masked, only gpp 31
> is enabled. This supposedly works on real hardware but don't get why it
> doesn't on my emulation. It's probably a bug in the IRQ controller
> emulation then and topic for another thread and other platforms that
> similar error happens may also have bugs in their IRQ routing.
>