Re: [Qemu-ppc] Booting AIX on qemu-system-ppc, kernel not started successfully

[Liang Guo]

On Fri, Feb 24, 2012 at 2:00 AM, Alexander Graf <address@hidden> wrote:
> Ugh. Now you did exactly what you shouldn't do. You posted a >300kb file on
> a mailing list :(. That's why I pointed you to pastebin earlier.... Please
> don't post such a large attachment to mailing lists.
Sorry,  I will not send large attached to maillist, thanks for you mention.

>
> With the following patch to current upstream SLOF (on github) you can check
> for missing device tree entries:
>
> diff --git a/slof/fs/client.fs b/slof/fs/client.fs
> index 7ffd506..610a4c1 100644
> --- a/slof/fs/client.fs
> +++ b/slof/fs/client.fs
> @@ -13,7 +13,7 @@
>
>  \ Client interface.
>
> -0 VALUE debug-client-interface?
> +1 VALUE debug-client-interface?
>
>  \ First, the machinery.
>
> @@ -125,7 +125,11 @@ ALSO client-voc DEFINITIONS
>  ;
>
>  : getprop ( phandle zstr buf len -- len' )
> ->r>r zcount rot get-property
> +>r>r zcount
> +   debug-client-interface? IF
> +      ." ci: getprop " 2dup type cr
> +   THEN
> +  rot get-property
>   0= IF r>  swap dup r>  min swap>r move r>
>   ELSE r>  r>  2drop -1 THEN ;
>
>
>
> It's not complete though, Thomas has a more complete version in his queue.
>
> With this, we were able to identify a few shortcomings in the QEMU code,
> most notably:
>
> diff --git a/hw/spapr.c b/hw/spapr.c
> index dffb6a2..8b49576 100644
> --- a/hw/spapr.c
> +++ b/hw/spapr.c
> @@ -315,9 +315,13 @@ static void *spapr_create_fdt_skel(const char
> *cpu_model,
>         _FDT((fdt_property_string(fdt, "device_type", "cpu")));
>
>         _FDT((fdt_property_cell(fdt, "cpu-version", env->spr[SPR_PVR])));
> -        _FDT((fdt_property_cell(fdt, "dcache-block-size",
> +        _FDT((fdt_property_cell(fdt, "d-cache-block-size",
>                                 env->dcache_line_size)));
> -        _FDT((fdt_property_cell(fdt, "icache-block-size",
> +        _FDT((fdt_property_cell(fdt, "d-cache-size",
> +                                env->dcache_line_size)));
> +        _FDT((fdt_property_cell(fdt, "i-cache-block-size",
> +                                env->icache_line_size)));
> +        _FDT((fdt_property_cell(fdt, "i-cache-size",
>                                 env->icache_line_size)));
>         _FDT((fdt_property_cell(fdt, "timebase-frequency", tbfreq)));
>         _FDT((fdt_property_cell(fdt, "clock-frequency", cpufreq)));
> diff --git a/hw/spapr_rtas.c b/hw/spapr_rtas.c
> index c0723b3..c02962b 100644
> --- a/hw/spapr_rtas.c
> +++ b/hw/spapr_rtas.c
> @@ -187,6 +187,14 @@ static void rtas_start_cpu(sPAPREnvironment *spapr,
>     rtas_st(rets, 0, -3);
>  }
>
> +static void rtas_freeze_time_base(sPAPREnvironment *spapr,
> +                                  uint32_t token, uint32_t nargs,
> +                                  target_ulong args,
> +                                  uint32_t nret, target_ulong rets)
> +{
> +    rtas_st(rets, 0, 0);
> +}
> +
>  static struct rtas_call {
>     const char *name;
>     spapr_rtas_fn fn;
> @@ -297,6 +305,7 @@ static void core_rtas_register_types(void)
>     spapr_rtas_register("query-cpu-stopped-state",
>                         rtas_query_cpu_stopped_state);
>     spapr_rtas_register("start-cpu", rtas_start_cpu);
> +    spapr_rtas_register("freeze-time-base", rtas_freeze_time_base);
>  }
>
>  type_init(core_rtas_register_types)
>
>
> However, AIX still doesn't boot. It does however get past the point where
> you saw it failing, looping at address 00000000003b32b0 for me now. I'm out
> of time to look at this though, so good luck with it!
>
With the patch applied, different aix version shows different behavor.

For aix 5.3,  qemu through an invalid/unsupported opcode:

IN:
0x00000000000d668c:  sthx    r0,r9,r4
0x00000000000d6690:  lwz     r3,96(r5)
0x00000000000d6694:  andis.  r3,r3,32768
0x00000000000d6698:  beq-    0xd66b4

IN:
0x00000000000d6658:  ldu     r1,0(r1)

invalid/unsupported opcode: 00 - 00 - 00 (00000001) 0000000000000700 0
IN:
0x0000000000000700:  .long 0x1

For aix 6.1 and aix 7.1 qemu throws "trying to write/read invalid spr"

IN:
0x000000000041d800:  li      r0,0
0x000000000041d804:  ld      r4,18152(r2)
0x000000000041d808:  ori     r5,r0,32768
0x000000000041d80c:  lwz     r0,4(r4)
0x000000000041d810:  cmpw    r0,r5
0x000000000041d814:  bnelr

Trying to write invalid spr 157 09d at 000000000041d81c
IN:
0x000000000041d818:  mtlctrl2 r3

IN:
0x0000000000000700:  mtsprg  2,r15
0x0000000000000704:  mfsprg  r15,0
0x0000000000000708:  std     r0,1184(r15)
0x000000000000070c:  b       0x718

IN:
0x0000000000000718:  ba      0x968228

IN:
0x0000000000968228:  mflr    r0
0x000000000096822c:  bl      0x6278

IN:
0x0000000000006278:  ba      0x5a7294

IN:
0x00000000005a7294:  std     r1,1192(r15)
0x00000000005a7298:  std     r2,1200(r15)
0x00000000005a729c:  mfcr    r1
0x00000000005a72a0:  stw     r1,1236(r15)
0x00000000005a72a4:  mfsrr0  r1
0x00000000005a72a8:  mfsrr1  r2
0x00000000005a72ac:  std     r1,1216(r15)
0x00000000005a72b0:  std     r2,1224(r15)
0x00000000005a72b4:  mfsprg  r1,2
0x00000000005a72b8:  std     r1,1208(r15)
0x00000000005a72bc:  lbz     r1,1232(r15)
0x00000000005a72c0:  addi    r1,r1,1
0x00000000005a72c4:  stb     r1,1232(r15)
0x00000000005a72c8:  ld      r1,1248(r15)
0x00000000005a72cc:  std     r3,24(r1)
0x00000000005a72d0:  std     r4,32(r1)
0x00000000005a72d4:  addi    r3,r1,6128
0x00000000005a72d8:  li      r4,0
0x00000000005a72dc:  std     r4,216(r3)
0x00000000005a72e0:  std     r5,40(r1)
0x00000000005a72e4:  std     r6,48(r1)
0x00000000005a72e8:  std     r7,56(r1)
0x00000000005a72ec:  std     r8,64(r1)
0x00000000005a72f0:  std     r9,72(r1)
0x00000000005a72f4:  std     r10,80(r1)
0x00000000005a72f8:  std     r11,88(r1)
0x00000000005a72fc:  std     r12,96(r1)
0x00000000005a7300:  std     r13,104(r1)
0x00000000005a7304:  ld      r13,280(r15)
0x00000000005a7308:  std     r14,112(r1)
0x00000000005a730c:  std     r16,128(r1)
0x00000000005a7310:  std     r17,136(r1)
0x00000000005a7314:  std     r18,144(r1)
0x00000000005a7318:  std     r19,152(r1)
0x00000000005a731c:  std     r20,160(r1)
0x00000000005a7320:  std     r21,168(r1)
0x00000000005a7324:  std     r22,176(r1)
0x00000000005a7328:  std     r23,184(r1)
0x00000000005a732c:  std     r24,192(r1)
0x00000000005a7330:  std     r25,200(r1)
0x00000000005a7334:  std     r26,208(r1)
0x00000000005a7338:  std     r27,216(r1)
0x00000000005a733c:  std     r28,224(r1)
0x00000000005a7340:  std     r29,232(r1)
0x00000000005a7344:  std     r30,240(r1)
0x00000000005a7348:  std     r31,248(r1)
0x00000000005a734c:  ld      r16,1184(r15)
0x00000000005a7350:  ld      r17,1192(r15)
0x00000000005a7354:  ld      r18,1200(r15)
0x00000000005a7358:  ld      r19,1208(r15)
0x00000000005a735c:  std     r16,0(r1)
0x00000000005a7360:  std     r17,8(r1)
0x00000000005a7364:  std     r18,16(r1)
0x00000000005a7368:  std     r19,120(r1)
0x00000000005a736c:  lhz     r16,234(r15)
0x00000000005a7370:  addi    r17,r1,720
0x00000000005a7374:  rldicr  r16,r16,4,59
0x00000000005a7378:  add     r17,r17,r16
0x00000000005a737c:  rldicl  r16,r16,60,4
0x00000000005a7380:  addi    r17,r17,16
0x00000000005a7384:  slbmfev r19,r16
0x00000000005a7388:  slbmfee r18,r16
0x00000000005a738c:  stdu    r19,-8(r17)
0x00000000005a7390:  stdu    r18,-8(r17)
0x00000000005a7394:  addi    r16,r16,-1
0x00000000005a7398:  cmpwi   r16,0
0x00000000005a739c:  bge+    0x5a7384

Trying to read invalid spr 29 01d at 00000000005a73b8
IN:
0x00000000005a73a0:  mfctr   r27
0x00000000005a73a4:  mfxer   r28
0x00000000005a73a8:  std     r0,664(r1)
0x00000000005a73ac:  std     r27,672(r1)
0x00000000005a73b0:  stw     r28,708(r1)
0x00000000005a73b4:  mfspr   r27,29

Thanks and Regards,
-- 
Liang Guo
http://bluestone.cublog.cn