Tried to boot QEMU Niagara machine with the firmware from the
OpenSPARC T1 emulator ( )
, and it dies very early.
The reason: in translate.c

#define hypervisor(dc) (dc->mem_idx == MMU_HYPV_IDX)
#define supervisor(dc) (dc->mem_idx >= MMU_KERNEL_IDX)

and the dc->mem_idx is initialized like this:

    if (env1->tl > 0) {
        return MMU_NUCLEUS_IDX;
    } else if (cpu_hypervisor_mode(env1)) {
        return MMU_HYPV_IDX;
    } else if (cpu_supervisor_mode(env1)) {
        return MMU_KERNEL_IDX;
    } else {
        return MMU_USER_IDX;

Which seems to be conceptually incorrect. After reset tl == MAXTL, but
still super- and hyper-visor bits are set, so both supervisor(dc) and
hypervisor(dc) must return 1 which is impossible in the current

What would be the proper way to fix it? Make mem_idx bitmap, add two
more variables to DisasContext, or ...?

Some other findings/questions:

    /* Sun4v generic Niagara machine */
        .default_cpu_model = "Sun UltraSparc T1",
        .console_serial_base = 0xfff0c2c000ULL,

Where is this address coming from? The OpenSPARC Niagara machine has a
"dumb serial" at 0x1f10000000ULL.

And the biggest issue: UA2005 (as well as UA2007) describe a totally
different format for a MMU TTE entry than the one sun4u CPU are using.
I think the best way to handle it would be splitting off Niagara
machine, and #defining MMU bits differently for sun4u and sun4v

Do we the cases in qemu where more than two (qemu-system-xxx and
qemu-system-xxx64) binaries are produced?
Would the name qemu-system-sun4v fit the naming convention?


Artyom Tarasenko

solaris/sparc under qemu blog:

Reply via email to