[Qemu-devel] [PATCH] target-i386: Fix regression with maxsd SSE2 instruction
The maxsd instruction needs to take into account the sign of the numbers 64 bit numbers. This is a regression that was introduced in 347ac8e356 (target-i386: switch to softfloat). The case that fails is: maxsd %xmm1,%xmm0 When xmm1 = 24 and xmm0 = -100 This was found running the glib2 binding tests where it prints the message: /binding/transform: GLib-GObject-WARNING **: value 24.00 of type `gdouble' is invalid or out of range for property `value' of type `gdouble' aborting... Using a signed comparison fixes the problem. Signed-off-by: Jason Wessel jason.wes...@windriver.com --- target-i386/ops_sse.h |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/target-i386/ops_sse.h b/target-i386/ops_sse.h index aa41d25..bcc0ed9 100644 --- a/target-i386/ops_sse.h +++ b/target-i386/ops_sse.h @@ -584,8 +584,8 @@ void helper_ ## name ## sd (Reg *d, Reg *s)\ #define FPU_SUB(size, a, b) float ## size ## _sub(a, b, env-sse_status) #define FPU_MUL(size, a, b) float ## size ## _mul(a, b, env-sse_status) #define FPU_DIV(size, a, b) float ## size ## _div(a, b, env-sse_status) -#define FPU_MIN(size, a, b) (a) (b) ? (a) : (b) -#define FPU_MAX(size, a, b) (a) (b) ? (a) : (b) +#define FPU_MIN(size, a, b) (int ## size ## _t)(a) (int ## size ## _t)(b) ? (a) : (b) +#define FPU_MAX(size, a, b) (int ## size ## _t)(a) (int ## size ## _t)(b) ? (a) : (b) #define FPU_SQRT(size, a, b) float ## size ## _sqrt(b, env-sse_status) SSE_HELPER_S(add, FPU_ADD) -- 1.7.1
Re: [Qemu-devel] [PATCH] target-i386: Fix regression with maxsd SSE2 instruction
On 11/08/2011 07:48 AM, Laurent Desnogues wrote:
On Tue, Nov 8, 2011 at 2:00 PM, Jason Wessel jason.wes...@windriver.com
wrote:
The maxsd instruction needs to take into account the sign of the
numbers 64 bit numbers. This is a regression that was introduced in
347ac8e356 (target-i386: switch to softfloat).
The case that fails is:
maxsd %xmm1,%xmm0
When xmm1 = 24 and xmm0 = -100
This was found running the glib2 binding tests where it prints the message:
/binding/transform:
GLib-GObject-WARNING **: value 24.00 of type `gdouble' is invalid or
out of range for property `value' of type `gdouble'
aborting...
Using a signed comparison fixes the problem.
Signed-off-by: Jason Wessel jason.wes...@windriver.com
---
target-i386/ops_sse.h |4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/target-i386/ops_sse.h b/target-i386/ops_sse.h
index aa41d25..bcc0ed9 100644
--- a/target-i386/ops_sse.h
+++ b/target-i386/ops_sse.h
@@ -584,8 +584,8 @@ void helper_ ## name ## sd (Reg *d, Reg *s)\
#define FPU_SUB(size, a, b) float ## size ## _sub(a, b, env-sse_status)
#define FPU_MUL(size, a, b) float ## size ## _mul(a, b, env-sse_status)
#define FPU_DIV(size, a, b) float ## size ## _div(a, b, env-sse_status)
-#define FPU_MIN(size, a, b) (a) (b) ? (a) : (b)
-#define FPU_MAX(size, a, b) (a) (b) ? (a) : (b)
Isn't maxsd a floating-point instruction? If so, shouldn't
FPU_{MIN,MAX} use softfloat operations?
You are correct.
It should be:
+#define FPU_MIN(size, a, b) float ## size ## _lt(a, b, env-sse_status) ? (a)
: (b)
+#define FPU_MAX(size, a, b) float ## size ## _lt(b, a, env-sse_status) ? (a)
: (b)
Jason.
Laurent
+#define FPU_MIN(size, a, b) (int ## size ## _t)(a) (int ## size ## _t)(b)
? (a) : (b)
+#define FPU_MAX(size, a, b) (int ## size ## _t)(a) (int ## size ## _t)(b)
? (a) : (b)
#define FPU_SQRT(size, a, b) float ## size ## _sqrt(b, env-sse_status)
SSE_HELPER_S(add, FPU_ADD)
--
1.7.1
[Qemu-devel] [PATCH] target-i386: Fix regression with maxsd SSE2 instruction v2
The maxsd instruction needs to take into account the sign of the numbers 64 bit numbers. This is a regression that was introduced in 347ac8e356 (target-i386: switch to softfloat). The case that fails is: maxsd %xmm1,%xmm0 When xmm1 = 24 and xmm0 = -100 This was found running the glib2 binding tests where it prints the message: /binding/transform: GLib-GObject-WARNING **: value 24.00 of type `gdouble' is invalid or out of range for property `value' of type `gdouble' aborting... Using a signed comparison fixes the problem. Signed-off-by: Jason Wessel jason.wes...@windriver.com --- target-i386/ops_sse.h |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/target-i386/ops_sse.h b/target-i386/ops_sse.h index aa41d25..58f7bf5 100644 --- a/target-i386/ops_sse.h +++ b/target-i386/ops_sse.h @@ -584,8 +584,8 @@ void helper_ ## name ## sd (Reg *d, Reg *s)\ #define FPU_SUB(size, a, b) float ## size ## _sub(a, b, env-sse_status) #define FPU_MUL(size, a, b) float ## size ## _mul(a, b, env-sse_status) #define FPU_DIV(size, a, b) float ## size ## _div(a, b, env-sse_status) -#define FPU_MIN(size, a, b) (a) (b) ? (a) : (b) -#define FPU_MAX(size, a, b) (a) (b) ? (a) : (b) +#define FPU_MIN(size, a, b) float ## size ## _lt(a, b, env-sse_status) ? (a) : (b) +#define FPU_MAX(size, a, b) float ## size ## _lt(b, a, env-sse_status) ? (a) : (b) #define FPU_SQRT(size, a, b) float ## size ## _sqrt(b, env-sse_status) SSE_HELPER_S(add, FPU_ADD) -- 1.7.1
Re: [Qemu-devel] [PATCH] target-i386: Fix regression with maxsd SSE2 instruction
On 11/08/2011 08:40 AM, Peter Maydell wrote: On 8 November 2011 14:22, Jason Wessel jason.wes...@windriver.com wrote: +#define FPU_MIN(size, a, b) float ## size ## _lt(a, b, env-sse_status) ? (a) : (b) +#define FPU_MAX(size, a, b) float ## size ## _lt(b, a, env-sse_status) ? (a) : (b) This will give the wrong answers for special cases involving +0, -0 and NaNs. Check the intel architecture manual which says how these should work. (You can't use float*_min() and float*_max() either, as those have sane semantics and you need to implement the Intel ones here.) Anyone out there know how to fix this the right way? I do not have a point of reference as to how to properly implement this, I just stumbled on the fact it was completely broken since the switch from hardfloat to softfloat between qemu 0.14 and 0.15. It certainly appears there is more to this problem than meets the eye. :-) Jason.
Re: [Qemu-devel] [PATCH 0/3] PPC: E500: Support SPE guest
On 08/22/2011 11:55 PM, Alexander Graf wrote: When I bumped into Jason on Linuxcon, we tried out to run the e500 target on his Windriver build that used SPE and immediately ran into emulation issues. Fortunately there weren't too many, so here are the patches to get a guest using SPE instructions working just fine. The patch set looks good to me. I tried it out this morning. I have a patch that implements enough of the the dbcr0, dbsr, and msr DE bit in order to single step, but I am seeing random fatal mmu faults. Before we go down the route of implementing more pieces, I am interested to know if you see the same behavior, or if you had any ideas around how to further debug it. Using just your patch series + the QEMU HEAD + the SPE enabled rootfs + qemu NFS mounting the rootfs, here is the litmus test to see if you experience the fatal mmu faults to user space. ulimit -c unlimited while [ 1 ] ; do echo 3 /proc/sys/vm/drop_caches (echo quit ; sleep 2) | gdb /bin/ls || break done I find that this runs between 1-15 times and crashes with a core file. Looking at the core file it is usually in a malloc or free operation in the user space, and always in the page fault handler in the kernel. This really amounts to running a medium sized app through the startup, which does a whole bunch of malloc and free because it maps in the elf debug info for /bin/ls , and gdb is not really getting used for anything to ptrace. Jason.
Re: [Qemu-devel] VxWorks kernel for qemu emulating PowerPC?
On 06/07/2010 04:03 AM, hadi motamedi wrote: Dear All Can you please let me know if the qemu emulating PowerPC (I mean qemu-system-ppc.exe) can accept VxWork kernet for boot up? Thank you As is, the QEMU PowerPC platform will definitely not boot a VxWorks image. It is possible to boot a VxWorks image using the x86 system emulation. You would have to create a floppy image and pass that in for your vx-boot loader. Unless you are also putting your kernel image on the floppy, you would need to invoke qemu to use an intel e100 nic and make sure the VxWorks BSP is configured properly. Jason.
[Qemu-devel] [PATCH 0/1] possible fix for hw breakpoint crash on x86 32bit host
The aim of this patch is to either fix the problem or at least describe the circumstances around the crash using a 32 bit x86 linux host with a 32 bit linux guest making use of hw breakpoints. I had also seen the same problem reported here: https://bugs.launchpad.net/qemu/+bug/501177 running qemu in gdb with a linux kernel as the guest kgdbts:RUN hw breakpoint test [New Thread 0xb7f1d700 (LWP 31553)] Program received signal SIGSEGV, Segmentation fault. raise_interrupt (intno=1, is_int=0, error_code=0, next_eip_addend=0) at /ord-lpggp11/jwessel/git/qemu/target-i386/op_helper.c:1335 1335env-exception_index = intno; (gdb) info address env Symbol env is a variable in register ebp. (gdb) bt #0 raise_interrupt (intno=1, is_int=0, error_code=0, next_eip_addend=0) at /ord-lpggp11/jwessel/git/qemu/target-i386/op_helper.c:1335 #1 0x081380b7 in raise_exception (exception_index=1) at /ord-lpggp11/jwessel/git/qemu/target-i386/op_helper.c:1351 #2 0x0814db6e in breakpoint_handler (env=0x9ed8b50) at /ord-lpggp11/jwessel/git/qemu/target-i386/helper.c:1551 #3 0x080e1643 in cpu_x86_exec (env1=0x9ed8b50) at /ord-lpggp11/jwessel/git/qemu/cpu-exec.c:206 #4 0x08053af9 in main (argc=0, argv=0x0, envp=Cannot access memory at address 0x8 ) at /ord-lpggp11/jwessel/git/qemu/vl.c:3816 (gdb) I concluded that env points to the ebp register and it only has a valid value while executing from the generated code context. I created another function to pass in the valid version of env in order to set ebp in preparation to eventually execute a longjmp() via the raise_exception(). It is not clear that this is the right way to fix the problem, but it does allow the guest hw breakpoint tests to work correctly on a 32 bit and 64 bit x86 linux host. If there is a better way to solve this, please let me know. Thanks, Jason. --- Jason Wessel (1): target-i386: fix crash on x86 32bit linux host with hw breakpoint exceptions target-i386/exec.h |1 + target-i386/helper.c|6 +++--- target-i386/op_helper.c |5 + 3 files changed, 9 insertions(+), 3 deletions(-)
[Qemu-devel] [PATCH 1/1] target-i386: fix crash on x86 32bit linux host with hw breakpoint exceptions
If you make use of hw breakpoints on a 32bit x86 linux host, qemu
will segmentation fault when processing the exception.
The problem is that the value of env is stored in $ebp in the op_helper
raise_exception() function, and it can have the wrong value when
calling it from non generated code.
It is possible to work around the problem by restoring the value of
env before calling raise_exception() using a new helper function that
takes (CPUState *) as one of the arguments.
Signed-off-by: Jason Wessel jason.wes...@windriver.com
---
target-i386/exec.h |1 +
target-i386/helper.c|6 +++---
target-i386/op_helper.c |5 +
3 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/target-i386/exec.h b/target-i386/exec.h
index 1fd74fd..4ff3c57 100644
--- a/target-i386/exec.h
+++ b/target-i386/exec.h
@@ -73,6 +73,7 @@ void do_interrupt_user(int intno, int is_int, int error_code,
target_ulong next_eip);
void QEMU_NORETURN raise_exception_err(int exception_index, int error_code);
void QEMU_NORETURN raise_exception(int exception_index);
+void QEMU_NORETURN raise_exception_env(int exception_index, CPUState *nenv);
void do_smm_enter(void);
/* n must be a constant to be efficient */
diff --git a/target-i386/helper.c b/target-i386/helper.c
index 70762bb..736ef16 100644
--- a/target-i386/helper.c
+++ b/target-i386/helper.c
@@ -1529,7 +1529,7 @@ int check_hw_breakpoints(CPUState *env, int
force_dr6_update)
static CPUDebugExcpHandler *prev_debug_excp_handler;
-void raise_exception(int exception_index);
+void raise_exception_env(int exception_index, CPUState *env);
static void breakpoint_handler(CPUState *env)
{
@@ -1539,7 +1539,7 @@ static void breakpoint_handler(CPUState *env)
if (env-watchpoint_hit-flags BP_CPU) {
env-watchpoint_hit = NULL;
if (check_hw_breakpoints(env, 0))
-raise_exception(EXCP01_DB);
+raise_exception_env(EXCP01_DB, env);
else
cpu_resume_from_signal(env, NULL);
}
@@ -1548,7 +1548,7 @@ static void breakpoint_handler(CPUState *env)
if (bp-pc == env-eip) {
if (bp-flags BP_CPU) {
check_hw_breakpoints(env, 1);
-raise_exception(EXCP01_DB);
+raise_exception_env(EXCP01_DB, env);
}
break;
}
diff --git a/target-i386/op_helper.c b/target-i386/op_helper.c
index 5eea322..4bb4347 100644
--- a/target-i386/op_helper.c
+++ b/target-i386/op_helper.c
@@ -1351,6 +1351,11 @@ void raise_exception(int exception_index)
raise_interrupt(exception_index, 0, 0, 0);
}
+void raise_exception_env(int exception_index, CPUState *nenv)
+{
+env = nenv;
+raise_exception(exception_index);
+}
/* SMM support */
#if defined(CONFIG_USER_ONLY)
--
1.6.3.3
[Qemu-devel] [PATCH] implement sysrq for the pl011
Implement sysrq for the pl011. This was tested on
the ARM Versatile AB + kernel.org 2.6.X kernel.
Signed-off-by: Jason Wessel [EMAIL PROTECTED]
---
hw/pl011.c | 19 ++-
1 file changed, 18 insertions(+), 1 deletion(-)
--- a/hw/pl011.c
+++ b/hw/pl011.c
@@ -208,7 +208,24 @@ static void pl011_receive(void *opaque,
static void pl011_event(void *opaque, int event)
{
-/* ??? Should probably implement break. */
+if (event == CHR_EVENT_BREAK) {
+pl011_state *s = (pl011_state *)opaque;
+int slot;
+
+slot = s-read_pos + s-read_count;
+if (slot = 16)
+slot -= 16;
+s-read_fifo[slot] = 0x400;
+s-read_count++;
+s-flags = ~PL011_FLAG_RXFE;
+if (s-cr 0x10 || s-read_count == 16) {
+s-flags |= PL011_FLAG_RXFF;
+}
+if (s-read_count == s-read_trigger) {
+s-int_level |= PL011_INT_RX;
+pl011_update(s);
+}
+}
}
static CPUReadMemoryFunc *pl011_readfn[] = {
Re: [PATCH][Qemu-devel] Single stepping for PPC broken!
Marius Groeger wrote:
On Wed, 9 Jan 2008, Marius Groeger wrote:
On Wed, 9 Jan 2008, Marius Groeger wrote:
I'm having problems with qemu's (-M prep, -cpu 604) handling of the
MSR_SE bit. My gdbstub can successfully step along regular code, but
qemu chokes when stepping over a branch instruction like blr.
(Needless to say, that same gdbstub works fine on real hardware). I
tried older versions of qemu and found that the code base 8 months ago
worked fine.
I have now verified with booting a Linux image into qemu-system-ppc - same
problem. When stepi'ing over the following sequence, the system chokes on a
bl instruction:
The attached patch fixes the problem, but I have to admit I can't tell
for sure if this doesn't break other things (such as qemu's built-in
GDB server). Could some QEMU ppc expert please comment on this?
Thanks
Marius
The patch you originally attached definitely breaks the back end
debugger connection for qemu. It does point to the heart of the problem
though. The back end debugger uses the same variable to control the
single stepping state as the MSR_SE uses.
Attached is a patch that fixes the issue, as well as a generic problem
in cvs latest where the backend debugger is occasionally missing debug
exceptions on all archs.
Jason.
- Fix generic single step problem in vl.c
* Overwriting the ret code when there was
and interrupt pending causes the debugger
to miss exceptions
- For ppc, split run-time single stepping from the
debugger stub single stepping
* This fixes the hang problems when using single
stepping via the msr_se
Signed-off-by: Jason Wessel [EMAIL PROTECTED]
---
target-ppc/translate.c | 14 --
vl.c |4 ++--
2 files changed, 14 insertions(+), 4 deletions(-)
--- a/target-ppc/translate.c
+++ b/target-ppc/translate.c
@@ -150,6 +150,7 @@ typedef struct DisasContext {
int spe_enabled;
ppc_spr_t *spr_cb; /* Needed to check rights for mfspr/mtspr */
int singlestep_enabled;
+int sys_sstep_enabled;
int dcache_line_size;
} DisasContext;
@@ -2802,8 +2803,10 @@ static always_inline void gen_goto_tb (D
else
#endif
gen_op_b_T1();
-if (ctx-singlestep_enabled)
+ if (unlikely(ctx-sys_sstep_enabled)) {
+gen_update_nip(ctx, ctx-nip);
gen_op_debug();
+}
tcg_gen_exit_tb(0);
}
}
@@ -2984,8 +2987,10 @@ static always_inline void gen_bcond (Dis
#endif
gen_op_btest_T1(ctx-nip);
no_test:
-if (ctx-singlestep_enabled)
+if (ctx-sys_sstep_enabled) {
+gen_update_nip(ctx, ctx-nip);
gen_op_debug();
+}
tcg_gen_exit_tb(0);
}
out:
@@ -6190,6 +6195,7 @@ static always_inline int gen_intermediat
branch_step = 1;
else
branch_step = 0;
+ctx.sys_sstep_enabled = env-singlestep_enabled;
ctx.singlestep_enabled = env-singlestep_enabled || single_step == 1;
#if defined (DO_SINGLE_STEP) 0
/* Single step trace mode */
@@ -6306,6 +6312,10 @@ static always_inline int gen_intermediat
if (ctx.exception == POWERPC_EXCP_NONE) {
gen_goto_tb(ctx, 0, ctx.nip);
} else if (ctx.exception != POWERPC_EXCP_BRANCH) {
+if (unlikely(ctx.sys_sstep_enabled)) {
+gen_update_nip(ctx, ctx.nip);
+gen_op_debug();
+}
/* Generate the return instruction */
tcg_gen_exit_tb(0);
}
--- a/vl.c
+++ b/vl.c
@@ -7523,7 +7523,7 @@ static int main_loop(void)
qemu_time += profile_getclock() - ti;
#endif
next_cpu = env-next_cpu ?: first_cpu;
-if (event_pending) {
+if (event_pending likely(ret != EXCP_DEBUG)) {
ret = EXCP_INTERRUPT;
event_pending = 0;
break;
@@ -7555,7 +7555,7 @@ static int main_loop(void)
qemu_system_powerdown();
ret = EXCP_INTERRUPT;
}
-if (ret == EXCP_DEBUG) {
+if (unlikely(ret == EXCP_DEBUG)) {
vm_stop(EXCP_DEBUG);
}
/* If all cpus are halted then wait until the next IRQ */
[Qemu-devel] qemu-system-ppc problem with PVR access from user space
The typical kernel + user space I boot on the prep machine no longer
boots due to an issue accessing the PVR special purpose register. When
the PVR is accessed from user space, it should generate an exception
with the PC set to the instruction that it occurred at when it saves to
the stack. In the latest CVS, it is off by 4 bytes. With out the fix
/sbin/init gets killed because the kernel's trap handler which does the
userspace emulation of the instruction does not clean up the trap.
I am using the attached patch to work around the problem, but I wonder
if there is a more generic problem that was introduced as a regression
with all ppc merges in the last month or so, given this used to work
fine through the generic handler.
Any insight into this would certainly be useful.
Thanks,
Jason.
Work around the problem that the PC register is not saved with
the right address when taking a user space PVR access exception.
Signed-off-by: Jason Wessel [EMAIL PROTECTED]
---
target-ppc/translate_init.c |9 -
1 file changed, 8 insertions(+), 1 deletion(-)
--- a/target-ppc/translate_init.c
+++ b/target-ppc/translate_init.c
@@ -92,6 +92,13 @@ static void spr_write_clear (void *opaqu
}
#endif
+static void spr_read_generic_fault_user(void *opaque, int sprn)
+{
+ DisasContext *ctx = opaque;
+ ctx-nip -= 4;
+ GEN_EXCP_PRIVREG(ctx);
+}
+
/* SPR common to all PowerPC */
/* XER */
static void spr_read_xer (void *opaque, int sprn)
@@ -5942,7 +5949,7 @@ static void init_ppc_proc (CPUPPCState *
/* Register SPR common to all PowerPC implementations */
gen_spr_generic(env);
spr_register(env, SPR_PVR, PVR,
- SPR_NOACCESS, SPR_NOACCESS,
+ spr_read_generic_fault_user, SPR_NOACCESS,
spr_read_generic, SPR_NOACCESS,
def-pvr);
/* PowerPC implementation specific initialisations (SPRs, timers, ...) */
Re: [Qemu-devel] Re: Network connections stalling (due to lost interrupts/ticks?)
The RTC message has nothing to do with the interrupt controller load. The patch I mentioned was aimed at stability/bug fix. Nothing to do with performance what so ever. The simple test that you can usually break the qemu interrupt controller with is to do a ping -f to the target when using TAP. Then just run some other processes on the target or try to use the network with telnet or write to the disk with echo file blah ; sync... It usually doesn't last too long. It is the ping -f that will keep the interrupt load at the max. Jason. n schembr wrote: I'm seeing the same rtc error but my systems are not hanging. I can still get to them and they seem to handle a good load from time to time, 4 running proc. Is this a stability or performance issue? If it is a stability issue how do I test it? - Original Message From: Jason Wessel [EMAIL PROTECTED] To: [EMAIL PROTECTED]; qemu-devel@nongnu.org Sent: Friday, August 3, 2007 8:18:50 AM Subject: Re: [Qemu-devel] Re: Network connections stalling (due to lost interrupts/ticks?) Charles, Are you willing to try an experimental patch? Perhaps you could try the attached patch and post back if it happens to solve your problem. There is most definitely a problem where qemu can get hung up indefinitely after an interrupt storm. I had not ever submitted it because there is no clean way to do this via the opaque information that is passed around. It seems wrong to have to make the ioapic a global. If this does fix the problem perhaps someone will decide to fix this up in a cleaner fashion via the opaque structures. Jason. Charles Duffy wrote: Charles Duffy wrote: There's a warning on startup that the system can't set a 1024Hz timer, which persists even after I set /proc/sys/dev/rtc/max-user-freq to 1024, and I occasionally get warnings at runtime (Your time source seems to be instable or some driver is hogging interrupts). This was happening because my host kernel was compiled with CONFIG_HPET_RTC_IRQ=y. I've disabled this option, recompiled and rebooted, and it resolved the RTC warning (and apparently, the unstable time source messages) -- but my network connections are still stalling.
Re: [Qemu-devel] Re: Network connections stalling (due to lost interrupts/ticks?)
Charles,
Are you willing to try an experimental patch?
Perhaps you could try the attached patch and post back if it happens to
solve your problem. There is most definitely a problem where qemu can
get hung up indefinitely after an interrupt storm. I had not ever
submitted it because there is no clean way to do this via the opaque
information that is passed around. It seems wrong to have to make the
ioapic a global. If this does fix the problem perhaps someone will
decide to fix this up in a cleaner fashion via the opaque structures.
Jason.
Charles Duffy wrote:
Charles Duffy wrote:
There's a warning on startup that the system can't set a 1024Hz timer,
which persists even after I set /proc/sys/dev/rtc/max-user-freq to 1024,
and I occasionally get warnings at runtime (Your time source seems to
be instable or some driver is hogging interrupts).
This was happening because my host kernel was compiled with
CONFIG_HPET_RTC_IRQ=y. I've disabled this option, recompiled and
rebooted, and it resolved the RTC warning (and apparently, the unstable
time source messages) -- but my network connections are still stalling.
Recover from an interupt flood by propagating the end of interrupt state.
Signed-off-by: Jason Wessel [EMAIL PROTECTED]
---
hw/apic.c | 23 +--
hw/pc.c |2 +-
2 files changed, 22 insertions(+), 3 deletions(-)
Index: qemu/hw/apic.c
===
--- qemu.orig/hw/apic.c
+++ qemu/hw/apic.c
@@ -332,6 +332,26 @@ static void apic_set_irq(APICState *s, i
apic_update_irq(s);
}
+struct IOAPICState *ioapic;
+/* XXX Multi IOAPIC support */
+static void apic_propogate_eoi(int vector) {
+uint32_t irr;
+int pin;
+
+if ((vector 0x10) || (vector 0xfe))
+return;
+
+irr = ioapic-irr;
+while (irr) {
+pin = ffs_bit(irr);
+irr = ~(1 pin);
+if ((ioapic-ioredtbl[pin] 0xff) == vector) {
+ioapic-irr = ~(1 pin);
+break;
+}
+}
+}
+
static void apic_eoi(APICState *s)
{
int isrv;
@@ -339,8 +359,7 @@ static void apic_eoi(APICState *s)
if (isrv 0)
return;
reset_bit(s-isr, isrv);
-/* XXX: send the EOI packet to the APIC bus to allow the I/O APIC to
-set the remote IRR bit for level triggered interrupts. */
+apic_propogate_eoi(isrv);
apic_update_irq(s);
}
Index: qemu/hw/pc.c
===
--- qemu.orig/hw/pc.c
+++ qemu/hw/pc.c
@@ -36,7 +36,7 @@
static fdctrl_t *floppy_controller;
static RTCState *rtc_state;
static PITState *pit;
-static IOAPICState *ioapic;
+extern IOAPICState *ioapic;
static PCIDevice *i440fx_state;
static void ioport80_write(void *opaque, uint32_t addr, uint32_t data)
Re: [Qemu-devel] Problem with the -serial option of qemu
The MoonSeeker wrote: Hi everyone, I'm on gentoo 2.6.20-gentoo-r8 and I'm trying to send the serial port of my linux guest to a tcp server. To do that, i use this command : qemu -hda linux.img -serial tcp::4000,server,nowait And I get this error : qemu: could not open serial device 'tcp::4000,server,nowait' I was using the same command on Ubuntu 6.06 and that was working. I don't understand what's happen and how can I debug this? Thx for help! Make sure you are running the same version of QEMU in both places. Generally speaking if it says it could not open the device, it is because something else is using the port. % netstat -an |grep 4000 tcp0 0 0.0.0.0:4000 0.0.0.0:* LISTEN % lsof -nP |grep 4000 redirector 15998 jwessel3u IPv41661621 TCP *:4000 (LISTEN) In this example I started up an application called redirector on the port. I do not believe this issue is a qemu defect of any kind. Cheers, Jason.
[Qemu-devel] [PATCH] fix dhcp with multiple nics an SLIRP
The check in qemu_can_send_packet() does not work correctly when using
multiple nics. I found the problem when using -boot n and having more
than one nic in use with the SLIRP networking. The
qemu_can_send_packet() is only called as a part of the SLIRP networking
check to see if there is a valid interface that packets can be sent on.
Using the attached patch, a pxe boot can be used with more than one nic,
in particular using nics of different types. I also tested to make sure
it still worked with a single nic as well.
Signed-off-by: Jason Wessel [EMAIL PROTECTED]
Jason.
---
vl.c |6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
Index: qemu/vl.c
===
--- qemu.orig/vl.c
+++ qemu/vl.c
@@ -3195,11 +3195,11 @@ int qemu_can_send_packet(VLANClientState
for(vc = vlan-first_client; vc != NULL; vc = vc-next) {
if (vc != vc1) {
-if (vc-fd_can_read !vc-fd_can_read(vc-opaque))
-return 0;
+if (vc-fd_can_read vc-fd_can_read(vc-opaque))
+return 1;
}
}
-return 1;
+return 0;
}
void qemu_send_packet(VLANClientState *vc1, const uint8_t *buf, int size)
[Qemu-devel] [PATCH] gdb stub support and loadvm should work together
Right now the gdb stub support is mutually exclusive of the loadvm command line support. In fact it might be nice to have the loadvm and savevm commands exposed via the gdb stub so you can save an instance which you can debug again later. The attached patch makes it so you can execute a -loadvm from the command line while still having the gdb stub support active. Signed-off-by: Jason Wessel [EMAIL PROTECTED] Jason. --- vl.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: qemu/vl.c === --- qemu.orig/vl.c +++ qemu/vl.c @@ -8011,7 +8011,7 @@ int main(int argc, char **argv) gdbstub_port); exit(1); } -} else +} #endif if (loadvm) do_loadvm(loadvm);
[Qemu-devel] [PATCH] fix crash in set registers in PPC gdb-stub
While using the gdb stub on the PPC target you cannot set registers if
the machine has the power save bit set in the msr without crashing
QEMU. The reason it crashes is because the cpu_loop_exit() function
will get called when the gdb stub is setting the registers.
There is certainly more than one way to fix problem. I opted to add the
check for the halted state to the store msr routine which is called from
the the translated code or the gdb stub. The halted state is always set
when the stub is active.
Signed-off-by: Jason Wessel [EMAIL PROTECTED]
Jason.
---
target-ppc/helper.c | 10 ++
1 file changed, 6 insertions(+), 4 deletions(-)
Index: qemu/target-ppc/helper.c
===
--- qemu.orig/target-ppc/helper.c
+++ qemu/target-ppc/helper.c
@@ -1493,10 +1493,12 @@ void do_store_msr (CPUPPCState *env, tar
break;
}
if (enter_pm) {
-/* power save: exit cpu loop */
-env-halted = 1;
-env-exception_index = EXCP_HLT;
-cpu_loop_exit();
+if (likely(!env-halted)) {
+/* power save: exit cpu loop */
+env-halted = 1;
+env-exception_index = EXCP_HLT;
+cpu_loop_exit();
+}
}
}
[Qemu-devel] [PATCH] e100 savevm/loadvm support
The attached patch adds loadvm and savevm support to the e100 driver. One note about this patch is that the image is not portable across big/little endian hosts. Since it already appeared that the save/load images in general are not portable between a big/little endian hosts I just took the short cut of pushing the struct members that were not being saved directly into the save buffer. If it is the case that the save/load images are supposed to be endian agnostic, there is definitely some more work that needs to be done in all the simulated hw drivers. Signed-off-by: Jason Wessel [EMAIL PROTECTED] Jason.
Re: [Qemu-devel] [PATCH] e100 savevm/loadvm support
Thiemo Seufer wrote:
Jason Wessel wrote:
The attached patch adds loadvm and savevm support to the e100 driver.
One note about this patch is that the image is not portable across
big/little endian hosts. Since it already appeared that the save/load
images in general are not portable between a big/little endian hosts I
just took the short cut of pushing the struct members that were not
being saved directly into the save buffer.
Looks like a bug to me.
If it is the case that the
save/load images are supposed to be endian agnostic, there is definitely
some more work that needs to be done in all the simulated hw drivers.
Signed-off-by: Jason Wessel [EMAIL PROTECTED]
Patch is missing.
Thiemo
Since the first patch was missing, I created a new one which does not
have any endian issues. In this patch there is a #if 0 which matches
the member of the struct that has the #if 0 in it. Once again I tested
it to confirm it works with a single or multiple enet cards of different
types.
Originally I thought I had seen a place in the code where there was a
put buffer on a series of long values, but I can no longer find the
reference to it. In the original patch I had just saved the structs
outright via the put_buffer which clearly would not have been endian
agnostic. The patch attached here fixes that.
Signed-off-by: Jason Wessel [EMAIL PROTECTED]
Jason.
---
hw/eepro100.c | 102 +++---
1 file changed, 98 insertions(+), 4 deletions(-)
Index: qemu/hw/eepro100.c
===
--- qemu.orig/hw/eepro100.c
+++ qemu/hw/eepro100.c
@@ -1571,10 +1571,9 @@ static void nic_receive(void *opaque, co
static int nic_load(QEMUFile * f, void *opaque, int version_id)
{
EEPRO100State *s = (EEPRO100State *) opaque;
+int i;
int ret;
-missing(NIC load);
-
if (version_id 3)
return -EINVAL;
@@ -1608,14 +1607,61 @@ static int nic_load(QEMUFile * f, void *
qemu_get_buffer(f, s-mult, 8);
qemu_get_buffer(f, s-mem, sizeof(s-mem));
+/* Restore all members of struct between scv_stat and mem */
+qemu_get_8s(f, s-scb_stat);
+qemu_get_8s(f, s-int_stat);
+for (i = 0; i 3; i++)
+qemu_get_be32s(f, s-region[i]);
+qemu_get_buffer(f, s-macaddr, 6);
+for (i = 0; i 19; i++)
+qemu_get_be32s(f, s-statcounter[i]);
+for (i = 0; i 32; i++)
+qemu_get_be16s(f, s-mdimem[i]);
+/* The eeprom should be saved and restored by its own routines */
+qemu_get_be32s(f, s-device);
+qemu_get_be32s(f, s-pointer);
+qemu_get_be32s(f, s-cu_base);
+qemu_get_be32s(f, s-cu_offset);
+qemu_get_be32s(f, s-ru_base);
+qemu_get_be32s(f, s-ru_offset);
+qemu_get_be32s(f, s-statsaddr);
+/* Restore epro100_stats_t statistics */
+qemu_get_be32s(f, s-statistics.tx_good_frames);
+qemu_get_be32s(f, s-statistics.tx_max_collisions);
+qemu_get_be32s(f, s-statistics.tx_late_collisions);
+qemu_get_be32s(f, s-statistics.tx_underruns);
+qemu_get_be32s(f, s-statistics.tx_lost_crs);
+qemu_get_be32s(f, s-statistics.tx_deferred);
+qemu_get_be32s(f, s-statistics.tx_single_collisions);
+qemu_get_be32s(f, s-statistics.tx_multiple_collisions);
+qemu_get_be32s(f, s-statistics.tx_total_collisions);
+qemu_get_be32s(f, s-statistics.rx_good_frames);
+qemu_get_be32s(f, s-statistics.rx_crc_errors);
+qemu_get_be32s(f, s-statistics.rx_alignment_errors);
+qemu_get_be32s(f, s-statistics.rx_resource_errors);
+qemu_get_be32s(f, s-statistics.rx_overrun_errors);
+qemu_get_be32s(f, s-statistics.rx_cdt_errors);
+qemu_get_be32s(f, s-statistics.rx_short_frame_errors);
+qemu_get_be32s(f, s-statistics.fc_xmt_pause);
+qemu_get_be32s(f, s-statistics.fc_rcv_pause);
+qemu_get_be32s(f, s-statistics.fc_rcv_unsupported);
+qemu_get_be16s(f, s-statistics.xmt_tco_frames);
+qemu_get_be16s(f, s-statistics.rcv_tco_frames);
+qemu_get_be32s(f, s-statistics.complete);
+#if 0
+qemu_get_be16s(f, s-status);
+#endif
+
+/* Configuration bytes. */
+qemu_get_buffer(f, s-configuration, sizeof(s-configuration));
+
return 0;
}
static void nic_save(QEMUFile * f, void *opaque)
{
EEPRO100State *s = (EEPRO100State *) opaque;
-
-missing(NIC save);
+int i;
if (s-pci_dev)
pci_device_save(s-pci_dev, f);
@@ -1639,6 +1685,54 @@ static void nic_save(QEMUFile * f, void
qemu_put_8s(f, s-curpag);
qemu_put_buffer(f, s-mult, 8);
qemu_put_buffer(f, s-mem, sizeof(s-mem));
+
+/* Save all members of struct between scv_stat and mem */
+qemu_put_8s(f, s-scb_stat);
+qemu_put_8s(f, s-int_stat);
+for (i = 0; i 3; i++)
+qemu_put_be32s(f, s-region[i]);
+qemu_put_buffer(f, s-macaddr, 6);
+for (i = 0; i 19; i++)
+qemu_put_be32s(f, s-statcounter[i]);
+for (i = 0; i 32; i
Re: [Qemu-devel] MIPS64 problem with ethernet
Aurelien Jarno wrote:
As discussed on IRC, the problem is only present on 32-bit hosts. It is
due to the do_ddivu which is falsely implemented using lldiv and then by
casting the result. The patch below uses / and % as on the 64-bit host
code. It is maybe slower than lldiv, but at least it gives the correct
result. This probably involves some libgcc code, so it is better to keep
it in op_helper.c for 32-bit hosts.
With your change the ethernet does come up but it seems there is a
further problem, perhaps with ddivu. My host is a 32bit host, and this
does seem to work on a 64bit host or the real hardware. Doing something
like an ls /proc does not work in the emulated target. The reason is
that the compatibility syscalls are 32bit and there is some sign
extension problem somewhere.
I put the following code in kernel/main/init.c as an illustration of the
problem.
{
unsigned long v1 = 0x8073;
unsigned int v2 = v1 + 1;
printk(v1 %lx v2 %08x\n, v1, v2);
}
On the real hw it prints correctly as:
v1 8073 v2 80731112
On the emulated 64 bit + 64bit kernel on a 32 bit host it prints as:
v1 8073 v2 80731112
This might be due to the ddivu in printk, but it could be elsewhere...
Jason.
[Qemu-devel] [PATCH] mips64 gdb_stub
This patch allows gdb to debug a 64 bit kernel running on the mips64 target.
signed-off-by: Jason Wessel [EMAIL PROTECTED]
Jason.
---
gdbstub.c | 80 +++---
1 file changed, 40 insertions(+), 40 deletions(-)
Index: qemu/gdbstub.c
===
--- qemu.orig/gdbstub.c
+++ qemu/gdbstub.c
@@ -549,41 +549,41 @@ static int cpu_gdb_read_registers(CPUSta
ptr = mem_buf;
for (i = 0; i 32; i++)
{
-*(uint32_t *)ptr = tswapl(env-gpr[i]);
-ptr += 4;
+*(target_ulong *)ptr = tswapl(env-gpr[i]);
+ptr += sizeof(target_ulong);
}
-*(uint32_t *)ptr = tswapl(env-CP0_Status);
-ptr += 4;
+*(target_ulong *)ptr = tswapl(env-CP0_Status);
+ptr += sizeof(target_ulong);
-*(uint32_t *)ptr = tswapl(env-LO);
-ptr += 4;
+*(target_ulong *)ptr = tswapl(env-LO);
+ptr += sizeof(target_ulong);
-*(uint32_t *)ptr = tswapl(env-HI);
-ptr += 4;
+*(target_ulong *)ptr = tswapl(env-HI);
+ptr += sizeof(target_ulong);
-*(uint32_t *)ptr = tswapl(env-CP0_BadVAddr);
-ptr += 4;
+*(target_ulong *)ptr = tswapl(env-CP0_BadVAddr);
+ptr += sizeof(target_ulong);
-*(uint32_t *)ptr = tswapl(env-CP0_Cause);
-ptr += 4;
+*(target_ulong *)ptr = tswapl(env-CP0_Cause);
+ptr += sizeof(target_ulong);
-*(uint32_t *)ptr = tswapl(env-PC);
-ptr += 4;
+*(target_ulong *)ptr = tswapl(env-PC);
+ptr += sizeof(target_ulong);
if (env-CP0_Config1 (1 CP0C1_FP))
{
for (i = 0; i 32; i++)
{
-*(uint32_t *)ptr = tswapl(env-fpr[i].fs[FP_ENDIAN_IDX]);
-ptr += 4;
+*(target_ulong *)ptr = tswapl(env-fpr[i].fs[FP_ENDIAN_IDX]);
+ptr += sizeof(target_ulong);
}
-*(uint32_t *)ptr = tswapl(env-fcr31);
-ptr += 4;
+*(target_ulong *)ptr = tswapl(env-fcr31);
+ptr += sizeof(target_ulong);
-*(uint32_t *)ptr = tswapl(env-fcr0);
-ptr += 4;
+*(target_ulong *)ptr = tswapl(env-fcr0);
+ptr += sizeof(target_ulong);
}
/* 32 FP registers, fsr, fir, fp. Not yet implemented. */
@@ -611,41 +611,41 @@ static void cpu_gdb_write_registers(CPUS
ptr = mem_buf;
for (i = 0; i 32; i++)
{
-env-gpr[i] = tswapl(*(uint32_t *)ptr);
-ptr += 4;
+env-gpr[i] = tswapl(*(target_ulong *)ptr);
+ptr += sizeof(target_ulong);
}
-env-CP0_Status = tswapl(*(uint32_t *)ptr);
-ptr += 4;
+env-CP0_Status = tswapl(*(target_ulong *)ptr);
+ptr += sizeof(target_ulong);
-env-LO = tswapl(*(uint32_t *)ptr);
-ptr += 4;
+env-LO = tswapl(*(target_ulong *)ptr);
+ptr += sizeof(target_ulong);
-env-HI = tswapl(*(uint32_t *)ptr);
-ptr += 4;
+env-HI = tswapl(*(target_ulong *)ptr);
+ptr += sizeof(target_ulong);
-env-CP0_BadVAddr = tswapl(*(uint32_t *)ptr);
-ptr += 4;
+env-CP0_BadVAddr = tswapl(*(target_ulong *)ptr);
+ptr += sizeof(target_ulong);
-env-CP0_Cause = tswapl(*(uint32_t *)ptr);
-ptr += 4;
+env-CP0_Cause = tswapl(*(target_ulong *)ptr);
+ptr += sizeof(target_ulong);
-env-PC = tswapl(*(uint32_t *)ptr);
-ptr += 4;
+env-PC = tswapl(*(target_ulong *)ptr);
+ptr += sizeof(target_ulong);
if (env-CP0_Config1 (1 CP0C1_FP))
{
for (i = 0; i 32; i++)
{
-env-fpr[i].fs[FP_ENDIAN_IDX] = tswapl(*(uint32_t *)ptr);
-ptr += 4;
+env-fpr[i].fs[FP_ENDIAN_IDX] = tswapl(*(target_ulong *)ptr);
+ptr += sizeof(target_ulong);
}
-env-fcr31 = tswapl(*(uint32_t *)ptr) 0x0183;
-ptr += 4;
+env-fcr31 = tswapl(*(target_ulong *)ptr) 0x0183;
+ptr += sizeof(target_ulong);
-env-fcr0 = tswapl(*(uint32_t *)ptr);
-ptr += 4;
+env-fcr0 = tswapl(*(target_ulong *)ptr);
+ptr += sizeof(target_ulong);
/* set rounding mode */
RESTORE_ROUNDING_MODE;
[Qemu-devel] MIPS64 problem with ethernet
The ethernet device does not come up correctly on a 64 MIPS target with a 64 bit kernel. I narrowed it down a bit, so I thought I might mention it. If I add to the kernel the line: printk(\nTest ~0UL == %lx\n, (~0UL)); It will print correctly on the real HW: Test ~0UL == In qemu-system-mips64 it will only print: Test ~0UL == The ethernet fails due to the failure of the computing of the test kcalloc() found in slab.h. if (n != 0 size ULONG_MAX / n) Where n == 16, size == 8, and ULONG_MAX == (~0UL). I suspect some low level debugging of which op code translation is at fault would be next... Jason.
Re: [Qemu-devel] MIPS64 problem with ethernet
Aurelien Jarno wrote: Jason Wessel a écrit : The ethernet device does not come up correctly on a 64 MIPS target with a 64 bit kernel. Which Ethernet card are you using? The pcnet one is working correctly here. I am using a 2.6.21.1 kernel. It works perfectly fine if I boot a 32bit kernel on the 64bit mips qemu with the pcnet32. It is when I boot the 64bit kernel on the 64bit mips qemu that I see the issue. The only difference I can see is the math operations in the kcalloc() inline because the sizes are different in 32 vs 64 of course. I too was using a 2.6.21.1 kernel with mips.org patches. Likely that I am using a different compiler though. Keeping in mind that the same kernel 32bit and 64bit kernels works fine on real hardware. Jason.
[Qemu-devel] [PATCH] Fix sysrq support from the monitor mux
The monitor mux code calls uses the wrong opaque structure and crashes qemu. This patch fixes it such that the sysrq support works correctly. Signed-off-by: Jason Wessel [EMAIL PROTECTED] Jason. --- vl.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: qemu/vl.c === --- qemu.orig/vl.c +++ qemu/vl.c @@ -1371,7 +1371,7 @@ static int mux_proc_byte(CharDriverState break; case 'b': if (chr-chr_event) -chr-chr_event(chr-opaque, CHR_EVENT_BREAK); +chr-chr_event(chr-handler_opaque, CHR_EVENT_BREAK); break; case 'c': /* Switch to the next registered device */
[Qemu-devel] Problems with MIPS full system emulation and breakpoints
It seems there is an issue with the translation block flushing when
writing to the code regions in the MIPS full system emulation. Using a
2.6 kernel which is basically running in single user mode, I use an
extremely simple program:
main () {
int i;
for (i = 0; i 10; i++) {
printf(doing %i\n,i);
}
}
/ # gdb simple_program
(gdb) break main
Breakpoint 1 at 0x400670: file simple_program.c, line 3.
(gdb) run
Starting program: /simple_program
Breakpoint 1, main () at simple_program.c:3
3 for (i = 0; i 10; i++) {
(gdb) n
4 printf(doing %i\n,i);
(gdb) n
doing 0
3 for (i = 0; i 10; i++) {
(gdb) n
doing 1
Program received signal SIGTRAP, Trace/breakpoint trap.
main () at simple_program.c:3
3 for (i = 0; i 10; i++) {
At this point the program is trashed on the second time through the loop
because the translated block with the breakpoint op code was executed
instead of being flushed and translated with the correct original
instruction. All the single stepping and jumping over the function
calls is done by writing a breakpoint op code in and later restoring the
original instruction. In the kernel access_process_vm() was used via
ptrace to correctly read and write the breakpoints, and I have verified
these writes are occurring.
To illustrate the problem further, I attached a patch that makes this
problem go away. Of course this is not the right fix, because it only
deals with the breakpoint opcode and does not isolate the translated
block that had the instruction that changed. In theory you should be
able to modify any part of the instruction code from another process
with ptrace.
Are there any suggestions as to how to fix this the right way? The real
hardware of course does not exhibit this issue.
Thanks,
Jason.
Index: qemu/target-mips/helper.c
===
--- qemu.orig/target-mips/helper.c
+++ qemu/target-mips/helper.c
@@ -360,6 +360,7 @@ void do_interrupt (CPUState *env)
goto set_EPC;
case EXCP_BREAK:
cause = 9;
+tb_flush(env);
goto set_EPC;
case EXCP_RI:
cause = 10;
Re: Qemu-PPC problems (was [Qemu-devel] Just to add one single point)
J. Mayer wrote:
On Wed, 2007-04-11 at 17:49 -0400, Rob Landley wrote:
qemu-system-ppc -M prep -nographic -kernel zImage-powerpc -append \
console=/dev/ttyS0
You cannot append anything to the command line this way, with the PPC
firmware...
You can append options when using yaboot, not with the -kernel option.
Then, you should use the CONFIG_CMDLINE kernel option to add the option
you absolutely need to boot.
If you do not modify the prep loader, then it is impossible to pass
arguments or load a kernel that expands to 4meg. With respect to
using an unmodified prep loader, you have to build the boot arguments
you want into the kernel itself with the .config file options.
[...]
It also seems that most Linux 2.6 kernels support has been broken. It
used to run too, with some versions having a great problem in
frame-buffer mode (writing black on black is not really usable). Using
the serial console always allowed me to follow the boot until X starts.
I'm trying to use serial console.
I tried and the kernel seem to hang before reaching the start_kernel
routine. That why I said there may now be a CPU emulation bug that broke
everything Must do more checks with a debug kernel (with traces,
this time. Using early_printk may help a lot !).
[...]
you may try to boot kernels in PREP format as they look like regular boot partitions...
It may help.
While I am sure folks have the objective to be able to boot something
that is not modified, my objective was to modify the kernel to work with
qemu until that first objective is met. If you use a 2.6.21rc candidate
you can use the attached patches to boot. I provided a .config file as
well. The frame buffer is definitely broken, but I had not really
looked into why because I was more interested in simply using the ppc
instruction sets.
Note I startup with the following and it works perfectly fine with my
modified kernels:
qemu-system-ppc -nographic -kernel zImage.prep -s -M prep -append
console=ttyS0 ip=dhcp root=/dev/nfs nfsroot=10.0.2.2:/export/ppc rw
netdev=9,0x300,eth0
There is a new regression between Apr 9 and Apr 10 in the QEMU CVS HEAD
where tcp checksums are failing again. :-(
If it would help, I can certainly provide some of my zImage files which
run with several different 2.6.x kernels.
Jason.
dot_config.gz
Description: GNU Zip compressed data
Adjust prep loader to deal with larger kernel images.
signed-off-by: Jason Wessel [EMAIL PROTECTED]
Index: linux-2.6.21-rc3/arch/ppc/boot/simple/misc.c
===
--- linux-2.6.21-rc3.orig/arch/ppc/boot/simple/misc.c
+++ linux-2.6.21-rc3/arch/ppc/boot/simple/misc.c
@@ -17,6 +17,7 @@
#include linux/types.h
#include linux/string.h
+#include asm/residual.h
#include asm/page.h
#include asm/mmu.h
#include asm/bootinfo.h
@@ -27,6 +28,7 @@
#include nonstdio.h
+#define CONFIG_RUNTIME_CMDLINE 0x17ff000
/* Default cmdline */
#ifdef CONFIG_CMDLINE
#define CMDLINE CONFIG_CMDLINE
@@ -53,7 +55,7 @@
char *avail_ram;
char *end_avail;
char *zimage_start;
-char cmd_preset[] = CMDLINE;
+char cmd_preset[256] = CMDLINE;
char cmd_buf[256];
char *cmd_line = cmd_buf;
int keyb_present = HAS_KEYB;
@@ -91,9 +93,11 @@ get_mem_size(void)
#endif
struct bi_record *
-decompress_kernel(unsigned long load_addr, int num_words, unsigned long cksum)
+decompress_kernel(unsigned long load_addr, int num_words, unsigned long cksum
+,RESIDUAL *residual, void *OFW_interface)
{
#ifdef INTERACTIVE_CONSOLE
+int do_console = 0;
int timer = 0;
char ch;
#endif
@@ -120,9 +124,12 @@ decompress_kernel(unsigned long load_add
* and we must have the correct file linked in here.
*/
TotalMemory = get_mem_size();
+ puts(TotalMemory: ); puthex(TotalMemory); puts(\n);
+ puts(TotalResid: ); puthex(residual-TotalMemory); puts(\n);
+ puts(Resid at: ); puthex((unsigned int)residual); puts(\n);
- /* assume the chunk below 8M is free */
- end_avail = (char *)0x0080;
+ /* assume the chunk below 10M is free */
+ end_avail = (char *)0x00A0;
/*
* Reveal where we were loaded at and where we
@@ -139,6 +146,13 @@ decompress_kernel(unsigned long load_add
puts(\n);
}
+ if (residual) {
+ puts(board data at: ); puthex((unsigned long)residual);
+ puts( );
+ puthex((unsigned long)((unsigned long)residual +
+ sizeof(RESIDUAL)));
+ puts(\n);
+ }
/*
* We link ourself to 0x0080. When we run, we relocate
* ourselves there. So we just need __image_begin for the
@@ -167,15 +181,21 @@ decompress_kernel(unsigned long load_add
}
#ifndef CONFIG_40x /* don't overwrite the 40x image located at 0x0040! */
- avail_ram = (char *)0x0040;
+ avail_ram = (char *)0x0050;
#endif
- end_avail = (char *)0x0080;
+ end_avail = (char *)0x00A0;
puts(avail ram: ); puthex((unsigned long)avail_ram); puts( );
puthex((unsigned long)end_avail); puts(\n
Re: Qemu-PPC problems (was [Qemu-devel] Just to add one single point)
Jason Wessel wrote: There is a new regression between Apr 9 and Apr 10 in the QEMU CVS HEAD where tcp checksums are failing again. :-( I stand corrected it not the TCP check sums. The new PPC pic code does not work so as to allow the ethernet device driver to receive packets. I guess the question should be is if we would have expected more to work than breaks or if different cases actually work now with the new PPC pic code, or if they are all broken. Jason.
Re: [Qemu-devel] Is it possible to boot qemu-system-ppc with -kernel?
To boot the prep machine you need to configure the kernel for prep and use the zImage.prep file. IE: CONFIG_PPC_PREP=y Right now you selected CONFIG_PPC_CHRP In any kernel 2.6.20 there is a bug where no PCI interrupts go to sleep and the default prep loader has a size limit. I worked around this by modifying the prep loader to accept a bigger image, as well as to process the kernel arguments passed by QEMU. So yes it is definitely possible to boot a prep image, but there some tricks. I also only use the serial ports, so I am not certain if the frame buffer actually works. Jason. Rob Landley wrote: I've been trying several variants of: qemu-system-ppc -M prep -nographic -hda ext2.img -kernel zImage \ -append rw init=/tools/bin/sh panic=1 PATH=/tools/bin root=/dev/hda console=/dev/ttyS0 My miniconfig is attached. (You can make a full-sized .config out of it with make allnoconfig KCONFIG_ALLSYMS=miniconfig-linux, I still need to get the miniconfig patch in so there's a better UI.) I'm trying to boot the zImage file that produces. Unfortunately, I've never managed to boot a ppc kernel under qemu with -kernel. I've got to be doing something wrong, but I don't know what it is. Could you offer any hints? Here's the output I get: Could not configure '/dev/rtc' to have a 1024 Hz timer. This is not a fatal error, but for better emulation accuracy either use a 2.6 host Linux kernel or type 'echo 1024 /proc/sys/dev/rtc/max-user-freq' as root. init_ppc_proc: PVR 0004 mask = 0004 register PCI host 'pci-bridge' 'pci' 'null' 'PREP Host PCI Bridge - Motorola Raven' register 'pci-bridge' 'pci' 'null' 'PREP Host PCI Bridge - Motorola Raven' 0x8000 in 'device-tree' 0x Done 582b000 582b880 PCI device 'null' 0 11 0 has no reg properties: PCI device 'null' 0 11 0 has no assigned addresses properties: register pci device 'Qemu VGA' 000c 'display' 'VGA' 'Qemu VGA' register 'Qemu VGA' 'display' 'VGA' 'Qemu VGA' 0x000c in 'pci-bridge' 0x8000 Done 582b880 582b980 PCI device 'Qemu VGA' 0 12 0 reg properties: addr: 82006010 f000 size: 0080 PCI device 'Qemu VGA' 0 12 0 assigned addresses properties: addr: 82006010 f000 size: 0080 PPC Open Hack'Ware BIOS for qemu version 0.4.1 Build 2005-07-06 23:10:57 Copyright 2003-2005 Jocelyn Mayer Memory size: 144 MB. Booting from device m ide0: drive 0: Hard Disk ERROR: OF_property_copy cannot get property 'hd' for aliases ide0: drive 1: CD-ROM ERROR: OF_property_copy cannot get property 'cd' for aliases ERROR: ATAPI TEST_UNIT_READY : status 41 != 0x40 ide1: drive 0: none ide1: drive 1: none Probe partitions for device c ERROR: No MSDOS signature (0 0 0 0) Boot partition: 0 9401fff8 9401fff8 0 Probe partitions for device m ERROR: No MSDOS signature (38 0 0 0) Use bloc device as raw partition Boot partition: 0 9401fff8 9401fff8 0 ERROR: OF_property_copy cannot get property 'alias' for null boot device: 5833180 image 100 size 1106232 ERROR: No MSDOS signature (7f 45 0 0) Use bloc device as raw partition Boot partition: 0 9401fff8 9401fff8 0 boot device: 5833180 ERROR: Found no boot partition! ERROR: BUG caught... BIOS execution exception nip=0x0580 msr=0x2000 dar=0x dsisr=0x Stopping execution It's not getting _to_ the kernel. (I tried booting vmlinux instead of bzImage, but it made no difference.) Thanks, Rob CONFIG_PPC_CHRP=y CONFIG_SWAP=y CONFIG_IKCONFIG=y CONFIG_IKCONFIG_PROC=y CONFIG_LSF=y CONFIG_BINFMT_ELF=y CONFIG_PM=y CONFIG_NET=y CONFIG_PACKET=y CONFIG_UNIX=y CONFIG_INET=y CONFIG_BLK_DEV_LOOP=y CONFIG_IDE=y CONFIG_BLK_DEV_IDE=y CONFIG_BLK_DEV_IDEDISK=y CONFIG_IDE_GENERIC=y CONFIG_BLK_DEV_IDEPCI=y CONFIG_BLK_DEV_GENERIC=y CONFIG_NETDEVICES=y CONFIG_NET_ETHERNET=y CONFIG_NET_PCI=y CONFIG_NE2K_PCI=y CONFIG_SERIAL_8250=y CONFIG_SERIAL_8250_CONSOLE=y CONFIG_EXT2_FS=y CONFIG_EXT3_FS=y CONFIG_SQUASHFS=y -- Jason Wessel, SMTS Linux Products, Wind River direct +1.630.971.6420 mobile +1.630.715.4615 fax +1.630.971.6433
[Qemu-devel] [PATCH] add a simple 24mhz clock for the versatile
This patch implements a simple 24mhz clock for the versatile board such
that functions in the linux kernel can make use of these stamps. An
example user of this is the printk time stamps when using the time
parameter on the kernel boot line.
signed-off-by: [EMAIL PROTECTED]
Cheers,
Jason.
Index: qemu/hw/arm_sysctl.c
===
--- qemu.orig/hw/arm_sysctl.c
+++ qemu/hw/arm_sysctl.c
@@ -71,8 +71,10 @@ static uint32_t arm_sysctl_read(void *op
case 0x58: /* BOOTCS */
return 0;
case 0x5c: /* 24MHz */
-/* ??? not implemented. */
-return 0;
+{
+uint64_t now = qemu_get_clock(vm_clock);
+return (uint32_t)(now*.024);
+}
case 0x60: /* MISC */
return 0;
case 0x84: /* PROCID0 */
Re: [Qemu-devel] Re: Qemu PPC ethernet checksum bug [PATCH]
Attached is a patch as well as an example program, where I took the code
from the from the linux kernel and made a call in with a dummy packet.
It appears the problem is the addic translation does not correctly
set/reset the carry bit, and this is a regression vs the source base on
3/7/2007. With the change here, I can boot the ppc-prep machine again
and use ethernet.
If you would like a pre-compiled binary of the test case, let me know
because it was too big to send to the list.
signed-off-by: [EMAIL PROTECTED]
Jason.
J. Mayer wrote:
Hi,
My concern is I cannot reproduce your problem for the following reasons:
- the PREP machine (and the heathrow too...) is broken and cannot even
boot. PCI and/or IRQ are broken, so the Linux kernel hangs.
- when using the known to work Linux distributions on the mac99
machine (please take a look at the STATUS file), I am able to download a
kernel from www.kernel.org, which makes me think TCP packets are sent
and received correctly, with valid checksums.
Then, it would be a great thing if you could isolate the failing routine
and, for example, make a test case usable with linux-user emulation.
This would be a great help to solve this issue.
Thanks by advance.
Index: qemu/target-ppc/translate.c
===
--- qemu.orig/target-ppc/translate.c
+++ qemu/target-ppc/translate.c
@@ -772,16 +772,14 @@ GEN_HANDLER(addic, 0x0C, 0xFF, 0xFF, 0x0
target_long simm = SIMM(ctx-opcode);
gen_op_load_gpr_T0(rA(ctx-opcode));
-if (likely(simm != 0)) {
-gen_op_move_T2_T0();
-gen_op_addi(simm);
+gen_op_move_T2_T0();
+gen_op_addi(simm);
#if defined(TARGET_PPC64)
-if (ctx-sf_mode)
-gen_op_check_addc_64();
-else
+if (ctx-sf_mode)
+gen_op_check_addc_64();
+else
#endif
-gen_op_check_addc();
-}
+gen_op_check_addc();
gen_op_store_T0_gpr(rD(ctx-opcode));
}
/* addic. */
csum_test.tar.bz2
Description: application/bzip
___
Qemu-devel mailing list
Qemu-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/qemu-devel
[Qemu-devel] PATCH: 2nd serial port for Malta
Attached is a simple patch to enable the 2nd serial port on the malta board. Testing shows it even allows the use of KGDB over the second serial port. signed-off-by: [EMAIL PROTECTED] Jason. Index: qemu/hw/mips_malta.c === --- qemu.orig/hw/mips_malta.c +++ qemu/hw/mips_malta.c @@ -570,6 +570,7 @@ void mips_malta_init (int ram_size, int kbd_init(); rtc_state = rtc_init(0x70, 8); serial_init(pic_set_irq_new, isa_pic, 0x3f8, 4, serial_hds[0]); +serial_init(pic_set_irq_new, isa_pic, 0x2f8, 4, serial_hds[0]); parallel_init(0x378, 7, parallel_hds[0]); /* XXX: The floppy controller does not work correctly, something is probably wrong. ___ Qemu-devel mailing list Qemu-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/qemu-devel
[Qemu-devel] Monitor multiplexing
I would like to submit the monitor multiplexing patch again. It is
ported against the latest CVS.
It allows adding monitor capabilities like stdio but with tcp for
instance, and the escape character can be changed from the default.
signed-off-by: [EMAIL PROTECTED]
Index: monitor.c
===
RCS file: /sources/qemu/qemu/monitor.c,v
retrieving revision 1.64
diff -u -r1.64 monitor.c
--- monitor.c 5 Feb 2007 20:46:05 - 1.64
+++ monitor.c 5 Feb 2007 21:15:12 -
@@ -54,7 +54,8 @@
const char *help;
} term_cmd_t;
-static CharDriverState *monitor_hd;
+#define MAX_MON 4
+static CharDriverState *monitor_hd[MAX_MON];
static int hide_banner;
static term_cmd_t term_cmds[];
@@ -69,8 +70,11 @@
void term_flush(void)
{
+int i;
if (term_outbuf_index 0) {
-qemu_chr_write(monitor_hd, term_outbuf, term_outbuf_index);
+for (i = 0; i MAX_MON; i++)
+if (monitor_hd[i] monitor_hd[i]-focus == 0)
+qemu_chr_write(monitor_hd[i], term_outbuf, term_outbuf_index);
term_outbuf_index = 0;
}
}
@@ -2452,9 +2456,25 @@
monitor_start_input();
}
+static int is_first_init = 1;
+
void monitor_init(CharDriverState *hd, int show_banner)
{
-monitor_hd = hd;
+int i;
+
+if (is_first_init) {
+for (i = 0; i MAX_MON; i++) {
+monitor_hd[i] = NULL;
+}
+is_first_init = 0;
+}
+for (i = 0; i MAX_MON; i++) {
+if (monitor_hd[i] == NULL) {
+monitor_hd[i] = hd;
+break;
+}
+}
+
hide_banner = !show_banner;
qemu_chr_add_handlers(hd, term_can_read, term_read, term_event, NULL);
@@ -2475,8 +2495,12 @@
void monitor_readline(const char *prompt, int is_password,
char *buf, int buf_size)
{
+int i;
+
if (is_password) {
-qemu_chr_send_event(monitor_hd, CHR_EVENT_FOCUS);
+for (i = 0; i MAX_MON; i++)
+if (monitor_hd[i] monitor_hd[i]-focus == 0)
+qemu_chr_send_event(monitor_hd[i], CHR_EVENT_FOCUS);
}
readline_start(prompt, is_password, monitor_readline_cb, NULL);
monitor_readline_buf = buf;
Index: qemu-doc.texi
===
RCS file: /sources/qemu/qemu/qemu-doc.texi,v
retrieving revision 1.128
diff -u -r1.128 qemu-doc.texi
--- qemu-doc.texi 5 Feb 2007 19:42:07 - 1.128
+++ qemu-doc.texi 5 Feb 2007 21:15:12 -
@@ -610,6 +610,18 @@
same as if you had specified @code{-serial tcp} except the unix domain socket
@var{path} is used for connections.
[EMAIL PROTECTED] mon:dev_string
+This is a special option to allow the monitor to be multiplexed onto
+another serial port. The monitor is accessed with key sequence of
[EMAIL PROTECTED] and then pressing @key{c}. See monitor access
[EMAIL PROTECTED] in the -nographic section for more keys.
[EMAIL PROTECTED] should be any one of the serial devices specified
+above. An example to multiplex the monitor onto a server telnet server
+listening on port would be:
[EMAIL PROTECTED] @code
[EMAIL PROTECTED] -serial mon:telnet::,server,nowait
[EMAIL PROTECTED] table
+
@end table
@item -parallel dev
@@ -629,6 +641,19 @@
The default device is @code{vc} in graphical mode and @code{stdio} in
non graphical mode.
[EMAIL PROTECTED] -echr numeric_ascii_value
+Change the escape character used for switching to the monitor when using
+monitor and serial sharing. The default is @code{0x01} when using the
[EMAIL PROTECTED] option. @code{0x01} is equal to pressing
[EMAIL PROTECTED] You can select a different character from the ascii
+control keys where 1 through 26 map to Control-a through Control-z. For
+instance you could use the either of the following to change the escape
+character to Control-t.
[EMAIL PROTECTED] @code
[EMAIL PROTECTED] -echr 0x14
[EMAIL PROTECTED] -echr 20
[EMAIL PROTECTED] table
+
@item -s
Wait gdb connection to port 1234 (@pxref{gdb_usage}).
@item -p port
@@ -711,6 +736,8 @@
Exit emulator
@item Ctrl-a s
Save disk data back to file (if -snapshot)
[EMAIL PROTECTED] Ctrl-a t
+toggle console timestamps
@item Ctrl-a b
Send break (magic sysrq in Linux)
@item Ctrl-a c
Index: vl.c
===
RCS file: /sources/qemu/qemu/vl.c,v
retrieving revision 1.248
diff -u -r1.248 vl.c
--- vl.c5 Feb 2007 20:46:05 - 1.248
+++ vl.c5 Feb 2007 21:15:13 -
@@ -1213,6 +1213,218 @@
return chr;
}
+/* MUX driver for serial I/O splitting */
+static int term_timestamps;
+static int64_t term_timestamps_start;
+#define MAX_MUX 2
+typedef struct {
+IOCanRWHandler *chr_can_read[MAX_MUX];
+IOReadHandler *chr_read[MAX_MUX];
+IOEventHandler *chr_event[MAX_MUX];
+void *ext_opaque[MAX_MUX];
+CharDriverState *drv;
+int mux_cnt;
+int term_got_escape;
+int
Re: [Qemu-devel] qemu vl.h hw/arm_boot.c hw/integratorcp.c hw/re...
Paul the code change that was checked in here causes the zImage files I
generate not to work anymore.
Please consider the small patch which fixes the problem. The load_elf()
function is returning -1.
signed-off-by: [EMAIL PROTECTED]
Paul Brook wrote:
CVSROOT:/sources/qemu
Module name:qemu
Changes by: Paul Brook pbrook 07/01/16 18:54:31
Modified files:
. : vl.h
hw : arm_boot.c integratorcp.c realview.c
versatilepb.c
Log message:
ARM ELF loader.
CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/qemu/vl.h?cvsroot=qemur1=1.172r2=1.173
http://cvs.savannah.gnu.org/viewcvs/qemu/hw/arm_boot.c?cvsroot=qemur1=1.1r2=1.2
http://cvs.savannah.gnu.org/viewcvs/qemu/hw/integratorcp.c?cvsroot=qemur1=1.10r2=1.11
http://cvs.savannah.gnu.org/viewcvs/qemu/hw/realview.c?cvsroot=qemur1=1.2r2=1.3
http://cvs.savannah.gnu.org/viewcvs/qemu/hw/versatilepb.c?cvsroot=qemur1=1.7r2=1.8
___
Qemu-devel mailing list
Qemu-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/qemu-devel
Index: qemu/hw/arm_boot.c
===
--- qemu.orig/hw/arm_boot.c
+++ qemu/hw/arm_boot.c
@@ -80,7 +80,7 @@ void arm_load_kernel(CPUState *env, int
}
kernel_size = load_elf(kernel_filename, 0, entry);
-if (kernel_size) {
+if (kernel_size 0) {
/* An ELF image. Jump to the entry point. */
env-regs[15] = entry 0xfffe;
env-thumb = entry 1;
___
Qemu-devel mailing list
Qemu-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/qemu-devel
Re: [Qemu-devel] Re: weird slirp problems (dns lookups stopped working, and maybe more) [PATCH]
I posted a similar patch last year, but it was not accepted for some
reason. Making this change allows UDP nfs to work to a remote file
server as well.
I would recommend, making one further change as included in this patch.
It allows KGDBOE to operate on the local host or from a remote host
because it allow the special 10.0.2.2 address to be translated.
I have included the patch in the e-mail once again.
signed-off-by: [EMAIL PROTECTED]
Jason.
Juergen Lock wrote:
On Wed, Jan 10, 2007 at 12:04:03AM +0100, Juergen Lock wrote:
...
Ok, garrison on irc just helped solve this mystery: This (the same)
one actually goes out first, before the 10.0.2.3 one (I didn't notice
at first), and since slirp reuses the socket because the source ip and
port hasnt changed (slirp/udp.c lines 172 and up, it doesn't check the
dest ip), the second packet with the 10.0.2.3 dest ip (which gets
replaced with the hosts's dns) goes out wrong. And the reason this
worked previously with the same guest is multicast started working
only recently...
And here's the fix I just added to the FreeBSD qemu port: (thanx garrison!)
Index: qemu/slirp/udp.c
@@ -205,8 +208,6 @@
/* udp_last_so = so; */
so-so_laddr = ip-ip_src;
so-so_lport = uh-uh_sport;
- so-so_faddr = ip-ip_dst; /* XXX */
- so-so_fport = uh-uh_dport; /* XXX */
if ((so-so_iptos = udp_tos(so)) == 0)
so-so_iptos = ip-ip_tos;
@@ -216,6 +217,15 @@
* and if it is, do the fork_exec() etc.
*/
}
+
+ /*
+* Assign destination unconditionally
+*
+* This fixes the case where packets are sent from the same
+* source ip/port to different destination ips/ports
+*/
+ so-so_faddr = ip-ip_dst; /* XXX */
+ so-so_fport = uh-uh_dport; /* XXX */
iphlen += sizeof(struct udphdr);
m-m_len -= iphlen;
___
Qemu-devel mailing list
Qemu-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/qemu-devel
Index: qemu/slirp/udp.c
===
--- qemu.orig/slirp/udp.c
+++ qemu/slirp/udp.c
@@ -205,8 +205,6 @@ udp_input(m, iphlen)
/* udp_last_so = so; */
so-so_laddr = ip-ip_src;
so-so_lport = uh-uh_sport;
- so-so_faddr = ip-ip_dst; /* XXX */
- so-so_fport = uh-uh_dport; /* XXX */
if ((so-so_iptos = udp_tos(so)) == 0)
so-so_iptos = ip-ip_tos;
@@ -216,6 +214,13 @@ udp_input(m, iphlen)
* and if it is, do the fork_exec() etc.
*/
}
+ /* Always reset the from address as it can change,
+* as with NFS for example where it will talk to
+* the same destination port with multiple source
+* addresses. Or different gdb session to kgdboe.
+*/
+ so-so_faddr = ip-ip_dst; /* XXX */
+ so-so_fport = uh-uh_dport; /* XXX */
iphlen += sizeof(struct udphdr);
m-m_len -= iphlen;
@@ -312,7 +317,8 @@ int udp_output(struct socket *so, struct
struct sockaddr_in saddr, daddr;
saddr = *addr;
-if ((so-so_faddr.s_addr htonl(0xff00)) == special_addr.s_addr) {
+if ((so-so_faddr.s_addr htonl(0xff00)) == special_addr.s_addr
+addr-sin_addr.s_addr == htonl(0x7f01)) {
saddr.sin_addr.s_addr = so-so_faddr.s_addr;
if ((so-so_faddr.s_addr htonl(0x00ff)) == htonl(0xff))
saddr.sin_addr.s_addr = alias_addr.s_addr;
___
Qemu-devel mailing list
Qemu-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/qemu-devel
[Qemu-devel] [PATCH] PPC32 Trace Exception and Trap instruction
Please add this patch to CVS.
The patch has two purposes:
1) The NIP needs to be updated for a tw instruction.
I found that when executing protected mode traps
the PC was always set to the begining of the code
generation block instead of the instruction the trap
occurred on.
The usual PPC breakpoint instruction is:
7d 82 10 08 twger2,r2 (Trap when rA = rB)
2) Single stepping was fixed up earlier in the year
for using a debugger connected to the QEMU
gdb stub. Now it is enabled for connecting a
runtime single stepping with the trace trap so you
can use ptrace() or even debug KGDB.
signed-off-by: [EMAIL PROTECTED]
Thanks,
Jason.
Index: qemu/target-ppc/helper.c
===
--- qemu.orig/target-ppc/helper.c
+++ qemu/target-ppc/helper.c
@@ -1113,8 +1113,6 @@ void do_interrupt (CPUState *env)
}
goto store_next;
case EXCP_TRACE: /* 0x0D00 */
-/* XXX: TODO */
-cpu_abort(env, Trace exception is not implemented yet !\n);
goto store_next;
case EXCP_PERF: /* 0x0F00 */
/* XXX: TODO */
Index: qemu/target-ppc/translate.c
===
--- qemu.orig/target-ppc/translate.c
+++ qemu/target-ppc/translate.c
@@ -1956,6 +1956,8 @@ GEN_HANDLER(tw, 0x1F, 0x04, 0xFF, 0x
{
gen_op_load_gpr_T0(rA(ctx-opcode));
gen_op_load_gpr_T1(rB(ctx-opcode));
+/* Update the nip since this might generate a trap exception */
+gen_op_update_nip(ctx-nip);
gen_op_tw(TO(ctx-opcode));
}
___
Qemu-devel mailing list
Qemu-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/qemu-devel
[Qemu-devel] [PATCH] FC6 compat compiler fix
When using the gcc34 compiler in FC6 QEMU will not build. It seems that linux/compiler.h is not actually used for anything, as it continues to build fine on other linux varients. signed-off-by: [EMAIL PROTECTED] Jason. Index: qemu-101806/usb-linux.c === --- qemu-101806.orig/usb-linux.c +++ qemu-101806/usb-linux.c @@ -26,7 +26,6 @@ #if defined(__linux__) #include dirent.h #include sys/ioctl.h -#include linux/compiler.h #include linux/usbdevice_fs.h #include linux/version.h ___ Qemu-devel mailing list Qemu-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/qemu-devel
[Qemu-devel] [PATCH] GDB serial protocol fixes (detach, kill, and initial status query)
I have occasionally found that I have killed off gdb, and had no way to
recover a debug session to QEMU. Also the detach/kill sequence does not
work correctly protocol wise in the QEMU gdb-stub. This patch addresses
these problems.
I implemented the serial protocol commands the same way as in KGDB.
? = Query state, but also clear the breakpoints.
- KGDB/gdb do the same thing so that in case you lose your
session or context, gdb always send the ? command during the
connect sequence. This ensures that gdb has a clean slate
for breakpoints and run control.
D = Detach and clear all breakpoints with return OK
k = Do the same thing as D for now
In the future this can be used to kill the target
emulation. But for now it makes gdb and other gdb serial debugger
happy.
signed-off-by: [EMAIL PROTECTED]
Thanks,
Jason.
Index: qemu/cpu-all.h
===
--- qemu.orig/cpu-all.h
+++ qemu/cpu-all.h
@@ -768,6 +768,7 @@ void cpu_reset_interrupt(CPUState *env,
int cpu_breakpoint_insert(CPUState *env, target_ulong pc);
int cpu_breakpoint_remove(CPUState *env, target_ulong pc);
+int cpu_breakpoint_remove_all(CPUState *env);
void cpu_single_step(CPUState *env, int enabled);
void cpu_reset(CPUState *s);
Index: qemu/gdbstub.c
===
--- qemu.orig/gdbstub.c
+++ qemu/gdbstub.c
@@ -580,6 +580,8 @@ static int gdb_handle_packet(GDBState *s
/* TODO: Make this return the correct value for user-mode. */
snprintf(buf, sizeof(buf), S%02x, SIGTRAP);
put_packet(s, buf);
+/* Remove all the breakpoints when this query is issued. */
+cpu_breakpoint_remove_all(env);
break;
case 'c':
if (*p != '\0') {
@@ -603,6 +605,18 @@ static int gdb_handle_packet(GDBState *s
vm_start();
#endif
return RS_IDLE;
+case 'k':
+case 'D':
+/* Detach packet */
+if (!cpu_breakpoint_remove_all(env)) {
+#ifdef CONFIG_USER_ONLY
+s-running_state = 1;
+#else
+vm_start();
+#endif
+put_packet(s, OK);
+break;
+}
case 's':
if (*p != '\0') {
addr = strtoul(p, (char **)p, 16);
___
Qemu-devel mailing list
Qemu-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/qemu-devel
[Qemu-devel] [PATCH] latest monitor / mux
This patch set has been brought up to date with cvs and the time stamp
feature is abstracted now. This means you can do something like:
-serial mon:vc
Or my favorite:
-serial mon:telnet::,server
There are two patches attached to show the logical progress of the code
and in the case that one is not accepted the work is more easily broken
down.
The serial_mux_driver.patch must be applied first. It adds a generic
mux support for the I/O drivers internal to vl.c. The main purpose is
to use it for switching on the monitor. Basically it allows more than
one driver to register an fd_read and fd_can_read routine. Of course
the mux support is generic and could easily be used for other sorts of
I/O. This patch also adds the new options:
-echr ascii_value -- Allow you to use a different control character
other than Control-a
-serial mon:device_string -- Multiplex the device_string with the
monitor functionality
The second patch fully abstracts the monitor and time stamp functions so
that the monitor can be used on more than one serial port at the same
time as well as having a separate dedicated monitor. I also removed the
stdio splitting from the stdio driver. The mux driver can be used to
replace any functionality that previously existed.
signed-off-by: [EMAIL PROTECTED]
Jason.
Index: qemu/vl.c
===
--- qemu.orig/vl.c
+++ qemu/vl.c
@@ -1063,9 +1063,11 @@ void qemu_chr_add_read_handler(CharDrive
s-chr_add_read_handler(s, fd_can_read, fd_read, opaque);
}
-void qemu_chr_add_event_handler(CharDriverState *s, IOEventHandler *chr_event)
+void qemu_chr_add_event_handler(CharDriverState *s, IOEventHandler *chr_event,
+void *event_opaque)
{
s-chr_event = chr_event;
+s-event_opaque = event_opaque;
}
static int null_chr_write(CharDriverState *chr, const uint8_t *buf, int len)
@@ -1091,6 +1093,173 @@ CharDriverState *qemu_chr_open_null(void
return chr;
}
+/* MUX driver for serial I/O splitting */
+static int term_timestamps;
+static int64_t term_timestamps_start;
+#define MAX_MUX 2
+typedef struct {
+IOCanRWHandler *fd_can_read[MAX_MUX];
+IOReadHandler *fd_read[MAX_MUX];
+void *ext_opaque[MAX_MUX];
+CharDriverState *drv;
+int idx;
+int mux_cnt;
+int term_got_escape;
+int max_size;
+} MuxDriver;
+
+
+static int mux_chr_write(CharDriverState *chr, const uint8_t *buf, int len)
+{
+MuxDriver *d = chr-opaque;
+len = d-drv-chr_write(d-drv, buf, len);
+return len;
+}
+
+static char *mux_help[] = {
+% hprint this help\n\r,
+% xexit emulator\n\r,
+% ssave disk data back to file (if -snapshot)\n\r,
+% ttoggle console timestamps\n\r
+% bsend break (magic sysrq)\n\r,
+% cswitch between console and monitor\n\r,
+% % sends %\n\r,
+NULL
+};
+
+static int term_escape_char = 0x01; /* ctrl-a is used for escape */
+static void mux_print_help(CharDriverState *chr)
+{
+int i, j;
+char ebuf[15] = Escape-Char;
+char cbuf[50] = \n\r;
+
+if (term_escape_char 0 term_escape_char 26) {
+sprintf(cbuf,\n\r);
+sprintf(ebuf,C-%c, term_escape_char - 1 + 'a');
+} else {
+sprintf(cbuf,\n\rEscape-Char set to Ascii: 0x%02x\n\r\n\r,
term_escape_char);
+}
+chr-chr_write(chr, cbuf, strlen(cbuf));
+for (i = 0; mux_help[i] != NULL; i++) {
+for (j=0; mux_help[i][j] != '\0'; j++) {
+if (mux_help[i][j] == '%')
+chr-chr_write(chr, ebuf, strlen(ebuf));
+else
+chr-chr_write(chr, mux_help[i][j], 1);
+}
+}
+}
+
+static int mux_proc_byte(CharDriverState *chr, MuxDriver *d, int ch)
+{
+if (d-term_got_escape) {
+d-term_got_escape = 0;
+if (ch == term_escape_char)
+goto send_char;
+switch(ch) {
+case '?':
+case 'h':
+mux_print_help(chr);
+break;
+case 'x':
+exit(0);
+break;
+case 's':
+{
+int i;
+for (i = 0; i MAX_DISKS; i++) {
+if (bs_table[i])
+bdrv_commit(bs_table[i]);
+}
+}
+break;
+case 'b':
+if (chr-chr_event)
+chr-chr_event(chr-event_opaque, CHR_EVENT_BREAK);
+break;
+case 'c':
+/* Switch to the next registered device */
+d-idx++;
+if (d-idx = d-mux_cnt)
+d-idx = 0;
+break;
+ case 't':
+ term_timestamps = !term_timestamps;
+ term_timestamps_start = -1;
+ break;
+}
+} else if (ch == term_escape_char) {
+d-term_got_escape = 1;
+} else {
+send_char:
+return 1;
+}
+return 0;
+}
+
+static int
Re: [Qemu-devel] [PATCH] add serial port mux for debug monitor support
Following up to my last patch, I noticed a break; statement was missing and cause a bit of a problem with the -echr option. Fix is attached. signed-off-by: [EMAIL PROTECTED] Jason Wessel wrote: There are two patches attached to show the logical progress of the code and in the case that one is not accepted the work is more easily broken down. The serial_mux_driver.patch must be applied first. It adds a generic mux support for the I/O drivers internal to vl.c. The main purpose is to use it for switching on the monitor. Basically it allows more than one driver to register an fd_read and fd_can_read routine. Of course the mux support is generic and could easily be used for other sorts of I/O. This patch also adds the new options: -echr ascii_value -- Allow you to use a different control character other than Control-a -serial mon:device_string -- Multiplex the device_string with the monitor functionality The second patch fully abstracts the monitor so that the monitor can be used on more than one serial port at the same time as well as having a separate dedicated monitor. I also removed the stdio splitting from the stdio driver. The mux driver can be used to replace any functionality that I missed. signed-off-by: [EMAIL PROTECTED] Jason. Index: qemu/vl.c === --- qemu.orig/vl.c +++ qemu/vl.c @@ -6036,6 +6036,7 @@ int main(int argc, char **argv) term_escape_char = strtol(optarg, r, 0); if (r == optarg) printf(Bad argument to echr\n); +break; } case QEMU_OPTION_monitor: pstrcpy(monitor_device, sizeof(monitor_device), optarg); ___ Qemu-devel mailing list Qemu-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/qemu-devel
[Qemu-devel] [PATCH] add serial port mux for debug monitor support
There are two patches attached to show the logical progress of the code
and in the case that one is not accepted the work is more easily broken
down.
The serial_mux_driver.patch must be applied first. It adds a generic
mux support for the I/O drivers internal to vl.c. The main purpose is
to use it for switching on the monitor. Basically it allows more than
one driver to register an fd_read and fd_can_read routine. Of course
the mux support is generic and could easily be used for other sorts of
I/O. This patch also adds the new options:
-echr ascii_value -- Allow you to use a different control character
other than Control-a
-serial mon:device_string -- Multiplex the device_string with the
monitor functionality
The second patch fully abstracts the monitor so that the monitor can be
used on more than one serial port at the same time as well as having a
separate dedicated monitor. I also removed the stdio splitting from the
stdio driver. The mux driver can be used to replace any functionality
that I missed.
signed-off-by: [EMAIL PROTECTED]
Jason.
Index: qemu/vl.c
===
--- qemu.orig/vl.c
+++ qemu/vl.c
@@ -1124,9 +1124,11 @@ void qemu_chr_add_read_handler(CharDrive
s-chr_add_read_handler(s, fd_can_read, fd_read, opaque);
}
-void qemu_chr_add_event_handler(CharDriverState *s, IOEventHandler *chr_event)
+void qemu_chr_add_event_handler(CharDriverState *s, IOEventHandler *chr_event,
+void *event_opaque)
{
s-chr_event = chr_event;
+s-event_opaque = event_opaque;
}
static int null_chr_write(CharDriverState *chr, const uint8_t *buf, int len)
@@ -1152,6 +1154,166 @@ CharDriverState *qemu_chr_open_null(void
return chr;
}
+#define MAX_MUX 2
+/* MUX driver for serial I/O splitting */
+typedef struct {
+IOCanRWHandler *fd_can_read[MAX_MUX];
+IOReadHandler *fd_read[MAX_MUX];
+void *ext_opaque[MAX_MUX];
+CharDriverState *drv;
+int idx;
+int mux_cnt;
+int term_got_escape;
+int max_size;
+} MuxDriver;
+
+
+static int mux_chr_write(CharDriverState *chr, const uint8_t *buf, int len)
+{
+MuxDriver *d = chr-opaque;
+len = d-drv-chr_write(d-drv, buf, len);
+return len;
+}
+
+static char *mux_help[] = {
+% hprint this help\n\r,
+% xexit emulator\n\r,
+% ssave disk data back to file (if -snapshot)\n\r,
+% bsend break (magic sysrq)\n\r,
+% cswitch between console and monitor\n\r,
+% % sends %\n\r,
+NULL
+};
+
+static int term_escape_char = 0x01; /* ctrl-a is used for escape */
+static void mux_print_help(CharDriverState *chr)
+{
+int i, j;
+char ebuf[15] = Escape-Char;
+char cbuf[50] = \n\r;
+
+if (term_escape_char 0 term_escape_char 26) {
+sprintf(cbuf,\n\r);
+sprintf(ebuf,C-%c, term_escape_char - 1 + 'a');
+} else {
+sprintf(cbuf,\n\rEscape-Char set to Ascii: 0x%02x\n\r\n\r,
term_escape_char);
+}
+chr-chr_write(chr, cbuf, strlen(cbuf));
+for (i = 0; mux_help[i] != NULL; i++) {
+for (j=0; mux_help[i][j] != '\0'; j++) {
+if (mux_help[i][j] == '%')
+chr-chr_write(chr, ebuf, strlen(ebuf));
+else
+chr-chr_write(chr, mux_help[i][j], 1);
+}
+}
+}
+
+static int mux_proc_byte(CharDriverState *chr, MuxDriver *d, int ch)
+{
+if (d-term_got_escape) {
+d-term_got_escape = 0;
+if (ch == term_escape_char)
+goto send_char;
+switch(ch) {
+case '?':
+case 'h':
+mux_print_help(chr);
+break;
+case 'x':
+exit(0);
+break;
+case 's':
+{
+int i;
+for (i = 0; i MAX_DISKS; i++) {
+if (bs_table[i])
+bdrv_commit(bs_table[i]);
+}
+}
+break;
+case 'b':
+if (chr-chr_event)
+chr-chr_event(chr-event_opaque, CHR_EVENT_BREAK);
+break;
+case 'c':
+/* Switch to the next registered device */
+d-idx++;
+if (d-idx = d-mux_cnt)
+d-idx = 0;
+break;
+}
+} else if (ch == term_escape_char) {
+d-term_got_escape = 1;
+} else {
+send_char:
+return 1;
+}
+return 0;
+}
+
+static int mux_chr_fd_can_read(void *opaque)
+{
+CharDriverState *chr = opaque;
+MuxDriver *d = chr-opaque;
+return d-fd_can_read[d-idx](d-ext_opaque[d-idx]);
+}
+
+static void mux_chr_fd_read(void *opaque, const uint8_t *buf, int size)
+{
+CharDriverState *chr = opaque;
+MuxDriver *d = chr-opaque;
+int i;
+for(i = 0; i size; i++)
+if (mux_proc_byte(chr, d, buf[i]))
+d-fd_read[d-idx](d-ext_opaque[d-idx], buf[i], 1);
+}
+
+static void
[Qemu-devel] [PATCH] telnet IAC options and simplified tcp udp options
This patch simplifies the syntax of the tcp and udp options, as well as
adding the telnet protocol.
signed-off-by: [EMAIL PROTECTED]
Jason.
Index: qemu/vl.c
===
--- qemu.orig/vl.c
+++ qemu/vl.c
@@ -2203,16 +2203,16 @@ static void udp_chr_add_read_handler(Cha
}
int parse_host_port(struct sockaddr_in *saddr, const char *str);
+int parse_host_src_port(struct sockaddr_in *haddr,
+struct sockaddr_in *saddr,
+const char *str);
CharDriverState *qemu_chr_open_udp(const char *def)
{
CharDriverState *chr = NULL;
NetCharDriver *s = NULL;
int fd = -1;
-int con_type;
-struct sockaddr_in addr;
-const char *p, *r;
-int port;
+struct sockaddr_in saddr;
chr = qemu_mallocz(sizeof(CharDriverState));
if (!chr)
@@ -2227,58 +2227,12 @@ CharDriverState *qemu_chr_open_udp(const
goto return_err;
}
-/* There are three types of port definitions
- * 1) udp:remote_port
- *Juse use 0.0.0.0 for the IP and send to remote
- * 2) udp:remote_host:port
- *Use a IP and send traffic to remote
- * 3) udp:local_port:remote_host:remote_port
- *Use local_port as the originator + #2
- */
-con_type = 0;
-p = def;
-while ((p = strchr(p, ':'))) {
-p++;
-con_type++;
-}
-
-p = def;
-memset(addr,0,sizeof(addr));
-addr.sin_family = AF_INET;
-addr.sin_addr.s_addr = htonl(INADDR_ANY);
-s-daddr.sin_family = AF_INET;
-s-daddr.sin_addr.s_addr = htonl(INADDR_ANY);
-
-switch (con_type) {
-case 0:
-port = strtol(p, (char **)r, 0);
-if (r == p) {
-fprintf(stderr, Error parsing port number\n);
-goto return_err;
-}
-s-daddr.sin_port = htons((short)port);
-break;
-case 2:
-port = strtol(p, (char **)r, 0);
-if (r == p) {
-fprintf(stderr, Error parsing port number\n);
-goto return_err;
-}
-addr.sin_port = htons((short)port);
-p = r + 1;
-/* Fall through to case 1 now that we have the local port */
-case 1:
-if (parse_host_port(s-daddr, p) 0) {
-fprintf(stderr, Error parsing host name and port\n);
-goto return_err;
-}
-break;
-default:
-fprintf(stderr, Too many ':' characters\n);
-goto return_err;
+if (parse_host_src_port(s-daddr, saddr, def) 0) {
+printf(Could not parse: %s\n, def);
+goto return_err;
}
-if (bind(fd, (struct sockaddr *)addr, sizeof(addr)) 0)
+if (bind(fd, (struct sockaddr *)saddr, sizeof(saddr)) 0)
{
perror(bind);
goto return_err;
@@ -2312,6 +2266,7 @@ typedef struct {
int fd, listen_fd;
int connected;
int max_size;
+int do_telnetopt;
} TCPCharDriver;
static void tcp_chr_accept(void *opaque);
@@ -2337,6 +2292,56 @@ static int tcp_chr_read_poll(void *opaqu
return s-max_size;
}
+#define IAC 255
+#define IAC_BREAK 243
+static void tcp_chr_process_IAC_bytes(CharDriverState *chr,
+ TCPCharDriver *s,
+ char *buf, int *size)
+{
+/* Handle any telnet client's basic IAC options to satisfy char by
+ * char mode with no echo. All IAC options will be removed from
+ * the buf and the do_telnetopt variable will be used to track the
+ * state of the width of the IAC information.
+ *
+ * IAC commands come in sets of 3 bytes with the exception of the
+ * IAC BREAK command and the double IAC.
+ */
+
+int i;
+int j = 0;
+
+for (i = 0; i *size; i++) {
+if (s-do_telnetopt 1) {
+if ((unsigned char)buf[i] == IAC s-do_telnetopt == 2) {
+/* Double IAC means send an IAC */
+if (j != i)
+buf[j] = buf[i];
+j++;
+s-do_telnetopt = 1;
+} else {
+if ((unsigned char)buf[i] == IAC_BREAK s-do_telnetopt ==
2) {
+/* Handle IAC break commands by sending a serial break */
+chr-chr_event(s-fd_opaque, CHR_EVENT_BREAK);
+s-do_telnetopt++;
+}
+s-do_telnetopt++;
+}
+if (s-do_telnetopt = 4) {
+s-do_telnetopt = 1;
+}
+} else {
+if ((unsigned char)buf[i] == IAC) {
+s-do_telnetopt = 2;
+} else {
+if (j != i)
+buf[j] = buf[i];
+j++;
+}
+}
+}
+*size = j;
+}
+
static void tcp_chr_read(void *opaque)
{
CharDriverState *chr = opaque;
@@ -2360,7 +2365,10 @@ static void tcp_chr_read(void
Re: [Qemu-devel] qemu vl.c qemu-doc.texi
Hi Fabrice,
We ought to collaborate more about the intent to code something. I had
already implemented the TCP net console as well. Since the code was
similar I patched in the difference in functionality from my code into
yours as well as further changing the docs.
I fixed a small defect in the TCP net console where it did not accept
only a port for the tcpl option. I added the following features with
the attached patch which I had been using in my TCP net console version.
wtcpl - Wait infinitely for the first connection so that you can get
the console from the very start
telnet - This allows you to fully make use of telnet in char by char
mode. It also supports sending the telnet break which translates to
sending a serial break just like you would do if you used a terminal
server. This is frequently used to activate MAGIC_SYSRQ support in a
kernel.
wtelnet - Same as telnet, but wait infinitely for the first connect.
The reason for having a separate tcpl vs telnet is to separate out the
IAC option negotiation because it can mess up clients that are not
expecting it.
Question:
If I resubmit the -mserial option would it stand a chance of being
accepted?
Please let me know if there is some change you might like to get that
patch accepted as well. I will re-create the patch against the current
CVS anyway because I still need the functionality of having the monitor
and serial port redirected to the same remote socket.
Thanks,
Jason.
Fabrice Bellard wrote:
CVSROOT:/sources/qemu
Module name:qemu
Changes by: Fabrice Bellard bellard 06/06/25 14:49:44
Modified files:
. : vl.c qemu-doc.texi
Log message:
UDP char device (initial patch by Jason Wessel) - TCP char device
CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/qemu/vl.c?cvsroot=qemur1=1.190r2=1.191
http://cvs.savannah.gnu.org/viewcvs/qemu/qemu-doc.texi?cvsroot=qemur1=1.96r2=1.97
___
Qemu-devel mailing list
Qemu-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/qemu-devel
Index: qemu/vl.c
===
--- qemu.orig/vl.c
+++ qemu/vl.c
@@ -2312,6 +2312,7 @@ typedef struct {
int fd, listen_fd;
int connected;
int max_size;
+int do_telnetopt;
} TCPCharDriver;
static void tcp_chr_accept(void *opaque);
@@ -2337,6 +2338,56 @@ static int tcp_chr_read_poll(void *opaqu
return s-max_size;
}
+#define IAC 255
+#define IAC_BREAK 243
+static void tcp_chr_process_IAC_bytes(CharDriverState *chr,
+ TCPCharDriver *s,
+ char *buf, int *size)
+{
+/* Handle any telnet client's basic IAC options to satisfy char by
+ * char mode with no echo. All IAC options will be removed from
+ * the buf and the do_telnetopt variable will be used to track the
+ * state of the width of the IAC information.
+ *
+ * IAC commands come in sets of 3 bytes with the exception of the
+ * IAC BREAK command and the double IAC.
+ */
+
+int i;
+int j = 0;
+
+for (i = 0; i *size; i++) {
+if (s-do_telnetopt 1) {
+if ((unsigned char)buf[i] == IAC s-do_telnetopt == 2) {
+/* Double IAC means send an IAC */
+if (j != i)
+buf[j] = buf[i];
+j++;
+s-do_telnetopt = 1;
+} else {
+if ((unsigned char)buf[i] == IAC_BREAK s-do_telnetopt ==
2) {
+/* Handle IAC break commands by sending a serial break */
+chr-chr_event(s-fd_opaque, CHR_EVENT_BREAK);
+s-do_telnetopt++;
+}
+s-do_telnetopt++;
+}
+if (s-do_telnetopt = 4) {
+s-do_telnetopt = 1;
+}
+} else {
+if ((unsigned char)buf[i] == IAC) {
+s-do_telnetopt = 2;
+} else {
+if (j != i)
+buf[j] = buf[i];
+j++;
+}
+}
+}
+*size = j;
+}
+
static void tcp_chr_read(void *opaque)
{
CharDriverState *chr = opaque;
@@ -2360,7 +2411,10 @@ static void tcp_chr_read(void *opaque)
closesocket(s-fd);
s-fd = -1;
} else if (size 0) {
-s-fd_read(s-fd_opaque, buf, size);
+if (s-do_telnetopt)
+tcp_chr_process_IAC_bytes(chr, s, buf, size);
+if (size 0)
+s-fd_read(s-fd_opaque, buf, size);
}
}
@@ -2385,6 +2439,20 @@ static void tcp_chr_connect(void *opaque
tcp_chr_read, NULL, chr);
}
+static void tcp_chr_telnet_init(int fd)
+{
+char buf[3];
+/* Send the telnet negotion to put telnet in binary, no echo, single char
mode */
+sprintf(buf,%c%c%c,0xff, 0xfb, 0x01); /* IAC WILL ECHO */
+send(fd, (char *)buf, 3, 0);
+sprintf(buf,%c
[Qemu-devel] gdb-stub support for Win32 host
This patch adds support for the gdb-stub to work on the Win32 host and
compile in by default. I retested to make sure everything was
compatible so as not to break the unix side.
signed-off-by: [EMAIL PROTECTED]
Thanks,
Jason.
Index: qemu/configure
===
--- qemu.orig/configure
+++ qemu/configure
@@ -312,7 +312,6 @@ fi
if test $mingw32 = yes ; then
linux=no
EXESUF=.exe
-gdbstub=no
oss=no
if [ $cpu = i386 ] ; then
kqemu=yes
Index: qemu/gdbstub.c
===
--- qemu.orig/gdbstub.c
+++ qemu/gdbstub.c
@@ -30,10 +30,22 @@
#include vl.h
#endif
+#ifndef _WIN32
#include sys/socket.h
#include netinet/in.h
#include netinet/tcp.h
#include signal.h
+#else
+#include windows.h
+#include io.h
+typedef unsigned int socklen_t;
+#ifndef SIGTRAP
+#define SIGTRAP 5
+#endif
+#ifndef SIGINT
+#define SIGINT 2
+#endif
+#endif
//#define DEBUG_GDB
@@ -69,7 +81,7 @@ static int get_char(GDBState *s)
int ret;
for(;;) {
-ret = read(s-fd, ch, 1);
+ret = recv(s-fd, ch, 1, 0);
if (ret 0) {
if (errno != EINTR errno != EAGAIN)
return -1;
@@ -87,7 +99,7 @@ static void put_buffer(GDBState *s, cons
int ret;
while (len 0) {
-ret = write(s-fd, buf, len);
+ret = send(s-fd, buf, len, 0);
if (ret 0) {
if (errno != EINTR errno != EAGAIN)
return;
@@ -829,7 +841,7 @@ static void gdb_read(void *opaque)
int i, size;
uint8_t buf[4096];
-size = read(s-fd, buf, sizeof(buf));
+size = recv(s-fd, buf, sizeof(buf), 0);
if (size 0)
return;
if (size == 0) {
@@ -866,7 +878,7 @@ static void gdb_accept(void *opaque)
/* set short latency */
val = 1;
-setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, val, sizeof(val));
+setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, (char *)val, sizeof(val));
#ifdef CONFIG_USER_ONLY
s = gdbserver_state;
@@ -881,7 +893,14 @@ static void gdb_accept(void *opaque)
s-env = first_cpu; /* XXX: allow to change CPU */
s-fd = fd;
+#ifndef _WIN32
fcntl(fd, F_SETFL, O_NONBLOCK);
+#else
+{
+unsigned long tmp = 1;
+ioctlsocket (fd, FIONBIO, tmp);
+}
+#endif
#ifndef CONFIG_USER_ONLY
/* stop the VM */
@@ -907,7 +926,7 @@ static int gdbserver_open(int port)
/* allow fast reuse */
val = 1;
-setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, val, sizeof(val));
+setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (char *)val, sizeof(val));
sockaddr.sin_family = AF_INET;
sockaddr.sin_port = htons(port);
@@ -923,7 +942,14 @@ static int gdbserver_open(int port)
return -1;
}
#ifndef CONFIG_USER_ONLY
+#ifndef _WIN32
fcntl(fd, F_SETFL, O_NONBLOCK);
+#else
+{
+unsigned long tmp = 1;
+ioctlsocket (fd, FIONBIO, tmp);
+}
+#endif
#endif
return fd;
}
___
Qemu-devel mailing list
Qemu-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/qemu-devel
Re: [Qemu-devel] [PATCH 1/5] single step with no IRQs and timers
Daniel,
Here is the revised patch (against CVS HEAD 5/21/06). The docs are
updated as well.
signed-off-by: [EMAIL PROTECTED]
Cheers,
Jason.
Daniel Jacobowitz wrote:
Hi Jason,
Not that I'm always good about this myself, but could I ask you to
follow this paragraph from the GDB manual, since these are commands
unlikely to be supported by a general GDB (at least not unless someone
proposes them...):
* The names of custom vendor packets should use a company prefix, in
lower case, followed by a period. For example, packets designed at
the Acme Corporation might begin with `qacme.foo' (for querying
foos) or `Qacme.bar' (for setting bars).
Company name could be whatever here - either wrs or qemu, I suppose,
probably qemu. By that logic it would probably be Qqemu.sstep=5, too,
though that's less important. The goal is of course not to conflict
with later versions of GDB.
And thanks for doing this! What a great idea!
Index: qemu/cpu-exec.c
===
--- qemu.orig/cpu-exec.c
+++ qemu/cpu-exec.c
@@ -452,7 +452,8 @@ int cpu_exec(CPUState *env1)
tmp_T0 = T0;
#endif
interrupt_request = env-interrupt_request;
-if (__builtin_expect(interrupt_request, 0)) {
+if (__builtin_expect(interrupt_request, 0)
+!(env-singlestep_enabled SSTEP_NOIRQ)) {
#if defined(TARGET_I386)
/* if hardware interrupt pending, we execute it */
if ((interrupt_request CPU_INTERRUPT_HARD)
Index: qemu/vl.c
===
--- qemu.orig/vl.c
+++ qemu/vl.c
@@ -4438,6 +4438,8 @@ void qemu_system_powerdown_request(void)
cpu_interrupt(cpu_single_env, CPU_INTERRUPT_EXIT);
}
+static CPUState *cur_cpu;
+
void main_loop_wait(int timeout)
{
IOHandlerRecord *ioh, *ioh_next;
@@ -4531,19 +4533,19 @@ void main_loop_wait(int timeout)
#endif
if (vm_running) {
-qemu_run_timers(active_timers[QEMU_TIMER_VIRTUAL],
-qemu_get_clock(vm_clock));
+if (!(cur_cpu-singlestep_enabled SSTEP_NOTIMER))
+qemu_run_timers(active_timers[QEMU_TIMER_VIRTUAL],
+qemu_get_clock(vm_clock));
/* run dma transfers, if any */
DMA_run();
}
/* real time timers */
-qemu_run_timers(active_timers[QEMU_TIMER_REALTIME],
-qemu_get_clock(rt_clock));
+if (!(cur_cpu-singlestep_enabled SSTEP_NOTIMER))
+qemu_run_timers(active_timers[QEMU_TIMER_REALTIME],
+qemu_get_clock(rt_clock));
}
-static CPUState *cur_cpu;
-
int main_loop(void)
{
int ret, timeout;
Index: qemu/gdbstub.c
===
--- qemu.orig/gdbstub.c
+++ qemu/gdbstub.c
@@ -46,6 +46,11 @@ enum RSState {
/* XXX: This is not thread safe. Do we care? */
static int gdbserver_fd = -1;
+/* By default use no IRQs and no timers while single stepping so as to
+ * make single stepping like an ICE HW step.
+ */
+static int sstep_flags = SSTEP_ENABLE|SSTEP_NOIRQ|SSTEP_NOTIMER;
+
typedef struct GDBState {
CPUState *env; /* current CPU */
enum RSState state; /* parsing state */
@@ -596,7 +601,7 @@ static int gdb_handle_packet(GDBState *s
env-pc = addr;
#endif
}
-cpu_single_step(env, 1);
+cpu_single_step(env, sstep_flags);
#ifdef CONFIG_USER_ONLY
s-running_state = 1;
#else
@@ -672,8 +677,36 @@ static int gdb_handle_packet(GDBState *s
goto breakpoint_error;
}
break;
+case 'q':
+case 'Q':
+/* parse any 'q' packets here */
+if (!strcmp(p,qemu.sstepbits)) {
+/* Query Breakpoint bit definitions */
+sprintf(buf,ENABLE=%x,NOIRQ=%x,NOTIMER=%x,
+SSTEP_ENABLE,
+SSTEP_NOIRQ,
+SSTEP_NOTIMER);
+put_packet(s, buf);
+break;
+} else if (strncmp(p,qemu.sstep,10) == 0) {
+/* Display or change the sstep_flags */
+p += 10;
+if (*p != '=') {
+/* Display current setting */
+sprintf(buf,0x%x, sstep_flags);
+put_packet(s, buf);
+break;
+}
+p++;
+type = strtoul(p, (char **)p, 16);
+sstep_flags = type;
+put_packet(s, OK);
+break;
+}
+goto unknown_command;
+break;
default:
-//unknown_command:
+unknown_command:
/* put empty packet */
buf[0] = '\0';
put_packet(s, buf);
Index: qemu/cpu-all.h
===
--- qemu.orig/cpu-all.h
+++ qemu/cpu-all.h
@@ -768,6 +768,11 @@ void cpu_reset_interrupt(CPUState *env,
int
[Qemu-devel] [PATCH 0/5] 5 patches on the way
I am submitting 5 different patches for improvements to qemu as separate e-mails so as to get feedback and further change the patches if needed in the hope they will be accepted. I will make further changes to the docs if needed as well. Each feature has been tested on a linux 2.6 kernel and Windows XP system for clean compilation and functionality. The patches are applied in the following order against CVS 5/20/06 single_step_noirq_notimer.patch ppc_breakpoints.patch undefined_instruction_handler_fix.patch block-mem_device.patch netconsole_and_monitor.patch I will submit gladly submit for the change log as well. Thanks, Jason. ___ Qemu-devel mailing list Qemu-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/qemu-devel
[Qemu-devel] [PATCH 1/5] single step with no IRQs and timers
This patch adds the functionality to the gdb-stub to single step with
the IRQs and timers disabled. It greatly improves gdb's ability to
perform run control while running a linux kernel and stepping off of
breakpoints or stepping into certain types of functions. I have also
included individual controls for IRQs and timers to restore the original
behavior, since it is useful as well.
signed-off-by: [EMAIL PROTECTED]
Jason.
Index: qemu/cpu-exec.c
===
--- qemu.orig/cpu-exec.c
+++ qemu/cpu-exec.c
@@ -452,7 +452,8 @@ int cpu_exec(CPUState *env1)
tmp_T0 = T0;
#endif
interrupt_request = env-interrupt_request;
-if (__builtin_expect(interrupt_request, 0)) {
+if (__builtin_expect(interrupt_request, 0)
+!(env-singlestep_enabled SSTEP_NOIRQ)) {
#if defined(TARGET_I386)
/* if hardware interrupt pending, we execute it */
if ((interrupt_request CPU_INTERRUPT_HARD)
Index: qemu/vl.c
===
--- qemu.orig/vl.c
+++ qemu/vl.c
@@ -4407,6 +4407,8 @@ void qemu_system_powerdown_request(void)
cpu_interrupt(cpu_single_env, CPU_INTERRUPT_EXIT);
}
+static CPUState *cur_cpu;
+
void main_loop_wait(int timeout)
{
IOHandlerRecord *ioh, *ioh_next;
@@ -4500,19 +4502,19 @@ void main_loop_wait(int timeout)
#endif
if (vm_running) {
-qemu_run_timers(active_timers[QEMU_TIMER_VIRTUAL],
-qemu_get_clock(vm_clock));
+if (!(cur_cpu-singlestep_enabled SSTEP_NOTIMER))
+qemu_run_timers(active_timers[QEMU_TIMER_VIRTUAL],
+qemu_get_clock(vm_clock));
/* run dma transfers, if any */
DMA_run();
}
/* real time timers */
-qemu_run_timers(active_timers[QEMU_TIMER_REALTIME],
-qemu_get_clock(rt_clock));
+if (!(cur_cpu-singlestep_enabled SSTEP_NOTIMER))
+qemu_run_timers(active_timers[QEMU_TIMER_REALTIME],
+qemu_get_clock(rt_clock));
}
-static CPUState *cur_cpu;
-
int main_loop(void)
{
int ret, timeout;
Index: qemu/gdbstub.c
===
--- qemu.orig/gdbstub.c
+++ qemu/gdbstub.c
@@ -46,6 +46,11 @@ enum RSState {
/* XXX: This is not thread safe. Do we care? */
static int gdbserver_fd = -1;
+/* By default use no IRQs and no timers while single stepping so as to
+ * make single stepping like an ICE HW step.
+ */
+static int sstep_flags = SSTEP_ENABLE|SSTEP_NOIRQ|SSTEP_NOTIMER;
+
typedef struct GDBState {
CPUState *env; /* current CPU */
enum RSState state; /* parsing state */
@@ -596,7 +601,7 @@ static int gdb_handle_packet(GDBState *s
env-pc = addr;
#endif
}
-cpu_single_step(env, 1);
+cpu_single_step(env, sstep_flags);
#ifdef CONFIG_USER_ONLY
s-running_state = 1;
#else
@@ -672,8 +677,35 @@ static int gdb_handle_packet(GDBState *s
goto breakpoint_error;
}
break;
+case 'q':
+/* parse any 'q' packets here */
+if (!strcmp(p,sstepbits)) {
+/* Query Breakpoint bit definitions */
+sprintf(buf,ENABLE=%x,NOIRQ=%x,NOTIMER=%x,
+SSTEP_ENABLE,
+SSTEP_NOIRQ,
+SSTEP_NOTIMER);
+put_packet(s, buf);
+break;
+} else if (strncmp(p,sstep,5) == 0) {
+/* Display or change the sstep_flags */
+p += 5;
+if (*p != '=') {
+/* Display current setting */
+sprintf(buf,0x%x, sstep_flags);
+put_packet(s, buf);
+break;
+}
+p++;
+type = strtoul(p, (char **)p, 16);
+sstep_flags = type;
+put_packet(s, OK);
+break;
+}
+goto unknown_command;
+break;
default:
-//unknown_command:
+unknown_command:
/* put empty packet */
buf[0] = '\0';
put_packet(s, buf);
Index: qemu/cpu-all.h
===
--- qemu.orig/cpu-all.h
+++ qemu/cpu-all.h
@@ -768,6 +768,11 @@ void cpu_reset_interrupt(CPUState *env,
int cpu_breakpoint_insert(CPUState *env, target_ulong pc);
int cpu_breakpoint_remove(CPUState *env, target_ulong pc);
+
+#define SSTEP_ENABLE 0x1 /* Enable simulated HW single stepping */
+#define SSTEP_NOIRQ 0x2 /* Do not use IRQ while single stepping */
+#define SSTEP_NOTIMER 0x4 /* Do not Timers while single stepping */
+
void cpu_single_step(CPUState *env, int enabled);
void cpu_reset(CPUState *s);
Index: qemu/qemu-doc.texi
===
--- qemu.orig/qemu-doc.texi
+++
[Qemu-devel] [PATCH 3/5] ARM undefined instruction execution
This patch fixes the execution of undefined instructions for ARM. With
out it the virtualized CPU incorrectly executes the do_abort vector instead.
signed-off-by: [EMAIL PROTECTED]
Jason.
Index: qemu/target-arm/translate.c
===
--- qemu.orig/target-arm/translate.c
+++ qemu/target-arm/translate.c
@@ -1589,6 +1589,15 @@ static void disas_arm_insn(CPUState * en
case 0x5:
case 0x6:
case 0x7:
+/* Check for undefined extension instructions
+ * per the ARM Bible IE:
+ * 0111
+ */
+sh = (0xf 20) | (0xf 4);
+if (op1 == 0x7 ((insn sh) == sh))
+{
+goto illegal_op;
+}
/* load/store byte/word */
rn = (insn 16) 0xf;
rd = (insn 12) 0xf;
___
Qemu-devel mailing list
Qemu-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/qemu-devel
[Qemu-devel] [PATCH 5/5] Netconsole and updated Monitor support
This patch add support for remote net consoles via udp similar to what
you would do with a net console with u-boot or a linux kernel.
Typically you use the netcat tool for this.
This patch also partially abstracts the ability to switch between the
monitor and the main focus of a port. I say it is only partially
abstracted, because I only implemented the shared console support for
the stdio and udp consoles. To minimize the amount of changes in this
patch, I left the stdio driver's stdio_clients array alone. It seems
that its main purpose was for monitor sharing, but I was not certain.
If the only purpose was for the monitor, then the array can be
refactored out in the future.
The code well on Win32 and Linux. The original command line arguments
and defaults were all preserved. The new command line options were
documented in the documentation section of the patch.
signed-off-by: [EMAIL PROTECTED]
Jason.
PS:
I can also supply the netcat patches to force telnet into character mode
with remote echo turned on.
Index: qemu/vl.c
===
--- qemu.orig/vl.c
+++ qemu/vl.c
@@ -1132,6 +1132,160 @@ CharDriverState *qemu_chr_open_null(void
return chr;
}
+typedef struct {
+IOCanRWHandler *fd_can_read;
+IOReadHandler *fd_read;
+void *ext_opaque;
+int fd_in, fd_out;
+void *mon_orig;
+void *mon_opaque;
+int max_size;
+} MonitorDriver;
+
+#define TERM_ESCAPE 0x01 /* ctrl-a is used for escape */
+static MonitorDriver *mon_priv; /* pointer to current monitor console */
+static int term_got_escape = 0;
+void monitor_print_help(void *opaque)
+{
+CharDriverState *chr = opaque;
+char *buf = \n\r
+ C-a hprint this help\n\r
+ C-a xexit emulator\n\r
+ C-a ssave disk data back to file (if -snapshot)\n\r
+ C-a bsend break (magic sysrq)\n\r
+ C-a cswitch between console and monitor\n\r
+C-a C-a send C-a\n\r;
+chr-chr_write(chr, buf, strlen(buf));
+}
+
+/* An I/O driver can choose to call this to get shared monitor
+ * support. The routine returns 1 if the caller should process the
+ * character else it returns 0 to indicate that the character was
+ * handled by this routine.
+ */
+static int proc_received_byte(int ch, void *opaque)
+{
+CharDriverState *chr = opaque;
+
+if (!chr-monitorEnabled)
+goto send_char;
+if (term_got_escape) {
+term_got_escape = 0;
+switch(ch) {
+case 'h':
+monitor_print_help(opaque);
+break;
+case 'x':
+exit(0);
+break;
+case 's':
+{
+int i;
+for (i = 0; i MAX_DISKS; i++) {
+if (bs_table[i])
+bdrv_commit(bs_table[i]);
+}
+}
+break;
+case 'b':
+{
+CharDriverState *chr;
+/* Note that this is dependant on each driver which
+ * calls this proc_received_byte an opaque pointer at
+ * the same ofset in the structure. A some futre time this
+ * might have to be abstracted via opaque.
+ *
+ * IE: MonitorDriver, FDCharDriver, WinCharState
+ * ---
+ * IOCanRWHandler *can_read;
+ * IOReadHandler *read;
+ * void *opaque;
+ * ---
+ */
+MonitorDriver *s;
+
+chr = opaque;
+s = chr-opaque;
+if (chr-chr_event)
+chr-chr_event(s-ext_opaque, CHR_EVENT_BREAK);
+}
+break;
+case 'c':
+/* swap the monitor in and out */
+if (mon_priv-mon_opaque == opaque)
+{
+mon_priv-mon_opaque = mon_priv-mon_orig;
+} else {
+mon_priv-mon_opaque = opaque;
+/* send a new line in the monitor to get the prompt */
+ch = '\r';
+goto send_char;
+}
+break;
+case TERM_ESCAPE:
+goto send_char;
+}
+} else if (ch == TERM_ESCAPE) {
+term_got_escape = 1;
+} else {
+send_char:
+if (mon_priv mon_priv-mon_opaque == opaque) {
+uint8_t buf[1];
+/* Send characters to the monitor device */
+if (mon_priv-fd_can_read(mon_priv-mon_opaque) 0) {
+buf[0] = ch;
+mon_priv-fd_read(mon_priv-mon_opaque, buf, 1);
+}
+return 0;
+}
+return 1;
+}
+return 0;
+}
+
+static int monitor_chr_write(CharDriverState *chr, const uint8_t *buf, int len)
+{
+MonitorDriver *d = chr-opaque;
+if (d d-mon_opaque)
+{
+CharDriverState *c = d-mon_opaque;
+if (c-chr_write)
+
[Qemu-devel] [PATCH] undefined instruction handling to fix for ARM
After some significant debugging I found the problem with GDB on the
target side.
The instruction translation was not correctly executing undefined
instructions per section 3.13.1 of the ARM Architecture Reference
Manual. Using the attached patch, the target side GDB as well as kernel
side ptrace() with software breakpoints execute correctly and report
exceptions to the correct vector.
Thanks,
Jason.
? .pc
? patches
Index: Changelog
===
RCS file: /sources/qemu/qemu/Changelog,v
retrieving revision 1.115
diff -u -r1.115 Changelog
--- Changelog 30 Apr 2006 21:28:35 - 1.115
+++ Changelog 2 May 2006 20:14:20 -
@@ -8,6 +8,8 @@
- Solaris port (Ben Taylor)
- Preliminary SH4 target (Samuel Tardieu)
- VNC server (Anthony Liguori)
+ - Fix undefined instruction handling
+for gdb and soft stepping (Jason Wessel)
version 0.8.0:
Index: target-arm/translate.c
===
RCS file: /sources/qemu/qemu/target-arm/translate.c,v
retrieving revision 1.41
diff -u -r1.41 translate.c
--- target-arm/translate.c 9 Apr 2006 14:38:57 - 1.41
+++ target-arm/translate.c 2 May 2006 20:14:20 -
@@ -1589,6 +1589,15 @@
case 0x5:
case 0x6:
case 0x7:
+/* Check for undefined extension instructions
+ * per the ARM Bible IE:
+ * 0111
+ */
+sh = (0xf 20) | (0xf 4);
+if (op1 == 0x7 ((insn sh) == sh))
+{
+goto illegal_op;
+}
/* load/store byte/word */
rn = (insn 16) 0xf;
rd = (insn 12) 0xf;
___
Qemu-devel mailing list
Qemu-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/qemu-devel
[Qemu-devel] [PATCH] versatile AB board support
Paul Brook did all the hard work for the Versatile PB.
The Versatile AB is quite similar to the PB but has a different
expansion bus and flash. This patch adds Versatile AB support so you can
boot an unmodified ARM Versatile AB kernel.
signed-off-by: [EMAIL PROTECTED]
Thanks,
Jason.
Index: qemu/hw/versatilepb.c
===
--- qemu.orig/hw/versatilepb.c
+++ qemu/hw/versatilepb.c
@@ -314,8 +314,39 @@ static void vpb_init(int ram_size, int v
set_kernel_args(ram_size, initrd_size, kernel_cmdline);
}
+static void vab_init(int ram_size, int vga_ram_size, int boot_device,
+ DisplayState *ds, const char **fd_filename, int snapshot,
+ const char *kernel_filename, const char *kernel_cmdline,
+ const char *initrd_filename)
+{
+ /* The versatile AB is mostly the same board as the versatile PB
+* but with a different machine number. IE: 926ejs core with the
+* same core perpheriphals (ethernet/serial/vga/keyboard/mouse).
+* Later the flash and the different I/O devices could be added
+* here. For now, this allows an unmodified versatile AB kernel
+* to boot.
+*/
+ int n;
+ vpb_init(ram_size, vga_ram_size, boot_device,
+ds, fd_filename, snapshot,
+kernel_filename, kernel_cmdline,
+initrd_filename);
+ /* The versatile/AB needs 0x25e for the machine number */
+ bootloader[1] = 0xe3a0105e; /* mov r1, #0x5e */
+ bootloader[2] = 0xe3811c02; /* orr r1, r1, #0x200 */
+for (n = 0; n sizeof(bootloader) / 4; n++)
+stl_raw(phys_ram_base + (n * 4), bootloader[n]);
+
+}
+
QEMUMachine versatilepb_machine = {
versatilepb,
ARM Versatile/PB (ARM926EJ-S),
vpb_init,
};
+
+QEMUMachine versatileab_machine = {
+versatileab,
+ARM Versatile/AB (ARM926EJ-S),
+vab_init,
+};
Index: qemu/vl.c
===
--- qemu.orig/vl.c
+++ qemu/vl.c
@@ -4863,6 +4863,7 @@ void register_machines(void)
qemu_register_machine(integratorcp926_machine);
qemu_register_machine(integratorcp1026_machine);
qemu_register_machine(versatilepb_machine);
+qemu_register_machine(versatileab_machine);
#else
#error unsupported CPU
#endif
Index: qemu/vl.h
===
--- qemu.orig/vl.h
+++ qemu/vl.h
@@ -984,6 +984,7 @@ extern QEMUMachine integratorcp1026_mach
/* versatilepb.c */
extern QEMUMachine versatilepb_machine;
+extern QEMUMachine versatileab_machine;
/* ps2.c */
void *ps2_kbd_init(void (*update_irq)(void *, int), void *update_arg);
___
Qemu-devel mailing list
Qemu-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/qemu-devel
[Qemu-devel] Strange page fault problem in qemu-system-arm
Has anyone seen user land page fault problems where gdb does not work with the qemu-system-arm ? I compile my kernel with CONFIG_DEBUG_USER so as to add a debug hook for user land page faults, which you can see in the case of running gdb below. I ran gdb on /bin/ls just as a simple case, IE: / # gdb /bin/ls (gdb) run Starting program: /bin/ls BFD: /lib/ld-linux.so.3: warning: sh_link not set for section `.ARM.exidx' pgd = c7d2 [] *pgd=06902031, *pte=, *ppte= Pid: 211, comm: ls CPU: 0 PC is at 0x4000b584 LR is at 0x40003854 pc : [4000b584]lr : [40003854]Not tainted sp : bea5b958 ip : 40015508 fp : bea5ba34 r10: 4001d000 r9 : 4001d1f8 r8 : 4001d524 r7 : 000f0005 r6 : 4001d538 r5 : 4001d040 r4 : r3 : 0001 r2 : 0001 r1 : 400159f0 r0 : Flags: nzcv IRQs on FIQs on Mode USER_32 Segment user Control: 3137 Table: 07D2 DAC: 0015 [c0023578] (show_regs+0x0/0x50) from [c002d7f8] (__do_user_fault+0x5c/0xa4) r4 = C6080580 [c002d79c] (__do_user_fault+0x0/0xa4) from [c002da90] (do_page_fault+0x1e4/0x214) r7 = C001B480 r6 = C6080580 r5 = C0454A70 r4 = FFEC [c002d8ac] (do_page_fault+0x0/0x214) from [c002dc0c] (do_DataAbort+0x3c/0xa4) [c002dbd0] (do_DataAbort+0x0/0xa4) from [c0020088] (ret_from_exception+0x0/0x10) r8 = 4001D524 r7 = 000F0005 r6 = 4001D538 r5 = 4001D040 r4 = BFD: /lib/libgcc_s.so.1: warning: sh_link not set for section `.ARM.exidx' BFD: /lib/libc.so.6: warning: sh_link not set for section `.ARM.exidx' BFD: /lib/ld-linux.so.3: warning: sh_link not set for section `.ARM.exidx' (no debugging symbols found) BFD: /lib/libgcc_s.so.1: warning: sh_link not set for section `.ARM.exidx' (no debugging symbols found) BFD: /lib/libc.so.6: warning: sh_link not set for section `.ARM.exidx' (no debugging symbols found) BFD: /lib/ld-linux.so.3: warning: sh_link not set for section `.ARM.exidx' (no debugging symbols found) pgd = c7d2 [] *pgd=06902031, *pte=, *ppte= Pid: 211, comm: ls CPU: 0 PC is at 0x4000b584 LR is at 0x40003854 pc : [4000b584]lr : [40003854]Not tainted sp : bea5b958 ip : 40015508 fp : bea5ba34 r10: 4001d000 r9 : 4001d1f8 r8 : 4001d524 r7 : 000f0005 r6 : 4001d538 r5 : 4001d040 r4 : r3 : 0001 r2 : 0001 r1 : 400159f0 r0 : Flags: nzcv IRQs on FIQs on Mode USER_32 Segment user Control: 3137 Table: 07D2 DAC: 0015 [c0023578] (show_regs+0x0/0x50) from [c002d7f8] (__do_user_fault+0x5c/0xa4) r4 = C6080580 [c002d79c] (__do_user_fault+0x0/0xa4) from [c002da90] (do_page_fault+0x1e4/0x214) r7 = C001B480 r6 = C6080580 r5 = C0454A70 r4 = FFEC [c002d8ac] (do_page_fault+0x0/0x214) from [c002dc0c] (do_DataAbort+0x3c/0xa4) [c002dbd0] (do_DataAbort+0x0/0xa4) from [c0020088] (ret_from_exception+0x0/0x10) r8 = 4001D524 r7 = 000F0005 r6 = 4001D538 r5 = 4001D040 r4 = Program received signal SIGSEGV, Segmentation fault. 0x4000b584 in _dl_debug_state () from /lib/ld-linux.so.3 (gdb) bt #0 0x4000b584 in _dl_debug_state () from /lib/ld-linux.so.3 #1 0x40003854 in ?? () from /lib/ld-linux.so.3 The same kernel on real hardware seems to be just fine IE: (gdb) run Starting program: /bin/ls BFD: /lib/ld-linux.so.3: warning: sh_link not set for section `.ARM.exidx' BFD: /lib/libgcc_s.so.1: warning: sh_link not set for section `.ARM.exidx' BFD: /lib/libc.so.6: warning: sh_link not set for section `.ARM.exidx' BFD: /lib/ld-linux.so.3: warning: sh_link not set for section `.ARM.exidx' (no debugging symbols found) BFD: /lib/libgcc_s.so.1: warning: sh_link not set for section `.ARM.exidx' (no debugging symbols found) BFD: /lib/libc.so.6: warning: sh_link not set for section `.ARM.exidx' (no debugging symbols found) BFD: /lib/ld-linux.so.3: warning: sh_link not set for section `.ARM.exidx' (no debugging symbols found) bin etc lib opt sbin usr boot home linuxrc proc sys var dev initrd mnt root tmp Program exited normally. (gdb) You can ignore the sh_link errors of course. If someone has any insight it would be appreciated. I am not too sure about the qemu internals for ARM at this point, but I might be learning something soon. It looked to me like the fatal miss occurred when gdb planted a breakpoint via ptrace() for the shared library hooks, but again it is only a theory at this point. Thanks, Jason. ___ Qemu-devel mailing list Qemu-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/qemu-devel
[Qemu-devel] [PATCH] gdbstub.c fix for SIGINT
Attached is a patch to add the case for interrupting the gdbstub and
sending the correct signal to gdb.
The gdb serial protocol states that if you interrupt the stub with a
control-c in gdb that it should stop with S02 (SIGINT) to indicate
that it was interrupted. I also added the tlb flush so that
breakpoints can be written in correctly. I found that if I ran a
pentium qemu instance and broke in with gdb and planted a breakpoint at
do_fork() that it was not immediately hit due to the lack of the
flush. With the patch, it reliably stops all the time now when a
breakpoint is planted after interrupting the stub.
Thanks,
Jason.
Index: Changelog
===
RCS file: /sources/qemu/qemu/Changelog,v
retrieving revision 1.111
diff -u -r1.111 Changelog
--- Changelog 12 Apr 2006 21:09:31 - 1.111
+++ Changelog 17 Apr 2006 13:05:57 -
@@ -2,6 +2,7 @@
- USB tablet support (Brad Campbell, Anthony Liguori)
- win32 host serial support (Kazu)
+ - Fix SIGINT handler for gdbstub
version 0.8.0:
Index: gdbstub.c
===
RCS file: /sources/qemu/qemu/gdbstub.c,v
retrieving revision 1.34
diff -u -r1.34 gdbstub.c
--- gdbstub.c 5 Dec 2005 19:55:19 - 1.34
+++ gdbstub.c 17 Apr 2006 13:05:57 -
@@ -654,6 +654,9 @@
if (reason == EXCP_DEBUG) {
tb_flush(s-env);
ret = SIGTRAP;
+} else if (reason == EXCP_INTERRUPT) {
+tb_flush(s-env);
+ret = SIGINT;
}
else
ret = 0;
___
Qemu-devel mailing list
Qemu-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/qemu-devel
