OpenBSD appears to be trying to access cp14 crn=0 crm=1 opc1=0 opc2=0. Implementing this as a no-op allows the image to boot. I'm trying to track down what this is supposed to be -- it doesn't seem to be listed in the PXA27x docs.
(Previously we were lax about decoding and tended to print warnings and no-op on accesses to nonexistent coprocessor registers; part of the cleanup in the patches which introduced this regression was that we now actually UNDEF in the guest on bad accesses, which is what hardware does for unimplemented regs. This does mean that some cases of "we need to implement this" that were previously slipping under the radar now need to be explicitly catered for.) -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1110531 Title: regression booting pxa kernels Status in QEMU: New Bug description: Somewhere between qemu 1.1.2 and 1.2.0 OpenBSD zaurus kernels and ramdisk images stopped booting properly and instead end up in the kernel debugger. This behaviour is still present in the latest git and appears to have been introduced in: commit e2f8a44d0d425a22cca5855702f534536f5e8c90 Author: Peter Maydell <peter.mayd...@linaro.org> Date: Wed Jun 20 11:57:07 2012 +0000 hw/pxa2xx.c: Convert CLKCFG and PWRMODE cp14 regs Convert the PXA2xx CLKCFG and PWRMODE cp14 registers to the new arm_cp_reginfo scheme. Signed-off-by: Peter Maydell <peter.mayd...@linaro.org> To duplicate this behaviour: http://ftp.openbsd.org/pub/OpenBSD/5.2/zaurus/bsd.rd $ qemu-system-arm -M spitz -serial stdio -kernel bsd.rd -portrait should boot to an install prompt. To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1110531/+subscriptions