On 16/04/2015 13:02, Paolo Bonzini wrote: > > > On 16/04/2015 13:07, Leon Alrae wrote: >> Since I also haven't had a chance to test Loongson emulation, I thought >> I'd give it a try (TCG only, Loongson-2E cpu and fulong2e machine). >> >> Good news is that I'm able to get to the login prompt using ancient QEMU >> v1.0, kernel 2.6.33 (with additional patch from >> https://lists.gnu.org/archive/html/qemu-devel/2010-06/msg02566.html) and >> some old debian image I had handy. However, in any newer version >> starting from v1.1.0 of QEMU something goes horribly wrong and it just >> segfaults somewhere inside hw/bonito.c quite early during kernel >> booting. > > Where exactly? If it's related to the memory API conversion, it may be > easy to fix. I can look at a backtrace (or you can just put the Debian > image somewhere I can grab it).
Bisect points at: 5312bd8b3152f8d4fcf9389ba54e32b09f4b4093 Crash occurs during the first access, below there is backtrace from working and not working case: Bad: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fffefe27700 (LWP 10929)] 0x00005555557a2278 in bonito_readl (opaque=0x5555564fb690, addr=24, size=4) at qemu/hw/bonito.c:299 299 return s->regs[saddr]; (gdb) bt #0 0x00005555557a2278 in bonito_readl (opaque=0x5555564fb690, addr=24, size=4) at qemu/hw/bonito.c:299 #1 0x00005555557d6e03 in memory_region_read_accessor (opaque=0x5555564fbb60, addr=24, value=0x7fffefe265d0, size=4, shift=0, mask=4294967295) at qemu/memory.c:314 #2 0x00005555557d6fa9 in access_with_adjusted_size (addr=24, value=0x7fffefe265d0, size=4, access_size_min=1, access_size_max=4, access=0x5555557d6daa <memory_region_read_accessor>, opaque=0x5555564fbb60) at qemu/memory.c:359 #3 0x00005555557d9796 in memory_region_dispatch_read1 (mr=0x5555564fbb60, addr=24, size=4) at qemu/memory.c:860 #4 0x00005555557d9886 in memory_region_dispatch_read (mr=0x5555564fbb60, addr=24, size=4) at qemu/memory.c:892 #5 0x00005555557dc306 in io_mem_read (io_index=6, addr=24, size=4) at qemu/memory.c:1492 #6 0x00005555557aed0d in subpage_read (opaque=0x5555564ed790, addr=24, len=4) at qemu/exec.c:3351 #7 0x00005555557d6e03 in memory_region_read_accessor (opaque=0x5555564ed790, addr=280, value=0x7fffefe267d0, size=4, shift=0, mask=4294967295) at qemu/memory.c:314 #8 0x00005555557d6fa9 in access_with_adjusted_size (addr=280, value=0x7fffefe267d0, size=4, access_size_min=1, access_size_max=4, access=0x5555557d6daa <memory_region_read_accessor>, opaque=0x5555564ed790) at qemu/memory.c:359 #9 0x00005555557d9796 in memory_region_dispatch_read1 (mr=0x5555564ed790, addr=280, size=4) at qemu/memory.c:860 #10 0x00005555557d9886 in memory_region_dispatch_read (mr=0x5555564ed790, addr=280, size=4) at qemu/memory.c:892 #11 0x00005555557dc306 in io_mem_read (io_index=7, addr=280, size=4) at qemu/memory.c:1492 #12 0x00005555557f523e in io_readl (physaddr=280, addr=18446744072633712920, retaddr=0x4023335e) at qemu/softmmu_template.h:78 #13 0x00005555557f5335 in __ldl_mmu (addr=18446744072633712920, mmu_idx=0) at qemu/softmmu_template.h:114 Good: Breakpoint 1, bonito_readl (opaque=0x55555646e450, addr=280, size=4) at qemu/hw/bonito.c:288 288 { (gdb) bt #0 bonito_readl (opaque=0x55555646e450, addr=280, size=4) at qemu/hw/bonito.c:288 #1 0x00005555557d6b83 in memory_region_read_accessor (opaque=0x55555646e920, addr=280, value=0x7fffefe265d0, size=4, shift=0, mask=4294967295) at qemu/memory.c:314 #2 0x00005555557d6d29 in access_with_adjusted_size (addr=280, value=0x7fffefe265d0, size=4, access_size_min=1, access_size_max=4, access=0x5555557d6b2a <memory_region_read_accessor>, opaque=0x55555646e920) at qemu/memory.c:359 #3 0x00005555557d9516 in memory_region_dispatch_read1 (mr=0x55555646e920, addr=280, size=4) at qemu/memory.c:860 #4 0x00005555557d9606 in memory_region_dispatch_read (mr=0x55555646e920, addr=280, size=4) at qemu/memory.c:892 #5 0x00005555557dc086 in io_mem_read (io_index=6, addr=280, size=4) at qemu/memory.c:1492 #6 0x00005555557aeba5 in subpage_read (opaque=0x555556543730, addr=280, len=4) at qemu/exec.c:3343 #7 0x00005555557d6b83 in memory_region_read_accessor (opaque=0x555556543730, addr=280, value=0x7fffefe267d0, size=4, shift=0, mask=4294967295) at qemu/memory.c:314 #8 0x00005555557d6d29 in access_with_adjusted_size (addr=280, value=0x7fffefe267d0, size=4, access_size_min=1, access_size_max=4, access=0x5555557d6b2a <memory_region_read_accessor>, opaque=0x555556543730) at qemu/memory.c:359 #9 0x00005555557d9516 in memory_region_dispatch_read1 (mr=0x555556543730, addr=280, size=4) at qemu/memory.c:860 #10 0x00005555557d9606 in memory_region_dispatch_read (mr=0x555556543730, addr=280, size=4) at qemu/memory.c:892 #11 0x00005555557dc086 in io_mem_read (io_index=7, addr=280, size=4) at qemu/memory.c:1492 #12 0x00005555557f4fbe in io_readl (physaddr=280, addr=18446744072633712920, retaddr=0x40232bde) at qemu/softmmu_template.h:78 #13 0x00005555557f50b5 in __ldl_mmu (addr=18446744072633712920, mmu_idx=0) at qemu/softmmu_template.h:114