Hi everyone, I'm having a problem similar to the reported in this email, but now I'm trying to emulate a MIPS 24KEc, ralink RT5350F.
Assembly Code: 0x802006a0 <reset+672>: lui t5,0xb011 0x802006a4 <reset+676>: ori t5,t5,0x168 0x802006a8 <reset+680>: li t6,23 0x802006ac <reset+684>: nop 0x802006b0 <reset+688>: sw t6,0(t5) <--- The instruction "sw t6,0(t5)" try to write to address 0xb0110168 (0x10110168), but Qemu decodes this address to 2952790112 (0xb0000060). Is this address right? Qemu Debug: #0 io_readx (env=0x5555566e4a78, iotlbentry=0x5555566ec348, addr=2952790112, retaddr=140737129226144, size=4) at /home/vini/projs/emuladores/qemu-routers/cputlb.c:786 #1 0x00005555557c9a02 in io_readl (env=0x5555566e4a78, mmu_idx=0, index=0, addr=2952790112, retaddr=140737129226144) at /home/vini/projs/emuladores/qemu-routers/softmmu_template.h:104 #2 0x00005555557c9b89 in helper_le_ldul_mmu (env=0x5555566e4a78, addr=2952790112, <---- oi=32, retaddr=140737129226144) at /home/vini/projs/emuladores/qemu-routers/softmmu_template.h:141 #3 0x00007fffea982108 in code_gen_buffer () Thanks. 2017-05-13 19:10 GMT-03:00 Vinicius Maciel <vinicius...@gmail.com>: > Hi Philippe and Aurelien, > > You are right. I have created a simple SYSBUS using sysbus_create_simple > at 0x18000000 and now my read function works! > > Thanks for help. I am attaching my code if you are interested. > > Vinicius > > 2017-05-13 18:57 GMT-03:00 Philippe Mathieu-Daudé <f4...@amsat.org>: > >> Hi Vinicius, >> >> On 2017-05-12 19:52, Vinicius Maciel wrote: >>> >>>> Hi all, >>>> >>>> I'm trying to emulate a MIPS 74Kc using a custom machine in order to >>>> run a >>>> CFE bootloader from broadcom. The CPU is Broadcom BCM5357. The problem >>>> >>> >> Here is your problem, there is no such model in QEMU. >> >> happens when Qemu calculates physaddr inside io_readx(), cputlb.c:line 784 >>>> >>>> physaddr = (physaddr & TARGET_PAGE_MASK) + addr; >>>> >>>> After run this line the the value is 0x18000000, which is clearly wrong. >>>> >>> >> The Broadcom BCM5357 is a WiSoc (Wireless System-On-Chip). >> >> A SoC (System-On-Chip) is not limited to a MIPS CPU but has a large set >> of embedded peripherals. >> >> QEMU does models the MIPS 74Kf cpu, but not the BCM5357 peripherals. >> >> At this physical address this SoC family maps a bus called >> SiliconBackplane (BP). >> The first peripheral mapped in the BP region is the ChipCommon (CC). >> Common meaning this core registers intend to be consistent between >> different models/releases using this BP bus, so a firmware can check it is >> running the correct hardware or check if peripherals/features are >> available/enabled to configure/use them. >> >> My guess is your CFE function board_earlyinit() is trying to determine >> the chip model by reading the ChipID from the CC it supposed is physically >> mapped at 0x18000000, which is not modeled in QEMU. >> >> Phil. >> >> >> >>> I don't think it's wrong, see below: >>> >>> More informations: >>>> >>>> BUG function: io_readx >>>> Assembly instruction: lw t1,0(a2) >>>> Machine code: 0x8cc90000 (Little endian) >>>> Access address: 0xb8000000 >>>> >>>> Assembly code: >>>> 80702f30 <board_earlyinit>: >>>> 80702f30: 3c06b800 lui a2,0xb800 >>>> >>> >>> This load 0xb8000000 in a2 >>> >>> 80702f34: 24075350 li a3,21328 >>>> 80702f38: 8cc90000 lw t1,0(a2) <---- >>>> >>> >>> Now this try to load a value from the virtual address 0xb8000000. This >>> address corresponds to kseg1 (Kernel Unmapped Uncached) and is mapped >>> to the physical address 0x18000000. See the MIPS32 Privileged Resource >>> Architecture Manual for more details how the virtual to physical mapping >>> works. >>> >>> Aurelien >>> >>> >