Hi all, I'm trying to use QEMU to emulate a piece of firmware, but I'm having trouble getting the UART device to properly update the Line Status Register and display the input character.
Details: Target device: Qualcomm QCA9533 (Documentation here if you're curious<https://github.com/Deoptim/atheros/blob/master/QCA9531_V2.0_nowatermark.pdf>) Target firmware: VxWorks 6.6 with U-Boot bootload CPU: MIPS 24Kc Board: mipssim (modified) Memory: 512MB Command used: qemu-system-mips -S -s -cpu 24Kc -M mipssim -nographic -bios target_image.bin I have to apologize here, but I am unable to share my source. However, as I am attempting to retool the mipssim board, I have only made minor changes to the code, which are as follows: * Rebased bios memory region to 0x1F000000 * Changed load_image_targphys() target address to 0x1F000000 * Changed $pc initial value to 0xBF000000 (TLB remap of 0x1F000000) * Replaced the mipssim serial_init() call with serial_mm_init(isa, 0x20000, env->irq[0], 115200, serial_hd(0), DEVICE_NATIVE_ENDIAN). While it seems like serial_init() is probably the currently accepted standard, I wasn't having any luck with remapping it. I noticed the malta board had no issues outputting on a MIPS test kernel I gave it, so I tried to mimic what was done there. However, I still cannot understand how QEMU works and I am unable to find many good resources that explain it. My slog through the source and included docs is ongoing, but in the meantime I was hoping someone might have some insight into what I'm doing wrong. The binary loads and executes correctly from address 0xBF000000, but hangs when it hits the first UART polling loop. A look at mtree in the QEMU monitor shows that the I/O device is mapped correctly to address range 0x18020000-0x1802003f, and when the firmware writes to the Tx buffer, gdb shows the character successfully is written to memory. There's just no further action from the serial device to pull that character and display it, so the firmware endlessly polls on the LSR waiting for an update. Is there something I'm missing when it comes to serial/hardware interaction in QEMU? I would have assumed that remapping all of the existing functional components of the mipssim board would be enough to at least get serial communication working, especially since the target uses the same 16550 UART that mipssim does. Please let me know if you have any insights. It would be helpful if I could find a way to debug QEMU itself with symbols, but at the same time I'm not totally sure what I'd be looking for. Even advice on how to scope down the issue would be useful. Thank you! NOTICE: This email message and all attachments transmitted with it may contain privileged and confidential information, and information that is protected by, and proprietary to, Parsons Corporation, and is intended solely for the use of the addressee for the specific purpose set forth in this communication. If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, or other use of this message or its attachments is strictly prohibited, and you should delete this message and all copies and backups thereof. The recipient may not further distribute or use any of the information contained herein without the express written authorization of the sender. If you have received this message in error, or if you have any questions regarding the use of the proprietary information contained therein, please contact the sender of this message immediately, and the sender will provide you with further instructions.
