I seem to find the cause.
when qemu read init-sp and init-pc from rom:
rom = rom_ptr_for_as(s->as, vecbase, 8); (target/arm/cpu.c)
the func rom_ptr_for_as did not check for the Addressspace, as the comment
says
> * Note that we do not check @as against the 'as' member in the
> * 'struct Rom' returned by rom_ptr(). The Rom::as is the
> * AddressSpace which the rom blob should be written to, whereas
> * our @as argument is the AddressSpace which we are (effectively)
> * reading from, and the same underlying RAM will often be visible
> * in multiple AddressSpaces. (A common example is a ROM blob
> * written to the 'system' address space but then read back via a
> * CPU's cpu->as pointer.) This does mean we might potentially
> * return a false-positive match if a ROM blob was loaded into an
> * AS which is entirely separate and distinct from the one we're
> * querying, but this issue exists also for rom_ptr() and hasn't
> * caused any problems in practice.
>
So in this case above, the second cpu would load the rom of the first cpu,
and set the wrong stackpointer when reset.
For now, I add a func called rom_ptr_with_as, to find a rom and check its
AddressSpace,
and now the 2 cpu could work normally. And I don't know this is a QEMU
issue or not.
Seems that there were not such problems before?
--Canming Huang
Huang Canming <huangcm...@gmail.com> 于2023年4月10日周一 15:11写道:
> Thank you very much for this explanation! For now, I use the generic
> loader and it could almost work now.
>
> ./qemu-system-arm -M mymachine -smp 2 \
> -device loader,file=./scp_fast_model.elf,addr=0x0,cpu-num=0 \
> -device loader,file=./mcp_fast_model.elf,addr=0x0,cpu-num=1 \
> -serial stdio -serial tcp::5678,server=on,wait=off
>
> the 2 cpu(or SOC), one is called "*mcp*", the other is "*scp*"
>
> while there are still problems:
> *The ram size of "mcp" is 0x20000, and the ram size of "scp" is 0x40000
> (In real machine)*.
> If I use the cmd above, QEMU will still abort:
> qemu-system-arm: ../target/arm/cpu.h:2396: arm_is_secure_below_el3:
> Assertion failed.
>
> When I used gdb to debug, I found that the "mcp" seem to be trying to
> access *0x3FFF0* of ram, which is out of its range.
> While the program of mcp is correct because I have run it in singly
> before( comment all the "scp" related code).
>
> And If I edit the ram size of "mcp" to 0x40000, then the programs of mcp
> and scp could all run well.
>
> the code to create rom and ram:
> create_ram(&scp_mem,0x00,"scp.rom",0x40000);
> create_ram(&scp_mem,0x20000000,"scp.ram",0x40000);
>
> create_ram(&mcp_mem,0x00,"mcp.rom",0x20000);
> create_ram(&mcp_mem,0x20000000,"mcp.ram",0x40000);
>
> static MemoryRegion *create_ram(MemoryRegion *mr,hwaddr addr, const char *
> name,uint64_t size){
> MemoryRegion *mem = g_new(MemoryRegion, 1);
> memory_region_init_ram(mem, NULL, name,size,
> &error_fatal);
> memory_region_add_subregion(mr, addr, mem);
> return mem;
> }
>
> I have no idea what is wrong. Do you have any ideas?
>
>
>
>
