I seem to find the cause. when qemu read init-sp and init-pc from rom:
rom = rom_ptr_for_as(s->as, vecbase, 8); (target/arm/cpu.c) the func rom_ptr_for_as did not check for the Addressspace, as the comment says > * Note that we do not check @as against the 'as' member in the > * 'struct Rom' returned by rom_ptr(). The Rom::as is the > * AddressSpace which the rom blob should be written to, whereas > * our @as argument is the AddressSpace which we are (effectively) > * reading from, and the same underlying RAM will often be visible > * in multiple AddressSpaces. (A common example is a ROM blob > * written to the 'system' address space but then read back via a > * CPU's cpu->as pointer.) This does mean we might potentially > * return a false-positive match if a ROM blob was loaded into an > * AS which is entirely separate and distinct from the one we're > * querying, but this issue exists also for rom_ptr() and hasn't > * caused any problems in practice. > So in this case above, the second cpu would load the rom of the first cpu, and set the wrong stackpointer when reset. For now, I add a func called rom_ptr_with_as, to find a rom and check its AddressSpace, and now the 2 cpu could work normally. And I don't know this is a QEMU issue or not. Seems that there were not such problems before? --Canming Huang Huang Canming <huangcm...@gmail.com> 于2023年4月10日周一 15:11写道: > Thank you very much for this explanation! For now, I use the generic > loader and it could almost work now. > > ./qemu-system-arm -M mymachine -smp 2 \ > -device loader,file=./scp_fast_model.elf,addr=0x0,cpu-num=0 \ > -device loader,file=./mcp_fast_model.elf,addr=0x0,cpu-num=1 \ > -serial stdio -serial tcp::5678,server=on,wait=off > > the 2 cpu(or SOC), one is called "*mcp*", the other is "*scp*" > > while there are still problems: > *The ram size of "mcp" is 0x20000, and the ram size of "scp" is 0x40000 > (In real machine)*. > If I use the cmd above, QEMU will still abort: > qemu-system-arm: ../target/arm/cpu.h:2396: arm_is_secure_below_el3: > Assertion failed. > > When I used gdb to debug, I found that the "mcp" seem to be trying to > access *0x3FFF0* of ram, which is out of its range. > While the program of mcp is correct because I have run it in singly > before( comment all the "scp" related code). > > And If I edit the ram size of "mcp" to 0x40000, then the programs of mcp > and scp could all run well. > > the code to create rom and ram: > create_ram(&scp_mem,0x00,"scp.rom",0x40000); > create_ram(&scp_mem,0x20000000,"scp.ram",0x40000); > > create_ram(&mcp_mem,0x00,"mcp.rom",0x20000); > create_ram(&mcp_mem,0x20000000,"mcp.ram",0x40000); > > static MemoryRegion *create_ram(MemoryRegion *mr,hwaddr addr, const char * > name,uint64_t size){ > MemoryRegion *mem = g_new(MemoryRegion, 1); > memory_region_init_ram(mem, NULL, name,size, > &error_fatal); > memory_region_add_subregion(mr, addr, mem); > return mem; > } > > I have no idea what is wrong. Do you have any ideas? > > > >