Re: Can't boot with qemu

To: david.vantyghem@infolib.re, debian-powerpc@lists.debian.org
Cc: Howard Spoelstra <hsp.cat7@gmail.com>
Subject: Re: Can't boot with qemu
From: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Date: Sun, 19 Jul 2020 10:09:49 +0100
Message-id: <[🔎] 091dd440-929b-f8a5-eb71-f27466155bc7@ilande.co.uk>
In-reply-to: <[🔎] 97583b40-f5b9-211d-5178-b4662f5f7bed@ilande.co.uk>
References: <[🔎] 12836206-7552-5288-dd10-d8e44d10797e@infolib.re> <[🔎] 97583b40-f5b9-211d-5178-b4662f5f7bed@ilande.co.uk>

On 18/07/2020 17:10, Mark Cave-Ayland wrote:

> Thanks for the report and the forum reference above - I can confirm that I can
> reproduce the error here.
> 
> Digging around for a couple of hours shows that we appear to generating an unexpected
> memory fault when reading the kernel from the disk which is why the loader appears to
> freeze (I can see it running through the OpenBIOS code to display the fault, but
> obviously things are so bad that it doesn't make it to the console).
> 
> Now to try and figure out the difference between the good and bad images...

This was a fun one. After loading the first set of data from disk, grub starts
executing some low memory code around the 0x208000 address which starts to scribble
over the bottom of memory (maybe this is some kind of temporary stack?).
Unfortunately this is where the PPC vector table is stored, and what happens is that
it writes junk into the MMU trap handlers causing them to fail the next time the CPU
tries to translate an address that isn't in the hash table.

Just before that stage of the bootloader executes, there is a CIF call to retrieve
the "available" property from the /memory node, presumably to find a free memory area
to use. Whilst OpenBIOS reserves the 1st 4k page to catch NULL pointer references,
the trap handlers are in the next couple of pages: so I figured I would try
increasing the reserved area at the bottom of memory in the hope that grub wouldn't
try to use this area of memory... and it worked!

I did a comparison with a couple of DT dumps I have around and I see some Old World
Macs reserve up until 0x4000 and some New World Macs reserve up to 0x3000 in low
memory, so I don't think this change should break anything. I should add from looking
at the MMU translations I think this bug has been around ever since grub was used,
and that up until now we just got lucky that nothing of any importance in the PPC
vector table was being overwritten before now.

I've uploaded an updated OpenBIOS binary which reserves up to 0x4000 at
https://www.ilande.co.uk/tmp/qemu/openbios-ppc-grubfix for people to test - please
let me know if it works, and if it doesn't break anything I'll get this merged
upstream for inclusion in the upcoming QEMU 5.1 release.

ATB,

Mark.

Reply to:

Follow-Ups:
- Re: Can't boot with qemu
  - From: David VANTYGHEM <david.vantyghem@infolib.re>

References:
- Can't boot with qemu
  - From: David VANTYGHEM <david.vantyghem@infolib.re>
- Re: Can't boot with qemu
  - From: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>

Prev by Date: Re: Can't boot with qemu
Next by Date: Re: Can't boot with qemu
Previous by thread: Re: Can't boot with qemu
Next by thread: Re: Can't boot with qemu
Index(es):
- Date
- Thread