qemu-system-sparc fatal error Trap 0x29 on Solaris 2.6

On Mon, Sep 12, 2016 at 12:13 PM, Mathieu Clabaut
<email address hidden> wrote:
> Public bug reported:
>
> When trying to install Solaris 2.6 from original CDROM, qemu fail with
> the following error :
>
> qemu: fatal: Trap 0x29 while interrupts disabled, Error state
> pc: f0041280 npc: f0041284
> %g0-7: 00000000 f0281800 08000000 ffffffff 00000000 f0243b88 00000001 f0244020
> %o0-7: 40400ce2 40400ce2 00000000 404000e2 f0243b88 00000000 f023ffd8 f0057914
> %l0-7: 40000cc2 f009645c f0096460 00000002 00000209 00000004 00000007 f023ff90
> %i0-7: 00000042 404000e3 00000000 404000e3 e0000000 f028192a f0240038 f0096448
> %f00: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> %f08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> %f16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> %f24: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> psr: 40400cc2 (icc: -Z-- SPE: SP-) wim: 00000002
> fsr: 00000000 y: 00000000
>
> The command line was :
>
> qemu-system-sparc -nographic -bios ./openbios-sparc32 -M SS-20 -hda
> ./36G.disk -m 512 -cdrom Solaris_2.6_Software_05_98.img -boot d -serial
> telnet:0.0.0.0:3000,server -smp 2,cores=2 -monitor null
>
> It fails with a similar output when using bios ss20_v2.25_rom.
>
> ▶ qemu-system-sparc --version
> QEMU emulator version 2.7.0, Copyright (c) 2003-2016 Fabrice Bellard and the QEMU Project developers
>
> ▶ uname -a
> Linux xxx 4.7.1-1-ARCH #1 SMP PREEMPT Wed Aug 17 08:13:35 CEST 2016 x86_64 GNU/Linux
>
> ** Affects: qemu
> Importance: Undecided
> Status: New
>
> --
> You received this bug notification because you are a member of qemu-
> devel-ml, which is subscribed to QEMU.
> https://bugs.launchpad.net/bugs/1622547
>
> Title:
> qemu-system-sparc fatal error Trap 0x29 on Solaris 2.6
>
> Status in QEMU:
> New
>
> Bug description:
> When trying to install Solaris 2.6 from original CDROM, qemu fail with
> the following error :
>
> qemu: fatal: Trap 0x29 while interrupts disabled, Error state
> pc: f0041280 npc: f0041284
> %g0-7: 00000000 f0281800 08000000 ffffffff 00000000 f0243b88 00000001 f0244020
> %o0-7: 40400ce2 40400ce2 00000000 404000e2 f0243b88 00000000 f023ffd8 f0057914
> %l0-7: 40000cc2 f009645c f0096460 00000002 00000209 00000004 00000007 f023ff90
> %i0-7: 00000042 404000e3 00000000 404000e3 e0000000 f028192a f0240038 f0096448
> %f00: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> %f08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> %f16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> %f24: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> psr: 40400cc2 (icc: -Z-- SPE: SP-) wim: 00000002
> fsr: 00000000 y: 00000000
>
> The command line was :
>
> qemu-system-sparc -nographic -bios ./openbios-sparc32 -M SS-20 -hda
> ./36G.disk -m 512 -cdrom Solaris_2.6_Software_05_98.img -boot d
> -serial telnet:0.0.0.0:3000,server -smp 2,cores=2 -monitor null
>
> It fails with a similar output when using bios ss20_v2.25_rom.

AFAIR [1] SS-20 requires another CPU. Can you try the ...

Thanks a lot Artyom.
-cpu "TI SuperSparc 50" does the job…

This bug can be closed (sorry for the noise).

This still fails for me even when using that CPU option. But it only fails with my just-compiled QEMU 2.8.0, NOT my distribution-provided QEMU 2.6.1.

mike@ossy ~/qemu> sudo /usr/local/bin/qemu-system-sparc -bios ./ss20_v2.25_rom -M SS-20 -nographic -boot d -hda ./sol26_36G.disk -m 512 -cdrom /mymedia/Disk\ Sets/Solaris_2.6_SPARC/Solaris_2.6_Software_05_98.iso -serial telnet:0.0.0.0:3000,server -smp 2,cores=2 -cpu "TI SuperSparc 60" -net nic -net bridge,br=br0
QEMU 2.8.0 monitor - type 'help' for more information
(qemu) QEMU waiting for connection on: disconnected:telnet:0.0.0.0:3000,server
qemu: fatal: Trap 0x29 while interrupts disabled, Error state
pc: 0000e754 npc: 0000e758
%g0-7: 00000000 00010d88 00000000 00000000 00000000 00000000 00000000 00000000
%o0-7: f1201e20 ffffffff 00000000 ffffffff ffffffff ffffffff ffffffff 00011a38
%l0-7: f1201e20 0000e754 0000e758 00000029 00000300 00003c1c 00000000 ffffffff
%i0-7: 00013848 00000029 00000099 00000000 0edfe200 ffffffff ffffff40 00011a38
%f00: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
%f08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
%f16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
%f24: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
psr: 404010c5 (icc: -Z-- SPE: SP-) wim: 00000000
fsr: 00000000 y: 00000000

fish: “sudo /usr/local/bin/qemu-system…” terminated by signal SIGABRT (Abort)

In the other window:
mike@ossy ~/qemu> telnet localhost 3000
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.

Power-ON Reset
Connection closed by foreign host.

Just confirmed that it works in QEMU 2.7.1, which is strange, since 2.8.0 does not list any SPARC changes!

There were some improvements to TCG which I tested locally with quite a range of images (although I don't specifically have Solaris 2.6), and didn't see any regressions at the time.

Does dropping the -smp argument help at all? Otherwise are you able to attempt a git bisect or send me a link to the image privately to test?

Dropping SMP doesn't make a difference (I dropped it anyway since it doesn't make a second processor appear in the guest, and as I've learned it's currently emulated in one thread anyway). You don't need an image, just the SPARCstation-20 ROM file which can be had from a variety of sources:
910bd7306fcec38361fc4c3a2be50fa0 ss20_v2.25_rom
and with no images listed:
sudo /usr/src/qemu-2.8.0/build/sparc-softmmu/qemu-system-sparc -bios ./ss20_v2.25_rom -M SS-20 -nographic -m 512 -cpu "TI SuperSparc 60" -net nic -net bridge,br=br0
still get the error. I've never done a git bisect before but I've always wanted to, so I will try. :)

That was fun! And we have a result:

fbb4bbb62e5603c991b880e25dc4bb30d342b944 is the first bad commit
commit fbb4bbb62e5603c991b880e25dc4bb30d342b944
Author: Richard Henderson <email address hidden>
Date: Tue Jul 12 15:38:13 2016 -0700

    target-sparc: Implement ldstub_asi inline

    Tested-by: Mark Cave-Ayland <email address hidden>
    Signed-off-by: Richard Henderson <email address hidden>

:040000 040000 670db498d49d38bc878efccd55e39d03f074cadf 5052ce1f32ddf00646aaa9e37bb73e38b4e750f1 M target-sparc

I verified that the last good commit not only boots the BIOS but also boots the OS properly (and faster than 2.7.1).

Richard, can you please look at it?

The test case:

qemu-system-sparc -bios ./ss20_v2.25_rom -M SS-20 -nographic -m 512
-cpu "TI SuperSparc 60"

Kind regards,
Artyom

On Wed, Jan 25, 2017 at 5:16 PM, <email address hidden>
<email address hidden> wrote:
> That was fun! And we have a result:
>
> fbb4bbb62e5603c991b880e25dc4bb30d342b944 is the first bad commit
> commit fbb4bbb62e5603c991b880e25dc4bb30d342b944
> Author: Richard Henderson <email address hidden>
> Date: Tue Jul 12 15:38:13 2016 -0700
>
> target-sparc: Implement ldstub_asi inline
>
> Tested-by: Mark Cave-Ayland <email address hidden>
> Signed-off-by: Richard Henderson <email address hidden>
>
> :040000 040000 670db498d49d38bc878efccd55e39d03f074cadf
> 5052ce1f32ddf00646aaa9e37bb73e38b4e750f1 M target-sparc
>
>
> I verified that the last good commit not only boots the BIOS but also boots the OS properly (and faster than 2.7.1).
>
> --
> You received this bug notification because you are a member of qemu-
> devel-ml, which is subscribed to QEMU.
> https://bugs.launchpad.net/bugs/1622547
>
> Title:
> qemu-system-sparc fatal error Trap 0x29 on Solaris 2.6
>
> Status in QEMU:
> New
>
> Bug description:
> When trying to install Solaris 2.6 from original CDROM, qemu fail with
> the following error :
>
> qemu: fatal: Trap 0x29 while interrupts disabled, Error state
> pc: f0041280 npc: f0041284
> %g0-7: 00000000 f0281800 08000000 ffffffff 00000000 f0243b88 00000001 f0244020
> %o0-7: 40400ce2 40400ce2 00000000 404000e2 f0243b88 00000000 f023ffd8 f0057914
> %l0-7: 40000cc2 f009645c f0096460 00000002 00000209 00000004 00000007 f023ff90
> %i0-7: 00000042 404000e3 00000000 404000e3 e0000000 f028192a f0240038 f0096448
> %f00: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> %f08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> %f16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> %f24: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> psr: 40400cc2 (icc: -Z-- SPE: SP-) wim: 00000002
> fsr: 00000000 y: 00000000
>
> The command line was :
>
> qemu-system-sparc -nographic -bios ./openbios-sparc32 -M SS-20 -hda
> ./36G.disk -m 512 -cdrom Solaris_2.6_Software_05_98.img -boot d
> -serial telnet:0.0.0.0:3000,server -smp 2,cores=2 -monitor null
>
> It fails with a similar output when using bios ss20_v2.25_rom.
>
> ▶ qemu-system-sparc --version
> QEMU emulator version 2.7.0, Copyright (c) 2003-2016 Fabrice Bellard and the QEMU Project developers
>
> ▶ uname -a
> Linux xxx 4.7.1-1-ARCH #1 SMP PREEMPT Wed Aug 17 08:13:35 CEST 2016 x86_64 GNU/Linux
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/qemu/+bug/1622547/+subscriptions
>

--
Regards,
Artyom Tarasenko

SPARC and PPC PReP under qemu blog: http://tyom.blogspot.com/search/label/qemu

On Fri, Jan 27, 2017 at 9:15 AM, Richard Henderson <email address hidden> wrote:
> Fixes the booting of ss20 roms.

Mike, can you please test this fix?

> Reported-by: Mark Cave-Ayland <email address hidden>

Initially Reported-by: Michael Russo <email address hidden>

> Signed-off-by: Richard Henderson <email address hidden>
> ---
> target/sparc/translate.c | 27 +++++++++++++++++++++++++--
> 1 file changed, 25 insertions(+), 2 deletions(-)
>
> diff --git a/target/sparc/translate.c b/target/sparc/translate.c
> index 655060c..aa6734d 100644
> --- a/target/sparc/translate.c
> +++ b/target/sparc/translate.c
> @@ -2448,8 +2448,31 @@ static void gen_ldstub_asi(DisasContext *dc, TCGv dst, TCGv addr, int insn)
> gen_ldstub(dc, dst, addr, da.mem_idx);
> break;
> default:
> - /* ??? Should be DAE_invalid_asi. */
> - gen_exception(dc, TT_DATA_ACCESS);
> + /* ??? In theory, this should be raise DAE_invalid_asi.
> + But the SS-20 roms do ldstuba [%l0] #ASI_M_CTL, %o1. */
> + if (parallel_cpus) {
> + gen_helper_exit_atomic(cpu_env);
> + } else {
> + TCGv_i32 r_asi = tcg_const_i32(da.asi);
> + TCGv_i32 r_mop = tcg_const_i32(MO_UB);
> + TCGv_i64 s64, t64;
> +
> + save_state(dc);
> + t64 = tcg_temp_new_i64();
> + gen_helper_ld_asi(t64, cpu_env, addr, r_asi, r_mop);
> +
> + s64 = tcg_const_i64(0xff);
> + gen_helper_st_asi(cpu_env, addr, s64, r_asi, r_mop);
> + tcg_temp_free_i64(s64);
> + tcg_temp_free_i32(r_mop);
> + tcg_temp_free_i32(r_asi);
> +
> + tcg_gen_trunc_i64_tl(dst, t64);
> + tcg_temp_free_i64(t64);
> +
> + /* End the TB. */
> + dc->npc = DYNAMIC_PC;
> + }
> break;
> }
> }
> --
> 2.9.3
>

--
Regards,
Artyom Tarasenko

SPARC and PPC PReP under qemu blog: http://tyom.blogspot.com/search/label/qemu

Yep, this works great for the SS-20 ROM (tested with SS-5 ROM also). Boots all the way to OS (have to use -nographic but that's fine). Thanks!

On 27/01/17 12:57, Artyom Tarasenko wrote:

> On Fri, Jan 27, 2017 at 9:15 AM, Richard Henderson <email address hidden> wrote:
>> Fixes the booting of ss20 roms.
>
> Mike, can you please test this fix?
>
>> Reported-by: Mark Cave-Ayland <email address hidden>
>
> Initially Reported-by: Michael Russo <email address hidden>
>
>> Signed-off-by: Richard Henderson <email address hidden>

Thanks Richard.

I've given this a quick spin around my various SPARC images and it looks
good with no regressions, so:

Tested-by: Mark Cave-Ayland <email address hidden>

Also when resubmitting with the updated Reported-by above, can we also
CC qemu-stable to get this into the next 2.8 release?

ATB,

Mark.

Hi everyone,
Thanks for your hard work on SPARC emulation. Almost feels like I got my old SS5 and SS20 back.
What commit (if any) might I find the fix for SS20 in?
Thanks,
Vincent

BTW, the patch posted in comment #9 works for me as well on qemu 2.8.0.
Thanks

The fix has now been applied to git master (with a CC to qemu-stable) and so should appear in the upcoming 2.9.0 release as well as the stable 2.8.1 release.

Commit 3db010c3398d03646 has been released with 2.9.0, so setting the status to "Fix released"