Re: [Qemu-ppc] Booting AIX on qemu-system-ppc, kernel not started successfully

[Alexander Graf]

On 20.02.2012, at 07:14, Liang Guo wrote:

> Hi, 
> 
> I use the latest IBM standalone Diagnostics CD to test AIX on qemu/ppc, 
> IBM standalone diagnostics CD can be downloaded from:
> 
>  http://www-304.ibm.com/webapp/set2/sas/f/diags/download/home.html
> 
> I use the following command line to start qemu:
> 
>  qemu-system-ppc64 -cpu POWER7 -machine pseries -m 1024 -serial stdio \
>  -cdrom /u01/vm/CDlatest.iso -monitor \
>  unix:/tmp/ppc64-aix,server,nowait -nographic
> 
> when "0 >" promprt appears, I input:
>  setenv load-base 16384
>  boot cdrom:\ppc\chrp\bootfile.exe  -s verbose 
> 
> This is the detailed output:
> $ ./qemu.sh 
> sPAPR memory map:
> RTAS                 : 0x3fff0000..3fff0013
> FDT                  : 0x3ffe0000..3ffeffff
> Firmware load        : 0x00000000..000d44d0
> Firmware runtime     : 0x3d7e0000..3ffe0000
> sPAPR reset
> 
> 
> SLOF **********************************************************************
> QEMU Starting
> Build Date = Jan 12 2012 14:57:59
> FW Version = git-ab062ff3b37c3964
> Press "s" to enter Open Firmware.
> 
> Populating /vdevice methods
> Populating /vdevice/address@hidden
> Populating /vdevice/address@hidden
> VSCSI: Initializing
> VSCSI: Looking for disks
>  SCSI ID 2 CD-ROM   : "QEMU     QEMU CD-ROM      1.0."
> Populating /vdevice/address@hidden
> Populating /address@hidden,0
> Adapters on 0000000000000000
>                     None
> No NVRAM common partition, re-initializing...
> Using default console: /vdevice/address@hidden
> 
> 
> 
> 
> 
>  Welcome to Open Firmware
> 
>  Copyright (c) 2004, 2011 IBM Corporation All rights reserved.
>  This program and the accompanying materials are made available
>  under the terms of the BSD License available at
>  http://www.opensource.org/licenses/bsd-license.php
> 
> 
> Trying to load:  from: disk ... 
> E3405: No such device
> Trying to load:  from: cdrom ... failed to load CHRP boot loader.
> E3404: Not a bootable device!
> 
> E3407: Load failed
> 
>        ..`. ..     .......  ..           ......      .......
>    ..`...`''.`'. .''``````..''.       .`''```''`.  `''``````
>       .`` .:' ': `''.....  .''.       ''`     .''..''.......
>         ``.':.';. ``````''`.''.      .''.      ''``''`````'`
>         ``.':':`   .....`''.`'`...... `'`.....`''.`'`       
>        .`.`'``   .'`'`````.  ``''''''  ``''`'''`. `'`       
>  Type 'boot'  and press return  to  continue  booting  the system.
>  Type 'reset-all'  and  press  return  to   reboot   the   system.
> 
> 
> Ready! 
> 0 > setenv load-base 16384   ok
> 0 > boot cdrom:\ppc\chrp\bootfile.exe  -s verbose   
> Trying to load: -s verbose  from: 
> /vdevice/address@hidden/address@hidden,0:\ppc\chrp\bootfile.exe ...   
> Successfully loaded
> 
> 
> 
> 
> 
> 
> 
> -------------------------------------------------------------------------------
>                                Welcome to AIX.
>                   boot image timestamp: 22:26:29 01/06/2012
>        processor count: 1;  memory size: 1024MB;  kernel size: 35060059
>      boot device: 
> /vdevice/address@hidden/address@hidden,0:\ppc\chrp\bootfile.exe
> 
> C000FFEC bytes of free memory remain at address 3FFF0014
> load address: 0x00004000   aixmon size: 0x000CBC00   boot image size: 
> 0x016B4D40
> 
> AIX 
> 
> 
> get-property for #bytes on zero phandle
> 
> The temporary memory region list is at 1 percent capacity.
> The temporary IPLCB is at 1 percent capacity.
> The IPLCB address is 0x0FFFD000
> name                 offset           size
> ipl_cb_and_bit_map 00000000 ......00001F34
> bit_map........... 000004B8 ......00000006
> ipl_info.......... 00000198 ......00000024
> system_info....... 000001BC ......000000BC
> processor_info.... 00000278 ......00000148
> lpar_id_info...... 000003C0 ......00000088
> lpar_info......... 00000448 ......00000014
> processor page.... 00000468 ......00000010
> residual.......... 00000548 ......000019EC
> fwad_info......... 00000478 ......00000040
>        region address          region length           attr  label
> 0       0x0000000000000000      0x000000000FFFB000      0x01  0x01
> 1       0x000000000FFFB000      0x0000000000002000      0x01  0x03
> 2       0x000000000FFFD000      0x0000000000002000      0x01  0x02
> 3       0x000000000FFFF000      0x0000000000000014      0x00  0x05
> 4       0x000000000FFFF014      0x0000000030000FEC      0x01  0x01
> 5       0x0000000040000000      0xFFFFFFFFC0000000      0x00  0x07
> ----------------------------
> 
> 0000012C bytes of free memory remain at address 00004000
> compressed kernel addr: CFC00;  sz: 82D343;  uncompressed kernel addr:  
> DE8A600
>      name     source       dest       size   flags
>     .data    E8AA840    2000000    11EC518     1
>   basecfg          0          0          0     0
>     ramfs     8FCF40    E8AB000     DBBC6A     1
>     .text    DE8A840      CFC00     A20000     1
>      .ldr    FA96D58     AF0000      8DA6D     1
>    symtab    FE3F388     B7E000     1BABD3     1
> kern. hdr    DE8A600          0        240     1
>      .bss          0    31EC518    2563AE8     2
> end of BSS: 05750000; RAM filesystem: 0F23D000
> 
> entry_point: 0x000CFC28
>                       kernel debugger setting: enabled
> -------------------------------------------------------------------------------
> 
> Star
> 
> The qemu stoped at the "Star", this is the cpu and register information:
> 
> (qemu) info cpus
> info cpus
> * CPU #0: nip=0x0000000000000040 thread_id=10408
> (qemu) info registers
> info registers
> NIP 0000000000000040   LR 00000000000cfc2c CTR 00000000000cfc28 XER 
> 0000000000000000

NIP is 0x40. How did it manage to get that low? If I had to guess, I'd say this 
is due to a NULL pointer dereference. Try setting a breakpoint to address 0 
with the gdb stub and see where it comes from. Most likely we're missing some 
stuff in the device tree and/or hypercall implementations.


Alex

> MSR 8000000000001002 HID0 0000000000000000  HF 8000000000000000 idx 1
> TB 00000032 138555142373 DECR 3178779254
> GPR00 0000000000d38bcb 0000000000c68fd0 0000000000d38bd0 000000000fffd000
> GPR04 00000000000cfc28 000000000fffd278 2e7300c958484456 8000000000001002
> GPR08 0000000000000074 0000000000001042 0000000000000000 0000000000000000
> GPR12 0000000000004b94 00000000000cfc00 0000000000000074 0000000000000000
> GPR16 0000000000000000 000000000800004c 0000000000045690 00000000000cfac0
> GPR20 000000000003a18c 0000000040000000 0000000000000000 0000000000045684
> GPR24 00000000000cfa78 0000000000038950 000000000003a190 0000000000045688
> GPR28 0000000000045680 0000000000038958 000000000fffd000 0000000000000000
> CR 82000484  [ L  E  -  -  -  G  L  G  ]             RES ffffffffffffffff
> FPR00 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> FPR04 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> FPR08 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> FPR12 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> FPR16 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> FPR20 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> FPR24 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> FPR28 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> FPSCR 00000000
> SRR0 000000003dcd0590  SRR1 8000000000000000    PVR 00000000003f0200 VRSAVE 
> 0000000000000000
> SPRG0 0000000000000000 SPRG1 000000000000bf00  SPRG2 0000000000000000  SPRG3 
> 0000000000000000
> SPRG4 0000000000000000 SPRG5 0000000000000000  SPRG6 0000000000000000  SPRG7 
> 0000000000000000
> CFAR 0000000000000050
> 
> It looks like aixmon_chrp passed the control to aix kernel, but the aix
> kernel cannot work as ecpected. 
> 
> AIX 5.3, 6.1 and 7 failed to boot and give the exactly same error
> message. 
> 
> Any advice ?
> 
> Thanks and Regards,
> --
> Liang Guo
> http://bluestone.cublog.cn