openbmc/qemu does not support segment registers

[mjturek]

I'm hitting a kernel panic when running the qemu palmetto-bmc machine.

I'm building qemu from the upstream openbmc/qemu tree, using steps described here.

$ git clone https://github.com/openbmc/qemu.git
$ cd qemu
$ git submodule update --init dtc
$ mkdir build
$ cd build
$ ../configure --target-list=arm-softmmu
$ make

Version looks correct for the newly built QEMU

ubuntu@mjturek-openbmc:~$ qemu/build/arm-softmmu/qemu-system-arm -version
QEMU emulator version 2.6.90 (v2.5.0-4924-g8b4e141-dirty), Copyright (c) 2003-2008 Fabrice Bellard

I build the image with the steps described here.

$ git clone https://github.com/openbmc/openbmc.git
$ cd openbmc
$ TEMPLATECONF=meta-openbmc-machines/meta-openpower/meta-ibm/meta-palmetto/conf . oe-init-build-env
$ bitbake obmc-phosphor-image

This creates the image openbmc/build/tmp/deploy/images/palmetto/flash-palmetto-<datetime>

Finally I run qemu as described here:

qemu-system-arm -m 256 -M palmetto-bmc -nographic \
-drive file=openbmc/build/tmp/deploy/images/palmetto/flash-palmetto-<datetime>,format=raw,if=mtd \
-net nic \
-net user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:2443-:443,hostname=qemu \

Which eventually fails with this kernel panic

U-Boot 2016.07 (Oct 27 2016 - 14:59:03 +0000)

DRAM:  240 MiB
WARNING: Caches not enabled
Flash: 32 MiB
*** Warning - bad CRC, using default environment

In:    serial
Out:   serial
Err:   serial
Net:   aspeednic#0
Error: aspeednic#0 address not set.

Hit any key to stop autoboot:  0 
## Booting kernel from Legacy Image at 20080000 ...
   Image Name:   Phosphor OpenBMC (Phosphor OpenB
   Image Type:   ARM Linux Kernel Image (uncompressed)
   Data Size:    1531599 Bytes = 1.5 MiB
   Load Address: 40008000
   Entry Point:  40008000
   Verifying Checksum ... OK
## Loading init Ramdisk from Legacy Image at 20300000 ...
   Image Name:   obmc-phosphor-image
   Image Type:   ARM Linux RAMDisk Image (lzma compressed)
   Data Size:    1567532 Bytes = 1.5 MiB
   Load Address: 40800000
   Entry Point:  40800000
   Verifying Checksum ... OK
   Loading Kernel Image ... OK

Starting kernel ...

Uncompressing Linux... done, booting the kernel.
Booting Linux on physical CPU 0x0
Linux version 4.7.10-32ede9ab3deda73c484c4e2d372863bb73d0f7e0 (ubuntu@mjturek-openbmc) (gcc version 5.3.0 (GCC) ) #1 Thu Oct 27 15:04:48 UTC 2016
CPU: ARM926EJ-S [41069265] revision 5 (ARMv5TEJ), cr=00093177
CPU: VIVT data cache, VIVT instruction cache
Machine model: Palmetto BMC
Memory policy: Data cache writeback
SOC Rev: 02000303
Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 60960
Kernel command line: console=ttyS4,115200n8 root=/dev/ram rw
PID hash table entries: 1024 (order: 0, 4096 bytes)
Dentry cache hash table entries: 32768 (order: 5, 131072 bytes)
Inode-cache hash table entries: 16384 (order: 4, 65536 bytes)
Memory: 236556K/245760K available (3173K kernel code, 130K rwdata, 740K rodata, 1024K init, 109K bss, 9204K reserved, 0K cma-reserved)
Virtual kernel memory layout:
    vector  : 0xffff0000 - 0xffff1000   (   4 kB)
    fixmap  : 0xffc00000 - 0xfff00000   (3072 kB)
    vmalloc : 0xcf800000 - 0xff800000   ( 768 MB)
    lowmem  : 0xc0000000 - 0xcf000000   ( 240 MB)
      .text : 0xc0008000 - 0xc04d252c   (4906 kB)
      .init : 0xc0500000 - 0xc0600000   (1024 kB)
      .data : 0xc0600000 - 0xc0620bc0   ( 131 kB)
       .bss : 0xc0620bc0 - 0xc063c368   ( 110 kB)
NR_IRQS:16 nr_irqs:16 16
clocksource: moxart_timer: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 39817925974 ns
sched_clock: 32 bits at 100 Hz, resolution 10000000ns, wraps every 21474836475000000ns
Calibrating delay loop... 1007.61 BogoMIPS (lpj=5038080)
pid_max: default: 32768 minimum: 301
Mount-cache hash table entries: 1024 (order: 0, 4096 bytes)
Mountpoint-cache hash table entries: 1024 (order: 0, 4096 bytes)
CPU: Testing write buffer coherency: ok
Setting up static identity map for 0x40100000 - 0x4010003c
devtmpfs: initialized
clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns
pinctrl core: initialized pinctrl subsystem
NET: Registered protocol family 16
DMA: preallocated 256 KiB pool for atomic coherent allocations
clocksource: Switched to clocksource moxart_timer
NET: Registered protocol family 2
TCP established hash table entries: 2048 (order: 1, 8192 bytes)
TCP bind hash table entries: 2048 (order: 1, 8192 bytes)
TCP: Hash tables configured (established 2048 bind 2048)
UDP hash table entries: 256 (order: 0, 4096 bytes)
UDP-Lite hash table entries: 256 (order: 0, 4096 bytes)
NET: Registered protocol family 1
RPC: Registered named UNIX socket transport module.
RPC: Registered udp transport module.
RPC: Registered tcp transport module.
RPC: Registered tcp NFSv4.1 backchannel transport module.
Trying to unpack rootfs image as initramfs...
Freeing initrd memory: 1532K (c0800000 - c097f000)
futex hash table entries: 256 (order: -1, 3072 bytes)
workingset: timestamp_bits=29 max_order=16 bucket_order=0
squashfs: version 4.0 (2009/01/31) Phillip Lougher
jffs2: version 2.2. (NAND) (SUMMARY)  © 2001-2006 Red Hat, Inc.
io scheduler noop registered (default)
GPIO line 340 (func_mode0) hogged as output/low
GPIO line 341 (func_mode1) hogged as output/low
GPIO line 342 (func_mode2) hogged as output/low
GPIO line 320 (A0) hogged as input
GPIO line 321 (A1) hogged as output/high
GPIO line 329 (B1) hogged as output/high
GPIO line 330 (B2) hogged as output/high
GPIO line 335 (B7) hogged as output/high
GPIO line 345 (D1) hogged as output/high
GPIO line 361 (F1) hogged as input
GPIO line 364 (F4) hogged as input
GPIO line 365 (F5) hogged as input
GPIO line 367 (F7) hogged as output/high
GPIO line 371 (G3) hogged as output/high
GPIO line 372 (G4) hogged as input
GPIO line 373 (G5) hogged as input
GPIO line 376 (H0) hogged as input
GPIO line 377 (H1) hogged as input
GPIO line 378 (H2) hogged as output/high
GPIO line 382 (H6) hogged as output/high
GPIO line 383 (H7) hogged as output/high
Serial: 8250/16550 driver, 6 ports, IRQ sharing enabled
console [ttyS4] disabled
1e784000.serial: ttyS4 at MMIO 0x1e784000 (irq = 20, base_baud = 1500000) is a 16550A
console [ttyS4] enabled
1e787000.vuart: ttyS0 at MMIO 0x1e787000 (irq = 19, base_baud = 1500000) is a 16550A
brd: module loaded
loop: module loaded
bt-host 1e789140.ibt: Found bt host device
bt-host 1e789140.ibt: Using IRQ 19
aspeed-smc 1e620000.fmc: Using IRQ 22
aspeed-smc 1e620000.fmc: DMA support deactivated.
platform 1e620000.fmc:flash@0: CE segment window closed.
Unable to handle kernel NULL pointer dereference at virtual address 00000000
pgd = c0004000
[00000000] *pgd=00000000
Internal error: Oops: 805 [#1] ARM
CPU: 0 PID: 1 Comm: swapper Not tainted 4.7.10-32ede9ab3deda73c484c4e2d372863bb73d0f7e0 #1
Hardware name: ASpeed SoC
task: ce8113e0 ti: ce828000 task.ti: ce828000
PC is at aspeed_smc_to_fifo+0x38/0xa8
LR is at aspeed_smc_read_reg+0x40/0x78
pc : [<c02d0fb4>]    lr : [<c02d1aa0>]    psr: 20000153
sp : ce829d88  ip : 60000153  fp : ce88f320
r10: cee1816c  r9 : 00000000  r8 : ce829db6
r7 : 00000006  r6 : ce829d8f  r5 : ce80c438  r4 : ce80c410
r3 : 0000009f  r2 : 00000001  r1 : ce829d90  r0 : 00000000
Flags: nzCv  IRQs on  FIQs off  Mode SVC_32  ISA ARM  Segment none
Control: 00093177  Table: 40004000  DAC: 00000053
Process swapper (pid: 1, stack limit = 0xce828190)
Stack: (0xce829d88 to 0xce82a000)
9d80:                   ce80c438 9f00009f c02d1a60 c060200c 00000000 ce80c438
9da0: c060200c c02cf694 ce9e7f18 c060200c cea6c0f0 cee1816c cea6c0f0 05ed5e46
9dc0: cea6c0f0 ce80c438 cea6c0f0 00000000 ce9e7f10 c02d048c 00000004 c02b1848
9de0: c049a5cc c04a0a4c cea68a40 ce829dfc c060200c c02b1afc ce829e18 05ed5e46
9e00: ce80c410 cea6c0f0 cee1816c ce80c438 c0427024 cea6c0f0 800f0002 c02d18e4
9e20: 00000080 c04a3bd8 cea6c0f0 cea6b410 c0427024 c060200c 00000000 05ed5e46
9e40: c0521840 ce89aa10 c06140bc c0633ea4 00000000 00000000 c0521840 c0620bc0
9e60: 00000000 c02b58f0 ce89aa10 c06140bc c0633ea4 c02b4510 c06140bc ce89aa10
9e80: ce89aa10 ce89aa44 c06140bc c02b473c c061e178 c02b4804 00000000 c060200c
9ea0: c06140bc c02b29a8 c061e178 ce83f4ec ce88fc90 05ed5e46 cea6c140 c06140bc
9ec0: 00000000 cea6c140 c0613518 c02b321c c04a3bd8 c04a3bd9 c06140bc c0514c24
9ee0: c060200c 00000000 c0620bc0 c02b4ed0 00000006 c0514c24 c060200c c0500e4c
9f00: ce8070e0 ce805b00 ce805b00 c04010d8 c060200c 00000000 ceffc6e5 00000000
9f20: c04b826c c01246b0 ce8070e0 ce803260 c0628e00 c04b7d80 00000040 00000006
9f40: 00000006 c04b8280 0000003f c04b8280 00000000 05ed5e46 c0521834 00000006
9f60: c0521838 00000040 c05276d0 c0620bc0 c0521840 c0501010 00000006 00000006
9f80: 00000000 c050068c 00000000 c03e4ef0 00000000 00000000 00000000 00000000
9fa0: 00000000 c03e4ef8 00000000 c0102250 00000000 00000000 00000000 00000000
9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
9fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000
[<c02d0fb4>] (aspeed_smc_to_fifo) from [<c02d1aa0>] (aspeed_smc_read_reg+0x40/0x78)
[<c02d1aa0>] (aspeed_smc_read_reg) from [<c02cf694>] (spi_nor_read_id+0x2c/0xf8)
[<c02cf694>] (spi_nor_read_id) from [<c02d048c>] (spi_nor_scan+0xa8/0x7ec)
[<c02d048c>] (spi_nor_scan) from [<c02d18e4>] (aspeed_smc_probe+0x4d4/0x650)
[<c02d18e4>] (aspeed_smc_probe) from [<c02b58f0>] (platform_drv_probe+0x38/0x6c)
[<c02b58f0>] (platform_drv_probe) from [<c02b4510>] (driver_probe_device+0x1ac/0x3d8)
[<c02b4510>] (driver_probe_device) from [<c02b4804>] (__driver_attach+0xc8/0x108)
[<c02b4804>] (__driver_attach) from [<c02b29a8>] (bus_for_each_dev+0x78/0xb4)
[<c02b29a8>] (bus_for_each_dev) from [<c02b321c>] (bus_add_driver+0x110/0x230)
[<c02b321c>] (bus_add_driver) from [<c02b4ed0>] (driver_register+0x9c/0xe0)
[<c02b4ed0>] (driver_register) from [<c0500e4c>] (do_one_initcall+0xb8/0x17c)
[<c0500e4c>] (do_one_initcall) from [<c0501010>] (kernel_init_freeable+0x100/0x1c4)
[<c0501010>] (kernel_init_freeable) from [<c03e4ef8>] (kernel_init+0x8/0x10c)
[<c03e4ef8>] (kernel_init) from [<c0102250>] (ret_from_fork+0x14/0x24)
Code: e12fff1e e3110001 0a000002 e4d13001 (e5c03000) 
---[ end trace e616f81fa9521a14 ]---
Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b

---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b

I've tried in both Ubuntu 14.04 and Ubuntu 16.04 with the same result.

As far as I can tell, I've followed the steps properly. Am I missing something or am I hitting a bug?

[legoater]

Hello, thanks for the report, it clearly identifies the issue.

The newer kernels make use of a feature of the SMC controller which is not yet supported in the openbmc/qemu. The code is ready in mainline but we still need to do the merge.

I will chat with @amboar next week to schedule that.

[amboar]

@mjturek I reproduced the backtrace you reported with the tip of openbmc/qemu master and confirmed that the problem is not present with @legoater's recent work.

As such, I have applied all of @legoater's upstream and yet-to-be upstreamed patches on top of 2.7.0 and have successfully tested the series against the Witherspoon and Palmetto flash images. I've pushed the tree to openbmc/qemu master; please re-open the issue if the problem persists.

[mjturek]

Thanks! Looks like it's working!