[v5,09/11] macio: Add dummy screamer register area

Message ID	ecaaee4ba802b7a53de03e401c4d68e94de554f5.1592315226.git.balaton@eik.bme.hu (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=Y094=75=nongnu.org=qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@kernel.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 08F69207C3 Message-Id: <ecaaee4ba802b7a53de03e401c4d68e94de554f5.1592315226.git.balaton@eik.bme.hu> In-Reply-To: <cover.1592315226.git.balaton@eik.bme.hu> References: <cover.1592315226.git.balaton@eik.bme.hu> From: BALATON Zoltan <balaton@eik.bme.hu> Subject: [PATCH v5 09/11] macio: Add dummy screamer register area Date: Tue, 16 Jun 2020 15:47:06 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit To: qemu-devel@nongnu.org, qemu-ppc@nongnu.org Received-SPF: pass client-ip=152.66.115.2; envelope-from=balaton@eik.bme.hu; helo=zero.eik.bme.hu Precedence: list Cc: Howard Spoelstra <hsp.cat7@gmail.com>, Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>, David Gibson <david@gibson.dropbear.id.au> Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>
Series	Mac Old World ROM experiment \| expand [v5,00/11] Mac Old World ROM experiment [v5,01/11] mac_oldworld: Allow loading binary ROM image [v5,02/11] mac_newworld: Allow loading binary ROM image [v5,03/11] mac_oldworld: Drop a variable, use get_system_memory() directly [v5,04/11] mac_oldworld: Drop some variables [v5,05/11] grackle: Set revision in PCI config to match hardware [v5,06/11] mac_oldworld: Rename ppc_heathrow_reset to ppc_heathrow_cpu_reset [v5,07/11] mac_oldworld: Map macio to expected address at reset [v5,08/11] mac_oldworld: Add machine ID register [v5,09/11] macio: Add dummy screamer register area [v5,10/11] WIP macio/cuda: Attempt to add i2c support [v5,11/11] mac_oldworld: Add SPD data to cover RAM

BALATON Zoltan June 16, 2020, 1:47 p.m. UTC

The only thing this returns is an idle status so the firmware
continues, otherwise just ignores and logs access for debugging. This
is a stop gap until proper implementation of this device lands.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 hw/misc/macio/macio.c | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

Mark Cave-Ayland June 26, 2020, 1:12 p.m. UTC | #1

On 16/06/2020 14:47, BALATON Zoltan wrote:

> The only thing this returns is an idle status so the firmware
> continues, otherwise just ignores and logs access for debugging. This
> is a stop gap until proper implementation of this device lands.
> 
> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
> ---
>  hw/misc/macio/macio.c | 34 ++++++++++++++++++++++++++++++++++
>  1 file changed, 34 insertions(+)
> 
> diff --git a/hw/misc/macio/macio.c b/hw/misc/macio/macio.c
> index 8ba7af073c..c7e8556ca6 100644
> --- a/hw/misc/macio/macio.c
> +++ b/hw/misc/macio/macio.c
> @@ -26,6 +26,7 @@
>  #include "qemu/osdep.h"
>  #include "qapi/error.h"
>  #include "qemu/module.h"
> +#include "qemu/log.h"
>  #include "hw/ppc/mac.h"
>  #include "hw/misc/macio/cuda.h"
>  #include "hw/pci/pci.h"
> @@ -94,6 +95,33 @@ static void macio_bar_setup(MacIOState *s)
>      macio_escc_legacy_setup(s);
>  }
>  
> +#define AWAC_CODEC_STATUS_REG 0x20
> +
> +#define AWAC_MAKER_CRYSTAL 1
> +#define AWAC_REV_SCREAMER 3
> +#define AWAC_VALID_DATA 0x40
> +
> +static uint64_t screamer_read(void *opaque, hwaddr addr, unsigned size)
> +{
> +    qemu_log_mask(LOG_UNIMP,
> +                  "macio: screamer read %" HWADDR_PRIx "  %d\n", addr, size);
> +    return (addr == AWAC_CODEC_STATUS_REG ? AWAC_VALID_DATA << 8 |
> +            AWAC_MAKER_CRYSTAL << 16 | AWAC_REV_SCREAMER << 20 : 0);
> +}
> +
> +static void screamer_write(void *opaque, hwaddr addr,
> +                           uint64_t val, unsigned size)
> +{
> +    qemu_log_mask(LOG_UNIMP,
> +                  "macio: screamer write %" HWADDR_PRIx "  %d = %"PRIx64"\n",
> +                  addr, size, val);
> +}
> +
> +const MemoryRegionOps screamer_ops = {
> +    .read = screamer_read,
> +    .write = screamer_write,
> +};

static const.

>  static void macio_common_realize(PCIDevice *d, Error **errp)
>  {
>      MacIOState *s = MACIO(d);
> @@ -149,6 +177,7 @@ static void macio_oldworld_realize(PCIDevice *d, Error **errp)
>      DeviceState *pic_dev = DEVICE(os->pic);
>      Error *err = NULL;
>      SysBusDevice *sysbus_dev;
> +    MemoryRegion *screamer = g_new(MemoryRegion, 1);
>  
>      macio_common_realize(d, &err);
>      if (err) {
> @@ -208,6 +237,11 @@ static void macio_oldworld_realize(PCIDevice *d, Error **errp)
>          error_propagate(errp, err);
>          return;
>      }
> +
> +    /* Dummy screamer sound device */
> +    memory_region_init_io(screamer, OBJECT(d), &screamer_ops, NULL,
> +                          "screamer", 0x2000);
> +    memory_region_add_subregion(&s->bar, 0x14000, screamer);
>  }
>  
>  static void macio_init_ide(MacIOState *s, MACIOIDEState *ide, int index)

Again I'm wary of adding empty devices here as the main issue around the screamer
code (and why it has not been submitted upstream) is that it can cause random hangs
for MacOS on startup. Does it regress any MacOS 9 through 10.5 boot tests?

FWIW I've rebased the latest version of my screamer branch at
https://github.com/mcayland/qemu/commits/screamer to git master if you want to see if
any noise comes out.


ATB,

Mark.

BALATON Zoltan June 28, 2020, 12:26 p.m. UTC | #2

On Fri, 26 Jun 2020, Mark Cave-Ayland wrote:
> Again I'm wary of adding empty devices here as the main issue around the screamer
> code (and why it has not been submitted upstream) is that it can cause random hangs
> for MacOS on startup. Does it regress any MacOS 9 through 10.5 boot tests?
>
> FWIW I've rebased the latest version of my screamer branch at
> https://github.com/mcayland/qemu/commits/screamer to git master if you want to see if
> any noise comes out.

It seems the dummy screamer patch is not enough so I've tried on top of 
your screamer branch now. It does not make sound but it crashes (this is 
with --audio-drv-list=alsa in case that matters):

17609@1593346435.329466:cuda_packet_receive length 5
17609@1593346435.329467:cuda_packet_receive_data [0] 0x01
17609@1593346435.329469:cuda_packet_receive_data [1] 0x22
17609@1593346435.329470:cuda_packet_receive_data [2] 0x8a
17609@1593346435.329471:cuda_packet_receive_data [3] 0x01
17609@1593346435.329472:cuda_packet_receive_data [4] 0x29
17609@1593346435.329473:cuda_receive_packet_cmd handling command GET_SET_IIC
CUDA: unimplemented GET_SET_IIC write 0x45 3
17609@1593346435.329476:i2c_event start(addr:0x50)
smbus: error: Unexpected send start condition in state -1
17609@1593346435.329478:cuda_packet_send length 3
17609@1593346435.329479:cuda_packet_send_data [0] 0x01
17609@1593346435.329480:cuda_packet_send_data [1] 0x00
17609@1593346435.329482:cuda_packet_send_data [2] 0x22
17609@1593346435.329483:cuda_delay_set_sr_int
17609@1593346435.329514:cuda_data_recv recv: 0x01
17609@1593346435.329516:cuda_delay_set_sr_int
17609@1593346435.329548:cuda_data_recv recv: 0x00
17609@1593346435.329550:cuda_delay_set_sr_int
17609@1593346435.329588:cuda_data_recv recv: 0x22
17609@1593346435.329590:cuda_delay_set_sr_int
17609@1593346435.366095:cuda_delay_set_sr_int
DBDMA[10]: writel 0x000000000000080c <= 0xffe40020
DBDMA[10]: channel 0x10 reg 0x3
DBDMA[10]: dbdma_cmdptr_load 0xffe40020
DBDMA[10]: writel 0x0000000000000800 <= 0xf0000000
DBDMA[10]: channel 0x10 reg 0x0
DBDMA[10]:  Clearing RUN !
DBDMA[10]:  clearing PAUSE !
DBDMA[10]:   -> ACTIVE down !
DBDMA[10]:  new status=0x00000000
DBDMA[10]: readl 0x0000000000000804 => 0x00000000
DBDMA[10]: channel 0x10 reg 0x1
DBDMA[10]: writel 0x0000000000000800 <= 0xf0008000
DBDMA[10]: channel 0x10 reg 0x0
DBDMA[10]:  Setting RUN !
DBDMA[10]:  clearing PAUSE !
DBDMA[10]:  -> ACTIVE up !
DBDMA[10]:  new status=0x00008400
DBDMA[10]: readl 0x0000000000000804 => 0x00008400
DBDMA[10]: channel 0x10 reg 0x1
DBDMA: -> DBDMA_run_bh
DBDMA[10]: channel_run
DBDMA[10]: dbdma_cmd 0x555556802c50
DBDMA[10]:     req_count 0x6238
DBDMA[10]:     command 0x1000
DBDMA[10]:     phy_addr 0xffe32c00
DBDMA[10]:     cmd_dep 0x00000000
DBDMA[10]:     res_count 0x0000
DBDMA[10]:     xfer_status 0x0000
DBDMA[10]: * OUTPUT_LAST *
DBDMA[10]: start_output
DBDMA[10]: addr 0xffe32c00 key 0x0
DBDMA: <- DBDMA_run_bh

Thread 1 "qemu-system-ppc" received signal SIGSEGV, Segmentation fault.
0x0000555555a13216 in pmac_screamer_tx_transfer (io=0x5555568083a8) at 
hw/audio/screamer.c:79
79	    io->dma_end(io);

#0  0x0000555555a13216 in pmac_screamer_tx_transfer (io=0x5555568083a8) at hw/audio/screamer.c:79
#1  0x00005555559dc7bb in audio_run_out (s=0x555556868dc0) at audio/audio.c:1181
#2  0x00005555559dc7bb in audio_run (s=0x555556868dc0, msg=msg@entry=0x555555e69664 "alsa run (prepared)") at audio/audio.c:1372
#3  0x0000555555bab458 in alsa_poll_handler (opaque=0x55555770eb50) at audio/alsaaudio.c:199
#4  0x0000555555cad63b in aio_dispatch_handler (ctx=ctx@entry=0x555556487860, node=0x55555770e700) at util/aio-posix.c:328
#5  0x0000555555cadf0c in aio_dispatch_handlers (ctx=0x555556487860) at util/aio-posix.c:371
#6  0x0000555555cadf0c in aio_dispatch (ctx=0x555556487860) at util/aio-posix.c:381
#7  0x0000555555cbe60e in aio_ctx_dispatch (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>) at util/async.c:306
#8  0x00007ffff7cc6665 in g_main_context_dispatch () at /lib64/libglib-2.0.so.0
#9  0x0000555555cc3938 in glib_pollfds_poll () at util/main-loop.c:219
#10 0x0000555555cc3938 in os_host_main_loop_wait (timeout=<optimized out>) at util/main-loop.c:242
#11 0x0000555555cc3938 in main_loop_wait (nonblocking=nonblocking@entry=0) at util/main-loop.c:518
#12 0x0000555555932a49 in qemu_main_loop () at qemu/softmmu/vl.c:1664
#13 0x000055555585138e in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at qemu/softmmu/main.c:49

Does the same on master with your patches and my series.

Regards,
BALATON Zoltan

BALATON Zoltan June 28, 2020, 2:08 p.m. UTC | #3

Here it is with --enable-debug and additional screamer debug:

SCREAMER: screamer_read: addr 0000000000000000 -> 0
SCREAMER: screamer_write: addr 0000000000000000 val 11
SCREAMER: screamer_control_write: val 17
SCREAMER: basic rate: 44100
DBDMA[10]: writel 0x000000000000080c <= 0x00000010
DBDMA[10]: channel 0x10 reg 0x3
DBDMA[10]: dbdma_cmdptr_load 0x00000010
DBDMA[10]: writel 0x0000000000000800 <= 0xf0000000
DBDMA[10]: channel 0x10 reg 0x0
DBDMA[10]:  Clearing RUN !
DBDMA[10]:  clearing PAUSE !
DBDMA[10]:   -> ACTIVE down !
DBDMA[10]:  new status=0x00000000
SCREAMER: DMA TX flush!
DBDMA[10]: readl 0x0000000000000804 => 0x00000000
DBDMA[10]: channel 0x10 reg 0x1
DBDMA[10]: writel 0x0000000000000800 <= 0xf0008000
DBDMA[10]: channel 0x10 reg 0x0
DBDMA[10]:  Setting RUN !
DBDMA[10]:  clearing PAUSE !
DBDMA[10]:  -> ACTIVE up !
DBDMA[10]:  new status=0x00008400
DBDMA[10]: readl 0x0000000000000804 => 0x00008400
DBDMA[10]: channel 0x10 reg 0x1
DBDMA: -> DBDMA_run_bh
DBDMA[10]: channel_run
DBDMA[10]: dbdma_cmd 0x555556aac340
DBDMA[10]:     req_count 0x8000
DBDMA[10]:     command 0x0000
DBDMA[10]:     phy_addr 0x00000100
DBDMA[10]:     cmd_dep 0x00000000
DBDMA[10]:     res_count 0x0000
DBDMA[10]:     xfer_status 0x0000
DBDMA[10]: * OUTPUT_MORE *
DBDMA[10]: start_output
DBDMA[10]: addr 0x100 key 0x0
SCREAMER: DMA TX defer interrupt!
DBDMA: <- DBDMA_run_bh
SCREAMER: Processing deferred buffer
SCREAMER: DMA TX transfer: addr 100 len: 8000  bpos: 0

Thread 1 "qemu-system-ppc" received signal SIGSEGV, Segmentation fault.
0x0000000094ff7c19 in ?? ()

(gdb) bt
#0  0x0000000094ff7c19 in  ()
#1  0x0000555555acb1e2 in pmac_screamer_tx_transfer (io=0x555556ab1a98) at hw/audio/screamer.c:79
#2  0x0000555555acb4dd in screamerspk_callback (opaque=0x555556aad630, avail=16384) at hw/audio/screamer.c:155
#3  0x0000555555a6af3d in audio_run_out (s=0x555556b12bd0) at audio/audio.c:1181
#4  0x0000555555a6b886 in audio_run (s=0x555556b12bd0, msg=0x55555609d4a9 "alsa run (prepared)") at audio/audio.c:1372
#5  0x0000555555d00ce9 in alsa_poll_handler (opaque=0x555557959c60) at audio/alsaaudio.c:199
#6  0x0000555555e57079 in aio_dispatch_handler (ctx=0x5555567257f0, node=0x555557a0c6b0) at util/aio-posix.c:328
#7  0x0000555555e57232 in aio_dispatch_handlers (ctx=0x5555567257f0) at util/aio-posix.c:371
#8  0x0000555555e57288 in aio_dispatch (ctx=0x5555567257f0) at util/aio-posix.c:381
#9  0x0000555555e6d373 in aio_ctx_dispatch (source=0x5555567257f0, callback=0x0, user_data=0x0) at util/async.c:306
#10 0x00007ffff7cc6665 in g_main_context_dispatch () at /lib64/libglib-2.0.so.0
#11 0x0000555555e74898 in glib_pollfds_poll () at util/main-loop.c:219
#12 0x0000555555e74912 in os_host_main_loop_wait (timeout=28915159) at util/main-loop.c:242
#13 0x0000555555e74a17 in main_loop_wait (nonblocking=0) at util/main-loop.c:518
#14 0x0000555555981d35 in qemu_main_loop () at qemu/softmmu/vl.c:1664
#15 0x0000555555df59dc in main (argc=17, argv=0x7fffffffdf28, envp=0x7fffffffdfb8) at qemu/softmmu/main.c:49
(gdb) up
#1  0x0000555555acb1e2 in pmac_screamer_tx_transfer (io=0x555556ab1a98) at hw/audio/screamer.c:79
79	    io->dma_end(io);
(gdb) p/x *io
$1 = {opaque = 0xa2140923, channel = 0x79130821, addr = 0x14137e1f, len = 0x0, is_last = 0x0, is_dma_out = 0x3408f81a, dma_end = 0x94ff7c19, processing = 0x19,  dma_mem = 0x53f5351b, dma_len = 0xc7f99f1e, dir = 0x21fbe921}

Looks like dma_end is not pointing to the expected end procedure. Maybe something has overwritten it?

Regards,
BALATON Zoltan

BALATON Zoltan June 28, 2020, 2:29 p.m. UTC | #4

On Sun, 28 Jun 2020, BALATON Zoltan wrote:
> Here it is with --enable-debug and additional screamer debug:
>
> SCREAMER: screamer_read: addr 0000000000000000 -> 0
> SCREAMER: screamer_write: addr 0000000000000000 val 11
> SCREAMER: screamer_control_write: val 17
> SCREAMER: basic rate: 44100
> DBDMA[10]: writel 0x000000000000080c <= 0x00000010
> DBDMA[10]: channel 0x10 reg 0x3
> DBDMA[10]: dbdma_cmdptr_load 0x00000010
> DBDMA[10]: writel 0x0000000000000800 <= 0xf0000000
> DBDMA[10]: channel 0x10 reg 0x0
> DBDMA[10]:  Clearing RUN !
> DBDMA[10]:  clearing PAUSE !
> DBDMA[10]:   -> ACTIVE down !
> DBDMA[10]:  new status=0x00000000
> SCREAMER: DMA TX flush!
> DBDMA[10]: readl 0x0000000000000804 => 0x00000000
> DBDMA[10]: channel 0x10 reg 0x1
> DBDMA[10]: writel 0x0000000000000800 <= 0xf0008000
> DBDMA[10]: channel 0x10 reg 0x0
> DBDMA[10]:  Setting RUN !
> DBDMA[10]:  clearing PAUSE !
> DBDMA[10]:  -> ACTIVE up !
> DBDMA[10]:  new status=0x00008400
> DBDMA[10]: readl 0x0000000000000804 => 0x00008400
> DBDMA[10]: channel 0x10 reg 0x1
> DBDMA: -> DBDMA_run_bh
> DBDMA[10]: channel_run
> DBDMA[10]: dbdma_cmd 0x555556aac340
> DBDMA[10]:     req_count 0x8000
> DBDMA[10]:     command 0x0000
> DBDMA[10]:     phy_addr 0x00000100
> DBDMA[10]:     cmd_dep 0x00000000
> DBDMA[10]:     res_count 0x0000
> DBDMA[10]:     xfer_status 0x0000
> DBDMA[10]: * OUTPUT_MORE *
> DBDMA[10]: start_output
> DBDMA[10]: addr 0x100 key 0x0
> SCREAMER: DMA TX defer interrupt!
> DBDMA: <- DBDMA_run_bh
> SCREAMER: Processing deferred buffer
> SCREAMER: DMA TX transfer: addr 100 len: 8000  bpos: 0
>
> Thread 1 "qemu-system-ppc" received signal SIGSEGV, Segmentation fault.
> 0x0000000094ff7c19 in ?? ()
>
> (gdb) bt
> #0  0x0000000094ff7c19 in  ()
> #1  0x0000555555acb1e2 in pmac_screamer_tx_transfer (io=0x555556ab1a98) at 
> hw/audio/screamer.c:79
> #2  0x0000555555acb4dd in screamerspk_callback (opaque=0x555556aad630, 
> avail=16384) at hw/audio/screamer.c:155
> #3  0x0000555555a6af3d in audio_run_out (s=0x555556b12bd0) at 
> audio/audio.c:1181
> #4  0x0000555555a6b886 in audio_run (s=0x555556b12bd0, msg=0x55555609d4a9 
> "alsa run (prepared)") at audio/audio.c:1372
> #5  0x0000555555d00ce9 in alsa_poll_handler (opaque=0x555557959c60) at 
> audio/alsaaudio.c:199
> #6  0x0000555555e57079 in aio_dispatch_handler (ctx=0x5555567257f0, 
> node=0x555557a0c6b0) at util/aio-posix.c:328
> #7  0x0000555555e57232 in aio_dispatch_handlers (ctx=0x5555567257f0) at 
> util/aio-posix.c:371
> #8  0x0000555555e57288 in aio_dispatch (ctx=0x5555567257f0) at 
> util/aio-posix.c:381
> #9  0x0000555555e6d373 in aio_ctx_dispatch (source=0x5555567257f0, 
> callback=0x0, user_data=0x0) at util/async.c:306
> #10 0x00007ffff7cc6665 in g_main_context_dispatch () at 
> /lib64/libglib-2.0.so.0
> #11 0x0000555555e74898 in glib_pollfds_poll () at util/main-loop.c:219
> #12 0x0000555555e74912 in os_host_main_loop_wait (timeout=28915159) at 
> util/main-loop.c:242
> #13 0x0000555555e74a17 in main_loop_wait (nonblocking=0) at 
> util/main-loop.c:518
> #14 0x0000555555981d35 in qemu_main_loop () at qemu/softmmu/vl.c:1664
> #15 0x0000555555df59dc in main (argc=17, argv=0x7fffffffdf28, 
> envp=0x7fffffffdfb8) at qemu/softmmu/main.c:49
> (gdb) up
> #1  0x0000555555acb1e2 in pmac_screamer_tx_transfer (io=0x555556ab1a98) at 
> hw/audio/screamer.c:79
> 79	    io->dma_end(io);
> (gdb) p/x *io
> $1 = {opaque = 0xa2140923, channel = 0x79130821, addr = 0x14137e1f, len = 
> 0x0, is_last = 0x0, is_dma_out = 0x3408f81a, dma_end = 0x94ff7c19, processing 
> = 0x19,  dma_mem = 0x53f5351b, dma_len = 0xc7f99f1e, dir = 0x21fbe921}
>
> Looks like dma_end is not pointing to the expected end procedure. Maybe 
> something has overwritten it?

Looks like the dma op itself corrupts the struct:

(gdb) b pmac_screamer_tx_transfer
Breakpoint 1 at 0x555555acb12c: file hw/audio/screamer.c, line 66.
[...]
DBDMA: -> DBDMA_run_bh
DBDMA[10]: channel_run
DBDMA[10]: dbdma_cmd 0x555556aac340
DBDMA[10]:     req_count 0x8000
DBDMA[10]:     command 0x0000
DBDMA[10]:     phy_addr 0x00000100
DBDMA[10]:     cmd_dep 0x00000000
DBDMA[10]:     res_count 0x0000
DBDMA[10]:     xfer_status 0x0000
DBDMA[10]: * OUTPUT_MORE *
DBDMA[10]: start_output
DBDMA[10]: addr 0x100 key 0x0
SCREAMER: DMA TX defer interrupt!
DBDMA: <- DBDMA_run_bh
SCREAMER: Processing deferred buffer

Thread 1 "qemu-system-ppc" hit Breakpoint 1, pmac_screamer_tx_transfer 
(io=0x555556ab1a98) at hw/audio/screamer.c:66
66	    ScreamerState *s = io->opaque;
(gdb) p/x *io
$4 = {opaque = 0x555556aad630, channel = 0x555556aac290, addr = 0x100, len = 0x8000, is_last = 0x0, is_dma_out = 0x1, dma_end = 0x555555b7d2aa, processing = 0x1, dma_mem = 0x0, dma_len = 0x0, dir = 0x0}
(gdb) p dbdma_end
$5 = {void (DBDMA_io *)} 0x555555b7d2aa <dbdma_end>
(gdb) n
68	    SCREAMER_DPRINTF("DMA TX transfer: addr %" HWADDR_PRIx
(gdb)
SCREAMER: DMA TX transfer: addr 100 len: 8000  bpos: 0
71	    dma_memory_read(&address_space_memory, io->addr, 
&s->buf[s->bpos], io->len);
(gdb) n
73	    s->bpos += io->len;
(gdb) p/x *io
$6 = {opaque = 0xa2140923, channel = 0x79130821, addr = 0x14137e1f, len = 0x60f3d1d, is_last = 0x0, is_dma_out = 0x3408f81a, dma_end = 0x94ff7c19, processing = 0x19, dma_mem = 0x53f5351b, dma_len = 0xc7f99f1e, dir = 0x21fbe921}

Regards,
BALATON Zoltan

BALATON Zoltan June 28, 2020, 2:53 p.m. UTC | #5

With increasing screamer buffer size (you may want to fix this and 
prevent buffer overflows, maybe should allocate it dynamically based on 
what the guest programs?):

diff --git a/hw/ppc/mac.h b/hw/ppc/mac.h
index 75f1853a7b..05b289e086 100644
--- a/hw/ppc/mac.h
+++ b/hw/ppc/mac.h
@@ -108,7 +108,7 @@ typedef struct Core99MachineState {
  #define TYPE_SCREAMER "screamer"
  #define SCREAMER(obj) OBJECT_CHECK(ScreamerState, (obj), TYPE_SCREAMER)

-#define SCREAMER_BUFFER_SIZE 0x4000
+#define SCREAMER_BUFFER_SIZE 0x8000

  typedef struct ScreamerState {
      /*< private >*/

it now plays the startup chord and goes further but ends up accessing some 
unassigned memory (I think it probably wants to map framebuffer or detect 
PCI devices but something is not yet right, I don't see it talking to PCI 
devices yet):

SCREAMER: Processing deferred buffer
SCREAMER: DMA TX transfer: addr 58100 len: 8000  bpos: 0
SCREAMER: DMA TX defer interrupt!
SCREAMER: ########### AUDIO WRITE! 0 / 32768 - 11152
SCREAMER: ########### AUDIO WRITE! 11152 / 32768 - 4128
SCREAMER: ########### AUDIO WRITE! 15280 / 32768 - 1104
SCREAMER: ########### AUDIO WRITE! 16384 / 32768 - 7024
SCREAMER: ########### AUDIO WRITE! 23408 / 32768 - 4128
SCREAMER: ########### AUDIO WRITE! 27536 / 32768 - 4128
SCREAMER: ########### AUDIO WRITE! 31664 / 32768 - 1104
SCREAMER: Processing deferred buffer
SCREAMER: DMA TX transfer: addr 60100 len: 2b60  bpos: 0
SCREAMER: screamer_write: addr 0000000000000001 val 1280
SCREAMER: screamer_codec_write: addr 0000000000000001 val 280
SCREAMER: setting mute: 0, attenuation L: 0 R: 0
SCREAMER: screamer_read: addr 0000000000000002 -> 403100
SCREAMER: screamer_read: addr 0000000000000001 -> 1280
SCREAMER: screamer_write: addr 0000000000000001 val 6002
SCREAMER: screamer_codec_write: addr 0000000000000006 val 2
cuda_delay_set_sr_int
cuda_delay_set_sr_int
cuda_data_send send: 0x01
cuda_delay_set_sr_int
cuda_data_send send: 0x22
cuda_delay_set_sr_int
cuda_data_send send: 0x8a
cuda_delay_set_sr_int
cuda_data_send send: 0x01
cuda_delay_set_sr_int
cuda_data_send send: 0x6f
cuda_delay_set_sr_int
cuda_delay_set_sr_int
cuda_packet_receive length 5
cuda_packet_receive_data [0] 0x01
cuda_packet_receive_data [1] 0x22
cuda_packet_receive_data [2] 0x8a
cuda_packet_receive_data [3] 0x01
cuda_packet_receive_data [4] 0x6f
cuda_receive_packet_cmd handling command GET_SET_IIC
CUDA: unimplemented GET_SET_IIC write 0x45 3
CUDA: GET_SET_IIC: wrong parameters 4
cuda_packet_send length 4
cuda_packet_send_data [0] 0x02
cuda_packet_send_data [1] 0x05
cuda_packet_send_data [2] 0x01
cuda_packet_send_data [3] 0x22
cuda_delay_set_sr_int
cuda_data_recv recv: 0x02
cuda_delay_set_sr_int
cuda_data_recv recv: 0x05
cuda_delay_set_sr_int
cuda_data_recv recv: 0x01
cuda_delay_set_sr_int
cuda_data_recv recv: 0x22
cuda_delay_set_sr_int
cuda_delay_set_sr_int
pci_cfg_read grackle 00:0 @0x8 -> 0x6000140
pci_cfg_read grackle 00:0 @0xa8 -> 0x40e0c
pci_cfg_write grackle 00:0 @0xa8 <- 0x40e0e
pci_cfg_read grackle 00:0 @0xac -> 0x2000000
pci_cfg_write grackle 00:0 @0xac <- 0x82470284
pci_cfg_write grackle 00:0 @0xac <- 0xc2470284
SCREAMER: ########### AUDIO WRITE! 0 / 11104 - 11104
Unassigned mem write 00000000f3011190 = 0x9000000
Unassigned mem write 00000000f3011190 = 0xb000000
Unassigned mem write 00000000f3011190 = 0x9000000
Unassigned mem write 00000000f3011190 = 0x9000000
Unassigned mem write 00000000f3011190 = 0xb000000
Unassigned mem write 00000000f3011190 = 0x9000000
Unassigned mem write 00000000f3011190 = 0x1000000
Unassigned mem write 00000000f3011190 = 0x3000000
Unassigned mem write 00000000f3011190 = 0x1000000
Unassigned mem write 00000000f3011190 = 0x1000000
Unassigned mem write 00000000f3011190 = 0x3000000
Unassigned mem write 00000000f3011190 = 0x1000000
Unassigned mem write 00000000f3011190 = 0x1000000
Unassigned mem write 00000000f3011190 = 0x3000000
Unassigned mem write 00000000f3011190 = 0x1000000
Unassigned mem write 00000000f3011190 = 0x9000000
Unassigned mem write 00000000f3011190 = 0xb000000
Unassigned mem write 00000000f3011190 = 0x9000000
Unassigned mem write 00000000f3011190 = 0x9000000
Unassigned mem write 00000000f3011190 = 0xb000000
Unassigned mem write 00000000f3011190 = 0x9000000
Unassigned mem write 00000000f3011190 = 0x1000000
Unassigned mem write 00000000f3011190 = 0x3000000
Unassigned mem write 00000000f3011190 = 0x1000000
Unassigned mem write 00000000f3011190 = 0x1000000
Unassigned mem write 00000000f3011190 = 0x3000000
Unassigned mem write 00000000f3011190 = 0x1000000
Unassigned mem write 00000000f3011190 = 0x3000000
Unassigned mem read 00000000f3011190
Unassigned mem write 00000000f3011190 = 0x1000000
Unassigned mem write 00000000f3011190 = 0x3000000
Unassigned mem read 00000000f3011190
Unassigned mem write 00000000f3011190 = 0x1000000
Unassigned mem write 00000000f3011190 = 0x3000000
Unassigned mem read 00000000f3011190
Unassigned mem write 00000000f3011190 = 0x1000000
Unassigned mem write 00000000f3011190 = 0x3000000
Unassigned mem read 00000000f3011190
Unassigned mem write 00000000f3011190 = 0x1000000
Unassigned mem write 00000000f3011190 = 0x3000000
Unassigned mem read 00000000f3011190
[bunch of more accesses to this address...]
Unassigned mem read 00000000f3011170
Unassigned mem read 00000000f3011170
cuda_delay_set_sr_int
cuda_delay_set_sr_int
cuda_data_send send: 0x01
cuda_delay_set_sr_int
cuda_data_send send: 0x25
cuda_delay_set_sr_int
cuda_data_send send: 0xa6
cuda_delay_set_sr_int
cuda_data_send send: 0x00
cuda_delay_set_sr_int
cuda_data_send send: 0xa7
cuda_delay_set_sr_int
cuda_delay_set_sr_int
cuda_packet_receive length 5
cuda_packet_receive_data [0] 0x01
cuda_packet_receive_data [1] 0x25
cuda_packet_receive_data [2] 0xa6
cuda_packet_receive_data [3] 0x00
cuda_packet_receive_data [4] 0xa7
cuda_receive_packet_cmd handling command COMBINED_FORMAT_IIC
CUDA: COMBINED_FORMAT_IIC: wrong parameters 4
cuda_packet_send length 4
cuda_packet_send_data [0] 0x02
cuda_packet_send_data [1] 0x05
cuda_packet_send_data [2] 0x01
cuda_packet_send_data [3] 0x25
cuda_delay_set_sr_int
cuda_data_recv recv: 0x02
cuda_delay_set_sr_int
cuda_data_recv recv: 0x05
cuda_delay_set_sr_int
cuda_data_recv recv: 0x01
cuda_delay_set_sr_int
cuda_data_recv recv: 0x25
cuda_delay_set_sr_int
cuda_data_send send: 0x00
cuda_delay_set_sr_int
cuda_delay_set_sr_int
cuda_packet_receive length 1
cuda_packet_receive_data [0] 0x00
cuda_packet_send length 3
cuda_packet_send_data [0] 0x00
cuda_packet_send_data [1] 0x00
cuda_packet_send_data [2] 0x25
cuda_delay_set_sr_int
cuda_data_recv recv: 0x00
cuda_delay_set_sr_int
cuda_data_recv recv: 0x00
cuda_delay_set_sr_int
cuda_data_recv recv: 0x25
cuda_delay_set_sr_int
cuda_delay_set_sr_int
cuda_data_send send: 0x01
cuda_delay_set_sr_int
cuda_data_send send: 0x01
cuda_delay_set_sr_int
cuda_data_send send: 0xff
cuda_delay_set_sr_int
cuda_delay_set_sr_int
cuda_packet_receive length 3
cuda_packet_receive_data [0] 0x01
cuda_packet_receive_data [1] 0x01
cuda_packet_receive_data [2] 0xff
cuda_receive_packet_cmd handling command AUTOPOLL
cuda_packet_send length 3
cuda_packet_send_data [0] 0x01
cuda_packet_send_data [1] 0x00
cuda_packet_send_data [2] 0x01
cuda_delay_set_sr_int
cuda_data_recv recv: 0x01
cuda_delay_set_sr_int
cuda_data_recv recv: 0x00
cuda_delay_set_sr_int
cuda_data_recv recv: 0x01
cuda_delay_set_sr_int
cuda_delay_set_sr_int
cuda_data_send send: 0x00
cuda_delay_set_sr_int
cuda_data_send send: 0x2f
cuda_delay_set_sr_int
cuda_delay_set_sr_int
cuda_packet_receive length 2
cuda_packet_receive_data [0] 0x00
cuda_packet_receive_data [1] 0x2f
cuda_packet_send length 4
cuda_packet_send_data [0] 0x00
cuda_packet_send_data [1] 0x00
cuda_packet_send_data [2] 0x02
cuda_packet_send_data [3] 0x01
cuda_delay_set_sr_int
cuda_data_recv recv: 0x00
cuda_delay_set_sr_int
cuda_data_recv recv: 0x00
cuda_delay_set_sr_int
cuda_data_recv recv: 0x02
cuda_delay_set_sr_int
cuda_data_recv recv: 0x01
cuda_delay_set_sr_int
cuda_delay_set_sr_int
pci_cfg_read grackle 00:0 @0x3c -> 0x0
pci_cfg_read grackle 00:0 @0x3c -> 0x0
pci_cfg_write grackle 00:0 @0x3f <- 0x0
pci_cfg_write grackle 00:0 @0x3c <- 0x0
pci_cfg_write grackle 00:0 @0x3d <- 0x0
pci_cfg_write grackle 00:0 @0x3e <- 0x0
cuda_data_send send: 0x00
cuda_delay_set_sr_int
cuda_data_send send: 0x00
cuda_delay_set_sr_int
cuda_delay_set_sr_int
cuda_packet_receive length 2
cuda_packet_receive_data [0] 0x00
cuda_packet_receive_data [1] 0x00
cuda_packet_send length 3
cuda_packet_send_data [0] 0x00
cuda_packet_send_data [1] 0x00
cuda_packet_send_data [2] 0x00
cuda_delay_set_sr_int
Unassigned mem read 000000000fefe7b0
Unassigned mem write 000000000feffffc = 0x0
Unassigned mem write 000000000feffff8 = 0x0
[...]
Unassigned mem write 000000000febe018 = 0x0
Unassigned mem write 000000000febe014 = 0x0
Unassigned mem write 000000000febe010 = 0x0
Unassigned mem write 000000000febe00c = 0x0
Unassigned mem write 000000000febe008 = 0x0
Unassigned mem write 000000000febe004 = 0x0
Unassigned mem write 000000000febe000 = 0x0
Unassigned mem write 000000000fefe908 = 0x0
Unassigned mem write 000000000fefe90c = 0x0
Unassigned mem write 000000000fefefbc = 0x0
Unassigned mem write 000000000fefefb8 = 0x0
Unassigned mem write 000000000fefefb4 = 0x0
Unassigned mem write 000000000fefefb0 = 0x0
Unassigned mem write 000000000fefefac = 0x0
Unassigned mem write 000000000fefefa8 = 0x0
Unassigned mem write 000000000fefefa4 = 0x20000
Unassigned mem write 000000000fefefa0 = 0x2
Unassigned mem write 000000000fefef9c = 0x10000
Unassigned mem write 000000000fefef98 = 0x0
Unassigned mem write 000000000fefef94 = 0x0
Unassigned mem write 000000000fefef90 = 0x0
Unassigned mem write 000000000fefef8c = 0x0
Unassigned mem write 000000000fefef88 = 0x0
Unassigned mem write 000000000fefef84 = 0x0
Unassigned mem write 000000000fefef80 = 0x0
Unassigned mem write 000000000fefef7c = 0x0
Unassigned mem write 000000000fefef78 = 0x0
Unassigned mem write 000000000fefef74 = 0x0
Unassigned mem write 000000000fefef70 = 0x0
Unassigned mem write 000000000fefef6c = 0xfee5e8
Unassigned mem write 000000000fefef68 = 0x3fb97a0
Unassigned mem write 000000000fefef64 = 0x3fb97a0
Unassigned mem write 000000000fefef60 = 0x0
Unassigned mem write 000000000fefed5c = 0x0
Unassigned mem write 000000000fefed58 = 0x0
Unassigned mem write 000000000fefed54 = 0x0
Unassigned mem write 000000000fefed50 = 0x0
Unassigned mem write 000000000fefed4c = 0x0
Unassigned mem write 000000000fefed48 = 0x0
Unassigned mem write 000000000fefed44 = 0x0
Unassigned mem write 000000000fefed40 = 0x0
Unassigned mem write 000000000fefed3c = 0x0
Unassigned mem write 000000000fefed38 = 0x0
[...]
Unassigned mem write 000000000fefed64 = 0x0
Unassigned mem write 000000000fefed60 = 0x0
Unassigned mem write 000000000fefe630 = 0xfff0d000
Unassigned mem write 000000000fefe5b0 = 0xfff16880
Unassigned mem write 000000000fefec4c = 0x100000
Unassigned mem write 000000000fefe634 = 0xfeff000
Unassigned mem write 000000000fefe638 = 0xfebe000
Unassigned mem write 000000000fefe63c = 0x10000000
Unassigned mem write 000000000fefe640 = 0x0
Unassigned mem write 000000000fefe644 = 0x0
Unassigned mem write 000000000fefe648 = 0x6806e740
Unassigned mem write 000000000fefe64c = 0xfff10000
Unassigned mem write 000000000fefe650 = 0xfff11400
Unassigned mem write 000000000fefe654 = 0x68fff100
Unassigned mem write 000000000fefe658 = 0xfeff100
Unassigned mem write 000000000fefe65c = 0xfeff100
Unassigned mem write 000000000fefe670 = 0x200000
Unassigned mem write 000000000fefe678 = 0xff9fffff
Unassigned mem write 000000000fefe674 = 0xe00000
Unassigned mem write 000000000fefe67c = 0xfeff070
Unassigned mem write 000000000fefe680 = 0x7c
Unassigned mem write 000000000fefe688 = 0x12
Unassigned mem write 000000000fefe684 = 0xfefe920
Unassigned mem write 000000000fefe66c = 0xfefeab8
Unassigned mem write 000000000fefe910 = 0x0
Unassigned mem write 000000000fefefc0 = 0x5fffefc0
Unassigned mem write 000000000fefefc4 = 0x0
Unassigned mem write 000000000fefefc8 = 0x5fffeb20
Unassigned mem write 000000000fefefcc = 0x100
Unassigned mem write 000000000fefefce = 0x80
Unassigned mem write 000000000fefefd0 = 0x5fffeba0
Unassigned mem write 000000000fefefd4 = 0x102
Unassigned mem write 000000000fefefd6 = 0xa0
Unassigned mem write 000000000fefefd8 = 0x5fffef60
Unassigned mem write 000000000fefefdc = 0x101
Unassigned mem write 000000000fefefde = 0x60
Unassigned mem write 000000000fefefe0 = 0x5fffee60
Unassigned mem write 000000000fefefe4 = 0x101
Unassigned mem write 000000000fefefe6 = 0x100
Unassigned mem write 000000000fefefe8 = 0x5fffed60
Unassigned mem write 000000000fefefec = 0x100
Unassigned mem write 000000000fefefee = 0x100
Unassigned mem write 000000000fefeff0 = 0x5fffec40
Unassigned mem write 000000000fefeff4 = 0x105
Unassigned mem write 000000000fefeff6 = 0x120
Unassigned mem write 000000000fefeff8 = 0x5fffef60
Unassigned mem write 000000000fefeffc = 0x101
Unassigned mem write 000000000fefeffe = 0x60
Unassigned mem write 000000000fefff00 = 0x426f6f74
Unassigned mem write 000000000fefff04 = 0x20476f73
Unassigned mem write 000000000fefff08 = 0x73616d65
Unassigned mem write 000000000fefff0c = 0x7220302e
Unassigned mem write 000000000feff184 = 0x6806e6f4
Unassigned mem write 000000000feff194 = 0x68fff000
Unassigned mem write 000000000feff19c = 0x68080000
Unassigned mem read 000000000fefe648
Unassigned mem write 000000000feff15c = 0x0
Unassigned mem read 000000000fefe640
Unassigned mem read 000000000fefe640
Unassigned mem read 000000000fefec10
Unassigned mem write 000000000fefef60 = 0x80301
Unassigned mem read 000000000fefe64c
Unassigned mem write 000000000fefef90 = 0x0
Unassigned mem write 000000000fefef8c = 0x0
Unassigned mem write 000000000fefef88 = 0x0
Unassigned mem write 000000000fefef84 = 0x0
Unassigned mem write 000000000fefef80 = 0x0
Unassigned mem write 000000000fefef7c = 0x0
Unassigned mem write 000000000fefef78 = 0x0
Unassigned mem write 000000000fefef74 = 0x0
Unassigned mem write 000000000fefef70 = 0x0
Trying to write invalid spr 0 (0x000) at fff10d38
Unassigned mem read 000000000fefe64c
Unassigned mem write 000000000fefe37c = 0x44e0
Unassigned mem read 000000000fefe37c
invalid/unsupported opcode: 00 - 00 - 00 - 00 (00000000) 00000000 0
Unassigned mem read 000000000fefe37c
Unassigned mem read 000000000fefe37c
Unassigned mem read 000000000fefe37c
Unassigned mem read 000000000fefe37c
Unassigned mem read 000000000fefe37c

Then hangs here. Any idea what should be at 0xf3000000 and how that should 
end up there and why it pokes 0x0fexxxxx (is that where it thinks the 
frame buffer or some other devices should be because of something not read 
correctly from 0xf3000000 area? Should that be the PCI devices but those 
are expected to be at 0xfe000000 not 0x0fe00000. I stop here now waiting 
for contribution to fix this up, this needs more knowledge about the 
hardware that I have or want to learn at the moment.

Regards,
BALATON Zoltan

BALATON Zoltan June 28, 2020, 3:04 p.m. UTC | #6

On Sun, 28 Jun 2020, BALATON Zoltan wrote:
> SCREAMER: ########### AUDIO WRITE! 0 / 11104 - 11104
> Unassigned mem write 00000000f3011190 = 0x9000000
> Unassigned mem write 00000000f3011190 = 0xb000000
> Unassigned mem write 00000000f3011190 = 0x9000000
> Unassigned mem write 00000000f3011190 = 0x9000000
> Unassigned mem write 00000000f3011190 = 0xb000000
> Unassigned mem write 00000000f3011190 = 0x9000000
> Unassigned mem write 00000000f3011190 = 0x1000000
> Unassigned mem write 00000000f3011190 = 0x3000000
> Unassigned mem write 00000000f3011190 = 0x1000000
> Unassigned mem write 00000000f3011190 = 0x1000000
> Unassigned mem write 00000000f3011190 = 0x3000000
> Unassigned mem write 00000000f3011190 = 0x1000000
> Unassigned mem write 00000000f3011190 = 0x1000000
> Unassigned mem write 00000000f3011190 = 0x3000000
> Unassigned mem write 00000000f3011190 = 0x1000000
> Unassigned mem write 00000000f3011190 = 0x9000000
> Unassigned mem write 00000000f3011190 = 0xb000000
> Unassigned mem write 00000000f3011190 = 0x9000000
> Unassigned mem write 00000000f3011190 = 0x9000000
> Unassigned mem write 00000000f3011190 = 0xb000000
> Unassigned mem write 00000000f3011190 = 0x9000000
> Unassigned mem write 00000000f3011190 = 0x1000000
> Unassigned mem write 00000000f3011190 = 0x3000000
> Unassigned mem write 00000000f3011190 = 0x1000000
> Unassigned mem write 00000000f3011190 = 0x1000000
> Unassigned mem write 00000000f3011190 = 0x3000000
> Unassigned mem write 00000000f3011190 = 0x1000000
> Unassigned mem write 00000000f3011190 = 0x3000000
> Unassigned mem read 00000000f3011190
> Unassigned mem write 00000000f3011190 = 0x1000000
> Unassigned mem write 00000000f3011190 = 0x3000000
> Unassigned mem read 00000000f3011190
> Unassigned mem write 00000000f3011190 = 0x1000000
> Unassigned mem write 00000000f3011190 = 0x3000000
> Unassigned mem read 00000000f3011190
> Unassigned mem write 00000000f3011190 = 0x1000000
> Unassigned mem write 00000000f3011190 = 0x3000000
> Unassigned mem read 00000000f3011190
> Unassigned mem write 00000000f3011190 = 0x1000000
> Unassigned mem write 00000000f3011190 = 0x3000000
> Unassigned mem read 00000000f3011190
> [bunch of more accesses to this address...]
> Unassigned mem read 00000000f3011170
> Unassigned mem read 00000000f3011170

According to 
https://github.com/dingusdev/dingusppc/blob/master/devices/macio.h this is 
probably the ethernet port, may want to map some unimplemented device 
there to log access, otherwise it probably OK ans could do without it for 
now.

> Unassigned mem read 000000000fefe7b0
> Unassigned mem write 000000000feffffc = 0x0
> Unassigned mem write 000000000feffff8 = 0x0

Still not sure about this one I'd expect it to write to frame buffer at 
this point but probably it's accessing wrong area due to something 
nonsense returned by some earlier read of some register and it did not 
seem to talk to PCI devices to set up the BARs earlier so either we're 
missing some register writes that are silently discarded in some 
partially emulated device or it expects things to be already set up some 
way at startup.

Regards,
BALATON Zoltan

[v5,09/11] macio: Add dummy screamer register area

Commit Message

Comments

Patch