The QEMU project is currently considering to move its bug tracking to another
system. For this we need to know which bugs are still valid and which could be
closed already. Thus we are setting older bugs to "Incomplete" now.
If you still think this bug report here is valid, then please switch the state
back to "New" or "Confirmed" within the next 60 days, otherwise this report
will be marked as "Expired". Or mark it as "Fix Released" if the problem has
been solved with a newer version of QEMU already. Thank you and sorry for the
inconvenience.
** Changed in: qemu
Status: New => Incomplete
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1826827
Title:
dtc crash; pnv_dt_serial cannot find lpc's phandle
Status in QEMU:
Incomplete
Bug description:
Qemu version:
QEMU emulator version 4.0.50 (v4.0.0-142-ge0fb2c3d89)
Copyright (c) 2003-2019 Fabrice Bellard and the QEMU Project developers
dtc version:
Version: DTC 1.5.0-g5c3513f6
-------------------------------------------------------------------------
pnv_dt_serial has a line which is supposed to set the interrupt-parent of the
"isa-serial@i3f8" node to the phandle of "lpc@0".
To that end, it calls fdt_get_phandle as shown below:
_FDT((fdt_setprop_cell(fdt, node, "interrupt-parent", fdt_get_phandle(fdt,
lpc_off))));
The function fdt_get_phandle fails to find the property "phandle" (or
"linux,phandle") for the lpc node. Consequently, pnv_dt_serial sets
the interrupt-parent to 0.
Now boot the qemu-system-ppc64 powernv machine, and extract the fdt by
using the qemu monitor's pmemsave command, taking help of the OPAL
firmware's messages to locate the fdt in the physical ram.
qemu-system-ppc64 -m 1g -machine powernv,num-chips=1 \
-cpu power9 -smp 2,cores=2,threads=1 -accel tcg,thread=multi \
-kernel ./vmlinux \
-append 'disable_radix' \
-serial mon:stdio -nographic -nodefaults
The kernel vmlinux contains nothing but a single instruction which
loops infintely, so that we can gather OPAL's messages, especially the
one below:
[ 0.168845963,5] INIT: Starting kernel at 0x20000000, fdt at
0x304b0b70 14404 bytes
Once the fdt is dumped to a file, run the following:
'dtc -O dtb -I dts -o out.dts dtb'
After a few warnings, the dtc application crashes because an assertion
was fired.
out.dts: Warning (unit_address_vs_reg): /lpcm-opb@6030000000000/lpc@0: node
has a unit name, but no reg property
out.dts: Warning (simple_bus_reg): /lpcm-opb@6030000000000/lpc@0: missing or
empty reg/ranges property
out.dts: Warning (avoid_unnecessary_addr_size): /ibm,opal: unnecessary
#address-cells/#size-cells without "ranges" or child "reg" property
out.dts: Warning (unique_unit_address): /interrupt-controller@0: duplicate
unit-address (also used in node /memory@0)
out.dts: Warning (chosen_node_stdout_path): /chosen:linux,stdout-path: Use
'stdout-path' instead
dtc: livetree.c:575: get_node_by_phandle: Assertion `generate_fixups' failed.
Aborted (core dumped)
The assertion is fired because get_node_by_phandle receives a phandle
value of 0, which is unexpected, unless fixups are needed (They are
not, when running the dtc command).
Back inside pnv_dt_serial, if the line that sets "interrupt-parent"
for the serial device node is commented out, the dtc crash is
prevented. Looking at hw/ppc/e500.c, it takes care of allocating
necessary phandle values in the nodes, so a similar method can be
adopted for powernv.
The dtb is attached.
Edit: Add version, Correct filenames.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1826827/+subscriptions
