From owner-freebsd-ppc@FreeBSD.ORG Sun Oct 19 07:43:22 2014 Return-Path: Delivered-To: freebsd-ppc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id EE78D541 for ; Sun, 19 Oct 2014 07:43:22 +0000 (UTC) Received: from asp.reflexion.net (outbound-241.asp.reflexion.net [69.84.129.241]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 79E7D676 for ; Sun, 19 Oct 2014 07:43:21 +0000 (UTC) Received: (qmail 12712 invoked from network); 19 Oct 2014 07:43:13 -0000 Received: from unknown (HELO mail-cs-01.app.dca.reflexion.local) (10.81.19.1) by 0 (rfx-qmail) with SMTP; 19 Oct 2014 07:43:13 -0000 Received: by mail-cs-01.app.dca.reflexion.local (Reflexion email security v7.30.7) with SMTP; Sun, 19 Oct 2014 03:43:13 -0400 (EDT) Received: (qmail 5700 invoked from network); 19 Oct 2014 07:43:13 -0000 Received: from unknown (HELO iron2.pdx.net) (69.64.224.71) by 0 (rfx-qmail) with (DHE-RSA-AES256-SHA encrypted) SMTP; 19 Oct 2014 07:43:13 -0000 X-No-Relay: not in my network X-No-Relay: not in my network X-No-Relay: not in my network Received: from [192.168.1.8] (c-98-246-178-138.hsd1.or.comcast.net [98.246.178.138]) by iron2.pdx.net (Postfix) with ESMTPSA id E5558B1E001; Sun, 19 Oct 2014 00:43:11 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) Subject: Re: My PowerMac G5's no longer crash at boot: PowerMac G5 specific ofwcall changes with justifying evidence [current workaround] From: Mark Millard In-Reply-To: <0CEC8978-E208-4F57-8481-DD9C321EF673@dsl-only.net> Date: Sun, 19 Oct 2014 00:43:11 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: <0EAE6493-FF6B-4F90-8C7B-F32A62DBD6B7@dsl-only.net> References: <76F704FD-BB74-4439-8318-DB4C167B420F@dsl-only.net> <543B3828.8070806@freebsd.org> <9D9B0372-8D8F-4153-85B5-40066206EF67@dsl-only.net> <379AA7FC-98C9-48B9-92BB-60E134817AF1@dsl-only.net> <543D5ACD.20901@freebsd.org> <3D4A76B3-431A-4C94-8747-70369A8A1764@dsl-only.net> <0F85ACBD-F6D6-4ABA-B8FA-00C586A086DE@dsl-only.net> <49920E63-CB4A-429C-AB3A-984075AE183D@dsl-only.net> <0CEC8978-E208-4F57-8481-DD9C321EF673@dsl-only.net> To: Nathan Whitehorn X-Mailer: Apple Mail (2.1878.6) Cc: Justin Hibbits , FreeBSD PowerPC ML X-BeenThere: freebsd-ppc@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Porting FreeBSD to the PowerPC List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Oct 2014 07:43:23 -0000 Short of extracting and analyzing the openfirmware code and its behavior = directly I've run out of ideas for investigation of the %r1 and %r3 = corruptions during openfirmware calls on the PowerMac G5's. So my next investigative direction will probably be to hack in %r1 and = %r3 validation into the powerpc/GENERIC ofwcall 32 bit code and have it = report if it finds anything odd. This may take a while for me to get to. = And some time to conclude that nothing is being found if nothing is = found. I believe that given the known problems and observed %r1 and %r3 = corruptions that the FreeBSD ofwcall code for powerpc64 on PowerMacs = would be safer if ofwcall was changed to have the following properties = (at least on/for powerpc64 PowerMacs): A) check if %r3 ends up neither 0 nor -1 and if not then change it to -1 = for what is returned overall. In other words: do not presume things are = okay with other information returned other ways (fields of struct = pointed to by argument) unless the returned openfirmware status in %r3 = is exactly zero. So otherwise have the openfirmware error indicator (-1) = returned from ofwcall. [Do all openfirmware's have the one's complement Boolean style return = values (0 vs. -1) that PowerMac G5's seem to have? If not the code above = would fail to be very general.] B) Similarly check for if %r1 had a net-change (a corruption) and use = the known/recorded before-value and have %r3 be -1 to get to the point = of returning to the caller a failure status to the code calling ofwcall. C) Possibly have one automatic retry of the openfirmware call if (A) or = (B) type problems happen before having such a failure (-1) return. = Re-setup %r1 and %r3 first for such a retry if such is attempted. Handle = retry-failure as in (A) and (B) above. [This comes from my investigation only finding one-time-failures in the = sequence of ofwcall's: after a failure later calls from the same boot = sequence and until shutdown worked without observed corruptions of %r1 = or %r3.] D) As paranoia for now: Have a general bias to not depending on most = registers being preserved across the openfirmware call since bad = register values are part of the observed problem. Probably be biased to = mostly use the registers that ofwcall already explicit saves and = restores (non-volatile registers that openfirmware should also = explicitly save and restore) but use separate storage to save and then = recover values across any calls into openfirmware. However, such changes would mean that such PowerMac builds would not be = generic FreeBSD code unless such things were tolerable for the other = powerpc64 contexts that use ofwcall from ofwcall64.S. My code for this below certainly qualifies as a personal hack based on = information specific to PowerMac G5's. I have also left in place the = early restore of the FreeBSD sprg0 value that allowed the original = exception to have a proper value to use during my investigations. (Those = specific exceptions should no longer be possible in my code.) I've got = ofw_sprg0_save being accessible and used from both ofw_machdep.c and = ofwcalla64.S because of leaving this paranoia item in place. I also have DDB/GDB option additions in GENERIC64 and ddb hacks such = that early crashes tend to "bt; show registers" before hanging. (There = is also the PS3 disable and the addition of sc.) My context is still 10.1-RC1 based. /etc/make.conf with = WITH_DEBUG_FILES=3D , WITHOUT_CLANG=3D , WITH_DEBUG=3D , and = WORKDIRPREFIX assigned. I tend to have verbose_loading=3D"YES" in = /boot/loader.conf . kern.vty depends on which video hardware is = involved. Panic dumps are effectively disabled by it attempting larger = dma transfers than are actually supported: that that size relationship = ends up reported instead. root@FBSDG5M1:/usr/home/markmi # svnlite diff /usr/src/sys/ Index: /usr/src/sys/ddb/db_main.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- /usr/src/sys/ddb/db_main.c (revision 272558) +++ /usr/src/sys/ddb/db_main.c (working copy) @@ -46,6 +46,9 @@ #include #include =20 +/* HACK: part of dealing with lack of input for early boot time */ +#include + SYSCTL_NODE(_debug, OID_AUTO, ddb, CTLFLAG_RW, 0, "DDB settings"); =20 static dbbe_init_f db_init; @@ -210,6 +213,9 @@ watchpt =3D IS_WATCHPOINT_TRAP(type, code); =20 if (db_stop_at_pc(&bkpt)) { + /* HACK: part of early boot handling: no input possible = */ + db_disable_pager(); + if (db_inst_count) { db_printf("After %d instructions (%d loads, %d = stores),\n", db_inst_count, db_load_count, = db_store_count); Index: /usr/src/sys/ddb/db_script.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- /usr/src/sys/ddb/db_script.c (revision 272558) +++ /usr/src/sys/ddb/db_script.c (working copy) @@ -319,10 +319,25 @@ { char scriptname[DB_MAXSCRIPTNAME]; =20 + /* HACK!!! : Additional lines to force a basic default script to = exist. + * Will dump information even if ddb input is not available for = early crash. + * Used to get more information about PowerMac G5 "before = Copyright" hangs. + */ + struct ddb_script *dsp =3D = db_script_lookup(DB_SCRIPT_KDBENTER_DEFAULT); + if (!dsp) db_script_set(DB_SCRIPT_KDBENTER_DEFAULT, "bt; show = registers"); + snprintf(scriptname, sizeof(scriptname), "%s.%s", DB_SCRIPT_KDBENTER_PREFIX, eventname); if (db_script_exec(scriptname, 0) =3D=3D ENOENT) (void)db_script_exec(DB_SCRIPT_KDBENTER_DEFAULT, 0); + + /* HACK!!! : Additional lines to always use the default script, + * even if scriptname existed and was executed. + * Will dump information even if ddb input is not available for = early crash. + * Used to get more information about PowerMac G5 "before = Copyright" hangs. + */ + else + (void)db_script_exec(DB_SCRIPT_KDBENTER_DEFAULT, 0); } =20 /*- Index: /usr/src/sys/powerpc/conf/GENERIC64 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- /usr/src/sys/powerpc/conf/GENERIC64 (revision 272558) +++ /usr/src/sys/powerpc/conf/GENERIC64 (working copy) @@ -28,7 +28,7 @@ =20 # Platform support options POWERMAC #NewWorld Apple PowerMacs -options PS3 #Sony Playstation 3 +#options PS3 #Sony Playstation 3 = HACK!!! to allow sc options MAMBO #IBM Mambo Full System Simulator options PSERIES #PAPR-compliant systems (e.g. = IBM p) =20 @@ -76,6 +76,12 @@ # Debugging support. Always need this: options KDB # Enable kernel debugger = support. options KDB_TRACE # Print a stack trace for a = panic. +options DDB # HACK!!! to dump early crash = info +options GDB # HACK!!! ... +#options KTR +#options KTR_MASK=3DKTR_TRAP +#options KTR_CPUMASK=3D0xF +#options KTR_VERBOSE =20 # Make an SMP-capable kernel by default options SMP # Symmetric MultiProcessor = Kernel @@ -115,6 +121,14 @@ device vt # Core console driver device kbdmux =20 +# HACK!!! to allow sc for 2560x1440 display on Radeon X1950 that vt = mishandled +# syscons is a console driver, resembling an SCO console +device sc +#device kbdmux # HACK: already listed by vt +options SC_OFWFB # OFW frame buffer +options SC_DFLT_FONT # compile font in +makeoptions SC_DFLT_FONT=3Dcp437 + # Serial (COM) ports device scc device uart Index: /usr/src/sys/powerpc/ofw/ofw_machdep.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- /usr/src/sys/powerpc/ofw/ofw_machdep.c (revision 272558) +++ /usr/src/sys/powerpc/ofw/ofw_machdep.c (working copy) @@ -94,6 +94,11 @@ /* * Saved SPRG0-3 from OpenFirmware. Will be restored prior to the = callback. */ +/* HACK: ofw_sprg0_save storage defined in ofwcall + * for use in very early FreeBSD sprg0 restore + * as part of ready-for-possible-exception parania. + */ +extern register_t ofw_sprg0_save; =20 static __inline void Index: /usr/src/sys/powerpc/ofw/ofwcall64.S =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- /usr/src/sys/powerpc/ofw/ofwcall64.S (revision 272558) +++ /usr/src/sys/powerpc/ofw/ofwcall64.S (working copy) @@ -52,6 +52,20 @@ GLOBAL(rtas_entry) .llong 0 /* RTAS entry point */ =20 + /* HACK: part of dealing with openfirmware %r1, %r3 corruptions */ +ofw_entry_addr: /* accessed under ofw = msr */ + .space 4 +ofw_r1_for_retry: /* accessed under ofw msr */ + .space 4 +ofw_r3_for_retry: /* accessed under ofw msr */ + .space 4 + + /* HACK: part of having FreeBSD sprg0 in place for potential = exceptions */ +ofwsprg0save: /* accessed under ofw msr */ + .space 8 /* sizeof(register_t) */ +GLOBAL(ofw_sprg0_save) /* accessed under FreeBSD msr */ + .llong 0 + /* * Open Firmware Real-mode Entry Point. This is a huge pain. */ @@ -90,50 +104,121 @@ std %r30,192(%r1) std %r31,200(%r1) =20 + /* HACK: Avoid depending much on preserved registers + * and be biased to use the ones saved above + */ + /* Record the old MSR */ - mfmsr %r6 + mfmsr %r14 =20 /* read client interface handler */ - lis %r4,openfirmware_entry@ha - ld %r4,openfirmware_entry@l(%r4) + lis %r15,openfirmware_entry@ha + ld %r15,openfirmware_entry@l(%r15) =20 + /* HACK: part of having FreeBSD's sprg0 in place for exceptions. + * Parania code at this point since corrupted %r1 values = are + * avoided by forcing the before-openfirmware value. + */ + lis %r16,ofw_sprg0_save@ha + ld %r16,ofw_sprg0_save@l(%r16) + /* * Set the MSR to the OF value. This has the side effect of = disabling * exceptions, which is important for the next few steps. + * NOTE: The call chain may well have already disabled such in = FreeBSD's + * msr. */ =20 - lis %r5,ofmsr@ha - ld %r5,ofmsr@l(%r5) - mtmsrd %r5 + lis %r17,ofmsr@ha + ld %r17,ofmsr@l(%r17) + mtmsrd %r17 isync =20 /* * Set up OF stack. This needs to be accessible in real mode and * use the 32-bit ABI stack frame format. The pointer to the = current - * kernel stack is placed at the very top of the stack along = with - * the old MSR so we can get them back later. + * kernel stack is placed below the effective ofw-stack along = with the + * active FreeBSD TOC and FreeBSD MSR so we can get them back = later. */ - mr %r5,%r1 + mr %r18,%r1 lis %r1,(ofwstk+OFWSTKSZ-32)@ha addi %r1,%r1,(ofwstk+OFWSTKSZ-32)@l - std %r5,8(%r1) /* Save real stack pointer */ - std %r2,16(%r1) /* Save old TOC */ - std %r6,24(%r1) /* Save old MSR */ - li %r5,0 - stw %r5,4(%r1) - stw %r5,0(%r1) + std %r18,8(%r1) /* Save FreeBSD stack pointer */ + std %r2,16(%r1) /* Save FreeBSD TOC */ + std %r14,24(%r1) /* Save FreeBSD MSR */ + li %r19,0 + stw %r19,4(%r1) + stw %r19,0(%r1) =20 + /* HACK: Avoid depending much on preserved registers */ + + /* HACK: recording openfirmware entry address for use in = possible retry */ + lis %r20,ofw_entry_addr@ha + stw %r15,ofw_entry_addr@l(%r20) + + /* HACK: recording %r1 before openfirmware for use in possible = retry + * and also for testing for corruption (net-change) + */ + lis %r21,ofw_r1_for_retry@ha + stw %r1,ofw_r1_for_retry@l(%r21) + + /* HACK: recording %r3 before openfirmware for use in possible = retry */ + lis %r22,ofw_r3_for_retry@ha + stw %r3,ofw_r3_for_retry@l(%r22) + + /* HACK: part of having FreeBSD's sprg0 in place for exceptions. + * Parania code at this point since corrupted %r1 values = are + * avoided by forcing the before-openfirmware value. + */ + lis %r23,ofwsprg0save@ha + std %r16,ofwsprg0save@l(%r23) + /* Finally, branch to OF */ - mtctr %r4 + mtctr %r15 bctrl =20 - /* Reload stack pointer and MSR from the OFW stack */ - ld %r6,24(%r1) + /* HACK: check if %r1 was corrupted (had a net-change) */ + lis %r21,ofw_r1_for_retry@ha + lwz %r24,ofw_r1_for_retry@l(%r21) + cmpw %r24,%r1 + bne 2f /* stack pointer corrupted so go retry once */ + + /* HACK: %r1 okay but check %r3 for being 0 or -1 vs. anything = else */ + xoris %r25,%r3,0 + cmpw %r25,%r3 + bne 2f /* %r3 was neither 0 nor -1 so corruption: go retry = once */ + + /* HACK: here both %r1 and %r3 appeared to be okay: + * so sequential flow was for "no problems" + */ + +1: /* HACK status: continue/return from whatever status, + * trying to get back cleanly to the FreeBSD context + */ + + /* HACK: part of having FreeBSD's sprg0 in place for any = exception + * during return. + * Parania code at this point since corrupted %r1 values = are + * avoided by forcing the before-openfirmware value. + * NOTE: Calling code also deals with this but too late for the + * original exceptions after openfirmware returned to this = code. + */ + lis %r23,ofwsprg0save@ha + ld %r16,ofwsprg0save@l(%r23) + mtsprg0 %r16 + + /* Reload FreeBSD stack pointer and MSR + * from the bottom of the (i.e., below the effective) OFW stack + * + * HACK note: %r1 may have been forced to the = before-openfirmware value + * (to avoid garbage results and the resulting = exceptions) + */ + ld %r26,24(%r1) ld %r2,16(%r1) ld %r1,8(%r1) =20 - /* Now set the real MSR */ - mtmsrd %r6 + /* Now set the FreeBSD MSR */ + mtmsrd %r26 isync =20 /* Sign-extend the return value from OF */ @@ -168,6 +253,43 @@ mtlr %r0 blr =20 +/* HACK: code for %r1 and/or %r3 corruption's single-retry */ +/* Still under openfirmware's msr, sprg0, stack values */ + +2: /* HACK: corruption observed so retry, restoring %r1 and %r3 = first */ + lis %r20,ofw_entry_addr@ha + lwz %r15,ofw_entry_addr@l(%r20) + lis %r21,ofw_r1_for_retry@ha + lwz %r1,ofw_r1_for_retry@l(%r21) + lis %r22,ofw_r3_for_retry@ha + lwz %r3,ofw_r3_for_retry@l(%r22) + mtctr %r15 + bctrl + + /* HACK: check if %r1 was corrupted (had a net-change) */ + lis %r21,ofw_r1_for_retry@ha + lwz %r24,ofw_r1_for_retry@l(%r21) + cmpw %r24,%r1 + bne 3f /* retry corrupted %r1 + * so go give up with %r3 being -1 and %r1 = forced-good + */ + + /* HACK: %r1 okay but check %r3 for being 0 or -1 vs. anything = else */ + xoris %r25,%r3,0 + cmpw %r25,%r3 + beq 1b /* %r3 also was 0 or -1 so no corruption observed on = retry + * so go do a normal return + */ + +3: /* Either %r1 had a net change after retry + * or %r3 was not one of 0,-1 after retry + * so force %r1 and have %r3 be -1 then go return + */ + lis %r21,ofw_r1_for_retry@ha + lwz %r1,ofw_r1_for_retry@l(%r21) + li %r3,-1 /* the openfirmware failure return value */ + b 1b + /* * RTAS 32-bit Entry Point. Similar to the OF one, but simpler (no = separate * stack) =3D=3D=3D Mark Millard markmi at dsl-only.net From owner-freebsd-ppc@FreeBSD.ORG Sun Oct 19 21:12:45 2014 Return-Path: Delivered-To: freebsd-ppc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CE4E3D85 for ; Sun, 19 Oct 2014 21:12:45 +0000 (UTC) Received: from asp.reflexion.net (outbound-241.asp.reflexion.net [69.84.129.241]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 58A7293A for ; Sun, 19 Oct 2014 21:12:44 +0000 (UTC) Received: (qmail 4376 invoked from network); 19 Oct 2014 21:12:42 -0000 Received: from unknown (HELO rtc-sm-01.app.dca.reflexion.local) (10.81.150.1) by 0 (rfx-qmail) with SMTP; 19 Oct 2014 21:12:42 -0000 Received: by rtc-sm-01.app.dca.reflexion.local (Reflexion email security v7.30.7) with SMTP; Sun, 19 Oct 2014 17:12:42 -0400 (EDT) Received: (qmail 24580 invoked from network); 19 Oct 2014 21:12:42 -0000 Received: from unknown (HELO iron2.pdx.net) (69.64.224.71) by 0 (rfx-qmail) with (DHE-RSA-AES256-SHA encrypted) SMTP; 19 Oct 2014 21:12:42 -0000 X-No-Relay: not in my network X-No-Relay: not in my network X-No-Relay: not in my network Received: from [192.168.1.8] (c-98-246-178-138.hsd1.or.comcast.net [98.246.178.138]) by iron2.pdx.net (Postfix) with ESMTPSA id 73B611C402C; Sun, 19 Oct 2014 14:12:37 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) Subject: Re: My PowerMac G5's no longer crash at boot: PowerMac G5 specific ofwcall changes with justifying evidence [current workaround] From: Mark Millard In-Reply-To: <0EAE6493-FF6B-4F90-8C7B-F32A62DBD6B7@dsl-only.net> Date: Sun, 19 Oct 2014 14:12:40 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: References: <76F704FD-BB74-4439-8318-DB4C167B420F@dsl-only.net> <543B3828.8070806@freebsd.org> <9D9B0372-8D8F-4153-85B5-40066206EF67@dsl-only.net> <379AA7FC-98C9-48B9-92BB-60E134817AF1@dsl-only.net> <543D5ACD.20901@freebsd.org> <3D4A76B3-431A-4C94-8747-70369A8A1764@dsl-only.net> <0F85ACBD-F6D6-4ABA-B8FA-00C586A086DE@dsl-only.net> <49920E63-CB4A-429C-AB3A-984075AE183D@dsl-only.net> <0CEC8978-E208-4F57-8481-DD9C321EF673@dsl-only.net> <0EAE6493-FF6B-4F90-8C7B-F32A62DBD6B7@dsl-only.net> To: Nathan Whitehorn X-Mailer: Apple Mail (2.1878.6) Cc: Justin Hibbits , FreeBSD PowerPC ML X-BeenThere: freebsd-ppc@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Porting FreeBSD to the PowerPC List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Oct 2014 21:12:45 -0000 I should be explicit about some of what I've not done in my = investigations... I've not been brave enough to try to have the likes of, say, slbtrap and = kern_slbtrap execution paths that do not use powerpc_interrupt noted in = with the ofwcall history to see if/when they are happening relative to = ofwcall usage. For example I've never done anything explicit to force the memory = address range then involved in holding the simple history text to have = invariant addressing across the contexts: (A) mmu-disabled, (B) = mmu-enabled but virtual-memory-disabled, (C) mmu and virtual-memory = active. Nor have I done anything explicit to force that memory range to = stay in RAM so that it could not cause interrupts itself. When I had powerpc_interrupt recording in the history I greatly limited = what I did with such a kernel build. (I keep a separate = /boot/good/kernel around that is not replaced by make -j 8 kernel = experiments.) I was really only interested in the early boot information = and what I did was sufficient for that. So, for example, I've not eliminated slbtrap exceptions as happening in = the problem context --at least not by what can be known from the history = recorded. But looking at that code it is far from obvious how it would = contribute to the %r1/%r3 corruption (%r1=3D%r3=3D%r2+0x400, with %r2 = having the before openfirware value that is preserved to the after = openfirmware context). And my earlier reference to alternate code being safer is tied to not = depending on the garbage access via the corruptede %r1 to cause a = panic/hang to avoid processing otehr possibly garbage bits. It is true = that I mixed that with trying to continue instead of forcing things to = stop. There are contexts where detecting either the %r1 or the %r3 = corruption should lead to things stopping for fear of what else might be = messed up. I've not checked all the code to know if ofwcall returning -1 = in %r3 would always stop or not. =3D=3D=3D Mark Millard markmi@dsl-only.net On Oct 19, 2014, at 12:43 AM, Mark Millard wrote: Short of extracting and analyzing the openfirmware code and its behavior = directly I've run out of ideas for investigation of the %r1 and %r3 = corruptions during openfirmware calls on the PowerMac G5's. So my next investigative direction will probably be to hack in %r1 and = %r3 validation into the powerpc/GENERIC ofwcall 32 bit code and have it = report if it finds anything odd. This may take a while for me to get to. = And some time to conclude that nothing is being found if nothing is = found. I believe that given the known problems and observed %r1 and %r3 = corruptions that the FreeBSD ofwcall code for powerpc64 on PowerMacs = would be safer if ofwcall was changed to have the following properties = (at least on/for powerpc64 PowerMacs): A) check if %r3 ends up neither 0 nor -1 and if not then change it to -1 = for what is returned overall. In other words: do not presume things are = okay with other information returned other ways (fields of struct = pointed to by argument) unless the returned openfirmware status in %r3 = is exactly zero. So otherwise have the openfirmware error indicator (-1) = returned from ofwcall. [Do all openfirmware's have the one's complement Boolean style return = values (0 vs. -1) that PowerMac G5's seem to have? If not the code above = would fail to be very general.] B) Similarly check for if %r1 had a net-change (a corruption) and use = the known/recorded before-value and have %r3 be -1 to get to the point = of returning to the caller a failure status to the code calling ofwcall. C) Possibly have one automatic retry of the openfirmware call if (A) or = (B) type problems happen before having such a failure (-1) return. = Re-setup %r1 and %r3 first for such a retry if such is attempted. Handle = retry-failure as in (A) and (B) above. [This comes from my investigation only finding one-time-failures in the = sequence of ofwcall's: after a failure later calls from the same boot = sequence and until shutdown worked without observed corruptions of %r1 = or %r3.] D) As paranoia for now: Have a general bias to not depending on most = registers being preserved across the openfirmware call since bad = register values are part of the observed problem. Probably be biased to = mostly use the registers that ofwcall already explicit saves and = restores (non-volatile registers that openfirmware should also = explicitly save and restore) but use separate storage to save and then = recover values across any calls into openfirmware. However, such changes would mean that such PowerMac builds would not be = generic FreeBSD code unless such things were tolerable for the other = powerpc64 contexts that use ofwcall from ofwcall64.S. My code for this below certainly qualifies as a personal hack based on = information specific to PowerMac G5's. I have also left in place the = early restore of the FreeBSD sprg0 value that allowed the original = exception to have a proper value to use during my investigations. (Those = specific exceptions should no longer be possible in my code.) I've got = ofw_sprg0_save being accessible and used from both ofw_machdep.c and = ofwcalla64.S because of leaving this paranoia item in place. I also have DDB/GDB option additions in GENERIC64 and ddb hacks such = that early crashes tend to "bt; show registers" before hanging. (There = is also the PS3 disable and the addition of sc.) My context is still 10.1-RC1 based. /etc/make.conf with = WITH_DEBUG_FILES=3D , WITHOUT_CLANG=3D , WITH_DEBUG=3D , and = WORKDIRPREFIX assigned. I tend to have verbose_loading=3D"YES" in = /boot/loader.conf . kern.vty depends on which video hardware is = involved. Panic dumps are effectively disabled by it attempting larger = dma transfers than are actually supported: that that size relationship = ends up reported instead. root@FBSDG5M1:/usr/home/markmi # svnlite diff /usr/src/sys/ Index: /usr/src/sys/ddb/db_main.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- /usr/src/sys/ddb/db_main.c (revision 272558) +++ /usr/src/sys/ddb/db_main.c (working copy) @@ -46,6 +46,9 @@ #include #include +/* HACK: part of dealing with lack of input for early boot time */ +#include + SYSCTL_NODE(_debug, OID_AUTO, ddb, CTLFLAG_RW, 0, "DDB settings"); static dbbe_init_f db_init; @@ -210,6 +213,9 @@ watchpt =3D IS_WATCHPOINT_TRAP(type, code); if (db_stop_at_pc(&bkpt)) { + /* HACK: part of early boot handling: no input possible = */ + db_disable_pager(); + if (db_inst_count) { db_printf("After %d instructions (%d loads, %d = stores),\n", db_inst_count, db_load_count, = db_store_count); Index: /usr/src/sys/ddb/db_script.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- /usr/src/sys/ddb/db_script.c (revision 272558) +++ /usr/src/sys/ddb/db_script.c (working copy) @@ -319,10 +319,25 @@ { char scriptname[DB_MAXSCRIPTNAME]; + /* HACK!!! : Additional lines to force a basic default script to = exist. + * Will dump information even if ddb input is not available for = early crash. + * Used to get more information about PowerMac G5 "before = Copyright" hangs. + */ + struct ddb_script *dsp =3D = db_script_lookup(DB_SCRIPT_KDBENTER_DEFAULT); + if (!dsp) db_script_set(DB_SCRIPT_KDBENTER_DEFAULT, "bt; show = registers"); + snprintf(scriptname, sizeof(scriptname), "%s.%s", DB_SCRIPT_KDBENTER_PREFIX, eventname); if (db_script_exec(scriptname, 0) =3D=3D ENOENT) (void)db_script_exec(DB_SCRIPT_KDBENTER_DEFAULT, 0); + + /* HACK!!! : Additional lines to always use the default script, + * even if scriptname existed and was executed. + * Will dump information even if ddb input is not available for = early crash. + * Used to get more information about PowerMac G5 "before = Copyright" hangs. + */ + else + (void)db_script_exec(DB_SCRIPT_KDBENTER_DEFAULT, 0); } /*- Index: /usr/src/sys/powerpc/conf/GENERIC64 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- /usr/src/sys/powerpc/conf/GENERIC64 (revision 272558) +++ /usr/src/sys/powerpc/conf/GENERIC64 (working copy) @@ -28,7 +28,7 @@ # Platform support options POWERMAC #NewWorld Apple PowerMacs -options PS3 #Sony Playstation 3 +#options PS3 #Sony Playstation 3 = HACK!!! to allow sc options MAMBO #IBM Mambo Full System Simulator options PSERIES #PAPR-compliant systems (e.g. = IBM p) @@ -76,6 +76,12 @@ # Debugging support. Always need this: options KDB # Enable kernel debugger = support. options KDB_TRACE # Print a stack trace for a = panic. +options DDB # HACK!!! to dump early crash = info +options GDB # HACK!!! ... +#options KTR +#options KTR_MASK=3DKTR_TRAP +#options KTR_CPUMASK=3D0xF +#options KTR_VERBOSE # Make an SMP-capable kernel by default options SMP # Symmetric MultiProcessor = Kernel @@ -115,6 +121,14 @@ device vt # Core console driver device kbdmux +# HACK!!! to allow sc for 2560x1440 display on Radeon X1950 that vt = mishandled +# syscons is a console driver, resembling an SCO console +device sc +#device kbdmux # HACK: already listed by vt +options SC_OFWFB # OFW frame buffer +options SC_DFLT_FONT # compile font in +makeoptions SC_DFLT_FONT=3Dcp437 + # Serial (COM) ports device scc device uart Index: /usr/src/sys/powerpc/ofw/ofw_machdep.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- /usr/src/sys/powerpc/ofw/ofw_machdep.c (revision 272558) +++ /usr/src/sys/powerpc/ofw/ofw_machdep.c (working copy) @@ -94,6 +94,11 @@ /* * Saved SPRG0-3 from OpenFirmware. Will be restored prior to the = callback. */ +/* HACK: ofw_sprg0_save storage defined in ofwcall + * for use in very early FreeBSD sprg0 restore + * as part of ready-for-possible-exception parania. + */ +extern register_t ofw_sprg0_save; static __inline void Index: /usr/src/sys/powerpc/ofw/ofwcall64.S =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- /usr/src/sys/powerpc/ofw/ofwcall64.S (revision 272558) +++ /usr/src/sys/powerpc/ofw/ofwcall64.S (working copy) @@ -52,6 +52,20 @@ GLOBAL(rtas_entry) .llong 0 /* RTAS entry point */ + /* HACK: part of dealing with openfirmware %r1, %r3 corruptions */ +ofw_entry_addr: /* accessed under ofw = msr */ + .space 4 +ofw_r1_for_retry: /* accessed under ofw msr */ + .space 4 +ofw_r3_for_retry: /* accessed under ofw msr */ + .space 4 + + /* HACK: part of having FreeBSD sprg0 in place for potential = exceptions */ +ofwsprg0save: /* accessed under ofw msr */ + .space 8 /* sizeof(register_t) */ +GLOBAL(ofw_sprg0_save) /* accessed under FreeBSD msr */ + .llong 0 + /* * Open Firmware Real-mode Entry Point. This is a huge pain. */ @@ -90,50 +104,121 @@ std %r30,192(%r1) std %r31,200(%r1) + /* HACK: Avoid depending much on preserved registers + * and be biased to use the ones saved above + */ + /* Record the old MSR */ - mfmsr %r6 + mfmsr %r14 /* read client interface handler */ - lis %r4,openfirmware_entry@ha - ld %r4,openfirmware_entry@l(%r4) + lis %r15,openfirmware_entry@ha + ld %r15,openfirmware_entry@l(%r15) + /* HACK: part of having FreeBSD's sprg0 in place for exceptions. + * Parania code at this point since corrupted %r1 values = are + * avoided by forcing the before-openfirmware value. + */ + lis %r16,ofw_sprg0_save@ha + ld %r16,ofw_sprg0_save@l(%r16) + /* * Set the MSR to the OF value. This has the side effect of = disabling * exceptions, which is important for the next few steps. + * NOTE: The call chain may well have already disabled such in = FreeBSD's + * msr. */ - lis %r5,ofmsr@ha - ld %r5,ofmsr@l(%r5) - mtmsrd %r5 + lis %r17,ofmsr@ha + ld %r17,ofmsr@l(%r17) + mtmsrd %r17 isync /* * Set up OF stack. This needs to be accessible in real mode and * use the 32-bit ABI stack frame format. The pointer to the = current - * kernel stack is placed at the very top of the stack along = with - * the old MSR so we can get them back later. + * kernel stack is placed below the effective ofw-stack along = with the + * active FreeBSD TOC and FreeBSD MSR so we can get them back = later. */ - mr %r5,%r1 + mr %r18,%r1 lis %r1,(ofwstk+OFWSTKSZ-32)@ha addi %r1,%r1,(ofwstk+OFWSTKSZ-32)@l - std %r5,8(%r1) /* Save real stack pointer */ - std %r2,16(%r1) /* Save old TOC */ - std %r6,24(%r1) /* Save old MSR */ - li %r5,0 - stw %r5,4(%r1) - stw %r5,0(%r1) + std %r18,8(%r1) /* Save FreeBSD stack pointer */ + std %r2,16(%r1) /* Save FreeBSD TOC */ + std %r14,24(%r1) /* Save FreeBSD MSR */ + li %r19,0 + stw %r19,4(%r1) + stw %r19,0(%r1) + /* HACK: Avoid depending much on preserved registers */ + + /* HACK: recording openfirmware entry address for use in = possible retry */ + lis %r20,ofw_entry_addr@ha + stw %r15,ofw_entry_addr@l(%r20) + + /* HACK: recording %r1 before openfirmware for use in possible = retry + * and also for testing for corruption (net-change) + */ + lis %r21,ofw_r1_for_retry@ha + stw %r1,ofw_r1_for_retry@l(%r21) + + /* HACK: recording %r3 before openfirmware for use in possible = retry */ + lis %r22,ofw_r3_for_retry@ha + stw %r3,ofw_r3_for_retry@l(%r22) + + /* HACK: part of having FreeBSD's sprg0 in place for exceptions. + * Parania code at this point since corrupted %r1 values = are + * avoided by forcing the before-openfirmware value. + */ + lis %r23,ofwsprg0save@ha + std %r16,ofwsprg0save@l(%r23) + /* Finally, branch to OF */ - mtctr %r4 + mtctr %r15 bctrl - /* Reload stack pointer and MSR from the OFW stack */ - ld %r6,24(%r1) + /* HACK: check if %r1 was corrupted (had a net-change) */ + lis %r21,ofw_r1_for_retry@ha + lwz %r24,ofw_r1_for_retry@l(%r21) + cmpw %r24,%r1 + bne 2f /* stack pointer corrupted so go retry once */ + + /* HACK: %r1 okay but check %r3 for being 0 or -1 vs. anything = else */ + xoris %r25,%r3,0 + cmpw %r25,%r3 + bne 2f /* %r3 was neither 0 nor -1 so corruption: go retry = once */ + + /* HACK: here both %r1 and %r3 appeared to be okay: + * so sequential flow was for "no problems" + */ + +1: /* HACK status: continue/return from whatever status, + * trying to get back cleanly to the FreeBSD context + */ + + /* HACK: part of having FreeBSD's sprg0 in place for any = exception + * during return. + * Parania code at this point since corrupted %r1 values = are + * avoided by forcing the before-openfirmware value. + * NOTE: Calling code also deals with this but too late for the + * original exceptions after openfirmware returned to this = code. + */ + lis %r23,ofwsprg0save@ha + ld %r16,ofwsprg0save@l(%r23) + mtsprg0 %r16 + + /* Reload FreeBSD stack pointer and MSR + * from the bottom of the (i.e., below the effective) OFW stack + * + * HACK note: %r1 may have been forced to the = before-openfirmware value + * (to avoid garbage results and the resulting = exceptions) + */ + ld %r26,24(%r1) ld %r2,16(%r1) ld %r1,8(%r1) - /* Now set the real MSR */ - mtmsrd %r6 + /* Now set the FreeBSD MSR */ + mtmsrd %r26 isync /* Sign-extend the return value from OF */ @@ -168,6 +253,43 @@ mtlr %r0 blr +/* HACK: code for %r1 and/or %r3 corruption's single-retry */ +/* Still under openfirmware's msr, sprg0, stack values */ + +2: /* HACK: corruption observed so retry, restoring %r1 and %r3 = first */ + lis %r20,ofw_entry_addr@ha + lwz %r15,ofw_entry_addr@l(%r20) + lis %r21,ofw_r1_for_retry@ha + lwz %r1,ofw_r1_for_retry@l(%r21) + lis %r22,ofw_r3_for_retry@ha + lwz %r3,ofw_r3_for_retry@l(%r22) + mtctr %r15 + bctrl + + /* HACK: check if %r1 was corrupted (had a net-change) */ + lis %r21,ofw_r1_for_retry@ha + lwz %r24,ofw_r1_for_retry@l(%r21) + cmpw %r24,%r1 + bne 3f /* retry corrupted %r1 + * so go give up with %r3 being -1 and %r1 = forced-good + */ + + /* HACK: %r1 okay but check %r3 for being 0 or -1 vs. anything = else */ + xoris %r25,%r3,0 + cmpw %r25,%r3 + beq 1b /* %r3 also was 0 or -1 so no corruption observed on = retry + * so go do a normal return + */ + +3: /* Either %r1 had a net change after retry + * or %r3 was not one of 0,-1 after retry + * so force %r1 and have %r3 be -1 then go return + */ + lis %r21,ofw_r1_for_retry@ha + lwz %r1,ofw_r1_for_retry@l(%r21) + li %r3,-1 /* the openfirmware failure return value */ + b 1b + /* * RTAS 32-bit Entry Point. Similar to the OF one, but simpler (no = separate * stack) =3D=3D=3D Mark Millard markmi at dsl-only.net From owner-freebsd-ppc@FreeBSD.ORG Mon Oct 20 08:50:11 2014 Return-Path: Delivered-To: freebsd-ppc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8F877997 for ; Mon, 20 Oct 2014 08:50:11 +0000 (UTC) Received: from asp.reflexion.net (outbound-241.asp.reflexion.net [69.84.129.241]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2A2DBFDD for ; Mon, 20 Oct 2014 08:50:10 +0000 (UTC) Received: (qmail 29673 invoked from network); 20 Oct 2014 08:50:03 -0000 Received: from unknown (HELO rtc-sm-01.app.dca.reflexion.local) (10.81.150.1) by 0 (rfx-qmail) with SMTP; 20 Oct 2014 08:50:03 -0000 Received: by rtc-sm-01.app.dca.reflexion.local (Reflexion email security v7.30.7) with SMTP; Mon, 20 Oct 2014 04:50:03 -0400 (EDT) Received: (qmail 22483 invoked from network); 20 Oct 2014 08:50:02 -0000 Received: from unknown (HELO iron2.pdx.net) (69.64.224.71) by 0 (rfx-qmail) with (DHE-RSA-AES256-SHA encrypted) SMTP; 20 Oct 2014 08:50:02 -0000 X-No-Relay: not in my network X-No-Relay: not in my network X-No-Relay: not in my network Received: from [192.168.1.8] (c-98-246-178-138.hsd1.or.comcast.net [98.246.178.138]) by iron2.pdx.net (Postfix) with ESMTPSA id 2CE551C4053; Mon, 20 Oct 2014 01:50:01 -0700 (PDT) Subject: Re: My PowerMac G5's no longer crash at boot: PowerMac G5 specific ofwcall changes with justifying evidence [Darwin 32-bit ABI violation] Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) Content-Type: text/plain; charset=us-ascii From: Mark Millard X-Priority: 1 In-Reply-To: Date: Mon, 20 Oct 2014 01:50:00 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: <96B5F27E-E7CE-4962-906E-F8A9DD3F7DDE@dsl-only.net> References: <76F704FD-BB74-4439-8318-DB4C167B420F@dsl-only.net> <543B3828.8070806@freebsd.org> <9D9B0372-8D8F-4153-85B5-40066206EF67@dsl-only.net> <379AA7FC-98C9-48B9-92BB-60E134817AF1@dsl-only.net> <543D5ACD.20901@freebsd.org> <3D4A76B3-431A-4C94-8747-70369A8A1764@dsl-only.net> <0F85ACBD-F6D6-4ABA-B8FA-00C586A086DE@dsl-only.net> <49920E63-CB4A-429C-AB3A-984075AE183D@dsl-only.net> <0CEC8978-E208-4F57-8481-DD9C321EF673@dsl-only.net> <0EAE6493-FF6B-4F90-8C7B-F32A62DBD6B7@dsl-only.net> To: Nathan Whitehorn X-Mailer: Apple Mail (2.1878.6) Cc: Justin Hibbits , FreeBSD PowerPC ML X-BeenThere: freebsd-ppc@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Porting FreeBSD to the PowerPC List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Oct 2014 08:50:11 -0000 I started to look into the powerpc/GENERIC (32 bit) PowerMac = requirements and what they imply for ofwcall since I intend on adding = the %r1 and %r3 validation code. But I discovered that the ofwcall64.S code is not really 32-bit Darwin = PowerPC ABI compliant. I am using Mac OS X Internals, A Systems Approach, by Amit Singh for = documentation of the Apple PowerPC 32 bit Darwin ABI. Technically it = documents just the Darwin/Mac OS X 32 bit PowerPC ABI. I'm not aware of = anything that explicitly says that openfirmware on PowerMac's is an = exact match. But I'd expect a match. (I also looked at The PowerPC = Compiler Writer's Guide, although it is not Apple specific.) The below is based on Internals book's material starting from the page = labeled 231 and using the diagram on the page labeled 232 and 235 = mostly. The page labeled 233 says: "A 32-bit Darwin ABI stack frame is 16-byte = aligned." I've choose to present a simple/non-optimized translation of what the = 32-bit Darwin PowerPC ABI would imply, translated into simple code that = conceptually might go in ofwcall. But Commented Code indicating the ABI = points. I must also note that the material is based strictly on the 32-bit = Darwin PowerPC ABI involved and what it allows/requires --and not on any = extra knowledge of what openfirmware really does that may make some = points irrelevant. And ofwcall's fake Darwin ABI frame is presented rather fully in its = details because openfirmware (the to-be-called routine) can use some of = that space. [Side note: it appears that any exceptions/interrupts that might use the = same stack must avoid a 224 (220?) byte "red zone" area above %r1 = because some leaf functions are allowed to use it without forming a = activation frame (well, 220 bytes but with 16-byte alignment pad making = it 224). AIX would have that be 220 --as far as I can tell because it = does not have the same 16-byte alignment rule.] .data .align 16 /* 32-bit Darwin PowerPC ABI requires 16-byte = (quad-word) stack frame alignment */. ofwstk: .space OFWSTKSZ /* Should keep to 16-byte multiples */ .align 4 /* back to normal */ ... mr %r18,%r1 lis %r1,(ofwstk+OFWSTKSZ-112)@ha=20 addi %r1,%r1,(ofwstk+OFWSTKSZ-112)@l /* Needs to produce a = 16-byte (quad-word) aligned %r1 value */ /* with room for the = following... */ /* These are not from the 32-bit Darwin PowerPC ABI: They are = after the fake ofwcall ABI frame. */ /* %r1+80 is also 16-byte aligned. */ std %r18,80+0(%r1) /* Save FreeBSD stack pointer */ std %r2,80+8(%r1) /* Save FreeBSD TOC */ std %r14,80+16(%r1) /* Save FreeBSD MSR */ /* Bytes at/after %r1+80+24 not used. The above are not from the = 32-bit Darwin ABI. */ /* The 32-bit Darwin PowerPC ABI ofwcall stack structure = follows: */ addi %r19,%r1,80 stw %r19,0(%r1) /* backchain (non-negative offsets from = there are junk here * relative to the 32-bit Darwin PowerPC = ABI but negative=20 * offsets from there can be okay if = small enough to be=20 * in ofwstk from %r1 to = ofwstk+OFWSTKSZ-112+79 inclusive) */ li %r19,0 stw %r19,4(%r1) /* space for openfirmware (the = to-be-called routine) to store CR */ stw %r19,8(%r1) /* space for openfirmware (the = to-be-called routine) to store LR */ stw %r19,12(%r1) /* Darwin linkage reserved space */ stw %r19,16(%r1) /* more Darwin linkage reserved space */ stw %r19,20(%r1) /* space for TOC (despite 32-bit Darwin = ABI not using TOC: it has the space) */ /* End of 24 byte linkage area */ /* Empty local stack area. If non-empty: 16-bit aligned? Prefix = padding shown in book that produces such alignment. */ /* Parameter area required because a function (openfirmware) is = called. Must be double word aligned. */ stw %r19,24(%r1) /* Parameter area with the only = argument's slot: space reserved despite register argument usage */ stw %r19,28(%r1) /* Parameter area is at least 8 words = and the space is reserved despite register argument usage */ stw %r19,32(%r1) /* Parameter area is at least 8 words = and the space is reserved despite register argument usage */ stw %r19,36(%r1) /* Parameter area is at least 8 words = and the space is reserved despite register argument usage */ stw %r19,40(%r1) /* Parameter area is at least 8 words = and the space is reserved despite register argument usage */ stw %r19,44(%r1) /* Parameter area is at least 8 words = and the space is reserved despite register argument usage */ stw %r19,48(%r1) /* Parameter area is at least 8 words = and the space is reserved despite register argument usage */ stw %r19,52(%r1) /* Parameter area is at least 8 words = and the space is reserved despite register argument usage */ /* NOTE: openfirmware (the to-be-called routine) is allowed to = use the above parameter area!=20 * This is true of the 32-bit Darwin PowerPC ABI despite = register argument passing! * Typical use is to temporarily free up a register. */ /* End of 32 byte parameter area */ stw %r19,56(%r1) /* padding to have 16 byte stack = alignment */ stw %r19,60(%r1) /* padding to have 16 byte stack = alignment */ /* End of 8-byte sized padding to cause 16-byte alignment */ /* GPR save area: 8-byte prefix padding to force = 16-byte-multiple for size(?) is shown in figures. */ stw %r19,64(%r1) /* padding to have 16 byte size for GPR = area */ stw %r19,68(%r1) /* padding to have 16 byte size for GRP = area */ stw %r19,72(%r1) /* %r30 always stored for GPR = save/restore (fake value here) */ stw %r19,76(%r1) /* %r31 always stored for GPR = save/restore (fake value here) */ /* End of 16-byte GRP save area */ /* Empty FPR save area but must be double word aligned */ /* +80 is again 16-byte aligned. The FreeBSD extras are not part = of the 32-bit Darwin ABI. */ Note: %r30 is used as the frame pointer register. %r31 as the PIC-offset = table register. Now compare that to the existing sort of code (but with the %r14, %r18, = and %r19 usage to match the above): .data .align 4 ofwstk: .space OFWSTKSZ ... mr %r18,%r1 lis %r1,(ofwstk+OFWSTKSZ-32)@ha addi %r1,%r1,(ofwstk+OFWSTKSZ-32)@l std %r18,8(%r1) /* Save FreeBSD stack pointer */ std %r2,16(%r1) /* Save FreeBSD TOC */ std %r14,24(%r1) /* Save FreeBSD MSR */ li %r19,0 stw %r19,4(%r1) stw %r19,0(%r1) So what I get from the comparison is that: std %r18,8(%r1) (FreeBSD stack pointer) is using space that openfirmware is allowed to put the LR in and also = some reserved space. std %r2,16(%r1) (FreeBSD TOC) is using reserved space and the TOC space from the Darwin ABI. std %r14,24(%r1) (FreeBSD MSR) is using the parameter space that openfirmware is allowed to put to = other uses. These risk openfirmware replacing part of the FreeBSD stack pointer and = the FreeBSD MSR. Also: stw %r19,4(%r1) stw %r19,0(%r1) only covers the backchain and space where openfirmware could put CR = values. It does not span where openfirmware could put LR values or the = parmeter area that openfirmware is allowed to use. As an example of the parameter area criteria and the size of the stack = frame from the book: the pages labeled 234-235 has f3() that calls g(); = (no arguments). For this it says... "f3 calls a function that takes no arguments. Nevertheless, this = introduces a parameter area on f3's stack. A parameter area is at least = 8 words (32 bytes) in size. f3's stack is 80 bytes." Of course openfirmware does take a 32-pointer as an argument but the 8 = words covers that and the stack frame size does not change compared to = the book's f3 example. And, of course, the three 64-bit values stored in ofwstk below all this = are in addition to the above. Quoting various statements about the "Parameter area" (for function f1 = calling f2): 0) "The Parameter area must be large enough to hold the largest = parameter list of all the functions that f1 calls." (Material about passing arguments in registers. Then...)=20 1) "However f1 must reserve space for all arguments of f2 in any case = --even if it is able to pass all arguments in registers. f2 is free to = use f1's parameter area for storing arguments if it wants to free up the = corresponding registers for other use. Thus, in a subroutine call, the = caller sets up a parameter area in its own stack portion, and the callee = can access the caller's parameter area for loading or storing = arguments." =3D=3D=3D Mark Millard markmi at dsl-only.net From owner-freebsd-ppc@FreeBSD.ORG Thu Oct 23 05:43:14 2014 Return-Path: Delivered-To: freebsd-ppc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6FC9AD4F for ; Thu, 23 Oct 2014 05:43:14 +0000 (UTC) Received: from mail-la0-x22a.google.com (mail-la0-x22a.google.com [IPv6:2a00:1450:4010:c03::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id EE978BEA for ; Thu, 23 Oct 2014 05:43:13 +0000 (UTC) Received: by mail-la0-f42.google.com with SMTP id gf13so283719lab.15 for ; Wed, 22 Oct 2014 22:43:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:content-transfer-encoding:subject:message-id:date :to:mime-version; bh=gGL/Sp3C971M9l/3q43cb6etGgFyoFcBhFjDuyS5hgQ=; b=wcmOzszTtxo7TuuY/ODOtHguGiinzVFFrmlO/X+DiV1fFrFtb0efMFDv1ztdlsZcEl g2msstVUnU1/yoXPMchv7OtLNr7PKg+jZDIosJymqwe1DCqKot7v+wRFe+gainHG5fsC RDr+VzSOw1OHu/lZgLijWxTUn79gygwqEpaAg0hLCyNnv5Obf4WhDdM8n+0x0+uAiORe je4sGxHxcncNMy+T9QJVaeQfb5KmasXTqncr/EpyOOc0X9bgxofEbYg5gW/V5t4prg5P dhBrmzabjvuelYh0FvTnWFg69o7mRGKfUO6I/YbFK2SRoq54g+v0X7jH4LkFWl7Ih3pY o65A== X-Received: by 10.112.56.171 with SMTP id b11mr2440224lbq.65.1414042991841; Wed, 22 Oct 2014 22:43:11 -0700 (PDT) Received: from s44-hades.fritz.box (p508CC1E2.dip0.t-ipconnect.de. [80.140.193.226]) by mx.google.com with ESMTPSA id f8sm318405lbv.39.2014.10.22.22.43.10 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 22 Oct 2014 22:43:10 -0700 (PDT) From: Matthias Schojohann Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Subject: Wifi on iBook G4 Message-Id: Date: Thu, 23 Oct 2014 07:43:09 +0200 To: freebsd-ppc@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 8.0 \(1990.1\)) X-Mailer: Apple Mail (2.1990.1) X-BeenThere: freebsd-ppc@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Porting FreeBSD to the PowerPC List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Oct 2014 05:43:14 -0000 Hi all, has anybody found a way to get Wifi connections working on their old = iBook G4 or Mac PPC in general? Cheers, Matt= From owner-freebsd-ppc@FreeBSD.ORG Thu Oct 23 06:00:54 2014 Return-Path: Delivered-To: freebsd-ppc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E3D95295 for ; Thu, 23 Oct 2014 06:00:54 +0000 (UTC) Received: from mail-pa0-x230.google.com (mail-pa0-x230.google.com [IPv6:2607:f8b0:400e:c03::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B73E2D68 for ; Thu, 23 Oct 2014 06:00:54 +0000 (UTC) Received: by mail-pa0-f48.google.com with SMTP id ey11so461667pad.7 for ; Wed, 22 Oct 2014 23:00:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:in-reply-to:references :mime-version:content-type; bh=7VVIi1tM1afvr1KJ0qiGpR5zfEcDJ+WbdrP95w9SNkg=; b=IEuhlEdCdigWhOXIIsPXpy7uXZqnpvvym335RX6cwjIqPSci1J7OIWAi4bMq4kbdhQ ZYSL7jj3nmUwBnBAyrl8mWt6HmDKVUj7IArzUUd4uo4Sq0yV8hBACPmcRhxKrMEyLkyo hCu60soEmCCjaraUjWTvebAGKRISboXhaIt5LNmuO9k5kabSqKAPJz2eUez8jTgGvxvd N750pbp3K7c5cDrH4n5WjddOEV77YprXGe3VzKj2WthN8cST1+zGPHSQ1bXwdgOWPHuL eg5oXdOtSEjy0dyaACSD/1t8Gqf5mGfWbvXWHAWJdk6ZpgGHmBAFFJuDsNcHb3Cz2y8m ddVw== X-Received: by 10.67.23.164 with SMTP id ib4mr3008638pad.50.1414044054147; Wed, 22 Oct 2014 23:00:54 -0700 (PDT) Received: from zhabar.attlocal.net (107-222-186-3.lightspeed.sntcca.sbcglobal.net. [107.222.186.3]) by mx.google.com with ESMTPSA id qj2sm642276pbc.78.2014.10.22.23.00.52 for (version=SSLv3 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 22 Oct 2014 23:00:53 -0700 (PDT) Date: Wed, 22 Oct 2014 23:00:45 -0700 From: Justin Hibbits To: Matthias Schojohann Subject: Re: Wifi on iBook G4 Message-ID: <20141022230045.0f4b3008@zhabar.attlocal.net> In-Reply-To: References: X-Mailer: Claws Mail 3.10.1 (GTK+ 2.24.22; powerpc64-portbld-freebsd11.0) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; boundary="Sig_/wBlMlTpsjwsNfyK5ziWpSWS"; protocol="application/pgp-signature" Cc: freebsd-ppc@freebsd.org X-BeenThere: freebsd-ppc@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Porting FreeBSD to the PowerPC List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Oct 2014 06:00:55 -0000 --Sig_/wBlMlTpsjwsNfyK5ziWpSWS Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Thu, 23 Oct 2014 07:43:09 +0200 Matthias Schojohann wrote: > Hi all, > has anybody found a way to get Wifi connections working on their old > iBook G4 or Mac PPC in general? >=20 > Cheers, Matt > _______________________________________________ > freebsd-ppc@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ppc > To unsubscribe, send any mail to "freebsd-ppc-unsubscribe@freebsd.org" Hi Matt, I've had good luck with an Atheros card in my TiBook, but absolutely no luck in my AlBook, both with the integrated Broadcom card and an Atheros PC card (I have to email wireless@ regarding it). If I remember, the iBook doesn't have a PC card slot, so it may not work reliably. - Justin --Sig_/wBlMlTpsjwsNfyK5ziWpSWS Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJUSJmPAAoJEDDHhY43vi25SOMIAIIX6WcUm4GpegHbJPLjiLr9 Ou/VoPUdSsMVxHHDt37IHZrPihTte3zcbOUR18xn3Nne1rmULKZTlMp5BRuY94iC Wreyp5m0lZVi7veYyEP0to5t+98oGfaymGrSZwza0434/2anrvCkYSOgSzlSf8ms rRGQGEA4XHEj419NDc0W8BbnaOhrk2N/Xfi2TCdCk4+eaoTOuL07wxwRsrncwfbt UadSTG7gs8zjKwIawsyb/AFV3wU0Jx5G0sh1B618qw5kjI3/yCY4R2p/fg2ef3Ub k5BqdaNrnyTptm+GBkAeLt7j8GVFF3lxEbmZUgDksbIZazWkPttJYVbqdWhe52A= =MH0l -----END PGP SIGNATURE----- --Sig_/wBlMlTpsjwsNfyK5ziWpSWS--