NetBSD Problem Report #57642

From www@netbsd.org  Tue Oct  3 13:22:07 2023
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 203F21A9238
	for <gnats-bugs@gnats.NetBSD.org>; Tue,  3 Oct 2023 13:22:07 +0000 (UTC)
Message-Id: <20231003132135.2B3E61A923A@mollari.NetBSD.org>
Date: Tue,  3 Oct 2023 13:21:35 +0000 (UTC)
From: marcin.juszkiewicz@linaro.org
Reply-To: marcin.juszkiewicz@linaro.org
To: gnats-bugs@NetBSD.org
Subject: NetBSD 9.3 does not boot on SBSA Reference Platform (sbsa-ref in QEMU)
X-Send-Pr-Version: www-1.0

>Number:         57642
>Category:       kern
>Synopsis:       NetBSD 9.3 does not boot on SBSA Reference Platform (sbsa-ref in QEMU)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Oct 03 13:25:00 +0000 2023
>Originator:     Marcin Juszkiewicz
>Release:        9.3
>Organization:
Linaro
>Environment:
does not boot so hard to tell
>Description:
I work on SBSA Reference Platform (sbsa-ref in QEMU) and decided to check how *BSD systems work on it.

NetBSD 10 boots, OpenBSD 7.3 boots, FreeBSD 14/15 boot fine.

NetBSD 9.3 hangs on parsing GTDT ACPI table:

>> NetBSD/evbarm efiboot (arm64), Revision 1.13 (Thu Aug  4 15:30:37 UTC 2022)
Press return to boot now, any other key for boot prompt
booting netbsd - starting in 0 seconds.
5482464+2521184+2680948+1527188 [437266+711504+498085]=0xf96120
[   1.0000000] Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
[   1.0000000]     2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017,
[   1.0000000]     2018, 2019, 2020, 2021, 2022
[   1.0000000]     The NetBSD Foundation, Inc.  All rights reserved.
[   1.0000000] Copyright (c) 1982, 1986, 1989, 1991, 1993
[   1.0000000]     The Regents of the University of California.  All rights reserved.

[   1.0000000] NetBSD 9.3 (GENERIC64) #0: Thu Aug  4 15:30:37 UTC 2022
[   1.0000000]  mkrepro@mkrepro.NetBSD.org:/usr/src/sys/arch/evbarm/compile/GENERIC64
[   1.0000000] total memory = 4075 MB
[   1.0000000] avail memory = 3929 MB
[   1.0000000] running cgd selftest aes-xts-256 aes-xts-512 done
[   1.0000000] armfdt0 (root)
[   1.0000000] simplebus0 at armfdt0: QEMU QEMU SBSA-REF Machine
[   1.0000000] simplebus1 at simplebus0
[   1.0000000] acpifdt0 at simplebus0
[   1.0000000] acpifdt0: using EFI runtime services for RTC
[   1.0000000] ACPI: RSDP 0x00000100FC020018 000024 (v02 LINARO)
[   1.0000000] ACPI: XSDT 0x00000100FC02FE98 00006C (v01 LINARO SBSAQEMU 20200810 LNRO 00000001)
[   1.0000000] ACPI: FACP 0x00000100FC02FB98 000114 (v06 LINARO SBSAQEMU 20200810 LNRO 00000001)
[   1.0000000] ACPI: DSDT 0x00000100FC02E998 000CD8 (v02 LINARO SBSAQEMU 20200810 INTL 20220331)
[   1.0000000] ACPI: DBG2 0x00000100FC02FA98 00005C (v00 LINARO SBSAQEMU 20200810 LNRO 00000001)
[   1.0000000] ACPI: MCFG 0x00000100FC02FE18 00003C (v01 LINARO SBSAQEMU 20200810 LNRO 00000001)
[   1.0000000] ACPI: SPCR 0x00000100FC02FF98 000050 (v02 LINARO SBSAQEMU 20200810 LNRO 00000001)
[   1.0000000] ACPI: IORT 0x00000100FC027518 0000DC (v00 LINARO SBSAQEMU 20200810 LNRO 00000001)
[   1.0000000] ACPI: APIC 0x00000100FC02E498 000108 (v04 LINARO SBSAQEMU 20200810 LNRO 00000001)
[   1.0000000] ACPI: SSDT 0x00000100FC02E898 000067 (v02 LINARO SBSAQEMU 20200810 LNRO 00000001)
[   1.0000000] ACPI: PPTT 0x00000100FC02FD18 0000B8 (v02 LINARO SBSAQEMU 20200810 LNRO 00000001)
[   1.0000000] ACPI: GTDT 0x00000100FC02E618 000084 (v03 LINARO SBSAQEMU 20200810 LNRO 00000001)
[   1.0000000] ACPI: 2 ACPI AML tables successfully acquired and loaded
[   1.0000000] acpi0 at acpifdt0: Intel ACPICA 20190405
[   1.0000000] cpu0 at acpi0: unknown CPU (ID = 0x411fd402)
[   1.0000000] cpu0: package 0, core 0, smt 0
[   1.0000000] cpu0: IC enabled, DC enabled, EL0/EL1 stack Alignment check enabled
[   1.0000000] cpu0: Cache Writeback Granule 16B, Exclusives Reservation Granule 16B
[   1.0000000] cpu0: Dcache line 64, Icache line 64
[   1.0000000] cpu0: L1 0KB/64B 4-way PIPT Instruction cache
[   1.0000000] cpu0: L1 0KB/64B 4-way PIPT Data cache
[   1.0000000] cpu0: L2 0KB/64B 8-way PIPT Unified cache
[   1.0000000] cpu0: revID=0x0, 4k table, 16k table, 64k table, 16bit ASID
[   1.0000000] cpu0: auxID=0x1011111110212120, GICv3, CRC32, SHA1, AES+PMULL, rounding, NaN propagation, denormals, 32x64bitRegs, Fused Multiply-Add
[   1.0000000] cpu1 at acpi0: unknown CPU (ID = 0x411fd402)
[   1.0000000] cpu1: package 0, core 1, smt 0
[   1.0000000] gicvthree0 at acpi0: GICv3
[   1.0000000] gicvthree0: ITS #0 at 0x44081000
[   1.0000000] gicvthree0: ITS [#0] Devices table @ 0x10009210000/0x80000, Cacheable WA WB, Inner shareable
[   1.0000000] gicvthree0: ITS [#1] Collections table @ 0x10009290000/0x10000, Cacheable WA WB, Inner shareable


mlelstv@ took a look with kernel debugging:

#0  0xffffffc000413da8 in config_search_loc ()
#1  0xffffffc0004146b8 in config_found_sm_loc ()
#2  0xffffffc000009e94 in acpi_md_gtdt_probe ()
#3  0xffffffc00005925c in acpi_gtdt_walk ()

And later found possible reason of it:

11:45 <@mlelstv>         while (where < gtdtend) {
11:45 <@mlelstv>                 where += hdrp->Length;
11:45 <@mlelstv>         }
11:46 <@mlelstv> and hdrp->Length == 0
11:46 <@mlelstv> acpi_gtdt_walk loops infinitely
11:46 < dave0> mlelstv: whoops
11:46 <@mlelstv> fixed in -current
11:47 <@mlelstv>                 if (hdrp->Length == 0 || ACPI_FAILURE(func(hdrp, aux)))
11:47 <@mlelstv>                         break;
11:47 <@mlelstv> netbsd-9 misses the Length == 0 check
11:47 < hrw> mlelstv: 10-daily works
11:47 <@mlelstv> 1.284        (jmcneill 09-Apr-20):              if (hdrp->Length == 0 || ACPI_FAILURE(func(hdrp, aux)))
11:48 <@Riastradh> Looks like an easy pullup?
11:48 <@mlelstv> yes, trivial
11:48 <@mlelstv> revision 1.284
11:48 <@mlelstv> date: 2020-04-09 12:46:19 +0200;  author: jmcneill;  state: Exp;  lines: +4 -4;  commitid: Q4NF0Lb86RZ5oH3C;
11:48 <@mlelstv> Stop walking MADT / GTDT subtables if we hit a header with length 0
>How-To-Repeat:
Platform is QEMU HEAD version 8.1.50 (v8.1.0-1146-g50d0bfd0ed)


QEMU command line arguments:

-drive file=disks/NetBSD-9.3-evbarm-arm64.img,format=raw
-machine sbsa-ref
-m 4096
-smp 2
-cpu cortex-a57
-device usb-kbd
-device usb-tablet
-watchdog-action none
-no-reboot
-monitor telnet::45454,server,nowait
-serial stdio
-nographic
-drive if=pflash,file=firmware/SBSA_FLASH0.fd,format=raw
-drive if=pflash,file=firmware/SBSA_FLASH1.fd,format=raw


Firmware files are available: https://fedora.juszkiewicz.com.pl/sbsa-ref/
>Fix:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2023 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.