Qemu

From Linux PARISC Wiki
Jump to: navigation, search

Contents

QEMU for PA-RISC overview

Important: Please run at least QEMU version 8.0.0.
QEMU versions prior to v7.1.0 had various strange bugs. 64-bit CPU emulation requires at least QEMU version 8.2.

QEMU can emulate two different machines:

Use the QEMU -machine B160L (for a 32-bit machine) or -machine C3700 (for a 64-bit machine) option to boot. Various operating systems are supported, e.g. Linux, HP-UX and BSD variants. For details please check the sections below. PA-RISC machines need a firmware ("PDC" = Processor Dependend Code), and QEMU comes with a precompiled firmware which is based on a fork of SeaBIOS.

QEMU for PA-RISC has been developed by:

  • Richard Henderson: QEMU CPU emulation, QEMU hardware drivers
  • Helge Deller: QEMU hardware drivers, SeaBIOS PDC firmware, CPU emulation bug fixes, QEMU linux-user
  • Sven Schnelle: Lots of fixes in QEMU and SeaBIOS (SCSI, CPU emulation fixes, SeaBIOS PDC firmware)

QEMU for PA-RISC can be further developed via paid contract from:

QEMU supported guest operating systems

QEMU does support those operating systems as guests:

QEMU command line options

Standard qemu options:
Qemu command line option
-machine C3700 start a 64-bit C3700 workstation (qemu >= v8.2)
-machine B160L start a 32-bit B160L workstation (default)
-smp cpus=4 define number of CPUs in the guest (maximum CPUs: 32)
-m 1G tell machine to have 1G of RAM memory
-accel tcg,thread=multi always use this to enable parallel tcg (otherwise all guest CPUs run on one host CPU)
-boot menu=on Firmware: enable interactive mode (same as "BOOT PRI IPL")
-boot order=c Firmware: Boot from first hard disc
-boot order=d Firmware: Boot from first CD/DVD
-boot order=g-m Firmware: Boot from SCSI ID0 ("g"), SCSI ID1 ("h"), ... SCSI ID7 ("m")
-serial mon:stdio multiplex serial console to stdout (you want to enable this option!)
-nographic disable artist graphic card emulation, so no graphics output
-display sdl if you need graphics you should prefer SDL display output if your run Qemu < v2.0. In previous qemu versions, GTK had a bug which slows down output.
-vnc :1 start graphics output on VNC output, connect to hostname:1 with any VNC viewer
--nodefaults create an empty machine without default SCSI or network controller (qemu >= v8.2). Add "-serial mon:stdio" to get a serial console, otherwise no output will be visible.
HPPA specific qemu options:
Qemu command line option
-global artist.width=800
-global artist.height=600
set Artist graphic card to 800x600 pixel
-fw_cfg opt/pdc_debug,string=255 enable all firmware debug infos (1: show PDC calls, 2: show IODC calls)
-fw_cfg opt/hostid,string=334455 set the hostid to 334455 (instead of the default value 2006243326). Visible in Linux in /proc/cpuinfo, and with "uname -i" in HP/UX
-fw_cfg opt/console,string=[serial or graphics] set default firmware output method to serial or graphics console. When selecting serial, you need to add e.g. "-serial mon:stdio" too.
-fw_cfg opt/font,string=[1-4] select default graphics font: HP 8x16 (#1), HP 6x13 (#2), HP 10x20 (#3) or Linux 16x32 (#4)
-fw_cfg opt/power-button-enable,string=0 disable power button support (from SeaBIOS v14, Qemu v8.2)
-fw_cfg opt/OS64,string=3 Bitmask to define the PDC_MODEL_CAPABILITIES on a 64-bit machine: 1=Allow 64-bit OS, 2=Allow 32-bit OS, 3=Allow 32- and 64-bit OS (default), available with SeaBIOS >= v16
While running you can press
Keyboard shortcut
ctrl-A + X to exit qemu.
ctrl-A + C + ENTER Start Qemu monitor. When started with "-serial mon:stdio", the serial port and the QEMU debug port are multiplexed and you can switch between them with this key combination.
ctrl-Alt + F switch to fullscreen when using SDL output
type "NMI" in qemu monitor (ctrl-A + C) to trigger HPPA TOC (transfer-of-control = Reset) button switch

Examples on how to start the emulator

  • qemu-system-hppa -snapshot -m 512 -device lsi,id=scsi0 -device scsi-hd,drive=drive0,bus=scsi0.0,channel=0,scsi-id=5,lun=0,bootindex=2 -drive file=hdd5.img,if=none,id=drive0 -device scsi-hd,drive=drive1,bus=scsi0.0,channel=0,scsi-id=6,lun=0,bootindex=1 -drive file=hdd2img,if=none,id=drive1 -accel tcg,thread=multi -serial mon:stdio
  • qemu-system-hppa -drive file=hdd.img -nographic -serial mon:stdio -accel tcg,thread=multi -smp cpus=2 -drive file=hdd2-.img -boot menu=on -boot order=h
  • qemu-system-hppa -boot d -m 512 -drive file=disk.img,format=qcow2 -netdev tap,id=nic1,script=/etc/qemu-ifup -cdrom /opt/iso/HPUX_10.20.iso -device tulip,netdev=nic1,mac=01:00:11:00:00:02 -serial telnet:0.0.0.0:8001,server,nowait -monitor stdio -nographic
  • qemu-system-hppa -drive file=../qemu-images/hdd.img -kernel vmlinux -append "root=/dev/sda5 cryptomgr.notests panic=-1" -serial mon:stdio -nographic -accel tcg,thread=multi -smp cpus=3 -netdev bridge,id=hn0,br=virbr0,helper=./qemu-bridge-helper -device tulip,netdev=hn0,id=nic1

QEMU special emulated assembler statements

The emulated guest may use specific asssembler statements to control the qemu emulator:

Standard qemu options:
Assembler mnemonic
.word 0xfffdead0 immediately halt the emulator, similiar to turning the machine off
.word 0xfffdead1 reset machine
.word 0xfffdead2 restore original (pre-interrupt) values back into shadow registers, used by SeaBIOS when executing NMI instruction in qemu
or %r10,%r10,%r10 idle loop; wait for interrupt
or %r31,%r31,%r31 death loop; offline cpu (currently implemented for idle loop).
Qemu standard debugging options:
Qemu command line option Environment variable
-d item[,...] QEMU_LOG e.g in_asm,out_asm enable logging of specified items (use '-d help' for a list of items)
-dfilter 0..0xfffff QEMU_DFILTER filter logging based on given address range

How to build QEMU from source

Check out the qemu git tree

IMPORTANT: If you plan to run the qemu-user static binary on Debian-11 or below, you NEED to apply this patch: https://github.com/hdeller/qemu-hppa/commit/540e8fb618e66b4c172cc528c12580bb09e301b6 (linux-user: handle binfmt-misc P flag as a separate exe name)

Run configure, e.g.

  • (for system emulation) ./configure --target-list=hppa-softmmu --enable-numa
  • (for user emulation) ./configure --target-list=hppa-linux-user --disable-stack-protector --prefix=/home/qemu-hppa/chroot-unstable --interp-prefix=/home/qemu-hppa/chroot-unstable --static

Run "make"

Linux

  • Linux kernel >= 4.14 runs best, with initial optimizations added for kernels >= 4.9.
  • Prefer the Tulip NIC, then e1000 over the rtl8129 card. The latter gives irq issues with Dino emulation.
  • If you try to boot older Linux install CDs (Debian-5, Debian-8, Debian-9), you may need to start qemu with "-boot menu=on", and then change the kernel console option to "console=ttyS0" (serial port) instead of "console=tty0" (terminal). Then switch in GUI to the "serial0" device to see console. Alternatively start without graphical console, e.g. with "-nographic"-

Ready-to-run Debian Linux QEMU images for parisc

Download Debian hard disc image:

wget http://dellerweb.de/qemu/debian-12-hdd-2023.img.bz2

or

wget http://dellerweb.de/qemu/debian-10-hdd.img.bz2

Unzip image:

bunzip2 debian-12-hdd-2023.img.bz2

Run qemu:

qemu-system-hppa -drive file=debian-12-hdd-2023.img -nographic -serial mon:stdio -accel tcg,thread=multi -smp cpus=4 

Log in as root, root password is "rootme"

If a key is missing while running apt-update, do:

apt-key adv --keyserver keyserver.ubuntu.com --recv-keys <key>

How to run QEMU with Debian-10 installer image

  • Create a virtual hard disc once:
qemu-img create -f qcow2 hdd.img 50G
qemu-system-hppa -drive file=hdd.img -drive file=debian-11.0.0-hppa-NETINST-1.iso,media=cdrom -boot order=d -accel tcg,thread=multi -smp cpus=4 -serial mon:stdio -nographic
  • Choose typical installation options, the defaults are OK.
  • Shut down virtual machine after installation
  • Start emulator with installed operating system any time:
qemu-system-hppa -drive file=hdd.img -nographic -serial mon:stdio -accel tcg,thread=multi -smp cpus=4

How to create chroot for linux-user

Exampled for debian:

a=armhf &&  debootstrap --arch=$a --include=busybox,gcc,gnupg --keyring=/usr/share/keyrings/debian-archive-keyring.gpg --foreign sid $a-chroot http://deb.debian.org/
debootstrap --arch=ppc64el --include=busybox --foreign sid ppc64el-chroot
debootstrap --arch=alpha --include=busybox --keyring=/usr/share/keyrings/debian-ports-archive-keyring.gpg --foreign sid alpha-chroot http://ftp.ports.debian.org/debian-ports/
a=powerpc &&  debootstrap --arch=$a --include=busybox --keyring=/usr/share/keyrings/debian-ports-archive-keyring.gpg --foreign sid $a-chroot http://ftp.ports.debian.org/debian-ports/

cp /etc/passwd, group, shells target/etc
echo armhf-chroot > etc/debian_chroot

Gentoo Linux

  • From https://www.gentoo.org/downloads/#hppa download the Minimal installation CD or the hppa32 netboot image (lif file)
  • Start qemu with "-cdrom <isofile>", or the lif file with "-drive file=<lif-file>", e.g.
qemu-system-hppa -drive file=gentoo-2020-hppa-netboot.lif -accel tcg,thread=multi -smp cpus=2 -nographic

HP-UX

  • You will need a set of HP-UX PA-RISC installation CD-ROMS or DVDs
    • starting from HP-UX 10.x up to 11.11 (11i v1)
    • only PA-RISC installation medias are supported. CDs for Itanium-2 based HP machines are NOT supported.
    • you may copy those CDs to ISO files for usage with qemu.
    • please support us by buying from our sponsors.
  • NOTE: Please keep the default screen resolution of 1280x1024 pixels. HP-UX may crash if you increase the width, or in graphical environment (with dtwm) the mouse won't be able to reach any line >= 1146 pxels.
  • You probably won't be able to boot an original HP-UX installed hard disc image coming from a physical machine other than a B160L. The reason is, that the HP-UX kernel from the other machine has drivers built-in and won't recognize the SCSI and network in the emulated virtual machine.
  • LASI NIC emulation and NCR 710 emulation is needed in order to be able to boot older HP-UX releases.
  • Astrobaby wrote about his test results.
  • Hints:
    • The "INTERRUPT KEY" mentioned sometimes by HP-UX can be emulated with the "Ctrl-\" key combination
    • In case you lost the HP-UX root password, boot at ISL 'hpux -is' and then give a new password with running "passwd" (you need to use the "-boot menu=on" qemu option)
    • When booting HP-UX may show strange characters instead of brackets - just delete the file /etc/kbdlang, reboot and choose PS2_DIN_US language
  • How to start X11, CDE or dtwm
    • CDE Login: init 4
    • CDE desktop: start "xinit", then "/usr/dt/bin/dtsession"
    • X11: startx
    • dtwm Window Manager: start "xinit", then run "/usr/dt/bin/dtwm".
  • How to run full filesystem check: fsck -F vxfs -y -o full
  • File downloads see https://archive.org/download/hpunix/

HP-UX 9 is the first HP-UX release which does support the PA-RISC CPU. HP-UX 9.05 fails when booting the install CD: (reported 2021/05/18)

    Stored message buffer up to panic:
        Floating point coprocessor configured and enabled.
        No BTLB entries found for processor 0
        Unsupported module type 0x7 found

        System Panic:
           B2352A HP-UX (A.09.05) #2: Tue Oct 18 15:46:14 PDT 1994
        panic: (display==0xbc00, flags==0x0) Unable to initialize msus structure
        PC-Offset Stack Trace (read across, most recent is 1st):
           0x000ec6f8  0x000d7e3c  0x00081e5c  0x000254c0
        End Of Stack

        dumping 0 bytes to dev 0xffffffff, offset 0 ...
        Dump failed, returning 5.

according to this document "msus" means "mass storage unit specifier" and "msvs" means "mass storage volume specifier" while the msvs is sometimes called an "msus". I assume HP-UX 9.05 doesn't know how to handle the emulated SCSI PCI card and thus can't access the disc. Remember, a B160L is different to a HP700, and a HP700 had a built-in LASI700 (NCR700) SCSI controller.

NetBSD

Relevant NetBSD/hppa links:

Please note that at least NetBSD-8 required. NetBSD-7 doesn't work, since the NetBSD kernel trap handler code complains about the stack pointer in the trap frame. Reported error is:

insanity: 'tf->tf_sp >= minsp && tf->tf_sp < maxsp' at trap:556 type 0xf tf 0xe00040 lwp 0xe38140 sp 0xa0 pc 0x200240

(info by Nick Hudson <nick.hudson@gmx.co.uk>)

OSF/MkLinux

Download at ftp://ftp.cirr.com/pub/hppa/mklinux/ The file root_ext2_g.dd.bin.gz doesn't cleanly decompress.. so I did a gzip -dc into root_ext2_g.dd.bin.

MkLinux sources: https://github.com/slp/osfmk-mklinux

qemu-system-hppa -boot c -drive if=scsi,bus=0,index=3,file=root_ext2_g.dd.bin,format=raw \
       -serial mon:stdio -nographic -m 128 

It boots, but fails during device detection because Qemu currently emulates a B160, while MkLinux expects a HP700. So it fails to see the LASI chip below the GSC bridge.

NVM bootdata Bad Checksum (0)
OSF Mach boot
: /mach
text (0x95618) at 0x11000
data (0x48594) at 0xa8000
Mach 3.0 VERSION(PMK1.1): cb <pmk1_1>; Wed Nov 26 17:20:37 MET 1997; mach_kernel/PRODUCTION (cameleon)
HP9000/
unknown machine type 0x502
good luck :-)
, 0K Icache, 0K Dcache, 256 entry shared TLB)
Warning: unsupported module at ffc00000 (type:7 svers:0 hvers:50)
Stack Trace (depth=1):
     0x00084d68
End of Stack 

(info by Jason Stevens <neozeed@gmail.com>)

Future QEMU work

Possible enhancements:

  • Add Dino/Lasi serial port
  • Harmony sound card in Lasi
  • Does HP-UX has some kind of "sleep" assembler instruction in it's idle loop which can be used to lower qemu power consumption?
  • Fix virtio-drivers in SeaBIOS (missing endianess conversions, because SeaBIOS is originally only Little-endian for x86)
  • Emulate a 712 and/or j5000 machine
  • Emulate built-in LASI SCSI controller instead of PCI SCSI add-on card

Screenshots

HP-UX CDE graphical Login

Hpux-10-cde-login.png

HP-UX CDE

Hpux-10-cde1.png

HP-UX 10.20 with VUE

Hpux-10-vue.png

Personal tools