Qemu

Revision as of 13:20, 11 October 2022

QEMU overview

Please run at least QEMU version 7.1.0. Earlier versions had various bugs which are fixed in v7.1.0.

QEMU emulates a 32-bit HP B160L desktop machine with up to 16 PA7100LC CPUs.

PA-RISC machines need a firmware ("PDC" = Processor Dependend Code), and QEMU comes with a precompiled firmware (pc-bios/hppa-firmware.img), which is based on a fork of SeaBIOS.

QEMU for parisc has been developed by:

• Richard Henderson: QEMU CPU emulation (32-bit only), QEMU hardware divers
• Helge Deller: QEMU hardware drivers, SeaBIOS PDC firmware
• Sven Schnelle: Lots of fixes all over QEMU and SeaBIOS (SCSI, CPU emulation fixes, SeaBIOS PDC firmware)

QEMU on parisc might be further developed (by paid contract) via:

• Mark Cave-Ayland: offers paid contract work

QEMU supported guest operating systems

QEMU does support those operating systems as guests:

• Linux (Debian, Gentoo)
• HP-UX, versions 9.x up to 11.11
• NetBSD, >= 8.0
• NextSTEP
• OSF/MkLinux

QEMU command line options

Standard qemu options:

• -m 1G - tell machine to have 1G of memory
• -accel tcg,thread=multi - always use this to enable parallel tcg (otherwise all guest CPUs run on one host CPU)
• -smp cpus=4 - define number of CPUs in the guest (maximum CPUs: 32)
• -boot menu=on - Firmware: enable interactive mode (same as "BOOT PRI IPL")
• -boot order=c - Firmware: Boot from first hard disc
• -boot order=d - Firmware: Boot from first CD/DVD
• -boot order=g-m - Firmware: Boot from SCSI ID0 ("g"), SCSI ID1 ("h"), ... SCSI ID7 ("m")
• -serial mon:stdio - multiplex serial console to stdout
• -nographic - disable artist graphic card emulation, so no graphics output
• -display sdl - if you need graphics you should prefer SDL display output. Much faster than GTK (which is the default).
• -vnc :1 - start graphics output on VNC output, connect to hostname:1 with any VNC viewer

Qemu standard debugging options:

• -d item[,...] QEMU_LOG e.g in_asm,out_asm enable logging of specified items (use '-d help' for a list of items)
• -dfilter range[,...] QEMU_DFILTER filter logging based on address range

HPPA specific qemu options:

• -global artist.width=800
• -global artist.height=600 set Artist graphic card to 800x600 pixel
• -fw_cfg opt/pdc_debug,string=255 enable all firmware debug infos (1: show PDC calls, 2: show IODC calls)
• -fw_cfg opt/hostid,string=334455 set the hostid to 334455 (instead of the default value 2006243326). Visible in Linux in /proc/cpuinfo, and with "uname -i" in HP/UX
• -fw_cfg opt/console,string=[serial | graphics] set default firmware output method to serial or graphics console. When selecting serial, you need to add e.g. "-serial mon:stdio" too.
• -fw_cfg opt/font,string=[1-4] select default graphics font: HP 8x16 (#1), HP 6x13 (#2), HP 10x20 (#3) or Linux 16x32 (#4)

While running you can press

• ctrl-A + X to exit qemu.
• ctrl-A + C + ENTER when started with "-serial mon:stdio", the serial port and the QEMU debug port are multiplexed and you can switch between them with this key combination.
• ctrl-Alt + F switch to fullscreen when using SDL output
• execute "NMI" in qemu monitor (ctrl-A + C) to trigger HPPA TOC (transfer-of-control = Reset) button switch

Examples on how to start the emulator

• qemu-system-hppa -snapshot -m 512 -device lsi,id=scsi0 -device scsi-hd,drive=drive0,bus=scsi0.0,channel=0,scsi-id=5,lun=0,bootindex=2 -drive file=hdd5.img,if=none,id=drive0 -device scsi-hd,drive=drive1,bus=scsi0.0,channel=0,scsi-id=6,lun=0,bootindex=1 -drive file=hdd2img,if=none,id=drive1 -accel tcg,thread=multi -serial mon:stdio
• qemu-system-hppa -drive file=hdd.img -nographic -serial mon:stdio -accel tcg,thread=multi -smp cpus=2 -drive file=hdd2-.img -boot menu=on -boot order=h
• qemu-system-hppa -boot d -m 512 -drive file=disk.img,format=qcow2 -netdev tap,id=nic1,script=/etc/qemu-ifup -cdrom /opt/iso/HPUX_10.20.iso -device tulip,netdev=nic1,mac=01:00:11:00:00:02 -serial telnet:0.0.0.0:8001,server,nowait -monitor stdio -nographic
• qemu-system-hppa -drive file=../qemu-images/hdd.img -kernel vmlinux -append "root=/dev/sda5 cryptomgr.notests panic=-1" -serial mon:stdio -nographic -accel tcg,thread=multi -smp cpus=3 -netdev bridge,id=hn0,br=virbr0,helper=./qemu-bridge-helper -device tulip,netdev=hn0,id=nic1

QEMU special emulated assembler statements

The emulated guest may use specific asssembler statements to control the qemu emulator:

• .word 0xfffdead0 -- immediately halt the emulator, similiar to turning the machine off
• .word 0xfffdead1 -- reset machine
• .word 0xfffdead2 -- restore original (pre-interrupt) values back into shadow registers, used by SeaBIOS when executing NMI instruction in qemu
• or %r10,%r10,%r10 -- idle loop; wait for interrupt
• or %r31,%r31,%r31 -- death loop; offline cpu (currently implemented for idle loop).

How to build QEMU from source

Check out the qemu git tree

Run configure, e.g.

• (for system emulation) ./configure --target-list=hppa-softmmu --enable-numa
• (for user emulation) ./configure --target-list=hppa-linux-user --disable-stack-protector --prefix=/home/qemu-hppa/chroot-unstable --interp-prefix=/home/qemu-hppa/chroot-unstable --static

Run "make"

Linux

• Linux kernel >= 4.14 runs best, with initial optimizations added for kernels >= 4.9.
• Prefer the Tulip NIC, then e1000 over the rtl8129 card. The latter gives irq issues with Dino emulation.
• If you try to boot older Linux install CDs (Debian-5, Debian-8, Debian-9), you may need to start qemu with "-boot menu=on", and then change the kernel console option to "console=ttyS0" (serial port) instead of "console=tty0" (terminal). Then switch in GUI to the "serial0" device to see console. Alternatively start without graphical console, e.g. with "-nographic"-

Ready-to-run Debian Linux QEMU images for parisc

Download Debian hard disc image:

wget http://dellerweb.de/qemu/debian-11-hdd.img.bz2

or

wget http://dellerweb.de/qemu/debian-10-hdd.img.bz2

Unzip image:

bunzip2 debian-11-hdd.img.bz2

Run qemu:

qemu-system-hppa -drive file=debian-11-hdd.img -nographic -serial mon:stdio -accel tcg,thread=multi -smp cpus=4 

Log in as root, root password is "rootme"

How to run QEMU with Debian-10 installer image

• Create a virtual hard disc once:

qemu-img create -f qcow2 hdd.img 50G

• download a Linux install image, e.g.
  • for debian: http://backup.parisc-linux.org/debian-cd/debian-11.0.0-hppa-NETINST-1.iso
  • for gentoo: http://distfiles.gentoo.org/releases/hppa/autobuilds/
• Start emulator with the installer image once:

qemu-system-hppa -drive file=hdd.img -drive file=debian-11.0.0-hppa-NETINST-1.iso,media=cdrom -boot order=d -accel tcg,thread=multi -smp cpus=4 -serial mon:stdio -nographic

• Choose typical installation options, the defaults are OK.
• Shut down virtual machine after installation

• Start emulator with installed operating system any time:

qemu-system-hppa -drive file=hdd.img -nographic -serial mon:stdio -accel tcg,thread=multi -smp cpus=4

Gentoo Linux

• From https://www.gentoo.org/downloads/#hppa download the Minimal installation CD or the hppa32 netboot image (lif file)
• Start qemu with "-cdrom <isofile>", or the lif file with "-drive file=<lif-file>", e.g.

qemu-system-hppa -drive file=gentoo-2020-hppa-netboot.lif -accel tcg,thread=multi -smp cpus=2 -nographic

HP-UX

• NOTE: Please keep the default screen resolution of 1280x1024 pixels. HP-UX may crash if you increase the width, or in graphical environment (with dtwm) the mouse won't be able to reach any line >= 1146 pxels.
• You probably won't be able to boot an original HP-UX installed hard disc image coming from a physical machine other than a B160L. The reason is, that the HP-UX kernel from the other machine has drivers built-in and won't recognize the SCSI and network in the emulated virtual machine.
• LASI NIC emulation and NCR 710 emulation is needed in order to be able to boot older HP-UX releases.
• Astrobaby wrote about his test results.
• Hints:
  • The "INTERRUPT KEY" mentioned sometimes by HP-UX can be emulated with the "Ctrl-\" key combination
  • In case you lost the HP-UX root password, boot at ISL 'hpux -is' and then give a new password with running "passwd" (you need to use the "-boot menu=on" qemu option)
  • When booting HP-UX may show strange characters instead of brackets - just delete the file /etc/kbdlang, reboot and choose PS2_DIN_US language
• How to start X11, CDE or dtwm
  • CDE Login: init 4
  • CDE desktop: start "xinit", then "/usr/dt/bin/dtsession"
  • X11: startx
  • dtwm Window Manager: start "xinit", then run "/usr/dt/bin/dtwm".
• How to run full filesystem check: fsck -F vxfs -y -o full
• File downloads see https://archive.org/download/hpunix/

HP-UX 9 is the first HP-UX release which does support the PA-RISC CPU. HP-UX 9.05 fails when booting the install CD: (reported 2021/05/18)

    Stored message buffer up to panic:
        Floating point coprocessor configured and enabled.
        No BTLB entries found for processor 0
        Unsupported module type 0x7 found

        System Panic:
           B2352A HP-UX (A.09.05) #2: Tue Oct 18 15:46:14 PDT 1994
        panic: (display==0xbc00, flags==0x0) Unable to initialize msus structure
        PC-Offset Stack Trace (read across, most recent is 1st):
           0x000ec6f8  0x000d7e3c  0x00081e5c  0x000254c0
        End Of Stack

        dumping 0 bytes to dev 0xffffffff, offset 0 ...
        Dump failed, returning 5.

according to this document "msus" means "mass storage unit specifier" and "msvs" means "mass storage volume specifier" while the msvs is sometimes called an "msus". I assume HP-UX 9.05 doesn't know how to handle the emulated SCSI PCI card and thus can't access the disc. Remember, a B160L is different to a HP700, and a HP700 had a built-in LASI700 (NCR700) SCSI controller.

NetBSD

Relevant NetBSD/hppa links:

• Daily install images: https://nycdn.netbsd.org/pub/NetBSD-daily/netbsd-9/latest/images/
• Install images: https://cdn.netbsd.org/pub/NetBSD/install-images/
• Generic NetBSD/hppa info: http://wiki.netbsd.org/ports/hppa/
• How to install NetBSD with qemu: http://wiki.netbsd.org/ports/hppa/qemu_hppa/

Please note that at least NetBSD-8 required. NetBSD-7 doesn't work, since the NetBSD kernel trap handler code complains about the stack pointer in the trap frame. Reported error is:

insanity: 'tf->tf_sp >= minsp && tf->tf_sp < maxsp' at trap:556 type 0xf tf 0xe00040 lwp 0xe38140 sp 0xa0 pc 0x200240

(info by Nick Hudson <nick.hudson@gmx.co.uk>)

OSF/MkLinux

Download at ftp://ftp.cirr.com/pub/hppa/mklinux/ The file root_ext2_g.dd.bin.gz doesn't cleanly decompress.. so I did a gzip -dc into root_ext2_g.dd.bin.

MkLinux sources: https://github.com/slp/osfmk-mklinux

qemu-system-hppa -boot c -drive if=scsi,bus=0,index=3,file=root_ext2_g.dd.bin,format=raw \
       -serial mon:stdio -nographic -m 128 

It boots, but fails during device detection because Qemu currently emulates a B160, while MkLinux expects a HP700. So it fails to see the LASI chip below the GSC bridge.

NVM bootdata Bad Checksum (0)
OSF Mach boot
: /mach
text (0x95618) at 0x11000
data (0x48594) at 0xa8000
Mach 3.0 VERSION(PMK1.1): cb <pmk1_1>; Wed Nov 26 17:20:37 MET 1997; mach_kernel/PRODUCTION (cameleon)
HP9000/
unknown machine type 0x502
good luck :-)
, 0K Icache, 0K Dcache, 256 entry shared TLB)
Warning: unsupported module at ffc00000 (type:7 svers:0 hvers:50)
Stack Trace (depth=1):
     0x00084d68
End of Stack 

(info by Jason Stevens <neozeed@gmail.com>)

Future QEMU work

Possible enhancements:

• Add Dino/Lasi serial port
• Harmony sound card in Lasi
• Does HP-UX has some kind of "sleep" assembler instruction in it's idle loop which can be used to lower qemu power consumption?
• Fix virtio-drivers in SeaBIOS (endianess-bugs, because SeaBIOS is originally only Little-endian from x86)
• More correct emulation of B160L in Qemu
• Emulate a 712 and/or j5000/c3000 machine
• Emulate built-in LASI SCI controller instead of PCI SCSI add-on card
• Elroy PCI emulation, then emulate e.g. a C3000?
• PA2.0/64bit (low prio)

Screenshots

HP-UX CDE graphical Login

HP-UX CDE

HP-UX 10.20 with VUE