Click here to go to the forum index Click here for the home page
 
Author Message

<  TAP and patch development  ~  linux

Page 1 of 23
Goto page 1, 2, 3 ... 21, 22, 23  Next
bdb
Posted: Mon Aug 21, 2006 8:34 pm Reply with quote
Frequent contributor Joined: 18 Oct 2005 Posts: 499
continuing from: http://forum.toppy.org.uk/forum/viewtopic.php?t=5725&postdays=0&postorder=asc&start=24

I've made a start:
- built the toolchain
- recompiled the m740 kernel
- written a loader tap

here's how far it gets:
Code:

LOAD : NEC uPD6113x Embedded Controller...
ToFi
<<< Loader C00456>>>
žToFi"�w�ˆWCOMMAND>
--- Invalid command ---

linux_loader v0.01: Opening linux_loader v0.01
linux_loader v0.01: Opening linux_loader v0.01
Opening linux_loader v0.01
_tap_startAddr=82b30000
linux bootloader()
killing timeshift
loading      : vmlinux
load file    : 00001000+14acfc bytes to mem: 80200000+14acfc
load file    : 0014bcfc+  1488 bytes to mem: 8034acfc+  1488
load file    : 0014d184+  4578 bytes to mem: 8034c184+  4578
load file    : 00151700+  18f8 bytes to mem: 80350700+  18f8
load file    : 00152ff8+  20c0 bytes to mem: 80351ff8+  20c0
load file    : 00156000+  2000 bytes to mem: 80356000+  2000
load file    : 00158000+  da80 bytes to mem: 80358000+  da80
load file    : 00165a80+  3cf4 bytes to mem: 80365a80+  3cf4
load file    : 0016a000+   3c0 bytes to mem: 8036a000+   3c0
load file    : 0016b000+ 19000 bytes to mem: 8036b000+ 19000
load file    : 00184418+ 11fcd bytes to mem: 803b6418+ 11fcd
load file    : 001963e8+    e4 bytes to mem: 803c83e8+    e4
load address : 80200000
length       :   1c84cc
entry address: 80358398

killing mheg
killing epg
killing channels
entering turbo mode
killing watchdog
killing interrupts
booting linux ...
main(), argc=4, argv=804ec954, envp=0, prom_vec=0
argv[0] = vmlinux
argv[1] = console=ttyS1,1152008N1
argv[2] = mem=64
argv[3] = root=/dev/hda3
cpu_probe
cpu_probe done
Command line argument limits memory to 64MB.
Detected 64MB of memory.  Will use 64MB of it.
init_bootmem 951 16384
mapsize = 2048
after prom_init
after cpu_report
Primary instruction cache 16kb, linesize 16 bytes.
Primary data cache 8kb, linesize 16 bytes.
after loadmmu
after start kernel
Linux version 2.4.21-xfs (bdb@x) (gcc version 3.4.4) #723 Mon Aug 21 20:16:59 GMTST 2006
platdep_setup
vr41xx setup done
emma2_mpeg_mem = 81000000
On node 0 totalpages: 16384
zone(0): 16384 pages.
zone(1): 0 pages.
zone(2): 0 pages.
Kernel command line: console=ttyS1,1152008N1 root=/dev/hda3
1 parse_options()
2 trap_init()
3 init_IRQ()
4 sched_init()
5 softirq_init()
6 time_init()
cpu_speed = 166500000 Hz
7 console_init()
Console: colour dummy device 80x25
serial_console_init
arch.mips.emma2.serial.c.serial_console_setup()
options=1152008N1
baud=1152008
bits=1
parity=78
8 init_modules()
9 kmem_cache_init()
10 sti()
11 calibrate_delay()
Calibrating delay loop... 165.88 BogoMIPS
12 mem_init()
2
13 kmem_cache_sizes_init()
13 pgtable_cache_init()
14 fork_init(4000)
15 proc_caches_init()
16 vfs_caches_init(4000)
Dentry cache hash table entries: 8192 (order: 4, 65536 bytes)
Inode cache hash table entries: 4096 (order: 3, 32768 bytes)
Mount cache hash table entries: 512 (order: 0, 4096 bytes)
bdev_cache_init()
cdev_cache_init()
iobuf_cache_init()
17 buffer_init(4000)
Buffer-cache hash table entries: 4096 (order: 2, 16384 bytes)
18 page_cache_init(4000)
19 signals_init()
20 proc_root_init()
21 check_bugs()
POSIX conformance testing by UNIFIX
22 smp_init()
23 rest_init()
kernel_thread()
2



obviously (this being linux) I had to jump through a few hoops to get this far ...
the loader tap means that you don't need to touch the flash
at the moment it hangs when trying to start the first thread, but seems to have got through the irq, mmu and cache initialisation, although the nature of the hang suggests that some memory has been trashed - maybe a cache or stack issue. The timer irqs seems to firing ok.

Anyone interesting in trying to help get it booted all the way?

bdb
View user's profile Send private message
shenson
Posted: Tue Aug 22, 2006 1:20 am Reply with quote
Frequent contributor Joined: 11 Apr 2005 Posts: 568
I'm very interested but I'm away from my Toppy for another week or so.

I've just done some similar messing around with an HTC hurricane mobile phone getting that to boot a kernel. Though in that case there wasn't a serial port to get debugging messages on. It was all done by seeing which colour some LEDs flashed: great fun Smile

Probably best to put the rootfs on a ramdisk first. 64Mb is more than enough to put some interesting stuff in there. Full toppy filesystem support can come later Very Happy

If it detects the USB hardware it is possible to enable "gadget" support in the kernel. That makes the USB port look like a USB ethernet card under Linux and Windows (with a small driver). If you do that its possible to mount the root FS over NFS (I do that on the mobile phone for testing) which is very useful.


The USB port BTW. Is it a slave only USB port for that chipset or is that a limitation of the toppy firmware?

The mobile phone I mentioned looks like its a USB OTG (master+slave) port but the standard firmware (Windows mobile) only supports slave mode. Be interesting if the Toppy port could be hacked into host mode...

_________________
TF5800, F/W: MS6 Recommended F/W 12/9/2009 -FmXl+EvEzMPeUUuWf
TAPs: PcControl B1.4; EIT Sub (Game) v0.6; EPG2MEI v0.96; MyInfo B5.6; MyStuff 6.6; SecCache (UK) v0.4; TAP Commander 1.34; UK Subtitle 1.9; PruneEPG 1.0;
View user's profile Send private message Visit poster's website
bdb
Posted: Tue Aug 22, 2006 1:43 am Reply with quote
Frequent contributor Joined: 18 Oct 2005 Posts: 499
LED! You were lucky to have an LED! We used to have punch cards...

The USB is slave only - a PLX(NetChip) NET2270 device sitting on the PCI bus. Google gives plenty of hits for the 2280 -could be useful.

The ramdisk sounds like a good idea to start with, although I don't suppose getting the IDE i/f to work should be a problem; it seems to be standard.

bdb
View user's profile Send private message
shenson
Posted: Tue Aug 22, 2006 2:07 am Reply with quote
Frequent contributor Joined: 11 Apr 2005 Posts: 568
Yeah I noticed from browing the HDDInfo sources that it looked like a standard IDE interface.

Though that's only the beginning...

Linux wont recognize the filesystem (well unless someone has already written a Linux FS driver for Toppy FS) and maybe not the paritioning scheme either.

Various tricks could be done though to get round that though such as creating a continuous file on the HDD of a GB or so and getting Linux to treat that as a device. I can vaguely recall (somewhere...) a way to set absolute sector references as a "partition".

Though mucking around with the hard disk may be a high risk activity initially.

_________________
TF5800, F/W: MS6 Recommended F/W 12/9/2009 -FmXl+EvEzMPeUUuWf
TAPs: PcControl B1.4; EIT Sub (Game) v0.6; EPG2MEI v0.96; MyInfo B5.6; MyStuff 6.6; SecCache (UK) v0.4; TAP Commander 1.34; UK Subtitle 1.9; PruneEPG 1.0;
View user's profile Send private message Visit poster's website
rwg
Posted: Tue Aug 22, 2006 3:32 pm Reply with quote
TAP author Joined: 29 Oct 2005 Posts: 604 Location: Oxfordshire
bdb,

congrats on getting this far.

certainly interested in this, although I have no convenient way of getting a serial port near the toppy, so at this stage it's grey cell based debugging only...


A few q's on how you got this far...

How did you compile your toolchain? What version of gcc and what ./configure parameters. I'm stuck trying to build the 3.2.3 that came in the m740 pack on cygwin, although I have a linux box or two I could use insted.

Did you build the kernel exactly as it unpacked from the m740 pack?

Have you uploaded your loader code somewhere for general edification of the hacking public?


I presume that the only options to work out what's breaking is a adding a lot of printk() info to really narrow down where it goes pop.

I had some more wild thoughts about how to make more hardware available (maybe - feel free to shoot them down as impossible)

* the m740 seems to use Lirc for getting remote control commands - this might mean that the remote control in the toppy is handled by Lirc too

* would it be possible to load the firmware into linux memory and use it as a 'library' of routines that can control the hardware?

Robin

_________________
Toppy: TF5800PVR; Firmware: 5.13.65 + patches + aXel; Remote: Pronto RU940; Autostart TAPs: MyStuff 6.5 and friends
View user's profile Send private message Visit poster's website
bdb
Posted: Tue Aug 22, 2006 6:22 pm Reply with quote
Frequent contributor Joined: 18 Oct 2005 Posts: 499
debugging without a serial port must be painful!
-have you tried a usb-serial adapter; cost 5, allows you to put a usb hub near the toppy, and just trail a single usb cable back to the pc.

I compiled gcc 3.4.4 and binutils 2.15 under cygwin
binutils:
. make distclean
. PATH=/tools/bin:$PATH
. export PATH
. configure --target=mips --prefix=/tools -v
. make -w all install
gcc:
. make distclean
. configure --target=mips --prefix=/tools --with-gnu-as --with-gnu-ld --disable-threads --enable-languages=c -v
. make -w all install
kernel:
I used it exactly as it came, picked the default options
. make distclean
. make config
. make dep
. make all

I had to make a few tweaks (as seems inevitable when doing anything with linux) to get it to compile cleanly. I'll have to try it again and note them all down.
I'll upload the loader tap shortly.

- the remote in the toppy doesn't use Lirc; but that should be easy enough to interpret. The panel processor (which controls the on/off, display, remote etc) is connected to an emma2 uart, so it's just a case of sniffing this to decode enough of the protocol.
- the toppy firmware runs a crude multitasking os; so it's pretty difficult to understand just what does what ... but with enough effort _everything_ can be reversed. It's a real shame NEC are so paranoid.

bdb
View user's profile Send private message
rwg
Posted: Tue Aug 22, 2006 9:34 pm Reply with quote
TAP author Joined: 29 Oct 2005 Posts: 604 Location: Oxfordshire
Right, I'll try that little lot tomorrow, see if I get any further. I expect that the lack of --with-gnu-as might have done for me as I was getting errors about as not supporting -O2.

Debugging without a serial port is one of the reasons I wrote my TAP emulator *before* I wrote MeiSearch, that and the fact that most of the spare time I get to develop this sort of thing occurs on the train Smile

I think that the usb-serial converter might be the way to go, got to work out if I can use a hub on my version of unslung linux on the NSLU2 or if that needs a firmware upgrade too.

Robin.

ps. spent some time looking at how kernel_thread() seems to work - it looks like it ought to end up doing the actual work inside do_fork() after going through a syscall and sys_clone(). I wonder if it dies in there or perhaps the first thread switch after the new thread is created. The fact that you seem to get one character of output for whatever the next message was going to be might indicate the latter.

_________________
Toppy: TF5800PVR; Firmware: 5.13.65 + patches + aXel; Remote: Pronto RU940; Autostart TAPs: MyStuff 6.5 and friends
View user's profile Send private message Visit poster's website
bdb
Posted: Tue Aug 22, 2006 9:40 pm Reply with quote
Frequent contributor Joined: 18 Oct 2005 Posts: 499
the kernel loader tap is now available:
http://www.offdigital3.freeserve.co.uk/topfield1/linux_loader_v0.01.zip

- use this with caution; you _will_ crash your toppy ...


to recompile, requires exTap library:
http://www.offdigital3.freeserve.co.uk/topfield1/exTap_v0.08.zip

bdb
View user's profile Send private message
bdb
Posted: Tue Aug 22, 2006 10:04 pm Reply with quote
Frequent contributor Joined: 18 Oct 2005 Posts: 499
robin -

I iniitally had some trouble with compiler versions - make sure all the makefiles are picking up the mips cross compiler, and not the native one. Also check that it finds the right assembler. I think I ended up switching to a later version because of incompatibilities.

- you cannot use the topfield built compiler - I think they hardcoded some flags...

It seems that the system has gone awol before getting to kernel_thread(), it just finally keels over there. - either stack/cache or mmu issues I think...

bdb
View user's profile Send private message
rwg
Posted: Wed Aug 23, 2006 3:56 pm Reply with quote
TAP author Joined: 29 Oct 2005 Posts: 604 Location: Oxfordshire
Right, think I'm on track to getting a toolchain built at the least - I had the opposite trouble to you with the build process picking up the mips versions of some things instead of the host ones (ranlib). Adding --program-prefix=mips- to the configure params seems to fix this.

I also have a usb->serial adaptor on the way which should give me a chance to try things out in real life:)

One thing ocurred to me - the m740 kernel seems to allocate 16mb for 'mpeg memory' - I presume the toppy firmware does something like this too. I can't work out for sure if your load tap stops the mpeg decoding engines, but if not, then maybe the linux kernel and the mpeg hardware are both trying to use that memory, resulting in *bang*. If that is the case (getting speculative here) it might be worth tinkering with the mem= parameter when booting the kernel to avoid this memory. It looks like you can specify the exact memory to use - i.e.

mem=exactmap mem=16M@0 mem=16M@48M

to force it to use only the upper and lower 16Mb blocks of memory.

Robin

_________________
Toppy: TF5800PVR; Firmware: 5.13.65 + patches + aXel; Remote: Pronto RU940; Autostart TAPs: MyStuff 6.5 and friends
View user's profile Send private message Visit poster's website
bdb
Posted: Thu Aug 24, 2006 12:35 pm Reply with quote
Frequent contributor Joined: 18 Oct 2005 Posts: 499
Shocked - I've got the kernel running ...

turned out to be mainly problems with gcc v3.4.4
-the var_args were not working; nice, since it was the printk() used for debugging that were actually breaking things ...
-the kernel_thread() issue was due to some coding nastiness that relied on quirky gcc behaviour to run, so when gcc changed, the code broke.
After having fixed the printk(), and started seeing more gcc issues, I abandoned 3.4.4 and went back to 3.2.3
This has a different set of tweaks needed, but seems much better.

I removed the pci stuff from .config, as it was crashing during enumeration - this can go back in later, but I think there's only the USB controller (+maybe the CAM) on the PCI bus.
I also removed some unecessary stuff, like scsi/usb from the original m740 .config

here's the boot output:

Code:
LOAD : NEC uPD6113x Embedded Controller...
ToFi
<<< Loader C00456>>>
…ToFi"�w�ˆ>COMMAND>
--- Invalid command ---

linux_loader v0.02: Opening linux_loader v0.02
_tap_startAddr=82b00000
linux bootloader()
killing timeshift
loading      : vmlinux
load file    : 00001000+ ca2bc bytes to mem: 80000000+ ca2bc
load file    : 000cb2bc+  1208 bytes to mem: 800ca2bc+  1208
load file    : 000cc4c4+  2814 bytes to mem: 800cb4c4+  2814
load file    : 000cece0+  1728 bytes to mem: 800cdce0+  1728
load file    : 000d0408+  13e0 bytes to mem: 800cf408+  13e0
load file    : 000d2000+  2000 bytes to mem: 800d2000+  2000
load file    : 000d4000+  a4dc bytes to mem: 800d4000+  a4dc
load file    : 000de4dc+  3b48 bytes to mem: 800de4dc+  3b48
load file    : 000e2030+    a8 bytes to mem: 800e2030+    a8
load file    : 000e20d8+    68 bytes to mem: 800e20d8+    68
load file    : 000e3000+   180 bytes to mem: 800e3000+   180
load file    : 000e4000+ 15000 bytes to mem: 800e4000+ 15000
load address : 80000000
length       :    f9000
entry address: 800d4398

killing mheg
killing epg
killing channels
entering turbo mode
killing interrupts
booting linux ...

cpu_probe
cpu_probe done
Command line argument limits memory to 64MB.
Detected 64MB of memory.  Will use 64MB of it.
init_bootmem 295 16384
mapsize = 2048
after prom_init
CPU revision is: 00000c72
after cpu_report
Primary instruction cache 16kb, linesize 16 bytes.
Primary data cache 8kb, linesize 16 bytes.
after loadmmu
after start kernel
Linux version 2.4.21-xfs (bdb@x) (gcc version 3.2.3) #22 Thu Aug 24 12:15:04 GMTST 2006
platdep_setup
vr41xx setup done
emma2_mpeg_mem = 81000000
On node 0 totalpages: 16384
zone(0): 16384 pages.
zone(1): 0 pages.
zone(2): 0 pages.
Kernel command line: console=ttyS1,1152008N1 root=/dev/ram0
cpu_speed = 166500000 Hz
Console: colour dummy device 80x25
serial_console_init
Calibrating delay loop... 166.29 BogoMIPS
Memory: 47256k/0k available (833k kernel code, 0k reserved, 84k data, 60k init, 0k highmem)
Dentry cache hash table entries: 8192 (order: 4, 65536 bytes)
Inode cache hash table entries: 4096 (order: 3, 32768 bytes)
Mount cache hash table entries: 512 (order: 0, 4096 bytes)
Buffer-cache hash table entries: 4096 (order: 2, 16384 bytes)
Page-cache hash table entries: 16384 (order: 4, 65536 bytes)
Checking for 'wait' instruction...  unavailable.
POSIX conformance testing by UNIFIX
Linux NET4.0 for Linux 2.4
Based upon Swansea University Computer Society NET3.039
Starting kswapd
VR41xx Serial driver version 0.4 (22-Oct-2000)
NR_PORTS = 2
ttyS00 at 0xb2001000 (irq = 56) is a 16550A
ttyS01 at 0xb2002000 (irq = 57) is a 16550A
No keyboard driver installed
RAMDISK driver initialized: 16 RAM disks of 16384K size 1024 blocksize
loop: loaded (max 8 devices)
Linux video capture interface: v1.00
cramfs: magic1 = 00000000 should be 28cd3d45
cramfs: wrong magic 00000000
Kernel panic: VFS: Unable to mount root fs on 01:00

So, it has got to the end of the kernel, installed a ramdisk, and is trying to load /root
Next step is to make a /root image (busybox/shell etc) and get a shell running.

I'll put together my build notes, and the edits and put them on a webpage.

bdb
View user's profile Send private message
shenson
Posted: Thu Aug 24, 2006 1:21 pm Reply with quote
Frequent contributor Joined: 11 Apr 2005 Posts: 568
Great stuff Very Happy

I feel your pain over gcc. I spent several days debugging the most bizarre behaviour in a boot loader only to find it all went perfectly when a different version of gcc was used. Though that was for fun (!) in my day job (OpenSSL) a horribly important project kept failing for the same reason.

Might be an idea to try a compressed kernel image if you aren't already (can't see the "decompressing kernel message"). I've seen a few issues arise when those are used and if and when this stuff is flashed we'd use a compressed kernel anyway.

Presumably that second serial port is the one that talks to the front panel.

_________________
TF5800, F/W: MS6 Recommended F/W 12/9/2009 -FmXl+EvEzMPeUUuWf
TAPs: PcControl B1.4; EIT Sub (Game) v0.6; EPG2MEI v0.96; MyInfo B5.6; MyStuff 6.6; SecCache (UK) v0.4; TAP Commander 1.34; UK Subtitle 1.9; PruneEPG 1.0;
View user's profile Send private message Visit poster's website
rwg
Posted: Thu Aug 24, 2006 1:36 pm Reply with quote
TAP author Joined: 29 Oct 2005 Posts: 604 Location: Oxfordshire
Damn, and I just got gcc 3.4.5 built properly for cross compiling. Still, along the way I found a thing called 'crosstool' which automates the build of a cross compile toolchain rather nicely.

Robin

_________________
Toppy: TF5800PVR; Firmware: 5.13.65 + patches + aXel; Remote: Pronto RU940; Autostart TAPs: MyStuff 6.5 and friends
View user's profile Send private message Visit poster's website
bdb
Posted: Thu Aug 24, 2006 3:43 pm Reply with quote
Frequent contributor Joined: 18 Oct 2005 Posts: 499
The emma has 4 serial ports
ttyS1 is the user serial port
ttyS0 is not connected (maybe available via a header on the pcb)

there are 2 more (currently not enabled); 1 of these is used for the front panel communication.

-I've put some build notes, a kernel image, and all the edits in: linux_build_v0.01.zip
and updated the loader: linux_loader_v0.02.zip

bdb
View user's profile Send private message
rwg
Posted: Thu Aug 24, 2006 3:49 pm Reply with quote
TAP author Joined: 29 Oct 2005 Posts: 604 Location: Oxfordshire
Ok, having fought for about 2-3 days to try to get a working toolchain and build the kernel on a cygwin platform, I gave up and tried it on my Linux box instead. ***Much*** smoother process Smile

Note that these steps get me a built kernel. No USB->serial adaptor yet, so no idea if it boots Wink

* Built the toolchain using crosstools, as per bdb's suggestion I build gcc 3.2.3 (glibc 2.2.5, binutils 2.1.15 I think)
* unpacked the kernel source from the m740 archive
* copied the .config file somewhere safe
* make distclean
* copy .config back
* make config, press enter to accept default on everything
* edit arch/mips/Makefile and change tool-prefix to point to your toolchain. Also change -mcpu=4600 -mips2 in the CONFIG_CPU_VR41XX section. I put -march=vr4100
* edit include/asm/io.h and remove the #define of CONFIG_NONCOHERENT_IO
* edit arch/mips/ld.script and change 'elf32-bigmips' to 'elf32-tradbigmips'
* touch include/asm-mips/setup.h
* make vmlinux; make modules

The things I'm most doubtful about are the changes to the -mcpu flags which will output mips3 code (maybe we want mips2) and the ld.script edit - there are also targets like elf32-nbigmips. Bdb, did you have to make these changes and if so what did you change them to?

Robin

_________________
Toppy: TF5800PVR; Firmware: 5.13.65 + patches + aXel; Remote: Pronto RU940; Autostart TAPs: MyStuff 6.5 and friends
View user's profile Send private message Visit poster's website

Display posts from previous:  

All times are GMT + 1 Hour
Page 1 of 23
Goto page 1, 2, 3 ... 21, 22, 23  Next

Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum