Author Topic: SPIN: 1 - PhatBox: 0 (PhatBox Successfully Owned) (Read 79132 times)

spin · « **Reply #40 on:** June 06, 2005, 08:24:12 pm »

Quote

what should I have done ?

Write the files to /dos/DATA/stuff instead :-)

judb · « **Reply #41 on:** June 06, 2005, 08:25:39 pm »

Theres 253 megs of space on /dos .. I dont think thats the problem Spin.

spin · « **Reply #42 on:** June 06, 2005, 08:32:20 pm »

The "No space left on device" error says otherwise =P I ran into the "no space" error until I changed partitions, I think it has more to do with the number of available files on the /dos partition, and not so much the amount of free space (inode starvation, but for vfat or somesuch). My /dos partition was tiny and /proc/kcore has a complete dump of physical memory...

judb · « **Reply #43 on:** June 06, 2005, 08:38:31 pm »

I'll try that. I think its trying to write to / instead of /dos for some reason...

ralph.deratt · « **Reply #44 on:** June 06, 2005, 10:27:46 pm »

Quote

the DD failure generates this in the messages log:
Code: [Select]
Unable to handle kernel NULL pointer dereference at virtual address 00000000 pgd = c0c24000 *pgd = c0fcb811, *pmd = c0fcb811, *pte = 00000000, *ppte = 00000000 Internal error: Oops: 0 CPU: 0 pc : [<c00e6ff8>] lr : [<c00b1ec8>] Not tainted sp : c0c29f50 ip : 00000000 fp : c0c29f80 r10: bfffff4d r9 : c0c28000 r8 : 00066000 r7 : 00000400 r6 : c0395ec0 r5 : 00000400 r4 : 00000400 r3 : c0c28000 r2 : 000003fc r1 : 00000000 r0 : 00066000 Flags: nzCv IRQs on FIQs on Mode SVC_32 Segment user Control: 217D Table: C0C24015 DAC: 00000015 Process dd (pid: 23, stackpage=c0c29000) Stack: (0xc0c29f40 to 0xc0c2a000) 9f40: c00b1ec8 c00e6ff8 20000013 ffffffff 00000400 00000400 00000400 c0395ec0 9f60: 00000400 c00b1ec8 00000000 ffffffea c0395ea0 c0c29fac c0c29f84 c0070ec0 9f80: c00b1e64 c0c29f90 c00706c4 0000000a 00000400 00066000 00000003 c0043aa0 9fa0: 00000000 c0c29fb0 c0043920 c0070df4 0000000a c0049c90 00000009 00066000 9fc0: 00000400 00000000 0000000a 00000400 00066000 00000009 00000400 bfffff41 9fe0: bfffff4d 00000000 00066000 bffffde0 00033fa0 000460b0 20000010 00000009 Backtrace: Function entered at [<c00b1e54>] from [<c0070ec0>] r6 = C0395EA0 r5 = FFFFFFEA r4 = 00000000 Function entered at [<c0070de4>] from [<c0043920>] r8 = C0043AA0 r7 = 00000003 r6 = 00066000 r5 = 00000400 r4 = 0000000A Code: 1a00002c e2522004 4282c004 4a00001b (e4913004)

Try this command instead:

dd if=/dev/mem of=/dos/data/stuff/rom.bin bs=1 skip=1 count=262143

It should solve the null pointer issue, but let Ben know that the first byte is missing...

RdeR

bushing · « **Reply #45 on:** June 06, 2005, 10:58:04 pm »

Quote

Try this command instead:

dd if=/dev/mem of=/dos/data/stuff/rom.bin bs=1 skip=1 count=262143

It should solve the null pointer issue, but let Ben know that the first byte is missing...

RdeR

Ralph, if you don't stop reading my mind, you're going to really freak me out.

Yes, I was going to suggest that ... although this document http://www.embedded-kernel-track.org/2005/porting_to_arm.pdf suggests that 0x0-0xfff are a "null pointer / interrupt vector trap".

So, we might need to use mmap.

I wrote a quick little c-program called readrom. get it here: http://bbyer.mm.st/readrom, source at http://bbyer.mm.st/readrom.c. Put it in a script as "readrom /dos/data/rom.out" or whatever, and let me know if that works, someone ... anyone ... Bueller?

Ben

judb · « **Reply #46 on:** June 07, 2005, 01:23:40 am »

Bushing, thats not working. is it supposed to log any output? contact me via ICQ or AIM or something... I can test stuff in a couple seconds with my test rig..

judb · « **Reply #47 on:** June 07, 2005, 01:39:50 am »

Readrom seg fault info from dmesg:

Code: [Select]

readrom: unhandled page fault at pc=0x0000b8d8, lr=0x0000ffb4 (bad address=0xfffffffc, code 0)
pc : [<0000b8d8>]    lr : [<0000ffb4>]    Not tainted
sp : bffffddc  ip : bffffe90  fp : 00000000
r10: 00000000  r9 : 000363f0  r8 : 00000002
r7 : bffffe84  r6 : 0003c7ec  r5 : 00036670  r4 : 00046384
r3 : 0000f108  r2 : 00046384  r1 : 00000000  r0 : 00000008
Flags: nzCv  IRQs on  FIQs on  Mode USER_32  Segment user
Control: 217D  Table: C0C10015  DAC: 00000015
Unable to handle kernel NULL pointer dereference at virtual address 00000001
pgd = c0c10000
*pgd = c0c2c811, *pmd = c0c2c811, *pte = 00000000, *ppte = 00000000
Internal error: Oops: 0
CPU: 0
pc : [<c00e7074>]    lr : [<c00b1ec8>]    Not tainted
sp : c0c17f50  ip : 00000001  fp : c0c17f80
r10: bfffff48  r9 : c0c16000  r8 : 00066000
r7 : 00000001  r6 : c0c390e0  r5 : 00000001  r4 : 00000001
r3 : c0c16000  r2 : 00000001  r1 : 00000001  r0 : 00066000
Flags: Nzcv  IRQs on  FIQs on  Mode SVC_32  Segment user
Control: 217D  Table: C0C10015  DAC: 00000015
Process dd (pid: 19, stackpage=c0c17000)
Stack: (0xc0c17f40 to 0xc0c18000)
7f40: c00b1ec8 c00e7074 80000013 ffffffff 00000001 00000001 00000001 c0c390e0 
7f60: 00000001 c00b1ec8 00000001 ffffffea c0c390c0 c0c17fac c0c17f84 c0070ec0 
7f80: c00b1e64 c0070c70 c00720b0 0000000a 00000001 00066000 00000003 c0043aa0 
7fa0: 00000000 c0c17fb0 c0043920 c0070df4 0000000a c0049c90 00000009 00066000 
7fc0: 00000001 00000000 0000000a 00000001 00066000 00000009 00000001 bfffff3c 
7fe0: bfffff48 00000000 00066000 bffffde0 00033fa0 000460b0 20000010 00000009 
Backtrace: 
Function entered at [<c00b1e54>] from [<c0070ec0>]
 r6 = C0C390C0  r5 = FFFFFFEA  r4 = 00000001 
Function entered at [<c0070de4>] from [<c0043920>]
 r8 = C0043AA0  r7 = 00000003  r6 = 00066000  r5 = 00000001
 r4 = 0000000A 
Code: 0affffe0 e33c0000 0a000009 e35c0002 (e4d13001)

judb · « **Reply #48 on:** June 07, 2005, 01:41:09 am »

dd also still segfaults using the updated options.. it creates a 0 byte file first though. readrom does not.

#!/bin/sh
/dos/stuff/readrom /dos/data/stuff/readrom.out
dd if=/dev/mem of=/dos/data/stuff/rom.bin bs=1 skip=1 count=262143
/bin/tar cvfh /dos/data/stuff/proc.tar /proc
/bin/tar cvfhX /dos/data/stuff/all.tar /dos/stuff/tarexclude.txt /
dmesg > /dos/stuff/dmesg.txt

bushing · « **Reply #49 on:** June 07, 2005, 01:52:17 am »

Quote

Bushing, thats not working. is it supposed to log any output? contact me via ICQ or AIM or something... I can test stuff in a couple seconds with my test rig..

It should have created a little bit of output. *sigh*

Wanna create an IRC channel? I'll go do some research online and post back in like 15 mins...

-b

judb · « **Reply #50 on:** June 07, 2005, 01:55:47 am »

Quote

It should have created a little bit of output. *sigh*

Wanna create an IRC channel? I'll go do some research online and post back in like 15 mins...

-b

pm'ed you with a chat room that I have setup.. not IRC.. dont have an IRC client on my box and dont feel like setting it up just for this.

judb · « **Reply #51 on:** June 07, 2005, 02:11:17 am »

dd error "dd if=/dev/mem of=/dos/data/stuff/rom.bin bs=1 skip=32 count=32"

Code: [Select]

Unable to handle kernel NULL pointer dereference at virtual address 00000020
pgd = c0c18000
*pgd = c0fee811, *pmd = c0fee811, *pte = 00000000, *ppte = 00000000
Internal error: Oops: 0
CPU: 0
pc : [<c00e7074>]    lr : [<c00b1ec8>]    Not tainted
sp : c0c1ff50  ip : 00000001  fp : c0c1ff80
r10: bfffff4b  r9 : c0c1e000  r8 : 00066000
r7 : 00000001  r6 : c0fc80e0  r5 : 00000001  r4 : 00000001
r3 : c0c1e000  r2 : 00000001  r1 : 00000020  r0 : 00066000
Flags: Nzcv  IRQs on  FIQs on  Mode SVC_32  Segment user
Control: 217D  Table: C0C18015  DAC: 00000015
Process dd (pid: 18, stackpage=c0c1f000)
Stack: (0xc0c1ff40 to 0xc0c20000)
ff40: c00b1ec8 c00e7074 80000013 ffffffff 00000001 00000001 00000001 c0fc80e0 
ff60: 00000001 c00b1ec8 00000020 ffffffea c0fc80c0 c0c1ffac c0c1ff84 c0070ec0 
ff80: c00b1e64 c0070c70 c00720b0 0000000a 00000001 00066000 00000003 c0043aa0 
ffa0: 00000000 c0c1ffb0 c0043920 c0070df4 0000000a c0049c90 00000009 00066000 
ffc0: 00000001 00000000 0000000a 00000001 00066000 00000009 00000001 bfffff3f 
ffe0: bfffff4b 00000000 00066000 bffffde0 00033fa0 000460b0 20000010 00000009 
Backtrace: 
Function entered at [<c00b1e54>] from [<c0070ec0>]
 r6 = C0FC80C0  r5 = FFFFFFEA  r4 = 00000020 
Function entered at [<c0070de4>] from [<c0043920>]
 r8 = C0043AA0  r7 = 00000003  r6 = 00066000  r5 = 00000001
 r4 = 0000000A 
Code: 0affffe0 e33c0000 0a000009 e35c0002 (e4d13001)

devmem2 error "/dos/stuff/devmem2 262136 > /dos/stuff/devmem2.out"

Code: [Select]

devmem2: unhandled page fault at pc=0x0000ace8, lr=0x00016de0 (bad address=0xfffffffc, code 0)
pc : [<0000ace8>]    lr : [<00016de0>]    Not tainted
sp : bffffdfc  ip : bffffeb0  fp : 00000000
r10: 00000000  r9 : 00036b60  r8 : 00000002
r7 : bffffea4  r6 : 0003d038  r5 : 000390a4  r4 : 00046d50
r3 : 0000e518  r2 : 00046d50  r1 : 00000000  r0 : 00000008
Flags: nzCv  IRQs on  FIQs on  Mode USER_32  Segment user
Control: 217D  Table: C0FA4015  DAC: 00000015

bushing · « **Reply #52 on:** June 07, 2005, 01:56:54 pm »

Let's see if we can bring some more-experienced minds to bear on the problem:

http://lists.arm.linux.org.uk/pipermail/linux-arm/2005-June/010037.html

judb · « **Reply #53 on:** June 07, 2005, 02:15:57 pm »

I wonder if we can extract the 128 byte internal boot rom area from the ARM cpu...

ralph.deratt · « **Reply #54 on:** June 07, 2005, 04:59:02 pm »

Quote

I wonder if we can extract the 128 byte internal boot rom area from the ARM cpu...

Why?? the full source is in the back of the User manual.

RdeR

judb · « **Reply #55 on:** June 07, 2005, 05:31:10 pm »

hmm good point. I never noticed that. apparently the boot rom data is stored at 0x7000.0000 according to the user manual and flash rom is addressed as 0x0... I cant tell where it says if the data at 0x7 is fixed code or if its rewriteable somehow.

bushing · « **Reply #56 on:** June 08, 2005, 03:10:57 am »

Quote

hmm good point. I never noticed that. apparently the boot rom data is stored at 0x7000.0000 according to the user manual and flash rom is addressed as 0x0... I cant tell where it says if the data at 0x7 is fixed code or if its rewriteable somehow.

I had to read all of the info about those two parts several times to get this, but I think I can explain more simply.

Normally, when you power up the EP7312, it jumps to location 0x0 -- hopefully you have some sort of memory (ram, rom, whatever) sitting there that holds instructions. If not, you're toast.

Now, what this means is that if you want to have a system that boots, you had better make sure your flash rom chips are burned before you solder them down to a board, and if anything ever happened to them, you'd have to desolder / replace them. Or use a socketed ROM chip. All of these are horribly expensive from the point of view of the manufacturer.

OR ... you could do what they did. They provided a 128-BYTE rom bank, actually on the die of the processor. It truly is read-onky -- it will never change. When you boot with it (enabled with a jumper on the PhatBox board), it runs a very, very small program, that does the following:

* turns on UART1, configures to 9600
* outputs one char: "<"
* reads the next 2048 bytes
* outputs one last char: ">"
* copies that 2k chunk of data into internal [cache] sram, and executes it.

So, basically you write a 2k mini "pre-bootloader" loader, and use it to handle all other data transfer, and eventually could reflash that way.

Ben

Genesis · « **Reply #57 on:** June 08, 2005, 04:05:40 am »

Hoh hoh hoh.....

You know what I said about "Sabots", right?

ralph.deratt · « **Reply #58 on:** June 08, 2005, 04:03:56 pm »

Quote

dd error "dd if=/dev/mem of=/dos/data/stuff/rom.bin bs=1 skip=32 count=32"
Code: [Select]
Unable to handle kernel NULL pointer dereference at virtual address 00000020 pgd = c0c18000 *pgd = c0fee811, *pmd = c0fee811, *pte = 00000000, *ppte = 00000000 Internal error: Oops: 0 CPU: 0 pc : [<c00e7074>] lr : [<c00b1ec8>] Not tainted sp : c0c1ff50 ip : 00000001 fp : c0c1ff80 r10: bfffff4b r9 : c0c1e000 r8 : 00066000 r7 : 00000001 r6 : c0fc80e0 r5 : 00000001 r4 : 00000001 r3 : c0c1e000 r2 : 00000001 r1 : 00000020 r0 : 00066000 Flags: Nzcv IRQs on FIQs on Mode SVC_32 Segment user Control: 217D Table: C0C18015 DAC: 00000015 Process dd (pid: 18, stackpage=c0c1f000) Stack: (0xc0c1ff40 to 0xc0c20000) ff40: c00b1ec8 c00e7074 80000013 ffffffff 00000001 00000001 00000001 c0fc80e0 ff60: 00000001 c00b1ec8 00000020 ffffffea c0fc80c0 c0c1ffac c0c1ff84 c0070ec0 ff80: c00b1e64 c0070c70 c00720b0 0000000a 00000001 00066000 00000003 c0043aa0 ffa0: 00000000 c0c1ffb0 c0043920 c0070df4 0000000a c0049c90 00000009 00066000 ffc0: 00000001 00000000 0000000a 00000001 00066000 00000009 00000001 bfffff3f ffe0: bfffff4b 00000000 00066000 bffffde0 00033fa0 000460b0 20000010 00000009 Backtrace: Function entered at [<c00b1e54>] from [<c0070ec0>] r6 = C0FC80C0 r5 = FFFFFFEA r4 = 00000020 Function entered at [<c0070de4>] from [<c0043920>] r8 = C0043AA0 r7 = 00000003 r6 = 00066000 r5 = 00000001 r4 = 0000000A Code: 0affffe0 e33c0000 0a000009 e35c0002 (e4d13001)

Jud / Ben

Try this:

dd if=/dev/mem of=/dos/data/stuff/rom_mirror.bin bs=1024 skip=256 count=256

This will skip the first 256K and then read the next 256k. Since the decoding of the flash is only 18 bits, the flash image should repeat every 256K (or every 512K,1024K etc)

Also run
dd if=/dev/mem of=/dos/data/stuff/rom.bin bs=1024 skip=4 count=252

On a linux box run dd if=rom_mirror.bin of=rom_mir_trim.bin bs=1024 skip=4 count=252

Then compare rom.bin to rom_mir_trim.bin

if they are the same, rom_mirror.bin has the full image.

RdeR

bushing · « **Reply #59 on:** June 08, 2005, 11:06:31 pm »

Quote

Hoh hoh hoh.....

You know what I said about "Sabots", right?

Huh?

*confused*
Ben

News:

Author Topic: SPIN: 1 - PhatBox: 0 (PhatBox Successfully Owned) (Read 79132 times)