add pixel kernel support

[nickdesaulniers]

predicated on booting those in qemu, which is itself an effort. WIP

[nickdesaulniers]

I'm now at the point where I can observe a panic attempting to mount an unspecified rootfs, but only via attaching a breakpoint to panic() in GDB. Trying to get qemu to print to stdout. Not sure yet if the ttyAMA0 is required or ttyMSM0 needs more args or what. Also, had to hack up the kernel quite a bit. I'm still investigating whether QEMU needs binary plugins for ARM trusted firmware, or creating a config to remove some problematic code is the way to go. WIP

[nickdesaulniers]

Got dmesg output to stdio today via enabling CONFIG_SERIAL_AMBA_PL011_CONSOLE=y (with console=ttyAMA0) thanks to a 🌶️ tip from @Ajs1984 . Not quite sure yet why the QCOM MSM geni console doesn't print in QEMU, but @Ajs1984 mentioned that QEMU might need to be fed the machine's dtb.

[nickdesaulniers]

I FINALLY have pixel 3 kernel booting in QEMU! The SCM driver is problematic, as it's not really set up to simply disable CONFIG_QCOM_SCM since it is selected by a few other drivers. Attaching my hacked up patch, but I'll work with QCOM to clean up the CONFIG_QCOM_SCM in a better way.

diff --git a/arch/arm64/configs/b1c1_defconfig b/arch/arm64/configs/b1c1_defconfig
index 7fe71e955b6b..d31a64a00a3b 100644
--- a/arch/arm64/configs/b1c1_defconfig
+++ b/arch/arm64/configs/b1c1_defconfig
@@ -80,7 +80,6 @@ CONFIG_SWP_EMULATION=y
 CONFIG_CP15_BARRIER_EMULATION=y
 CONFIG_SETEND_EMULATION=y
 # CONFIG_ARM64_VHE is not set
-CONFIG_RANDOMIZE_BASE=y
 # CONFIG_EFI is not set
 CONFIG_BUILD_ARM64_APPENDED_DTB_IMAGE=y
 CONFIG_BUILD_ARM64_DTC="dtc"
@@ -338,6 +337,8 @@ CONFIG_FPR_FPC=y
 # CONFIG_LEGACY_PTYS is not set
 # CONFIG_DEVMEM is not set
 # CONFIG_DEVKMEM is not set
+CONFIG_SERIAL_AMBA_PL011=y
+CONFIG_SERIAL_AMBA_PL011_CONSOLE=y
 CONFIG_SERIAL_MSM_GENI=y
 CONFIG_SERIAL_MSM_GENI_CONSOLE=y
 CONFIG_DIAG_CHAR=y
@@ -601,6 +602,8 @@ CONFIG_NLS_ISO8859_1=y
 CONFIG_PRINTK_TIME=y
 CONFIG_DYNAMIC_DEBUG=y
 CONFIG_DEBUG_INFO=y
+CONFIG_DEBUG_INFO_DWARF4=y
+CONFIG_GDB_SCRIPTS=y
 CONFIG_MAGIC_SYSRQ=y
 CONFIG_DETECT_HUNG_TASK=y
 CONFIG_PANIC_TIMEOUT=1
diff --git a/drivers/soc/qcom/scm-boot.c b/drivers/soc/qcom/scm-boot.c
index 369fb27ff447..c8dd34006649 100644
--- a/drivers/soc/qcom/scm-boot.c
+++ b/drivers/soc/qcom/scm-boot.c
@@ -15,6 +15,8 @@
 #include <soc/qcom/scm.h>
 #include <soc/qcom/scm-boot.h>
 
+#ifdef CONFIG_QCOM_SCM
+
 /*
  * Set the cold/warm boot address for one of the CPU cores.
  */
@@ -109,3 +111,4 @@ int scm_is_mc_boot_available(void)
 	return scm_is_call_available(SCM_SVC_BOOT, SCM_BOOT_ADDR_MC);
 }
 EXPORT_SYMBOL(scm_is_mc_boot_available);
+#endif // CONFIG_QCOM_SCM
diff --git a/drivers/soc/qcom/scm.c b/drivers/soc/qcom/scm.c
index e6ab0d718d56..a74efdfab0c0 100644
--- a/drivers/soc/qcom/scm.c
+++ b/drivers/soc/qcom/scm.c
@@ -138,6 +138,8 @@ struct scm_response {
 
 #endif
 
+#ifdef CONFIG_QCOM_SCM
+
 /**
  * scm_command_to_response() - Get a pointer to a scm_response
  * @cmd: command
@@ -1260,3 +1262,5 @@ bool scm_is_secure_device(void)
 		return false;
 }
 EXPORT_SYMBOL(scm_is_secure_device);
+
+#endif // CONFIG_QCOM_SCM
diff --git a/include/soc/qcom/scm.h b/include/soc/qcom/scm.h
index fa64d5d38875..91357bf1644d 100644
--- a/include/soc/qcom/scm.h
+++ b/include/soc/qcom/scm.h
@@ -94,6 +94,10 @@ struct scm_desc {
 	u64 x5;
 };
 
+#if defined(CONFIG_SERIAL_AMBA_PL011_CONSOLE) && defined(CONFIG_QCOM_SCM)
+#undef CONFIG_QCOM_SCM
+#endif
+
 #ifdef CONFIG_QCOM_SCM
 extern int scm_call(u32 svc_id, u32 cmd_id, const void *cmd_buf, size_t cmd_len,
 		void *resp_buf, size_t resp_len);

$ ./aarch64-softmmu/qemu-system-aarch64 -machine virt,gic_version=3 -cpu cortex-a57 -nographic -smp 1 -append "console=ttyAMA0 root=/dev/ram0" -m 2048 -kernel /android0/kernel-blueline/out/android-msm-bluecross-4.9/private/msm-google/arch/arm64/boot/Image -initrd /android1/buildroot/output/images/rootfs.cpio
$ ./aarch64-softmmu/qemu-system-aarch64 --version
QEMU emulator version 2.10.95
Copyright (c) 2003-2017 Fabrice Bellard and the QEMU Project developers

[zx2c4]

It looks to be a bit simpler than that, actually. After you enable pl011, the problematic function is init_random_pool's call to tz. Sticking an early return in there or simply unsetting CONFIG_QCOM_EARLY_RANDOM "fixes it". It might be possible to conditionalize this on the existence of a dt node, or perhaps there's a safer scm check that can be made before this is called, to make sure this doesn't wind up jumping to nowhere. So, here's the magic config:

diff --git a/arch/arm64/configs/b1c1_defconfig b/arch/arm64/configs/b1c1_defconfig
index fb95698804ac..b858b2d2963e 100644
--- a/arch/arm64/configs/b1c1_defconfig
+++ b/arch/arm64/configs/b1c1_defconfig
@@ -323,6 +323,8 @@ CONFIG_FPR_FPC=y
 # CONFIG_LEGACY_PTYS is not set
 # CONFIG_DEVMEM is not set
 # CONFIG_DEVKMEM is not set
+CONFIG_SERIAL_AMBA_PL011=y
+CONFIG_SERIAL_AMBA_PL011_CONSOLE=y
 CONFIG_SERIAL_MSM_GENI=y
 CONFIG_SERIAL_MSM_GENI_CONSOLE=y
 CONFIG_HW_RANDOM_MSM_LEGACY=y
@@ -528,7 +530,7 @@ CONFIG_QCOM_MEMORY_DUMP_V2=y
 CONFIG_QCOM_BUS_SCALING=y
 CONFIG_QCOM_BUS_CONFIG_RPMH=y
 CONFIG_QCOM_SECURE_BUFFER=y
-CONFIG_QCOM_EARLY_RANDOM=y
+CONFIG_QCOM_EARLY_RANDOM=n
 CONFIG_MSM_SMEM=y
 CONFIG_MSM_GLINK=y
 CONFIG_MSM_GLINK_LOOPBACK_SERVER=y

It works, until it crashes since I didn't supply a userspace:

zx2c4@thinkpad ~/Projects/pixel3xl/android_kernel_google_bluecross $  qemu-system-aarch64 --version
QEMU emulator version 3.0.50 (v3.0.0-1144-g53a19a9a5f-dirty)
zx2c4@thinkpad ~/Projects/pixel3xl/android_kernel_google_bluecross $ qemu-system-aarch64 -machine virt,gic_version=3,secure=on -cpu cortex-a57 -nographic -smp 1 -m 2G -kernel out/arch/arm64/boot/Image -append "console=ttyAMA0" -nodefaults -serial stdio -no-reboot
[    0.000000] c0      0 Booting Linux on physical CPU 0x0
[    0.000000] c0      0 Linux version 4.9.96-gbd70186bd73d (zx2c4@thinkpad) (gcc version 8.2.0 (Gentoo 8.2.0-r4 p1.5) ) #83 SMP PREEMPT Sun Nov 25 18:11:22 CET 2018
[    0.000000] c0      0 Boot CPU: AArch64 Processor [411fd070]
[    0.000000] c0      0 Machine: linux,dummy-virt
[    0.000000] c0      0 cma: Reserved 16 MiB at 0x00000000bf000000
[    0.000000] c0      0 psci: probing for conduit method from DT.
[    0.000000] c0      0 psci: PSCIv0.2 detected in firmware.
[    0.000000] c0      0 psci: Using standard PSCI v0.2 function IDs
[    0.000000] c0      0 psci: Trusted OS migration not required
[    0.000000] c0      0 percpu: Embedded 21 pages/cpu @ffffffc0befce000 s55704 r0 d30312 u86016
[    0.000000] c0      0 CPU features: enabling workaround for ARM erratum 832075
[    0.000000] c0      0 Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 520128
[    0.000000] c0      0 Kernel command line: console=ttyAMA0
[    0.000000] c0      0 PID hash table entries: 4096 (order: 3, 32768 bytes)
[    0.000000] c0      0 Dentry cache hash table entries: 262144 (order: 9, 2097152 bytes)
[    0.000000] c0      0 Inode-cache hash table entries: 131072 (order: 8, 1048576 bytes)
[    0.000000] c0      0 Memory: 1990792K/2113536K available (19966K kernel code, 3772K rwdata, 12028K rodata, 6144K init, 10688K bss, 106360K reserved, 16384K cma-reserved)
[    0.000000] c0      0 Virtual kernel memory layout:
[    0.000000] c0      0     modules : 0xffffff8000000000 - 0xffffff8008000000   (   128 MB)
[    0.000000] c0      0     vmalloc : 0xffffff8008000000 - 0xffffffbebfff0000   (   250 GB)
[    0.000000] c0      0       .text : 0xffffff8008080000 - 0xffffff8009400000   ( 19968 KB)
[    0.000000] c0      0     .rodata : 0xffffff8009400000 - 0xffffff800a000000   ( 12288 KB)
[    0.000000] c0      0       .init : 0xffffff800a000000 - 0xffffff800a600000   (  6144 KB)
[    0.000000] c0      0       .data : 0xffffff800a600000 - 0xffffff800a9af008   (  3773 KB)
[    0.000000] c0      0        .bss : 0xffffff800a9af008 - 0xffffff800b41f2c4   ( 10689 KB)
[    0.000000] c0      0     fixed   : 0xffffffbefe7fb000 - 0xffffffbefec00000   (  4116 KB)
[    0.000000] c0      0     PCI I/O : 0xffffffbefee00000 - 0xffffffbeffe00000   (    16 MB)
[    0.000000] c0      0     vmemmap : 0xffffffbf00000000 - 0xffffffc000000000   (     4 GB maximum)
[    0.000000] c0      0               0xffffffbf00380000 - 0xffffffbf03000000   (    44 MB actual)
[    0.000000] c0      0     memory  : 0xffffffc00e000000 - 0xffffffc0c0000000   (  2848 MB)
[    0.000000] c0      0 SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
[    0.000000] c0      0 Preemptible hierarchical RCU implementation.
[    0.000000] c0      0        RCU dyntick-idle grace-period acceleration is enabled.
[    0.000000] c0      0        RCU restricting CPUs from NR_CPUS=8 to nr_cpu_ids=1.
[    0.000000] c0      0 RCU: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=1
[    0.000000] c0      0 NR_IRQS:64 nr_irqs:64 0
[    0.000000] c0      0        Offload RCU callbacks from all CPUs
[    0.000000] c0      0        Offload RCU callbacks from CPUs: 0.
[    0.000000] c0      0 arm_arch_timer: Architected cp15 timer(s) running at 62.50MHz (virt).
[    0.000000] c0      0 clocksource: arch_sys_counter: mask: 0xffffffffffffff max_cycles: 0x1cd42e208c, max_idle_ns: 881590405314 ns
[    0.000112] c0      0 sched_clock: 56 bits at 62MHz, resolution 16ns, wraps every 4398046511096ns
[    0.000494] c0      0 clocksource: Switched to clocksource arch_sys_counter
[    0.001953] c0      0 Calibrating delay loop (skipped), value calculated using timer frequency.. 125.20 BogoMIPS (lpj=208333)
[    0.002125] c0      0 pid_max: default: 32768 minimum: 301
[    0.006052] c0      0 Security Framework initialized
[    0.006137] c0      0 SELinux:  Initializing.
[    0.006710] c0      0 Mount-cache hash table entries: 4096 (order: 3, 32768 bytes)
[    0.006741] c0      0 Mountpoint-cache hash table entries: 4096 (order: 3, 32768 bytes)
[    0.026976] c0      1 /cpus/cpu@0: Unknown CPU type
[    0.027827] c0      1 sched-energy: CPU device node has no sched-energy-costs
[    0.028100] c0      1 ASID allocator initialised with 32768 entries
[    0.055377] c0      1 mem dump base table DT node does not exist
[    0.057368] c0      1 Brought up 1 CPUs
[    0.057411] c0      1 SMP: Total of 1 processors activated.
[    0.057489] c0      1 CPU features: detected feature: GIC system register CPU interface
[    0.057534] c0      1 CPU features: detected feature: 32-bit EL0 Support
[    0.057749] c0      1 CPU features: detected feature: Kernel page table isolation (KPTI)
[    0.062940] c0      1 CPU: All CPU(s) started at EL1
[    0.063060] c0     13 alternatives: patching kernel code
[    0.064702] c0      1 Invalid sched_group_energy for CPU0
[    0.064961] c0      1 CPU0: update max cpu_capacity 1024
[    0.065094] c0      1 Invalid sched_group_energy for Cluster0
[    0.078913] c0      1 clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 6370867519511994 ns
[    0.079006] c0      1 futex hash table entries: 256 (order: 3, 32768 bytes)
[    0.081689] c0      1 pinctrl core: initialized pinctrl subsystem
[    0.090057] c0      1 NET: Registered protocol family 16
[    0.092520] c0      1 schedtune: init normalization constants...
[    0.092555] c0      1 schedtune: no energy model data
[    0.092571] c0      1 schedtune: disabled!
[    0.098338] c0      1 cpuidle: using governor menu
[    0.098545] c0      1 cpuidle: using governor qcom
[    0.098978] c0      1 vdso: 2 pages (1 code @ ffffff8009407000, 1 data @ ffffff800a604000)
[    0.099082] c0      1 vdso32: 2 pages (1 code @ ffffff8009408000, 1 data @ ffffff800a604000)
[    0.099227] c0      1 hw-breakpoint: found 6 breakpoint and 4 watchpoint registers.
[    0.103471] c0      1 DMA: preallocated 256 KiB pool for atomic allocations
[    0.106154] c0      1 Serial: AMBA PL011 UART driver
[    0.106600] c0      1 ipa_pm_is_used:3408 IPA HW is not supported
[    0.108274] c0      1 exit: IPA_USB init success!
[    0.130105] c0      1 9000000.pl011: ttyAMA0 at MMIO 0x9000000 (irq = 39, base_baud = 0) is a PL011 rev1
[    0.141646] c0      1 console [ttyAMA0] enabled
[    0.143541] c0      1 9040000.pl011: ttyAMA1 at MMIO 0x9040000 (irq = 40, base_baud = 0) is a PL011 rev1
[    0.190544] c0      1 socinfo_init: Can't find SMEM_HW_SW_BUILD_ID; falling back on dummy values.
[    0.191373] c0      1 Unknown SOC ID!
[    0.191827] c0      1 ------------[ cut here ]------------
[    0.192376] c0      1 WARNING: CPU: 0 PID: 1 at ../drivers/soc/qcom/socinfo.c:1955 socinfo_init+0x110/0x778
[    0.192772] c0      1 CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.9.96-gbd70186bd73d #83
[    0.192968] c0      1 Hardware name: linux,dummy-virt (DT)
[    0.193197] c0      1 task: ffffffc0bb4d8000 task.stack: ffffffc0bb4e0000
[    0.193361] c0      1 PC is at socinfo_init+0x110/0x778
[    0.193507] c0      1 LR is at socinfo_init+0x110/0x778
[    0.193608] c0      1 pc : [<ffffff800a0324e4>] lr : [<ffffff800a0324e4>] pstate: 40000045
[    0.193801] c0      1 sp : ffffffc0bb4e3cd0
[    0.193904] x29: ffffffc0bb4e3d70 x28: 0000000000000000 
[    0.194062] x27: 0000000000000000 x26: ffffff800a079748 
[    0.194199] x25: ffffff800a000370 x24: 0000000000000001 
[    0.194314] x23: ffffff800a608590 x22: 0000000000000000 
[    0.194407] x21: ffffff800aa40060 x20: ffffff800aa40000 
[    0.194551] x19: ffffff800946d990 x18: 0000000000000000 
[    0.194696] x17: 000000000000253f x16: 0000000000000000 
[    0.194825] x15: ffffffffffffffff x14: ffffff800a608590 
[    0.194925] x13: ffffff808a9b97c1 x12: ffffff800a9b97c7 
[    0.195052] x11: 000000000000005a x10: ffffffc0bb4e3a10 
[    0.195203] x9 : 00000000ffffffd0 x8 : ffffffc0bb4e39e0 
[    0.195345] x7 : 0000000000000000 x6 : ffffff80085696b0 
[    0.195442] x5 : 000000000000000a x4 : 0000000000000000 
[    0.195564] x3 : 0000000000000000 x2 : 0000000000040900 
[    0.195675] x1 : 0000000000000000 x0 : 000000000000000f 
[    0.195854] c0      1 
[    0.195854] c0      1 PC: 0xffffff800a0324a4:
[    0.196045] 24a4  528001e5 912de000 52800004 91010261 9785cb0b 528001e0 b9000aa0 14000002
[    0.196341] 24c4  b9000aa0 f9403280 b4000060 b9400400 350000a0 d0ffc720 912ee000 9785cb00
[    0.196625] 24e4  d4210000 f9403281 b9400420 b4000081 7105b01f 54000049 d4210000 d37c7c00
[    0.196852] 2504  f0ffa1c1 912b4021 b8606820 b90012a0 9792a82d f9403287 b9400aa3 b94008e5
[    0.197115] c0      1 
[    0.197115] c0      1 LR: 0xffffff800a0324a4:
[    0.197253] 24a4  528001e5 912de000 52800004 91010261 9785cb0b 528001e0 b9000aa0 14000002
[    0.197542] 24c4  b9000aa0 f9403280 b4000060 b9400400 350000a0 d0ffc720 912ee000 9785cb00
[    0.197794] 24e4  d4210000 f9403281 b9400420 b4000081 7105b01f 54000049 d4210000 d37c7c00
[    0.198015] 2504  f0ffa1c1 912b4021 b8606820 b90012a0 9792a82d f9403287 b9400aa3 b94008e5
[    0.198312] c0      1 
[    0.198312] c0      1 SP: 0xffffffc0bb4e3c90:
[    0.198456] 3c90  0a0324e4 ffffff80 bb4e3cd0 ffffffc0 0a0324e4 ffffff80 40000045 00000000
[    0.198682] 3cb0  ffffffff 00000000 00000000 00000000 ffffffff ffffffff 6c6c7443 6e721f78
[    0.198915] 3cd0  0a9fb390 ffffff80 bb6f9d00 ffffffc0 0a66fac8 ffffff80 0a66fb28 ffffff80
[    0.199160] 3cf0  bb4e3d70 ffffffc0 08414258 ffffff80 0a6933f8 ffffff80 00000000 00000000
[    0.199467] c0      1 ---[ end trace c21adaa4d22ba170 ]---
[    0.199712] c0      1 Call trace:
[    0.199975] c0      1 Exception stack(0xffffffc0bb4e3ad0 to 0xffffffc0bb4e3c00)
[    0.200200] c0      1 3ac0:                                   ffffff800946d990 0000007fffffffff
[    0.200392] c0      1 3ae0: ffffffc0bb4e3cd0 ffffff800a0324e4 0000000040000045 000000000000003d
[    0.200561] c0      1 3b00: ffffff800a000370 000000000000000f ffffffc0bb4e3b30 000000010811a4b8
[    0.200731] c0      1 3b20: 0000000000000000 ffffff80098b9140 ffffffc0bb4e3bd0 ffffff800811a668
[    0.200936] c0      1 3b40: ffffff800a608590 ffffff800aa40000 ffffff800aa40060 0000000000000000
[    0.201169] c0      1 3b60: ffffff800a608590 0000000000000001 ffffff800a000370 ffffff800a079748
[    0.201350] c0      1 3b80: 0000000000000000 0000000000000000 0000000000000038 0000000000040900
[    0.201556] c0      1 3ba0: 000000000000000f 0000000000000000 0000000000040900 0000000000000000
[    0.201731] c0      1 3bc0: 0000000000000000 000000000000000a ffffff80085696b0 0000000000000000
[    0.201897] c0      1 3be0: ffffffc0bb4e39e0 00000000ffffffd0 ffffffc0bb4e3a10 000000000000005a
[    0.202075] c0      1 [<ffffff800a0324e4>] socinfo_init+0x110/0x778
[    0.202227] c0      1 [<ffffff800a000dc4>] do_one_initcall+0x98/0x140
[    0.202364] c0      1 [<ffffff800a000ff0>] kernel_init_freeable+0x184/0x21c
[    0.202519] c0      1 [<ffffff800932f55c>] kernel_init+0x10/0xf4
[    0.202646] c0      1 [<ffffff8008082ef0>] ret_from_fork+0x10/0x20
[    0.203207] c0      1 can't find qcom,msm-imem node
[    0.203370] c0      1 socinfo_print: v0.1, id=0, ver=0.1
[    0.203513] c0      1 msm_bus_fabric_rpmh_init_driver
[    0.205493] c0      1 vgaarb: loaded
[    0.206708] c0      1 SCSI subsystem initialized
[    0.207750] c0      1 usbcore: registered new interface driver usbfs
[    0.208203] c0      1 usbcore: registered new interface driver hub
[    0.208689] c0      1 usbcore: registered new device driver usb
[    0.209841] c0      1 media: Linux media interface: v0.10
[    0.210168] c0      1 Linux video capture interface: v2.00
[    0.213173] c0      1 EDAC MC: Ver: 3.0.0
[    0.215918] c0      1 dev-cpufreq: No tables parsed from DT.
[    0.217382] c0      1 Advanced Linux Sound Architecture Driver Initialized.
[    0.223304] c0      1 Bluetooth: Core ver 2.22
[    0.223607] c0      1 NET: Registered protocol family 31
[    0.223988] c0      1 Bluetooth: HCI device and connection manager initialized
[    0.224305] c0      1 Bluetooth: HCI socket layer initialized
[    0.224561] c0      1 Bluetooth: L2CAP socket layer initialized
[    0.224935] c0      1 Bluetooth: SCO socket layer initialized
[    0.230200] c0      1 NetLabel: Initializing
[    0.230441] c0      1 NetLabel:  domain hash size = 128
[    0.230603] c0      1 NetLabel:  protocols = UNLABELED CIPSOv4
[    0.231550] c0      1 NetLabel:  unlabeled traffic allowed by default
[    0.232032] c0      1 pcie:pcie_init.
[    0.236651] c0      1 clocksource: Switched to clocksource arch_sys_counter
[    0.380052] c0      1 VFS: Disk quotas dquot_6.6.0
[    0.380605] c0      1 VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
[    0.384358] c0      1 NET: Registered protocol family 2
[    0.389527] c0      1 TCP established hash table entries: 16384 (order: 5, 131072 bytes)
[    0.390039] c0      1 TCP bind hash table entries: 16384 (order: 6, 262144 bytes)
[    0.390625] c0      1 TCP: Hash tables configured (established 16384 bind 16384)
[    0.391225] c0      1 UDP hash table entries: 1024 (order: 3, 32768 bytes)
[    0.391550] c0      1 UDP-Lite hash table entries: 1024 (order: 3, 32768 bytes)
[    0.392807] c0      1 NET: Registered protocol family 1
[    0.404793] c0      1 hw perfevents: enabled with armv8_pmuv3 PMU driver, 1 counters available
[    0.423666] c0      1 audit: initializing netlink subsys (disabled)
[    0.425000] c0      1 audit: type=2000 audit(0.423:1): initialized
[    0.426236] c0      1 Initialise system trusted keyrings
[    0.430188] c0      1 workingset: timestamp_bits=46 max_order=19 bucket_order=0
[    0.457760] c0      1 Registering sdcardfs 0.1
[    0.459558] c0      1 fuse init (API version 7.26)
[    0.464577] c0      1 pfk_ecryptfs [pfk_ecryptfs_init]: PFK ecryptfs inited successfully
[    0.464900] c0      1 pfk_fscrypt [pfk_fscrypt_init]: PFK FSCRYPT inited successfully
[    0.465167] c0      1 pfk [pfk_init]: Driver initialized successfully
[    0.489506] c0      1 Key type asymmetric registered
[    0.489736] c0      1 Asymmetric key parser 'x509' registered
[    0.490083] c0      1 io scheduler noop registered
[    0.490290] c0      1 io scheduler deadline registered
[    0.491624] c0      1 io scheduler cfq registered (default)
[    0.507654] c0      1 pil: failed to find qcom,msm-imem-pil node
[    0.511874] msm_geni_serial_init: Driver initialized[    0.582397] c0      1 [drm] Initialized
[    0.589757] c0      1 Unable to detect cache hierarchy for CPU 0
[    0.589995] c0      1 superuser: WARNING WARNING WARNING WARNING WARNING
[    0.590095] c0      1 superuser: This kernel has kernel-assisted superuser and contains a
[    0.590235] c0      1 superuser: trivial way to get root. If you did not build this kernel
[    0.590516] c0      1 superuser: yourself, stop what you're doing and find another kernel.
[    0.590665] c0      1 superuser: This one is not safe to use.
[    0.590784] c0      1 superuser: WARNING WARNING WARNING WARNING WARNING
[    0.641554] c0      1 brd: module loaded
[    0.666911] c0      1 loop: module loaded
[    0.670176] c0      1 zram: Added device: zram0
[    0.673899] c0      1 misc easelcomm-client: registered at misc device minor 58
[    0.679222] c0      1 Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
[    0.689664] c0      1 libphy: Fixed MDIO Bus: probed
[    0.689861] c0      1 tun: Universal TUN/TAP device driver, 1.6
[    0.689984] c0      1 tun: (C) 1999-2004 Max Krasnyansky <[email protected]>
[    0.690939] c0      1 PPP generic driver version 2.4.2
[    0.691526] c0      1 PPP BSD Compression module registered
[    0.691697] c0      1 PPP Deflate Compression module registered
[    0.692018] c0      1 PPP MPPE Compression module registered
[    0.692189] c0      1 NET: Registered protocol family 24
[    0.693034] c0      1 CLD80211: Initializing
[    0.693889] c0      1 usbcore: registered new interface driver asix
[    0.694147] c0      1 usbcore: registered new interface driver ax88179_178a
[    0.694443] c0      1 usbcore: registered new interface driver cdc_ether
[    0.694714] c0      1 usbcore: registered new interface driver net1080
[    0.694979] c0      1 usbcore: registered new interface driver cdc_subset
[    0.695250] c0      1 usbcore: registered new interface driver zaurus
[    0.695536] c0      1 usbcore: registered new interface driver cdc_ncm
[    0.699590] c0      1 usbcore: registered new interface driver usb-storage
[    0.699878] c0      1 usbcore: registered new interface driver usb_ehset_test
[    0.700160] c0      1 usbcore: registered new interface driver lvs
[    0.702496] c0      1 diag: failed to find diag_dload imem node
[    0.705284] c0      1 mousedev: PS/2 mouse device common for all mice
[    0.705820] c0      1 [sec_input] sec_ts_init
[    0.706966] c0      1 fpc1020_init OK
[    0.709986] c0     17 msm_sharedmem: sharedmem_register_qmi: qmi init successful
[    0.711168] c0      1 i2c /dev entries driver
[    0.727429] c0      1 device-mapper: uevent: version 1.0.3
[    0.728592] c0      1 device-mapper: ioctl: 4.35.0-ioctl (2016-06-23) initialised: [email protected]
[    0.730747] c0      1 device-mapper: req-crypt: dm-req-crypt successfully initalized.
[    0.730747] c0      1 
[    0.733658] c0      1 usbcore: registered new interface driver usbhid
[    0.734023] c0      1 usbhid: USB HID core driver
[    0.734717] c0      1 ashmem: initialized
[    0.735660] c0      1 ipa_ut ipa_ut_module_init:1044 Loading IPA test module...
[    0.735887] c0      1 ipa_get_ipc_logbuf:3203 IPA HW is not supported
[    0.736067] c0      1 ipa_get_ipc_logbuf_low:3216 IPA HW is not supported
[    0.736295] c0      1 ipa_get_ipc_logbuf:3203 IPA HW is not supported
[    0.736441] c0      1 ipa_get_ipc_logbuf_low:3216 IPA HW is not supported
[    0.736619] c0      1 ipa_register_ipa_ready_cb:3060 IPA HW is not supported
[    0.736848] c0      1 ipa_ut ipa_ut_module_init:1083 IPA CB reg failed - -1
[    0.736974] c0      1 ipa_get_ipc_logbuf:3203 IPA HW is not supported
[    0.737320] c0      1 ipa_get_ipc_logbuf_low:3216 IPA HW is not supported
[    0.741942] c0      1 usbcore: registered new interface driver snd-usb-audio
[    0.755143] c0      1 Error: Driver 'max98927' is already registered, aborting...
[    0.756930] c0      1 CRUS_SP_INIT: initializing misc device
[    0.767230] c0      1 GACT probability NOT on
[    0.767612] c0      1 Mirror/redirect action on
[    0.768021] c0      1 u32 classifier
[    0.768110] c0      1     Actions configured
[    0.768425] c0      1 Netfilter messages via NETLINK v0.30.
[    0.769846] c0      1 nf_conntrack version 0.5.0 (16384 buckets, 65536 max)
[    0.772678] c0      1 ctnetlink v0.93: registering with nfnetlink.
[    0.776683] c0      1 xt_time: kernel timezone is -0000
[    0.778636] c0      1 wireguard: WireGuard 0.0.20181119 loaded. See www.wireguard.com for information.
[    0.778850] c0      1 wireguard: Copyright (C) 2015-2018 Jason A. Donenfeld <[email protected]>. All Rights Reserved.
[    0.779408] c0      1 IPv4 over IPsec tunneling driver
[    0.783436] c0      1 ip_tables: (C) 2000-2006 Netfilter Core Team
[    0.785557] c0      1 arp_tables: arp_tables: (C) 2002 David S. Miller
[    0.786661] c0      1 Initializing XFRM netlink socket
[    0.788642] c0      1 NET: Registered protocol family 10
[    0.798147] c0      1 mip6: Mobile IPv6
[    0.798470] c0      1 ip6_tables: (C) 2000-2006 Netfilter Core Team
[    0.804238] c0      1 sit: IPv6, IPv4 and MPLS over IPv4 tunneling driver
[    0.808470] c0      1 NET: Registered protocol family 17
[    0.808822] c0      1 NET: Registered protocol family 15
[    0.809258] c0      1 Ebtables v2.0 registered
[    0.810034] c0      1 l2tp_core: L2TP core driver, V2.0
[    0.810311] c0      1 l2tp_ppp: PPPoL2TP kernel driver, V2.0
[    0.810865] c0      1 l2tp_ip: L2TP IP encapsulation support (L2TPv3)
[    0.811142] c0      1 l2tp_netlink: L2TP netlink interface
[    0.811474] c0      1 l2tp_eth: L2TP ethernet pseudowire support (L2TPv3)
[    0.811617] c0      1 l2tp_ip6: L2TP IP encapsulation support for IPv6 (L2TPv3)
[    0.812831] c0      1 NET: Registered protocol family 27
[    0.818400] c0      1 Registered cp15_barrier emulation handler
[    0.818607] c0      1 Registered setend emulation handler
[    0.819065] c0      1 core_ctl: Creating CPU group 0
[    0.819313] c0      1 core_ctl: Init CPU0 state
[    0.823642] c0      1 registered taskstats version 1
[    0.824115] c0      1 Loading compiled-in X.509 certificates
[    0.844140] c0      1 Loaded X.509 cert 'Easel: 2d9cb8fb66a52266cb3b00b3e3db335fadf908e4'
[    0.848361] c0      1 modem_restart_late_init: Unable to create smem ramdump device.
[    0.848864] c0      1 spss_utils [spss_init]: spss-utils driver Ver 2.0 30-Mar-2017.
[    0.855513] c0      1 hctosys: unable to open rtc device (rtc0)
[    0.855750] c0      1 CAM_ERR: CAM_CRM: cam_cci_assign_fops: 359 Invalid args sd node: 0000000000000000
[    0.859469] [WLAN] CDB Node not created under /chosen/cdt/cdb2[    0.859640] c0      1 [WLAN] Missing Provisioned MAC addresses
[    0.860226] RNDIS_IPA module is loaded.[    0.860801] c0     17 servloc: init_service_locator: Service Locator not enabled
[    0.861092] c0     17 servloc: pd_locator_work: Unable to connect to service locator!, rc = -19
[    0.861860] c0      1 msm_bus_late_init: Remove handoff bw requests
[    0.862084] c0      1 msm_bus_commit_data: Error for cur_rsc is NULL.
[    0.862427] c0      1 ALSA device list:
[    0.862558] c0      1   No soundcards found.
[    0.866189] c0      1 uart-pl011 9000000.pl011: no DMA platform data
[    0.871534] c0      1 VFS: Cannot open root device "(null)" or unknown-block(0,0): error -6
[    0.871712] c0      1 Please append a correct "root=" boot option; here are the available partitions:
[    0.872138] 0100            8192 ram0 [    0.872256] c0      1  (driver?)
[    0.872424] 0101            8192 ram1 [    0.872520] c0      1  (driver?)
[    0.872657] 0102            8192 ram2 [    0.872757] c0      1  (driver?)
[    0.872879] 0103            8192 ram3 [    0.872956] c0      1  (driver?)
[    0.873039] 0104            8192 ram4 [    0.873110] c0      1  (driver?)
[    0.873179] 0105            8192 ram5 [    0.873268] c0      1  (driver?)
[    0.873359] 0106            8192 ram6 [    0.873452] c0      1  (driver?)
[    0.873535] 0107            8192 ram7 [    0.873595] c0      1  (driver?)
[    0.873971] 0108            8192 ram8 [    0.874061] c0      1  (driver?)
[    0.874161] 0109            8192 ram9 [    0.874301] c0      1  (driver?)
[    0.874393] 010a            8192 ram10 [    0.874472] c0      1  (driver?)
[    0.874568] 010b            8192 ram11 [    0.874640] c0      1  (driver?)
[    0.874710] 010c            8192 ram12 [    0.874792] c0      1  (driver?)
[    0.874861] 010d            8192 ram13 [    0.874949] c0      1  (driver?)
[    0.875047] 010e            8192 ram14 [    0.875137] c0      1  (driver?)
[    0.875207] 010f            8192 ram15 [    0.875267] c0      1  (driver?)
[    0.875530] c0      1 Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(0,0)
[    0.875859] c0      1 CPU: 0 PID: 1 Comm: swapper/0 Tainted: G        W       4.9.96-gbd70186bd73d #83
[    0.876058] c0      1 Hardware name: linux,dummy-virt (DT)
[    0.876226] c0      1 Call trace:
[    0.876355] c0      1 [<ffffff8008089708>] dump_backtrace+0x0/0x2a0
[    0.876542] c0      1 [<ffffff80080899bc>] show_stack+0x14/0x20
[    0.876715] c0      1 [<ffffff800840ec2c>] dump_stack+0xa0/0xc4
[    0.876851] c0      1 [<ffffff80081a484c>] panic+0x1c4/0x390
[    0.876985] c0      1 [<ffffff800a001474>] mount_block_root+0x228/0x2dc
[    0.877103] c0      1 [<ffffff800a0016d4>] mount_root+0x6c/0x78
[    0.877238] c0      1 [<ffffff800a00183c>] prepare_namespace+0x15c/0x198
[    0.877380] c0      1 [<ffffff800a001068>] kernel_init_freeable+0x1fc/0x21c
[    0.877505] c0      1 [<ffffff800932f55c>] kernel_init+0x10/0xf4
[    0.877644] c0      1 [<ffffff8008082ef0>] ret_from_fork+0x10/0x20
[    0.877944] c0      1 Kernel Offset: disabled
[    0.878077] c0      1 Memory Limit: none
[    0.878344] c0      1 Rebooting in 1 seconds.

[nickdesaulniers]

the problematic function is init_random_pool's call to tz

Yes but...

[ 0.191373] c0 1 Unknown SOC ID!

IIRC, that also involved an smc call. How come that doesn't induce an unknown instruction exception in QEMU? Or any of the other smc call sites? I had played with mocking ALL of the smc functions assuming any one would stop QEMU.

[zx2c4]

That comes from:

                                 SMEM_ANY_HOST_FLAG);
        if (IS_ERR_OR_NULL(socinfo)) {
                pr_warn("Can't find SMEM_HW_SW_BUILD_ID; falling back on dummy values.\n");
                socinfo = setup_dummy_socinfo();
        }

        socinfo_select_format();

        WARN(!socinfo_get_id(), "Unknown SOC ID!\n");

I'm not sure there are smc calls involved there, but perhaps there are? Moving the rng init calls to happen 4 seconds after the system has booted in a delayed work struct (not that this actually makes sense for the rng) doesn't make the problem go away; that tasks hangs indefinitely. This is testing, by the way, with qemu's secure=on flag. Removing that just results in an undefined instruction.

So I suppose there are two routes: augment qemu's trustzone stuff to include a bunch of qcom functions, or figure out how to conditionalize calling smc in the first place. I assume it's not called by other drivers, for example, because their probe function fails before it can get to that point.

[PatriceBlin]

Hi,

Without trying to necro-bump this issue (it's still open). Does anyone tried to do the same thing with a Pixel 4a kernel ?

After successfully testing your solutions (enabling PL011 and disabling QCOM_EARLY_RANDOM) on a Pixel 3 kernel, I tried the same thing on a Pixel 4a but not logs.

(on qemu v7.0.0-1586-g9b1f588549, for cortex-a76)