0

I'm working with the qemu riscv32 emulator. I have managed to boot a simple hello-world image I have got from github, however I haven't managed to boot my own image. I suspect this is because I built my image without a linker script, therefore it is being loaded at the wrong address. I'm trying to understand how the qemu boot sequence works to fix this.

This is the linker script I'm using

OUTPUT_ARCH( "riscv" )
OUTPUT_FORMAT("elf32-littleriscv")
ENTRY( _start )
SECTIONS
{
  /* text: test code section */
  . = 0x20400000;
  .text : { *(.text) }
  /* gnu_build_id: readonly build identifier */
  .gnu_build_id : { *(.note.gnu.build-id) }
  /* rodata: readonly data segment */
  .rodata : { *(.rodata) }

  /* data: Initialized data segment */
  . = 0x80000000;
  .data : { *(.data) }
  .sdata : { *(.sdata) }
  .debug : { *(.debug) }
  . += 0x1000;
  stack_top = .;

  /* End of uninitalized data segement */
  _end = .;
}

And this is the qemu command I'm executing:

qemu-system-riscv32 -nographic -machine sifive_e -bios none -kernel hello

# with -s -S when debugging

The source code is not very relevant, it is just a small assembly file that writes "hello".

My main question is:

How can I know at which address is qemu expecting to find the image?

Other questions I would like to answer:

  • With gdb, I have noticed that qemu starts executing at address 0x1004 (before me doing anything). I was expecting it to be 0x0. Why is this?
  • I have read hat qemu can use U-boot. Does it use it, or any other bootloader, by default?
  • If so, is there any way to load an image at address 0x0 without any sort of bootloader intervening? (I ask this for debugging purposes, because the first time you try a new arch. possibly yo want to keep everything as simple as possible)
  • Does the kernel option just load the provided image, or does it something more? (like loading a Linux kernel and execute the provided image on top of it)
  • I'm using the sifive_e emulator, therefore I have gone to the SiFive E series datasheet (like this one ) to check the memory map, and find the starting address. This is what I have found: enter image description here Those address are very different from those specified in the linker script above. It seems I'm looking at the wrong place, where can I found the SiFive E boot address?

EDIT

With regards to the last question about the memory map, I found the answer. It is explained here (5.16) and here (chapter 6)

enter image description here

Dan
  • 2,135
  • 14
  • 39
  • 1
    I don't know the risc-v board specifics, but using "-kernel" is saying "I am a Linux kernel, please boot me that way". If you have a raw file you want to be put at address 0, that's what -bios is usually for. If you have an ELF file and you want it to be started at the ELF file's declared entry point, use the QEMU 'generic loader'. https://stackoverflow.com/questions/58420670/qemu-bios-vs-kernel-vs-device-loader-file/58434837#58434837 discusses this for Arm but mostly applies for any guest arch. – Peter Maydell May 03 '22 at 10:50

0 Answers0