From: Benjamin Herrenschmidt <benh@kernel.crashing.org>
To: qemu-devel@nongnu.org
Cc: Paolo Bonzini <pbonzini@redhat.com>,
Richard Henderson <rth@twiddle.net>,
Christian Borntraeger <borntraeger@de.ibm.com>
Subject: [Qemu-devel] TCG problem with cpu_{st,ld}x_data ?
Date: Sun, 24 Jul 2016 22:42:21 +1000 [thread overview]
Message-ID: <1469364141.8568.251.camel@kernel.crashing.org> (raw)
Hi !
I need help from TCG experts here. I was chasing down a bug causing
some stuff to crash when using vector ops with a ppc32 guest on x86,
but pulling that string led to a whole mess that *may* be affecting a
pile of architetures unless I'm misunderstanding something...
So basically what happens is that some instruction emulation helpers,
like in my case stvebx (target-ppc/mem_helper.c) are doing calls to
cpu_{st,ld}x_data. Let's say cpu_stb_data() for the sake of the
argument.
That is equivalent to calling cpu_stb_data_ra() with a "0" retaddr.
However, if that faults, when tlb_fill() gets eventually called, what I
observe is not 0 in "retaddr" but ... -2.
The reason, as far as I understand, is that cpu_stb_data_ra() calls
helper_ret_stb_mmu() which does:
retaddr -= GETPC_ADJ;
(which is -2)
Now a whole pile of tlb_fill() implementations (in fact all of them one
way or another) do:
if (likely(retaddr)) {
/* now we have a real cpu fault */
cpu_restore_state(cs, retaddr);
}
So that test is missed. The result that I obseve is that the fault gets
reported for the wrong instruction (the wrong PC).
Now I did try changing the above test out of curiosity to also check
against -2, but the end result still mis-reported the fault. So
something's going deeper than that I figured out so far...
What *did* work was to copy what x86 does, which is to change my
helper_stvebx() to not use cpu_stb_data at all, but instead use
cpu_stb_data_ra(...., GETPC()), which mimmics what x86 does for some of
it's helpers.
That fixed the specific problem I was chasing.
However, there are a ton of other helpers, in powerpc, s390 and other
archs, doing that cpu_stb_data() the same way we do, so I really wonder
what's going on here.
Some advice would be very much appreciated ;-)
Cheers,
Ben.
next reply other threads:[~2016-07-24 12:42 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-24 12:42 Benjamin Herrenschmidt [this message]
2016-07-24 12:51 ` [Qemu-devel] TCG problem with cpu_{st,ld}x_data ? Benjamin Herrenschmidt
2016-07-24 12:52 ` Benjamin Herrenschmidt
2016-07-25 0:36 ` Richard Henderson
2016-07-25 0:46 ` Benjamin Herrenschmidt
2016-07-25 0:51 ` Benjamin Herrenschmidt
2016-07-25 14:00 ` Richard Henderson
2016-07-25 21:42 ` Benjamin Herrenschmidt
2016-07-25 22:19 ` Peter Maydell
2016-07-25 22:42 ` Benjamin Herrenschmidt
2016-07-25 23:22 ` Benjamin Herrenschmidt
2016-07-25 0:34 ` Richard Henderson
2016-07-25 5:15 ` Benjamin Herrenschmidt
2016-07-25 14:12 ` Richard Henderson
2016-07-25 21:46 ` Benjamin Herrenschmidt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1469364141.8568.251.camel@kernel.crashing.org \
--to=benh@kernel.crashing.org \
--cc=borntraeger@de.ibm.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=rth@twiddle.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.