From: jcmvbkbc <jcmvbkbc@gmail.com>
To: Avi Kivity <avi@redhat.com>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH 3/5] exec: fix code tlb entry misused as iotlb in get_page_addr_code()
Date: Thu, 15 Mar 2012 23:23:46 +0400 [thread overview]
Message-ID: <4F6241C2.1060208@gmail.com> (raw)
In-Reply-To: <1331227233-18601-4-git-send-email-avi@redhat.com>
Hi.
> get_page_addr_code() reads a code tlb entry, but interprets it as an
> iotlb entry. This works by accident since the low bits of a RAM code
> tlb entry are clear, and match a RAM iotlb entry. This accident is
> about to unhappen, so fix the code to use an iotlb entry (using the
> code entry with TLB_MMIO may fail if the page is a watchpoint).
>
> Signed-off-by: Avi Kivity<avi@redhat.com>
> ---
> exec.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/exec.c b/exec.c
> index a35eb4f..f26d1b0 100644
> --- a/exec.c
> +++ b/exec.c
> @@ -4685,7 +4685,7 @@ tb_page_addr_t get_page_addr_code(CPUState *env1, target_ulong addr)
> (addr& TARGET_PAGE_MASK))) {
> ldub_code(addr);
> }
> - pd = env1->tlb_table[mmu_idx][page_index].addr_code& ~TARGET_PAGE_MASK;
> + pd = env1->iotlb[mmu_idx][page_index]& ~TARGET_PAGE_MASK;
> if (pd != io_mem_ram.ram_addr&& pd != io_mem_rom.ram_addr
> && !io_mem_region[pd]->rom_device) {
> #if defined(TARGET_ALPHA) || defined(TARGET_MIPS) || defined(TARGET_SPARC)
With this patch xtensa debug option unit test causes qemu abort with the message
qemu: fatal: Trying to execute code outside RAM or ROM at 0xd000088c
This happens immediately after a watchpoint setup for a data breakpoint at the same memory page where the currently
executed code is located. Any idea on how to fix it?
(gdb) bt
#0 cpu_abort (env=0x55555626a310, fmt=0x55555573f540 "Trying to execute code outside RAM or ROM at 0x%08x\n") at
/home/dumb/ws/m/awt/emu/xtensa/qemu/exec.c:1848
#1 0x00005555556c1657 in get_page_addr_code (env1=0x55555626a310, addr=0xd000088c) at
/home/dumb/ws/m/awt/emu/xtensa/qemu/exec.c:4694
#2 0x00005555556b3441 in tb_find_slow (env=0x55555626a310, pc=0xd000088c, cs_base=0x0, flags=0x0) at
/home/dumb/ws/m/awt/emu/xtensa/qemu/cpu-exec.c:95
#3 0x00005555556b36ac in tb_find_fast (env=0x55555626a310) at /home/dumb/ws/m/awt/emu/xtensa/qemu/cpu-exec.c:151
#4 0x00005555556b3a2d in cpu_xtensa_exec (env=0x55555626a310) at /home/dumb/ws/m/awt/emu/xtensa/qemu/cpu-exec.c:534
#5 0x00005555556b6380 in tcg_cpu_exec (env=0x55555626a310) at /home/dumb/ws/m/awt/emu/xtensa/qemu/cpus.c:1022
#6 0x00005555556b6498 in tcg_exec_all () at /home/dumb/ws/m/awt/emu/xtensa/qemu/cpus.c:1054
#7 0x00005555556b5a30 in qemu_tcg_cpu_thread_fn (arg=0x55555626a310) at /home/dumb/ws/m/awt/emu/xtensa/qemu/cpus.c:772
#8 0x00007ffff62e0d90 in start_thread () from /lib64/libpthread.so.0
#9 0x00007ffff6011f5d in clone () from /lib64/libc.so.6
Memory maps are the following:
(qemu) info mtree
memory
00000000-fffffffe (prio 0, RW): system
00000000-07ffffff (prio 0, RW): xtensa.sram
fe000000-fe000fff (prio 0, RW): xtensa.rom
(qemu) info tlb
ITLB:
Way 5 (128 MB)
Vaddr Paddr ASID Attr RWX
---------- ---------- ---- ---- ---
0xd0000000 0x00000000 0x01 0x07 RWX
0xd8000000 0x00000000 0x01 0x03 RWX
Way 6 (256 MB)
Vaddr Paddr ASID Attr RWX
---------- ---------- ---- ---- ---
0xe0000000 0xf0000000 0x01 0x07 RWX
0xf0000000 0xf0000000 0x01 0x03 RWX
DTLB:
Way 5 (128 MB)
Vaddr Paddr ASID Attr RWX
---------- ---------- ---- ---- ---
0xd0000000 0x00000000 0x01 0x07 RWX
0xd8000000 0x00000000 0x01 0x03 RWX
Way 6 (256 MB)
Vaddr Paddr ASID Attr RWX
---------- ---------- ---- ---- ---
0xe0000000 0xf0000000 0x01 0x07 RWX
0xf0000000 0xf0000000 0x01 0x03 RWX
--
Thanks.
-- Max
next prev parent reply other threads:[~2012-03-15 19:24 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-03-08 17:20 [Qemu-devel] [PATCH 0/5] Remove cpu_register_io_memory Avi Kivity
2012-03-08 17:20 ` [Qemu-devel] [PATCH 1/5] memory: make phys_page_find() return an unadjusted section Avi Kivity
2012-03-08 17:20 ` [Qemu-devel] [PATCH 2/5] memory: store section indices in iotlb instead of io indices Avi Kivity
2012-03-08 17:20 ` [Qemu-devel] [PATCH 3/5] exec: fix code tlb entry misused as iotlb in get_page_addr_code() Avi Kivity
2012-03-15 19:23 ` jcmvbkbc [this message]
2012-03-18 10:26 ` Avi Kivity
2012-03-18 11:07 ` Max Filippov
2012-03-18 16:33 ` Avi Kivity
2012-03-18 16:45 ` Max Filippov
2012-03-08 17:20 ` [Qemu-devel] [PATCH 4/5] memory: dispatch directly via MemoryRegion Avi Kivity
2012-03-08 17:20 ` [Qemu-devel] [PATCH 5/5] memory: get rid of cpu_register_io_memory() Avi Kivity
2012-03-19 4:52 ` TeLeMan
2012-03-19 9:16 ` Avi Kivity
2012-03-19 10:37 ` TeLeMan
2012-03-19 10:48 ` Avi Kivity
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F6241C2.1060208@gmail.com \
--to=jcmvbkbc@gmail.com \
--cc=avi@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.