From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1LBYQb-0007u5-29
	for qemu-devel@nongnu.org; Sat, 13 Dec 2008 12:37:21 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1LBYQZ-0007sK-F9
	for qemu-devel@nongnu.org; Sat, 13 Dec 2008 12:37:20 -0500
Received: from [199.232.76.173] (port=53876 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1LBYQZ-0007s8-6Q
	for qemu-devel@nongnu.org; Sat, 13 Dec 2008 12:37:19 -0500
Received: from soufre.accelance.net ([213.162.48.15]:64466)
	by monty-python.gnu.org with esmtps
	(TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60)
	(envelope-from <lionel.landwerlin@openwide.fr>) id 1LBYQY-0002gK-JM
	for qemu-devel@nongnu.org; Sat, 13 Dec 2008 12:37:18 -0500
Received: from [192.168.0.3] (potipota.net [88.168.176.51])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by soufre.accelance.net (Postfix) with ESMTP id EF63645049
	for <qemu-devel@nongnu.org>; Sat, 13 Dec 2008 18:37:16 +0100 (CET)
Subject: Re: [Qemu-devel] Re: [linux-user] Fixed Qemu crash using Gdbstub
From: Lionel Landwerlin <lionel.landwerlin@openwide.fr>
In-Reply-To: <4943BD66.60109@web.de>
References: <1229125944.3898.39.camel@cocoduo.atr>
	<1229126410.3898.42.camel@cocoduo.atr> <49438B8B.8050709@web.de>
	<1229171501.3898.53.camel@cocoduo.atr> <4943B1B6.9010707@web.de>
	<1229174473.3898.61.camel@cocoduo.atr>  <4943BD66.60109@web.de>
Content-Type: text/plain; charset=UTF-8
Date: Sat, 13 Dec 2008 18:37:13 +0100
Message-Id: <1229189833.3898.69.camel@cocoduo.atr>
Mime-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

Le samedi 13 d=C3=A9cembre 2008 =C3=A0 14:49 +0100, Jan Kiszka a =C3=A9cr=
it :
> Lionel Landwerlin wrote:
> Subject: [PATCH] Adopt cpu_copy to new breakpoint API
>=20
> Latest changes to the cpu_breakpoint/watchpoint API broke cpu_copy. Thi=
s
> patch fixes it by cloning the breakpoint and watchpoint lists
> appropriately.
>=20
> Thanks to Lionel Landwerlin for pointing out.
>=20
> Signed-off-by: Jan Kiszka <jan.kiszka@web.de>
> ---
>=20
>  exec.c |   24 +++++++++++++++++++++++-
>  1 files changed, 23 insertions(+), 1 deletions(-)
>=20
> diff --git a/exec.c b/exec.c
> index 44f6a42..193a43c 100644
> --- a/exec.c
> +++ b/exec.c
> @@ -1654,12 +1654,34 @@ void cpu_abort(CPUState *env, const char *fmt, =
...)
>  CPUState *cpu_copy(CPUState *env)
>  {
>      CPUState *new_env =3D cpu_init(env->cpu_model_str);
> -    /* preserve chaining and index */
>      CPUState *next_cpu =3D new_env->next_cpu;
>      int cpu_index =3D new_env->cpu_index;
> +#if defined(TARGET_HAS_ICE)
> +    CPUBreakpoint *bp;
> +    CPUWatchpoint *wp;
> +#endif
> +
>      memcpy(new_env, env, sizeof(CPUState));
> +
> +    /* Preserve chaining and index. */
>      new_env->next_cpu =3D next_cpu;
>      new_env->cpu_index =3D cpu_index;
> +
> +    /* Clone all break/watchpoints.
> +       Note: Once we support ptrace with hw-debug register access, mak=
e sure
> +       BP_CPU break/watchpoints are handled correctly on clone. */
> +    TAILQ_INIT(&env->breakpoints);
> +    TAILQ_INIT(&env->watchpoints);
> +#if defined(TARGET_HAS_ICE)
> +    TAILQ_FOREACH(bp, &env->breakpoints, entry) {
> +        cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
> +    }
> +    TAILQ_FOREACH(wp, &env->watchpoints, entry) {
> +        cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
> +                              wp->flags, NULL);
> +    }
> +#endif
> +
>      return new_env;
>  }
> =20
>=20

Jan,

Well the patch seems pretty better as qemu does not crash anymore :)
There might be other problems, because gdbstub doesn't stop where I know
it should. I'm investigating...

You might want to add this patch too, there is something strange with
TAILQ 'first' structure member. It's not updated on deletion of
all/first elements.

Regards,

>>From 78ba0dbf0c9e5d73022fecdbf1869274b8224949 Mon Sep 17 00:00:00 2001
From: Lionel Landwerlin <lionel.landwerlin@openwide.fr>
Date: Sat, 13 Dec 2008 14:05:18 +0100
Subject: [PATCH] Fix suspicious TAILQ management

    TAILQ first pointer is not updated when the last element is
    removed.
---
 sys-queue.h |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/sys-queue.h b/sys-queue.h
index ad5c8fb..37bedde 100644
--- a/sys-queue.h
+++ b/sys-queue.h
@@ -202,7 +202,8 @@ struct {                                             =
\
                     (elm)->field.tqe_prev;                              =
\
         else                                                            =
\
                 (head)->tqh_last =3D (elm)->field.tqe_prev;             =
  \
-        *(elm)->field.tqe_prev =3D (elm)->field.tqe_next;               =
  \
+        if ((head)->tqh_first =3D=3D (elm))                             =
    \
+                (head)->tqh_first =3D (elm)->field.tqe_next;            =
  \
 } while (/*CONSTCOND*/0)
=20
 #define TAILQ_FOREACH(var, head, field)                                 =
\
--=20
1.5.6.5