From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1LBrnI-0007Ud-OM for qemu-devel@nongnu.org; Sun, 14 Dec 2008 09:18:04 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1LBrnG-0007Rm-2a for qemu-devel@nongnu.org; Sun, 14 Dec 2008 09:18:03 -0500 Received: from [199.232.76.173] (port=57858 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LBrnF-0007RU-Rv for qemu-devel@nongnu.org; Sun, 14 Dec 2008 09:18:01 -0500 Received: from fmmailgate01.web.de ([217.72.192.221]:45982) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1LBrnF-0002B0-9l for qemu-devel@nongnu.org; Sun, 14 Dec 2008 09:18:01 -0500 Received: from smtp08.web.de (fmsmtp08.dlan.cinetic.de [172.20.5.216]) by fmmailgate01.web.de (Postfix) with ESMTP id D2B41FA8D7F2 for ; Sun, 14 Dec 2008 15:17:50 +0100 (CET) Received: from [88.64.1.83] (helo=[192.168.1.197]) by smtp08.web.de with asmtp (TLSv1:AES256-SHA:256) (WEB.DE 4.109 #226) id 1LBrn3-00021N-00 for qemu-devel@nongnu.org; Sun, 14 Dec 2008 15:17:50 +0100 Message-ID: <49451588.2070708@web.de> Date: Sun, 14 Dec 2008 15:17:44 +0100 From: Jan Kiszka MIME-Version: 1.0 References: <1229125944.3898.39.camel@cocoduo.atr> <1229126410.3898.42.camel@cocoduo.atr> <49438B8B.8050709@web.de> <1229171501.3898.53.camel@cocoduo.atr> <4943B1B6.9010707@web.de> <1229174473.3898.61.camel@cocoduo.atr> <4943BD66.60109@web.de> <1229189833.3898.69.camel@cocoduo.atr> In-Reply-To: <1229189833.3898.69.camel@cocoduo.atr> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig5A65829F5E9294E26B26E021" Sender: jan.kiszka@web.de Subject: [Qemu-devel] Re: [linux-user] Fixed Qemu crash using Gdbstub Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig5A65829F5E9294E26B26E021 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Lionel Landwerlin wrote: > Le samedi 13 d=C3=A9cembre 2008 =C3=A0 14:49 +0100, Jan Kiszka a =C3=A9= crit : >> Lionel Landwerlin wrote: >> Subject: [PATCH] Adopt cpu_copy to new breakpoint API >> >> Latest changes to the cpu_breakpoint/watchpoint API broke cpu_copy. Th= is >> patch fixes it by cloning the breakpoint and watchpoint lists >> appropriately. >> >> Thanks to Lionel Landwerlin for pointing out. >> >> Signed-off-by: Jan Kiszka >> --- >> >> exec.c | 24 +++++++++++++++++++++++- >> 1 files changed, 23 insertions(+), 1 deletions(-) >> >> diff --git a/exec.c b/exec.c >> index 44f6a42..193a43c 100644 >> --- a/exec.c >> +++ b/exec.c >> @@ -1654,12 +1654,34 @@ void cpu_abort(CPUState *env, const char *fmt,= ...) >> CPUState *cpu_copy(CPUState *env) >> { >> CPUState *new_env =3D cpu_init(env->cpu_model_str); >> - /* preserve chaining and index */ >> CPUState *next_cpu =3D new_env->next_cpu; >> int cpu_index =3D new_env->cpu_index; >> +#if defined(TARGET_HAS_ICE) >> + CPUBreakpoint *bp; >> + CPUWatchpoint *wp; >> +#endif >> + >> memcpy(new_env, env, sizeof(CPUState)); >> + >> + /* Preserve chaining and index. */ >> new_env->next_cpu =3D next_cpu; >> new_env->cpu_index =3D cpu_index; >> + >> + /* Clone all break/watchpoints. >> + Note: Once we support ptrace with hw-debug register access, ma= ke sure >> + BP_CPU break/watchpoints are handled correctly on clone. */ >> + TAILQ_INIT(&env->breakpoints); >> + TAILQ_INIT(&env->watchpoints); >> +#if defined(TARGET_HAS_ICE) >> + TAILQ_FOREACH(bp, &env->breakpoints, entry) { >> + cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL); >> + } >> + TAILQ_FOREACH(wp, &env->watchpoints, entry) { >> + cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1= , >> + wp->flags, NULL); >> + } >> +#endif >> + >> return new_env; >> } >> =20 >> >=20 > Jan, >=20 > Well the patch seems pretty better as qemu does not crash anymore :) > There might be other problems, because gdbstub doesn't stop where I kno= w > it should. I'm investigating... OK. If you have a testcase, I would also look into this next week. >=20 > You might want to add this patch too, there is something strange with > TAILQ 'first' structure member. It's not updated on deletion of > all/first elements. >=20 > Regards, >=20 >>>From 78ba0dbf0c9e5d73022fecdbf1869274b8224949 Mon Sep 17 00:00:00 2001 > From: Lionel Landwerlin > Date: Sat, 13 Dec 2008 14:05:18 +0100 > Subject: [PATCH] Fix suspicious TAILQ management >=20 > TAILQ first pointer is not updated when the last element is > removed. > --- > sys-queue.h | 3 ++- > 1 files changed, 2 insertions(+), 1 deletions(-) >=20 > diff --git a/sys-queue.h b/sys-queue.h > index ad5c8fb..37bedde 100644 > --- a/sys-queue.h > +++ b/sys-queue.h > @@ -202,7 +202,8 @@ struct { = \ > (elm)->field.tqe_prev; = \ > else = \ > (head)->tqh_last =3D (elm)->field.tqe_prev; = \ > - *(elm)->field.tqe_prev =3D (elm)->field.tqe_next; = \ > + if ((head)->tqh_first =3D=3D (elm)) = \ > + (head)->tqh_first =3D (elm)->field.tqe_next; = \ That's fishy. The elm's prev field should point to the head, thus the head should be updated to elm's next (ie. NULL). Could you dig deeper what the state of all involved structures are and maybe track down when they become inconsistent? Alternatively, please provide a testcase. Thanks, Jan --------------enig5A65829F5E9294E26B26E021 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAklFFY0ACgkQniDOoMHTA+m9lwCfeInOy5ylo1gUhIUrB9MWVzmA 5dkAn1Jr297H3RE8qqjsl6yQSOW3dTQQ =bZHr -----END PGP SIGNATURE----- --------------enig5A65829F5E9294E26B26E021--