From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1Njz27-0003jW-6n
	for qemu-devel@nongnu.org; Tue, 23 Feb 2010 12:58:55 -0500
Received: from [199.232.76.173] (port=50362 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1Njz26-0003jN-0z
	for qemu-devel@nongnu.org; Tue, 23 Feb 2010 12:58:54 -0500
Received: from Debian-exim by monty-python.gnu.org with spam-scanned (Exim
	4.60) (envelope-from <paolo.bonzini@gmail.com>) id 1Njz25-0002CJ-34
	for qemu-devel@nongnu.org; Tue, 23 Feb 2010 12:58:53 -0500
Received: from ey-out-1920.google.com ([74.125.78.146]:56810)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <paolo.bonzini@gmail.com>) id 1Njz24-0002C9-PF
	for qemu-devel@nongnu.org; Tue, 23 Feb 2010 12:58:52 -0500
Received: by ey-out-1920.google.com with SMTP id 3so5264eyh.14
	for <qemu-devel@nongnu.org>; Tue, 23 Feb 2010 09:58:51 -0800 (PST)
Sender: Paolo Bonzini <paolo.bonzini@gmail.com>
Message-ID: <4B841757.3070808@redhat.com>
Date: Tue, 23 Feb 2010 18:58:47 +0100
From: Paolo Bonzini <pbonzini@redhat.com>
MIME-Version: 1.0
References: <ee2e06e91002230650l588c7304p61d5b9a312fd4f18@mail.gmail.com>
In-Reply-To: <ee2e06e91002230650l588c7304p61d5b9a312fd4f18@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: [Qemu-devel] Re: gcc 4.4 miscompiling cpu_exec() ?
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Jay Foad <jay.foad@gmail.com>
Cc: qemu-devel@nongnu.org

On 02/23/2010 03:50 PM, Jay Foad wrote:
> I'm building QEMU mipsel-linux-user with Ubuntu's GCC 4.4 on an x86
> host. Whenever I try to run a trivial MIPS executable, QEMU segfaults
> in cpu_loop() shortly after the call to cpu_mips_exec().
>
> The problem seems to be that cpu_exec() doesn't preserve ebp. It tries to:
>
>      saved_env_reg = (host_reg_t) env;
>
> where env is a global variable decorated with asm("ebp"). This saves
> ebp to the stack, but later on, in some function inlined into
> cpu_exec(), the value on the stack gets overwritten with something
> else.

Can you try this patch:

diff --git a/cpu-exec.c b/cpu-exec.c
index 51aa416..bfaf908 100644
--- a/cpu-exec.c
+++ b/cpu-exec.c
@@ -215,7 +215,7 @@ static void cpu_handle_debug_exception(CPUState *env)

  int cpu_exec(CPUState *env1)
  {
-    host_reg_t saved_env_reg;
+    volatile host_reg_t saved_env_reg;
      int ret, interrupt_request;
      TranslationBlock *tb;
      uint8_t *tc_ptr;
@@ -230,8 +230,8 @@ int cpu_exec(CPUState *env1)
         value, so that files not including target-xyz/exec.h are free to
         use it.  */
      QEMU_BUILD_BUG_ON (sizeof (saved_env_reg) != sizeof (env));
-    saved_env_reg = (host_reg_t) env;
      asm("");
+    saved_env_reg = (host_reg_t) env;
      env = env1;

  #if defined(TARGET_I386)

and if it works, possibly only each hunk of it?

Paolo