From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:58850)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <afaerber@suse.de>) id 1RVmwZ-0006JR-1Q
	for qemu-devel@nongnu.org; Wed, 30 Nov 2011 11:23:35 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <afaerber@suse.de>) id 1RVmwX-00076l-Hf
	for qemu-devel@nongnu.org; Wed, 30 Nov 2011 11:23:35 -0500
Received: from cantor2.suse.de ([195.135.220.15]:35415 helo=mx2.suse.de)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <afaerber@suse.de>) id 1RVmwX-00076Y-9q
	for qemu-devel@nongnu.org; Wed, 30 Nov 2011 11:23:33 -0500
Message-ID: <4ED65852.9080005@suse.de>
Date: Wed, 30 Nov 2011 17:22:42 +0100
From: =?UTF-8?B?QW5kcmVhcyBGw6RyYmVy?= <afaerber@suse.de>
MIME-Version: 1.0
References: <1322492805-5530-1-git-send-email-afaerber@suse.de>
	<4ED4D446.3010508@suse.de> <4ED4E56C.9090507@redhat.com>
	<4ED505FE.2090808@suse.de> <4ED50C73.8090507@redhat.com>
In-Reply-To: <4ED50C73.8090507@redhat.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [Qemu-devel] [PATCH] exec.c: Fix subpage memory access to RAM
 MemoryRegion
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Avi Kivity <avi@redhat.com>
Cc: Peter Maydell <peter.maydell@linaro.org>, qemu-devel@nongnu.org

Am 29.11.2011 17:46, schrieb Avi Kivity:
> On 11/29/2011 06:19 PM, Andreas F=C3=A4rber wrote:
>> Am 29.11.2011 15:00, schrieb Avi Kivity:
>>> On 11/29/2011 02:47 PM, Andreas F=C3=A4rber wrote:
>>>>> =20
>>>>>      addr +=3D mmio->region_offset[idx];
>>>>>      idx =3D mmio->sub_io_index[idx];
>>>>> +    if (unlikely(idx =3D=3D IO_MEM_RAM)) {
>>>>> +        ram_addr_t raddr =3D /*mmio->base |*/ addr;
>>>>> +        void *ptr =3D qemu_get_ram_ptr(raddr);
>>>>
>>>> ...and/or this seems to lead to "Bad RAM pointer" (or so) when there=
's
>>>> ELF code loaded into the subpage at that address despite being IO_ME=
M_RAM?
>>>> (Seen, e.g., if for RL78 I increase the page size from 12 to 16.)
>>>>
>>>
>>> addr is relative to the start of the page, instead of the start of th=
e
>>> region.  You can use mmio->region_offset[idx] to compensate.
>>
>> That's exactly what the first line of the snippet above does, no?
>> (sorry, there's still a confusing comment from an earlier attempt)
>>
>=20
> Depends on whether ->region_offset has the right value or not, where's
> the code that adjusts it?  For your case that does f00-fff it should be
> -0xf00 + ram_addr (of the start of the region).

The problem is not with the 0xfff00 region, that one works fine with 12
and 16 bit pages so far.

What I'm seeing is a crash of the very first TB at PC 0x02010, which is
in a 4K RAM region from 0x0 on, with 16 bit pages. Also happens with v2.

It's similar to my original problem of being unable to read the reset
vector, where I couldn't use the regular memory read functions but had
to use rom_ptr(), as Peter pointed out in
target-arm/helper.c:cpu_reset(). Apparently I'll need to add some check
for handling ROM, but on what condition and where? Don't really
understand why loading ELF code into a RAM area creates these weird ROM
areas... Is this a legacy thing, as it's not shown in info mtree?

(qemu) info roms
addr=3D00000000 size=3D0x000002 mem=3Drom name=3D"phdr #0:
/home/andreas/MCU/RL78/test"
addr=3D00000004 size=3D0x00007c mem=3Drom name=3D"phdr #1:
/home/andreas/MCU/RL78/test"
addr=3D000000c0 size=3D0x000004 mem=3Drom name=3D"phdr #2:
/home/andreas/MCU/RL78/test"
addr=3D000000d8 size=3D0x000004 mem=3Drom name=3D"phdr #3:
/home/andreas/MCU/RL78/test"
addr=3D000000dc size=3D0x00026a mem=3Drom name=3D"phdr #4:
/home/andreas/MCU/RL78/test"
addr=3D00002000 size=3D0x0004e4 mem=3Drom name=3D"phdr #5:
/home/andreas/MCU/RL78/test"
(qemu) cont

Bad ram pointer 0x2010

Program received signal SIGABRT, Aborted.
[Switching to Thread 0x7ffff5504700 (LWP 6484)]
0x00007ffff617ad95 in raise () from /lib64/libc.so.6
(gdb) bt
#0  0x00007ffff617ad95 in raise () from /lib64/libc.so.6
#1  0x00007ffff617c2ab in abort () from /lib64/libc.so.6
#2  0x00007ffff7f76928 in qemu_ram_addr_from_host_nofail (ptr=3D0x2010)
    at /home/andreas/QEMU/qemu-rl78/exec.c:3248
#3  qemu_ram_addr_from_host_nofail (ptr=3D0x2010)
    at /home/andreas/QEMU/qemu-rl78/exec.c:3242
#4  0x00007ffff7f7036d in get_page_addr_code (addr=3D8208,
env1=3D0x7ffff8b04010)
    at /home/andreas/QEMU/qemu-rl78/exec-all.h:362
#5  tb_find_slow (pc=3D8208, env=3D0x7ffff8b04010, cs_base=3D<optimized o=
ut>,
    flags=3D<optimized out>) at /home/andreas/QEMU/qemu-rl78/cpu-exec.c:9=
5
#6  tb_find_fast (env=3D0x7ffff8b04010)
    at /home/andreas/QEMU/qemu-rl78/cpu-exec.c:151
#7  cpu_78k0_exec (env=3D0x7ffff8b04010)
    at /home/andreas/QEMU/qemu-rl78/cpu-exec.c:535
#8  0x00007ffff7f7181c in tcg_cpu_exec (env=3D0x7ffff8b04010)
    at /home/andreas/QEMU/qemu-rl78/cpus.c:1007
#9  tcg_exec_all () at /home/andreas/QEMU/qemu-rl78/cpus.c:1039
#10 qemu_tcg_cpu_thread_fn (arg=3D<optimized out>)
    at /home/andreas/QEMU/qemu-rl78/cpus.c:774
#11 0x00007ffff6c8cf05 in start_thread () from /lib64/libpthread.so.0
#12 0x00007ffff621f53d in clone () from /lib64/libc.so.6

Andreas

--=20
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 N=C3=BCrnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imend=C3=B6rffer; HRB 16746 AG N=C3=BC=
rnberg