From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:45339)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <hpoussin@reactos.org>) id 1TUkuE-0006T6-Aa
	for qemu-devel@nongnu.org; Sat, 03 Nov 2012 17:05:27 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <hpoussin@reactos.org>) id 1TUkuC-0000FB-Of
	for qemu-devel@nongnu.org; Sat, 03 Nov 2012 17:05:26 -0400
Received: from smtp1-g21.free.fr ([2a01:e0c:1:1599::10]:43419)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <hpoussin@reactos.org>) id 1TUkuC-0000DO-6p
	for qemu-devel@nongnu.org; Sat, 03 Nov 2012 17:05:24 -0400
Message-ID: <50958704.5050307@reactos.org>
Date: Sat, 03 Nov 2012 22:05:08 +0100
From: =?ISO-8859-1?Q?Herv=E9_Poussineau?= <hpoussin@reactos.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Subject: [Qemu-devel] Windows NT4 regression due to 0b57e287
 ("cpu_physical_memory_write_rom() needs to do TB invalidates")
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: QEMU Developers <qemu-devel@nongnu.org>
Cc: David Gibson <david@gibson.dropbear.id.au>

This commit breaks Windows NT4 boot.
QEMU crashes when NT4 switches from 80x25 to 80x43 resolution.

First bad commit is:

commit 0b57e287138728f72d88b06e69b970c5d745c44a
Author: David Gibson <david@gibson.dropbear.id.au>
Date:   Mon Sep 10 12:30:57 2012 +1000

    cpu_physical_memory_write_rom() needs to do TB invalidates
   =20
    cpu_physical_memory_write_rom(), despite the name, can also be used t=
o
    write images into RAM - and will often be used that way if the machin=
e
    uses load_image_targphys() into RAM addresses.
   =20
    However, cpu_physical_memory_write_rom(), unlike=20
cpu_physical_memory_rw()
    doesn't invalidate any cached TBs which might be affected by the regi=
on
    written.
   =20
    This was breaking reset (under full emu) on the pseries machine - we=20
loaded
    our firmware image into RAM, and while executing it rewrite the code =
at
    the entry point (correctly causing a TB invalidate/refresh).  When we
    reset the firmware image was reloaded, but the TB from the rewrite wa=
s
    still active and caused us to get an illegal instruction trap.
   =20
    This patch fixes the bug by duplicating the tb invalidate code from
    cpu_physical_memory_rw() in cpu_physical_memory_write_rom().
   =20
    Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
    Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>


gdb gives:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb3584b70 (LWP 22345)]
#0  0x80276a36 in helper_stl_mmu (env=3D0x80bf9f48, addr=3D4294836352,=20
val=3D0, mmu_idx=3D-2134925496)
    at softmmu_template.h:254
254        tlb_addr =3D env->tlb_table[mmu_idx][index].add_write
(gdb) bt
#0  0x80276a36 in helper_stl_mmu (env=3D0x80bf9f48, addr=3D4294836352,=20
val=3D0, mmu_idx=3D-2134925496)
    at softmmu_template.h:254
#1  0xb537aa9e in code_gen_buffer ()
#2  0x0005849 in ?? ()
#3  0x80af3ce0 in ?? ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb) p env
$1 =3D (struct CPUX86State *) 0x80bf9f48
(gdb) p index
$2 =3D 224

Command line is
qemu-system-i386 -cpu pentium -hda nt40.qcow2
KVM is not used.

Reverting the commit (and fixing the conflict) lets Windows NT4 work agai=
n.

Regards,

Herv=E9