From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:36325)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <rth7680@gmail.com>) id 1VLxw2-0002gv-D1
	for qemu-devel@nongnu.org; Tue, 17 Sep 2013 12:15:38 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <rth7680@gmail.com>) id 1VLxvt-0007jW-VN
	for qemu-devel@nongnu.org; Tue, 17 Sep 2013 12:15:30 -0400
Received: from mail-ob0-x235.google.com ([2607:f8b0:4003:c01::235]:51673)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <rth7680@gmail.com>) id 1VLxvt-0007jS-Qy
	for qemu-devel@nongnu.org; Tue, 17 Sep 2013 12:15:21 -0400
Received: by mail-ob0-f181.google.com with SMTP id gq1so5537714obb.26
	for <qemu-devel@nongnu.org>; Tue, 17 Sep 2013 09:15:21 -0700 (PDT)
Sender: Richard Henderson <rth7680@gmail.com>
Message-ID: <52388014.2090401@twiddle.net>
Date: Tue, 17 Sep 2013 09:15:16 -0700
From: Richard Henderson <rth@twiddle.net>
MIME-Version: 1.0
References: <CAKJJEPywx6iBdBt0obG2a6VdNKYmXonLsGa940SDmzsZN0cEgQ@mail.gmail.com>
	<CAFEAcA8ngeORqrRXg9wSmLNX_NOMr2AfTh2_bUWL_1Op-RqGuw@mail.gmail.com>
	<CAKJJEPw0Vons4fYpAhHNszxiFVys_9xgkrOjGeP6wBJnKJFjFA@mail.gmail.com>
In-Reply-To: <CAKJJEPw0Vons4fYpAhHNszxiFVys_9xgkrOjGeP6wBJnKJFjFA@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Subject: Re: [Qemu-devel] Single stepping & GDB on ARM
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Emmanuel Blot <eblot.ml@gmail.com>
Cc: Peter Maydell <peter.maydell@linaro.org>, QEMU Developers <qemu-devel@nongnu.org>

On 09/17/2013 03:02 AM, Emmanuel Blot wrote:
> There is a piece of code I'm not sure to understand, in
>    get_page_addr_code(CPUArchState *env1, target_ulong addr)
> 
> …
>     if (unlikely(env1->tlb_table[mmu_idx][page_index].addr_code !=
>                  (addr & TARGET_PAGE_MASK))) {
>         cpu_ldub_code(env1, addr);
>     }
>     pd = env1->iotlb[mmu_idx][page_index] & ~TARGET_PAGE_MASK;
>     mr = iotlb_to_region(pd);
>     if (memory_region_is_unassigned(mr))
> …
> 
> cpu_ldub_code() leads to call io_mem_read() which may trigger a
> unassigned_mem_read().
> In this case, the invalid mem access is always considered as a data
> access, whereas it is an execution access if I'm not mistaken.
> 
> In other words, before
> get_page_addr_code:memory_region_is_unassigned() is tested and
> get_page_addr_code:do_unassigned_access() gets a "chance" to be called
> as an "instruction" invalid access, another unsigned access is
> triggered with a "data" invalid access.
> 
> Did I miss something here?

No miss.  That cpu_ldub_code ought to be just a straight tlb fill,
rather than a read with discarded result.  E.g. the

  tlb_fill(env, addr, READ_ACCESS_TYPE, mmu_idx, retaddr);

line from exec/softmmu_template.h.


r~