From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:45243) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b2Jdp-00020N-RB for qemu-devel@nongnu.org; Mon, 16 May 2016 10:37:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1b2Jdj-0002k0-Of for qemu-devel@nongnu.org; Mon, 16 May 2016 10:37:04 -0400 Received: from mail-lf0-x243.google.com ([2a00:1450:4010:c07::243]:33803) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b2Jdj-0002jm-D1 for qemu-devel@nongnu.org; Mon, 16 May 2016 10:36:59 -0400 Received: by mail-lf0-x243.google.com with SMTP id m101so14789824lfi.1 for ; Mon, 16 May 2016 07:36:59 -0700 (PDT) References: <20160515185824.GA24189@octofox.metropolis> <5738D046.6000509@gmail.com> <20160515195356.GB24189@octofox.metropolis> <5738D47F.1010808@gmail.com> <5738E1F3.3050103@gmail.com> From: Sergey Fedorov Message-ID: <5739DB08.1080203@gmail.com> Date: Mon, 16 May 2016 17:36:56 +0300 MIME-Version: 1.0 In-Reply-To: <5738E1F3.3050103@gmail.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] "tcg: Clean up direct block chaining safety checks" breaks target-xtensa mmu test List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Max Filippov Cc: Richard Henderson , =?UTF-8?Q?Alex_Benn=c3=a9e?= , qemu-devel On 15/05/16 23:54, Sergey Fedorov wrote: > On 15/05/16 22:56, Sergey Fedorov wrote: >> On 15/05/16 22:53, Max Filippov wrote: >>> On Sun, May 15, 2016 at 10:38:46PM +0300, Sergey Fedorov wrote: >>>> On 15/05/16 21:58, Max Filippov wrote: >>>>> I've noticed that the commit 5b053a4a28278 (tcg: Clean up direct block >>>>> chaining safety checks) has broken tearget-xtensa test cross_page_tb >>>>> from the tests/tcg/xtensa/test_mmu.S. The test runs a TB that spans two >>>>> adjacent pages, then unmaps the second page and runs it again. It >>>>> expects an instruction fetch exception on the second run, but with the >>>>> said commit doesn't get it. Reverting that commit fixes the test. >>>>> Any suggestions? >>>> That's too strange. How do I run the test? >>> I've minimized the test case, the source and the binary are available >>> here: >>> http://jcmvbkbc.spb.ru/~jcmvbkbc/tmp/201605152245/ >>> >>> You can run it as >>> qemu-system-xtensa -M sim -cpu dc232b -nographic -semihosting -kernel ./test_mmu.tst >>> >> Thank you for this. I'll try it tomorrow and figure out what's going wrong. > > I couldn't sleep without first trying the test :) Now I really > understand why things went wrong. I mixed up 'next_tb' and 'tb' in > this piece of code: > > /* see if we can patch the calling TB. When the TB > spans two pages, we cannot safely do a direct > jump. */ > if (next_tb != 0 && tb->page_addr[1] == -1 > && !qemu_loglevel_mask(CPU_LOG_TB_NOCHAIN)) { > tb_add_jump((TranslationBlock *)(next_tb & ~TB_EXIT_MASK), > next_tb & TB_EXIT_MASK, tb); > } > > So I removed 'tb->page_addr[1] == -1' check thinking it's for the last > executed TB. But actually, it checks the next TB despite there's also > the variable called 'next_tb'. Indeed, we cannot safely direct jump > *to* the TB spanning pages in system emulation because we don't take > care of direct jumps when address mapping changes. However we can do > this in user emulation because there's only static address translation > and TBs get always invalidated properly. > > I'll prepare a patch and fix this tomorrow then. http://lists.nongnu.org/archive/html/qemu-devel/2016-05/msg02506.html Thanks, Sergey