* [Qemu-devel] [PATCH] target-arm: modifying pc in tcg code for load/store multiple @ 2015-02-19 12:26 ild 2015-02-19 13:10 ` Peter Maydell 0 siblings, 1 reply; 4+ messages in thread From: ild @ 2015-02-19 12:26 UTC (permalink / raw) To: qemu-devel; +Cc: peter.maydell, Ildar Isaev From: Ildar Isaev <ild@inbox.ru> pc wasn't modified in tcg code for load/store multiple, causing translation block to be executed in infinite loop forever Signed-off-by: Ildar Isaev <ild@inbox.ru> --- target-arm/translate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target-arm/translate.c b/target-arm/translate.c index 36868ed..622aa03 100644 --- a/target-arm/translate.c +++ b/target-arm/translate.c @@ -8973,7 +8973,7 @@ static void disas_arm_insn(DisasContext *s, unsigned int insn) tmp = load_cpu_field(spsr); gen_set_cpsr(tmp, CPSR_ERET_MASK); tcg_temp_free_i32(tmp); - s->is_jmp = DISAS_UPDATE; + gen_lookup_tb(s); } } break; -- 1.9.3 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [Qemu-devel] [PATCH] target-arm: modifying pc in tcg code for load/store multiple 2015-02-19 12:26 [Qemu-devel] [PATCH] target-arm: modifying pc in tcg code for load/store multiple ild @ 2015-02-19 13:10 ` Peter Maydell 2015-02-19 16:04 ` Ildar Isaev 0 siblings, 1 reply; 4+ messages in thread From: Peter Maydell @ 2015-02-19 13:10 UTC (permalink / raw) To: ild ild; +Cc: QEMU Developers On 19 February 2015 at 21:26, <ild@inbox.ru> wrote: > From: Ildar Isaev <ild@inbox.ru> > > pc wasn't modified in tcg code for load/store multiple, > causing translation block to be executed in infinite loop forever > > Signed-off-by: Ildar Isaev <ild@inbox.ru> It would be helpful if you gave an example of guest code which we mishandle. Do you have a test case? > --- > target-arm/translate.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/target-arm/translate.c b/target-arm/translate.c > index 36868ed..622aa03 100644 > --- a/target-arm/translate.c > +++ b/target-arm/translate.c > @@ -8973,7 +8973,7 @@ static void disas_arm_insn(DisasContext *s, unsigned int insn) > tmp = load_cpu_field(spsr); > gen_set_cpsr(tmp, CPSR_ERET_MASK); > tcg_temp_free_i32(tmp); > - s->is_jmp = DISAS_UPDATE; > + gen_lookup_tb(s); > } > } > break; This doesn't look right. What if the load-multiple loaded PC? Calling gen_lookup_tb() will overwrite that. -- PMM ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Qemu-devel] [PATCH] target-arm: modifying pc in tcg code for load/store multiple 2015-02-19 13:10 ` Peter Maydell @ 2015-02-19 16:04 ` Ildar Isaev 2015-03-10 19:05 ` Peter Maydell 0 siblings, 1 reply; 4+ messages in thread From: Ildar Isaev @ 2015-02-19 16:04 UTC (permalink / raw) To: Peter Maydell; +Cc: QEMU Developers [-- Attachment #1: Type: text/plain, Size: 1813 bytes --] > On 19 February 2015 at 21:26, <ild@inbox.ru> wrote: > > From: Ildar Isaev <ild@inbox.ru> > > > > pc wasn't modified in tcg code for load/store multiple, > > causing translation block to be executed in infinite loop forever > > > > Signed-off-by: Ildar Isaev <ild@inbox.ru> > > It would be helpful if you gave an example of guest > code which we mishandle. Do you have a test case? > A bit clumsy, but something like that. Qemu never gets to the code past stmda. -bash-4.1$ cat add.s .text mov r0, #5 mov r1, #4 add r2, r1, r0 stmda sp, {r1, r2, r5, sp, lr, pc}^ mov r0, #26 mov r1, #30 -bash-4.1$ arm-linux-gnueabihf-as -o add.o add.s -bash-4.1$ arm-linux-gnueabihf-ld -Ttext=0x80000000 -o add.elf add.o -bash-4.1$ arm-linux-gnueabihf-objcopy -O binary add.elf add.bin -bash-4.1$ dd if=/dev/zero of=test.bin bs=4096 count=4096 -bash-4.1$ dd if=add.bin of=test.bin bs=4096 conv=notrunc -bash-4.1$ qemu-system-arm -M connex -pflash test.bin -nographic -serial /dev/null QEMU 2.2.0 monitor - type 'help' for more information (qemu) info registers R00=00000005 R01=00000004 R02=00000009 R03=00000000 R04=00000000 R05=00000000 R06=00000000 R07=00000000 R08=00000000 R09=00000000 R10=00000000 R11=00000000 R12=00000000 R13=00000000 R14=00000000 R15=00000000 PSR=00000013 ---- A svc32 FPSCR: 00000000 (qemu) cont (qemu) cont (qemu) cont (qemu) cont (qemu) cont (qemu) cont (qemu) cont (qemu) cont (qemu) cont (qemu) cont (qemu) cont (qemu) cont (qemu) cont (qemu) cont (qemu) info registers R00=00000005 R01=00000004 R02=00000009 R03=00000000 R04=00000000 R05=00000000 R06=00000000 R07=00000000 R08=00000000 R09=00000000 R10=00000000 R11=00000000 R12=00000000 R13=00000000 R14=00000000 R15=00000000 PSR=00000013 ---- A svc32 [-- Attachment #2: add.s --] [-- Type: application/octet-stream, Size: 182 bytes --] .text mov r0, #5 mov r1, #4 add r2, r1, r0 stmda sp, {r1, r2, r5, sp, lr, pc}^ mov r0, #26 mov r1, #30 ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Qemu-devel] [PATCH] target-arm: modifying pc in tcg code for load/store multiple 2015-02-19 16:04 ` Ildar Isaev @ 2015-03-10 19:05 ` Peter Maydell 0 siblings, 0 replies; 4+ messages in thread From: Peter Maydell @ 2015-03-10 19:05 UTC (permalink / raw) To: Ildar Isaev; +Cc: QEMU Developers On 19 February 2015 at 16:04, Ildar Isaev <ild@inbox.ru> wrote: > A bit clumsy, but something like that. Qemu never gets to the code past stmda. > > -bash-4.1$ cat add.s > > > .text > mov r0, #5 > mov r1, #4 > add r2, r1, r0 > stmda sp, {r1, r2, r5, sp, lr, pc}^ > mov r0, #26 > mov r1, #30 Oh, I see. You're doing a store-multiple user-registers form with the PC in the register list. That's pretty weird, because in that case the PC stored is the current PC whereas the rest of the register are user-mode ones. QEMU mishandles this because it misidentifies it as being some kind of exception-return instruction (when in fact the exception-return insns are only the LDM-user-regs-with-PC encodings). This is a real bug, but your fix is wrong. I'll send out a patch. -- PMM ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-03-10 19:06 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2015-02-19 12:26 [Qemu-devel] [PATCH] target-arm: modifying pc in tcg code for load/store multiple ild 2015-02-19 13:10 ` Peter Maydell 2015-02-19 16:04 ` Ildar Isaev 2015-03-10 19:05 ` Peter Maydell
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).