From: Peter Maydell <peter.maydell@linaro.org>
To: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: QEMU Developers <qemu-devel@nongnu.org>,
Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [Qemu-devel] QEMU TCG issue when executing UEFI
Date: Thu, 18 Aug 2016 15:10:37 +0100 [thread overview]
Message-ID: <CAFEAcA8nbpEkOPUWD-ibYKgBHSjpmdBdjapRSc8hCmV8FLgLhw@mail.gmail.com> (raw)
In-Reply-To: <CAKv+Gu_jBWbaiYtROT1QnbNKCbHNWVe0DFhWPphCaTTrBbNtUw@mail.gmail.com>
On 16 August 2016 at 13:08, Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote:
> Bad ram pointer 0x54
> Aborted (core dumped)
So the reason this happens is that get_page_addr_code() doesn't
correctly handle the case of the memory region being a
ROM that's not in ROMD mode. That is, the flash memory can
be either in "reads map directly to guest memory" (normal)
mode or "reads are MMIO to a device" (ROMD) mode. QEMU
can't execute from devices, so the best case here would
be that we print the "Sorry, we can't execute from a device"
message and stop execution.
Treating the flash device's "return the current status"
bytes as code probably wasn't what you wanted to do anyway :-)
In more detail: when we call get_page_addr_code() for this
address, we notice that there is no TLB entry for it, and
so we call cpu_ldub_code() which is supposed to fill the TLB.
This ends up calling tlb_set_page_with_attrs(), which for a
not-RAM-not-ROMD MR will set the addend to 0 and then OR
TLB_MMIO into the address field (rather than setting the
addend to the right offset to get between the guest
address and the host RAM address). get_page_addr_code()
unfortunately then uses a different condition when it
distinguishes "is this an IO address we can't handle"
from "is this RAM", which means it takes the path for
"treat the addend as the offset between guest and host",
resulting in a completely bogus host address.
thanks
-- PMM
next prev parent reply other threads:[~2016-08-18 14:11 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-16 12:08 [Qemu-devel] QEMU TCG issue when executing UEFI Ard Biesheuvel
2016-08-18 10:40 ` Peter Maydell
2016-08-18 10:43 ` Ard Biesheuvel
2016-08-18 14:10 ` Peter Maydell [this message]
2016-08-18 14:15 ` Ard Biesheuvel
2016-08-18 14:36 ` Peter Maydell
2016-08-18 16:17 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFEAcA8nbpEkOPUWD-ibYKgBHSjpmdBdjapRSc8hCmV8FLgLhw@mail.gmail.com \
--to=peter.maydell@linaro.org \
--cc=ard.biesheuvel@linaro.org \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).