From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:50803) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1enjQX-0002SY-4k for qemu-devel@nongnu.org; Mon, 19 Feb 2018 06:16:17 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1enjQV-0004U4-Ap for qemu-devel@nongnu.org; Mon, 19 Feb 2018 06:16:09 -0500 Received: from mail-io0-x22b.google.com ([2607:f8b0:4001:c06::22b]:37329) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1enjQV-0004Ti-4l for qemu-devel@nongnu.org; Mon, 19 Feb 2018 06:16:07 -0500 Received: by mail-io0-x22b.google.com with SMTP id t126so10915183iof.4 for ; Mon, 19 Feb 2018 03:16:06 -0800 (PST) MIME-Version: 1.0 In-Reply-To: <001201d3a957$f85ed610$e91c8230$@ru> References: <20180207120353.5389.54531.stgit@pasha-VirtualBox> <002401d3a010$8d551280$a7ff3780$@ru> <001b01d3a3c5$032e09f0$098a1dd0$@ru> <000c01d3a496$fd2bc470$f7834d50$@ru> <001a01d3a4b1$273f1a90$75bd4fb0$@ru> <002201d3a4b5$2a642b80$7f2c8280$@ru> <000d01d3a590$caa17950$5fe46bf0$@ru> <001201d3a957$f85ed610$e91c8230$@ru> From: Ciro Santilli Date: Mon, 19 Feb 2018 11:15:45 +0000 Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Subject: Re: [Qemu-devel] [RFC PATCH v6 00/20] replay additions List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Pavel Dovgalyuk Cc: Peter Maydell , richard.henderson@linaro.org, cota@braap.org, Pavel Dovgalyuk , QEMU Developers , Kevin Wolf , war2jordan@live.com, Igor R , Juan Quintela , Jason Wang , "Michael S. Tsirkin" , Aleksandr Bezzubikov , maria.klimushenkova@ispras.ru, Gerd Hoffmann , Thomas Dullien , Paolo Bonzini , =?UTF-8?B?QWxleCBCZW5uw6ll?= On Mon, Feb 19, 2018 at 8:02 AM, Pavel Dovgalyuk wrote= : >> From: Pavel Dovgalyuk [mailto:dovgaluk@ispras.ru] >> > From: Peter Maydell [mailto:peter.maydell@linaro.org] >> > On 13 February 2018 at 10:26, Pavel Dovgalyuk wro= te: >> > > Then I added SCSI adapter with the option =E2=80=93device lsi,id=3Ds= csi0 and QEMU >> > > failed with the following error: >> > > >> > > qemu: fatal: IO on conditional branch instruction >> > >> > > Seems, that your kernel is incomatible with QEMU, which ARM emulatio= n is not >> > > good enough. >> > >> > It seems fairly unlikely to me that the Linux driver for this >> > SCSI adaptor is using weirdo self-modifying code of the kind >> > that would trip up that cpu_abort(). I would suggest a bit >> > more investigation into what's actually happening... >> >> Peter, I bisected this bug and figured out the following. >> >> icount in ARM was broken by the following commit: 9b990ee5a3cc6aa38f8126= 6fb0c6ef37a36c45b9 >> tcg: Add CPUState cflags_next_tb >> This commit breaks execution of Ciro's kernel with enabled icount. >> I haven't yet figured out why this happens. > > The problem is in the following code. > As far, as I can understand, original version recompiles the TB and > continues the execution as it goes. > > But the modified version sets cflags for the next compilation. > And these are the flags for the old TB which should replace the original = one. > TCG tries to use cflags for the new TB (which starts after the interrupte= d one) > and fails, because these flags are inappropriate. > That is why icount execution fails. > > New version also does not include recompilation of the old block, which i= s wrong too. > Awesome! Can you push it to a branch, and give the full qemu command line so I can test it? > > @@ -1773,9 +1765,7 @@ void cpu_io_recompile(CPUState *cpu, uintptr_t reta= ddr) > CPUArchState *env =3D cpu->env_ptr; > #endif > TranslationBlock *tb; > - uint32_t n, cflags; > - target_ulong pc, cs_base; > - uint32_t flags; > + uint32_t n; > > tb_lock(); > tb =3D tb_find_pc(retaddr); > @@ -1813,12 +1803,9 @@ void cpu_io_recompile(CPUState *cpu, uintptr_t ret= addr) > cpu_abort(cpu, "TB too big during recompile"); > } > > - cflags =3D n | CF_LAST_IO; > - cflags |=3D curr_cflags(); > - pc =3D tb->pc; > - cs_base =3D tb->cs_base; > - flags =3D tb->flags; > - tb_phys_invalidate(tb, -1); > + /* Adjust the execution state of the next TB. */ > + cpu->cflags_next_tb =3D curr_cflags() | CF_LAST_IO | n; > + > if (tb->cflags & CF_NOCACHE) { > if (tb->orig_tb) { > /* Invalidate original TB if this TB was generated in > @@ -1827,9 +1814,6 @@ void cpu_io_recompile(CPUState *cpu, uintptr_t reta= ddr) > } > tb_free(tb); > } > - /* FIXME: In theory this could raise an exception. In practice > - we have already translated the block once so it's probably ok. *= / > - tb_gen_code(cpu, pc, cs_base, flags, cflags); > > /* TODO: If env->pc !=3D tb->pc (i.e. the faulting instruction was n= ot > * the first in the TB) then we end up generating a whole new TB and > > > > Pavel Dovgalyuk >