[Qemu-devel] target_mmap and host vs target page sizes.

[Qemu-devel] target_mmap and host vs target page sizes.

[Edgar E. Iglesias]

Hello,

I have cleaned up the mmap patch that corrects the alignment for un-fixed mappings when the target page-size is larger than the hosts.

The error was found and the patch tested with the CRIS target port (not yet contributed) on a x86 host running GCC's c-torture tests for CRIS. Without the patch, randomly every other test case fails to load.

I tried the sparc64-linux-user target but it fails to run any of my programs both with and without the change. Similarly, the m68k-linux-user target also fails but it at least manages to load and start executing before hitting an illegal insn. For the m68k I could verify that it also randomly fails to load programs. With the patch, it always manages to load the elf files at least. Additionally I tested the mips target after changing the page size to 8K, it also randomly fails to load programs but works fine with the patch (thanks for suggesting this test Thiemo).

If you see any issues with the change or if you feel I need to test something else, I'll be happy to fix or do that. Otherwise, I'd appreciate it if this went in.

Thanks
-- 
Edgar E. Iglesias
Axis Communications AB

Index: mmap.c
===================================================================
RCS file: /sources/qemu/qemu/linux-user/mmap.c,v
retrieving revision 1.15
diff -u -p -r1.15 mmap.c
--- mmap.c	27 Sep 2007 04:10:43 -0000	1.15
+++ mmap.c	30 Sep 2007 01:06:46 -0000
@@ -209,30 +209,45 @@ long target_mmap(target_ulong start, tar
             last_start += HOST_PAGE_ALIGN(len);
         }
 #endif
-        if (0 && qemu_host_page_size != qemu_real_host_page_size) {
-            /* NOTE: this code is only for debugging with '-p' option */
-            /* ??? Can also occur when TARGET_PAGE_SIZE > host page size.  */
-            /* reserve a memory area */
-            /* ??? This needs fixing for remapping.  */
-abort();
-            host_len = HOST_PAGE_ALIGN(len) + qemu_host_page_size - TARGET_PAGE_SIZE;
-            real_start = (long)mmap(g2h(real_start), host_len, PROT_NONE,
-                                    MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
-            if (real_start == -1)
-                return real_start;
-            real_end = real_start + host_len;
-            start = HOST_PAGE_ALIGN(real_start);
-            end = start + HOST_PAGE_ALIGN(len);
-            if (start > real_start)
-                munmap((void *)g2h(real_start), start - real_start);
-            if (end < real_end)
-                munmap((void *)g2h(end), real_end - end);
-            /* use it as a fixed mapping */
-            flags |= MAP_FIXED;
+        host_offset = offset & qemu_host_page_mask;
+        host_len = len + offset - host_offset;
+
+        if (qemu_host_page_size > qemu_real_host_page_size) {
+	    /*
+	     * The guest expects to see mmapped areas aligned to it's pagesize.
+	     * If the hosts real page size is smaller than the guests, we need 
+	     * to fixup the maps. It is done by allocating a larger area, 
+	     * displacing the map (if needed) and finally choping off the spare
+	     * room at the edges.
+	     */
+
+	    /* 
+	     * We assume qemu_host_page_size is always the same as 
+	     * TARGET_PAGE_SIZE, see exec.c. qemu_real_host_page_size is the
+	     * hosts real page size. 
+	     */
+            target_ulong host_end;
+
+            host_len = HOST_PAGE_ALIGN(host_len + qemu_host_page_size
+                                       - qemu_real_host_page_size); 
+            host_start = (long)mmap(real_start ? g2h(real_start) : NULL,
+                                    host_len, prot, flags, fd, host_offset);
+            if (host_start == -1)
+                return host_start;
+            host_end = host_start + host_len;
+
+            /* Find start and end, aligned to the targets pagesize with-in the
+               large mmaped area.  */
+            start = TARGET_PAGE_ALIGN(host_start);
+            end = start + TARGET_PAGE_ALIGN(len);
+            /* Chop off the leftovers, if any.  */
+            if (start > host_start)
+                munmap((void *)g2h(host_start), start - host_start);
+            if (end < host_end)
+                munmap((void *)g2h(end), host_end - end);
+	    goto the_end1;
         } else {
             /* if not fixed, no need to do anything */
-            host_offset = offset & qemu_host_page_mask;
-            host_len = len + offset - host_offset;
             host_start = (long)mmap(real_start ? g2h(real_start) : NULL,
                                     host_len, prot, flags, fd, host_offset);
             if (host_start == -1)

Re: [Qemu-devel] target_mmap and host vs target page sizes.

[Blue Swirl]

On 9/30/07, Edgar E. Iglesias <edgar.iglesias@axis.com> wrote:
> I tried the sparc64-linux-user target but it fails to run any of my programs both with and without the change. Similarly, the m68k-linux-user target also fails but it at least manages to

Are you sure the program was really a 64-bit Sparc64 program? The real
programs are identified by file command like this:
helloworld.sparc64: ELF 64-bit MSB executable, SPARC V9, version 1
(SYSV), statically linked, not stripped

32-bit programs with either V8 or V9 (V8PLUS) instructions are not
supported by sparc64-linux-user currently.

Re: [Qemu-devel] target_mmap and host vs target page sizes.

[Edgar E. Iglesias]

On Sun, Sep 30, 2007 at 10:27:45AM +0300, Blue Swirl wrote:
> On 9/30/07, Edgar E. Iglesias <edgar.iglesias@axis.com> wrote:
> > I tried the sparc64-linux-user target but it fails to run any of my programs both with and without the change. Similarly, the m68k-linux-user target also fails but it at least manages to
> 
> Are you sure the program was really a 64-bit Sparc64 program? The real
> programs are identified by file command like this:
> helloworld.sparc64: ELF 64-bit MSB executable, SPARC V9, version 1
> (SYSV), statically linked, not stripped
> 
> 32-bit programs with either V8 or V9 (V8PLUS) instructions are not
> supported by sparc64-linux-user currently.

Hi,

Thanks for pointing that out. I double checked my programs and yes, they seem to be 64bit ones. I assumed they were because my toolchain was a sparc64-unknown-linux-gnu, but I hadn't verified the generated elf files.

% make
sparc64-unknown-linux-gnu-gcc -Wall -W -g -O2   -c -o ctest.o ctest.c
sparc64-unknown-linux-gnu-gcc -static  ctest.o   -o ctest
% file ctest
ctest: ELF 64-bit MSB executable, SPARC V9, version 1 (SYSV), for GNU/Linux 2.4.1, statically linked, not stripped
% ~/src/c/qemu/sparc/sparc64-linux-user/qemu-sparc64 ./ctest
Segmentation fault

I'll retry with a fresh CVS build.

Best regards
-- 
Edgar E. Iglesias
Axis Communications AB

Re: [Qemu-devel] target_mmap and host vs target page sizes.

[Edgar E. Iglesias]

On Sun, Sep 30, 2007 at 11:53:20AM +0200, Edgar E. Iglesias wrote:
 % make
> sparc64-unknown-linux-gnu-gcc -Wall -W -g -O2   -c -o ctest.o ctest.c
> sparc64-unknown-linux-gnu-gcc -static  ctest.o   -o ctest
> % file ctest
> ctest: ELF 64-bit MSB executable, SPARC V9, version 1 (SYSV), for GNU/Linux 2.4.1, statically linked, not stripped
> % ~/src/c/qemu/sparc/sparc64-linux-user/qemu-sparc64 ./ctest
> Segmentation fault
> 
> I'll retry with a fresh CVS build.

With a fresh CVS build I managed to emulate some sparc64 programs. It was very unreliable though, but the failures are different from the ones I saw with the CRIS and MIPS 8K page targets. qemu CRIS and MIPS would gracefully exit after failing to load the ELF interpreter whereas Sparc64 randomly segfaults.

I reworked target_mmap a bit more, among other things cleaning up some of the issues I mentioned to J. Mayer regarding long vs target_long inconsistencies. target_mmap now returns a target_long. There is still more work to be done here though, this is just a first step.

With this updated patch, I can now reliably run statically linked sparc64 programs on my 32 bit host. Dynamically linked sparc64 programs reliably fail with an unhandled trap 0x37. qemu m68k reliably segfaults with and without the patch. Again, I tested CRIS and MIPS 8K and they both reliably manage to load and run my programs. I also ran some arm (4K pages) programs, which worked fine.

I should mention that the sparc64 user emulator does not build correctly from CVS, linux/sparc64/target_signal.h lacks get_sp_from_cpu_state. I simply put a stub there with an abort() which didn't hit me.

Comments appreciated!

Best regards
-- 
Edgar E. Iglesias
Axis Communications AB

Index: mmap.c
===================================================================
RCS file: /sources/qemu/qemu/linux-user/mmap.c,v
retrieving revision 1.15
diff -u -p -b -u -p -r1.15 mmap.c
--- mmap.c	27 Sep 2007 04:10:43 -0000	1.15
+++ mmap.c	30 Sep 2007 11:14:37 -0000
@@ -36,7 +36,8 @@ int target_mprotect(target_ulong start, 
     int prot1, ret;
 
 #ifdef DEBUG_MMAP
-    printf("mprotect: start=0x%lx len=0x%lx prot=%c%c%c\n", start, len,
+    printf("mprotect: start=0x" TARGET_FMT_lx 
+	   "len=0x" TARGET_FMT_lx " prot=%c%c%c\n", start, len,
            prot & PROT_READ ? 'r' : '-',
            prot & PROT_WRITE ? 'w' : '-',
            prot & PROT_EXEC ? 'x' : '-');
@@ -151,11 +152,11 @@ static int mmap_frag(target_ulong real_s
 }
 
 /* NOTE: all the constants are the HOST ones */
-long target_mmap(target_ulong start, target_ulong len, int prot,
+target_long target_mmap(target_ulong start, target_ulong len, int prot,
                  int flags, int fd, target_ulong offset)
 {
     target_ulong ret, end, real_start, real_end, retaddr, host_offset, host_len;
-    long host_start;
+    unsigned long host_start;
 #if defined(__alpha__) || defined(__sparc__) || defined(__x86_64__) || \
         defined(__ia64) || defined(__mips__)
     static target_ulong last_start = 0x40000000;
@@ -166,7 +167,8 @@ long target_mmap(target_ulong start, tar
 
 #ifdef DEBUG_MMAP
     {
-        printf("mmap: start=0x%lx len=0x%lx prot=%c%c%c flags=",
+        printf("mmap: start=0x" TARGET_FMT_lx 
+	       " len=0x" TARGET_FMT_lx " prot=%c%c%c flags=",
                start, len,
                prot & PROT_READ ? 'r' : '-',
                prot & PROT_WRITE ? 'w' : '-',
@@ -186,7 +188,7 @@ long target_mmap(target_ulong start, tar
             printf("[MAP_TYPE=0x%x] ", flags & MAP_TYPE);
             break;
         }
-        printf("fd=%d offset=%lx\n", fd, offset);
+        printf("fd=%d offset=" TARGET_FMT_lx "\n", fd, offset);
     }
 #endif
 
@@ -209,34 +211,59 @@ long target_mmap(target_ulong start, tar
             last_start += HOST_PAGE_ALIGN(len);
         }
 #endif
-        if (0 && qemu_host_page_size != qemu_real_host_page_size) {
-            /* NOTE: this code is only for debugging with '-p' option */
-            /* ??? Can also occur when TARGET_PAGE_SIZE > host page size.  */
-            /* reserve a memory area */
-            /* ??? This needs fixing for remapping.  */
-abort();
-            host_len = HOST_PAGE_ALIGN(len) + qemu_host_page_size - TARGET_PAGE_SIZE;
-            real_start = (long)mmap(g2h(real_start), host_len, PROT_NONE,
-                                    MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
-            if (real_start == -1)
-                return real_start;
-            real_end = real_start + host_len;
-            start = HOST_PAGE_ALIGN(real_start);
-            end = start + HOST_PAGE_ALIGN(len);
-            if (start > real_start)
-                munmap((void *)g2h(real_start), start - real_start);
-            if (end < real_end)
-                munmap((void *)g2h(end), real_end - end);
-            /* use it as a fixed mapping */
-            flags |= MAP_FIXED;
-        } else {
-            /* if not fixed, no need to do anything */
             host_offset = offset & qemu_host_page_mask;
             host_len = len + offset - host_offset;
+
+        if (qemu_host_page_size > qemu_real_host_page_size) {
+            /*
+             * The guest expects to see mmapped areas aligned to it's pagesize.
+             * If the hosts real page size is smaller than the guests, we need 
+             * to fixup the maps. It is done by allocating a larger area, 
+             * displacing the map (if needed) and finally choping off the spare
+             * room at the edges.
+             */
+
+            /* 
+             * We assume qemu_host_page_size is always the same as 
+             * TARGET_PAGE_SIZE, see exec.c. qemu_real_host_page_size is the
+             * hosts real page size. 
+             */
+            target_ulong host_end;
+            unsigned long host_aligned_start;
+
+            host_len = HOST_PAGE_ALIGN(host_len + qemu_host_page_size
+                                       - qemu_real_host_page_size); 
+            host_start = (unsigned long) mmap(real_start ? 
+					      g2h(real_start) : NULL,
+					      host_len, prot, flags, 
+					      fd, host_offset);
+            if (host_start == -1)
+                return -1;
+     
+            host_end = host_start + host_len;
+
+            /* Find start and end, aligned to the targets pagesize with-in the
+               large mmaped area.  */
+            host_aligned_start = TARGET_PAGE_ALIGN(host_start);
+            if (!(flags & MAP_ANONYMOUS))
+                host_aligned_start += offset - host_offset;
+
+            start = h2g(host_aligned_start);
+            end = start + TARGET_PAGE_ALIGN(len);
+
+            /* Chop off the leftovers, if any.  */
+            if (host_aligned_start > host_start)
+                munmap((void *)host_start, host_aligned_start - host_start);
+            if (end < host_end)
+                munmap((void *)g2h(end), host_end - end);
+
+            goto the_end1;
+        } else {
+            /* if not fixed, no need to do anything */
             host_start = (long)mmap(real_start ? g2h(real_start) : NULL,
                                     host_len, prot, flags, fd, host_offset);
             if (host_start == -1)
-                return host_start;
+                return -1;
             /* update start so that it points to the file position at 'offset' */
             if (!(flags & MAP_ANONYMOUS))
                 host_start += offset - host_offset;
@@ -267,7 +294,7 @@ abort();
                               MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS,
                               -1, 0);
         if (retaddr == -1)
-            return retaddr;
+            return -1;
         pread(fd, g2h(start), len, offset);
         if (!(prot & PROT_WRITE)) {
             ret = target_mprotect(start, len, prot);
@@ -300,7 +327,7 @@ abort();
                         prot, flags, fd,
                         offset + real_end - qemu_host_page_size - start);
         if (ret == -1)
-            return ret;
+            return -1;
         real_end -= qemu_host_page_size;
     }
 
@@ -314,13 +341,13 @@ abort();
         ret = (long)mmap(g2h(real_start), real_end - real_start,
                          prot, flags, fd, offset1);
         if (ret == -1)
-            return ret;
+            return -1;
     }
  the_end1:
     page_set_flags(start, start + len, prot | PAGE_VALID);
  the_end:
 #ifdef DEBUG_MMAP
-    printf("ret=0x%lx\n", (long)start);
+    printf("ret=0x%llx\n", start);
     page_dump(stdout);
     printf("\n");
 #endif
@@ -381,17 +408,18 @@ int target_munmap(target_ulong start, ta
 
 /* XXX: currently, we only handle MAP_ANONYMOUS and not MAP_FIXED
    blocks which have been allocated starting on a host page */
-long target_mremap(target_ulong old_addr, target_ulong old_size,
+target_long target_mremap(target_ulong old_addr, target_ulong old_size,
                    target_ulong new_size, unsigned long flags,
                    target_ulong new_addr)
 {
     int prot;
+    unsigned long host_addr;
 
     /* XXX: use 5 args syscall */
-    new_addr = (long)mremap(g2h(old_addr), old_size, new_size, flags);
-    if (new_addr == -1)
-        return new_addr;
-    new_addr = h2g(new_addr);
+    host_addr = (long)mremap(g2h(old_addr), old_size, new_size, flags);
+    if (host_addr == -1)
+        return -1;
+    new_addr = h2g(host_addr);
     prot = page_get_flags(old_addr);
     page_set_flags(old_addr, old_addr + old_size, 0);
     page_set_flags(new_addr, new_addr + new_size, prot | PAGE_VALID);
Index: qemu.h
===================================================================
RCS file: /sources/qemu/qemu/linux-user/qemu.h,v
retrieving revision 1.36
diff -u -p -b -u -p -r1.36 qemu.h
--- qemu.h	27 Sep 2007 13:57:54 -0000	1.36
+++ qemu.h	30 Sep 2007 11:14:37 -0000
@@ -164,10 +164,10 @@ int do_vm86(CPUX86State *env, long subfu
 
 /* mmap.c */
 int target_mprotect(target_ulong start, target_ulong len, int prot);
-long target_mmap(target_ulong start, target_ulong len, int prot,
+target_long target_mmap(target_ulong start, target_ulong len, int prot,
                  int flags, int fd, target_ulong offset);
 int target_munmap(target_ulong start, target_ulong len);
-long target_mremap(target_ulong old_addr, target_ulong old_size,
+target_long target_mremap(target_ulong old_addr, target_ulong old_size,
                    target_ulong new_size, unsigned long flags,
                    target_ulong new_addr);
 int target_msync(target_ulong start, target_ulong len, int flags);

Re: [Qemu-devel] target_mmap and host vs target page sizes.

[Blue Swirl]

On 9/30/07, Edgar E. Iglesias <edgar.iglesias@axis.com> wrote:
> With this updated patch, I can now reliably run statically linked sparc64 programs on my 32 bit host. Dynamically linked sparc64 programs reliably fail with an unhandled trap 0x37. qemu m68k reliably segfaults with and without the patch. Again, I tested CRIS and MIPS 8K and they both reliably manage to load and run my programs. I also ran some arm (4K pages) programs, which worked fine.

0x37 is TT_PRIV_ACT, taken when privileged instructions are executed
in unprivileged mode. Could you try running this program again with -d
in_asm,op and see what is the faulting instruction and the generated
ops? Maybe some instruction has too strict checks.

Re: [Qemu-devel] target_mmap and host vs target page sizes.

[Edgar E. Iglesias]

On Sun, Sep 30, 2007 at 06:45:08PM +0300, Blue Swirl wrote:
> On 9/30/07, Edgar E. Iglesias <edgar.iglesias@axis.com> wrote:
> > With this updated patch, I can now reliably run statically linked sparc64 programs on my 32 bit host. Dynamically linked sparc64 programs reliably fail with an unhandled trap 0x37. qemu m68k reliably segfaults with and without the patch. Again, I tested CRIS and MIPS 8K and they both reliably manage to load and run my programs. I also ran some arm (4K pages) programs, which worked fine.
> 
> 0x37 is TT_PRIV_ACT, taken when privileged instructions are executed
> in unprivileged mode. Could you try running this program again with -d
> in_asm,op and see what is the faulting instruction and the generated
> ops? Maybe some instruction has too strict checks.

Sure. I pasted info from the error and fron the last TB.

Best regards
-- 
Edgar E. Iglesias
Axis Communications AB


% ./sparc64-linux-user/qemu-sparc64 -L /usr/sparc64-unknown-linux-gnu/ -d in_asm,op ~/ctest.sparc64.shared 
Unhandled trap: 0x37
pc: 00000000b5c51734  npc: 00000000b5c51738
General Registers:
%g0: 0000000000000000   %g1: 00000000b7cbcbc8   %g2: 0000000000000001   %g3: 0000000000000060
%g4: 00000000b5d584c8   %g5: 0000000000000000   %g6: 00000000000001c0   %g7: 0000000000000000
Current Register Window:
%o0: 00000000b5d58500   %o1: 00000000b7cbca00   %o2: 0000000000000010   %o3: 0000000000000000
%o4: 0000000000000000   %o5: 0000000000000000   %o6: 00000000b7cbbfb1   %o7: 00000000b5c3fca4
%l0: 00000000b5d58120   %l1: 0000000000000000   %l2: 0000000000000000   %l3: 0000000000000c00
%l4: 0000000000000000   %l5: 0000000000000000   %l6: 0000000000000000   %l7: 00000000b5d57310
%i0: 00000000b7cbce70   %i1: 00000000b7cbc990   %i2: 00000000b5c3c298   %i3: 00000000b5c3c000
%i4: 0000000000000000   %i5: 0000000000000000   %i6: 00000000b7cbc081   %i7: 00000000b5c404cc

Floating Point Registers:
%f00: 000000000.000000 000000000.000000 000000000.000000 000000000.000000
%f04: 000000000.000000 000000000.000000 000000000.000000 000000000.000000
%f08: 000000000.000000 000000000.000000 000000000.000000 000000000.000000
%f12: 000000000.000000 000000000.000000 000000000.000000 000000000.000000
%f16: 000000000.000000 000000000.000000 000000000.000000 000000000.000000
%f20: 000000000.000000 000000000.000000 000000000.000000 000000000.000000
%f24: 000000000.000000 000000000.000000 000000000.000000 000000000.000000
%f28: 000000000.000000 000000000.000000 000000000.000000 000000000.000000
pstate: 0x00000092 ccr: 0x00 asi: 0x00 tl: 0 fprs: 0
cansave: 4 canrestore: 2 otherwin: 0 wstate 0 cleanwin 6 cwp 1
fsr: 0x00000000


start    end      size     prot
00100000-00102000 00002000 r-x
00200000-00202000 00002000 rwx
b5c3c000-b5c58000 0001c000 r-x
b5c58000-b5d56000 000fe000 ---
b5d56000-b5d5a000 00004000 rwx
b5d5a000-b7c3c000 01ee2000 ---
b7c3e000-b7cbe000 00080000 rw-
b7cbe000-b7cc0000 00002000 ---
start_brk   0x00200c58
end_code    0x00200c50
start_code  0x00100000
start_data  0x00200c50
end_data    0x00200c50
start_stack 0xb7cbce70
brk         0x00200c58
entry       0xb5c3f260
--------------

[cut]

--------------
IN: 
0x00000000b5c516f4:  membar  #StoreStore|#LoadStore|#StoreLoad
0x00000000b5c516f8:  wr  %g0, 0xf0, %asi
0x00000000b5c516fc:  subcc  %o2, 0x40, %g6
0x00000000b5c51700:  mov  %o1, %g1
0x00000000b5c51704:  andncc  %g6, 0x3f, %g6
0x00000000b5c51708:  srl  %g1, 3, %g2
0x00000000b5c5170c:  sub  %o2, %g6, %g3
0x00000000b5c51710:  andn  %o1, 0x3f, %o1
0x00000000b5c51714:  and  %g2, 7, %g2
0x00000000b5c51718:  andncc  %g3, 7, %g3
0x00000000b5c5171c:  fmovd  %f0, %f2
0x00000000b5c51720:  sub  %g3, 0x10, %g3
0x00000000b5c51724:  sub  %o2, %g6, %o2
0x00000000b5c51728:  alignaddr  %g1, %g0, %g0
0x00000000b5c5172c:  add  %g1, %g6, %g1
0x00000000b5c51730:  subcc  %o2, %g3, %o2
0x00000000b5c51734:  ldda  [ %o1 ] %asi, %f0
0x00000000b5c51738:  add  %g1, %g3, %g1
0x00000000b5c5173c:  ldda  [ %o1 + 0x40 ] %asi, %f16
0x00000000b5c51740:  sub  %g6, 0x80, %g6
0x00000000b5c51744:  ldda  [ %o1 + 0x80 ] %asi, %f32
0x00000000b5c51748:  rd  %pc, %g5
0x00000000b5c5174c:  addcc  %g5, 0xb8, %g5
0x00000000b5c51750:  sll  %g2, 9, %g2
0x00000000b5c51754:  jmp  %g5 + %g2
0x00000000b5c51758:  addcc  %o1, 0xc0, %o1

OP:
0x0000: movl_T0_im 0x0
0x0001: movl_T1_sim 0xf0
0x0002: movl_env_T0 0x9364
0x0003: movl_T0_o2
0x0004: movl_T1_sim 0x40
0x0005: sub_T1_T0_cc
0x0006: movl_g6_T0
0x0007: movl_T1_o1
0x0008: movl_g1_T1
0x0009: movl_T0_g6
0x000a: movl_T1_sim 0x3f
0x000b: andn_T1_T0
0x000c: logic_T0_cc
0x000d: movl_g6_T0
0x000e: movl_T0_g1
0x000f: movl_T1_sim 0x3
0x0010: srl
0x0011: movl_g2_T0
0x0012: movl_T0_o2
0x0013: movl_T1_g6
0x0014: sub_T1_T0
0x0015: movl_g3_T0
0x0016: movl_T0_o1
0x0017: movl_T1_sim 0x3f
0x0018: andn_T1_T0
0x0019: movl_o1_T0
0x001a: movl_T0_g2
0x001b: movl_T1_sim 0x7
0x001c: and_T1_T0
0x001d: movl_g2_T0
0x001e: movl_T0_g3
0x001f: movl_T1_sim 0x7
0x0020: andn_T1_T0
0x0021: logic_T0_cc
0x0022: movl_g3_T0
0x0023: clear_ieee_excp_and_FTT
0x0024: load_fpr_DT0_fprf0
0x0025: store_DT0_fpr_fprf2
0x0026: movl_T0_g3
0x0027: movl_T1_sim 0x10
0x0028: sub_T1_T0
0x0029: movl_g3_T0
0x002a: movl_T0_o2
0x002b: movl_T1_g6
0x002c: sub_T1_T0
0x002d: movl_o2_T0
0x002e: movl_T0_g1
0x002f: movl_T1_im 0x0
0x0030: alignaddr
0x0031: movl_T0_g1
0x0032: movl_T1_g6
0x0033: add_T1_T0
0x0034: movl_g1_T0
0x0035: movl_T0_o2
0x0036: movl_T1_g3
0x0037: sub_T1_T0_cc
0x0038: movl_o2_T0
0x0039: jmp_im 0xb5c51734
0x003a: movl_npc_im 0xb5c51738
0x003b: movl_T0_o1
0x003c: check_align_T0_7
0x003d: ld_asi_reg 0x0 0x8 0x0
0x003e: movl_T0_g1
0x003f: movl_T1_g3
0x0040: add_T1_T0
0x0041: movl_g1_T0
0x0042: jmp_im 0xb5c5173c
0x0043: movl_npc_im 0xb5c51740
0x0044: movl_T0_o1
0x0045: movl_T1_sim 0x40
0x0046: add_T1_T0
0x0047: check_align_T0_7
0x0048: ld_asi_reg 0x40 0x8 0x0
0x0049: movl_T0_g6
0x004a: movl_T1_sim 0x80
0x004b: sub_T1_T0
0x004c: movl_g6_T0
0x004d: jmp_im 0xb5c51744
0x004e: movl_npc_im 0xb5c51748
0x004f: movl_T0_o1
0x0050: movl_T1_sim 0x80
0x0051: add_T1_T0
0x0052: check_align_T0_7
0x0053: ld_asi_reg 0x0 0x8 0x0
0x0054: movl_T0_im 0xb5c51748
0x0055: movl_g5_T0
0x0056: movl_T0_g5
0x0057: movl_T1_sim 0xb8
0x0058: add_T1_T0_cc
0x0059: movl_g5_T0
0x005a: movl_T0_g2
0x005b: movl_T1_sim 0x9
0x005c: sll
0x005d: movl_g2_T0
0x005e: movl_T0_g5
0x005f: movl_T1_g2
0x0060: add_T1_T0
0x0061: check_align_T0_3
0x0062: movl_npc_T0
0x0063: movl_T0_o1
0x0064: movl_T1_sim 0xc0
0x0065: add_T1_T0_cc
0x0066: movl_o1_T0
0x0067: next_insn
0x0068: movl_T0_0
0x0069: exit_tb
0x006a: end

Re: [Qemu-devel] target_mmap and host vs target page sizes.

[Blue Swirl]

On 9/30/07, Edgar E. Iglesias <edgar.iglesias@axis.com> wrote:
> On Sun, Sep 30, 2007 at 06:45:08PM +0300, Blue Swirl wrote:
> > On 9/30/07, Edgar E. Iglesias <edgar.iglesias@axis.com> wrote:
> > > With this updated patch, I can now reliably run statically linked sparc64 programs on my 32 bit host. Dynamically linked sparc64 programs reliably fail with an unhandled trap 0x37. qemu m68k reliably segfaults with and without the patch. Again, I tested CRIS and MIPS 8K and they both reliably manage to load and run my programs. I also ran some arm (4K pages) programs, which worked fine.
> >
> > 0x37 is TT_PRIV_ACT, taken when privileged instructions are executed
> > in unprivileged mode. Could you try running this program again with -d
> > in_asm,op and see what is the faulting instruction and the generated
> > ops? Maybe some instruction has too strict checks.
>
> Sure. I pasted info from the error and fron the last TB.

> pstate: 0x00000092 ccr: 0x00 asi: 0x00 tl: 0 fprs: 0

Zero %asi?

> 0x00000000b5c516f8:  wr  %g0, 0xf0, %asi

%asi set to 0xf0 here.

> 0x00000000b5c51734:  ldda  [ %o1 ] %asi, %f0

Faulting instruction, bad %asi?

> 0x0000: movl_T0_im 0x0
> 0x0001: movl_T1_sim 0xf0
> 0x0002: movl_env_T0 0x9364

This is the wr code, no wonder %asi was zero.

Thanks a lot! I'll fix this immediately.