Re: [Qemu-devel] [Bug] qemu-system-ppc: "invalid/unsupported opcode" during debug session

[Stefan Weil]

Blue Swirl schrieb:
> On Tue, Dec 29, 2009 at 3:09 PM, Stefan Weil <address@hidden> wrote:
>   
>> Test environment:
>>
>> * ppc-softmmu/qemu-system-ppc running on x86_64 host
>> * emulated ppc is running debian lenny
>>
>>
>>
>> While debugging on the emulated ppc (each time when
>> a shared library is loaded after "r" command?),
>> qemu-system-ppc prints this error message:
>>
>> invalid/unsupported opcode: 00 - 00 - 00 (00000000) 4800fa44 1
>>
>>
>>
>> If logging is enabled, the error message goes to qemu.log:
>>
>> IN:
>> 0xc0013488:  nop
>> 0xc001348c:  rlwinm  r3,r3,0,0,19
>> 0xc0013490:  li      r4,128
>> 0xc0013494:  mtctr   r4
>> 0xc0013498:  mr      r6,r3
>> 0xc001349c:  dcbst   r0,r3
>>
>> invalid/unsupported opcode: 00 - 00 - 00 (00000000) 4800fa44 1
>> IN:
>> 0x4800fa40:  twge    r2,r2
>> 0x4800fa44:  .long 0x0
>>
>>
>>
>> The debugger on the ppc system shows the "instruction"
>> which triggers the error message:
>>
>> (gdb) disas
>> Dump of assembler code for function _dl_debug_state:
>> 0x4800fa40 <_dl_debug_state+0>: blr
>> End of assembler dump.
>> (gdb) x 0x4800fa40
>> 0x4800fa40 <_dl_debug_state>:   0x4e800020
>> (gdb) x/2x 0x4800fa40
>> 0x4800fa40 <_dl_debug_state>:   0x4e800020      0x00000000
>>
>>
>>
>> The unsupported opcode is 0, and it follows function
>> _dl_debug_state.
>>
>> Debugging in an emulated system should not trigger
>> error messages on the host (denial-of-service).
>>
>> Why does qemu try to interpret the word at 0x4800fa44?
>>     
>
> Wild guess: for PPC, translation is not stopped when we reach a branch
> but until the end of the current page. Please try the attached patch.
>   

Applied to host side (qemu-system-ppc), no visible change
(no malfunction, but still invalid opcode).

Stefan

>   
>> Why does qemu show "twge r2,r2", not "blr"?
>>     
>
> Maybe read access has been disabled for the page?
>