qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] Re: [PATCH 3/8] sparc64: fix 32bit load sign extension

From: Paolo Bonzini
Subject: [Qemu-devel] Re: [PATCH 3/8] sparc64: fix 32bit load sign extension
Date: Fri, 04 Jun 2010 12:18:27 +0200
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.9) Gecko/20100430 Fedora/3.0.4-3.fc13 Lightning/1.0b2pre Thunderbird/3.0.4 
On 06/04/2010 09:53 AM, Paolo Bonzini wrote:

On 06/03/2010 09:59 PM, Igor Kovalenko wrote:

On Thu, Jun 3, 2010 at 7:42 PM, Paolo Bonzini<address@hidden> wrote:

On 06/03/2010 05:25 PM, Alexander Graf wrote:


Am 03.06.2010 um 15:18 schrieb Paolo Bonzini<address@hidden>:


On 06/01/2010 10:12 PM, Igor V. Kovalenko wrote:


From: Igor V. Kovalenko<address@hidden>

- change return type of ldl_* to uint32_t to prevent unwanted sign
extension
visible in sparc64 load alternate address space methods
- note this change makes ldl_* softmmu implementations match ldl_phys
one


This patch breaks -kernel/-initrd.


Breaks it where and when?


x86_64 TCG reboots after the "Probing EDD" step.


My local build appears to work, qemu-system-x86_64 loads my gentoo
linux setup.
I use x86_64 host, gcc 4.4.3, qemu configured with ./configure
--prefix=/inst --target-list=sparc64-softmmu,x86_64-softmmu


Normal boot works. Only -kernel/-initrd fails.
Hmm, PEBKAC. Boot of Fedora and RHEL5 guests always fails, so it's not related to -kernel/-initrd. (Of course, without -kernel/-initrd it reboots into GRUB rather than looping quickly).
I've placed a failing vmlinuz at http://people.redhat.com/people/vmlinuz-fail -- if it fails it should reboot continuously. The failure happens pretty soon after the kernel starts running. The sequence is: 

  lock_kernel
  -> __lock_kernel
  -> preempt_disable
  -> current_thread_info()

  IN:
  0xffffffff80063064:  push   %rbp
  0xffffffff80063065:  mov    %rsp,%rbp
  0xffffffff80063068:  mov    %gs:0x10,%rax
  0xffffffff80063071:  mov    -0x1fc8(%rax),%eax
  0xffffffff80063077:  test   $0x8,%al
  0xffffffff80063079:  je     0xffffffff800630a2
%rax is 0xffffffff803f1fd8, but it page faults with %cr2=0x00000000803f0010. The reason is that in the generated x86 assembly -0x1fc8 is erroneously zero extended: 

0x4180347b:  mov    %rbp,%rbx
0x4180347e:  mov    $0xffffe038,%r12d
0x41803484:  add    %r12,%rbx

so it gives the wrong address:

(gdb) info reg rbp
rbp            0xffffffff803f1fd8       0xffffffff803f1fd8
(gdb) info reg r12
r12            0xffffe038       4294959160
(gdb) info reg rbx
rbx            0x803f0010       2151612432
From there it's obvious: general protection, double fault, general protection, triple fault.
So it's a TCG bug that is expecting ldl_* to sign extend. I'll send a patch after I come back from lunch. 

Paolo
reply via email to
[Prev in Thread] Current Thread [Next in Thread]