[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [Bug 1182344] Re: ARM: invalid code execution after subs in
From: |
Sebastian Huber |
Subject: |
[Qemu-devel] [Bug 1182344] Re: ARM: invalid code execution after subs instruction |
Date: |
Wed, 22 May 2013 08:22:18 -0000 |
If I replace the idle thread with this code
void *_CPU_Thread_Idle_body( uintptr_t ignored )
{
while ( true ) {
__asm__ volatile ("wfi");
}
}
void foobarblub(void)
{
__asm__ volatile ("nop; nop; nop; nop; nop");
bsp_reset();
}
then I get also an invalid execution sequence:
0x00010214 <thread_dispatch_done+56>: ldm r0, {r0, r1, r2, r3,
r4, r5, r12}
0x00010218 <thread_dispatch_done+60>: mov lr, r4
0x0001021c <thread_dispatch_done+64>: msr SPSR_fc, r5
0x00010220 <thread_dispatch_done+68>: pop {r4, r5}
0x00010224 <thread_dispatch_done+72>: subs pc, lr, #4
0x00010306 <_CPU_Thread_Idle_body+10>: b.n 0x10304
<_CPU_Thread_Idle_body+8>
0x00010308 <foobarblub+0>: push {r7, lr}
0x0001030a <foobarblub+2>: add r7, sp, #0
0x0001030c <foobarblub+4>: nop
0x0001030e <foobarblub+6>: nop
0x00010310 <foobarblub+8>: nop
0x00010312 <foobarblub+10>: nop
0x00010314 <foobarblub+12>: nop
0x00010316 <foobarblub+14>: bl 0xe40 <bsp_reset>
Normally the execution sequence around the idle thread looks like this:
0x00010210 <thread_dispatch_done+52>: push {r4, r5}
0x00010214 <thread_dispatch_done+56>: ldm r0, {r0, r1, r2, r3,
r4, r5, r12}
0x00010218 <thread_dispatch_done+60>: mov lr, r4
0x0001021c <thread_dispatch_done+64>: msr SPSR_fc, r5
0x00010220 <thread_dispatch_done+68>: pop {r4, r5}
0x00010224 <thread_dispatch_done+72>: subs pc, lr, #4
0x00010306 <_CPU_Thread_Idle_body+10>: b.n 0x10304
<_CPU_Thread_Idle_body+8>
0x00010304 <_CPU_Thread_Idle_body+8>: wfi
0x00000018 <bsp_vector_table_begin+24>: ldr pc, [pc, #24] ; 0x38
<handler_addr_irq>
0x00010168 <_ARMV4_Exception_interrupt+0>: stmdb sp, {r4, r5, r6, r7}
0x0001016c <_ARMV4_Exception_interrupt+4>: mov r4, lr
0x00010170 <_ARMV4_Exception_interrupt+8>: mrs r5, SPSR
0x00010174 <_ARMV4_Exception_interrupt+12>: mrs r6, CPSR
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1182344
Title:
ARM: invalid code execution after subs instruction
Status in QEMU:
New
Bug description:
I use Qemu (Git 1239b472bb0dba8060f1af29d40dafbc1b2860d4) to test a
SMP application on ARM. I use the following command line:
qemu-system-arm -S -s -net none -nographic -M realview-pbx-a9 -kernel
app.exe -m 256M -no-reboot -smp 2 -icount 8
The application crashes because Qemu executes the B.N instruction
wrong after a SUBS (return from interrupt):
0x00010428 <thread_dispatch_done+12>: vldmia r1!, {d16-d31}
0x0001042c <thread_dispatch_done+16>: ldr r0, [r1]
0x00010430 <thread_dispatch_done+20>: add sp, sp, #200 ; 0xc8
0x00010434 <thread_dispatch_done+24>: vmsr fpscr, r0
0x00010438 <thread_dispatch_done+28>: ldmfd sp!, {lr}
0x0001043c <thread_dispatch_done+32>: mov r0, sp
0x00010440 <thread_dispatch_done+36>: add sp, sp, #28
0x00010444 <thread_dispatch_done+40>: mrs r1, CPSR
0x00010448 <thread_dispatch_done+44>: bic r1, r1, #1
0x0001044c <thread_dispatch_done+48>: msr CPSR_fc, r1
0x00010450 <thread_dispatch_done+52>: push {r4, r5}
0x00010454 <thread_dispatch_done+56>: ldm r0, {r0, r1, r2, r3,
r4, r5, r12}
0x00010458 <thread_dispatch_done+60>: mov lr, r4
0x0001045c <thread_dispatch_done+64>: msr SPSR_fc, r5
0x00010460 <thread_dispatch_done+68>: pop {r4, r5}
0x00010464 <thread_dispatch_done+72>: subs pc, lr, #4
0x00000690 <_Thread_Idle_body+8>: b.n 0x690 <_Thread_Idle_body+8>
0x00000692: nop
0x00000694 <__getreent+0>: push {r7, lr}
0x00000696 <__getreent+2>: add r7, sp, #0
0x00000698 <__getreent+4>: bl 0x1cf0 <bsp_smp_processor_id>
0x00001cf0 <bsp_smp_processor_id+0>: push {r7, lr}
This instruction trace was generated with the attached patch.
The
0x00000690 <_Thread_Idle_body+8>: b.n 0x690
<_Thread_Idle_body+8>
should jump to itself. Instead the next instruction is executed:
0x00000692: nop
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1182344/+subscriptions
[Prev in Thread] |
Current Thread |
[Next in Thread] |