[Qemu-devel] [Bug 1182344] Re: ARM: invalid code execution after subs in

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [Bug 1182344] Re: ARM: invalid code execution after subs in

From:	Sebastian Huber
Subject:	[Qemu-devel] [Bug 1182344] Re: ARM: invalid code execution after subs instruction
Date:	Wed, 22 May 2013 16:01:49 -0000

Thanks a lot for your help!  It is not a Qemu problem.

I ported the code from a pre ARMv7 environment.  In the assembler code I
have this:

  msr spsr, r5

The GNU as translates this to:

  msr SPSR_fc, r5

Correct is this:

  msr SPSR_fsxc, r5

I fixed the assembler source and now all SPSR fields are updated on
exception return.

** Changed in: qemu
       Status: New => Invalid

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1182344

Title:
  ARM: invalid code execution after subs instruction

Status in QEMU:
  Invalid

Bug description:
  I use Qemu (Git 1239b472bb0dba8060f1af29d40dafbc1b2860d4) to test a
  SMP application on ARM.  I use the following command line:

  qemu-system-arm -S -s -net none -nographic -M realview-pbx-a9 -kernel
  app.exe -m 256M -no-reboot -smp 2 -icount 8

  The application crashes because Qemu executes the B.N instruction
  wrong after a SUBS (return from interrupt):

     0x00010428 <thread_dispatch_done+12>:      vldmia  r1!, {d16-d31}
     0x0001042c <thread_dispatch_done+16>:      ldr     r0, [r1]
     0x00010430 <thread_dispatch_done+20>:      add     sp, sp, #200    ; 0xc8
     0x00010434 <thread_dispatch_done+24>:      vmsr    fpscr, r0
     0x00010438 <thread_dispatch_done+28>:      ldmfd   sp!, {lr}
     0x0001043c <thread_dispatch_done+32>:      mov     r0, sp
     0x00010440 <thread_dispatch_done+36>:      add     sp, sp, #28
     0x00010444 <thread_dispatch_done+40>:      mrs     r1, CPSR
     0x00010448 <thread_dispatch_done+44>:      bic     r1, r1, #1
     0x0001044c <thread_dispatch_done+48>:      msr     CPSR_fc, r1
     0x00010450 <thread_dispatch_done+52>:      push    {r4, r5}
     0x00010454 <thread_dispatch_done+56>:      ldm     r0, {r0, r1, r2, r3, 
r4, r5, r12}
     0x00010458 <thread_dispatch_done+60>:      mov     lr, r4
     0x0001045c <thread_dispatch_done+64>:      msr     SPSR_fc, r5
     0x00010460 <thread_dispatch_done+68>:      pop     {r4, r5}
     0x00010464 <thread_dispatch_done+72>:      subs    pc, lr, #4
     0x00000690 <_Thread_Idle_body+8>:  b.n     0x690 <_Thread_Idle_body+8>
     0x00000692:        nop
     0x00000694 <__getreent+0>: push    {r7, lr}
     0x00000696 <__getreent+2>: add     r7, sp, #0
     0x00000698 <__getreent+4>: bl      0x1cf0 <bsp_smp_processor_id>
     0x00001cf0 <bsp_smp_processor_id+0>:       push    {r7, lr}

  This instruction trace was generated with the attached patch.

  The

     0x00000690 <_Thread_Idle_body+8>:    b.n     0x690
  <_Thread_Idle_body+8>

  should jump to itself.  Instead the next instruction is executed:

     0x00000692:  nop

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1182344/+subscriptions

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH v2 0/2] ps2 auto-repeat, Amos Kong, 2013/05/22
- [Qemu-devel] [PATCH v2 2/2] ps2: preserve repeat state on migration, Amos Kong, 2013/05/22
- [Qemu-devel] [PATCH v2 1/2] ps2: add support of auto-repeat, Amos Kong, 2013/05/22

Prev by Date: Re: [Qemu-devel] New targets (was: [PATCH] qapi-schema.json: Reformat TargetType enum to one-per-line)
Next by Date: Re: [Qemu-devel] 'qemu-nbd' explicit flush
Previous by thread: [Qemu-devel] [PATCH] monitor: allow to disable the default monitor
Next by thread: [Qemu-devel] [PATCH v2 2/2] ps2: preserve repeat state on migration
Index(es):
- Date
- Thread