qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] TCG problem with cpu_{st,ld}x_data ?

From: Richard Henderson
Subject: Re: [Qemu-devel] TCG problem with cpu_{st,ld}x_data ?
Date: Mon, 25 Jul 2016 06:04:51 +0530
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1 
On 07/24/2016 06:12 PM, Benjamin Herrenschmidt wrote:

Hi !

I need help from TCG experts here. I was chasing down a bug causing
some stuff to crash when using vector ops with a ppc32 guest on x86,
but pulling that string led to a whole mess that *may* be affecting a
pile of architetures unless I'm misunderstanding something...

So basically what happens is that some instruction emulation helpers,
like in my case stvebx (target-ppc/mem_helper.c) are doing calls to
cpu_{st,ld}x_data. Let's say cpu_stb_data() for the sake of the
argument.

That is equivalent to calling cpu_stb_data_ra() with a "0" retaddr.

However, if that faults, when tlb_fill() gets eventually called, what I
observe is not 0 in "retaddr" but ... -2.

The reason, as far as I understand, is that cpu_stb_data_ra() calls
helper_ret_stb_mmu() which does:

     retaddr -= GETPC_ADJ;

(which is -2)


Ouch, yes.

I noticed a related problem recently, while working on the cmpxchg patch set.
In my opinion, we should (1) merge GETRA and GETPC so there's no confusion between the two, (2) push all adjustment down to the final moment before use, perhaps in cpu_restore_state.
Thus a null value would be properly retained until checked, and one can easily call the memory helper functions without confusion. 


r~
reply via email to
[Prev in Thread] Current Thread [Next in Thread]