Re: [Qemu-devel] QEMU TCG issue when executing UEFI

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] QEMU TCG issue when executing UEFI

From:	Peter Maydell
Subject:	Re: [Qemu-devel] QEMU TCG issue when executing UEFI
Date:	Thu, 18 Aug 2016 15:36:31 +0100

On 18 August 2016 at 15:15, Ard Biesheuvel <address@hidden> wrote:
> On 18 August 2016 at 16:10, Peter Maydell <address@hidden> wrote:
>> On 16 August 2016 at 13:08, Ard Biesheuvel <address@hidden> wrote:
>>> Bad ram pointer 0x54
>>> Aborted (core dumped)
>>
>> So the reason this happens is that get_page_addr_code() doesn't
>> correctly handle the case of the memory region being a
>> ROM that's not in ROMD mode. That is, the flash memory can
>> be either in "reads map directly to guest memory" (normal)
>> mode or "reads are MMIO to a device" (ROMD) mode. QEMU
>> can't execute from devices, so the best case here would
>> be that we print the "Sorry, we can't execute from a device"
>> message and stop execution.
>>
>
> So is there a spurious write somewhere that causes the ROM to switch
> into ROMD mode? Because it executes happily from ROM (until it
> doesn't, of course)

The write that causes us to go into not-ROMD mode is in this block:

0x00000000000096ac:  cb000294      sub x20, x20, x0
0x00000000000096b0:  f9000a74      str x20, [x19, #16]
0x00000000000096b4:  9100627c      add x28, x19, #0x18 (24)
0x00000000000096b8:  b9400780      ldr w0, [x28, #4]
0x00000000000096bc:  35002cc0      cbnz w0, #+0x598 (addr 0x9c54)

which is executed with

PC=00000000000096ac  SP=000000004007f590
X00=0000000000000160 X01=0000000000000095 X02=000000003031424e
X03=0000000000001b40
X04=0000000000010b64 X05=0000000000000160 X06=0000000000000188
X07=000000004007c268
X08=00000000000149a0 X09=000000004007fe58 X10=000000004007f793
X11=0000000000000002
X12=00000000707fe07a X13=0000000000000002 X14=0000000000000000
X15=0000000000000000
X16=0000000000000000 X17=0000000000000000 X18=0000000000000000
X19=00000000000149a0
X20=00000000000149a0 X21=00000000000149a0 X22=0000000000000001
X23=0000000000000160
X24=000000004007fa24 X25=000000004007fa38 X26=0000000000000000
X27=0000000000014840
X28=00000000000149a0 X29=0000000000000000 X30=0000000000009364
PSTATE=200003c5 --C- EL1h

so you write 0x14840 to address 0x149b0, which is in the flash.

(This is the last TB we execute, because trying to find the
next one hits the problem of the flash not being in ROMD mode.
So it's the very last thing in the log if you run QEMU with
-d in_asm,out_asm,exec,cpu,int -D /tmp/q.log)

thanks
-- PMM

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] QEMU TCG issue when executing UEFI, Ard Biesheuvel, 2016/08/16
- Re: [Qemu-devel] QEMU TCG issue when executing UEFI, Peter Maydell, 2016/08/18
  - Re: [Qemu-devel] QEMU TCG issue when executing UEFI, Ard Biesheuvel, 2016/08/18
- Re: [Qemu-devel] QEMU TCG issue when executing UEFI, Peter Maydell, 2016/08/18
  - Re: [Qemu-devel] QEMU TCG issue when executing UEFI, Ard Biesheuvel, 2016/08/18
    - Re: [Qemu-devel] QEMU TCG issue when executing UEFI, Peter Maydell <=
    - Re: [Qemu-devel] QEMU TCG issue when executing UEFI, Ard Biesheuvel, 2016/08/18

Prev by Date: Re: [Qemu-devel] hw/arm/virt: vmstate-static-checker.py results
Next by Date: Re: [Qemu-devel] [RFC PATCH v2 1/2] utils: Add helper to read arm MIDR_EL1 register
Previous by thread: Re: [Qemu-devel] QEMU TCG issue when executing UEFI
Next by thread: Re: [Qemu-devel] QEMU TCG issue when executing UEFI
Index(es):
- Date
- Thread