[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] softmmu: fixing usage of cpu_st/ld* from helper
From: |
Peter Maydell |
Subject: |
Re: [Qemu-devel] [PATCH] softmmu: fixing usage of cpu_st/ld* from helpers |
Date: |
Mon, 15 Sep 2014 06:55:57 -0700 |
CCing RTH who was the last person to do something with
this area of the code I think. I thought the correct answer to this
problem was "don't use the cpu_st* functions but use something
else you can pass GETRA() to" ?
On 15 September 2014 03:50, Pavel Dovgalyuk <address@hidden> wrote:
> MMU helper functions are called from generated code and other helper
> functions. In both cases they try to get function's return address for
> using it while restoring virtual CPU state.
>
> When MMU helper is called from some other helper function
> (like helper_maskmov_xmm) through cpu_st* function, the return address
> will point to that helper. That is why CPU state cannot be restored in
> the case of MMU fault.
>
> This bug can occur when maskmov instruction is located in the middle of the
> translation block.
>
> Execution sequence for this example:
>
> TB start:
> PC1: instr1
> instr2
> PC2: maskmov <page fault>
> <page fault processing>
> PC1: instr1
> instr2
> maskmov
>
> At the start of TB execution guest PC points to instr1. When page fault occurs
> QEMU tries to restore guest PC (which should be equal to PC2). It reads host
> PC
> from the call stack and checks whether it points to TB or not. Bug in ldst
> helpers implementation provides incorrect host PC, which is not located within
> the TB. That's why QEMU cannot recover guest PC and it remains the same (PC1).
> After page fault processing QEMU restarts TB and executes instr1 and instr2
> for the second time, because guest PC was not recovered.
>
> This patch introduces several inline helpers to load return address
> which points to the right place. Correct return address allows correct
> restoring of the guest PC.
thanks
-- PMM