[Qemu-devel] [Bug 1128935] qemu IA64 emulation

[Qemu-devel] [Bug 1128935] qemu IA64 emulation

[Gigi D'Agostino]

hello,
in the past year gsoc qemu proposed projects there where on eproject that i
liked, which were: qemu IA64 emulation :
http://wiki.qemu.org/Google_Summer_of_Code_2012#IA64_emulation

this year i have not seen this project to be proposed, so i would like to
know if the qemu will be selected i would like to know if i will be able to
begin to make this project.
i am also a very novice in the asm programming (so very noobish in the
field, so u will have to answer a lot of noobish questions :) ), so would u
accept such a student to make this project?

i thank you in advance for the answer
best regards

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1128935

Title:
  MIPS r4k "TLB modified exception" generated for TLB entries that are
  not visible to the TLBP instruction

Status in Home for various HelenOS development branches:
  New
Status in QEMU:
  New

Bug description:
  I occasionally see that the TLBP instruction fails to find the
  corresponding TLB entry in the TLB Modified exception handler.  This
  behavior is unexpected, because the invocation of the TLB Modified
  exception suggests there indeed is such an entry in the TLB and only
  requires its dirty bit to be set.

  The operating system which can trigger and is susceptible to this
  behavior is a HelenOS branch located in lp:~jakub/helenos/mips-malta.
  The QEMU version on which this is reproducible is QEMU 1.4.0 and also
  some others.

  When I looked into the QEMU sources, I noticed the following
  discrepancy, which could potentially explain the behavior:

    65  /* MIPS32/MIPS64 R4000-style MMU emulation */
    66 int r4k_map_address (CPUMIPSState *env, hwaddr *physical, int *prot,
    67                      target_ulong address, int rw, int access_type)
    68 {
    <snip>
    72     for (i = 0; i < env->tlb->tlb_in_use; i++) {

  1865 void r4k_helper_tlbp(CPUMIPSState *env)
  1866 {
   <snip>
  1875     for (i = 0; i < env->tlb->nb_tlb; i++) {

  From the above it appears as if the the code which searches the TLB
  for a matching entry searched also the QEMU-specific "shadow" TLB
  entries, which is, however, not in line with how the TLBP instruction
  searches the TLB. So if a matching entry is found on index >=
  tlb_in_use, the HelenOS exception handler using TLBP to locate the
  entry would hit an assertion on seeing the Index register bit P set.

  I also suspect there is a similar issue with the TLB Invalid
  exception, but thanks to the specifics of the MIPS 4Kc CPU, HelenOS is
  not susceptible in this case.

To manage notifications about this bug go to:
https://bugs.launchpad.net/helenos/+bug/1128935/+subscriptions

[Qemu-devel] [Bug 1128935] Re: qemu IA64 emulation

[Jakub Jermar]

On 04/04/2013 07:34 PM, Gigi D'Agostino wrote:
> in the past year gsoc qemu proposed projects there where on eproject that i
> liked, which were: qemu IA64 emulation :
> http://wiki.qemu.org/Google_Summer_of_Code_2012#IA64_emulation
> 
> this year i have not seen this project to be proposed, so i would like to
> know if the qemu will be selected i would like to know if i will be able to
> begin to make this project.
> i am also a very novice in the asm programming (so very noobish in the
> field, so u will have to answer a lot of noobish questions :) ), so would u
> accept such a student to make this project?

I can't speak for QEMU as I am from the HelenOS mentoring organization,
but according to how GSoC works, a student is free to suggest any
project. The organizations will then pick the best student applications
for things they like and can provide mentors for.

HTH,
Jakub

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1128935

Title:
  MIPS r4k "TLB modified exception" generated for TLB entries that are
  not visible to the TLBP instruction

Status in Home for various HelenOS development branches:
  New
Status in QEMU:
  New

Bug description:
  I occasionally see that the TLBP instruction fails to find the
  corresponding TLB entry in the TLB Modified exception handler.  This
  behavior is unexpected, because the invocation of the TLB Modified
  exception suggests there indeed is such an entry in the TLB and only
  requires its dirty bit to be set.

  The operating system which can trigger and is susceptible to this
  behavior is a HelenOS branch located in lp:~jakub/helenos/mips-malta.
  The QEMU version on which this is reproducible is QEMU 1.4.0 and also
  some others.

  When I looked into the QEMU sources, I noticed the following
  discrepancy, which could potentially explain the behavior:

    65  /* MIPS32/MIPS64 R4000-style MMU emulation */
    66 int r4k_map_address (CPUMIPSState *env, hwaddr *physical, int *prot,
    67                      target_ulong address, int rw, int access_type)
    68 {
    <snip>
    72     for (i = 0; i < env->tlb->tlb_in_use; i++) {

  1865 void r4k_helper_tlbp(CPUMIPSState *env)
  1866 {
   <snip>
  1875     for (i = 0; i < env->tlb->nb_tlb; i++) {

  From the above it appears as if the the code which searches the TLB
  for a matching entry searched also the QEMU-specific "shadow" TLB
  entries, which is, however, not in line with how the TLBP instruction
  searches the TLB. So if a matching entry is found on index >=
  tlb_in_use, the HelenOS exception handler using TLBP to locate the
  entry would hit an assertion on seeing the Index register bit P set.

  I also suspect there is a similar issue with the TLB Invalid
  exception, but thanks to the specifics of the MIPS 4Kc CPU, HelenOS is
  not susceptible in this case.

To manage notifications about this bug go to:
https://bugs.launchpad.net/helenos/+bug/1128935/+subscriptions

[Qemu-devel] [Bug 1128935] Re: qemu IA64 emulation

[agraf]

Hi Lurie,

On 04.04.2013, at 19:34, Iurie wrote:

> hello,
> in the past year gsoc qemu proposed projects there where on eproject that i liked, which were: qemu IA64 emulation : http://wiki.qemu.org/Google_Summer_of_Code_2012#IA64_emulation
> 
> this year i have not seen this project to be proposed, so i would like to know if the qemu will be selected i would like to know if i will be able to begin to make this project.
> i am also a very novice in the asm programming (so very noobish in the field, so u will have to answer a lot of noobish questions :) ), so would u accept such a student to make this project?

We had a student working on IA64 emulation last year. Typically, to get
a new target working, you start off implementing Linux user space
emulation, then continue to system emulation. User space emulation is a
lot easier to debug, you need less features of the CPU (no MMU
emulation, no privileged instructions) and you don't need device
emulation code.

However, IA64 maps its virtual memory to locations that x86_64 can not
map at all. Since in QEMU, Linux user emulation leverages the host's MMU
to do virtual memory maps, IA64 programs can't be mapped on x86_64
hosts, which are the typical development environment for QEMU target
code.

So at the end of the day, we had to cancel the IA64 emulation project
last year.

There is still the slight chance to do IA64 emulation if you take the
KVM IA64 code from ~3-4 years ago, forward port that to current QEMU,
get the device model running with KVM on a real IA64 machine, and then
implement system emulation straight on.

However, that is not an easy task. It requires quite in-depth knowledge
of all the changes that happened in QEMU device models within the last
years and a lot of debugging skills to get KVM working. So unless you
have a lot of IA64 background, I'm afraid this is vastly out of scope
for summer of code. Unfortunately.


Alex

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1128935

Title:
  MIPS r4k "TLB modified exception" generated for TLB entries that are
  not visible to the TLBP instruction

Status in Home for various HelenOS development branches:
  New
Status in QEMU:
  New

Bug description:
  I occasionally see that the TLBP instruction fails to find the
  corresponding TLB entry in the TLB Modified exception handler.  This
  behavior is unexpected, because the invocation of the TLB Modified
  exception suggests there indeed is such an entry in the TLB and only
  requires its dirty bit to be set.

  The operating system which can trigger and is susceptible to this
  behavior is a HelenOS branch located in lp:~jakub/helenos/mips-malta.
  The QEMU version on which this is reproducible is QEMU 1.4.0 and also
  some others.

  When I looked into the QEMU sources, I noticed the following
  discrepancy, which could potentially explain the behavior:

    65  /* MIPS32/MIPS64 R4000-style MMU emulation */
    66 int r4k_map_address (CPUMIPSState *env, hwaddr *physical, int *prot,
    67                      target_ulong address, int rw, int access_type)
    68 {
    <snip>
    72     for (i = 0; i < env->tlb->tlb_in_use; i++) {

  1865 void r4k_helper_tlbp(CPUMIPSState *env)
  1866 {
   <snip>
  1875     for (i = 0; i < env->tlb->nb_tlb; i++) {

  From the above it appears as if the the code which searches the TLB
  for a matching entry searched also the QEMU-specific "shadow" TLB
  entries, which is, however, not in line with how the TLBP instruction
  searches the TLB. So if a matching entry is found on index >=
  tlb_in_use, the HelenOS exception handler using TLBP to locate the
  entry would hit an assertion on seeing the Index register bit P set.

  I also suspect there is a similar issue with the TLB Invalid
  exception, but thanks to the specifics of the MIPS 4Kc CPU, HelenOS is
  not susceptible in this case.

To manage notifications about this bug go to:
https://bugs.launchpad.net/helenos/+bug/1128935/+subscriptions

[Qemu-devel] [Bug 1128935] Re: qemu IA64 emulation

[Gigi D'Agostino]

hi,
thank you very much for the answer. i will try do some more easy projects
durring this summer related to asm and things like that and i hope in the
following year to do this project.

best regards


On 6 April 2013 10:31, Alexander Graf <agraf@suse.de> wrote:

> Hi Lurie,
>
> On 04.04.2013, at 19:34, Iurie wrote:
>
> hello,
> in the past year gsoc qemu proposed projects there where on eproject that
> i liked, which were: qemu IA64 emulation :
> http://wiki.qemu.org/Google_Summer_of_Code_2012#IA64_emulation
>
> this year i have not seen this project to be proposed, so i would like to
> know if the qemu will be selected i would like to know if i will be able to
> begin to make this project.
> i am also a very novice in the asm programming (so very noobish in the
> field, so u will have to answer a lot of noobish questions :) ), so would u
> accept such a student to make this project?
>
>
> We had a student working on IA64 emulation last year. Typically, to get a
> new target working, you start off implementing Linux user space emulation,
> then continue to system emulation. User space emulation is a lot easier to
> debug, you need less features of the CPU (no MMU emulation, no privileged
> instructions) and you don't need device emulation code.
>
> However, IA64 maps its virtual memory to locations that x86_64 can not map
> at all. Since in QEMU, Linux user emulation leverages the host's MMU to do
> virtual memory maps, IA64 programs can't be mapped on x86_64 hosts, which
> are the typical development environment for QEMU target code.
>
> So at the end of the day, we had to cancel the IA64 emulation project last
> year.
>
> There is still the slight chance to do IA64 emulation if you take the KVM
> IA64 code from ~3-4 years ago, forward port that to current QEMU, get the
> device model running with KVM on a real IA64 machine, and then implement
> system emulation straight on.
>
> However, that is not an easy task. It requires quite in-depth knowledge of
> all the changes that happened in QEMU device models within the last years
> and a lot of debugging skills to get KVM working. So unless you have a lot
> of IA64 background, I'm afraid this is vastly out of scope for summer of
> code. Unfortunately.
>
>
> Alex
>
>

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1128935

Title:
  MIPS r4k "TLB modified exception" generated for TLB entries that are
  not visible to the TLBP instruction

Status in Home for various HelenOS development branches:
  New
Status in QEMU:
  New

Bug description:
  I occasionally see that the TLBP instruction fails to find the
  corresponding TLB entry in the TLB Modified exception handler.  This
  behavior is unexpected, because the invocation of the TLB Modified
  exception suggests there indeed is such an entry in the TLB and only
  requires its dirty bit to be set.

  The operating system which can trigger and is susceptible to this
  behavior is a HelenOS branch located in lp:~jakub/helenos/mips-malta.
  The QEMU version on which this is reproducible is QEMU 1.4.0 and also
  some others.

  When I looked into the QEMU sources, I noticed the following
  discrepancy, which could potentially explain the behavior:

    65  /* MIPS32/MIPS64 R4000-style MMU emulation */
    66 int r4k_map_address (CPUMIPSState *env, hwaddr *physical, int *prot,
    67                      target_ulong address, int rw, int access_type)
    68 {
    <snip>
    72     for (i = 0; i < env->tlb->tlb_in_use; i++) {

  1865 void r4k_helper_tlbp(CPUMIPSState *env)
  1866 {
   <snip>
  1875     for (i = 0; i < env->tlb->nb_tlb; i++) {

  From the above it appears as if the the code which searches the TLB
  for a matching entry searched also the QEMU-specific "shadow" TLB
  entries, which is, however, not in line with how the TLBP instruction
  searches the TLB. So if a matching entry is found on index >=
  tlb_in_use, the HelenOS exception handler using TLBP to locate the
  entry would hit an assertion on seeing the Index register bit P set.

  I also suspect there is a similar issue with the TLB Invalid
  exception, but thanks to the specifics of the MIPS 4Kc CPU, HelenOS is
  not susceptible in this case.

To manage notifications about this bug go to:
https://bugs.launchpad.net/helenos/+bug/1128935/+subscriptions

Re: [Qemu-devel] [Bug 1128935] Re: qemu IA64 emulation

[Blue Swirl]

On Sat, Apr 6, 2013 at 9:31 AM, agraf <1128935@bugs.launchpad.net> wrote:
> Hi Lurie,
>
> On 04.04.2013, at 19:34, Iurie wrote:
>
>> hello,
>> in the past year gsoc qemu proposed projects there where on eproject that i liked, which were: qemu IA64 emulation : http://wiki.qemu.org/Google_Summer_of_Code_2012#IA64_emulation
>>
>> this year i have not seen this project to be proposed, so i would like to know if the qemu will be selected i would like to know if i will be able to begin to make this project.
>> i am also a very novice in the asm programming (so very noobish in the field, so u will have to answer a lot of noobish questions :) ), so would u accept such a student to make this project?
>
> We had a student working on IA64 emulation last year. Typically, to get
> a new target working, you start off implementing Linux user space
> emulation, then continue to system emulation. User space emulation is a
> lot easier to debug, you need less features of the CPU (no MMU
> emulation, no privileged instructions) and you don't need device
> emulation code.
>
> However, IA64 maps its virtual memory to locations that x86_64 can not
> map at all. Since in QEMU, Linux user emulation leverages the host's MMU
> to do virtual memory maps, IA64 programs can't be mapped on x86_64
> hosts, which are the typical development environment for QEMU target
> code.

Out of curiosity, why doesn't GUEST_BASE help?

>
> So at the end of the day, we had to cancel the IA64 emulation project
> last year.
>
> There is still the slight chance to do IA64 emulation if you take the
> KVM IA64 code from ~3-4 years ago, forward port that to current QEMU,
> get the device model running with KVM on a real IA64 machine, and then
> implement system emulation straight on.
>
> However, that is not an easy task. It requires quite in-depth knowledge
> of all the changes that happened in QEMU device models within the last
> years and a lot of debugging skills to get KVM working. So unless you
> have a lot of IA64 background, I'm afraid this is vastly out of scope
> for summer of code. Unfortunately.
>
>
> Alex
>
> --
> You received this bug notification because you are a member of qemu-
> devel-ml, which is subscribed to QEMU.
> https://bugs.launchpad.net/bugs/1128935
>
> Title:
>   MIPS r4k "TLB modified exception" generated for TLB entries that are
>   not visible to the TLBP instruction
>
> Status in Home for various HelenOS development branches:
>   New
> Status in QEMU:
>   New
>
> Bug description:
>   I occasionally see that the TLBP instruction fails to find the
>   corresponding TLB entry in the TLB Modified exception handler.  This
>   behavior is unexpected, because the invocation of the TLB Modified
>   exception suggests there indeed is such an entry in the TLB and only
>   requires its dirty bit to be set.
>
>   The operating system which can trigger and is susceptible to this
>   behavior is a HelenOS branch located in lp:~jakub/helenos/mips-malta.
>   The QEMU version on which this is reproducible is QEMU 1.4.0 and also
>   some others.
>
>   When I looked into the QEMU sources, I noticed the following
>   discrepancy, which could potentially explain the behavior:
>
>     65  /* MIPS32/MIPS64 R4000-style MMU emulation */
>     66 int r4k_map_address (CPUMIPSState *env, hwaddr *physical, int *prot,
>     67                      target_ulong address, int rw, int access_type)
>     68 {
>     <snip>
>     72     for (i = 0; i < env->tlb->tlb_in_use; i++) {
>
>   1865 void r4k_helper_tlbp(CPUMIPSState *env)
>   1866 {
>    <snip>
>   1875     for (i = 0; i < env->tlb->nb_tlb; i++) {
>
>   From the above it appears as if the the code which searches the TLB
>   for a matching entry searched also the QEMU-specific "shadow" TLB
>   entries, which is, however, not in line with how the TLBP instruction
>   searches the TLB. So if a matching entry is found on index >=
>   tlb_in_use, the HelenOS exception handler using TLBP to locate the
>   entry would hit an assertion on seeing the Index register bit P set.
>
>   I also suspect there is a similar issue with the TLB Invalid
>   exception, but thanks to the specifics of the MIPS 4Kc CPU, HelenOS is
>   not susceptible in this case.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/helenos/+bug/1128935/+subscriptions
>

Re: [Qemu-devel] [Bug 1128935] Re: qemu IA64 emulation

[Jakub Jermar]

Guys, perhaps we should move this dialogue to a different thread as we
are abusing the unrelated Bug 1128935.

Jakub

On 04/06/2013 07:01 PM, blueswirl wrote:
> On Sat, Apr 6, 2013 at 9:31 AM, agraf <1128935@bugs.launchpad.net> wrote:
>> Hi Lurie,
>>
>> On 04.04.2013, at 19:34, Iurie wrote:
>>
>>> hello,
>>> in the past year gsoc qemu proposed projects there where on eproject that i liked, which were: qemu IA64 emulation : http://wiki.qemu.org/Google_Summer_of_Code_2012#IA64_emulation
>>>
>>> this year i have not seen this project to be proposed, so i would like to know if the qemu will be selected i would like to know if i will be able to begin to make this project.
>>> i am also a very novice in the asm programming (so very noobish in the field, so u will have to answer a lot of noobish questions :) ), so would u accept such a student to make this project?
>>
>> We had a student working on IA64 emulation last year. Typically, to get
>> a new target working, you start off implementing Linux user space
>> emulation, then continue to system emulation. User space emulation is a
>> lot easier to debug, you need less features of the CPU (no MMU
>> emulation, no privileged instructions) and you don't need device
>> emulation code.
>>
>> However, IA64 maps its virtual memory to locations that x86_64 can not
>> map at all. Since in QEMU, Linux user emulation leverages the host's MMU
>> to do virtual memory maps, IA64 programs can't be mapped on x86_64
>> hosts, which are the typical development environment for QEMU target
>> code.
> 
> Out of curiosity, why doesn't GUEST_BASE help?
> 
>>
>> So at the end of the day, we had to cancel the IA64 emulation project
>> last year.
>>
>> There is still the slight chance to do IA64 emulation if you take the
>> KVM IA64 code from ~3-4 years ago, forward port that to current QEMU,
>> get the device model running with KVM on a real IA64 machine, and then
>> implement system emulation straight on.
>>
>> However, that is not an easy task. It requires quite in-depth knowledge
>> of all the changes that happened in QEMU device models within the last
>> years and a lot of debugging skills to get KVM working. So unless you
>> have a lot of IA64 background, I'm afraid this is vastly out of scope
>> for summer of code. Unfortunately.
>>
>>
>> Alex
>>
>> --
>> You received this bug notification because you are a member of qemu-
>> devel-ml, which is subscribed to QEMU.
>> https://bugs.launchpad.net/bugs/1128935
>>
>> Title:
>>   MIPS r4k "TLB modified exception" generated for TLB entries that are
>>   not visible to the TLBP instruction
>>
>> Status in Home for various HelenOS development branches:
>>   New
>> Status in QEMU:
>>   New
>>
>> Bug description:
>>   I occasionally see that the TLBP instruction fails to find the
>>   corresponding TLB entry in the TLB Modified exception handler.  This
>>   behavior is unexpected, because the invocation of the TLB Modified
>>   exception suggests there indeed is such an entry in the TLB and only
>>   requires its dirty bit to be set.
>>
>>   The operating system which can trigger and is susceptible to this
>>   behavior is a HelenOS branch located in lp:~jakub/helenos/mips-malta.
>>   The QEMU version on which this is reproducible is QEMU 1.4.0 and also
>>   some others.
>>
>>   When I looked into the QEMU sources, I noticed the following
>>   discrepancy, which could potentially explain the behavior:
>>
>>     65  /* MIPS32/MIPS64 R4000-style MMU emulation */
>>     66 int r4k_map_address (CPUMIPSState *env, hwaddr *physical, int *prot,
>>     67                      target_ulong address, int rw, int access_type)
>>     68 {
>>     <snip>
>>     72     for (i = 0; i < env->tlb->tlb_in_use; i++) {
>>
>>   1865 void r4k_helper_tlbp(CPUMIPSState *env)
>>   1866 {
>>    <snip>
>>   1875     for (i = 0; i < env->tlb->nb_tlb; i++) {
>>
>>   From the above it appears as if the the code which searches the TLB
>>   for a matching entry searched also the QEMU-specific "shadow" TLB
>>   entries, which is, however, not in line with how the TLBP instruction
>>   searches the TLB. So if a matching entry is found on index >=
>>   tlb_in_use, the HelenOS exception handler using TLBP to locate the
>>   entry would hit an assertion on seeing the Index register bit P set.
>>
>>   I also suspect there is a similar issue with the TLB Invalid
>>   exception, but thanks to the specifics of the MIPS 4Kc CPU, HelenOS is
>>   not susceptible in this case.
>>
>> To manage notifications about this bug go to:
>> https://bugs.launchpad.net/helenos/+bug/1128935/+subscriptions
>>
>

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1128935

Title:
  MIPS r4k "TLB modified exception" generated for TLB entries that are
  not visible to the TLBP instruction

Status in Home for various HelenOS development branches:
  New
Status in QEMU:
  New

Bug description:
  I occasionally see that the TLBP instruction fails to find the
  corresponding TLB entry in the TLB Modified exception handler.  This
  behavior is unexpected, because the invocation of the TLB Modified
  exception suggests there indeed is such an entry in the TLB and only
  requires its dirty bit to be set.

  The operating system which can trigger and is susceptible to this
  behavior is a HelenOS branch located in lp:~jakub/helenos/mips-malta.
  The QEMU version on which this is reproducible is QEMU 1.4.0 and also
  some others.

  When I looked into the QEMU sources, I noticed the following
  discrepancy, which could potentially explain the behavior:

    65  /* MIPS32/MIPS64 R4000-style MMU emulation */
    66 int r4k_map_address (CPUMIPSState *env, hwaddr *physical, int *prot,
    67                      target_ulong address, int rw, int access_type)
    68 {
    <snip>
    72     for (i = 0; i < env->tlb->tlb_in_use; i++) {

  1865 void r4k_helper_tlbp(CPUMIPSState *env)
  1866 {
   <snip>
  1875     for (i = 0; i < env->tlb->nb_tlb; i++) {

  From the above it appears as if the the code which searches the TLB
  for a matching entry searched also the QEMU-specific "shadow" TLB
  entries, which is, however, not in line with how the TLBP instruction
  searches the TLB. So if a matching entry is found on index >=
  tlb_in_use, the HelenOS exception handler using TLBP to locate the
  entry would hit an assertion on seeing the Index register bit P set.

  I also suspect there is a similar issue with the TLB Invalid
  exception, but thanks to the specifics of the MIPS 4Kc CPU, HelenOS is
  not susceptible in this case.

To manage notifications about this bug go to:
https://bugs.launchpad.net/helenos/+bug/1128935/+subscriptions

[Qemu-devel] [Bug 1128935] Re: MIPS r4k "TLB modified exception" generated for TLB entries that are not visible to the TLBP instruction

[Thomas Huth]

Triaging old bug tickets... can you still reproduce this issue with the
latest version of QEMU? Or could we close this ticket nowadays?

** Changed in: qemu
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1128935

Title:
  MIPS r4k "TLB modified exception" generated for TLB entries that are
  not visible to the TLBP instruction

Status in HelenOS branches:
  New
Status in QEMU:
  Incomplete

Bug description:
  I occasionally see that the TLBP instruction fails to find the
  corresponding TLB entry in the TLB Modified exception handler.  This
  behavior is unexpected, because the invocation of the TLB Modified
  exception suggests there indeed is such an entry in the TLB and only
  requires its dirty bit to be set.

  The operating system which can trigger and is susceptible to this
  behavior is a HelenOS branch located in lp:~jakub/helenos/mips-malta.
  The QEMU version on which this is reproducible is QEMU 1.4.0 and also
  some others.

  When I looked into the QEMU sources, I noticed the following
  discrepancy, which could potentially explain the behavior:

    65  /* MIPS32/MIPS64 R4000-style MMU emulation */
    66 int r4k_map_address (CPUMIPSState *env, hwaddr *physical, int *prot,
    67                      target_ulong address, int rw, int access_type)
    68 {
    <snip>
    72     for (i = 0; i < env->tlb->tlb_in_use; i++) {

  1865 void r4k_helper_tlbp(CPUMIPSState *env)
  1866 {
   <snip>
  1875     for (i = 0; i < env->tlb->nb_tlb; i++) {

  From the above it appears as if the the code which searches the TLB
  for a matching entry searched also the QEMU-specific "shadow" TLB
  entries, which is, however, not in line with how the TLBP instruction
  searches the TLB. So if a matching entry is found on index >=
  tlb_in_use, the HelenOS exception handler using TLBP to locate the
  entry would hit an assertion on seeing the Index register bit P set.

  I also suspect there is a similar issue with the TLB Invalid
  exception, but thanks to the specifics of the MIPS 4Kc CPU, HelenOS is
  not susceptible in this case.

To manage notifications about this bug go to:
https://bugs.launchpad.net/helenos/+bug/1128935/+subscriptions

[Qemu-devel] [Bug 1128935] Re: MIPS r4k "TLB modified exception" generated for TLB entries that are not visible to the TLBP instruction

[Jakub Jermar]

Yes, running the following command line with QEMU 2.11.0 on the HelenOS
0.7.1 image downloaded from
http://www.helenos.org/releases/HelenOS-0.7.1-mips32-malta-be.boot will
result in occasional "failures" of the TLBP instruction as described in
this bug and as evidenced by a warning printed by HelenOS, which goes
like:

  tlb_modified: TLBP failed in exception handler (badvaddr=0x7001d7d8,
ASID=29).

The command line to reproduce:

  qemu-system-mips -cpu 4Kc -drive
file=hdisk.img,index=0,media=disk,format=raw -device e1000,vlan=0 -net
user,hostfwd=udp::8080-:8080,hostfwd=udp::8081-:8081,hostfwd=tcp::8080-:8080,hostfwd=tcp::8081-:8081,hostfwd=tcp::2223-:2223
-usb -device intel-hda -device hda-duplex -kernel HelenOS-0.7.1-mips32
-malta-be.boot -nographic

It would be good if someone familiar with the mips target had a look at
this.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1128935

Title:
  MIPS r4k "TLB modified exception" generated for TLB entries that are
  not visible to the TLBP instruction

Status in HelenOS branches:
  New
Status in QEMU:
  Incomplete

Bug description:
  I occasionally see that the TLBP instruction fails to find the
  corresponding TLB entry in the TLB Modified exception handler.  This
  behavior is unexpected, because the invocation of the TLB Modified
  exception suggests there indeed is such an entry in the TLB and only
  requires its dirty bit to be set.

  The operating system which can trigger and is susceptible to this
  behavior is a HelenOS branch located in lp:~jakub/helenos/mips-malta.
  The QEMU version on which this is reproducible is QEMU 1.4.0 and also
  some others.

  When I looked into the QEMU sources, I noticed the following
  discrepancy, which could potentially explain the behavior:

    65  /* MIPS32/MIPS64 R4000-style MMU emulation */
    66 int r4k_map_address (CPUMIPSState *env, hwaddr *physical, int *prot,
    67                      target_ulong address, int rw, int access_type)
    68 {
    <snip>
    72     for (i = 0; i < env->tlb->tlb_in_use; i++) {

  1865 void r4k_helper_tlbp(CPUMIPSState *env)
  1866 {
   <snip>
  1875     for (i = 0; i < env->tlb->nb_tlb; i++) {

  From the above it appears as if the the code which searches the TLB
  for a matching entry searched also the QEMU-specific "shadow" TLB
  entries, which is, however, not in line with how the TLBP instruction
  searches the TLB. So if a matching entry is found on index >=
  tlb_in_use, the HelenOS exception handler using TLBP to locate the
  entry would hit an assertion on seeing the Index register bit P set.

  I also suspect there is a similar issue with the TLB Invalid
  exception, but thanks to the specifics of the MIPS 4Kc CPU, HelenOS is
  not susceptible in this case.

To manage notifications about this bug go to:
https://bugs.launchpad.net/helenos/+bug/1128935/+subscriptions

[Qemu-devel] [Bug 1128935] Re: MIPS r4k "TLB modified exception" generated for TLB entries that are not visible to the TLBP instruction

[Jakub Jermar]

A shorter command line to reproduce this with QEMU 2.11.0 and HelenOS
0.7.1 would be:

$ qemu-system-mips -cpu 4Kc -kernel HelenOS-0.7.1-mips32-malta-be.boot
-nographic

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1128935

Title:
  MIPS r4k "TLB modified exception" generated for TLB entries that are
  not visible to the TLBP instruction

Status in HelenOS branches:
  New
Status in QEMU:
  Incomplete

Bug description:
  I occasionally see that the TLBP instruction fails to find the
  corresponding TLB entry in the TLB Modified exception handler.  This
  behavior is unexpected, because the invocation of the TLB Modified
  exception suggests there indeed is such an entry in the TLB and only
  requires its dirty bit to be set.

  The operating system which can trigger and is susceptible to this
  behavior is a HelenOS branch located in lp:~jakub/helenos/mips-malta.
  The QEMU version on which this is reproducible is QEMU 1.4.0 and also
  some others.

  When I looked into the QEMU sources, I noticed the following
  discrepancy, which could potentially explain the behavior:

    65  /* MIPS32/MIPS64 R4000-style MMU emulation */
    66 int r4k_map_address (CPUMIPSState *env, hwaddr *physical, int *prot,
    67                      target_ulong address, int rw, int access_type)
    68 {
    <snip>
    72     for (i = 0; i < env->tlb->tlb_in_use; i++) {

  1865 void r4k_helper_tlbp(CPUMIPSState *env)
  1866 {
   <snip>
  1875     for (i = 0; i < env->tlb->nb_tlb; i++) {

  From the above it appears as if the the code which searches the TLB
  for a matching entry searched also the QEMU-specific "shadow" TLB
  entries, which is, however, not in line with how the TLBP instruction
  searches the TLB. So if a matching entry is found on index >=
  tlb_in_use, the HelenOS exception handler using TLBP to locate the
  entry would hit an assertion on seeing the Index register bit P set.

  I also suspect there is a similar issue with the TLB Invalid
  exception, but thanks to the specifics of the MIPS 4Kc CPU, HelenOS is
  not susceptible in this case.

To manage notifications about this bug go to:
https://bugs.launchpad.net/helenos/+bug/1128935/+subscriptions

[Qemu-devel] [Bug 1128935] Re: MIPS r4k "TLB modified exception" generated for TLB entries that are not visible to the TLBP instruction

[Jakub Jermar]

** Changed in: qemu
       Status: Incomplete => New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1128935

Title:
  MIPS r4k "TLB modified exception" generated for TLB entries that are
  not visible to the TLBP instruction

Status in HelenOS branches:
  New
Status in QEMU:
  New

Bug description:
  I occasionally see that the TLBP instruction fails to find the
  corresponding TLB entry in the TLB Modified exception handler.  This
  behavior is unexpected, because the invocation of the TLB Modified
  exception suggests there indeed is such an entry in the TLB and only
  requires its dirty bit to be set.

  The operating system which can trigger and is susceptible to this
  behavior is a HelenOS branch located in lp:~jakub/helenos/mips-malta.
  The QEMU version on which this is reproducible is QEMU 1.4.0 and also
  some others.

  When I looked into the QEMU sources, I noticed the following
  discrepancy, which could potentially explain the behavior:

    65  /* MIPS32/MIPS64 R4000-style MMU emulation */
    66 int r4k_map_address (CPUMIPSState *env, hwaddr *physical, int *prot,
    67                      target_ulong address, int rw, int access_type)
    68 {
    <snip>
    72     for (i = 0; i < env->tlb->tlb_in_use; i++) {

  1865 void r4k_helper_tlbp(CPUMIPSState *env)
  1866 {
   <snip>
  1875     for (i = 0; i < env->tlb->nb_tlb; i++) {

  From the above it appears as if the the code which searches the TLB
  for a matching entry searched also the QEMU-specific "shadow" TLB
  entries, which is, however, not in line with how the TLBP instruction
  searches the TLB. So if a matching entry is found on index >=
  tlb_in_use, the HelenOS exception handler using TLBP to locate the
  entry would hit an assertion on seeing the Index register bit P set.

  I also suspect there is a similar issue with the TLB Invalid
  exception, but thanks to the specifics of the MIPS 4Kc CPU, HelenOS is
  not susceptible in this case.

To manage notifications about this bug go to:
https://bugs.launchpad.net/helenos/+bug/1128935/+subscriptions

[Bug 1128935] Re: MIPS r4k "TLB modified exception" generated for TLB entries that are not visible to the TLBP instruction

[Thomas Huth]

This is an automated cleanup. This bug report has been moved to QEMU's
new bug tracker on gitlab.com and thus gets marked as 'expired' now.
Please continue with the discussion here:

 https://gitlab.com/qemu-project/qemu/-/issues/94


** Changed in: qemu
       Status: New => Expired

** Bug watch added: gitlab.com/qemu-project/qemu/-/issues #94
   https://gitlab.com/qemu-project/qemu/-/issues/94

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1128935

Title:
  MIPS r4k "TLB modified exception" generated for TLB entries that are
  not visible to the TLBP instruction

Status in HelenOS branches:
  New
Status in QEMU:
  Expired

Bug description:
  I occasionally see that the TLBP instruction fails to find the
  corresponding TLB entry in the TLB Modified exception handler.  This
  behavior is unexpected, because the invocation of the TLB Modified
  exception suggests there indeed is such an entry in the TLB and only
  requires its dirty bit to be set.

  The operating system which can trigger and is susceptible to this
  behavior is a HelenOS branch located in lp:~jakub/helenos/mips-malta.
  The QEMU version on which this is reproducible is QEMU 1.4.0 and also
  some others.

  When I looked into the QEMU sources, I noticed the following
  discrepancy, which could potentially explain the behavior:

    65  /* MIPS32/MIPS64 R4000-style MMU emulation */
    66 int r4k_map_address (CPUMIPSState *env, hwaddr *physical, int *prot,
    67                      target_ulong address, int rw, int access_type)
    68 {
    <snip>
    72     for (i = 0; i < env->tlb->tlb_in_use; i++) {

  1865 void r4k_helper_tlbp(CPUMIPSState *env)
  1866 {
   <snip>
  1875     for (i = 0; i < env->tlb->nb_tlb; i++) {

  From the above it appears as if the the code which searches the TLB
  for a matching entry searched also the QEMU-specific "shadow" TLB
  entries, which is, however, not in line with how the TLBP instruction
  searches the TLB. So if a matching entry is found on index >=
  tlb_in_use, the HelenOS exception handler using TLBP to locate the
  entry would hit an assertion on seeing the Index register bit P set.

  I also suspect there is a similar issue with the TLB Invalid
  exception, but thanks to the specifics of the MIPS 4Kc CPU, HelenOS is
  not susceptible in this case.

To manage notifications about this bug go to:
https://bugs.launchpad.net/helenos/+bug/1128935/+subscriptions