From mboxrd@z Thu Jan  1 00:00:00 1970
Received: with ECARTIS (v1.0.0; list linux-mips); Sat, 17 Feb 2018 14:38:41 +0100 (CET)
Received: from pio-pvt-msa1.bahnhof.se ([79.136.2.40]:60303 "EHLO
        pio-pvt-msa1.bahnhof.se" rhost-flags-OK-OK-OK-OK)
        by eddie.linux-mips.org with ESMTP id S23992869AbeBQNifUw28s (ORCPT
        <rfc822;linux-mips@linux-mips.org>); Sat, 17 Feb 2018 14:38:35 +0100
Received: from localhost (localhost [127.0.0.1])
        by pio-pvt-msa1.bahnhof.se (Postfix) with ESMTP id 3E2073F52B;
        Sat, 17 Feb 2018 14:38:28 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at bahnhof.se
Received: from pio-pvt-msa1.bahnhof.se ([127.0.0.1])
        by localhost (pio-pvt-msa1.bahnhof.se [127.0.0.1]) (amavisd-new, port 10024)
        with ESMTP id WXEadoBXXQKk; Sat, 17 Feb 2018 14:38:25 +0100 (CET)
Received: from localhost.localdomain (h-155-4-135-114.NA.cust.bahnhof.se [155.4.135.114])
        (Authenticated sender: mb547485)
        by pio-pvt-msa1.bahnhof.se (Postfix) with ESMTPA id 32C483F4A8;
        Sat, 17 Feb 2018 14:38:17 +0100 (CET)
Date:   Sat, 17 Feb 2018 14:38:16 +0100
From:   Fredrik Noring <noring@nocrew.org>
To:     "Maciej W. Rozycki" <macro@mips.com>
Cc:     =?utf-8?Q?J=C3=BCrgen?= Urban <JuergenUrban@gmx.de>,
        linux-mips@linux-mips.org
Subject: Re: [RFC v2] MIPS: R5900: Workaround exception NOP execution bug
 (FLX05)
Message-ID: <20180217133815.GB2496@localhost.localdomain>
References: <alpine.DEB.2.00.1711102209440.10088@tp.orcam.me.uk>
 <20171111160422.GA2332@localhost.localdomain>
 <20180129202715.GA4817@localhost.localdomain>
 <alpine.DEB.2.00.1801312259410.4191@tp.orcam.me.uk>
 <20180211075608.GC2222@localhost.localdomain>
 <alpine.DEB.2.00.1802111239380.3553@tp.orcam.me.uk>
 <20180215191502.GA2736@localhost.localdomain>
 <alpine.DEB.2.00.1802151934180.3553@tp.orcam.me.uk>
 <20180217111644.GA2496@localhost.localdomain>
 <alpine.DEB.2.00.1802171141260.3553@tp.orcam.me.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <alpine.DEB.2.00.1802171141260.3553@tp.orcam.me.uk>
User-Agent: Mutt/1.9.1 (2017-09-22)
Return-Path: <noring@nocrew.org>
X-Envelope-To: <"|/home/ecartis/ecartis -s linux-mips"> (uid 0)
X-Orcpt: rfc822;linux-mips@linux-mips.org
Original-Recipient: rfc822;linux-mips@linux-mips.org
X-archive-position: 62577
X-ecartis-version: Ecartis v1.0.0
Sender: linux-mips-bounce@linux-mips.org
Errors-to: linux-mips-bounce@linux-mips.org
X-original-sender: noring@nocrew.org
Precedence: bulk
List-help: <mailto:ecartis@linux-mips.org?Subject=help>
List-unsubscribe: <mailto:ecartis@linux-mips.org?subject=unsubscribe%20linux-mips>
List-software: Ecartis version 1.0.0
List-Id: linux-mips <linux-mips.eddie.linux-mips.org>
X-List-ID: linux-mips <linux-mips.eddie.linux-mips.org>
List-subscribe: <mailto:ecartis@linux-mips.org?subject=subscribe%20linux-mips>
List-owner: <mailto:ralf@linux-mips.org>
List-post: <mailto:linux-mips@linux-mips.org>
List-archive: <http://www.linux-mips.org/archives/linux-mips/>
X-list: linux-mips

Hi Maciej,

>  If you can't access /proc/kcore with GDB locally, for whatever reason, 
> then `dd' it (or a part of it); to a regular file and copy it to another 
> machine. Use cross-GDB if necessary.  With 16 MiB of RAM available only 
> it can be getting really tight; the kernel itself takes half of it too I 
> suppose.

Both a (complete) remote copy of kcore, and one shared via v9fs, yield
"Cannot access memory at address 0x80000000" with a cross-GDB, unfortunately:

> > One can get a little further by sharing /proc using v9fs to obtain:
> > 
> > 	# mipsel-linux-gdb -q -c /mnt/kcore
> > 	[New process 1]
> > 	Core was generated by `ramdisk_size=16384 crtmode=pal1 video=ps2fb:pal,640x480-32 rd_start=0x8063c000'.
> > 	#0  0x00000000 in ?? ()
> > 	(gdb) set architecture mips:5900
> > 	The target architecture is assumed to be mips:5900
> > 	(gdb) x /32i 0x80000000
> > 	   0x80000000:	Cannot access memory at address 0x80000000

By examining the read operations for /proc/kcore, it seems GDB reaches this
"cannot access" conclusion from the ELF headers.

>  You need to use bus (physical) rather than virtual addresses with 
> /dev/mem, so:
> 
> # xxd -s 0 -l 256 /dev/mem
> 
> or suchlike.

Ah, the value of the physical address was a misunderstanding on my part. The
convoluted combination of mipsel-linux-objcopy and mipsel-linux-objdump gets
the disassembly done without GDB, as shown below. :D

It looks very similar to yours, with additional NOPs and SYNCs required for
the R5900:

	# ssh ps2 head -c 128 /dev/mem >kcore &&
	    mipsel-linux-objcopy -I binary -O elf32-little kcore kcore.elf &&
	    mipsel-linux-objdump -D -m mips:5900 kcore.elf
	kcore.elf:     file format elf32-little
	Disassembly of section .data:
	00000000 <_binary_kcore_start>:
		...
	   8:	3c1b8061 	lui	k1,0x8061
	   c:	0000040f 	sync.p
	  10:	401a4000 	mfc0	k0,c0_badvaddr
	  14:	8f7b2c60 	lw	k1,11360(k1)
	  18:	001ad582 	srl	k0,k0,0x16
	  1c:	001ad080 	sll	k0,k0,0x2
	  20:	037ad821 	addu	k1,k1,k0
	  24:	0000040f 	sync.p
	  28:	401a2000 	mfc0	k0,c0_context
	  2c:	8f7b0000 	lw	k1,0(k1)
	  30:	001ad042 	srl	k0,k0,0x1
	  34:	335a0ff8 	andi	k0,k0,0xff8
	  38:	037ad821 	addu	k1,k1,k0
	  3c:	8f7a0000 	lw	k0,0(k1)
	  40:	8f7b0004 	lw	k1,4(k1)
	  44:	001ad142 	srl	k0,k0,0x5
	  48:	409a1000 	mtc0	k0,c0_entrylo0
	  4c:	0000040f 	sync.p
	  50:	001bd942 	srl	k1,k1,0x5
	  54:	409b1800 	mtc0	k1,c0_entrylo1
	  58:	0000040f 	sync.p
	  5c:	42000006 	tlbwr
	  60:	0000040f 	sync.p
	  64:	42000018 	eret
		...

Fredrik