Emulating LWZU Instruction for e500 powerpc

Emulating LWZU Instruction for e500 powerpc

[Aashish Mittal]

Hi
I'm trying to emulate the lwzu instruction in e500 powerpc kvm for my project . 
I've removed the read and write privileges from the tlb entries of guest's 
certain pages . So when i'm trying to emulate lwzu instruction i'm getting a 
kernel panic while mounting the guest filesystem while booting .

attempt to access beyond end of device
ram0: rw=0, wantu703268, limit&2144

To make sure that the emulation is  faulty what i'm trying to do now is at the 
time of DATA STORAGE exit on a marked page by an lwzu instruction i'm patching 
the next instruction with an instruction which will raise an INTERRUPT PROGRAM 
EXCEPTION and will get trapped in kvm and then i'm reverting the old read and 
write privileges of this page and resuming the guest so that this LWZU 
instruction can run natively . I'm expecting the immediate next instruction to 
raise the INTERRUPT PROGRAM EXCEPTION but all i'm getting are DATA STORAGE Exits 
at other pages marked by me and DTLB and ITLB misses on other addresses .

I've made sure to flush the icache after i patch using the instruction 
flush_icache_range .

Error Log :
Emulating a lwzu instruction on pc 0xc00161ac && eaddr 0xc05742f0
Original Instruction is 0x90e60004 at pc: 0xc00161b0
Modified Instruction is 0x7ce000a6 at pc: 0xc00161b0 
Exit : Interrupt DATA STORAGE at pc 0xc000f210 on eaddr:0xc000f228 instruction: 
0x8085001c

Why i'm not getting any INTERRUPT PROGRAM EXCEPTION immediately in the next 
instruction ?

-- 
Thanks and regards
Aashish Mittal

Re: Emulating LWZU Instruction for e500 powerpc

[Alexander Graf]

On 19.08.2011, at 06:45, Aashish Mittal wrote:

> Hi
> I'm trying to emulate the lwzu instruction in e500 powerpc kvm for my project . 
> I've removed the read and write privileges from the tlb entries of guest's 
> certain pages . So when i'm trying to emulate lwzu instruction i'm getting a 
> kernel panic while mounting the guest filesystem while booting .
> 
> attempt to access beyond end of device
> ram0: rw=0, want=75703268, limit=262144
> 
> To make sure that the emulation is  faulty what i'm trying to do now is at the 
> time of DATA STORAGE exit on a marked page by an lwzu instruction i'm patching 
> the next instruction with an instruction which will raise an INTERRUPT PROGRAM 
> EXCEPTION and will get trapped in kvm and then i'm reverting the old read and 
> write privileges of this page and resuming the guest so that this LWZU 
> instruction can run natively . I'm expecting the immediate next instruction to 
> raise the INTERRUPT PROGRAM EXCEPTION but all i'm getting are DATA STORAGE Exits 
> at other pages marked by me and DTLB and ITLB misses on other addresses .
> 
> I've made sure to flush the icache after i patch using the instruction 
> flush_icache_range .
> 
> Error Log :
> Emulating a lwzu instruction on pc 0xc00161ac && eaddr 0xc05742f0
> Original Instruction is 0x90e60004 at pc: 0xc00161b0
> Modified Instruction is 0x7ce000a6 at pc: 0xc00161b0 
> Exit : Interrupt DATA STORAGE at pc 0xc000f210 on eaddr:0xc000f228 instruction: 
> 0x8085001c
> 
> Why i'm not getting any INTERRUPT PROGRAM EXCEPTION immediately in the next 
> instruction ?

Hrm. Are you sure you're actually modifying the instruction? This looks like you're running Linux, so you could try and just put a "b ." instruction right after the instruction you're trying to patch up and examine memory from Qemu :)


Alex

Re: Emulating LWZU Instruction for e500 powerpc

[Alexander Graf]

On 19.08.2011, at 06:45, Aashish Mittal wrote:

> Hi
> I'm trying to emulate the lwzu instruction in e500 powerpc kvm for my project . 
> I've removed the read and write privileges from the tlb entries of guest's 
> certain pages . So when i'm trying to emulate lwzu instruction i'm getting a 
> kernel panic while mounting the guest filesystem while booting .
> 
> attempt to access beyond end of device
> ram0: rw=0, wantu703268, limit&2144
> 
> To make sure that the emulation is  faulty what i'm trying to do now is at the 
> time of DATA STORAGE exit on a marked page by an lwzu instruction i'm patching 
> the next instruction with an instruction which will raise an INTERRUPT PROGRAM 
> EXCEPTION and will get trapped in kvm and then i'm reverting the old read and 
> write privileges of this page and resuming the guest so that this LWZU 
> instruction can run natively . I'm expecting the immediate next instruction to 
> raise the INTERRUPT PROGRAM EXCEPTION but all i'm getting are DATA STORAGE Exits 
> at other pages marked by me and DTLB and ITLB misses on other addresses .
> 
> I've made sure to flush the icache after i patch using the instruction 
> flush_icache_range .
> 
> Error Log :
> Emulating a lwzu instruction on pc 0xc00161ac && eaddr 0xc05742f0
> Original Instruction is 0x90e60004 at pc: 0xc00161b0
> Modified Instruction is 0x7ce000a6 at pc: 0xc00161b0 
> Exit : Interrupt DATA STORAGE at pc 0xc000f210 on eaddr:0xc000f228 instruction: 
> 0x8085001c
> 
> Why i'm not getting any INTERRUPT PROGRAM EXCEPTION immediately in the next 
> instruction ?

Hrm. Are you sure you're actually modifying the instruction? This looks like you're running Linux, so you could try and just put a "b ." instruction right after the instruction you're trying to patch up and examine memory from Qemu :)


Alex

Re: Emulating LWZU Instruction for e500 powerpc

[Aashish Mittal]

Alexander Graf <agraf <at> suse.de> writes:

> 
> 
> On 19.08.2011, at 06:45, Aashish Mittal wrote:
> 
> > Hi
> > I'm trying to emulate the lwzu instruction in e500 powerpc kvm for my 
project . 
> > I've removed the read and write privileges from the tlb entries of guest's 
> > certain pages . So when i'm trying to emulate lwzu instruction i'm getting a 
> > kernel panic while mounting the guest filesystem while booting .
> > 
> > attempt to access beyond end of device
> > ram0: rw=0, wantu703268, limit&2144
> > 
> > To make sure that the emulation is  faulty what i'm trying to do now is at 
the 
> > time of DATA STORAGE exit on a marked page by an lwzu instruction i'm 
patching 
> > the next instruction with an instruction which will raise an INTERRUPT 
PROGRAM 
> > EXCEPTION and will get trapped in kvm and then i'm reverting the old read 
and 
> > write privileges of this page and resuming the guest so that this LWZU 
> > instruction can run natively . I'm expecting the immediate next instruction 
to 
> > raise the INTERRUPT PROGRAM EXCEPTION but all i'm getting are DATA STORAGE 
Exits 
> > at other pages marked by me and DTLB and ITLB misses on other addresses .
> > 
> > I've made sure to flush the icache after i patch using the instruction 
> > flush_icache_range .
> > 
> > Error Log :
> > Emulating a lwzu instruction on pc 0xc00161ac && eaddr 0xc05742f0
> > Original Instruction is 0x90e60004 at pc: 0xc00161b0
> > Modified Instruction is 0x7ce000a6 at pc: 0xc00161b0 
> > Exit : Interrupt DATA STORAGE at pc 0xc000f210 on eaddr:0xc000f228 
instruction: 
> > 0x8085001c
> > 
> > Why i'm not getting any INTERRUPT PROGRAM EXCEPTION immediately in the next 
> > instruction ?
> 
> Hrm. Are you sure you're actually modifying the instruction? This looks like 
you're running Linux, so you
> could try and just put a "b ." instruction right after the instruction you're 
trying to patch up and examine
> memory from Qemu :)
> 
> Alex
> 
> 
I checked the memory by reading the guest page at the modified instruction and 
it is the modified instruction . I think the reason i'm not getting the EXIT is 
because the icache is not getting flushed properly. 
I'm trying to to flush the icache entries of the guest while i'm inside the host 
kvm . I'm trying to use flush_icache_range(pc , pc+ 4 ) where this pc  is the 
guest pc eaddr where i'm modifying the instruction . 

Do you have any idea how to flush the guest entries while i'm inside the host os 
given the guest eaddr of the address where i'm trying to patch the instruction . 

Thanks for you help
Aashish Mittal

Re: Emulating LWZU Instruction for e500 powerpc

[Alexander Graf]

On 25.08.2011, at 04:30, Aashish Mittal wrote:

> 
> On Thu, Aug 25, 2011 at 4:04 AM, Alexander Graf <agraf@suse.de> wrote:
> 
> On 19.08.2011, at 06:45, Aashish Mittal wrote:
> 
> > Hi
> > I'm trying to emulate the lwzu instruction in e500 powerpc kvm for my project .
> > I've removed the read and write privileges from the tlb entries of guest's
> > certain pages . So when i'm trying to emulate lwzu instruction i'm getting a
> > kernel panic while mounting the guest filesystem while booting .
> >
> > attempt to access beyond end of device
> > ram0: rw=0, want=75703268, limit=262144
> >
> > To make sure that the emulation is  faulty what i'm trying to do now is at the
> > time of DATA STORAGE exit on a marked page by an lwzu instruction i'm patching
> > the next instruction with an instruction which will raise an INTERRUPT PROGRAM
> > EXCEPTION and will get trapped in kvm and then i'm reverting the old read and
> > write privileges of this page and resuming the guest so that this LWZU
> > instruction can run natively . I'm expecting the immediate next instruction to
> > raise the INTERRUPT PROGRAM EXCEPTION but all i'm getting are DATA STORAGE Exits
> > at other pages marked by me and DTLB and ITLB misses on other addresses .
> >
> > I've made sure to flush the icache after i patch using the instruction
> > flush_icache_range .
> >
> > Error Log :
> > Emulating a lwzu instruction on pc 0xc00161ac && eaddr 0xc05742f0
> > Original Instruction is 0x90e60004 at pc: 0xc00161b0
> > Modified Instruction is 0x7ce000a6 at pc: 0xc00161b0
> > Exit : Interrupt DATA STORAGE at pc 0xc000f210 on eaddr:0xc000f228 instruction:
> > 0x8085001c
> >
> > Why i'm not getting any INTERRUPT PROGRAM EXCEPTION immediately in the next
> > instruction ?
> 
> Hrm. Are you sure you're actually modifying the instruction? This looks like you're running Linux, so you could try and just put a "b ." instruction right after the instruction you're trying to patch up and examine memory from Qemu :)
> 
> 
> Alex
> 
> I checked the memory by reading the guest page at the modified instruction and it is the modified instruction . I think the reason i'm not getting the EXIT is because the icache is not getting flushed properly. 
> I'm trying to to flush the icache entries of the guest while i'm inside the host kvm . I'm trying to use flush_icache_range(pc , pc+ 4 ) where this pc  is the guest pc eaddr where i'm modifying the instruction . 
> 
> Do you have any idea how to flush the guest entries while i'm inside the host os given the guest eaddr of the address where i'm trying to patch the instruction . 

You need to do the icache flush on the effective address you were writing to, not the guest effective address :)


Alex

Re: Emulating LWZU Instruction for e500 powerpc

[Alexander Graf]

On 25.08.2011, at 04:30, Aashish Mittal wrote:

> 
> On Thu, Aug 25, 2011 at 4:04 AM, Alexander Graf <agraf@suse.de> wrote:
> 
> On 19.08.2011, at 06:45, Aashish Mittal wrote:
> 
> > Hi
> > I'm trying to emulate the lwzu instruction in e500 powerpc kvm for my project .
> > I've removed the read and write privileges from the tlb entries of guest's
> > certain pages . So when i'm trying to emulate lwzu instruction i'm getting a
> > kernel panic while mounting the guest filesystem while booting .
> >
> > attempt to access beyond end of device
> > ram0: rw=0, wantu703268, limit&2144
> >
> > To make sure that the emulation is  faulty what i'm trying to do now is at the
> > time of DATA STORAGE exit on a marked page by an lwzu instruction i'm patching
> > the next instruction with an instruction which will raise an INTERRUPT PROGRAM
> > EXCEPTION and will get trapped in kvm and then i'm reverting the old read and
> > write privileges of this page and resuming the guest so that this LWZU
> > instruction can run natively . I'm expecting the immediate next instruction to
> > raise the INTERRUPT PROGRAM EXCEPTION but all i'm getting are DATA STORAGE Exits
> > at other pages marked by me and DTLB and ITLB misses on other addresses .
> >
> > I've made sure to flush the icache after i patch using the instruction
> > flush_icache_range .
> >
> > Error Log :
> > Emulating a lwzu instruction on pc 0xc00161ac && eaddr 0xc05742f0
> > Original Instruction is 0x90e60004 at pc: 0xc00161b0
> > Modified Instruction is 0x7ce000a6 at pc: 0xc00161b0
> > Exit : Interrupt DATA STORAGE at pc 0xc000f210 on eaddr:0xc000f228 instruction:
> > 0x8085001c
> >
> > Why i'm not getting any INTERRUPT PROGRAM EXCEPTION immediately in the next
> > instruction ?
> 
> Hrm. Are you sure you're actually modifying the instruction? This looks like you're running Linux, so you could try and just put a "b ." instruction right after the instruction you're trying to patch up and examine memory from Qemu :)
> 
> 
> Alex
> 
> I checked the memory by reading the guest page at the modified instruction and it is the modified instruction . I think the reason i'm not getting the EXIT is because the icache is not getting flushed properly. 
> I'm trying to to flush the icache entries of the guest while i'm inside the host kvm . I'm trying to use flush_icache_range(pc , pc+ 4 ) where this pc  is the guest pc eaddr where i'm modifying the instruction . 
> 
> Do you have any idea how to flush the guest entries while i'm inside the host os given the guest eaddr of the address where i'm trying to patch the instruction . 

You need to do the icache flush on the effective address you were writing to, not the guest effective address :)


Alex

Re: Emulating LWZU Instruction for e500 powerpc

[Scott Wood]

On 08/25/2011 04:31 AM, Aashish Mittal wrote:
> I checked the memory by reading the guest page at the modified instruction and 
> it is the modified instruction . I think the reason i'm not getting the EXIT is 
> because the icache is not getting flushed properly. 
> I'm trying to to flush the icache entries of the guest while i'm inside the host 
> kvm . I'm trying to use flush_icache_range(pc , pc+ 4 ) where this pc  is the 
> guest pc eaddr where i'm modifying the instruction . 
> 
> Do you have any idea how to flush the guest entries while i'm inside the host os 
> given the guest eaddr of the address where i'm trying to patch the instruction . 

What address are you using to actually do the modification?  You can't
flush with an address on which you can't do normal memory accesses from
the current context.  You need an effective address that is valid in the
host.

-Scott