From: Richard Henderson <rth@twiddle.net>
To: Thomas Huth <thuth@redhat.com>,
Peter Maydell <peter.maydell@linaro.org>,
qemu-arm@nongnu.org, qemu-devel@nongnu.org
Cc: patches@linaro.org,
"KONRAD Frederic" <frederic.konrad@adacore.com>,
"Emilio G . Cota" <cota@braap.org>,
"Cédric Le Goater" <clg@kaod.org>,
"Edgar E. Iglesias" <edgar.iglesias@gmail.com>,
"Paolo Bonzini" <pbonzini@redhat.com>
Subject: Re: [Qemu-devel] [PATCH 5/6] accel/tcg: Return -1 for execution from MMIO regions in get_page_addr_code()
Date: Thu, 15 Nov 2018 08:32:38 +0100 [thread overview]
Message-ID: <7e05e89a-6eec-257d-03af-78a2d2b60628@twiddle.net> (raw)
In-Reply-To: <3ac12d41-2095-f0ad-db1b-0e3ceea8f44e@redhat.com>
On 11/14/18 6:19 PM, Thomas Huth wrote:
> Program received signal SIGSEGV, Segmentation fault.
> [...]
> (gdb) bt
> #0 0x0000555555addc68 in onenand_read (opaque=0x555557600600, addr=98304, size=4) at hw/block/onenand.c:612
So the crash is an off-by-one on the line above:
--- a/hw/block/onenand.c
+++ b/hw/block/onenand.c
@@ -608,7 +608,7 @@ static uint64_t onenand_read(void *opaque, hwaddr addr,
int offset = addr >> s->shift;
switch (offset) {
- case 0x0000 ... 0xc000:
+ case 0x0000 ... 0xbfff:
return lduw_le_p(s->boot[0] + addr);
case 0xf000: /* Manufacturer ID */
as the memory segment has size 0xc000.
The guest will now eventually crash with
onenand_read: unknown OneNAND register c000
...
onenand_read: unknown OneNAND register fefe
qemu: hardware error: onenand_read: implement ECC
CPU #0:
R00=00000000 R01=00000000 R02=00000000 R03=00000000
R04=00000000 R05=00000000 R06=00000000 R07=00000000
R08=00000000 R09=00000000 R10=00000000 R11=00000000
R12=00000000 R13=00000000 R14=00000000 R15=0001fe04
PSR=400001d3 -Z-- A svc32
s00=00000000 s01=00000000 d00=0000000000000000
s02=00000000 s03=00000000 d01=0000000000000000
s04=00000000 s05=00000000 d02=0000000000000000
s06=00000000 s07=00000000 d03=0000000000000000
s08=00000000 s09=00000000 d04=0000000000000000
s10=00000000 s11=00000000 d05=0000000000000000
s12=00000000 s13=00000000 d06=0000000000000000
s14=00000000 s15=00000000 d07=0000000000000000
s16=00000000 s17=00000000 d08=0000000000000000
s18=00000000 s19=00000000 d09=0000000000000000
s20=00000000 s21=00000000 d10=0000000000000000
s22=00000000 s23=00000000 d11=0000000000000000
s24=00000000 s25=00000000 d12=0000000000000000
s26=00000000 s27=00000000 d13=0000000000000000
s28=00000000 s29=00000000 d14=0000000000000000
s30=00000000 s31=00000000 d15=0000000000000000
FPSCR: 00000000
Aborted (core dumped)
I'll note that fprintf at the end of onenand_read should be
qemu_log(LOG_GUEST_ERROR) instead.
r~
next prev parent reply other threads:[~2018-11-15 7:32 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-10 16:00 [Qemu-devel] [PATCH 0/6] accel/tcg: Support execution from MMIO and small MMU regions Peter Maydell
2018-07-10 16:00 ` [Qemu-devel] [PATCH 1/6] accel/tcg: Pass read access type through to io_readx() Peter Maydell
2018-07-10 18:19 ` Richard Henderson
2018-07-11 14:06 ` [Qemu-devel] [Qemu-arm] " Philippe Mathieu-Daudé
2018-07-10 16:00 ` [Qemu-devel] [PATCH 2/6] accel/tcg: Handle get_page_addr_code() returning -1 in hashtable lookups Peter Maydell
2018-07-10 18:23 ` Richard Henderson
2018-07-13 16:44 ` Emilio G. Cota
2018-07-10 16:00 ` [Qemu-devel] [PATCH 3/6] accel/tcg: Handle get_page_addr_code() returning -1 in tb_check_watchpoint() Peter Maydell
2018-07-10 18:27 ` Richard Henderson
2018-07-10 16:00 ` [Qemu-devel] [PATCH 4/6] accel/tcg: tb_gen_code(): Create single-insn TB for execution from non-RAM Peter Maydell
2018-07-10 18:30 ` Richard Henderson
2018-07-13 16:41 ` Emilio G. Cota
2018-07-10 16:00 ` [Qemu-devel] [PATCH 5/6] accel/tcg: Return -1 for execution from MMIO regions in get_page_addr_code() Peter Maydell
2018-07-10 18:33 ` Richard Henderson
2018-07-11 14:36 ` [Qemu-devel] [Qemu-arm] " Philippe Mathieu-Daudé
2018-11-14 17:19 ` [Qemu-devel] " Thomas Huth
2018-11-15 7:32 ` Richard Henderson [this message]
2018-11-15 13:53 ` Peter Maydell
2018-11-15 16:00 ` Richard Henderson
2018-07-10 16:00 ` [Qemu-devel] [PATCH 6/6] target/arm: Allow execution from small regions Peter Maydell
2018-07-10 18:34 ` Richard Henderson
2018-07-11 15:09 ` [Qemu-devel] [Qemu-arm] " Philippe Mathieu-Daudé
2018-07-11 4:21 ` [Qemu-devel] [Qemu-arm] [PATCH 0/6] accel/tcg: Support execution from MMIO and small MMU regions Philippe Mathieu-Daudé
2018-07-12 16:37 ` Peter Maydell
2018-07-13 15:13 ` Peter Maydell
2018-07-16 12:30 ` [Qemu-devel] " KONRAD Frederic
2018-07-16 13:02 ` Peter Maydell
2018-07-23 14:57 ` Cédric Le Goater
2018-07-23 15:17 ` Peter Maydell
2018-07-23 15:51 ` Cédric Le Goater
2018-07-23 15:11 ` Cédric Le Goater
2018-07-24 12:23 ` [Qemu-devel] [Qemu-arm] " Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7e05e89a-6eec-257d-03af-78a2d2b60628@twiddle.net \
--to=rth@twiddle.net \
--cc=clg@kaod.org \
--cc=cota@braap.org \
--cc=edgar.iglesias@gmail.com \
--cc=frederic.konrad@adacore.com \
--cc=patches@linaro.org \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.