* pxa crashes with qemu v5.2 when executing xscale operations
@ 2020-12-21 5:28 Guenter Roeck
2020-12-21 15:24 ` Philippe Mathieu-Daudé
0 siblings, 1 reply; 7+ messages in thread
From: Guenter Roeck @ 2020-12-21 5:28 UTC (permalink / raw)
To: QEMU Developers; +Cc: Peter Maydell
Hi,
I noticed that booting Linux on PXA emulations no longer works with qemu v5.2.
When trying to boot akita, borzoi, or similar emulations, I get the following crash.
[ 0.965279] Internal error: Oops - undefined instruction: 0 [#1] PREEMPT ARM
[ 0.967273] Modules linked in:
[ 0.967875] CPU: 0 PID: 1 Comm: swapper Not tainted 5.10.2-rc1-00017-gc96cfd687a3f #1
[ 0.968101] Hardware name: SHARP Akita
[ 0.968676] PC is at xscale_cp0_init+0x84/0x114
[ 0.968815] LR is at do_one_initcall+0x60/0x290
[ 0.968997] pc : [<c08ce068>] lr : [<c000a2dc>] psr: 60000013
[ 0.969186] sp : c0bdfec8 ip : c0bdfee0 fp : c0bdfedc
[ 0.969332] r10: c08fe834 r9 : c09f2000 r8 : c08c6a9c
[ 0.969498] r7 : c09e0c00 r6 : 00000000 r5 : 00002041 r4 : 00002040
[ 0.969679] r3 : 00000100 r2 : 00000000 r1 : 69052000 r0 : 00000000
[ 0.969892] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
[ 0.970123] Control: 00007977 Table: a22e0000 DAC: 00000071
[ 0.970349] Process swapper (pid: 1, stack limit = 0x(ptrval))
[ 0.970564] Stack: (0xc0bdfec8 to 0xc0be0000)
[ 0.970818] fec0: c08cdfe4 ffffe000 c0bdff4c c0bdfee0 c000a2dc c08cdff0
[ 0.971144] fee0: c004b8a0 c08c9458 c0bdfee4 00000000 00000dc0 00000000 00000007 00000007
[ 0.971438] ff00: 00000000 c07fc180 c08c944c c08c6a9c c017213c c0c07c4c c0c07c54 c092d028
[ 0.971728] ff20: 00000000 000000a0 c0c07c20 c092d028 c09293fc c0c07c20 00000008 c08fe854
[ 0.972026] ff40: c0bdff94 c0bdff50 c08ca220 c000a288 00000007 00000007 00000000 c08c944c
[ 0.972315] ff60: ffffe000 000000a0 c0bdff8c 00000000 c0671de8 00000000 00000000 00000000
[ 0.972603] ff80: 00000000 00000000 c0bdffac c0bdff98 c0671e00 c08ca0d8 00000000 c0671de8
[ 0.972891] ffa0: 00000000 c0bdffb0 c0008360 c0671df4 00000000 00000000 00000000 00000000
[ 0.973199] ffc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 0.973488] ffe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000
[ 0.973763] Backtrace:
[ 0.974001] [<c08cdfe4>] (xscale_cp0_init) from [<c000a2dc>] (do_one_initcall+0x60/0x290)
[ 0.974282] r5:ffffe000 r4:c08cdfe4
[ 0.974564] [<c000a27c>] (do_one_initcall) from [<c08ca220>] (kernel_init_freeable+0x154/0x1dc)
[ 0.974791] r7:c08fe854 r6:00000008 r5:c0c07c20 r4:c09293fc
[ 0.974948] [<c08ca0cc>] (kernel_init_freeable) from [<c0671e00>] (kernel_init+0x18/0x110)
[ 0.975191] r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:c0671de8
[ 0.975394] r4:00000000
[ 0.975476] [<c0671de8>] (kernel_init) from [<c0008360>] (ret_from_fork+0x14/0x34)
[ 0.975695] Exception stack(0xc0bdffb0 to 0xc0bdfff8)
[ 0.975885] ffa0: 00000000 00000000 00000000 00000000
[ 0.976184] ffc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 0.976458] ffe0: 00000000 00000000 00000000 00000000 00000013 00000000
[ 0.976657] r5:c0671de8 r4:00000000
[ 0.976961] Code: e1a03003 e24ff004 e3a02000 e3a03c01 (ec432000)
The code is:
70: ee1f3f11 mrc 15, 0, r3, cr15, cr1, {0}
74: e1a03003 mov r3, r3
78: e24ff004 sub pc, pc, #4
7c: e3a02000 mov r2, #0
80: e3a03c01 mov r3, #256 ; 0x100
84: ec432000 mar acc0, r2, r3
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This is supposed to be a DSP or iWMMXt coprocessor instruction.
I did notice that the code to support xscale instructions has changed significantly
in qemu v5.2.
Does this mean that there is a bug, that the affected emulations are no longer
supported, that I now have to specify some new option on the qemu command line,
or something else ?
Thanks,
Guenter
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: pxa crashes with qemu v5.2 when executing xscale operations
2020-12-21 5:28 pxa crashes with qemu v5.2 when executing xscale operations Guenter Roeck
@ 2020-12-21 15:24 ` Philippe Mathieu-Daudé
2020-12-21 16:01 ` Guenter Roeck
2021-01-08 20:00 ` Peter Maydell
0 siblings, 2 replies; 7+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-12-21 15:24 UTC (permalink / raw)
To: Guenter Roeck, QEMU Developers; +Cc: Peter Maydell, Richard Henderson
On 12/21/20 6:28 AM, Guenter Roeck wrote:
> Hi,
>
> I noticed that booting Linux on PXA emulations no longer works with qemu v5.2.
> When trying to boot akita, borzoi, or similar emulations, I get the following crash.
>
> [ 0.965279] Internal error: Oops - undefined instruction: 0 [#1] PREEMPT ARM
> [ 0.967273] Modules linked in:
> [ 0.967875] CPU: 0 PID: 1 Comm: swapper Not tainted 5.10.2-rc1-00017-gc96cfd687a3f #1
> [ 0.968101] Hardware name: SHARP Akita
> [ 0.968676] PC is at xscale_cp0_init+0x84/0x114
> [ 0.968815] LR is at do_one_initcall+0x60/0x290
> [ 0.968997] pc : [<c08ce068>] lr : [<c000a2dc>] psr: 60000013
> [ 0.969186] sp : c0bdfec8 ip : c0bdfee0 fp : c0bdfedc
> [ 0.969332] r10: c08fe834 r9 : c09f2000 r8 : c08c6a9c
> [ 0.969498] r7 : c09e0c00 r6 : 00000000 r5 : 00002041 r4 : 00002040
> [ 0.969679] r3 : 00000100 r2 : 00000000 r1 : 69052000 r0 : 00000000
> [ 0.969892] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
> [ 0.970123] Control: 00007977 Table: a22e0000 DAC: 00000071
> [ 0.970349] Process swapper (pid: 1, stack limit = 0x(ptrval))
> [ 0.970564] Stack: (0xc0bdfec8 to 0xc0be0000)
> [ 0.970818] fec0: c08cdfe4 ffffe000 c0bdff4c c0bdfee0 c000a2dc c08cdff0
> [ 0.971144] fee0: c004b8a0 c08c9458 c0bdfee4 00000000 00000dc0 00000000 00000007 00000007
> [ 0.971438] ff00: 00000000 c07fc180 c08c944c c08c6a9c c017213c c0c07c4c c0c07c54 c092d028
> [ 0.971728] ff20: 00000000 000000a0 c0c07c20 c092d028 c09293fc c0c07c20 00000008 c08fe854
> [ 0.972026] ff40: c0bdff94 c0bdff50 c08ca220 c000a288 00000007 00000007 00000000 c08c944c
> [ 0.972315] ff60: ffffe000 000000a0 c0bdff8c 00000000 c0671de8 00000000 00000000 00000000
> [ 0.972603] ff80: 00000000 00000000 c0bdffac c0bdff98 c0671e00 c08ca0d8 00000000 c0671de8
> [ 0.972891] ffa0: 00000000 c0bdffb0 c0008360 c0671df4 00000000 00000000 00000000 00000000
> [ 0.973199] ffc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
> [ 0.973488] ffe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000
> [ 0.973763] Backtrace:
> [ 0.974001] [<c08cdfe4>] (xscale_cp0_init) from [<c000a2dc>] (do_one_initcall+0x60/0x290)
> [ 0.974282] r5:ffffe000 r4:c08cdfe4
> [ 0.974564] [<c000a27c>] (do_one_initcall) from [<c08ca220>] (kernel_init_freeable+0x154/0x1dc)
> [ 0.974791] r7:c08fe854 r6:00000008 r5:c0c07c20 r4:c09293fc
> [ 0.974948] [<c08ca0cc>] (kernel_init_freeable) from [<c0671e00>] (kernel_init+0x18/0x110)
> [ 0.975191] r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:c0671de8
> [ 0.975394] r4:00000000
> [ 0.975476] [<c0671de8>] (kernel_init) from [<c0008360>] (ret_from_fork+0x14/0x34)
> [ 0.975695] Exception stack(0xc0bdffb0 to 0xc0bdfff8)
> [ 0.975885] ffa0: 00000000 00000000 00000000 00000000
> [ 0.976184] ffc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
> [ 0.976458] ffe0: 00000000 00000000 00000000 00000000 00000013 00000000
> [ 0.976657] r5:c0671de8 r4:00000000
> [ 0.976961] Code: e1a03003 e24ff004 e3a02000 e3a03c01 (ec432000)
>
> The code is:
>
> 70: ee1f3f11 mrc 15, 0, r3, cr15, cr1, {0}
> 74: e1a03003 mov r3, r3
> 78: e24ff004 sub pc, pc, #4
> 7c: e3a02000 mov r2, #0
> 80: e3a03c01 mov r3, #256 ; 0x100
> 84: ec432000 mar acc0, r2, r3
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> This is supposed to be a DSP or iWMMXt coprocessor instruction.
> I did notice that the code to support xscale instructions has changed significantly
> in qemu v5.2.
Indeed a lot changed...
I had a quick look. The instruction is decoded in aa32 as LDR_ri.
Without looking at the spec, I simply googled the instruction and
got this link:
https://developer.arm.com/documentation/ddi0406/c/Application-Level-Architecture/ARM-Instruction-Set-Encoding/Load-store-word-and-unsigned-byte
which is for ARMv7-[AR] so I tried this dumb diff to skip the
LDR_ri decoding:
-- >8 --
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -6562,6 +6562,10 @@ static bool op_load_ri(DisasContext *s,
arg_ldst_ri *a,
ISSInfo issinfo = make_issinfo(s, a->rt, a->p, a->w);
TCGv_i32 addr, tmp;
+ if (!ENABLE_ARCH_7) {
+ return false;
+ }
+
addr = op_addr_ri_pre(s, a);
tmp = tcg_temp_new_i32();
@@ -6583,6 +6587,10 @@ static bool op_store_ri(DisasContext *s,
arg_ldst_ri *a,
ISSInfo issinfo = make_issinfo(s, a->rt, a->p, a->w) | ISSIsWrite;
TCGv_i32 addr, tmp;
+ if (!ENABLE_ARCH_7) {
+ return false;
+ }
+
addr = op_addr_ri_pre(s, a);
tmp = load_reg(s, a->rt);
---
Then realized disas_xscale_insn() isn't reached. In case that helped,
I focused on these commits:
590057d969a ("target/arm: Simplify disas_arm_insn")
19c23a9baaf ("target/arm: Separate decode from handling of coproc insns")
7b4f933db86 ("target/arm: Pull handling of XScale insns out of
disas_coproc_insn()")
> Does this mean that there is a bug, that the affected emulations are no longer
> supported, that I now have to specify some new option on the qemu command line,
> or something else ?
The command line is likely correct, all the pxa270* CPUs have the same
architectural features. It is not yet listed as "no longer supported"
but certainly "not enough tested". Good news, you seem to have an easy
reproducible test.
>
> Thanks,
> Guenter
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: pxa crashes with qemu v5.2 when executing xscale operations
2020-12-21 15:24 ` Philippe Mathieu-Daudé
@ 2020-12-21 16:01 ` Guenter Roeck
2021-01-08 17:25 ` Peter Maydell
2021-01-08 20:00 ` Peter Maydell
1 sibling, 1 reply; 7+ messages in thread
From: Guenter Roeck @ 2020-12-21 16:01 UTC (permalink / raw)
To: Philippe Mathieu-Daudé, QEMU Developers
Cc: Peter Maydell, Richard Henderson
Hi Philippe,
On 12/21/20 7:24 AM, Philippe Mathieu-Daudé wrote:
[ ... ])
>
>> Does this mean that there is a bug, that the affected emulations are no longer
>> supported, that I now have to specify some new option on the qemu command line,
>> or something else ?
>
> The command line is likely correct, all the pxa270* CPUs have the same
> architectural features. It is not yet listed as "no longer supported"
> but certainly "not enough tested". Good news, you seem to have an easy
> reproducible test.
>
Something like the following should do.
qemu-system-arm -M z2 -kernel arch/arm/boot/zImage -no-reboot \
-initrd rootfs-armv5.cpio \
--append "rdinit=/sbin/init console=ttyS0" \
-nographic -monitor null -serial stdio
where the kernel is built with pxa_defconfig.
Machine name can be any of the pxa machines (akita, borzoi, spitz,
tosa, terrier, z2, or mainstone). The initrd is from:
https://github.com/groeck/linux-build-test/blob/master/rootfs/arm/rootfs-armv5.cpio.gz
Guenter
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: pxa crashes with qemu v5.2 when executing xscale operations
2020-12-21 16:01 ` Guenter Roeck
@ 2021-01-08 17:25 ` Peter Maydell
2021-01-08 18:56 ` Guenter Roeck
0 siblings, 1 reply; 7+ messages in thread
From: Peter Maydell @ 2021-01-08 17:25 UTC (permalink / raw)
To: Guenter Roeck
Cc: Richard Henderson, Philippe Mathieu-Daudé, QEMU Developers
On Mon, 21 Dec 2020 at 16:01, Guenter Roeck <linux@roeck-us.net> wrote:
> Something like the following should do.
>
> qemu-system-arm -M z2 -kernel arch/arm/boot/zImage -no-reboot \
> -initrd rootfs-armv5.cpio \
> --append "rdinit=/sbin/init console=ttyS0" \
> -nographic -monitor null -serial stdio
>
> where the kernel is built with pxa_defconfig.
> Machine name can be any of the pxa machines (akita, borzoi, spitz,
> tosa, terrier, z2, or mainstone). The initrd is from:
> https://github.com/groeck/linux-build-test/blob/master/rootfs/arm/rootfs-armv5.cpio.gz
Do you have a zImage that exhibits this so I don't have to build
my own, please?
thanks
-- PMM
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: pxa crashes with qemu v5.2 when executing xscale operations
2021-01-08 17:25 ` Peter Maydell
@ 2021-01-08 18:56 ` Guenter Roeck
2021-01-08 19:52 ` Peter Maydell
0 siblings, 1 reply; 7+ messages in thread
From: Guenter Roeck @ 2021-01-08 18:56 UTC (permalink / raw)
To: Peter Maydell
Cc: Richard Henderson, Philippe Mathieu-Daudé, QEMU Developers
[-- Attachment #1: Type: text/plain, Size: 740 bytes --]
On 1/8/21 9:25 AM, Peter Maydell wrote:
> On Mon, 21 Dec 2020 at 16:01, Guenter Roeck <linux@roeck-us.net> wrote:
>> Something like the following should do.
>>
>> qemu-system-arm -M z2 -kernel arch/arm/boot/zImage -no-reboot \
>> -initrd rootfs-armv5.cpio \
>> --append "rdinit=/sbin/init console=ttyS0" \
>> -nographic -monitor null -serial stdio
>>
>> where the kernel is built with pxa_defconfig.
>> Machine name can be any of the pxa machines (akita, borzoi, spitz,
>> tosa, terrier, z2, or mainstone). The initrd is from:
>> https://github.com/groeck/linux-build-test/blob/master/rootfs/arm/rootfs-armv5.cpio.gz
>
> Do you have a zImage that exhibits this so I don't have to build
> my own, please?
>
Attached.
Guenter
[-- Attachment #2: zImage --]
[-- Type: application/octet-stream, Size: 4764520 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: pxa crashes with qemu v5.2 when executing xscale operations
2021-01-08 18:56 ` Guenter Roeck
@ 2021-01-08 19:52 ` Peter Maydell
0 siblings, 0 replies; 7+ messages in thread
From: Peter Maydell @ 2021-01-08 19:52 UTC (permalink / raw)
To: Guenter Roeck
Cc: Richard Henderson, Philippe Mathieu-Daudé, QEMU Developers
On Fri, 8 Jan 2021 at 18:56, Guenter Roeck <linux@roeck-us.net> wrote:
>
> On 1/8/21 9:25 AM, Peter Maydell wrote:
> > On Mon, 21 Dec 2020 at 16:01, Guenter Roeck <linux@roeck-us.net> wrote:
> >> Something like the following should do.
> >>
> >> qemu-system-arm -M z2 -kernel arch/arm/boot/zImage -no-reboot \
> >> -initrd rootfs-armv5.cpio \
> >> --append "rdinit=/sbin/init console=ttyS0" \
> >> -nographic -monitor null -serial stdio
> >>
> >> where the kernel is built with pxa_defconfig.
> >> Machine name can be any of the pxa machines (akita, borzoi, spitz,
> >> tosa, terrier, z2, or mainstone). The initrd is from:
> >> https://github.com/groeck/linux-build-test/blob/master/rootfs/arm/rootfs-armv5.cpio.gz
> >
> > Do you have a zImage that exhibits this so I don't have to build
> > my own, please?
> >
>
> Attached.
Thanks. Yeah, this is a bug in my refactoring of the coprocessor
insn handling :-( I've just sent a patch which fixes it.
-- PMM
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: pxa crashes with qemu v5.2 when executing xscale operations
2020-12-21 15:24 ` Philippe Mathieu-Daudé
2020-12-21 16:01 ` Guenter Roeck
@ 2021-01-08 20:00 ` Peter Maydell
1 sibling, 0 replies; 7+ messages in thread
From: Peter Maydell @ 2021-01-08 20:00 UTC (permalink / raw)
To: Philippe Mathieu-Daudé
Cc: Richard Henderson, QEMU Developers, Guenter Roeck
On Mon, 21 Dec 2020 at 15:24, Philippe Mathieu-Daudé <f4bug@amsat.org> wrote:
> On 12/21/20 6:28 AM, Guenter Roeck wrote:
> > 84: ec432000 mar acc0, r2, r3
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >
> > This is supposed to be a DSP or iWMMXt coprocessor instruction.
> > I did notice that the code to support xscale instructions has changed significantly
> > in qemu v5.2.
>
> Indeed a lot changed...
>
> I had a quick look. The instruction is decoded in aa32 as LDR_ri.
It isn't, incidentally. LDR_ri has 010 in bits [27:25], and this
insn has 110.
thanks
-- PMM
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2021-01-08 20:01 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-12-21 5:28 pxa crashes with qemu v5.2 when executing xscale operations Guenter Roeck
2020-12-21 15:24 ` Philippe Mathieu-Daudé
2020-12-21 16:01 ` Guenter Roeck
2021-01-08 17:25 ` Peter Maydell
2021-01-08 18:56 ` Guenter Roeck
2021-01-08 19:52 ` Peter Maydell
2021-01-08 20:00 ` Peter Maydell
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).