Re: [Qemu-devel] [Bug] qemu-system-ppc: "invalid/unsupported opcode" during debug session

Tue, 29 Dec 2009 07:20:35 -0800 

On Tue, Dec 29, 2009 at 3:09 PM, Stefan Weil <w...@mail.berlios.de> wrote:
> Test environment:
>
> * ppc-softmmu/qemu-system-ppc running on x86_64 host
> * emulated ppc is running debian lenny
>
>
>
> While debugging on the emulated ppc (each time when
> a shared library is loaded after "r" command?),
> qemu-system-ppc prints this error message:
>
> invalid/unsupported opcode: 00 - 00 - 00 (00000000) 4800fa44 1
>
>
>
> If logging is enabled, the error message goes to qemu.log:
>
> IN:
> 0xc0013488:  nop
> 0xc001348c:  rlwinm  r3,r3,0,0,19
> 0xc0013490:  li      r4,128
> 0xc0013494:  mtctr   r4
> 0xc0013498:  mr      r6,r3
> 0xc001349c:  dcbst   r0,r3
>
> invalid/unsupported opcode: 00 - 00 - 00 (00000000) 4800fa44 1
> IN:
> 0x4800fa40:  twge    r2,r2
> 0x4800fa44:  .long 0x0
>
>
>
> The debugger on the ppc system shows the "instruction"
> which triggers the error message:
>
> (gdb) disas
> Dump of assembler code for function _dl_debug_state:
> 0x4800fa40 <_dl_debug_state+0>: blr
> End of assembler dump.
> (gdb) x 0x4800fa40
> 0x4800fa40 <_dl_debug_state>:   0x4e800020
> (gdb) x/2x 0x4800fa40
> 0x4800fa40 <_dl_debug_state>:   0x4e800020      0x00000000
>
>
>
> The unsupported opcode is 0, and it follows function
> _dl_debug_state.
>
> Debugging in an emulated system should not trigger
> error messages on the host (denial-of-service).
>
> Why does qemu try to interpret the word at 0x4800fa44?

Wild guess: for PPC, translation is not stopped when we reach a branch
but until the end of the current page. Please try the attached patch.

> Why does qemu show "twge r2,r2", not "blr"?

Maybe read access has been disabled for the page?

From 8b3c947ff0a8d288c4ef99b9d4c49ffda2f16d3b Mon Sep 17 00:00:00 2001
From: Blue Swirl <blauwirbel@gmail.com>
Date: Wed, 15 Jul 2009 16:32:50 +0000
Subject: [PATCH] PPC: stop code generation when we reach a branch

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
---
 target-ppc/translate.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/target-ppc/translate.c b/target-ppc/translate.c
index 8fbcf76..e65cb45 100644
--- a/target-ppc/translate.c
+++ b/target-ppc/translate.c
@@ -9042,7 +9042,8 @@ static always_inline void gen_intermediate_code_internal (CPUState *env,
                      ctx.exception != POWERPC_EXCP_TRAP &&
                      ctx.exception != POWERPC_EXCP_BRANCH)) {
             gen_exception(ctxp, POWERPC_EXCP_TRACE);
-        } else if (unlikely(((ctx.nip & (TARGET_PAGE_SIZE - 1)) == 0) ||
+        } else if (unlikely(ctx.exception == POWERPC_EXCP_BRANCH ||
+                            ((ctx.nip & (TARGET_PAGE_SIZE - 1)) == 0) ||
                             (env->singlestep_enabled) ||
                             singlestep ||
                             num_insns >= max_insns)) {
-- 
1.5.6.5

Reply via email to