On 10 January 2018 at 08:57, Steven Seeger <steven.see...@flightsystems.net> wrote: > Sorry for another post. I did a bisect and found what is the bad commit for > me: > > 044897ef4a22af89aecb8df509477beba0a2e0ce is the first bad commit > commit 044897ef4a22af89aecb8df509477beba0a2e0ce > Author: Richard Purdie <richard.pur...@linuxfoundation.org> > Date: Mon Dec 4 22:25:43 2017 +0000 > > target/ppc: Fix system lockups caused by interrupt_request state > corruption
Great -- thanks for the bisect. Let's take this to the -devel list; I've cc'd the PPC maintainers. Context: Steven reports that we broke -icount for PPC guests with this commit: $ ./build/all/ppc-softmmu/qemu-system-ppc -icount auto qemu: fatal: Raised interrupt while not in I/O function NIP fff08978 LR fff08904 CTR 00000000 XER 00000000 CPU#0 MSR 00000000 HID0 00000000 HF 00000000 iidx 3 didx 3 Bad icount read The backtrace from the assert is: #0 tcg_handle_interrupt (cpu=0x7ffff7fc2010, mask=4) at qemu/accel/tcg/tcg- all.c:58 #1 0x0000555555962aa4 in cpu_interrupt (cpu=0x7ffff7fc2010, mask=4) at qemu/ include/qom/cpu.h:859 #2 0x0000555555962e55 in cpu_interrupt_exittb (cs=0x7ffff7fc2010) at qemu/ target/ppc/helper_regs.h:105 #3 0x0000555555964505 in do_rfi (env=0x7ffff7fca2b0, nip=197460, msr=4096) at qemu/target/ppc/excp_helper.c:998 #4 0x0000555555964555 in helper_rfi (env=0x7ffff7fca2b0) at qemu/target/ppc/ excp_helper.c:1008 #5 0x00007fffe7c124b9 in code_gen_buffer () The problem is that icount was relying on the previous handling of do_rfi() as "just set state as we know we're going to be last insn in the TB". Not sure how best to fix this (mark the insn as IO ok?) thanks -- PMM