On 4/15/21 7:34 PM, Peter Maydell wrote: > On Thu, 15 Apr 2021 at 18:18, Cédric Le Goater <c...@kaod.org> wrote: >> >> On 4/15/21 5:55 PM, Philippe Mathieu-Daudé wrote: >>> On 4/15/21 4:54 PM, Peter Maydell wrote: >>>> On Thu, 15 Apr 2021 at 15:32, Alex Bennée <alex.ben...@linaro.org> wrote: >>>>> --8<---------------cut here---------------start------------->8--- >>>>> accel/tcg: avoid re-translating one-shot instructions >>>>> >>>>> By definition a single instruction is capable of being an IO >>>>> instruction. This avoids a problem of triggering a cpu_io_recompile on >>>>> a non-cached translation which would only do exactly this anyway. >>>>> >>>>> Signed-off-by: Alex Bennée <alex.ben...@linaro.org> >>>>> >>>>> 1 file changed, 1 insertion(+), 1 deletion(-) >>>>> accel/tcg/translate-all.c | 2 +- >>>>> >>>>> modified accel/tcg/translate-all.c >>>>> @@ -1863,7 +1863,7 @@ TranslationBlock *tb_gen_code(CPUState *cpu, >>>>> >>>>> if (phys_pc == -1) { >>>>> /* Generate a one-shot TB with 1 insn in it */ >>>>> - cflags = (cflags & ~CF_COUNT_MASK) | 1; >>>>> + cflags = (cflags & ~CF_COUNT_MASK) | CF_LAST_IO | 1; >>>>> } >>>>> >>>>> max_insns = cflags & CF_COUNT_MASK; >>>>> --8<---------------cut here---------------end--------------->8--- >>>> >>>> Yes, this fixes the problem. Do we want to put this in for 6.0? My >>>> feeling is that executing from non-RAM is pretty niche, so maybe >>>> if we need an rc4 anyway, but this isn't important enough to cause an >>>> rc4 itself. >>> >>> Isn't it the default for Aspeed machines (with U-Boot)? (Cc'ing Cédric). >> >> You need to set the 'execute-in-place' machine option to load/execute the >> instructions from the AHB window of CE0. It's not on by default because >> boot can be really slow with some recent u-boot which heavily trash the TBs. >> >> But this seems to work fine with -rc3. > > Triggering the bug requires both execute-in-place and -icount -- did > you test with -icount enabled?
It crashes. Thanks, C. $ qemu-system-arm -M romulus-bmc,execute-in-place=true -icount auto -drive file=./flash-romulus,format=raw,if=mtd -serial mon:stdio qemu: fatal: cpu_io_recompile: could not find TB for pc=0x7efbcc001992 R00=0005107a R01=00000000 R02=00000000 R03=00000000 R04=00000350 R05=00000000 R06=00000000 R07=00000000 R08=00000000 R09=00000000 R10=00000000 R11=00000000 R12=00000000 R13=00000000 R14=00000350 R15=00000c70 PSR=400001d3 -Z-- A S svc32 s00=00000000 s01=00000000 d00=0000000000000000 s02=00000000 s03=00000000 d01=0000000000000000 s04=00000000 s05=00000000 d02=0000000000000000 s06=00000000 s07=00000000 d03=0000000000000000 s08=00000000 s09=00000000 d04=0000000000000000 s10=00000000 s11=00000000 d05=0000000000000000 s12=00000000 s13=00000000 d06=0000000000000000 s14=00000000 s15=00000000 d07=0000000000000000 s16=00000000 s17=00000000 d08=0000000000000000 s18=00000000 s19=00000000 d09=0000000000000000 s20=00000000 s21=00000000 d10=0000000000000000 s22=00000000 s23=00000000 d11=0000000000000000 s24=00000000 s25=00000000 d12=0000000000000000 s26=00000000 s27=00000000 d13=0000000000000000 s28=00000000 s29=00000000 d14=0000000000000000 s30=00000000 s31=00000000 d15=0000000000000000 FPSCR: 00000000 Aborted (core dumped)