From patchwork Wed May 24 17:54:09 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aurelien Jarno X-Patchwork-Id: 9746667 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 3C17760209 for ; Wed, 24 May 2017 17:55:05 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 301EE2895F for ; Wed, 24 May 2017 17:55:05 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 24A292897C; Wed, 24 May 2017 17:55:05 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 1A5612895F for ; Wed, 24 May 2017 17:55:03 +0000 (UTC) Received: from localhost ([::1]:56157 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dDaUw-0000ws-04 for patchwork-qemu-devel@patchwork.kernel.org; Wed, 24 May 2017 13:55:02 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:50219) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dDaUK-0000wj-8Y for qemu-devel@nongnu.org; Wed, 24 May 2017 13:54:25 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dDaUJ-0003c6-5D for qemu-devel@nongnu.org; Wed, 24 May 2017 13:54:24 -0400 Received: from hall.aurel32.net ([2001:bc8:30d7:100::1]:55722) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dDaUI-0003Xg-V9 for qemu-devel@nongnu.org; Wed, 24 May 2017 13:54:23 -0400 Received: from [2001:bc8:30d7:120:9bb5:8936:7e6a:9e36] (helo=ohm.rr44.fr) by hall.aurel32.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1dDaU6-0003Co-Rp; Wed, 24 May 2017 19:54:10 +0200 Received: from aurel32 by ohm.rr44.fr with local (Exim 4.89) (envelope-from ) id 1dDaU5-0001P4-Mw; Wed, 24 May 2017 19:54:09 +0200 Date: Wed, 24 May 2017 19:54:09 +0200 From: Aurelien Jarno To: Richard Henderson Message-ID: <20170524175409.oi5vzjvvpp3hcsfj@aurel32.net> References: <20170523030312.6360-1-rth@twiddle.net> <20170523030312.6360-3-rth@twiddle.net> <20170523104851.37tseiq5zlpwevr6@aurel32.net> <20170523172858.aqvgqlrwrwu6jk2o@aurel32.net> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20170113 (1.7.2) X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2001:bc8:30d7:100::1 Subject: Re: [Qemu-devel] [PATCH 02/31] target/s390x: Implement EXECUTE via new TranslationBlock X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP On 2017-05-23 16:21, Richard Henderson wrote: > On 05/23/2017 10:28 AM, Aurelien Jarno wrote: > > > Something like this, as a delta patch. I confirm this patch is really needed, otherwise the executed instruction seems to be executed at the next instruction. > > Unfortunately it doesn't work. So far I have no real idea what could be > > the root cause of the issue. I have just determined that up to the crash, > > only a very limited set of instructions are being executed. They are the > > 4 bytes long versions of MVC, CLC, XC, TR. > > Yeah, it appears XC is the culprit, though I have not yet determined exactly > what's going wrong. It seems the problem arise if an interrupt happens when the TB containing the EXECUTE instruction is being executed. In that case at the end of the TB, the interruption code is translated with the ex_value set, which means with the wrong PC, wrong permissions and wrong return address. This is the same kind of issue I identified on SH4 recently: https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg03880.html The same king of solution also works, that is disabling the interrupts when the ex_value is set: diff --git a/target/s390x/helper.c b/target/s390x/helper.c index 6f81b1a16c..a33abdef16 100644 --- a/target/s390x/helper.c +++ b/target/s390x/helper.c @@ -655,6 +657,10 @@ bool s390_cpu_exec_interrupt(CPUState *cs, int interrupt_request) S390CPU *cpu = S390_CPU(cs); CPUS390XState *env = &cpu->env; + if (env->ex_value) { + return false; + } + if (env->psw.mask & PSW_MASK_EXT) { s390_cpu_do_interrupt(cs); return true;