qemu-system-sparc64: entering the debugger
Mark Cave-Ayland
mark.cave-ayland at ilande.co.uk
Tue Apr 12 09:06:46 UTC 2016
On 12/04/16 09:20, Mark Cave-Ayland wrote:
> So it looks like something has already gone wrong simply trying to dump
> the process map. Fortunately the number of QEMU translation blocks
> between the output of the "ps/m" header and the "KDB reentering" is
> quite small so I've uploaded it to
> https://www.ilande.co.uk/tmp/qemu/freebsd-tb.txt.
>
> Can anyone have a quick look at the link above and give me an idea as to
> roughly what the code is doing here?
To my FreeBSD-untrained eye, it looks like we're going okay until around
this part:
IN:
0x00000000c0122008: ldx [ %l2 + 0x3d8 ], %g1
0x00000000c012200c: ldx [ %g1 + 0x18 ], %g1
0x00000000c0122010: brz,pn %g1, 0xc0122050
0x00000000c0122014: nop
--------------
IN:
0x00000000c00a4d1c: mov %g6, %g6 ! 0x0
0x00000000c00a4d20: sllx %g6, 0x20, %g6
0x00000000c00a4d24: sethi %hi(0xbfc00000), %g7
0x00000000c00a4d28: or %g7, %g6, %g7
0x00000000c00a4d2c: sethi %hi(0x1fc00), %g6
0x00000000c00a4d30: or %g6, 0x3ff, %g6 ! 0x1ffff
0x00000000c00a4d34: srlx %g5, 0xd, %g5
0x00000000c00a4d38: and %g5, %g6, %g6
0x00000000c00a4d3c: sllx %g6, 5, %g6
0x00000000c00a4d40: add %g6, %g7, %g6
0x00000000c00a4d44: ldda [ %g6 ] (36), %g6
0x00000000c00a4d48: brgez,pn %g7, 0xc00b0880
0x00000000c00a4d4c: srlx %g6, 2, %g6
Notice a jump to a translation block that isn't the target or
continuation of the branch. Here the code at 0xc00a4d1c looks
suspiciously like that in tl1_immu_miss_patch_tsb_1 which suggests we've
bailed out to a trap handler due to an invalid address.
ATB,
Mark.
More information about the freebsd-sparc64
mailing list