Date: Tue, 12 Apr 2016 10:06:06 +0100 From: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> To: "freebsd-sparc64@freebsd.org" <freebsd-sparc64@freebsd.org> Subject: Re: qemu-system-sparc64: entering the debugger Message-ID: <570CBA7E.2080509@ilande.co.uk> In-Reply-To: <570CAFD6.2010004@ilande.co.uk> References: <570CAFD6.2010004@ilande.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/04/16 09:20, Mark Cave-Ayland wrote: > So it looks like something has already gone wrong simply trying to dump > the process map. Fortunately the number of QEMU translation blocks > between the output of the "ps/m" header and the "KDB reentering" is > quite small so I've uploaded it to > https://www.ilande.co.uk/tmp/qemu/freebsd-tb.txt. > > Can anyone have a quick look at the link above and give me an idea as to > roughly what the code is doing here? To my FreeBSD-untrained eye, it looks like we're going okay until around this part: IN: 0x00000000c0122008: ldx [ %l2 + 0x3d8 ], %g1 0x00000000c012200c: ldx [ %g1 + 0x18 ], %g1 0x00000000c0122010: brz,pn %g1, 0xc0122050 0x00000000c0122014: nop -------------- IN: 0x00000000c00a4d1c: mov %g6, %g6 ! 0x0 0x00000000c00a4d20: sllx %g6, 0x20, %g6 0x00000000c00a4d24: sethi %hi(0xbfc00000), %g7 0x00000000c00a4d28: or %g7, %g6, %g7 0x00000000c00a4d2c: sethi %hi(0x1fc00), %g6 0x00000000c00a4d30: or %g6, 0x3ff, %g6 ! 0x1ffff 0x00000000c00a4d34: srlx %g5, 0xd, %g5 0x00000000c00a4d38: and %g5, %g6, %g6 0x00000000c00a4d3c: sllx %g6, 5, %g6 0x00000000c00a4d40: add %g6, %g7, %g6 0x00000000c00a4d44: ldda [ %g6 ] (36), %g6 0x00000000c00a4d48: brgez,pn %g7, 0xc00b0880 0x00000000c00a4d4c: srlx %g6, 2, %g6 Notice a jump to a translation block that isn't the target or continuation of the branch. Here the code at 0xc00a4d1c looks suspiciously like that in tl1_immu_miss_patch_tsb_1 which suggests we've bailed out to a trap handler due to an invalid address. ATB, Mark.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?570CBA7E.2080509>