From patchwork Tue Feb 23 17:58:47 2010
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Paolo Bonzini <pbonzini@redhat.com>
X-Patchwork-Id: 46084
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.gnu.org (lists.gnu.org [199.232.76.165])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by ozlabs.org (Postfix) with ESMTPS id D1864B7CF3
	for <incoming@patchwork.ozlabs.org>;
	Wed, 24 Feb 2010 05:00:17 +1100 (EST)
Received: from localhost ([127.0.0.1]:42071 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1Njz3O-0003u1-Ix
	for incoming@patchwork.ozlabs.org; Tue, 23 Feb 2010 13:00:14 -0500
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1Njz27-0003jW-6n
	for qemu-devel@nongnu.org; Tue, 23 Feb 2010 12:58:55 -0500
Received: from [199.232.76.173] (port=50362 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1Njz26-0003jN-0z
	for qemu-devel@nongnu.org; Tue, 23 Feb 2010 12:58:54 -0500
Received: from Debian-exim by monty-python.gnu.org with spam-scanned (Exim
	4.60) (envelope-from <paolo.bonzini@gmail.com>) id 1Njz25-0002CJ-34
	for qemu-devel@nongnu.org; Tue, 23 Feb 2010 12:58:53 -0500
Received: from ey-out-1920.google.com ([74.125.78.146]:56810)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <paolo.bonzini@gmail.com>) id 1Njz24-0002C9-PF
	for qemu-devel@nongnu.org; Tue, 23 Feb 2010 12:58:52 -0500
Received: by ey-out-1920.google.com with SMTP id 3so5264eyh.14
	for <qemu-devel@nongnu.org>; Tue, 23 Feb 2010 09:58:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:sender:message-id:date:from
	:user-agent:mime-version:to:cc:subject:references:in-reply-to
	:content-type:content-transfer-encoding;
	bh=Mv1CVK2Kp/EUw56jZDniw+0jRJOmKh+8EX+Q2t5tWus=;
	b=IUW4X2A4qkxOVCBPuwcFfVHgbZGAvW0Lv22/Oucxr32Fm82sky6/75p+sv9rcOmWPZ
	r6eN5kJzmk3kGJJerHn9WPI8PViw8+9rnnVwpkq16iqoe832eYcQ/P/Jv3xFD4CyrJTs
	hfBMk8kWQ5H/S43n9pBG8LSpMo8rZ4blKY5vc=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject
	:references:in-reply-to:content-type:content-transfer-encoding;
	b=nc4j/HFRtc7yKF+H30Dy2KJRnvaFD7kn7N/lmxBxnITIO58r4YVWg0oVDxOYfCR60u
	bow1gg2Rw7WG6rsm2TtJkNMrOTzAceqRLErY2XOtXdRrsCGiHiiTsi3fKo/e5lSOdzsE
	UuYzPHcgjTcTxNfbyjtEOS2Gr20qEIWI/T+Xk=
Received: by 10.213.103.208 with SMTP id l16mr701295ebo.65.1266947930979;
	Tue, 23 Feb 2010 09:58:50 -0800 (PST)
Received: from yakj.usersys.redhat.com (93-34-208-53.ip51.fastwebnet.it
	[93.34.208.53])
	by mx.google.com with ESMTPS id 15sm184070ewy.0.2010.02.23.09.58.48
	(version=TLSv1/SSLv3 cipher=RC4-MD5);
	Tue, 23 Feb 2010 09:58:49 -0800 (PST)
Message-ID: <4B841757.3070808@redhat.com>
Date: Tue, 23 Feb 2010 18:58:47 +0100
From: Paolo Bonzini <pbonzini@redhat.com>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US;
	rv:1.9.1.7) Gecko/20100120 Fedora/3.0.1-1.fc12 Lightning/1.0b2pre
	Thunderbird/3.0.1
MIME-Version: 1.0
To: Jay Foad <jay.foad@gmail.com>
References: <ee2e06e91002230650l588c7304p61d5b9a312fd4f18@mail.gmail.com>
In-Reply-To: <ee2e06e91002230650l588c7304p61d5b9a312fd4f18@mail.gmail.com>
X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer,
	2)
Cc: qemu-devel@nongnu.org
Subject: [Qemu-devel] Re: gcc 4.4 miscompiling cpu_exec() ?
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

On 02/23/2010 03:50 PM, Jay Foad wrote:
> I'm building QEMU mipsel-linux-user with Ubuntu's GCC 4.4 on an x86
> host. Whenever I try to run a trivial MIPS executable, QEMU segfaults
> in cpu_loop() shortly after the call to cpu_mips_exec().
>
> The problem seems to be that cpu_exec() doesn't preserve ebp. It tries to:
>
>      saved_env_reg = (host_reg_t) env;
>
> where env is a global variable decorated with asm("ebp"). This saves
> ebp to the stack, but later on, in some function inlined into
> cpu_exec(), the value on the stack gets overwritten with something
> else.

Can you try this patch:


and if it works, possibly only each hunk of it?

Paolo

diff --git a/cpu-exec.c b/cpu-exec.c
index 51aa416..bfaf908 100644
--- a/cpu-exec.c
+++ b/cpu-exec.c
@@ -215,7 +215,7 @@ static void cpu_handle_debug_exception(CPUState *env)

  int cpu_exec(CPUState *env1)
  {
-    host_reg_t saved_env_reg;
+    volatile host_reg_t saved_env_reg;
      int ret, interrupt_request;
      TranslationBlock *tb;
      uint8_t *tc_ptr;
@@ -230,8 +230,8 @@ int cpu_exec(CPUState *env1)
         value, so that files not including target-xyz/exec.h are free to
         use it.  */
      QEMU_BUILD_BUG_ON (sizeof (saved_env_reg) != sizeof (env));
-    saved_env_reg = (host_reg_t) env;
      asm("");
+    saved_env_reg = (host_reg_t) env;
      env = env1;

  #if defined(TARGET_I386)