[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-ppc] [Qemu-devel] How to debug crash in TCG code?
|
From: |
Paolo Bonzini |
|
Subject: |
Re: [Qemu-ppc] [Qemu-devel] How to debug crash in TCG code? |
|
Date: |
Tue, 14 Nov 2017 19:08:26 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 |
On 15/10/2017 13:30, BALATON Zoltan wrote:
> I've got a bit further with this but still could use some hints to find
> what is happening. Here are some more details I've found so far.
>
> The memory map I have (see below) is a bit complex but the interesting
> part is that I have sii3112.bar5 as an mmio region with sii3112.bar0-4
> as io region aliases into this. The crash is happening when the firmware
> is accessing one of these aliased io regions when
>
> tlb_set_page_with_attrs: vaddr=d8001000 paddr=0x0000000c08001000 prot=3
> idx=1
>
> is called in accel/tcg/cputlb.c:616 which then calls
>
> 635 section = address_space_translate_for_iotlb(cpu, asidx,
> paddr, &xlat, &sz);
>
> this in turn calls address_space_translate_internal which calls
>
> 441 section = address_space_lookup_region(d, addr, resolve_subpage);
>
> that eventually gets the cached section at exec.c:411
>
> 411 MemoryRegionSection *section = atomic_read(&d->mru_section);
>
> When this is not a region covering the address as verifed by
Could it be that the cached region is only for a small part of the page,
while phys_page_find returns a subpage (and resolve_subpage is false)?
Maybe it's enough to skip mru_section if resolve_subpage is false.
Thanks,
Paolo
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [Qemu-ppc] [Qemu-devel] How to debug crash in TCG code?,
Paolo Bonzini <=