summary refs log tree commit diff stats
path: root/gitlab/issues/target_missing/host_missing/accel_TCG/2899.toml
diff options
context:
space:
mode:
Diffstat (limited to 'gitlab/issues/target_missing/host_missing/accel_TCG/2899.toml')
-rw-r--r--gitlab/issues/target_missing/host_missing/accel_TCG/2899.toml44
1 files changed, 44 insertions, 0 deletions
diff --git a/gitlab/issues/target_missing/host_missing/accel_TCG/2899.toml b/gitlab/issues/target_missing/host_missing/accel_TCG/2899.toml
new file mode 100644
index 00000000..51e8d86e
--- /dev/null
+++ b/gitlab/issues/target_missing/host_missing/accel_TCG/2899.toml
@@ -0,0 +1,44 @@
+id = 2899
+title = "Regression 10.0.0rc1: Segmentation fault on executing QEMU advent calendar 2014, day 4"
+state = "closed"
+created_at = "2025-04-01T10:23:12.161Z"
+closed_at = "2025-04-04T17:07:31.583Z"
+labels = ["accel: TCG", "workflow::Patch available"]
+url = "https://gitlab.com/qemu-project/qemu/-/issues/2899"
+host-os = "Debian 12.10"
+host-arch = "x86_64"
+qemu-version = "QEMU emulator version 9.2.50 (v9.2.0-1215-g456709db50)"
+guest-os = "Unknown"
+guest-arch = "i386"
+description = """On executing QEMU, a segmentation fault occurs"""
+reproduce = """1. Download https://www.qemu-advent-calendar.org/2014/download/stxmas.tar.xz
+2. Execute with QEMU command line"""
+additional = """git bisect finishes with:
+
+```
+456709db50f424d112bc5f07260fdc51555f3a24 is the first bad commit
+commit 456709db50f424d112bc5f07260fdc51555f3a24
+Author: Paolo Bonzini <pbonzini@redhat.com>
+Date:   Sun Dec 15 10:06:10 2024 +0100
+
+    target/i386: execute multiple REP/REPZ iterations without leaving TB
+    
+    Use a TCG loop so that it is not necessary to go through the setup steps
+    of REP and through the I/O check on every iteration.  Interestingly, this
+    is not a particularly effective optimization on its own, though it avoids
+    the cost of correct RF emulation that was added in the previous patch.
+    The main benefit lies in allowing the hoisting of loop invariants outside
+    the loop, which will happen separately.
+    
+    The loop exits when the low 16 bits of CX/ECX/RCX are zero (so generally
+    speaking the string operation runs in 65536 iteration batches) to give
+    the main loop an opportunity to pick up interrupts.
+    
+    Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+    Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
+    Link: https://lore.kernel.org/r/20241215090613.89588-12-pbonzini@redhat.com
+    Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+
+ target/i386/tcg/translate.c | 55 ++++++++++++++++++++++++++++++++++++++++-----
+ 1 file changed, 49 insertions(+), 6 deletions(-)
+```"""