blob: 0d78165082fd216d6326c1d44a9b469ff8609297 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
i386: 0.963
graphic: 0.902
x86: 0.895
performance: 0.841
architecture: 0.828
TCG: 0.794
semantic: 0.722
files: 0.520
ppc: 0.519
PID: 0.519
device: 0.507
kernel: 0.409
socket: 0.408
network: 0.399
register: 0.390
vnc: 0.359
hypervisor: 0.349
risc-v: 0.319
user-level: 0.317
peripherals: 0.297
mistranslation: 0.295
permissions: 0.268
VMM: 0.268
debug: 0.250
arm: 0.195
boot: 0.177
virtual: 0.171
KVM: 0.171
assembly: 0.126
--------------------
i386: 0.998
x86: 0.948
TCG: 0.906
debug: 0.793
kernel: 0.608
files: 0.124
performance: 0.119
architecture: 0.024
register: 0.017
hypervisor: 0.016
PID: 0.010
risc-v: 0.010
virtual: 0.009
boot: 0.006
semantic: 0.006
assembly: 0.005
VMM: 0.004
device: 0.003
KVM: 0.002
network: 0.001
graphic: 0.001
socket: 0.001
user-level: 0.001
ppc: 0.001
peripherals: 0.001
vnc: 0.001
permissions: 0.000
mistranslation: 0.000
arm: 0.000
Regression 9.1.0rc2: target/i386/tcg/access.c:18: access_prepare_mmu: Assertion '...' failed.
Description of problem:
Executing QEMU command line crashes with
```
qemu-system-x86_64: ../target/i386/tcg/access.c:18: access_prepare_mmu: Assertion `size > 0 && size <= TARGET_PAGE_SIZE' failed.
```
Steps to reproduce:
1. Download https://www.qemu-advent-calendar.org/2020/download/day07.tar.gz
2. Execute with QEMU command line
Additional information:
git bisect finishes with:
```
8b131065080af3cf2dda04e4e190c5a74fec2f31 is the first bad commit
commit 8b131065080af3cf2dda04e4e190c5a74fec2f31
Author: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue Jun 18 09:13:49 2024 +0200
target/i386/tcg: use X86Access for TSS access
This takes care of probing the vaddr range in advance, and is also faster
because it avoids repeated TLB lookups. It also matches the Intel manual
better, as it says "Checks that the current (old) TSS, new TSS, and all
segment descriptors used in the task switch are paged into system memory";
note however that it's not clear how the processor checks for segment
descriptors, and this check is not included in the AMD manual.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
target/i386/tcg/seg_helper.c | 110 +++++++++++++++++++++++--------------------
1 file changed, 58 insertions(+), 52 deletions(-)
```
|