diff options
| author | Christian Krinitsin <mail@krinitsin.com> | 2025-05-21 21:21:26 +0200 |
|---|---|---|
| committer | Christian Krinitsin <mail@krinitsin.com> | 2025-05-21 21:21:26 +0200 |
| commit | 4b927bc37359dec23f67d3427fc982945f24f404 (patch) | |
| tree | 245449ef9146942dc7fffd0235b48b7e70a00bf2 /gitlab/issues/target_arm/host_missing/accel_TCG/1740.toml | |
| parent | aa8bd79cec7bf6790ddb01d156c2ef2201abbaab (diff) | |
| download | qemu-analysis-4b927bc37359dec23f67d3427fc982945f24f404.tar.gz qemu-analysis-4b927bc37359dec23f67d3427fc982945f24f404.zip | |
add gitlab issues in toml format
Diffstat (limited to 'gitlab/issues/target_arm/host_missing/accel_TCG/1740.toml')
| -rw-r--r-- | gitlab/issues/target_arm/host_missing/accel_TCG/1740.toml | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/gitlab/issues/target_arm/host_missing/accel_TCG/1740.toml b/gitlab/issues/target_arm/host_missing/accel_TCG/1740.toml new file mode 100644 index 000000000..d35d9f9df --- /dev/null +++ b/gitlab/issues/target_arm/host_missing/accel_TCG/1740.toml @@ -0,0 +1,81 @@ +id = 1740 +title = "QEMU Abort in Cortex-M Exception raising" +state = "closed" +created_at = "2023-06-28T15:41:21.796Z" +closed_at = "2023-06-29T12:32:34.484Z" +labels = ["accel: TCG", "target: arm"] +url = "https://gitlab.com/qemu-project/qemu/-/issues/1740" +host-os = "Arch Linux" +host-arch = "x86_64" +qemu-version = "8.0.2" +guest-os = "-" +guest-arch = "ARM" +description = """When an exception should be raised in a ARM Cortex-M board QEMU aborts. + +``` +$ qemu-system-arm --version +QEMU emulator version 8.0.2 + +$ qemu-system-arm -M stm32vldiscovery -device loader,file=/tmp/raw-hardfault.hex -d in_asm,exec,int +[...] +Trace 0: 0x7f2aa8000680 [00800400/00000110/00000110/ff200000] +---------------- +IN: +0x00000140: f64b 6eef movw lr, #0xbeef +0x00000144: f6cd 6ead movt lr, #0xdead +0x00000148: 4770 bx lr + +Linking TBs 0x7f2aa8000680 index 0 -> 0x7f2aa80007c0 +Trace 0: 0x7f2aa80007c0 [00800400/00000140/00000110/ff200000] +qemu-system-arm: ../qemu-8.0.2/target/arm/cpu.h:2396: arm_is_secure_below_el3: Assertion `!arm_feature(env, ARM_FEATURE_M)' failed. +``` + +Expected behavior: +``` +$ qemu-system-arm --version +QEMU emulator version 7.1.0 + +$ qemu-system-arm -M stm32vldiscovery -device loader,file=raw-hardfault.hex -d in_asm,exec,int +[...] +Trace 0: 0x7fb488000680 [00800400/00000110/00000110/ff000000] +---------------- +IN: +0x00000140: f64b 6eef movw lr, #0xbeef +0x00000144: f6cd 6ead movt lr, #0xdead +0x00000148: 4770 bx lr + +Linking TBs 0x7fb488000680 [00000110] index 0 -> 0x7fb488000780 [00000140] +Trace 0: 0x7fb488000780 [00800400/00000140/00000110/ff000000] +Taking exception 3 [Prefetch Abort] on CPU 0 +...at fault address 0xdeadbeee +...with CFSR.IACCVIOL +...BusFault with BFSR.STKERR +...taking pending nonsecure exception 3 +...loading from element 3 of non-secure vector table at 0xc +...loaded new PC 0x0 +```""" +reproduce = """1. Run any Cortex-M firmware that raises an exception. (minimal example attached)""" +additional = """- Minimal Reproducer: +[raw-hardfault.hex](/uploads/113889116675b608e05748280d1db354/raw-hardfault.hex) +- Assert introduced in fcc7404eff24b4c8b322fb27ca5ae7f3113129c3. +- Stacktrace: +``` +#4 0x00007ffff6a483d6 in __assert_fail () from /usr/lib/libc.so.6 +#5 0x00007ffff73afe67 in arm_is_secure_below_el3 (env=0x55555712f9b0) at target/arm/cpu.h:2396 +#6 0x00007ffff73afedd in arm_is_el2_enabled (env=0x55555712f9b0) at target/arm/cpu.h:2448 +#7 0x00007ffff73afcd4 in arm_el_is_aa64 (env=0x55555712f9b0, el=0x1) at target/arm/cpu.h:2509 +#8 0x00007ffff73af68f in compute_fsr_fsc (env=0x55555712f9b0, fi=0x7fffffff7098, target_el=0x1, mmu_idx=0x1, ret_fsc=0x7fffffff6fe0) + at target/arm/tcg/tlb_helper.c:71 +#9 0x00007ffff73af483 in arm_deliver_fault (cpu=0x55555712d250, addr=0xdeadbeee, access_type=MMU_INST_FETCH, mmu_idx=0x1, fi=0x7fffffff7098) + at target/arm/tcg/tlb_helper.c:114 +#10 0x00007ffff73afa4c in arm_cpu_tlb_fill (cs=0x55555712d250, address=0xdeadbeee, size=0x1, access_type=MMU_INST_FETCH, mmu_idx=0x1, probe=0x0, retaddr=0x0) + at target/arm/tcg/tlb_helper.c:242 +#11 0x00007ffff74a3a1e in probe_access_internal (env=0x55555712f9b0, addr=0xdeadbeee, fault_size=0x1, access_type=MMU_INST_FETCH, mmu_idx=0x1, nonfault=0x0, phost=0x7fffffff71c8, + pfull=0x7fffffff71d0, retaddr=0x0) at accel/tcg/cputlb.c:1555 +#12 0x00007ffff74a4085 in get_page_addr_code_hostp (env=0x55555712f9b0, addr=0xdeadbeee, hostp=0x0) at accel/tcg/cputlb.c:1694 +#13 0x00007ffff7490c0f in get_page_addr_code (env=0x55555712f9b0, addr=0xdeadbeee) at include/exec/exec-all.h:748 +#14 0x00007ffff7490b2a in tb_htable_lookup (cpu=0x55555712d250, pc=0xdeadbeee, cs_base=0x800408, flags=0x110, cflags=0xff200200) at accel/tcg/cpu-exec.c:233 +#15 0x00007ffff748f719 in tb_lookup (cpu=0x55555712d250, pc=0xdeadbeee, cs_base=0x800408, flags=0x110, cflags=0xff200200) at accel/tcg/cpu-exec.c:270 +#16 0x00007ffff748f463 in helper_lookup_tb_ptr (env=0x55555712f9b0) at accel/tcg/cpu-exec.c:425 +#17 0x00007fff6800091c in code_gen_buffer () +```""" |