blob: 3e8b9121570cc8d99c7d7e860cf2ead9763e5723 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
infinite loop due to improper deal with "eret" on mips32
1.qemu 2.9.1 release on the official web build with tcg
2.cmd: qemu-system-mips -kernel kernelfile
3. host: ubuntu 16.04.1 with linux kernel 4.6.2 x86_64
guest: mips bigendian 32bit (tplink firmware)
detail:
static inline void exception_return(CPUMIPSState *env)
{
debug_pre_eret(env);
if (env->CP0_Status & (1 << CP0St_ERL)) {
set_pc(env, env->CP0_ErrorEPC);
env->CP0_Status &= ~(1 << CP0St_ERL);
} else {
set_pc(env, env->CP0_EPC);
env->CP0_Status &= ~(1 << CP0St_EXL);====================> ISSUE????
}
compute_hflags(env);
debug_post_eret(env);
}
void helper_eret(CPUMIPSState *env)
{
exception_return(env);
env->lladdr = 1;
}
In the Issue Line, there is no check CP0_Status whether int is disabled (should not enter int routine),
that result in the cpu can not jump out the int routine.
|