On 16 May 2016 at 19:33, Peter Maydell <peter.mayd...@linaro.org> wrote: > On 16 May 2016 at 18:54, Sergey Fedorov <serge.f...@gmail.com> wrote: >> 'env->eip' was updated by restore_state_to_opc() from >> cpu_restore_state_from_tb() from cpu_restore_state() from >> handle_cpu_signal() _after_ calling 'handle_mmu_fault' hook but _before_ >> calling exception_action(). > > Oops, nice catch. (I wonder if any of the other target architectures > are not correctly doing things in their handle_mmu_fault function > because the cpu_restore_state() call happens later?)
Looking at the other target architectures they're OK because they don't do very much in the handle_mmu_fault function. Since every single handle_mmu_fault function always returns 1 (ignoring one or two clearly softmmu-only versions) we could in theory call cpu_restore_state() before the handle_mmu_fault hook. However since in the softmmu case the equivalent code is also called in a pre-restore-state setup it seems more consistent to keep the user-exec.c code the order it is now. So the target-i386 code needs rearranging a bit I guess (perhaps to save the offset rather than the actual next eip?) I think patches 1..4 are still worthwhile even if we drop this one for now, though. thanks -- PMM
