Hi !
I need help from TCG experts here. I was chasing down a bug causing
some stuff to crash when using vector ops with a ppc32 guest on x86,
but pulling that string led to a whole mess that *may* be affecting a
pile of architetures unless I'm misunderstanding something...
So basically what happens is that some instruction emulation helpers,
like in my case stvebx (target-ppc/mem_helper.c) are doing calls to
cpu_{st,ld}x_data. Let's say cpu_stb_data() for the sake of the
argument.
That is equivalent to calling cpu_stb_data_ra() with a "0" retaddr.
However, if that faults, when tlb_fill() gets eventually called, what I
observe is not 0 in "retaddr" but ... -2.
The reason, as far as I understand, is that cpu_stb_data_ra() calls
helper_ret_stb_mmu() which does:
retaddr -= GETPC_ADJ;
(which is -2)
Now a whole pile of tlb_fill() implementations (in fact all of them one
way or another) do:
if (likely(retaddr)) {
/* now we have a real cpu fault */
cpu_restore_state(cs, retaddr);
}
So that test is missed. The result that I obseve is that the fault gets
reported for the wrong instruction (the wrong PC).
Now I did try changing the above test out of curiosity to also check
against -2, but the end result still mis-reported the fault. So
something's going deeper than that I figured out so far...
What *did* work was to copy what x86 does, which is to change my
helper_stvebx() to not use cpu_stb_data at all, but instead use
cpu_stb_data_ra(...., GETPC()), which mimmics what x86 does for some of
it's helpers.
That fixed the specific problem I was chasing.
However, there are a ton of other helpers, in powerpc, s390 and other
archs, doing that cpu_stb_data() the same way we do, so I really wonder
what's going on here.
Some advice would be very much appreciated ;-)
Cheers,
Ben.
