mirror of https://gitee.com/openkylin/qemu.git
e7cff9c68d
mon_get_cpu_env() is indirectly called monitor_parse_arguments() where
the current monitor isn't set yet. Instead of using monitor_cur_env(),
explicitly pass the Monitor pointer to the function.
Without this fix, an HMP command like "x $pc" crashes like this:
#0 0x0000555555caa01f in mon_get_cpu_sync (mon=0x0, synchronize=true) at ../monitor/misc.c:270
#1 0x0000555555caa141 in mon_get_cpu (mon=0x0) at ../monitor/misc.c:294
#2 0x0000555555caa158 in mon_get_cpu_env () at ../monitor/misc.c:299
#3 0x0000555555b19739 in monitor_get_pc (mon=0x555556ad2de0, md=0x5555565d2d40 <monitor_defs+1152>, val=0) at ../target/i386/monitor.c:607
#4 0x0000555555cadbec in get_monitor_def (mon=0x555556ad2de0, pval=0x7fffffffc208, name=0x7fffffffc220 "pc") at ../monitor/misc.c:1681
#5 0x000055555582ec4f in expr_unary (mon=0x555556ad2de0) at ../monitor/hmp.c:387
#6 0x000055555582edbb in expr_prod (mon=0x555556ad2de0) at ../monitor/hmp.c:421
#7 0x000055555582ee79 in expr_logic (mon=0x555556ad2de0) at ../monitor/hmp.c:455
#8 0x000055555582eefe in expr_sum (mon=0x555556ad2de0) at ../monitor/hmp.c:484
#9 0x000055555582efe8 in get_expr (mon=0x555556ad2de0, pval=0x7fffffffc418, pp=0x7fffffffc408) at ../monitor/hmp.c:511
#10 0x000055555582fcd4 in monitor_parse_arguments (mon=0x555556ad2de0, endp=0x7fffffffc890, cmd=0x555556675b50 <hmp_cmds+7920>) at ../monitor/hmp.c:876
#11 0x00005555558306a8 in handle_hmp_command (mon=0x555556ad2de0, cmdline=0x555556ada452 "$pc") at ../monitor/hmp.c:1087
#12 0x000055555582df14 in monitor_command_cb (opaque=0x555556ad2de0, cmdline=0x555556ada450 "x $pc", readline_opaque=0x0) at ../monitor/hmp.c:47
After this fix, nothing is left in monitor_parse_arguments() that can
indirectly call monitor_cur(), so the fix is complete.
Fixes:
|
||
---|---|---|
.. | ||
README.sh4 | ||
cpu-param.h | ||
cpu-qom.h | ||
cpu.c | ||
cpu.h | ||
gdbstub.c | ||
helper.c | ||
helper.h | ||
meson.build | ||
monitor.c | ||
op_helper.c | ||
translate.c |
README.sh4
qemu target: sh4 author: Samuel Tardieu <sam@rfc1149.net> last modified: Tue Dec 6 07:22:44 CET 2005 The sh4 target is not ready at all yet for integration in qemu. This file describes the current state of implementation. Most places requiring attention and/or modification can be detected by looking for "XXXXX" or "abort()". The sh4 core is located in target/sh4/*, while the 7750 peripheral features (IO ports for example) are located in hw/sh7750.[ch]. The main board description is in hw/shix.c, and the NAND flash in hw/tc58128.[ch]. All the shortcomings indicated here will eventually be resolved. This is a work in progress. Features are added in a semi-random order: if a point is blocking to progress on booting the Linux kernel for the shix board, it is addressed first; if feedback is necessary and no progress can be made on blocking points until it is received, a random feature is worked on. Goals ----- The primary model being worked on is the soft MMU target to be able to emulate the Shix 2.0 board by Alexis Polti, described at https://web.archive.org/web/20070917001736/http://perso.enst.fr/~polti/realisations/shix20/ Ultimately, qemu will be coupled with a system C or a verilog simulator to simulate the whole board functionalities. A sh4 user-mode has also somewhat started but will be worked on afterwards. The goal is to automate tests for GNAT (GNU Ada) compiler that I ported recently to the sh4-linux target. Registers --------- 16 general purpose registers are available at any time. The first 8 registers are banked and the non-directly visible ones can be accessed by privileged instructions. In qemu, we define 24 general purpose registers and the code generation use either [0-7]+[8-15] or [16-23]+[8-15] depending on the MD and RB flags in the sr configuration register. Instructions ------------ Most sh4 instructions have been implemented. The missing ones at this time are: - FPU related instructions - LDTLB to load a new MMU entry - SLEEP to put the processor in sleep mode Most instructions could be optimized a lot. This will be worked on after the current model is fully functional unless debugging convenience requires that it is done early. Many instructions did not have a chance to be tested yet. The plan is to implement unit and regression testing of those in the future. MMU --- The MMU is implemented in the sh4 core. MMU management has not been tested at all yet. In the sh7750, it can be manipulated through memory mapped registers and this part has not yet been implemented. Exceptions ---------- Exceptions are implemented as described in the sh4 reference manual but have not been tested yet. They do not use qemu EXCP_ features yet. IRQ --- IRQ are not implemented yet. Peripheral features ------------------- + Serial ports Configuration and use of the first serial port (SCI) without interrupts is supported. Input has not yet been tested. Configuration of the second serial port (SCIF) is supported. FIFO handling infrastructure has been started but is not completed yet. + GPIO ports GPIO ports have been implemented. A registration function allows external modules to register interest in some port changes (see hw/tc58128.[ch] for an example) and will be called back. Interrupt generation is not yet supported but some infrastructure is in place for this purpose. Note that in the current model a peripheral module cannot directly simulate a H->L->H input port transition and have an interrupt generated on the low level. + TC58128 NAND flash TC58128 NAND flash is partially implemented through GPIO ports. It supports reading from flash. GDB --- GDB remote target support has been implemented and lightly tested. Files ----- File names are hardcoded at this time. The bootloader must be stored in shix_bios.bin in the current directory. The initial Linux image must be stored in shix_linux_nand.bin in the current directory in NAND format. Test files can be obtained from http://perso.enst.fr/~polti/robot/ as well as the various datasheets I use. qemu disk parameter on the command line is unused. You can supply any existing image and it will be ignored. As the goal is to simulate an embedded target, it is not clear how this parameter will be handled in the future. To build an ELF kernel image from the NAND image, 16 bytes have to be stripped off the end of every 528 bytes, keeping only 512 of them. The following Python code snippet does it: #! /usr/bin/python def denand (infd, outfd): while True: d = infd.read (528) if not d: return outfd.write (d[:512]) if __name__ == '__main__': import sys denand (open (sys.argv[1], 'rb'), open (sys.argv[2], 'wb')) Style isssues ------------- There is currently a mix between my style (space before opening parenthesis) and qemu style. This will be resolved before final integration is proposed.