QEMU

infinite loop due to improper deal with "eret" on mips32

Bug #1757363 reported by dantachen
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
QEMU
Expired
Undecided
Unassigned

Bug Description

1.qemu 2.9.1 release on the official web build with tcg
2.cmd: qemu-system-mips -kernel kernelfile
3. host: ubuntu 16.04.1 with linux kernel 4.6.2 x86_64
   guest: mips bigendian 32bit (tplink firmware)

detail:

static inline void exception_return(CPUMIPSState *env)
{
    debug_pre_eret(env);
    if (env->CP0_Status & (1 << CP0St_ERL)) {
        set_pc(env, env->CP0_ErrorEPC);
        env->CP0_Status &= ~(1 << CP0St_ERL);
    } else {
        set_pc(env, env->CP0_EPC);
        env->CP0_Status &= ~(1 << CP0St_EXL);====================> ISSUE????
    }
    compute_hflags(env);
    debug_post_eret(env);
}

void helper_eret(CPUMIPSState *env)
{
    exception_return(env);
    env->lladdr = 1;
}

In the Issue Line, there is no check CP0_Status whether int is disabled (should not enter int routine),
that result in the cpu can not jump out the int routine.

Tags: mips
Philippe Mathieu-Daudé (philmd)
tags: added: mips
Revision history for this message
Philippe Mathieu-Daudé (philmd) wrote :

What model/cpu is your router?

Which MIPS guest CPU are you using? Are you sure it matches the CPU of your router?

Is your tplink firmware publicly available? (to reproduce your problem).

Revision history for this message
Philippe Mathieu-Daudé (philmd) wrote :

My guess is your router CPU doesn't match the ISA (likely your CPU has extensions to the 24Kf ISA).

Changed in qemu:
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for QEMU because there has been no activity for 60 days.]

Changed in qemu:
status: Incomplete → Expired
Revision history for this message
Alexey (str1ker) wrote :

This seems to affect me too; I have a loop on interrupt handler after the first interrupt called.

The version of qemu is latest 3.1 from upstream, so this is not Ubuntu issue.

However, have you done with it? Just commenting out

env->CP0_Status &= ~(1 << CP0St_EXL);

does not help.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.