Commit a97fed52e57385fc749e6f6ef95be7ebdb81ba9b
1 parent
51996525
Fix reproductible crash: call cpu_loop_exit from micro-op, not from helper.c
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3311 c046a42c-6fe2-441c-8c8c-71466251a162
Showing
3 changed files
with
16 additions
and
16 deletions
target-ppc/cpu.h
| ... | ... | @@ -611,9 +611,9 @@ void do_store_sr (CPUPPCState *env, int srnum, target_ulong value); |
| 611 | 611 | target_ulong ppc_load_xer (CPUPPCState *env); |
| 612 | 612 | void ppc_store_xer (CPUPPCState *env, target_ulong value); |
| 613 | 613 | target_ulong do_load_msr (CPUPPCState *env); |
| 614 | -void do_store_msr (CPUPPCState *env, target_ulong value); | |
| 614 | +int do_store_msr (CPUPPCState *env, target_ulong value); | |
| 615 | 615 | #if defined(TARGET_PPC64) |
| 616 | -void ppc_store_msr_32 (CPUPPCState *env, uint32_t value); | |
| 616 | +int ppc_store_msr_32 (CPUPPCState *env, uint32_t value); | |
| 617 | 617 | #endif |
| 618 | 618 | |
| 619 | 619 | void do_compute_hflags (CPUPPCState *env); | ... | ... |
target-ppc/helper.c
| ... | ... | @@ -1839,7 +1839,7 @@ target_ulong do_load_msr (CPUPPCState *env) |
| 1839 | 1839 | ((target_ulong)msr_le << MSR_LE); |
| 1840 | 1840 | } |
| 1841 | 1841 | |
| 1842 | -void do_store_msr (CPUPPCState *env, target_ulong value) | |
| 1842 | +int do_store_msr (CPUPPCState *env, target_ulong value) | |
| 1843 | 1843 | { |
| 1844 | 1844 | int enter_pm; |
| 1845 | 1845 | |
| ... | ... | @@ -1921,21 +1921,15 @@ void do_store_msr (CPUPPCState *env, target_ulong value) |
| 1921 | 1921 | default: |
| 1922 | 1922 | break; |
| 1923 | 1923 | } |
| 1924 | - if (enter_pm) { | |
| 1925 | - if (likely(!env->halted)) { | |
| 1926 | - /* power save: exit cpu loop */ | |
| 1927 | - env->halted = 1; | |
| 1928 | - env->exception_index = EXCP_HLT; | |
| 1929 | - cpu_loop_exit(); | |
| 1930 | - } | |
| 1931 | - } | |
| 1924 | + | |
| 1925 | + return enter_pm; | |
| 1932 | 1926 | } |
| 1933 | 1927 | |
| 1934 | 1928 | #if defined(TARGET_PPC64) |
| 1935 | -void ppc_store_msr_32 (CPUPPCState *env, uint32_t value) | |
| 1929 | +int ppc_store_msr_32 (CPUPPCState *env, uint32_t value) | |
| 1936 | 1930 | { |
| 1937 | - do_store_msr(env, | |
| 1938 | - (do_load_msr(env) & ~0xFFFFFFFFULL) | (value & 0xFFFFFFFF)); | |
| 1931 | + return do_store_msr(env, (do_load_msr(env) & ~0xFFFFFFFFULL) | | |
| 1932 | + (value & 0xFFFFFFFF)); | |
| 1939 | 1933 | } |
| 1940 | 1934 | #endif |
| 1941 | 1935 | ... | ... |
target-ppc/op.c
| ... | ... | @@ -351,7 +351,10 @@ void OPPROTO op_load_msr (void) |
| 351 | 351 | |
| 352 | 352 | void OPPROTO op_store_msr (void) |
| 353 | 353 | { |
| 354 | - do_store_msr(env, T0); | |
| 354 | + if (do_store_msr(env, T0)) { | |
| 355 | + env->halted = 1; | |
| 356 | + do_raise_exception(EXCP_HLT); | |
| 357 | + } | |
| 355 | 358 | RETURN(); |
| 356 | 359 | } |
| 357 | 360 | |
| ... | ... | @@ -365,7 +368,10 @@ void OPPROTO op_update_riee (void) |
| 365 | 368 | #if defined (TARGET_PPC64) |
| 366 | 369 | void OPPROTO op_store_msr_32 (void) |
| 367 | 370 | { |
| 368 | - ppc_store_msr_32(env, T0); | |
| 371 | + if (ppc_store_msr_32(env, T0)) { | |
| 372 | + env->halted = 1; | |
| 373 | + do_raise_exception(EXCP_HLT); | |
| 374 | + } | |
| 369 | 375 | RETURN(); |
| 370 | 376 | } |
| 371 | 377 | #endif | ... | ... |