[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [Bug 1035572] Re: Bug in Qemu User Mode
From: |
Dietmar Stölting |
Subject: |
[Qemu-devel] [Bug 1035572] Re: Bug in Qemu User Mode |
Date: |
Sun, 12 Aug 2012 14:18:53 -0000 |
Hi,
I just make a test if my thoughts are right. On a Wheezy debian i386 I type in
comandline
qemu-i386 -strace clonemi
(clonemi is the program testclone but with the endless loops in waitpid at its
end put out.)
The result is exact like on Raspberry Pi with ARM 1176 processor.
So you can see, that the error belongs to the try of building TWO threads in
the guest i386,
independ which host you have,
Dietmar
PS: Again the parent_tidptr and the child_tidptr are different in the SAME
clone(),
but are identic to the values in the other thread with clone(). What does this
mean?
address@hidden:/home/didi2# qemu-i386 -strace clonemi
12270 brk(NULL) = 0x0804a000
12270 uname(0x408007fa) = 0
12270 access("/etc/ld.so.nohwcap",F_OK) = -1 errno=2 (No such file or directory)
12270 mmap2(NULL,8192,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) =
0x40821000
12270 access("/etc/ld.so.preload",R_OK) = -1 errno=2 (No such file or directory)
12270 open("/etc/ld.so.cache",O_RDONLY) = 3
12270 fstat64(3,0x408004b4) = 0
12270 mmap2(NULL,78819,PROT_READ,MAP_PRIVATE,3,0) = 0x40823000
12270 close(3) = 0
12270 access("/etc/ld.so.nohwcap",F_OK) = -1 errno=2 (No such file or directory)
12270 open("/lib/i386-linux-gnu/i686/cmov/libc.so.6",O_RDONLY) = 3
12270 read(3,0x408005e8,512) = 512
12270 fstat64(3,0x40800508) = 0
12270 mmap2(NULL,1427832,PROT_EXEC|PROT_READ,MAP_PRIVATE|MAP_DENYWRITE,3,0) =
0x40837000
12270 mprotect(0x4098d000,4096,PROT_NONE) = 0
12270
mmap2(0x4098e000,12288,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_DENYWRITE|MAP_FIXED,3,0x156)
= 0x4098e000
12270
mmap2(0x40991000,10616,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED,-1,0)
= 0x40991000
12270 close(3) = 0
12270 mmap2(NULL,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) =
0x40994000
12270 set_thread_area(1082132912,1082253300,1083786944,1,0,1082132940) = 0
12270 mprotect(0x4098e000,8192,PROT_READ) = 0
12270 mprotect(0x4081d000,4096,PROT_READ) = 0
12270 munmap(0x40823000,78819) = 0
12270 mmap2(NULL,266240,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) =
0x40995000
12270
clone(CLONE_VM|CLONE_FS|CLONE_FILES|0x11,child_stack=0x409d4fe4,parent_tidptr=0x4080f590,tls=0x08049a34,child_tidptr=0x40800ab8)
= 12271
12270 mmap2(NULL,266240,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) =
0x409d6000
12270
clone(CLONE_VM|CLONE_FS|CLONE_FILES|0x11,child_stack=0x40a15fe4,parent_tidptr=0x4080f590,tls=0x08049a34,child_tidptr=0x40800ab8)
= 12272
12270 fstat64(1,0x408003b4) = 0
12270 write(1,0x409d4ddc,18)thread1: 0 hello1
12270 write(1,0x40a15ddc,18)thread2: 0 hello2
= 18
12270 mmap2(NULL,4096,PROT_READ|PROT_WRITE,12270
nanosleep(1084050848,0,134514044,0,1809,1084050856) = 18
MAP_PRIVATE|MAP_ANONYMOUS,-1,0)12270
nanosleep(1084317088,0,134514175,0,1809,1084317096) = 0x40a17000
12270 write(1,0x40a17000,18)status1=0x80487ab
= 18
12270 write(1,0x40a17000,19)status2=0x40800ab8
= 19
12270 write(1,0x40a17000,19)End of clone test.
= 19
12270 exit_group(0)
address@hidden:/home/didi2#
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1035572
Title:
Bug in Qemu User Mode
Status in QEMU:
New
Bug description:
Hi,
I make an interesting discovery.
My aim is to have a working qemu-i386 on Raspberry Pi.
After long searching in the dark what goes wrong with ANY Qemu version for
User Mode until today,
I find the following: The bug must be in at least one function, that the
program testclone
from the testpackage for i386 in linux-user-test-0.3 calls.
The wrong function is in the part, which enables more than one thread at the
same time, NPTL.
Funny, how I find this out: All the programs from the tests in
linux-user-test-0.3 I can now run succesfull with my new builded qemu-i386 for
Raspi.
But the program testclone does not stop after it gives out all the right
messages.
The program testclone stops on my Desktop computer with Debian Wheezy
installed.
So, the error is not in the program testclone.
So I make a look, what is going on there with strace. With strace you get
informations about all the values in the working program, here testclone.
I see, that the reason, why testclone not stops is in an infinite loop
because of
while (waitpid(pid1, &status1, 0) != pid1);
while (waitpid(pid2, &status2, 0) != pid2);
at its end is never fullfilled.
This is the reason for the famous error message from Qemu User Mode
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault
stack1 = malloc(STACK_SIZE);
pid1 = clone(thread1_func, stack1 + STACK_SIZE,
CLONE_VM | CLONE_FS | CLONE_FILES | SIGCHLD, "hello1");
stack2 = malloc(STACK_SIZE);
pid2 = clone(thread2_func, stack2 + STACK_SIZE,
CLONE_VM | CLONE_FS | CLONE_FILES | SIGCHLD, "hello2");
The error happens early in the program testclone. Strace says, it is because
no childprocess at all can be found. So, some basiccalculations in those four
lines must be done wrong from Qemu.
I think, that the adressspace for each thread is calculated wrong, or
overlapps.
Funny, it has nothing to do with the ARM processor. I get exact the same
errormessages, when I run the program testclone on my desktopcompi i386 with a
Wheezy in Qemu and then qemu-i386 testclone.
This is a good message, because it means it is an error, that belongs at
least to the i386 family but I think, every processor in Qemu User Mode is
involved, so until now NPTL does not work.
Today I make a hand by hand calculation with the source code from testclone
and compare it with the values, that Qemu User Mode give. The handcalculated
values should be the same which my
Desktop computer with Wheezy with tesclone produces, but who knows,
Dietmar
PS: I hope, that this is the right source code for testclone. Any help
is welcome:-)!
Code: Select all
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <signal.h>
#include <unistd.h>
#include <inttypes.h>
#include <pthread.h>
#include <sys/wait.h>
#include <sched.h>
int thread1_func(void *arg)
{
int i;
char buf[512];
for(i=0;i<10;i++) {
snprintf(buf, sizeof(buf), "thread1: %d %s\n", i, (char *)arg);
write(1, buf, strlen(buf));
usleep(100 * 1000);
}
return 0;
}
int thread2_func(void *arg)
{
int i;
char buf[512];
for(i=0;i<20;i++) {
snprintf(buf, sizeof(buf), "thread2: %d %s\n", i, (char *)arg);
write(1, buf, strlen(buf));
usleep(120 * 1000);
}
return 0;
}
#define STACK_SIZE 16384
void test_clone(void)
{
uint8_t *stack1, *stack2;
int pid1, pid2, status1, status2;
stack1 = malloc(STACK_SIZE);
pid1 = clone(thread1_func, stack1 + STACK_SIZE,
CLONE_VM | CLONE_FS | CLONE_FILES | SIGCHLD, "hello1");
stack2 = malloc(STACK_SIZE);
pid2 = clone(thread2_func, stack2 + STACK_SIZE,
CLONE_VM | CLONE_FS | CLONE_FILES | SIGCHLD, "hello2");
while (waitpid(pid1, &status1, 0) != pid1);
while (waitpid(pid2, &status2, 0) != pid2);
printf("status1=0x%x\n", status1);
printf("status2=0x%x\n", status2);
printf("End of clone test.\n");
}
int main(int argc, char **argv)
{
test_clone();
return 0;
}
Posts: 210
Joined: 04 Sep 2011 17:43
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1035572/+subscriptions
[Prev in Thread] |
Current Thread |
[Next in Thread] |