[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [Bug 1701798] Re: dynamically linked binaries crash for big
|
From: |
Peter Maydell |
|
Subject: |
[Qemu-devel] [Bug 1701798] Re: dynamically linked binaries crash for big-endian targets |
|
Date: |
Tue, 07 Nov 2017 11:27:08 -0000 |
I just tested with powerpc and current head-of-git QEMU and it works:
e104462:xenial:bug-1701798$ cat hello.c
#include <stdio.h>
int main(void) {
printf("hello world\n");
return 0;
}
e104462:xenial:bug-1701798$ powerpc-linux-gnu-gcc-5 -O hello.c -o hello.powerpc
e104462:xenial:bug-1701798$ QEMU_LD_PREFIX=/usr/powerpc-linux-gnu
~/linaro/qemu-from-laptop/qemu/build/all-linux-static/ppc-linux-user/qemu-ppc
./hello.powerpc
hello world
Similarly mips, sparc64, powerpc64, hppa, mips64 are fine.
m68k is known to be not working for real m68k currently (it's mostly a
coldfire target), so not surprising that that doesn't work.
s390x still crashes:
qemu-s390x:
/home/petmay01/linaro/qemu-from-laptop/qemu/accel/tcg/translate-all.c:189:
tb_lock: Assertion `!have_tb_lock' failed.
So either we've fixed a bug here, or the problem is in your environment.
For s390, it looks like the guest is trying to use an insn we don't implement:
#0 0x0000000060215018 in raise ()
#1 0x000000006021573a in abort ()
#2 0x0000000060079a96 in op_risbg (s=0x7fffffffda10, o=0x7fffffffd950)
at /home/petmay01/linaro/qemu-from-laptop/qemu/target/s390x/translate.c:3450
#3 0x0000000060082c8b in translate_one (env=0x627f0350, s=0x7fffffffda10)
at /home/petmay01/linaro/qemu-from-laptop/qemu/target/s390x/translate.c:5824
#4 0x0000000060082f3f in gen_intermediate_code (cs=0x627e80b0,
tb=0x60794d40 <static_code_gen_buffer+56064>)
at /home/petmay01/linaro/qemu-from-laptop/qemu/target/s390x/translate.c:5925
#5 0x00000000600369aa in tb_gen_code (cpu=0x627e80b0, pc=274886359240,
cs_base=0, flags=3, cflags=0)
at
/home/petmay01/linaro/qemu-from-laptop/qemu/accel/tcg/translate-all.c:1286
#6 0x00000000600343ff in tb_find (cpu=0x627e80b0,
last_tb=0x60794c00 <static_code_gen_buffer+55744>, tb_exit=0, cf_mask=0)
at /home/petmay01/linaro/qemu-from-laptop/qemu/accel/tcg/cpu-exec.c:402
#7 0x0000000060034b36 in cpu_exec (cpu=0x627e80b0)
at /home/petmay01/linaro/qemu-from-laptop/qemu/accel/tcg/cpu-exec.c:722
#8 0x000000006003ac78 in cpu_loop (env=0x627f0350)
at /home/petmay01/linaro/qemu-from-laptop/qemu/linux-user/main.c:3255
---Type <return> to continue, or q <return> to quit---
#9 0x000000006003c68c in main (argc=2, argv=0x7fffffffe458,
envp=0x7fffffffe470)
at /home/petmay01/linaro/qemu-from-laptop/qemu/linux-user/main.c:4882
where the abort is in op_risbg() because s->fields->op2 is 0x59, which
we don't handle.
We then fail to correctly report that abort(), because linux-user has
never been very good with reporting signals caused by QEMU itself -- it
assumes signals including SIGABRT are due to the guest code and tries to
deliver them as guest signals, usually tripping itself up in the
process. We then run into the bug described in
https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg01506.html
which is why we get the have_tb_lock assertion.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1701798
Title:
dynamically linked binaries crash for big-endian targets
Status in QEMU:
New
Bug description:
On the targets
hppa
m68k
mips
mips64
powerpc
powerpc64
s390x
sparc64
dynamically linked binaries crash, but statically linked binaries work.
On the targets
aarch64
alpha
armhf
powerpc64le
sh4
both dynamically linked and statically linked binaries work.
How to reproduce:
1) On Ubuntu 16.04, install the packages
g++-5-aarch64-linux-gnu
g++-5-alpha-linux-gnu
g++-5-arm-linux-gnueabihf
g++-5-hppa-linux-gnu
g++-5-m68k-linux-gnu
g++-5-mips-linux-gnu
g++-5-mips64-linux-gnuabi64
g++-5-powerpc-linux-gnu
g++-5-powerpc64-linux-gnu
g++-5-powerpc64le-linux-gnu
g++-5-s390x-linux-gnu
g++-5-sh4-linux-gnu
g++-5-sparc64-linux-gnu
2) Install qemu 2.9.0 from source (for m68k, use the 2.7.0-m68k
code from https://github.com/vivier/qemu-m68k.git):
$ ../configure --prefix=/home/bruno/inst-qemu/2.9.0
--target-list=aarch64-softmmu,alpha-softmmu,arm-softmmu,i386-softmmu,m68k-softmmu,mips-softmmu,mipsel-softmmu,mips64-softmmu,mips64el-softmmu,ppc-softmmu,ppc64-softmmu,s390x-softmmu,sh4-softmmu,sparc-softmmu,sparc64-softmmu,x86_64-softmmu,aarch64-linux-user,alpha-linux-user,arm-linux-user,hppa-linux-user,m68k-linux-user,mips-linux-user,mipsel-linux-user,mips64-linux-user,mips64el-linux-user,ppc-linux-user,ppc64-linux-user,ppc64le-linux-user,s390x-linux-user,sh4-linux-user,sparc-linux-user,sparc64-linux-user
--disable-strip --disable-werror --enable-gtk --enable-vnc
$ make
$ make install
3) Cross-compile the programs:
$ aarch64-linux-gnu-gcc-5 -O hello.c -o hello.aarch64
$ alpha-linux-gnu-gcc-5 -O hello.c -o hello.alpha
$ arm-linux-gnueabihf-gcc-5 -O hello.c -o hello.armhf
$ hppa-linux-gnu-gcc-5 -O hello.c -o hello.hppa
$ m68k-linux-gnu-gcc-5 -O hello.c -o hello.m68k
$ mips-linux-gnu-gcc-5 -O hello.c -o hello.mips
$ mips64-linux-gnuabi64-gcc-5 -O hello.c -o hello.mips64
$ powerpc-linux-gnu-gcc-5 -O hello.c -o hello.powerpc
$ powerpc64-linux-gnu-gcc-5 -O hello.c -o hello.powerpc64
$ powerpc64le-linux-gnu-gcc-5 -O hello.c -o hello.powerpc64le
$ s390x-linux-gnu-gcc-5 -O hello.c -o hello.s390x
$ sh4-linux-gnu-gcc-5 -O hello.c -o hello.sh4
$ sparc64-linux-gnu-gcc-5 -O hello.c -o hello.sparc64
4) Run the programs:
* aarch64 works:
$ QEMU_LD_PREFIX=/usr/aarch64-linux-gnu ~/inst-qemu/2.9.0/bin/qemu-aarch64
hello.aarch64
Hello world
* alpha works:
$ QEMU_LD_PREFIX=/usr/alpha-linux-gnu ~/inst-qemu/2.9.0/bin/qemu-alpha
hello.alpha
Hello world
* armhf works:
$ QEMU_LD_PREFIX=/usr/arm-linux-gnueabihf ~/inst-qemu/2.9.0/bin/qemu-arm
hello.armhf
Hello world
* powerpc64le works:
$ QEMU_LD_PREFIX=/usr/powerpc64le-linux-gnu
~/inst-qemu/2.9.0/bin/qemu-ppc64le hello.powerpc64le
Hello world
* sh4 works:
$ QEMU_LD_PREFIX=/usr/sh4-linux-gnu ~/inst-qemu/2.9.0/bin/qemu-sh4 hello.sh4
Hello world
* ===== sparc64 does not work:
$ QEMU_LD_PREFIX=/usr/sparc64-linux-gnu ~/inst-qemu/2.9.0/bin/qemu-sparc64
hello.sparc64
Segmentation fault (core dumped)
When I copy the file to a machine with `uname -srm` = "Linux 4.5.0-2-sparc64
sparc64",
it works:
$ ./hello.sparc64
Hello world
When I copy the file and its execution environment /usr/sparc64-linux-gnu to
the
same machine and run the binary in a chroot environment:
# /bin/hello.sparc64
Hello world
* ===== mips does not work:
$ QEMU_LD_PREFIX=/usr/mips-linux-gnu ~/inst-qemu/2.9.0/bin/qemu-mips
hello.mips
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
When I copy the file to a machine with `uname -srm` = "Linux
3.16.0-4-4kc-malta mips",
it works:
$ ./hello.mips
Hello world
When I copy the file and its execution environment /usr/mips-linux-gnu to the
same machine and run the binary in a chroot environment:
# /bin/hello.mips
Hello world
* ===== mips64 does not work:
$ QEMU_LD_PREFIX=/usr/mips64-linux-gnuabi64 ~/inst-qemu/2.9.0/bin/qemu-mips64
hello.mips64
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
When I copy the file to a machine with `uname -srm` = "Linux
3.16.0-4-5kc-malta mips64",
it works:
$ ./hello.mips64
Hello world
* ===== powerpc does not work:
$ QEMU_LD_PREFIX=/usr/powerpc-linux-gnu ~/inst-qemu/2.9.0/bin/qemu-ppc
hello.powerpc
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
When I copy the file to a machine with `uname -srm` = "Linux
3.17.2-200.fc20.ppc64p7 ppc64",
it works:
$ ./hello.powerpc
Hello world
* ===== powerpc64 does not work:
$ QEMU_LD_PREFIX=/usr/powerpc64-linux-gnu ~/inst-qemu/2.9.0/bin/qemu-ppc64
hello.powerpc64
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
When I copy the file to a machine with `uname -srm` = "Linux
3.17.2-200.fc20.ppc64p7 ppc64",
it works:
$ ./hello.powerpc64
Hello world
* ===== s390x does not work:
$ QEMU_LD_PREFIX=/usr/s390x-linux-gnu ~/inst-qemu/2.9.0/bin/qemu-s390x
hello.s390x
<hangs>
$ QEMU_LD_PREFIX=/usr/s390x-linux-gnu ~/inst-qemu/2.8.1/bin/qemu-s390x
hello.s390x
qemu-s390x: /media/develdata/devel/build/qemu-2.8.1/translate-all.c:175:
tb_lock: Assertion `!have_tb_lock' failed.
Segmentation fault (core dumped)
When I copy the file to a machine with `uname -srm` = "Linux 3.16.0-4-s390x
s390x",
it works:
$ ./hello.s390x
Hello world
* ===== hppa does not work:
$ QEMU_LD_PREFIX=/usr/hppa-linux-gnu ~/inst-qemu/2.9.0/bin/qemu-hppa
hello.hppa
Segmentation fault (core dumped)
* ===== m68k does not work:
$ QEMU_LD_PREFIX=/usr/m68k-linux-gnu QEMU_CPU=m68020
~/inst-qemu/2.9.0/bin/qemu-m68k hello.m68k
qemu: uncaught target signal 4 (Illegal instruction) - core dumped
$ QEMU_LD_PREFIX=/usr/m68k-linux-gnu QEMU_CPU=m68020
~/inst-qemu/2.7.0-m68k/bin/qemu-m68k hello.m68k
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
The set of targets where it does not work is exactly the big-endian targets.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1701798/+subscriptions
- [Qemu-devel] [Bug 1701798] Re: dynamically linked binaries crash for big-endian targets, Peter Maydell, 2017/11/06
- [Qemu-devel] [Bug 1701798] Re: dynamically linked binaries crash for big-endian targets,
Peter Maydell <=
- [Qemu-devel] [Bug 1701798] Re: dynamically linked binaries crash for big-endian targets, Peter Maydell, 2017/11/07
- [Qemu-devel] [Bug 1701798] Re: dynamically linked binaries crash for big-endian targets, Bruno Haible, 2017/11/07
- [Qemu-devel] [Bug 1701798] Re: dynamically linked binaries crash for big-endian targets, Bruno Haible, 2017/11/07
- [Qemu-devel] [Bug 1701798] Re: dynamically linked binaries crash for big-endian targets, Peter Maydell, 2017/11/07
- [Qemu-devel] [Bug 1701798] Re: dynamically linked binaries crash for big-endian targets, Bruno Haible, 2017/11/07
- [Qemu-devel] [Bug 1701798] Re: dynamically linked binaries crash for big-endian targets, Bruno Haible, 2017/11/08