[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [Bug 604872] Re: qemu-system-arm segfaults emulating versat
|
From: |
Peter Maydell |
|
Subject: |
[Qemu-devel] [Bug 604872] Re: qemu-system-arm segfaults emulating versatile machine after running debootstrap --second-stage inside vm |
|
Date: |
Thu, 23 Dec 2010 23:58:09 -0000 |
I've analysed this segfault. The problem is that we're not correctly
taking account of the IT state on entry to a Thumb translation block if
we're retranslating it for cpu_restore_state().
The offending TB here is:
0x0003dc00: movle r2, #0
0x0003dc02: ldr r1, [pc, #644] (0x3de88)
0x0003dc04: cmp r3, #2
0x0003dc06: str r2, [r1, #0]
0x0003dc08: it eq
0x0003dc0a: ldreq r3, [r5, #8]
0x0003dc0c: beq.w 0x3ddce
where the 'le' is because the TB before that ended with an 'it le'. When
we execute this the str gets a data abort. qemu handles this by calling
cpu_restore_state(), which reruns the translation process but this time
generating a mapping between target and host addresses, so we can turn
the host PC of the fault into a target PC. Unfortunately we retranslate
without taking account of what the IT state at the start of the TB
should have been:
0x0003dc00: movs r2, #0
0x0003dc02: ldr r1, [pc, #644] (0x3de88)
0x0003dc04: cmp r3, #2
0x0003dc06: str r2, [r1, #0]
0x0003dc08: it eq
0x0003dc0a: ldreq r3, [r5, #8]
0x0003dc0c: beq.w 0x3ddce
...note that that mov has become unconditional. (It's not just the disassembly,
the generated intermediate code changes too.)
Since cpu_restore_state() works by (a) actually rewriting the translated code
into the buffer and (b) stopping when we get to the PC which faulted, this
means we end up writing over the old generated code with half of a different
version of the generated code. This is never going to go well, and we end up
jumping off into the weeds the next time we execute the TB.
I think this is related to but not the same as
https://bugs.launchpad.net/qemu/+bug/581335.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/604872
Title:
qemu-system-arm segfaults emulating versatile machine after running
debootstrap --second-stage inside vm
Status in QEMU:
New
Status in “qemu-kvm” package in Ubuntu:
Triaged
Bug description:
Binary package hint: qemu-kvm
As I'm now implementing the support for creating a rootstock rootfs without
requiring root, I need to run the deboostrap' second stage inside a VM, to
correctly install the packages into the rootfs.
qemu-system-arm fails right after debootstrap finish the second stage, giving a
segmentation fault.
Command:
qemu-system-arm -M versatilepb -cpu cortex-a8 -kernel vmlinuz -no-reboot
-nographic -drive file=qemu-armel-201007122016.img,aio=native,cache=none -m 256
-append 'console=ttyAMA0,115200n8 root=/dev/sda rw mem=256M devtmpfs.mount=0
init=/bin/installer'
Uncompressing
Linux.................................................................................................................................................................................................
done, booting the kernel.
[ 0.000000] Initializing cgroup subsys cpuset
[ 0.000000] Initializing cgroup subsys cpu
[ 0.000000] Linux version 2.6.32-21-versatile (address@hidden) (gcc version
4.4.3 (Ubuntu 4.4.3-4ubuntu5) ) #32-Ubuntu Fri Apr 16 08:14:53 UTC 2010 (Ubuntu
2.6.32-21.32-versatile 2.6.32.11+drm33.2)
...
I: Base system installed successfully.
I: Starting basic services in VM
Segmentation fault (core dumped)
[492816.197352] qemu-system-arm[16024]: segfault at ffffffffcf6ba8fc ip
ffffffffcf6ba8fc sp 00007fffd0e68680 error 14
Image:
* rootfs: http://rsalveti.net/pub/ubuntu/rootstock/qemu-armel-201007122016.img
(md5 1d063ac8a65c798bb004cd1c4c7970c5)
* kernel:
http://ports.ubuntu.com/ubuntu-ports/dists/lucid/main/installer-armel/current/images/versatile/netboot/vmlinuz
I'm able to reproduce the bug on Maverick (amd64) and Lucid (x86).
Maverick qemu-kvm-extras: 0.12.4+noroms-0ubuntu4
Lucid qemu-kvm-extras: 0.12.3+noroms-0ubuntu9.2
ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: qemu-kvm-extras 0.12.4+noroms-0ubuntu4
ProcVersionSignature: Ubuntu 2.6.35-6.9-generic 2.6.35-rc3
Uname: Linux 2.6.35-6-generic x86_64
Architecture: amd64
Date: Mon Jul 12 18:55:35 2010
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release amd64 (20100427.1)
KvmCmdLine: Error: command ['ps', '-C', 'kvm', '-F'] failed with exit code 1:
UID PID PPID C SZ RSS PSR STIME TTY TIME CMD
MachineType: LENOVO 2764CTO
PccardctlIdent:
Socket 0:
no product info available
PccardctlStatus:
Socket 0:
no card
ProcCmdLine: BOOT_IMAGE=/vmlinuz-2.6.35-6-generic root=/dev/mapper/primary-root
ro crashkernel=384M-2G:64M,2G-:128M quiet splash
ProcEnviron:
LANG=en_US.utf8
SHELL=/bin/bash
SourcePackage: qemu-kvm
dmi.bios.date: 04/19/2010
dmi.bios.vendor: LENOVO
dmi.bios.version: 7UET86WW (3.16 )
dmi.board.name: 2764CTO
dmi.board.vendor: LENOVO
dmi.board.version: Not Available
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Not Available
dmi.modalias:
dmi:bvnLENOVO:bvr7UET86WW(3.16):bd04/19/2010:svnLENOVO:pn2764CTO:pvrThinkPadT400:rvnLENOVO:rn2764CTO:rvrNotAvailable:cvnLENOVO:ct10:cvrNotAvailable:
dmi.product.name: 2764CTO
dmi.product.version: ThinkPad T400
dmi.sys.vendor: LENOVO
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-devel] [Bug 604872] Re: qemu-system-arm segfaults emulating versatile machine after running debootstrap --second-stage inside vm,
Peter Maydell <=