Patchwork segfault on current HEAD, qemu-system-arm

On Sun, Oct 2, 2011 at 2:20 PM, Avi Kivity <avi@redhat.com> wrote:
> 3917149 gives me this:
>
> [root@westmere-ep arm-test]# gdb --args qemu-system-arm -kernel
> zImage.integrator -initrd arm_root.img
> GNU gdb (GDB) Fedora (7.3-41.fc15)
> Copyright (C) 2011 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later
> <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "x86_64-redhat-linux-gnu".
> For bug reporting instructions, please see:
> <http://www.gnu.org/software/gdb/bugs/>...
> Reading symbols from /usr/local/bin/qemu-system-arm...done.
> (gdb) r
> Starting program: /usr/local/bin/qemu-system-arm -kernel zImage.integrator
> -initrd arm_root.img
> [Thread debugging using libthread_db enabled]
> [New Thread 0x7ffff4a5d700 (LWP 12467)]
>
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 0x7ffff4a5d700 (LWP 12467)]
> 0x00000000005bcee6 in get_phys_addr (env=0x0, address=0, access_type=2,
> is_user=0, phys_ptr=0x7ffff4a5c994, prot=0x7ffff4a5c99c, page_size=
>    0x7ffff4a5c998) at /home/tlv/akivity/qemu/target-arm/helper.c:1275
> 1275            address += env->cp15.c13_fcse;
> Missing separate debuginfos, use: debuginfo-install
> SDL-1.2.14-11.fc15.x86_64 bzip2-libs-1.0.6-3.fc15.x86_64
> celt051-0.5.1.3-3.fc15.x86_64 cyrus-sasl-lib-2.1.23-18.fc15.x86_64
> glib2-2.28.8-1.fc15.x86_64 glibc-2.14-5.x86_64
> keyutils-libs-1.2-7.fc15.x86_64 krb5-libs-1.9.1-5.fc15.x86_64
> libX11-1.4.3-1.fc15.x86_64 libXau-1.0.6-2.fc15.x86_64
> libXcursor-1.1.11-3.fc15.x86_64 libXext-1.2.0-2.fc15.x86_64
> libXfixes-5.0-1.fc15.x86_64 libXrandr-1.3.1-2.fc15.x86_64
> libXrender-0.9.6-2.fc15.x86_64 libcom_err-1.41.14-2.fc15.x86_64
> libcurl-7.21.3-9.fc15.x86_64 libgcc-4.6.0-10.fc15.x86_64
> libidn-1.19-2.fc15.x86_64 libjpeg-turbo-1.1.1-1.fc15.x86_64
> libpng-1.2.46-1.fc15.x86_64 libselinux-2.0.99-4.fc15.x86_64
> libssh2-1.2.7-1.fc15.x86_64 libxcb-1.7-2.fc15.x86_64
> ncurses-libs-5.8-2.20110319.fc15.x86_64 nspr-4.8.8-1.fc15.x86_64
> nss-3.12.10-5.fc15.x86_64 nss-softokn-freebl-3.12.10-2.fc15.x86_64
> nss-util-3.12.10-1.fc15.x86_64 openldap-2.4.24-3.fc15.x86_64
> openssl-1.0.0d-1.fc15.x86_64 pixman-0.20.2-2.fc15.x86_64
> spice-server-0.8.1-1.fc15.x86_64 xen-libs-4.1.1-3.fc15.x86_64
> xz-libs-5.0.3-1.fc15.x86_64 zlib-1.2.5-3.fc15.x86_64
> (gdb) bt
> #0  0x00000000005bcee6 in get_phys_addr (env=0x0, address=0, access_type=2,
> is_user=0, phys_ptr=0x7ffff4a5c994, prot=0x7ffff4a5c99c, page_size=
>    0x7ffff4a5c998) at /home/tlv/akivity/qemu/target-arm/helper.c:1275
> #1  0x00000000005bd036 in cpu_arm_handle_mmu_fault (env=0x0, address=0,
> access_type=2, mmu_idx=0)
>    at /home/tlv/akivity/qemu/target-arm/helper.c:1305

Bah, bug in bccd9ec5f098668576342c83d90d6d6833d61d33,
target-arm/op_helper.c missed this change unlike all other targets:
         if (retaddr) {

> #2  0x000000000061ceba in tlb_fill (env1=0x1293c40, addr=0, is_write=2,
> mmu_idx=0, retaddr=0x0)
>    at /home/tlv/akivity/qemu/target-arm/op_helper.c:87
> #3  0x00000000005a0a99 in __ldb_cmmu (addr=0, mmu_idx=0) at
> /home/tlv/akivity/qemu/softmmu_template.h:139
> #4  0x00000000005934c9 in ldub_code (ptr=0) at
> /home/tlv/akivity/qemu/softmmu_header.h:96
> #5  0x00000000005935ad in get_page_addr_code (env1=0x1293c40, addr=0) at
> /home/tlv/akivity/qemu/exec-all.h:333
> #6  0x0000000000593889 in tb_find_slow (env=0x1293c40, pc=0, cs_base=0,
> flags=64) at /home/tlv/akivity/qemu/cpu-exec.c:95
> #7  0x0000000000593ae4 in tb_find_fast (env=0x1293c40) at
> /home/tlv/akivity/qemu/cpu-exec.c:151
> #8  0x0000000000593f0a in cpu_arm_exec (env=0x1293c40) at
> /home/tlv/akivity/qemu/cpu-exec.c:533
> #9  0x0000000000596007 in tcg_cpu_exec (env=0x1293c40) at
> /home/tlv/akivity/qemu/cpus.c:913
> #10 0x0000000000596113 in cpu_exec_all () at
> /home/tlv/akivity/qemu/cpus.c:949
> #11 0x00000000005957ec in qemu_tcg_cpu_thread_fn (arg=0x1293c40) at
> /home/tlv/akivity/qemu/cpus.c:688
> #12 0x000000341d407b31 in start_thread () from /lib64/libpthread.so.0
> #13 0x000000341d0dfd2d in clone () from /lib64/libc.so.6
>
> --
> error compiling committee.c: too many arguments to function
>
>
>

On 2 October 2011 19:44, Blue Swirl <blauwirbel@gmail.com> wrote:
> Bah, bug in bccd9ec5f098668576342c83d90d6d6833d61d33,
> target-arm/op_helper.c missed this change unlike all other targets:
> diff --git a/target-arm/op_helper.c b/target-arm/op_helper.c
> index ab9c923..1892b35 100644
> --- a/target-arm/op_helper.c
> +++ b/target-arm/op_helper.c
> @@ -84,6 +84,7 @@ void tlb_fill(CPUState *env1, target_ulong addr, int
> is_write, int mmu_idx,
>     int ret;
>
>     saved_env = env;
> +    env = env1;
>     ret = cpu_arm_handle_mmu_fault(env, addr, is_write, mmu_idx);
>     if (unlikely(ret)) {
>         if (retaddr) {
>

This fixes the segfault for me.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

-- PMM

On Wed, Oct 5, 2011 at 1:22 PM, Peter Maydell <peter.maydell@linaro.org> wrote:
> On 2 October 2011 19:44, Blue Swirl <blauwirbel@gmail.com> wrote:
>> Bah, bug in bccd9ec5f098668576342c83d90d6d6833d61d33,
>> target-arm/op_helper.c missed this change unlike all other targets:
>> diff --git a/target-arm/op_helper.c b/target-arm/op_helper.c
>> index ab9c923..1892b35 100644
>> --- a/target-arm/op_helper.c
>> +++ b/target-arm/op_helper.c
>> @@ -84,6 +84,7 @@ void tlb_fill(CPUState *env1, target_ulong addr, int
>> is_write, int mmu_idx,
>>     int ret;
>>
>>     saved_env = env;
>> +    env = env1;
>>     ret = cpu_arm_handle_mmu_fault(env, addr, is_write, mmu_idx);
>>     if (unlikely(ret)) {
>>         if (retaddr) {
>>
>
> This fixes the segfault for me.
>
> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

Thanks for the review, applied.