* [Bug 1878645] [NEW] null-ptr dereference in tcg_handle_interrupt
@ 2020-05-14 16:07 Alexander Bulekov
2020-06-29 16:03 ` [Bug 1878645] " Alexander Bulekov
` (4 more replies)
0 siblings, 5 replies; 98+ messages in thread
From: Alexander Bulekov @ 2020-05-14 16:07 UTC (permalink / raw)
To: qemu-devel
Public bug reported:
Hello,
While fuzzing, I found an input which triggers a NULL pointer dereference in
tcg_handle_interrupt. It seems the culprint is a "cpu" pointer - maybe this bug
is specific to QTest?
==23862==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000000b4 (pc 0x55b9dc7c9dce bp 0x7ffc346a0900 sp 0x7ffc346a0880 T0)
==23862==The signal is caused by a READ memory access.
==23862==Hint: address points to the zero page.
#0 0x55b9dc7c9dce in tcg_handle_interrupt /home/alxndr/Development/qemu/accel/tcg/tcg-all.c:57:21
#1 0x55b9dc904799 in cpu_interrupt /home/alxndr/Development/qemu/include/hw/core/cpu.h:872:5
#2 0x55b9dc9085e8 in ich9_apm_ctrl_changed /home/alxndr/Development/qemu/hw/isa/lpc_ich9.c:442:13
#3 0x55b9dd19cdc8 in apm_ioport_writeb /home/alxndr/Development/qemu/hw/isa/apm.c:50:13
#4 0x55b9dc73f8b4 in memory_region_write_accessor /home/alxndr/Development/qemu/memory.c:483:5
#5 0x55b9dc73f289 in access_with_adjusted_size /home/alxndr/Development/qemu/memory.c:544:18
#6 0x55b9dc73ddf5 in memory_region_dispatch_write /home/alxndr/Development/qemu/memory.c:1476:16
#7 0x55b9dc577bf3 in flatview_write_continue /home/alxndr/Development/qemu/exec.c:3137:23
#8 0x55b9dc567ad8 in flatview_write /home/alxndr/Development/qemu/exec.c:3177:14
#9 0x55b9dc567608 in address_space_write /home/alxndr/Development/qemu/exec.c:3268:18
#10 0x55b9dc723fe7 in cpu_outb /home/alxndr/Development/qemu/ioport.c:60:5
#11 0x55b9dc72d3c0 in qtest_process_command /home/alxndr/Development/qemu/qtest.c:392:13
#12 0x55b9dc72b186 in qtest_process_inbuf /home/alxndr/Development/qemu/qtest.c:710:9
#13 0x55b9dc72a8b3 in qtest_read /home/alxndr/Development/qemu/qtest.c:722:5
#14 0x55b9ddc6e60b in qemu_chr_be_write_impl /home/alxndr/Development/qemu/chardev/char.c:183:9
#15 0x55b9ddc6e75a in qemu_chr_be_write /home/alxndr/Development/qemu/chardev/char.c:195:9
#16 0x55b9ddc77979 in fd_chr_read /home/alxndr/Development/qemu/chardev/char-fd.c:68:9
#17 0x55b9ddcff0e9 in qio_channel_fd_source_dispatch /home/alxndr/Development/qemu/io/channel-watch.c:84:12
#18 0x7f7161eac897 in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4e897)
#19 0x55b9ddebcb84 in glib_pollfds_poll /home/alxndr/Development/qemu/util/main-loop.c:219:9
#20 0x55b9ddebb57d in os_host_main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:242:5
#21 0x55b9ddebb176 in main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:518:11
#22 0x55b9dcb4bd1d in qemu_main_loop /home/alxndr/Development/qemu/softmmu/vl.c:1664:9
#23 0x55b9ddd1629c in main /home/alxndr/Development/qemu/softmmu/main.c:49:5
#24 0x7f7160a5ce0a in __libc_start_main /build/glibc-GwnBeO/glibc-2.30/csu/../csu/libc-start.c:308:16
#25 0x55b9dc49c819 in _start (/home/alxndr/Development/qemu/build/i386-softmmu/qemu-system-i386+0xc9c819)
I can reproduce this in qemu 5.0 built with AddressSanitizer using these qtest commands:
cat << EOF | ./qemu-system-i386 \
-qtest stdio -nographic -monitor none -serial none \
-M pc-q35-5.0
outl 0xcf8 0x8400f841
outl 0xcfc 0xaa215d6d
outl 0x6d30 0x2ef8ffbe
outb 0xb2 0x20
EOF
Please let me know if I can provide any further info.
-Alex
** Affects: qemu
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1878645
Title:
null-ptr dereference in tcg_handle_interrupt
Status in QEMU:
New
Bug description:
Hello,
While fuzzing, I found an input which triggers a NULL pointer dereference in
tcg_handle_interrupt. It seems the culprint is a "cpu" pointer - maybe this bug
is specific to QTest?
==23862==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000000b4 (pc 0x55b9dc7c9dce bp 0x7ffc346a0900 sp 0x7ffc346a0880 T0)
==23862==The signal is caused by a READ memory access.
==23862==Hint: address points to the zero page.
#0 0x55b9dc7c9dce in tcg_handle_interrupt /home/alxndr/Development/qemu/accel/tcg/tcg-all.c:57:21
#1 0x55b9dc904799 in cpu_interrupt /home/alxndr/Development/qemu/include/hw/core/cpu.h:872:5
#2 0x55b9dc9085e8 in ich9_apm_ctrl_changed /home/alxndr/Development/qemu/hw/isa/lpc_ich9.c:442:13
#3 0x55b9dd19cdc8 in apm_ioport_writeb /home/alxndr/Development/qemu/hw/isa/apm.c:50:13
#4 0x55b9dc73f8b4 in memory_region_write_accessor /home/alxndr/Development/qemu/memory.c:483:5
#5 0x55b9dc73f289 in access_with_adjusted_size /home/alxndr/Development/qemu/memory.c:544:18
#6 0x55b9dc73ddf5 in memory_region_dispatch_write /home/alxndr/Development/qemu/memory.c:1476:16
#7 0x55b9dc577bf3 in flatview_write_continue /home/alxndr/Development/qemu/exec.c:3137:23
#8 0x55b9dc567ad8 in flatview_write /home/alxndr/Development/qemu/exec.c:3177:14
#9 0x55b9dc567608 in address_space_write /home/alxndr/Development/qemu/exec.c:3268:18
#10 0x55b9dc723fe7 in cpu_outb /home/alxndr/Development/qemu/ioport.c:60:5
#11 0x55b9dc72d3c0 in qtest_process_command /home/alxndr/Development/qemu/qtest.c:392:13
#12 0x55b9dc72b186 in qtest_process_inbuf /home/alxndr/Development/qemu/qtest.c:710:9
#13 0x55b9dc72a8b3 in qtest_read /home/alxndr/Development/qemu/qtest.c:722:5
#14 0x55b9ddc6e60b in qemu_chr_be_write_impl /home/alxndr/Development/qemu/chardev/char.c:183:9
#15 0x55b9ddc6e75a in qemu_chr_be_write /home/alxndr/Development/qemu/chardev/char.c:195:9
#16 0x55b9ddc77979 in fd_chr_read /home/alxndr/Development/qemu/chardev/char-fd.c:68:9
#17 0x55b9ddcff0e9 in qio_channel_fd_source_dispatch /home/alxndr/Development/qemu/io/channel-watch.c:84:12
#18 0x7f7161eac897 in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4e897)
#19 0x55b9ddebcb84 in glib_pollfds_poll /home/alxndr/Development/qemu/util/main-loop.c:219:9
#20 0x55b9ddebb57d in os_host_main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:242:5
#21 0x55b9ddebb176 in main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:518:11
#22 0x55b9dcb4bd1d in qemu_main_loop /home/alxndr/Development/qemu/softmmu/vl.c:1664:9
#23 0x55b9ddd1629c in main /home/alxndr/Development/qemu/softmmu/main.c:49:5
#24 0x7f7160a5ce0a in __libc_start_main /build/glibc-GwnBeO/glibc-2.30/csu/../csu/libc-start.c:308:16
#25 0x55b9dc49c819 in _start (/home/alxndr/Development/qemu/build/i386-softmmu/qemu-system-i386+0xc9c819)
I can reproduce this in qemu 5.0 built with AddressSanitizer using these qtest commands:
cat << EOF | ./qemu-system-i386 \
-qtest stdio -nographic -monitor none -serial none \
-M pc-q35-5.0
outl 0xcf8 0x8400f841
outl 0xcfc 0xaa215d6d
outl 0x6d30 0x2ef8ffbe
outb 0xb2 0x20
EOF
Please let me know if I can provide any further info.
-Alex
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1878645/+subscriptions
^ permalink raw reply [flat|nested] 98+ messages in thread
* [Bug 1878645] Re: null-ptr dereference in tcg_handle_interrupt
2020-05-14 16:07 [Bug 1878645] [NEW] null-ptr dereference in tcg_handle_interrupt Alexander Bulekov
@ 2020-06-29 16:03 ` Alexander Bulekov
2020-06-29 19:00 ` Alex Bennée
2020-06-29 17:57 ` [Bug 1878645] Re: null-ptr dereference in ich9_apm_ctrl_changed Philippe Mathieu-Daudé
` (3 subsequent siblings)
4 siblings, 1 reply; 98+ messages in thread
From: Alexander Bulekov @ 2020-06-29 16:03 UTC (permalink / raw)
To: qemu-devel
I don't think this is a qtest-specific error:
cat << EOF| qemu-system-i386 -M q35 -nographic -serial none -monitor stdio
o/4 0xcf8 0x8400f841
o/4 0xcfc 0xaa215d6d
o/4 0x6d30 0x2ef8ffbe
o/1 0xb2 0x20
EOF
...
Segmentation fault
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1878645
Title:
null-ptr dereference in tcg_handle_interrupt
Status in QEMU:
New
Bug description:
Hello,
While fuzzing, I found an input which triggers a NULL pointer dereference in
tcg_handle_interrupt. It seems the culprint is a "cpu" pointer - maybe this bug
is specific to QTest?
==23862==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000000b4 (pc 0x55b9dc7c9dce bp 0x7ffc346a0900 sp 0x7ffc346a0880 T0)
==23862==The signal is caused by a READ memory access.
==23862==Hint: address points to the zero page.
#0 0x55b9dc7c9dce in tcg_handle_interrupt /home/alxndr/Development/qemu/accel/tcg/tcg-all.c:57:21
#1 0x55b9dc904799 in cpu_interrupt /home/alxndr/Development/qemu/include/hw/core/cpu.h:872:5
#2 0x55b9dc9085e8 in ich9_apm_ctrl_changed /home/alxndr/Development/qemu/hw/isa/lpc_ich9.c:442:13
#3 0x55b9dd19cdc8 in apm_ioport_writeb /home/alxndr/Development/qemu/hw/isa/apm.c:50:13
#4 0x55b9dc73f8b4 in memory_region_write_accessor /home/alxndr/Development/qemu/memory.c:483:5
#5 0x55b9dc73f289 in access_with_adjusted_size /home/alxndr/Development/qemu/memory.c:544:18
#6 0x55b9dc73ddf5 in memory_region_dispatch_write /home/alxndr/Development/qemu/memory.c:1476:16
#7 0x55b9dc577bf3 in flatview_write_continue /home/alxndr/Development/qemu/exec.c:3137:23
#8 0x55b9dc567ad8 in flatview_write /home/alxndr/Development/qemu/exec.c:3177:14
#9 0x55b9dc567608 in address_space_write /home/alxndr/Development/qemu/exec.c:3268:18
#10 0x55b9dc723fe7 in cpu_outb /home/alxndr/Development/qemu/ioport.c:60:5
#11 0x55b9dc72d3c0 in qtest_process_command /home/alxndr/Development/qemu/qtest.c:392:13
#12 0x55b9dc72b186 in qtest_process_inbuf /home/alxndr/Development/qemu/qtest.c:710:9
#13 0x55b9dc72a8b3 in qtest_read /home/alxndr/Development/qemu/qtest.c:722:5
#14 0x55b9ddc6e60b in qemu_chr_be_write_impl /home/alxndr/Development/qemu/chardev/char.c:183:9
#15 0x55b9ddc6e75a in qemu_chr_be_write /home/alxndr/Development/qemu/chardev/char.c:195:9
#16 0x55b9ddc77979 in fd_chr_read /home/alxndr/Development/qemu/chardev/char-fd.c:68:9
#17 0x55b9ddcff0e9 in qio_channel_fd_source_dispatch /home/alxndr/Development/qemu/io/channel-watch.c:84:12
#18 0x7f7161eac897 in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4e897)
#19 0x55b9ddebcb84 in glib_pollfds_poll /home/alxndr/Development/qemu/util/main-loop.c:219:9
#20 0x55b9ddebb57d in os_host_main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:242:5
#21 0x55b9ddebb176 in main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:518:11
#22 0x55b9dcb4bd1d in qemu_main_loop /home/alxndr/Development/qemu/softmmu/vl.c:1664:9
#23 0x55b9ddd1629c in main /home/alxndr/Development/qemu/softmmu/main.c:49:5
#24 0x7f7160a5ce0a in __libc_start_main /build/glibc-GwnBeO/glibc-2.30/csu/../csu/libc-start.c:308:16
#25 0x55b9dc49c819 in _start (/home/alxndr/Development/qemu/build/i386-softmmu/qemu-system-i386+0xc9c819)
I can reproduce this in qemu 5.0 built with AddressSanitizer using these qtest commands:
cat << EOF | ./qemu-system-i386 \
-qtest stdio -nographic -monitor none -serial none \
-M pc-q35-5.0
outl 0xcf8 0x8400f841
outl 0xcfc 0xaa215d6d
outl 0x6d30 0x2ef8ffbe
outb 0xb2 0x20
EOF
Please let me know if I can provide any further info.
-Alex
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1878645/+subscriptions
^ permalink raw reply [flat|nested] 98+ messages in thread
* [Bug 1878645] Re: null-ptr dereference in ich9_apm_ctrl_changed
2020-05-14 16:07 [Bug 1878645] [NEW] null-ptr dereference in tcg_handle_interrupt Alexander Bulekov
2020-06-29 16:03 ` [Bug 1878645] " Alexander Bulekov
@ 2020-06-29 17:57 ` Philippe Mathieu-Daudé
2020-10-22 14:15 ` Philippe Mathieu-Daudé
` (2 subsequent siblings)
4 siblings, 0 replies; 98+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-06-29 17:57 UTC (permalink / raw)
To: qemu-devel
** Summary changed:
- null-ptr dereference in tcg_handle_interrupt
+ null-ptr dereference in ich9_apm_ctrl_changed
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1878645
Title:
null-ptr dereference in ich9_apm_ctrl_changed
Status in QEMU:
New
Bug description:
Hello,
While fuzzing, I found an input which triggers a NULL pointer dereference in
tcg_handle_interrupt. It seems the culprint is a "cpu" pointer - maybe this bug
is specific to QTest?
==23862==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000000b4 (pc 0x55b9dc7c9dce bp 0x7ffc346a0900 sp 0x7ffc346a0880 T0)
==23862==The signal is caused by a READ memory access.
==23862==Hint: address points to the zero page.
#0 0x55b9dc7c9dce in tcg_handle_interrupt /home/alxndr/Development/qemu/accel/tcg/tcg-all.c:57:21
#1 0x55b9dc904799 in cpu_interrupt /home/alxndr/Development/qemu/include/hw/core/cpu.h:872:5
#2 0x55b9dc9085e8 in ich9_apm_ctrl_changed /home/alxndr/Development/qemu/hw/isa/lpc_ich9.c:442:13
#3 0x55b9dd19cdc8 in apm_ioport_writeb /home/alxndr/Development/qemu/hw/isa/apm.c:50:13
#4 0x55b9dc73f8b4 in memory_region_write_accessor /home/alxndr/Development/qemu/memory.c:483:5
#5 0x55b9dc73f289 in access_with_adjusted_size /home/alxndr/Development/qemu/memory.c:544:18
#6 0x55b9dc73ddf5 in memory_region_dispatch_write /home/alxndr/Development/qemu/memory.c:1476:16
#7 0x55b9dc577bf3 in flatview_write_continue /home/alxndr/Development/qemu/exec.c:3137:23
#8 0x55b9dc567ad8 in flatview_write /home/alxndr/Development/qemu/exec.c:3177:14
#9 0x55b9dc567608 in address_space_write /home/alxndr/Development/qemu/exec.c:3268:18
#10 0x55b9dc723fe7 in cpu_outb /home/alxndr/Development/qemu/ioport.c:60:5
#11 0x55b9dc72d3c0 in qtest_process_command /home/alxndr/Development/qemu/qtest.c:392:13
#12 0x55b9dc72b186 in qtest_process_inbuf /home/alxndr/Development/qemu/qtest.c:710:9
#13 0x55b9dc72a8b3 in qtest_read /home/alxndr/Development/qemu/qtest.c:722:5
#14 0x55b9ddc6e60b in qemu_chr_be_write_impl /home/alxndr/Development/qemu/chardev/char.c:183:9
#15 0x55b9ddc6e75a in qemu_chr_be_write /home/alxndr/Development/qemu/chardev/char.c:195:9
#16 0x55b9ddc77979 in fd_chr_read /home/alxndr/Development/qemu/chardev/char-fd.c:68:9
#17 0x55b9ddcff0e9 in qio_channel_fd_source_dispatch /home/alxndr/Development/qemu/io/channel-watch.c:84:12
#18 0x7f7161eac897 in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4e897)
#19 0x55b9ddebcb84 in glib_pollfds_poll /home/alxndr/Development/qemu/util/main-loop.c:219:9
#20 0x55b9ddebb57d in os_host_main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:242:5
#21 0x55b9ddebb176 in main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:518:11
#22 0x55b9dcb4bd1d in qemu_main_loop /home/alxndr/Development/qemu/softmmu/vl.c:1664:9
#23 0x55b9ddd1629c in main /home/alxndr/Development/qemu/softmmu/main.c:49:5
#24 0x7f7160a5ce0a in __libc_start_main /build/glibc-GwnBeO/glibc-2.30/csu/../csu/libc-start.c:308:16
#25 0x55b9dc49c819 in _start (/home/alxndr/Development/qemu/build/i386-softmmu/qemu-system-i386+0xc9c819)
I can reproduce this in qemu 5.0 built with AddressSanitizer using these qtest commands:
cat << EOF | ./qemu-system-i386 \
-qtest stdio -nographic -monitor none -serial none \
-M pc-q35-5.0
outl 0xcf8 0x8400f841
outl 0xcfc 0xaa215d6d
outl 0x6d30 0x2ef8ffbe
outb 0xb2 0x20
EOF
Please let me know if I can provide any further info.
-Alex
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1878645/+subscriptions
^ permalink raw reply [flat|nested] 98+ messages in thread
* Re: [Bug 1878645] Re: null-ptr dereference in tcg_handle_interrupt
@ 2020-06-29 19:00 ` Alex Bennée
0 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-06-29 19:00 UTC (permalink / raw)
To: Bug 1878645; +Cc: qemu-devel
Alexander Bulekov <1878645@bugs.launchpad.net> writes:
> I don't think this is a qtest-specific error:
> cat << EOF| qemu-system-i386 -M q35 -nographic -serial none -monitor stdio
> o/4 0xcf8 0x8400f841
> o/4 0xcfc 0xaa215d6d
> o/4 0x6d30 0x2ef8ffbe
> o/1 0xb2 0x20
> EOF
>
> ...
> Segmentation fault
Both this and the qtest have the same problem of depending on
current_cpu which is a TLS variable which will never be correct from the
qtest or monitor context. There are only a few other cases.
sun4m:cpu_halt_signal does:
if (level && current_cpu) {
cpu_interrupt(current_cpu, CPU_INTERRUPT_HALT);
}
pxa2xx:pxa2xx_pwrmode_write does a bare:
/* Suspend */
cpu_interrupt(current_cpu, CPU_INTERRUPT_HALT);
but given the context has a CPUARMState *env it could arguably use that
to derive current_cpu but as it's only triggered by a system register
write you can't actually trigger from a monitor/qtest command.
I would suggest either:
} else if (current_cpu) {
cpu_interrupt(current_cpu, CPU_INTERRUPT_SMI);
}
or possibly:
} else {
cpu_interrupt(current_cpu ? current_cpu : first_cpu, CPU_INTERRUPT_SMI);
}
if you really care about triggering a real IRQ from outside the CPU context.
--
Alex Bennée
^ permalink raw reply [flat|nested] 98+ messages in thread
* Re: [Bug 1878645] Re: null-ptr dereference in tcg_handle_interrupt
@ 2020-06-29 19:00 ` Alex Bennée
0 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-06-29 19:00 UTC (permalink / raw)
To: qemu-devel
Alexander Bulekov <1878645@bugs.launchpad.net> writes:
> I don't think this is a qtest-specific error:
> cat << EOF| qemu-system-i386 -M q35 -nographic -serial none -monitor stdio
> o/4 0xcf8 0x8400f841
> o/4 0xcfc 0xaa215d6d
> o/4 0x6d30 0x2ef8ffbe
> o/1 0xb2 0x20
> EOF
>
> ...
> Segmentation fault
Both this and the qtest have the same problem of depending on
current_cpu which is a TLS variable which will never be correct from the
qtest or monitor context. There are only a few other cases.
sun4m:cpu_halt_signal does:
if (level && current_cpu) {
cpu_interrupt(current_cpu, CPU_INTERRUPT_HALT);
}
pxa2xx:pxa2xx_pwrmode_write does a bare:
/* Suspend */
cpu_interrupt(current_cpu, CPU_INTERRUPT_HALT);
but given the context has a CPUARMState *env it could arguably use that
to derive current_cpu but as it's only triggered by a system register
write you can't actually trigger from a monitor/qtest command.
I would suggest either:
} else if (current_cpu) {
cpu_interrupt(current_cpu, CPU_INTERRUPT_SMI);
}
or possibly:
} else {
cpu_interrupt(current_cpu ? current_cpu : first_cpu, CPU_INTERRUPT_SMI);
}
if you really care about triggering a real IRQ from outside the CPU
context.
--
Alex Bennée
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1878645
Title:
null-ptr dereference in ich9_apm_ctrl_changed
Status in QEMU:
New
Bug description:
Hello,
While fuzzing, I found an input which triggers a NULL pointer dereference in
tcg_handle_interrupt. It seems the culprint is a "cpu" pointer - maybe this bug
is specific to QTest?
==23862==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000000b4 (pc 0x55b9dc7c9dce bp 0x7ffc346a0900 sp 0x7ffc346a0880 T0)
==23862==The signal is caused by a READ memory access.
==23862==Hint: address points to the zero page.
#0 0x55b9dc7c9dce in tcg_handle_interrupt /home/alxndr/Development/qemu/accel/tcg/tcg-all.c:57:21
#1 0x55b9dc904799 in cpu_interrupt /home/alxndr/Development/qemu/include/hw/core/cpu.h:872:5
#2 0x55b9dc9085e8 in ich9_apm_ctrl_changed /home/alxndr/Development/qemu/hw/isa/lpc_ich9.c:442:13
#3 0x55b9dd19cdc8 in apm_ioport_writeb /home/alxndr/Development/qemu/hw/isa/apm.c:50:13
#4 0x55b9dc73f8b4 in memory_region_write_accessor /home/alxndr/Development/qemu/memory.c:483:5
#5 0x55b9dc73f289 in access_with_adjusted_size /home/alxndr/Development/qemu/memory.c:544:18
#6 0x55b9dc73ddf5 in memory_region_dispatch_write /home/alxndr/Development/qemu/memory.c:1476:16
#7 0x55b9dc577bf3 in flatview_write_continue /home/alxndr/Development/qemu/exec.c:3137:23
#8 0x55b9dc567ad8 in flatview_write /home/alxndr/Development/qemu/exec.c:3177:14
#9 0x55b9dc567608 in address_space_write /home/alxndr/Development/qemu/exec.c:3268:18
#10 0x55b9dc723fe7 in cpu_outb /home/alxndr/Development/qemu/ioport.c:60:5
#11 0x55b9dc72d3c0 in qtest_process_command /home/alxndr/Development/qemu/qtest.c:392:13
#12 0x55b9dc72b186 in qtest_process_inbuf /home/alxndr/Development/qemu/qtest.c:710:9
#13 0x55b9dc72a8b3 in qtest_read /home/alxndr/Development/qemu/qtest.c:722:5
#14 0x55b9ddc6e60b in qemu_chr_be_write_impl /home/alxndr/Development/qemu/chardev/char.c:183:9
#15 0x55b9ddc6e75a in qemu_chr_be_write /home/alxndr/Development/qemu/chardev/char.c:195:9
#16 0x55b9ddc77979 in fd_chr_read /home/alxndr/Development/qemu/chardev/char-fd.c:68:9
#17 0x55b9ddcff0e9 in qio_channel_fd_source_dispatch /home/alxndr/Development/qemu/io/channel-watch.c:84:12
#18 0x7f7161eac897 in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4e897)
#19 0x55b9ddebcb84 in glib_pollfds_poll /home/alxndr/Development/qemu/util/main-loop.c:219:9
#20 0x55b9ddebb57d in os_host_main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:242:5
#21 0x55b9ddebb176 in main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:518:11
#22 0x55b9dcb4bd1d in qemu_main_loop /home/alxndr/Development/qemu/softmmu/vl.c:1664:9
#23 0x55b9ddd1629c in main /home/alxndr/Development/qemu/softmmu/main.c:49:5
#24 0x7f7160a5ce0a in __libc_start_main /build/glibc-GwnBeO/glibc-2.30/csu/../csu/libc-start.c:308:16
#25 0x55b9dc49c819 in _start (/home/alxndr/Development/qemu/build/i386-softmmu/qemu-system-i386+0xc9c819)
I can reproduce this in qemu 5.0 built with AddressSanitizer using these qtest commands:
cat << EOF | ./qemu-system-i386 \
-qtest stdio -nographic -monitor none -serial none \
-M pc-q35-5.0
outl 0xcf8 0x8400f841
outl 0xcfc 0xaa215d6d
outl 0x6d30 0x2ef8ffbe
outb 0xb2 0x20
EOF
Please let me know if I can provide any further info.
-Alex
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1878645/+subscriptions
^ permalink raw reply [flat|nested] 98+ messages in thread
* Re: [Bug 1878645] Re: null-ptr dereference in tcg_handle_interrupt
@ 2020-06-29 20:08 ` Alexander Bulekov
0 siblings, 0 replies; 98+ messages in thread
From: Alexander Bulekov @ 2020-06-29 20:08 UTC (permalink / raw)
To: Alex Bennée; +Cc: Bug 1878645, qemu-devel
On 200629 2000, Alex Bennée wrote:
>
> Alexander Bulekov <1878645@bugs.launchpad.net> writes:
>
> > I don't think this is a qtest-specific error:
> > cat << EOF| qemu-system-i386 -M q35 -nographic -serial none -monitor stdio
> > o/4 0xcf8 0x8400f841
> > o/4 0xcfc 0xaa215d6d
> > o/4 0x6d30 0x2ef8ffbe
> > o/1 0xb2 0x20
> > EOF
> >
> > ...
> > Segmentation fault
>
> Both this and the qtest have the same problem of depending on
> current_cpu which is a TLS variable which will never be correct from the
> qtest or monitor context. There are only a few other cases.
Ah that makes sense. It probably isn't a real issue, but I'll send
patches with the changes you suggested below.
Thank you
> sun4m:cpu_halt_signal does:
>
> if (level && current_cpu) {
> cpu_interrupt(current_cpu, CPU_INTERRUPT_HALT);
> }
>
> pxa2xx:pxa2xx_pwrmode_write does a bare:
>
> /* Suspend */
> cpu_interrupt(current_cpu, CPU_INTERRUPT_HALT);
>
> but given the context has a CPUARMState *env it could arguably use that
> to derive current_cpu but as it's only triggered by a system register
> write you can't actually trigger from a monitor/qtest command.
>
> I would suggest either:
>
> } else if (current_cpu) {
> cpu_interrupt(current_cpu, CPU_INTERRUPT_SMI);
> }
>
> or possibly:
>
> } else {
> cpu_interrupt(current_cpu ? current_cpu : first_cpu, CPU_INTERRUPT_SMI);
> }
>
> if you really care about triggering a real IRQ from outside the CPU context.
>
> --
> Alex Bennée
>
^ permalink raw reply [flat|nested] 98+ messages in thread
* Re: [Bug 1878645] Re: null-ptr dereference in tcg_handle_interrupt
@ 2020-06-29 20:08 ` Alexander Bulekov
0 siblings, 0 replies; 98+ messages in thread
From: Alexander Bulekov @ 2020-06-29 20:08 UTC (permalink / raw)
To: qemu-devel
On 200629 2000, Alex Bennée wrote:
>
> Alexander Bulekov <1878645@bugs.launchpad.net> writes:
>
> > I don't think this is a qtest-specific error:
> > cat << EOF| qemu-system-i386 -M q35 -nographic -serial none -monitor stdio
> > o/4 0xcf8 0x8400f841
> > o/4 0xcfc 0xaa215d6d
> > o/4 0x6d30 0x2ef8ffbe
> > o/1 0xb2 0x20
> > EOF
> >
> > ...
> > Segmentation fault
>
> Both this and the qtest have the same problem of depending on
> current_cpu which is a TLS variable which will never be correct from the
> qtest or monitor context. There are only a few other cases.
Ah that makes sense. It probably isn't a real issue, but I'll send
patches with the changes you suggested below.
Thank you
> sun4m:cpu_halt_signal does:
>
> if (level && current_cpu) {
> cpu_interrupt(current_cpu, CPU_INTERRUPT_HALT);
> }
>
> pxa2xx:pxa2xx_pwrmode_write does a bare:
>
> /* Suspend */
> cpu_interrupt(current_cpu, CPU_INTERRUPT_HALT);
>
> but given the context has a CPUARMState *env it could arguably use that
> to derive current_cpu but as it's only triggered by a system register
> write you can't actually trigger from a monitor/qtest command.
>
> I would suggest either:
>
> } else if (current_cpu) {
> cpu_interrupt(current_cpu, CPU_INTERRUPT_SMI);
> }
>
> or possibly:
>
> } else {
> cpu_interrupt(current_cpu ? current_cpu : first_cpu, CPU_INTERRUPT_SMI);
> }
>
> if you really care about triggering a real IRQ from outside the CPU context.
>
> --
> Alex Bennée
>
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1878645
Title:
null-ptr dereference in ich9_apm_ctrl_changed
Status in QEMU:
New
Bug description:
Hello,
While fuzzing, I found an input which triggers a NULL pointer dereference in
tcg_handle_interrupt. It seems the culprint is a "cpu" pointer - maybe this bug
is specific to QTest?
==23862==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000000b4 (pc 0x55b9dc7c9dce bp 0x7ffc346a0900 sp 0x7ffc346a0880 T0)
==23862==The signal is caused by a READ memory access.
==23862==Hint: address points to the zero page.
#0 0x55b9dc7c9dce in tcg_handle_interrupt /home/alxndr/Development/qemu/accel/tcg/tcg-all.c:57:21
#1 0x55b9dc904799 in cpu_interrupt /home/alxndr/Development/qemu/include/hw/core/cpu.h:872:5
#2 0x55b9dc9085e8 in ich9_apm_ctrl_changed /home/alxndr/Development/qemu/hw/isa/lpc_ich9.c:442:13
#3 0x55b9dd19cdc8 in apm_ioport_writeb /home/alxndr/Development/qemu/hw/isa/apm.c:50:13
#4 0x55b9dc73f8b4 in memory_region_write_accessor /home/alxndr/Development/qemu/memory.c:483:5
#5 0x55b9dc73f289 in access_with_adjusted_size /home/alxndr/Development/qemu/memory.c:544:18
#6 0x55b9dc73ddf5 in memory_region_dispatch_write /home/alxndr/Development/qemu/memory.c:1476:16
#7 0x55b9dc577bf3 in flatview_write_continue /home/alxndr/Development/qemu/exec.c:3137:23
#8 0x55b9dc567ad8 in flatview_write /home/alxndr/Development/qemu/exec.c:3177:14
#9 0x55b9dc567608 in address_space_write /home/alxndr/Development/qemu/exec.c:3268:18
#10 0x55b9dc723fe7 in cpu_outb /home/alxndr/Development/qemu/ioport.c:60:5
#11 0x55b9dc72d3c0 in qtest_process_command /home/alxndr/Development/qemu/qtest.c:392:13
#12 0x55b9dc72b186 in qtest_process_inbuf /home/alxndr/Development/qemu/qtest.c:710:9
#13 0x55b9dc72a8b3 in qtest_read /home/alxndr/Development/qemu/qtest.c:722:5
#14 0x55b9ddc6e60b in qemu_chr_be_write_impl /home/alxndr/Development/qemu/chardev/char.c:183:9
#15 0x55b9ddc6e75a in qemu_chr_be_write /home/alxndr/Development/qemu/chardev/char.c:195:9
#16 0x55b9ddc77979 in fd_chr_read /home/alxndr/Development/qemu/chardev/char-fd.c:68:9
#17 0x55b9ddcff0e9 in qio_channel_fd_source_dispatch /home/alxndr/Development/qemu/io/channel-watch.c:84:12
#18 0x7f7161eac897 in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4e897)
#19 0x55b9ddebcb84 in glib_pollfds_poll /home/alxndr/Development/qemu/util/main-loop.c:219:9
#20 0x55b9ddebb57d in os_host_main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:242:5
#21 0x55b9ddebb176 in main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:518:11
#22 0x55b9dcb4bd1d in qemu_main_loop /home/alxndr/Development/qemu/softmmu/vl.c:1664:9
#23 0x55b9ddd1629c in main /home/alxndr/Development/qemu/softmmu/main.c:49:5
#24 0x7f7160a5ce0a in __libc_start_main /build/glibc-GwnBeO/glibc-2.30/csu/../csu/libc-start.c:308:16
#25 0x55b9dc49c819 in _start (/home/alxndr/Development/qemu/build/i386-softmmu/qemu-system-i386+0xc9c819)
I can reproduce this in qemu 5.0 built with AddressSanitizer using these qtest commands:
cat << EOF | ./qemu-system-i386 \
-qtest stdio -nographic -monitor none -serial none \
-M pc-q35-5.0
outl 0xcf8 0x8400f841
outl 0xcfc 0xaa215d6d
outl 0x6d30 0x2ef8ffbe
outb 0xb2 0x20
EOF
Please let me know if I can provide any further info.
-Alex
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1878645/+subscriptions
^ permalink raw reply [flat|nested] 98+ messages in thread
* [PATCH v4 00/40] testing/next (vm, gitlab, fixes)
@ 2020-07-01 13:56 Alex Bennée
2020-07-01 13:56 ` [Bug 1878645] " Alex Bennée
` (39 more replies)
0 siblings, 40 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, berrange, Alex Bennée, richard.henderson, f4bug, cota,
aurelien
Hi,
This is the next iteration of my testing/next queue. It has grown by a
further 9 patches. The last iteration was:
https://patchew.org/QEMU/20200626181357.26211-1-alex.bennee@linaro.org/
I've ironed out the final problems with GitLab failures through a
combination of fixes for linux-user and applying skipIf for
problematic acceptance tests. The MIPS malta failures can be
reproduced locally but at nowhere near the rate of the CI system which
seems to fail every time. The other failure:
linux_initrd.py:LinuxInitrd.test_with_2gib_file_should_work_with_linux_v4_16
is a bit of a mystery. It works fine in the same container when run
locally. Obviously with all this churn I didn't get to cut the PR I
was planning so it will be cut from this version.
The following need review:
- shippable: pull images from registry instead of building
- testing: add check-build target
- containers.yml: build with docker.py tooling
- linux-user/elfload: use MAP_FIXED_NOREPLACE in pgb_reserved_va
- tests/tcg: add more default compilers to configure.sh
- tests/acceptance: skip LinuxInitrd 2gib with v4.16 on GitLab
- tests/acceptance: skip multicore mips_malta tests on GitLab
- tests/acceptance: fix dtb path for machine_rx_gdbsim
- tests/acceptance: skip s390x_ccw_vrtio_tcg on GitLab
- tests/docker: add --registry support to tooling
- gitlab: build containers with buildkit and metadata
- hw/isa: check for current_cpu before generating IRQ
Alex Bennée (24):
hw/isa: check for current_cpu before generating IRQ
tests/vm: switch from optsparse to argparse
tests/vm: allow us to take advantage of MTTCG
tests/docker: check for an parameters not empty string
tests/docker: change tag naming scheme of our images
.gitignore: un-ignore .gitlab-ci.d
gitlab: build containers with buildkit and metadata
tests/docker: add --registry support to tooling
tests/docker: add packages needed for check-acceptance
tests/acceptance: skip s390x_ccw_vrtio_tcg on GitLab
tests/acceptance: fix dtb path for machine_rx_gdbsim
tests/acceptance: skip multicore mips_malta tests on GitLab
tests/acceptance: skip LinuxInitrd 2gib with v4.16 on GitLab
gitlab: add acceptance testing to system builds
tests/tcg: add more default compilers to configure.sh
tests/docker: add a linux-user testing focused image
linux-user/elfload: use MAP_FIXED_NOREPLACE in pgb_reserved_va
gitlab: enable check-tcg for linux-user tests
gitlab: add avocado asset caching
gitlab: split build-disabled into two phases
gitlab: limit re-builds of the containers
containers.yml: build with docker.py tooling
testing: add check-build target
shippable: pull images from registry instead of building
Daniel P. Berrangé (3):
gitlab: introduce explicit "container" and "build" stages
gitlab: build all container images during CI
gitlab: convert jobs to use custom built containers
David Edmondson (1):
crypto/linux_keyring: fix 'secret_keyring' configure test
Philippe Mathieu-Daudé (1):
iotests: Fix 051 output after qdev_init_nofail() removal
Robert Foley (10):
util/coroutine: Cleanup start_switch_fiber_ for TSAN.
tests/vm: pass args through to BaseVM's __init__
tests/vm: Add configuration to basevm.py
tests/vm: Added configuration file support
tests/vm: Add common Ubuntu python module
tests/vm: Added a new script for ubuntu.aarch64.
tests/vm: Added a new script for centos.aarch64.
tests/vm: change scripts to use self._config
python/qemu: Add ConsoleSocket for optional use in QEMUMachine
tests/vm: Add workaround to consume console
Thomas Huth (1):
gitlab-ci: Fix the change rules after moving the YML files
configure | 31 +-
hw/isa/lpc_ich9.c | 2 +-
linux-user/elfload.c | 10 +-
util/coroutine-ucontext.c | 52 ++-
.gitignore | 1 +
.gitlab-ci.d/containers.yml | 263 +++++++++++++
.gitlab-ci.d/edk2.yml | 5 +-
.gitlab-ci.d/opensbi.yml | 5 +-
.gitlab-ci.yml | 281 ++++++++------
.shippable.yml | 8 +-
.travis.yml | 23 --
python/qemu/console_socket.py | 110 ++++++
python/qemu/machine.py | 23 +-
tests/Makefile.include | 19 +-
tests/acceptance/boot_linux.py | 2 +
tests/acceptance/linux_initrd.py | 3 +
tests/acceptance/machine_mips_malta.py | 3 +
tests/acceptance/machine_rx_gdbsim.py | 2 +-
tests/docker/Makefile.include | 17 +-
tests/docker/common.rc | 2 +-
tests/docker/docker.py | 46 ++-
.../dockerfiles/debian-all-test-cross.docker | 53 +++
.../dockerfiles/debian-alpha-cross.docker | 2 +-
.../dockerfiles/debian-amd64-cross.docker | 2 +-
tests/docker/dockerfiles/debian-amd64.docker | 2 +-
.../dockerfiles/debian-arm64-cross.docker | 2 +-
.../debian-arm64-test-cross.docker | 2 +-
.../dockerfiles/debian-armel-cross.docker | 2 +-
.../dockerfiles/debian-armhf-cross.docker | 2 +-
.../dockerfiles/debian-hppa-cross.docker | 2 +-
.../dockerfiles/debian-m68k-cross.docker | 2 +-
.../dockerfiles/debian-mips-cross.docker | 2 +-
.../dockerfiles/debian-mips64-cross.docker | 2 +-
.../dockerfiles/debian-mips64el-cross.docker | 2 +-
.../dockerfiles/debian-mipsel-cross.docker | 2 +-
.../dockerfiles/debian-powerpc-cross.docker | 2 +-
.../dockerfiles/debian-ppc64-cross.docker | 2 +-
.../dockerfiles/debian-ppc64el-cross.docker | 2 +-
.../dockerfiles/debian-riscv64-cross.docker | 2 +-
.../dockerfiles/debian-s390x-cross.docker | 2 +-
.../dockerfiles/debian-sh4-cross.docker | 2 +-
.../dockerfiles/debian-sparc64-cross.docker | 2 +-
.../dockerfiles/debian-tricore-cross.docker | 2 +-
.../dockerfiles/debian-win32-cross.docker | 2 +-
.../dockerfiles/debian-win64-cross.docker | 2 +-
tests/docker/dockerfiles/debian9-mxe.docker | 2 +-
tests/docker/dockerfiles/fedora.docker | 7 +
tests/docker/dockerfiles/ubuntu2004.docker | 10 +-
tests/qemu-iotests/051.pc.out | 4 +-
tests/tcg/Makefile.qemu | 4 +-
tests/tcg/configure.sh | 19 +-
tests/vm/Makefile.include | 22 ++
tests/vm/aarch64vm.py | 106 ++++++
tests/vm/basevm.py | 344 +++++++++++++-----
tests/vm/centos-8-aarch64.ks | 51 +++
tests/vm/centos.aarch64 | 227 ++++++++++++
tests/vm/conf_example_aarch64.yml | 51 +++
tests/vm/conf_example_x86.yml | 50 +++
tests/vm/fedora | 17 +-
tests/vm/freebsd | 16 +-
tests/vm/netbsd | 19 +-
tests/vm/openbsd | 17 +-
tests/vm/ubuntu.aarch64 | 68 ++++
tests/vm/ubuntu.i386 | 46 +--
tests/vm/ubuntuvm.py | 60 +++
65 files changed, 1771 insertions(+), 376 deletions(-)
create mode 100644 .gitlab-ci.d/containers.yml
create mode 100644 python/qemu/console_socket.py
create mode 100644 tests/docker/dockerfiles/debian-all-test-cross.docker
create mode 100644 tests/vm/aarch64vm.py
create mode 100644 tests/vm/centos-8-aarch64.ks
create mode 100755 tests/vm/centos.aarch64
create mode 100644 tests/vm/conf_example_aarch64.yml
create mode 100644 tests/vm/conf_example_x86.yml
create mode 100755 tests/vm/ubuntu.aarch64
create mode 100644 tests/vm/ubuntuvm.py
--
2.20.1
^ permalink raw reply [flat|nested] 98+ messages in thread
* [PATCH v4 01/40] hw/isa: check for current_cpu before generating IRQ
@ 2020-07-01 13:56 ` Alex Bennée
0 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, berrange, Michael S. Tsirkin, Alex Bennée,
richard.henderson, f4bug, cota, Bug 1878645, aurelien
It's possible to trigger this function from qtest/monitor at which
point current_cpu won't point at the right place. Check it and
fall back to first_cpu if it's NULL.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Cc: Bug 1878645 <1878645@bugs.launchpad.net>
---
hw/isa/lpc_ich9.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/isa/lpc_ich9.c b/hw/isa/lpc_ich9.c
index cd6e169d47a..791c878eb0b 100644
--- a/hw/isa/lpc_ich9.c
+++ b/hw/isa/lpc_ich9.c
@@ -439,7 +439,7 @@ static void ich9_apm_ctrl_changed(uint32_t val, void *arg)
cpu_interrupt(cs, CPU_INTERRUPT_SMI);
}
} else {
- cpu_interrupt(current_cpu, CPU_INTERRUPT_SMI);
+ cpu_interrupt(current_cpu ? current_cpu : first_cpu, CPU_INTERRUPT_SMI);
}
}
}
--
2.20.1
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [Bug 1878645] [PATCH v4 01/40] hw/isa: check for current_cpu before generating IRQ
@ 2020-07-01 13:56 ` Alex Bennée
0 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
It's possible to trigger this function from qtest/monitor at which
point current_cpu won't point at the right place. Check it and
fall back to first_cpu if it's NULL.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Cc: Bug 1878645 <1878645@bugs.launchpad.net>
---
hw/isa/lpc_ich9.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/isa/lpc_ich9.c b/hw/isa/lpc_ich9.c
index cd6e169d47a..791c878eb0b 100644
--- a/hw/isa/lpc_ich9.c
+++ b/hw/isa/lpc_ich9.c
@@ -439,7 +439,7 @@ static void ich9_apm_ctrl_changed(uint32_t val, void *arg)
cpu_interrupt(cs, CPU_INTERRUPT_SMI);
}
} else {
- cpu_interrupt(current_cpu, CPU_INTERRUPT_SMI);
+ cpu_interrupt(current_cpu ? current_cpu : first_cpu, CPU_INTERRUPT_SMI);
}
}
}
--
2.20.1
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1878645
Title:
null-ptr dereference in ich9_apm_ctrl_changed
Status in QEMU:
New
Bug description:
Hello,
While fuzzing, I found an input which triggers a NULL pointer dereference in
tcg_handle_interrupt. It seems the culprint is a "cpu" pointer - maybe this bug
is specific to QTest?
==23862==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000000b4 (pc 0x55b9dc7c9dce bp 0x7ffc346a0900 sp 0x7ffc346a0880 T0)
==23862==The signal is caused by a READ memory access.
==23862==Hint: address points to the zero page.
#0 0x55b9dc7c9dce in tcg_handle_interrupt /home/alxndr/Development/qemu/accel/tcg/tcg-all.c:57:21
#1 0x55b9dc904799 in cpu_interrupt /home/alxndr/Development/qemu/include/hw/core/cpu.h:872:5
#2 0x55b9dc9085e8 in ich9_apm_ctrl_changed /home/alxndr/Development/qemu/hw/isa/lpc_ich9.c:442:13
#3 0x55b9dd19cdc8 in apm_ioport_writeb /home/alxndr/Development/qemu/hw/isa/apm.c:50:13
#4 0x55b9dc73f8b4 in memory_region_write_accessor /home/alxndr/Development/qemu/memory.c:483:5
#5 0x55b9dc73f289 in access_with_adjusted_size /home/alxndr/Development/qemu/memory.c:544:18
#6 0x55b9dc73ddf5 in memory_region_dispatch_write /home/alxndr/Development/qemu/memory.c:1476:16
#7 0x55b9dc577bf3 in flatview_write_continue /home/alxndr/Development/qemu/exec.c:3137:23
#8 0x55b9dc567ad8 in flatview_write /home/alxndr/Development/qemu/exec.c:3177:14
#9 0x55b9dc567608 in address_space_write /home/alxndr/Development/qemu/exec.c:3268:18
#10 0x55b9dc723fe7 in cpu_outb /home/alxndr/Development/qemu/ioport.c:60:5
#11 0x55b9dc72d3c0 in qtest_process_command /home/alxndr/Development/qemu/qtest.c:392:13
#12 0x55b9dc72b186 in qtest_process_inbuf /home/alxndr/Development/qemu/qtest.c:710:9
#13 0x55b9dc72a8b3 in qtest_read /home/alxndr/Development/qemu/qtest.c:722:5
#14 0x55b9ddc6e60b in qemu_chr_be_write_impl /home/alxndr/Development/qemu/chardev/char.c:183:9
#15 0x55b9ddc6e75a in qemu_chr_be_write /home/alxndr/Development/qemu/chardev/char.c:195:9
#16 0x55b9ddc77979 in fd_chr_read /home/alxndr/Development/qemu/chardev/char-fd.c:68:9
#17 0x55b9ddcff0e9 in qio_channel_fd_source_dispatch /home/alxndr/Development/qemu/io/channel-watch.c:84:12
#18 0x7f7161eac897 in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4e897)
#19 0x55b9ddebcb84 in glib_pollfds_poll /home/alxndr/Development/qemu/util/main-loop.c:219:9
#20 0x55b9ddebb57d in os_host_main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:242:5
#21 0x55b9ddebb176 in main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:518:11
#22 0x55b9dcb4bd1d in qemu_main_loop /home/alxndr/Development/qemu/softmmu/vl.c:1664:9
#23 0x55b9ddd1629c in main /home/alxndr/Development/qemu/softmmu/main.c:49:5
#24 0x7f7160a5ce0a in __libc_start_main /build/glibc-GwnBeO/glibc-2.30/csu/../csu/libc-start.c:308:16
#25 0x55b9dc49c819 in _start (/home/alxndr/Development/qemu/build/i386-softmmu/qemu-system-i386+0xc9c819)
I can reproduce this in qemu 5.0 built with AddressSanitizer using these qtest commands:
cat << EOF | ./qemu-system-i386 \
-qtest stdio -nographic -monitor none -serial none \
-M pc-q35-5.0
outl 0xcf8 0x8400f841
outl 0xcfc 0xaa215d6d
outl 0x6d30 0x2ef8ffbe
outb 0xb2 0x20
EOF
Please let me know if I can provide any further info.
-Alex
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1878645/+subscriptions
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [PATCH v4 02/40] iotests: Fix 051 output after qdev_init_nofail() removal
2020-07-01 13:56 [PATCH v4 00/40] testing/next (vm, gitlab, fixes) Alex Bennée
2020-07-01 13:56 ` [Bug 1878645] " Alex Bennée
@ 2020-07-01 13:56 ` Alex Bennée
2020-07-01 13:56 ` [PATCH v4 03/40] crypto/linux_keyring: fix 'secret_keyring' configure test Alex Bennée
` (37 subsequent siblings)
39 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, Kevin Wolf, Thomas Huth, berrange,
open list:Block layer core, Philippe Mathieu-Daudé,
richard.henderson, f4bug, Max Reitz, Alex Bennée, cota,
John Snow, aurelien
From: Philippe Mathieu-Daudé <philmd@redhat.com>
Commit 96927c744 replaced qdev_init_nofail() call by
isa_realize_and_unref() which has a different error
message. Update the test output accordingly.
Gitlab CI error after merging b77b5b3dc7:
https://gitlab.com/qemu-project/qemu/-/jobs/597414772#L4375
Reported-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: John Snow <jsnow@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20200616154949.6586-1-philmd@redhat.com>
---
tests/qemu-iotests/051.pc.out | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tests/qemu-iotests/051.pc.out b/tests/qemu-iotests/051.pc.out
index 0ea80d35f0e..da8ad871876 100644
--- a/tests/qemu-iotests/051.pc.out
+++ b/tests/qemu-iotests/051.pc.out
@@ -142,7 +142,7 @@ QEMU X.Y.Z monitor - type 'help' for more information
Testing: -drive if=ide
QEMU X.Y.Z monitor - type 'help' for more information
-(qemu) QEMU_PROG: Initialization of device ide-hd failed: Device needs media, but drive is empty
+(qemu) QEMU_PROG: Device needs media, but drive is empty
Testing: -drive if=virtio
QEMU X.Y.Z monitor - type 'help' for more information
@@ -214,7 +214,7 @@ QEMU X.Y.Z monitor - type 'help' for more information
Testing: -drive file=TEST_DIR/t.qcow2,if=ide,readonly=on
QEMU X.Y.Z monitor - type 'help' for more information
-(qemu) QEMU_PROG: Initialization of device ide-hd failed: Block node is read-only
+(qemu) QEMU_PROG: Block node is read-only
Testing: -drive file=TEST_DIR/t.qcow2,if=virtio,readonly=on
QEMU X.Y.Z monitor - type 'help' for more information
--
2.20.1
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [PATCH v4 03/40] crypto/linux_keyring: fix 'secret_keyring' configure test
2020-07-01 13:56 [PATCH v4 00/40] testing/next (vm, gitlab, fixes) Alex Bennée
2020-07-01 13:56 ` [Bug 1878645] " Alex Bennée
2020-07-01 13:56 ` [PATCH v4 02/40] iotests: Fix 051 output after qdev_init_nofail() removal Alex Bennée
@ 2020-07-01 13:56 ` Alex Bennée
2020-07-01 13:56 ` [PATCH v4 04/40] util/coroutine: Cleanup start_switch_fiber_ for TSAN Alex Bennée
` (36 subsequent siblings)
39 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, Thomas Huth, berrange, Alex Bennée, richard.henderson,
f4bug, David Edmondson, cota, aurelien
From: David Edmondson <david.edmondson@oracle.com>
The configure test for 'secret_keyring' incorrectly checked the
'have_keyring' variable.
Fixes: 54e7aac0562452e4fcab65ca5001d030eef2de15
Signed-off-by: David Edmondson <david.edmondson@oracle.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20200618092636.71832-1-david.edmondson@oracle.com>
---
configure | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure b/configure
index 4a22dcd5631..65309a08dbc 100755
--- a/configure
+++ b/configure
@@ -6461,7 +6461,7 @@ EOF
fi
if test "$secret_keyring" != "no"
then
- if test "$have_keyring" == "yes"
+ if test "$have_keyring" = "yes"
then
secret_keyring=yes
else
--
2.20.1
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [PATCH v4 04/40] util/coroutine: Cleanup start_switch_fiber_ for TSAN.
2020-07-01 13:56 [PATCH v4 00/40] testing/next (vm, gitlab, fixes) Alex Bennée
` (2 preceding siblings ...)
2020-07-01 13:56 ` [PATCH v4 03/40] crypto/linux_keyring: fix 'secret_keyring' configure test Alex Bennée
@ 2020-07-01 13:56 ` Alex Bennée
2020-07-01 13:56 ` [PATCH v4 05/40] tests/vm: pass args through to BaseVM's __init__ Alex Bennée
` (35 subsequent siblings)
39 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, Kevin Wolf, berrange, Robert Foley, Alex Bennée,
richard.henderson, f4bug, cota, Stefan Hajnoczi, aurelien
From: Robert Foley <robert.foley@linaro.org>
This is a cleanup patch to follow-up the patch which introduced TSAN.
This patch makes separate start_switch_fiber_ functions for TSAN and ASAN.
This does two things:
1. Unrelated ASAN and TSAN code is separate and each function only
has arguments that are actually needed.
2. The co->tsan_caller_fiber and co->tsan_co_fiber fields are only
access from within #ifdef CONFIG_TSAN.
Signed-off-by: Robert Foley <robert.foley@linaro.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20200626170001.27017-1-robert.foley@linaro.org>
---
util/coroutine-ucontext.c | 52 +++++++++++++++++++++++++--------------
1 file changed, 34 insertions(+), 18 deletions(-)
diff --git a/util/coroutine-ucontext.c b/util/coroutine-ucontext.c
index f0b66320e10..fff20aad80a 100644
--- a/util/coroutine-ucontext.c
+++ b/util/coroutine-ucontext.c
@@ -52,8 +52,10 @@ typedef struct {
#endif
sigjmp_buf env;
+#ifdef CONFIG_TSAN
void *tsan_co_fiber;
void *tsan_caller_fiber;
+#endif
#ifdef CONFIG_VALGRIND_H
unsigned int valgrind_stack_id;
@@ -77,7 +79,10 @@ union cc_arg {
int i[2];
};
-/* QEMU_ALWAYS_INLINE only does so if __OPTIMIZE__, so we cannot use it. */
+/*
+ * QEMU_ALWAYS_INLINE only does so if __OPTIMIZE__, so we cannot use it.
+ * always_inline is required to avoid TSan runtime fatal errors.
+ */
static inline __attribute__((always_inline))
void on_new_fiber(CoroutineUContext *co)
{
@@ -87,6 +92,7 @@ void on_new_fiber(CoroutineUContext *co)
#endif
}
+/* always_inline is required to avoid TSan runtime fatal errors. */
static inline __attribute__((always_inline))
void finish_switch_fiber(void *fake_stack_save)
{
@@ -109,18 +115,29 @@ void finish_switch_fiber(void *fake_stack_save)
#endif
}
-static inline __attribute__((always_inline)) void start_switch_fiber(
- CoroutineAction action, void **fake_stack_save,
- const void *bottom, size_t size, void *new_fiber)
+/* always_inline is required to avoid TSan runtime fatal errors. */
+static inline __attribute__((always_inline))
+void start_switch_fiber_asan(CoroutineAction action, void **fake_stack_save,
+ const void *bottom, size_t size)
{
#ifdef CONFIG_ASAN
__sanitizer_start_switch_fiber(
action == COROUTINE_TERMINATE ? NULL : fake_stack_save,
bottom, size);
#endif
+}
+
+/* always_inline is required to avoid TSan runtime fatal errors. */
+static inline __attribute__((always_inline))
+void start_switch_fiber_tsan(void **fake_stack_save,
+ CoroutineUContext *co,
+ bool caller)
+{
#ifdef CONFIG_TSAN
- void *curr_fiber =
- __tsan_get_current_fiber();
+ void *new_fiber = caller ?
+ co->tsan_caller_fiber :
+ co->tsan_co_fiber;
+ void *curr_fiber = __tsan_get_current_fiber();
__tsan_acquire(curr_fiber);
*fake_stack_save = curr_fiber;
@@ -144,12 +161,9 @@ static void coroutine_trampoline(int i0, int i1)
/* Initialize longjmp environment and switch back the caller */
if (!sigsetjmp(self->env, 0)) {
- start_switch_fiber(
- COROUTINE_YIELD,
- &fake_stack_save,
- leader.stack,
- leader.stack_size,
- self->tsan_caller_fiber);
+ start_switch_fiber_asan(COROUTINE_YIELD, &fake_stack_save, leader.stack,
+ leader.stack_size);
+ start_switch_fiber_tsan(&fake_stack_save, self, true); /* true=caller */
siglongjmp(*(sigjmp_buf *)co->entry_arg, 1);
}
@@ -208,10 +222,10 @@ Coroutine *qemu_coroutine_new(void)
/* swapcontext() in, siglongjmp() back out */
if (!sigsetjmp(old_env, 0)) {
- start_switch_fiber(
- COROUTINE_YIELD,
- &fake_stack_save,
- co->stack, co->stack_size, co->tsan_co_fiber);
+ start_switch_fiber_asan(COROUTINE_YIELD, &fake_stack_save, co->stack,
+ co->stack_size);
+ start_switch_fiber_tsan(&fake_stack_save,
+ co, false); /* false=not caller */
#ifdef CONFIG_SAFESTACK
/*
@@ -287,8 +301,10 @@ qemu_coroutine_switch(Coroutine *from_, Coroutine *to_,
ret = sigsetjmp(from->env, 0);
if (ret == 0) {
- start_switch_fiber(action, &fake_stack_save,
- to->stack, to->stack_size, to->tsan_co_fiber);
+ start_switch_fiber_asan(action, &fake_stack_save, to->stack,
+ to->stack_size);
+ start_switch_fiber_tsan(&fake_stack_save,
+ to, false); /* false=not caller */
siglongjmp(to->env, action);
}
--
2.20.1
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [PATCH v4 05/40] tests/vm: pass args through to BaseVM's __init__
2020-07-01 13:56 [PATCH v4 00/40] testing/next (vm, gitlab, fixes) Alex Bennée
` (3 preceding siblings ...)
2020-07-01 13:56 ` [PATCH v4 04/40] util/coroutine: Cleanup start_switch_fiber_ for TSAN Alex Bennée
@ 2020-07-01 13:56 ` Alex Bennée
2020-07-01 13:56 ` [PATCH v4 06/40] tests/vm: Add configuration to basevm.py Alex Bennée
` (34 subsequent siblings)
39 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, berrange, Robert Foley, Alex Bennée, richard.henderson,
f4bug, Philippe Mathieu-Daudé,
cota, aurelien
From: Robert Foley <robert.foley@linaro.org>
Adding the args parameter to BaseVM's __init__.
We will shortly need to pass more parameters to the class
so let's just pass args rather than growing the parameter list.
Signed-off-by: Robert Foley <robert.foley@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20200601211421.1277-2-robert.foley@linaro.org>
---
tests/vm/basevm.py | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/tests/vm/basevm.py b/tests/vm/basevm.py
index a80b616a08d..5a58e6c3930 100644
--- a/tests/vm/basevm.py
+++ b/tests/vm/basevm.py
@@ -61,11 +61,10 @@ class BaseVM(object):
# 4 is arbitrary, but greater than 2,
# since we found we need to wait more than twice as long.
tcg_ssh_timeout_multiplier = 4
- def __init__(self, debug=False, vcpus=None, genisoimage=None,
- build_path=None):
+ def __init__(self, args):
self._guest = None
- self._genisoimage = genisoimage
- self._build_path = build_path
+ self._genisoimage = args.genisoimage
+ self._build_path = args.build_path
self._tmpdir = os.path.realpath(tempfile.mkdtemp(prefix="vm-test-",
suffix=".tmp",
dir="."))
@@ -78,7 +77,7 @@ class BaseVM(object):
self._ssh_pub_key_file = os.path.join(self._tmpdir, "id_rsa.pub")
open(self._ssh_pub_key_file, "w").write(SSH_PUB_KEY)
- self.debug = debug
+ self.debug = args.debug
self._stderr = sys.stderr
self._devnull = open(os.devnull, "w")
if self.debug:
@@ -92,8 +91,8 @@ class BaseVM(object):
(",ipv6=no" if not self.ipv6 else ""),
"-device", "virtio-net-pci,netdev=vnet",
"-vnc", "127.0.0.1:0,to=20"]
- if vcpus and vcpus > 1:
- self._args += ["-smp", "%d" % vcpus]
+ if args.jobs and args.jobs > 1:
+ self._args += ["-smp", "%d" % args.jobs]
if kvm_available(self.arch):
self._args += ["-enable-kvm"]
else:
@@ -456,8 +455,7 @@ def main(vmcls):
return 1
logging.basicConfig(level=(logging.DEBUG if args.debug
else logging.WARN))
- vm = vmcls(debug=args.debug, vcpus=args.jobs,
- genisoimage=args.genisoimage, build_path=args.build_path)
+ vm = vmcls(args)
if args.build_image:
if os.path.exists(args.image) and not args.force:
sys.stderr.writelines(["Image file exists: %s\n" % args.image,
--
2.20.1
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [PATCH v4 06/40] tests/vm: Add configuration to basevm.py
2020-07-01 13:56 [PATCH v4 00/40] testing/next (vm, gitlab, fixes) Alex Bennée
` (4 preceding siblings ...)
2020-07-01 13:56 ` [PATCH v4 05/40] tests/vm: pass args through to BaseVM's __init__ Alex Bennée
@ 2020-07-01 13:56 ` Alex Bennée
2020-07-01 13:56 ` [PATCH v4 07/40] tests/vm: Added configuration file support Alex Bennée
` (33 subsequent siblings)
39 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, berrange, Robert Foley, Alex Bennée, richard.henderson,
f4bug, Philippe Mathieu-Daudé,
cota, Peter Puhov, aurelien
From: Robert Foley <robert.foley@linaro.org>
Added use of a configuration to tests/vm/basevm.py.
The configuration provides parameters used to configure a VM.
This allows for providing alternate configurations to the VM being
created/launched. cpu, machine, memory, and NUMA configuration are all
examples of configuration which we might want to vary on the VM being created
or launched.
This will for example allow for creating an aarch64 vm.
Signed-off-by: Robert Foley <robert.foley@linaro.org>
Reviewed-by: Peter Puhov <peter.puhov@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20200601211421.1277-3-robert.foley@linaro.org>
---
tests/vm/basevm.py | 172 +++++++++++++++++++++++++++++++++++----------
1 file changed, 133 insertions(+), 39 deletions(-)
diff --git a/tests/vm/basevm.py b/tests/vm/basevm.py
index 5a58e6c3930..cfe20c58f7e 100644
--- a/tests/vm/basevm.py
+++ b/tests/vm/basevm.py
@@ -29,16 +29,41 @@ import tempfile
import shutil
import multiprocessing
import traceback
-
-SSH_KEY = open(os.path.join(os.path.dirname(__file__),
- "..", "keys", "id_rsa")).read()
-SSH_PUB_KEY = open(os.path.join(os.path.dirname(__file__),
- "..", "keys", "id_rsa.pub")).read()
-
+import shlex
+
+SSH_KEY_FILE = os.path.join(os.path.dirname(__file__),
+ "..", "keys", "id_rsa")
+SSH_PUB_KEY_FILE = os.path.join(os.path.dirname(__file__),
+ "..", "keys", "id_rsa.pub")
+
+# This is the standard configuration.
+# Any or all of these can be overridden by
+# passing in a config argument to the VM constructor.
+DEFAULT_CONFIG = {
+ 'cpu' : "max",
+ 'machine' : 'pc',
+ 'guest_user' : "qemu",
+ 'guest_pass' : "qemupass",
+ 'root_pass' : "qemupass",
+ 'ssh_key_file' : SSH_KEY_FILE,
+ 'ssh_pub_key_file': SSH_PUB_KEY_FILE,
+ 'memory' : "4G",
+ 'extra_args' : [],
+ 'qemu_args' : "",
+ 'dns' : "",
+ 'ssh_port' : 0,
+ 'install_cmds' : "",
+ 'boot_dev_type' : "block",
+ 'ssh_timeout' : 1,
+}
+BOOT_DEVICE = {
+ 'block' : "-drive file={},if=none,id=drive0,cache=writeback "\
+ "-device virtio-blk,drive=drive0,bootindex=0",
+ 'scsi' : "-device virtio-scsi-device,id=scsi "\
+ "-drive file={},format=raw,if=none,id=hd0 "\
+ "-device scsi-hd,drive=hd0,bootindex=0",
+}
class BaseVM(object):
- GUEST_USER = "qemu"
- GUEST_PASS = "qemupass"
- ROOT_PASS = "qemupass"
envvars = [
"https_proxy",
@@ -57,25 +82,38 @@ class BaseVM(object):
poweroff = "poweroff"
# enable IPv6 networking
ipv6 = True
+ # This is the timeout on the wait for console bytes.
+ socket_timeout = 120
# Scale up some timeouts under TCG.
# 4 is arbitrary, but greater than 2,
# since we found we need to wait more than twice as long.
tcg_ssh_timeout_multiplier = 4
- def __init__(self, args):
+ def __init__(self, args, config=None):
self._guest = None
self._genisoimage = args.genisoimage
self._build_path = args.build_path
+ # Allow input config to override defaults.
+ self._config = DEFAULT_CONFIG.copy()
+ if config != None:
+ self._config.update(config)
+ self.validate_ssh_keys()
self._tmpdir = os.path.realpath(tempfile.mkdtemp(prefix="vm-test-",
suffix=".tmp",
dir="."))
atexit.register(shutil.rmtree, self._tmpdir)
-
- self._ssh_key_file = os.path.join(self._tmpdir, "id_rsa")
- open(self._ssh_key_file, "w").write(SSH_KEY)
- subprocess.check_call(["chmod", "600", self._ssh_key_file])
-
- self._ssh_pub_key_file = os.path.join(self._tmpdir, "id_rsa.pub")
- open(self._ssh_pub_key_file, "w").write(SSH_PUB_KEY)
+ # Copy the key files to a temporary directory.
+ # Also chmod the key file to agree with ssh requirements.
+ self._config['ssh_key'] = \
+ open(self._config['ssh_key_file']).read().rstrip()
+ self._config['ssh_pub_key'] = \
+ open(self._config['ssh_pub_key_file']).read().rstrip()
+ self._ssh_tmp_key_file = os.path.join(self._tmpdir, "id_rsa")
+ open(self._ssh_tmp_key_file, "w").write(self._config['ssh_key'])
+ subprocess.check_call(["chmod", "600", self._ssh_tmp_key_file])
+
+ self._ssh_tmp_pub_key_file = os.path.join(self._tmpdir, "id_rsa.pub")
+ open(self._ssh_tmp_pub_key_file,
+ "w").write(self._config['ssh_pub_key'])
self.debug = args.debug
self._stderr = sys.stderr
@@ -84,11 +122,14 @@ class BaseVM(object):
self._stdout = sys.stdout
else:
self._stdout = self._devnull
+ netdev = "user,id=vnet,hostfwd=:127.0.0.1:{}-:22"
self._args = [ \
- "-nodefaults", "-m", "4G",
- "-cpu", "max",
- "-netdev", "user,id=vnet,hostfwd=:127.0.0.1:0-:22" +
- (",ipv6=no" if not self.ipv6 else ""),
+ "-nodefaults", "-m", self._config['memory'],
+ "-cpu", self._config['cpu'],
+ "-netdev",
+ netdev.format(self._config['ssh_port']) +
+ (",ipv6=no" if not self.ipv6 else "") +
+ (",dns=" + self._config['dns'] if self._config['dns'] else ""),
"-device", "virtio-net-pci,netdev=vnet",
"-vnc", "127.0.0.1:0,to=20"]
if args.jobs and args.jobs > 1:
@@ -99,6 +140,55 @@ class BaseVM(object):
logging.info("KVM not available, not using -enable-kvm")
self._data_args = []
+ if self._config['qemu_args'] != None:
+ qemu_args = self._config['qemu_args']
+ qemu_args = qemu_args.replace('\n',' ').replace('\r','')
+ # shlex groups quoted arguments together
+ # we need this to keep the quoted args together for when
+ # the QEMU command is issued later.
+ args = shlex.split(qemu_args)
+ self._config['extra_args'] = []
+ for arg in args:
+ if arg:
+ # Preserve quotes around arguments.
+ # shlex above takes them out, so add them in.
+ if " " in arg:
+ arg = '"{}"'.format(arg)
+ self._config['extra_args'].append(arg)
+
+ def validate_ssh_keys(self):
+ """Check to see if the ssh key files exist."""
+ if 'ssh_key_file' not in self._config or\
+ not os.path.exists(self._config['ssh_key_file']):
+ raise Exception("ssh key file not found.")
+ if 'ssh_pub_key_file' not in self._config or\
+ not os.path.exists(self._config['ssh_pub_key_file']):
+ raise Exception("ssh pub key file not found.")
+
+ def wait_boot(self, wait_string=None):
+ """Wait for the standard string we expect
+ on completion of a normal boot.
+ The user can also choose to override with an
+ alternate string to wait for."""
+ if wait_string is None:
+ if self.login_prompt is None:
+ raise Exception("self.login_prompt not defined")
+ wait_string = self.login_prompt
+ # Intentionally bump up the default timeout under TCG,
+ # since the console wait below takes longer.
+ timeout = self.socket_timeout
+ if not kvm_available(self.arch):
+ timeout *= 8
+ self.console_init(timeout=timeout)
+ self.console_wait(wait_string)
+
+ def __getattr__(self, name):
+ # Support direct access to config by key.
+ # for example, access self._config['cpu'] by self.cpu
+ if name.lower() in self._config.keys():
+ return self._config[name.lower()]
+ return object.__getattribute__(self, name)
+
def _download_with_cache(self, url, sha256sum=None, sha512sum=None):
def check_sha256sum(fname):
if not sha256sum:
@@ -130,8 +220,9 @@ class BaseVM(object):
"-t",
"-o", "StrictHostKeyChecking=no",
"-o", "UserKnownHostsFile=" + os.devnull,
- "-o", "ConnectTimeout=1",
- "-p", self.ssh_port, "-i", self._ssh_key_file]
+ "-o",
+ "ConnectTimeout={}".format(self._config["ssh_timeout"]),
+ "-p", self.ssh_port, "-i", self._ssh_tmp_key_file]
# If not in debug mode, set ssh to quiet mode to
# avoid printing the results of commands.
if not self.debug:
@@ -180,14 +271,14 @@ class BaseVM(object):
"virtio-blk,drive=%s,serial=%s,bootindex=1" % (name, name)]
def boot(self, img, extra_args=[]):
- args = self._args + [
- "-drive", "file=%s,if=none,id=drive0,cache=writeback" % img,
- "-device", "virtio-blk,drive=drive0,bootindex=0"]
- args += self._data_args + extra_args
+ boot_dev = BOOT_DEVICE[self._config['boot_dev_type']]
+ boot_params = boot_dev.format(img)
+ args = self._args + boot_params.split(' ')
+ args += self._data_args + extra_args + self._config['extra_args']
logging.debug("QEMU args: %s", " ".join(args))
qemu_path = get_qemu_path(self.arch, self._build_path)
guest = QEMUMachine(binary=qemu_path, args=args)
- guest.set_machine('pc')
+ guest.set_machine(self._config['machine'])
guest.set_console()
try:
guest.launch()
@@ -301,7 +392,8 @@ class BaseVM(object):
self.console_send(command)
def console_ssh_init(self, prompt, user, pw):
- sshkey_cmd = "echo '%s' > .ssh/authorized_keys\n" % SSH_PUB_KEY.rstrip()
+ sshkey_cmd = "echo '%s' > .ssh/authorized_keys\n" \
+ % self._config['ssh_pub_key'].rstrip()
self.console_wait_send("login:", "%s\n" % user)
self.console_wait_send("Password:", "%s\n" % pw)
self.console_wait_send(prompt, "mkdir .ssh\n")
@@ -360,23 +452,23 @@ class BaseVM(object):
"local-hostname: {}-guest\n".format(name)])
mdata.close()
udata = open(os.path.join(cidir, "user-data"), "w")
- print("guest user:pw {}:{}".format(self.GUEST_USER,
- self.GUEST_PASS))
+ print("guest user:pw {}:{}".format(self._config['guest_user'],
+ self._config['guest_pass']))
udata.writelines(["#cloud-config\n",
"chpasswd:\n",
" list: |\n",
- " root:%s\n" % self.ROOT_PASS,
- " %s:%s\n" % (self.GUEST_USER,
- self.GUEST_PASS),
+ " root:%s\n" % self._config['root_pass'],
+ " %s:%s\n" % (self._config['guest_user'],
+ self._config['guest_pass']),
" expire: False\n",
"users:\n",
- " - name: %s\n" % self.GUEST_USER,
+ " - name: %s\n" % self._config['guest_user'],
" sudo: ALL=(ALL) NOPASSWD:ALL\n",
" ssh-authorized-keys:\n",
- " - %s\n" % SSH_PUB_KEY,
+ " - %s\n" % self._config['ssh_pub_key'],
" - name: root\n",
" ssh-authorized-keys:\n",
- " - %s\n" % SSH_PUB_KEY,
+ " - %s\n" % self._config['ssh_pub_key'],
"locale: en_US.UTF-8\n"])
proxy = os.environ.get("http_proxy")
if not proxy is None:
@@ -447,15 +539,17 @@ def parse_args(vmcls):
parser.disable_interspersed_args()
return parser.parse_args()
-def main(vmcls):
+def main(vmcls, config=None):
try:
+ if config == None:
+ config = {}
args, argv = parse_args(vmcls)
if not argv and not args.build_qemu and not args.build_image:
print("Nothing to do?")
return 1
logging.basicConfig(level=(logging.DEBUG if args.debug
else logging.WARN))
- vm = vmcls(args)
+ vm = vmcls(args, config=config)
if args.build_image:
if os.path.exists(args.image) and not args.force:
sys.stderr.writelines(["Image file exists: %s\n" % args.image,
--
2.20.1
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [PATCH v4 07/40] tests/vm: Added configuration file support
2020-07-01 13:56 [PATCH v4 00/40] testing/next (vm, gitlab, fixes) Alex Bennée
` (5 preceding siblings ...)
2020-07-01 13:56 ` [PATCH v4 06/40] tests/vm: Add configuration to basevm.py Alex Bennée
@ 2020-07-01 13:56 ` Alex Bennée
2020-07-01 13:56 ` [PATCH v4 08/40] tests/vm: Add common Ubuntu python module Alex Bennée
` (32 subsequent siblings)
39 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, berrange, Robert Foley, Alex Bennée, richard.henderson,
f4bug, Philippe Mathieu-Daudé,
cota, Peter Puhov, aurelien
From: Robert Foley <robert.foley@linaro.org>
Changes to tests/vm/basevm.py to allow accepting a configuration file
as a parameter. Allows for specifying VM options such as
cpu, machine, memory, and arbitrary qemu arguments for specifying options
such as NUMA configuration.
Also added an example conf_example_aarch64.yml and conf_example_x86.yml.
Signed-off-by: Robert Foley <robert.foley@linaro.org>
Reviewed-by: Peter Puhov <peter.puhov@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20200601211421.1277-4-robert.foley@linaro.org>
---
configure | 9 ++++++
tests/vm/Makefile.include | 6 ++++
tests/vm/basevm.py | 40 +++++++++++++++++++++++-
tests/vm/conf_example_aarch64.yml | 51 +++++++++++++++++++++++++++++++
tests/vm/conf_example_x86.yml | 50 ++++++++++++++++++++++++++++++
5 files changed, 155 insertions(+), 1 deletion(-)
create mode 100644 tests/vm/conf_example_aarch64.yml
create mode 100644 tests/vm/conf_example_x86.yml
diff --git a/configure b/configure
index 65309a08dbc..96256be057a 100755
--- a/configure
+++ b/configure
@@ -960,6 +960,13 @@ do
fi
done
+# Check for existence of python3 yaml, needed to
+# import yaml config files into vm-build.
+python_yaml="no"
+if $(python3 -c "import yaml" 2> /dev/null); then
+ python_yaml="yes"
+fi
+
: ${smbd=${SMBD-/usr/sbin/smbd}}
# Default objcc to clang if available, otherwise use CC
@@ -6843,6 +6850,7 @@ if test "$docs" != "no"; then
echo "sphinx-build $sphinx_build"
fi
echo "genisoimage $genisoimage"
+echo "python_yaml $python_yaml"
echo "slirp support $slirp $(echo_version $slirp $slirp_version)"
if test "$slirp" != "no" ; then
echo "smbd $smbd"
@@ -7928,6 +7936,7 @@ echo "PYTHON=$python" >> $config_host_mak
echo "SPHINX_BUILD=$sphinx_build" >> $config_host_mak
echo "SPHINX_WERROR=$sphinx_werror" >> $config_host_mak
echo "GENISOIMAGE=$genisoimage" >> $config_host_mak
+echo "PYTHON_YAML=$python_yaml" >> $config_host_mak
echo "CC=$cc" >> $config_host_mak
if $iasl -h > /dev/null 2>&1; then
echo "IASL=$iasl" >> $config_host_mak
diff --git a/tests/vm/Makefile.include b/tests/vm/Makefile.include
index a253aba4579..f6c3892bb28 100644
--- a/tests/vm/Makefile.include
+++ b/tests/vm/Makefile.include
@@ -44,6 +44,12 @@ endif
@echo " QEMU_LOCAL=1 - Use QEMU binary local to this build."
@echo " QEMU=/path/to/qemu - Change path to QEMU binary"
@echo " QEMU_IMG=/path/to/qemu-img - Change path to qemu-img tool"
+ifeq ($(PYTHON_YAML),yes)
+ @echo " QEMU_CONFIG=/path/conf.yml - Change path to VM configuration .yml file."
+else
+ @echo " (install python3-yaml to enable support for yaml file to configure a VM.)"
+endif
+ @echo " See conf_example_*.yml for file format details."
vm-build-all: $(addprefix vm-build-, $(IMAGES))
diff --git a/tests/vm/basevm.py b/tests/vm/basevm.py
index cfe20c58f7e..fa56fbbb4b6 100644
--- a/tests/vm/basevm.py
+++ b/tests/vm/basevm.py
@@ -481,7 +481,6 @@ class BaseVM(object):
cwd=cidir,
stdin=self._devnull, stdout=self._stdout,
stderr=self._stdout)
-
return os.path.join(cidir, "cloud-init.iso")
def get_qemu_path(arch, build_path=None):
@@ -497,6 +496,41 @@ def get_qemu_path(arch, build_path=None):
qemu_path = "qemu-system-" + arch
return qemu_path
+def parse_config(config, args):
+ """ Parse yaml config and populate our config structure.
+ The yaml config allows the user to override the
+ defaults for VM parameters. In many cases these
+ defaults can be overridden without rebuilding the VM."""
+ if args.config:
+ config_file = args.config
+ elif 'QEMU_CONFIG' in os.environ:
+ config_file = os.environ['QEMU_CONFIG']
+ else:
+ return config
+ if not os.path.exists(config_file):
+ raise Exception("config file {} does not exist".format(config_file))
+ # We gracefully handle importing the yaml module
+ # since it might not be installed.
+ # If we are here it means the user supplied a .yml file,
+ # so if the yaml module is not installed we will exit with error.
+ try:
+ import yaml
+ except ImportError:
+ print("The python3-yaml package is needed "\
+ "to support config.yaml files")
+ # Instead of raising an exception we exit to avoid
+ # a raft of messy (expected) errors to stdout.
+ exit(1)
+ with open(config_file) as f:
+ yaml_dict = yaml.safe_load(f)
+
+ if 'qemu-conf' in yaml_dict:
+ config.update(yaml_dict['qemu-conf'])
+ else:
+ raise Exception("config file {} is not valid"\
+ " missing qemu-conf".format(config_file))
+ return config
+
def parse_args(vmcls):
def get_default_jobs():
@@ -536,6 +570,9 @@ def parse_args(vmcls):
help="run tests with a snapshot")
parser.add_option("--genisoimage", default="genisoimage",
help="iso imaging tool")
+ parser.add_option("--config", "-c", default=None,
+ help="Provide config yaml for configuration. "\
+ "See config_example.yaml for example.")
parser.disable_interspersed_args()
return parser.parse_args()
@@ -547,6 +584,7 @@ def main(vmcls, config=None):
if not argv and not args.build_qemu and not args.build_image:
print("Nothing to do?")
return 1
+ config = parse_config(config, args)
logging.basicConfig(level=(logging.DEBUG if args.debug
else logging.WARN))
vm = vmcls(args, config=config)
diff --git a/tests/vm/conf_example_aarch64.yml b/tests/vm/conf_example_aarch64.yml
new file mode 100644
index 00000000000..9d44ae356f7
--- /dev/null
+++ b/tests/vm/conf_example_aarch64.yml
@@ -0,0 +1,51 @@
+#
+# Example yaml for use by any of the scripts in tests/vm.
+# Can be provided as an environment variable QEMU_CONFIG
+#
+qemu-conf:
+
+ # If any of the below are not provided, we will just use the qemu defaults.
+
+ # Login username and password(has to be sudo enabled)
+ guest_user: qemu
+ guest_pass: "qemupass"
+
+ # Password for root user can be different from guest.
+ root_pass: "qemupass"
+
+ # If one key is provided, both must be provided.
+ #ssh_key: /complete/path/of/your/keyfile/id_rsa
+ #ssh_pub_key: /complete/path/of/your/keyfile/id_rsa.pub
+
+ cpu: max
+ machine: virt,gic-version=max
+ memory: 16G
+
+ # The below is a example for how to configure NUMA topology with
+ # 4 NUMA nodes and 2 different NUMA distances.
+ qemu_args: "-smp cpus=16,sockets=2,cores=8
+ -numa node,cpus=0-3,nodeid=0 -numa node,cpus=4-7,nodeid=1
+ -numa node,cpus=8-11,nodeid=2 -numa node,cpus=12-15,nodeid=3
+ -numa dist,src=0,dst=1,val=15 -numa dist,src=2,dst=3,val=15
+ -numa dist,src=0,dst=2,val=20 -numa dist,src=0,dst=3,val=20
+ -numa dist,src=1,dst=2,val=20 -numa dist,src=1,dst=3,val=20"
+
+ # By default we do not set the DNS.
+ # You override the defaults by setting the below.
+ #dns: 1.234.567.89
+
+ # By default we will use a "block" device, but
+ # you can also boot from a "scsi" device.
+ # Just keep in mind your scripts might need to change
+ # As you will have /dev/sda instead of /dev/vda (for block device)
+ boot_dev_type: "block"
+
+ # By default the ssh port is not fixed.
+ # A fixed ssh port makes it easier for automated tests.
+ #ssh_port: 5555
+
+ # To install a different set of packages, provide a command to issue
+ #install_cmds: "apt-get update ; apt-get build-dep -y qemu"
+
+ # Or to skip the install entirely, just provide ""
+ #install_cmds: ""
diff --git a/tests/vm/conf_example_x86.yml b/tests/vm/conf_example_x86.yml
new file mode 100644
index 00000000000..78d3f5830fa
--- /dev/null
+++ b/tests/vm/conf_example_x86.yml
@@ -0,0 +1,50 @@
+#
+# Example yaml for use by any of the x86 based scripts in tests/vm.
+# Can be provided as an environment variable QEMU_CONFIG
+#
+qemu-conf:
+
+ # If any of the below are not provided, we will just use the qemu defaults.
+
+ # Login username and password(has to be sudo enabled)
+ guest_user: "qemu"
+ guest_pass: "qemupass"
+
+ # Password for root user can be different from guest.
+ root_pass: "qemupass"
+
+ # Provide default ssh keys of current user.
+ # You need to edit the below for your user.
+ #ssh_key_file: /home/<user>/.ssh/id_rsa
+ #ssh_pub_key_file: /home/<user>/.ssh/id_rsa.pub
+
+ cpu: max
+ machine: pc
+ memory: 8G
+
+ # The below is a example for how to configure NUMA topology with
+ # 4 NUMA nodes and 2 different NUMA distances.
+ qemu_args: "-smp cpus=8,sockets=2,cores=4
+ -object memory-backend-ram,size=4G,policy=bind,host-nodes=0,id=ram-node0
+ -object memory-backend-ram,size=4G,policy=bind,host-nodes=0,id=ram-node1
+ -object memory-backend-ram,size=4G,policy=bind,host-nodes=1,id=ram-node2
+ -object memory-backend-ram,size=4G,policy=bind,host-nodes=1,id=ram-node3
+ -numa node,cpus=0-1,nodeid=0 -numa node,cpus=2-3,nodeid=1
+ -numa node,cpus=4-5,nodeid=2 -numa node,cpus=6-7,nodeid=3
+ -numa dist,src=0,dst=1,val=15 -numa dist,src=2,dst=3,val=15
+ -numa dist,src=0,dst=2,val=20 -numa dist,src=0,dst=3,val=20
+ -numa dist,src=1,dst=2,val=20 -numa dist,src=1,dst=3,val=20"
+
+ # By default we do not set the DNS.
+ # You override the defaults by setting the below.
+ #dns: "1.234.567.89"
+
+ # By default we will use a "block" device, but
+ # you can also boot from a "scsi" device.
+ # Just keep in mind your scripts might need to change
+ # As you will have /dev/sda instead of /dev/vda (for block device)
+ boot_dev_type: "block"
+
+ # By default the ssh port is not fixed.
+ # A fixed ssh port makes it easier for automated tests.
+ ssh_port: 5555
--
2.20.1
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [PATCH v4 08/40] tests/vm: Add common Ubuntu python module
2020-07-01 13:56 [PATCH v4 00/40] testing/next (vm, gitlab, fixes) Alex Bennée
` (6 preceding siblings ...)
2020-07-01 13:56 ` [PATCH v4 07/40] tests/vm: Added configuration file support Alex Bennée
@ 2020-07-01 13:56 ` Alex Bennée
2020-07-01 13:56 ` [PATCH v4 09/40] tests/vm: Added a new script for ubuntu.aarch64 Alex Bennée
` (31 subsequent siblings)
39 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, berrange, Robert Foley, Philippe Mathieu-Daudé,
richard.henderson, f4bug, Alex Bennée, cota, aurelien
From: Robert Foley <robert.foley@linaro.org>
Add a common Ubuntu python module and make use of
it with the ubuntu.i386 script.
This is preparation for adding an Ubuntu script
ubuntu.aarch64. Splitting out the common
logic such as build_image() will reduce duplication.
Signed-off-by: Robert Foley <robert.foley@linaro.org>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20200601211421.1277-5-robert.foley@linaro.org>
---
tests/vm/ubuntu.i386 | 46 +++++++++------------------------
tests/vm/ubuntuvm.py | 60 ++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 72 insertions(+), 34 deletions(-)
create mode 100644 tests/vm/ubuntuvm.py
diff --git a/tests/vm/ubuntu.i386 b/tests/vm/ubuntu.i386
index 24527cc78c7..5ce72610a6c 100755
--- a/tests/vm/ubuntu.i386
+++ b/tests/vm/ubuntu.i386
@@ -11,15 +11,22 @@
# the COPYING file in the top-level directory.
#
-import os
import sys
-import subprocess
import basevm
-import time
+import ubuntuvm
-class UbuntuX86VM(basevm.BaseVM):
+DEFAULT_CONFIG = {
+ 'install_cmds' : "apt-get update,"\
+ "apt-get build-dep -y qemu,"\
+ "apt-get install -y libfdt-dev language-pack-en",
+}
+
+class UbuntuX86VM(ubuntuvm.UbuntuVM):
name = "ubuntu.i386"
arch = "i386"
+ image_link="https://cloud-images.ubuntu.com/releases/bionic/"\
+ "release-20191114/ubuntu-18.04-server-cloudimg-i386.img"
+ image_sha256="28969840626d1ea80bb249c08eef1a4533e8904aa51a327b40f37ac4b4ff04ef"
BUILD_SCRIPT = """
set -e;
cd $(mktemp -d);
@@ -29,34 +36,5 @@ class UbuntuX86VM(basevm.BaseVM):
make --output-sync {target} -j{jobs} {verbose};
"""
- def build_image(self, img):
- cimg = self._download_with_cache(
- "https://cloud-images.ubuntu.com/releases/bionic/release-20191114/ubuntu-18.04-server-cloudimg-i386.img",
- sha256sum="28969840626d1ea80bb249c08eef1a4533e8904aa51a327b40f37ac4b4ff04ef")
- img_tmp = img + ".tmp"
- subprocess.check_call(["cp", "-f", cimg, img_tmp])
- self.exec_qemu_img("resize", img_tmp, "50G")
- self.boot(img_tmp, extra_args = [
- "-device", "VGA",
- "-cdrom", self.gen_cloud_init_iso()
- ])
- self.wait_ssh()
- self.ssh_root_check("touch /etc/cloud/cloud-init.disabled")
- self.ssh_root_check("apt-get update")
- self.ssh_root_check("apt-get install -y cloud-initramfs-growroot")
- # Don't check the status in case the guest hang up too quickly
- self.ssh_root("sync && reboot")
- time.sleep(5)
- self.wait_ssh()
- # The previous update sometimes doesn't survive a reboot, so do it again
- self.ssh_root_check("sed -ie s/^#\ deb-src/deb-src/g /etc/apt/sources.list")
- self.ssh_root_check("apt-get update")
- self.ssh_root_check("apt-get build-dep -y qemu")
- self.ssh_root_check("apt-get install -y libfdt-dev language-pack-en")
- self.ssh_root("poweroff")
- self.wait()
- os.rename(img_tmp, img)
- return 0
-
if __name__ == "__main__":
- sys.exit(basevm.main(UbuntuX86VM))
+ sys.exit(basevm.main(UbuntuX86VM, DEFAULT_CONFIG))
diff --git a/tests/vm/ubuntuvm.py b/tests/vm/ubuntuvm.py
new file mode 100644
index 00000000000..6689ad87aa8
--- /dev/null
+++ b/tests/vm/ubuntuvm.py
@@ -0,0 +1,60 @@
+#!/usr/bin/env python3
+#
+# Ubuntu VM testing library
+#
+# Copyright 2017 Red Hat Inc.
+# Copyright 2020 Linaro
+#
+# Authors:
+# Robert Foley <robert.foley@linaro.org>
+# Originally based on ubuntu.i386 Fam Zheng <famz@redhat.com>
+#
+# This code is licensed under the GPL version 2 or later. See
+# the COPYING file in the top-level directory.
+
+import os
+import subprocess
+import basevm
+
+class UbuntuVM(basevm.BaseVM):
+
+ def __init__(self, args, config=None):
+ self.login_prompt = "ubuntu-{}-guest login:".format(self.arch)
+ basevm.BaseVM.__init__(self, args, config)
+
+ def build_image(self, img):
+ """Build an Ubuntu VM image. The child class will
+ define the install_cmds to init the VM."""
+ os_img = self._download_with_cache(self.image_link,
+ sha256sum=self.image_sha256)
+ img_tmp = img + ".tmp"
+ subprocess.check_call(["cp", "-f", os_img, img_tmp])
+ self.exec_qemu_img("resize", img_tmp, "+50G")
+ ci_img = self.gen_cloud_init_iso()
+
+ self.boot(img_tmp, extra_args = [ "-device", "VGA", "-cdrom", ci_img, ])
+
+ # First command we issue is fix for slow ssh login.
+ self.wait_ssh(wait_root=True,
+ cmd="chmod -x /etc/update-motd.d/*")
+ # Wait for cloud init to finish
+ self.wait_ssh(wait_root=True,
+ cmd="ls /var/lib/cloud/instance/boot-finished")
+ self.ssh_root("touch /etc/cloud/cloud-init.disabled")
+ # Disable auto upgrades.
+ # We want to keep the VM system state stable.
+ self.ssh_root('sed -ie \'s/"1"/"0"/g\' '\
+ '/etc/apt/apt.conf.d/20auto-upgrades')
+ self.ssh_root("sed -ie s/^#\ deb-src/deb-src/g /etc/apt/sources.list")
+
+ # If the user chooses not to do the install phase,
+ # then we will jump right to the graceful shutdown
+ if self._config['install_cmds'] != "":
+ # Issue the install commands.
+ # This can be overriden by the user in the config .yml.
+ install_cmds = self._config['install_cmds'].split(',')
+ for cmd in install_cmds:
+ self.ssh_root(cmd)
+ self.graceful_shutdown()
+ os.rename(img_tmp, img)
+ return 0
--
2.20.1
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [PATCH v4 09/40] tests/vm: Added a new script for ubuntu.aarch64.
2020-07-01 13:56 [PATCH v4 00/40] testing/next (vm, gitlab, fixes) Alex Bennée
` (7 preceding siblings ...)
2020-07-01 13:56 ` [PATCH v4 08/40] tests/vm: Add common Ubuntu python module Alex Bennée
@ 2020-07-01 13:56 ` Alex Bennée
2020-07-01 13:56 ` [PATCH v4 10/40] tests/vm: Added a new script for centos.aarch64 Alex Bennée
` (30 subsequent siblings)
39 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, berrange, Robert Foley, Alex Bennée, richard.henderson,
f4bug, Philippe Mathieu-Daudé,
cota, Peter Puhov, aurelien
From: Robert Foley <robert.foley@linaro.org>
ubuntu.aarch64 provides a script to create an Ubuntu 18.04 VM.
Another new file is also added aarch64vm.py, which is a module with
common methods used by aarch64 VMs, such as how to create the
flash images.
Signed-off-by: Robert Foley <robert.foley@linaro.org>
Reviewed-by: Peter Puhov <peter.puhov@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20200601211421.1277-6-robert.foley@linaro.org>
---
configure | 20 +++++++
tests/vm/Makefile.include | 11 ++++
tests/vm/aarch64vm.py | 106 ++++++++++++++++++++++++++++++++++++++
tests/vm/basevm.py | 12 +++++
tests/vm/ubuntu.aarch64 | 68 ++++++++++++++++++++++++
5 files changed, 217 insertions(+)
create mode 100644 tests/vm/aarch64vm.py
create mode 100755 tests/vm/ubuntu.aarch64
diff --git a/configure b/configure
index 96256be057a..1fb4d5b61e4 100755
--- a/configure
+++ b/configure
@@ -418,6 +418,7 @@ prefix="/usr/local"
mandir="\${prefix}/share/man"
datadir="\${prefix}/share"
firmwarepath="\${prefix}/share/qemu-firmware"
+efi_aarch64=""
qemu_docdir="\${prefix}/share/doc/qemu"
bindir="\${prefix}/bin"
libdir="\${prefix}/lib"
@@ -1109,6 +1110,8 @@ for opt do
;;
--firmwarepath=*) firmwarepath="$optarg"
;;
+ --efi-aarch64=*) efi_aarch64="$optarg"
+ ;;
--host=*|--build=*|\
--disable-dependency-tracking|\
--sbindir=*|--sharedstatedir=*|\
@@ -1787,6 +1790,7 @@ Advanced options (experts only):
--sysconfdir=PATH install config in PATH$confsuffix
--localstatedir=PATH install local state in PATH (set at runtime on win32)
--firmwarepath=PATH search PATH for firmware files
+ --efi-aarch64=PATH PATH of efi file to use for aarch64 VMs.
--with-confsuffix=SUFFIX suffix for QEMU data inside datadir/libdir/sysconfdir [$confsuffix]
--with-pkgversion=VERS use specified string as sub-version of the package
--enable-debug enable common debug build options
@@ -3606,6 +3610,20 @@ EOF
fi
fi
+############################################
+# efi-aarch64 probe
+# Check for efi files needed by aarch64 VMs.
+# By default we will use the efi included with QEMU.
+# Allow user to override the path for efi also.
+if ! test -f "$efi_aarch64"; then
+ if test -f $source_path/pc-bios/edk2-aarch64-code.fd.bz2; then
+ # valid after build
+ efi_aarch64=$PWD/pc-bios/edk2-aarch64-code.fd
+ else
+ efi_aarch64=""
+ fi
+fi
+
##########################################
# libcap-ng library probe
if test "$cap_ng" != "no" ; then
@@ -6850,6 +6868,7 @@ if test "$docs" != "no"; then
echo "sphinx-build $sphinx_build"
fi
echo "genisoimage $genisoimage"
+echo "efi_aarch64 $efi_aarch64"
echo "python_yaml $python_yaml"
echo "slirp support $slirp $(echo_version $slirp $slirp_version)"
if test "$slirp" != "no" ; then
@@ -7936,6 +7955,7 @@ echo "PYTHON=$python" >> $config_host_mak
echo "SPHINX_BUILD=$sphinx_build" >> $config_host_mak
echo "SPHINX_WERROR=$sphinx_werror" >> $config_host_mak
echo "GENISOIMAGE=$genisoimage" >> $config_host_mak
+echo "EFI_AARCH64=$efi_aarch64" >> $config_host_mak
echo "PYTHON_YAML=$python_yaml" >> $config_host_mak
echo "CC=$cc" >> $config_host_mak
if $iasl -h > /dev/null 2>&1; then
diff --git a/tests/vm/Makefile.include b/tests/vm/Makefile.include
index f6c3892bb28..4fa292765d5 100644
--- a/tests/vm/Makefile.include
+++ b/tests/vm/Makefile.include
@@ -5,6 +5,9 @@
IMAGES := freebsd netbsd openbsd centos fedora
ifneq ($(GENISOIMAGE),)
IMAGES += ubuntu.i386 centos
+ifneq ($(EFI_AARCH64),)
+IMAGES += ubuntu.aarch64
+endif
endif
IMAGES_DIR := $(HOME)/.cache/qemu-vm/images
@@ -23,6 +26,11 @@ vm-help vm-test:
ifneq ($(GENISOIMAGE),)
@echo " vm-build-centos - Build QEMU in CentOS VM, with Docker"
@echo " vm-build-ubuntu.i386 - Build QEMU in ubuntu i386 VM"
+ifneq ($(EFI_AARCH64),)
+ @echo " vm-build-ubuntu.aarch64 - Build QEMU in ubuntu aarch64 VM"
+else
+ @echo " (to build centos/ubuntu aarch64 images use configure --efi-aarch64)"
+endif
else
@echo " (install genisoimage to build centos/ubuntu images)"
endif
@@ -65,6 +73,7 @@ $(IMAGES_DIR)/%.img: $(SRC_PATH)/tests/vm/% \
$(if $(V)$(DEBUG), --debug) \
$(if $(GENISOIMAGE),--genisoimage $(GENISOIMAGE)) \
$(if $(QEMU_LOCAL),--build-path $(BUILD_DIR)) \
+ $(if $(EFI_AARCH64),--efi-aarch64 $(EFI_AARCH64)) \
--image "$@" \
--force \
--build-image $@, \
@@ -80,6 +89,7 @@ vm-build-%: $(IMAGES_DIR)/%.img
$(if $(J),--jobs $(J)) \
$(if $(V),--verbose) \
$(if $(QEMU_LOCAL),--build-path $(BUILD_DIR)) \
+ $(if $(EFI_AARCH64),--efi-aarch64 $(EFI_AARCH64)) \
--image "$<" \
$(if $(BUILD_TARGET),--build-target $(BUILD_TARGET)) \
--snapshot \
@@ -102,6 +112,7 @@ vm-boot-ssh-%: $(IMAGES_DIR)/%.img
$(if $(J),--jobs $(J)) \
$(if $(V)$(DEBUG), --debug) \
$(if $(QEMU_LOCAL),--build-path $(BUILD_DIR)) \
+ $(if $(EFI_AARCH64),--efi-aarch64 $(EFI_AARCH64)) \
--image "$<" \
--interactive \
false, \
diff --git a/tests/vm/aarch64vm.py b/tests/vm/aarch64vm.py
new file mode 100644
index 00000000000..bb04cb19c91
--- /dev/null
+++ b/tests/vm/aarch64vm.py
@@ -0,0 +1,106 @@
+#!/usr/bin/env python3
+#
+# VM testing aarch64 library
+#
+# Copyright 2020 Linaro
+#
+# Authors:
+# Robert Foley <robert.foley@linaro.org>
+#
+# This code is licensed under the GPL version 2 or later. See
+# the COPYING file in the top-level directory.
+#
+import os
+import sys
+import subprocess
+import basevm
+from qemu.accel import kvm_available
+
+# This is the config needed for current version of QEMU.
+# This works for both kvm and tcg.
+CURRENT_CONFIG = {
+ 'cpu' : "max",
+ 'machine' : "virt,gic-version=max",
+}
+
+# The minimum minor version of QEMU we will support with aarch64 VMs is 3.
+# QEMU versions less than 3 have various issues running these VMs.
+QEMU_AARCH64_MIN_VERSION = 3
+
+# The DEFAULT_CONFIG will default to a version of
+# parameters that works for backwards compatibility.
+DEFAULT_CONFIG = {'kvm' : {'cpu' : "host",
+ 'machine' : "virt,gic-version=host"},
+ 'tcg' : {'cpu' : "cortex-a57",
+ 'machine' : "virt"},
+}
+
+def get_config_defaults(vmcls, default_config):
+ """Fetch the configuration defaults for this VM,
+ taking into consideration the defaults for
+ aarch64 first, followed by the defaults for this VM."""
+ config = default_config
+ config.update(aarch_get_config_defaults(vmcls))
+ return config
+
+def aarch_get_config_defaults(vmcls):
+ """Set the defaults for current version of QEMU."""
+ config = CURRENT_CONFIG
+ args, argv = basevm.parse_args(vmcls)
+ qemu_path = basevm.get_qemu_path(vmcls.arch, args.build_path)
+ qemu_version = basevm.get_qemu_version(qemu_path)
+ if qemu_version < QEMU_AARCH64_MIN_VERSION:
+ error = "\nThis major version of QEMU {} is to old for aarch64 VMs.\n"\
+ "The major version must be at least {}.\n"\
+ "To continue with the current build of QEMU, "\
+ "please restart with QEMU_LOCAL=1 .\n"
+ print(error.format(qemu_version, QEMU_AARCH64_MIN_VERSION))
+ exit(1)
+ if qemu_version == QEMU_AARCH64_MIN_VERSION:
+ # We have an older version of QEMU,
+ # set the config values for backwards compatibility.
+ if kvm_available('aarch64'):
+ config.update(DEFAULT_CONFIG['kvm'])
+ else:
+ config.update(DEFAULT_CONFIG['tcg'])
+ return config
+
+def create_flash_images(flash_dir="./", efi_img=""):
+ """Creates the appropriate pflash files
+ for an aarch64 VM."""
+ flash0_path = get_flash_path(flash_dir, "flash0")
+ flash1_path = get_flash_path(flash_dir, "flash1")
+ fd_null = open(os.devnull, 'w')
+ subprocess.check_call(["dd", "if=/dev/zero", "of={}".format(flash0_path),
+ "bs=1M", "count=64"],
+ stdout=fd_null, stderr=subprocess.STDOUT)
+ # A reliable way to get the QEMU EFI image is via an installed package or
+ # via the bios included with qemu.
+ if not os.path.exists(efi_img):
+ sys.stderr.write("*** efi argument is invalid ({})\n".format(efi_img))
+ sys.stderr.write("*** please check --efi-aarch64 argument or "\
+ "install qemu-efi-aarch64 package\n")
+ exit(3)
+ subprocess.check_call(["dd", "if={}".format(efi_img),
+ "of={}".format(flash0_path),
+ "conv=notrunc"],
+ stdout=fd_null, stderr=subprocess.STDOUT)
+ subprocess.check_call(["dd", "if=/dev/zero",
+ "of={}".format(flash1_path),
+ "bs=1M", "count=64"],
+ stdout=fd_null, stderr=subprocess.STDOUT)
+ fd_null.close()
+
+def get_pflash_args(flash_dir="./"):
+ """Returns a string that can be used to
+ boot qemu using the appropriate pflash files
+ for aarch64."""
+ flash0_path = get_flash_path(flash_dir, "flash0")
+ flash1_path = get_flash_path(flash_dir, "flash1")
+ pflash_args_str = "-drive file={},format=raw,if=pflash "\
+ "-drive file={},format=raw,if=pflash"
+ pflash_args = pflash_args_str.format(flash0_path, flash1_path)
+ return pflash_args.split(" ")
+
+def get_flash_path(flash_dir, name):
+ return os.path.join(flash_dir, "{}.img".format(name))
diff --git a/tests/vm/basevm.py b/tests/vm/basevm.py
index fa56fbbb4b6..5fd66f6b26a 100644
--- a/tests/vm/basevm.py
+++ b/tests/vm/basevm.py
@@ -92,6 +92,7 @@ class BaseVM(object):
self._guest = None
self._genisoimage = args.genisoimage
self._build_path = args.build_path
+ self._efi_aarch64 = args.efi_aarch64
# Allow input config to override defaults.
self._config = DEFAULT_CONFIG.copy()
if config != None:
@@ -496,6 +497,14 @@ def get_qemu_path(arch, build_path=None):
qemu_path = "qemu-system-" + arch
return qemu_path
+def get_qemu_version(qemu_path):
+ """Get the version number from the current QEMU,
+ and return the major number."""
+ output = subprocess.check_output([qemu_path, '--version'])
+ version_line = output.decode("utf-8")
+ version_num = re.split(' |\(', version_line)[3].split('.')[0]
+ return int(version_num)
+
def parse_config(config, args):
""" Parse yaml config and populate our config structure.
The yaml config allows the user to override the
@@ -573,6 +582,9 @@ def parse_args(vmcls):
parser.add_option("--config", "-c", default=None,
help="Provide config yaml for configuration. "\
"See config_example.yaml for example.")
+ parser.add_option("--efi-aarch64",
+ default="/usr/share/qemu-efi-aarch64/QEMU_EFI.fd",
+ help="Path to efi image for aarch64 VMs.")
parser.disable_interspersed_args()
return parser.parse_args()
diff --git a/tests/vm/ubuntu.aarch64 b/tests/vm/ubuntu.aarch64
new file mode 100755
index 00000000000..21d454c27f1
--- /dev/null
+++ b/tests/vm/ubuntu.aarch64
@@ -0,0 +1,68 @@
+#!/usr/bin/env python3
+#
+# Ubuntu aarch64 image
+#
+# Copyright 2020 Linaro
+#
+# Authors:
+# Robert Foley <robert.foley@linaro.org>
+# Originally based on ubuntu.i386 Fam Zheng <famz@redhat.com>
+#
+# This code is licensed under the GPL version 2 or later. See
+# the COPYING file in the top-level directory.
+#
+
+import sys
+import basevm
+import aarch64vm
+import ubuntuvm
+
+DEFAULT_CONFIG = {
+ 'cpu' : "cortex-a57",
+ 'machine' : "virt,gic-version=3",
+ 'install_cmds' : "apt-get update,"\
+ "apt-get build-dep -y --arch-only qemu,"\
+ "apt-get install -y libfdt-dev pkg-config language-pack-en",
+ # We increase beyond the default time since during boot
+ # it can take some time (many seconds) to log into the VM
+ # especially using softmmu.
+ 'ssh_timeout' : 60,
+}
+
+class UbuntuAarch64VM(ubuntuvm.UbuntuVM):
+ name = "ubuntu.aarch64"
+ arch = "aarch64"
+ image_name = "ubuntu-18.04-server-cloudimg-arm64.img"
+ image_link = "https://cloud-images.ubuntu.com/releases/18.04/release/" + image_name
+ image_sha256="0fdcba761965735a8a903d8b88df8e47f156f48715c00508e4315c506d7d3cb1"
+ BUILD_SCRIPT = """
+ set -e;
+ cd $(mktemp -d);
+ sudo chmod a+r /dev/vdb;
+ tar --checkpoint=.10 -xf /dev/vdb;
+ ./configure {configure_opts};
+ make --output-sync {target} -j{jobs} {verbose};
+ """
+ def boot(self, img, extra_args=None):
+ aarch64vm.create_flash_images(self._tmpdir, self._efi_aarch64)
+ default_args = aarch64vm.get_pflash_args(self._tmpdir)
+ if extra_args:
+ extra_args.extend(default_args)
+ else:
+ extra_args = default_args
+ # We always add these performance tweaks
+ # because without them, we boot so slowly that we
+ # can time out finding the boot efi device.
+ if '-smp' not in extra_args and \
+ '-smp' not in self._config['extra_args'] and \
+ '-smp' not in self._args:
+ # Only add if not already there to give caller option to change it.
+ extra_args.extend(["-smp", "8"])
+
+ # We have overridden boot() since aarch64 has additional parameters.
+ # Call down to the base class method.
+ super(UbuntuAarch64VM, self).boot(img, extra_args=extra_args)
+
+if __name__ == "__main__":
+ defaults = aarch64vm.get_config_defaults(UbuntuAarch64VM, DEFAULT_CONFIG)
+ sys.exit(basevm.main(UbuntuAarch64VM, defaults))
--
2.20.1
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [PATCH v4 10/40] tests/vm: Added a new script for centos.aarch64.
2020-07-01 13:56 [PATCH v4 00/40] testing/next (vm, gitlab, fixes) Alex Bennée
` (8 preceding siblings ...)
2020-07-01 13:56 ` [PATCH v4 09/40] tests/vm: Added a new script for ubuntu.aarch64 Alex Bennée
@ 2020-07-01 13:56 ` Alex Bennée
2020-07-01 13:56 ` [PATCH v4 11/40] tests/vm: change scripts to use self._config Alex Bennée
` (29 subsequent siblings)
39 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, berrange, Robert Foley, Alex Bennée, richard.henderson,
f4bug, Philippe Mathieu-Daudé,
cota, Peter Puhov, aurelien
From: Robert Foley <robert.foley@linaro.org>
centos.aarch64 creates a CentOS 8 image.
Also added a new kickstart script used to build the centos.aarch64 image.
Signed-off-by: Robert Foley <robert.foley@linaro.org>
Reviewed-by: Peter Puhov <peter.puhov@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20200601211421.1277-7-robert.foley@linaro.org>
---
tests/vm/Makefile.include | 3 +-
tests/vm/centos-8-aarch64.ks | 51 ++++++++
tests/vm/centos.aarch64 | 227 +++++++++++++++++++++++++++++++++++
3 files changed, 280 insertions(+), 1 deletion(-)
create mode 100644 tests/vm/centos-8-aarch64.ks
create mode 100755 tests/vm/centos.aarch64
diff --git a/tests/vm/Makefile.include b/tests/vm/Makefile.include
index 4fa292765d5..39f918a430a 100644
--- a/tests/vm/Makefile.include
+++ b/tests/vm/Makefile.include
@@ -6,7 +6,7 @@ IMAGES := freebsd netbsd openbsd centos fedora
ifneq ($(GENISOIMAGE),)
IMAGES += ubuntu.i386 centos
ifneq ($(EFI_AARCH64),)
-IMAGES += ubuntu.aarch64
+IMAGES += ubuntu.aarch64 centos.aarch64
endif
endif
@@ -28,6 +28,7 @@ ifneq ($(GENISOIMAGE),)
@echo " vm-build-ubuntu.i386 - Build QEMU in ubuntu i386 VM"
ifneq ($(EFI_AARCH64),)
@echo " vm-build-ubuntu.aarch64 - Build QEMU in ubuntu aarch64 VM"
+ @echo " vm-build-centos.aarch64 - Build QEMU in CentOS aarch64 VM"
else
@echo " (to build centos/ubuntu aarch64 images use configure --efi-aarch64)"
endif
diff --git a/tests/vm/centos-8-aarch64.ks b/tests/vm/centos-8-aarch64.ks
new file mode 100644
index 00000000000..fd6ebe4d49e
--- /dev/null
+++ b/tests/vm/centos-8-aarch64.ks
@@ -0,0 +1,51 @@
+# CentOS aarch64 image kickstart file.
+# This file is used by the CentOS installer to
+# script the generation of the image.
+#
+# Copyright 2020 Linaro
+#
+ignoredisk --only-use=vda
+# System bootloader configuration
+bootloader --append=" crashkernel=auto" --location=mbr --boot-drive=vda
+autopart --type=plain
+# Partition clearing information
+clearpart --linux --initlabel --drives=vda
+# Use text mode install
+text
+repo --name="AppStream" --baseurl=file:///run/install/repo/AppStream
+# Use CDROM installation media
+cdrom
+# Keyboard layouts
+keyboard --vckeymap=us --xlayouts=''
+# System language
+lang en_US.UTF-8
+
+# Network information
+network --bootproto=dhcp --device=enp0s1 --onboot=off --ipv6=auto --no-activate
+network --hostname=localhost.localdomain
+# Run the Setup Agent on first boot
+firstboot --enable
+# Do not configure the X Window System
+skipx
+# System services
+services --enabled="chronyd"
+# System timezone
+timezone America/New_York --isUtc
+
+# Shutdown after installation is complete.
+shutdown
+
+%packages
+@^server-product-environment
+kexec-tools
+
+%end
+
+%addon com_redhat_kdump --enable --reserve-mb='auto'
+
+%end
+%anaconda
+pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty
+pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok
+pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty
+%end
diff --git a/tests/vm/centos.aarch64 b/tests/vm/centos.aarch64
new file mode 100755
index 00000000000..d5232ecdb8c
--- /dev/null
+++ b/tests/vm/centos.aarch64
@@ -0,0 +1,227 @@
+#!/usr/bin/env python3
+#
+# Centos aarch64 image
+#
+# Copyright 2020 Linaro
+#
+# Authors:
+# Robert Foley <robert.foley@linaro.org>
+# Originally based on ubuntu.aarch64
+#
+# This code is licensed under the GPL version 2 or later. See
+# the COPYING file in the top-level directory.
+#
+
+import os
+import sys
+import subprocess
+import basevm
+import time
+import traceback
+import aarch64vm
+
+DEFAULT_CONFIG = {
+ 'cpu' : "max",
+ 'machine' : "virt,gic-version=max",
+ 'install_cmds' : "yum install -y make git python3 gcc gcc-c++ flex bison, "\
+ "yum install -y glib2-devel pixman-devel zlib-devel, "\
+ "yum install -y perl-Test-Harness, "\
+ "alternatives --set python /usr/bin/python3, "\
+ "sudo dnf config-manager "\
+ "--add-repo=https://download.docker.com/linux/centos/docker-ce.repo,"\
+ "sudo dnf install --nobest -y docker-ce.aarch64,"\
+ "systemctl enable docker",
+ # We increase beyond the default time since during boot
+ # it can take some time (many seconds) to log into the VM.
+ 'ssh_timeout' : 60,
+}
+
+class CentosAarch64VM(basevm.BaseVM):
+ name = "centos.aarch64"
+ arch = "aarch64"
+ login_prompt = "localhost login:"
+ prompt = '[root@localhost ~]#'
+ image_name = "CentOS-8-aarch64-1905-dvd1.iso"
+ image_link = "http://mirrors.usc.edu/pub/linux/distributions/centos/8.0.1905/isos/aarch64/"
+ image_link += image_name
+ BUILD_SCRIPT = """
+ set -e;
+ cd $(mktemp -d);
+ sudo chmod a+r /dev/vdb;
+ tar --checkpoint=.10 -xf /dev/vdb;
+ ./configure {configure_opts};
+ make --output-sync {target} -j{jobs} {verbose};
+ """
+ def set_key_perm(self):
+ """Set permissions properly on certain files to allow
+ ssh access."""
+ self.console_wait_send(self.prompt,
+ "/usr/sbin/restorecon -R -v /root/.ssh\n")
+ self.console_wait_send(self.prompt,
+ "/usr/sbin/restorecon -R -v "\
+ "/home/{}/.ssh\n".format(self._config["guest_user"]))
+
+ def create_kickstart(self):
+ """Generate the kickstart file used to generate the centos image."""
+ # Start with the template for the kickstart.
+ ks_file = "../tests/vm/centos-8-aarch64.ks"
+ subprocess.check_call("cp {} ./ks.cfg".format(ks_file), shell=True)
+ # Append the ssh keys to the kickstart file
+ # as the post processing phase of installation.
+ with open("ks.cfg", "a") as f:
+ # Add in the root pw and guest user.
+ rootpw = "rootpw --plaintext {}\n"
+ f.write(rootpw.format(self._config["root_pass"]))
+ add_user = "user --groups=wheel --name={} "\
+ "--password={} --plaintext\n"
+ f.write(add_user.format(self._config["guest_user"],
+ self._config["guest_pass"]))
+ # Add the ssh keys.
+ f.write("%post --log=/root/ks-post.log\n")
+ f.write("mkdir -p /root/.ssh\n")
+ addkey = 'echo "{}" >> /root/.ssh/authorized_keys\n'
+ addkey_cmd = addkey.format(self._config["ssh_pub_key"])
+ f.write(addkey_cmd)
+ f.write('mkdir -p /home/{}/.ssh\n'.format(self._config["guest_user"]))
+ addkey = 'echo "{}" >> /home/{}/.ssh/authorized_keys\n'
+ addkey_cmd = addkey.format(self._config["ssh_pub_key"],
+ self._config["guest_user"])
+ f.write(addkey_cmd)
+ f.write("%end\n")
+ # Take our kickstart file and create an .iso from it.
+ # The .iso will be provided to qemu as we boot
+ # from the install dvd.
+ # Anaconda will recognize the label "OEMDRV" and will
+ # start the automated installation.
+ gen_iso_img = 'genisoimage -output ks.iso -volid "OEMDRV" ks.cfg'
+ subprocess.check_call(gen_iso_img, shell=True)
+
+ def wait_for_shutdown(self):
+ """We wait for qemu to shutdown the VM and exit.
+ While this happens we display the console view
+ for easier debugging."""
+ # The image creation is essentially done,
+ # so whether or not the wait is successful we want to
+ # wait for qemu to exit (the self.wait()) before we return.
+ try:
+ self.console_wait("reboot: Power down")
+ except Exception as e:
+ sys.stderr.write("Exception hit\n")
+ if isinstance(e, SystemExit) and e.code == 0:
+ return 0
+ traceback.print_exc()
+ finally:
+ self.wait()
+
+ def build_base_image(self, dest_img):
+ """Run through the centos installer to create
+ a base image with name dest_img."""
+ # We create the temp image, and only rename
+ # to destination when we are done.
+ img = dest_img + ".tmp"
+ # Create an empty image.
+ # We will provide this as the install destination.
+ qemu_img_create = "qemu-img create {} 50G".format(img)
+ subprocess.check_call(qemu_img_create, shell=True)
+
+ # Create our kickstart file to be fed to the installer.
+ self.create_kickstart()
+ # Boot the install dvd with the params as our ks.iso
+ os_img = self._download_with_cache(self.image_link)
+ dvd_iso = "centos-8-dvd.iso"
+ subprocess.check_call(["cp", "-f", os_img, dvd_iso])
+ extra_args = "-cdrom ks.iso"
+ extra_args += " -drive file={},if=none,id=drive1,cache=writeback"
+ extra_args += " -device virtio-blk,drive=drive1,bootindex=1"
+ extra_args = extra_args.format(dvd_iso).split(" ")
+ self.boot(img, extra_args=extra_args)
+ self.console_wait_send("change the selection", "\n")
+ # We seem to need to hit esc (chr(27)) twice to abort the
+ # media check, which takes a long time.
+ # Waiting a bit seems to be more reliable before hitting esc.
+ self.console_wait("Checking")
+ time.sleep(5)
+ self.console_wait_send("Checking", chr(27))
+ time.sleep(5)
+ self.console_wait_send("Checking", chr(27))
+ print("Found Checking")
+ # Give sufficient time for the installer to create the image.
+ self.console_init(timeout=7200)
+ self.wait_for_shutdown()
+ os.rename(img, dest_img)
+ print("Done with base image build: {}".format(dest_img))
+
+ def check_create_base_img(self, img_base, img_dest):
+ """Create a base image using the installer.
+ We will use the base image if it exists.
+ This helps cut down on install time in case we
+ need to restart image creation,
+ since the base image creation can take a long time."""
+ if not os.path.exists(img_base):
+ print("Generate new base image: {}".format(img_base))
+ self.build_base_image(img_base);
+ else:
+ print("Use existing base image: {}".format(img_base))
+ # Save a copy of the base image and copy it to dest.
+ # which we will use going forward.
+ subprocess.check_call(["cp", img_base, img_dest])
+
+ def boot(self, img, extra_args=None):
+ aarch64vm.create_flash_images(self._tmpdir, self._efi_aarch64)
+ default_args = aarch64vm.get_pflash_args(self._tmpdir)
+ if extra_args:
+ extra_args.extend(default_args)
+ else:
+ extra_args = default_args
+ # We always add these performance tweaks
+ # because without them, we boot so slowly that we
+ # can time out finding the boot efi device.
+ if '-smp' not in extra_args and \
+ '-smp' not in self._config['extra_args'] and \
+ '-smp' not in self._args:
+ # Only add if not already there to give caller option to change it.
+ extra_args.extend(["-smp", "8"])
+ # We have overridden boot() since aarch64 has additional parameters.
+ # Call down to the base class method.
+ super(CentosAarch64VM, self).boot(img, extra_args=extra_args)
+
+ def build_image(self, img):
+ img_tmp = img + ".tmp"
+ self.check_create_base_img(img + ".base", img_tmp)
+
+ # Boot the new image for the first time to finish installation.
+ self.boot(img_tmp)
+ self.console_init()
+ self.console_wait_send(self.login_prompt, "root\n")
+ self.console_wait_send("Password:",
+ "{}\n".format(self._config["root_pass"]))
+
+ self.set_key_perm()
+ self.console_wait_send(self.prompt, "rpm -q centos-release\n")
+ enable_adapter = "sed -i 's/ONBOOT=no/ONBOOT=yes/g'" \
+ " /etc/sysconfig/network-scripts/ifcfg-enp0s1\n"
+ self.console_wait_send(self.prompt, enable_adapter)
+ self.console_wait_send(self.prompt, "ifup enp0s1\n")
+ self.console_wait_send(self.prompt,
+ 'echo "qemu ALL=(ALL) NOPASSWD:ALL" | '\
+ 'sudo tee /etc/sudoers.d/qemu\n')
+ self.console_wait(self.prompt)
+
+ # Rest of the commands we issue through ssh.
+ self.wait_ssh(wait_root=True)
+
+ # If the user chooses *not* to do the second phase,
+ # then we will jump right to the graceful shutdown
+ if self._config['install_cmds'] != "":
+ install_cmds = self._config['install_cmds'].split(',')
+ for cmd in install_cmds:
+ self.ssh_root(cmd)
+ self.ssh_root("poweroff")
+ self.wait_for_shutdown()
+ os.rename(img_tmp, img)
+ print("image creation complete: {}".format(img))
+ return 0
+
+if __name__ == "__main__":
+ defaults = aarch64vm.get_config_defaults(CentosAarch64VM, DEFAULT_CONFIG)
+ sys.exit(basevm.main(CentosAarch64VM, defaults))
--
2.20.1
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [PATCH v4 11/40] tests/vm: change scripts to use self._config
2020-07-01 13:56 [PATCH v4 00/40] testing/next (vm, gitlab, fixes) Alex Bennée
` (9 preceding siblings ...)
2020-07-01 13:56 ` [PATCH v4 10/40] tests/vm: Added a new script for centos.aarch64 Alex Bennée
@ 2020-07-01 13:56 ` Alex Bennée
2020-07-10 18:16 ` Alex Bennée
2020-07-01 13:56 ` [PATCH v4 12/40] python/qemu: Add ConsoleSocket for optional use in QEMUMachine Alex Bennée
` (28 subsequent siblings)
39 siblings, 1 reply; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, berrange, Robert Foley, Alex Bennée, richard.henderson,
f4bug, Philippe Mathieu-Daudé,
cota, Peter Puhov, aurelien
From: Robert Foley <robert.foley@linaro.org>
This change converts existing scripts to using for example self.ROOT_PASS,
to self._config['root_pass'].
We made similar changes for GUEST_USER, and GUEST_PASS.
This allows us also to remove the change in basevm.py,
which adds __getattr__ for backwards compatibility.
Signed-off-by: Robert Foley <robert.foley@linaro.org>
Reviewed-by: Peter Puhov <peter.puhov@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200601211421.1277-8-robert.foley@linaro.org>
---
tests/vm/basevm.py | 11 ++---------
tests/vm/fedora | 17 +++++++++--------
tests/vm/freebsd | 16 ++++++++--------
tests/vm/netbsd | 19 ++++++++++---------
tests/vm/openbsd | 17 +++++++++--------
5 files changed, 38 insertions(+), 42 deletions(-)
diff --git a/tests/vm/basevm.py b/tests/vm/basevm.py
index 5fd66f6b26a..f716798b405 100644
--- a/tests/vm/basevm.py
+++ b/tests/vm/basevm.py
@@ -183,13 +183,6 @@ class BaseVM(object):
self.console_init(timeout=timeout)
self.console_wait(wait_string)
- def __getattr__(self, name):
- # Support direct access to config by key.
- # for example, access self._config['cpu'] by self.cpu
- if name.lower() in self._config.keys():
- return self._config[name.lower()]
- return object.__getattribute__(self, name)
-
def _download_with_cache(self, url, sha256sum=None, sha512sum=None):
def check_sha256sum(fname):
if not sha256sum:
@@ -239,13 +232,13 @@ class BaseVM(object):
return r
def ssh(self, *cmd):
- return self._ssh_do(self.GUEST_USER, cmd, False)
+ return self._ssh_do(self._config["guest_user"], cmd, False)
def ssh_root(self, *cmd):
return self._ssh_do("root", cmd, False)
def ssh_check(self, *cmd):
- self._ssh_do(self.GUEST_USER, cmd, True)
+ self._ssh_do(self._config["guest_user"], cmd, True)
def ssh_root_check(self, *cmd):
self._ssh_do("root", cmd, True)
diff --git a/tests/vm/fedora b/tests/vm/fedora
index a9195670f4b..b2b478fdbca 100755
--- a/tests/vm/fedora
+++ b/tests/vm/fedora
@@ -108,20 +108,20 @@ class FedoraVM(basevm.BaseVM):
self.console_wait_send("7) [!] Root password", "7\n")
self.console_wait("Password:")
- self.console_send("%s\n" % self.ROOT_PASS)
+ self.console_send("%s\n" % self._config["root_pass"])
self.console_wait("Password (confirm):")
- self.console_send("%s\n" % self.ROOT_PASS)
+ self.console_send("%s\n" % self._config["root_pass"])
self.console_wait_send("8) [ ] User creation", "8\n")
self.console_wait_send("1) [ ] Create user", "1\n")
self.console_wait_send("3) User name", "3\n")
- self.console_wait_send("ENTER:", "%s\n" % self.GUEST_USER)
+ self.console_wait_send("ENTER:", "%s\n" % self._config["guest_user"])
self.console_wait_send("4) [ ] Use password", "4\n")
self.console_wait_send("5) Password", "5\n")
self.console_wait("Password:")
- self.console_send("%s\n" % self.GUEST_PASS)
+ self.console_send("%s\n" % self._config["guest_pass"])
self.console_wait("Password (confirm):")
- self.console_send("%s\n" % self.GUEST_PASS)
+ self.console_send("%s\n" % self._config["guest_pass"])
self.console_wait_send("7) Groups", "c\n")
while True:
@@ -139,7 +139,7 @@ class FedoraVM(basevm.BaseVM):
if good:
break
time.sleep(10)
- self.console_send("r\n" % self.GUEST_PASS)
+ self.console_send("r\n" % self._config["guest_pass"])
self.console_wait_send("'b' to begin install", "b\n")
@@ -150,12 +150,13 @@ class FedoraVM(basevm.BaseVM):
# setup qemu user
prompt = " ~]$"
- self.console_ssh_init(prompt, self.GUEST_USER, self.GUEST_PASS)
+ self.console_ssh_init(prompt, self._config["guest_user"],
+ self._config["guest_pass"])
self.console_wait_send(prompt, "exit\n")
# setup root user
prompt = " ~]#"
- self.console_ssh_init(prompt, "root", self.ROOT_PASS)
+ self.console_ssh_init(prompt, "root", self._config["root_pass"])
self.console_sshd_config(prompt)
# setup virtio-blk #1 (tarfile)
diff --git a/tests/vm/freebsd b/tests/vm/freebsd
index f87db2b126e..29252fa4a64 100755
--- a/tests/vm/freebsd
+++ b/tests/vm/freebsd
@@ -113,9 +113,9 @@ class FreeBSDVM(basevm.BaseVM):
# post-install configuration
self.console_wait("New Password:")
- self.console_send("%s\n" % self.ROOT_PASS)
+ self.console_send("%s\n" % self._config["root_pass"])
self.console_wait("Retype New Password:")
- self.console_send("%s\n" % self.ROOT_PASS)
+ self.console_send("%s\n" % self._config["root_pass"])
self.console_wait_send("Network Configuration", "\n")
self.console_wait_send("IPv4", "y")
@@ -134,9 +134,9 @@ class FreeBSDVM(basevm.BaseVM):
# qemu user
self.console_wait_send("Add User Accounts", "y")
self.console_wait("Username")
- self.console_send("%s\n" % self.GUEST_USER)
+ self.console_send("%s\n" % self._config["guest_user"])
self.console_wait("Full name")
- self.console_send("%s\n" % self.GUEST_USER)
+ self.console_send("%s\n" % self._config["guest_user"])
self.console_wait_send("Uid", "\n")
self.console_wait_send("Login group", "\n")
self.console_wait_send("Login group", "\n")
@@ -148,9 +148,9 @@ class FreeBSDVM(basevm.BaseVM):
self.console_wait_send("Use an empty password", "\n")
self.console_wait_send("Use a random password", "\n")
self.console_wait("Enter password:")
- self.console_send("%s\n" % self.GUEST_PASS)
+ self.console_send("%s\n" % self._config["guest_pass"])
self.console_wait("Enter password again:")
- self.console_send("%s\n" % self.GUEST_PASS)
+ self.console_send("%s\n" % self._config["guest_pass"])
self.console_wait_send("Lock out", "\n")
self.console_wait_send("OK", "yes\n")
self.console_wait_send("Add another user", "no\n")
@@ -164,12 +164,12 @@ class FreeBSDVM(basevm.BaseVM):
# setup qemu user
prompt = "$"
- self.console_ssh_init(prompt, self.GUEST_USER, self.GUEST_PASS)
+ self.console_ssh_init(prompt, self._config["guest_user"], self._config["guest_pass"])
self.console_wait_send(prompt, "exit\n")
# setup root user
prompt = "root@freebsd:~ #"
- self.console_ssh_init(prompt, "root", self.ROOT_PASS)
+ self.console_ssh_init(prompt, "root", self._config["root_pass"])
self.console_sshd_config(prompt)
# setup serial console
diff --git a/tests/vm/netbsd b/tests/vm/netbsd
index cdac502dad8..dc0e45c1d45 100755
--- a/tests/vm/netbsd
+++ b/tests/vm/netbsd
@@ -120,24 +120,24 @@ class NetBSDVM(basevm.BaseVM):
self.console_wait_send("d: Change root password", "d\n")
self.console_wait_send("a: Yes", "a\n")
self.console_wait("New password:")
- self.console_send("%s\n" % self.ROOT_PASS)
+ self.console_send("%s\n" % self._config["root_pass"])
self.console_wait("New password:")
- self.console_send("%s\n" % self.ROOT_PASS)
+ self.console_send("%s\n" % self._config["root_pass"])
self.console_wait("Retype new password:")
- self.console_send("%s\n" % self.ROOT_PASS)
+ self.console_send("%s\n" % self._config["root_pass"])
self.console_wait_send("o: Add a user", "o\n")
self.console_wait("username")
- self.console_send("%s\n" % self.GUEST_USER)
+ self.console_send("%s\n" % self._config["guest_pass"])
self.console_wait("to group wheel")
self.console_wait_send("a: Yes", "a\n")
self.console_wait_send("a: /bin/sh", "a\n")
self.console_wait("New password:")
- self.console_send("%s\n" % self.GUEST_PASS)
+ self.console_send("%s\n" % self._config["guest_pass"])
self.console_wait("New password:")
- self.console_send("%s\n" % self.GUEST_PASS)
+ self.console_send("%s\n" % self._config["guest_pass"])
self.console_wait("Retype new password:")
- self.console_send("%s\n" % self.GUEST_PASS)
+ self.console_send("%s\n" % self._config["guest_pass"])
self.console_wait_send("a: Configure network", "a\n")
self.console_wait_send("a: vioif0", "a\n")
@@ -170,12 +170,13 @@ class NetBSDVM(basevm.BaseVM):
# setup qemu user
prompt = "localhost$"
- self.console_ssh_init(prompt, self.GUEST_USER, self.GUEST_PASS)
+ self.console_ssh_init(prompt, self._config["guest_user"],
+ self._config["guest_pass"])
self.console_wait_send(prompt, "exit\n")
# setup root user
prompt = "localhost#"
- self.console_ssh_init(prompt, "root", self.ROOT_PASS)
+ self.console_ssh_init(prompt, "root", self._config["root_pass"])
self.console_sshd_config(prompt)
# setup virtio-blk #1 (tarfile)
diff --git a/tests/vm/openbsd b/tests/vm/openbsd
index 13e7f9a6d56..dfe633e4532 100755
--- a/tests/vm/openbsd
+++ b/tests/vm/openbsd
@@ -98,9 +98,9 @@ class OpenBSDVM(basevm.BaseVM):
self.console_wait_send("Which network interface", "done\n")
self.console_wait_send("DNS domain name", "localnet\n")
self.console_wait("Password for root account")
- self.console_send("%s\n" % self.ROOT_PASS)
+ self.console_send("%s\n" % self._config["root_pass"])
self.console_wait("Password for root account")
- self.console_send("%s\n" % self.ROOT_PASS)
+ self.console_send("%s\n" % self._config["root_pass"])
self.console_wait_send("Start sshd(8)", "yes\n")
self.console_wait_send("X Window System", "\n")
self.console_wait_send("xenodm", "\n")
@@ -108,13 +108,13 @@ class OpenBSDVM(basevm.BaseVM):
self.console_wait_send("Which speed", "\n")
self.console_wait("Setup a user")
- self.console_send("%s\n" % self.GUEST_USER)
+ self.console_send("%s\n" % self._config["guest_user"])
self.console_wait("Full name")
- self.console_send("%s\n" % self.GUEST_USER)
+ self.console_send("%s\n" % self._config["guest_user"])
self.console_wait("Password")
- self.console_send("%s\n" % self.GUEST_PASS)
+ self.console_send("%s\n" % self._config["guest_pass"])
self.console_wait("Password")
- self.console_send("%s\n" % self.GUEST_PASS)
+ self.console_send("%s\n" % self._config["guest_pass"])
self.console_wait_send("Allow root ssh login", "yes\n")
self.console_wait_send("timezone", "UTC\n")
@@ -135,12 +135,13 @@ class OpenBSDVM(basevm.BaseVM):
# setup qemu user
prompt = "$"
- self.console_ssh_init(prompt, self.GUEST_USER, self.GUEST_PASS)
+ self.console_ssh_init(prompt, self._config["guest_user"],
+ self._config["guest_pass"])
self.console_wait_send(prompt, "exit\n")
# setup root user
prompt = "openbsd#"
- self.console_ssh_init(prompt, "root", self.ROOT_PASS)
+ self.console_ssh_init(prompt, "root", self._config["root_pass"])
self.console_sshd_config(prompt)
# setup virtio-blk #1 (tarfile)
--
2.20.1
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [PATCH v4 12/40] python/qemu: Add ConsoleSocket for optional use in QEMUMachine
2020-07-01 13:56 [PATCH v4 00/40] testing/next (vm, gitlab, fixes) Alex Bennée
` (10 preceding siblings ...)
2020-07-01 13:56 ` [PATCH v4 11/40] tests/vm: change scripts to use self._config Alex Bennée
@ 2020-07-01 13:56 ` Alex Bennée
2020-07-01 13:56 ` [PATCH v4 13/40] tests/vm: Add workaround to consume console Alex Bennée
` (27 subsequent siblings)
39 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, berrange, Robert Foley, Alex Bennée, richard.henderson,
f4bug, Philippe Mathieu-Daudé,
cota, Cleber Rosa, Peter Puhov, aurelien, Eduardo Habkost
From: Robert Foley <robert.foley@linaro.org>
We add the ConsoleSocket object, which has a socket interface
and which will consume all arriving characters on the
socket, placing them into an in memory buffer.
This will also provide those chars via recv() as
would a regular socket.
ConsoleSocket also has the option of dumping
the console bytes to a log file.
We also give QEMUMachine the option of using ConsoleSocket
to drain and to use for logging console to a file.
By default QEMUMachine does not use ConsoleSocket.
This is added in preparation for use by basevm.py in a later commit.
This is a workaround we found was needed for basevm.py since
there is a known issue where QEMU will hang waiting
for console characters to be consumed.
Cc: Eduardo Habkost <ehabkost@redhat.com>
Cc: Cleber Rosa <crosa@redhat.com>
Signed-off-by: Robert Foley <robert.foley@linaro.org>
Reviewed-by: Peter Puhov <peter.puhov@linaro.org>
Acked-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20200601211421.1277-9-robert.foley@linaro.org>
---
python/qemu/console_socket.py | 110 ++++++++++++++++++++++++++++++++++
python/qemu/machine.py | 23 +++++--
2 files changed, 129 insertions(+), 4 deletions(-)
create mode 100644 python/qemu/console_socket.py
diff --git a/python/qemu/console_socket.py b/python/qemu/console_socket.py
new file mode 100644
index 00000000000..830cb7c6282
--- /dev/null
+++ b/python/qemu/console_socket.py
@@ -0,0 +1,110 @@
+#!/usr/bin/env python3
+#
+# This python module implements a ConsoleSocket object which is
+# designed always drain the socket itself, and place
+# the bytes into a in memory buffer for later processing.
+#
+# Optionally a file path can be passed in and we will also
+# dump the characters to this file for debug.
+#
+# Copyright 2020 Linaro
+#
+# Authors:
+# Robert Foley <robert.foley@linaro.org>
+#
+# This code is licensed under the GPL version 2 or later. See
+# the COPYING file in the top-level directory.
+#
+import asyncore
+import socket
+import threading
+import io
+import os
+import sys
+from collections import deque
+import time
+import traceback
+
+class ConsoleSocket(asyncore.dispatcher):
+
+ def __init__(self, address, file=None):
+ self._recv_timeout_sec = 300
+ self._buffer = deque()
+ self._asyncore_thread = None
+ self._sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
+ self._sock.connect(address)
+ self._logfile = None
+ if file:
+ self._logfile = open(file, "w")
+ asyncore.dispatcher.__init__(self, sock=self._sock)
+ self._open = True
+ self._thread_start()
+
+ def _thread_start(self):
+ """Kick off a thread to wait on the asyncore.loop"""
+ if self._asyncore_thread is not None:
+ return
+ self._asyncore_thread = threading.Thread(target=asyncore.loop,
+ kwargs={'timeout':1})
+ self._asyncore_thread.daemon = True
+ self._asyncore_thread.start()
+
+ def handle_close(self):
+ """redirect close to base class"""
+ # Call the base class close, but not self.close() since
+ # handle_close() occurs in the context of the thread which
+ # self.close() attempts to join.
+ asyncore.dispatcher.close(self)
+
+ def close(self):
+ """Close the base object and wait for the thread to terminate"""
+ if self._open:
+ self._open = False
+ asyncore.dispatcher.close(self)
+ if self._asyncore_thread is not None:
+ thread, self._asyncore_thread = self._asyncore_thread, None
+ thread.join()
+ if self._logfile:
+ self._logfile.close()
+ self._logfile = None
+
+ def handle_read(self):
+ """process arriving characters into in memory _buffer"""
+ try:
+ data = asyncore.dispatcher.recv(self, 1)
+ # latin1 is needed since there are some chars
+ # we are receiving that cannot be encoded to utf-8
+ # such as 0xe2, 0x80, 0xA6.
+ string = data.decode("latin1")
+ except:
+ print("Exception seen.")
+ traceback.print_exc()
+ return
+ if self._logfile:
+ self._logfile.write("{}".format(string))
+ self._logfile.flush()
+ for c in string:
+ self._buffer.extend(c)
+
+ def recv(self, n=1, sleep_delay_s=0.1):
+ """Return chars from in memory buffer"""
+ start_time = time.time()
+ while len(self._buffer) < n:
+ time.sleep(sleep_delay_s)
+ elapsed_sec = time.time() - start_time
+ if elapsed_sec > self._recv_timeout_sec:
+ raise socket.timeout
+ chars = ''.join([self._buffer.popleft() for i in range(n)])
+ # We choose to use latin1 to remain consistent with
+ # handle_read() and give back the same data as the user would
+ # receive if they were reading directly from the
+ # socket w/o our intervention.
+ return chars.encode("latin1")
+
+ def set_blocking(self):
+ """Maintain compatibility with socket API"""
+ pass
+
+ def settimeout(self, seconds):
+ """Set current timeout on recv"""
+ self._recv_timeout_sec = seconds
diff --git a/python/qemu/machine.py b/python/qemu/machine.py
index 041c615052e..c25f0b42cf6 100644
--- a/python/qemu/machine.py
+++ b/python/qemu/machine.py
@@ -26,6 +26,7 @@ import socket
import tempfile
from typing import Optional, Type
from types import TracebackType
+from qemu.console_socket import ConsoleSocket
from . import qmp
@@ -75,7 +76,8 @@ class QEMUMachine:
def __init__(self, binary, args=None, wrapper=None, name=None,
test_dir="/var/tmp", monitor_address=None,
- socket_scm_helper=None, sock_dir=None):
+ socket_scm_helper=None, sock_dir=None,
+ drain_console=False, console_log=None):
'''
Initialize a QEMUMachine
@@ -86,6 +88,9 @@ class QEMUMachine:
@param test_dir: where to create socket and log file
@param monitor_address: address for QMP monitor
@param socket_scm_helper: helper program, required for send_fd_scm()
+ @param sock_dir: where to create socket (overrides test_dir for sock)
+ @param console_log: (optional) path to console log file
+ @param drain_console: (optional) True to drain console socket to buffer
@note: Qemu process is not started until launch() is used.
'''
if args is None:
@@ -122,6 +127,12 @@ class QEMUMachine:
self._console_address = None
self._console_socket = None
self._remove_files = []
+ self._console_log_path = console_log
+ if self._console_log_path:
+ # In order to log the console, buffering needs to be enabled.
+ self._drain_console = True
+ else:
+ self._drain_console = drain_console
def __enter__(self):
return self
@@ -580,7 +591,11 @@ class QEMUMachine:
Returns a socket connected to the console
"""
if self._console_socket is None:
- self._console_socket = socket.socket(socket.AF_UNIX,
- socket.SOCK_STREAM)
- self._console_socket.connect(self._console_address)
+ if self._drain_console:
+ self._console_socket = ConsoleSocket(self._console_address,
+ file=self._console_log_path)
+ else:
+ self._console_socket = socket.socket(socket.AF_UNIX,
+ socket.SOCK_STREAM)
+ self._console_socket.connect(self._console_address)
return self._console_socket
--
2.20.1
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [PATCH v4 13/40] tests/vm: Add workaround to consume console
2020-07-01 13:56 [PATCH v4 00/40] testing/next (vm, gitlab, fixes) Alex Bennée
` (11 preceding siblings ...)
2020-07-01 13:56 ` [PATCH v4 12/40] python/qemu: Add ConsoleSocket for optional use in QEMUMachine Alex Bennée
@ 2020-07-01 13:56 ` Alex Bennée
2020-07-01 13:56 ` [PATCH v4 14/40] tests/vm: switch from optsparse to argparse Alex Bennée
` (26 subsequent siblings)
39 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, berrange, Robert Foley, Alex Bennée, richard.henderson,
f4bug, Philippe Mathieu-Daudé,
cota, Peter Puhov, aurelien
From: Robert Foley <robert.foley@linaro.org>
This adds support to basevm.py so that we always
drain the console chars. This makes use of
support added in an earlier commit that allows
QEMUMachine to use the ConsoleSocket.
This is a workaround we found was needed since
there is a known issue where QEMU will hang waiting
for console characters to be consumed.
We also added the option of logging the console to a file.
LOG_CONSOLE=1 will now log the output to a file.
Signed-off-by: Robert Foley <robert.foley@linaro.org>
Reviewed-by: Peter Puhov <peter.puhov@linaro.org>
Acked-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20200601211421.1277-10-robert.foley@linaro.org>
---
tests/vm/Makefile.include | 4 ++++
tests/vm/basevm.py | 21 +++++++++++++++++++--
2 files changed, 23 insertions(+), 2 deletions(-)
diff --git a/tests/vm/Makefile.include b/tests/vm/Makefile.include
index 39f918a430a..f21948c46a5 100644
--- a/tests/vm/Makefile.include
+++ b/tests/vm/Makefile.include
@@ -49,6 +49,7 @@ endif
@echo ' EXTRA_CONFIGURE_OPTS="..."'
@echo " J=[0..9]* - Override the -jN parameter for make commands"
@echo " DEBUG=1 - Enable verbose output on host and interactive debugging"
+ @echo " LOG_CONSOLE=1 - Log console to file in: ~/.cache/qemu-vm "
@echo " V=1 - Enable verbose ouput on host and guest commands"
@echo " QEMU_LOCAL=1 - Use QEMU binary local to this build."
@echo " QEMU=/path/to/qemu - Change path to QEMU binary"
@@ -75,6 +76,7 @@ $(IMAGES_DIR)/%.img: $(SRC_PATH)/tests/vm/% \
$(if $(GENISOIMAGE),--genisoimage $(GENISOIMAGE)) \
$(if $(QEMU_LOCAL),--build-path $(BUILD_DIR)) \
$(if $(EFI_AARCH64),--efi-aarch64 $(EFI_AARCH64)) \
+ $(if $(LOG_CONSOLE),--log-console) \
--image "$@" \
--force \
--build-image $@, \
@@ -91,6 +93,7 @@ vm-build-%: $(IMAGES_DIR)/%.img
$(if $(V),--verbose) \
$(if $(QEMU_LOCAL),--build-path $(BUILD_DIR)) \
$(if $(EFI_AARCH64),--efi-aarch64 $(EFI_AARCH64)) \
+ $(if $(LOG_CONSOLE),--log-console) \
--image "$<" \
$(if $(BUILD_TARGET),--build-target $(BUILD_TARGET)) \
--snapshot \
@@ -114,6 +117,7 @@ vm-boot-ssh-%: $(IMAGES_DIR)/%.img
$(if $(V)$(DEBUG), --debug) \
$(if $(QEMU_LOCAL),--build-path $(BUILD_DIR)) \
$(if $(EFI_AARCH64),--efi-aarch64 $(EFI_AARCH64)) \
+ $(if $(LOG_CONSOLE),--log-console) \
--image "$<" \
--interactive \
false, \
diff --git a/tests/vm/basevm.py b/tests/vm/basevm.py
index f716798b405..04d083409a5 100644
--- a/tests/vm/basevm.py
+++ b/tests/vm/basevm.py
@@ -117,6 +117,11 @@ class BaseVM(object):
"w").write(self._config['ssh_pub_key'])
self.debug = args.debug
+ self._console_log_path = None
+ if args.log_console:
+ self._console_log_path = \
+ os.path.join(os.path.expanduser("~/.cache/qemu-vm"),
+ "{}.install.log".format(self.name))
self._stderr = sys.stderr
self._devnull = open(os.devnull, "w")
if self.debug:
@@ -271,7 +276,13 @@ class BaseVM(object):
args += self._data_args + extra_args + self._config['extra_args']
logging.debug("QEMU args: %s", " ".join(args))
qemu_path = get_qemu_path(self.arch, self._build_path)
- guest = QEMUMachine(binary=qemu_path, args=args)
+
+ # Since console_log_path is only set when the user provides the
+ # log_console option, we will set drain_console=True so the
+ # console is always drained.
+ guest = QEMUMachine(binary=qemu_path, args=args,
+ console_log=self._console_log_path,
+ drain_console=True)
guest.set_machine(self._config['machine'])
guest.set_console()
try:
@@ -285,6 +296,8 @@ class BaseVM(object):
raise
atexit.register(self.shutdown)
self._guest = guest
+ # Init console so we can start consuming the chars.
+ self.console_init()
usernet_info = guest.qmp("human-monitor-command",
command_line="info usernet")
self.ssh_port = None
@@ -296,7 +309,9 @@ class BaseVM(object):
raise Exception("Cannot find ssh port from 'info usernet':\n%s" % \
usernet_info)
- def console_init(self, timeout = 120):
+ def console_init(self, timeout = None):
+ if timeout == None:
+ timeout = self.socket_timeout
vm = self._guest
vm.console_socket.settimeout(timeout)
self.console_raw_path = os.path.join(vm._temp_dir,
@@ -578,6 +593,8 @@ def parse_args(vmcls):
parser.add_option("--efi-aarch64",
default="/usr/share/qemu-efi-aarch64/QEMU_EFI.fd",
help="Path to efi image for aarch64 VMs.")
+ parser.add_option("--log-console", action="store_true",
+ help="Log console to file.")
parser.disable_interspersed_args()
return parser.parse_args()
--
2.20.1
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [PATCH v4 14/40] tests/vm: switch from optsparse to argparse
2020-07-01 13:56 [PATCH v4 00/40] testing/next (vm, gitlab, fixes) Alex Bennée
` (12 preceding siblings ...)
2020-07-01 13:56 ` [PATCH v4 13/40] tests/vm: Add workaround to consume console Alex Bennée
@ 2020-07-01 13:56 ` Alex Bennée
2020-07-01 13:56 ` [PATCH v4 15/40] tests/vm: allow us to take advantage of MTTCG Alex Bennée
` (25 subsequent siblings)
39 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, berrange, Robert Foley, Alex Bennée, richard.henderson,
f4bug, Philippe Mathieu-Daudé,
cota, aurelien
optparse has been deprecated since version 3.2 and argparse is the
blessed replacement. Take the opportunity to enhance our help output
showing defaults when called.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Robert Foley <robert.foley@linaro.org>
---
v2
- add explicit parser.add_argument("commands", nargs="*")
v4
- fixup call to parse_args in aarch64vm.py
---
tests/vm/aarch64vm.py | 2 +-
tests/vm/basevm.py | 93 ++++++++++++++++++++++---------------------
2 files changed, 49 insertions(+), 46 deletions(-)
diff --git a/tests/vm/aarch64vm.py b/tests/vm/aarch64vm.py
index bb04cb19c91..d70ab843b6b 100644
--- a/tests/vm/aarch64vm.py
+++ b/tests/vm/aarch64vm.py
@@ -46,7 +46,7 @@ def get_config_defaults(vmcls, default_config):
def aarch_get_config_defaults(vmcls):
"""Set the defaults for current version of QEMU."""
config = CURRENT_CONFIG
- args, argv = basevm.parse_args(vmcls)
+ args = basevm.parse_args(vmcls)
qemu_path = basevm.get_qemu_path(vmcls.arch, args.build_path)
qemu_version = basevm.get_qemu_version(qemu_path)
if qemu_version < QEMU_AARCH64_MIN_VERSION:
diff --git a/tests/vm/basevm.py b/tests/vm/basevm.py
index 04d083409a5..890bbc5549a 100644
--- a/tests/vm/basevm.py
+++ b/tests/vm/basevm.py
@@ -23,7 +23,7 @@ from qemu.accel import kvm_available
from qemu.machine import QEMUMachine
import subprocess
import hashlib
-import optparse
+import argparse
import atexit
import tempfile
import shutil
@@ -556,54 +556,57 @@ def parse_args(vmcls):
else:
return 1
- parser = optparse.OptionParser(
- description="VM test utility. Exit codes: "
- "0 = success, "
- "1 = command line error, "
- "2 = environment initialization failed, "
- "3 = test command failed")
- parser.add_option("--debug", "-D", action="store_true",
- help="enable debug output")
- parser.add_option("--image", "-i", default="%s.img" % vmcls.name,
- help="image file name")
- parser.add_option("--force", "-f", action="store_true",
- help="force build image even if image exists")
- parser.add_option("--jobs", type=int, default=get_default_jobs(),
- help="number of virtual CPUs")
- parser.add_option("--verbose", "-V", action="store_true",
- help="Pass V=1 to builds within the guest")
- parser.add_option("--build-image", "-b", action="store_true",
- help="build image")
- parser.add_option("--build-qemu",
- help="build QEMU from source in guest")
- parser.add_option("--build-target",
- help="QEMU build target", default="check")
- parser.add_option("--build-path", default=None,
- help="Path of build directory, "\
- "for using build tree QEMU binary. ")
- parser.add_option("--interactive", "-I", action="store_true",
- help="Interactively run command")
- parser.add_option("--snapshot", "-s", action="store_true",
- help="run tests with a snapshot")
- parser.add_option("--genisoimage", default="genisoimage",
- help="iso imaging tool")
- parser.add_option("--config", "-c", default=None,
- help="Provide config yaml for configuration. "\
- "See config_example.yaml for example.")
- parser.add_option("--efi-aarch64",
- default="/usr/share/qemu-efi-aarch64/QEMU_EFI.fd",
- help="Path to efi image for aarch64 VMs.")
- parser.add_option("--log-console", action="store_true",
- help="Log console to file.")
- parser.disable_interspersed_args()
+ parser = argparse.ArgumentParser(
+ formatter_class=argparse.ArgumentDefaultsHelpFormatter,
+ description="Utility for provisioning VMs and running builds",
+ epilog="""Remaining arguments are passed to the command.
+ Exit codes: 0 = success, 1 = command line error,
+ 2 = environment initialization failed,
+ 3 = test command failed""")
+ parser.add_argument("--debug", "-D", action="store_true",
+ help="enable debug output")
+ parser.add_argument("--image", "-i", default="%s.img" % vmcls.name,
+ help="image file name")
+ parser.add_argument("--force", "-f", action="store_true",
+ help="force build image even if image exists")
+ parser.add_argument("--jobs", type=int, default=get_default_jobs(),
+ help="number of virtual CPUs")
+ parser.add_argument("--verbose", "-V", action="store_true",
+ help="Pass V=1 to builds within the guest")
+ parser.add_argument("--build-image", "-b", action="store_true",
+ help="build image")
+ parser.add_argument("--build-qemu",
+ help="build QEMU from source in guest")
+ parser.add_argument("--build-target",
+ help="QEMU build target", default="check")
+ parser.add_argument("--build-path", default=None,
+ help="Path of build directory, "\
+ "for using build tree QEMU binary. ")
+ parser.add_argument("--interactive", "-I", action="store_true",
+ help="Interactively run command")
+ parser.add_argument("--snapshot", "-s", action="store_true",
+ help="run tests with a snapshot")
+ parser.add_argument("--genisoimage", default="genisoimage",
+ help="iso imaging tool")
+ parser.add_argument("--config", "-c", default=None,
+ help="Provide config yaml for configuration. "\
+ "See config_example.yaml for example.")
+ parser.add_argument("--efi-aarch64",
+ default="/usr/share/qemu-efi-aarch64/QEMU_EFI.fd",
+ help="Path to efi image for aarch64 VMs.")
+ parser.add_argument("--log-console", action="store_true",
+ help="Log console to file.")
+ parser.add_argument("commands", nargs="*", help="""Remaining
+ commands after -- are passed to command inside the VM""")
+
return parser.parse_args()
def main(vmcls, config=None):
try:
if config == None:
config = {}
- args, argv = parse_args(vmcls)
- if not argv and not args.build_qemu and not args.build_image:
+ args = parse_args(vmcls)
+ if not args.commands and not args.build_qemu and not args.build_image:
print("Nothing to do?")
return 1
config = parse_config(config, args)
@@ -619,12 +622,12 @@ def main(vmcls, config=None):
if args.build_qemu:
vm.add_source_dir(args.build_qemu)
cmd = [vm.BUILD_SCRIPT.format(
- configure_opts = " ".join(argv),
+ configure_opts = " ".join(args.commands),
jobs=int(args.jobs),
target=args.build_target,
verbose = "V=1" if args.verbose else "")]
else:
- cmd = argv
+ cmd = args.commands
img = args.image
if args.snapshot:
img += ",snapshot=on"
--
2.20.1
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [PATCH v4 15/40] tests/vm: allow us to take advantage of MTTCG
2020-07-01 13:56 [PATCH v4 00/40] testing/next (vm, gitlab, fixes) Alex Bennée
` (13 preceding siblings ...)
2020-07-01 13:56 ` [PATCH v4 14/40] tests/vm: switch from optsparse to argparse Alex Bennée
@ 2020-07-01 13:56 ` Alex Bennée
2020-07-01 13:56 ` [PATCH v4 16/40] tests/docker: check for an parameters not empty string Alex Bennée
` (24 subsequent siblings)
39 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, berrange, Robert Foley, Alex Bennée, richard.henderson,
f4bug, Philippe Mathieu-Daudé,
cota, aurelien
We currently limit TCG guests to -smp 1 but now we have added some
aarch64 guests we can do better when running on x86_64 hardware.
Raise the limit for TCG guests when it is safe to do so.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Robert Foley <robert.foley@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
v4
- only attempt compute a bigger default_jobs is
multiprocessing.cpu_count > 1
---
tests/vm/basevm.py | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/tests/vm/basevm.py b/tests/vm/basevm.py
index 890bbc5549a..21f46d1957d 100644
--- a/tests/vm/basevm.py
+++ b/tests/vm/basevm.py
@@ -551,8 +551,15 @@ def parse_config(config, args):
def parse_args(vmcls):
def get_default_jobs():
- if kvm_available(vmcls.arch):
- return multiprocessing.cpu_count() // 2
+ if multiprocessing.cpu_count() > 1:
+ if kvm_available(vmcls.arch):
+ return multiprocessing.cpu_count() // 2
+ elif os.uname().machine == "x86_64" and \
+ vmcls.arch in ["aarch64", "x86_64", "i386"]:
+ # MTTCG is available on these arches and we can allow
+ # more cores. but only up to a reasonable limit. User
+ # can always override these limits with --jobs.
+ return min(multiprocessing.cpu_count() // 2, 8)
else:
return 1
--
2.20.1
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [PATCH v4 16/40] tests/docker: check for an parameters not empty string
2020-07-01 13:56 [PATCH v4 00/40] testing/next (vm, gitlab, fixes) Alex Bennée
` (14 preceding siblings ...)
2020-07-01 13:56 ` [PATCH v4 15/40] tests/vm: allow us to take advantage of MTTCG Alex Bennée
@ 2020-07-01 13:56 ` Alex Bennée
2020-07-01 13:56 ` [PATCH v4 17/40] tests/docker: change tag naming scheme of our images Alex Bennée
` (23 subsequent siblings)
39 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, Peter Maydell, berrange, Alex Bennée,
richard.henderson, f4bug, Philippe Mathieu-Daudé,
cota, aurelien
Reported-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
v4
- if [ $# == 0 ]; then -> if [ $# = 0 ]; then
---
tests/docker/common.rc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/docker/common.rc b/tests/docker/common.rc
index 02cd67a8c5e..ebc5b97ecf9 100755
--- a/tests/docker/common.rc
+++ b/tests/docker/common.rc
@@ -47,7 +47,7 @@ build_qemu()
check_qemu()
{
# default to make check unless the caller specifies
- if test -z "$@"; then
+ if [ $# = 0 ]; then
INVOCATION="check"
else
INVOCATION="$@"
--
2.20.1
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [PATCH v4 17/40] tests/docker: change tag naming scheme of our images
2020-07-01 13:56 [PATCH v4 00/40] testing/next (vm, gitlab, fixes) Alex Bennée
` (15 preceding siblings ...)
2020-07-01 13:56 ` [PATCH v4 16/40] tests/docker: check for an parameters not empty string Alex Bennée
@ 2020-07-01 13:56 ` Alex Bennée
2020-07-01 13:56 ` [PATCH v4 18/40] .gitignore: un-ignore .gitlab-ci.d Alex Bennée
` (22 subsequent siblings)
39 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, berrange, Alex Bennée, richard.henderson, f4bug,
Philippe Mathieu-Daudé,
cota, aurelien
We've been misusing the tag naming scheme for some time by overloading
the post : section with the image type. Really it should be saved for
the revision of that particular build. Move the details to the other
side so we have:
qemu/image-name
with the implied :latest version added by the tooling.
Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
v2
- fix RUN invocation as well
- don't include :latest tag for debian-arm64-cross (implied)
v4
- fix up check and compile cases as well
- also tweak shippable references
---
.shippable.yml | 4 ++--
tests/docker/Makefile.include | 10 +++++-----
tests/docker/docker.py | 2 +-
tests/docker/dockerfiles/debian-alpha-cross.docker | 2 +-
tests/docker/dockerfiles/debian-amd64-cross.docker | 2 +-
tests/docker/dockerfiles/debian-amd64.docker | 2 +-
tests/docker/dockerfiles/debian-arm64-cross.docker | 2 +-
.../docker/dockerfiles/debian-arm64-test-cross.docker | 2 +-
tests/docker/dockerfiles/debian-armel-cross.docker | 2 +-
tests/docker/dockerfiles/debian-armhf-cross.docker | 2 +-
tests/docker/dockerfiles/debian-hppa-cross.docker | 2 +-
tests/docker/dockerfiles/debian-m68k-cross.docker | 2 +-
tests/docker/dockerfiles/debian-mips-cross.docker | 2 +-
tests/docker/dockerfiles/debian-mips64-cross.docker | 2 +-
tests/docker/dockerfiles/debian-mips64el-cross.docker | 2 +-
tests/docker/dockerfiles/debian-mipsel-cross.docker | 2 +-
tests/docker/dockerfiles/debian-powerpc-cross.docker | 2 +-
tests/docker/dockerfiles/debian-ppc64-cross.docker | 2 +-
tests/docker/dockerfiles/debian-ppc64el-cross.docker | 2 +-
tests/docker/dockerfiles/debian-riscv64-cross.docker | 2 +-
tests/docker/dockerfiles/debian-s390x-cross.docker | 2 +-
tests/docker/dockerfiles/debian-sh4-cross.docker | 2 +-
tests/docker/dockerfiles/debian-sparc64-cross.docker | 2 +-
tests/docker/dockerfiles/debian-tricore-cross.docker | 2 +-
tests/docker/dockerfiles/debian-win32-cross.docker | 2 +-
tests/docker/dockerfiles/debian-win64-cross.docker | 2 +-
tests/docker/dockerfiles/debian9-mxe.docker | 2 +-
tests/tcg/Makefile.qemu | 4 ++--
28 files changed, 34 insertions(+), 34 deletions(-)
diff --git a/.shippable.yml b/.shippable.yml
index 2cce7b56890..81905727d14 100644
--- a/.shippable.yml
+++ b/.shippable.yml
@@ -29,8 +29,8 @@ build:
pre_ci:
- make docker-image-${IMAGE} V=1
pre_ci_boot:
- image_name: qemu
- image_tag: ${IMAGE}
+ image_name: qemu/${IMAGE}
+ image_tag: latest
pull: false
options: "-e HOME=/root"
ci:
diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
index 3e3617816ec..e23b4af20ea 100644
--- a/tests/docker/Makefile.include
+++ b/tests/docker/Makefile.include
@@ -50,12 +50,12 @@ docker-image: ${DOCKER_TARGETS}
ifdef SKIP_DOCKER_BUILD
docker-image-%: $(DOCKER_FILES_DIR)/%.docker
$(call quiet-command, \
- $(DOCKER_SCRIPT) check --quiet qemu:$* $<, \
+ $(DOCKER_SCRIPT) check --quiet qemu/$* $<, \
"CHECK", "$*")
else
docker-image-%: $(DOCKER_FILES_DIR)/%.docker
$(call quiet-command,\
- $(DOCKER_SCRIPT) build -t qemu:$* -f $< \
+ $(DOCKER_SCRIPT) build -t qemu/$* -f $< \
$(if $V,,--quiet) $(if $(NOCACHE),--no-cache) \
$(if $(NOUSER),,--add-current-user) \
$(if $(EXTRA_FILES),--extra-files $(EXTRA_FILES))\
@@ -75,14 +75,14 @@ docker-binfmt-image-debian-%: $(DOCKER_FILES_DIR)/debian-bootstrap.docker
DEB_ARCH=$(DEB_ARCH) \
DEB_TYPE=$(DEB_TYPE) \
$(if $(DEB_URL),DEB_URL=$(DEB_URL),) \
- $(DOCKER_SCRIPT) build qemu:debian-$* $< \
+ $(DOCKER_SCRIPT) build qemu/debian-$* $< \
$(if $V,,--quiet) $(if $(NOCACHE),--no-cache) \
$(if $(NOUSER),,--add-current-user) \
$(if $(EXTRA_FILES),--extra-files $(EXTRA_FILES)) \
$(if $(EXECUTABLE),--include-executable=$(EXECUTABLE)), \
"BUILD","binfmt debian-$* (debootstrapped)"), \
$(call quiet-command, \
- $(DOCKER_SCRIPT) check --quiet qemu:debian-$* $< || \
+ $(DOCKER_SCRIPT) check --quiet qemu/debian-$* $< || \
{ echo "You will need to build $(EXECUTABLE)"; exit 1;},\
"CHECK", "debian-$* exists"))
@@ -258,7 +258,7 @@ docker-run: docker-qemu-src
docker-run-%: CMD = $(shell echo '$@' | sed -e 's/docker-run-\([^@]*\)@\(.*\)/\1/')
docker-run-%: IMAGE = $(shell echo '$@' | sed -e 's/docker-run-\([^@]*\)@\(.*\)/\2/')
docker-run-%:
- @$(MAKE) docker-run TEST=$(CMD) IMAGE=qemu:$(IMAGE)
+ @$(MAKE) docker-run TEST=$(CMD) IMAGE=qemu/$(IMAGE)
docker-clean:
$(call quiet-command, $(DOCKER_SCRIPT) clean)
diff --git a/tests/docker/docker.py b/tests/docker/docker.py
index e630aae1089..cc6f76caa60 100755
--- a/tests/docker/docker.py
+++ b/tests/docker/docker.py
@@ -204,7 +204,7 @@ def _dockerfile_preprocess(df):
for l in df.splitlines():
if len(l.strip()) == 0 or l.startswith("#"):
continue
- from_pref = "FROM qemu:"
+ from_pref = "FROM qemu/"
if l.startswith(from_pref):
# TODO: Alternatively we could replace this line with "FROM $ID"
# where $ID is the image's hex id obtained with
diff --git a/tests/docker/dockerfiles/debian-alpha-cross.docker b/tests/docker/dockerfiles/debian-alpha-cross.docker
index 74bcabfdb12..10fe30df0dd 100644
--- a/tests/docker/dockerfiles/debian-alpha-cross.docker
+++ b/tests/docker/dockerfiles/debian-alpha-cross.docker
@@ -3,7 +3,7 @@
#
# This docker target builds on the debian Buster base image.
#
-FROM qemu:debian10
+FROM qemu/debian10
RUN apt update && \
DEBIAN_FRONTEND=noninteractive eatmydata \
diff --git a/tests/docker/dockerfiles/debian-amd64-cross.docker b/tests/docker/dockerfiles/debian-amd64-cross.docker
index 5d890419251..870109ef6af 100644
--- a/tests/docker/dockerfiles/debian-amd64-cross.docker
+++ b/tests/docker/dockerfiles/debian-amd64-cross.docker
@@ -4,7 +4,7 @@
# This docker target is used on non-x86_64 machines which need the
# x86_64 cross compilers installed.
#
-FROM qemu:debian10
+FROM qemu/debian10
MAINTAINER Alex Bennée <alex.bennee@linaro.org>
# Add the foreign architecture we want and install dependencies
diff --git a/tests/docker/dockerfiles/debian-amd64.docker b/tests/docker/dockerfiles/debian-amd64.docker
index 957f0bc2e79..8fdfd6a6b04 100644
--- a/tests/docker/dockerfiles/debian-amd64.docker
+++ b/tests/docker/dockerfiles/debian-amd64.docker
@@ -4,7 +4,7 @@
# This docker target builds on the debian Stretch base image. Further
# libraries which are not widely available are installed by hand.
#
-FROM qemu:debian10
+FROM qemu/debian10
MAINTAINER Philippe Mathieu-Daudé <f4bug@amsat.org>
RUN apt update && \
diff --git a/tests/docker/dockerfiles/debian-arm64-cross.docker b/tests/docker/dockerfiles/debian-arm64-cross.docker
index 09ca0a1ba79..166e24df138 100644
--- a/tests/docker/dockerfiles/debian-arm64-cross.docker
+++ b/tests/docker/dockerfiles/debian-arm64-cross.docker
@@ -3,7 +3,7 @@
#
# This docker target builds on the debian Buster base image.
#
-FROM qemu:debian10
+FROM qemu/debian10
# Add the foreign architecture we want and install dependencies
RUN dpkg --add-architecture arm64
diff --git a/tests/docker/dockerfiles/debian-arm64-test-cross.docker b/tests/docker/dockerfiles/debian-arm64-test-cross.docker
index a44e76d9421..53a9012beb8 100644
--- a/tests/docker/dockerfiles/debian-arm64-test-cross.docker
+++ b/tests/docker/dockerfiles/debian-arm64-test-cross.docker
@@ -3,7 +3,7 @@
#
# This docker target builds on the debian Bullseye base image.
#
-FROM qemu:debian11
+FROM qemu/debian11
# Add the foreign architecture we want and install dependencies
RUN dpkg --add-architecture arm64
diff --git a/tests/docker/dockerfiles/debian-armel-cross.docker b/tests/docker/dockerfiles/debian-armel-cross.docker
index e3794a61c95..b7b1a3585f8 100644
--- a/tests/docker/dockerfiles/debian-armel-cross.docker
+++ b/tests/docker/dockerfiles/debian-armel-cross.docker
@@ -3,7 +3,7 @@
#
# This docker target builds on the debian Stretch base image.
#
-FROM qemu:debian10
+FROM qemu/debian10
MAINTAINER Philippe Mathieu-Daudé <f4bug@amsat.org>
# Add the foreign architecture we want and install dependencies
diff --git a/tests/docker/dockerfiles/debian-armhf-cross.docker b/tests/docker/dockerfiles/debian-armhf-cross.docker
index e163b8b9569..25d76188337 100644
--- a/tests/docker/dockerfiles/debian-armhf-cross.docker
+++ b/tests/docker/dockerfiles/debian-armhf-cross.docker
@@ -3,7 +3,7 @@
#
# This docker target builds on the debian Stretch base image.
#
-FROM qemu:debian10
+FROM qemu/debian10
# Add the foreign architecture we want and install dependencies
RUN dpkg --add-architecture armhf
diff --git a/tests/docker/dockerfiles/debian-hppa-cross.docker b/tests/docker/dockerfiles/debian-hppa-cross.docker
index 5c68b2d3304..3d6c65a3efc 100644
--- a/tests/docker/dockerfiles/debian-hppa-cross.docker
+++ b/tests/docker/dockerfiles/debian-hppa-cross.docker
@@ -3,7 +3,7 @@
#
# This docker target builds on the debian Buster base image.
#
-FROM qemu:debian10
+FROM qemu/debian10
RUN apt update && \
DEBIAN_FRONTEND=noninteractive eatmydata \
diff --git a/tests/docker/dockerfiles/debian-m68k-cross.docker b/tests/docker/dockerfiles/debian-m68k-cross.docker
index 25edc80e9a3..fcb10e35347 100644
--- a/tests/docker/dockerfiles/debian-m68k-cross.docker
+++ b/tests/docker/dockerfiles/debian-m68k-cross.docker
@@ -3,7 +3,7 @@
#
# This docker target builds on the debian Buster base image.
#
-FROM qemu:debian10
+FROM qemu/debian10
RUN apt update && \
DEBIAN_FRONTEND=noninteractive eatmydata \
diff --git a/tests/docker/dockerfiles/debian-mips-cross.docker b/tests/docker/dockerfiles/debian-mips-cross.docker
index 08a8e1c29cc..26c154014db 100644
--- a/tests/docker/dockerfiles/debian-mips-cross.docker
+++ b/tests/docker/dockerfiles/debian-mips-cross.docker
@@ -3,7 +3,7 @@
#
# This docker target builds on the debian Buster base image.
#
-FROM qemu:debian10
+FROM qemu/debian10
MAINTAINER Philippe Mathieu-Daudé <f4bug@amsat.org>
diff --git a/tests/docker/dockerfiles/debian-mips64-cross.docker b/tests/docker/dockerfiles/debian-mips64-cross.docker
index 1a79505d696..09c2ba584e5 100644
--- a/tests/docker/dockerfiles/debian-mips64-cross.docker
+++ b/tests/docker/dockerfiles/debian-mips64-cross.docker
@@ -3,7 +3,7 @@
#
# This docker target builds on the debian Buster base image.
#
-FROM qemu:debian10
+FROM qemu/debian10
RUN apt update && \
DEBIAN_FRONTEND=noninteractive eatmydata \
diff --git a/tests/docker/dockerfiles/debian-mips64el-cross.docker b/tests/docker/dockerfiles/debian-mips64el-cross.docker
index 453b53ef72c..c990b683b7a 100644
--- a/tests/docker/dockerfiles/debian-mips64el-cross.docker
+++ b/tests/docker/dockerfiles/debian-mips64el-cross.docker
@@ -4,7 +4,7 @@
# This docker target builds on the debian Stretch base image.
#
-FROM qemu:debian10
+FROM qemu/debian10
MAINTAINER Philippe Mathieu-Daudé <f4bug@amsat.org>
diff --git a/tests/docker/dockerfiles/debian-mipsel-cross.docker b/tests/docker/dockerfiles/debian-mipsel-cross.docker
index 3b6e975c686..0e5dd42d3c4 100644
--- a/tests/docker/dockerfiles/debian-mipsel-cross.docker
+++ b/tests/docker/dockerfiles/debian-mipsel-cross.docker
@@ -3,7 +3,7 @@
#
# This docker target builds on the debian Stretch base image.
#
-FROM qemu:debian10
+FROM qemu/debian10
MAINTAINER Philippe Mathieu-Daudé <f4bug@amsat.org>
diff --git a/tests/docker/dockerfiles/debian-powerpc-cross.docker b/tests/docker/dockerfiles/debian-powerpc-cross.docker
index 89dd4fbf870..07e1789650b 100644
--- a/tests/docker/dockerfiles/debian-powerpc-cross.docker
+++ b/tests/docker/dockerfiles/debian-powerpc-cross.docker
@@ -3,7 +3,7 @@
#
# This docker target builds on the debian Buster base image.
#
-FROM qemu:debian10
+FROM qemu/debian10
RUN apt update && \
DEBIAN_FRONTEND=noninteractive eatmydata \
diff --git a/tests/docker/dockerfiles/debian-ppc64-cross.docker b/tests/docker/dockerfiles/debian-ppc64-cross.docker
index 4bf88ab02dd..8efe68874ed 100644
--- a/tests/docker/dockerfiles/debian-ppc64-cross.docker
+++ b/tests/docker/dockerfiles/debian-ppc64-cross.docker
@@ -2,7 +2,7 @@
# Docker ppc64 cross-compiler target
#
# This docker target builds on the debian Buster base image.
-FROM qemu:debian10
+FROM qemu/debian10
RUN apt update && \
DEBIAN_FRONTEND=noninteractive eatmydata \
diff --git a/tests/docker/dockerfiles/debian-ppc64el-cross.docker b/tests/docker/dockerfiles/debian-ppc64el-cross.docker
index cd386f01d93..1146a06be62 100644
--- a/tests/docker/dockerfiles/debian-ppc64el-cross.docker
+++ b/tests/docker/dockerfiles/debian-ppc64el-cross.docker
@@ -3,7 +3,7 @@
#
# This docker target builds on the debian Stretch base image.
#
-FROM qemu:debian10
+FROM qemu/debian10
# Add the foreign architecture we want and install dependencies
RUN dpkg --add-architecture ppc64el && \
diff --git a/tests/docker/dockerfiles/debian-riscv64-cross.docker b/tests/docker/dockerfiles/debian-riscv64-cross.docker
index 5e2d6ddb600..2bbff19772a 100644
--- a/tests/docker/dockerfiles/debian-riscv64-cross.docker
+++ b/tests/docker/dockerfiles/debian-riscv64-cross.docker
@@ -3,7 +3,7 @@
#
# This docker target builds on the debian Buster base image.
#
-FROM qemu:debian10
+FROM qemu/debian10
RUN apt update && \
DEBIAN_FRONTEND=noninteractive eatmydata \
diff --git a/tests/docker/dockerfiles/debian-s390x-cross.docker b/tests/docker/dockerfiles/debian-s390x-cross.docker
index 43fe59836f2..9f2ab51eb09 100644
--- a/tests/docker/dockerfiles/debian-s390x-cross.docker
+++ b/tests/docker/dockerfiles/debian-s390x-cross.docker
@@ -3,7 +3,7 @@
#
# This docker target builds on the debian Stretch base image.
#
-FROM qemu:debian10
+FROM qemu/debian10
# Add the s390x architecture
RUN dpkg --add-architecture s390x
diff --git a/tests/docker/dockerfiles/debian-sh4-cross.docker b/tests/docker/dockerfiles/debian-sh4-cross.docker
index 9d7663764e4..fd3af895759 100644
--- a/tests/docker/dockerfiles/debian-sh4-cross.docker
+++ b/tests/docker/dockerfiles/debian-sh4-cross.docker
@@ -3,7 +3,7 @@
#
# This docker target builds on the debian Buster base image.
#
-FROM qemu:debian10
+FROM qemu/debian10
RUN apt update && \
DEBIAN_FRONTEND=noninteractive eatmydata \
diff --git a/tests/docker/dockerfiles/debian-sparc64-cross.docker b/tests/docker/dockerfiles/debian-sparc64-cross.docker
index 31fd34f120b..f4bb9b561cf 100644
--- a/tests/docker/dockerfiles/debian-sparc64-cross.docker
+++ b/tests/docker/dockerfiles/debian-sparc64-cross.docker
@@ -3,7 +3,7 @@
#
# This docker target builds on the debian Buster base image.
#
-FROM qemu:debian10
+FROM qemu/debian10
RUN apt update && \
DEBIAN_FRONTEND=noninteractive eatmydata \
diff --git a/tests/docker/dockerfiles/debian-tricore-cross.docker b/tests/docker/dockerfiles/debian-tricore-cross.docker
index 4a0f7706a39..769d95c77bb 100644
--- a/tests/docker/dockerfiles/debian-tricore-cross.docker
+++ b/tests/docker/dockerfiles/debian-tricore-cross.docker
@@ -7,7 +7,7 @@
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
-FROM qemu:debian9
+FROM qemu/debian9
MAINTAINER Philippe Mathieu-Daudé <f4bug@amsat.org>
diff --git a/tests/docker/dockerfiles/debian-win32-cross.docker b/tests/docker/dockerfiles/debian-win32-cross.docker
index d16d6431bc8..b045e821b91 100644
--- a/tests/docker/dockerfiles/debian-win32-cross.docker
+++ b/tests/docker/dockerfiles/debian-win32-cross.docker
@@ -3,7 +3,7 @@
#
# This docker target builds on the debian Stretch MXE base image.
#
-FROM qemu:debian9-mxe
+FROM qemu/debian9-mxe
MAINTAINER Philippe Mathieu-Daudé <f4bug@amsat.org>
diff --git a/tests/docker/dockerfiles/debian-win64-cross.docker b/tests/docker/dockerfiles/debian-win64-cross.docker
index b0bc960445b..2fc9cfcbc66 100644
--- a/tests/docker/dockerfiles/debian-win64-cross.docker
+++ b/tests/docker/dockerfiles/debian-win64-cross.docker
@@ -3,7 +3,7 @@
#
# This docker target builds on the debian Stretch MXE base image.
#
-FROM qemu:debian9-mxe
+FROM qemu/debian9-mxe
MAINTAINER Philippe Mathieu-Daudé <f4bug@amsat.org>
diff --git a/tests/docker/dockerfiles/debian9-mxe.docker b/tests/docker/dockerfiles/debian9-mxe.docker
index 62ff1cecf2d..ae2c222a6f0 100644
--- a/tests/docker/dockerfiles/debian9-mxe.docker
+++ b/tests/docker/dockerfiles/debian9-mxe.docker
@@ -3,7 +3,7 @@
#
# This docker target builds on the debian Stretch base image.
#
-FROM qemu:debian9
+FROM qemu/debian9
MAINTAINER Philippe Mathieu-Daudé <f4bug@amsat.org>
diff --git a/tests/tcg/Makefile.qemu b/tests/tcg/Makefile.qemu
index 9c23aeaa2a6..f8ad4c47be6 100644
--- a/tests/tcg/Makefile.qemu
+++ b/tests/tcg/Makefile.qemu
@@ -47,7 +47,7 @@ ifneq ($(DOCKER_IMAGE),)
DOCKER_COMPILE_CMD="$(DOCKER_SCRIPT) cc \
--cc $(DOCKER_CROSS_CC_GUEST) \
- -i qemu:$(DOCKER_IMAGE) \
+ -i qemu/$(DOCKER_IMAGE) \
-s $(SRC_PATH) -- "
.PHONY: docker-build-guest-tests
@@ -57,7 +57,7 @@ docker-build-guest-tests: docker-image-$(DOCKER_IMAGE)
$(MAKE) -f $(TCG_MAKE) TARGET="$(TARGET)" CC=$(DOCKER_COMPILE_CMD) \
SRC_PATH="$(SRC_PATH)" BUILD_STATIC=y \
EXTRA_CFLAGS="$(CROSS_CC_GUEST_CFLAGS)"), \
- "BUILD","$(TARGET) guest-tests with docker qemu:$(DOCKER_IMAGE)")
+ "BUILD","$(TARGET) guest-tests with docker qemu/$(DOCKER_IMAGE)")
GUEST_BUILD=docker-build-guest-tests
--
2.20.1
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [PATCH v4 18/40] .gitignore: un-ignore .gitlab-ci.d
2020-07-01 13:56 [PATCH v4 00/40] testing/next (vm, gitlab, fixes) Alex Bennée
` (16 preceding siblings ...)
2020-07-01 13:56 ` [PATCH v4 17/40] tests/docker: change tag naming scheme of our images Alex Bennée
@ 2020-07-01 13:56 ` Alex Bennée
2020-07-01 13:56 ` [PATCH v4 19/40] gitlab-ci: Fix the change rules after moving the YML files Alex Bennée
` (21 subsequent siblings)
39 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, Thomas Huth, berrange, Alex Bennée, richard.henderson,
f4bug, Philippe Mathieu-Daudé,
cota, aurelien
The sooner we deprecate in-tree builds the sooner this mess of regexes
can be thrown away.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
v2
- just use explicit !/.gitlab-ci.d
---
.gitignore | 1 +
1 file changed, 1 insertion(+)
diff --git a/.gitignore b/.gitignore
index 90acb4347d4..2992d15931a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -93,6 +93,7 @@
*.tp
*.vr
*.d
+!/.gitlab-ci.d
!/scripts/qemu-guest-agent/fsfreeze-hook.d
*.o
.sdk
--
2.20.1
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [PATCH v4 19/40] gitlab-ci: Fix the change rules after moving the YML files
2020-07-01 13:56 [PATCH v4 00/40] testing/next (vm, gitlab, fixes) Alex Bennée
` (17 preceding siblings ...)
2020-07-01 13:56 ` [PATCH v4 18/40] .gitignore: un-ignore .gitlab-ci.d Alex Bennée
@ 2020-07-01 13:56 ` Alex Bennée
2020-07-01 13:56 ` [PATCH v4 20/40] gitlab: introduce explicit "container" and "build" stages Alex Bennée
` (20 subsequent siblings)
39 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, Thomas Huth, berrange, Philippe Mathieu-Daudé,
richard.henderson, f4bug, Laszlo Ersek, Alex Bennée, cota,
aurelien
From: Thomas Huth <thuth@redhat.com>
The edk2.yml and opensbi.yml files have recently been moved/renamed,
but the change has not been reflected in the rules in the YML files
yet.
Fixes: 922febe2af ("Move edk2 and opensbi YAML files to .gitlab-ci.d folder")
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20200625151627.24986-1-thuth@redhat.com>
---
.gitlab-ci.d/edk2.yml | 2 +-
.gitlab-ci.d/opensbi.yml | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/.gitlab-ci.d/edk2.yml b/.gitlab-ci.d/edk2.yml
index 088ba4b43a3..a9990b71475 100644
--- a/.gitlab-ci.d/edk2.yml
+++ b/.gitlab-ci.d/edk2.yml
@@ -2,7 +2,7 @@ docker-edk2:
stage: build
rules: # Only run this job when the Dockerfile is modified
- changes:
- - .gitlab-ci-edk2.yml
+ - .gitlab-ci.d/edk2.yml
- .gitlab-ci.d/edk2/Dockerfile
when: always
image: docker:19.03.1
diff --git a/.gitlab-ci.d/opensbi.yml b/.gitlab-ci.d/opensbi.yml
index dd051c01245..6a1750784ac 100644
--- a/.gitlab-ci.d/opensbi.yml
+++ b/.gitlab-ci.d/opensbi.yml
@@ -2,7 +2,7 @@ docker-opensbi:
stage: build
rules: # Only run this job when the Dockerfile is modified
- changes:
- - .gitlab-ci-opensbi.yml
+ - .gitlab-ci.d/opensbi.yml
- .gitlab-ci.d/opensbi/Dockerfile
when: always
image: docker:19.03.1
--
2.20.1
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [PATCH v4 20/40] gitlab: introduce explicit "container" and "build" stages
2020-07-01 13:56 [PATCH v4 00/40] testing/next (vm, gitlab, fixes) Alex Bennée
` (18 preceding siblings ...)
2020-07-01 13:56 ` [PATCH v4 19/40] gitlab-ci: Fix the change rules after moving the YML files Alex Bennée
@ 2020-07-01 13:56 ` Alex Bennée
2020-07-01 13:56 ` [PATCH v4 21/40] gitlab: build all container images during CI Alex Bennée
` (19 subsequent siblings)
39 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, Thomas Huth, berrange, Laszlo Ersek, richard.henderson,
f4bug, Wainer dos Santos Moschetta, Philippe Mathieu-Daudé,
Alex Bennée, cota, aurelien
From: Daniel P. Berrangé <berrange@redhat.com>
If no stage is listed, jobs get put in an implicit "test" stage.
Some jobs which create container images to be used by later stages
are currently listed as in a "build" stages.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200622153318.751107-2-berrange@redhat.com>
---
.gitlab-ci.d/edk2.yml | 3 ++-
.gitlab-ci.d/opensbi.yml | 3 ++-
.gitlab-ci.yml | 11 +++++++++++
3 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/.gitlab-ci.d/edk2.yml b/.gitlab-ci.d/edk2.yml
index a9990b71475..e1e04524166 100644
--- a/.gitlab-ci.d/edk2.yml
+++ b/.gitlab-ci.d/edk2.yml
@@ -1,5 +1,5 @@
docker-edk2:
- stage: build
+ stage: containers
rules: # Only run this job when the Dockerfile is modified
- changes:
- .gitlab-ci.d/edk2.yml
@@ -24,6 +24,7 @@ docker-edk2:
- docker push $IMAGE_TAG
build-edk2:
+ stage: build
rules: # Only run this job when ...
- changes: # ... roms/edk2/ is modified (submodule updated)
- roms/edk2/*
diff --git a/.gitlab-ci.d/opensbi.yml b/.gitlab-ci.d/opensbi.yml
index 6a1750784ac..62088ec5ec1 100644
--- a/.gitlab-ci.d/opensbi.yml
+++ b/.gitlab-ci.d/opensbi.yml
@@ -1,5 +1,5 @@
docker-opensbi:
- stage: build
+ stage: containers
rules: # Only run this job when the Dockerfile is modified
- changes:
- .gitlab-ci.d/opensbi.yml
@@ -24,6 +24,7 @@ docker-opensbi:
- docker push $IMAGE_TAG
build-opensbi:
+ stage: build
rules: # Only run this job when ...
- changes: # ... roms/opensbi/ is modified (submodule updated)
- roms/opensbi/*
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 349c77aa580..9fdc752ea63 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,3 +1,7 @@
+stages:
+ - containers
+ - build
+
include:
- local: '/.gitlab-ci.d/edk2.yml'
- local: '/.gitlab-ci.d/opensbi.yml'
@@ -17,6 +21,7 @@ include:
- JOBS=$(expr $(nproc) + 1)
build-system1:
+ stage: build
image: ubuntu:19.10
<<: *before_script_apt
script:
@@ -31,6 +36,7 @@ build-system1:
- make -j"$JOBS" check
build-system2:
+ stage: build
image: fedora:latest
<<: *before_script_dnf
script:
@@ -46,6 +52,7 @@ build-system2:
- make -j"$JOBS" check
build-disabled:
+ stage: build
image: fedora:latest
<<: *before_script_dnf
script:
@@ -62,6 +69,7 @@ build-disabled:
- make -j"$JOBS" check-qtest SPEED=slow
build-tcg-disabled:
+ stage: build
image: centos:8
<<: *before_script_dnf
script:
@@ -82,6 +90,7 @@ build-tcg-disabled:
260 261 262 263 264 270 272 273 277 279
build-user:
+ stage: build
<<: *before_script_apt
script:
- mkdir build
@@ -92,6 +101,7 @@ build-user:
- make run-tcg-tests-i386-linux-user run-tcg-tests-x86_64-linux-user
build-clang:
+ stage: build
image: fedora:latest
<<: *before_script_dnf
script:
@@ -106,6 +116,7 @@ build-clang:
- make -j"$JOBS" check
build-tci:
+ stage: build
image: centos:8
<<: *before_script_dnf
script:
--
2.20.1
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [PATCH v4 21/40] gitlab: build all container images during CI
2020-07-01 13:56 [PATCH v4 00/40] testing/next (vm, gitlab, fixes) Alex Bennée
` (19 preceding siblings ...)
2020-07-01 13:56 ` [PATCH v4 20/40] gitlab: introduce explicit "container" and "build" stages Alex Bennée
@ 2020-07-01 13:56 ` Alex Bennée
2020-07-01 13:56 ` [PATCH v4 22/40] gitlab: convert jobs to use custom built containers Alex Bennée
` (18 subsequent siblings)
39 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, Thomas Huth, berrange, Alex Bennée, richard.henderson,
f4bug, Wainer dos Santos Moschetta, Philippe Mathieu-Daudé,
cota, aurelien
From: Daniel P. Berrangé <berrange@redhat.com>
We have a number of container images in tests/docker/dockerfiles
that are intended to provide well defined environments for doing
test builds. We want our CI system to use these containers too.
This introduces builds of all of them as the first stage in the
CI, so that the built containers are available for later build
jobs. The containers are setup to use the GitLab container
registry as the cache, so we only pay the penalty of the full
build when the dockerfiles change. The main qemu-project/qemu
repo is used as a second cache, so that users forking QEMU will
see a fast turnaround time on their CI jobs.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20200622153318.751107-3-berrange@redhat.com>
[AJB: tweak the tag format]
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Acked-by: Thomas Huth <thuth@redhat.com>
---
v4
- rm leading and trailing ws
---
.gitlab-ci.d/containers.yml | 245 ++++++++++++++++++++++++++++++++++++
.gitlab-ci.yml | 3 +
2 files changed, 248 insertions(+)
create mode 100644 .gitlab-ci.d/containers.yml
diff --git a/.gitlab-ci.d/containers.yml b/.gitlab-ci.d/containers.yml
new file mode 100644
index 00000000000..2afd01f1d17
--- /dev/null
+++ b/.gitlab-ci.d/containers.yml
@@ -0,0 +1,245 @@
+.container_job_template: &container_job_definition
+ image: docker:stable
+ stage: containers
+ services:
+ - docker:dind
+ before_script:
+ - export TAG="$CI_REGISTRY_IMAGE/qemu/$NAME:latest"
+ - export COMMON_TAG="$CI_REGISTRY/qemu-project/qemu/$NAME:latest"
+ - docker info
+ - docker login registry.gitlab.com -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD"
+ script:
+ - docker pull "$TAG" || docker pull "$COMMON_TAG" || true
+ - sed -i -e "s,FROM qemu/,FROM $CI_REGISTRY_IMAGE/qemu/," tests/docker/dockerfiles/$NAME.docker
+ - docker build --cache-from "$TAG" --cache-from "$COMMON_TAG" --tag "$TAG" -f "tests/docker/dockerfiles/$NAME.docker" tests/docker/dockerfiles
+ - docker push "$TAG"
+ after_script:
+ - docker logout
+
+amd64-centos7-container:
+ <<: *container_job_definition
+ variables:
+ NAME: centos7
+
+amd64-centos8-container:
+ <<: *container_job_definition
+ variables:
+ NAME: centos8
+
+amd64-debian10-container:
+ <<: *container_job_definition
+ variables:
+ NAME: debian10
+
+amd64-debian11-container:
+ <<: *container_job_definition
+ variables:
+ NAME: debian11
+
+amd64-debian9-container:
+ <<: *container_job_definition
+ variables:
+ NAME: debian9
+
+amd64-debian9-mxe-container:
+ <<: *container_job_definition
+ stage: containers-layer2
+ needs: ['amd64-debian9-container']
+ variables:
+ NAME: debian9-mxe
+
+alpha-debian-cross-container:
+ <<: *container_job_definition
+ stage: containers-layer2
+ needs: ['amd64-debian10-container']
+ variables:
+ NAME: debian-alpha-cross
+
+amd64-debian-cross-container:
+ <<: *container_job_definition
+ stage: containers-layer2
+ needs: ['amd64-debian10-container']
+ variables:
+ NAME: debian-amd64-cross
+
+amd64-debian-container:
+ <<: *container_job_definition
+ stage: containers-layer2
+ needs: ['amd64-debian10-container']
+ variables:
+ NAME: debian-amd64
+
+arm64-debian-cross-container:
+ <<: *container_job_definition
+ stage: containers-layer2
+ needs: ['amd64-debian10-container']
+ variables:
+ NAME: debian-arm64-cross
+
+arm64-test-debian-cross-container:
+ <<: *container_job_definition
+ stage: containers-layer2
+ needs: ['amd64-debian11-container']
+ variables:
+ NAME: debian-arm64-test-cross
+
+armel-debian-cross-container:
+ <<: *container_job_definition
+ stage: containers-layer2
+ needs: ['amd64-debian10-container']
+ variables:
+ NAME: debian-armel-cross
+
+armhf-debian-cross-container:
+ <<: *container_job_definition
+ stage: containers-layer2
+ needs: ['amd64-debian10-container']
+ variables:
+ NAME: debian-armhf-cross
+
+hppa-debian-cross-container:
+ <<: *container_job_definition
+ stage: containers-layer2
+ needs: ['amd64-debian10-container']
+ variables:
+ NAME: debian-hppa-cross
+
+m68k-debian-cross-container:
+ <<: *container_job_definition
+ stage: containers-layer2
+ needs: ['amd64-debian10-container']
+ variables:
+ NAME: debian-m68k-cross
+
+mips64-debian-cross-container:
+ <<: *container_job_definition
+ stage: containers-layer2
+ needs: ['amd64-debian10-container']
+ variables:
+ NAME: debian-mips64-cross
+
+mips64el-debian-cross-container:
+ <<: *container_job_definition
+ stage: containers-layer2
+ needs: ['amd64-debian10-container']
+ variables:
+ NAME: debian-mips64el-cross
+
+mips-debian-cross-container:
+ <<: *container_job_definition
+ stage: containers-layer2
+ needs: ['amd64-debian10-container']
+ variables:
+ NAME: debian-mips-cross
+
+mipsel-debian-cross-container:
+ <<: *container_job_definition
+ stage: containers-layer2
+ needs: ['amd64-debian10-container']
+ variables:
+ NAME: debian-mipsel-cross
+
+powerpc-debian-cross-container:
+ <<: *container_job_definition
+ stage: containers-layer2
+ needs: ['amd64-debian10-container']
+ variables:
+ NAME: debian-powerpc-cross
+
+ppc64-debian-cross-container:
+ <<: *container_job_definition
+ stage: containers-layer2
+ needs: ['amd64-debian10-container']
+ variables:
+ NAME: debian-ppc64-cross
+
+ppc64el-debian-cross-container:
+ <<: *container_job_definition
+ stage: containers-layer2
+ needs: ['amd64-debian10-container']
+ variables:
+ NAME: debian-ppc64el-cross
+
+riscv64-debian-cross-container:
+ <<: *container_job_definition
+ stage: containers-layer2
+ needs: ['amd64-debian10-container']
+ variables:
+ NAME: debian-riscv64-cross
+
+s390x-debian-cross-container:
+ <<: *container_job_definition
+ stage: containers-layer2
+ needs: ['amd64-debian10-container']
+ variables:
+ NAME: debian-s390x-cross
+
+sh4-debian-cross-container:
+ <<: *container_job_definition
+ stage: containers-layer2
+ needs: ['amd64-debian10-container']
+ variables:
+ NAME: debian-sh4-cross
+
+sparc64-debian-cross-container:
+ <<: *container_job_definition
+ stage: containers-layer2
+ needs: ['amd64-debian10-container']
+ variables:
+ NAME: debian-sparc64-cross
+
+tricore-debian-cross-container:
+ <<: *container_job_definition
+ stage: containers-layer2
+ needs: ['amd64-debian9-container']
+ variables:
+ NAME: debian-tricore-cross
+
+win32-debian-cross-container:
+ <<: *container_job_definition
+ stage: containers-layer3
+ needs: ['amd64-debian9-mxe-container']
+ variables:
+ NAME: debian-win32-cross
+
+win64-debian-cross-container:
+ <<: *container_job_definition
+ stage: containers-layer3
+ needs: ['amd64-debian9-mxe-container']
+ variables:
+ NAME: debian-win64-cross
+
+xtensa-debian-cross-container:
+ <<: *container_job_definition
+ variables:
+ NAME: debian-xtensa-cross
+
+cris-fedora-cross-container:
+ <<: *container_job_definition
+ variables:
+ NAME: fedora-cris-cross
+
+amd64-fedora-container:
+ <<: *container_job_definition
+ variables:
+ NAME: fedora
+
+i386-fedora-cross-container:
+ <<: *container_job_definition
+ variables:
+ NAME: fedora-i386-cross
+
+amd64-ubuntu1804-container:
+ <<: *container_job_definition
+ variables:
+ NAME: ubuntu1804
+
+amd64-ubuntu2004-container:
+ <<: *container_job_definition
+ variables:
+ NAME: ubuntu2004
+
+amd64-ubuntu-container:
+ <<: *container_job_definition
+ variables:
+ NAME: ubuntu
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 9fdc752ea63..72d688875fd 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,10 +1,13 @@
stages:
- containers
+ - containers-layer2
+ - containers-layer3
- build
include:
- local: '/.gitlab-ci.d/edk2.yml'
- local: '/.gitlab-ci.d/opensbi.yml'
+ - local: '/.gitlab-ci.d/containers.yml'
.update_apt_template: &before_script_apt
before_script:
--
2.20.1
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [PATCH v4 22/40] gitlab: convert jobs to use custom built containers
2020-07-01 13:56 [PATCH v4 00/40] testing/next (vm, gitlab, fixes) Alex Bennée
` (20 preceding siblings ...)
2020-07-01 13:56 ` [PATCH v4 21/40] gitlab: build all container images during CI Alex Bennée
@ 2020-07-01 13:56 ` Alex Bennée
2020-07-01 13:56 ` [PATCH v4 23/40] gitlab: build containers with buildkit and metadata Alex Bennée
` (17 subsequent siblings)
39 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, Thomas Huth, berrange, Alex Bennée, richard.henderson,
f4bug, Wainer dos Santos Moschetta, Philippe Mathieu-Daudé,
cota, aurelien
From: Daniel P. Berrangé <berrange@redhat.com>
Now that we're building standard container images from
dockerfiles in tests/docker/dockerfiles, we can convert
the build jobs to use them. The key benefit of this is
that a contributor can now more easily replicate the CI
environment on their local machine. The container images
are cached too, so we are not spending time waiting for
the apt-get/dnf package installs to complete.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20200622153318.751107-4-berrange@redhat.com>
[AJB: tweak naming convention]
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Acked-by: Thomas Huth <thuth@redhat.com>
---
.gitlab-ci.yml | 187 +++++++++++++++++++++----------------------------
1 file changed, 81 insertions(+), 106 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 72d688875fd..a7abc55a5c6 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -9,133 +9,108 @@ include:
- local: '/.gitlab-ci.d/opensbi.yml'
- local: '/.gitlab-ci.d/containers.yml'
-.update_apt_template: &before_script_apt
- before_script:
- - apt-get update -qq
- - apt-get install -y -qq git gcc libglib2.0-dev libpixman-1-dev make
- genisoimage
- - JOBS=$(expr $(nproc) + 1)
-
-.update_dnf_template: &before_script_dnf
- before_script:
- - dnf update -y
- - dnf install -y bzip2 diffutils gcc git genisoimage findutils glib2-devel
- make python3 perl-podlators perl-Test-Harness pixman-devel zlib-devel
- - JOBS=$(expr $(nproc) + 1)
+.native_build_job_template: &native_build_job_definition
+ stage: build
+ image: $CI_REGISTRY_IMAGE/qemu/$IMAGE:latest
+ before_script:
+ - JOBS=$(expr $(nproc) + 1)
+ script:
+ - mkdir build
+ - cd build
+ - if test -n "$TARGETS";
+ then
+ ../configure --enable-werror $CONFIGURE_ARGS --target-list="$TARGETS" ;
+ else
+ ../configure --enable-werror $CONFIGURE_ARGS ;
+ fi
+ - make -j"$JOBS"
+ - make -j"$JOBS" $MAKE_CHECK_ARGS
build-system1:
- stage: build
- image: ubuntu:19.10
- <<: *before_script_apt
- script:
- - apt-get install -y -qq libgtk-3-dev libvte-dev nettle-dev libcacard-dev
- libusb-dev libvde-dev libspice-protocol-dev libgl1-mesa-dev libvdeplug-dev
- - mkdir build
- - cd build
- - ../configure --enable-werror --target-list="aarch64-softmmu alpha-softmmu
- cris-softmmu hppa-softmmu lm32-softmmu moxie-softmmu microblazeel-softmmu
- mips64el-softmmu m68k-softmmu ppc-softmmu riscv64-softmmu sparc-softmmu"
- - make -j"$JOBS"
- - make -j"$JOBS" check
+ <<: *native_build_job_definition
+ variables:
+ IMAGE: ubuntu2004
+ TARGETS: aarch64-softmmu alpha-softmmu cris-softmmu hppa-softmmu lm32-softmmu
+ moxie-softmmu microblazeel-softmmu mips64el-softmmu m68k-softmmu ppc-softmmu
+ riscv64-softmmu sparc-softmmu
+ MAKE_CHECK_ARGS: check
build-system2:
- stage: build
- image: fedora:latest
- <<: *before_script_dnf
- script:
- - yum install -y SDL2-devel libgcrypt-devel brlapi-devel libaio-devel
- libfdt-devel lzo-devel librdmacm-devel libibverbs-devel libibumad-devel
- libzstd-devel
- - mkdir build
- - cd build
- - ../configure --enable-werror --target-list="tricore-softmmu unicore32-softmmu
- microblaze-softmmu mips-softmmu riscv32-softmmu s390x-softmmu sh4-softmmu
- sparc64-softmmu x86_64-softmmu xtensa-softmmu nios2-softmmu or1k-softmmu"
- - make -j"$JOBS"
- - make -j"$JOBS" check
+ <<: *native_build_job_definition
+ variables:
+ IMAGE: fedora
+ TARGETS: tricore-softmmu unicore32-softmmu microblaze-softmmu mips-softmmu
+ riscv32-softmmu s390x-softmmu sh4-softmmu sparc64-softmmu x86_64-softmmu
+ xtensa-softmmu nios2-softmmu or1k-softmmu
+ MAKE_CHECK_ARGS: check
build-disabled:
- stage: build
- image: fedora:latest
- <<: *before_script_dnf
- script:
- - mkdir build
- - cd build
- - ../configure --enable-werror --disable-rdma --disable-slirp --disable-curl
+ <<: *native_build_job_definition
+ variables:
+ IMAGE: fedora
+ CONFIGURE_ARGS: --disable-rdma --disable-slirp --disable-curl
--disable-capstone --disable-live-block-migration --disable-glusterfs
--disable-replication --disable-coroutine-pool --disable-smartcard
--disable-guest-agent --disable-curses --disable-libxml2 --disable-tpm
--disable-qom-cast-debug --disable-spice --disable-vhost-vsock
--disable-vhost-net --disable-vhost-crypto --disable-vhost-user
- --target-list="i386-softmmu ppc64-softmmu mips64-softmmu i386-linux-user"
- - make -j"$JOBS"
- - make -j"$JOBS" check-qtest SPEED=slow
+ TARGETS: i386-softmmu ppc64-softmmu mips64-softmmu i386-linux-user
+ MAKE_CHECK_ARGS: check-qtest SPEED=slow
build-tcg-disabled:
- stage: build
- image: centos:8
- <<: *before_script_dnf
- script:
- - dnf install -y clang gtk3-devel libusbx-devel libgcrypt-devel
- - mkdir build
- - cd build
- - ../configure --cc=clang --enable-werror --disable-tcg --audio-drv-list=""
- - make -j"$JOBS"
- - make check-unit
- - make check-qapi-schema
- - cd tests/qemu-iotests/
- - ./check -raw 001 002 003 004 005 008 009 010 011 012 021 025 032 033 048
+ <<: *native_build_job_definition
+ variables:
+ IMAGE: centos8
+ script:
+ - mkdir build
+ - cd build
+ - ../configure --disable-tcg --audio-drv-list=""
+ - make -j"$JOBS"
+ - make check-unit
+ - make check-qapi-schema
+ - cd tests/qemu-iotests/
+ - ./check -raw 001 002 003 004 005 008 009 010 011 012 021 025 032 033 048
052 063 077 086 101 104 106 113 148 150 151 152 157 159 160 163
170 171 183 184 192 194 197 208 215 221 222 226 227 236 253 277
- - ./check -qcow2 028 051 056 057 058 065 067 068 082 085 091 095 096 102 122
+ - ./check -qcow2 028 051 056 057 058 065 067 068 082 085 091 095 096 102 122
124 132 139 142 144 145 151 152 155 157 165 194 196 197 200 202
208 209 215 216 218 222 227 234 246 247 248 250 254 255 257 258
260 261 262 263 264 270 272 273 277 279
build-user:
- stage: build
- <<: *before_script_apt
- script:
- - mkdir build
- - cd build
- - ../configure --enable-werror --disable-system --disable-guest-agent
- --disable-capstone --disable-slirp --disable-fdt
- - make -j"$JOBS"
- - make run-tcg-tests-i386-linux-user run-tcg-tests-x86_64-linux-user
+ <<: *native_build_job_definition
+ variables:
+ IMAGE: ubuntu2004
+ CONFIGURE_ARGS: --disable-system --disable-guest-agent
+ --disable-capstone --disable-slirp --disable-fdt
+ MAKE_CHECK_ARGS: run-tcg-tests-i386-linux-user run-tcg-tests-x86_64-linux-user
build-clang:
- stage: build
- image: fedora:latest
- <<: *before_script_dnf
- script:
- - yum install -y clang SDL2-devel libattr-devel libcap-ng-devel xfsprogs-devel
- libiscsi-devel libnfs-devel libseccomp-devel gnutls-devel librbd-devel
- - mkdir build
- - cd build
- - ../configure --cc=clang --cxx=clang++ --enable-werror
- --target-list="alpha-softmmu arm-softmmu m68k-softmmu mips64-softmmu
- ppc-softmmu s390x-softmmu x86_64-softmmu arm-linux-user"
- - make -j"$JOBS"
- - make -j"$JOBS" check
+ <<: *native_build_job_definition
+ variables:
+ IMAGE: fedora
+ CONFIGURE_ARGS: --cc=clang --cxx=clang++
+ TARGETS: alpha-softmmu arm-softmmu m68k-softmmu mips64-softmmu
+ ppc-softmmu s390x-softmmu x86_64-softmmu arm-linux-user
+ MAKE_CHECK_ARGS: check
build-tci:
- stage: build
- image: centos:8
- <<: *before_script_dnf
- script:
- - TARGETS="aarch64 alpha arm hppa m68k microblaze moxie ppc64 s390x x86_64"
- - mkdir build
- - cd build
- - ../configure --enable-tcg-interpreter
- --target-list="$(for tg in $TARGETS; do echo -n ${tg}'-softmmu '; done)"
- - make -j"$JOBS"
- - make run-tcg-tests-x86_64-softmmu
- - make tests/qtest/boot-serial-test tests/qtest/cdrom-test tests/qtest/pxe-test
- - for tg in $TARGETS ; do
- export QTEST_QEMU_BINARY="${tg}-softmmu/qemu-system-${tg}" ;
- ./tests/qtest/boot-serial-test || exit 1 ;
- ./tests/qtest/cdrom-test || exit 1 ;
- done
- - QTEST_QEMU_BINARY="x86_64-softmmu/qemu-system-x86_64" ./tests/qtest/pxe-test
- - QTEST_QEMU_BINARY="s390x-softmmu/qemu-system-s390x"
- ./tests/qtest/pxe-test -m slow
+ <<: *native_build_job_definition
+ variables:
+ IMAGE: fedora
+ script:
+ - TARGETS="aarch64 alpha arm hppa m68k microblaze moxie ppc64 s390x x86_64"
+ - mkdir build
+ - cd build
+ - ../configure --enable-tcg-interpreter
+ --target-list="$(for tg in $TARGETS; do echo -n ${tg}'-softmmu '; done)"
+ - make -j"$JOBS"
+ - make run-tcg-tests-x86_64-softmmu
+ - make tests/qtest/boot-serial-test tests/qtest/cdrom-test tests/qtest/pxe-test
+ - for tg in $TARGETS ; do
+ export QTEST_QEMU_BINARY="${tg}-softmmu/qemu-system-${tg}" ;
+ ./tests/qtest/boot-serial-test || exit 1 ;
+ ./tests/qtest/cdrom-test || exit 1 ;
+ done
+ - QTEST_QEMU_BINARY="x86_64-softmmu/qemu-system-x86_64" ./tests/qtest/pxe-test
+ - QTEST_QEMU_BINARY="s390x-softmmu/qemu-system-s390x" ./tests/qtest/pxe-test -m slow
--
2.20.1
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [PATCH v4 23/40] gitlab: build containers with buildkit and metadata
2020-07-01 13:56 [PATCH v4 00/40] testing/next (vm, gitlab, fixes) Alex Bennée
` (21 preceding siblings ...)
2020-07-01 13:56 ` [PATCH v4 22/40] gitlab: convert jobs to use custom built containers Alex Bennée
@ 2020-07-01 13:56 ` Alex Bennée
2020-07-01 13:56 ` [PATCH v4 24/40] tests/docker: add --registry support to tooling Alex Bennée
` (16 subsequent siblings)
39 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, berrange, Alex Bennée, richard.henderson, f4bug, cota,
aurelien
According to the documentation to be able to use --cache-from for
remote registries you need to enable both buildkit and inline the
metadata. We want to do this to support pulling from gitlab when users
build their local docker images.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
---
.gitlab-ci.d/containers.yml | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/.gitlab-ci.d/containers.yml b/.gitlab-ci.d/containers.yml
index 2afd01f1d17..f353359fd8b 100644
--- a/.gitlab-ci.d/containers.yml
+++ b/.gitlab-ci.d/containers.yml
@@ -11,7 +11,9 @@
script:
- docker pull "$TAG" || docker pull "$COMMON_TAG" || true
- sed -i -e "s,FROM qemu/,FROM $CI_REGISTRY_IMAGE/qemu/," tests/docker/dockerfiles/$NAME.docker
- - docker build --cache-from "$TAG" --cache-from "$COMMON_TAG" --tag "$TAG" -f "tests/docker/dockerfiles/$NAME.docker" tests/docker/dockerfiles
+ - DOCKER_BUILDKIT=1 docker build --cache-from "$TAG" --cache-from "$COMMON_TAG" --tag "$TAG"
+ --build-arg BUILDKIT_INLINE_CACHE=1
+ -f "tests/docker/dockerfiles/$NAME.docker" tests/docker/dockerfiles
- docker push "$TAG"
after_script:
- docker logout
--
2.20.1
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [PATCH v4 24/40] tests/docker: add --registry support to tooling
2020-07-01 13:56 [PATCH v4 00/40] testing/next (vm, gitlab, fixes) Alex Bennée
` (22 preceding siblings ...)
2020-07-01 13:56 ` [PATCH v4 23/40] gitlab: build containers with buildkit and metadata Alex Bennée
@ 2020-07-01 13:56 ` Alex Bennée
2020-07-01 13:56 ` [PATCH v4 25/40] tests/docker: add packages needed for check-acceptance Alex Bennée
` (15 subsequent siblings)
39 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, berrange, Alex Bennée, richard.henderson, f4bug,
Philippe Mathieu-Daudé,
cota, aurelien
This allows us to point the tools towards a registry from which they
can grab pre-built layers instead of doing everything from scratch
each time. To enable this we need to be using the DOCKER_BUILDKIT
engine.
[AJB: note registry.gitlab.com/stsquad/qemu is for my testing, the
final version will see DOCKER_REGISTRY default to registry.gitlab.com/qemu-project/qemu]
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
---
v2
- add a pull stage to pull images from the registry
- enable BUILDKIT and BUILDKIT_INLINE_CACHE
- don't invoke BUILDKIT on Travis
v4
- Don't pass --registry in the NOCACHE case
- precalc checksum before doing any replace steps
---
tests/docker/Makefile.include | 6 ++++-
tests/docker/docker.py | 44 ++++++++++++++++++++++++++++++-----
2 files changed, 43 insertions(+), 7 deletions(-)
diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
index e23b4af20ea..977d8ff6e40 100644
--- a/tests/docker/Makefile.include
+++ b/tests/docker/Makefile.include
@@ -13,6 +13,7 @@ DOCKER_IMAGES := $(sort $(notdir $(basename $(wildcard $(DOCKER_FILES_DIR)/*.doc
DOCKER_TARGETS := $(patsubst %,docker-image-%,$(DOCKER_IMAGES))
# Use a global constant ccache directory to speed up repetitive builds
DOCKER_CCACHE_DIR := $$HOME/.cache/qemu-docker-ccache
+DOCKER_REGISTRY := $(if $(REGISTRY),$(REGISTRY),registry.gitlab.com/stsquad/qemu)
DOCKER_TESTS := $(notdir $(shell \
find $(SRC_PATH)/tests/docker/ -name 'test-*' -type f))
@@ -56,7 +57,9 @@ else
docker-image-%: $(DOCKER_FILES_DIR)/%.docker
$(call quiet-command,\
$(DOCKER_SCRIPT) build -t qemu/$* -f $< \
- $(if $V,,--quiet) $(if $(NOCACHE),--no-cache) \
+ $(if $V,,--quiet) \
+ $(if $(NOCACHE),--no-cache, \
+ $(if $(DOCKER_REGISTRY),--registry $(DOCKER_REGISTRY))) \
$(if $(NOUSER),,--add-current-user) \
$(if $(EXTRA_FILES),--extra-files $(EXTRA_FILES))\
$(if $(EXECUTABLE),--include-executable=$(EXECUTABLE)),\
@@ -213,6 +216,7 @@ endif
@echo ' Include extra files in image.'
@echo ' ENGINE=auto/docker/podman'
@echo ' Specify which container engine to run.'
+ @echo ' REGISTRY=url Cache builds from registry (default:$(DOCKER_REGISTRY))'
# This rule if for directly running against an arbitrary docker target.
# It is called by the expanded docker targets (e.g. make
diff --git a/tests/docker/docker.py b/tests/docker/docker.py
index cc6f76caa60..9684f07bdeb 100755
--- a/tests/docker/docker.py
+++ b/tests/docker/docker.py
@@ -221,6 +221,13 @@ class Docker(object):
""" Running Docker commands """
def __init__(self):
self._command = _guess_engine_command()
+
+ if "docker" in self._command and "TRAVIS" not in os.environ:
+ os.environ["DOCKER_BUILDKIT"] = "1"
+ self._buildkit = True
+ else:
+ self._buildkit = False
+
self._instance = None
atexit.register(self._kill_instances)
signal.signal(signal.SIGTERM, self._kill_instances)
@@ -289,10 +296,24 @@ class Docker(object):
return labels.get("com.qemu.dockerfile-checksum", "")
def build_image(self, tag, docker_dir, dockerfile,
- quiet=True, user=False, argv=None, extra_files_cksum=[]):
+ quiet=True, user=False, argv=None, registry=None,
+ extra_files_cksum=[]):
if argv is None:
argv = []
+ # pre-calculate the docker checksum before any
+ # substitutions we make for caching
+ checksum = _text_checksum(_dockerfile_preprocess(dockerfile))
+
+ if registry is not None:
+ dockerfile = dockerfile.replace("FROM qemu/",
+ "FROM %s/qemu/" %
+ (registry))
+ # see if we can fetch a cache copy, may fail...
+ pull_args = ["pull", "%s/%s" % (registry, tag)]
+ self._do(pull_args, quiet=quiet)
+
+
tmp_df = tempfile.NamedTemporaryFile(mode="w+t",
encoding='utf-8',
dir=docker_dir, suffix=".docker")
@@ -306,15 +327,23 @@ class Docker(object):
(uname, uid, uname))
tmp_df.write("\n")
- tmp_df.write("LABEL com.qemu.dockerfile-checksum=%s" %
- _text_checksum(_dockerfile_preprocess(dockerfile)))
+ tmp_df.write("LABEL com.qemu.dockerfile-checksum=%s" % (checksum))
for f, c in extra_files_cksum:
tmp_df.write("LABEL com.qemu.%s-checksum=%s" % (f, c))
tmp_df.flush()
- self._do_check(["build", "-t", tag, "-f", tmp_df.name] + argv +
- [docker_dir],
+ build_args = ["build", "-t", tag, "-f", tmp_df.name]
+ if self._buildkit:
+ build_args += ["--build-arg", "BUILDKIT_INLINE_CACHE=1"]
+
+ if registry is not None:
+ cache = "%s/%s" % (registry, tag)
+ build_args += ["--cache-from", cache]
+ build_args += argv
+ build_args += [docker_dir]
+
+ self._do_check(build_args,
quiet=quiet)
def update_image(self, tag, tarball, quiet=True):
@@ -403,6 +432,8 @@ class BuildCommand(SubCommand):
parser.add_argument("--add-current-user", "-u", dest="user",
action="store_true",
help="Add the current user to image's passwd")
+ parser.add_argument("--registry", "-r",
+ help="cache from docker registry")
parser.add_argument("-t", dest="tag",
help="Image Tag")
parser.add_argument("-f", dest="dockerfile",
@@ -458,7 +489,8 @@ class BuildCommand(SubCommand):
for k, v in os.environ.items()
if k.lower() in FILTERED_ENV_NAMES]
dkr.build_image(tag, docker_dir, dockerfile,
- quiet=args.quiet, user=args.user, argv=argv,
+ quiet=args.quiet, user=args.user,
+ argv=argv, registry=args.registry,
extra_files_cksum=cksum)
rmtree(docker_dir)
--
2.20.1
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [PATCH v4 25/40] tests/docker: add packages needed for check-acceptance
2020-07-01 13:56 [PATCH v4 00/40] testing/next (vm, gitlab, fixes) Alex Bennée
` (23 preceding siblings ...)
2020-07-01 13:56 ` [PATCH v4 24/40] tests/docker: add --registry support to tooling Alex Bennée
@ 2020-07-01 13:56 ` Alex Bennée
2020-07-01 13:56 ` [PATCH v4 26/40] tests/acceptance: skip s390x_ccw_vrtio_tcg on GitLab Alex Bennée
` (14 subsequent siblings)
39 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, Thomas Huth, berrange, Alex Bennée, richard.henderson,
f4bug, Philippe Mathieu-Daudé,
cota, aurelien
We need additional python packages to run check-acceptance. Add them
to the docker images we will be using later.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
---
tests/docker/dockerfiles/fedora.docker | 7 +++++++
tests/docker/dockerfiles/ubuntu2004.docker | 10 +++++++++-
2 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/tests/docker/dockerfiles/fedora.docker b/tests/docker/dockerfiles/fedora.docker
index 798ddd2c3e0..70b6186bd3e 100644
--- a/tests/docker/dockerfiles/fedora.docker
+++ b/tests/docker/dockerfiles/fedora.docker
@@ -80,7 +80,12 @@ ENV PACKAGES \
pixman-devel \
python3 \
python3-PyYAML \
+ python3-numpy \
+ python3-opencv \
+ python3-pillow \
+ python3-pip \
python3-sphinx \
+ python3-virtualenv \
rdma-core-devel \
SDL2-devel \
snappy-devel \
@@ -89,6 +94,8 @@ ENV PACKAGES \
systemd-devel \
systemtap-sdt-devel \
tar \
+ tesseract \
+ tesseract-langpack-eng \
texinfo \
usbredir-devel \
virglrenderer-devel \
diff --git a/tests/docker/dockerfiles/ubuntu2004.docker b/tests/docker/dockerfiles/ubuntu2004.docker
index 6050ce7e8a8..f7aac840bf8 100644
--- a/tests/docker/dockerfiles/ubuntu2004.docker
+++ b/tests/docker/dockerfiles/ubuntu2004.docker
@@ -46,9 +46,17 @@ ENV PACKAGES flex bison \
libxen-dev \
libzstd-dev \
make \
- python3-yaml \
+ python3-numpy \
+ python3-opencv \
+ python3-pil \
+ python3-pip \
python3-sphinx \
+ python3-venv \
+ python3-yaml \
+ rpm2cpio \
sparse \
+ tesseract-ocr \
+ tesseract-ocr-eng \
texinfo \
xfslibs-dev\
vim
--
2.20.1
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [PATCH v4 26/40] tests/acceptance: skip s390x_ccw_vrtio_tcg on GitLab
2020-07-01 13:56 [PATCH v4 00/40] testing/next (vm, gitlab, fixes) Alex Bennée
` (24 preceding siblings ...)
2020-07-01 13:56 ` [PATCH v4 25/40] tests/docker: add packages needed for check-acceptance Alex Bennée
@ 2020-07-01 13:56 ` Alex Bennée
2020-07-01 13:56 ` [PATCH v4 27/40] tests/acceptance: fix dtb path for machine_rx_gdbsim Alex Bennée
` (13 subsequent siblings)
39 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, Thomas Huth, berrange, Alex Bennée, Cornelia Huck,
richard.henderson, f4bug, Wainer dos Santos Moschetta,
Philippe Mathieu-Daudé, open list:S390 general arch...,
cota, Cleber Rosa, aurelien
Currently the test takes more the 900 seconds on GitLab and then times
out. Running on Travis seems to be OK.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
---
tests/acceptance/boot_linux.py | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tests/acceptance/boot_linux.py b/tests/acceptance/boot_linux.py
index 3aa57e88b0b..0055dc7cee7 100644
--- a/tests/acceptance/boot_linux.py
+++ b/tests/acceptance/boot_linux.py
@@ -20,6 +20,7 @@ from avocado.utils import network
from avocado.utils import vmimage
from avocado.utils import datadrainer
from avocado.utils.path import find_command
+from avocado import skipIf
ACCEL_NOT_AVAILABLE_FMT = "%s accelerator does not seem to be available"
KVM_NOT_AVAILABLE = ACCEL_NOT_AVAILABLE_FMT % "KVM"
@@ -220,6 +221,7 @@ class BootLinuxS390X(BootLinux):
chksum = '4caaab5a434fd4d1079149a072fdc7891e354f834d355069ca982fdcaf5a122d'
+ @skipIf(os.getenv('GITLAB_CI'), 'Running on GitLab')
def test_s390_ccw_virtio_tcg(self):
"""
:avocado: tags=machine:s390-ccw-virtio
--
2.20.1
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [PATCH v4 27/40] tests/acceptance: fix dtb path for machine_rx_gdbsim
2020-07-01 13:56 [PATCH v4 00/40] testing/next (vm, gitlab, fixes) Alex Bennée
` (25 preceding siblings ...)
2020-07-01 13:56 ` [PATCH v4 26/40] tests/acceptance: skip s390x_ccw_vrtio_tcg on GitLab Alex Bennée
@ 2020-07-01 13:56 ` Alex Bennée
2020-07-01 15:55 ` Philippe Mathieu-Daudé
2020-07-01 13:56 ` [PATCH v4 28/40] tests/acceptance: skip multicore mips_malta tests on GitLab Alex Bennée
` (12 subsequent siblings)
39 siblings, 1 reply; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, berrange, Yoshinori Sato, Alex Bennée,
richard.henderson, f4bug, Wainer dos Santos Moschetta,
Philippe Mathieu-Daudé,
cota, Cleber Rosa, aurelien
The old path doesn't exist but the rx-virt.dtb file has the same
checksum so lets use that.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
---
tests/acceptance/machine_rx_gdbsim.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/acceptance/machine_rx_gdbsim.py b/tests/acceptance/machine_rx_gdbsim.py
index a44f2c87da0..bff63e421d5 100644
--- a/tests/acceptance/machine_rx_gdbsim.py
+++ b/tests/acceptance/machine_rx_gdbsim.py
@@ -50,7 +50,7 @@ class RxGdbSimMachine(Test):
:avocado: tags=machine:gdbsim-r5f562n7
:avocado: tags=endian:little
"""
- dtb_url = ('https://acc.dl.osdn.jp/users/23/23887/rx-qemu.dtb')
+ dtb_url = ('https://acc.dl.osdn.jp/users/23/23887/rx-virt.dtb')
dtb_hash = '7b4e4e2c71905da44e86ce47adee2210b026ac18'
dtb_path = self.fetch_asset(dtb_url, asset_hash=dtb_hash)
kernel_url = ('http://acc.dl.osdn.jp/users/23/23845/zImage')
--
2.20.1
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [PATCH v4 28/40] tests/acceptance: skip multicore mips_malta tests on GitLab
2020-07-01 13:56 [PATCH v4 00/40] testing/next (vm, gitlab, fixes) Alex Bennée
` (26 preceding siblings ...)
2020-07-01 13:56 ` [PATCH v4 27/40] tests/acceptance: fix dtb path for machine_rx_gdbsim Alex Bennée
@ 2020-07-01 13:56 ` Alex Bennée
2020-07-01 15:56 ` Philippe Mathieu-Daudé
2020-07-02 1:05 ` Aleksandar Markovic
2020-07-01 13:56 ` [PATCH v4 29/40] tests/acceptance: skip LinuxInitrd 2gib with v4.16 " Alex Bennée
` (11 subsequent siblings)
39 siblings, 2 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, Aleksandar Rikalo, berrange, Alex Bennée,
richard.henderson, f4bug, Wainer dos Santos Moschetta,
Philippe Mathieu-Daudé,
Aleksandar Markovic, cota, Cleber Rosa, aurelien
For some reason these tests fail all the time on GitLab. I can
re-create the hang around 3% of the time locally but it doesn't seem
to be MTTCG related. For now skipIf on GITLAB_CI.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Cc: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
---
tests/acceptance/machine_mips_malta.py | 3 +++
1 file changed, 3 insertions(+)
diff --git a/tests/acceptance/machine_mips_malta.py b/tests/acceptance/machine_mips_malta.py
index 92b4f28a112..7c9a4ee4d2d 100644
--- a/tests/acceptance/machine_mips_malta.py
+++ b/tests/acceptance/machine_mips_malta.py
@@ -15,6 +15,7 @@ from avocado import skipUnless
from avocado_qemu import Test
from avocado_qemu import wait_for_console_pattern
from avocado.utils import archive
+from avocado import skipIf
NUMPY_AVAILABLE = True
@@ -99,6 +100,7 @@ class MaltaMachineFramebuffer(Test):
"""
self.do_test_i6400_framebuffer_logo(1)
+ @skipIf(os.getenv('GITLAB_CI'), 'Running on GitLab')
def test_mips_malta_i6400_framebuffer_logo_7cores(self):
"""
:avocado: tags=arch:mips64el
@@ -108,6 +110,7 @@ class MaltaMachineFramebuffer(Test):
"""
self.do_test_i6400_framebuffer_logo(7)
+ @skipIf(os.getenv('GITLAB_CI'), 'Running on GitLab')
def test_mips_malta_i6400_framebuffer_logo_8cores(self):
"""
:avocado: tags=arch:mips64el
--
2.20.1
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [PATCH v4 29/40] tests/acceptance: skip LinuxInitrd 2gib with v4.16 on GitLab
2020-07-01 13:56 [PATCH v4 00/40] testing/next (vm, gitlab, fixes) Alex Bennée
` (27 preceding siblings ...)
2020-07-01 13:56 ` [PATCH v4 28/40] tests/acceptance: skip multicore mips_malta tests on GitLab Alex Bennée
@ 2020-07-01 13:56 ` Alex Bennée
2020-07-01 15:57 ` Philippe Mathieu-Daudé
2020-07-01 13:56 ` [PATCH v4 30/40] gitlab: add acceptance testing to system builds Alex Bennée
` (10 subsequent siblings)
39 siblings, 1 reply; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, berrange, Alex Bennée, richard.henderson, f4bug,
Wainer dos Santos Moschetta, Philippe Mathieu-Daudé,
cota, Cleber Rosa, aurelien
This fails on GitLab but not when run locally on the same container
image. It's very confusing.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
---
tests/acceptance/linux_initrd.py | 3 +++
1 file changed, 3 insertions(+)
diff --git a/tests/acceptance/linux_initrd.py b/tests/acceptance/linux_initrd.py
index a3e54d3fc91..a249e2f14a2 100644
--- a/tests/acceptance/linux_initrd.py
+++ b/tests/acceptance/linux_initrd.py
@@ -8,10 +8,12 @@
# This work is licensed under the terms of the GNU GPL, version 2 or
# later. See the COPYING file in the top-level directory.
+import os
import logging
import tempfile
from avocado_qemu import Test
+from avocado import skipIf
class LinuxInitrd(Test):
@@ -51,6 +53,7 @@ class LinuxInitrd(Test):
max_size + 1)
self.assertRegex(self.vm.get_log(), expected_msg)
+ @skipIf(os.getenv('GITLAB_CI'), 'Running on GitLab')
def test_with_2gib_file_should_work_with_linux_v4_16(self):
"""
QEMU has supported up to 4 GiB initrd for recent kernel
--
2.20.1
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [PATCH v4 30/40] gitlab: add acceptance testing to system builds
2020-07-01 13:56 [PATCH v4 00/40] testing/next (vm, gitlab, fixes) Alex Bennée
` (28 preceding siblings ...)
2020-07-01 13:56 ` [PATCH v4 29/40] tests/acceptance: skip LinuxInitrd 2gib with v4.16 " Alex Bennée
@ 2020-07-01 13:56 ` Alex Bennée
2020-07-01 13:56 ` [PATCH v4 31/40] tests/tcg: add more default compilers to configure.sh Alex Bennée
` (9 subsequent siblings)
39 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, Thomas Huth, berrange, Alex Bennée, richard.henderson,
f4bug, Wainer dos Santos Moschetta, Philippe Mathieu-Daudé,
cota, aurelien
As part of migrating things from Travis to GitLab add the acceptance
tests. To do this:
- rename system1 to system-ubuntu-main
- rename system2 to system-fedora-misc
- split into build/check/acceptance
- remove -j from check stages
- use artifacts to save build stage
- add post acceptance template and use
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200622143204.12921-16-alex.bennee@linaro.org>
---
v2
- updated with danp's docker changes
- use needs instead of dependancies
- touch all the build files to prevent rebuild
v4
- fix misnamed check stage
- don't use : in stage names
- restore *post_acceptance post_script
- don't failfast on GITLAB_CI
---
.gitlab-ci.yml | 69 ++++++++++++++++++++++++++++++++++++++++--
.travis.yml | 23 --------------
tests/Makefile.include | 2 +-
3 files changed, 67 insertions(+), 27 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index a7abc55a5c6..93baf98232d 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,8 +1,12 @@
+# Currently we have two build stages after our containers are built:
+# - build (for traditional build and test or first stage build)
+# - test (for test stages, using build artefacts from a build stage)
stages:
- containers
- containers-layer2
- containers-layer3
- build
+ - test
include:
- local: '/.gitlab-ci.d/edk2.yml'
@@ -24,26 +28,85 @@ include:
../configure --enable-werror $CONFIGURE_ARGS ;
fi
- make -j"$JOBS"
- - make -j"$JOBS" $MAKE_CHECK_ARGS
+ - if test -n "$MAKE_CHECK_ARGS";
+ then
+ make $MAKE_CHECK_ARGS ;
+ fi
+
+.native_test_job_template: &native_test_job_definition
+ stage: test
+ image: $CI_REGISTRY_IMAGE/qemu/$IMAGE:latest
+ script:
+ - cd build
+ - find . -type f -exec touch {} +
+ - make $MAKE_CHECK_ARGS
+
+.post_acceptance_template: &post_acceptance
+ after_script:
+ - cd build
+ - python3 -c 'import json; r = json.load(open("tests/results/latest/results.json")); [print(t["logfile"]) for t in r["tests"] if t["status"] not in ("PASS", "SKIP")]' | xargs cat
+ - du -chs $HOME/avocado/data/cache
-build-system1:
+build-system-ubuntu-main:
<<: *native_build_job_definition
variables:
IMAGE: ubuntu2004
TARGETS: aarch64-softmmu alpha-softmmu cris-softmmu hppa-softmmu lm32-softmmu
moxie-softmmu microblazeel-softmmu mips64el-softmmu m68k-softmmu ppc-softmmu
riscv64-softmmu sparc-softmmu
+ artifacts:
+ paths:
+ - build
+
+check-system-ubuntu-main:
+ <<: *native_test_job_definition
+ needs:
+ - job: build-system-ubuntu-main
+ artifacts: true
+ variables:
+ IMAGE: ubuntu2004
MAKE_CHECK_ARGS: check
-build-system2:
+acceptance-system-ubuntu-main:
+ <<: *native_test_job_definition
+ needs:
+ - job: build-system-ubuntu-main
+ artifacts: true
+ variables:
+ IMAGE: ubuntu2004
+ MAKE_CHECK_ARGS: check-acceptance
+ <<: *post_acceptance
+
+build-system-fedora-alt:
<<: *native_build_job_definition
variables:
IMAGE: fedora
TARGETS: tricore-softmmu unicore32-softmmu microblaze-softmmu mips-softmmu
riscv32-softmmu s390x-softmmu sh4-softmmu sparc64-softmmu x86_64-softmmu
xtensa-softmmu nios2-softmmu or1k-softmmu
+ artifacts:
+ paths:
+ - build
+
+check-system-fedora-alt:
+ <<: *native_test_job_definition
+ needs:
+ - job: build-system-fedora-alt
+ artifacts: true
+ variables:
+ IMAGE: fedora
MAKE_CHECK_ARGS: check
+acceptance-system-fedora-alt:
+ <<: *native_test_job_definition
+ needs:
+ - job: build-system-fedora-alt
+ artifacts: true
+ variables:
+ IMAGE: fedora
+ MAKE_CHECK_ARGS: check-acceptance
+ <<: *post_acceptance
+
build-disabled:
<<: *native_build_job_definition
variables:
diff --git a/.travis.yml b/.travis.yml
index 74158f741b1..c24dfbe377f 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -289,29 +289,6 @@ jobs:
python: 3.6
- # Acceptance (Functional) tests
- - name: "GCC check-acceptance"
- dist: bionic
- env:
- - CONFIG="--enable-tools --target-list=aarch64-softmmu,alpha-softmmu,arm-softmmu,m68k-softmmu,microblaze-softmmu,mips-softmmu,mips64el-softmmu,nios2-softmmu,or1k-softmmu,ppc-softmmu,ppc64-softmmu,s390x-softmmu,sh4-softmmu,sparc-softmmu,x86_64-softmmu,xtensa-softmmu"
- - TEST_CMD="make check-acceptance"
- - CACHE_NAME="${TRAVIS_BRANCH}-linux-gcc-acceptance"
- after_script:
- - python3 -c 'import json; r = json.load(open("tests/results/latest/results.json")); [print(t["logfile"]) for t in r["tests"] if t["status"] not in ("PASS", "SKIP")]' | xargs cat
- - du -chs $HOME/avocado/data/cache
- addons:
- apt:
- packages:
- - python3-pil
- - python3-pip
- - python3-numpy
- - python3-opencv
- - python3-venv
- - rpm2cpio
- - tesseract-ocr
- - tesseract-ocr-eng
-
-
# Using newer GCC with sanitizers
- name: "GCC9 with sanitizers (softmmu)"
addons:
diff --git a/tests/Makefile.include b/tests/Makefile.include
index 3f4448a20bc..c316e0d6647 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -944,7 +944,7 @@ check-acceptance: check-venv $(TESTS_RESULTS_DIR) get-vm-images
--show=$(AVOCADO_SHOW) run --job-results-dir=$(TESTS_RESULTS_DIR) \
--filter-by-tags-include-empty --filter-by-tags-include-empty-key \
$(AVOCADO_TAGS) \
- --failfast=on tests/acceptance, \
+ $(if $(GITLAB_CI),,--failfast=on) tests/acceptance, \
"AVOCADO", "tests/acceptance")
# Consolidated targets
--
2.20.1
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [PATCH v4 31/40] tests/tcg: add more default compilers to configure.sh
2020-07-01 13:56 [PATCH v4 00/40] testing/next (vm, gitlab, fixes) Alex Bennée
` (29 preceding siblings ...)
2020-07-01 13:56 ` [PATCH v4 30/40] gitlab: add acceptance testing to system builds Alex Bennée
@ 2020-07-01 13:56 ` Alex Bennée
2020-07-01 13:56 ` [PATCH v4 32/40] tests/docker: add a linux-user testing focused image Alex Bennée
` (8 subsequent siblings)
39 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, berrange, Alex Bennée, richard.henderson, f4bug, cota,
aurelien
We were missing a bunch of compilers which we could use if they were
locally installed. The defaults are based on Debian as they seem to be
the best distro for well distributed cross-build compilers.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
---
tests/tcg/configure.sh | 19 ++++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/tests/tcg/configure.sh b/tests/tcg/configure.sh
index 2326f978562..37e49736ca4 100755
--- a/tests/tcg/configure.sh
+++ b/tests/tcg/configure.sh
@@ -46,20 +46,29 @@ fi
: ${cross_cc_aarch64="aarch64-linux-gnu-gcc"}
: ${cross_cc_aarch64_be="$cross_cc_aarch64"}
: ${cross_cc_cflags_aarch64_be="-mbig-endian"}
+: $(cross_cc_alpha="alpha-linux-gnu-gcc")
: ${cross_cc_arm="arm-linux-gnueabihf-gcc"}
: ${cross_cc_cflags_armeb="-mbig-endian"}
+: ${cross_cc_hppa="hppa-linux-gnu-gcc"}
: ${cross_cc_i386="i386-pc-linux-gnu-gcc"}
: ${cross_cc_cflags_i386="-m32"}
-: ${cross_cc_x86_64="x86_64-pc-linux-gnu-gcc"}
-: ${cross_cc_cflags_x86_64="-m64"}
+: ${cross_cc_m68k="m68k-linux-gnu-gcc"}
+: $(cross_cc_mips64el="mips64el-linux-gnuabi64-gcc")
+: $(cross_cc_mips64="mips64-linux-gnuabi64-gcc")
+: $(cross_cc_mipsel="mipsel-linux-gnu-gcc")
+: $(cross_cc_mips="mips-linux-gnu-gcc")
: ${cross_cc_ppc="powerpc-linux-gnu-gcc"}
: ${cross_cc_cflags_ppc="-m32"}
-: ${cross_cc_ppc64="powerpc-linux-gnu-gcc"}
-: ${cross_cc_cflags_ppc64="-m64"}
+: ${cross_cc_ppc64="powerpc64-linux-gnu-gcc"}
: ${cross_cc_ppc64le="powerpc64le-linux-gnu-gcc"}
-: ${cross_cc_cflags_s390x="-m64"}
+: $(cross_cc_riscv64="riscv64-linux-gnu-gcc")
+: ${cross_cc_s390x="s390x-linux-gnu-gcc"}
+: $(cross_cc_sh4="sh4-linux-gnu-gcc")
: ${cross_cc_cflags_sparc="-m32 -mv8plus -mcpu=ultrasparc"}
+: ${cross_cc_sparc64="sparc64-linux-gnu-gcc"}
: ${cross_cc_cflags_sparc64="-m64 -mcpu=ultrasparc"}
+: ${cross_cc_x86_64="x86_64-pc-linux-gnu-gcc"}
+: ${cross_cc_cflags_x86_64="-m64"}
for target in $target_list; do
arch=${target%%-*}
--
2.20.1
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [PATCH v4 32/40] tests/docker: add a linux-user testing focused image
2020-07-01 13:56 [PATCH v4 00/40] testing/next (vm, gitlab, fixes) Alex Bennée
` (30 preceding siblings ...)
2020-07-01 13:56 ` [PATCH v4 31/40] tests/tcg: add more default compilers to configure.sh Alex Bennée
@ 2020-07-01 13:56 ` Alex Bennée
2020-07-01 13:56 ` [PATCH v4 33/40] linux-user/elfload: use MAP_FIXED_NOREPLACE in pgb_reserved_va Alex Bennée
` (7 subsequent siblings)
39 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, berrange, Alex Bennée, richard.henderson, f4bug,
Philippe Mathieu-Daudé,
cota, aurelien
We happily use all the cross images for both cross-building QEMU as
well as building the linux-user tests. However calling docker from
within docker seems not to work. As we can build in Debian anyway why
not include an image that has all the compilers available for
non-docker invocation.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
.gitlab-ci.d/containers.yml | 7 +++
tests/docker/Makefile.include | 1 +
.../dockerfiles/debian-all-test-cross.docker | 53 +++++++++++++++++++
3 files changed, 61 insertions(+)
create mode 100644 tests/docker/dockerfiles/debian-all-test-cross.docker
diff --git a/.gitlab-ci.d/containers.yml b/.gitlab-ci.d/containers.yml
index f353359fd8b..a7621c4204c 100644
--- a/.gitlab-ci.d/containers.yml
+++ b/.gitlab-ci.d/containers.yml
@@ -64,6 +64,13 @@ amd64-debian-cross-container:
variables:
NAME: debian-amd64-cross
+amd64-debian-user-cross-container:
+ <<: *container_job_definition
+ stage: containers-layer2
+ needs: ['amd64-debian10-container']
+ variables:
+ NAME: debian-all-test-cross
+
amd64-debian-container:
<<: *container_job_definition
stage: containers-layer2
diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
index 977d8ff6e40..8406d039858 100644
--- a/tests/docker/Makefile.include
+++ b/tests/docker/Makefile.include
@@ -134,6 +134,7 @@ docker-image-travis: NOUSER=1
# Specialist build images, sometimes very limited tools
docker-image-debian-tricore-cross: docker-image-debian9
+docker-image-debian-all-test-cross: docker-image-debian10
docker-image-debian-arm64-test-cross: docker-image-debian11
# These images may be good enough for building tests but not for test builds
diff --git a/tests/docker/dockerfiles/debian-all-test-cross.docker b/tests/docker/dockerfiles/debian-all-test-cross.docker
new file mode 100644
index 00000000000..dedcea58b46
--- /dev/null
+++ b/tests/docker/dockerfiles/debian-all-test-cross.docker
@@ -0,0 +1,53 @@
+#
+# Docker all cross-compiler target (tests only)
+#
+# While the normal cross builds take care to setup proper multiarch
+# build environments which can cross build QEMU this just installs the
+# basic compilers for as many targets as possible. We shall use this
+# to build and run linux-user tests on GitLab
+#
+FROM qemu/debian10
+
+# What we need to build QEMU itself
+RUN apt update && \
+ DEBIAN_FRONTEND=noninteractive eatmydata \
+ apt build-dep -yy qemu
+
+# Add the foreign architecture we want and install dependencies
+RUN DEBIAN_FRONTEND=noninteractive eatmydata \
+ apt install -y --no-install-recommends \
+ gcc-aarch64-linux-gnu \
+ libc6-dev-arm64-cross \
+ gcc-alpha-linux-gnu \
+ libc6.1-dev-alpha-cross \
+ gcc-arm-linux-gnueabihf \
+ libc6-dev-armhf-cross \
+ gcc-hppa-linux-gnu \
+ libc6-dev-hppa-cross \
+ gcc-m68k-linux-gnu \
+ libc6-dev-m68k-cross \
+ gcc-mips-linux-gnu \
+ libc6-dev-mips-cross \
+ gcc-mips64-linux-gnuabi64 \
+ libc6-dev-mips64-cross \
+ gcc-mips64el-linux-gnuabi64 \
+ libc6-dev-mips64el-cross \
+ gcc-mipsel-linux-gnu \
+ libc6-dev-mipsel-cross \
+ gcc-powerpc-linux-gnu \
+ libc6-dev-powerpc-cross \
+ gcc-powerpc64-linux-gnu \
+ libc6-dev-ppc64-cross \
+ gcc-powerpc64le-linux-gnu \
+ libc6-dev-ppc64el-cross \
+ gcc-riscv64-linux-gnu \
+ libc6-dev-riscv64-cross \
+ gcc-s390x-linux-gnu \
+ libc6-dev-s390x-cross \
+ gcc-sh4-linux-gnu \
+ libc6-dev-sh4-cross \
+ gcc-sparc64-linux-gnu \
+ libc6-dev-sparc64-cross
+
+ENV QEMU_CONFIGURE_OPTS --disable-system --disable-docs --disable-tools
+ENV DEF_TARGET_LIST aarch64-linux-user,alpha-linux-user,arm-linux-user,hppa-linux-user,i386-linux-user,m68k-linux-user,mips-linux-user,mips64-linux-user,mips64el-linux-user,mipsel-linux-user,ppc-linux-user,ppc64-linux-user,ppc64le-linux-user,riscv64-linux-user,s390x-linux-user,sh4-linux-user,sparc64-linux-user
--
2.20.1
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [PATCH v4 33/40] linux-user/elfload: use MAP_FIXED_NOREPLACE in pgb_reserved_va
2020-07-01 13:56 [PATCH v4 00/40] testing/next (vm, gitlab, fixes) Alex Bennée
` (31 preceding siblings ...)
2020-07-01 13:56 ` [PATCH v4 32/40] tests/docker: add a linux-user testing focused image Alex Bennée
@ 2020-07-01 13:56 ` Alex Bennée
2020-07-01 13:56 ` [PATCH v4 34/40] gitlab: enable check-tcg for linux-user tests Alex Bennée
` (6 subsequent siblings)
39 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, berrange, Alex Bennée, Riku Voipio, richard.henderson,
f4bug, Laurent Vivier, cota, aurelien
Given we assert the requested address matches what we asked we should
also make that clear in the mmap flags. Otherwise we see failures in
the GitLab environment for some currently unknown but allowable
reason. We use MAP_FIXED_NOREPLACE if we can so we don't just clobber
an existing mapping. Also include the strerror string for a bit more
info on failure.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
---
v4
- use MAP_FIXED_NOREPLACE instead
- also dump strerror
---
linux-user/elfload.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index b5cb21384a1..7e7f642332d 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -2294,7 +2294,7 @@ static void pgb_dynamic(const char *image_name, long align)
static void pgb_reserved_va(const char *image_name, abi_ulong guest_loaddr,
abi_ulong guest_hiaddr, long align)
{
- const int flags = MAP_ANONYMOUS | MAP_PRIVATE | MAP_NORESERVE;
+ int flags = MAP_ANONYMOUS | MAP_PRIVATE | MAP_NORESERVE;
void *addr, *test;
if (guest_hiaddr > reserved_va) {
@@ -2307,15 +2307,19 @@ static void pgb_reserved_va(const char *image_name, abi_ulong guest_loaddr,
/* Widen the "image" to the entire reserved address space. */
pgb_static(image_name, 0, reserved_va, align);
+#ifdef MAP_FIXED_NOREPLACE
+ flags |= MAP_FIXED_NOREPLACE;
+#endif
+
/* Reserve the memory on the host. */
assert(guest_base != 0);
test = g2h(0);
addr = mmap(test, reserved_va, PROT_NONE, flags, -1, 0);
if (addr == MAP_FAILED) {
error_report("Unable to reserve 0x%lx bytes of virtual address "
- "space for use as guest address space (check your "
+ "space (%s) for use as guest address space (check your "
"virtual memory ulimit setting or reserve less "
- "using -R option)", reserved_va);
+ "using -R option)", reserved_va, strerror(errno));
exit(EXIT_FAILURE);
}
assert(addr == test);
--
2.20.1
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [PATCH v4 34/40] gitlab: enable check-tcg for linux-user tests
2020-07-01 13:56 [PATCH v4 00/40] testing/next (vm, gitlab, fixes) Alex Bennée
` (32 preceding siblings ...)
2020-07-01 13:56 ` [PATCH v4 33/40] linux-user/elfload: use MAP_FIXED_NOREPLACE in pgb_reserved_va Alex Bennée
@ 2020-07-01 13:56 ` Alex Bennée
2020-07-01 13:56 ` [PATCH v4 35/40] gitlab: add avocado asset caching Alex Bennée
` (5 subsequent siblings)
39 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, Thomas Huth, berrange, Alex Bennée, richard.henderson,
f4bug, Wainer dos Santos Moschetta, Philippe Mathieu-Daudé,
cota, aurelien
Switch to building in the new debian-all-test-cross image which has
most of the cross compilers inline.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
---
.gitlab-ci.yml | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 93baf98232d..257947853b7 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -143,10 +143,9 @@ build-tcg-disabled:
build-user:
<<: *native_build_job_definition
variables:
- IMAGE: ubuntu2004
- CONFIGURE_ARGS: --disable-system --disable-guest-agent
- --disable-capstone --disable-slirp --disable-fdt
- MAKE_CHECK_ARGS: run-tcg-tests-i386-linux-user run-tcg-tests-x86_64-linux-user
+ IMAGE: debian-all-test-cross
+ CONFIGURE_ARGS: --disable-tools --disable-system
+ MAKE_CHECK_ARGS: check-tcg
build-clang:
<<: *native_build_job_definition
--
2.20.1
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [PATCH v4 35/40] gitlab: add avocado asset caching
2020-07-01 13:56 [PATCH v4 00/40] testing/next (vm, gitlab, fixes) Alex Bennée
` (33 preceding siblings ...)
2020-07-01 13:56 ` [PATCH v4 34/40] gitlab: enable check-tcg for linux-user tests Alex Bennée
@ 2020-07-01 13:56 ` Alex Bennée
2020-07-01 13:56 ` [PATCH v4 36/40] gitlab: split build-disabled into two phases Alex Bennée
` (4 subsequent siblings)
39 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, Thomas Huth, berrange, Alex Bennée, richard.henderson,
f4bug, Wainer dos Santos Moschetta, Philippe Mathieu-Daudé,
cota, aurelien
These can be quite big so lets cache them. I couldn't find any nots on
ccache in the gitlab docs so I've just ignored it for now.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200622143204.12921-19-alex.bennee@linaro.org>
---
.gitlab-ci.yml | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 257947853b7..13e9531724d 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -8,6 +8,12 @@ stages:
- build
- test
+# We assume GitLab has it's own caching set up for RPM/APT repositories so we
+# just take care of avocado assets here.
+cache:
+ paths:
+ - $HOME/avocado/data/cache
+
include:
- local: '/.gitlab-ci.d/edk2.yml'
- local: '/.gitlab-ci.d/opensbi.yml'
--
2.20.1
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [PATCH v4 36/40] gitlab: split build-disabled into two phases
2020-07-01 13:56 [PATCH v4 00/40] testing/next (vm, gitlab, fixes) Alex Bennée
` (34 preceding siblings ...)
2020-07-01 13:56 ` [PATCH v4 35/40] gitlab: add avocado asset caching Alex Bennée
@ 2020-07-01 13:56 ` Alex Bennée
2020-07-10 13:16 ` Thomas Huth
2020-07-01 13:56 ` [PATCH v4 37/40] gitlab: limit re-builds of the containers Alex Bennée
` (3 subsequent siblings)
39 siblings, 1 reply; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, Thomas Huth, berrange, Alex Bennée, richard.henderson,
f4bug, Wainer dos Santos Moschetta, Philippe Mathieu-Daudé,
cota, aurelien
As we run check-qtest in "SLOW" mode this can timeout so split into
two jobs.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
---
v4
- rename :->-
---
.gitlab-ci.yml | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 13e9531724d..83e38ea19f3 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -113,7 +113,7 @@ acceptance-system-fedora-alt:
MAKE_CHECK_ARGS: check-acceptance
<<: *post_acceptance
-build-disabled:
+build-system-fedora-disabled:
<<: *native_build_job_definition
variables:
IMAGE: fedora
@@ -124,6 +124,17 @@ build-disabled:
--disable-qom-cast-debug --disable-spice --disable-vhost-vsock
--disable-vhost-net --disable-vhost-crypto --disable-vhost-user
TARGETS: i386-softmmu ppc64-softmmu mips64-softmmu i386-linux-user
+ artifacts:
+ paths:
+ - build
+
+qtest-system-fedora-disabled:
+ <<: *native_test_job_definition
+ needs:
+ - job: build-system-fedora-disabled
+ artifacts: true
+ variables:
+ IMAGE: fedora
MAKE_CHECK_ARGS: check-qtest SPEED=slow
build-tcg-disabled:
--
2.20.1
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [PATCH v4 37/40] gitlab: limit re-builds of the containers
2020-07-01 13:56 [PATCH v4 00/40] testing/next (vm, gitlab, fixes) Alex Bennée
` (35 preceding siblings ...)
2020-07-01 13:56 ` [PATCH v4 36/40] gitlab: split build-disabled into two phases Alex Bennée
@ 2020-07-01 13:56 ` Alex Bennée
2020-07-01 13:56 ` [PATCH v4 38/40] containers.yml: build with docker.py tooling Alex Bennée
` (2 subsequent siblings)
39 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, berrange, Alex Bennée, richard.henderson, f4bug,
Philippe Mathieu-Daudé,
cota, aurelien
Most of the time we are just rebuilding the same things. We can skip
this although currently there is no mechanism for picking up new
distro releases.
Rather than try to be too fine grained allow any change to trigger all
the images being rebuilt.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
v4
- try and include branches
- use rules instead
---
.gitlab-ci.d/containers.yml | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/.gitlab-ci.d/containers.yml b/.gitlab-ci.d/containers.yml
index a7621c4204c..ea350eacff7 100644
--- a/.gitlab-ci.d/containers.yml
+++ b/.gitlab-ci.d/containers.yml
@@ -17,6 +17,12 @@
- docker push "$TAG"
after_script:
- docker logout
+ rules:
+ - changes:
+ - .gitlab-ci.d/containers.yml
+ - tests/docker/*
+ - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
+ - if: '$CI_COMMIT_REF_NAME == "testing/next"'
amd64-centos7-container:
<<: *container_job_definition
--
2.20.1
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [PATCH v4 38/40] containers.yml: build with docker.py tooling
2020-07-01 13:56 [PATCH v4 00/40] testing/next (vm, gitlab, fixes) Alex Bennée
` (36 preceding siblings ...)
2020-07-01 13:56 ` [PATCH v4 37/40] gitlab: limit re-builds of the containers Alex Bennée
@ 2020-07-01 13:56 ` Alex Bennée
2020-07-01 13:56 ` [PATCH v4 39/40] testing: add check-build target Alex Bennée
2020-07-01 13:56 ` [PATCH v4 40/40] shippable: pull images from registry instead of building Alex Bennée
39 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, berrange, Alex Bennée, richard.henderson, f4bug, cota,
aurelien
Instead of building the docker files directly use the same docker.py
scripting as we do for building locally. This should help ensure we
use the exact same steps and allow us to cache properly when building
locally.
To get this working you have to have a fairly recent docker binary
otherwise you will see the error message:
=> ERROR importing cache manifest from registry.gitlab....
So far docker 19.03.12 works (from the docker apt repos) but 18.09.1,
build 4c52b90 which is packaged in Debian Buster fails.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
---
.gitlab-ci.d/containers.yml | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/.gitlab-ci.d/containers.yml b/.gitlab-ci.d/containers.yml
index ea350eacff7..b1e39cfd9ac 100644
--- a/.gitlab-ci.d/containers.yml
+++ b/.gitlab-ci.d/containers.yml
@@ -6,14 +6,17 @@
before_script:
- export TAG="$CI_REGISTRY_IMAGE/qemu/$NAME:latest"
- export COMMON_TAG="$CI_REGISTRY/qemu-project/qemu/$NAME:latest"
+ - apk add python3
- docker info
- docker login registry.gitlab.com -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD"
script:
+ - echo "TAG:$TAG"
+ - echo "COMMON_TAG:$COMMON_TAG"
- docker pull "$TAG" || docker pull "$COMMON_TAG" || true
- - sed -i -e "s,FROM qemu/,FROM $CI_REGISTRY_IMAGE/qemu/," tests/docker/dockerfiles/$NAME.docker
- - DOCKER_BUILDKIT=1 docker build --cache-from "$TAG" --cache-from "$COMMON_TAG" --tag "$TAG"
- --build-arg BUILDKIT_INLINE_CACHE=1
- -f "tests/docker/dockerfiles/$NAME.docker" tests/docker/dockerfiles
+ - ./tests/docker/docker.py --engine docker build
+ -t "qemu:$NAME" -f "tests/docker/dockerfiles/$NAME.docker"
+ -r $CI_REGISTRY_IMAGE
+ - docker tag "qemu:$NAME" "$TAG"
- docker push "$TAG"
after_script:
- docker logout
--
2.20.1
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [PATCH v4 39/40] testing: add check-build target
2020-07-01 13:56 [PATCH v4 00/40] testing/next (vm, gitlab, fixes) Alex Bennée
` (37 preceding siblings ...)
2020-07-01 13:56 ` [PATCH v4 38/40] containers.yml: build with docker.py tooling Alex Bennée
@ 2020-07-01 13:56 ` Alex Bennée
2020-07-01 15:59 ` Philippe Mathieu-Daudé
2020-07-01 13:56 ` [PATCH v4 40/40] shippable: pull images from registry instead of building Alex Bennée
39 siblings, 1 reply; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, Thomas Huth, berrange, Alex Bennée, richard.henderson,
f4bug, Wainer dos Santos Moschetta, Philippe Mathieu-Daudé,
cota, aurelien
If we want to continue to split build and check phase it seems like a
good idea to allow building of the tests during our multi-threaded
build phase.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Cc: Daniel P. Berrangé <berrange@redhat.com>
---
.gitlab-ci.yml | 5 ++++-
tests/Makefile.include | 17 +++++++++++++----
2 files changed, 17 insertions(+), 5 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 83e38ea19f3..b0e5417146b 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -36,7 +36,7 @@ include:
- make -j"$JOBS"
- if test -n "$MAKE_CHECK_ARGS";
then
- make $MAKE_CHECK_ARGS ;
+ make -j"$JOBS" $MAKE_CHECK_ARGS ;
fi
.native_test_job_template: &native_test_job_definition
@@ -60,6 +60,7 @@ build-system-ubuntu-main:
TARGETS: aarch64-softmmu alpha-softmmu cris-softmmu hppa-softmmu lm32-softmmu
moxie-softmmu microblazeel-softmmu mips64el-softmmu m68k-softmmu ppc-softmmu
riscv64-softmmu sparc-softmmu
+ MAKE_CHECK_ARGS: check-build
artifacts:
paths:
- build
@@ -90,6 +91,7 @@ build-system-fedora-alt:
TARGETS: tricore-softmmu unicore32-softmmu microblaze-softmmu mips-softmmu
riscv32-softmmu s390x-softmmu sh4-softmmu sparc64-softmmu x86_64-softmmu
xtensa-softmmu nios2-softmmu or1k-softmmu
+ MAKE_CHECK_ARGS: check-build
artifacts:
paths:
- build
@@ -124,6 +126,7 @@ build-system-fedora-disabled:
--disable-qom-cast-debug --disable-spice --disable-vhost-vsock
--disable-vhost-net --disable-vhost-crypto --disable-vhost-user
TARGETS: i386-softmmu ppc64-softmmu mips64-softmmu i386-linux-user
+ MAKE_CHECK_ARGS: check-build
artifacts:
paths:
- build
diff --git a/tests/Makefile.include b/tests/Makefile.include
index c316e0d6647..94b1cc8302e 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -22,6 +22,8 @@ endif
@echo " $(MAKE) check-venv Creates a Python venv for tests"
@echo " $(MAKE) check-clean Clean the tests and related data"
@echo
+ @echo "The following are useful for CI builds"
+ @echo " $(MAKE) check-build Build most test binaris"
@echo " $(MAKE) get-vm-images Downloads all images used by acceptance tests, according to configured targets (~350 MB each, 1.5 GB max)"
@echo
@echo
@@ -649,6 +651,10 @@ $(patsubst %, check-qtest-%, $(QTEST_TARGETS)): check-qtest-%: %-softmmu/all $(c
QTEST_QEMU_BINARY=$*-softmmu/qemu-system-$* \
QTEST_QEMU_IMG=qemu-img$(EXESUF))
+build-qtest: $(patsubst %, %-softmmu/all, $(QTEST_TARGETS)) $(check-qtest-y)
+
+build-unit: $(check-unit-y)
+
check-unit: $(check-unit-y)
$(call do_test_human, $^)
@@ -680,7 +686,6 @@ check-report.tap: $(patsubst %,check-report-qtest-%.tap, $(QTEST_TARGETS)) check
FP_TEST_BIN=$(BUILD_DIR)/tests/fp/fp-test
# the build dir is created by configure
-.PHONY: $(FP_TEST_BIN)
$(FP_TEST_BIN): config-host.h $(test-util-obj-y)
$(call quiet-command, \
$(MAKE) $(SUBDIR_MAKEFLAGS) -C $(dir $@) V="$(V)" $(notdir $@), \
@@ -814,9 +819,10 @@ check-softfloat-ops: $(SF_MATH_RULES)
.PHONY: check-softfloat
ifeq ($(CONFIG_TCG),y)
-check-softfloat: check-softfloat-conv check-softfloat-compare check-softfloat-ops
+build-softfloat: $(FP_TEST_BIN)
+check-softfloat: build-softfloat check-softfloat-conv check-softfloat-compare check-softfloat-ops
else
-check-softfloat:
+build-softfloat check-softfloat:
$(call quiet-command, /bin/true, "FLOAT TEST", \
"SKIPPED for non-TCG builds")
endif
@@ -955,7 +961,8 @@ check-qtest: $(patsubst %,check-qtest-%, $(QTEST_TARGETS))
ifeq ($(CONFIG_TOOLS),y)
check-block: $(patsubst %,check-%, $(check-block-y))
endif
-check: check-block check-qapi-schema check-unit check-softfloat check-qtest check-decodetree
+check-build: build-unit build-softfloat build-qtest
+
check-clean:
rm -rf $(check-unit-y) tests/*.o tests/*/*.o $(QEMU_IOTESTS_HELPERS-y)
rm -rf $(sort $(foreach target,$(SYSEMU_TARGET_LIST), $(check-qtest-$(target)-y:%=tests/qtest/%$(EXESUF))) $(check-qtest-generic-y:%=tests/qtest/%$(EXESUF)))
@@ -963,6 +970,8 @@ check-clean:
rm -f tests/qtest/dbus-vmstate1-gen-timestamp
rm -rf $(TESTS_VENV_DIR) $(TESTS_RESULTS_DIR)
+check: check-block check-qapi-schema check-unit check-softfloat check-qtest check-decodetree
+
clean: check-clean
# Build the help program automatically
--
2.20.1
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [PATCH v4 40/40] shippable: pull images from registry instead of building
2020-07-01 13:56 [PATCH v4 00/40] testing/next (vm, gitlab, fixes) Alex Bennée
` (38 preceding siblings ...)
2020-07-01 13:56 ` [PATCH v4 39/40] testing: add check-build target Alex Bennée
@ 2020-07-01 13:56 ` Alex Bennée
39 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 13:56 UTC (permalink / raw)
To: qemu-devel
Cc: fam, berrange, Alex Bennée, richard.henderson, f4bug,
Philippe Mathieu-Daudé,
cota, aurelien
Now we have a source for registry images pull from there rather than
re-building every time on shippable.
[AJB: change to upstream when we merge PR]
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
---
.shippable.yml | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/.shippable.yml b/.shippable.yml
index 81905727d14..eb8b68610a2 100644
--- a/.shippable.yml
+++ b/.shippable.yml
@@ -26,12 +26,10 @@ env:
- IMAGE=debian-ppc64el-cross
TARGET_LIST=ppc64-softmmu,ppc64-linux-user,ppc64abi32-linux-user
build:
- pre_ci:
- - make docker-image-${IMAGE} V=1
pre_ci_boot:
- image_name: qemu/${IMAGE}
+ image_name: registry.gitlab.com/stsquad/qemu/qemu/${IMAGE}
image_tag: latest
- pull: false
+ pull: true
options: "-e HOME=/root"
ci:
- unset CC
--
2.20.1
^ permalink raw reply related [flat|nested] 98+ messages in thread
* Re: [PATCH v4 01/40] hw/isa: check for current_cpu before generating IRQ
@ 2020-07-01 15:51 ` Philippe Mathieu-Daudé
0 siblings, 0 replies; 98+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-07-01 15:51 UTC (permalink / raw)
To: Alex Bennée, qemu-devel
Cc: fam, berrange, Michael S. Tsirkin, Bug 1878645,
richard.henderson, cota, aurelien
On 7/1/20 3:56 PM, Alex Bennée wrote:
> It's possible to trigger this function from qtest/monitor at which
> point current_cpu won't point at the right place. Check it and
> fall back to first_cpu if it's NULL.
>
> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
> Cc: Bug 1878645 <1878645@bugs.launchpad.net>
> ---
> hw/isa/lpc_ich9.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/isa/lpc_ich9.c b/hw/isa/lpc_ich9.c
> index cd6e169d47a..791c878eb0b 100644
> --- a/hw/isa/lpc_ich9.c
> +++ b/hw/isa/lpc_ich9.c
> @@ -439,7 +439,7 @@ static void ich9_apm_ctrl_changed(uint32_t val, void *arg)
> cpu_interrupt(cs, CPU_INTERRUPT_SMI);
> }
> } else {
> - cpu_interrupt(current_cpu, CPU_INTERRUPT_SMI);
> + cpu_interrupt(current_cpu ? current_cpu : first_cpu, CPU_INTERRUPT_SMI);
I'm not sure this change anything, as first_cpu is NULL when using
qtest accelerator or none-machine, see 508b4ecc39 ("gdbstub.c: fix
GDB connection segfault caused by empty machines").
> }
> }
> }
>
^ permalink raw reply [flat|nested] 98+ messages in thread
* [Bug 1878645] Re: [PATCH v4 01/40] hw/isa: check for current_cpu before generating IRQ
@ 2020-07-01 15:51 ` Philippe Mathieu-Daudé
0 siblings, 0 replies; 98+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-07-01 15:51 UTC (permalink / raw)
To: qemu-devel
On 7/1/20 3:56 PM, Alex Bennée wrote:
> It's possible to trigger this function from qtest/monitor at which
> point current_cpu won't point at the right place. Check it and
> fall back to first_cpu if it's NULL.
>
> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
> Cc: Bug 1878645 <1878645@bugs.launchpad.net>
> ---
> hw/isa/lpc_ich9.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/isa/lpc_ich9.c b/hw/isa/lpc_ich9.c
> index cd6e169d47a..791c878eb0b 100644
> --- a/hw/isa/lpc_ich9.c
> +++ b/hw/isa/lpc_ich9.c
> @@ -439,7 +439,7 @@ static void ich9_apm_ctrl_changed(uint32_t val, void *arg)
> cpu_interrupt(cs, CPU_INTERRUPT_SMI);
> }
> } else {
> - cpu_interrupt(current_cpu, CPU_INTERRUPT_SMI);
> + cpu_interrupt(current_cpu ? current_cpu : first_cpu, CPU_INTERRUPT_SMI);
I'm not sure this change anything, as first_cpu is NULL when using
qtest accelerator or none-machine, see 508b4ecc39 ("gdbstub.c: fix
GDB connection segfault caused by empty machines").
> }
> }
> }
>
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1878645
Title:
null-ptr dereference in ich9_apm_ctrl_changed
Status in QEMU:
New
Bug description:
Hello,
While fuzzing, I found an input which triggers a NULL pointer dereference in
tcg_handle_interrupt. It seems the culprint is a "cpu" pointer - maybe this bug
is specific to QTest?
==23862==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000000b4 (pc 0x55b9dc7c9dce bp 0x7ffc346a0900 sp 0x7ffc346a0880 T0)
==23862==The signal is caused by a READ memory access.
==23862==Hint: address points to the zero page.
#0 0x55b9dc7c9dce in tcg_handle_interrupt /home/alxndr/Development/qemu/accel/tcg/tcg-all.c:57:21
#1 0x55b9dc904799 in cpu_interrupt /home/alxndr/Development/qemu/include/hw/core/cpu.h:872:5
#2 0x55b9dc9085e8 in ich9_apm_ctrl_changed /home/alxndr/Development/qemu/hw/isa/lpc_ich9.c:442:13
#3 0x55b9dd19cdc8 in apm_ioport_writeb /home/alxndr/Development/qemu/hw/isa/apm.c:50:13
#4 0x55b9dc73f8b4 in memory_region_write_accessor /home/alxndr/Development/qemu/memory.c:483:5
#5 0x55b9dc73f289 in access_with_adjusted_size /home/alxndr/Development/qemu/memory.c:544:18
#6 0x55b9dc73ddf5 in memory_region_dispatch_write /home/alxndr/Development/qemu/memory.c:1476:16
#7 0x55b9dc577bf3 in flatview_write_continue /home/alxndr/Development/qemu/exec.c:3137:23
#8 0x55b9dc567ad8 in flatview_write /home/alxndr/Development/qemu/exec.c:3177:14
#9 0x55b9dc567608 in address_space_write /home/alxndr/Development/qemu/exec.c:3268:18
#10 0x55b9dc723fe7 in cpu_outb /home/alxndr/Development/qemu/ioport.c:60:5
#11 0x55b9dc72d3c0 in qtest_process_command /home/alxndr/Development/qemu/qtest.c:392:13
#12 0x55b9dc72b186 in qtest_process_inbuf /home/alxndr/Development/qemu/qtest.c:710:9
#13 0x55b9dc72a8b3 in qtest_read /home/alxndr/Development/qemu/qtest.c:722:5
#14 0x55b9ddc6e60b in qemu_chr_be_write_impl /home/alxndr/Development/qemu/chardev/char.c:183:9
#15 0x55b9ddc6e75a in qemu_chr_be_write /home/alxndr/Development/qemu/chardev/char.c:195:9
#16 0x55b9ddc77979 in fd_chr_read /home/alxndr/Development/qemu/chardev/char-fd.c:68:9
#17 0x55b9ddcff0e9 in qio_channel_fd_source_dispatch /home/alxndr/Development/qemu/io/channel-watch.c:84:12
#18 0x7f7161eac897 in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4e897)
#19 0x55b9ddebcb84 in glib_pollfds_poll /home/alxndr/Development/qemu/util/main-loop.c:219:9
#20 0x55b9ddebb57d in os_host_main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:242:5
#21 0x55b9ddebb176 in main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:518:11
#22 0x55b9dcb4bd1d in qemu_main_loop /home/alxndr/Development/qemu/softmmu/vl.c:1664:9
#23 0x55b9ddd1629c in main /home/alxndr/Development/qemu/softmmu/main.c:49:5
#24 0x7f7160a5ce0a in __libc_start_main /build/glibc-GwnBeO/glibc-2.30/csu/../csu/libc-start.c:308:16
#25 0x55b9dc49c819 in _start (/home/alxndr/Development/qemu/build/i386-softmmu/qemu-system-i386+0xc9c819)
I can reproduce this in qemu 5.0 built with AddressSanitizer using these qtest commands:
cat << EOF | ./qemu-system-i386 \
-qtest stdio -nographic -monitor none -serial none \
-M pc-q35-5.0
outl 0xcf8 0x8400f841
outl 0xcfc 0xaa215d6d
outl 0x6d30 0x2ef8ffbe
outb 0xb2 0x20
EOF
Please let me know if I can provide any further info.
-Alex
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1878645/+subscriptions
^ permalink raw reply [flat|nested] 98+ messages in thread
* Re: [PATCH v4 27/40] tests/acceptance: fix dtb path for machine_rx_gdbsim
2020-07-01 13:56 ` [PATCH v4 27/40] tests/acceptance: fix dtb path for machine_rx_gdbsim Alex Bennée
@ 2020-07-01 15:55 ` Philippe Mathieu-Daudé
0 siblings, 0 replies; 98+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-07-01 15:55 UTC (permalink / raw)
To: Alex Bennée, qemu-devel
Cc: fam, berrange, Yoshinori Sato, Philippe Mathieu-Daudé,
richard.henderson, Wainer dos Santos Moschetta, cota,
Cleber Rosa, aurelien
On 7/1/20 3:56 PM, Alex Bennée wrote:
> The old path doesn't exist but the rx-virt.dtb file has the same
> checksum so lets use that.
>
> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
> ---
> tests/acceptance/machine_rx_gdbsim.py | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/tests/acceptance/machine_rx_gdbsim.py b/tests/acceptance/machine_rx_gdbsim.py
> index a44f2c87da0..bff63e421d5 100644
> --- a/tests/acceptance/machine_rx_gdbsim.py
> +++ b/tests/acceptance/machine_rx_gdbsim.py
> @@ -50,7 +50,7 @@ class RxGdbSimMachine(Test):
> :avocado: tags=machine:gdbsim-r5f562n7
> :avocado: tags=endian:little
> """
> - dtb_url = ('https://acc.dl.osdn.jp/users/23/23887/rx-qemu.dtb')
> + dtb_url = ('https://acc.dl.osdn.jp/users/23/23887/rx-virt.dtb')
Or:
https://www.mail-archive.com/qemu-devel@nongnu.org/msg718316.html
Acked-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> dtb_hash = '7b4e4e2c71905da44e86ce47adee2210b026ac18'
> dtb_path = self.fetch_asset(dtb_url, asset_hash=dtb_hash)
> kernel_url = ('http://acc.dl.osdn.jp/users/23/23845/zImage')
>
^ permalink raw reply [flat|nested] 98+ messages in thread
* Re: [PATCH v4 28/40] tests/acceptance: skip multicore mips_malta tests on GitLab
2020-07-01 13:56 ` [PATCH v4 28/40] tests/acceptance: skip multicore mips_malta tests on GitLab Alex Bennée
@ 2020-07-01 15:56 ` Philippe Mathieu-Daudé
2020-07-01 16:43 ` Alex Bennée
2020-07-02 1:05 ` Aleksandar Markovic
1 sibling, 1 reply; 98+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-07-01 15:56 UTC (permalink / raw)
To: Alex Bennée, qemu-devel
Cc: fam, Aleksandar Rikalo, berrange, Philippe Mathieu-Daudé,
richard.henderson, Wainer dos Santos Moschetta,
Aleksandar Markovic, cota, Cleber Rosa, aurelien
On 7/1/20 3:56 PM, Alex Bennée wrote:
> For some reason these tests fail all the time on GitLab. I can
> re-create the hang around 3% of the time locally but it doesn't seem
> to be MTTCG related. For now skipIf on GITLAB_CI.
>
> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
> Cc: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
> ---
> tests/acceptance/machine_mips_malta.py | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/tests/acceptance/machine_mips_malta.py b/tests/acceptance/machine_mips_malta.py
> index 92b4f28a112..7c9a4ee4d2d 100644
> --- a/tests/acceptance/machine_mips_malta.py
> +++ b/tests/acceptance/machine_mips_malta.py
> @@ -15,6 +15,7 @@ from avocado import skipUnless
> from avocado_qemu import Test
> from avocado_qemu import wait_for_console_pattern
> from avocado.utils import archive
> +from avocado import skipIf
>
>
> NUMPY_AVAILABLE = True
> @@ -99,6 +100,7 @@ class MaltaMachineFramebuffer(Test):
> """
> self.do_test_i6400_framebuffer_logo(1)
>
So the test works using a single core...
Good we have a test to figure the bug!
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> + @skipIf(os.getenv('GITLAB_CI'), 'Running on GitLab')
> def test_mips_malta_i6400_framebuffer_logo_7cores(self):
> """
> :avocado: tags=arch:mips64el
> @@ -108,6 +110,7 @@ class MaltaMachineFramebuffer(Test):
> """
> self.do_test_i6400_framebuffer_logo(7)
>
> + @skipIf(os.getenv('GITLAB_CI'), 'Running on GitLab')
> def test_mips_malta_i6400_framebuffer_logo_8cores(self):
> """
> :avocado: tags=arch:mips64el
>
^ permalink raw reply [flat|nested] 98+ messages in thread
* Re: [PATCH v4 29/40] tests/acceptance: skip LinuxInitrd 2gib with v4.16 on GitLab
2020-07-01 13:56 ` [PATCH v4 29/40] tests/acceptance: skip LinuxInitrd 2gib with v4.16 " Alex Bennée
@ 2020-07-01 15:57 ` Philippe Mathieu-Daudé
0 siblings, 0 replies; 98+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-07-01 15:57 UTC (permalink / raw)
To: Alex Bennée, qemu-devel
Cc: fam, berrange, Philippe Mathieu-Daudé,
richard.henderson, Wainer dos Santos Moschetta, cota,
Cleber Rosa, aurelien
On 7/1/20 3:56 PM, Alex Bennée wrote:
> This fails on GitLab but not when run locally on the same container
> image. It's very confusing.
>
> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
> ---
> tests/acceptance/linux_initrd.py | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/tests/acceptance/linux_initrd.py b/tests/acceptance/linux_initrd.py
> index a3e54d3fc91..a249e2f14a2 100644
> --- a/tests/acceptance/linux_initrd.py
> +++ b/tests/acceptance/linux_initrd.py
> @@ -8,10 +8,12 @@
> # This work is licensed under the terms of the GNU GPL, version 2 or
> # later. See the COPYING file in the top-level directory.
>
> +import os
> import logging
> import tempfile
>
> from avocado_qemu import Test
> +from avocado import skipIf
>
>
> class LinuxInitrd(Test):
> @@ -51,6 +53,7 @@ class LinuxInitrd(Test):
> max_size + 1)
> self.assertRegex(self.vm.get_log(), expected_msg)
>
> + @skipIf(os.getenv('GITLAB_CI'), 'Running on GitLab')
> def test_with_2gib_file_should_work_with_linux_v4_16(self):
> """
> QEMU has supported up to 4 GiB initrd for recent kernel
>
Acked-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
^ permalink raw reply [flat|nested] 98+ messages in thread
* Re: [PATCH v4 39/40] testing: add check-build target
2020-07-01 13:56 ` [PATCH v4 39/40] testing: add check-build target Alex Bennée
@ 2020-07-01 15:59 ` Philippe Mathieu-Daudé
0 siblings, 0 replies; 98+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-07-01 15:59 UTC (permalink / raw)
To: Alex Bennée, qemu-devel
Cc: fam, Thomas Huth, berrange, Philippe Mathieu-Daudé,
richard.henderson, Wainer dos Santos Moschetta, cota, aurelien
On 7/1/20 3:56 PM, Alex Bennée wrote:
> If we want to continue to split build and check phase it seems like a
> good idea to allow building of the tests during our multi-threaded
> build phase.
>
> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
> Cc: Daniel P. Berrangé <berrange@redhat.com>
> ---
> .gitlab-ci.yml | 5 ++++-
> tests/Makefile.include | 17 +++++++++++++----
> 2 files changed, 17 insertions(+), 5 deletions(-)
>
> diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
> index 83e38ea19f3..b0e5417146b 100644
> --- a/.gitlab-ci.yml
> +++ b/.gitlab-ci.yml
> @@ -36,7 +36,7 @@ include:
> - make -j"$JOBS"
> - if test -n "$MAKE_CHECK_ARGS";
> then
> - make $MAKE_CHECK_ARGS ;
> + make -j"$JOBS" $MAKE_CHECK_ARGS ;
> fi
>
> .native_test_job_template: &native_test_job_definition
> @@ -60,6 +60,7 @@ build-system-ubuntu-main:
> TARGETS: aarch64-softmmu alpha-softmmu cris-softmmu hppa-softmmu lm32-softmmu
> moxie-softmmu microblazeel-softmmu mips64el-softmmu m68k-softmmu ppc-softmmu
> riscv64-softmmu sparc-softmmu
> + MAKE_CHECK_ARGS: check-build
> artifacts:
> paths:
> - build
> @@ -90,6 +91,7 @@ build-system-fedora-alt:
> TARGETS: tricore-softmmu unicore32-softmmu microblaze-softmmu mips-softmmu
> riscv32-softmmu s390x-softmmu sh4-softmmu sparc64-softmmu x86_64-softmmu
> xtensa-softmmu nios2-softmmu or1k-softmmu
> + MAKE_CHECK_ARGS: check-build
> artifacts:
> paths:
> - build
> @@ -124,6 +126,7 @@ build-system-fedora-disabled:
> --disable-qom-cast-debug --disable-spice --disable-vhost-vsock
> --disable-vhost-net --disable-vhost-crypto --disable-vhost-user
> TARGETS: i386-softmmu ppc64-softmmu mips64-softmmu i386-linux-user
> + MAKE_CHECK_ARGS: check-build
> artifacts:
> paths:
> - build
> diff --git a/tests/Makefile.include b/tests/Makefile.include
> index c316e0d6647..94b1cc8302e 100644
> --- a/tests/Makefile.include
> +++ b/tests/Makefile.include
> @@ -22,6 +22,8 @@ endif
> @echo " $(MAKE) check-venv Creates a Python venv for tests"
> @echo " $(MAKE) check-clean Clean the tests and related data"
> @echo
> + @echo "The following are useful for CI builds"
> + @echo " $(MAKE) check-build Build most test binaris"
Typo "binaries".
Otherwise:
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> @echo " $(MAKE) get-vm-images Downloads all images used by acceptance tests, according to configured targets (~350 MB each, 1.5 GB max)"
> @echo
> @echo
> @@ -649,6 +651,10 @@ $(patsubst %, check-qtest-%, $(QTEST_TARGETS)): check-qtest-%: %-softmmu/all $(c
> QTEST_QEMU_BINARY=$*-softmmu/qemu-system-$* \
> QTEST_QEMU_IMG=qemu-img$(EXESUF))
>
> +build-qtest: $(patsubst %, %-softmmu/all, $(QTEST_TARGETS)) $(check-qtest-y)
> +
> +build-unit: $(check-unit-y)
> +
> check-unit: $(check-unit-y)
> $(call do_test_human, $^)
>
> @@ -680,7 +686,6 @@ check-report.tap: $(patsubst %,check-report-qtest-%.tap, $(QTEST_TARGETS)) check
> FP_TEST_BIN=$(BUILD_DIR)/tests/fp/fp-test
>
> # the build dir is created by configure
> -.PHONY: $(FP_TEST_BIN)
> $(FP_TEST_BIN): config-host.h $(test-util-obj-y)
> $(call quiet-command, \
> $(MAKE) $(SUBDIR_MAKEFLAGS) -C $(dir $@) V="$(V)" $(notdir $@), \
> @@ -814,9 +819,10 @@ check-softfloat-ops: $(SF_MATH_RULES)
>
> .PHONY: check-softfloat
> ifeq ($(CONFIG_TCG),y)
> -check-softfloat: check-softfloat-conv check-softfloat-compare check-softfloat-ops
> +build-softfloat: $(FP_TEST_BIN)
> +check-softfloat: build-softfloat check-softfloat-conv check-softfloat-compare check-softfloat-ops
> else
> -check-softfloat:
> +build-softfloat check-softfloat:
> $(call quiet-command, /bin/true, "FLOAT TEST", \
> "SKIPPED for non-TCG builds")
> endif
> @@ -955,7 +961,8 @@ check-qtest: $(patsubst %,check-qtest-%, $(QTEST_TARGETS))
> ifeq ($(CONFIG_TOOLS),y)
> check-block: $(patsubst %,check-%, $(check-block-y))
> endif
> -check: check-block check-qapi-schema check-unit check-softfloat check-qtest check-decodetree
> +check-build: build-unit build-softfloat build-qtest
> +
> check-clean:
> rm -rf $(check-unit-y) tests/*.o tests/*/*.o $(QEMU_IOTESTS_HELPERS-y)
> rm -rf $(sort $(foreach target,$(SYSEMU_TARGET_LIST), $(check-qtest-$(target)-y:%=tests/qtest/%$(EXESUF))) $(check-qtest-generic-y:%=tests/qtest/%$(EXESUF)))
> @@ -963,6 +970,8 @@ check-clean:
> rm -f tests/qtest/dbus-vmstate1-gen-timestamp
> rm -rf $(TESTS_VENV_DIR) $(TESTS_RESULTS_DIR)
>
> +check: check-block check-qapi-schema check-unit check-softfloat check-qtest check-decodetree
> +
> clean: check-clean
>
> # Build the help program automatically
>
^ permalink raw reply [flat|nested] 98+ messages in thread
* Re: [PATCH v4 01/40] hw/isa: check for current_cpu before generating IRQ
@ 2020-07-01 16:40 ` Alex Bennée
0 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 16:40 UTC (permalink / raw)
To: Philippe Mathieu-Daudé
Cc: fam, berrange, Michael S. Tsirkin, Bug 1878645,
richard.henderson, qemu-devel, cota, aurelien
Philippe Mathieu-Daudé <philmd@redhat.com> writes:
> On 7/1/20 3:56 PM, Alex Bennée wrote:
>> It's possible to trigger this function from qtest/monitor at which
>> point current_cpu won't point at the right place. Check it and
>> fall back to first_cpu if it's NULL.
>>
>> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
>> Cc: Bug 1878645 <1878645@bugs.launchpad.net>
>> ---
>> hw/isa/lpc_ich9.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/hw/isa/lpc_ich9.c b/hw/isa/lpc_ich9.c
>> index cd6e169d47a..791c878eb0b 100644
>> --- a/hw/isa/lpc_ich9.c
>> +++ b/hw/isa/lpc_ich9.c
>> @@ -439,7 +439,7 @@ static void ich9_apm_ctrl_changed(uint32_t val, void *arg)
>> cpu_interrupt(cs, CPU_INTERRUPT_SMI);
>> }
>> } else {
>> - cpu_interrupt(current_cpu, CPU_INTERRUPT_SMI);
>> + cpu_interrupt(current_cpu ? current_cpu : first_cpu, CPU_INTERRUPT_SMI);
>
> I'm not sure this change anything, as first_cpu is NULL when using
> qtest accelerator or none-machine, see 508b4ecc39 ("gdbstub.c: fix
> GDB connection segfault caused by empty machines").
Good point - anyway feel free to ignore - it shouldn't have been in this
series. It was just some random experimentation I was doing when looking
at that bug.
--
Alex Bennée
^ permalink raw reply [flat|nested] 98+ messages in thread
* [Bug 1878645] Re: [PATCH v4 01/40] hw/isa: check for current_cpu before generating IRQ
@ 2020-07-01 16:40 ` Alex Bennée
0 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 16:40 UTC (permalink / raw)
To: qemu-devel
Philippe Mathieu-Daudé <philmd@redhat.com> writes:
> On 7/1/20 3:56 PM, Alex Bennée wrote:
>> It's possible to trigger this function from qtest/monitor at which
>> point current_cpu won't point at the right place. Check it and
>> fall back to first_cpu if it's NULL.
>>
>> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
>> Cc: Bug 1878645 <1878645@bugs.launchpad.net>
>> ---
>> hw/isa/lpc_ich9.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/hw/isa/lpc_ich9.c b/hw/isa/lpc_ich9.c
>> index cd6e169d47a..791c878eb0b 100644
>> --- a/hw/isa/lpc_ich9.c
>> +++ b/hw/isa/lpc_ich9.c
>> @@ -439,7 +439,7 @@ static void ich9_apm_ctrl_changed(uint32_t val, void *arg)
>> cpu_interrupt(cs, CPU_INTERRUPT_SMI);
>> }
>> } else {
>> - cpu_interrupt(current_cpu, CPU_INTERRUPT_SMI);
>> + cpu_interrupt(current_cpu ? current_cpu : first_cpu, CPU_INTERRUPT_SMI);
>
> I'm not sure this change anything, as first_cpu is NULL when using
> qtest accelerator or none-machine, see 508b4ecc39 ("gdbstub.c: fix
> GDB connection segfault caused by empty machines").
Good point - anyway feel free to ignore - it shouldn't have been in this
series. It was just some random experimentation I was doing when looking
at that bug.
--
Alex Bennée
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1878645
Title:
null-ptr dereference in ich9_apm_ctrl_changed
Status in QEMU:
New
Bug description:
Hello,
While fuzzing, I found an input which triggers a NULL pointer dereference in
tcg_handle_interrupt. It seems the culprint is a "cpu" pointer - maybe this bug
is specific to QTest?
==23862==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000000b4 (pc 0x55b9dc7c9dce bp 0x7ffc346a0900 sp 0x7ffc346a0880 T0)
==23862==The signal is caused by a READ memory access.
==23862==Hint: address points to the zero page.
#0 0x55b9dc7c9dce in tcg_handle_interrupt /home/alxndr/Development/qemu/accel/tcg/tcg-all.c:57:21
#1 0x55b9dc904799 in cpu_interrupt /home/alxndr/Development/qemu/include/hw/core/cpu.h:872:5
#2 0x55b9dc9085e8 in ich9_apm_ctrl_changed /home/alxndr/Development/qemu/hw/isa/lpc_ich9.c:442:13
#3 0x55b9dd19cdc8 in apm_ioport_writeb /home/alxndr/Development/qemu/hw/isa/apm.c:50:13
#4 0x55b9dc73f8b4 in memory_region_write_accessor /home/alxndr/Development/qemu/memory.c:483:5
#5 0x55b9dc73f289 in access_with_adjusted_size /home/alxndr/Development/qemu/memory.c:544:18
#6 0x55b9dc73ddf5 in memory_region_dispatch_write /home/alxndr/Development/qemu/memory.c:1476:16
#7 0x55b9dc577bf3 in flatview_write_continue /home/alxndr/Development/qemu/exec.c:3137:23
#8 0x55b9dc567ad8 in flatview_write /home/alxndr/Development/qemu/exec.c:3177:14
#9 0x55b9dc567608 in address_space_write /home/alxndr/Development/qemu/exec.c:3268:18
#10 0x55b9dc723fe7 in cpu_outb /home/alxndr/Development/qemu/ioport.c:60:5
#11 0x55b9dc72d3c0 in qtest_process_command /home/alxndr/Development/qemu/qtest.c:392:13
#12 0x55b9dc72b186 in qtest_process_inbuf /home/alxndr/Development/qemu/qtest.c:710:9
#13 0x55b9dc72a8b3 in qtest_read /home/alxndr/Development/qemu/qtest.c:722:5
#14 0x55b9ddc6e60b in qemu_chr_be_write_impl /home/alxndr/Development/qemu/chardev/char.c:183:9
#15 0x55b9ddc6e75a in qemu_chr_be_write /home/alxndr/Development/qemu/chardev/char.c:195:9
#16 0x55b9ddc77979 in fd_chr_read /home/alxndr/Development/qemu/chardev/char-fd.c:68:9
#17 0x55b9ddcff0e9 in qio_channel_fd_source_dispatch /home/alxndr/Development/qemu/io/channel-watch.c:84:12
#18 0x7f7161eac897 in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4e897)
#19 0x55b9ddebcb84 in glib_pollfds_poll /home/alxndr/Development/qemu/util/main-loop.c:219:9
#20 0x55b9ddebb57d in os_host_main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:242:5
#21 0x55b9ddebb176 in main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:518:11
#22 0x55b9dcb4bd1d in qemu_main_loop /home/alxndr/Development/qemu/softmmu/vl.c:1664:9
#23 0x55b9ddd1629c in main /home/alxndr/Development/qemu/softmmu/main.c:49:5
#24 0x7f7160a5ce0a in __libc_start_main /build/glibc-GwnBeO/glibc-2.30/csu/../csu/libc-start.c:308:16
#25 0x55b9dc49c819 in _start (/home/alxndr/Development/qemu/build/i386-softmmu/qemu-system-i386+0xc9c819)
I can reproduce this in qemu 5.0 built with AddressSanitizer using these qtest commands:
cat << EOF | ./qemu-system-i386 \
-qtest stdio -nographic -monitor none -serial none \
-M pc-q35-5.0
outl 0xcf8 0x8400f841
outl 0xcfc 0xaa215d6d
outl 0x6d30 0x2ef8ffbe
outb 0xb2 0x20
EOF
Please let me know if I can provide any further info.
-Alex
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1878645/+subscriptions
^ permalink raw reply [flat|nested] 98+ messages in thread
* Re: [PATCH v4 28/40] tests/acceptance: skip multicore mips_malta tests on GitLab
2020-07-01 15:56 ` Philippe Mathieu-Daudé
@ 2020-07-01 16:43 ` Alex Bennée
2020-07-01 17:01 ` Philippe Mathieu-Daudé
0 siblings, 1 reply; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 16:43 UTC (permalink / raw)
To: Philippe Mathieu-Daudé
Cc: fam, Aleksandar Rikalo, berrange, Philippe Mathieu-Daudé,
richard.henderson, qemu-devel, Wainer dos Santos Moschetta,
Aleksandar Markovic, cota, Cleber Rosa, aurelien
Philippe Mathieu-Daudé <f4bug@amsat.org> writes:
> On 7/1/20 3:56 PM, Alex Bennée wrote:
>> For some reason these tests fail all the time on GitLab. I can
>> re-create the hang around 3% of the time locally but it doesn't seem
>> to be MTTCG related. For now skipIf on GITLAB_CI.
>>
>> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
>> Cc: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
>> ---
>> tests/acceptance/machine_mips_malta.py | 3 +++
>> 1 file changed, 3 insertions(+)
>>
>> diff --git a/tests/acceptance/machine_mips_malta.py b/tests/acceptance/machine_mips_malta.py
>> index 92b4f28a112..7c9a4ee4d2d 100644
>> --- a/tests/acceptance/machine_mips_malta.py
>> +++ b/tests/acceptance/machine_mips_malta.py
>> @@ -15,6 +15,7 @@ from avocado import skipUnless
>> from avocado_qemu import Test
>> from avocado_qemu import wait_for_console_pattern
>> from avocado.utils import archive
>> +from avocado import skipIf
>>
>>
>> NUMPY_AVAILABLE = True
>> @@ -99,6 +100,7 @@ class MaltaMachineFramebuffer(Test):
>> """
>> self.do_test_i6400_framebuffer_logo(1)
>>
>
> So the test works using a single core...
> Good we have a test to figure the bug!
It's about a 1-3% failure rate on my big test box but hits every time on
CI. However I did disable MTTCG and still saw failures so I think it's a
more subtle breakage than just a straight race.
>
> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
>
>> + @skipIf(os.getenv('GITLAB_CI'), 'Running on GitLab')
>> def test_mips_malta_i6400_framebuffer_logo_7cores(self):
>> """
>> :avocado: tags=arch:mips64el
>> @@ -108,6 +110,7 @@ class MaltaMachineFramebuffer(Test):
>> """
>> self.do_test_i6400_framebuffer_logo(7)
>>
>> + @skipIf(os.getenv('GITLAB_CI'), 'Running on GitLab')
>> def test_mips_malta_i6400_framebuffer_logo_8cores(self):
>> """
>> :avocado: tags=arch:mips64el
>>
--
Alex Bennée
^ permalink raw reply [flat|nested] 98+ messages in thread
* Re: [PATCH v4 01/40] hw/isa: check for current_cpu before generating IRQ
@ 2020-07-01 16:47 ` Philippe Mathieu-Daudé
0 siblings, 0 replies; 98+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-07-01 16:47 UTC (permalink / raw)
To: Alex Bennée
Cc: fam, berrange, Michael S. Tsirkin, Bug 1878645,
richard.henderson, qemu-devel, cota, aurelien
On 7/1/20 6:40 PM, Alex Bennée wrote:
>
> Philippe Mathieu-Daudé <philmd@redhat.com> writes:
>
>> On 7/1/20 3:56 PM, Alex Bennée wrote:
>>> It's possible to trigger this function from qtest/monitor at which
>>> point current_cpu won't point at the right place. Check it and
>>> fall back to first_cpu if it's NULL.
>>>
>>> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
>>> Cc: Bug 1878645 <1878645@bugs.launchpad.net>
>>> ---
>>> hw/isa/lpc_ich9.c | 2 +-
>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/hw/isa/lpc_ich9.c b/hw/isa/lpc_ich9.c
>>> index cd6e169d47a..791c878eb0b 100644
>>> --- a/hw/isa/lpc_ich9.c
>>> +++ b/hw/isa/lpc_ich9.c
>>> @@ -439,7 +439,7 @@ static void ich9_apm_ctrl_changed(uint32_t val, void *arg)
>>> cpu_interrupt(cs, CPU_INTERRUPT_SMI);
>>> }
>>> } else {
>>> - cpu_interrupt(current_cpu, CPU_INTERRUPT_SMI);
>>> + cpu_interrupt(current_cpu ? current_cpu : first_cpu, CPU_INTERRUPT_SMI);
>>
>> I'm not sure this change anything, as first_cpu is NULL when using
>> qtest accelerator or none-machine, see 508b4ecc39 ("gdbstub.c: fix
>> GDB connection segfault caused by empty machines").
>
> Good point - anyway feel free to ignore - it shouldn't have been in this
> series. It was just some random experimentation I was doing when looking
> at that bug.
See commit c781a2cc42 ("hw/i386/vmport: Allow QTest use without
crashing") for a similar approach, but here I was thinking about
a more generic fix, not very intrusive:
-- >8 --
diff --git a/hw/isa/apm.c b/hw/isa/apm.c
index bce266b957..809afeb3e4 100644
--- a/hw/isa/apm.c
+++ b/hw/isa/apm.c
@@ -40,7 +40,7 @@ static void apm_ioport_writeb(void *opaque, hwaddr
addr, uint64_t val,
if (addr == 0) {
apm->apmc = val;
- if (apm->callback) {
+ if (apm->callback && !qtest_enabled()) {
(apm->callback)(val, apm->arg);
}
} else {
---
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [Bug 1878645] Re: [PATCH v4 01/40] hw/isa: check for current_cpu before generating IRQ
@ 2020-07-01 16:47 ` Philippe Mathieu-Daudé
0 siblings, 0 replies; 98+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-07-01 16:47 UTC (permalink / raw)
To: qemu-devel
On 7/1/20 6:40 PM, Alex Bennée wrote:
>
> Philippe Mathieu-Daudé <philmd@redhat.com> writes:
>
>> On 7/1/20 3:56 PM, Alex Bennée wrote:
>>> It's possible to trigger this function from qtest/monitor at which
>>> point current_cpu won't point at the right place. Check it and
>>> fall back to first_cpu if it's NULL.
>>>
>>> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
>>> Cc: Bug 1878645 <1878645@bugs.launchpad.net>
>>> ---
>>> hw/isa/lpc_ich9.c | 2 +-
>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/hw/isa/lpc_ich9.c b/hw/isa/lpc_ich9.c
>>> index cd6e169d47a..791c878eb0b 100644
>>> --- a/hw/isa/lpc_ich9.c
>>> +++ b/hw/isa/lpc_ich9.c
>>> @@ -439,7 +439,7 @@ static void ich9_apm_ctrl_changed(uint32_t val, void *arg)
>>> cpu_interrupt(cs, CPU_INTERRUPT_SMI);
>>> }
>>> } else {
>>> - cpu_interrupt(current_cpu, CPU_INTERRUPT_SMI);
>>> + cpu_interrupt(current_cpu ? current_cpu : first_cpu, CPU_INTERRUPT_SMI);
>>
>> I'm not sure this change anything, as first_cpu is NULL when using
>> qtest accelerator or none-machine, see 508b4ecc39 ("gdbstub.c: fix
>> GDB connection segfault caused by empty machines").
>
> Good point - anyway feel free to ignore - it shouldn't have been in this
> series. It was just some random experimentation I was doing when looking
> at that bug.
See commit c781a2cc42 ("hw/i386/vmport: Allow QTest use without
crashing") for a similar approach, but here I was thinking about
a more generic fix, not very intrusive:
-- >8 --
diff --git a/hw/isa/apm.c b/hw/isa/apm.c
index bce266b957..809afeb3e4 100644
--- a/hw/isa/apm.c
+++ b/hw/isa/apm.c
@@ -40,7 +40,7 @@ static void apm_ioport_writeb(void *opaque, hwaddr
addr, uint64_t val,
if (addr == 0) {
apm->apmc = val;
- if (apm->callback) {
+ if (apm->callback && !qtest_enabled()) {
(apm->callback)(val, apm->arg);
}
} else {
---
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1878645
Title:
null-ptr dereference in ich9_apm_ctrl_changed
Status in QEMU:
New
Bug description:
Hello,
While fuzzing, I found an input which triggers a NULL pointer dereference in
tcg_handle_interrupt. It seems the culprint is a "cpu" pointer - maybe this bug
is specific to QTest?
==23862==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000000b4 (pc 0x55b9dc7c9dce bp 0x7ffc346a0900 sp 0x7ffc346a0880 T0)
==23862==The signal is caused by a READ memory access.
==23862==Hint: address points to the zero page.
#0 0x55b9dc7c9dce in tcg_handle_interrupt /home/alxndr/Development/qemu/accel/tcg/tcg-all.c:57:21
#1 0x55b9dc904799 in cpu_interrupt /home/alxndr/Development/qemu/include/hw/core/cpu.h:872:5
#2 0x55b9dc9085e8 in ich9_apm_ctrl_changed /home/alxndr/Development/qemu/hw/isa/lpc_ich9.c:442:13
#3 0x55b9dd19cdc8 in apm_ioport_writeb /home/alxndr/Development/qemu/hw/isa/apm.c:50:13
#4 0x55b9dc73f8b4 in memory_region_write_accessor /home/alxndr/Development/qemu/memory.c:483:5
#5 0x55b9dc73f289 in access_with_adjusted_size /home/alxndr/Development/qemu/memory.c:544:18
#6 0x55b9dc73ddf5 in memory_region_dispatch_write /home/alxndr/Development/qemu/memory.c:1476:16
#7 0x55b9dc577bf3 in flatview_write_continue /home/alxndr/Development/qemu/exec.c:3137:23
#8 0x55b9dc567ad8 in flatview_write /home/alxndr/Development/qemu/exec.c:3177:14
#9 0x55b9dc567608 in address_space_write /home/alxndr/Development/qemu/exec.c:3268:18
#10 0x55b9dc723fe7 in cpu_outb /home/alxndr/Development/qemu/ioport.c:60:5
#11 0x55b9dc72d3c0 in qtest_process_command /home/alxndr/Development/qemu/qtest.c:392:13
#12 0x55b9dc72b186 in qtest_process_inbuf /home/alxndr/Development/qemu/qtest.c:710:9
#13 0x55b9dc72a8b3 in qtest_read /home/alxndr/Development/qemu/qtest.c:722:5
#14 0x55b9ddc6e60b in qemu_chr_be_write_impl /home/alxndr/Development/qemu/chardev/char.c:183:9
#15 0x55b9ddc6e75a in qemu_chr_be_write /home/alxndr/Development/qemu/chardev/char.c:195:9
#16 0x55b9ddc77979 in fd_chr_read /home/alxndr/Development/qemu/chardev/char-fd.c:68:9
#17 0x55b9ddcff0e9 in qio_channel_fd_source_dispatch /home/alxndr/Development/qemu/io/channel-watch.c:84:12
#18 0x7f7161eac897 in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4e897)
#19 0x55b9ddebcb84 in glib_pollfds_poll /home/alxndr/Development/qemu/util/main-loop.c:219:9
#20 0x55b9ddebb57d in os_host_main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:242:5
#21 0x55b9ddebb176 in main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:518:11
#22 0x55b9dcb4bd1d in qemu_main_loop /home/alxndr/Development/qemu/softmmu/vl.c:1664:9
#23 0x55b9ddd1629c in main /home/alxndr/Development/qemu/softmmu/main.c:49:5
#24 0x7f7160a5ce0a in __libc_start_main /build/glibc-GwnBeO/glibc-2.30/csu/../csu/libc-start.c:308:16
#25 0x55b9dc49c819 in _start (/home/alxndr/Development/qemu/build/i386-softmmu/qemu-system-i386+0xc9c819)
I can reproduce this in qemu 5.0 built with AddressSanitizer using these qtest commands:
cat << EOF | ./qemu-system-i386 \
-qtest stdio -nographic -monitor none -serial none \
-M pc-q35-5.0
outl 0xcf8 0x8400f841
outl 0xcfc 0xaa215d6d
outl 0x6d30 0x2ef8ffbe
outb 0xb2 0x20
EOF
Please let me know if I can provide any further info.
-Alex
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1878645/+subscriptions
^ permalink raw reply related [flat|nested] 98+ messages in thread
* Re: [PATCH v4 28/40] tests/acceptance: skip multicore mips_malta tests on GitLab
2020-07-01 16:43 ` Alex Bennée
@ 2020-07-01 17:01 ` Philippe Mathieu-Daudé
2020-07-02 3:06 ` Jiaxun Yang
0 siblings, 1 reply; 98+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-07-01 17:01 UTC (permalink / raw)
To: Alex Bennée
Cc: fam, Aleksandar Rikalo, berrange, Philippe Mathieu-Daudé,
richard.henderson, qemu-devel, Wainer dos Santos Moschetta,
Aleksandar Markovic, cota, Cleber Rosa, aurelien
On 7/1/20 6:43 PM, Alex Bennée wrote:
>
> Philippe Mathieu-Daudé <f4bug@amsat.org> writes:
>
>> On 7/1/20 3:56 PM, Alex Bennée wrote:
>>> For some reason these tests fail all the time on GitLab. I can
>>> re-create the hang around 3% of the time locally but it doesn't seem
>>> to be MTTCG related. For now skipIf on GITLAB_CI.
>>>
>>> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
>>> Cc: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
>>> ---
>>> tests/acceptance/machine_mips_malta.py | 3 +++
>>> 1 file changed, 3 insertions(+)
>>>
>>> diff --git a/tests/acceptance/machine_mips_malta.py b/tests/acceptance/machine_mips_malta.py
>>> index 92b4f28a112..7c9a4ee4d2d 100644
>>> --- a/tests/acceptance/machine_mips_malta.py
>>> +++ b/tests/acceptance/machine_mips_malta.py
>>> @@ -15,6 +15,7 @@ from avocado import skipUnless
>>> from avocado_qemu import Test
>>> from avocado_qemu import wait_for_console_pattern
>>> from avocado.utils import archive
>>> +from avocado import skipIf
>>>
>>>
>>> NUMPY_AVAILABLE = True
>>> @@ -99,6 +100,7 @@ class MaltaMachineFramebuffer(Test):
>>> """
>>> self.do_test_i6400_framebuffer_logo(1)
>>>
>>
>> So the test works using a single core...
>> Good we have a test to figure the bug!
>
> It's about a 1-3% failure rate on my big test box but hits every time on
> CI. However I did disable MTTCG and still saw failures so I think it's a
> more subtle breakage than just a straight race.
I first thought it was a MTTCG problem, but then I realized you didn't
disable the single core test. When using >1 core, the malta uses a
different device, the CPS for Coherent Processing System. It contains
a Inter-Thread Communication Unit and a Global Interrupt Controller.
There might be a I/O locking problem. In particular, some of these
devices access the &cpu->env (the ITU is more of micro-architecture).
This is why I was excited by your finding :) We might have a way
to figure it out.
>
>>
>> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
>>
>>> + @skipIf(os.getenv('GITLAB_CI'), 'Running on GitLab')
>>> def test_mips_malta_i6400_framebuffer_logo_7cores(self):
>>> """
>>> :avocado: tags=arch:mips64el
>>> @@ -108,6 +110,7 @@ class MaltaMachineFramebuffer(Test):
>>> """
>>> self.do_test_i6400_framebuffer_logo(7)
>>>
>>> + @skipIf(os.getenv('GITLAB_CI'), 'Running on GitLab')
>>> def test_mips_malta_i6400_framebuffer_logo_8cores(self):
>>> """
>>> :avocado: tags=arch:mips64el
>>>
>
>
^ permalink raw reply [flat|nested] 98+ messages in thread
* Re: [PATCH v4 01/40] hw/isa: check for current_cpu before generating IRQ
@ 2020-07-01 17:09 ` Alex Bennée
0 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 17:09 UTC (permalink / raw)
To: Philippe Mathieu-Daudé
Cc: fam, berrange, Michael S. Tsirkin, Bug 1878645,
richard.henderson, qemu-devel, cota, aurelien
Philippe Mathieu-Daudé <philmd@redhat.com> writes:
> On 7/1/20 6:40 PM, Alex Bennée wrote:
>>
>> Philippe Mathieu-Daudé <philmd@redhat.com> writes:
>>
>>> On 7/1/20 3:56 PM, Alex Bennée wrote:
>>>> It's possible to trigger this function from qtest/monitor at which
>>>> point current_cpu won't point at the right place. Check it and
>>>> fall back to first_cpu if it's NULL.
>>>>
>>>> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
>>>> Cc: Bug 1878645 <1878645@bugs.launchpad.net>
>>>> ---
>>>> hw/isa/lpc_ich9.c | 2 +-
>>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>>
>>>> diff --git a/hw/isa/lpc_ich9.c b/hw/isa/lpc_ich9.c
>>>> index cd6e169d47a..791c878eb0b 100644
>>>> --- a/hw/isa/lpc_ich9.c
>>>> +++ b/hw/isa/lpc_ich9.c
>>>> @@ -439,7 +439,7 @@ static void ich9_apm_ctrl_changed(uint32_t val, void *arg)
>>>> cpu_interrupt(cs, CPU_INTERRUPT_SMI);
>>>> }
>>>> } else {
>>>> - cpu_interrupt(current_cpu, CPU_INTERRUPT_SMI);
>>>> + cpu_interrupt(current_cpu ? current_cpu : first_cpu, CPU_INTERRUPT_SMI);
>>>
>>> I'm not sure this change anything, as first_cpu is NULL when using
>>> qtest accelerator or none-machine, see 508b4ecc39 ("gdbstub.c: fix
>>> GDB connection segfault caused by empty machines").
>>
>> Good point - anyway feel free to ignore - it shouldn't have been in this
>> series. It was just some random experimentation I was doing when looking
>> at that bug.
>
> See commit c781a2cc42 ("hw/i386/vmport: Allow QTest use without
> crashing") for a similar approach, but here I was thinking about
> a more generic fix, not very intrusive:
>
> -- >8 --
> diff --git a/hw/isa/apm.c b/hw/isa/apm.c
> index bce266b957..809afeb3e4 100644
> --- a/hw/isa/apm.c
> +++ b/hw/isa/apm.c
> @@ -40,7 +40,7 @@ static void apm_ioport_writeb(void *opaque, hwaddr
> addr, uint64_t val,
> if (addr == 0) {
> apm->apmc = val;
>
> - if (apm->callback) {
> + if (apm->callback && !qtest_enabled()) {
> (apm->callback)(val, apm->arg);
> }
But the other failure mode reported on the bug thread was via the
monitor - so I'm not sure just checking for qtest catches that.
> } else {
> ---
--
Alex Bennée
^ permalink raw reply [flat|nested] 98+ messages in thread
* [Bug 1878645] Re: [PATCH v4 01/40] hw/isa: check for current_cpu before generating IRQ
@ 2020-07-01 17:09 ` Alex Bennée
0 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-01 17:09 UTC (permalink / raw)
To: qemu-devel
Philippe Mathieu-Daudé <philmd@redhat.com> writes:
> On 7/1/20 6:40 PM, Alex Bennée wrote:
>>
>> Philippe Mathieu-Daudé <philmd@redhat.com> writes:
>>
>>> On 7/1/20 3:56 PM, Alex Bennée wrote:
>>>> It's possible to trigger this function from qtest/monitor at which
>>>> point current_cpu won't point at the right place. Check it and
>>>> fall back to first_cpu if it's NULL.
>>>>
>>>> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
>>>> Cc: Bug 1878645 <1878645@bugs.launchpad.net>
>>>> ---
>>>> hw/isa/lpc_ich9.c | 2 +-
>>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>>
>>>> diff --git a/hw/isa/lpc_ich9.c b/hw/isa/lpc_ich9.c
>>>> index cd6e169d47a..791c878eb0b 100644
>>>> --- a/hw/isa/lpc_ich9.c
>>>> +++ b/hw/isa/lpc_ich9.c
>>>> @@ -439,7 +439,7 @@ static void ich9_apm_ctrl_changed(uint32_t val, void *arg)
>>>> cpu_interrupt(cs, CPU_INTERRUPT_SMI);
>>>> }
>>>> } else {
>>>> - cpu_interrupt(current_cpu, CPU_INTERRUPT_SMI);
>>>> + cpu_interrupt(current_cpu ? current_cpu : first_cpu, CPU_INTERRUPT_SMI);
>>>
>>> I'm not sure this change anything, as first_cpu is NULL when using
>>> qtest accelerator or none-machine, see 508b4ecc39 ("gdbstub.c: fix
>>> GDB connection segfault caused by empty machines").
>>
>> Good point - anyway feel free to ignore - it shouldn't have been in this
>> series. It was just some random experimentation I was doing when looking
>> at that bug.
>
> See commit c781a2cc42 ("hw/i386/vmport: Allow QTest use without
> crashing") for a similar approach, but here I was thinking about
> a more generic fix, not very intrusive:
>
> -- >8 --
> diff --git a/hw/isa/apm.c b/hw/isa/apm.c
> index bce266b957..809afeb3e4 100644
> --- a/hw/isa/apm.c
> +++ b/hw/isa/apm.c
> @@ -40,7 +40,7 @@ static void apm_ioport_writeb(void *opaque, hwaddr
> addr, uint64_t val,
> if (addr == 0) {
> apm->apmc = val;
>
> - if (apm->callback) {
> + if (apm->callback && !qtest_enabled()) {
> (apm->callback)(val, apm->arg);
> }
But the other failure mode reported on the bug thread was via the
monitor - so I'm not sure just checking for qtest catches that.
> } else {
> ---
--
Alex Bennée
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1878645
Title:
null-ptr dereference in ich9_apm_ctrl_changed
Status in QEMU:
New
Bug description:
Hello,
While fuzzing, I found an input which triggers a NULL pointer dereference in
tcg_handle_interrupt. It seems the culprint is a "cpu" pointer - maybe this bug
is specific to QTest?
==23862==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000000b4 (pc 0x55b9dc7c9dce bp 0x7ffc346a0900 sp 0x7ffc346a0880 T0)
==23862==The signal is caused by a READ memory access.
==23862==Hint: address points to the zero page.
#0 0x55b9dc7c9dce in tcg_handle_interrupt /home/alxndr/Development/qemu/accel/tcg/tcg-all.c:57:21
#1 0x55b9dc904799 in cpu_interrupt /home/alxndr/Development/qemu/include/hw/core/cpu.h:872:5
#2 0x55b9dc9085e8 in ich9_apm_ctrl_changed /home/alxndr/Development/qemu/hw/isa/lpc_ich9.c:442:13
#3 0x55b9dd19cdc8 in apm_ioport_writeb /home/alxndr/Development/qemu/hw/isa/apm.c:50:13
#4 0x55b9dc73f8b4 in memory_region_write_accessor /home/alxndr/Development/qemu/memory.c:483:5
#5 0x55b9dc73f289 in access_with_adjusted_size /home/alxndr/Development/qemu/memory.c:544:18
#6 0x55b9dc73ddf5 in memory_region_dispatch_write /home/alxndr/Development/qemu/memory.c:1476:16
#7 0x55b9dc577bf3 in flatview_write_continue /home/alxndr/Development/qemu/exec.c:3137:23
#8 0x55b9dc567ad8 in flatview_write /home/alxndr/Development/qemu/exec.c:3177:14
#9 0x55b9dc567608 in address_space_write /home/alxndr/Development/qemu/exec.c:3268:18
#10 0x55b9dc723fe7 in cpu_outb /home/alxndr/Development/qemu/ioport.c:60:5
#11 0x55b9dc72d3c0 in qtest_process_command /home/alxndr/Development/qemu/qtest.c:392:13
#12 0x55b9dc72b186 in qtest_process_inbuf /home/alxndr/Development/qemu/qtest.c:710:9
#13 0x55b9dc72a8b3 in qtest_read /home/alxndr/Development/qemu/qtest.c:722:5
#14 0x55b9ddc6e60b in qemu_chr_be_write_impl /home/alxndr/Development/qemu/chardev/char.c:183:9
#15 0x55b9ddc6e75a in qemu_chr_be_write /home/alxndr/Development/qemu/chardev/char.c:195:9
#16 0x55b9ddc77979 in fd_chr_read /home/alxndr/Development/qemu/chardev/char-fd.c:68:9
#17 0x55b9ddcff0e9 in qio_channel_fd_source_dispatch /home/alxndr/Development/qemu/io/channel-watch.c:84:12
#18 0x7f7161eac897 in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4e897)
#19 0x55b9ddebcb84 in glib_pollfds_poll /home/alxndr/Development/qemu/util/main-loop.c:219:9
#20 0x55b9ddebb57d in os_host_main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:242:5
#21 0x55b9ddebb176 in main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:518:11
#22 0x55b9dcb4bd1d in qemu_main_loop /home/alxndr/Development/qemu/softmmu/vl.c:1664:9
#23 0x55b9ddd1629c in main /home/alxndr/Development/qemu/softmmu/main.c:49:5
#24 0x7f7160a5ce0a in __libc_start_main /build/glibc-GwnBeO/glibc-2.30/csu/../csu/libc-start.c:308:16
#25 0x55b9dc49c819 in _start (/home/alxndr/Development/qemu/build/i386-softmmu/qemu-system-i386+0xc9c819)
I can reproduce this in qemu 5.0 built with AddressSanitizer using these qtest commands:
cat << EOF | ./qemu-system-i386 \
-qtest stdio -nographic -monitor none -serial none \
-M pc-q35-5.0
outl 0xcf8 0x8400f841
outl 0xcfc 0xaa215d6d
outl 0x6d30 0x2ef8ffbe
outb 0xb2 0x20
EOF
Please let me know if I can provide any further info.
-Alex
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1878645/+subscriptions
^ permalink raw reply [flat|nested] 98+ messages in thread
* Re: [PATCH v4 01/40] hw/isa: check for current_cpu before generating IRQ
@ 2020-07-01 17:34 ` Philippe Mathieu-Daudé
0 siblings, 0 replies; 98+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-07-01 17:34 UTC (permalink / raw)
To: Alex Bennée
Cc: fam, berrange, Michael S. Tsirkin, Bug 1878645,
richard.henderson, qemu-devel, cota, Paolo Bonzini, aurelien
+Paolo
On 7/1/20 7:09 PM, Alex Bennée wrote:
> Philippe Mathieu-Daudé <philmd@redhat.com> writes:
>> On 7/1/20 6:40 PM, Alex Bennée wrote:
>>> Philippe Mathieu-Daudé <philmd@redhat.com> writes:
>>>
>>>> On 7/1/20 3:56 PM, Alex Bennée wrote:
>>>>> It's possible to trigger this function from qtest/monitor at which
>>>>> point current_cpu won't point at the right place. Check it and
>>>>> fall back to first_cpu if it's NULL.
>>>>>
>>>>> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
>>>>> Cc: Bug 1878645 <1878645@bugs.launchpad.net>
>>>>> ---
>>>>> hw/isa/lpc_ich9.c | 2 +-
>>>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>>>
>>>>> diff --git a/hw/isa/lpc_ich9.c b/hw/isa/lpc_ich9.c
>>>>> index cd6e169d47a..791c878eb0b 100644
>>>>> --- a/hw/isa/lpc_ich9.c
>>>>> +++ b/hw/isa/lpc_ich9.c
>>>>> @@ -439,7 +439,7 @@ static void ich9_apm_ctrl_changed(uint32_t val, void *arg)
>>>>> cpu_interrupt(cs, CPU_INTERRUPT_SMI);
>>>>> }
>>>>> } else {
>>>>> - cpu_interrupt(current_cpu, CPU_INTERRUPT_SMI);
>>>>> + cpu_interrupt(current_cpu ? current_cpu : first_cpu, CPU_INTERRUPT_SMI);
>>>>
>>>> I'm not sure this change anything, as first_cpu is NULL when using
>>>> qtest accelerator or none-machine, see 508b4ecc39 ("gdbstub.c: fix
>>>> GDB connection segfault caused by empty machines").
>>>
>>> Good point - anyway feel free to ignore - it shouldn't have been in this
>>> series. It was just some random experimentation I was doing when looking
>>> at that bug.
>>
>> See commit c781a2cc42 ("hw/i386/vmport: Allow QTest use without
>> crashing") for a similar approach, but here I was thinking about
>> a more generic fix, not very intrusive:
>>
>> -- >8 --
>> diff --git a/hw/isa/apm.c b/hw/isa/apm.c
>> index bce266b957..809afeb3e4 100644
>> --- a/hw/isa/apm.c
>> +++ b/hw/isa/apm.c
>> @@ -40,7 +40,7 @@ static void apm_ioport_writeb(void *opaque, hwaddr
>> addr, uint64_t val,
>> if (addr == 0) {
>> apm->apmc = val;
>>
>> - if (apm->callback) {
>> + if (apm->callback && !qtest_enabled()) {
>> (apm->callback)(val, apm->arg);
>> }
>
> But the other failure mode reported on the bug thread was via the
> monitor - so I'm not sure just checking for qtest catches that.
Ah indeed.
in exec.c:
/* current CPU in the current thread. It is only valid inside
cpu_exec() */
__thread CPUState *current_cpu;
Maybe we shouldn't use current_cpu out of exec.c...
^ permalink raw reply [flat|nested] 98+ messages in thread
* [Bug 1878645] Re: [PATCH v4 01/40] hw/isa: check for current_cpu before generating IRQ
@ 2020-07-01 17:34 ` Philippe Mathieu-Daudé
0 siblings, 0 replies; 98+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-07-01 17:34 UTC (permalink / raw)
To: qemu-devel
+Paolo
On 7/1/20 7:09 PM, Alex Bennée wrote:
> Philippe Mathieu-Daudé <philmd@redhat.com> writes:
>> On 7/1/20 6:40 PM, Alex Bennée wrote:
>>> Philippe Mathieu-Daudé <philmd@redhat.com> writes:
>>>
>>>> On 7/1/20 3:56 PM, Alex Bennée wrote:
>>>>> It's possible to trigger this function from qtest/monitor at which
>>>>> point current_cpu won't point at the right place. Check it and
>>>>> fall back to first_cpu if it's NULL.
>>>>>
>>>>> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
>>>>> Cc: Bug 1878645 <1878645@bugs.launchpad.net>
>>>>> ---
>>>>> hw/isa/lpc_ich9.c | 2 +-
>>>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>>>
>>>>> diff --git a/hw/isa/lpc_ich9.c b/hw/isa/lpc_ich9.c
>>>>> index cd6e169d47a..791c878eb0b 100644
>>>>> --- a/hw/isa/lpc_ich9.c
>>>>> +++ b/hw/isa/lpc_ich9.c
>>>>> @@ -439,7 +439,7 @@ static void ich9_apm_ctrl_changed(uint32_t val, void *arg)
>>>>> cpu_interrupt(cs, CPU_INTERRUPT_SMI);
>>>>> }
>>>>> } else {
>>>>> - cpu_interrupt(current_cpu, CPU_INTERRUPT_SMI);
>>>>> + cpu_interrupt(current_cpu ? current_cpu : first_cpu, CPU_INTERRUPT_SMI);
>>>>
>>>> I'm not sure this change anything, as first_cpu is NULL when using
>>>> qtest accelerator or none-machine, see 508b4ecc39 ("gdbstub.c: fix
>>>> GDB connection segfault caused by empty machines").
>>>
>>> Good point - anyway feel free to ignore - it shouldn't have been in this
>>> series. It was just some random experimentation I was doing when looking
>>> at that bug.
>>
>> See commit c781a2cc42 ("hw/i386/vmport: Allow QTest use without
>> crashing") for a similar approach, but here I was thinking about
>> a more generic fix, not very intrusive:
>>
>> -- >8 --
>> diff --git a/hw/isa/apm.c b/hw/isa/apm.c
>> index bce266b957..809afeb3e4 100644
>> --- a/hw/isa/apm.c
>> +++ b/hw/isa/apm.c
>> @@ -40,7 +40,7 @@ static void apm_ioport_writeb(void *opaque, hwaddr
>> addr, uint64_t val,
>> if (addr == 0) {
>> apm->apmc = val;
>>
>> - if (apm->callback) {
>> + if (apm->callback && !qtest_enabled()) {
>> (apm->callback)(val, apm->arg);
>> }
>
> But the other failure mode reported on the bug thread was via the
> monitor - so I'm not sure just checking for qtest catches that.
Ah indeed.
in exec.c:
/* current CPU in the current thread. It is only valid inside
cpu_exec() */
__thread CPUState *current_cpu;
Maybe we shouldn't use current_cpu out of exec.c...
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1878645
Title:
null-ptr dereference in ich9_apm_ctrl_changed
Status in QEMU:
New
Bug description:
Hello,
While fuzzing, I found an input which triggers a NULL pointer dereference in
tcg_handle_interrupt. It seems the culprint is a "cpu" pointer - maybe this bug
is specific to QTest?
==23862==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000000b4 (pc 0x55b9dc7c9dce bp 0x7ffc346a0900 sp 0x7ffc346a0880 T0)
==23862==The signal is caused by a READ memory access.
==23862==Hint: address points to the zero page.
#0 0x55b9dc7c9dce in tcg_handle_interrupt /home/alxndr/Development/qemu/accel/tcg/tcg-all.c:57:21
#1 0x55b9dc904799 in cpu_interrupt /home/alxndr/Development/qemu/include/hw/core/cpu.h:872:5
#2 0x55b9dc9085e8 in ich9_apm_ctrl_changed /home/alxndr/Development/qemu/hw/isa/lpc_ich9.c:442:13
#3 0x55b9dd19cdc8 in apm_ioport_writeb /home/alxndr/Development/qemu/hw/isa/apm.c:50:13
#4 0x55b9dc73f8b4 in memory_region_write_accessor /home/alxndr/Development/qemu/memory.c:483:5
#5 0x55b9dc73f289 in access_with_adjusted_size /home/alxndr/Development/qemu/memory.c:544:18
#6 0x55b9dc73ddf5 in memory_region_dispatch_write /home/alxndr/Development/qemu/memory.c:1476:16
#7 0x55b9dc577bf3 in flatview_write_continue /home/alxndr/Development/qemu/exec.c:3137:23
#8 0x55b9dc567ad8 in flatview_write /home/alxndr/Development/qemu/exec.c:3177:14
#9 0x55b9dc567608 in address_space_write /home/alxndr/Development/qemu/exec.c:3268:18
#10 0x55b9dc723fe7 in cpu_outb /home/alxndr/Development/qemu/ioport.c:60:5
#11 0x55b9dc72d3c0 in qtest_process_command /home/alxndr/Development/qemu/qtest.c:392:13
#12 0x55b9dc72b186 in qtest_process_inbuf /home/alxndr/Development/qemu/qtest.c:710:9
#13 0x55b9dc72a8b3 in qtest_read /home/alxndr/Development/qemu/qtest.c:722:5
#14 0x55b9ddc6e60b in qemu_chr_be_write_impl /home/alxndr/Development/qemu/chardev/char.c:183:9
#15 0x55b9ddc6e75a in qemu_chr_be_write /home/alxndr/Development/qemu/chardev/char.c:195:9
#16 0x55b9ddc77979 in fd_chr_read /home/alxndr/Development/qemu/chardev/char-fd.c:68:9
#17 0x55b9ddcff0e9 in qio_channel_fd_source_dispatch /home/alxndr/Development/qemu/io/channel-watch.c:84:12
#18 0x7f7161eac897 in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4e897)
#19 0x55b9ddebcb84 in glib_pollfds_poll /home/alxndr/Development/qemu/util/main-loop.c:219:9
#20 0x55b9ddebb57d in os_host_main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:242:5
#21 0x55b9ddebb176 in main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:518:11
#22 0x55b9dcb4bd1d in qemu_main_loop /home/alxndr/Development/qemu/softmmu/vl.c:1664:9
#23 0x55b9ddd1629c in main /home/alxndr/Development/qemu/softmmu/main.c:49:5
#24 0x7f7160a5ce0a in __libc_start_main /build/glibc-GwnBeO/glibc-2.30/csu/../csu/libc-start.c:308:16
#25 0x55b9dc49c819 in _start (/home/alxndr/Development/qemu/build/i386-softmmu/qemu-system-i386+0xc9c819)
I can reproduce this in qemu 5.0 built with AddressSanitizer using these qtest commands:
cat << EOF | ./qemu-system-i386 \
-qtest stdio -nographic -monitor none -serial none \
-M pc-q35-5.0
outl 0xcf8 0x8400f841
outl 0xcfc 0xaa215d6d
outl 0x6d30 0x2ef8ffbe
outb 0xb2 0x20
EOF
Please let me know if I can provide any further info.
-Alex
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1878645/+subscriptions
^ permalink raw reply [flat|nested] 98+ messages in thread
* Re: [PATCH v4 01/40] hw/isa: check for current_cpu before generating IRQ
@ 2020-07-01 17:37 ` Philippe Mathieu-Daudé
0 siblings, 0 replies; 98+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-07-01 17:37 UTC (permalink / raw)
To: Alex Bennée
Cc: fam, berrange, Michael S. Tsirkin, Bug 1878645,
richard.henderson, qemu-devel, cota, Paolo Bonzini, aurelien
On 7/1/20 7:34 PM, Philippe Mathieu-Daudé wrote:
> +Paolo
>
> On 7/1/20 7:09 PM, Alex Bennée wrote:
>> Philippe Mathieu-Daudé <philmd@redhat.com> writes:
>>> On 7/1/20 6:40 PM, Alex Bennée wrote:
>>>> Philippe Mathieu-Daudé <philmd@redhat.com> writes:
>>>>
>>>>> On 7/1/20 3:56 PM, Alex Bennée wrote:
>>>>>> It's possible to trigger this function from qtest/monitor at which
>>>>>> point current_cpu won't point at the right place. Check it and
>>>>>> fall back to first_cpu if it's NULL.
>>>>>>
>>>>>> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
>>>>>> Cc: Bug 1878645 <1878645@bugs.launchpad.net>
>>>>>> ---
>>>>>> hw/isa/lpc_ich9.c | 2 +-
>>>>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>>>>
>>>>>> diff --git a/hw/isa/lpc_ich9.c b/hw/isa/lpc_ich9.c
>>>>>> index cd6e169d47a..791c878eb0b 100644
>>>>>> --- a/hw/isa/lpc_ich9.c
>>>>>> +++ b/hw/isa/lpc_ich9.c
>>>>>> @@ -439,7 +439,7 @@ static void ich9_apm_ctrl_changed(uint32_t val, void *arg)
>>>>>> cpu_interrupt(cs, CPU_INTERRUPT_SMI);
>>>>>> }
>>>>>> } else {
>>>>>> - cpu_interrupt(current_cpu, CPU_INTERRUPT_SMI);
>>>>>> + cpu_interrupt(current_cpu ? current_cpu : first_cpu, CPU_INTERRUPT_SMI);
>>>>>
>>>>> I'm not sure this change anything, as first_cpu is NULL when using
>>>>> qtest accelerator or none-machine, see 508b4ecc39 ("gdbstub.c: fix
>>>>> GDB connection segfault caused by empty machines").
>>>>
>>>> Good point - anyway feel free to ignore - it shouldn't have been in this
>>>> series. It was just some random experimentation I was doing when looking
>>>> at that bug.
>>>
>>> See commit c781a2cc42 ("hw/i386/vmport: Allow QTest use without
>>> crashing") for a similar approach, but here I was thinking about
>>> a more generic fix, not very intrusive:
>>>
>>> -- >8 --
>>> diff --git a/hw/isa/apm.c b/hw/isa/apm.c
>>> index bce266b957..809afeb3e4 100644
>>> --- a/hw/isa/apm.c
>>> +++ b/hw/isa/apm.c
>>> @@ -40,7 +40,7 @@ static void apm_ioport_writeb(void *opaque, hwaddr
>>> addr, uint64_t val,
>>> if (addr == 0) {
>>> apm->apmc = val;
>>>
>>> - if (apm->callback) {
>>> + if (apm->callback && !qtest_enabled()) {
>>> (apm->callback)(val, apm->arg);
>>> }
>>
>> But the other failure mode reported on the bug thread was via the
>> monitor - so I'm not sure just checking for qtest catches that.
>
> Ah indeed.
>
> in exec.c:
>
> /* current CPU in the current thread. It is only valid inside
> cpu_exec() */
> __thread CPUState *current_cpu;
>
> Maybe we shouldn't use current_cpu out of exec.c...
I meant, out of cpu_exec(), a cpu thread. Here we access it
from an I/O thread.
^ permalink raw reply [flat|nested] 98+ messages in thread
* [Bug 1878645] Re: [PATCH v4 01/40] hw/isa: check for current_cpu before generating IRQ
@ 2020-07-01 17:37 ` Philippe Mathieu-Daudé
0 siblings, 0 replies; 98+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-07-01 17:37 UTC (permalink / raw)
To: qemu-devel
On 7/1/20 7:34 PM, Philippe Mathieu-Daudé wrote:
> +Paolo
>
> On 7/1/20 7:09 PM, Alex Bennée wrote:
>> Philippe Mathieu-Daudé <philmd@redhat.com> writes:
>>> On 7/1/20 6:40 PM, Alex Bennée wrote:
>>>> Philippe Mathieu-Daudé <philmd@redhat.com> writes:
>>>>
>>>>> On 7/1/20 3:56 PM, Alex Bennée wrote:
>>>>>> It's possible to trigger this function from qtest/monitor at which
>>>>>> point current_cpu won't point at the right place. Check it and
>>>>>> fall back to first_cpu if it's NULL.
>>>>>>
>>>>>> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
>>>>>> Cc: Bug 1878645 <1878645@bugs.launchpad.net>
>>>>>> ---
>>>>>> hw/isa/lpc_ich9.c | 2 +-
>>>>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>>>>
>>>>>> diff --git a/hw/isa/lpc_ich9.c b/hw/isa/lpc_ich9.c
>>>>>> index cd6e169d47a..791c878eb0b 100644
>>>>>> --- a/hw/isa/lpc_ich9.c
>>>>>> +++ b/hw/isa/lpc_ich9.c
>>>>>> @@ -439,7 +439,7 @@ static void ich9_apm_ctrl_changed(uint32_t val, void *arg)
>>>>>> cpu_interrupt(cs, CPU_INTERRUPT_SMI);
>>>>>> }
>>>>>> } else {
>>>>>> - cpu_interrupt(current_cpu, CPU_INTERRUPT_SMI);
>>>>>> + cpu_interrupt(current_cpu ? current_cpu : first_cpu, CPU_INTERRUPT_SMI);
>>>>>
>>>>> I'm not sure this change anything, as first_cpu is NULL when using
>>>>> qtest accelerator or none-machine, see 508b4ecc39 ("gdbstub.c: fix
>>>>> GDB connection segfault caused by empty machines").
>>>>
>>>> Good point - anyway feel free to ignore - it shouldn't have been in this
>>>> series. It was just some random experimentation I was doing when looking
>>>> at that bug.
>>>
>>> See commit c781a2cc42 ("hw/i386/vmport: Allow QTest use without
>>> crashing") for a similar approach, but here I was thinking about
>>> a more generic fix, not very intrusive:
>>>
>>> -- >8 --
>>> diff --git a/hw/isa/apm.c b/hw/isa/apm.c
>>> index bce266b957..809afeb3e4 100644
>>> --- a/hw/isa/apm.c
>>> +++ b/hw/isa/apm.c
>>> @@ -40,7 +40,7 @@ static void apm_ioport_writeb(void *opaque, hwaddr
>>> addr, uint64_t val,
>>> if (addr == 0) {
>>> apm->apmc = val;
>>>
>>> - if (apm->callback) {
>>> + if (apm->callback && !qtest_enabled()) {
>>> (apm->callback)(val, apm->arg);
>>> }
>>
>> But the other failure mode reported on the bug thread was via the
>> monitor - so I'm not sure just checking for qtest catches that.
>
> Ah indeed.
>
> in exec.c:
>
> /* current CPU in the current thread. It is only valid inside
> cpu_exec() */
> __thread CPUState *current_cpu;
>
> Maybe we shouldn't use current_cpu out of exec.c...
I meant, out of cpu_exec(), a cpu thread. Here we access it
from an I/O thread.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1878645
Title:
null-ptr dereference in ich9_apm_ctrl_changed
Status in QEMU:
New
Bug description:
Hello,
While fuzzing, I found an input which triggers a NULL pointer dereference in
tcg_handle_interrupt. It seems the culprint is a "cpu" pointer - maybe this bug
is specific to QTest?
==23862==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000000b4 (pc 0x55b9dc7c9dce bp 0x7ffc346a0900 sp 0x7ffc346a0880 T0)
==23862==The signal is caused by a READ memory access.
==23862==Hint: address points to the zero page.
#0 0x55b9dc7c9dce in tcg_handle_interrupt /home/alxndr/Development/qemu/accel/tcg/tcg-all.c:57:21
#1 0x55b9dc904799 in cpu_interrupt /home/alxndr/Development/qemu/include/hw/core/cpu.h:872:5
#2 0x55b9dc9085e8 in ich9_apm_ctrl_changed /home/alxndr/Development/qemu/hw/isa/lpc_ich9.c:442:13
#3 0x55b9dd19cdc8 in apm_ioport_writeb /home/alxndr/Development/qemu/hw/isa/apm.c:50:13
#4 0x55b9dc73f8b4 in memory_region_write_accessor /home/alxndr/Development/qemu/memory.c:483:5
#5 0x55b9dc73f289 in access_with_adjusted_size /home/alxndr/Development/qemu/memory.c:544:18
#6 0x55b9dc73ddf5 in memory_region_dispatch_write /home/alxndr/Development/qemu/memory.c:1476:16
#7 0x55b9dc577bf3 in flatview_write_continue /home/alxndr/Development/qemu/exec.c:3137:23
#8 0x55b9dc567ad8 in flatview_write /home/alxndr/Development/qemu/exec.c:3177:14
#9 0x55b9dc567608 in address_space_write /home/alxndr/Development/qemu/exec.c:3268:18
#10 0x55b9dc723fe7 in cpu_outb /home/alxndr/Development/qemu/ioport.c:60:5
#11 0x55b9dc72d3c0 in qtest_process_command /home/alxndr/Development/qemu/qtest.c:392:13
#12 0x55b9dc72b186 in qtest_process_inbuf /home/alxndr/Development/qemu/qtest.c:710:9
#13 0x55b9dc72a8b3 in qtest_read /home/alxndr/Development/qemu/qtest.c:722:5
#14 0x55b9ddc6e60b in qemu_chr_be_write_impl /home/alxndr/Development/qemu/chardev/char.c:183:9
#15 0x55b9ddc6e75a in qemu_chr_be_write /home/alxndr/Development/qemu/chardev/char.c:195:9
#16 0x55b9ddc77979 in fd_chr_read /home/alxndr/Development/qemu/chardev/char-fd.c:68:9
#17 0x55b9ddcff0e9 in qio_channel_fd_source_dispatch /home/alxndr/Development/qemu/io/channel-watch.c:84:12
#18 0x7f7161eac897 in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4e897)
#19 0x55b9ddebcb84 in glib_pollfds_poll /home/alxndr/Development/qemu/util/main-loop.c:219:9
#20 0x55b9ddebb57d in os_host_main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:242:5
#21 0x55b9ddebb176 in main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:518:11
#22 0x55b9dcb4bd1d in qemu_main_loop /home/alxndr/Development/qemu/softmmu/vl.c:1664:9
#23 0x55b9ddd1629c in main /home/alxndr/Development/qemu/softmmu/main.c:49:5
#24 0x7f7160a5ce0a in __libc_start_main /build/glibc-GwnBeO/glibc-2.30/csu/../csu/libc-start.c:308:16
#25 0x55b9dc49c819 in _start (/home/alxndr/Development/qemu/build/i386-softmmu/qemu-system-i386+0xc9c819)
I can reproduce this in qemu 5.0 built with AddressSanitizer using these qtest commands:
cat << EOF | ./qemu-system-i386 \
-qtest stdio -nographic -monitor none -serial none \
-M pc-q35-5.0
outl 0xcf8 0x8400f841
outl 0xcfc 0xaa215d6d
outl 0x6d30 0x2ef8ffbe
outb 0xb2 0x20
EOF
Please let me know if I can provide any further info.
-Alex
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1878645/+subscriptions
^ permalink raw reply [flat|nested] 98+ messages in thread
* Re: [PATCH v4 01/40] hw/isa: check for current_cpu before generating IRQ
@ 2020-07-01 17:48 ` Philippe Mathieu-Daudé
0 siblings, 0 replies; 98+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-07-01 17:48 UTC (permalink / raw)
To: Alex Bennée
Cc: fam, berrange, Michael S. Tsirkin, Bug 1878645,
richard.henderson, qemu-devel, cota, Igor Mammedov,
Paolo Bonzini, aurelien
+MST/Igor for ICH9
On 7/1/20 7:37 PM, Philippe Mathieu-Daudé wrote:
> On 7/1/20 7:34 PM, Philippe Mathieu-Daudé wrote:
>> +Paolo
>>
>> On 7/1/20 7:09 PM, Alex Bennée wrote:
>>> Philippe Mathieu-Daudé <philmd@redhat.com> writes:
>>>> On 7/1/20 6:40 PM, Alex Bennée wrote:
>>>>> Philippe Mathieu-Daudé <philmd@redhat.com> writes:
>>>>>
>>>>>> On 7/1/20 3:56 PM, Alex Bennée wrote:
>>>>>>> It's possible to trigger this function from qtest/monitor at which
>>>>>>> point current_cpu won't point at the right place. Check it and
>>>>>>> fall back to first_cpu if it's NULL.
>>>>>>>
>>>>>>> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
>>>>>>> Cc: Bug 1878645 <1878645@bugs.launchpad.net>
>>>>>>> ---
>>>>>>> hw/isa/lpc_ich9.c | 2 +-
>>>>>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>>>>>
>>>>>>> diff --git a/hw/isa/lpc_ich9.c b/hw/isa/lpc_ich9.c
>>>>>>> index cd6e169d47a..791c878eb0b 100644
>>>>>>> --- a/hw/isa/lpc_ich9.c
>>>>>>> +++ b/hw/isa/lpc_ich9.c
>>>>>>> @@ -439,7 +439,7 @@ static void ich9_apm_ctrl_changed(uint32_t val, void *arg)
>>>>>>> cpu_interrupt(cs, CPU_INTERRUPT_SMI);
>>>>>>> }
>>>>>>> } else {
>>>>>>> - cpu_interrupt(current_cpu, CPU_INTERRUPT_SMI);
>>>>>>> + cpu_interrupt(current_cpu ? current_cpu : first_cpu, CPU_INTERRUPT_SMI);
>>>>>>
>>>>>> I'm not sure this change anything, as first_cpu is NULL when using
>>>>>> qtest accelerator or none-machine, see 508b4ecc39 ("gdbstub.c: fix
>>>>>> GDB connection segfault caused by empty machines").
>>>>>
>>>>> Good point - anyway feel free to ignore - it shouldn't have been in this
>>>>> series. It was just some random experimentation I was doing when looking
>>>>> at that bug.
>>>>
>>>> See commit c781a2cc42 ("hw/i386/vmport: Allow QTest use without
>>>> crashing") for a similar approach, but here I was thinking about
>>>> a more generic fix, not very intrusive:
>>>>
>>>> -- >8 --
>>>> diff --git a/hw/isa/apm.c b/hw/isa/apm.c
>>>> index bce266b957..809afeb3e4 100644
>>>> --- a/hw/isa/apm.c
>>>> +++ b/hw/isa/apm.c
>>>> @@ -40,7 +40,7 @@ static void apm_ioport_writeb(void *opaque, hwaddr
>>>> addr, uint64_t val,
>>>> if (addr == 0) {
>>>> apm->apmc = val;
>>>>
>>>> - if (apm->callback) {
>>>> + if (apm->callback && !qtest_enabled()) {
>>>> (apm->callback)(val, apm->arg);
>>>> }
>>>
>>> But the other failure mode reported on the bug thread was via the
>>> monitor - so I'm not sure just checking for qtest catches that.
>>
>> Ah indeed.
>>
>> in exec.c:
>>
>> /* current CPU in the current thread. It is only valid inside
>> cpu_exec() */
>> __thread CPUState *current_cpu;
>>
>> Maybe we shouldn't use current_cpu out of exec.c...
>
> I meant, out of cpu_exec(), a cpu thread. Here we access it
> from an I/O thread.
ARM and S390X use:
hw/arm/boot.c:460: ARMCPU *armcpu = ARM_CPU(qemu_get_cpu(0));
hw/arm/virt.c:331: armcpu = ARM_CPU(qemu_get_cpu(0));
hw/arm/virt.c:549: armcpu = ARM_CPU(qemu_get_cpu(0));
hw/cpu/a15mpcore.c:69: cpuobj = OBJECT(qemu_get_cpu(0));
hw/cpu/a9mpcore.c:76: cpuobj = OBJECT(qemu_get_cpu(0));
target/s390x/cpu_models.c:155: cpu = S390_CPU(qemu_get_cpu(0));
target/s390x/cpu_models.c:169: cpu = S390_CPU(qemu_get_cpu(0));
target/s390x/cpu_models.c:184: cpu = S390_CPU(qemu_get_cpu(0));
target/s390x/cpu_models.c:204: cpu = S390_CPU(qemu_get_cpu(0));
target/s390x/cpu_models.c:218: cpu = S390_CPU(qemu_get_cpu(0));
It seems odd that the ICH9 delivers the SMI on a random core.
Usually the IRQ lines are wired to a particular unit.
^ permalink raw reply [flat|nested] 98+ messages in thread
* [Bug 1878645] Re: [PATCH v4 01/40] hw/isa: check for current_cpu before generating IRQ
@ 2020-07-01 17:48 ` Philippe Mathieu-Daudé
0 siblings, 0 replies; 98+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-07-01 17:48 UTC (permalink / raw)
To: qemu-devel
+MST/Igor for ICH9
On 7/1/20 7:37 PM, Philippe Mathieu-Daudé wrote:
> On 7/1/20 7:34 PM, Philippe Mathieu-Daudé wrote:
>> +Paolo
>>
>> On 7/1/20 7:09 PM, Alex Bennée wrote:
>>> Philippe Mathieu-Daudé <philmd@redhat.com> writes:
>>>> On 7/1/20 6:40 PM, Alex Bennée wrote:
>>>>> Philippe Mathieu-Daudé <philmd@redhat.com> writes:
>>>>>
>>>>>> On 7/1/20 3:56 PM, Alex Bennée wrote:
>>>>>>> It's possible to trigger this function from qtest/monitor at which
>>>>>>> point current_cpu won't point at the right place. Check it and
>>>>>>> fall back to first_cpu if it's NULL.
>>>>>>>
>>>>>>> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
>>>>>>> Cc: Bug 1878645 <1878645@bugs.launchpad.net>
>>>>>>> ---
>>>>>>> hw/isa/lpc_ich9.c | 2 +-
>>>>>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>>>>>
>>>>>>> diff --git a/hw/isa/lpc_ich9.c b/hw/isa/lpc_ich9.c
>>>>>>> index cd6e169d47a..791c878eb0b 100644
>>>>>>> --- a/hw/isa/lpc_ich9.c
>>>>>>> +++ b/hw/isa/lpc_ich9.c
>>>>>>> @@ -439,7 +439,7 @@ static void ich9_apm_ctrl_changed(uint32_t val, void *arg)
>>>>>>> cpu_interrupt(cs, CPU_INTERRUPT_SMI);
>>>>>>> }
>>>>>>> } else {
>>>>>>> - cpu_interrupt(current_cpu, CPU_INTERRUPT_SMI);
>>>>>>> + cpu_interrupt(current_cpu ? current_cpu : first_cpu, CPU_INTERRUPT_SMI);
>>>>>>
>>>>>> I'm not sure this change anything, as first_cpu is NULL when using
>>>>>> qtest accelerator or none-machine, see 508b4ecc39 ("gdbstub.c: fix
>>>>>> GDB connection segfault caused by empty machines").
>>>>>
>>>>> Good point - anyway feel free to ignore - it shouldn't have been in this
>>>>> series. It was just some random experimentation I was doing when looking
>>>>> at that bug.
>>>>
>>>> See commit c781a2cc42 ("hw/i386/vmport: Allow QTest use without
>>>> crashing") for a similar approach, but here I was thinking about
>>>> a more generic fix, not very intrusive:
>>>>
>>>> -- >8 --
>>>> diff --git a/hw/isa/apm.c b/hw/isa/apm.c
>>>> index bce266b957..809afeb3e4 100644
>>>> --- a/hw/isa/apm.c
>>>> +++ b/hw/isa/apm.c
>>>> @@ -40,7 +40,7 @@ static void apm_ioport_writeb(void *opaque, hwaddr
>>>> addr, uint64_t val,
>>>> if (addr == 0) {
>>>> apm->apmc = val;
>>>>
>>>> - if (apm->callback) {
>>>> + if (apm->callback && !qtest_enabled()) {
>>>> (apm->callback)(val, apm->arg);
>>>> }
>>>
>>> But the other failure mode reported on the bug thread was via the
>>> monitor - so I'm not sure just checking for qtest catches that.
>>
>> Ah indeed.
>>
>> in exec.c:
>>
>> /* current CPU in the current thread. It is only valid inside
>> cpu_exec() */
>> __thread CPUState *current_cpu;
>>
>> Maybe we shouldn't use current_cpu out of exec.c...
>
> I meant, out of cpu_exec(), a cpu thread. Here we access it
> from an I/O thread.
ARM and S390X use:
hw/arm/boot.c:460: ARMCPU *armcpu = ARM_CPU(qemu_get_cpu(0));
hw/arm/virt.c:331: armcpu = ARM_CPU(qemu_get_cpu(0));
hw/arm/virt.c:549: armcpu = ARM_CPU(qemu_get_cpu(0));
hw/cpu/a15mpcore.c:69: cpuobj = OBJECT(qemu_get_cpu(0));
hw/cpu/a9mpcore.c:76: cpuobj = OBJECT(qemu_get_cpu(0));
target/s390x/cpu_models.c:155: cpu = S390_CPU(qemu_get_cpu(0));
target/s390x/cpu_models.c:169: cpu = S390_CPU(qemu_get_cpu(0));
target/s390x/cpu_models.c:184: cpu = S390_CPU(qemu_get_cpu(0));
target/s390x/cpu_models.c:204: cpu = S390_CPU(qemu_get_cpu(0));
target/s390x/cpu_models.c:218: cpu = S390_CPU(qemu_get_cpu(0));
It seems odd that the ICH9 delivers the SMI on a random core.
Usually the IRQ lines are wired to a particular unit.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1878645
Title:
null-ptr dereference in ich9_apm_ctrl_changed
Status in QEMU:
New
Bug description:
Hello,
While fuzzing, I found an input which triggers a NULL pointer dereference in
tcg_handle_interrupt. It seems the culprint is a "cpu" pointer - maybe this bug
is specific to QTest?
==23862==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000000b4 (pc 0x55b9dc7c9dce bp 0x7ffc346a0900 sp 0x7ffc346a0880 T0)
==23862==The signal is caused by a READ memory access.
==23862==Hint: address points to the zero page.
#0 0x55b9dc7c9dce in tcg_handle_interrupt /home/alxndr/Development/qemu/accel/tcg/tcg-all.c:57:21
#1 0x55b9dc904799 in cpu_interrupt /home/alxndr/Development/qemu/include/hw/core/cpu.h:872:5
#2 0x55b9dc9085e8 in ich9_apm_ctrl_changed /home/alxndr/Development/qemu/hw/isa/lpc_ich9.c:442:13
#3 0x55b9dd19cdc8 in apm_ioport_writeb /home/alxndr/Development/qemu/hw/isa/apm.c:50:13
#4 0x55b9dc73f8b4 in memory_region_write_accessor /home/alxndr/Development/qemu/memory.c:483:5
#5 0x55b9dc73f289 in access_with_adjusted_size /home/alxndr/Development/qemu/memory.c:544:18
#6 0x55b9dc73ddf5 in memory_region_dispatch_write /home/alxndr/Development/qemu/memory.c:1476:16
#7 0x55b9dc577bf3 in flatview_write_continue /home/alxndr/Development/qemu/exec.c:3137:23
#8 0x55b9dc567ad8 in flatview_write /home/alxndr/Development/qemu/exec.c:3177:14
#9 0x55b9dc567608 in address_space_write /home/alxndr/Development/qemu/exec.c:3268:18
#10 0x55b9dc723fe7 in cpu_outb /home/alxndr/Development/qemu/ioport.c:60:5
#11 0x55b9dc72d3c0 in qtest_process_command /home/alxndr/Development/qemu/qtest.c:392:13
#12 0x55b9dc72b186 in qtest_process_inbuf /home/alxndr/Development/qemu/qtest.c:710:9
#13 0x55b9dc72a8b3 in qtest_read /home/alxndr/Development/qemu/qtest.c:722:5
#14 0x55b9ddc6e60b in qemu_chr_be_write_impl /home/alxndr/Development/qemu/chardev/char.c:183:9
#15 0x55b9ddc6e75a in qemu_chr_be_write /home/alxndr/Development/qemu/chardev/char.c:195:9
#16 0x55b9ddc77979 in fd_chr_read /home/alxndr/Development/qemu/chardev/char-fd.c:68:9
#17 0x55b9ddcff0e9 in qio_channel_fd_source_dispatch /home/alxndr/Development/qemu/io/channel-watch.c:84:12
#18 0x7f7161eac897 in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4e897)
#19 0x55b9ddebcb84 in glib_pollfds_poll /home/alxndr/Development/qemu/util/main-loop.c:219:9
#20 0x55b9ddebb57d in os_host_main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:242:5
#21 0x55b9ddebb176 in main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:518:11
#22 0x55b9dcb4bd1d in qemu_main_loop /home/alxndr/Development/qemu/softmmu/vl.c:1664:9
#23 0x55b9ddd1629c in main /home/alxndr/Development/qemu/softmmu/main.c:49:5
#24 0x7f7160a5ce0a in __libc_start_main /build/glibc-GwnBeO/glibc-2.30/csu/../csu/libc-start.c:308:16
#25 0x55b9dc49c819 in _start (/home/alxndr/Development/qemu/build/i386-softmmu/qemu-system-i386+0xc9c819)
I can reproduce this in qemu 5.0 built with AddressSanitizer using these qtest commands:
cat << EOF | ./qemu-system-i386 \
-qtest stdio -nographic -monitor none -serial none \
-M pc-q35-5.0
outl 0xcf8 0x8400f841
outl 0xcfc 0xaa215d6d
outl 0x6d30 0x2ef8ffbe
outb 0xb2 0x20
EOF
Please let me know if I can provide any further info.
-Alex
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1878645/+subscriptions
^ permalink raw reply [flat|nested] 98+ messages in thread
* Re: [PATCH v4 01/40] hw/isa: check for current_cpu before generating IRQ
@ 2020-07-01 18:13 ` Philippe Mathieu-Daudé
0 siblings, 0 replies; 98+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-07-01 18:13 UTC (permalink / raw)
To: Alex Bennée
Cc: fam, berrange, Michael S. Tsirkin, Bug 1878645,
richard.henderson, qemu-devel, cota, Igor Mammedov,
Paolo Bonzini, aurelien
On 7/1/20 7:48 PM, Philippe Mathieu-Daudé wrote:
> +MST/Igor for ICH9
>
> On 7/1/20 7:37 PM, Philippe Mathieu-Daudé wrote:
>> On 7/1/20 7:34 PM, Philippe Mathieu-Daudé wrote:
>>> +Paolo
>>>
>>> On 7/1/20 7:09 PM, Alex Bennée wrote:
>>>> Philippe Mathieu-Daudé <philmd@redhat.com> writes:
>>>>> On 7/1/20 6:40 PM, Alex Bennée wrote:
>>>>>> Philippe Mathieu-Daudé <philmd@redhat.com> writes:
>>>>>>
>>>>>>> On 7/1/20 3:56 PM, Alex Bennée wrote:
>>>>>>>> It's possible to trigger this function from qtest/monitor at which
>>>>>>>> point current_cpu won't point at the right place. Check it and
>>>>>>>> fall back to first_cpu if it's NULL.
>>>>>>>>
>>>>>>>> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
>>>>>>>> Cc: Bug 1878645 <1878645@bugs.launchpad.net>
>>>>>>>> ---
>>>>>>>> hw/isa/lpc_ich9.c | 2 +-
>>>>>>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>>>>>>
>>>>>>>> diff --git a/hw/isa/lpc_ich9.c b/hw/isa/lpc_ich9.c
>>>>>>>> index cd6e169d47a..791c878eb0b 100644
>>>>>>>> --- a/hw/isa/lpc_ich9.c
>>>>>>>> +++ b/hw/isa/lpc_ich9.c
>>>>>>>> @@ -439,7 +439,7 @@ static void ich9_apm_ctrl_changed(uint32_t val, void *arg)
>>>>>>>> cpu_interrupt(cs, CPU_INTERRUPT_SMI);
>>>>>>>> }
>>>>>>>> } else {
>>>>>>>> - cpu_interrupt(current_cpu, CPU_INTERRUPT_SMI);
>>>>>>>> + cpu_interrupt(current_cpu ? current_cpu : first_cpu, CPU_INTERRUPT_SMI);
>>>>>>>
>>>>>>> I'm not sure this change anything, as first_cpu is NULL when using
>>>>>>> qtest accelerator or none-machine, see 508b4ecc39 ("gdbstub.c: fix
>>>>>>> GDB connection segfault caused by empty machines").
>>>>>>
>>>>>> Good point - anyway feel free to ignore - it shouldn't have been in this
>>>>>> series. It was just some random experimentation I was doing when looking
>>>>>> at that bug.
>>>>>
>>>>> See commit c781a2cc42 ("hw/i386/vmport: Allow QTest use without
>>>>> crashing") for a similar approach, but here I was thinking about
>>>>> a more generic fix, not very intrusive:
>>>>>
>>>>> -- >8 --
>>>>> diff --git a/hw/isa/apm.c b/hw/isa/apm.c
>>>>> index bce266b957..809afeb3e4 100644
>>>>> --- a/hw/isa/apm.c
>>>>> +++ b/hw/isa/apm.c
>>>>> @@ -40,7 +40,7 @@ static void apm_ioport_writeb(void *opaque, hwaddr
>>>>> addr, uint64_t val,
>>>>> if (addr == 0) {
>>>>> apm->apmc = val;
>>>>>
>>>>> - if (apm->callback) {
>>>>> + if (apm->callback && !qtest_enabled()) {
>>>>> (apm->callback)(val, apm->arg);
>>>>> }
>>>>
>>>> But the other failure mode reported on the bug thread was via the
>>>> monitor - so I'm not sure just checking for qtest catches that.
>>>
>>> Ah indeed.
>>>
>>> in exec.c:
>>>
>>> /* current CPU in the current thread. It is only valid inside
>>> cpu_exec() */
>>> __thread CPUState *current_cpu;
>>>
>>> Maybe we shouldn't use current_cpu out of exec.c...
>>
>> I meant, out of cpu_exec(), a cpu thread. Here we access it
>> from an I/O thread.
Ah! we are in the monitor thread... It makes sense there is not
current_cpu assigned :)
>
> ARM and S390X use:
>
> hw/arm/boot.c:460: ARMCPU *armcpu = ARM_CPU(qemu_get_cpu(0));
> hw/arm/virt.c:331: armcpu = ARM_CPU(qemu_get_cpu(0));
> hw/arm/virt.c:549: armcpu = ARM_CPU(qemu_get_cpu(0));
> hw/cpu/a15mpcore.c:69: cpuobj = OBJECT(qemu_get_cpu(0));
> hw/cpu/a9mpcore.c:76: cpuobj = OBJECT(qemu_get_cpu(0));
> target/s390x/cpu_models.c:155: cpu = S390_CPU(qemu_get_cpu(0));
> target/s390x/cpu_models.c:169: cpu = S390_CPU(qemu_get_cpu(0));
> target/s390x/cpu_models.c:184: cpu = S390_CPU(qemu_get_cpu(0));
> target/s390x/cpu_models.c:204: cpu = S390_CPU(qemu_get_cpu(0));
> target/s390x/cpu_models.c:218: cpu = S390_CPU(qemu_get_cpu(0));
>
> It seems odd that the ICH9 delivers the SMI on a random core.
> Usually the IRQ lines are wired to a particular unit.
>
^ permalink raw reply [flat|nested] 98+ messages in thread
* [Bug 1878645] Re: [PATCH v4 01/40] hw/isa: check for current_cpu before generating IRQ
@ 2020-07-01 18:13 ` Philippe Mathieu-Daudé
0 siblings, 0 replies; 98+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-07-01 18:13 UTC (permalink / raw)
To: qemu-devel
On 7/1/20 7:48 PM, Philippe Mathieu-Daudé wrote:
> +MST/Igor for ICH9
>
> On 7/1/20 7:37 PM, Philippe Mathieu-Daudé wrote:
>> On 7/1/20 7:34 PM, Philippe Mathieu-Daudé wrote:
>>> +Paolo
>>>
>>> On 7/1/20 7:09 PM, Alex Bennée wrote:
>>>> Philippe Mathieu-Daudé <philmd@redhat.com> writes:
>>>>> On 7/1/20 6:40 PM, Alex Bennée wrote:
>>>>>> Philippe Mathieu-Daudé <philmd@redhat.com> writes:
>>>>>>
>>>>>>> On 7/1/20 3:56 PM, Alex Bennée wrote:
>>>>>>>> It's possible to trigger this function from qtest/monitor at which
>>>>>>>> point current_cpu won't point at the right place. Check it and
>>>>>>>> fall back to first_cpu if it's NULL.
>>>>>>>>
>>>>>>>> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
>>>>>>>> Cc: Bug 1878645 <1878645@bugs.launchpad.net>
>>>>>>>> ---
>>>>>>>> hw/isa/lpc_ich9.c | 2 +-
>>>>>>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>>>>>>
>>>>>>>> diff --git a/hw/isa/lpc_ich9.c b/hw/isa/lpc_ich9.c
>>>>>>>> index cd6e169d47a..791c878eb0b 100644
>>>>>>>> --- a/hw/isa/lpc_ich9.c
>>>>>>>> +++ b/hw/isa/lpc_ich9.c
>>>>>>>> @@ -439,7 +439,7 @@ static void ich9_apm_ctrl_changed(uint32_t val, void *arg)
>>>>>>>> cpu_interrupt(cs, CPU_INTERRUPT_SMI);
>>>>>>>> }
>>>>>>>> } else {
>>>>>>>> - cpu_interrupt(current_cpu, CPU_INTERRUPT_SMI);
>>>>>>>> + cpu_interrupt(current_cpu ? current_cpu : first_cpu, CPU_INTERRUPT_SMI);
>>>>>>>
>>>>>>> I'm not sure this change anything, as first_cpu is NULL when using
>>>>>>> qtest accelerator or none-machine, see 508b4ecc39 ("gdbstub.c: fix
>>>>>>> GDB connection segfault caused by empty machines").
>>>>>>
>>>>>> Good point - anyway feel free to ignore - it shouldn't have been in this
>>>>>> series. It was just some random experimentation I was doing when looking
>>>>>> at that bug.
>>>>>
>>>>> See commit c781a2cc42 ("hw/i386/vmport: Allow QTest use without
>>>>> crashing") for a similar approach, but here I was thinking about
>>>>> a more generic fix, not very intrusive:
>>>>>
>>>>> -- >8 --
>>>>> diff --git a/hw/isa/apm.c b/hw/isa/apm.c
>>>>> index bce266b957..809afeb3e4 100644
>>>>> --- a/hw/isa/apm.c
>>>>> +++ b/hw/isa/apm.c
>>>>> @@ -40,7 +40,7 @@ static void apm_ioport_writeb(void *opaque, hwaddr
>>>>> addr, uint64_t val,
>>>>> if (addr == 0) {
>>>>> apm->apmc = val;
>>>>>
>>>>> - if (apm->callback) {
>>>>> + if (apm->callback && !qtest_enabled()) {
>>>>> (apm->callback)(val, apm->arg);
>>>>> }
>>>>
>>>> But the other failure mode reported on the bug thread was via the
>>>> monitor - so I'm not sure just checking for qtest catches that.
>>>
>>> Ah indeed.
>>>
>>> in exec.c:
>>>
>>> /* current CPU in the current thread. It is only valid inside
>>> cpu_exec() */
>>> __thread CPUState *current_cpu;
>>>
>>> Maybe we shouldn't use current_cpu out of exec.c...
>>
>> I meant, out of cpu_exec(), a cpu thread. Here we access it
>> from an I/O thread.
Ah! we are in the monitor thread... It makes sense there is not
current_cpu assigned :)
>
> ARM and S390X use:
>
> hw/arm/boot.c:460: ARMCPU *armcpu = ARM_CPU(qemu_get_cpu(0));
> hw/arm/virt.c:331: armcpu = ARM_CPU(qemu_get_cpu(0));
> hw/arm/virt.c:549: armcpu = ARM_CPU(qemu_get_cpu(0));
> hw/cpu/a15mpcore.c:69: cpuobj = OBJECT(qemu_get_cpu(0));
> hw/cpu/a9mpcore.c:76: cpuobj = OBJECT(qemu_get_cpu(0));
> target/s390x/cpu_models.c:155: cpu = S390_CPU(qemu_get_cpu(0));
> target/s390x/cpu_models.c:169: cpu = S390_CPU(qemu_get_cpu(0));
> target/s390x/cpu_models.c:184: cpu = S390_CPU(qemu_get_cpu(0));
> target/s390x/cpu_models.c:204: cpu = S390_CPU(qemu_get_cpu(0));
> target/s390x/cpu_models.c:218: cpu = S390_CPU(qemu_get_cpu(0));
>
> It seems odd that the ICH9 delivers the SMI on a random core.
> Usually the IRQ lines are wired to a particular unit.
>
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1878645
Title:
null-ptr dereference in ich9_apm_ctrl_changed
Status in QEMU:
New
Bug description:
Hello,
While fuzzing, I found an input which triggers a NULL pointer dereference in
tcg_handle_interrupt. It seems the culprint is a "cpu" pointer - maybe this bug
is specific to QTest?
==23862==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000000b4 (pc 0x55b9dc7c9dce bp 0x7ffc346a0900 sp 0x7ffc346a0880 T0)
==23862==The signal is caused by a READ memory access.
==23862==Hint: address points to the zero page.
#0 0x55b9dc7c9dce in tcg_handle_interrupt /home/alxndr/Development/qemu/accel/tcg/tcg-all.c:57:21
#1 0x55b9dc904799 in cpu_interrupt /home/alxndr/Development/qemu/include/hw/core/cpu.h:872:5
#2 0x55b9dc9085e8 in ich9_apm_ctrl_changed /home/alxndr/Development/qemu/hw/isa/lpc_ich9.c:442:13
#3 0x55b9dd19cdc8 in apm_ioport_writeb /home/alxndr/Development/qemu/hw/isa/apm.c:50:13
#4 0x55b9dc73f8b4 in memory_region_write_accessor /home/alxndr/Development/qemu/memory.c:483:5
#5 0x55b9dc73f289 in access_with_adjusted_size /home/alxndr/Development/qemu/memory.c:544:18
#6 0x55b9dc73ddf5 in memory_region_dispatch_write /home/alxndr/Development/qemu/memory.c:1476:16
#7 0x55b9dc577bf3 in flatview_write_continue /home/alxndr/Development/qemu/exec.c:3137:23
#8 0x55b9dc567ad8 in flatview_write /home/alxndr/Development/qemu/exec.c:3177:14
#9 0x55b9dc567608 in address_space_write /home/alxndr/Development/qemu/exec.c:3268:18
#10 0x55b9dc723fe7 in cpu_outb /home/alxndr/Development/qemu/ioport.c:60:5
#11 0x55b9dc72d3c0 in qtest_process_command /home/alxndr/Development/qemu/qtest.c:392:13
#12 0x55b9dc72b186 in qtest_process_inbuf /home/alxndr/Development/qemu/qtest.c:710:9
#13 0x55b9dc72a8b3 in qtest_read /home/alxndr/Development/qemu/qtest.c:722:5
#14 0x55b9ddc6e60b in qemu_chr_be_write_impl /home/alxndr/Development/qemu/chardev/char.c:183:9
#15 0x55b9ddc6e75a in qemu_chr_be_write /home/alxndr/Development/qemu/chardev/char.c:195:9
#16 0x55b9ddc77979 in fd_chr_read /home/alxndr/Development/qemu/chardev/char-fd.c:68:9
#17 0x55b9ddcff0e9 in qio_channel_fd_source_dispatch /home/alxndr/Development/qemu/io/channel-watch.c:84:12
#18 0x7f7161eac897 in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4e897)
#19 0x55b9ddebcb84 in glib_pollfds_poll /home/alxndr/Development/qemu/util/main-loop.c:219:9
#20 0x55b9ddebb57d in os_host_main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:242:5
#21 0x55b9ddebb176 in main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:518:11
#22 0x55b9dcb4bd1d in qemu_main_loop /home/alxndr/Development/qemu/softmmu/vl.c:1664:9
#23 0x55b9ddd1629c in main /home/alxndr/Development/qemu/softmmu/main.c:49:5
#24 0x7f7160a5ce0a in __libc_start_main /build/glibc-GwnBeO/glibc-2.30/csu/../csu/libc-start.c:308:16
#25 0x55b9dc49c819 in _start (/home/alxndr/Development/qemu/build/i386-softmmu/qemu-system-i386+0xc9c819)
I can reproduce this in qemu 5.0 built with AddressSanitizer using these qtest commands:
cat << EOF | ./qemu-system-i386 \
-qtest stdio -nographic -monitor none -serial none \
-M pc-q35-5.0
outl 0xcf8 0x8400f841
outl 0xcfc 0xaa215d6d
outl 0x6d30 0x2ef8ffbe
outb 0xb2 0x20
EOF
Please let me know if I can provide any further info.
-Alex
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1878645/+subscriptions
^ permalink raw reply [flat|nested] 98+ messages in thread
* [RFC PATCH] cpus: Initialize current_cpu with the first vCPU created
@ 2020-07-01 18:21 ` Philippe Mathieu-Daudé
0 siblings, 0 replies; 98+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-07-01 18:21 UTC (permalink / raw)
To: qemu-devel
Cc: Peter Maydell, Alex Bennée, Alexander Bulekov, Bug 1878645,
Paolo Bonzini, Philippe Mathieu-Daudé,
Richard Henderson
We can run I/O access with the 'i' or 'o' HMP commands in the
monitor. These commands are expected to run on a vCPU. The
monitor is not a vCPU thread. To avoid crashing, initialize
the 'current_cpu' variable with the first vCPU created. The
command executed on the monitor will end using it.
This fixes:
$ cat << EOF| qemu-system-i386 -M q35 -nographic -serial none -monitor stdio
o/4 0xcf8 0x8400f841
o/4 0xcfc 0xaa215d6d
o/4 0x6d30 0x2ef8ffbe
o/1 0xb2 0x20
EOF
Segmentation fault (core dumped)
Thread 1 "qemu-system-i38" received signal SIGSEGV, Segmentation fault.
0x00005555558946c7 in tcg_handle_interrupt (cpu=0x0, mask=64) at accel/tcg/tcg-all.c:57
57 old_mask = cpu->interrupt_request;
(gdb) bt
#0 0x00005555558946c7 in tcg_handle_interrupt (cpu=0x0, mask=64) at accel/tcg/tcg-all.c:57
#1 0x00005555558ed7d2 in cpu_interrupt (cpu=0x0, mask=64) at include/hw/core/cpu.h:877
#2 0x00005555558ee776 in ich9_apm_ctrl_changed (val=32, arg=0x555556e2ff50) at hw/isa/lpc_ich9.c:442
#3 0x0000555555b47f96 in apm_ioport_writeb (opaque=0x555556e308c0, addr=0, val=32, size=1) at hw/isa/apm.c:44
#4 0x0000555555879931 in memory_region_write_accessor (mr=0x555556e308e0, addr=0, value=0x7fffffffb9f8, size=1, shift=0, mask=255, attrs=...) at memory.c:483
#5 0x0000555555879b5a in access_with_adjusted_size (addr=0, value=0x7fffffffb9f8, size=4, access_size_min=1, access_size_max=1, access_fn=
0x55555587984e <memory_region_write_accessor>, mr=0x555556e308e0, attrs=...) at memory.c:544
#6 0x000055555587ca32 in memory_region_dispatch_write (mr=0x555556e308e0, addr=0, data=32, op=MO_32, attrs=...) at memory.c:1465
#7 0x000055555581b7e9 in flatview_write_continue (fv=0x55555698a790, addr=178, attrs=..., ptr=0x7fffffffbb84, len=4, addr1=0, l=4, mr=0x555556e308e0) at exec.c:3198
#8 0x000055555581b92e in flatview_write (fv=0x55555698a790, addr=178, attrs=..., buf=0x7fffffffbb84, len=4) at exec.c:3238
#9 0x000055555581bc81 in address_space_write (as=0x555556441220 <address_space_io>, addr=178, attrs=..., buf=0x7fffffffbb84, len=4) at exec.c:3329
#10 0x0000555555873f08 in cpu_outl (addr=178, val=32) at ioport.c:80
#11 0x000055555598a26a in hmp_ioport_write (mon=0x5555567621b0, qdict=0x555557702600) at monitor/misc.c:937
#12 0x0000555555c9c5a5 in handle_hmp_command (mon=0x5555567621b0, cmdline=0x55555676aae1 "/1 0xb2 0x20") at monitor/hmp.c:1082
#13 0x0000555555c99e02 in monitor_command_cb (opaque=0x5555567621b0, cmdline=0x55555676aae0 "o/1 0xb2 0x20", readline_opaque=0x0) at monitor/hmp.c:47
^
HMP command from monitor
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Buglink: https://bugs.launchpad.net/qemu/+bug/1878645
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
Cc: Bug 1878645 <1878645@bugs.launchpad.net>
RFC because I believe the correct fix is to NOT use current_cpu
out of cpus.c, at least use qemu_get_cpu(0) to get the first vCPU.
---
cpus.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/cpus.c b/cpus.c
index 41d1c5099f..1f6f43d221 100644
--- a/cpus.c
+++ b/cpus.c
@@ -2106,6 +2106,9 @@ void qemu_init_vcpu(CPUState *cpu)
{
MachineState *ms = MACHINE(qdev_get_machine());
+ if (!current_cpu) {
+ current_cpu = cpu;
+ }
cpu->nr_cores = ms->smp.cores;
cpu->nr_threads = ms->smp.threads;
cpu->stopped = true;
--
2.21.3
^ permalink raw reply related [flat|nested] 98+ messages in thread
* [Bug 1878645] [RFC PATCH] cpus: Initialize current_cpu with the first vCPU created
@ 2020-07-01 18:21 ` Philippe Mathieu-Daudé
0 siblings, 0 replies; 98+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-07-01 18:21 UTC (permalink / raw)
To: qemu-devel
We can run I/O access with the 'i' or 'o' HMP commands in the
monitor. These commands are expected to run on a vCPU. The
monitor is not a vCPU thread. To avoid crashing, initialize
the 'current_cpu' variable with the first vCPU created. The
command executed on the monitor will end using it.
This fixes:
$ cat << EOF| qemu-system-i386 -M q35 -nographic -serial none -monitor stdio
o/4 0xcf8 0x8400f841
o/4 0xcfc 0xaa215d6d
o/4 0x6d30 0x2ef8ffbe
o/1 0xb2 0x20
EOF
Segmentation fault (core dumped)
Thread 1 "qemu-system-i38" received signal SIGSEGV, Segmentation fault.
0x00005555558946c7 in tcg_handle_interrupt (cpu=0x0, mask=64) at accel/tcg/tcg-all.c:57
57 old_mask = cpu->interrupt_request;
(gdb) bt
#0 0x00005555558946c7 in tcg_handle_interrupt (cpu=0x0, mask=64) at accel/tcg/tcg-all.c:57
#1 0x00005555558ed7d2 in cpu_interrupt (cpu=0x0, mask=64) at include/hw/core/cpu.h:877
#2 0x00005555558ee776 in ich9_apm_ctrl_changed (val=32, arg=0x555556e2ff50) at hw/isa/lpc_ich9.c:442
#3 0x0000555555b47f96 in apm_ioport_writeb (opaque=0x555556e308c0, addr=0, val=32, size=1) at hw/isa/apm.c:44
#4 0x0000555555879931 in memory_region_write_accessor (mr=0x555556e308e0, addr=0, value=0x7fffffffb9f8, size=1, shift=0, mask=255, attrs=...) at memory.c:483
#5 0x0000555555879b5a in access_with_adjusted_size (addr=0, value=0x7fffffffb9f8, size=4, access_size_min=1, access_size_max=1, access_fn=
0x55555587984e <memory_region_write_accessor>, mr=0x555556e308e0, attrs=...) at memory.c:544
#6 0x000055555587ca32 in memory_region_dispatch_write (mr=0x555556e308e0, addr=0, data=32, op=MO_32, attrs=...) at memory.c:1465
#7 0x000055555581b7e9 in flatview_write_continue (fv=0x55555698a790, addr=178, attrs=..., ptr=0x7fffffffbb84, len=4, addr1=0, l=4, mr=0x555556e308e0) at exec.c:3198
#8 0x000055555581b92e in flatview_write (fv=0x55555698a790, addr=178, attrs=..., buf=0x7fffffffbb84, len=4) at exec.c:3238
#9 0x000055555581bc81 in address_space_write (as=0x555556441220 <address_space_io>, addr=178, attrs=..., buf=0x7fffffffbb84, len=4) at exec.c:3329
#10 0x0000555555873f08 in cpu_outl (addr=178, val=32) at ioport.c:80
#11 0x000055555598a26a in hmp_ioport_write (mon=0x5555567621b0, qdict=0x555557702600) at monitor/misc.c:937
#12 0x0000555555c9c5a5 in handle_hmp_command (mon=0x5555567621b0, cmdline=0x55555676aae1 "/1 0xb2 0x20") at monitor/hmp.c:1082
#13 0x0000555555c99e02 in monitor_command_cb (opaque=0x5555567621b0, cmdline=0x55555676aae0 "o/1 0xb2 0x20", readline_opaque=0x0) at monitor/hmp.c:47
^
HMP command from monitor
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Buglink: https://bugs.launchpad.net/qemu/+bug/1878645
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
Cc: Bug 1878645 <1878645@bugs.launchpad.net>
RFC because I believe the correct fix is to NOT use current_cpu
out of cpus.c, at least use qemu_get_cpu(0) to get the first vCPU.
---
cpus.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/cpus.c b/cpus.c
index 41d1c5099f..1f6f43d221 100644
--- a/cpus.c
+++ b/cpus.c
@@ -2106,6 +2106,9 @@ void qemu_init_vcpu(CPUState *cpu)
{
MachineState *ms = MACHINE(qdev_get_machine());
+ if (!current_cpu) {
+ current_cpu = cpu;
+ }
cpu->nr_cores = ms->smp.cores;
cpu->nr_threads = ms->smp.threads;
cpu->stopped = true;
--
2.21.3
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1878645
Title:
null-ptr dereference in ich9_apm_ctrl_changed
Status in QEMU:
New
Bug description:
Hello,
While fuzzing, I found an input which triggers a NULL pointer dereference in
tcg_handle_interrupt. It seems the culprint is a "cpu" pointer - maybe this bug
is specific to QTest?
==23862==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000000b4 (pc 0x55b9dc7c9dce bp 0x7ffc346a0900 sp 0x7ffc346a0880 T0)
==23862==The signal is caused by a READ memory access.
==23862==Hint: address points to the zero page.
#0 0x55b9dc7c9dce in tcg_handle_interrupt /home/alxndr/Development/qemu/accel/tcg/tcg-all.c:57:21
#1 0x55b9dc904799 in cpu_interrupt /home/alxndr/Development/qemu/include/hw/core/cpu.h:872:5
#2 0x55b9dc9085e8 in ich9_apm_ctrl_changed /home/alxndr/Development/qemu/hw/isa/lpc_ich9.c:442:13
#3 0x55b9dd19cdc8 in apm_ioport_writeb /home/alxndr/Development/qemu/hw/isa/apm.c:50:13
#4 0x55b9dc73f8b4 in memory_region_write_accessor /home/alxndr/Development/qemu/memory.c:483:5
#5 0x55b9dc73f289 in access_with_adjusted_size /home/alxndr/Development/qemu/memory.c:544:18
#6 0x55b9dc73ddf5 in memory_region_dispatch_write /home/alxndr/Development/qemu/memory.c:1476:16
#7 0x55b9dc577bf3 in flatview_write_continue /home/alxndr/Development/qemu/exec.c:3137:23
#8 0x55b9dc567ad8 in flatview_write /home/alxndr/Development/qemu/exec.c:3177:14
#9 0x55b9dc567608 in address_space_write /home/alxndr/Development/qemu/exec.c:3268:18
#10 0x55b9dc723fe7 in cpu_outb /home/alxndr/Development/qemu/ioport.c:60:5
#11 0x55b9dc72d3c0 in qtest_process_command /home/alxndr/Development/qemu/qtest.c:392:13
#12 0x55b9dc72b186 in qtest_process_inbuf /home/alxndr/Development/qemu/qtest.c:710:9
#13 0x55b9dc72a8b3 in qtest_read /home/alxndr/Development/qemu/qtest.c:722:5
#14 0x55b9ddc6e60b in qemu_chr_be_write_impl /home/alxndr/Development/qemu/chardev/char.c:183:9
#15 0x55b9ddc6e75a in qemu_chr_be_write /home/alxndr/Development/qemu/chardev/char.c:195:9
#16 0x55b9ddc77979 in fd_chr_read /home/alxndr/Development/qemu/chardev/char-fd.c:68:9
#17 0x55b9ddcff0e9 in qio_channel_fd_source_dispatch /home/alxndr/Development/qemu/io/channel-watch.c:84:12
#18 0x7f7161eac897 in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4e897)
#19 0x55b9ddebcb84 in glib_pollfds_poll /home/alxndr/Development/qemu/util/main-loop.c:219:9
#20 0x55b9ddebb57d in os_host_main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:242:5
#21 0x55b9ddebb176 in main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:518:11
#22 0x55b9dcb4bd1d in qemu_main_loop /home/alxndr/Development/qemu/softmmu/vl.c:1664:9
#23 0x55b9ddd1629c in main /home/alxndr/Development/qemu/softmmu/main.c:49:5
#24 0x7f7160a5ce0a in __libc_start_main /build/glibc-GwnBeO/glibc-2.30/csu/../csu/libc-start.c:308:16
#25 0x55b9dc49c819 in _start (/home/alxndr/Development/qemu/build/i386-softmmu/qemu-system-i386+0xc9c819)
I can reproduce this in qemu 5.0 built with AddressSanitizer using these qtest commands:
cat << EOF | ./qemu-system-i386 \
-qtest stdio -nographic -monitor none -serial none \
-M pc-q35-5.0
outl 0xcf8 0x8400f841
outl 0xcfc 0xaa215d6d
outl 0x6d30 0x2ef8ffbe
outb 0xb2 0x20
EOF
Please let me know if I can provide any further info.
-Alex
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1878645/+subscriptions
^ permalink raw reply related [flat|nested] 98+ messages in thread
* Re: [RFC PATCH] cpus: Initialize current_cpu with the first vCPU created
@ 2020-07-01 18:54 ` Alexander Bulekov
0 siblings, 0 replies; 98+ messages in thread
From: Alexander Bulekov @ 2020-07-01 18:54 UTC (permalink / raw)
To: Philippe Mathieu-Daudé
Cc: Peter Maydell, Bug 1878645, qemu-devel, Paolo Bonzini,
Alex Bennée, Richard Henderson
On 200701 2021, Philippe Mathieu-Daudé wrote:
> We can run I/O access with the 'i' or 'o' HMP commands in the
> monitor. These commands are expected to run on a vCPU. The
> monitor is not a vCPU thread. To avoid crashing, initialize
> the 'current_cpu' variable with the first vCPU created. The
> command executed on the monitor will end using it.
>
> This fixes:
>
> $ cat << EOF| qemu-system-i386 -M q35 -nographic -serial none -monitor stdio
> o/4 0xcf8 0x8400f841
> o/4 0xcfc 0xaa215d6d
> o/4 0x6d30 0x2ef8ffbe
> o/1 0xb2 0x20
> EOF
> Segmentation fault (core dumped)
>
> Thread 1 "qemu-system-i38" received signal SIGSEGV, Segmentation fault.
> 0x00005555558946c7 in tcg_handle_interrupt (cpu=0x0, mask=64) at accel/tcg/tcg-all.c:57
> 57 old_mask = cpu->interrupt_request;
> (gdb) bt
> #0 0x00005555558946c7 in tcg_handle_interrupt (cpu=0x0, mask=64) at accel/tcg/tcg-all.c:57
> #1 0x00005555558ed7d2 in cpu_interrupt (cpu=0x0, mask=64) at include/hw/core/cpu.h:877
> #2 0x00005555558ee776 in ich9_apm_ctrl_changed (val=32, arg=0x555556e2ff50) at hw/isa/lpc_ich9.c:442
> #3 0x0000555555b47f96 in apm_ioport_writeb (opaque=0x555556e308c0, addr=0, val=32, size=1) at hw/isa/apm.c:44
> #4 0x0000555555879931 in memory_region_write_accessor (mr=0x555556e308e0, addr=0, value=0x7fffffffb9f8, size=1, shift=0, mask=255, attrs=...) at memory.c:483
> #5 0x0000555555879b5a in access_with_adjusted_size (addr=0, value=0x7fffffffb9f8, size=4, access_size_min=1, access_size_max=1, access_fn=
> 0x55555587984e <memory_region_write_accessor>, mr=0x555556e308e0, attrs=...) at memory.c:544
> #6 0x000055555587ca32 in memory_region_dispatch_write (mr=0x555556e308e0, addr=0, data=32, op=MO_32, attrs=...) at memory.c:1465
> #7 0x000055555581b7e9 in flatview_write_continue (fv=0x55555698a790, addr=178, attrs=..., ptr=0x7fffffffbb84, len=4, addr1=0, l=4, mr=0x555556e308e0) at exec.c:3198
> #8 0x000055555581b92e in flatview_write (fv=0x55555698a790, addr=178, attrs=..., buf=0x7fffffffbb84, len=4) at exec.c:3238
> #9 0x000055555581bc81 in address_space_write (as=0x555556441220 <address_space_io>, addr=178, attrs=..., buf=0x7fffffffbb84, len=4) at exec.c:3329
> #10 0x0000555555873f08 in cpu_outl (addr=178, val=32) at ioport.c:80
> #11 0x000055555598a26a in hmp_ioport_write (mon=0x5555567621b0, qdict=0x555557702600) at monitor/misc.c:937
> #12 0x0000555555c9c5a5 in handle_hmp_command (mon=0x5555567621b0, cmdline=0x55555676aae1 "/1 0xb2 0x20") at monitor/hmp.c:1082
> #13 0x0000555555c99e02 in monitor_command_cb (opaque=0x5555567621b0, cmdline=0x55555676aae0 "o/1 0xb2 0x20", readline_opaque=0x0) at monitor/hmp.c:47
> ^
> HMP command from monitor
>
> Reported-by: Alexander Bulekov <alxndr@bu.edu>
> Buglink: https://bugs.launchpad.net/qemu/+bug/1878645
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
> Cc: Bug 1878645 <1878645@bugs.launchpad.net>
>
> RFC because I believe the correct fix is to NOT use current_cpu
> out of cpus.c, at least use qemu_get_cpu(0) to get the first vCPU.
> ---
> cpus.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/cpus.c b/cpus.c
> index 41d1c5099f..1f6f43d221 100644
> --- a/cpus.c
> +++ b/cpus.c
> @@ -2106,6 +2106,9 @@ void qemu_init_vcpu(CPUState *cpu)
> {
> MachineState *ms = MACHINE(qdev_get_machine());
>
> + if (!current_cpu) {
> + current_cpu = cpu;
> + }
Seems like a neat solution.
is it fair to assume that qemu_init_vcpu is called before any threads
that can do I/O are created? I confirmed that the qtest and hmp crashes
are avoided.
-Alex
> cpu->nr_cores = ms->smp.cores;
> cpu->nr_threads = ms->smp.threads;
> cpu->stopped = true;
> --
> 2.21.3
>
^ permalink raw reply [flat|nested] 98+ messages in thread
* [Bug 1878645] Re: [RFC PATCH] cpus: Initialize current_cpu with the first vCPU created
@ 2020-07-01 18:54 ` Alexander Bulekov
0 siblings, 0 replies; 98+ messages in thread
From: Alexander Bulekov @ 2020-07-01 18:54 UTC (permalink / raw)
To: qemu-devel
On 200701 2021, Philippe Mathieu-Daudé wrote:
> We can run I/O access with the 'i' or 'o' HMP commands in the
> monitor. These commands are expected to run on a vCPU. The
> monitor is not a vCPU thread. To avoid crashing, initialize
> the 'current_cpu' variable with the first vCPU created. The
> command executed on the monitor will end using it.
>
> This fixes:
>
> $ cat << EOF| qemu-system-i386 -M q35 -nographic -serial none -monitor stdio
> o/4 0xcf8 0x8400f841
> o/4 0xcfc 0xaa215d6d
> o/4 0x6d30 0x2ef8ffbe
> o/1 0xb2 0x20
> EOF
> Segmentation fault (core dumped)
>
> Thread 1 "qemu-system-i38" received signal SIGSEGV, Segmentation fault.
> 0x00005555558946c7 in tcg_handle_interrupt (cpu=0x0, mask=64) at accel/tcg/tcg-all.c:57
> 57 old_mask = cpu->interrupt_request;
> (gdb) bt
> #0 0x00005555558946c7 in tcg_handle_interrupt (cpu=0x0, mask=64) at accel/tcg/tcg-all.c:57
> #1 0x00005555558ed7d2 in cpu_interrupt (cpu=0x0, mask=64) at include/hw/core/cpu.h:877
> #2 0x00005555558ee776 in ich9_apm_ctrl_changed (val=32, arg=0x555556e2ff50) at hw/isa/lpc_ich9.c:442
> #3 0x0000555555b47f96 in apm_ioport_writeb (opaque=0x555556e308c0, addr=0, val=32, size=1) at hw/isa/apm.c:44
> #4 0x0000555555879931 in memory_region_write_accessor (mr=0x555556e308e0, addr=0, value=0x7fffffffb9f8, size=1, shift=0, mask=255, attrs=...) at memory.c:483
> #5 0x0000555555879b5a in access_with_adjusted_size (addr=0, value=0x7fffffffb9f8, size=4, access_size_min=1, access_size_max=1, access_fn=
> 0x55555587984e <memory_region_write_accessor>, mr=0x555556e308e0, attrs=...) at memory.c:544
> #6 0x000055555587ca32 in memory_region_dispatch_write (mr=0x555556e308e0, addr=0, data=32, op=MO_32, attrs=...) at memory.c:1465
> #7 0x000055555581b7e9 in flatview_write_continue (fv=0x55555698a790, addr=178, attrs=..., ptr=0x7fffffffbb84, len=4, addr1=0, l=4, mr=0x555556e308e0) at exec.c:3198
> #8 0x000055555581b92e in flatview_write (fv=0x55555698a790, addr=178, attrs=..., buf=0x7fffffffbb84, len=4) at exec.c:3238
> #9 0x000055555581bc81 in address_space_write (as=0x555556441220 <address_space_io>, addr=178, attrs=..., buf=0x7fffffffbb84, len=4) at exec.c:3329
> #10 0x0000555555873f08 in cpu_outl (addr=178, val=32) at ioport.c:80
> #11 0x000055555598a26a in hmp_ioport_write (mon=0x5555567621b0, qdict=0x555557702600) at monitor/misc.c:937
> #12 0x0000555555c9c5a5 in handle_hmp_command (mon=0x5555567621b0, cmdline=0x55555676aae1 "/1 0xb2 0x20") at monitor/hmp.c:1082
> #13 0x0000555555c99e02 in monitor_command_cb (opaque=0x5555567621b0, cmdline=0x55555676aae0 "o/1 0xb2 0x20", readline_opaque=0x0) at monitor/hmp.c:47
> ^
> HMP command from monitor
>
> Reported-by: Alexander Bulekov <alxndr@bu.edu>
> Buglink: https://bugs.launchpad.net/qemu/+bug/1878645
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
> Cc: Bug 1878645 <1878645@bugs.launchpad.net>
>
> RFC because I believe the correct fix is to NOT use current_cpu
> out of cpus.c, at least use qemu_get_cpu(0) to get the first vCPU.
> ---
> cpus.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/cpus.c b/cpus.c
> index 41d1c5099f..1f6f43d221 100644
> --- a/cpus.c
> +++ b/cpus.c
> @@ -2106,6 +2106,9 @@ void qemu_init_vcpu(CPUState *cpu)
> {
> MachineState *ms = MACHINE(qdev_get_machine());
>
> + if (!current_cpu) {
> + current_cpu = cpu;
> + }
Seems like a neat solution.
is it fair to assume that qemu_init_vcpu is called before any threads
that can do I/O are created? I confirmed that the qtest and hmp crashes
are avoided.
-Alex
> cpu->nr_cores = ms->smp.cores;
> cpu->nr_threads = ms->smp.threads;
> cpu->stopped = true;
> --
> 2.21.3
>
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1878645
Title:
null-ptr dereference in ich9_apm_ctrl_changed
Status in QEMU:
New
Bug description:
Hello,
While fuzzing, I found an input which triggers a NULL pointer dereference in
tcg_handle_interrupt. It seems the culprint is a "cpu" pointer - maybe this bug
is specific to QTest?
==23862==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000000b4 (pc 0x55b9dc7c9dce bp 0x7ffc346a0900 sp 0x7ffc346a0880 T0)
==23862==The signal is caused by a READ memory access.
==23862==Hint: address points to the zero page.
#0 0x55b9dc7c9dce in tcg_handle_interrupt /home/alxndr/Development/qemu/accel/tcg/tcg-all.c:57:21
#1 0x55b9dc904799 in cpu_interrupt /home/alxndr/Development/qemu/include/hw/core/cpu.h:872:5
#2 0x55b9dc9085e8 in ich9_apm_ctrl_changed /home/alxndr/Development/qemu/hw/isa/lpc_ich9.c:442:13
#3 0x55b9dd19cdc8 in apm_ioport_writeb /home/alxndr/Development/qemu/hw/isa/apm.c:50:13
#4 0x55b9dc73f8b4 in memory_region_write_accessor /home/alxndr/Development/qemu/memory.c:483:5
#5 0x55b9dc73f289 in access_with_adjusted_size /home/alxndr/Development/qemu/memory.c:544:18
#6 0x55b9dc73ddf5 in memory_region_dispatch_write /home/alxndr/Development/qemu/memory.c:1476:16
#7 0x55b9dc577bf3 in flatview_write_continue /home/alxndr/Development/qemu/exec.c:3137:23
#8 0x55b9dc567ad8 in flatview_write /home/alxndr/Development/qemu/exec.c:3177:14
#9 0x55b9dc567608 in address_space_write /home/alxndr/Development/qemu/exec.c:3268:18
#10 0x55b9dc723fe7 in cpu_outb /home/alxndr/Development/qemu/ioport.c:60:5
#11 0x55b9dc72d3c0 in qtest_process_command /home/alxndr/Development/qemu/qtest.c:392:13
#12 0x55b9dc72b186 in qtest_process_inbuf /home/alxndr/Development/qemu/qtest.c:710:9
#13 0x55b9dc72a8b3 in qtest_read /home/alxndr/Development/qemu/qtest.c:722:5
#14 0x55b9ddc6e60b in qemu_chr_be_write_impl /home/alxndr/Development/qemu/chardev/char.c:183:9
#15 0x55b9ddc6e75a in qemu_chr_be_write /home/alxndr/Development/qemu/chardev/char.c:195:9
#16 0x55b9ddc77979 in fd_chr_read /home/alxndr/Development/qemu/chardev/char-fd.c:68:9
#17 0x55b9ddcff0e9 in qio_channel_fd_source_dispatch /home/alxndr/Development/qemu/io/channel-watch.c:84:12
#18 0x7f7161eac897 in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4e897)
#19 0x55b9ddebcb84 in glib_pollfds_poll /home/alxndr/Development/qemu/util/main-loop.c:219:9
#20 0x55b9ddebb57d in os_host_main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:242:5
#21 0x55b9ddebb176 in main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:518:11
#22 0x55b9dcb4bd1d in qemu_main_loop /home/alxndr/Development/qemu/softmmu/vl.c:1664:9
#23 0x55b9ddd1629c in main /home/alxndr/Development/qemu/softmmu/main.c:49:5
#24 0x7f7160a5ce0a in __libc_start_main /build/glibc-GwnBeO/glibc-2.30/csu/../csu/libc-start.c:308:16
#25 0x55b9dc49c819 in _start (/home/alxndr/Development/qemu/build/i386-softmmu/qemu-system-i386+0xc9c819)
I can reproduce this in qemu 5.0 built with AddressSanitizer using these qtest commands:
cat << EOF | ./qemu-system-i386 \
-qtest stdio -nographic -monitor none -serial none \
-M pc-q35-5.0
outl 0xcf8 0x8400f841
outl 0xcfc 0xaa215d6d
outl 0x6d30 0x2ef8ffbe
outb 0xb2 0x20
EOF
Please let me know if I can provide any further info.
-Alex
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1878645/+subscriptions
^ permalink raw reply [flat|nested] 98+ messages in thread
* Re: [RFC PATCH] cpus: Initialize current_cpu with the first vCPU created
@ 2020-07-01 20:35 ` Peter Maydell
0 siblings, 0 replies; 98+ messages in thread
From: Peter Maydell @ 2020-07-01 20:35 UTC (permalink / raw)
To: Philippe Mathieu-Daudé
Cc: Bug 1878645, QEMU Developers, Alexander Bulekov, Paolo Bonzini,
Alex Bennée, Richard Henderson
On Wed, 1 Jul 2020 at 19:21, Philippe Mathieu-Daudé <philmd@redhat.com> wrote:
>
> We can run I/O access with the 'i' or 'o' HMP commands in the
> monitor. These commands are expected to run on a vCPU. The
> monitor is not a vCPU thread. To avoid crashing, initialize
> the 'current_cpu' variable with the first vCPU created. The
> command executed on the monitor will end using it.
>
> RFC because I believe the correct fix is to NOT use current_cpu
> out of cpus.c, at least use qemu_get_cpu(0) to get the first vCPU.
Yes, I agree -- I don't think this is the correct fix.
current_cpu is documented as "only valid inside cpu_exec()",
ie if you're actually on a vcpu thread you can use it, but if
you're not on a CPU thread, like the monitor, you need to
say which vCPU you want to affect. For the monitor, that
would be the current "default cpu" as set by the "cpu"
command (cf monitor_set_cpu()). The bug here will be that
somewhere along the line we are probably missing plumbing
sufficient to pass down "which CPU do we want".
https://bugs.launchpad.net/qemu/+bug/1602247 is a bug of
a similar nature -- if the gdbstub does a memory access
we know which CPU we're trying to do that memory access as,
but it doesn't get plumbed through and so in the Arm GIC
register read/write function that looks at current_cpu
we get a segfault.
One way to fix this would be to do something akin to how
real hardware works -- encode into the MemTxAttrs an
indication of what the transaction master was (eg the
CPU number for CPUs); then the handful of devices that
care about which CPU was doing the transaction can use
that, rather than directly looking at current_cpu, and
when gdbstub or monitor perform an access that should
act like it's from a particular CPU they can indicate
that by supplying appropriate transaction attributes.
That would potentially be quite a bit of work though
(but I think it would be a neat design if we want to
try to fix this kind of "segfault if the user prods
a device via the monitor" bug).
+ if (!current_cpu) {
+ current_cpu = cpu;
+ }
Some more specific issues with this -- current_cpu is
a thread-local variable, so this will set that for
whatever thread happens to make this call, which
might or might not be the one that ends up handling
the monitor command. Also some code assumes that
current_cpu is non-NULL only if this is a vCPU thread,
eg sigbus_handler().
thanks
-- PMM
^ permalink raw reply [flat|nested] 98+ messages in thread
* [Bug 1878645] Re: [RFC PATCH] cpus: Initialize current_cpu with the first vCPU created
@ 2020-07-01 20:35 ` Peter Maydell
0 siblings, 0 replies; 98+ messages in thread
From: Peter Maydell @ 2020-07-01 20:35 UTC (permalink / raw)
To: qemu-devel
On Wed, 1 Jul 2020 at 19:21, Philippe Mathieu-Daudé <philmd@redhat.com> wrote:
>
> We can run I/O access with the 'i' or 'o' HMP commands in the
> monitor. These commands are expected to run on a vCPU. The
> monitor is not a vCPU thread. To avoid crashing, initialize
> the 'current_cpu' variable with the first vCPU created. The
> command executed on the monitor will end using it.
>
> RFC because I believe the correct fix is to NOT use current_cpu
> out of cpus.c, at least use qemu_get_cpu(0) to get the first vCPU.
Yes, I agree -- I don't think this is the correct fix.
current_cpu is documented as "only valid inside cpu_exec()",
ie if you're actually on a vcpu thread you can use it, but if
you're not on a CPU thread, like the monitor, you need to
say which vCPU you want to affect. For the monitor, that
would be the current "default cpu" as set by the "cpu"
command (cf monitor_set_cpu()). The bug here will be that
somewhere along the line we are probably missing plumbing
sufficient to pass down "which CPU do we want".
https://bugs.launchpad.net/qemu/+bug/1602247 is a bug of
a similar nature -- if the gdbstub does a memory access
we know which CPU we're trying to do that memory access as,
but it doesn't get plumbed through and so in the Arm GIC
register read/write function that looks at current_cpu
we get a segfault.
One way to fix this would be to do something akin to how
real hardware works -- encode into the MemTxAttrs an
indication of what the transaction master was (eg the
CPU number for CPUs); then the handful of devices that
care about which CPU was doing the transaction can use
that, rather than directly looking at current_cpu, and
when gdbstub or monitor perform an access that should
act like it's from a particular CPU they can indicate
that by supplying appropriate transaction attributes.
That would potentially be quite a bit of work though
(but I think it would be a neat design if we want to
try to fix this kind of "segfault if the user prods
a device via the monitor" bug).
+ if (!current_cpu) {
+ current_cpu = cpu;
+ }
Some more specific issues with this -- current_cpu is
a thread-local variable, so this will set that for
whatever thread happens to make this call, which
might or might not be the one that ends up handling
the monitor command. Also some code assumes that
current_cpu is non-NULL only if this is a vCPU thread,
eg sigbus_handler().
thanks
-- PMM
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1878645
Title:
null-ptr dereference in ich9_apm_ctrl_changed
Status in QEMU:
New
Bug description:
Hello,
While fuzzing, I found an input which triggers a NULL pointer dereference in
tcg_handle_interrupt. It seems the culprint is a "cpu" pointer - maybe this bug
is specific to QTest?
==23862==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000000b4 (pc 0x55b9dc7c9dce bp 0x7ffc346a0900 sp 0x7ffc346a0880 T0)
==23862==The signal is caused by a READ memory access.
==23862==Hint: address points to the zero page.
#0 0x55b9dc7c9dce in tcg_handle_interrupt /home/alxndr/Development/qemu/accel/tcg/tcg-all.c:57:21
#1 0x55b9dc904799 in cpu_interrupt /home/alxndr/Development/qemu/include/hw/core/cpu.h:872:5
#2 0x55b9dc9085e8 in ich9_apm_ctrl_changed /home/alxndr/Development/qemu/hw/isa/lpc_ich9.c:442:13
#3 0x55b9dd19cdc8 in apm_ioport_writeb /home/alxndr/Development/qemu/hw/isa/apm.c:50:13
#4 0x55b9dc73f8b4 in memory_region_write_accessor /home/alxndr/Development/qemu/memory.c:483:5
#5 0x55b9dc73f289 in access_with_adjusted_size /home/alxndr/Development/qemu/memory.c:544:18
#6 0x55b9dc73ddf5 in memory_region_dispatch_write /home/alxndr/Development/qemu/memory.c:1476:16
#7 0x55b9dc577bf3 in flatview_write_continue /home/alxndr/Development/qemu/exec.c:3137:23
#8 0x55b9dc567ad8 in flatview_write /home/alxndr/Development/qemu/exec.c:3177:14
#9 0x55b9dc567608 in address_space_write /home/alxndr/Development/qemu/exec.c:3268:18
#10 0x55b9dc723fe7 in cpu_outb /home/alxndr/Development/qemu/ioport.c:60:5
#11 0x55b9dc72d3c0 in qtest_process_command /home/alxndr/Development/qemu/qtest.c:392:13
#12 0x55b9dc72b186 in qtest_process_inbuf /home/alxndr/Development/qemu/qtest.c:710:9
#13 0x55b9dc72a8b3 in qtest_read /home/alxndr/Development/qemu/qtest.c:722:5
#14 0x55b9ddc6e60b in qemu_chr_be_write_impl /home/alxndr/Development/qemu/chardev/char.c:183:9
#15 0x55b9ddc6e75a in qemu_chr_be_write /home/alxndr/Development/qemu/chardev/char.c:195:9
#16 0x55b9ddc77979 in fd_chr_read /home/alxndr/Development/qemu/chardev/char-fd.c:68:9
#17 0x55b9ddcff0e9 in qio_channel_fd_source_dispatch /home/alxndr/Development/qemu/io/channel-watch.c:84:12
#18 0x7f7161eac897 in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4e897)
#19 0x55b9ddebcb84 in glib_pollfds_poll /home/alxndr/Development/qemu/util/main-loop.c:219:9
#20 0x55b9ddebb57d in os_host_main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:242:5
#21 0x55b9ddebb176 in main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:518:11
#22 0x55b9dcb4bd1d in qemu_main_loop /home/alxndr/Development/qemu/softmmu/vl.c:1664:9
#23 0x55b9ddd1629c in main /home/alxndr/Development/qemu/softmmu/main.c:49:5
#24 0x7f7160a5ce0a in __libc_start_main /build/glibc-GwnBeO/glibc-2.30/csu/../csu/libc-start.c:308:16
#25 0x55b9dc49c819 in _start (/home/alxndr/Development/qemu/build/i386-softmmu/qemu-system-i386+0xc9c819)
I can reproduce this in qemu 5.0 built with AddressSanitizer using these qtest commands:
cat << EOF | ./qemu-system-i386 \
-qtest stdio -nographic -monitor none -serial none \
-M pc-q35-5.0
outl 0xcf8 0x8400f841
outl 0xcfc 0xaa215d6d
outl 0x6d30 0x2ef8ffbe
outb 0xb2 0x20
EOF
Please let me know if I can provide any further info.
-Alex
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1878645/+subscriptions
^ permalink raw reply [flat|nested] 98+ messages in thread
* Re: [PATCH v4 28/40] tests/acceptance: skip multicore mips_malta tests on GitLab
2020-07-01 13:56 ` [PATCH v4 28/40] tests/acceptance: skip multicore mips_malta tests on GitLab Alex Bennée
2020-07-01 15:56 ` Philippe Mathieu-Daudé
@ 2020-07-02 1:05 ` Aleksandar Markovic
2020-07-02 7:46 ` Alex Bennée
1 sibling, 1 reply; 98+ messages in thread
From: Aleksandar Markovic @ 2020-07-02 1:05 UTC (permalink / raw)
To: Alex Bennée
Cc: Fam Zheng, Aleksandar Rikalo, Daniel P. Berrangé,
Philippe Mathieu-Daudé,
Richard Henderson, QEMU Developers, Wainer dos Santos Moschetta,
Philippe Mathieu-Daudé,
Emilio G . Cota, Cleber Rosa, Aurelien Jarno
On Wed, Jul 1, 2020 at 4:03 PM Alex Bennée <alex.bennee@linaro.org> wrote:
>
> For some reason these tests fail all the time on GitLab. I can
> re-create the hang around 3% of the time locally but it doesn't seem
> to be MTTCG related. For now skipIf on GITLAB_CI.
>
> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
> Cc: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
> ---
Alex,
Thanks for having this test at all. I will review its content, but
here is my stupid question:
How can I, as a regular developer, repro the test in question? I am
not familiar with GitLab at all.
Thanks,
Aleksandar
> tests/acceptance/machine_mips_malta.py | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/tests/acceptance/machine_mips_malta.py b/tests/acceptance/machine_mips_malta.py
> index 92b4f28a112..7c9a4ee4d2d 100644
> --- a/tests/acceptance/machine_mips_malta.py
> +++ b/tests/acceptance/machine_mips_malta.py
> @@ -15,6 +15,7 @@ from avocado import skipUnless
> from avocado_qemu import Test
> from avocado_qemu import wait_for_console_pattern
> from avocado.utils import archive
> +from avocado import skipIf
>
>
> NUMPY_AVAILABLE = True
> @@ -99,6 +100,7 @@ class MaltaMachineFramebuffer(Test):
> """
> self.do_test_i6400_framebuffer_logo(1)
>
> + @skipIf(os.getenv('GITLAB_CI'), 'Running on GitLab')
> def test_mips_malta_i6400_framebuffer_logo_7cores(self):
> """
> :avocado: tags=arch:mips64el
> @@ -108,6 +110,7 @@ class MaltaMachineFramebuffer(Test):
> """
> self.do_test_i6400_framebuffer_logo(7)
>
> + @skipIf(os.getenv('GITLAB_CI'), 'Running on GitLab')
> def test_mips_malta_i6400_framebuffer_logo_8cores(self):
> """
> :avocado: tags=arch:mips64el
> --
> 2.20.1
>
^ permalink raw reply [flat|nested] 98+ messages in thread
* Re: [PATCH v4 28/40] tests/acceptance: skip multicore mips_malta tests on GitLab
2020-07-01 17:01 ` Philippe Mathieu-Daudé
@ 2020-07-02 3:06 ` Jiaxun Yang
0 siblings, 0 replies; 98+ messages in thread
From: Jiaxun Yang @ 2020-07-02 3:06 UTC (permalink / raw)
To: Philippe Mathieu-Daudé, Alex Bennée
Cc: fam, Aleksandar Rikalo, berrange, richard.henderson, qemu-devel,
Wainer dos Santos Moschetta, Aleksandar Markovic, cota,
Cleber Rosa, Philippe Mathieu-Daudé,
aurelien
在 2020/7/2 1:01, Philippe Mathieu-Daudé 写道:
> On 7/1/20 6:43 PM, Alex Bennée wrote:
>> Philippe Mathieu-Daudé <f4bug@amsat.org> writes:
>>
>>> On 7/1/20 3:56 PM, Alex Bennée wrote:
>>>> For some reason these tests fail all the time on GitLab. I can
>>>> re-create the hang around 3% of the time locally but it doesn't seem
>>>> to be MTTCG related. For now skipIf on GITLAB_CI.
>>>>
>>>> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
>>>> Cc: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
>>>> ---
>>>> tests/acceptance/machine_mips_malta.py | 3 +++
>>>> 1 file changed, 3 insertions(+)
>>>>
>>>> diff --git a/tests/acceptance/machine_mips_malta.py b/tests/acceptance/machine_mips_malta.py
>>>> index 92b4f28a112..7c9a4ee4d2d 100644
>>>> --- a/tests/acceptance/machine_mips_malta.py
>>>> +++ b/tests/acceptance/machine_mips_malta.py
>>>> @@ -15,6 +15,7 @@ from avocado import skipUnless
>>>> from avocado_qemu import Test
>>>> from avocado_qemu import wait_for_console_pattern
>>>> from avocado.utils import archive
>>>> +from avocado import skipIf
>>>>
>>>>
>>>> NUMPY_AVAILABLE = True
>>>> @@ -99,6 +100,7 @@ class MaltaMachineFramebuffer(Test):
>>>> """
>>>> self.do_test_i6400_framebuffer_logo(1)
>>>>
>>> So the test works using a single core...
>>> Good we have a test to figure the bug!
>> It's about a 1-3% failure rate on my big test box but hits every time on
>> CI. However I did disable MTTCG and still saw failures so I think it's a
>> more subtle breakage than just a straight race.
> I first thought it was a MTTCG problem, but then I realized you didn't
> disable the single core test. When using >1 core, the malta uses a
> different device, the CPS for Coherent Processing System. It contains
> a Inter-Thread Communication Unit and a Global Interrupt Controller.
> There might be a I/O locking problem. In particular, some of these
> devices access the &cpu->env (the ITU is more of micro-architecture).
>
> This is why I was excited by your finding :) We might have a way
> to figure it out.
FYI: This issue seems relative with the performence of host machine.
I can reproduce the issue in high frequency if I unplug my laptop from
AC adapter (it will switch to powersave governor).
So my first thought was it just because TCG runs too slow so cores failed
to respond IPI timely.
Thanks.
- Jiaxun
^ permalink raw reply [flat|nested] 98+ messages in thread
* Re: [PATCH v4 28/40] tests/acceptance: skip multicore mips_malta tests on GitLab
2020-07-02 1:05 ` Aleksandar Markovic
@ 2020-07-02 7:46 ` Alex Bennée
0 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-02 7:46 UTC (permalink / raw)
To: Aleksandar Markovic
Cc: Fam Zheng, Aleksandar Rikalo, Daniel P. Berrangé,
Philippe Mathieu-Daudé,
Richard Henderson, QEMU Developers, Wainer dos Santos Moschetta,
Philippe Mathieu-Daudé,
Emilio G . Cota, Cleber Rosa, Aurelien Jarno
Aleksandar Markovic <aleksandar.qemu.devel@gmail.com> writes:
> On Wed, Jul 1, 2020 at 4:03 PM Alex Bennée <alex.bennee@linaro.org> wrote:
>>
>> For some reason these tests fail all the time on GitLab. I can
>> re-create the hang around 3% of the time locally but it doesn't seem
>> to be MTTCG related. For now skipIf on GITLAB_CI.
>>
>> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
>> Cc: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
>> ---
>
> Alex,
>
> Thanks for having this test at all. I will review its content, but
> here is my stupid question:
>
> How can I, as a regular developer, repro the test in question? I am
> not familiar with GitLab at all.
To run the acceptance tests you just run:
make check-acceptance
To run the individual test:
./tests/venv/bin/avocado run tests/acceptance/machine_mips_malta.py:MaltaMachineFramebuffer.test_mips_malta_i64
00_framebuffer_logo_8cores
I used my retry.py script to just loop running the test for 100 times to
calculate the failure rate.
>
> Thanks,
> Aleksandar
>
>> tests/acceptance/machine_mips_malta.py | 3 +++
>> 1 file changed, 3 insertions(+)
>>
>> diff --git a/tests/acceptance/machine_mips_malta.py b/tests/acceptance/machine_mips_malta.py
>> index 92b4f28a112..7c9a4ee4d2d 100644
>> --- a/tests/acceptance/machine_mips_malta.py
>> +++ b/tests/acceptance/machine_mips_malta.py
>> @@ -15,6 +15,7 @@ from avocado import skipUnless
>> from avocado_qemu import Test
>> from avocado_qemu import wait_for_console_pattern
>> from avocado.utils import archive
>> +from avocado import skipIf
>>
>>
>> NUMPY_AVAILABLE = True
>> @@ -99,6 +100,7 @@ class MaltaMachineFramebuffer(Test):
>> """
>> self.do_test_i6400_framebuffer_logo(1)
>>
>> + @skipIf(os.getenv('GITLAB_CI'), 'Running on GitLab')
>> def test_mips_malta_i6400_framebuffer_logo_7cores(self):
>> """
>> :avocado: tags=arch:mips64el
>> @@ -108,6 +110,7 @@ class MaltaMachineFramebuffer(Test):
>> """
>> self.do_test_i6400_framebuffer_logo(7)
>>
>> + @skipIf(os.getenv('GITLAB_CI'), 'Running on GitLab')
>> def test_mips_malta_i6400_framebuffer_logo_8cores(self):
>> """
>> :avocado: tags=arch:mips64el
>> --
>> 2.20.1
>>
--
Alex Bennée
^ permalink raw reply [flat|nested] 98+ messages in thread
* Re: [RFC PATCH] cpus: Initialize current_cpu with the first vCPU created
@ 2020-07-02 7:55 ` Philippe Mathieu-Daudé
0 siblings, 0 replies; 98+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-07-02 7:55 UTC (permalink / raw)
To: Peter Maydell, Paolo Bonzini
Cc: Alexander Bulekov, Alex Bennée, QEMU Developers,
Bug 1878645, Richard Henderson
On 7/1/20 10:35 PM, Peter Maydell wrote:
> On Wed, 1 Jul 2020 at 19:21, Philippe Mathieu-Daudé <philmd@redhat.com> wrote:
>>
>> We can run I/O access with the 'i' or 'o' HMP commands in the
>> monitor. These commands are expected to run on a vCPU. The
>> monitor is not a vCPU thread. To avoid crashing, initialize
>> the 'current_cpu' variable with the first vCPU created. The
>> command executed on the monitor will end using it.
>
>>
>> RFC because I believe the correct fix is to NOT use current_cpu
>> out of cpus.c, at least use qemu_get_cpu(0) to get the first vCPU.
>
> Yes, I agree -- I don't think this is the correct fix.
> current_cpu is documented as "only valid inside cpu_exec()",
> ie if you're actually on a vcpu thread you can use it, but if
> you're not on a CPU thread, like the monitor, you need to
> say which vCPU you want to affect. For the monitor, that
> would be the current "default cpu" as set by the "cpu"
> command (cf monitor_set_cpu()). The bug here will be that
> somewhere along the line we are probably missing plumbing
> sufficient to pass down "which CPU do we want".
TIL mon_get_cpu() :)
This is a bit different here, the monitor is not doing an
access on a CPU address space, but directly on the I/O
address space. The APM port is registered by the ICH9
south bridge, and this triggers a SMI exception on a
CPU core, but I have no idea which one, a random one?
Then this particular core will switch to SMM mode.
Another way of seeing this problem, is imagining we
start a PIT timer from the monitor. When the timer
expires, the PIT will interrupt the CPU. Which CPU
to interrupt? We are not in the context of the monitor.
> https://bugs.launchpad.net/qemu/+bug/1602247 is a bug of
> a similar nature -- if the gdbstub does a memory access
> we know which CPU we're trying to do that memory access as,
> but it doesn't get plumbed through and so in the Arm GIC
> register read/write function that looks at current_cpu
> we get a segfault.
>
> One way to fix this would be to do something akin to how
> real hardware works -- encode into the MemTxAttrs an
> indication of what the transaction master was (eg the
> CPU number for CPUs); then the handful of devices that
> care about which CPU was doing the transaction can use
> that, rather than directly looking at current_cpu, and
> when gdbstub or monitor perform an access that should
> act like it's from a particular CPU they can indicate
> that by supplying appropriate transaction attributes.
> That would potentially be quite a bit of work though
> (but I think it would be a neat design if we want to
> try to fix this kind of "segfault if the user prods
> a device via the monitor" bug).
This is complex stuff. Too early for me to digest, I am
keeping this for later (I am not ignoring your comment).
>
> + if (!current_cpu) {
> + current_cpu = cpu;
> + }
>
> Some more specific issues with this -- current_cpu is
> a thread-local variable, so this will set that for
> whatever thread happens to make this call, which
> might or might not be the one that ends up handling
> the monitor command. Also some code assumes that
> current_cpu is non-NULL only if this is a vCPU thread,
> eg sigbus_handler().
Yes, I agree.
>
> thanks
> -- PMM
>
^ permalink raw reply [flat|nested] 98+ messages in thread
* [Bug 1878645] Re: [RFC PATCH] cpus: Initialize current_cpu with the first vCPU created
@ 2020-07-02 7:55 ` Philippe Mathieu-Daudé
0 siblings, 0 replies; 98+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-07-02 7:55 UTC (permalink / raw)
To: qemu-devel
On 7/1/20 10:35 PM, Peter Maydell wrote:
> On Wed, 1 Jul 2020 at 19:21, Philippe Mathieu-Daudé <philmd@redhat.com> wrote:
>>
>> We can run I/O access with the 'i' or 'o' HMP commands in the
>> monitor. These commands are expected to run on a vCPU. The
>> monitor is not a vCPU thread. To avoid crashing, initialize
>> the 'current_cpu' variable with the first vCPU created. The
>> command executed on the monitor will end using it.
>
>>
>> RFC because I believe the correct fix is to NOT use current_cpu
>> out of cpus.c, at least use qemu_get_cpu(0) to get the first vCPU.
>
> Yes, I agree -- I don't think this is the correct fix.
> current_cpu is documented as "only valid inside cpu_exec()",
> ie if you're actually on a vcpu thread you can use it, but if
> you're not on a CPU thread, like the monitor, you need to
> say which vCPU you want to affect. For the monitor, that
> would be the current "default cpu" as set by the "cpu"
> command (cf monitor_set_cpu()). The bug here will be that
> somewhere along the line we are probably missing plumbing
> sufficient to pass down "which CPU do we want".
TIL mon_get_cpu() :)
This is a bit different here, the monitor is not doing an
access on a CPU address space, but directly on the I/O
address space. The APM port is registered by the ICH9
south bridge, and this triggers a SMI exception on a
CPU core, but I have no idea which one, a random one?
Then this particular core will switch to SMM mode.
Another way of seeing this problem, is imagining we
start a PIT timer from the monitor. When the timer
expires, the PIT will interrupt the CPU. Which CPU
to interrupt? We are not in the context of the monitor.
> https://bugs.launchpad.net/qemu/+bug/1602247 is a bug of
> a similar nature -- if the gdbstub does a memory access
> we know which CPU we're trying to do that memory access as,
> but it doesn't get plumbed through and so in the Arm GIC
> register read/write function that looks at current_cpu
> we get a segfault.
>
> One way to fix this would be to do something akin to how
> real hardware works -- encode into the MemTxAttrs an
> indication of what the transaction master was (eg the
> CPU number for CPUs); then the handful of devices that
> care about which CPU was doing the transaction can use
> that, rather than directly looking at current_cpu, and
> when gdbstub or monitor perform an access that should
> act like it's from a particular CPU they can indicate
> that by supplying appropriate transaction attributes.
> That would potentially be quite a bit of work though
> (but I think it would be a neat design if we want to
> try to fix this kind of "segfault if the user prods
> a device via the monitor" bug).
This is complex stuff. Too early for me to digest, I am
keeping this for later (I am not ignoring your comment).
>
> + if (!current_cpu) {
> + current_cpu = cpu;
> + }
>
> Some more specific issues with this -- current_cpu is
> a thread-local variable, so this will set that for
> whatever thread happens to make this call, which
> might or might not be the one that ends up handling
> the monitor command. Also some code assumes that
> current_cpu is non-NULL only if this is a vCPU thread,
> eg sigbus_handler().
Yes, I agree.
>
> thanks
> -- PMM
>
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1878645
Title:
null-ptr dereference in ich9_apm_ctrl_changed
Status in QEMU:
New
Bug description:
Hello,
While fuzzing, I found an input which triggers a NULL pointer dereference in
tcg_handle_interrupt. It seems the culprint is a "cpu" pointer - maybe this bug
is specific to QTest?
==23862==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000000b4 (pc 0x55b9dc7c9dce bp 0x7ffc346a0900 sp 0x7ffc346a0880 T0)
==23862==The signal is caused by a READ memory access.
==23862==Hint: address points to the zero page.
#0 0x55b9dc7c9dce in tcg_handle_interrupt /home/alxndr/Development/qemu/accel/tcg/tcg-all.c:57:21
#1 0x55b9dc904799 in cpu_interrupt /home/alxndr/Development/qemu/include/hw/core/cpu.h:872:5
#2 0x55b9dc9085e8 in ich9_apm_ctrl_changed /home/alxndr/Development/qemu/hw/isa/lpc_ich9.c:442:13
#3 0x55b9dd19cdc8 in apm_ioport_writeb /home/alxndr/Development/qemu/hw/isa/apm.c:50:13
#4 0x55b9dc73f8b4 in memory_region_write_accessor /home/alxndr/Development/qemu/memory.c:483:5
#5 0x55b9dc73f289 in access_with_adjusted_size /home/alxndr/Development/qemu/memory.c:544:18
#6 0x55b9dc73ddf5 in memory_region_dispatch_write /home/alxndr/Development/qemu/memory.c:1476:16
#7 0x55b9dc577bf3 in flatview_write_continue /home/alxndr/Development/qemu/exec.c:3137:23
#8 0x55b9dc567ad8 in flatview_write /home/alxndr/Development/qemu/exec.c:3177:14
#9 0x55b9dc567608 in address_space_write /home/alxndr/Development/qemu/exec.c:3268:18
#10 0x55b9dc723fe7 in cpu_outb /home/alxndr/Development/qemu/ioport.c:60:5
#11 0x55b9dc72d3c0 in qtest_process_command /home/alxndr/Development/qemu/qtest.c:392:13
#12 0x55b9dc72b186 in qtest_process_inbuf /home/alxndr/Development/qemu/qtest.c:710:9
#13 0x55b9dc72a8b3 in qtest_read /home/alxndr/Development/qemu/qtest.c:722:5
#14 0x55b9ddc6e60b in qemu_chr_be_write_impl /home/alxndr/Development/qemu/chardev/char.c:183:9
#15 0x55b9ddc6e75a in qemu_chr_be_write /home/alxndr/Development/qemu/chardev/char.c:195:9
#16 0x55b9ddc77979 in fd_chr_read /home/alxndr/Development/qemu/chardev/char-fd.c:68:9
#17 0x55b9ddcff0e9 in qio_channel_fd_source_dispatch /home/alxndr/Development/qemu/io/channel-watch.c:84:12
#18 0x7f7161eac897 in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4e897)
#19 0x55b9ddebcb84 in glib_pollfds_poll /home/alxndr/Development/qemu/util/main-loop.c:219:9
#20 0x55b9ddebb57d in os_host_main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:242:5
#21 0x55b9ddebb176 in main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:518:11
#22 0x55b9dcb4bd1d in qemu_main_loop /home/alxndr/Development/qemu/softmmu/vl.c:1664:9
#23 0x55b9ddd1629c in main /home/alxndr/Development/qemu/softmmu/main.c:49:5
#24 0x7f7160a5ce0a in __libc_start_main /build/glibc-GwnBeO/glibc-2.30/csu/../csu/libc-start.c:308:16
#25 0x55b9dc49c819 in _start (/home/alxndr/Development/qemu/build/i386-softmmu/qemu-system-i386+0xc9c819)
I can reproduce this in qemu 5.0 built with AddressSanitizer using these qtest commands:
cat << EOF | ./qemu-system-i386 \
-qtest stdio -nographic -monitor none -serial none \
-M pc-q35-5.0
outl 0xcf8 0x8400f841
outl 0xcfc 0xaa215d6d
outl 0x6d30 0x2ef8ffbe
outb 0xb2 0x20
EOF
Please let me know if I can provide any further info.
-Alex
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1878645/+subscriptions
^ permalink raw reply [flat|nested] 98+ messages in thread
* Re: [RFC PATCH] cpus: Initialize current_cpu with the first vCPU created
2020-07-01 20:35 ` [Bug 1878645] " Peter Maydell
(?)
(?)
@ 2020-07-02 9:52 ` Paolo Bonzini
2020-07-02 10:49 ` [Bug 1878645] " Alex Bennée
-1 siblings, 1 reply; 98+ messages in thread
From: Paolo Bonzini @ 2020-07-02 9:52 UTC (permalink / raw)
To: Peter Maydell, Philippe Mathieu-Daudé
Cc: Alexander Bulekov, Alex Bennée, QEMU Developers,
Bug 1878645, Richard Henderson
On 01/07/20 22:35, Peter Maydell wrote:
> For the monitor, that
> would be the current "default cpu" as set by the "cpu"
> command (cf monitor_set_cpu()). The bug here will be that
> somewhere along the line we are probably missing plumbing
> sufficient to pass down "which CPU do we want".
Yeah, the fix is probably to add a functions that returns either
current_cpu or the monitor CPU, and use it in device emulation if
applicable.
The problem with current_cpu is that it affects stuff like run_on_cpu,
and that is guaranteed to cause havoc to code that expects to run on a
given CPU and therefore doesn't use locks.
Paolo
^ permalink raw reply [flat|nested] 98+ messages in thread
* Re: [RFC PATCH] cpus: Initialize current_cpu with the first vCPU created
@ 2020-07-02 10:49 ` Alex Bennée
0 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-02 10:49 UTC (permalink / raw)
To: Paolo Bonzini
Cc: Peter Maydell, Bug 1878645, QEMU Developers, Alexander Bulekov,
Philippe Mathieu-Daudé,
Richard Henderson
Paolo Bonzini <pbonzini@redhat.com> writes:
> On 01/07/20 22:35, Peter Maydell wrote:
>> For the monitor, that
>> would be the current "default cpu" as set by the "cpu"
>> command (cf monitor_set_cpu()). The bug here will be that
>> somewhere along the line we are probably missing plumbing
>> sufficient to pass down "which CPU do we want".
>
> Yeah, the fix is probably to add a functions that returns either
> current_cpu or the monitor CPU, and use it in device emulation if
> applicable.
>
> The problem with current_cpu is that it affects stuff like run_on_cpu,
> and that is guaranteed to cause havoc to code that expects to run on a
> given CPU and therefore doesn't use locks.
IIRC the original reported bug was in a APM callback which was triggered
by an MMIO operation. Currently we don't expose the current cpu via the
memory dispatch routines. Should we to ensure there is always something
valid there?
>
> Paolo
--
Alex Bennée
^ permalink raw reply [flat|nested] 98+ messages in thread
* [Bug 1878645] Re: [RFC PATCH] cpus: Initialize current_cpu with the first vCPU created
@ 2020-07-02 10:49 ` Alex Bennée
0 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-02 10:49 UTC (permalink / raw)
To: qemu-devel
Paolo Bonzini <pbonzini@redhat.com> writes:
> On 01/07/20 22:35, Peter Maydell wrote:
>> For the monitor, that
>> would be the current "default cpu" as set by the "cpu"
>> command (cf monitor_set_cpu()). The bug here will be that
>> somewhere along the line we are probably missing plumbing
>> sufficient to pass down "which CPU do we want".
>
> Yeah, the fix is probably to add a functions that returns either
> current_cpu or the monitor CPU, and use it in device emulation if
> applicable.
>
> The problem with current_cpu is that it affects stuff like run_on_cpu,
> and that is guaranteed to cause havoc to code that expects to run on a
> given CPU and therefore doesn't use locks.
IIRC the original reported bug was in a APM callback which was triggered
by an MMIO operation. Currently we don't expose the current cpu via the
memory dispatch routines. Should we to ensure there is always something
valid there?
>
> Paolo
--
Alex Bennée
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1878645
Title:
null-ptr dereference in ich9_apm_ctrl_changed
Status in QEMU:
New
Bug description:
Hello,
While fuzzing, I found an input which triggers a NULL pointer dereference in
tcg_handle_interrupt. It seems the culprint is a "cpu" pointer - maybe this bug
is specific to QTest?
==23862==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000000b4 (pc 0x55b9dc7c9dce bp 0x7ffc346a0900 sp 0x7ffc346a0880 T0)
==23862==The signal is caused by a READ memory access.
==23862==Hint: address points to the zero page.
#0 0x55b9dc7c9dce in tcg_handle_interrupt /home/alxndr/Development/qemu/accel/tcg/tcg-all.c:57:21
#1 0x55b9dc904799 in cpu_interrupt /home/alxndr/Development/qemu/include/hw/core/cpu.h:872:5
#2 0x55b9dc9085e8 in ich9_apm_ctrl_changed /home/alxndr/Development/qemu/hw/isa/lpc_ich9.c:442:13
#3 0x55b9dd19cdc8 in apm_ioport_writeb /home/alxndr/Development/qemu/hw/isa/apm.c:50:13
#4 0x55b9dc73f8b4 in memory_region_write_accessor /home/alxndr/Development/qemu/memory.c:483:5
#5 0x55b9dc73f289 in access_with_adjusted_size /home/alxndr/Development/qemu/memory.c:544:18
#6 0x55b9dc73ddf5 in memory_region_dispatch_write /home/alxndr/Development/qemu/memory.c:1476:16
#7 0x55b9dc577bf3 in flatview_write_continue /home/alxndr/Development/qemu/exec.c:3137:23
#8 0x55b9dc567ad8 in flatview_write /home/alxndr/Development/qemu/exec.c:3177:14
#9 0x55b9dc567608 in address_space_write /home/alxndr/Development/qemu/exec.c:3268:18
#10 0x55b9dc723fe7 in cpu_outb /home/alxndr/Development/qemu/ioport.c:60:5
#11 0x55b9dc72d3c0 in qtest_process_command /home/alxndr/Development/qemu/qtest.c:392:13
#12 0x55b9dc72b186 in qtest_process_inbuf /home/alxndr/Development/qemu/qtest.c:710:9
#13 0x55b9dc72a8b3 in qtest_read /home/alxndr/Development/qemu/qtest.c:722:5
#14 0x55b9ddc6e60b in qemu_chr_be_write_impl /home/alxndr/Development/qemu/chardev/char.c:183:9
#15 0x55b9ddc6e75a in qemu_chr_be_write /home/alxndr/Development/qemu/chardev/char.c:195:9
#16 0x55b9ddc77979 in fd_chr_read /home/alxndr/Development/qemu/chardev/char-fd.c:68:9
#17 0x55b9ddcff0e9 in qio_channel_fd_source_dispatch /home/alxndr/Development/qemu/io/channel-watch.c:84:12
#18 0x7f7161eac897 in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4e897)
#19 0x55b9ddebcb84 in glib_pollfds_poll /home/alxndr/Development/qemu/util/main-loop.c:219:9
#20 0x55b9ddebb57d in os_host_main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:242:5
#21 0x55b9ddebb176 in main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:518:11
#22 0x55b9dcb4bd1d in qemu_main_loop /home/alxndr/Development/qemu/softmmu/vl.c:1664:9
#23 0x55b9ddd1629c in main /home/alxndr/Development/qemu/softmmu/main.c:49:5
#24 0x7f7160a5ce0a in __libc_start_main /build/glibc-GwnBeO/glibc-2.30/csu/../csu/libc-start.c:308:16
#25 0x55b9dc49c819 in _start (/home/alxndr/Development/qemu/build/i386-softmmu/qemu-system-i386+0xc9c819)
I can reproduce this in qemu 5.0 built with AddressSanitizer using these qtest commands:
cat << EOF | ./qemu-system-i386 \
-qtest stdio -nographic -monitor none -serial none \
-M pc-q35-5.0
outl 0xcf8 0x8400f841
outl 0xcfc 0xaa215d6d
outl 0x6d30 0x2ef8ffbe
outb 0xb2 0x20
EOF
Please let me know if I can provide any further info.
-Alex
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1878645/+subscriptions
^ permalink raw reply [flat|nested] 98+ messages in thread
* Re: [PATCH v4 36/40] gitlab: split build-disabled into two phases
2020-07-01 13:56 ` [PATCH v4 36/40] gitlab: split build-disabled into two phases Alex Bennée
@ 2020-07-10 13:16 ` Thomas Huth
2020-07-10 14:58 ` Alex Bennée
0 siblings, 1 reply; 98+ messages in thread
From: Thomas Huth @ 2020-07-10 13:16 UTC (permalink / raw)
To: Alex Bennée, qemu-devel
Cc: fam, berrange, richard.henderson, f4bug,
Wainer dos Santos Moschetta, cota, Philippe Mathieu-Daudé,
aurelien
On 01/07/2020 15.56, Alex Bennée wrote:
> As we run check-qtest in "SLOW" mode this can timeout so split into
> two jobs.
>
> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> Reviewed-by: Thomas Huth <thuth@redhat.com>
Hi Alex,
I think you can drop this patch and use "[PATCH v2] tests: improve
performance of device-introspect-test" instead.
Thanks,
Thomas
^ permalink raw reply [flat|nested] 98+ messages in thread
* Re: [PATCH v4 36/40] gitlab: split build-disabled into two phases
2020-07-10 13:16 ` Thomas Huth
@ 2020-07-10 14:58 ` Alex Bennée
2020-07-10 16:01 ` Philippe Mathieu-Daudé
0 siblings, 1 reply; 98+ messages in thread
From: Alex Bennée @ 2020-07-10 14:58 UTC (permalink / raw)
To: Thomas Huth
Cc: fam, berrange, richard.henderson, qemu-devel,
Wainer dos Santos Moschetta, f4bug, cota,
Philippe Mathieu-Daudé,
aurelien
Thomas Huth <thuth@redhat.com> writes:
> On 01/07/2020 15.56, Alex Bennée wrote:
>> As we run check-qtest in "SLOW" mode this can timeout so split into
>> two jobs.
>>
>> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
>> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
>> Reviewed-by: Thomas Huth <thuth@redhat.com>
>
> Hi Alex,
>
> I think you can drop this patch and use "[PATCH v2] tests: improve
> performance of device-introspect-test" instead.
As I'm re-rolling the PR sure...
>
> Thanks,
> Thomas
--
Alex Bennée
^ permalink raw reply [flat|nested] 98+ messages in thread
* Re: [PATCH v4 36/40] gitlab: split build-disabled into two phases
2020-07-10 14:58 ` Alex Bennée
@ 2020-07-10 16:01 ` Philippe Mathieu-Daudé
2020-07-10 16:26 ` Alex Bennée
0 siblings, 1 reply; 98+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-07-10 16:01 UTC (permalink / raw)
To: Alex Bennée, Thomas Huth
Cc: fam, berrange, richard.henderson, qemu-devel,
Wainer dos Santos Moschetta, cota, Philippe Mathieu-Daudé,
aurelien
On 7/10/20 4:58 PM, Alex Bennée wrote:
>
> Thomas Huth <thuth@redhat.com> writes:
>
>> On 01/07/2020 15.56, Alex Bennée wrote:
>>> As we run check-qtest in "SLOW" mode this can timeout so split into
>>> two jobs.
>>>
>>> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
>>> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
>>> Reviewed-by: Thomas Huth <thuth@redhat.com>
>>
>> Hi Alex,
>>
>> I think you can drop this patch and use "[PATCH v2] tests: improve
>> performance of device-introspect-test" instead.
>
> As I'm re-rolling the PR sure...
Also maybe:
https://www.mail-archive.com/qemu-devel@nongnu.org/msg721458.html
^ permalink raw reply [flat|nested] 98+ messages in thread
* Re: [PATCH v4 36/40] gitlab: split build-disabled into two phases
2020-07-10 16:01 ` Philippe Mathieu-Daudé
@ 2020-07-10 16:26 ` Alex Bennée
2020-07-10 16:53 ` Philippe Mathieu-Daudé
0 siblings, 1 reply; 98+ messages in thread
From: Alex Bennée @ 2020-07-10 16:26 UTC (permalink / raw)
To: Philippe Mathieu-Daudé
Cc: fam, Thomas Huth, berrange, richard.henderson, qemu-devel,
Wainer dos Santos Moschetta, cota, Philippe Mathieu-Daudé,
aurelien
Philippe Mathieu-Daudé <f4bug@amsat.org> writes:
> On 7/10/20 4:58 PM, Alex Bennée wrote:
>>
>> Thomas Huth <thuth@redhat.com> writes:
>>
>>> On 01/07/2020 15.56, Alex Bennée wrote:
>>>> As we run check-qtest in "SLOW" mode this can timeout so split into
>>>> two jobs.
>>>>
>>>> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
>>>> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
>>>> Reviewed-by: Thomas Huth <thuth@redhat.com>
>>>
>>> Hi Alex,
>>>
>>> I think you can drop this patch and use "[PATCH v2] tests: improve
>>> performance of device-introspect-test" instead.
>>
>> As I'm re-rolling the PR sure...
>
> Also maybe:
>
> https://www.mail-archive.com/qemu-devel@nongnu.org/msg721458.html
I don't think it's directly related - can we just avoid pilling a bunch
of stuff in on a re-roll please.
--
Alex Bennée
^ permalink raw reply [flat|nested] 98+ messages in thread
* Re: [PATCH v4 36/40] gitlab: split build-disabled into two phases
2020-07-10 16:26 ` Alex Bennée
@ 2020-07-10 16:53 ` Philippe Mathieu-Daudé
0 siblings, 0 replies; 98+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-07-10 16:53 UTC (permalink / raw)
To: Alex Bennée
Cc: fam, Thomas Huth, berrange, richard.henderson, qemu-devel,
Wainer dos Santos Moschetta, cota, Philippe Mathieu-Daudé,
aurelien
On 7/10/20 6:26 PM, Alex Bennée wrote:
>
> Philippe Mathieu-Daudé <f4bug@amsat.org> writes:
>
>> On 7/10/20 4:58 PM, Alex Bennée wrote:
>>>
>>> Thomas Huth <thuth@redhat.com> writes:
>>>
>>>> On 01/07/2020 15.56, Alex Bennée wrote:
>>>>> As we run check-qtest in "SLOW" mode this can timeout so split into
>>>>> two jobs.
>>>>>
>>>>> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
>>>>> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
>>>>> Reviewed-by: Thomas Huth <thuth@redhat.com>
>>>>
>>>> Hi Alex,
>>>>
>>>> I think you can drop this patch and use "[PATCH v2] tests: improve
>>>> performance of device-introspect-test" instead.
>>>
>>> As I'm re-rolling the PR sure...
>>
>> Also maybe:
>>
>> https://www.mail-archive.com/qemu-devel@nongnu.org/msg721458.html
>
> I don't think it's directly related
I thought it was.
> - can we just avoid pilling a bunch
> of stuff in on a re-roll please.
Understood, sorry.
^ permalink raw reply [flat|nested] 98+ messages in thread
* Re: [PATCH v4 11/40] tests/vm: change scripts to use self._config
2020-07-01 13:56 ` [PATCH v4 11/40] tests/vm: change scripts to use self._config Alex Bennée
@ 2020-07-10 18:16 ` Alex Bennée
0 siblings, 0 replies; 98+ messages in thread
From: Alex Bennée @ 2020-07-10 18:16 UTC (permalink / raw)
To: qemu-devel
Cc: fam, berrange, Robert Foley, Alex Bennée, richard.henderson,
f4bug, Philippe Mathieu-Daudé,
cota, Peter Puhov, aurelien
Alex Bennée <alex.bennee@linaro.org> writes:
> From: Robert Foley <robert.foley@linaro.org>
>
> This change converts existing scripts to using for example self.ROOT_PASS,
> to self._config['root_pass'].
> We made similar changes for GUEST_USER, and GUEST_PASS.
> This allows us also to remove the change in basevm.py,
> which adds __getattr__ for backwards compatibility.
>
> Signed-off-by: Robert Foley <robert.foley@linaro.org>
> Reviewed-by: Peter Puhov <peter.puhov@linaro.org>
> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> Message-Id: <20200601211421.1277-8-robert.foley@linaro.org>
> ---
> tests/vm/basevm.py | 11 ++---------
> tests/vm/fedora | 17 +++++++++--------
> tests/vm/freebsd | 16 ++++++++--------
> tests/vm/netbsd | 19 ++++++++++---------
> tests/vm/openbsd | 17 +++++++++--------
> 5 files changed, 38 insertions(+), 42 deletions(-)
>
> diff --git a/tests/vm/basevm.py b/tests/vm/basevm.py
> index 5fd66f6b26a..f716798b405 100644
> --- a/tests/vm/basevm.py
> +++ b/tests/vm/basevm.py
> @@ -183,13 +183,6 @@ class BaseVM(object):
> self.console_init(timeout=timeout)
> self.console_wait(wait_string)
>
> - def __getattr__(self, name):
> - # Support direct access to config by key.
> - # for example, access self._config['cpu'] by self.cpu
> - if name.lower() in self._config.keys():
> - return self._config[name.lower()]
> - return object.__getattribute__(self, name)
> -
> def _download_with_cache(self, url, sha256sum=None, sha512sum=None):
> def check_sha256sum(fname):
> if not sha256sum:
> @@ -239,13 +232,13 @@ class BaseVM(object):
> return r
>
> def ssh(self, *cmd):
> - return self._ssh_do(self.GUEST_USER, cmd, False)
> + return self._ssh_do(self._config["guest_user"], cmd, False)
>
> def ssh_root(self, *cmd):
> return self._ssh_do("root", cmd, False)
>
> def ssh_check(self, *cmd):
> - self._ssh_do(self.GUEST_USER, cmd, True)
> + self._ssh_do(self._config["guest_user"], cmd, True)
>
> def ssh_root_check(self, *cmd):
> self._ssh_do("root", cmd, True)
> diff --git a/tests/vm/fedora b/tests/vm/fedora
> index a9195670f4b..b2b478fdbca 100755
> --- a/tests/vm/fedora
> +++ b/tests/vm/fedora
> @@ -108,20 +108,20 @@ class FedoraVM(basevm.BaseVM):
>
> self.console_wait_send("7) [!] Root password", "7\n")
> self.console_wait("Password:")
> - self.console_send("%s\n" % self.ROOT_PASS)
> + self.console_send("%s\n" % self._config["root_pass"])
> self.console_wait("Password (confirm):")
> - self.console_send("%s\n" % self.ROOT_PASS)
> + self.console_send("%s\n" % self._config["root_pass"])
>
> self.console_wait_send("8) [ ] User creation", "8\n")
> self.console_wait_send("1) [ ] Create user", "1\n")
> self.console_wait_send("3) User name", "3\n")
> - self.console_wait_send("ENTER:", "%s\n" % self.GUEST_USER)
> + self.console_wait_send("ENTER:", "%s\n" % self._config["guest_user"])
> self.console_wait_send("4) [ ] Use password", "4\n")
> self.console_wait_send("5) Password", "5\n")
> self.console_wait("Password:")
> - self.console_send("%s\n" % self.GUEST_PASS)
> + self.console_send("%s\n" % self._config["guest_pass"])
> self.console_wait("Password (confirm):")
> - self.console_send("%s\n" % self.GUEST_PASS)
> + self.console_send("%s\n" % self._config["guest_pass"])
> self.console_wait_send("7) Groups", "c\n")
>
> while True:
> @@ -139,7 +139,7 @@ class FedoraVM(basevm.BaseVM):
> if good:
> break
> time.sleep(10)
> - self.console_send("r\n" % self.GUEST_PASS)
> + self.console_send("r\n" % self._config["guest_pass"])
>
> self.console_wait_send("'b' to begin install", "b\n")
>
> @@ -150,12 +150,13 @@ class FedoraVM(basevm.BaseVM):
>
> # setup qemu user
> prompt = " ~]$"
> - self.console_ssh_init(prompt, self.GUEST_USER, self.GUEST_PASS)
> + self.console_ssh_init(prompt, self._config["guest_user"],
> + self._config["guest_pass"])
> self.console_wait_send(prompt, "exit\n")
>
> # setup root user
> prompt = " ~]#"
> - self.console_ssh_init(prompt, "root", self.ROOT_PASS)
> + self.console_ssh_init(prompt, "root", self._config["root_pass"])
> self.console_sshd_config(prompt)
>
> # setup virtio-blk #1 (tarfile)
> diff --git a/tests/vm/freebsd b/tests/vm/freebsd
> index f87db2b126e..29252fa4a64 100755
> --- a/tests/vm/freebsd
> +++ b/tests/vm/freebsd
> @@ -113,9 +113,9 @@ class FreeBSDVM(basevm.BaseVM):
>
> # post-install configuration
> self.console_wait("New Password:")
> - self.console_send("%s\n" % self.ROOT_PASS)
> + self.console_send("%s\n" % self._config["root_pass"])
> self.console_wait("Retype New Password:")
> - self.console_send("%s\n" % self.ROOT_PASS)
> + self.console_send("%s\n" % self._config["root_pass"])
>
> self.console_wait_send("Network Configuration", "\n")
> self.console_wait_send("IPv4", "y")
> @@ -134,9 +134,9 @@ class FreeBSDVM(basevm.BaseVM):
> # qemu user
> self.console_wait_send("Add User Accounts", "y")
> self.console_wait("Username")
> - self.console_send("%s\n" % self.GUEST_USER)
> + self.console_send("%s\n" % self._config["guest_user"])
> self.console_wait("Full name")
> - self.console_send("%s\n" % self.GUEST_USER)
> + self.console_send("%s\n" % self._config["guest_user"])
> self.console_wait_send("Uid", "\n")
> self.console_wait_send("Login group", "\n")
> self.console_wait_send("Login group", "\n")
> @@ -148,9 +148,9 @@ class FreeBSDVM(basevm.BaseVM):
> self.console_wait_send("Use an empty password", "\n")
> self.console_wait_send("Use a random password", "\n")
> self.console_wait("Enter password:")
> - self.console_send("%s\n" % self.GUEST_PASS)
> + self.console_send("%s\n" % self._config["guest_pass"])
> self.console_wait("Enter password again:")
> - self.console_send("%s\n" % self.GUEST_PASS)
> + self.console_send("%s\n" % self._config["guest_pass"])
> self.console_wait_send("Lock out", "\n")
> self.console_wait_send("OK", "yes\n")
> self.console_wait_send("Add another user", "no\n")
> @@ -164,12 +164,12 @@ class FreeBSDVM(basevm.BaseVM):
>
> # setup qemu user
> prompt = "$"
> - self.console_ssh_init(prompt, self.GUEST_USER, self.GUEST_PASS)
> + self.console_ssh_init(prompt, self._config["guest_user"], self._config["guest_pass"])
> self.console_wait_send(prompt, "exit\n")
>
> # setup root user
> prompt = "root@freebsd:~ #"
> - self.console_ssh_init(prompt, "root", self.ROOT_PASS)
> + self.console_ssh_init(prompt, "root", self._config["root_pass"])
> self.console_sshd_config(prompt)
>
> # setup serial console
> diff --git a/tests/vm/netbsd b/tests/vm/netbsd
> index cdac502dad8..dc0e45c1d45 100755
> --- a/tests/vm/netbsd
> +++ b/tests/vm/netbsd
> @@ -120,24 +120,24 @@ class NetBSDVM(basevm.BaseVM):
> self.console_wait_send("d: Change root password", "d\n")
> self.console_wait_send("a: Yes", "a\n")
> self.console_wait("New password:")
> - self.console_send("%s\n" % self.ROOT_PASS)
> + self.console_send("%s\n" % self._config["root_pass"])
> self.console_wait("New password:")
> - self.console_send("%s\n" % self.ROOT_PASS)
> + self.console_send("%s\n" % self._config["root_pass"])
> self.console_wait("Retype new password:")
> - self.console_send("%s\n" % self.ROOT_PASS)
> + self.console_send("%s\n" % self._config["root_pass"])
>
> self.console_wait_send("o: Add a user", "o\n")
> self.console_wait("username")
> - self.console_send("%s\n" % self.GUEST_USER)
> + self.console_send("%s\n" % self._config["guest_pass"])
Can you see where we went wrong ;-)
<snip>
--
Alex Bennée
^ permalink raw reply [flat|nested] 98+ messages in thread
* Re: [RFC PATCH] cpus: Initialize current_cpu with the first vCPU created
2020-07-01 20:35 ` [Bug 1878645] " Peter Maydell
` (2 preceding siblings ...)
(?)
@ 2020-09-07 20:35 ` Alexander Bulekov
2020-09-08 6:33 ` Paolo Bonzini
-1 siblings, 1 reply; 98+ messages in thread
From: Alexander Bulekov @ 2020-09-07 20:35 UTC (permalink / raw)
To: Peter Maydell
Cc: Thomas Huth, Philippe Mathieu-Daudé,
QEMU Developers, Paolo Bonzini, Alex Bennée,
Richard Henderson
On 200701 2135, Peter Maydell wrote:
> On Wed, 1 Jul 2020 at 19:21, Philippe Mathieu-Daudé <philmd@redhat.com> wrote:
> >
> > We can run I/O access with the 'i' or 'o' HMP commands in the
> > monitor. These commands are expected to run on a vCPU. The
> > monitor is not a vCPU thread. To avoid crashing, initialize
> > the 'current_cpu' variable with the first vCPU created. The
> > command executed on the monitor will end using it.
>
> >
> > RFC because I believe the correct fix is to NOT use current_cpu
> > out of cpus.c, at least use qemu_get_cpu(0) to get the first vCPU.
>
> Yes, I agree -- I don't think this is the correct fix.
> current_cpu is documented as "only valid inside cpu_exec()",
> ie if you're actually on a vcpu thread you can use it, but if
> you're not on a CPU thread, like the monitor, you need to
> say which vCPU you want to affect. For the monitor, that
Following up on this old thread.. Does qtest count as a pseudo-vCPU?
Since qtest already uses first_cpu for all of its address_space calls,
would it be appropriate to set current_cpu to first_cpu in qtest's
initialization?
Thank you
-Alex
> would be the current "default cpu" as set by the "cpu"
> command (cf monitor_set_cpu()). The bug here will be that
> somewhere along the line we are probably missing plumbing
> sufficient to pass down "which CPU do we want".
>
> https://bugs.launchpad.net/qemu/+bug/1602247 is a bug of
> a similar nature -- if the gdbstub does a memory access
> we know which CPU we're trying to do that memory access as,
> but it doesn't get plumbed through and so in the Arm GIC
> register read/write function that looks at current_cpu
> we get a segfault.
>
> One way to fix this would be to do something akin to how
> real hardware works -- encode into the MemTxAttrs an
> indication of what the transaction master was (eg the
> CPU number for CPUs); then the handful of devices that
> care about which CPU was doing the transaction can use
> that, rather than directly looking at current_cpu, and
> when gdbstub or monitor perform an access that should
> act like it's from a particular CPU they can indicate
> that by supplying appropriate transaction attributes.
> That would potentially be quite a bit of work though
> (but I think it would be a neat design if we want to
> try to fix this kind of "segfault if the user prods
> a device via the monitor" bug).
>
> + if (!current_cpu) {
> + current_cpu = cpu;
> + }
>
> Some more specific issues with this -- current_cpu is
> a thread-local variable, so this will set that for
> whatever thread happens to make this call, which
> might or might not be the one that ends up handling
> the monitor command. Also some code assumes that
> current_cpu is non-NULL only if this is a vCPU thread,
> eg sigbus_handler().
>
> thanks
> -- PMM
^ permalink raw reply [flat|nested] 98+ messages in thread
* Re: [RFC PATCH] cpus: Initialize current_cpu with the first vCPU created
2020-09-07 20:35 ` Alexander Bulekov
@ 2020-09-08 6:33 ` Paolo Bonzini
2020-09-08 6:39 ` Philippe Mathieu-Daudé
0 siblings, 1 reply; 98+ messages in thread
From: Paolo Bonzini @ 2020-09-08 6:33 UTC (permalink / raw)
To: Alexander Bulekov, Peter Maydell
Cc: Alex Bennée, Thomas Huth, Philippe Mathieu-Daudé,
QEMU Developers, Richard Henderson
On 07/09/20 22:35, Alexander Bulekov wrote:
>>> RFC because I believe the correct fix is to NOT use current_cpu
>>> out of cpus.c, at least use qemu_get_cpu(0) to get the first vCPU.
>> Yes, I agree -- I don't think this is the correct fix.
>> current_cpu is documented as "only valid inside cpu_exec()",
>> ie if you're actually on a vcpu thread you can use it, but if
>> you're not on a CPU thread, like the monitor, you need to
>> say which vCPU you want to affect. For the monitor, that
> Following up on this old thread.. Does qtest count as a pseudo-vCPU?
> Since qtest already uses first_cpu for all of its address_space calls,
> would it be appropriate to set current_cpu to first_cpu in qtest's
> initialization?
No, current_cpu should never be set on non-vCPU threads.
Paolo
^ permalink raw reply [flat|nested] 98+ messages in thread
* Re: [RFC PATCH] cpus: Initialize current_cpu with the first vCPU created
2020-09-08 6:33 ` Paolo Bonzini
@ 2020-09-08 6:39 ` Philippe Mathieu-Daudé
2020-09-08 11:43 ` Paolo Bonzini
0 siblings, 1 reply; 98+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-09-08 6:39 UTC (permalink / raw)
To: Paolo Bonzini
Cc: Peter Maydell, Thomas Huth, Alex Bennée, QEMU Developers,
Alexander Bulekov, Philippe Mathieu-Daudé,
Richard Henderson
[-- Attachment #1: Type: text/plain, Size: 995 bytes --]
Le mar. 8 sept. 2020 08:33, Paolo Bonzini <pbonzini@redhat.com> a écrit :
> On 07/09/20 22:35, Alexander Bulekov wrote:
> >>> RFC because I believe the correct fix is to NOT use current_cpu
> >>> out of cpus.c, at least use qemu_get_cpu(0) to get the first vCPU.
> >> Yes, I agree -- I don't think this is the correct fix.
> >> current_cpu is documented as "only valid inside cpu_exec()",
> >> ie if you're actually on a vcpu thread you can use it, but if
> >> you're not on a CPU thread, like the monitor, you need to
> >> say which vCPU you want to affect. For the monitor, that
> > Following up on this old thread.. Does qtest count as a pseudo-vCPU?
> > Since qtest already uses first_cpu for all of its address_space calls,
> > would it be appropriate to set current_cpu to first_cpu in qtest's
> > initialization?
>
qtest doesn't provide vCPU so first_cpu = NULL, that wouldn't help.
> No, current_cpu should never be set on non-vCPU threads.
>
> Paolo
>
>
>
[-- Attachment #2: Type: text/html, Size: 1630 bytes --]
^ permalink raw reply [flat|nested] 98+ messages in thread
* Re: [RFC PATCH] cpus: Initialize current_cpu with the first vCPU created
2020-09-08 6:39 ` Philippe Mathieu-Daudé
@ 2020-09-08 11:43 ` Paolo Bonzini
0 siblings, 0 replies; 98+ messages in thread
From: Paolo Bonzini @ 2020-09-08 11:43 UTC (permalink / raw)
To: Philippe Mathieu-Daudé
Cc: Peter Maydell, Thomas Huth, Alex Bennée, QEMU Developers,
Alexander Bulekov, Philippe Mathieu-Daudé,
Richard Henderson
On 08/09/20 08:39, Philippe Mathieu-Daudé wrote:
> Le mar. 8 sept. 2020 08:33, Paolo Bonzini <pbonzini@redhat.com
> <mailto:pbonzini@redhat.com>> a écrit :
>
> On 07/09/20 22:35, Alexander Bulekov wrote:
> >>> RFC because I believe the correct fix is to NOT use current_cpu
> >>> out of cpus.c, at least use qemu_get_cpu(0) to get the first vCPU.
> >> Yes, I agree -- I don't think this is the correct fix.
> >> current_cpu is documented as "only valid inside cpu_exec()",
> >> ie if you're actually on a vcpu thread you can use it, but if
> >> you're not on a CPU thread, like the monitor, you need to
> >> say which vCPU you want to affect. For the monitor, that
> > Following up on this old thread.. Does qtest count as a pseudo-vCPU?
> > Since qtest already uses first_cpu for all of its address_space calls,
> > would it be appropriate to set current_cpu to first_cpu in qtest's
> > initialization?
>
>
> qtest doesn't provide vCPU so first_cpu = NULL, that wouldn't help.
Doesn't qtest use qemu_dummy_start_vcpu?
Paolo
^ permalink raw reply [flat|nested] 98+ messages in thread
* [Bug 1878645] Re: null-ptr dereference in ich9_apm_ctrl_changed
2020-05-14 16:07 [Bug 1878645] [NEW] null-ptr dereference in tcg_handle_interrupt Alexander Bulekov
2020-06-29 16:03 ` [Bug 1878645] " Alexander Bulekov
2020-06-29 17:57 ` [Bug 1878645] Re: null-ptr dereference in ich9_apm_ctrl_changed Philippe Mathieu-Daudé
@ 2020-10-22 14:15 ` Philippe Mathieu-Daudé
2021-08-21 4:08 ` Alexander Bulekov
2021-08-21 6:13 ` Thomas Huth
4 siblings, 0 replies; 98+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-10-22 14:15 UTC (permalink / raw)
To: qemu-devel
** Changed in: qemu
Status: New => Confirmed
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1878645
Title:
null-ptr dereference in ich9_apm_ctrl_changed
Status in QEMU:
Confirmed
Bug description:
Hello,
While fuzzing, I found an input which triggers a NULL pointer dereference in
tcg_handle_interrupt. It seems the culprint is a "cpu" pointer - maybe this bug
is specific to QTest?
==23862==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000000b4 (pc 0x55b9dc7c9dce bp 0x7ffc346a0900 sp 0x7ffc346a0880 T0)
==23862==The signal is caused by a READ memory access.
==23862==Hint: address points to the zero page.
#0 0x55b9dc7c9dce in tcg_handle_interrupt /home/alxndr/Development/qemu/accel/tcg/tcg-all.c:57:21
#1 0x55b9dc904799 in cpu_interrupt /home/alxndr/Development/qemu/include/hw/core/cpu.h:872:5
#2 0x55b9dc9085e8 in ich9_apm_ctrl_changed /home/alxndr/Development/qemu/hw/isa/lpc_ich9.c:442:13
#3 0x55b9dd19cdc8 in apm_ioport_writeb /home/alxndr/Development/qemu/hw/isa/apm.c:50:13
#4 0x55b9dc73f8b4 in memory_region_write_accessor /home/alxndr/Development/qemu/memory.c:483:5
#5 0x55b9dc73f289 in access_with_adjusted_size /home/alxndr/Development/qemu/memory.c:544:18
#6 0x55b9dc73ddf5 in memory_region_dispatch_write /home/alxndr/Development/qemu/memory.c:1476:16
#7 0x55b9dc577bf3 in flatview_write_continue /home/alxndr/Development/qemu/exec.c:3137:23
#8 0x55b9dc567ad8 in flatview_write /home/alxndr/Development/qemu/exec.c:3177:14
#9 0x55b9dc567608 in address_space_write /home/alxndr/Development/qemu/exec.c:3268:18
#10 0x55b9dc723fe7 in cpu_outb /home/alxndr/Development/qemu/ioport.c:60:5
#11 0x55b9dc72d3c0 in qtest_process_command /home/alxndr/Development/qemu/qtest.c:392:13
#12 0x55b9dc72b186 in qtest_process_inbuf /home/alxndr/Development/qemu/qtest.c:710:9
#13 0x55b9dc72a8b3 in qtest_read /home/alxndr/Development/qemu/qtest.c:722:5
#14 0x55b9ddc6e60b in qemu_chr_be_write_impl /home/alxndr/Development/qemu/chardev/char.c:183:9
#15 0x55b9ddc6e75a in qemu_chr_be_write /home/alxndr/Development/qemu/chardev/char.c:195:9
#16 0x55b9ddc77979 in fd_chr_read /home/alxndr/Development/qemu/chardev/char-fd.c:68:9
#17 0x55b9ddcff0e9 in qio_channel_fd_source_dispatch /home/alxndr/Development/qemu/io/channel-watch.c:84:12
#18 0x7f7161eac897 in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4e897)
#19 0x55b9ddebcb84 in glib_pollfds_poll /home/alxndr/Development/qemu/util/main-loop.c:219:9
#20 0x55b9ddebb57d in os_host_main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:242:5
#21 0x55b9ddebb176 in main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:518:11
#22 0x55b9dcb4bd1d in qemu_main_loop /home/alxndr/Development/qemu/softmmu/vl.c:1664:9
#23 0x55b9ddd1629c in main /home/alxndr/Development/qemu/softmmu/main.c:49:5
#24 0x7f7160a5ce0a in __libc_start_main /build/glibc-GwnBeO/glibc-2.30/csu/../csu/libc-start.c:308:16
#25 0x55b9dc49c819 in _start (/home/alxndr/Development/qemu/build/i386-softmmu/qemu-system-i386+0xc9c819)
I can reproduce this in qemu 5.0 built with AddressSanitizer using these qtest commands:
cat << EOF | ./qemu-system-i386 \
-qtest stdio -nographic -monitor none -serial none \
-M pc-q35-5.0
outl 0xcf8 0x8400f841
outl 0xcfc 0xaa215d6d
outl 0x6d30 0x2ef8ffbe
outb 0xb2 0x20
EOF
Please let me know if I can provide any further info.
-Alex
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1878645/+subscriptions
^ permalink raw reply [flat|nested] 98+ messages in thread
* [Bug 1878645] Re: null-ptr dereference in ich9_apm_ctrl_changed
2020-05-14 16:07 [Bug 1878645] [NEW] null-ptr dereference in tcg_handle_interrupt Alexander Bulekov
` (2 preceding siblings ...)
2020-10-22 14:15 ` Philippe Mathieu-Daudé
@ 2021-08-21 4:08 ` Alexander Bulekov
2021-08-21 6:13 ` Thomas Huth
4 siblings, 0 replies; 98+ messages in thread
From: Alexander Bulekov @ 2021-08-21 4:08 UTC (permalink / raw)
To: qemu-devel
I moved this report over to QEMU's new bug tracker on gitlab.com.
Please continue with the discussion here:
https://gitlab.com/qemu-project/qemu/-/issues/536
** Bug watch added: gitlab.com/qemu-project/qemu/-/issues #536
https://gitlab.com/qemu-project/qemu/-/issues/536
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1878645
Title:
null-ptr dereference in ich9_apm_ctrl_changed
Status in QEMU:
Confirmed
Bug description:
Hello,
While fuzzing, I found an input which triggers a NULL pointer dereference in
tcg_handle_interrupt. It seems the culprint is a "cpu" pointer - maybe this bug
is specific to QTest?
==23862==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000000b4 (pc 0x55b9dc7c9dce bp 0x7ffc346a0900 sp 0x7ffc346a0880 T0)
==23862==The signal is caused by a READ memory access.
==23862==Hint: address points to the zero page.
#0 0x55b9dc7c9dce in tcg_handle_interrupt /home/alxndr/Development/qemu/accel/tcg/tcg-all.c:57:21
#1 0x55b9dc904799 in cpu_interrupt /home/alxndr/Development/qemu/include/hw/core/cpu.h:872:5
#2 0x55b9dc9085e8 in ich9_apm_ctrl_changed /home/alxndr/Development/qemu/hw/isa/lpc_ich9.c:442:13
#3 0x55b9dd19cdc8 in apm_ioport_writeb /home/alxndr/Development/qemu/hw/isa/apm.c:50:13
#4 0x55b9dc73f8b4 in memory_region_write_accessor /home/alxndr/Development/qemu/memory.c:483:5
#5 0x55b9dc73f289 in access_with_adjusted_size /home/alxndr/Development/qemu/memory.c:544:18
#6 0x55b9dc73ddf5 in memory_region_dispatch_write /home/alxndr/Development/qemu/memory.c:1476:16
#7 0x55b9dc577bf3 in flatview_write_continue /home/alxndr/Development/qemu/exec.c:3137:23
#8 0x55b9dc567ad8 in flatview_write /home/alxndr/Development/qemu/exec.c:3177:14
#9 0x55b9dc567608 in address_space_write /home/alxndr/Development/qemu/exec.c:3268:18
#10 0x55b9dc723fe7 in cpu_outb /home/alxndr/Development/qemu/ioport.c:60:5
#11 0x55b9dc72d3c0 in qtest_process_command /home/alxndr/Development/qemu/qtest.c:392:13
#12 0x55b9dc72b186 in qtest_process_inbuf /home/alxndr/Development/qemu/qtest.c:710:9
#13 0x55b9dc72a8b3 in qtest_read /home/alxndr/Development/qemu/qtest.c:722:5
#14 0x55b9ddc6e60b in qemu_chr_be_write_impl /home/alxndr/Development/qemu/chardev/char.c:183:9
#15 0x55b9ddc6e75a in qemu_chr_be_write /home/alxndr/Development/qemu/chardev/char.c:195:9
#16 0x55b9ddc77979 in fd_chr_read /home/alxndr/Development/qemu/chardev/char-fd.c:68:9
#17 0x55b9ddcff0e9 in qio_channel_fd_source_dispatch /home/alxndr/Development/qemu/io/channel-watch.c:84:12
#18 0x7f7161eac897 in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4e897)
#19 0x55b9ddebcb84 in glib_pollfds_poll /home/alxndr/Development/qemu/util/main-loop.c:219:9
#20 0x55b9ddebb57d in os_host_main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:242:5
#21 0x55b9ddebb176 in main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:518:11
#22 0x55b9dcb4bd1d in qemu_main_loop /home/alxndr/Development/qemu/softmmu/vl.c:1664:9
#23 0x55b9ddd1629c in main /home/alxndr/Development/qemu/softmmu/main.c:49:5
#24 0x7f7160a5ce0a in __libc_start_main /build/glibc-GwnBeO/glibc-2.30/csu/../csu/libc-start.c:308:16
#25 0x55b9dc49c819 in _start (/home/alxndr/Development/qemu/build/i386-softmmu/qemu-system-i386+0xc9c819)
I can reproduce this in qemu 5.0 built with AddressSanitizer using these qtest commands:
cat << EOF | ./qemu-system-i386 \
-qtest stdio -nographic -monitor none -serial none \
-M pc-q35-5.0
outl 0xcf8 0x8400f841
outl 0xcfc 0xaa215d6d
outl 0x6d30 0x2ef8ffbe
outb 0xb2 0x20
EOF
Please let me know if I can provide any further info.
-Alex
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1878645/+subscriptions
^ permalink raw reply [flat|nested] 98+ messages in thread
* [Bug 1878645] Re: null-ptr dereference in ich9_apm_ctrl_changed
2020-05-14 16:07 [Bug 1878645] [NEW] null-ptr dereference in tcg_handle_interrupt Alexander Bulekov
` (3 preceding siblings ...)
2021-08-21 4:08 ` Alexander Bulekov
@ 2021-08-21 6:13 ` Thomas Huth
4 siblings, 0 replies; 98+ messages in thread
From: Thomas Huth @ 2021-08-21 6:13 UTC (permalink / raw)
To: qemu-devel
Thanks for moving it over! ... let's close this one here on Launchpad
now.
** Changed in: qemu
Status: Confirmed => Invalid
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1878645
Title:
null-ptr dereference in ich9_apm_ctrl_changed
Status in QEMU:
Invalid
Bug description:
Hello,
While fuzzing, I found an input which triggers a NULL pointer dereference in
tcg_handle_interrupt. It seems the culprint is a "cpu" pointer - maybe this bug
is specific to QTest?
==23862==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000000b4 (pc 0x55b9dc7c9dce bp 0x7ffc346a0900 sp 0x7ffc346a0880 T0)
==23862==The signal is caused by a READ memory access.
==23862==Hint: address points to the zero page.
#0 0x55b9dc7c9dce in tcg_handle_interrupt /home/alxndr/Development/qemu/accel/tcg/tcg-all.c:57:21
#1 0x55b9dc904799 in cpu_interrupt /home/alxndr/Development/qemu/include/hw/core/cpu.h:872:5
#2 0x55b9dc9085e8 in ich9_apm_ctrl_changed /home/alxndr/Development/qemu/hw/isa/lpc_ich9.c:442:13
#3 0x55b9dd19cdc8 in apm_ioport_writeb /home/alxndr/Development/qemu/hw/isa/apm.c:50:13
#4 0x55b9dc73f8b4 in memory_region_write_accessor /home/alxndr/Development/qemu/memory.c:483:5
#5 0x55b9dc73f289 in access_with_adjusted_size /home/alxndr/Development/qemu/memory.c:544:18
#6 0x55b9dc73ddf5 in memory_region_dispatch_write /home/alxndr/Development/qemu/memory.c:1476:16
#7 0x55b9dc577bf3 in flatview_write_continue /home/alxndr/Development/qemu/exec.c:3137:23
#8 0x55b9dc567ad8 in flatview_write /home/alxndr/Development/qemu/exec.c:3177:14
#9 0x55b9dc567608 in address_space_write /home/alxndr/Development/qemu/exec.c:3268:18
#10 0x55b9dc723fe7 in cpu_outb /home/alxndr/Development/qemu/ioport.c:60:5
#11 0x55b9dc72d3c0 in qtest_process_command /home/alxndr/Development/qemu/qtest.c:392:13
#12 0x55b9dc72b186 in qtest_process_inbuf /home/alxndr/Development/qemu/qtest.c:710:9
#13 0x55b9dc72a8b3 in qtest_read /home/alxndr/Development/qemu/qtest.c:722:5
#14 0x55b9ddc6e60b in qemu_chr_be_write_impl /home/alxndr/Development/qemu/chardev/char.c:183:9
#15 0x55b9ddc6e75a in qemu_chr_be_write /home/alxndr/Development/qemu/chardev/char.c:195:9
#16 0x55b9ddc77979 in fd_chr_read /home/alxndr/Development/qemu/chardev/char-fd.c:68:9
#17 0x55b9ddcff0e9 in qio_channel_fd_source_dispatch /home/alxndr/Development/qemu/io/channel-watch.c:84:12
#18 0x7f7161eac897 in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4e897)
#19 0x55b9ddebcb84 in glib_pollfds_poll /home/alxndr/Development/qemu/util/main-loop.c:219:9
#20 0x55b9ddebb57d in os_host_main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:242:5
#21 0x55b9ddebb176 in main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:518:11
#22 0x55b9dcb4bd1d in qemu_main_loop /home/alxndr/Development/qemu/softmmu/vl.c:1664:9
#23 0x55b9ddd1629c in main /home/alxndr/Development/qemu/softmmu/main.c:49:5
#24 0x7f7160a5ce0a in __libc_start_main /build/glibc-GwnBeO/glibc-2.30/csu/../csu/libc-start.c:308:16
#25 0x55b9dc49c819 in _start (/home/alxndr/Development/qemu/build/i386-softmmu/qemu-system-i386+0xc9c819)
I can reproduce this in qemu 5.0 built with AddressSanitizer using these qtest commands:
cat << EOF | ./qemu-system-i386 \
-qtest stdio -nographic -monitor none -serial none \
-M pc-q35-5.0
outl 0xcf8 0x8400f841
outl 0xcfc 0xaa215d6d
outl 0x6d30 0x2ef8ffbe
outb 0xb2 0x20
EOF
Please let me know if I can provide any further info.
-Alex
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1878645/+subscriptions
^ permalink raw reply [flat|nested] 98+ messages in thread
end of thread, other threads:[~2021-08-21 6:23 UTC | newest]
Thread overview: 98+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-14 16:07 [Bug 1878645] [NEW] null-ptr dereference in tcg_handle_interrupt Alexander Bulekov
2020-06-29 16:03 ` [Bug 1878645] " Alexander Bulekov
2020-06-29 19:00 ` Alex Bennée
2020-06-29 19:00 ` Alex Bennée
2020-06-29 20:08 ` Alexander Bulekov
2020-06-29 20:08 ` Alexander Bulekov
2020-06-29 17:57 ` [Bug 1878645] Re: null-ptr dereference in ich9_apm_ctrl_changed Philippe Mathieu-Daudé
2020-10-22 14:15 ` Philippe Mathieu-Daudé
2021-08-21 4:08 ` Alexander Bulekov
2021-08-21 6:13 ` Thomas Huth
2020-07-01 13:56 [PATCH v4 00/40] testing/next (vm, gitlab, fixes) Alex Bennée
2020-07-01 13:56 ` [PATCH v4 01/40] hw/isa: check for current_cpu before generating IRQ Alex Bennée
2020-07-01 13:56 ` [Bug 1878645] " Alex Bennée
2020-07-01 15:51 ` Philippe Mathieu-Daudé
2020-07-01 15:51 ` [Bug 1878645] " Philippe Mathieu-Daudé
2020-07-01 16:40 ` Alex Bennée
2020-07-01 16:40 ` [Bug 1878645] " Alex Bennée
2020-07-01 16:47 ` Philippe Mathieu-Daudé
2020-07-01 16:47 ` [Bug 1878645] " Philippe Mathieu-Daudé
2020-07-01 17:09 ` Alex Bennée
2020-07-01 17:09 ` [Bug 1878645] " Alex Bennée
2020-07-01 17:34 ` Philippe Mathieu-Daudé
2020-07-01 17:34 ` [Bug 1878645] " Philippe Mathieu-Daudé
2020-07-01 17:37 ` Philippe Mathieu-Daudé
2020-07-01 17:37 ` [Bug 1878645] " Philippe Mathieu-Daudé
2020-07-01 17:48 ` Philippe Mathieu-Daudé
2020-07-01 17:48 ` [Bug 1878645] " Philippe Mathieu-Daudé
2020-07-01 18:13 ` Philippe Mathieu-Daudé
2020-07-01 18:13 ` [Bug 1878645] " Philippe Mathieu-Daudé
2020-07-01 13:56 ` [PATCH v4 02/40] iotests: Fix 051 output after qdev_init_nofail() removal Alex Bennée
2020-07-01 13:56 ` [PATCH v4 03/40] crypto/linux_keyring: fix 'secret_keyring' configure test Alex Bennée
2020-07-01 13:56 ` [PATCH v4 04/40] util/coroutine: Cleanup start_switch_fiber_ for TSAN Alex Bennée
2020-07-01 13:56 ` [PATCH v4 05/40] tests/vm: pass args through to BaseVM's __init__ Alex Bennée
2020-07-01 13:56 ` [PATCH v4 06/40] tests/vm: Add configuration to basevm.py Alex Bennée
2020-07-01 13:56 ` [PATCH v4 07/40] tests/vm: Added configuration file support Alex Bennée
2020-07-01 13:56 ` [PATCH v4 08/40] tests/vm: Add common Ubuntu python module Alex Bennée
2020-07-01 13:56 ` [PATCH v4 09/40] tests/vm: Added a new script for ubuntu.aarch64 Alex Bennée
2020-07-01 13:56 ` [PATCH v4 10/40] tests/vm: Added a new script for centos.aarch64 Alex Bennée
2020-07-01 13:56 ` [PATCH v4 11/40] tests/vm: change scripts to use self._config Alex Bennée
2020-07-10 18:16 ` Alex Bennée
2020-07-01 13:56 ` [PATCH v4 12/40] python/qemu: Add ConsoleSocket for optional use in QEMUMachine Alex Bennée
2020-07-01 13:56 ` [PATCH v4 13/40] tests/vm: Add workaround to consume console Alex Bennée
2020-07-01 13:56 ` [PATCH v4 14/40] tests/vm: switch from optsparse to argparse Alex Bennée
2020-07-01 13:56 ` [PATCH v4 15/40] tests/vm: allow us to take advantage of MTTCG Alex Bennée
2020-07-01 13:56 ` [PATCH v4 16/40] tests/docker: check for an parameters not empty string Alex Bennée
2020-07-01 13:56 ` [PATCH v4 17/40] tests/docker: change tag naming scheme of our images Alex Bennée
2020-07-01 13:56 ` [PATCH v4 18/40] .gitignore: un-ignore .gitlab-ci.d Alex Bennée
2020-07-01 13:56 ` [PATCH v4 19/40] gitlab-ci: Fix the change rules after moving the YML files Alex Bennée
2020-07-01 13:56 ` [PATCH v4 20/40] gitlab: introduce explicit "container" and "build" stages Alex Bennée
2020-07-01 13:56 ` [PATCH v4 21/40] gitlab: build all container images during CI Alex Bennée
2020-07-01 13:56 ` [PATCH v4 22/40] gitlab: convert jobs to use custom built containers Alex Bennée
2020-07-01 13:56 ` [PATCH v4 23/40] gitlab: build containers with buildkit and metadata Alex Bennée
2020-07-01 13:56 ` [PATCH v4 24/40] tests/docker: add --registry support to tooling Alex Bennée
2020-07-01 13:56 ` [PATCH v4 25/40] tests/docker: add packages needed for check-acceptance Alex Bennée
2020-07-01 13:56 ` [PATCH v4 26/40] tests/acceptance: skip s390x_ccw_vrtio_tcg on GitLab Alex Bennée
2020-07-01 13:56 ` [PATCH v4 27/40] tests/acceptance: fix dtb path for machine_rx_gdbsim Alex Bennée
2020-07-01 15:55 ` Philippe Mathieu-Daudé
2020-07-01 13:56 ` [PATCH v4 28/40] tests/acceptance: skip multicore mips_malta tests on GitLab Alex Bennée
2020-07-01 15:56 ` Philippe Mathieu-Daudé
2020-07-01 16:43 ` Alex Bennée
2020-07-01 17:01 ` Philippe Mathieu-Daudé
2020-07-02 3:06 ` Jiaxun Yang
2020-07-02 1:05 ` Aleksandar Markovic
2020-07-02 7:46 ` Alex Bennée
2020-07-01 13:56 ` [PATCH v4 29/40] tests/acceptance: skip LinuxInitrd 2gib with v4.16 " Alex Bennée
2020-07-01 15:57 ` Philippe Mathieu-Daudé
2020-07-01 13:56 ` [PATCH v4 30/40] gitlab: add acceptance testing to system builds Alex Bennée
2020-07-01 13:56 ` [PATCH v4 31/40] tests/tcg: add more default compilers to configure.sh Alex Bennée
2020-07-01 13:56 ` [PATCH v4 32/40] tests/docker: add a linux-user testing focused image Alex Bennée
2020-07-01 13:56 ` [PATCH v4 33/40] linux-user/elfload: use MAP_FIXED_NOREPLACE in pgb_reserved_va Alex Bennée
2020-07-01 13:56 ` [PATCH v4 34/40] gitlab: enable check-tcg for linux-user tests Alex Bennée
2020-07-01 13:56 ` [PATCH v4 35/40] gitlab: add avocado asset caching Alex Bennée
2020-07-01 13:56 ` [PATCH v4 36/40] gitlab: split build-disabled into two phases Alex Bennée
2020-07-10 13:16 ` Thomas Huth
2020-07-10 14:58 ` Alex Bennée
2020-07-10 16:01 ` Philippe Mathieu-Daudé
2020-07-10 16:26 ` Alex Bennée
2020-07-10 16:53 ` Philippe Mathieu-Daudé
2020-07-01 13:56 ` [PATCH v4 37/40] gitlab: limit re-builds of the containers Alex Bennée
2020-07-01 13:56 ` [PATCH v4 38/40] containers.yml: build with docker.py tooling Alex Bennée
2020-07-01 13:56 ` [PATCH v4 39/40] testing: add check-build target Alex Bennée
2020-07-01 15:59 ` Philippe Mathieu-Daudé
2020-07-01 13:56 ` [PATCH v4 40/40] shippable: pull images from registry instead of building Alex Bennée
2020-07-01 18:21 [RFC PATCH] cpus: Initialize current_cpu with the first vCPU created Philippe Mathieu-Daudé
2020-07-01 18:21 ` [Bug 1878645] " Philippe Mathieu-Daudé
2020-07-01 18:54 ` Alexander Bulekov
2020-07-01 18:54 ` [Bug 1878645] " Alexander Bulekov
2020-07-01 20:35 ` Peter Maydell
2020-07-01 20:35 ` [Bug 1878645] " Peter Maydell
2020-07-02 7:55 ` Philippe Mathieu-Daudé
2020-07-02 7:55 ` [Bug 1878645] " Philippe Mathieu-Daudé
2020-07-02 9:52 ` Paolo Bonzini
2020-07-02 10:49 ` Alex Bennée
2020-07-02 10:49 ` [Bug 1878645] " Alex Bennée
2020-09-07 20:35 ` Alexander Bulekov
2020-09-08 6:33 ` Paolo Bonzini
2020-09-08 6:39 ` Philippe Mathieu-Daudé
2020-09-08 11:43 ` Paolo Bonzini
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.