* [Bug 1914696] [NEW] aarch64: migration failed: Segmentation fault (core dumped)
@ 2021-02-05 2:59 lizhijian
2021-02-05 3:04 ` [Bug 1914696] " lizhijian
` (7 more replies)
0 siblings, 8 replies; 12+ messages in thread
From: lizhijian @ 2021-02-05 2:59 UTC (permalink / raw)
To: qemu-devel
*** This bug is a security vulnerability ***
Public security bug reported:
reproduce:
arch: aarch64
source qemu: v4.2.0
destination qemu: 1ed9228f63ea4bcc0ae240365305ee264e9189ce
cmdline:
source:
$ ./aarch64-softmmu/qemu-system-aarch64 -name 'avocado-vt-vm1' -machine virt-4.2,gic-version=host,graphics=on -nodefaults -m 1024 -smp 2 -cpu 'host' -vnc :10 -enable-kvm -monitor stdio
(qemu)
(qemu) migrate -d tcp:10.19.241.167:888
(qemu) info status
VM status: paused (postmigrate)
destination:
./build/aarch64-softmmu/qemu-system-aarch64 -name 'avocado-vt-vm1' -machine virt-4.2,gic-version=host,graphics=on -nodefaults -m 1024 -smp 2 -cpu 'host' -vnc :10 -enable-kvm -monitor stdio -incoming tcp:0:888
QEMU 5.2.50 monitor - type 'help' for more information
(qemu) Segmentation fault (core dumped)
i have bisected and confirmed that the first bad commit is: [f9506e162c33e87b609549157dd8431fcc732085] target/arm: Remove ARM_FEATURE_VFP*
bisect log:
git bisect log
# bad: [1ed9228f63ea4bcc0ae240365305ee264e9189ce] Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2021-02-02-v2' into staging
git bisect bad 1ed9228f63ea4bcc0ae240365305ee264e9189ce
# good: [b0ca999a43a22b38158a222233d3f5881648bb4f] Update version for v4.2.0 release
git bisect good b0ca999a43a22b38158a222233d3f5881648bb4f
# bad: [59093cc407cb044c72aa786006a07bd404eb36b9] hw/char: Convert the Ibex UART to use the registerfields API
git bisect bad 59093cc407cb044c72aa786006a07bd404eb36b9
# bad: [4dabf39592e92d692c6f2a1633571114ae25d843] aspeed/smc: Fix DMA support for AST2600
git bisect bad 4dabf39592e92d692c6f2a1633571114ae25d843
# good: [93c86fff53a267f657e79ec07dcd04b63882e330] Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200207' into staging
git bisect good 93c86fff53a267f657e79ec07dcd04b63882e330
# bad: [2ac031d171ccd18c973014d9978b4a63f0ad5fb0] Merge remote-tracking branch 'remotes/palmer/tags/riscv-for-master-5.0-sf3' into staging
git bisect bad 2ac031d171ccd18c973014d9978b4a63f0ad5fb0
# good: [4036b7d1cd9fb1097a5f4bc24d7d31744256260f] target/arm: Use isar_feature function for testing AA32HPD feature
git bisect good 4036b7d1cd9fb1097a5f4bc24d7d31744256260f
# good: [002375895c10df40615fc615e2639f49e0c442fe] tests/iotests: be a little more forgiving on the size test
git bisect good 002375895c10df40615fc615e2639f49e0c442fe
# good: [c695724868ce4049fd79c5a509880dbdf171e744] target/riscv: Emulate TIME CSRs for privileged mode
git bisect good c695724868ce4049fd79c5a509880dbdf171e744
# good: [f67957e17cbf8fc3cc5d1146a2db2023404578b0] target/arm: Add isar_feature_aa32_{fpsp_v2, fpsp_v3, fpdp_v3}
git bisect good f67957e17cbf8fc3cc5d1146a2db2023404578b0
# bad: [a1229109dec4375259d3fff99f362405aab7917a] target/arm: Implement v8.4-RCPC
git bisect bad a1229109dec4375259d3fff99f362405aab7917a
# bad: [906b60facc3d3dd3af56cb1a7860175d805e10a3] target/arm: Add formats for some vfp 2 and 3-register insns
git bisect bad 906b60facc3d3dd3af56cb1a7860175d805e10a3
# good: [c52881bbc22b50db99a6c37171ad3eea7d959ae6] target/arm: Replace ARM_FEATURE_VFP4 with isar_feature_aa32_simdfmac
git bisect good c52881bbc22b50db99a6c37171ad3eea7d959ae6
# good: [f0f6d5c81be47d593e5ece7f06df6fba4c15738b] target/arm: Move the vfp decodetree calls next to the base isa
git bisect good f0f6d5c81be47d593e5ece7f06df6fba4c15738b
# bad: [f9506e162c33e87b609549157dd8431fcc732085] target/arm: Remove ARM_FEATURE_VFP*
git bisect bad f9506e162c33e87b609549157dd8431fcc732085
# good: [bfa8a370d2f5d4ed03f7a7e2987982f15fe73758] linux-user/arm: Replace ARM_FEATURE_VFP* tests for HWCAP
git bisect good bfa8a370d2f5d4ed03f7a7e2987982f15fe73758
# first bad commit: [f9506e162c33e87b609549157dd8431fcc732085] target/arm: Remove ARM_FEATURE_VFP*
the root cause is that, some feature bit is not consistent any more with below changes in this commit:
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index b29b0eddfc..05aa9711cd 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1880,7 +1880,6 @@ QEMU_BUILD_BUG_ON(ARRAY_SIZE(((ARMCPU *)0)->ccsidr) <= R_V7M_CSSELR_INDEX_MASK);
* mapping in linux-user/elfload.c:get_elf_hwcap().
*/
enum arm_features {
- ARM_FEATURE_VFP,
ARM_FEATURE_AUXCR, /* ARM1026 Auxiliary control register. */
ARM_FEATURE_XSCALE, /* Intel XScale extensions. */
ARM_FEATURE_IWMMXT, /* Intel iwMMXt extension. */
@@ -1889,7 +1888,6 @@ enum arm_features {
ARM_FEATURE_V7,
ARM_FEATURE_THUMB2,
ARM_FEATURE_PMSA, /* no MMU; may have Memory Protection Unit */
- ARM_FEATURE_VFP3,
ARM_FEATURE_NEON,
ARM_FEATURE_M, /* Microcontroller profile. */
ARM_FEATURE_OMAPCP, /* OMAP specific CP15 ops handling. */
@@ -1900,7 +1898,6 @@ enum arm_features {
ARM_FEATURE_V5,
ARM_FEATURE_STRONGARM,
ARM_FEATURE_VAPA, /* cp15 VA to PA lookups */
- ARM_FEATURE_VFP4, /* VFPv4 (implies that NEON is v2) */
ARM_FEATURE_GENERIC_TIMER,
ARM_FEATURE_MVFR, /* Media and VFP Feature Registers 0 and 1 */
ARM_FEATURE_DUMMY_C15_REGS, /* RAZ/WI all of cp15 crn=15 */
** Affects: qemu
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1914696
Title:
aarch64: migration failed: Segmentation fault (core dumped)
Status in QEMU:
New
Bug description:
reproduce:
arch: aarch64
source qemu: v4.2.0
destination qemu: 1ed9228f63ea4bcc0ae240365305ee264e9189ce
cmdline:
source:
$ ./aarch64-softmmu/qemu-system-aarch64 -name 'avocado-vt-vm1' -machine virt-4.2,gic-version=host,graphics=on -nodefaults -m 1024 -smp 2 -cpu 'host' -vnc :10 -enable-kvm -monitor stdio
(qemu)
(qemu) migrate -d tcp:10.19.241.167:888
(qemu) info status
VM status: paused (postmigrate)
destination:
./build/aarch64-softmmu/qemu-system-aarch64 -name 'avocado-vt-vm1' -machine virt-4.2,gic-version=host,graphics=on -nodefaults -m 1024 -smp 2 -cpu 'host' -vnc :10 -enable-kvm -monitor stdio -incoming tcp:0:888
QEMU 5.2.50 monitor - type 'help' for more information
(qemu) Segmentation fault (core dumped)
i have bisected and confirmed that the first bad commit is: [f9506e162c33e87b609549157dd8431fcc732085] target/arm: Remove ARM_FEATURE_VFP*
bisect log:
git bisect log
# bad: [1ed9228f63ea4bcc0ae240365305ee264e9189ce] Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2021-02-02-v2' into staging
git bisect bad 1ed9228f63ea4bcc0ae240365305ee264e9189ce
# good: [b0ca999a43a22b38158a222233d3f5881648bb4f] Update version for v4.2.0 release
git bisect good b0ca999a43a22b38158a222233d3f5881648bb4f
# bad: [59093cc407cb044c72aa786006a07bd404eb36b9] hw/char: Convert the Ibex UART to use the registerfields API
git bisect bad 59093cc407cb044c72aa786006a07bd404eb36b9
# bad: [4dabf39592e92d692c6f2a1633571114ae25d843] aspeed/smc: Fix DMA support for AST2600
git bisect bad 4dabf39592e92d692c6f2a1633571114ae25d843
# good: [93c86fff53a267f657e79ec07dcd04b63882e330] Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200207' into staging
git bisect good 93c86fff53a267f657e79ec07dcd04b63882e330
# bad: [2ac031d171ccd18c973014d9978b4a63f0ad5fb0] Merge remote-tracking branch 'remotes/palmer/tags/riscv-for-master-5.0-sf3' into staging
git bisect bad 2ac031d171ccd18c973014d9978b4a63f0ad5fb0
# good: [4036b7d1cd9fb1097a5f4bc24d7d31744256260f] target/arm: Use isar_feature function for testing AA32HPD feature
git bisect good 4036b7d1cd9fb1097a5f4bc24d7d31744256260f
# good: [002375895c10df40615fc615e2639f49e0c442fe] tests/iotests: be a little more forgiving on the size test
git bisect good 002375895c10df40615fc615e2639f49e0c442fe
# good: [c695724868ce4049fd79c5a509880dbdf171e744] target/riscv: Emulate TIME CSRs for privileged mode
git bisect good c695724868ce4049fd79c5a509880dbdf171e744
# good: [f67957e17cbf8fc3cc5d1146a2db2023404578b0] target/arm: Add isar_feature_aa32_{fpsp_v2, fpsp_v3, fpdp_v3}
git bisect good f67957e17cbf8fc3cc5d1146a2db2023404578b0
# bad: [a1229109dec4375259d3fff99f362405aab7917a] target/arm: Implement v8.4-RCPC
git bisect bad a1229109dec4375259d3fff99f362405aab7917a
# bad: [906b60facc3d3dd3af56cb1a7860175d805e10a3] target/arm: Add formats for some vfp 2 and 3-register insns
git bisect bad 906b60facc3d3dd3af56cb1a7860175d805e10a3
# good: [c52881bbc22b50db99a6c37171ad3eea7d959ae6] target/arm: Replace ARM_FEATURE_VFP4 with isar_feature_aa32_simdfmac
git bisect good c52881bbc22b50db99a6c37171ad3eea7d959ae6
# good: [f0f6d5c81be47d593e5ece7f06df6fba4c15738b] target/arm: Move the vfp decodetree calls next to the base isa
git bisect good f0f6d5c81be47d593e5ece7f06df6fba4c15738b
# bad: [f9506e162c33e87b609549157dd8431fcc732085] target/arm: Remove ARM_FEATURE_VFP*
git bisect bad f9506e162c33e87b609549157dd8431fcc732085
# good: [bfa8a370d2f5d4ed03f7a7e2987982f15fe73758] linux-user/arm: Replace ARM_FEATURE_VFP* tests for HWCAP
git bisect good bfa8a370d2f5d4ed03f7a7e2987982f15fe73758
# first bad commit: [f9506e162c33e87b609549157dd8431fcc732085] target/arm: Remove ARM_FEATURE_VFP*
the root cause is that, some feature bit is not consistent any more with below changes in this commit:
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index b29b0eddfc..05aa9711cd 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1880,7 +1880,6 @@ QEMU_BUILD_BUG_ON(ARRAY_SIZE(((ARMCPU *)0)->ccsidr) <= R_V7M_CSSELR_INDEX_MASK);
* mapping in linux-user/elfload.c:get_elf_hwcap().
*/
enum arm_features {
- ARM_FEATURE_VFP,
ARM_FEATURE_AUXCR, /* ARM1026 Auxiliary control register. */
ARM_FEATURE_XSCALE, /* Intel XScale extensions. */
ARM_FEATURE_IWMMXT, /* Intel iwMMXt extension. */
@@ -1889,7 +1888,6 @@ enum arm_features {
ARM_FEATURE_V7,
ARM_FEATURE_THUMB2,
ARM_FEATURE_PMSA, /* no MMU; may have Memory Protection Unit */
- ARM_FEATURE_VFP3,
ARM_FEATURE_NEON,
ARM_FEATURE_M, /* Microcontroller profile. */
ARM_FEATURE_OMAPCP, /* OMAP specific CP15 ops handling. */
@@ -1900,7 +1898,6 @@ enum arm_features {
ARM_FEATURE_V5,
ARM_FEATURE_STRONGARM,
ARM_FEATURE_VAPA, /* cp15 VA to PA lookups */
- ARM_FEATURE_VFP4, /* VFPv4 (implies that NEON is v2) */
ARM_FEATURE_GENERIC_TIMER,
ARM_FEATURE_MVFR, /* Media and VFP Feature Registers 0 and 1 */
ARM_FEATURE_DUMMY_C15_REGS, /* RAZ/WI all of cp15 crn=15 */
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1914696/+subscriptions
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [Bug 1914696] Re: aarch64: migration failed: Segmentation fault (core dumped)
2021-02-05 2:59 [Bug 1914696] [NEW] aarch64: migration failed: Segmentation fault (core dumped) lizhijian
@ 2021-02-05 3:04 ` lizhijian
2021-02-05 9:52 ` Claudio Fontana
2021-02-05 3:10 ` [Bug 1914696] [NEW] " Launchpad Bug Tracker
` (6 subsequent siblings)
7 siblings, 1 reply; 12+ messages in thread
From: lizhijian @ 2021-02-05 3:04 UTC (permalink / raw)
To: qemu-devel
paste the call trace
(gdb) bt
#0 0x0000aaaac036a02c in armv7m_nvic_neg_prio_requested (opaque=0x0, secure=false) at ../hw/intc/armv7m_nvic.c:406
#1 0x0000aaaac014dcf4 in arm_v7m_mmu_idx_for_secstate_and_priv (env=0xaaaaca23d950, secstate=false, priv=true) at ../target/arm/m_helper.c:2837
#2 0x0000aaaac014dd8c in arm_v7m_mmu_idx_for_secstate (env=0xaaaaca23d950, secstate=false) at ../target/arm/m_helper.c:2848
#3 0x0000aaaac018aa6c in arm_mmu_idx_el (env=0xaaaaca23d950, el=1) at ../target/arm/helper.c:12841
#4 0x0000aaaac018b788 in rebuild_hflags_internal (env=0xaaaaca23d950) at ../target/arm/helper.c:13100
#5 0x0000aaaac018b80c in arm_rebuild_hflags (env=0xaaaaca23d950) at ../target/arm/helper.c:13113
#6 0x0000aaaac007f928 in cpu_post_load (opaque=0xaaaaca233b10, version_id=22) at ../target/arm/machine.c:767
#7 0x0000aaaabfc8f508 in vmstate_load_state (f=0xaaaaca355520, vmsd=0xaaaac0d59ea8 <vmstate_arm_cpu>, opaque=0xaaaaca233b10, version_id=22) at ../migration/vmstate.c:168
#8 0x0000aaaabfca3404 in vmstate_load (f=0xaaaaca355520, se=0xaaaaca2708b0) at ../migration/savevm.c:885
#9 0x0000aaaabfca6410 in qemu_loadvm_section_start_full (f=0xaaaaca355520, mis=0xaaaaca204d90) at ../migration/savevm.c:2396
#10 0x0000aaaabfca6a8c in qemu_loadvm_state_main (f=0xaaaaca355520, mis=0xaaaaca204d90) at ../migration/savevm.c:2582
#11 0x0000aaaabfca6c34 in qemu_loadvm_state (f=0xaaaaca355520) at ../migration/savevm.c:2661
#12 0x0000aaaabfd95bf0 in process_incoming_migration_co (opaque=0x0) at ../migration/migration.c:522
#13 0x0000aaaac06c6248 in coroutine_trampoline (i0=-895198224, i1=43690) at ../util/coroutine-ucontext.c:173
#14 0x0000ffffa5071f90 in __startcontext () at ../sysdeps/unix/sysv/linux/aarch64/setcontext.S:123
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1914696
Title:
aarch64: migration failed: Segmentation fault (core dumped)
Status in QEMU:
New
Bug description:
reproduce:
arch: aarch64
source qemu: v4.2.0
destination qemu: 1ed9228f63ea4bcc0ae240365305ee264e9189ce
cmdline:
source:
$ ./aarch64-softmmu/qemu-system-aarch64 -name 'avocado-vt-vm1' -machine virt-4.2,gic-version=host,graphics=on -nodefaults -m 1024 -smp 2 -cpu 'host' -vnc :10 -enable-kvm -monitor stdio
(qemu)
(qemu) migrate -d tcp:10.19.241.167:888
(qemu) info status
VM status: paused (postmigrate)
destination:
./build/aarch64-softmmu/qemu-system-aarch64 -name 'avocado-vt-vm1' -machine virt-4.2,gic-version=host,graphics=on -nodefaults -m 1024 -smp 2 -cpu 'host' -vnc :10 -enable-kvm -monitor stdio -incoming tcp:0:888
QEMU 5.2.50 monitor - type 'help' for more information
(qemu) Segmentation fault (core dumped)
i have bisected and confirmed that the first bad commit is: [f9506e162c33e87b609549157dd8431fcc732085] target/arm: Remove ARM_FEATURE_VFP*
bisect log:
git bisect log
# bad: [1ed9228f63ea4bcc0ae240365305ee264e9189ce] Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2021-02-02-v2' into staging
git bisect bad 1ed9228f63ea4bcc0ae240365305ee264e9189ce
# good: [b0ca999a43a22b38158a222233d3f5881648bb4f] Update version for v4.2.0 release
git bisect good b0ca999a43a22b38158a222233d3f5881648bb4f
# bad: [59093cc407cb044c72aa786006a07bd404eb36b9] hw/char: Convert the Ibex UART to use the registerfields API
git bisect bad 59093cc407cb044c72aa786006a07bd404eb36b9
# bad: [4dabf39592e92d692c6f2a1633571114ae25d843] aspeed/smc: Fix DMA support for AST2600
git bisect bad 4dabf39592e92d692c6f2a1633571114ae25d843
# good: [93c86fff53a267f657e79ec07dcd04b63882e330] Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200207' into staging
git bisect good 93c86fff53a267f657e79ec07dcd04b63882e330
# bad: [2ac031d171ccd18c973014d9978b4a63f0ad5fb0] Merge remote-tracking branch 'remotes/palmer/tags/riscv-for-master-5.0-sf3' into staging
git bisect bad 2ac031d171ccd18c973014d9978b4a63f0ad5fb0
# good: [4036b7d1cd9fb1097a5f4bc24d7d31744256260f] target/arm: Use isar_feature function for testing AA32HPD feature
git bisect good 4036b7d1cd9fb1097a5f4bc24d7d31744256260f
# good: [002375895c10df40615fc615e2639f49e0c442fe] tests/iotests: be a little more forgiving on the size test
git bisect good 002375895c10df40615fc615e2639f49e0c442fe
# good: [c695724868ce4049fd79c5a509880dbdf171e744] target/riscv: Emulate TIME CSRs for privileged mode
git bisect good c695724868ce4049fd79c5a509880dbdf171e744
# good: [f67957e17cbf8fc3cc5d1146a2db2023404578b0] target/arm: Add isar_feature_aa32_{fpsp_v2, fpsp_v3, fpdp_v3}
git bisect good f67957e17cbf8fc3cc5d1146a2db2023404578b0
# bad: [a1229109dec4375259d3fff99f362405aab7917a] target/arm: Implement v8.4-RCPC
git bisect bad a1229109dec4375259d3fff99f362405aab7917a
# bad: [906b60facc3d3dd3af56cb1a7860175d805e10a3] target/arm: Add formats for some vfp 2 and 3-register insns
git bisect bad 906b60facc3d3dd3af56cb1a7860175d805e10a3
# good: [c52881bbc22b50db99a6c37171ad3eea7d959ae6] target/arm: Replace ARM_FEATURE_VFP4 with isar_feature_aa32_simdfmac
git bisect good c52881bbc22b50db99a6c37171ad3eea7d959ae6
# good: [f0f6d5c81be47d593e5ece7f06df6fba4c15738b] target/arm: Move the vfp decodetree calls next to the base isa
git bisect good f0f6d5c81be47d593e5ece7f06df6fba4c15738b
# bad: [f9506e162c33e87b609549157dd8431fcc732085] target/arm: Remove ARM_FEATURE_VFP*
git bisect bad f9506e162c33e87b609549157dd8431fcc732085
# good: [bfa8a370d2f5d4ed03f7a7e2987982f15fe73758] linux-user/arm: Replace ARM_FEATURE_VFP* tests for HWCAP
git bisect good bfa8a370d2f5d4ed03f7a7e2987982f15fe73758
# first bad commit: [f9506e162c33e87b609549157dd8431fcc732085] target/arm: Remove ARM_FEATURE_VFP*
the root cause is that, some feature bit is not consistent any more with below changes in this commit:
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index b29b0eddfc..05aa9711cd 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1880,7 +1880,6 @@ QEMU_BUILD_BUG_ON(ARRAY_SIZE(((ARMCPU *)0)->ccsidr) <= R_V7M_CSSELR_INDEX_MASK);
* mapping in linux-user/elfload.c:get_elf_hwcap().
*/
enum arm_features {
- ARM_FEATURE_VFP,
ARM_FEATURE_AUXCR, /* ARM1026 Auxiliary control register. */
ARM_FEATURE_XSCALE, /* Intel XScale extensions. */
ARM_FEATURE_IWMMXT, /* Intel iwMMXt extension. */
@@ -1889,7 +1888,6 @@ enum arm_features {
ARM_FEATURE_V7,
ARM_FEATURE_THUMB2,
ARM_FEATURE_PMSA, /* no MMU; may have Memory Protection Unit */
- ARM_FEATURE_VFP3,
ARM_FEATURE_NEON,
ARM_FEATURE_M, /* Microcontroller profile. */
ARM_FEATURE_OMAPCP, /* OMAP specific CP15 ops handling. */
@@ -1900,7 +1898,6 @@ enum arm_features {
ARM_FEATURE_V5,
ARM_FEATURE_STRONGARM,
ARM_FEATURE_VAPA, /* cp15 VA to PA lookups */
- ARM_FEATURE_VFP4, /* VFPv4 (implies that NEON is v2) */
ARM_FEATURE_GENERIC_TIMER,
ARM_FEATURE_MVFR, /* Media and VFP Feature Registers 0 and 1 */
ARM_FEATURE_DUMMY_C15_REGS, /* RAZ/WI all of cp15 crn=15 */
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1914696/+subscriptions
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug 1914696] [NEW] aarch64: migration failed: Segmentation fault (core dumped)
2021-02-05 2:59 [Bug 1914696] [NEW] aarch64: migration failed: Segmentation fault (core dumped) lizhijian
2021-02-05 3:04 ` [Bug 1914696] " lizhijian
@ 2021-02-05 3:10 ` Launchpad Bug Tracker
2021-02-05 3:15 ` no-reply
2021-02-05 3:16 ` [Bug 1914696] " lizhijian
` (5 subsequent siblings)
7 siblings, 1 reply; 12+ messages in thread
From: Launchpad Bug Tracker @ 2021-02-05 3:10 UTC (permalink / raw)
To: qemu-devel
*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by lizhijian (zhijianli88):
reproduce:
arch: aarch64
source qemu: v4.2.0
destination qemu: 1ed9228f63ea4bcc0ae240365305ee264e9189ce
cmdline:
source:
$ ./aarch64-softmmu/qemu-system-aarch64 -name 'avocado-vt-vm1' -machine virt-4.2,gic-version=host,graphics=on -nodefaults -m 1024 -smp 2 -cpu 'host' -vnc :10 -enable-kvm -monitor stdio
(qemu)
(qemu) migrate -d tcp:10.19.241.167:888
(qemu) info status
VM status: paused (postmigrate)
destination:
./build/aarch64-softmmu/qemu-system-aarch64 -name 'avocado-vt-vm1' -machine virt-4.2,gic-version=host,graphics=on -nodefaults -m 1024 -smp 2 -cpu 'host' -vnc :10 -enable-kvm -monitor stdio -incoming tcp:0:888
QEMU 5.2.50 monitor - type 'help' for more information
(qemu) Segmentation fault (core dumped)
i have bisected and confirmed that the first bad commit is: [f9506e162c33e87b609549157dd8431fcc732085] target/arm: Remove ARM_FEATURE_VFP*
bisect log:
git bisect log
# bad: [1ed9228f63ea4bcc0ae240365305ee264e9189ce] Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2021-02-02-v2' into staging
git bisect bad 1ed9228f63ea4bcc0ae240365305ee264e9189ce
# good: [b0ca999a43a22b38158a222233d3f5881648bb4f] Update version for v4.2.0 release
git bisect good b0ca999a43a22b38158a222233d3f5881648bb4f
# bad: [59093cc407cb044c72aa786006a07bd404eb36b9] hw/char: Convert the Ibex UART to use the registerfields API
git bisect bad 59093cc407cb044c72aa786006a07bd404eb36b9
# bad: [4dabf39592e92d692c6f2a1633571114ae25d843] aspeed/smc: Fix DMA support for AST2600
git bisect bad 4dabf39592e92d692c6f2a1633571114ae25d843
# good: [93c86fff53a267f657e79ec07dcd04b63882e330] Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200207' into staging
git bisect good 93c86fff53a267f657e79ec07dcd04b63882e330
# bad: [2ac031d171ccd18c973014d9978b4a63f0ad5fb0] Merge remote-tracking branch 'remotes/palmer/tags/riscv-for-master-5.0-sf3' into staging
git bisect bad 2ac031d171ccd18c973014d9978b4a63f0ad5fb0
# good: [4036b7d1cd9fb1097a5f4bc24d7d31744256260f] target/arm: Use isar_feature function for testing AA32HPD feature
git bisect good 4036b7d1cd9fb1097a5f4bc24d7d31744256260f
# good: [002375895c10df40615fc615e2639f49e0c442fe] tests/iotests: be a little more forgiving on the size test
git bisect good 002375895c10df40615fc615e2639f49e0c442fe
# good: [c695724868ce4049fd79c5a509880dbdf171e744] target/riscv: Emulate TIME CSRs for privileged mode
git bisect good c695724868ce4049fd79c5a509880dbdf171e744
# good: [f67957e17cbf8fc3cc5d1146a2db2023404578b0] target/arm: Add isar_feature_aa32_{fpsp_v2, fpsp_v3, fpdp_v3}
git bisect good f67957e17cbf8fc3cc5d1146a2db2023404578b0
# bad: [a1229109dec4375259d3fff99f362405aab7917a] target/arm: Implement v8.4-RCPC
git bisect bad a1229109dec4375259d3fff99f362405aab7917a
# bad: [906b60facc3d3dd3af56cb1a7860175d805e10a3] target/arm: Add formats for some vfp 2 and 3-register insns
git bisect bad 906b60facc3d3dd3af56cb1a7860175d805e10a3
# good: [c52881bbc22b50db99a6c37171ad3eea7d959ae6] target/arm: Replace ARM_FEATURE_VFP4 with isar_feature_aa32_simdfmac
git bisect good c52881bbc22b50db99a6c37171ad3eea7d959ae6
# good: [f0f6d5c81be47d593e5ece7f06df6fba4c15738b] target/arm: Move the vfp decodetree calls next to the base isa
git bisect good f0f6d5c81be47d593e5ece7f06df6fba4c15738b
# bad: [f9506e162c33e87b609549157dd8431fcc732085] target/arm: Remove ARM_FEATURE_VFP*
git bisect bad f9506e162c33e87b609549157dd8431fcc732085
# good: [bfa8a370d2f5d4ed03f7a7e2987982f15fe73758] linux-user/arm: Replace ARM_FEATURE_VFP* tests for HWCAP
git bisect good bfa8a370d2f5d4ed03f7a7e2987982f15fe73758
# first bad commit: [f9506e162c33e87b609549157dd8431fcc732085] target/arm: Remove ARM_FEATURE_VFP*
the root cause is that, some feature bit is not consistent any more with below changes in this commit:
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index b29b0eddfc..05aa9711cd 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1880,7 +1880,6 @@ QEMU_BUILD_BUG_ON(ARRAY_SIZE(((ARMCPU *)0)->ccsidr) <= R_V7M_CSSELR_INDEX_MASK);
* mapping in linux-user/elfload.c:get_elf_hwcap().
*/
enum arm_features {
- ARM_FEATURE_VFP,
ARM_FEATURE_AUXCR, /* ARM1026 Auxiliary control register. */
ARM_FEATURE_XSCALE, /* Intel XScale extensions. */
ARM_FEATURE_IWMMXT, /* Intel iwMMXt extension. */
@@ -1889,7 +1888,6 @@ enum arm_features {
ARM_FEATURE_V7,
ARM_FEATURE_THUMB2,
ARM_FEATURE_PMSA, /* no MMU; may have Memory Protection Unit */
- ARM_FEATURE_VFP3,
ARM_FEATURE_NEON,
ARM_FEATURE_M, /* Microcontroller profile. */
ARM_FEATURE_OMAPCP, /* OMAP specific CP15 ops handling. */
@@ -1900,7 +1898,6 @@ enum arm_features {
ARM_FEATURE_V5,
ARM_FEATURE_STRONGARM,
ARM_FEATURE_VAPA, /* cp15 VA to PA lookups */
- ARM_FEATURE_VFP4, /* VFPv4 (implies that NEON is v2) */
ARM_FEATURE_GENERIC_TIMER,
ARM_FEATURE_MVFR, /* Media and VFP Feature Registers 0 and 1 */
ARM_FEATURE_DUMMY_C15_REGS, /* RAZ/WI all of cp15 crn=15 */
** Affects: qemu
Importance: Undecided
Status: New
--
aarch64: migration failed: Segmentation fault (core dumped)
https://bugs.launchpad.net/bugs/1914696
You received this bug notification because you are a member of qemu-devel-ml, which is subscribed to the bug report.
^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [Bug 1914696] [NEW] aarch64: migration failed: Segmentation fault (core dumped)
2021-02-05 3:10 ` [Bug 1914696] [NEW] " Launchpad Bug Tracker
@ 2021-02-05 3:15 ` no-reply
0 siblings, 0 replies; 12+ messages in thread
From: no-reply @ 2021-02-05 3:15 UTC (permalink / raw)
To: 1914696; +Cc: qemu-devel
Patchew URL: https://patchew.org/QEMU/161249464270.1626.1619585641070694953.launchpad@gac.canonical.com/
Hi,
This series seems to have some coding style problems. See output below for
more information:
Type: series
Message-id: 161249464270.1626.1619585641070694953.launchpad@gac.canonical.com
Subject: [Bug 1914696] [NEW] aarch64: migration failed: Segmentation fault (core dumped)
=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===
Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
* [new tag] patchew/161249464270.1626.1619585641070694953.launchpad@gac.canonical.com -> patchew/161249464270.1626.1619585641070694953.launchpad@gac.canonical.com
Switched to a new branch 'test'
=== OUTPUT BEGIN ===
checkpatch.pl: no revisions returned for revlist 'base..'
=== OUTPUT END ===
Test command exited with code: 255
The full log is available at
http://patchew.org/logs/161249464270.1626.1619585641070694953.launchpad@gac.canonical.com/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug 1914696] Re: aarch64: migration failed: Segmentation fault (core dumped)
2021-02-05 2:59 [Bug 1914696] [NEW] aarch64: migration failed: Segmentation fault (core dumped) lizhijian
2021-02-05 3:04 ` [Bug 1914696] " lizhijian
2021-02-05 3:10 ` [Bug 1914696] [NEW] " Launchpad Bug Tracker
@ 2021-02-05 3:16 ` lizhijian
2021-02-05 3:24 ` [Bug 1914696] [NEW] " no-reply
` (4 subsequent siblings)
7 siblings, 0 replies; 12+ messages in thread
From: lizhijian @ 2021-02-05 3:16 UTC (permalink / raw)
To: qemu-devel
i have no a good idea how to fix it prefectly yet.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1914696
Title:
aarch64: migration failed: Segmentation fault (core dumped)
Status in QEMU:
New
Bug description:
reproduce:
arch: aarch64
source qemu: v4.2.0
destination qemu: 1ed9228f63ea4bcc0ae240365305ee264e9189ce
cmdline:
source:
$ ./aarch64-softmmu/qemu-system-aarch64 -name 'avocado-vt-vm1' -machine virt-4.2,gic-version=host,graphics=on -nodefaults -m 1024 -smp 2 -cpu 'host' -vnc :10 -enable-kvm -monitor stdio
(qemu)
(qemu) migrate -d tcp:10.19.241.167:888
(qemu) info status
VM status: paused (postmigrate)
destination:
./build/aarch64-softmmu/qemu-system-aarch64 -name 'avocado-vt-vm1' -machine virt-4.2,gic-version=host,graphics=on -nodefaults -m 1024 -smp 2 -cpu 'host' -vnc :10 -enable-kvm -monitor stdio -incoming tcp:0:888
QEMU 5.2.50 monitor - type 'help' for more information
(qemu) Segmentation fault (core dumped)
i have bisected and confirmed that the first bad commit is: [f9506e162c33e87b609549157dd8431fcc732085] target/arm: Remove ARM_FEATURE_VFP*
bisect log:
git bisect log
# bad: [1ed9228f63ea4bcc0ae240365305ee264e9189ce] Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2021-02-02-v2' into staging
git bisect bad 1ed9228f63ea4bcc0ae240365305ee264e9189ce
# good: [b0ca999a43a22b38158a222233d3f5881648bb4f] Update version for v4.2.0 release
git bisect good b0ca999a43a22b38158a222233d3f5881648bb4f
# bad: [59093cc407cb044c72aa786006a07bd404eb36b9] hw/char: Convert the Ibex UART to use the registerfields API
git bisect bad 59093cc407cb044c72aa786006a07bd404eb36b9
# bad: [4dabf39592e92d692c6f2a1633571114ae25d843] aspeed/smc: Fix DMA support for AST2600
git bisect bad 4dabf39592e92d692c6f2a1633571114ae25d843
# good: [93c86fff53a267f657e79ec07dcd04b63882e330] Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200207' into staging
git bisect good 93c86fff53a267f657e79ec07dcd04b63882e330
# bad: [2ac031d171ccd18c973014d9978b4a63f0ad5fb0] Merge remote-tracking branch 'remotes/palmer/tags/riscv-for-master-5.0-sf3' into staging
git bisect bad 2ac031d171ccd18c973014d9978b4a63f0ad5fb0
# good: [4036b7d1cd9fb1097a5f4bc24d7d31744256260f] target/arm: Use isar_feature function for testing AA32HPD feature
git bisect good 4036b7d1cd9fb1097a5f4bc24d7d31744256260f
# good: [002375895c10df40615fc615e2639f49e0c442fe] tests/iotests: be a little more forgiving on the size test
git bisect good 002375895c10df40615fc615e2639f49e0c442fe
# good: [c695724868ce4049fd79c5a509880dbdf171e744] target/riscv: Emulate TIME CSRs for privileged mode
git bisect good c695724868ce4049fd79c5a509880dbdf171e744
# good: [f67957e17cbf8fc3cc5d1146a2db2023404578b0] target/arm: Add isar_feature_aa32_{fpsp_v2, fpsp_v3, fpdp_v3}
git bisect good f67957e17cbf8fc3cc5d1146a2db2023404578b0
# bad: [a1229109dec4375259d3fff99f362405aab7917a] target/arm: Implement v8.4-RCPC
git bisect bad a1229109dec4375259d3fff99f362405aab7917a
# bad: [906b60facc3d3dd3af56cb1a7860175d805e10a3] target/arm: Add formats for some vfp 2 and 3-register insns
git bisect bad 906b60facc3d3dd3af56cb1a7860175d805e10a3
# good: [c52881bbc22b50db99a6c37171ad3eea7d959ae6] target/arm: Replace ARM_FEATURE_VFP4 with isar_feature_aa32_simdfmac
git bisect good c52881bbc22b50db99a6c37171ad3eea7d959ae6
# good: [f0f6d5c81be47d593e5ece7f06df6fba4c15738b] target/arm: Move the vfp decodetree calls next to the base isa
git bisect good f0f6d5c81be47d593e5ece7f06df6fba4c15738b
# bad: [f9506e162c33e87b609549157dd8431fcc732085] target/arm: Remove ARM_FEATURE_VFP*
git bisect bad f9506e162c33e87b609549157dd8431fcc732085
# good: [bfa8a370d2f5d4ed03f7a7e2987982f15fe73758] linux-user/arm: Replace ARM_FEATURE_VFP* tests for HWCAP
git bisect good bfa8a370d2f5d4ed03f7a7e2987982f15fe73758
# first bad commit: [f9506e162c33e87b609549157dd8431fcc732085] target/arm: Remove ARM_FEATURE_VFP*
the root cause is that, some feature bit is not consistent any more with below changes in this commit:
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index b29b0eddfc..05aa9711cd 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1880,7 +1880,6 @@ QEMU_BUILD_BUG_ON(ARRAY_SIZE(((ARMCPU *)0)->ccsidr) <= R_V7M_CSSELR_INDEX_MASK);
* mapping in linux-user/elfload.c:get_elf_hwcap().
*/
enum arm_features {
- ARM_FEATURE_VFP,
ARM_FEATURE_AUXCR, /* ARM1026 Auxiliary control register. */
ARM_FEATURE_XSCALE, /* Intel XScale extensions. */
ARM_FEATURE_IWMMXT, /* Intel iwMMXt extension. */
@@ -1889,7 +1888,6 @@ enum arm_features {
ARM_FEATURE_V7,
ARM_FEATURE_THUMB2,
ARM_FEATURE_PMSA, /* no MMU; may have Memory Protection Unit */
- ARM_FEATURE_VFP3,
ARM_FEATURE_NEON,
ARM_FEATURE_M, /* Microcontroller profile. */
ARM_FEATURE_OMAPCP, /* OMAP specific CP15 ops handling. */
@@ -1900,7 +1898,6 @@ enum arm_features {
ARM_FEATURE_V5,
ARM_FEATURE_STRONGARM,
ARM_FEATURE_VAPA, /* cp15 VA to PA lookups */
- ARM_FEATURE_VFP4, /* VFPv4 (implies that NEON is v2) */
ARM_FEATURE_GENERIC_TIMER,
ARM_FEATURE_MVFR, /* Media and VFP Feature Registers 0 and 1 */
ARM_FEATURE_DUMMY_C15_REGS, /* RAZ/WI all of cp15 crn=15 */
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1914696/+subscriptions
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Bug 1914696] [NEW] aarch64: migration failed: Segmentation fault (core dumped)
2021-02-05 2:59 [Bug 1914696] [NEW] aarch64: migration failed: Segmentation fault (core dumped) lizhijian
` (2 preceding siblings ...)
2021-02-05 3:16 ` [Bug 1914696] " lizhijian
@ 2021-02-05 3:24 ` no-reply
2021-02-05 10:05 ` [Bug 1914696] " Peter Maydell
` (3 subsequent siblings)
7 siblings, 0 replies; 12+ messages in thread
From: no-reply @ 2021-02-05 3:24 UTC (permalink / raw)
To: 1914696; +Cc: qemu-devel
Patchew URL: https://patchew.org/QEMU/161249398803.13999.15324457641617983607.malonedeb@soybean.canonical.com/
Hi,
This series seems to have some coding style problems. See output below for
more information:
Type: series
Message-id: 161249398803.13999.15324457641617983607.malonedeb@soybean.canonical.com
Subject: [Bug 1914696] [NEW] aarch64: migration failed: Segmentation fault (core dumped)
=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===
Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
* [new tag] patchew/161249398803.13999.15324457641617983607.malonedeb@soybean.canonical.com -> patchew/161249398803.13999.15324457641617983607.malonedeb@soybean.canonical.com
Switched to a new branch 'test'
=== OUTPUT BEGIN ===
checkpatch.pl: no revisions returned for revlist 'base..'
=== OUTPUT END ===
Test command exited with code: 255
The full log is available at
http://patchew.org/logs/161249398803.13999.15324457641617983607.malonedeb@soybean.canonical.com/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Bug 1914696] Re: aarch64: migration failed: Segmentation fault (core dumped)
2021-02-05 3:04 ` [Bug 1914696] " lizhijian
@ 2021-02-05 9:52 ` Claudio Fontana
2021-02-05 10:12 ` Li Zhijian
0 siblings, 1 reply; 12+ messages in thread
From: Claudio Fontana @ 2021-02-05 9:52 UTC (permalink / raw)
To: Bug 1914696; +Cc: qemu-devel
Hi LiZhiJian,
just one thing I noticed in your call stack, your $Subject talks about AArch64,
and you end up in arm_v7m_mmu_idx_for_secstate,
which means that ARM_FEATURE_M is detected, so definitely something looks off when it comes to the feature bits..
Ciao,
Claudio
On 2/5/21 4:04 AM, lizhijian wrote:
> paste the call trace
>
> (gdb) bt
> #0 0x0000aaaac036a02c in armv7m_nvic_neg_prio_requested (opaque=0x0, secure=false) at ../hw/intc/armv7m_nvic.c:406
> #1 0x0000aaaac014dcf4 in arm_v7m_mmu_idx_for_secstate_and_priv (env=0xaaaaca23d950, secstate=false, priv=true) at ../target/arm/m_helper.c:2837
> #2 0x0000aaaac014dd8c in arm_v7m_mmu_idx_for_secstate (env=0xaaaaca23d950, secstate=false) at ../target/arm/m_helper.c:2848
> #3 0x0000aaaac018aa6c in arm_mmu_idx_el (env=0xaaaaca23d950, el=1) at ../target/arm/helper.c:12841
> #4 0x0000aaaac018b788 in rebuild_hflags_internal (env=0xaaaaca23d950) at ../target/arm/helper.c:13100
> #5 0x0000aaaac018b80c in arm_rebuild_hflags (env=0xaaaaca23d950) at ../target/arm/helper.c:13113
> #6 0x0000aaaac007f928 in cpu_post_load (opaque=0xaaaaca233b10, version_id=22) at ../target/arm/machine.c:767
> #7 0x0000aaaabfc8f508 in vmstate_load_state (f=0xaaaaca355520, vmsd=0xaaaac0d59ea8 <vmstate_arm_cpu>, opaque=0xaaaaca233b10, version_id=22) at ../migration/vmstate.c:168
> #8 0x0000aaaabfca3404 in vmstate_load (f=0xaaaaca355520, se=0xaaaaca2708b0) at ../migration/savevm.c:885
> #9 0x0000aaaabfca6410 in qemu_loadvm_section_start_full (f=0xaaaaca355520, mis=0xaaaaca204d90) at ../migration/savevm.c:2396
> #10 0x0000aaaabfca6a8c in qemu_loadvm_state_main (f=0xaaaaca355520, mis=0xaaaaca204d90) at ../migration/savevm.c:2582
> #11 0x0000aaaabfca6c34 in qemu_loadvm_state (f=0xaaaaca355520) at ../migration/savevm.c:2661
> #12 0x0000aaaabfd95bf0 in process_incoming_migration_co (opaque=0x0) at ../migration/migration.c:522
> #13 0x0000aaaac06c6248 in coroutine_trampoline (i0=-895198224, i1=43690) at ../util/coroutine-ucontext.c:173
> #14 0x0000ffffa5071f90 in __startcontext () at ../sysdeps/unix/sysv/linux/aarch64/setcontext.S:123
>
>
> ** Information type changed from Public to Public Security
>
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug 1914696] Re: aarch64: migration failed: Segmentation fault (core dumped)
2021-02-05 2:59 [Bug 1914696] [NEW] aarch64: migration failed: Segmentation fault (core dumped) lizhijian
` (3 preceding siblings ...)
2021-02-05 3:24 ` [Bug 1914696] [NEW] " no-reply
@ 2021-02-05 10:05 ` Peter Maydell
2021-02-08 2:43 ` lizhijian
` (2 subsequent siblings)
7 siblings, 0 replies; 12+ messages in thread
From: Peter Maydell @ 2021-02-05 10:05 UTC (permalink / raw)
To: qemu-devel
This just came up on the list the other day. It should be fixed by this patch:
https://patchew.org/QEMU/20210203161340.55210-1-aaron@os.amperecomputing.com/
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1914696
Title:
aarch64: migration failed: Segmentation fault (core dumped)
Status in QEMU:
New
Bug description:
reproduce:
arch: aarch64
source qemu: v4.2.0
destination qemu: 1ed9228f63ea4bcc0ae240365305ee264e9189ce
cmdline:
source:
$ ./aarch64-softmmu/qemu-system-aarch64 -name 'avocado-vt-vm1' -machine virt-4.2,gic-version=host,graphics=on -nodefaults -m 1024 -smp 2 -cpu 'host' -vnc :10 -enable-kvm -monitor stdio
(qemu)
(qemu) migrate -d tcp:10.19.241.167:888
(qemu) info status
VM status: paused (postmigrate)
destination:
./build/aarch64-softmmu/qemu-system-aarch64 -name 'avocado-vt-vm1' -machine virt-4.2,gic-version=host,graphics=on -nodefaults -m 1024 -smp 2 -cpu 'host' -vnc :10 -enable-kvm -monitor stdio -incoming tcp:0:888
QEMU 5.2.50 monitor - type 'help' for more information
(qemu) Segmentation fault (core dumped)
i have bisected and confirmed that the first bad commit is: [f9506e162c33e87b609549157dd8431fcc732085] target/arm: Remove ARM_FEATURE_VFP*
bisect log:
git bisect log
# bad: [1ed9228f63ea4bcc0ae240365305ee264e9189ce] Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2021-02-02-v2' into staging
git bisect bad 1ed9228f63ea4bcc0ae240365305ee264e9189ce
# good: [b0ca999a43a22b38158a222233d3f5881648bb4f] Update version for v4.2.0 release
git bisect good b0ca999a43a22b38158a222233d3f5881648bb4f
# bad: [59093cc407cb044c72aa786006a07bd404eb36b9] hw/char: Convert the Ibex UART to use the registerfields API
git bisect bad 59093cc407cb044c72aa786006a07bd404eb36b9
# bad: [4dabf39592e92d692c6f2a1633571114ae25d843] aspeed/smc: Fix DMA support for AST2600
git bisect bad 4dabf39592e92d692c6f2a1633571114ae25d843
# good: [93c86fff53a267f657e79ec07dcd04b63882e330] Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200207' into staging
git bisect good 93c86fff53a267f657e79ec07dcd04b63882e330
# bad: [2ac031d171ccd18c973014d9978b4a63f0ad5fb0] Merge remote-tracking branch 'remotes/palmer/tags/riscv-for-master-5.0-sf3' into staging
git bisect bad 2ac031d171ccd18c973014d9978b4a63f0ad5fb0
# good: [4036b7d1cd9fb1097a5f4bc24d7d31744256260f] target/arm: Use isar_feature function for testing AA32HPD feature
git bisect good 4036b7d1cd9fb1097a5f4bc24d7d31744256260f
# good: [002375895c10df40615fc615e2639f49e0c442fe] tests/iotests: be a little more forgiving on the size test
git bisect good 002375895c10df40615fc615e2639f49e0c442fe
# good: [c695724868ce4049fd79c5a509880dbdf171e744] target/riscv: Emulate TIME CSRs for privileged mode
git bisect good c695724868ce4049fd79c5a509880dbdf171e744
# good: [f67957e17cbf8fc3cc5d1146a2db2023404578b0] target/arm: Add isar_feature_aa32_{fpsp_v2, fpsp_v3, fpdp_v3}
git bisect good f67957e17cbf8fc3cc5d1146a2db2023404578b0
# bad: [a1229109dec4375259d3fff99f362405aab7917a] target/arm: Implement v8.4-RCPC
git bisect bad a1229109dec4375259d3fff99f362405aab7917a
# bad: [906b60facc3d3dd3af56cb1a7860175d805e10a3] target/arm: Add formats for some vfp 2 and 3-register insns
git bisect bad 906b60facc3d3dd3af56cb1a7860175d805e10a3
# good: [c52881bbc22b50db99a6c37171ad3eea7d959ae6] target/arm: Replace ARM_FEATURE_VFP4 with isar_feature_aa32_simdfmac
git bisect good c52881bbc22b50db99a6c37171ad3eea7d959ae6
# good: [f0f6d5c81be47d593e5ece7f06df6fba4c15738b] target/arm: Move the vfp decodetree calls next to the base isa
git bisect good f0f6d5c81be47d593e5ece7f06df6fba4c15738b
# bad: [f9506e162c33e87b609549157dd8431fcc732085] target/arm: Remove ARM_FEATURE_VFP*
git bisect bad f9506e162c33e87b609549157dd8431fcc732085
# good: [bfa8a370d2f5d4ed03f7a7e2987982f15fe73758] linux-user/arm: Replace ARM_FEATURE_VFP* tests for HWCAP
git bisect good bfa8a370d2f5d4ed03f7a7e2987982f15fe73758
# first bad commit: [f9506e162c33e87b609549157dd8431fcc732085] target/arm: Remove ARM_FEATURE_VFP*
the root cause is that, some feature bit is not consistent any more with below changes in this commit:
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index b29b0eddfc..05aa9711cd 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1880,7 +1880,6 @@ QEMU_BUILD_BUG_ON(ARRAY_SIZE(((ARMCPU *)0)->ccsidr) <= R_V7M_CSSELR_INDEX_MASK);
* mapping in linux-user/elfload.c:get_elf_hwcap().
*/
enum arm_features {
- ARM_FEATURE_VFP,
ARM_FEATURE_AUXCR, /* ARM1026 Auxiliary control register. */
ARM_FEATURE_XSCALE, /* Intel XScale extensions. */
ARM_FEATURE_IWMMXT, /* Intel iwMMXt extension. */
@@ -1889,7 +1888,6 @@ enum arm_features {
ARM_FEATURE_V7,
ARM_FEATURE_THUMB2,
ARM_FEATURE_PMSA, /* no MMU; may have Memory Protection Unit */
- ARM_FEATURE_VFP3,
ARM_FEATURE_NEON,
ARM_FEATURE_M, /* Microcontroller profile. */
ARM_FEATURE_OMAPCP, /* OMAP specific CP15 ops handling. */
@@ -1900,7 +1898,6 @@ enum arm_features {
ARM_FEATURE_V5,
ARM_FEATURE_STRONGARM,
ARM_FEATURE_VAPA, /* cp15 VA to PA lookups */
- ARM_FEATURE_VFP4, /* VFPv4 (implies that NEON is v2) */
ARM_FEATURE_GENERIC_TIMER,
ARM_FEATURE_MVFR, /* Media and VFP Feature Registers 0 and 1 */
ARM_FEATURE_DUMMY_C15_REGS, /* RAZ/WI all of cp15 crn=15 */
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1914696/+subscriptions
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Bug 1914696] Re: aarch64: migration failed: Segmentation fault (core dumped)
2021-02-05 9:52 ` Claudio Fontana
@ 2021-02-05 10:12 ` Li Zhijian
0 siblings, 0 replies; 12+ messages in thread
From: Li Zhijian @ 2021-02-05 10:12 UTC (permalink / raw)
To: Claudio Fontana, Bug 1914696; +Cc: qemu-devel
On 2/5/21 5:52 PM, Claudio Fontana wrote:
> Hi LiZhiJian,
>
> just one thing I noticed in your call stack, your $Subject talks about AArch64,
> and you end up in arm_v7m_mmu_idx_for_secstate,
>
> which means that ARM_FEATURE_M is detected, so definitely something looks off when it comes to the feature bits..
That's true, so i guessboldly migration across this FBC are not trustable.
the FBC changed the feature bits offset. Previously ARM_FEATURE = 11(source side), after this commit(destination side), it turned ARM_FEATURE = 9.
>
> Ciao,
>
> Claudio
>
> On 2/5/21 4:04 AM, lizhijian wrote:
>> paste the call trace
>>
>> (gdb) bt
>> #0 0x0000aaaac036a02c in armv7m_nvic_neg_prio_requested (opaque=0x0, secure=false) at ../hw/intc/armv7m_nvic.c:406
>> #1 0x0000aaaac014dcf4 in arm_v7m_mmu_idx_for_secstate_and_priv (env=0xaaaaca23d950, secstate=false, priv=true) at ../target/arm/m_helper.c:2837
>> #2 0x0000aaaac014dd8c in arm_v7m_mmu_idx_for_secstate (env=0xaaaaca23d950, secstate=false) at ../target/arm/m_helper.c:2848
>> #3 0x0000aaaac018aa6c in arm_mmu_idx_el (env=0xaaaaca23d950, el=1) at ../target/arm/helper.c:12841
>> #4 0x0000aaaac018b788 in rebuild_hflags_internal (env=0xaaaaca23d950) at ../target/arm/helper.c:13100
>> #5 0x0000aaaac018b80c in arm_rebuild_hflags (env=0xaaaaca23d950) at ../target/arm/helper.c:13113
>> #6 0x0000aaaac007f928 in cpu_post_load (opaque=0xaaaaca233b10, version_id=22) at ../target/arm/machine.c:767
>> #7 0x0000aaaabfc8f508 in vmstate_load_state (f=0xaaaaca355520, vmsd=0xaaaac0d59ea8 <vmstate_arm_cpu>, opaque=0xaaaaca233b10, version_id=22) at ../migration/vmstate.c:168
>> #8 0x0000aaaabfca3404 in vmstate_load (f=0xaaaaca355520, se=0xaaaaca2708b0) at ../migration/savevm.c:885
>> #9 0x0000aaaabfca6410 in qemu_loadvm_section_start_full (f=0xaaaaca355520, mis=0xaaaaca204d90) at ../migration/savevm.c:2396
>> #10 0x0000aaaabfca6a8c in qemu_loadvm_state_main (f=0xaaaaca355520, mis=0xaaaaca204d90) at ../migration/savevm.c:2582
>> #11 0x0000aaaabfca6c34 in qemu_loadvm_state (f=0xaaaaca355520) at ../migration/savevm.c:2661
>> #12 0x0000aaaabfd95bf0 in process_incoming_migration_co (opaque=0x0) at ../migration/migration.c:522
>> #13 0x0000aaaac06c6248 in coroutine_trampoline (i0=-895198224, i1=43690) at ../util/coroutine-ucontext.c:173
>> #14 0x0000ffffa5071f90 in __startcontext () at ../sysdeps/unix/sysv/linux/aarch64/setcontext.S:123
>>
>>
>> ** Information type changed from Public to Public Security
>>
>
>
>
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug 1914696] Re: aarch64: migration failed: Segmentation fault (core dumped)
2021-02-05 2:59 [Bug 1914696] [NEW] aarch64: migration failed: Segmentation fault (core dumped) lizhijian
` (4 preceding siblings ...)
2021-02-05 10:05 ` [Bug 1914696] " Peter Maydell
@ 2021-02-08 2:43 ` lizhijian
2021-03-11 18:49 ` Peter Maydell
2021-04-30 9:14 ` Thomas Huth
7 siblings, 0 replies; 12+ messages in thread
From: lizhijian @ 2021-02-08 2:43 UTC (permalink / raw)
To: qemu-devel
https://patchew.org/QEMU/20210203161340.55210-1-aaron@os.amperecomputing.com/
works for me.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1914696
Title:
aarch64: migration failed: Segmentation fault (core dumped)
Status in QEMU:
New
Bug description:
reproduce:
arch: aarch64
source qemu: v4.2.0
destination qemu: 1ed9228f63ea4bcc0ae240365305ee264e9189ce
cmdline:
source:
$ ./aarch64-softmmu/qemu-system-aarch64 -name 'avocado-vt-vm1' -machine virt-4.2,gic-version=host,graphics=on -nodefaults -m 1024 -smp 2 -cpu 'host' -vnc :10 -enable-kvm -monitor stdio
(qemu)
(qemu) migrate -d tcp:10.19.241.167:888
(qemu) info status
VM status: paused (postmigrate)
destination:
./build/aarch64-softmmu/qemu-system-aarch64 -name 'avocado-vt-vm1' -machine virt-4.2,gic-version=host,graphics=on -nodefaults -m 1024 -smp 2 -cpu 'host' -vnc :10 -enable-kvm -monitor stdio -incoming tcp:0:888
QEMU 5.2.50 monitor - type 'help' for more information
(qemu) Segmentation fault (core dumped)
i have bisected and confirmed that the first bad commit is: [f9506e162c33e87b609549157dd8431fcc732085] target/arm: Remove ARM_FEATURE_VFP*
bisect log:
git bisect log
# bad: [1ed9228f63ea4bcc0ae240365305ee264e9189ce] Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2021-02-02-v2' into staging
git bisect bad 1ed9228f63ea4bcc0ae240365305ee264e9189ce
# good: [b0ca999a43a22b38158a222233d3f5881648bb4f] Update version for v4.2.0 release
git bisect good b0ca999a43a22b38158a222233d3f5881648bb4f
# bad: [59093cc407cb044c72aa786006a07bd404eb36b9] hw/char: Convert the Ibex UART to use the registerfields API
git bisect bad 59093cc407cb044c72aa786006a07bd404eb36b9
# bad: [4dabf39592e92d692c6f2a1633571114ae25d843] aspeed/smc: Fix DMA support for AST2600
git bisect bad 4dabf39592e92d692c6f2a1633571114ae25d843
# good: [93c86fff53a267f657e79ec07dcd04b63882e330] Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200207' into staging
git bisect good 93c86fff53a267f657e79ec07dcd04b63882e330
# bad: [2ac031d171ccd18c973014d9978b4a63f0ad5fb0] Merge remote-tracking branch 'remotes/palmer/tags/riscv-for-master-5.0-sf3' into staging
git bisect bad 2ac031d171ccd18c973014d9978b4a63f0ad5fb0
# good: [4036b7d1cd9fb1097a5f4bc24d7d31744256260f] target/arm: Use isar_feature function for testing AA32HPD feature
git bisect good 4036b7d1cd9fb1097a5f4bc24d7d31744256260f
# good: [002375895c10df40615fc615e2639f49e0c442fe] tests/iotests: be a little more forgiving on the size test
git bisect good 002375895c10df40615fc615e2639f49e0c442fe
# good: [c695724868ce4049fd79c5a509880dbdf171e744] target/riscv: Emulate TIME CSRs for privileged mode
git bisect good c695724868ce4049fd79c5a509880dbdf171e744
# good: [f67957e17cbf8fc3cc5d1146a2db2023404578b0] target/arm: Add isar_feature_aa32_{fpsp_v2, fpsp_v3, fpdp_v3}
git bisect good f67957e17cbf8fc3cc5d1146a2db2023404578b0
# bad: [a1229109dec4375259d3fff99f362405aab7917a] target/arm: Implement v8.4-RCPC
git bisect bad a1229109dec4375259d3fff99f362405aab7917a
# bad: [906b60facc3d3dd3af56cb1a7860175d805e10a3] target/arm: Add formats for some vfp 2 and 3-register insns
git bisect bad 906b60facc3d3dd3af56cb1a7860175d805e10a3
# good: [c52881bbc22b50db99a6c37171ad3eea7d959ae6] target/arm: Replace ARM_FEATURE_VFP4 with isar_feature_aa32_simdfmac
git bisect good c52881bbc22b50db99a6c37171ad3eea7d959ae6
# good: [f0f6d5c81be47d593e5ece7f06df6fba4c15738b] target/arm: Move the vfp decodetree calls next to the base isa
git bisect good f0f6d5c81be47d593e5ece7f06df6fba4c15738b
# bad: [f9506e162c33e87b609549157dd8431fcc732085] target/arm: Remove ARM_FEATURE_VFP*
git bisect bad f9506e162c33e87b609549157dd8431fcc732085
# good: [bfa8a370d2f5d4ed03f7a7e2987982f15fe73758] linux-user/arm: Replace ARM_FEATURE_VFP* tests for HWCAP
git bisect good bfa8a370d2f5d4ed03f7a7e2987982f15fe73758
# first bad commit: [f9506e162c33e87b609549157dd8431fcc732085] target/arm: Remove ARM_FEATURE_VFP*
the root cause is that, some feature bit is not consistent any more with below changes in this commit:
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index b29b0eddfc..05aa9711cd 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1880,7 +1880,6 @@ QEMU_BUILD_BUG_ON(ARRAY_SIZE(((ARMCPU *)0)->ccsidr) <= R_V7M_CSSELR_INDEX_MASK);
* mapping in linux-user/elfload.c:get_elf_hwcap().
*/
enum arm_features {
- ARM_FEATURE_VFP,
ARM_FEATURE_AUXCR, /* ARM1026 Auxiliary control register. */
ARM_FEATURE_XSCALE, /* Intel XScale extensions. */
ARM_FEATURE_IWMMXT, /* Intel iwMMXt extension. */
@@ -1889,7 +1888,6 @@ enum arm_features {
ARM_FEATURE_V7,
ARM_FEATURE_THUMB2,
ARM_FEATURE_PMSA, /* no MMU; may have Memory Protection Unit */
- ARM_FEATURE_VFP3,
ARM_FEATURE_NEON,
ARM_FEATURE_M, /* Microcontroller profile. */
ARM_FEATURE_OMAPCP, /* OMAP specific CP15 ops handling. */
@@ -1900,7 +1898,6 @@ enum arm_features {
ARM_FEATURE_V5,
ARM_FEATURE_STRONGARM,
ARM_FEATURE_VAPA, /* cp15 VA to PA lookups */
- ARM_FEATURE_VFP4, /* VFPv4 (implies that NEON is v2) */
ARM_FEATURE_GENERIC_TIMER,
ARM_FEATURE_MVFR, /* Media and VFP Feature Registers 0 and 1 */
ARM_FEATURE_DUMMY_C15_REGS, /* RAZ/WI all of cp15 crn=15 */
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1914696/+subscriptions
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug 1914696] Re: aarch64: migration failed: Segmentation fault (core dumped)
2021-02-05 2:59 [Bug 1914696] [NEW] aarch64: migration failed: Segmentation fault (core dumped) lizhijian
` (5 preceding siblings ...)
2021-02-08 2:43 ` lizhijian
@ 2021-03-11 18:49 ` Peter Maydell
2021-04-30 9:14 ` Thomas Huth
7 siblings, 0 replies; 12+ messages in thread
From: Peter Maydell @ 2021-03-11 18:49 UTC (permalink / raw)
To: qemu-devel
Fix now in master: commit af903caed9fc62cc6
** Changed in: qemu
Status: New => Fix Committed
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1914696
Title:
aarch64: migration failed: Segmentation fault (core dumped)
Status in QEMU:
Fix Committed
Bug description:
reproduce:
arch: aarch64
source qemu: v4.2.0
destination qemu: 1ed9228f63ea4bcc0ae240365305ee264e9189ce
cmdline:
source:
$ ./aarch64-softmmu/qemu-system-aarch64 -name 'avocado-vt-vm1' -machine virt-4.2,gic-version=host,graphics=on -nodefaults -m 1024 -smp 2 -cpu 'host' -vnc :10 -enable-kvm -monitor stdio
(qemu)
(qemu) migrate -d tcp:10.19.241.167:888
(qemu) info status
VM status: paused (postmigrate)
destination:
./build/aarch64-softmmu/qemu-system-aarch64 -name 'avocado-vt-vm1' -machine virt-4.2,gic-version=host,graphics=on -nodefaults -m 1024 -smp 2 -cpu 'host' -vnc :10 -enable-kvm -monitor stdio -incoming tcp:0:888
QEMU 5.2.50 monitor - type 'help' for more information
(qemu) Segmentation fault (core dumped)
i have bisected and confirmed that the first bad commit is: [f9506e162c33e87b609549157dd8431fcc732085] target/arm: Remove ARM_FEATURE_VFP*
bisect log:
git bisect log
# bad: [1ed9228f63ea4bcc0ae240365305ee264e9189ce] Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2021-02-02-v2' into staging
git bisect bad 1ed9228f63ea4bcc0ae240365305ee264e9189ce
# good: [b0ca999a43a22b38158a222233d3f5881648bb4f] Update version for v4.2.0 release
git bisect good b0ca999a43a22b38158a222233d3f5881648bb4f
# bad: [59093cc407cb044c72aa786006a07bd404eb36b9] hw/char: Convert the Ibex UART to use the registerfields API
git bisect bad 59093cc407cb044c72aa786006a07bd404eb36b9
# bad: [4dabf39592e92d692c6f2a1633571114ae25d843] aspeed/smc: Fix DMA support for AST2600
git bisect bad 4dabf39592e92d692c6f2a1633571114ae25d843
# good: [93c86fff53a267f657e79ec07dcd04b63882e330] Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200207' into staging
git bisect good 93c86fff53a267f657e79ec07dcd04b63882e330
# bad: [2ac031d171ccd18c973014d9978b4a63f0ad5fb0] Merge remote-tracking branch 'remotes/palmer/tags/riscv-for-master-5.0-sf3' into staging
git bisect bad 2ac031d171ccd18c973014d9978b4a63f0ad5fb0
# good: [4036b7d1cd9fb1097a5f4bc24d7d31744256260f] target/arm: Use isar_feature function for testing AA32HPD feature
git bisect good 4036b7d1cd9fb1097a5f4bc24d7d31744256260f
# good: [002375895c10df40615fc615e2639f49e0c442fe] tests/iotests: be a little more forgiving on the size test
git bisect good 002375895c10df40615fc615e2639f49e0c442fe
# good: [c695724868ce4049fd79c5a509880dbdf171e744] target/riscv: Emulate TIME CSRs for privileged mode
git bisect good c695724868ce4049fd79c5a509880dbdf171e744
# good: [f67957e17cbf8fc3cc5d1146a2db2023404578b0] target/arm: Add isar_feature_aa32_{fpsp_v2, fpsp_v3, fpdp_v3}
git bisect good f67957e17cbf8fc3cc5d1146a2db2023404578b0
# bad: [a1229109dec4375259d3fff99f362405aab7917a] target/arm: Implement v8.4-RCPC
git bisect bad a1229109dec4375259d3fff99f362405aab7917a
# bad: [906b60facc3d3dd3af56cb1a7860175d805e10a3] target/arm: Add formats for some vfp 2 and 3-register insns
git bisect bad 906b60facc3d3dd3af56cb1a7860175d805e10a3
# good: [c52881bbc22b50db99a6c37171ad3eea7d959ae6] target/arm: Replace ARM_FEATURE_VFP4 with isar_feature_aa32_simdfmac
git bisect good c52881bbc22b50db99a6c37171ad3eea7d959ae6
# good: [f0f6d5c81be47d593e5ece7f06df6fba4c15738b] target/arm: Move the vfp decodetree calls next to the base isa
git bisect good f0f6d5c81be47d593e5ece7f06df6fba4c15738b
# bad: [f9506e162c33e87b609549157dd8431fcc732085] target/arm: Remove ARM_FEATURE_VFP*
git bisect bad f9506e162c33e87b609549157dd8431fcc732085
# good: [bfa8a370d2f5d4ed03f7a7e2987982f15fe73758] linux-user/arm: Replace ARM_FEATURE_VFP* tests for HWCAP
git bisect good bfa8a370d2f5d4ed03f7a7e2987982f15fe73758
# first bad commit: [f9506e162c33e87b609549157dd8431fcc732085] target/arm: Remove ARM_FEATURE_VFP*
the root cause is that, some feature bit is not consistent any more with below changes in this commit:
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index b29b0eddfc..05aa9711cd 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1880,7 +1880,6 @@ QEMU_BUILD_BUG_ON(ARRAY_SIZE(((ARMCPU *)0)->ccsidr) <= R_V7M_CSSELR_INDEX_MASK);
* mapping in linux-user/elfload.c:get_elf_hwcap().
*/
enum arm_features {
- ARM_FEATURE_VFP,
ARM_FEATURE_AUXCR, /* ARM1026 Auxiliary control register. */
ARM_FEATURE_XSCALE, /* Intel XScale extensions. */
ARM_FEATURE_IWMMXT, /* Intel iwMMXt extension. */
@@ -1889,7 +1888,6 @@ enum arm_features {
ARM_FEATURE_V7,
ARM_FEATURE_THUMB2,
ARM_FEATURE_PMSA, /* no MMU; may have Memory Protection Unit */
- ARM_FEATURE_VFP3,
ARM_FEATURE_NEON,
ARM_FEATURE_M, /* Microcontroller profile. */
ARM_FEATURE_OMAPCP, /* OMAP specific CP15 ops handling. */
@@ -1900,7 +1898,6 @@ enum arm_features {
ARM_FEATURE_V5,
ARM_FEATURE_STRONGARM,
ARM_FEATURE_VAPA, /* cp15 VA to PA lookups */
- ARM_FEATURE_VFP4, /* VFPv4 (implies that NEON is v2) */
ARM_FEATURE_GENERIC_TIMER,
ARM_FEATURE_MVFR, /* Media and VFP Feature Registers 0 and 1 */
ARM_FEATURE_DUMMY_C15_REGS, /* RAZ/WI all of cp15 crn=15 */
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1914696/+subscriptions
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug 1914696] Re: aarch64: migration failed: Segmentation fault (core dumped)
2021-02-05 2:59 [Bug 1914696] [NEW] aarch64: migration failed: Segmentation fault (core dumped) lizhijian
` (6 preceding siblings ...)
2021-03-11 18:49 ` Peter Maydell
@ 2021-04-30 9:14 ` Thomas Huth
7 siblings, 0 replies; 12+ messages in thread
From: Thomas Huth @ 2021-04-30 9:14 UTC (permalink / raw)
To: qemu-devel
** Changed in: qemu
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1914696
Title:
aarch64: migration failed: Segmentation fault (core dumped)
Status in QEMU:
Fix Released
Bug description:
reproduce:
arch: aarch64
source qemu: v4.2.0
destination qemu: 1ed9228f63ea4bcc0ae240365305ee264e9189ce
cmdline:
source:
$ ./aarch64-softmmu/qemu-system-aarch64 -name 'avocado-vt-vm1' -machine virt-4.2,gic-version=host,graphics=on -nodefaults -m 1024 -smp 2 -cpu 'host' -vnc :10 -enable-kvm -monitor stdio
(qemu)
(qemu) migrate -d tcp:10.19.241.167:888
(qemu) info status
VM status: paused (postmigrate)
destination:
./build/aarch64-softmmu/qemu-system-aarch64 -name 'avocado-vt-vm1' -machine virt-4.2,gic-version=host,graphics=on -nodefaults -m 1024 -smp 2 -cpu 'host' -vnc :10 -enable-kvm -monitor stdio -incoming tcp:0:888
QEMU 5.2.50 monitor - type 'help' for more information
(qemu) Segmentation fault (core dumped)
i have bisected and confirmed that the first bad commit is: [f9506e162c33e87b609549157dd8431fcc732085] target/arm: Remove ARM_FEATURE_VFP*
bisect log:
git bisect log
# bad: [1ed9228f63ea4bcc0ae240365305ee264e9189ce] Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2021-02-02-v2' into staging
git bisect bad 1ed9228f63ea4bcc0ae240365305ee264e9189ce
# good: [b0ca999a43a22b38158a222233d3f5881648bb4f] Update version for v4.2.0 release
git bisect good b0ca999a43a22b38158a222233d3f5881648bb4f
# bad: [59093cc407cb044c72aa786006a07bd404eb36b9] hw/char: Convert the Ibex UART to use the registerfields API
git bisect bad 59093cc407cb044c72aa786006a07bd404eb36b9
# bad: [4dabf39592e92d692c6f2a1633571114ae25d843] aspeed/smc: Fix DMA support for AST2600
git bisect bad 4dabf39592e92d692c6f2a1633571114ae25d843
# good: [93c86fff53a267f657e79ec07dcd04b63882e330] Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200207' into staging
git bisect good 93c86fff53a267f657e79ec07dcd04b63882e330
# bad: [2ac031d171ccd18c973014d9978b4a63f0ad5fb0] Merge remote-tracking branch 'remotes/palmer/tags/riscv-for-master-5.0-sf3' into staging
git bisect bad 2ac031d171ccd18c973014d9978b4a63f0ad5fb0
# good: [4036b7d1cd9fb1097a5f4bc24d7d31744256260f] target/arm: Use isar_feature function for testing AA32HPD feature
git bisect good 4036b7d1cd9fb1097a5f4bc24d7d31744256260f
# good: [002375895c10df40615fc615e2639f49e0c442fe] tests/iotests: be a little more forgiving on the size test
git bisect good 002375895c10df40615fc615e2639f49e0c442fe
# good: [c695724868ce4049fd79c5a509880dbdf171e744] target/riscv: Emulate TIME CSRs for privileged mode
git bisect good c695724868ce4049fd79c5a509880dbdf171e744
# good: [f67957e17cbf8fc3cc5d1146a2db2023404578b0] target/arm: Add isar_feature_aa32_{fpsp_v2, fpsp_v3, fpdp_v3}
git bisect good f67957e17cbf8fc3cc5d1146a2db2023404578b0
# bad: [a1229109dec4375259d3fff99f362405aab7917a] target/arm: Implement v8.4-RCPC
git bisect bad a1229109dec4375259d3fff99f362405aab7917a
# bad: [906b60facc3d3dd3af56cb1a7860175d805e10a3] target/arm: Add formats for some vfp 2 and 3-register insns
git bisect bad 906b60facc3d3dd3af56cb1a7860175d805e10a3
# good: [c52881bbc22b50db99a6c37171ad3eea7d959ae6] target/arm: Replace ARM_FEATURE_VFP4 with isar_feature_aa32_simdfmac
git bisect good c52881bbc22b50db99a6c37171ad3eea7d959ae6
# good: [f0f6d5c81be47d593e5ece7f06df6fba4c15738b] target/arm: Move the vfp decodetree calls next to the base isa
git bisect good f0f6d5c81be47d593e5ece7f06df6fba4c15738b
# bad: [f9506e162c33e87b609549157dd8431fcc732085] target/arm: Remove ARM_FEATURE_VFP*
git bisect bad f9506e162c33e87b609549157dd8431fcc732085
# good: [bfa8a370d2f5d4ed03f7a7e2987982f15fe73758] linux-user/arm: Replace ARM_FEATURE_VFP* tests for HWCAP
git bisect good bfa8a370d2f5d4ed03f7a7e2987982f15fe73758
# first bad commit: [f9506e162c33e87b609549157dd8431fcc732085] target/arm: Remove ARM_FEATURE_VFP*
the root cause is that, some feature bit is not consistent any more with below changes in this commit:
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index b29b0eddfc..05aa9711cd 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1880,7 +1880,6 @@ QEMU_BUILD_BUG_ON(ARRAY_SIZE(((ARMCPU *)0)->ccsidr) <= R_V7M_CSSELR_INDEX_MASK);
* mapping in linux-user/elfload.c:get_elf_hwcap().
*/
enum arm_features {
- ARM_FEATURE_VFP,
ARM_FEATURE_AUXCR, /* ARM1026 Auxiliary control register. */
ARM_FEATURE_XSCALE, /* Intel XScale extensions. */
ARM_FEATURE_IWMMXT, /* Intel iwMMXt extension. */
@@ -1889,7 +1888,6 @@ enum arm_features {
ARM_FEATURE_V7,
ARM_FEATURE_THUMB2,
ARM_FEATURE_PMSA, /* no MMU; may have Memory Protection Unit */
- ARM_FEATURE_VFP3,
ARM_FEATURE_NEON,
ARM_FEATURE_M, /* Microcontroller profile. */
ARM_FEATURE_OMAPCP, /* OMAP specific CP15 ops handling. */
@@ -1900,7 +1898,6 @@ enum arm_features {
ARM_FEATURE_V5,
ARM_FEATURE_STRONGARM,
ARM_FEATURE_VAPA, /* cp15 VA to PA lookups */
- ARM_FEATURE_VFP4, /* VFPv4 (implies that NEON is v2) */
ARM_FEATURE_GENERIC_TIMER,
ARM_FEATURE_MVFR, /* Media and VFP Feature Registers 0 and 1 */
ARM_FEATURE_DUMMY_C15_REGS, /* RAZ/WI all of cp15 crn=15 */
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1914696/+subscriptions
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2021-04-30 9:32 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-05 2:59 [Bug 1914696] [NEW] aarch64: migration failed: Segmentation fault (core dumped) lizhijian
2021-02-05 3:04 ` [Bug 1914696] " lizhijian
2021-02-05 9:52 ` Claudio Fontana
2021-02-05 10:12 ` Li Zhijian
2021-02-05 3:10 ` [Bug 1914696] [NEW] " Launchpad Bug Tracker
2021-02-05 3:15 ` no-reply
2021-02-05 3:16 ` [Bug 1914696] " lizhijian
2021-02-05 3:24 ` [Bug 1914696] [NEW] " no-reply
2021-02-05 10:05 ` [Bug 1914696] " Peter Maydell
2021-02-08 2:43 ` lizhijian
2021-03-11 18:49 ` Peter Maydell
2021-04-30 9:14 ` Thomas Huth
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.