From: "Alex Bennée" <alex.bennee@linaro.org> To: qemu-devel@nongnu.org Cc: "Peter Maydell" <peter.maydell@linaro.org>, 1859021@bugs.launchpad.net, "open list:ARM TCG CPUs" <qemu-arm@nongnu.org>, "Alex Bennée" <alex.bennee@linaro.org> Subject: [RFC PATCH] tests/tcg: add a vtimer test for aarch64 Date: Thu, 9 Jan 2020 16:25:45 +0000 [thread overview] Message-ID: <20200109162545.1970-1-alex.bennee@linaro.org> (raw) In-Reply-To: <157857629827.5165.2496570379985305724.malonedeb@gac.canonical.com> Bug: https://bugs.launchpad.net/bugs/1859021 Signed-off-by: Alex Bennée <alex.bennee@linaro.org> --- tests/tcg/aarch64/system/vtimer.c | 48 +++++++++++++++++++++++ tests/tcg/aarch64/Makefile.softmmu-target | 4 ++ 2 files changed, 52 insertions(+) create mode 100644 tests/tcg/aarch64/system/vtimer.c diff --git a/tests/tcg/aarch64/system/vtimer.c b/tests/tcg/aarch64/system/vtimer.c new file mode 100644 index 00000000000..42f2f7796c7 --- /dev/null +++ b/tests/tcg/aarch64/system/vtimer.c @@ -0,0 +1,48 @@ +/* + * Simple Virtual Timer Test + * + * Copyright (c) 2020 Linaro Ltd + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#include <inttypes.h> +#include <minilib.h> + +/* grabbed from Linux */ +#define __stringify_1(x...) #x +#define __stringify(x...) __stringify_1(x) + +#define read_sysreg(r) ({ \ + uint64_t __val; \ + asm volatile("mrs %0, " __stringify(r) : "=r" (__val)); \ + __val; \ +}) + +#define write_sysreg(r, v) do { \ + uint64_t __val = (uint64_t)(v); \ + asm volatile("msr " __stringify(r) ", %x0" \ + : : "rZ" (__val)); \ +} while (0) + +int main(void) +{ + int i; + + ml_printf("VTimer Test\n"); + + write_sysreg(cntvoff_el2, 1); + write_sysreg(cntv_cval_el0, -1); + write_sysreg(cntv_ctl_el0, 1); + + ml_printf("cntvoff_el2=%lx\n", read_sysreg(cntvoff_el2)); + ml_printf("cntv_cval_el0=%lx\n", read_sysreg(cntv_cval_el0)); + ml_printf("cntv_ctl_el0=%lx\n", read_sysreg(cntv_ctl_el0)); + + /* Now read cval a few times */ + for (i = 0; i < 10; i++) { + ml_printf("%d: cntv_cval_el0=%lx\n", i, read_sysreg(cntv_cval_el0)); + } + + return 0; +} diff --git a/tests/tcg/aarch64/Makefile.softmmu-target b/tests/tcg/aarch64/Makefile.softmmu-target index 7b4eede3f07..62cdddbb215 100644 --- a/tests/tcg/aarch64/Makefile.softmmu-target +++ b/tests/tcg/aarch64/Makefile.softmmu-target @@ -62,3 +62,7 @@ run-memory-replay: memory-replay run-memory-record "$< on $(TARGET_NAME)") EXTRA_TESTS+=memory-record memory-replay + +# vtimer test +QEMU_EL2_MACHINE=-machine virt,virtualization=on,gic-version=2 -cpu cortex-a57 -smp 4 +run-vtimer: QEMU_OPTS=$(QEMU_EL2_MACHINE) $(QEMU_SEMIHOST) -kernel -- 2.20.1
WARNING: multiple messages have this Message-ID (diff)
From: "Alex Bennée" <alex.bennee@linaro.org> To: qemu-devel@nongnu.org Subject: [Bug 1859021] Re: qemu-system-aarch64 (tcg): cval + voff overflow not handled, causes qemu to hang Date: Thu, 09 Jan 2020 16:25:45 -0000 [thread overview] Message-ID: <20200109162545.1970-1-alex.bennee@linaro.org> (raw) Message-ID: <20200109162545.lzVWuq6cktp_xi427QSaFKrtCSqvZGfPJauZyktbXog@z> (raw) In-Reply-To: 157857629827.5165.2496570379985305724.malonedeb@gac.canonical.com Bug: https://bugs.launchpad.net/bugs/1859021 Signed-off-by: Alex Bennée <alex.bennee@linaro.org> --- tests/tcg/aarch64/system/vtimer.c | 48 +++++++++++++++++++++++ tests/tcg/aarch64/Makefile.softmmu-target | 4 ++ 2 files changed, 52 insertions(+) create mode 100644 tests/tcg/aarch64/system/vtimer.c diff --git a/tests/tcg/aarch64/system/vtimer.c b/tests/tcg/aarch64/system/vtimer.c new file mode 100644 index 00000000000..42f2f7796c7 --- /dev/null +++ b/tests/tcg/aarch64/system/vtimer.c @@ -0,0 +1,48 @@ +/* + * Simple Virtual Timer Test + * + * Copyright (c) 2020 Linaro Ltd + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#include <inttypes.h> +#include <minilib.h> + +/* grabbed from Linux */ +#define __stringify_1(x...) #x +#define __stringify(x...) __stringify_1(x) + +#define read_sysreg(r) ({ \ + uint64_t __val; \ + asm volatile("mrs %0, " __stringify(r) : "=r" (__val)); \ + __val; \ +}) + +#define write_sysreg(r, v) do { \ + uint64_t __val = (uint64_t)(v); \ + asm volatile("msr " __stringify(r) ", %x0" \ + : : "rZ" (__val)); \ +} while (0) + +int main(void) +{ + int i; + + ml_printf("VTimer Test\n"); + + write_sysreg(cntvoff_el2, 1); + write_sysreg(cntv_cval_el0, -1); + write_sysreg(cntv_ctl_el0, 1); + + ml_printf("cntvoff_el2=%lx\n", read_sysreg(cntvoff_el2)); + ml_printf("cntv_cval_el0=%lx\n", read_sysreg(cntv_cval_el0)); + ml_printf("cntv_ctl_el0=%lx\n", read_sysreg(cntv_ctl_el0)); + + /* Now read cval a few times */ + for (i = 0; i < 10; i++) { + ml_printf("%d: cntv_cval_el0=%lx\n", i, read_sysreg(cntv_cval_el0)); + } + + return 0; +} diff --git a/tests/tcg/aarch64/Makefile.softmmu-target b/tests/tcg/aarch64/Makefile.softmmu-target index 7b4eede3f07..62cdddbb215 100644 --- a/tests/tcg/aarch64/Makefile.softmmu-target +++ b/tests/tcg/aarch64/Makefile.softmmu-target @@ -62,3 +62,7 @@ run-memory-replay: memory-replay run-memory-record "$< on $(TARGET_NAME)") EXTRA_TESTS+=memory-record memory-replay + +# vtimer test +QEMU_EL2_MACHINE=-machine virt,virtualization=on,gic-version=2 -cpu cortex-a57 -smp 4 +run-vtimer: QEMU_OPTS=$(QEMU_EL2_MACHINE) $(QEMU_SEMIHOST) -kernel -- 2.20.1 ** Changed in: qemu Status: New => Confirmed ** Changed in: qemu Assignee: (unassigned) => Alex Bennée (ajbennee) ** Tags added: testcase -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1859021 Title: qemu-system-aarch64 (tcg): cval + voff overflow not handled, causes qemu to hang Status in QEMU: Confirmed Bug description: The Armv8 architecture reference manual states that for any timer set (e.g. CNTP* and CNTV*), the condition for such timer to generate an interrupt (if enabled & unmasked) is: CVAL <= CNT(P/V)CT Although this is arguably sloppy coding, I have seen code that is therefore assuming it can set CVAL to a very high value (e.g. UINT64_MAX) and leave the interrupt enabled in CTL, and never get the interrupt. On latest master commit as the time of writing, there is an integer overflow in target/arm/helper.c gt_recalc_timer affecting the virtual timer when the interrupt is enabled in CTL: /* Next transition is when we hit cval */ nexttick = gt->cval + offset; When this overflow happens, I notice that qemu is no longer responsive and that I have to SIGKILL the process: - qemu takes nearly all the cpu time of the cores it is running on (e.g. 50% cpu usage if running on half the cores) and is completely unresponsive - no guest interrupt (reported via -d int) is generated Here the minimal code example to reproduce the issue: mov x0, #1 msr cntvoff_el2, x0 mov x0, #-1 msr cntv_cval_el0, x0 mov x0, #1 msr cntv_ctl_el0, x0 // interrupt generation enabled, not masked; qemu will start to hang here Options used: -nographic -machine virt,virtualization=on,gic-version=2,accel=tcg -cpu cortex-a57 -smp 4 -m 1024 -kernel whatever.elf -d unimp,guest_errors,int -semihosting-config enable,target=native -serial mon:stdio Version used: 4.2 To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1859021/+subscriptions
next prev parent reply other threads:[~2020-01-09 16:26 UTC|newest] Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-01-09 13:24 [Bug 1859021] [NEW] qemu-system-aarch64 (tcg): cval + voff overflow not handled, causes qemu to hang Alex Longwall 2020-01-09 14:44 ` [Bug 1859021] " Alex Bennée 2020-01-09 16:25 ` Alex Bennée [this message] 2020-01-09 16:25 ` Alex Bennée 2020-07-28 14:44 ` Alex Bennée 2021-05-01 5:30 ` Thomas Huth 2020-01-10 16:16 [PATCH v1 0/2] fix for bug 1859021 Alex Bennée 2020-01-10 16:16 ` [PATCH v1 1/2] target/arm: detect 64 bit overflow caused by high cval + voff Alex Bennée 2020-01-10 16:16 ` [Bug 1859021] " Alex Bennée 2020-01-16 18:45 ` Peter Maydell 2020-01-16 18:45 ` [Bug 1859021] " Peter Maydell 2020-01-17 11:50 ` Peter Maydell 2020-01-17 11:50 ` [Bug 1859021] " Peter Maydell 2020-01-10 16:16 ` [PATCH v1 2/2] tests/tcg: add a vtimer test for aarch64 Alex Bennée 2020-01-17 14:07 ` Peter Maydell 2020-02-06 17:00 ` Alex Bennée
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20200109162545.1970-1-alex.bennee@linaro.org \ --to=alex.bennee@linaro.org \ --cc=1859021@bugs.launchpad.net \ --cc=peter.maydell@linaro.org \ --cc=qemu-arm@nongnu.org \ --cc=qemu-devel@nongnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).