qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
From: "Philippe Mathieu-Daudé" <1922391@bugs.launchpad.net>
To: qemu-devel@nongnu.org
Subject: [Bug 1922391] Re: [PATCH-for-6.0] hw/ppc/mac_newworld: Restrict RAM to 2 GiB
Date: Wed, 07 Apr 2021 13:44:35 -0000	[thread overview]
Message-ID: <b3211b93-62de-c36b-45ca-33da02a15736@amsat.org> (raw)
Message-ID: <20210407134435._OAOWey4oWraJP3glwVTE8fh8N9FPE8BFqUtHSWMm4k@z> (raw)
In-Reply-To: 161739653585.29688.16825149829487531908.malonedeb@gac.canonical.com

On 4/7/21 3:11 PM, Mark Cave-Ayland wrote:
> On 06/04/2021 09:48, Philippe Mathieu-Daudé wrote:
> 
>> On Mac99 and newer machines, the Uninorth PCI host bridge maps
>> the PCI hole region at 2GiB, so the RAM area beside 2GiB is not
>> accessible by the CPU. Restrict the memory to 2GiB to avoid
>> problems such the one reported in the buglink.
>>
>> Buglink: https://bugs.launchpad.net/qemu/+bug/1922391
>> Reported-by: Håvard Eidnes <he@NetBSD.org>
>> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
>> ---
>>   hw/ppc/mac_newworld.c | 4 ++++
>>   1 file changed, 4 insertions(+)
>>
>> diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c
>> index 21759628466..d88b38e9258 100644
>> --- a/hw/ppc/mac_newworld.c
>> +++ b/hw/ppc/mac_newworld.c
>> @@ -157,6 +157,10 @@ static void ppc_core99_init(MachineState *machine)
>>       }
>>         /* allocate RAM */
>> +    if (machine->ram_size > 2 * GiB) {
>> +        error_report("RAM size more than 2 GiB is not supported");
>> +        exit(1);
>> +    }
>>       memory_region_add_subregion(get_system_memory(), 0, machine->ram);
>>         /* allocate and load firmware ROM */
> 
> I think the patch is correct, however I'm fairly sure that the default
> g3beige machine also has the PCI hole located at 0x80000000 so the same
> problem exists there too.
> 
> Also are you keen to get this merged for 6.0? It doesn't seem to solve a
> security issue/release blocker and I'm sure the current behaviour has
> been like this for a long time...

No problem. I wanted to revisit this bug anyway, I realized during the
night, while this patch makes QEMU exit cleanly, it hides the bug which
is likely in TYPE_MACIO_IDE (I haven't tried Håvard's full reproducer).

Regards,

Phil.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1922391

Title:
  qemu-system-ppc assertion "!mr->container" failed

Status in QEMU:
  Confirmed

Bug description:
  Hi,

  I'm trying to run the NetBSD/macppc 8.2 installer (which is 32-bit ppc) in qemu-system-ppc version 5.2.0, and I'm hitting this assertion failure
  quite a bit into the "unpacking sets" part of the installation procedure,
  unpacking from the install iso image.

  Qemu is run on a NetBSD/amd64 9.1 host system.

  The asert message from qemu is

  assertion "!mr->container" failed: file "../softmmu/memory.c", line
  1739, function "memory_region_finalize"

  The stack backtrace from the core file (when built with debug symbols)
  is

  Core was generated by `qemu-system-ppc'.
  Program terminated with signal SIGABRT, Aborted.
  #0  0x00007a8f2596791a in _lwp_kill () from /usr/lib/libc.so.12
  [Current thread is 1 (process 1)]
  (gdb) where
  #0  0x00007a8f2596791a in _lwp_kill () from /usr/lib/libc.so.12
  #1  0x00007a8f259671ca in abort () from /usr/lib/libc.so.12
  #2  0x00007a8f258a8507 in __assert13 () from /usr/lib/libc.so.12
  #3  0x000000003e79d8a0 in memory_region_finalize (obj=<optimized out>)
      at ../softmmu/memory.c:1739
  #4  0x000000003e87aacc in object_deinit (type=0x7a8f2c280780, 
      obj=<optimized out>) at ../qom/object.c:671
  #5  object_finalize (data=0x7a8f2b62baa0) at ../qom/object.c:685
  #6  object_unref (objptr=0x7a8f2b62baa0) at ../qom/object.c:1183
  #7  0x000000003e87aa96 in object_property_del_all (obj=0x7a8f2b629000)
      at ../qom/object.c:623
  #8  object_finalize (data=0x7a8f2b629000) at ../qom/object.c:684
  #9  object_unref (objptr=0x7a8f2b629000) at ../qom/object.c:1183
  #10 0x000000003e79ab6b in memory_region_unref (mr=<optimized out>)
      at ../softmmu/memory.c:1787
  #11 0x000000003e7d8eb4 in address_space_unmap (
      as=as@entry=0x3f4731a0 <address_space_memory>, buffer=<optimized out>, 
      len=<optimized out>, is_write=<optimized out>, access_len=<optimized out>)
      at ../softmmu/physmem.c:3222
  #12 0x000000003e66389a in dma_memory_unmap (access_len=<optimized out>, 
      dir=<optimized out>, len=<optimized out>, buffer=<optimized out>, 
      as=<optimized out>)
      at /usr/pkgsrc/emulators/qemu/work/qemu-5.2.0/include/sysemu/dma.h:145
  #13 pmac_ide_atapi_transfer_cb (opaque=0x7a8f2ab4aef0, ret=<optimized out>)
      at ../hw/ide/macio.c:122
  #14 0x000000003e5b22a0 in dma_complete (ret=0, dbs=0x7a8f2bb4d380)
      at ../softmmu/dma-helpers.c:120
  #15 dma_blk_cb (opaque=0x7a8f2bb4d380, ret=0) at ../softmmu/dma-helpers.c:138
  #16 0x000000003e864ef7 in blk_aio_complete (acb=0x7a8f2af2be90)
      at ../block/block-backend.c:1412
  #17 0x000000003e9a9be1 in coroutine_trampoline (i0=<optimized out>, 
      i1=<optimized out>) at ../util/coroutine-ucontext.c:173
  #18 0x00007a8f25864150 in ?? () from /usr/lib/libc.so.12
  Backtrace stopped: Cannot access memory at address 0x7a8e137ec000
  (gdb) 

  
  I start qemu with this small script:

  ---
  #!/bin/sh

  MEM=3g
  qemu-system-ppc \
          -M mac99,via=pmu \
          -m $MEM  \
          -nographic \
          -drive id=hda,format=raw,file=disk.img \
          -L pc-bios \
          -netdev user,id=net0,hostfwd=tcp::2223-:22,ipv6=off \
          -net nic,model=rtl8139,netdev=net0 \
          -boot d \
          -cdrom NetBSD-8.2-macppc.iso
  ---

  and boot the install kernel with "boot cd:ofwboot.xcf".  If someone wants
  to replicate this I can provide more detailed instructions to repeat the
  procedure I used to start the install.

  Any hints about what more to look for?

  Regards,

  - Håvard

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1922391/+subscriptions


  parent reply	other threads:[~2021-04-07 14:01 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-06  8:48 [PATCH-for-6.0] hw/ppc/mac_newworld: Restrict RAM to 2 GiB Philippe Mathieu-Daudé
2021-04-06 10:38 ` BALATON Zoltan
2021-04-07 13:11 ` Mark Cave-Ayland
2021-04-07 13:44   ` Philippe Mathieu-Daudé [this message]
2021-04-07 13:44     ` [Bug 1922391] " Philippe Mathieu-Daudé
2021-04-08  2:34     ` David Gibson
2021-04-08  2:33 ` David Gibson
  -- strict thread matches above, loose matches on Subject: below --
2021-04-02 20:48 [Bug 1922391] [NEW] qemu-system-ppc assertion "!mr->container" failed Håvard Eidnes
2021-04-02 21:00 ` [Bug 1922391] " Håvard Eidnes
2021-04-02 21:59 ` Håvard Eidnes
2021-04-05 19:40 ` Håvard Eidnes
2021-04-06  7:39 ` Philippe Mathieu-Daudé
2021-04-06 10:14 ` Philippe Mathieu-Daudé
2021-05-15 10:25 ` Thomas Huth

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=b3211b93-62de-c36b-45ca-33da02a15736@amsat.org \
    --to=1922391@bugs.launchpad.net \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).