From: "Philippe Mathieu-Daudé" <1922391@bugs.launchpad.net>
To: qemu-devel@nongnu.org
Subject: [Bug 1922391] Re: [PATCH-for-6.0] hw/ppc/mac_newworld: Restrict RAM to 2 GiB
Date: Wed, 07 Apr 2021 13:44:35 -0000 [thread overview]
Message-ID: <b3211b93-62de-c36b-45ca-33da02a15736@amsat.org> (raw)
Message-ID: <20210407134435._OAOWey4oWraJP3glwVTE8fh8N9FPE8BFqUtHSWMm4k@z> (raw)
In-Reply-To: 161739653585.29688.16825149829487531908.malonedeb@gac.canonical.com
On 4/7/21 3:11 PM, Mark Cave-Ayland wrote:
> On 06/04/2021 09:48, Philippe Mathieu-Daudé wrote:
>
>> On Mac99 and newer machines, the Uninorth PCI host bridge maps
>> the PCI hole region at 2GiB, so the RAM area beside 2GiB is not
>> accessible by the CPU. Restrict the memory to 2GiB to avoid
>> problems such the one reported in the buglink.
>>
>> Buglink: https://bugs.launchpad.net/qemu/+bug/1922391
>> Reported-by: Håvard Eidnes <he@NetBSD.org>
>> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
>> ---
>> hw/ppc/mac_newworld.c | 4 ++++
>> 1 file changed, 4 insertions(+)
>>
>> diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c
>> index 21759628466..d88b38e9258 100644
>> --- a/hw/ppc/mac_newworld.c
>> +++ b/hw/ppc/mac_newworld.c
>> @@ -157,6 +157,10 @@ static void ppc_core99_init(MachineState *machine)
>> }
>> /* allocate RAM */
>> + if (machine->ram_size > 2 * GiB) {
>> + error_report("RAM size more than 2 GiB is not supported");
>> + exit(1);
>> + }
>> memory_region_add_subregion(get_system_memory(), 0, machine->ram);
>> /* allocate and load firmware ROM */
>
> I think the patch is correct, however I'm fairly sure that the default
> g3beige machine also has the PCI hole located at 0x80000000 so the same
> problem exists there too.
>
> Also are you keen to get this merged for 6.0? It doesn't seem to solve a
> security issue/release blocker and I'm sure the current behaviour has
> been like this for a long time...
No problem. I wanted to revisit this bug anyway, I realized during the
night, while this patch makes QEMU exit cleanly, it hides the bug which
is likely in TYPE_MACIO_IDE (I haven't tried Håvard's full reproducer).
Regards,
Phil.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1922391
Title:
qemu-system-ppc assertion "!mr->container" failed
Status in QEMU:
Confirmed
Bug description:
Hi,
I'm trying to run the NetBSD/macppc 8.2 installer (which is 32-bit ppc) in qemu-system-ppc version 5.2.0, and I'm hitting this assertion failure
quite a bit into the "unpacking sets" part of the installation procedure,
unpacking from the install iso image.
Qemu is run on a NetBSD/amd64 9.1 host system.
The asert message from qemu is
assertion "!mr->container" failed: file "../softmmu/memory.c", line
1739, function "memory_region_finalize"
The stack backtrace from the core file (when built with debug symbols)
is
Core was generated by `qemu-system-ppc'.
Program terminated with signal SIGABRT, Aborted.
#0 0x00007a8f2596791a in _lwp_kill () from /usr/lib/libc.so.12
[Current thread is 1 (process 1)]
(gdb) where
#0 0x00007a8f2596791a in _lwp_kill () from /usr/lib/libc.so.12
#1 0x00007a8f259671ca in abort () from /usr/lib/libc.so.12
#2 0x00007a8f258a8507 in __assert13 () from /usr/lib/libc.so.12
#3 0x000000003e79d8a0 in memory_region_finalize (obj=<optimized out>)
at ../softmmu/memory.c:1739
#4 0x000000003e87aacc in object_deinit (type=0x7a8f2c280780,
obj=<optimized out>) at ../qom/object.c:671
#5 object_finalize (data=0x7a8f2b62baa0) at ../qom/object.c:685
#6 object_unref (objptr=0x7a8f2b62baa0) at ../qom/object.c:1183
#7 0x000000003e87aa96 in object_property_del_all (obj=0x7a8f2b629000)
at ../qom/object.c:623
#8 object_finalize (data=0x7a8f2b629000) at ../qom/object.c:684
#9 object_unref (objptr=0x7a8f2b629000) at ../qom/object.c:1183
#10 0x000000003e79ab6b in memory_region_unref (mr=<optimized out>)
at ../softmmu/memory.c:1787
#11 0x000000003e7d8eb4 in address_space_unmap (
as=as@entry=0x3f4731a0 <address_space_memory>, buffer=<optimized out>,
len=<optimized out>, is_write=<optimized out>, access_len=<optimized out>)
at ../softmmu/physmem.c:3222
#12 0x000000003e66389a in dma_memory_unmap (access_len=<optimized out>,
dir=<optimized out>, len=<optimized out>, buffer=<optimized out>,
as=<optimized out>)
at /usr/pkgsrc/emulators/qemu/work/qemu-5.2.0/include/sysemu/dma.h:145
#13 pmac_ide_atapi_transfer_cb (opaque=0x7a8f2ab4aef0, ret=<optimized out>)
at ../hw/ide/macio.c:122
#14 0x000000003e5b22a0 in dma_complete (ret=0, dbs=0x7a8f2bb4d380)
at ../softmmu/dma-helpers.c:120
#15 dma_blk_cb (opaque=0x7a8f2bb4d380, ret=0) at ../softmmu/dma-helpers.c:138
#16 0x000000003e864ef7 in blk_aio_complete (acb=0x7a8f2af2be90)
at ../block/block-backend.c:1412
#17 0x000000003e9a9be1 in coroutine_trampoline (i0=<optimized out>,
i1=<optimized out>) at ../util/coroutine-ucontext.c:173
#18 0x00007a8f25864150 in ?? () from /usr/lib/libc.so.12
Backtrace stopped: Cannot access memory at address 0x7a8e137ec000
(gdb)
I start qemu with this small script:
---
#!/bin/sh
MEM=3g
qemu-system-ppc \
-M mac99,via=pmu \
-m $MEM \
-nographic \
-drive id=hda,format=raw,file=disk.img \
-L pc-bios \
-netdev user,id=net0,hostfwd=tcp::2223-:22,ipv6=off \
-net nic,model=rtl8139,netdev=net0 \
-boot d \
-cdrom NetBSD-8.2-macppc.iso
---
and boot the install kernel with "boot cd:ofwboot.xcf". If someone wants
to replicate this I can provide more detailed instructions to repeat the
procedure I used to start the install.
Any hints about what more to look for?
Regards,
- Håvard
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1922391/+subscriptions
next prev parent reply other threads:[~2021-04-07 14:01 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-06 8:48 [PATCH-for-6.0] hw/ppc/mac_newworld: Restrict RAM to 2 GiB Philippe Mathieu-Daudé
2021-04-06 10:38 ` BALATON Zoltan
2021-04-07 13:11 ` Mark Cave-Ayland
2021-04-07 13:44 ` Philippe Mathieu-Daudé [this message]
2021-04-07 13:44 ` [Bug 1922391] " Philippe Mathieu-Daudé
2021-04-08 2:34 ` David Gibson
2021-04-08 2:33 ` David Gibson
-- strict thread matches above, loose matches on Subject: below --
2021-04-02 20:48 [Bug 1922391] [NEW] qemu-system-ppc assertion "!mr->container" failed Håvard Eidnes
2021-04-02 21:00 ` [Bug 1922391] " Håvard Eidnes
2021-04-02 21:59 ` Håvard Eidnes
2021-04-05 19:40 ` Håvard Eidnes
2021-04-06 7:39 ` Philippe Mathieu-Daudé
2021-04-06 10:14 ` Philippe Mathieu-Daudé
2021-05-15 10:25 ` Thomas Huth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b3211b93-62de-c36b-45ca-33da02a15736@amsat.org \
--to=1922391@bugs.launchpad.net \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).