From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:56176) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aJhhe-0004Fu-Sg for qemu-devel@nongnu.org; Thu, 14 Jan 2016 08:12:40 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aJhha-00034N-RJ for qemu-devel@nongnu.org; Thu, 14 Jan 2016 08:12:38 -0500 Received: from greensocs.com ([193.104.36.180]:48294) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aJhha-00034C-GY for qemu-devel@nongnu.org; Thu, 14 Jan 2016 08:12:34 -0500 References: <87oacqd7v9.fsf@linaro.org> <87mvs9db8f.fsf@linaro.org> <87io2wcnnk.fsf@linaro.org> From: KONRAD Frederic Message-ID: <56979EBF.7050701@greensocs.com> Date: Thu, 14 Jan 2016 14:12:31 +0100 MIME-Version: 1.0 In-Reply-To: <87io2wcnnk.fsf@linaro.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Subject: Re: [Qemu-devel] Status of my hacks on the MTTCG WIP branch List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: =?UTF-8?Q?Alex_Benn=c3=a9e?= , Pranith Kumar Cc: MTTCG Devel , Paolo Bonzini , QEMU Developers , alvise rigo Le 14/01/2016 14:10, Alex Benn=C3=A9e a =C3=A9crit : > Alex Benn=C3=A9e writes: > >> Pranith Kumar writes: >> >>> Hi Alex, >>> >>> On Tue, Jan 12, 2016 at 12:29 PM, Alex Benn=C3=A9e >>> wrote: >>> >>> https://github.com/stsquad/qemu/tree/mttcg/multi_tcg_v8_wip_ajb_fix_l= ocks >>> I built this branch and ran an arm64 guest. It seems to be failing >>> similarly to what I reported earlier: >>> >>> #0 0x00007ffff2211cc9 in __GI_raise (sig=3Dsig@entry=3D6) at >>> ../nptl/sysdeps/unix/sysv/linux/raise.c:56 >>> #1 0x00007ffff22150d8 in __GI_abort () at abort.c:89 >>> #2 0x000055555572014c in qemu_ram_addr_from_host_nofail >>> (ptr=3D0xffffffc000187863) at /home/pranith/devops/code/qemu/cputlb.c= :357 >>> #3 0x00005555557209dd in get_page_addr_code (env1=3D0x555556702058, >>> addr=3D18446743798833248356) at /home/pranith/devops/code/qemu/cputlb= .c:568 >>> #4 0x00005555556db98c in tb_find_physical (cpu=3D0x5555566f9dd0, >>> pc=3D18446743798833248356, cs_base=3D0, flags=3D18446744071830503424)= at >>> /home/pranith/devops/code/qemu/cpu-exec.c:224 >>> #5 0x00005555556dbaf4 in tb_find_slow (cpu=3D0x5555566f9dd0, >>> pc=3D18446743798833248356, cs_base=3D0, flags=3D18446744071830503424)= at >>> /home/pranith/devops/code/qemu/cpu-exec.c:268 >>> #6 0x00005555556dbc77 in tb_find_fast (cpu=3D0x5555566f9dd0) at >>> /home/pranith/devops/code/qemu/cpu-exec.c:311 >>> #7 0x00005555556dc0f1 in cpu_arm_exec (cpu=3D0x5555566f9dd0) at >>> /home/pranith/devops/code/qemu/cpu-exec.c:492 >>> #8 0x00005555557050ee in tcg_cpu_exec (cpu=3D0x5555566f9dd0) at >>> /home/pranith/devops/code/qemu/cpus.c:1486 >>> #9 0x00005555557051af in tcg_exec_all (cpu=3D0x5555566f9dd0) at >>> /home/pranith/devops/code/qemu/cpus.c:1515 >>> #10 0x0000555555704800 in qemu_tcg_cpu_thread_fn (arg=3D0x5555566f9dd= 0) at >>> /home/pranith/devops/code/qemu/cpus.c:1187 >>> #11 0x00007ffff25a8182 in start_thread (arg=3D0x7fffd20c8700) at >>> pthread_create.c:312 >>> #12 0x00007ffff22d547d in clone () at >>> ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 > > > Having seen a backtrace of a crash while the other thread was flushing > the TLB entries I sprinkled a bunch of: > > g_assert(cpu =3D=3D current_cpu); > > In all public functions in cputlb that took a CPU. There are a bunch of > cases that don't defer actions across CPUs which need to be fixed up. I > suspect they don't hit in the arm case because the type of TLB flushing > pattern is different. In aarch64 it my backtrace it was triggered by > tlbi_aa64_vae1is_write: > > 7 Thread 0x7ffe777fe700 (LWP 32705) "worker" sem_timedwait () at = ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_timedwait.S:101 > 6 Thread 0x7ffe77fff700 (LWP 32704) "worker" sem_timedwait () at = ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_timedwait.S:101 > 5 Thread 0x7fff8d9d0700 (LWP 32703) "CPU 1/TCG" 0x000055555572cc1= 8 in memcpy (__len=3D8, __src=3D, __dest=3D) > at /usr/include/x86_64-linux-gnu/bits/string3.h:51 > * 4 Thread 0x7fff8e1d1700 (LWP 32702) "CPU 0/TCG" memset () at ../sy= sdeps/x86_64/memset.S:94 > 3 Thread 0x7fff8f1cb700 (LWP 32701) "worker" sem_timedwait () at = ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_timedwait.S:101 > 2 Thread 0x7fffe45c8700 (LWP 32700) "qemu-system-aar" syscall () = at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38 > 1 Thread 0x7ffff7f98c00 (LWP 32696) "qemu-system-aar" 0x00007ffff= 0ba01ef in __GI_ppoll (fds=3D0x5555575cb5b0, nfds=3D8, timeout=3D, > timeout@entry=3D0x7fffffffdf60, sigmask=3Dsigmask@entry=3D0x0) at = ../sysdeps/unix/sysv/linux/ppoll.c:56 > #0 memset () at ../sysdeps/x86_64/memset.S:94 > #1 0x0000555555728bee in memset (__len=3D32768, __ch=3D0, __dest=3D0x5= 55556632568) at /usr/include/x86_64-linux-gnu/bits/string3.h:84 > #2 v_tlb_flush_by_mmuidx (argp=3D0x7fff8e1d0430, cpu=3D0x555556632380)= at /home/alex/lsrc/qemu/qemu.git/cputlb.c:136 > #3 tlb_flush_page_by_mmuidx (cpu=3Dcpu@entry=3D0x555556632380, addr=3D= addr@entry=3D547976253440) at /home/alex/lsrc/qemu/qemu.git/cputlb.c:243 > #4 0x00005555557fcb4a in tlbi_aa64_vae1is_write (env=3D= , ri=3D, value=3D) > at /home/alex/lsrc/qemu/qemu.git/target-arm/helper.c:2757 > #5 0x00007fffa441dac5 in code_gen_buffer () > #6 0x00005555556eef4b in cpu_tb_exec (tb_ptr=3D, cpu=3D= 0x5555565eddd0) at /home/alex/lsrc/qemu/qemu.git/cpu-exec.c:157 > #7 cpu_arm_exec (cpu=3Dcpu@entry=3D0x5555565eddd0) at /home/alex/lsrc/= qemu/qemu.git/cpu-exec.c:520 > #8 0x00005555557108e8 in tcg_cpu_exec (cpu=3D0x5555565eddd0) at /home/= alex/lsrc/qemu/qemu.git/cpus.c:1486 > #9 tcg_exec_all (cpu=3D0x5555565eddd0) at /home/alex/lsrc/qemu/qemu.gi= t/cpus.c:1515 > #10 qemu_tcg_cpu_thread_fn (arg=3D0x5555565eddd0) at /home/alex/lsrc/qe= mu/qemu.git/cpus.c:1187 > #11 0x00007ffff0e80182 in start_thread (arg=3D0x7fff8e1d1700) at pthrea= d_create.c:312 > #12 0x00007ffff0bad47d in clone () at ../sysdeps/unix/sysv/linux/x86_64= /clone.S:111 > [Switching to thread 5 (Thread 0x7fff8d9d0700 (LWP 32703))] > #0 0x000055555572cc18 in memcpy (__len=3D8, __src=3D, __dest=3D) at /usr/include/x86_64-linux-gnu/bits/string= 3.h:51 > 51 return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__des= t)); > #0 0x000055555572cc18 in memcpy (__len=3D8, __src=3D, __dest=3D) at /usr/include/x86_64-linux-gnu/bits/string= 3.h:51 > #1 stq_he_p (v=3D, ptr=3D) at /home/alex= /lsrc/qemu/qemu.git/include/qemu/bswap.h:292 > #2 stq_le_p (v=3D547973099520, ptr=3D) at /home/alex/ls= rc/qemu/qemu.git/include/qemu/bswap.h:327 > #3 helper_le_stq_mmu (env=3D0x55555663a608, addr=3D1844674380196158021= 6, val=3D547973099520, oi=3D, retaddr=3D140735948385557) > at /home/alex/lsrc/qemu/qemu.git/softmmu_template.h:455 > #4 0x00007fffa435ed17 in code_gen_buffer () > #5 0x00005555556eef4b in cpu_tb_exec (tb_ptr=3D, cpu=3D= 0x555556632380) at /home/alex/lsrc/qemu/qemu.git/cpu-exec.c:157 > #6 cpu_arm_exec (cpu=3Dcpu@entry=3D0x555556632380) at /home/alex/lsrc/= qemu/qemu.git/cpu-exec.c:520 > #7 0x00005555557108e8 in tcg_cpu_exec (cpu=3D0x555556632380) at /home/= alex/lsrc/qemu/qemu.git/cpus.c:1486 > #8 tcg_exec_all (cpu=3D0x555556632380) at /home/alex/lsrc/qemu/qemu.gi= t/cpus.c:1515 > #9 qemu_tcg_cpu_thread_fn (arg=3D0x555556632380) at /home/alex/lsrc/qe= mu/qemu.git/cpus.c:1187 > #10 0x00007ffff0e80182 in start_thread (arg=3D0x7fff8d9d0700) at pthrea= d_create.c:312 > #11 0x00007ffff0bad47d in clone () at ../sysdeps/unix/sysv/linux/x86_64= /clone.S:111 > A debugging session is active. > > Needless to say anything messing with structures used by the other > threads needs to take great care or doom will occur ;-) > > I'll look at fixing them up in my tree while Fred finishes his re-base. > > -- > Alex Benn=C3=A9e Hi, Is that possible those one have been added since the V7 version? I saw some changes there. Thanks, Fred