From: "Philippe Mathieu-Daudé" <philmd@linaro.org>
To: Ilya Leoshkevich <iii@linux.ibm.com>,
qemu-devel@nongnu.org,
Richard Henderson <richard.henderson@linaro.org>
Cc: Anton Johansson <anjo@rev.ng>, Peter Maydell <peter.maydell@linaro.org>
Subject: Re: [PATCH v3 00/13] exec: Rework around CPUState user fields (part 2)
Date: Thu, 2 May 2024 12:27:18 +0200 [thread overview]
Message-ID: <0f147b71-a013-4c72-a860-d12636a45d22@linaro.org> (raw)
In-Reply-To: <uuuk6a2vo24yrrqrchjxaeko3utqshrdu6txcnqziokpg7dkom@4l4kd3dqh6jc>
On 30/4/24 23:42, Ilya Leoshkevich wrote:
> On Tue, Apr 30, 2024 at 09:00:17PM +0200, Philippe Mathieu-Daudé wrote:
>> On 30/4/24 20:45, Philippe Mathieu-Daudé wrote:
>>> Hi Ilya,
>>>
>>> On 30/4/24 19:55, Ilya Leoshkevich wrote:
>>>> On Tue, Apr 30, 2024 at 02:27:54PM +0200, Philippe Mathieu-Daudé wrote:
>>>>> Missing WASM testing by Ilya (branch available at
>>>>> https://gitlab.com/philmd/qemu/-/commits/tcg_flush_jmp_cache)
>>>>
>>>> Hmm, it dies very early now:
>>>>
>>>> # gdb --args ./qemu-s390x -L /usr/s390x-linux-gnu /build/wasmtime/target/s390x-unknown-linux-gnu/debug/deps/component_fuzz_util-d10a3a6b4ad8af47
>>>>
>>>> Thread 1 "qemu-s390x" received signal SIGSEGV, Segmentation fault.
>>>> 0x000055555559b718 in cpu_common_realizefn (dev=0x5555557c28c0,
>>>> errp=<optimized out>) at
>>>> ../home/iii/myrepos/qemu/hw/core/cpu-common.c:217
>>>> 217 cpu->accel->plugin_state =
>>>> qemu_plugin_create_vcpu_state();
>>>>
>>>> (gdb) bt
>>>> #0 0x000055555559b718 in cpu_common_realizefn
>>>> (dev=0x5555557c28c0, errp=<optimized out>) at
>>>> ../home/iii/myrepos/qemu/hw/core/cpu-common.c:217
>>>> #1 0x000055555559f59a in s390_cpu_realizefn (dev=0x5555557c28c0,
>>>> errp=0x7fffffffe1a0) at
>>>> ../home/iii/myrepos/qemu/target/s390x/cpu.c:284
>>>> #2 0x000055555563f76b in device_set_realized (obj=<optimized
>>>> out>, value=<optimized out>, errp=0x7fffffffe2e0) at
>>>> ../home/iii/myrepos/qemu/hw/core/qdev.c:510
>>>> #3 0x000055555564363d in property_set_bool (obj=0x5555557c28c0,
>>>> v=<optimized out>, name=<optimized out>, opaque=0x5555557a9140,
>>>> errp=0x7fffffffe2e0) at ../home/iii/myrepos/qemu/qom/object.c:2362
>>>> #4 0x0000555555646b9b in object_property_set
>>>> (obj=obj@entry=0x5555557c28c0, name=name@entry=0x5555556e8ae2
>>>> "realized", v=v@entry=0x5555557c6650,
>>>> errp=errp@entry=0x7fffffffe2e0)
>>>> at ../home/iii/myrepos/qemu/qom/object.c:1471
>>>> #5 0x000055555564a43f in object_property_set_qobject
>>>> (obj=obj@entry=0x5555557c28c0, name=name@entry=0x5555556e8ae2
>>>> "realized", value=value@entry=0x5555557a7a90,
>>>> errp=errp@entry=0x7fffffffe2e0)
>>>> at ../home/iii/myrepos/qemu/qom/qom-qobject.c:28
>>>> #6 0x0000555555647204 in object_property_set_bool
>>>> (obj=0x5555557c28c0, name=name@entry=0x5555556e8ae2 "realized",
>>>> value=value@entry=true, errp=errp@entry=0x7fffffffe2e0)
>>>> at ../home/iii/myrepos/qemu/qom/object.c:1541
>>>> #7 0x000055555564025c in qdev_realize (dev=<optimized out>,
>>>> bus=bus@entry=0x0, errp=errp@entry=0x7fffffffe2e0) at
>>>> ../home/iii/myrepos/qemu/hw/core/qdev.c:291
>>>> #8 0x000055555559bbb4 in cpu_create (typename=<optimized out>)
>>>> at ../home/iii/myrepos/qemu/hw/core/cpu-common.c:61
>>>> #9 0x000055555559a467 in main (argc=4, argv=0x7fffffffeaa8,
>>>> envp=<optimized out>) at
>>>> ../home/iii/myrepos/qemu/linux-user/main.c:811
>>>>
>>>> (gdb) p cpu
>>>> $1 = (CPUState *) 0x5555557c28c0
>>>> (gdb) p cpu->accel
>>>> $2 = (AccelCPUState *) 0x0
>>>>
>>>> Configured with: '/home/iii/myrepos/qemu/configure'
>>>> '--target-list=s390x-linux-user' '--disable-tools' '--disable-slirp'
>>>> '--disable-fdt' '--disable-capstone' '--disable-docs'
>>>>
> Now I get:
>
> Thread 1 "qemu-s390x" received signal SIGABRT, Aborted.
> __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44
> 44 ./nptl/pthread_kill.c: No such file or directory.
> (gdb) bt
> #0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44
> #1 0x00007ffff7c41e8f in __pthread_kill_internal (signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:78
> #2 0x00007ffff7bf2fb2 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
> #3 0x00007ffff7bdd472 in __GI_abort () at ./stdlib/abort.c:79
> #4 0x00007ffff7bdd395 in __assert_fail_base (fmt=0x7ffff7d51a90 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x5555556d71b8 "cpu->accel",
> file=file@entry=0x5555556d70e0 "../home/iii/myrepos/qemu/cpu-target.c", line=line@entry=158, function=function@entry=0x5555556d7260 <__PRETTY_FUNCTION__.3> "cpu_exec_realizefn") at ./assert/assert.c:92
> #5 0x00007ffff7bebeb2 in __GI___assert_fail (assertion=assertion@entry=0x5555556d71b8 "cpu->accel", file=file@entry=0x5555556d70e0 "../home/iii/myrepos/qemu/cpu-target.c", line=line@entry=158,
> function=function@entry=0x5555556d7260 <__PRETTY_FUNCTION__.3> "cpu_exec_realizefn") at ./assert/assert.c:101
> #6 0x00005555555d44ca in cpu_exec_realizefn (cpu=cpu@entry=0x5555557c28c0, errp=errp@entry=0x7fffffffe140) at ../home/iii/myrepos/qemu/cpu-target.c:158
> #7 0x000055555559f50b in s390_cpu_realizefn (dev=0x5555557c28c0, errp=0x7fffffffe1a0) at ../home/iii/myrepos/qemu/target/s390x/cpu.c:261
> #8 0x000055555563f78b in device_set_realized (obj=<optimized out>, value=<optimized out>, errp=0x7fffffffe2e0) at ../home/iii/myrepos/qemu/hw/core/qdev.c:510
> #9 0x000055555564365d in property_set_bool (obj=0x5555557c28c0, v=<optimized out>, name=<optimized out>, opaque=0x5555557a9140, errp=0x7fffffffe2e0) at ../home/iii/myrepos/qemu/qom/object.c:2362
> #10 0x0000555555646bbb in object_property_set (obj=obj@entry=0x5555557c28c0, name=name@entry=0x5555556e8ae2 "realized", v=v@entry=0x5555557c6650, errp=errp@entry=0x7fffffffe2e0)
> at ../home/iii/myrepos/qemu/qom/object.c:1471
> #11 0x000055555564a45f in object_property_set_qobject (obj=obj@entry=0x5555557c28c0, name=name@entry=0x5555556e8ae2 "realized", value=value@entry=0x5555557a7a90, errp=errp@entry=0x7fffffffe2e0)
> at ../home/iii/myrepos/qemu/qom/qom-qobject.c:28
> #12 0x0000555555647224 in object_property_set_bool (obj=0x5555557c28c0, name=name@entry=0x5555556e8ae2 "realized", value=value@entry=true, errp=errp@entry=0x7fffffffe2e0)
> at ../home/iii/myrepos/qemu/qom/object.c:1541
> #13 0x000055555564027c in qdev_realize (dev=<optimized out>, bus=bus@entry=0x0, errp=errp@entry=0x7fffffffe2e0) at ../home/iii/myrepos/qemu/hw/core/qdev.c:291
> #14 0x000055555559bb54 in cpu_create (typename=<optimized out>) at ../home/iii/myrepos/qemu/hw/core/cpu-common.c:57
> #15 0x000055555559a467 in main (argc=4, argv=0x7fffffffeaa8, envp=<optimized out>) at ../home/iii/myrepos/qemu/linux-user/main.c:811
From code review I think the problem is my commit bb6cf6f016
("accel/tcg: Factor tcg_cpu_reset_hold() out") which wanted
to restrict tlb_flush() to system emulation, but inadvertently
also restricted tcg_flush_jmp_cache(), which was before called
via Realize -> Reset -> cpu_common_reset_hold(). Apparently
now this code can't happen on user emulation.
next prev parent reply other threads:[~2024-05-02 10:27 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-30 12:27 [PATCH v3 00/13] exec: Rework around CPUState user fields (part 2) Philippe Mathieu-Daudé
2024-04-30 12:27 ` [PATCH v3 01/13] accel/tcg: Restrict qemu_plugin_vcpu_exit_hook() to TCG plugins Philippe Mathieu-Daudé
2024-04-30 12:27 ` [PATCH v3 02/13] accel/tcg: Restrict cpu_plugin_mem_cbs_enabled() to TCG Philippe Mathieu-Daudé
2024-04-30 12:27 ` [PATCH v3 03/13] accel/tcg: Move @plugin_mem_cbs from CPUState to CPUNegativeOffsetState Philippe Mathieu-Daudé
2024-04-30 12:27 ` [PATCH v3 04/13] accel/tcg: Move @plugin_state from CPUState to TCG AccelCPUState Philippe Mathieu-Daudé
2024-04-30 12:27 ` [PATCH v3 05/13] accel/tcg: Restrict cpu_loop_exit_requested() to TCG Philippe Mathieu-Daudé
2024-04-30 12:28 ` [PATCH v3 06/13] accel/tcg: Restrict IcountDecr / can_do_io / CPUTLB " Philippe Mathieu-Daudé
2024-04-30 12:28 ` [PATCH v3 07/13] accel/tcg: Move @jmp_env from CPUState to TCG AccelCPUState Philippe Mathieu-Daudé
2024-04-30 12:28 ` [PATCH v3 08/13] accel/tcg: Move @cflags_next_tb " Philippe Mathieu-Daudé
2024-04-30 12:28 ` [PATCH v3 09/13] accel/tcg: Move @iommu_notifiers " Philippe Mathieu-Daudé
2024-04-30 12:28 ` [PATCH v3 10/13] accel/tcg: Move @tcg_cflags " Philippe Mathieu-Daudé
2024-04-30 12:28 ` [PATCH v3 11/13] accel/tcg: Restrict icount to system emulation Philippe Mathieu-Daudé
2024-04-30 12:28 ` [PATCH v3 12/13] accel/tcg: Move icount fields from CPUState to TCG AccelCPUState Philippe Mathieu-Daudé
2024-04-30 12:28 ` [PATCH v3 13/13] accel/tcg: Move @tb_jmp_cache " Philippe Mathieu-Daudé
2024-04-30 17:55 ` [PATCH v3 00/13] exec: Rework around CPUState user fields (part 2) Ilya Leoshkevich
2024-04-30 18:45 ` Philippe Mathieu-Daudé
2024-04-30 19:00 ` Philippe Mathieu-Daudé
2024-04-30 21:42 ` Ilya Leoshkevich
2024-05-02 10:27 ` Philippe Mathieu-Daudé [this message]
2024-05-02 13:35 ` Philippe Mathieu-Daudé
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0f147b71-a013-4c72-a860-d12636a45d22@linaro.org \
--to=philmd@linaro.org \
--cc=anjo@rev.ng \
--cc=iii@linux.ibm.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).