* [Qemu-devel] Regression bug
@ 2007-05-29 5:10 Ben Taylor
2007-05-29 8:56 ` Xavier Gnata
2007-05-29 12:31 ` risc
0 siblings, 2 replies; 10+ messages in thread
From: Ben Taylor @ 2007-05-29 5:10 UTC (permalink / raw)
To: qemu-devel
I've been keeping up with CVS patches for qemu about once a week. I just updated
tonight after the big round of patches that have been commited and am seeing a
consistent failure with my existing ubuntu-7.04 32-bit guest on Solaris 10/x86 32-bit
host. The last time I tested the CVS code would have been 5/21/07, so something
recently changed has broken the i386-softmmu
qemu: fatal: Trying to execute code outside RAM or ROM at 0xfffffff0
EAX=00000000 EBX=00000000 ECX=00000000 EDX=00000600
ESI=00000000 EDI=00000000 EBP=00000000 ESP=00000000
EIP=0000fff0 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 00000000 0000ffff 00000000
CS =f000 ffff0000 0000ffff 00000000
SS =0000 00000000 0000ffff 00000000
DS =0000 00000000 0000ffff 00000000
FS =0000 00000000 0000ffff 00000000
GS =0000 00000000 0000ffff 00000000
LDT=0000 00000000 0000ffff 00008000
TR =0000 00000000 0000ffff 00008000
GDT= 00000000 0000ffff
IDT= 00000000 0000ffff
CR0=60000010 CR2=00000000 CR3=00000000 CR4=00000000
CCS=00000000 CCD=00000000 CCO=EFLAGS
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
Anyone seen this?
Ben
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Qemu-devel] Regression bug
2007-05-29 5:10 Ben Taylor
@ 2007-05-29 8:56 ` Xavier Gnata
2007-05-29 12:31 ` risc
1 sibling, 0 replies; 10+ messages in thread
From: Xavier Gnata @ 2007-05-29 8:56 UTC (permalink / raw)
To: sol10x86, qemu-devel
Hi,
I do reproduce that trying to boot a kubuntu i386 on an i368.
Now we have to bisect...
Xavier.
> I've been keeping up with CVS patches for qemu about once a week. I just updated
> tonight after the big round of patches that have been commited and am seeing a
> consistent failure with my existing ubuntu-7.04 32-bit guest on Solaris 10/x86 32-bit
> host. The last time I tested the CVS code would have been 5/21/07, so something
> recently changed has broken the i386-softmmu
>
> qemu: fatal: Trying to execute code outside RAM or ROM at 0xfffffff0
>
> EAX=00000000 EBX=00000000 ECX=00000000 EDX=00000600
> ESI=00000000 EDI=00000000 EBP=00000000 ESP=00000000
> EIP=0000fff0 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
> ES =0000 00000000 0000ffff 00000000
> CS =f000 ffff0000 0000ffff 00000000
> SS =0000 00000000 0000ffff 00000000
> DS =0000 00000000 0000ffff 00000000
> FS =0000 00000000 0000ffff 00000000
> GS =0000 00000000 0000ffff 00000000
> LDT=0000 00000000 0000ffff 00008000
> TR =0000 00000000 0000ffff 00008000
> GDT= 00000000 0000ffff
> IDT= 00000000 0000ffff
> CR0=60000010 CR2=00000000 CR3=00000000 CR4=00000000
> CCS=00000000 CCD=00000000 CCO=EFLAGS
> FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
> FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
> FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
> FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
> FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
> XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
> XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
> XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000
> XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
>
> Anyone seen this?
>
> Ben
>
>
>
>
--
############################################
Xavier Gnata
CRAL - Observatoire de Lyon
9, avenue Charles André
69561 Saint Genis Laval cedex
Phone: +33 4 78 86 85 28
Fax: +33 4 78 86 83 86
E-mail: gnata@obs.univ-lyon1.fr
############################################
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Qemu-devel] Regression bug
2007-05-29 5:10 Ben Taylor
2007-05-29 8:56 ` Xavier Gnata
@ 2007-05-29 12:31 ` risc
1 sibling, 0 replies; 10+ messages in thread
From: risc @ 2007-05-29 12:31 UTC (permalink / raw)
To: sol10x86, qemu-devel
On Tue, May 29, 2007 at 01:10:02AM -0400, Ben Taylor wrote:
>
> I've been keeping up with CVS patches for qemu about once a week. I just updated
> tonight after the big round of patches that have been commited and am seeing a
> consistent failure with my existing ubuntu-7.04 32-bit guest on Solaris 10/x86 32-bit
> host. The last time I tested the CVS code would have been 5/21/07, so something
> recently changed has broken the i386-softmmu
>
> qemu: fatal: Trying to execute code outside RAM or ROM at 0xfffffff0
>
> EAX=00000000 EBX=00000000 ECX=00000000 EDX=00000600
> ESI=00000000 EDI=00000000 EBP=00000000 ESP=00000000
> EIP=0000fff0 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
> ES =0000 00000000 0000ffff 00000000
> CS =f000 ffff0000 0000ffff 00000000
> SS =0000 00000000 0000ffff 00000000
> DS =0000 00000000 0000ffff 00000000
> FS =0000 00000000 0000ffff 00000000
> GS =0000 00000000 0000ffff 00000000
> LDT=0000 00000000 0000ffff 00008000
> TR =0000 00000000 0000ffff 00008000
> GDT= 00000000 0000ffff
> IDT= 00000000 0000ffff
> CR0=60000010 CR2=00000000 CR3=00000000 CR4=00000000
> CCS=00000000 CCD=00000000 CCO=EFLAGS
> FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
> FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
> FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
> FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
> FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
> XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
> XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
> XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000
> XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
>
> Anyone seen this?
>
> Ben
>
Ben:
i've been monitoring this, and reporting on irc since the bug was comitted. i've tracked it down to somewhere between CVS version 2007-05-26 15:00 and 2007-05-26 17:40.
as in, 15:00 works, 17:40 dosent, and if i try to check out the version between.. it fails to compile.
I'm quite new here, so i didn't feel like yelling "the sky is falling" on a mailing list.
hope this helps,
Julia Longtin <risc@volumehost.com>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Qemu-devel] Regression bug
@ 2007-05-29 13:08 Ben Taylor
2007-05-29 17:34 ` Blue Swirl
2007-05-29 18:44 ` Blue Swirl
0 siblings, 2 replies; 10+ messages in thread
From: Ben Taylor @ 2007-05-29 13:08 UTC (permalink / raw)
To: risc, qemu-devel
Hi Julia,
---- risc@volumehost.com wrote:
> On Tue, May 29, 2007 at 01:10:02AM -0400, Ben Taylor wrote:
> >
> > I've been keeping up with CVS patches for qemu about once a week. I just updated
> > tonight after the big round of patches that have been commited and am seeing a
> > consistent failure with my existing ubuntu-7.04 32-bit guest on Solaris 10/x86 32-bit
> > host. The last time I tested the CVS code would have been 5/21/07, so something
> > recently changed has broken the i386-softmmu
> >
> > qemu: fatal: Trying to execute code outside RAM or ROM at 0xfffffff0
> >
> > Anyone seen this?
> >
> > Ben
> >
> Ben:
>
> i've been monitoring this, and reporting on irc since the bug was comitted. i've tracked it down to somewhere between CVS version 2007-05-26 15:00 and 2007-05-26 17:40.
> as in, 15:00 works, 17:40 dosent, and if i try to check out the version between.. it fails to compile.
Great spot. I reverted the patch to exec.c from 05/26/07 at 17:36 and QEMU
again booted my ubuntu 7.04 image.
Looks like the patch from http://cvs.savannah.gnu.org/viewcvs/qemu/exec.c?cvsroot=qemu&r1=1.96&r2=1.97
needs to be reverted and reworked before being recommitted.
> I'm quite new here, so i didn't feel like yelling "the sky is falling" on a mailing list.
What you did was perfect. Thanks.
>
> hope this helps,
>
> Julia Longtin <risc@volumehost.com>
Regards,
Ben
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Qemu-devel] Regression bug
2007-05-29 13:08 [Qemu-devel] Regression bug Ben Taylor
@ 2007-05-29 17:34 ` Blue Swirl
2007-05-29 18:44 ` Blue Swirl
1 sibling, 0 replies; 10+ messages in thread
From: Blue Swirl @ 2007-05-29 17:34 UTC (permalink / raw)
To: sol10x86, qemu-devel; +Cc: risc
On 5/29/07, Ben Taylor <sol10x86@cox.net> wrote:
> Looks like the patch from http://cvs.savannah.gnu.org/viewcvs/qemu/exec.c?cvsroot=qemu&r1=1.96&r2=1.97
> needs to be reverted and reworked before being recommitted.
Thank you for the reports. I still can't reproduce the bug, but it
seems that on PC, the area between 0xa0000 and 0x100000 is registered
multiple times and this could confuse the subpage code.
Adding printf to cpu_register_physical memory reveals:
cpu_register_physical_memory: start_addr 00000000000a0000 size 1000 phys_offset
70
cpu_register_physical_memory: start_addr 00000000000a0000 size 1000 phys_offset
70
cpu_register_physical_memory: start_addr 00000000000a0000 size 1000 phys_offset
70
cpu_register_physical_memory: start_addr 00000000000a0000 size 1000 phys_offset
70
cpu_register_physical_memory: start_addr 00000000000a0000 size 1000 phys_offset
70
cpu_register_physical_memory: start_addr 00000000000a0000 size 20000 phys_offset
70
cpu_register_physical_memory: start_addr 00000000000a0000 size 20000 phys_offset
a0000
The subpage part in cpu_register_physical_memory could be disabled
just for i386. A better fix would be to fix the PC/VGA/PIIX memory
registrations and also make the subpage code handle this case.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Qemu-devel] Regression bug
2007-05-29 13:08 [Qemu-devel] Regression bug Ben Taylor
2007-05-29 17:34 ` Blue Swirl
@ 2007-05-29 18:44 ` Blue Swirl
2007-05-29 19:04 ` risc
1 sibling, 1 reply; 10+ messages in thread
From: Blue Swirl @ 2007-05-29 18:44 UTC (permalink / raw)
To: sol10x86, qemu-devel; +Cc: risc
[-- Attachment #1: Type: text/plain, Size: 104 bytes --]
Hi,
I found a bug in the subpage checking code. Could you try if the
attached patch fixes the problem?
[-- Attachment #2: fix_subpage.diff --]
[-- Type: text/x-diff, Size: 820 bytes --]
Index: qemu/exec.c
===================================================================
--- qemu.orig/exec.c 2007-05-29 18:39:35.000000000 +0000
+++ qemu/exec.c 2007-05-29 18:39:54.000000000 +0000
@@ -1922,7 +1922,7 @@
need_subpage = 1; \
} \
\
- if (end_addr - addr > TARGET_PAGE_SIZE) \
+ if (end_addr - addr >= TARGET_PAGE_SIZE) \
end_addr2 = TARGET_PAGE_SIZE - 1; \
else { \
end_addr2 = (start_addr + orig_size - 1) & ~TARGET_PAGE_MASK; \
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Qemu-devel] Regression bug
2007-05-29 18:44 ` Blue Swirl
@ 2007-05-29 19:04 ` risc
2007-05-29 19:33 ` Blue Swirl
0 siblings, 1 reply; 10+ messages in thread
From: risc @ 2007-05-29 19:04 UTC (permalink / raw)
To: qemu-devel, blauwirbel
On Tue, May 29, 2007 at 09:44:39PM +0300, Blue Swirl wrote:
> Hi,
>
> I found a bug in the subpage checking code. Could you try if the
> attached patch fixes the problem?
thats a negative. the exact same behavior as before.
qemu: fatal: Trying to execute code outside RAM or ROM at 0xfffffff0
EAX=00000000 EBX=00000000 ECX=00000000 EDX=00000600
ESI=00000000 EDI=00000000 EBP=00000000 ESP=00000000
EIP=0000fff0 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 00000000 0000ffff 00000000
CS =f000 ffff0000 0000ffff 00000000
SS =0000 00000000 0000ffff 00000000
DS =0000 00000000 0000ffff 00000000
FS =0000 00000000 0000ffff 00000000
GS =0000 00000000 0000ffff 00000000
LDT=0000 00000000 0000ffff 00008000
TR =0000 00000000 0000ffff 00008000
GDT= 00000000 0000ffff
IDT= 00000000 0000ffff
CR0=60000010 CR2=00000000 CR3=00000000 CR4=00000000
CCS=00000000 CCD=00000000 CCO=EFLAGS
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
./start.sh: line 4: 14065 Aborted qemu -hda ide0.img
ouch.
Julia Longtin <risc@volumehost.com>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Qemu-devel] Regression bug
2007-05-29 19:04 ` risc
@ 2007-05-29 19:33 ` Blue Swirl
2007-05-29 20:01 ` risc
0 siblings, 1 reply; 10+ messages in thread
From: Blue Swirl @ 2007-05-29 19:33 UTC (permalink / raw)
To: risc@volumehost.com; +Cc: qemu-devel
[-- Attachment #1: Type: text/plain, Size: 612 bytes --]
On 5/29/07, risc@volumehost.com <risc@volumehost.com> wrote:
> On Tue, May 29, 2007 at 09:44:39PM +0300, Blue Swirl wrote:
> > Hi,
> >
> > I found a bug in the subpage checking code. Could you try if the
> > attached patch fixes the problem?
>
> thats a negative. the exact same behavior as before.
Thanks.
The bug was actually that on PC, the very last addresses are mapped,
and the current code failed when the start_addr + size wrapped back to
0. That didn't happen on amd64, where I first tried to reproduce the
bug.
The attached patch fixes the problem for me, I'll commit it if there
are no objections.
[-- Attachment #2: fix_subpage.diff --]
[-- Type: text/x-diff, Size: 1389 bytes --]
Index: qemu/exec.c
===================================================================
--- qemu.orig/exec.c 2007-05-29 19:31:15.000000000 +0000
+++ qemu/exec.c 2007-05-29 19:31:24.000000000 +0000
@@ -1922,7 +1922,7 @@
need_subpage = 1; \
} \
\
- if (end_addr - addr > TARGET_PAGE_SIZE) \
+ if ((start_addr + orig_size) - addr >= TARGET_PAGE_SIZE) \
end_addr2 = TARGET_PAGE_SIZE - 1; \
else { \
end_addr2 = (start_addr + orig_size - 1) & ~TARGET_PAGE_MASK; \
@@ -1944,9 +1944,9 @@
unsigned long orig_size = size;
void *subpage;
- end_addr = start_addr + (target_phys_addr_t)size;
size = (size + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK;
- for(addr = start_addr; addr < end_addr; addr += TARGET_PAGE_SIZE) {
+ end_addr = start_addr + (target_phys_addr_t)size;
+ for(addr = start_addr; addr != end_addr; addr += TARGET_PAGE_SIZE) {
p = phys_page_find(addr >> TARGET_PAGE_BITS);
if (p && p->phys_offset != IO_MEM_UNASSIGNED) {
unsigned long orig_memory = p->phys_offset;
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Qemu-devel] Regression bug
2007-05-29 19:33 ` Blue Swirl
@ 2007-05-29 20:01 ` risc
0 siblings, 0 replies; 10+ messages in thread
From: risc @ 2007-05-29 20:01 UTC (permalink / raw)
To: qemu-devel; +Cc: blauwirbel
On Tue, May 29, 2007 at 10:33:37PM +0300, Blue Swirl wrote:
> On 5/29/07, risc@volumehost.com <risc@volumehost.com> wrote:
> >On Tue, May 29, 2007 at 09:44:39PM +0300, Blue Swirl wrote:
> >> Hi,
> >>
> >> I found a bug in the subpage checking code. Could you try if the
> >> attached patch fixes the problem?
> >
> >thats a negative. the exact same behavior as before.
>
> Thanks.
>
> The bug was actually that on PC, the very last addresses are mapped,
> and the current code failed when the start_addr + size wrapped back to
> 0. That didn't happen on amd64, where I first tried to reproduce the
> bug.
>
> The attached patch fixes the problem for me, I'll commit it if there
> are no objections.
this patch works. thanks. :)
Julia Longtin <risc@volumehost.com>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Qemu-devel] Regression bug
@ 2007-05-30 11:27 Ben Taylor
0 siblings, 0 replies; 10+ messages in thread
From: Ben Taylor @ 2007-05-30 11:27 UTC (permalink / raw)
To: Blue Swirl; +Cc: qemu-devel
---- Blue Swirl <blauwirbel@gmail.com> wrote:
> On 5/29/07, risc@volumehost.com <risc@volumehost.com> wrote:
> > On Tue, May 29, 2007 at 09:44:39PM +0300, Blue Swirl wrote:
> > > Hi,
> > >
> > > I found a bug in the subpage checking code. Could you try if the
> > > attached patch fixes the problem?
> >
> > thats a negative. the exact same behavior as before.
>
> Thanks.
>
> The bug was actually that on PC, the very last addresses are mapped,
> and the current code failed when the start_addr + size wrapped back to
> 0. That didn't happen on amd64, where I first tried to reproduce the
> bug.
>
> The attached patch fixes the problem for me, I'll commit it if there
> are no objections.
Works for me, too.
Ben
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2007-05-30 11:27 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-05-29 13:08 [Qemu-devel] Regression bug Ben Taylor
2007-05-29 17:34 ` Blue Swirl
2007-05-29 18:44 ` Blue Swirl
2007-05-29 19:04 ` risc
2007-05-29 19:33 ` Blue Swirl
2007-05-29 20:01 ` risc
-- strict thread matches above, loose matches on Subject: below --
2007-05-30 11:27 Ben Taylor
2007-05-29 5:10 Ben Taylor
2007-05-29 8:56 ` Xavier Gnata
2007-05-29 12:31 ` risc
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).