Re: [Qemu-devel] [Bug 1285363] Re: qemu-aarch64-static segfaults

[Serge Hallyn <1285363@bugs.launchpad.net>]

Quoting Peter Maydell (peter.maydell@linaro.org):
> Doing this only for aarch64 targets seems like a bad idea to me -- this
> isn't an aarch64 specific issue. QEMU needs SIGSEGV to go to its own
> handler (so we can unprotect pages we've marked as read-only in order to
> catch guest writes to them so we can throw away invalidated translated
> code), and that's true for all targets. It probably just happens more
> often on the aarch64 target than others you've tested because aarch64
> has a signal-return trampoline on the stack frame, so we'll often see
> that page get translated and thrown away again. (Other targets with a
> trampoline include sparc, cris, openrisc and ppc.)

I see.  I've just pushed the customized patch to the archive.  We can
switch to the original patchset though.  But, I'd also like to see what
ends up hitting upstream.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1285363

Title:
  qemu-aarch64-static segfaults

Status in QEMU:
  New
Status in “qemu” package in Ubuntu:
  Confirmed

Bug description:
  I've found a couple conditions that causes qemu-user-static to core
  dump fairly reliably - same with upstream git - while a binary built
  from suse's aarch64-1.6 branch seems to consistently work fine.

  Testing suggests they are resolved by the sigprocmask wrapper patches
  included in suse's tree.

   1) dh_fixperms is a script that commonly runs at the end of a package build.
       Its basically doing a `find | xargs chmod`.
   2) debootstrap --second-stage
       This is used to configure an arm64 chroot that was built using
       debootstrap on a non-native host. It is basically invoking a bunch of
       shell scripts (postinst, etc). When it blows up, the stack consistently
       looks like this:

  Core was generated by `/usr/bin/qemu-aarch64-static /bin/sh -e
  /debootstrap/debootstrap --second-stage'.
  Program terminated with signal SIGSEGV, Segmentation fault.
  #0  0x0000000060058e55 in memcpy (__len=8, __src=0x7fff62ae34e0,
  __dest=0x400082c330) at
  /usr/include/x86_64-linux-gnu/bits/string3.h:51
  51  return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));
  (gdb) bt
  #0  0x0000000060058e55 in memcpy (__len=8, __src=0x7fff62ae34e0,
  __dest=0x400082c330) at
  /usr/include/x86_64-linux-gnu/bits/string3.h:51
  #1  stq_p (v=274886476624, ptr=0x400082c330) at
  /mnt/qemu.upstream/include/qemu/bswap.h:280
  #2  stq_le_p (v=274886476624, ptr=0x400082c330) at
  /mnt/qemu.upstream/include/qemu/bswap.h:315
  #3  target_setup_sigframe (set=0x7fff62ae3530, env=0x62d9c678,
  sf=0x400082b0d0) at /mnt/qemu.upstream/linux-user/signal.c:1167
  #4  target_setup_frame (usig=usig@entry=17, ka=ka@entry=0x604ec1e0
  <sigact_table+512>, info=info@entry=0x0, set=set@entry=0x7fff62ae3530,
  env=env@entry=0x62d9c678)
      at /mnt/qemu.upstream/linux-user/signal.c:1286
  #5  0x0000000060059f46 in setup_frame (env=0x62d9c678,
  set=0x7fff62ae3530, ka=0x604ec1e0 <sigact_table+512>, sig=17) at
  /mnt/qemu.upstream/linux-user/signal.c:1322
  #6  process_pending_signals (cpu_env=cpu_env@entry=0x62d9c678) at
  /mnt/qemu.upstream/linux-user/signal.c:5747
  #7  0x0000000060056e60 in cpu_loop (env=env@entry=0x62d9c678) at
  /mnt/qemu.upstream/linux-user/main.c:1082
  #8  0x0000000060005079 in main (argc=<optimized out>, argv=<optimized
  out>, envp=<optimized out>) at
  /mnt/qemu.upstream/linux-user/main.c:4374

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1285363/+subscriptions