From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1MWosK-0002Cn-Bu
	for qemu-devel@nongnu.org; Fri, 31 Jul 2009 05:58:08 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1MWosI-0002CE-0a
	for qemu-devel@nongnu.org; Fri, 31 Jul 2009 05:58:06 -0400
Received: from [199.232.76.173] (port=38619 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1MWosH-0002C0-OT
	for qemu-devel@nongnu.org; Fri, 31 Jul 2009 05:58:05 -0400
Received: from fg-out-1718.google.com ([72.14.220.159]:21853)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <laurent.desnogues@gmail.com>) id 1MWosH-0008J0-6L
	for qemu-devel@nongnu.org; Fri, 31 Jul 2009 05:58:05 -0400
Received: by fg-out-1718.google.com with SMTP id l27so60261fgb.8
	for <qemu-devel@nongnu.org>; Fri, 31 Jul 2009 02:58:04 -0700 (PDT)
MIME-Version: 1.0
In-Reply-To: <200907310334.00712.dl9pf@gmx.de>
References: <200907310334.00712.dl9pf@gmx.de>
Date: Fri, 31 Jul 2009 11:58:04 +0200
Message-ID: <761ea48b0907310258n4608ab58g9f4d8ee7363d383b@mail.gmail.com>
Subject: Re: [Qemu-devel] qemu-arm fails on test-mmap
From: Laurent Desnogues <laurent.desnogues@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: =?ISO-8859-1?Q?Jan=2DSimon_M=F6ller?= <dl9pf@gmx.de>
Cc: qemu-devel@nongnu.org

2009/7/31 Jan-Simon M=F6ller <dl9pf@gmx.de>:
> Hi!
>
> I've spotted an bug in mmap for the qemu-arm . It causes a segfault of qe=
mu or at least the running process.
>
> Its reproducible here with "test-mmap" .
>
> legolas:/> qemu-arm ./test-mmap
> pagesize=3D4096 pagemask=3Dfff
> check_aligned_anonymous_unfixed_mmaps passed
> check_aligned_anonymous_unfixed_colliding_mmapsSegmentation fault (core d=
umped)
>
>
> A lengthy trace with debugging on in mmap.c is at
> http://filebin.ca/yxypzq/qemu_mmap_segfault.bz2
>
> [... last mmap call ...]
> munmap: start=3D0x5fffd000 len=3D0x00001000
> mmap: start=3D0x00000000 len=3D0x00008000 prot=3Dr-- flags=3DMAP_ANON MAP=
_PRIVATE fd=3D-1 offset=3D00000000
> ret=3D0x5ffff000
> start =A0 =A0end =A0 =A0 =A0size =A0 =A0 prot
> 00008000-0000b000 00003000 r-x
> 00012000-00013000 00001000 r--
> 00013000-00037000 00024000 rw-
> 40000000-40080000 00080000 rw-
> 40080000-40081000 00001000 ---
> 40081000-4009f000 0001e000 r-x
> 4009f000-400a6000 00007000 ---
> 400a6000-400a7000 00001000 r--
> 400a7000-400a8000 00001000 rw-
> 400a8000-42081000 01fd9000 ---
> 42085000-421bf000 0013a000 r-x
> 421bf000-421c6000 00007000 ---
> 421c6000-421c8000 00002000 r--
> 421c8000-421ce000 00006000 rw-
> 5fffe000-60007000 00009000 r--
>
> Segmentation fault
>
> It seems to hit > 0x5fffffff -> segfault.

I tested qemu-i386 and qemu-arm on both i386 and x86_64 and
the four pass that test.  That's with git head, and CSL 2009q1 on
my Fedora 11 x86_64 machine.


Laurent