* [Qemu-devel] qemu-arm fails on test-mmap
@ 2009-07-31 1:34 Jan-Simon Möller
2009-07-31 9:58 ` Laurent Desnogues
0 siblings, 1 reply; 8+ messages in thread
From: Jan-Simon Möller @ 2009-07-31 1:34 UTC (permalink / raw)
To: qemu-devel
Hi!
I've spotted an bug in mmap for the qemu-arm . It causes a segfault of qemu or at least the running process.
Its reproducible here with "test-mmap" .
legolas:/> qemu-arm ./test-mmap
pagesize=4096 pagemask=fff
check_aligned_anonymous_unfixed_mmaps passed
check_aligned_anonymous_unfixed_colliding_mmapsSegmentation fault (core dumped)
A lengthy trace with debugging on in mmap.c is at
http://filebin.ca/yxypzq/qemu_mmap_segfault.bz2
[... last mmap call ...]
munmap: start=0x5fffd000 len=0x00001000
mmap: start=0x00000000 len=0x00008000 prot=r-- flags=MAP_ANON MAP_PRIVATE fd=-1 offset=00000000
ret=0x5ffff000
start end size prot
00008000-0000b000 00003000 r-x
00012000-00013000 00001000 r--
00013000-00037000 00024000 rw-
40000000-40080000 00080000 rw-
40080000-40081000 00001000 ---
40081000-4009f000 0001e000 r-x
4009f000-400a6000 00007000 ---
400a6000-400a7000 00001000 r--
400a7000-400a8000 00001000 rw-
400a8000-42081000 01fd9000 ---
42085000-421bf000 0013a000 r-x
421bf000-421c6000 00007000 ---
421c6000-421c8000 00002000 r--
421c8000-421ce000 00006000 rw-
5fffe000-60007000 00009000 r--
Segmentation fault
It seems to hit > 0x5fffffff -> segfault.
Best,
Jan-Simon
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] qemu-arm fails on test-mmap
2009-07-31 1:34 [Qemu-devel] qemu-arm fails on test-mmap Jan-Simon Möller
@ 2009-07-31 9:58 ` Laurent Desnogues
2009-07-31 11:28 ` Jan-Simon Möller
` (2 more replies)
0 siblings, 3 replies; 8+ messages in thread
From: Laurent Desnogues @ 2009-07-31 9:58 UTC (permalink / raw)
To: Jan-Simon Möller; +Cc: qemu-devel
2009/7/31 Jan-Simon Möller <dl9pf@gmx.de>:
> Hi!
>
> I've spotted an bug in mmap for the qemu-arm . It causes a segfault of qemu or at least the running process.
>
> Its reproducible here with "test-mmap" .
>
> legolas:/> qemu-arm ./test-mmap
> pagesize=4096 pagemask=fff
> check_aligned_anonymous_unfixed_mmaps passed
> check_aligned_anonymous_unfixed_colliding_mmapsSegmentation fault (core dumped)
>
>
> A lengthy trace with debugging on in mmap.c is at
> http://filebin.ca/yxypzq/qemu_mmap_segfault.bz2
>
> [... last mmap call ...]
> munmap: start=0x5fffd000 len=0x00001000
> mmap: start=0x00000000 len=0x00008000 prot=r-- flags=MAP_ANON MAP_PRIVATE fd=-1 offset=00000000
> ret=0x5ffff000
> start end size prot
> 00008000-0000b000 00003000 r-x
> 00012000-00013000 00001000 r--
> 00013000-00037000 00024000 rw-
> 40000000-40080000 00080000 rw-
> 40080000-40081000 00001000 ---
> 40081000-4009f000 0001e000 r-x
> 4009f000-400a6000 00007000 ---
> 400a6000-400a7000 00001000 r--
> 400a7000-400a8000 00001000 rw-
> 400a8000-42081000 01fd9000 ---
> 42085000-421bf000 0013a000 r-x
> 421bf000-421c6000 00007000 ---
> 421c6000-421c8000 00002000 r--
> 421c8000-421ce000 00006000 rw-
> 5fffe000-60007000 00009000 r--
>
> Segmentation fault
>
> It seems to hit > 0x5fffffff -> segfault.
I tested qemu-i386 and qemu-arm on both i386 and x86_64 and
the four pass that test. That's with git head, and CSL 2009q1 on
my Fedora 11 x86_64 machine.
Laurent
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] qemu-arm fails on test-mmap
2009-07-31 9:58 ` Laurent Desnogues
@ 2009-07-31 11:28 ` Jan-Simon Möller
2009-07-31 11:36 ` Laurent Desnogues
2009-07-31 13:03 ` Jan-Simon Möller
2009-07-31 16:39 ` Jan-Simon Möller
2 siblings, 1 reply; 8+ messages in thread
From: Jan-Simon Möller @ 2009-07-31 11:28 UTC (permalink / raw)
To: Laurent Desnogues; +Cc: qemu-devel
Am Friday 31 July 2009 11:58:04 schrieb Laurent Desnogues:
> I tested qemu-i386 and qemu-arm on both i386 and x86_64 and
> the four pass that test. That's with git head, and CSL 2009q1 on
> my Fedora 11 x86_64 machine.
SMP or single-core host ?
What's "cat /proc/sys/vm/mmap_min_addr" in your environment ?
Best
Jan-Simon
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] qemu-arm fails on test-mmap
2009-07-31 11:28 ` Jan-Simon Möller
@ 2009-07-31 11:36 ` Laurent Desnogues
0 siblings, 0 replies; 8+ messages in thread
From: Laurent Desnogues @ 2009-07-31 11:36 UTC (permalink / raw)
To: Jan-Simon Möller; +Cc: qemu-devel
2009/7/31 Jan-Simon Möller <dl9pf@gmx.de>:
>
> SMP or single-core host ?
Core i7 with SMT enabled so 8 core.
> What's "cat /proc/sys/vm/mmap_min_addr" in your environment ?
32768
Laurent
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] qemu-arm fails on test-mmap
2009-07-31 9:58 ` Laurent Desnogues
2009-07-31 11:28 ` Jan-Simon Möller
@ 2009-07-31 13:03 ` Jan-Simon Möller
2009-07-31 13:25 ` Jan-Simon Möller
2009-07-31 16:39 ` Jan-Simon Möller
2 siblings, 1 reply; 8+ messages in thread
From: Jan-Simon Möller @ 2009-07-31 13:03 UTC (permalink / raw)
To: qemu-devel; +Cc: Laurent Desnogues
Hi !
The funny thing is - i can run the test with the same binaries without problem _outside_ the arm chroot, but not inside:
dl9pf@legolas:~> /var/tmp/build-root/usr/bin/qemu-arm /var/tmp/build-root/test-mmap
pagesize=4096 pagemask=fff
check_aligned_anonymous_unfixed_mmaps passed
check_aligned_anonymous_unfixed_colliding_mmaps passed
check_aligned_anonymous_fixed_mmaps addr=0x6a271000 passed
check_file_unfixed_mmaps passed
check_file_fixed_mmaps addr=0x6a2c9000 passed
check_file_fixed_eof_mmaps addr=0x6a369000 passed
check_file_unfixed_eof_mmaps passed
legolas:/home/dl9pf # chroot /var/tmp/build-root
legolas:/> ./test-mmap
pagesize=4096 pagemask=fff
check_aligned_anonymous_unfixed_mmaps passed
check_aligned_anonymous_unfixed_colliding_mmapsSpeicherzugriffsfehler
legolas:/> file test-mmap
test-mmap: ELF 32-bit LSB executable, ARM, version 1 (SYSV), statically linked, for GNU/Linux 2.6.16, not stripped
legolas:/> file usr/bin/qemu-arm
usr/bin/qemu-arm: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, for GNU/Linux 2.6.4, not stripped
*scratching head*
Best,
Jan-Simon
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] qemu-arm fails on test-mmap
2009-07-31 13:03 ` Jan-Simon Möller
@ 2009-07-31 13:25 ` Jan-Simon Möller
0 siblings, 0 replies; 8+ messages in thread
From: Jan-Simon Möller @ 2009-07-31 13:25 UTC (permalink / raw)
To: qemu-devel
Am Friday 31 July 2009 15:03:31 schrieb Jan-Simon Möller:
> Hi !
>
> The funny thing is - i can run the test with the same binaries without problem _outside_ the arm chroot, but not inside:
>
> dl9pf@legolas:~> /var/tmp/build-root/usr/bin/qemu-arm /var/tmp/build-root/test-mmap
> pagesize=4096 pagemask=fff
> check_aligned_anonymous_unfixed_mmaps passed
> check_aligned_anonymous_unfixed_colliding_mmaps passed
> check_aligned_anonymous_fixed_mmaps addr=0x6a271000 passed
> check_file_unfixed_mmaps passed
> check_file_fixed_mmaps addr=0x6a2c9000 passed
> check_file_fixed_eof_mmaps addr=0x6a369000 passed
> check_file_unfixed_eof_mmaps passed
>
> legolas:/home/dl9pf # chroot /var/tmp/build-root
>
> legolas:/> ./test-mmap
> pagesize=4096 pagemask=fff
> check_aligned_anonymous_unfixed_mmaps passed
> check_aligned_anonymous_unfixed_colliding_mmapsSpeicherzugriffsfehler
>
> legolas:/> file test-mmap
> test-mmap: ELF 32-bit LSB executable, ARM, version 1 (SYSV), statically linked, for GNU/Linux 2.6.16, not stripped
> legolas:/> file usr/bin/qemu-arm
> usr/bin/qemu-arm: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, for GNU/Linux 2.6.4, not stripped
>
>
> *scratching head*
Inside the arm-chroot it segfaults when it hits 0x60000000 . No problems with that outside.
Any idea on this boundary ?
Best,
Jan-Simon
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] qemu-arm fails on test-mmap
2009-07-31 9:58 ` Laurent Desnogues
2009-07-31 11:28 ` Jan-Simon Möller
2009-07-31 13:03 ` Jan-Simon Möller
@ 2009-07-31 16:39 ` Jan-Simon Möller
2 siblings, 0 replies; 8+ messages in thread
From: Jan-Simon Möller @ 2009-07-31 16:39 UTC (permalink / raw)
To: qemu-devel; +Cc: Laurent Desnogues
Am Freitag 31 Juli 2009 11:58:04 schrieb Laurent Desnogues:
I prepared bundles for::
qemu-arm built for i586 which can run the test on a i586 machine, but not
when its run on an x86_64 box.
Link for this package :
http://www.stud.uni-hannover.de/~jsm/qemu-mmap_testbundle_prebuilt-i586.tar.bz2
qemu-arm build for x86_64 which can't run the test _inside_ my target chroot,
but it runs on some hosts when its called standalone. (min_addr = 0 , runs
probably)
Link:
http://www.stud.uni-hannover.de/~jsm/qemu-mmap_testbundle_prebuilt_amd64.tar.bz2
Lets sum it up:
* qemu-arm compiled for i586 can run the test in the chroot @32bit host
* qemu-arm compiled for i586 can _not_ run the test on a 64bit host at all
* qemu-arm compiled for x86_64 can run the test only outside the target-chroot
* The mmap tests fail if they reach values >0x5fffffff - starting from
0x40000000 thats a 0x20000000 margin
It seems to me an issue on 64bit hosts with 32bit target, but I've no idea atm
what causes this - especially the fact that it runs outside the target chroot
on x86_64 .
Lest see if someone can reproduce this on his machine.
Best,
Jan-Simon
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] qemu-arm fails on test-mmap
2009-08-10 2:09 ` Jan-Simon Möller
@ 2009-08-10 8:33 ` Martin Mohring
0 siblings, 0 replies; 8+ messages in thread
From: Martin Mohring @ 2009-08-10 8:33 UTC (permalink / raw)
To: qemu-devel; +Cc: Riku Voipio, Aurelien Jarno, Jan-Simon Möller
Hi,
yesterday, we tracked down the problem to a kernel bug in this area:
http://bugzilla.kernel.org/attachment.cgi?id=17219 What do I want to say
with this: the user mode memory allocator does not work because it runs
into a kernel bug.
Kudos to Jan-Simon. Has anyone an idea how to handle such a case....
Patching the kernel is not the best idea. We will check which kernels
are affected.
Cheers, Martin
Jan-Simon Möller wrote:
> A quick hack around is this:
>
> diff --git a/linux-user/mmap.c b/linux-user/mmap.c
> index e05caa0..a04d6b1 100644
> --- a/linux-user/mmap.c
> +++ b/linux-user/mmap.c
> @@ -316,8 +316,14 @@ abi_ulong mmap_find_vma(abi_ulong start, abi_ulong size)
> if (addr == addr_start)
> return (abi_ulong)-1;
> }
> - if (start == 0)
> - mmap_next_start = addr + size;
> + if (start == 0) {
> + abi_ulong mynext = addr + size ;
> + if ( (mynext > 0x5f000000) && (mynext < 0x65000000) ) {
> + mmap_next_start = 0x65000000 ;
> + } else {
> + mmap_next_start = addr + size;
> + }
> + }
> return addr;
> }
>
>
> But this is for sure not the real solution.
>
> Best,
> Jan-Simon
>
>
>
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2009-08-10 8:34 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-07-31 1:34 [Qemu-devel] qemu-arm fails on test-mmap Jan-Simon Möller
2009-07-31 9:58 ` Laurent Desnogues
2009-07-31 11:28 ` Jan-Simon Möller
2009-07-31 11:36 ` Laurent Desnogues
2009-07-31 13:03 ` Jan-Simon Möller
2009-07-31 13:25 ` Jan-Simon Möller
2009-07-31 16:39 ` Jan-Simon Möller
-- strict thread matches above, loose matches on Subject: below --
2009-08-09 23:45 [Qemu-devel] qemu-arm fails on test-mmap - take #2 Jan-Simon Möller
2009-08-10 2:09 ` Jan-Simon Möller
2009-08-10 8:33 ` [Qemu-devel] qemu-arm fails on test-mmap Martin Mohring
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).