[Qemu-devel] qemu crashes on Mac OS X

[Qemu-devel] qemu crashes on Mac OS X

[Damjan Marion (damarion)]

Hi,

I have an issue when I try to run qemu-system-arm on Mac OS X. 
Sometime between 1 and 15 secs after qemu is started it crashes
as shown bellow.

Same thing on linux host works fine.

Is anybody else experiencing this?
Any Hints?

Thanks,

Damjan



(gdb) run
Starting program: /opt/arm-qemu/bin/qemu-system-arm -M verdex -pflash flash.img -nographic -monitor null -m 289
Reading symbols for shared libraries .++++++++++++++........................................................................................ done
pxa2xx_clkpwr_write: CPU frequency change attempt


U-Boot 1.2.0 (May 10 2008 - 21:17:19) - PXA270@400 MHz - 1604

*** Welcome to Gumstix ***

DRAM:  256 MB
Flash: 32 MB
Using default environment

Hit any key to stop autoboot:  1 
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_PROTECTION_FAILURE at address: 0x00007fff5fbfed30
0x00007fff5fbfed30 in ?? ()
(gdb) 
(gdb) bt
#0  0x00007fff5fbfed30 in ?? ()
#1  0x00000001000c26f4 in qemu_iohandler_poll ()
#2  0x00000001001975ae in main_loop_wait ()
#3  0x00000001001976e2 in main_loop ()
#4  0x000000010019bfbc in qemu_main ()
#5  0x00000001000d63a5 in main ()
(gdb) 

Re: [Qemu-devel] qemu crashes on Mac OS X

[Damjan Marion]

On Jul 1, 2011, at 11:17 AM, Damjan Marion (damarion) wrote:

> 
> Hi,
> 
> I have an issue when I try to run qemu-system-arm on Mac OS X. 
> Sometime between 1 and 15 secs after qemu is started it crashes
> as shown bellow.
> 
> Same thing on linux host works fine.
> 
> Is anybody else experiencing this?
> Any Hints?

After bisection seems that this starts happening after following patch:

commit 09716e45a05cc0c93bcf55bd0c0888dd678e490f
Author: Alexander Graf <agraf@suse.de>
Date:   Thu Jun 9 00:55:37 2011 +0200

    sigfd: use pthread_sigmask


diff --git a/compatfd.c b/compatfd.c
index bd377c4..41586ce 100644
--- a/compatfd.c
+++ b/compatfd.c
@@ -29,7 +29,7 @@ static void *sigwait_compat(void *opaque)
     sigset_t all;
 
     sigfillset(&all);
-    sigprocmask(SIG_BLOCK, &all, NULL);
+    pthread_sigmask(SIG_BLOCK, &all, NULL);
 
     while (1) {


However before this patch qemu doesn't respond to keyboard (i.e. commit 31b7c261).

Last full working commit is 630ecca.

Thanks,

Damjan

Re: [Qemu-devel] qemu crashes on Mac OS X

[Alexandre Raymond]

Hi Damjan,

On Fri, Jul 1, 2011 at 10:56 AM, Damjan Marion <damjan.marion@gmail.com> wrote:
>
> On Jul 1, 2011, at 11:17 AM, Damjan Marion (damarion) wrote:
>
>>
>> Hi,
>>
>> I have an issue when I try to run qemu-system-arm on Mac OS X.
>> Sometime between 1 and 15 secs after qemu is started it crashes
>> as shown bellow.
>>
>> Same thing on linux host works fine.
>>
>> Is anybody else experiencing this?
>> Any Hints?
>
> After bisection seems that this starts happening after following patch:
>
> commit 09716e45a05cc0c93bcf55bd0c0888dd678e490f
> Author: Alexander Graf <agraf@suse.de>
> Date:   Thu Jun 9 00:55:37 2011 +0200
>
>    sigfd: use pthread_sigmask
>
>
> diff --git a/compatfd.c b/compatfd.c
> index bd377c4..41586ce 100644
> --- a/compatfd.c
> +++ b/compatfd.c
> @@ -29,7 +29,7 @@ static void *sigwait_compat(void *opaque)
>     sigset_t all;
>
>     sigfillset(&all);
> -    sigprocmask(SIG_BLOCK, &all, NULL);
> +    pthread_sigmask(SIG_BLOCK, &all, NULL);
>
>     while (1) {
>
>
> However before this patch qemu doesn't respond to keyboard (i.e. commit 31b7c261).
>
> Last full working commit is 630ecca.
>
> Thanks,
>
> Damjan
>

Can you try applying the following two patches and see if it solves
your problem?

http://patchwork.ozlabs.org/patch/100348/
http://patchwork.ozlabs.org/patch/100477/

Alexandre

Re: [Qemu-devel] qemu crashes on Mac OS X

[Damjan Marion]

On Jul 4, 2011, at 6:59 PM, Alexandre Raymond wrote:

> Hi Damjan,
> 
> 
> Can you try applying the following two patches and see if it solves
> your problem?
> 
> http://patchwork.ozlabs.org/patch/100348/
> http://patchwork.ozlabs.org/patch/100477/
> 

Unfortunately same thing happens: segmentation fault.

Thanks,

Damjan

Re: [Qemu-devel] qemu crashes on Mac OS X

[Alexandre Raymond]

Hi again Damjan,

On Mon, Jul 4, 2011 at 6:35 PM, Damjan Marion <damjan.marion@gmail.com> wrote:
>
> On Jul 4, 2011, at 6:59 PM, Alexandre Raymond wrote:
>
>> Hi Damjan,
>>
>>
>> Can you try applying the following two patches and see if it solves
>> your problem?
>>
>> http://patchwork.ozlabs.org/patch/100348/
>> http://patchwork.ozlabs.org/patch/100477/
>>
>
> Unfortunately same thing happens: segmentation fault.
You might also want to have a look at the following patches by Paolo:
http://www.mail-archive.com/qemu-devel@nongnu.org/msg67088.html

Finally, you might want to disable io-thead (if you've enabled it),
which doesn't work properly on OS X.

Alexandre

Re: [Qemu-devel] qemu crashes on Mac OS X

[Alexandre Raymond]

[-- Attachment #1: Type: text/plain, Size: 920 bytes --]

Hi Damjan,

I've been able to reproduce the crash you're describing.

Could you try the following patch, to see if it solves it?

Alexandre

On Tue, Jul 5, 2011 at 3:03 PM, Alexandre Raymond <cerbere@gmail.com> wrote:
> Hi again Damjan,
>
> On Mon, Jul 4, 2011 at 6:35 PM, Damjan Marion <damjan.marion@gmail.com> wrote:
>>
>> On Jul 4, 2011, at 6:59 PM, Alexandre Raymond wrote:
>>
>>> Hi Damjan,
>>>
>>>
>>> Can you try applying the following two patches and see if it solves
>>> your problem?
>>>
>>> http://patchwork.ozlabs.org/patch/100348/
>>> http://patchwork.ozlabs.org/patch/100477/
>>>
>>
>> Unfortunately same thing happens: segmentation fault.
> You might also want to have a look at the following patches by Paolo:
> http://www.mail-archive.com/qemu-devel@nongnu.org/msg67088.html
>
> Finally, you might want to disable io-thead (if you've enabled it),
> which doesn't work properly on OS X.
>
> Alexandre
>

[-- Attachment #2: 0001-Darwin-catch-invalid-return-of-sigwait.patch --]
[-- Type: application/octet-stream, Size: 2484 bytes --]

From c34a46290855467787c14f262926226821f6e26f Mon Sep 17 00:00:00 2001
From: Alexandre Raymond <cerbere@gmail.com>
Date: Mon, 25 Jul 2011 23:25:58 -0400
Subject: [PATCH] Darwin: catch invalid return of sigwait()

For some unknown reason, sigwait() sometimes returns sig=0, which
is an invalid signal number, with rc=0.

This triggers a sequence of events which results in a segfault.

sigwait() returns sig=0, writes it to its pipe, which is picked up by
qemu_iohandler_poll(), which triggers sigfd_handler(), which attempts to
determine the handler for signal 0. Since the return code of sigaction() is not
checked, the code uses a bogus address in memory to call the handler, which
causes the segfault.

Signed-off-by: Alexandre Raymond <cerbere@gmail.com>
---
 compatfd.c |    4 ++++
 cpus.c     |   17 +++++++++++------
 2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/compatfd.c b/compatfd.c
index 31654c6..4a8af04 100644
--- a/compatfd.c
+++ b/compatfd.c
@@ -46,6 +46,10 @@ static void *sigwait_compat(void *opaque)
             struct qemu_signalfd_siginfo buffer;
             size_t offset = 0;
 
+#ifdef __APPLE__
+            if (sig == 0) continue;
+#endif
+
             memset(&buffer, 0, sizeof(buffer));
             buffer.ssi_signo = sig;
 
diff --git a/cpus.c b/cpus.c
index 6bf4e3f..0d9f828 100644
--- a/cpus.c
+++ b/cpus.c
@@ -360,6 +360,7 @@ static void sigfd_handler(void *opaque)
     struct qemu_signalfd_siginfo info;
     struct sigaction action;
     ssize_t len;
+    int rc;
 
     while (1) {
         do {
@@ -375,12 +376,16 @@ static void sigfd_handler(void *opaque)
             return;
         }
 
-        sigaction(info.ssi_signo, NULL, &action);
-        if ((action.sa_flags & SA_SIGINFO) && action.sa_sigaction) {
-            action.sa_sigaction(info.ssi_signo,
-                                (siginfo_t *)&info, NULL);
-        } else if (action.sa_handler) {
-            action.sa_handler(info.ssi_signo);
+        rc = sigaction(info.ssi_signo, NULL, &action);
+        if (rc == 0) {
+            if ((action.sa_flags & SA_SIGINFO) && action.sa_sigaction) {
+                action.sa_sigaction(info.ssi_signo,
+                                    (siginfo_t *)&info, NULL);
+            } else if (action.sa_handler) {
+                action.sa_handler(info.ssi_signo);
+            }
+        } else {
+            fprintf(stderr, "sigaction returned error : %s\n", strerror(errno));
         }
     }
 }
-- 
1.7.5

Re: [Qemu-devel] qemu crashes on Mac OS X

[Paolo Bonzini]

On 07/26/2011 06:58 AM, Alexandre Raymond wrote:
> +#ifdef __APPLE__
> +            if (sig == 0) continue;
> +#endif

>From looking at the code this should not happen:

http://fxr.watson.org/fxr/source/bsd/kern/kern_sig.c?v=xnu-792#L986

 1046         sigw = (ut->uu_sigwait & siglist);
...
 1053                 signum = ffs((unsigned int)sigw);
 1054                 if (!signum)
 1055                         panic("sigwait with no signal wakeup");
 1056                 ut->uu_siglist &= ~(sigmask(signum));
 1057                 if (uap->sig != USER_ADDR_NULL)
 1058                                 error = copyout(&signum, uap->sig, sizeof(int));

??

Paolo

Re: [Qemu-devel] qemu crashes on Mac OS X

[Alexandre Raymond]

Indeed, I'd come to the exact same conclusion, yet I've witnessed it
both in the debugger and with trace messages...

Alexandre

On Tue, Jul 26, 2011 at 4:46 AM, Paolo Bonzini <pbonzini@redhat.com> wrote:
> On 07/26/2011 06:58 AM, Alexandre Raymond wrote:
>> +#ifdef __APPLE__
>> +            if (sig == 0) continue;
>> +#endif
>
> From looking at the code this should not happen:
>
> http://fxr.watson.org/fxr/source/bsd/kern/kern_sig.c?v=xnu-792#L986
>
>  1046         sigw = (ut->uu_sigwait & siglist);
> ...
>  1053                 signum = ffs((unsigned int)sigw);
>  1054                 if (!signum)
>  1055                         panic("sigwait with no signal wakeup");
>  1056                 ut->uu_siglist &= ~(sigmask(signum));
>  1057                 if (uap->sig != USER_ADDR_NULL)
>  1058                                 error = copyout(&signum, uap->sig, sizeof(int));
>
> ??
>
> Paolo
>

Re: [Qemu-devel] qemu crashes on Mac OS X

[Alexandre Raymond]

On Tue, Jul 26, 2011 at 9:08 AM, Alexandre Raymond <cerbere@gmail.com> wrote:
> Indeed, I'd come to the exact same conclusion, yet I've witnessed it
> both in the debugger and with trace messages...
>
> Alexandre
Note that I don't think that this is a proper patch. I simply want to
verify that it solves the issue encountered by Damjan.

Re: [Qemu-devel] qemu crashes on Mac OS X

[Damjan Marion]

Hi Alexandre,

I tried your patch and it works OK.

Then I tried without it and seems that it also works ok. It might be 2 reasons:
 - I upgraded to Mac OS X 10.7 Lion
 - Something changed in qemu master branch

I dont remember what was exact version I used when I reported this problem.

Thanks,

Damjan

On Jul 26, 2011, at 6:58 AM, Alexandre Raymond wrote:

> Hi Damjan,
> 
> I've been able to reproduce the crash you're describing.
> 
> Could you try the following patch, to see if it solves it?
> 
> Alexandre
> 
> On Tue, Jul 5, 2011 at 3:03 PM, Alexandre Raymond <cerbere@gmail.com> wrote:
>> Hi again Damjan,
>> 
>> On Mon, Jul 4, 2011 at 6:35 PM, Damjan Marion <damjan.marion@gmail.com> wrote:
>>> 
>>> On Jul 4, 2011, at 6:59 PM, Alexandre Raymond wrote:
>>> 
>>>> Hi Damjan,
>>>> 
>>>> 
>>>> Can you try applying the following two patches and see if it solves
>>>> your problem?
>>>> 
>>>> http://patchwork.ozlabs.org/patch/100348/
>>>> http://patchwork.ozlabs.org/patch/100477/
>>>> 
>>> 
>>> Unfortunately same thing happens: segmentation fault.
>> You might also want to have a look at the following patches by Paolo:
>> http://www.mail-archive.com/qemu-devel@nongnu.org/msg67088.html
>> 
>> Finally, you might want to disable io-thead (if you've enabled it),
>> which doesn't work properly on OS X.
>> 
>> Alexandre
>> 
> <0001-Darwin-catch-invalid-return-of-sigwait.patch>