From: "Alex Bennée" <alex.bennee@linaro.org>
To: He Zhe <zhe.he@windriver.com>
Cc: qemu-devel@nongnu.org, Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: qemu-system-i386 and general protection
Date: Thu, 12 Jan 2023 11:48:43 +0000 [thread overview]
Message-ID: <87k01sm0l3.fsf@linaro.org> (raw)
In-Reply-To: <fe28e3b9-631c-ddaf-485d-fae345d58d1a@windriver.com>
He Zhe <zhe.he@windriver.com> writes:
(Cc: Paolo)
> Hi All,
>
> We are experiencing a general protection fault with qemu-system-i386 as follow.
> This can be reproduced with kernel v5.15 and latest v6.2-rc3 as we found so far.
>
> It would work well if we reverted the commit
> 2f8a21d8ff3af484a37edc8ea61d127ec1529ab5 ("target/i386: Enable AVX cpuid bits when using TCG")
> introduced since qemu 7.2.
>
> We also tried setting cpu to Broadwell and Icelake-Server and got the same error.
>
> ./qemu-system-i386 -object rng-random,filename=/dev/urandom,id=rng0
> -device virtio-rng-pci,rng=rng0 -drive
> file=/tmp/rootfs.ext4,if=virtio,format=raw -usb -device usb-tablet
> -usb -device usb-kbd -cpu Haswell -machine q35,i8042=off -smp 4 -m
> 8192 -m 8192 -smp cpus=8 -serial mon:stdio -serial null -nographic
> -kernel /tmp/bzImage -append 'root=/dev/vda rw ip=dhcp console=ttyS0
> console=ttyS1 oprofile.timer=1 tsc=reliable no_timer_check
> rcupdate.rcu_expedited=1 '
>
> [ OK ] Started System Logging Service.
> [ 204.194033] traps: named[280] general protection fault ip:b7ef8545 sp:bf8d5a1c error:0
> [ 204.198913] audit: type=1701 audit(1673507379.204:2):
> auid=4294967295 uid=997 gid=996 ses=4294967295 subj=kernel pid=280
> comm="named" ex1
> [ 204.219923] ------------[ cut here ]------------
> [ 204.220455] Bad FPU state detected at
> restore_fpregs_from_fpstate+0x3a/0x78, reinitializing FPU
> registers.
> [ 204.221442] WARNING: CPU: 4 PID: 274 at ../arch/x86/mm/extable.c:127 fixup_exception+0x3f0/0x41c
> [ 204.223147] Modules linked in:
> [ 204.223945] CPU: 4 PID: 274 Comm: rs:main Q:Reg Not tainted 6.2.0-rc3 #1
> [ 204.224769] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009),
> BIOS rel-1.16.1-0-g3208b098f51a-prebuilt.qemu.org 04/01/2014
> [ 204.226061] EIP: fixup_exception+0x3f0/0x41c
> [ 204.226533] Code: ff ff 8d 74 26 00 0f 0b ba 4c c9 dc d1 e9 10 fd
> ff ff b1 01 89 44 24 04 c7 04 24 e0 44 98 d1 88 0d 69 87 cc d1 e8 8c
> bf
> [ 204.228038] EAX: 0000005e EBX: d1aee764 ECX: 00000027 EDX: 00000001
> [ 204.228498] ESI: c18efee4 EDI: 0000000d EBP: c18efe58 ESP: c18efddc
> [ 204.229102] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00000086
> [ 204.229662] CR0: 80050033 CR2: bf8d5d54 CR3: 02aaf000 CR4: 001506d0
> [ 204.230408] Call Trace:
> [ 204.232101] ? restore_fpregs_from_fpstate+0x3a/0x78
> [ 204.232733] ? __switch_to_asm+0x1c/0xe4
> [ 204.233028] ? __schedule+0x28c/0x844
> [ 204.233362] ? _raw_spin_lock+0x10/0x34
> [ 204.233829] exc_general_protection+0x81/0x340
> [ 204.234403] ? futex_wait+0xb4/0x190
> [ 204.234818] ? exc_bounds+0xa4/0xa4
> [ 204.235054] handle_exception+0x133/0x133
> [ 204.235629] EIP: restore_fpregs_from_fpstate+0x3a/0x78
It looks like this is failing on:
/*
* Use XRSTORS to restore context if it is enabled. XRSTORS supports compact
* XSAVE area format.
*/
#define XSTATE_XRESTORE(st, lmask, hmask) \
asm volatile(ALTERNATIVE(XRSTOR, \
XRSTORS, X86_FEATURE_XSAVES) \
"\n" \
"3:\n" \
_ASM_EXTABLE_TYPE(661b, 3b, EX_TYPE_FPU_RESTORE) \
: \
: "D" (st), "m" (*st), "a" (lmask), "d" (hmask) \
: "memory")
possibly triggering an exception when doing XRSTORS (but its hard to
follow the alternative code). The xrstors instruction is tested by
check-tcg but maybe there is a kernel mode subtly that is missed.
Hopefully Paolo can see better than me.
> [ 205.769853] EIP: entry_SYSENTER_32+0xe0/0xf1
> [ 205.769887] Code: 8b 54 24 30 8b 4c 24 3c 8e 64 24 24 5b 83 c4 08
> 5e 5f 5d 89 c4 eb 0b 0f 20 d8 0d 00 10 00 00 0f 22 d8 0f ba 34 24 09
> 96
> [ 205.769913] EAX: 00000000 EBX: 012b373c ECX: b69feff0 EDX: b7f59549
> [ 205.769933] ESI: 00000000 EDI: 00000000 EBP: ffffffff ESP: ff8b0000
> [ 205.769952] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068 EFLAGS: 00000282
> [ 205.769975] CR0: 80050033 CR2: bf602e00 CR3: 02aaf000 CR4: 001506d0
> [ 205.799858] systemd (1) used greatest stack depth: 5568 bytes left
> [ 205.799994] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
> [ 205.805801] Kernel Offset: disabled
> [ 205.806723] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b ]---
>
> System hangs...
>
>
> Regards,
> Zhe
--
Alex Bennée
Virtualisation Tech Lead @ Linaro
prev parent reply other threads:[~2023-01-12 11:53 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-12 9:51 qemu-system-i386 and general protection He Zhe
2023-01-12 11:48 ` Alex Bennée [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87k01sm0l3.fsf@linaro.org \
--to=alex.bennee@linaro.org \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=zhe.he@windriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).