[Qemu-devel] emulated lance device crashes in debian-sparc32

[Qemu-devel] emulated lance device crashes in debian-sparc32

[Mark Glines]

Hi,

I've been trying to get Debian installed on a virtual sparc box,
running on a x86 Linux host.  I get a reproducible crash early in the
installation process, when the sparc kernel tries to load the lance
driver.

I have configured qemu with:

./configure --prefix=/usr --enable-slirp --enable-adlib
--disable-linux-user --enable-system --enable-sdl --enable-kqemu
--disable-alsa

The sparc32 CD image I am booting from is:

http://cdimage.debian.org/debian-cd/4.0_r0/sparc/iso-cd/debian-40r0-sparc-netinst.iso

The command line I am using is:

qemu-system-sparc -no-reboot -hda ~/qemu-debian-sparc.hda -net user
-cdrom ~/debian-40r0-sparc-netinst.iso -boot d

To reproduce, just run the above commandline and hit enter a few times.
(The -hda image is empty, and probably not necessary for reproduction.)

Hit enter at the SILO boot-prompt, hit enter to accept the default
language (English), default country (United States), default keymap
(American English).

Crash occurs on the detecting network hardware screen.  I've verified
this crash occurs in the 0.9.0 release, and in a fresh cvs checkout.
(In other words, the recent openbios-sparc32 checkin did not affect
this issue.)

Crash details:

Program received signal SIGSEGV, Segmentation fault.
pcnet_h_reset (opaque=0x0)
at /home/paranoid/workspace/qemu/hw/pcnet.c:1565
1565        memcpy(s->prom, s->nd->macaddr, 6);
(gdb) print s
$1 = (PCNetState *) 0x0
(gdb) bt
#0  pcnet_h_reset (opaque=0x0) at /home/paranoid/workspace/qemu/hw/pcnet.c:1565
#1  0x0808ca20 in dma_mem_writel (opaque=0x9b5d460, addr=2017460240, val=128)
    at /home/paranoid/workspace/qemu/hw/sparc32_dma.c:199
#2  0x080ad29c in __stl_mmu (addr=4244701200, val=128, is_user=0)
    at ../softmmu_template.h:197
#3  0x095f9a81 in code_gen_buffer ()
#4  0x00000000 in ?? ()
(gdb)

The weird thing is, when I add "-net nic,model=lance" to my command line
right before "-net user", the crash does not occur.  I kinda assumed from
the above backtrace that the lance driver was selected on sparc32 by
default...

Please let me know if there's anything else I can do to help debug this.

Mark

Re: [Qemu-devel] emulated lance device crashes in debian-sparc32

[Blue Swirl]

On 5/19/07, Mark Glines <mark@glines.org> wrote:
> The weird thing is, when I add "-net nic,model=lance" to my command line
> right before "-net user", the crash does not occur.  I kinda assumed from
> the above backtrace that the lance driver was selected on sparc32 by
> default...

Thanks for testing. Lance NIC is integrated to the MACIO chipset, but
the code in sun4m.c for some reason allow not having any NICs at all.
I'll think about a fix. One problem is that the device nodes are
always enabled in OpenBIOS.

Re: [Qemu-devel] emulated lance device crashes in debian-sparc32

[Blue Swirl]

[-- Attachment #1: Type: text/plain, Size: 959 bytes --]

On 5/19/07, Blue Swirl <blauwirbel@gmail.com> wrote:
> On 5/19/07, Mark Glines <mark@glines.org> wrote:
> > The weird thing is, when I add "-net nic,model=lance" to my command line
> > right before "-net user", the crash does not occur.  I kinda assumed from
> > the above backtrace that the lance driver was selected on sparc32 by
> > default...

This patch fixes the crash. But I'm not convinced it's the right one,
perhaps the default net parameter logic could be improved instead:
    /* init network clients */
    if (nb_net_clients == 0) {
        /* if no clients, we use a default config */
        pstrcpy(net_clients[0], sizeof(net_clients[0]),
                "nic");
        pstrcpy(net_clients[1], sizeof(net_clients[0]),
                "user");
        nb_net_clients = 2;
    }

Also one of the network options could be a black hole kind of device,
such that unlike the "none" type, the device exists, it just can't
send or receive anything.

[-- Attachment #2: null_netdevice.diff --]
[-- Type: text/x-diff, Size: 3199 bytes --]

Index: qemu/hw/sun4m.c
===================================================================
--- qemu.orig/hw/sun4m.c	2007-05-19 18:36:33.000000000 +0000
+++ qemu/hw/sun4m.c	2007-05-19 18:40:39.000000000 +0000
@@ -304,15 +304,13 @@
     }
     tcx_init(ds, hwdef->tcx_base, phys_ram_base + ram_size, ram_size,
              hwdef->vram_size, graphic_width, graphic_height, graphic_depth);
-    if (nd_table[0].vlan) {
-        if (nd_table[0].model == NULL
-            || strcmp(nd_table[0].model, "lance") == 0) {
-            main_lance = lance_init(&nd_table[0], hwdef->le_base, dma,
-                                    slavio_irq[hwdef->le_irq]);
-        } else {
-            fprintf(stderr, "qemu: Unsupported NIC: %s\n", nd_table[0].model);
-            exit (1);
-        }
+    if (nd_table[0].model == NULL
+        || strcmp(nd_table[0].model, "lance") == 0) {
+        main_lance = lance_init(&nd_table[0], hwdef->le_base, dma,
+                                slavio_irq[hwdef->le_irq]);
+    } else {
+        fprintf(stderr, "qemu: Unsupported NIC: %s\n", nd_table[0].model);
+        exit (1);
     }
     nvram = m48t59_init(slavio_irq[0], hwdef->nvram_base, 0,
                         hwdef->nvram_size, 8);
Index: qemu/hw/pcnet.c
===================================================================
--- qemu.orig/hw/pcnet.c	2007-05-19 18:37:57.000000000 +0000
+++ qemu/hw/pcnet.c	2007-05-19 18:50:52.000000000 +0000
@@ -1267,7 +1267,8 @@
             if (CSR_LOOP(s))
                 pcnet_receive(s, s->buffer, s->xmit_pos);
             else
-                qemu_send_packet(s->vc, s->buffer, s->xmit_pos);
+                if (s->vc)
+                    qemu_send_packet(s->vc, s->buffer, s->xmit_pos);
 
             s->csr[0] &= ~0x0008;   /* clear TDMD */
             s->csr[4] |= 0x0004;    /* set TXSTRT */
@@ -1562,7 +1563,8 @@
 
     /* Initialize the PROM */
 
-    memcpy(s->prom, s->nd->macaddr, 6);
+    if (s->nd)
+        memcpy(s->prom, s->nd->macaddr, 6);
     s->prom[12] = s->prom[13] = 0x00;
     s->prom[14] = s->prom[15] = 0x57;
 
@@ -1898,18 +1900,21 @@
 
     d->nd = nd;
 
-    d->vc = qemu_new_vlan_client(nd->vlan, pcnet_receive, 
-                                 pcnet_can_receive, d);
-    
-    snprintf(d->vc->info_str, sizeof(d->vc->info_str),
-             "pcnet macaddr=%02x:%02x:%02x:%02x:%02x:%02x",
-             d->nd->macaddr[0],
-             d->nd->macaddr[1],
-             d->nd->macaddr[2],
-             d->nd->macaddr[3],
-             d->nd->macaddr[4],
-             d->nd->macaddr[5]);
-
+    if (nd && nd->vlan) {
+        d->vc = qemu_new_vlan_client(nd->vlan, pcnet_receive,
+                                     pcnet_can_receive, d);
+
+        snprintf(d->vc->info_str, sizeof(d->vc->info_str),
+                 "pcnet macaddr=%02x:%02x:%02x:%02x:%02x:%02x",
+                 d->nd->macaddr[0],
+                 d->nd->macaddr[1],
+                 d->nd->macaddr[2],
+                 d->nd->macaddr[3],
+                 d->nd->macaddr[4],
+                 d->nd->macaddr[5]);
+    } else {
+        d->vc = NULL;
+    }
     pcnet_h_reset(d);
     register_savevm("pcnet", 0, 2, pcnet_save, pcnet_load, d);
 }

Re: [Qemu-devel] emulated lance device crashes in debian-sparc32

[Mark Glines]

On Sat, 19 May 2007 22:08:23 +0300
"Blue Swirl" <blauwirbel@gmail.com> wrote:
> This patch fixes the crash. But I'm not convinced it's the right one,
> perhaps the default net parameter logic could be improved instead:
>     /* init network clients */
>     if (nb_net_clients == 0) {
>         /* if no clients, we use a default config */
>         pstrcpy(net_clients[0], sizeof(net_clients[0]),
>                 "nic");
>         pstrcpy(net_clients[1], sizeof(net_clients[0]),
>                 "user");
>         nb_net_clients = 2;
>     }
> 
> Also one of the network options could be a black hole kind of device,
> such that unlike the "none" type, the device exists, it just can't
> send or receive anything.

I've verified your patch fixes the crash for me.  But I'm curious, have
I been running qemu in a nonstandard fashion, then?  (Should I be
specifying more than just "-net user", normally?)

If so, I can make up a patch to amend the documentation.

Thanks!

Mark

Re: [Qemu-devel] emulated lance device crashes in debian-sparc32

[Blue Swirl]

> I've verified your patch fixes the crash for me.  But I'm curious, have
> I been running qemu in a nonstandard fashion, then?  (Should I be
> specifying more than just "-net user", normally?)
>
> If so, I can make up a patch to amend the documentation.

I think Qemu should reject -net user only. Currently that seems to
mean that there is no nic, but still the vlan is connected to slirp
stack. That does not make any sense.

I usually run Qemu either without -net arguments or using the nice
qemu-launcher, which automatically adds -net nic,vlan=0 -net
user,vlan=0.

Re: [Qemu-devel] emulated lance device crashes in debian-sparc32

[Mark Glines]

On Sun, 20 May 2007 10:10:20 +0300
"Blue Swirl" <blauwirbel@gmail.com> wrote:

> > I've verified your patch fixes the crash for me.  But I'm curious,
> > have I been running qemu in a nonstandard fashion, then?  (Should I
> > be specifying more than just "-net user", normally?)
> >
> > If so, I can make up a patch to amend the documentation.
> 
> I think Qemu should reject -net user only. Currently that seems to
> mean that there is no nic, but still the vlan is connected to slirp
> stack. That does not make any sense.

In my past experience, -net user implies -net nic. Your patch brings
sparc in line with the way x86 behaves - -net user implies -net nic
and the guest machine ends up with a network card, of whatever model is
default for that platform.

Hmm.  -net performs 2 separate functions.  First, it sets up the
network card in the guest machine (nic, model, and macaddr). Second, it
specifies how that card behaves on the host side of things (vlan, user,
tap, or socket).

If the host behavior implies a default card in the guest, then this
should occur for "-net tap" and "-net socket" as well as "-net user".
This has been my experience of what happens currently.  (And my sparc
bug report was the result of qemu violating my expectation that this is
how things should work.)  Are you saying it shouldn't be, and that "-net
nic" should be required before host-behavior parameters are valid?  If
so, I think the host-behavior parameters (all of them, not just -net
user) should result in an error message, in the absense of a guest card
parameter.

Mark

Re: [Qemu-devel] emulated lance device crashes in debian-sparc32

[Paul Brook]

> > I think Qemu should reject -net user only. Currently that seems to
> > mean that there is no nic, but still the vlan is connected to slirp
> > stack. That does not make any sense.

If you do this, do it properly and warn if any qemu vlans have a single device 
attached.

> In my past experience, -net user implies -net nic. 

You are mistaken. -net user does not imply -net nic.
I suspect you're confusing it with the old network options.

> Hmm.  -net performs 2 separate functions.  First, it sets up the
> network card in the guest machine (nic, model, and macaddr). Second, it
> specifies how that card behaves on the host side of things (vlan, user,
> tap, or socket).

-net creates devices and attaches them to the virtual network, whether they be 
emulated devices on the host, or devices for communication with the "real" 
world.

Paul

Re: [Qemu-devel] emulated lance device crashes in debian-sparc32

[Mark Glines]

On Sun, 20 May 2007 11:25:25 +0100
Paul Brook <paul@codesourcery.com> wrote:
> > In my past experience, -net user implies -net nic. 
> 
> You are mistaken. -net user does not imply -net nic.

I just tested this.  You are absolutely right, I was wrong about the
behavior on x86.


> > Hmm.  -net performs 2 separate functions.  First, it sets up the
> > network card in the guest machine (nic, model, and macaddr).
> > Second, it specifies how that card behaves on the host side of
> > things (vlan, user, tap, or socket).
> 
> -net creates devices and attaches them to the virtual network,
> whether they be emulated devices on the host, or devices for
> communication with the "real" world.

Thanks for explaining.

So the issue on sparc was that the device is relied on by the
SS-5 platform code (it sounds like sun4m has this device on-board at
a fixed offset, non-pci), but not initialized properly due to the lack
of -net nic?  Should sun4m imply -net nic,model=lance then?  It doesn't
make much sense to me to ever turn the lance port off, if its
integrated into the platform itself (not a daughter card).

I apologize for the additional confusion; I guess I was confused by the
fact that "-net nic -net user" is the default when no -net options are
provided, and passing "-net user" on the cmdline disabled the implicit
-net nic.

Mark

Re: [Qemu-devel] emulated lance device crashes in debian-sparc32

[Paul Brook]

> So the issue on sparc was that the device is relied on by the
> SS-5 platform code (it sounds like sun4m has this device on-board at
> a fixed offset, non-pci), but not initialized properly due to the lack
> of -net nic?  Should sun4m imply -net nic,model=lance then?  It doesn't
> make much sense to me to ever turn the lance port off, if its
> integrated into the platform itself (not a daughter card).

It looks like it should be fairly easy to make sun4m-without-lance work.
While this might not be a particularly useful/realistic combination, I think 
it's worth having consistent -net bahavior.

Paul

Re: [Qemu-devel] emulated lance device crashes in debian-sparc32

[Blue Swirl]

On 5/20/07, Paul Brook <paul@codesourcery.com> wrote:
> > > I think Qemu should reject -net user only. Currently that seems to
> > > mean that there is no nic, but still the vlan is connected to slirp
> > > stack. That does not make any sense.
>
> If you do this, do it properly and warn if any qemu vlans have a single device
> attached.

That is not correct either: -net user,vlan=0 -net socket,connect=1.2.3.4:1234.

How about this rule:
((one or more guest devices in a vlan) and (zero with a warning? or
more host devices)) or (no devices at all on either side)

Re: [Qemu-devel] emulated lance device crashes in debian-sparc32

[Blue Swirl]

[-- Attachment #1: Type: text/plain, Size: 698 bytes --]

On 5/20/07, Blue Swirl <blauwirbel@gmail.com> wrote:
> On 5/20/07, Paul Brook <paul@codesourcery.com> wrote:
> > > > I think Qemu should reject -net user only. Currently that seems to
> > > > mean that there is no nic, but still the vlan is connected to slirp
> > > > stack. That does not make any sense.
> >
> > If you do this, do it properly and warn if any qemu vlans have a single device
> > attached.
>
> That is not correct either: -net user,vlan=0 -net socket,connect=1.2.3.4:1234.
>
> How about this rule:
> ((one or more guest devices in a vlan) and (zero with a warning? or
> more host devices)) or (no devices at all on either side)

This patch implements the logic above. Any comments?

[-- Attachment #2: net_checks.diff --]
[-- Type: text/x-diff, Size: 2611 bytes --]

Index: qemu/vl.c
===================================================================
--- qemu.orig/vl.c	2007-05-20 18:58:14.000000000 +0000
+++ qemu/vl.c	2007-05-20 19:36:53.000000000 +0000
@@ -4195,6 +4195,7 @@
         }
         nd->vlan = vlan;
         nb_nics++;
+        vlan->nb_guest_devs++;
         ret = 0;
     } else
     if (!strcmp(device, "none")) {
@@ -4207,6 +4208,7 @@
         if (get_param_value(buf, sizeof(buf), "hostname", p)) {
             pstrcpy(slirp_hostname, sizeof(slirp_hostname), buf);
         }
+        vlan->nb_host_devs++;
         ret = net_slirp_init(vlan);
     } else
 #endif
@@ -4217,6 +4219,7 @@
             fprintf(stderr, "tap: no interface name\n");
             return -1;
         }
+        vlan->nb_host_devs++;
         ret = tap_win32_init(vlan, ifname);
     } else
 #else
@@ -4236,6 +4239,7 @@
             if (get_param_value(setup_script, sizeof(setup_script), "script", p) == 0) {
                 pstrcpy(setup_script, sizeof(setup_script), DEFAULT_NETWORK_SCRIPT);
             }
+            vlan->nb_host_devs++;
             ret = net_tap_init(vlan, ifname, setup_script);
         }
     } else
@@ -4257,6 +4261,7 @@
             fprintf(stderr, "Unknown socket options: %s\n", p);
             return -1;
         }
+        vlan->nb_host_devs++;
     } else
     {
         fprintf(stderr, "Unknown network device: %s\n", device);
@@ -6992,6 +6997,7 @@
     int usb_devices_index;
     int fds[2];
     const char *pid_file = NULL;
+    VLANState *vlan;
 
     LIST_INIT (&vm_change_state_head);
 #ifndef _WIN32
@@ -7611,6 +7617,19 @@
         if (net_client_init(net_clients[i]) < 0)
             exit(1);
     }
+    for(vlan = first_vlan; vlan != NULL; vlan = vlan->next) {
+        if (vlan->nb_guest_devs == 0 && vlan->nb_host_devs == 0)
+            continue;
+        if (vlan->nb_guest_devs == 0) {
+            fprintf(stderr, "Invalid vlan (%d) with no nics\n", vlan->id);
+            exit(1);
+        }
+        if (vlan->nb_host_devs == 0) {
+            fprintf(stderr,
+                    "Warning: vlan %d is not connected to host network\n",
+                    vlan->id);
+        }
+    }
 
 #ifdef TARGET_I386
     if (boot_device == 'n') {
Index: qemu/vl.h
===================================================================
--- qemu.orig/vl.h	2007-05-20 19:01:59.000000000 +0000
+++ qemu/vl.h	2007-05-20 19:30:16.000000000 +0000
@@ -389,6 +389,7 @@
     int id;
     VLANClientState *first_client;
     struct VLANState *next;
+    int nb_guest_devs, nb_host_devs;
 } VLANState;
 
 VLANState *qemu_find_vlan(int id);