01.04.2024 09:02, Michael Tokarev:
Anyone can guess why this rather trivial and obviously correct patch causes
segfaults
in a few tests in staging-7.2 - when run in tcg mode, namely:
pxe-test
migration-test
boot-serial-test
bios-tables-test
vmgenid-test
cdrom-test
When reverting this single commit from staging-7.2, it all works fine again.
It sigsegvs in probe_access_internal():
CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr); -- this one returns NULL,
and next there's a call
tlb_addr = tlb_read_ofs(entry, elt_ofs);
which fails.
#0 0x0000555555c5de8a in tlb_read_ofs (ofs=8, entry=0x0) at
7.2/accel/tcg/cputlb.c:1455
#1 probe_access_internal
(env=0x555556a862a0, addr=4294967280, fault_size=fault_size@entry=1, access_type=access_type@entry=MMU_INST_FETCH, mmu_idx=5,
nonfault=nonfault@entry=false, phost=0x7fffea4d32a0, pfull=0x7fffea4d3298, retaddr=0)
at 7.2/accel/tcg/cputlb.c:1555
#2 0x0000555555c62aba in get_page_addr_code_hostp
(env=<optimized out>, addr=addr@entry=4294967280, hostp=hostp@entry=0x0)
at 7.2/accel/tcg/cputlb.c:1691
#3 0x0000555555c52b54 in get_page_addr_code (addr=4294967280, env=<optimized
out>)
at 7.2/include/exec/exec-all.h:714
#4 tb_htable_lookup
(cpu=cpu@entry=0x555556a85530, pc=pc@entry=4294967280, cs_base=cs_base@entry=4294901760, flags=flags@entry=64, cflags=cflags@entry=4278190080) at
7.2/accel/tcg/cpu-exec.c:236
#5 0x0000555555c53e8e in tb_lookup
(cflags=4278190080, flags=64, cs_base=4294901760, pc=4294967280,
cpu=0x555556a85530)
at 7.2/accel/tcg/cpu-exec.c:270
#6 cpu_exec (cpu=cpu@entry=0x555556a85530) at 7.2/accel/tcg/cpu-exec.c:1001
#7 0x0000555555c75d2f in tcg_cpus_exec (cpu=cpu@entry=0x555556a85530)
at 7.2/accel/tcg/tcg-accel-ops.c:69
#8 0x0000555555c75e80 in mttcg_cpu_thread_fn (arg=arg@entry=0x555556a85530)
at 7.2/accel/tcg/tcg-accel-ops-mttcg.c:95
#9 0x0000555555ded098 in qemu_thread_start (args=0x555556adac40)
at 7.2/util/qemu-thread-posix.c:505
#10 0x00007ffff5793134 in start_thread (arg=<optimized out>)
#11 0x00007ffff58137dc in clone3 ()
I'm removing this whole set from 7.2 for now:
2cc68629a6fc target/i386: fix direction of "32-bit MMU" test
90f641531c78 target/i386: use separate MMU indexes for 32-bit accesses
5f97afe2543f target/i386: introduce function to query MMU indices
This leaves us with
b1661801c184 "target/i386: Fix physical address truncation"
but without its fix, 2cc68629a6fc.
It looks like I should revert b1661801c184 from 7.2 too, re-opening
https://gitlab.com/qemu-project/qemu/-/issues/2040 - since to me it isn't
clear if this change actually fixes this issue or not without the
previous change, 90f641531c78, which is missing from 7.2.10.
At the very least this will simplify possible another attempt to cherry-pick
these changes to 7.2.
Thanks,
/mjt
