On Tue, Apr 30, 2024 at 02:27:54PM +0200, Philippe Mathieu-Daudé wrote:
> Missing WASM testing by Ilya (branch available at
> https://gitlab.com/philmd/qemu/-/commits/tcg_flush_jmp_cache)
Hmm, it dies very early now:
# gdb --args ./qemu-s390x -L /usr/s390x-linux-gnu
/build/wasmtime/target/s390x-unknown-linux-gnu/debug/deps/component_fuzz_util-d10a3a6b4ad8af47
Thread 1 "qemu-s390x" received signal SIGSEGV, Segmentation fault.
0x000055555559b718 in cpu_common_realizefn (dev=0x5555557c28c0,
errp=<optimized out>) at ../home/iii/myrepos/qemu/hw/core/cpu-common.c:217
217 cpu->accel->plugin_state = qemu_plugin_create_vcpu_state();
(gdb) bt
#0 0x000055555559b718 in cpu_common_realizefn (dev=0x5555557c28c0,
errp=<optimized out>) at ../home/iii/myrepos/qemu/hw/core/cpu-common.c:217
#1 0x000055555559f59a in s390_cpu_realizefn (dev=0x5555557c28c0,
errp=0x7fffffffe1a0) at ../home/iii/myrepos/qemu/target/s390x/cpu.c:284
#2 0x000055555563f76b in device_set_realized (obj=<optimized out>,
value=<optimized out>, errp=0x7fffffffe2e0) at
../home/iii/myrepos/qemu/hw/core/qdev.c:510
#3 0x000055555564363d in property_set_bool (obj=0x5555557c28c0, v=<optimized
out>, name=<optimized out>, opaque=0x5555557a9140, errp=0x7fffffffe2e0) at
../home/iii/myrepos/qemu/qom/object.c:2362
#4 0x0000555555646b9b in object_property_set (obj=obj@entry=0x5555557c28c0,
name=name@entry=0x5555556e8ae2 "realized", v=v@entry=0x5555557c6650,
errp=errp@entry=0x7fffffffe2e0)
at ../home/iii/myrepos/qemu/qom/object.c:1471
#5 0x000055555564a43f in object_property_set_qobject
(obj=obj@entry=0x5555557c28c0, name=name@entry=0x5555556e8ae2 "realized",
value=value@entry=0x5555557a7a90, errp=errp@entry=0x7fffffffe2e0)
at ../home/iii/myrepos/qemu/qom/qom-qobject.c:28
#6 0x0000555555647204 in object_property_set_bool (obj=0x5555557c28c0,
name=name@entry=0x5555556e8ae2 "realized", value=value@entry=true,
errp=errp@entry=0x7fffffffe2e0)
at ../home/iii/myrepos/qemu/qom/object.c:1541
#7 0x000055555564025c in qdev_realize (dev=<optimized out>,
bus=bus@entry=0x0, errp=errp@entry=0x7fffffffe2e0) at
../home/iii/myrepos/qemu/hw/core/qdev.c:291
#8 0x000055555559bbb4 in cpu_create (typename=<optimized out>) at
../home/iii/myrepos/qemu/hw/core/cpu-common.c:61
#9 0x000055555559a467 in main (argc=4, argv=0x7fffffffeaa8, envp=<optimized
out>) at ../home/iii/myrepos/qemu/linux-user/main.c:811
(gdb) p cpu
$1 = (CPUState *) 0x5555557c28c0
(gdb) p cpu->accel
$2 = (AccelCPUState *) 0x0
Configured with: '/home/iii/myrepos/qemu/configure'
'--target-list=s390x-linux-user' '--disable-tools' '--disable-slirp'
'--disable-fdt' '--disable-capstone' '--disable-docs'
If you don't see what can be wrong here right away, I can debug this.
> Since v2:
> - Move cpu_loop_exit_requested() to "exec/cpu-loop.h"
> - Added R-b tags
>
> Since v1:
> - First 13 patches queued
> - Restrict qemu_plugin_vcpu_exit_hook() to (TCG) plugins
> - Restrict cpu_plugin_mem_cbs_enabled() to TCG (plugins)
> - Addressed Richard review comments on the others:
> - Move cpu_plugin_mem_cbs_enabled()
> - Do not move mem_io_pc, waiting for [*]
> - Mention can_do_io restricted
>
> Finish extracting TCG fields from CPUState:
> - Extract tcg_cpu_exit() from cpu_exit()
> - Introduce AccelOpsClass::exit_vcpu_thread()
> - cpu_exit() calls exit_vcpu_thread=tcg_cpu_exit for TCG
> - Forward declare TaskState and more uses of get_task_state()
> - Introduce TCG AccelCPUState
> - Move TCG specific fields from CPUState to AccelCPUState
> - Restrict "exec/tlb-common.h" to TCG
> - Restrict iommu_notifiers, icount to system emulation
>
> [*]
> https://lore.kernel.org/qemu-devel/20240416040609.1313605-3-richard.hender...@linaro.org/
>
> Based-on: https://gitlab.com/philmd/qemu/-/commits/accel-next
>
> Philippe Mathieu-Daudé (13):
> accel/tcg: Restrict qemu_plugin_vcpu_exit_hook() to TCG plugins
> accel/tcg: Restrict cpu_plugin_mem_cbs_enabled() to TCG
> accel/tcg: Move @plugin_mem_cbs from CPUState to
> CPUNegativeOffsetState
> accel/tcg: Move @plugin_state from CPUState to TCG AccelCPUState
> accel/tcg: Restrict cpu_loop_exit_requested() to TCG
> accel/tcg: Restrict IcountDecr / can_do_io / CPUTLB to TCG
> accel/tcg: Move @jmp_env from CPUState to TCG AccelCPUState
> accel/tcg: Move @cflags_next_tb from CPUState to TCG AccelCPUState
> accel/tcg: Move @iommu_notifiers from CPUState to TCG AccelCPUState
> accel/tcg: Move @tcg_cflags from CPUState to TCG AccelCPUState
> accel/tcg: Restrict icount to system emulation
> accel/tcg: Move icount fields from CPUState to TCG AccelCPUState
> accel/tcg: Move @tb_jmp_cache from CPUState to TCG AccelCPUState
>
> accel/tcg/internal-common.h | 18 ++++++++++
> accel/tcg/tb-jmp-cache.h | 4 +--
> accel/tcg/tcg-accel-ops.h | 1 +
> accel/tcg/vcpu-state.h | 20 +++++++++++
> include/exec/cpu-loop.h | 35 +++++++++++++++++++
> include/exec/exec-all.h | 17 ----------
> include/exec/tlb-common.h | 4 +++
> include/hw/core/cpu.h | 58 ++++++++------------------------
> include/qemu/plugin.h | 2 +-
> include/qemu/typedefs.h | 1 -
> accel/tcg/cpu-exec-common.c | 2 +-
> accel/tcg/cpu-exec.c | 52 +++++++++++++++-------------
> accel/tcg/cputlb.c | 2 +-
> accel/tcg/icount-common.c | 7 ++--
> accel/tcg/plugin-gen.c | 9 +++--
> accel/tcg/tb-maint.c | 6 ++--
> accel/tcg/tcg-accel-ops-icount.c | 14 ++++----
> accel/tcg/tcg-accel-ops.c | 2 ++
> accel/tcg/translate-all.c | 9 ++---
> accel/tcg/watchpoint.c | 5 +--
> hw/core/cpu-common.c | 9 +++--
> linux-user/main.c | 2 +-
> plugins/core.c | 9 ++---
> system/physmem.c | 37 +++++++++++++++-----
> target/arm/tcg/helper-a64.c | 1 +
> target/s390x/tcg/mem_helper.c | 1 +
> 26 files changed, 195 insertions(+), 132 deletions(-)
> create mode 100644 include/exec/cpu-loop.h
>
> --
> 2.41.0
>
