Re: [PATCH v3 00/13] exec: Rework around CPUState user fields (part 2)

Philippe Mathieu-Daudé Thu, 02 May 2024 03:27:59 -0700

On 30/4/24 23:42, Ilya Leoshkevich wrote:

On Tue, Apr 30, 2024 at 09:00:17PM +0200, Philippe Mathieu-Daudé wrote:

On 30/4/24 20:45, Philippe Mathieu-Daudé wrote:

Hi Ilya,


On 30/4/24 19:55, Ilya Leoshkevich wrote:

On Tue, Apr 30, 2024 at 02:27:54PM +0200, Philippe Mathieu-Daudé wrote:

Missing WASM testing by Ilya (branch available at
https://gitlab.com/philmd/qemu/-/commits/tcg_flush_jmp_cache)


Hmm, it dies very early now:

    # gdb --args ./qemu-s390x -L /usr/s390x-linux-gnu 
/build/wasmtime/target/s390x-unknown-linux-gnu/debug/deps/component_fuzz_util-d10a3a6b4ad8af47

    Thread 1 "qemu-s390x" received signal SIGSEGV, Segmentation fault.
    0x000055555559b718 in cpu_common_realizefn (dev=0x5555557c28c0,
errp=<optimized out>) at
../home/iii/myrepos/qemu/hw/core/cpu-common.c:217
    217             cpu->accel->plugin_state =
qemu_plugin_create_vcpu_state();

    (gdb) bt
    #0  0x000055555559b718 in cpu_common_realizefn
(dev=0x5555557c28c0, errp=<optimized out>) at
../home/iii/myrepos/qemu/hw/core/cpu-common.c:217
    #1  0x000055555559f59a in s390_cpu_realizefn (dev=0x5555557c28c0,
errp=0x7fffffffe1a0) at
../home/iii/myrepos/qemu/target/s390x/cpu.c:284
    #2  0x000055555563f76b in device_set_realized (obj=<optimized
out>, value=<optimized out>, errp=0x7fffffffe2e0) at
../home/iii/myrepos/qemu/hw/core/qdev.c:510
    #3  0x000055555564363d in property_set_bool (obj=0x5555557c28c0,
v=<optimized out>, name=<optimized out>, opaque=0x5555557a9140,
errp=0x7fffffffe2e0) at ../home/iii/myrepos/qemu/qom/object.c:2362
    #4  0x0000555555646b9b in object_property_set
(obj=obj@entry=0x5555557c28c0, name=name@entry=0x5555556e8ae2
"realized", v=v@entry=0x5555557c6650,
errp=errp@entry=0x7fffffffe2e0)
        at ../home/iii/myrepos/qemu/qom/object.c:1471
    #5  0x000055555564a43f in object_property_set_qobject
(obj=obj@entry=0x5555557c28c0, name=name@entry=0x5555556e8ae2
"realized", value=value@entry=0x5555557a7a90,
errp=errp@entry=0x7fffffffe2e0)
        at ../home/iii/myrepos/qemu/qom/qom-qobject.c:28
    #6  0x0000555555647204 in object_property_set_bool
(obj=0x5555557c28c0, name=name@entry=0x5555556e8ae2 "realized",
value=value@entry=true, errp=errp@entry=0x7fffffffe2e0)
        at ../home/iii/myrepos/qemu/qom/object.c:1541
    #7  0x000055555564025c in qdev_realize (dev=<optimized out>,
bus=bus@entry=0x0, errp=errp@entry=0x7fffffffe2e0) at
../home/iii/myrepos/qemu/hw/core/qdev.c:291
    #8  0x000055555559bbb4 in cpu_create (typename=<optimized out>)
at ../home/iii/myrepos/qemu/hw/core/cpu-common.c:61
    #9  0x000055555559a467 in main (argc=4, argv=0x7fffffffeaa8,
envp=<optimized out>) at
../home/iii/myrepos/qemu/linux-user/main.c:811

    (gdb) p cpu
    $1 = (CPUState *) 0x5555557c28c0
    (gdb) p cpu->accel
    $2 = (AccelCPUState *) 0x0

Configured with: '/home/iii/myrepos/qemu/configure'
'--target-list=s390x-linux-user' '--disable-tools' '--disable-slirp'
'--disable-fdt' '--disable-capstone' '--disable-docs'

Now I get:

   Thread 1 "qemu-s390x" received signal SIGABRT, Aborted.
   __pthread_kill_implementation (threadid=<optimized out>, 
signo=signo@entry=6, no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44
   44      ./nptl/pthread_kill.c: No such file or directory.
   (gdb) bt
   #0  __pthread_kill_implementation (threadid=<optimized out>, 
signo=signo@entry=6, no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44
   #1  0x00007ffff7c41e8f in __pthread_kill_internal (signo=6, threadid=<optimized 
out>) at ./nptl/pthread_kill.c:78
   #2  0x00007ffff7bf2fb2 in __GI_raise (sig=sig@entry=6) at 
../sysdeps/posix/raise.c:26
   #3  0x00007ffff7bdd472 in __GI_abort () at ./stdlib/abort.c:79
   #4  0x00007ffff7bdd395 in __assert_fail_base (fmt=0x7ffff7d51a90 "%s%s%s:%u: %s%sAssertion 
`%s' failed.\n%n", assertion=assertion@entry=0x5555556d71b8 "cpu->accel",
       file=file@entry=0x5555556d70e0 "../home/iii/myrepos/qemu/cpu-target.c", 
line=line@entry=158, function=function@entry=0x5555556d7260 <__PRETTY_FUNCTION__.3> 
"cpu_exec_realizefn") at ./assert/assert.c:92
   #5  0x00007ffff7bebeb2 in __GI___assert_fail (assertion=assertion@entry=0x5555556d71b8 
"cpu->accel", file=file@entry=0x5555556d70e0 
"../home/iii/myrepos/qemu/cpu-target.c", line=line@entry=158,
       function=function@entry=0x5555556d7260 <__PRETTY_FUNCTION__.3> 
"cpu_exec_realizefn") at ./assert/assert.c:101
   #6  0x00005555555d44ca in cpu_exec_realizefn (cpu=cpu@entry=0x5555557c28c0, 
errp=errp@entry=0x7fffffffe140) at ../home/iii/myrepos/qemu/cpu-target.c:158
   #7  0x000055555559f50b in s390_cpu_realizefn (dev=0x5555557c28c0, 
errp=0x7fffffffe1a0) at ../home/iii/myrepos/qemu/target/s390x/cpu.c:261
   #8  0x000055555563f78b in device_set_realized (obj=<optimized out>, 
value=<optimized out>, errp=0x7fffffffe2e0) at 
../home/iii/myrepos/qemu/hw/core/qdev.c:510
   #9  0x000055555564365d in property_set_bool (obj=0x5555557c28c0, v=<optimized 
out>, name=<optimized out>, opaque=0x5555557a9140, errp=0x7fffffffe2e0) at 
../home/iii/myrepos/qemu/qom/object.c:2362
   #10 0x0000555555646bbb in object_property_set (obj=obj@entry=0x5555557c28c0, 
name=name@entry=0x5555556e8ae2 "realized", v=v@entry=0x5555557c6650, 
errp=errp@entry=0x7fffffffe2e0)
       at ../home/iii/myrepos/qemu/qom/object.c:1471
   #11 0x000055555564a45f in object_property_set_qobject (obj=obj@entry=0x5555557c28c0, 
name=name@entry=0x5555556e8ae2 "realized", value=value@entry=0x5555557a7a90, 
errp=errp@entry=0x7fffffffe2e0)
       at ../home/iii/myrepos/qemu/qom/qom-qobject.c:28
   #12 0x0000555555647224 in object_property_set_bool (obj=0x5555557c28c0, 
name=name@entry=0x5555556e8ae2 "realized", value=value@entry=true, 
errp=errp@entry=0x7fffffffe2e0)
       at ../home/iii/myrepos/qemu/qom/object.c:1541
   #13 0x000055555564027c in qdev_realize (dev=<optimized out>, 
bus=bus@entry=0x0, errp=errp@entry=0x7fffffffe2e0) at 
../home/iii/myrepos/qemu/hw/core/qdev.c:291
   #14 0x000055555559bb54 in cpu_create (typename=<optimized out>) at 
../home/iii/myrepos/qemu/hw/core/cpu-common.c:57
   #15 0x000055555559a467 in main (argc=4, argv=0x7fffffffeaa8, envp=<optimized 
out>) at ../home/iii/myrepos/qemu/linux-user/main.c:811


From code review I think the problem is my commit bb6cf6f016
("accel/tcg: Factor tcg_cpu_reset_hold() out") which wanted
to restrict tlb_flush() to system emulation, but inadvertently
also restricted tcg_flush_jmp_cache(), which was before called
via Realize -> Reset -> cpu_common_reset_hold(). Apparently
now this code can't happen on user emulation.

Re: [PATCH v3 00/13] exec: Rework around CPUState user fields (part 2)

Reply via email to