Re: [RFC PATCH 0/2] exec: Fix (too) short device accesses
On 5/17/20 3:51 PM, no-re...@patchew.org wrote: Patchew URL: https://patchew.org/QEMU/20200517113804.9063-1-f4...@amsat.org/ Hi, This series failed the docker-quick@centos7 build test. Please find the testing commands and their output below. If you have Docker installed, you can probably reproduce it locally. === TEST SCRIPT BEGIN === #!/bin/bash make docker-image-centos7 V=1 NETWORK=1 time make docker-test-quick@centos7 SHOW_ENV=1 J=14 NETWORK=1 === TEST SCRIPT END === TESTcheck-qtest-x86_64: tests/qtest/tpm-crb-swtpm-test TESTcheck-qtest-x86_64: tests/qtest/tpm-crb-test ** ERROR:/tmp/qemu-test/src/tests/qtest/tpm-crb-test.c:53:tpm_crb_test: assertion failed (caddr > TPM_CRB_ADDR_BASE): (-1 > 4275306496) ERROR - Bail out! ERROR:/tmp/qemu-test/src/tests/qtest/tpm-crb-test.c:53:tpm_crb_test: assertion failed (caddr > TPM_CRB_ADDR_BASE): (-1 > 4275306496) make: *** [check-qtest-x86_64] Error 1 make: *** Waiting for unfinished jobs qemu-system-aarch64: -accel kvm: invalid accelerator kvm qemu-system-aarch64: falling back to tcg --- TESTcheck-qtest-aarch64: tests/qtest/test-hmp TESTcheck-qtest-aarch64: tests/qtest/qos-test ** ERROR:/tmp/qemu-test/src/tests/qtest/sdhci-test.c:42:check_capab_capareg: assertion failed (capab == expec_capab): (0x == 0x280737ec6481) ERROR - Bail out! ERROR:/tmp/qemu-test/src/tests/qtest/sdhci-test.c:42:check_capab_capareg: assertion failed (capab == expec_capab): (0x == 0x280737ec6481) make: *** [check-qtest-aarch64] Error 1 In both cases we abuse of 64-bit access to do 2x 32-bit ones, and there is no check of MEMTX_ERROR. Actually since the memory transaction attributes are quite recent (2015), in most of the code there is no error check. Quick grep for ignored return value: hw/vfio/pci-quirks.c:1061: memory_region_dispatch_write(&vdev->pdev.msix_table_mmio, hw/vfio/pci-quirks.c:1093: memory_region_dispatch_read(&vdev->pdev.msix_table_mmio, offset, hw/virtio/virtio-pci.c:556:memory_region_dispatch_write(mr, addr, val, size_memop(len) | MO_LE, hw/virtio/virtio-pci.c:580:memory_region_dispatch_read(mr, addr, &val, size_memop(len) | MO_LE, address_space_stl*(..., MemTxResult *result) with result = NULL: hw/arm/aspeed.c:166:address_space_stl_notdirty(as, AST_SMP_MBOX_FIELD_GOSIGN, 0, hw/arm/boot.c:282:address_space_stl_notdirty(as, info->smp_bootreg_addr, hw/arm/boot.c:293:address_space_stl_notdirty(as, p, value, \ hw/arm/highbank.c:91: address_space_stl_notdirty(&address_space_memory, hw/arm/highbank.c:95: address_space_stl_notdirty(&address_space_memory, hw/arm/highbank.c:99: address_space_stl_notdirty(&address_space_memory, hw/i386/amd_iommu.c:162: address_space_stl_le(&address_space_memory, msg.address, msg.data, hw/pci/msi.c:340:address_space_stl_le(&dev->bus_master_as, msg.address, msg.data, hw/s390x/css.c:1539:address_space_stl(&address_space_memory, sch->curr_status.mba, count, hw/sh4/r2d.c:330:address_space_stl(&address_space_memory, SH7750_BCR1, 1 << 3, target/i386/helper.c:1141:address_space_stl_notdirty(as, addr, val, attrs, NULL); target/i386/helper.c:1161:address_space_stl(as, addr, val, attrs, NULL); target/i386/misc_helper.c:82:address_space_stl(&address_space_io, port, data, target/xtensa/op_helper.c:214: address_space_stl(env->address_space_er, addr, data,
Re: [RFC PATCH 0/2] exec: Fix (too) short device accesses
Patchew URL: https://patchew.org/QEMU/20200517113804.9063-1-f4...@amsat.org/ Hi, This series failed the asan build test. Please find the testing commands and their output below. If you have Docker installed, you can probably reproduce it locally. === TEST SCRIPT BEGIN === #!/bin/bash export ARCH=x86_64 make docker-image-fedora V=1 NETWORK=1 time make docker-test-debug@fedora TARGET_LIST=x86_64-softmmu J=14 NETWORK=1 === TEST SCRIPT END === PASS 1 fdc-test /x86_64/fdc/cmos PASS 2 fdc-test /x86_64/fdc/no_media_on_start PASS 3 fdc-test /x86_64/fdc/read_without_media ==6160==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases! PASS 4 fdc-test /x86_64/fdc/media_change PASS 5 fdc-test /x86_64/fdc/sense_interrupt PASS 6 fdc-test /x86_64/fdc/relative_seek --- PASS 32 test-opts-visitor /visitor/opts/range/beyond PASS 33 test-opts-visitor /visitor/opts/dict/unvisited MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-coroutine -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-coroutine" ==6208==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases! ==6208==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7ffe0bfae000; bottom 0x7f19bb52; size: 0x00e450a8e000 (980605788160) False positive error reports may follow For details see https://github.com/google/sanitizers/issues/189 PASS 1 test-coroutine /basic/no-dangling-access --- PASS 12 test-aio /aio/event/flush PASS 13 test-aio /aio/event/wait/no-flush-cb PASS 14 test-aio /aio/timer/schedule ==6223==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases! PASS 15 test-aio /aio/coroutine/queue-chaining PASS 16 test-aio /aio-gsource/flush PASS 17 test-aio /aio-gsource/bh/schedule --- PASS 12 fdc-test /x86_64/fdc/read_no_dma_19 PASS 13 fdc-test /x86_64/fdc/fuzz-registers MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 QTEST_QEMU_IMG=qemu-img tests/qtest/ide-test -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="ide-test" ==6231==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases! PASS 1 ide-test /x86_64/ide/identify PASS 28 test-aio /aio-gsource/timer/schedule MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-aio-multithread -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-aio-multithread" ==6237==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases! ==6243==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases! PASS 1 test-aio-multithread /aio/multi/lifecycle PASS 2 ide-test /x86_64/ide/flush ==6257==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases! PASS 3 ide-test /x86_64/ide/bmdma/simple_rw PASS 2 test-aio-multithread /aio/multi/schedule ==6263==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases! PASS 4 ide-test /x86_64/ide/bmdma/trim PASS 3 test-aio-multithread /aio/multi/mutex/contended ==6274==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases! PASS 4 test-aio-multithread /aio/multi/mutex/handoff PASS 5 test-aio-multithread /aio/multi/mutex/mcs PASS 6 test-aio-multithread /aio/multi/mutex/pthread MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-throttle -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-throttle" ==6296==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases! PASS 1 test-throttle /throttle/leak_bucket PASS 2 test-throttle /throttle/compute_wait PASS 3 test-throttle /throttle/init --- PASS 14 test-throttle /throttle/config/max PASS 15 test-throttle /throttle/config/iops_size MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-thread-pool -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-thread-pool" ==6300==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases! PASS 1 test-thread-pool /thread-pool/submit PASS 2 test-thread-pool /thread-pool/submit-aio PASS 3 test-thread-pool /thread-pool/submit-co PASS 4 test-thread-pool /thread-pool/submit-many ==6302==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases! PASS 5 test-thread-pool /thread-pool/cancel PASS 6 test-thread-pool /thread-pool/cancel-async MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 +
Re: [RFC PATCH 0/2] exec: Fix (too) short device accesses
Patchew URL: https://patchew.org/QEMU/20200517113804.9063-1-f4...@amsat.org/ Hi, This series failed the docker-quick@centos7 build test. Please find the testing commands and their output below. If you have Docker installed, you can probably reproduce it locally. === TEST SCRIPT BEGIN === #!/bin/bash make docker-image-centos7 V=1 NETWORK=1 time make docker-test-quick@centos7 SHOW_ENV=1 J=14 NETWORK=1 === TEST SCRIPT END === TESTcheck-qtest-x86_64: tests/qtest/tpm-crb-swtpm-test TESTcheck-qtest-x86_64: tests/qtest/tpm-crb-test ** ERROR:/tmp/qemu-test/src/tests/qtest/tpm-crb-test.c:53:tpm_crb_test: assertion failed (caddr > TPM_CRB_ADDR_BASE): (-1 > 4275306496) ERROR - Bail out! ERROR:/tmp/qemu-test/src/tests/qtest/tpm-crb-test.c:53:tpm_crb_test: assertion failed (caddr > TPM_CRB_ADDR_BASE): (-1 > 4275306496) make: *** [check-qtest-x86_64] Error 1 make: *** Waiting for unfinished jobs qemu-system-aarch64: -accel kvm: invalid accelerator kvm qemu-system-aarch64: falling back to tcg --- TESTcheck-qtest-aarch64: tests/qtest/test-hmp TESTcheck-qtest-aarch64: tests/qtest/qos-test ** ERROR:/tmp/qemu-test/src/tests/qtest/sdhci-test.c:42:check_capab_capareg: assertion failed (capab == expec_capab): (0x == 0x280737ec6481) ERROR - Bail out! ERROR:/tmp/qemu-test/src/tests/qtest/sdhci-test.c:42:check_capab_capareg: assertion failed (capab == expec_capab): (0x == 0x280737ec6481) make: *** [check-qtest-aarch64] Error 1 Traceback (most recent call last): File "./tests/docker/docker.py", line 664, in sys.exit(main()) --- raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '['sudo', '-n', 'docker', 'run', '--label', 'com.qemu.instance.uuid=8698b64c360548299a7f28563cb6de79', '-u', '1003', '--security-opt', 'seccomp=unconfined', '--rm', '-e', 'TARGET_LIST=', '-e', 'EXTRA_CONFIGURE_OPTS=', '-e', 'V=', '-e', 'J=14', '-e', 'DEBUG=', '-e', 'SHOW_ENV=1', '-e', 'CCACHE_DIR=/var/tmp/ccache', '-v', '/home/patchew2/.cache/qemu-docker-ccache:/var/tmp/ccache:z', '-v', '/var/tmp/patchew-tester-tmp-363f6c9j/src/docker-src.2020-05-17-09.37.01.12018:/var/tmp/qemu:z,ro', 'qemu:centos7', '/var/tmp/qemu/run', 'test-quick']' returned non-zero exit status 2. filter=--filter=label=com.qemu.instance.uuid=8698b64c360548299a7f28563cb6de79 make[1]: *** [docker-run] Error 1 make[1]: Leaving directory `/var/tmp/patchew-tester-tmp-363f6c9j/src' make: *** [docker-run-test-quick@centos7] Error 2 real14m51.866s user0m8.150s The full log is available at http://patchew.org/logs/20200517113804.9063-1-f4...@amsat.org/testing.docker-quick@centos7/?type=message. --- Email generated automatically by Patchew [https://patchew.org/]. Please send your feedback to patchew-de...@redhat.com
[RFC PATCH 0/2] exec: Fix (too) short device accesses
Something noticed while debugging Alexander's bug report "Hang with high CPU usage in sdhci_data_transfer": https://bugs.launchpad.net/qemu/+bug/1878054 The flatview ignores the MemoryRegion minimum access size. It seems related to a similar issue Julia had with PCI devices. Not sure it is safe enough, have performance penalties and so on, so RFC. Philippe Mathieu-Daudé (2): exec: Let memory_access_size() consider minimum valid access size exec: Do not let flatview_read/write_continue do (too) short accesses exec.c | 42 +++--- 1 file changed, 31 insertions(+), 11 deletions(-) -- 2.21.3