[Qemu-devel] linux-user crashes on clone(2) when run on ppc host

All the mail mirrored from lore.kernel.org
 help / color / mirror / Atom feed

From: "Emilio G. Cota" <cota@braap.org>
To: Alexander Graf <agraf@suse.de>
Cc: Riku Voipio <riku.voipio@iki.fi>,
	qemu-ppc@nongnu.org, QEMU Developers <qemu-devel@nongnu.org>
Subject: [Qemu-devel] linux-user crashes on clone(2) when run on ppc host
Date: Tue, 16 Jun 2015 20:52:22 -0400	[thread overview]
Message-ID: <20150617005222.GA18884@flamenco> (raw)

Hi,

I'm having trouble running a simple multithreaded program on a PowerPC host machine.

The machine I'm using is a ppc VM--I think it's running under KVM (I'm using
OVH's RunAbove Power8 service):
  admin@adsf:~/qemu$ uname -a
  Linux adsf 3.13.0-37-generic #64-Ubuntu SMP Mon Sep 22 21:27:09 UTC 2014 ppc64le ppc64le ppc64le GNU/Linux

The original program I tried was doing pthread_create, and it was segfaulting.
Then I distilled it to a simpler test program taken from
  https://lists.gnu.org/archive/html/qemu-devel/2005-10/msg00251.html
, which is simply doing a clone(2):

/* gcc -O0 -g -o foo foo.c -pthread -static */
#define _GNU_SOURCE
#include <sched.h>
#include <signal.h>
#include <stdio.h>
#include <sys/types.h>

int thread_main(void *arg)
{
    printf("child: Hello world!\n");
    while(1)
	;
    return 0;
}

unsigned long stack[8192];

int main()
{
    int pid;

    printf("About to clone: thread_main=%p\n", thread_main);
    pid = clone(thread_main, stack+4096, CLONE_VM, NULL);
    if(pid == -1) {
        perror("clone");
        return 1;
    }
    printf("parent: clone successful; child pid is %d\n", pid);
    printf("parent: sleeping a bit\n");
    sleep(2);
    printf("parent: killing process\n");
    kill(pid, SIGTERM);
    return 0;
}

Doesn't work (linux-user on ppc64le host):
- x86_64 static binary, compiled natively
- ppc static binary, cross-compiled from x86 host
- ppc64le static binary, compiled natively on the ppc64le host
- ppc64le binary (i.e. non-static), compiled natively on the ppc64le host
- ppc64 binary, compiled natively on ppc64 host (running ppc64-linux-user)

Works:
- Any of the above running on x86_64 host (linux-user or native)
- ppc64le binary running natively on ppc64le host

The current HEAD of the tree is:
  commit 93f6d1c16036aaf34055d16f54ea770fb8d6d280
  Merge: 4316536 7a4dfd1
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   Tue Jun 16 10:35:43 2015 +0100

I've tried older versions of qemu (e.g. v2.0, v1.7) and they don't work either.

The segfault for the ppc64le static binary is as follows:

admin@adsf:~/qemu$ ppc64le-linux-user/qemu-ppc64le foo
About to clone: thread_main=0x100008f0
Invalid data memory access: 0x00003fffa2f8a720
NIP 00000040009aeec8   LR 0000000010000660 CTR 00000040009aee68 XER 0000000000000000 CPU#1
MSR 8000000002806001 HID0 0000000000000000  HF 0000000002806001 idx 0
TB 00000000 00000000
GPR00 0000000000000078 0000000010019030 0000004000a52800 0000000000000000
GPR04 0000000010019030 0000000000000027 0000000000000000 0000000000000001
GPR08 0000000000000000 0000000000000001 0000000000000000 0000000000000007
GPR12 00000040009aee68 0000004000a57b60 0000000000000000 0000000000000000
GPR16 0000000000000000 0000000000000000 0000000000000000 0000000000000000
GPR20 0000000000000000 0000000000000000 0000000000000000 0000000000000000
GPR24 0000000000000000 0000000000000000 0000000000000000 000000400084be10
GPR28 000000400084c148 0000000000000100 00000000100008f0 0000000000000000
CR 42000884  [ G  E  -  -  -  L  L  G  ]             RES ffffffffffffffff
FPR00 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR04 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR08 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR12 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR16 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR20 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR24 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR28 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPSCR 0000000000000000
Invalid segfault errno (42000000)
NIP 00000040009aeec8   LR 0000000010000660 CTR 00000040009aee68 XER 0000000000000000 CPU#1
MSR 8000000002806001 HID0 0000000000000000  HF 0000000002806001 idx 0
TB 00000000 00000000
GPR00 0000000000000078 0000000010019030 0000004000a52800 0000000000000000
GPR04 0000000010019030 0000000000000027 0000000000000000 0000000000000001
GPR08 0000000000000000 0000000000000001 0000000000000000 0000000000000007
GPR12 00000040009aee68 0000004000a57b60 0000000000000000 0000000000000000
GPR16 0000000000000000 0000000000000000 0000000000000000 0000000000000000
GPR20 0000000000000000 0000000000000000 0000000000000000 0000000000000000
GPR24 0000000000000000 0000000000000000 0000000000000000 000000400084be10
GPR28 000000400084c148 0000000000000100 00000000100008f0 0000000000000000
CR 42000884  [ G  E  -  -  -  L  L  G  ]             RES ffffffffffffffff
FPR00 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR04 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR08 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR12 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR16 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR20 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR24 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR28 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPSCR 0000000000000000

^C

gdb stack trace:
[...]
Using host libthread_db library "/lib/powerpc64le-linux-gnu/libthread_db.so.1".
[New Thread 0x3fffb7aaf170 (LWP 12287)]
About to clone: thread_main=0x100007f4
[New Thread 0x3fffb3a7f170 (LWP 12288)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x3fffb3a7f170 (LWP 12288)]
0x0000000060014828 in ppc_tb_set_jmp_target (jmp_addr=<error reading variable: Cannot access memory at address 0x3fffb3a2a748>, addr=<error reading variable: Cannot access memory at address 0x3fffb3a2a740>) at /home/admin/qemu/tcg/ppc/tcg-target.c:1247
1247    {
(gdb) bt
#0  0x0000000060014828 in ppc_tb_set_jmp_target (jmp_addr=<error reading variable: Cannot access memory at address 0x3fffb3a2a748>, addr=<error reading variable: Cannot access memory at address 0x3fffb3a2a740>) at /home/admin/qemu/tcg/ppc/tcg-target.c:1247
#1  0x0000000060009ce0 in tb_set_jmp_target (tb=0x3fffb3adf4f0, n=0, addr=1614371232) at /home/admin/qemu/include/exec/exec-all.h:286
#2  0x000000006000b648 in tb_reset_jump (tb=0x3fffb3adf4f0, n=0) at /home/admin/qemu/translate-all.c:907
#3  0x000000006000c5d0 in tb_link_page (tb=0x3fffb3adf4f0, phys_pc=274888060616, phys_page2=18446744073709551615) at /home/admin/qemu/translate-all.c:1363
#4  0x000000006000bccc in tb_gen_code (cpu=0x6241b570, pc=274888060616, cs_base=0, flags=41967617, cflags=0) at /home/admin/qemu/translate-all.c:1034
#5  0x000000006000e6f0 in tb_find_slow (env=0x62423990, pc=274888060616, cs_base=0, flags=41967617) at /home/admin/qemu/cpu-exec.c:299
#6  0x000000006000ea14 in tb_find_fast (env=0x62423990) at /home/admin/qemu/cpu-exec.c:327
#7  0x000000006000efe4 in cpu_ppc_exec (env=0x62423990) at /home/admin/qemu/cpu-exec.c:485
#8  0x00000000600716e4 in cpu_loop (env=0x62423990) at /home/admin/qemu/linux-user/main.c:1569
#9  0x0000000060083c50 in clone_func (arg=0x3fffffffcbb8) at /home/admin/qemu/linux-user/syscall.c:4536
#10 0x00003fffb7cc89d8 in start_thread (arg=0x3fffb3a7f170) at pthread_create.c:314
#11 0x00003fffb7c1ef00 in clone () at ../sysdeps/unix/sysv/linux/powerpc/powerpc64/clone.S:104


Can you reproduce this on a real host? I wonder whether the fact that the
host here is a VM has to do with it.

Thanks,

		Emilio

next             reply	other threads:[~2015-06-17  0:51 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-06-17  0:52 Emilio G. Cota [this message]
2015-06-17  8:58 ` [Qemu-devel] linux-user crashes on clone(2) when run on ppc host Peter Maydell
2015-06-17 21:36   ` Emilio G. Cota
2015-06-18  7:42     ` Peter Maydell
2015-06-18 14:23       ` Emilio G. Cota
2015-06-18 14:55         ` Peter Maydell
2015-06-18 18:36           ` Emilio G. Cota

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150617005222.GA18884@flamenco \
    --to=cota@braap.org \
    --cc=agraf@suse.de \
    --cc=qemu-devel@nongnu.org \
    --cc=qemu-ppc@nongnu.org \
    --cc=riku.voipio@iki.fi \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.