|
From: | Anushree Mathur |
Subject: | Re: qemu-system-ppc64 option -smp 2 broken with commit 20b6643324a79860dcdfe811ffe4a79942bca21e |
Date: | Wed, 12 Jul 2023 14:04:38 +0530 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.10.0 |
Hi Alex, On 6/23/23 20:52, Alex Bennée wrote:
Cédric Le Goater <clg@kaod.org> writes:Hello Anushree, On 6/23/23 13:09, Anushree Mathur wrote:Hi everyone, I was trying to boot rhel9.3 image with upstream qemu-system-ppc64 -smp 2 option and observed a segfault (qemu crash). qemu command line used: qemu-system-ppc64 -name Rhel9.3.ppc64le -smp 2 -m 16G -vga none -nographic -machine pseries -cpu POWER10 -accel tcg -device virtio-scsi-pci -drive file=/home/rh93.qcow2,if=none,format=qcow2,id=hd0 -device scsi-hd,drive=hd0 -boot c After doing a git bisect, I found the first bad commit which introduced this issue is below:Could you please open a gitlab issue on QEMU project ? https://gitlab.com/qemu-project/qemu/-/issuesIs it broken generated code that faults or does the goto_tb code break the execution sequence in some subtle way further down the line? If you can isolate the guest address the output from: -dfilter 0xBADADDR+0x100 -d in_asm,op,out_asm
I tried as suggested above but didn't get much info collected. I have shared my observation on the gitlab issue page. https://gitlab.com/qemu-project/qemu/-/issues/1726 Thanks, Anushree-Mathur
would be useful for the bug report. Although conceivably the out_asm output might make sense at translation time and then be broken when it is patched. Having rr on power would be really useful to debug this sort of thing.Thanks, C.[qemu]# git bisect good 20b6643324a79860dcdfe811ffe4a79942bca21e is the first bad commit commit 20b6643324a79860dcdfe811ffe4a79942bca21e Author: Richard Henderson <richard.henderson@linaro.org> Date: Mon Dec 5 17:45:02 2022 -0600 tcg/ppc: Reorg goto_tb implementation The old ppc64 implementation replaces 2 or 4 insns, which leaves a race condition in which a thread could be stopped at a PC in the middle of the sequence, and when restarted does not see the complete address computation and branches to nowhere. The new implemetation replaces only one insn, swapping between b <dest> and mtctr r31 falling through to a general-case indirect branch. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> tcg/ppc/tcg-target.c.inc | 152 +++++++++++++---------------------------------- tcg/ppc/tcg-target.h | 3 +- 2 files changed, 41 insertions(+), 114 deletions(-) [qemu]# Can someone please take a look and suggest a fix to resolve this issue? Thanks in advance. Regards, Anushree-Mathur
[Prev in Thread] | Current Thread | [Next in Thread] |