[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: QEMU 6.2.0: Segfault while calling address_space_init from emulated
|
From: |
Karthik Poduval |
|
Subject: |
Re: QEMU 6.2.0: Segfault while calling address_space_init from emulated device |
|
Date: |
Mon, 16 May 2022 20:31:47 -0700 |
I was able to get it to work with a workaround. After doing some gdb
debugging it shows that the system_memory global was being populated
before the m2m_scaler device was being initialized. Printing
system_meory vs mr (argumet) to the crashing function shows the
pointer value to be truncated.
(gdb) p system_memory
$1 = (MemoryRegion *) 0x555556ae16e0
(gdb) p mr
$2 = (MemoryRegion *) 0x56ae16e0
(gdb)
The following workaround resolves the issue for now. It accesses the
system_memory global variable directly instead of getting it from the
function get_system_memory.
https://github.com/karthikpoduval/qemu/commit/00580c9f3c60a7d9c3bb43bc9589f76e663197e4
On Mon, May 16, 2022 at 7:13 PM Karthik Poduval
<karthik.poduval@gmail.com> wrote:
>
> Hi All,
>
> I still need help, any help would be greatly appreciated. Turned on
> address sanitizers (config option --enable-sanitizers).
> It pointed to a heap overflow in xilinx code.
> SUMMARY: AddressSanitizer: heap-buffer-overflow
> ../git/hw/dma/xlnx_csu_dma.c:722 in xlnx_csu_dma_class_init
>
> So disabled xilinx from the config.
> diff --git a/configs/devices/aarch64-softmmu/default.mak
> b/configs/devices/aarch64-softmmu/default.mak
> index cf43ac8da1..cf8b98070e 100644
> --- a/configs/devices/aarch64-softmmu/default.mak
> +++ b/configs/devices/aarch64-softmmu/default.mak
> @@ -3,6 +3,6 @@
> # We support all the 32 bit boards so need all their config
> include ../arm-softmmu/default.mak
>
> -CONFIG_XLNX_ZYNQMP_ARM=y
> -CONFIG_XLNX_VERSAL=y
> +CONFIG_XLNX_ZYNQMP_ARM=n
> +CONFIG_XLNX_VERSAL=n
> CONFIG_SBSA_REF=y
>
> Even after doing that the code still crashes at the same point. It
> seems to be a memory curruption issue or else how can
> get_system_address() function provide an incorrect pointer.
> build/tmp/work/x86_64-linux/qemu-system-native/6.2.0-r0/image/home/kpoduval/workspace/yoe-master-kpoduval/build/tmp/work/x86_64-linux/qemu-system-native/6.2.0-r0/recipe-sysroot-native/usr/bin/qemu-system-aarch64
> -device virtio-net-device,netdev=net0,mac=52:54:00:12:35:02 -netdev
> user,id=net0,hostfwd=tcp::2222-:22,hostfwd=tcp::2323-:23,tftp=/home/kpoduval/workspace/yoe-master-kpoduval/build/tmp/deploy/images/qemuarm64
> -object rng-random,filename=/dev/urandom,id=rng0 -device
> virtio-rng-pci,rng=rng0 -drive
> id=disk0,file=/home/kpoduval/workspace/yoe-master-kpoduval/build/tmp/deploy/images/qemuarm64/yoe-simple-image-qemuarm64-20220515002944.rootfs.ext4,if=none,format=raw
> -device virtio-blk-device,drive=disk0 -device qemu-xhci -device
> usb-tablet -device usb-kbd -machine virt -cpu cortex-a57 -smp 4 -m
> 1024 -serial mon:stdio -serial null -nographic -device virtio-gpu-pci
> -kernel
> /home/kpoduval/workspace/yoe-master-kpoduval/build/tmp/deploy/images/qemuarm64/Image--5.15.22+git0+2d38a472b2_7f685244af-r0.0-qemuarm64-20220306152158.bin
> -append 'root=/dev/vda rw mem=1024M ip=dhcp console=ttyAMA0
> console=hvc0 '
> ==2004211==WARNING: ASan doesn't fully support makecontext/swapcontext
> functions and may produce false positives in some cases!
> AddressSanitizer:DEADLYSIGNAL
> =================================================================
> ==2004211==ERROR: AddressSanitizer: SEGV on unknown address
> 0x000000005300 (pc 0x55dfdc2b47fc bp 0x61a0000028e8 sp 0x7ffcf813edc0
> T0)
> ==2004211==The signal is caused by a READ memory access.
> #0 0x55dfdc2b47fb in memory_region_ref ../git/softmmu/memory.c:1790
> #1 0x55dfdc2b47fb in address_space_init ../git/softmmu/memory.c:3005
> #2 0x55dfdacba208 in m2m_scaler_realize ../git/hw/misc/m2m_scaler.c:288
> #3 0x55dfdc7fb1eb in device_set_realized ../git/hw/core/qdev.c:531
> #4 0x55dfdc807c50 in property_set_bool ../git/qom/object.c:2268
> #5 0x55dfdc80f5ff in object_property_set ../git/qom/object.c:1403
> #6 0x55dfdc819253 in object_property_set_qobject
> ../git/qom/qom-qobject.c:28
> #7 0x55dfdc80feb5 in object_property_set_bool ../git/qom/object.c:1472
> #8 0x55dfdc7f9452 in qdev_realize_and_unref ../git/hw/core/qdev.c:340
> #9 0x55dfda8c9adc in sysbus_create_varargs ../git/hw/core/sysbus.c:236
> #10 0x55dfdb24d87e in sysbus_create_simple
> /home/kpoduval/workspace/yoe-master-kpoduval/build/tmp/work/x86_64-linux/qemu-system-native/6.2.0-r0/git/include/hw/sysbus.h:104
> #11 0x55dfdb24d87e in create_m2m_scaler ../git/hw/arm/virt.c:1316
> #12 0x55dfdb24d87e in machvirt_init ../git/hw/arm/virt.c:2223
> #13 0x55dfda8bd006 in machine_run_board_init ../git/hw/core/machine.c:1187
> #14 0x55dfdc2c9f51 in qemu_init_board ../git/softmmu/vl.c:2656
> #15 0x55dfdc2c9f51 in qmp_x_exit_preconfig ../git/softmmu/vl.c:2746
> #16 0x55dfdc2d1425 in qemu_init ../git/softmmu/vl.c:3777
> #17 0x55dfda49c1fc in main ../git/softmmu/main.c:49
> #18 0x7f53e39ce57a
> (/home/kpoduval/workspace/yoe-master-kpoduval/build/tmp/sysroots-uninative/x86_64-linux/lib/libc.so.6+0x2d57a)
> #19 0x7f53e39ce62f in __libc_start_main
> (/home/kpoduval/workspace/yoe-master-kpoduval/build/tmp/sysroots-uninative/x86_64-linux/lib/libc.so.6+0x2d62f)
> #20 0x55dfda4d6f5d in _start
> (/home/kpoduval/workspace/yoe-master-kpoduval/build/tmp/work/x86_64-linux/qemu-system-native/6.2.0-r0/image/home/kpoduval/workspace/yoe-master-kpoduval/build/tmp/work/x86_64-linux/qemu-system-native/6.2.0-r0/recipe-sysroot-native/usr/bin/qemu-system-aarch64+0x3b58f5d)
>
> AddressSanitizer can not provide additional info.
> SUMMARY: AddressSanitizer: SEGV ../git/softmmu/memory.c:1790 in
> memory_region_ref
> ==2004211==ABORTING
>
> Any help would be greatly appreciated. Here is the link to the latest code.
> https://github.com/karthikpoduval/qemu/tree/scaler-bringup
>
> On Sun, May 15, 2022 at 12:26 AM Karthik Poduval
> <karthik.poduval@gmail.com> wrote:
> >
> > Hi All,
> >
> > I am trying to create a virtual mem2mem scaler device in QEMU (for the
> > purposes of writing a mem2mem driver tutorial). I created the mem2mem
> > device as shown here.
> > https://github.com/karthikpoduval/qemu/blob/scaler-bringup/hw/misc/m2m_scaler.c
> >
> > I added this MMIO device to the arm virt.c (as shown here).
> > https://github.com/karthikpoduval/qemu/blob/scaler-bringup/hw/arm/virt.c#L1306
> >
> > However while the device is getting created, there is a crash while
> > launching QEMU.
> > qemu-system-aarch64 -device
> > virtio-net-device,netdev=net0,mac=52:54:00:12:35:02 -netdev
> > user,id=net0,hostfwd=tcp::2222-:22,hostfwd=tcp::2323-:23,tftp=/home/kpoduval/workspace/yoe-master-kpoduval/build/tmp/deploy/images/qemuarm64
> > -object rng-random,filename=/dev/urandom,id=rng0 -device
> > virtio-rng-pci,rng=rng0 -drive
> > id=disk0,file=/home/kpoduval/workspace/yoe-master-kpoduval/build/tmp/deploy/images/qemuarm64/yoe-simple-image-qemuarm64-20220515002944.rootfs.ext4,if=none,format=raw
> > -device virtio-blk-device,drive=disk0 -device qemu-xhci -device
> > usb-tablet -device usb-kbd -machine virt -cpu cortex-a57 -smp 4 -m
> > 1024 -serial mon:stdio -serial null -nographic -device virtio-gpu-pci
> > -kernel
> > /home/kpoduval/workspace/yoe-master-kpoduval/build/tmp/deploy/images/qemuarm64/Image--5.15.22+git0+2d38a472b2_7f685244af-r0.0-qemua
> > rm64-20220306152158.bin -append 'root=/dev/vda rw mem=256M ip=dhcp
> > console=ttyAMA0 console=hvc0 '
> >
> > Upon running gdb, the stack trace looks like.
> > Thread 1 "qemu-system-aar" received signal SIGSEGV, Segmentation fault.
> > 0x0000555555d2f6d6 in memory_region_ref (mr=0x56becae0) at
> > ../git/softmmu/memory.c:3005
> > 3005 memory_region_ref(root);
> > (gdb) bt
> > #0 0x0000555555d2f6d6 in memory_region_ref (mr=0x56becae0) at
> > ../git/softmmu/memory.c:3005
> > #1 address_space_init (as=0x5555570f8bb8, root=0x56becae0,
> > name=0x5555560a9620 "m2m-scaler-dma") at ../git/softmmu/memory.c:3005
> > #2 0x0000555555e0d5c8 in object_initialize_with_type
> > (obj=obj@entry=0x5555570f8750, size=size@entry=1360,
> > type=type@entry=0x555556a117d0) at ../git/qom/object.c:518
> > #3 0x0000555555e0d719 in object_new_with_type (type=0x555556a117d0)
> > at ../git/qom/object.c:733
> > #4 0x0000555555e08e3a in qdev_new (name=name@entry=0x5555560a95eb
> > "m2m_scaler") at ../git/hw/core/qdev.c:153
> > #5 0x000055555595cafa in sysbus_create_varargs
> > (name=name@entry=0x5555560a95eb "m2m_scaler", addr=addr@entry=0) at
> > ../git/hw/core/sysbus.c:234
> > #6 0x0000555555adf1a1 in sysbus_create_simple (irq=<optimized out>,
> > addr=0, name=0x5555560a95eb "m2m_scaler")
> > at
> > /home/kpoduval/workspace/yoe-master-kpoduval/build/tmp/work/x86_64-linux/qemu-system-native/6.2.0-r0/git/include/hw/sysbus.h:104
> > #7 create_m2m_scaler (vms=0x555556c31400) at ../git/hw/arm/virt.c:1317
> > #8 machvirt_init (machine=0x555556c31400) at ../git/hw/arm/virt.c:2239
> > #9 0x0000555555959929 in machine_run_board_init
> > (machine=0x555556c31400) at ../git/hw/core/machine.c:1187
> > #10 0x0000555555d3576f in qemu_init_board () at ../git/softmmu/vl.c:2656
> > #11 qmp_x_exit_preconfig (errp=<optimized out>) at ../git/softmmu/vl.c:2746
> > #12 qmp_x_exit_preconfig (errp=<optimized out>) at ../git/softmmu/vl.c:2739
> > #13 0x0000555555d38f3b in qemu_init (argc=<optimized out>,
> > argv=<optimized out>, envp=<optimized out>) at
> > ../git/softmmu/vl.c:3777
> > #14 0x000055555588e1bd in main (argc=<optimized out>, argv=<optimized
> > out>, envp=<optimized out>) at ../git/softmmu/main.c:49
> >
> > I was able to do the same thing in QEMU 5.1.0 do not know why this
> > does not work in QEMU 6.2.0. Kindly help me resolve this issue. I want
> > my device to have access to the entire system RAM (as thi emulated
> > device can read input image from DDR scale it and write back the input
> > image to DDR so it needs to have access to the entire DDR memory).
> >
> > --
> > Regards,
> > Karthik Poduval
>
>
>
> --
> Regards,
> Karthik Poduval
--
Regards,
Karthik Poduval