Supercedes: 20230804014517.6361-1-richard.henderson@linaro.org
("[PATCH for-8.1 v8 00/17] linux-user: brk fixes")

Changes for linux-user brk v9:
  Recover some changes that should have been in v8, had I
  generated the patches from the correct tree:
    - bsd-user: Remove last_brk
    - Fix typos in patch 15 ("Define ELF_ET_DYN_BASE...")
    - Disable -Werror=type-limits in patch 13
      ("linux-user: Adjust task_unmapped_base")


r~


Akihiko Odaki (6):
  linux-user: Unset MAP_FIXED_NOREPLACE for host
  linux-user: Fix MAP_FIXED_NOREPLACE on old kernels
  linux-user: Do not call get_errno() in do_brk()
  linux-user: Use MAP_FIXED_NOREPLACE for do_brk()
  linux-user: Do nothing if too small brk is specified
  linux-user: Do not align brk with host page size

Helge Deller (1):
  linux-user: Adjust initial brk when interpreter is close to executable

Matheus Tavares Bernardino (1):
  gdbstub: use 0 ("any process") on packets with no PID

Mikhail Tyutin (1):
  accel/tcg: Call save_iotlb_data from io_readx as well.

Nathan Egge (1):
  linux-user/elfload: Set V in ELF_HWCAP for RISC-V

Richard Henderson (14):
  accel/tcg: Adjust parameters and locking with do_{ld,st}_mmio_*
  accel/tcg: Issue wider aligned i/o in do_{ld,st}_mmio_*
  accel/tcg: Do not issue misaligned i/o
  linux-user: Remove last_brk
  bsd-user: Remove last_brk
  linux-user: Adjust task_unmapped_base for reserved_va
  linux-user: Define TASK_UNMAPPED_BASE in $guest/target_mman.h
  linux-user: Define ELF_ET_DYN_BASE in $guest/target_mman.h
  linux-user: Use MAP_FIXED_NOREPLACE for initial image mmap
  linux-user: Use elf_et_dyn_base for ET_DYN with interpreter
  linux-user: Properly set image_info.brk in flatload
  linux-user: Do not adjust image mapping for host page size
  linux-user: Do not adjust zero_bss for host page size
  linux-user: Use zero_bss for PT_LOAD with no file contents too

 bsd-user/qemu.h                      |   1 -
 linux-user/aarch64/target_mman.h     |  13 ++
 linux-user/alpha/target_mman.h       |  11 +
 linux-user/arm/target_mman.h         |  11 +
 linux-user/cris/target_mman.h        |  12 ++
 linux-user/hexagon/target_mman.h     |  13 ++
 linux-user/hppa/target_mman.h        |   6 +
 linux-user/i386/target_mman.h        |  16 ++
 linux-user/loongarch64/target_mman.h |  11 +
 linux-user/m68k/target_mman.h        |   5 +
 linux-user/microblaze/target_mman.h  |  11 +
 linux-user/mips/target_mman.h        |  10 +
 linux-user/nios2/target_mman.h       |  10 +
 linux-user/openrisc/target_mman.h    |  10 +
 linux-user/ppc/target_mman.h         |  20 ++
 linux-user/qemu.h                    |   2 -
 linux-user/riscv/target_mman.h       |  10 +
 linux-user/s390x/target_mman.h       |  20 ++
 linux-user/sh4/target_mman.h         |   7 +
 linux-user/sparc/target_mman.h       |  25 +++
 linux-user/user-mmap.h               |   6 +-
 linux-user/x86_64/target_mman.h      |  15 ++
 linux-user/xtensa/target_mman.h      |  10 +
 accel/tcg/cputlb.c                   | 289 ++++++++++++++++++---------
 bsd-user/mmap.c                      |   2 -
 gdbstub/gdbstub.c                    |   2 +-
 linux-user/elfload.c                 | 184 ++++++++---------
 linux-user/flatload.c                |   2 +-
 linux-user/main.c                    |  45 ++++-
 linux-user/mmap.c                    |  68 ++++---
 linux-user/syscall.c                 |  69 ++-----
 31 files changed, 622 insertions(+), 294 deletions(-)

-- 
2.34.1

05.08.2023 01:00, Richard Henderson wrpte:
> Supercedes: 20230804014517.6361-1-richard.henderson@linaro.org
> ("[PATCH for-8.1 v8 00/17] linux-user: brk fixes")
> 
> Changes for linux-user brk v9:
>    Recover some changes that should have been in v8, had I
>    generated the patches from the correct tree:
>      - bsd-user: Remove last_brk
>      - Fix typos in patch 15 ("Define ELF_ET_DYN_BASE...")
>      - Disable -Werror=type-limits in patch 13
>        ("linux-user: Adjust task_unmapped_base")

FWIW.

qemu-8.1 rc, with or without this patch set, does not work in
old aarch64 environment at all. F.e. ubuntu xenial or debian
jessie, like this:

# chroot /tmp/jessie-arm64/
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault

dash works, but bash or ls gives such sigsegv.

$ gdb qemu-aarch64 /tmp/jessie-arm64/core
GNU gdb (Debian 13.1-3) 13.1
...
[New LWP 2021520]
[New LWP 2021522]

warning: Section `.reg-xstate/2021520' in core file too small.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/tmp/qemu-aarch64 /bin/ls'.
Program terminated with signal SIGSEGV, Segmentation fault.

warning: Section `.reg-xstate/2021520' in core file too small.
#0  0x00007fa931538c31 in sigsuspend ()
[Current thread is 1 (Thread 0x5555573144c0 (LWP 2021520))]
warning: File "/build/qemu/test/.gdbinit" auto-loading has been declined by your `auto-load safe-path' set to "$debugdir:$datadir/auto-load".
To enable execution of this file add
	add-auto-load-safe-path /build/qemu/test/.gdbinit
line to your configuration file "/home/mjt/.config/gdb/gdbinit".
To completely disable this security protection add
	set auto-load safe-path /
line to your configuration file "/home/mjt/.config/gdb/gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual.  E.g., run from the shell:
	info "(gdb)Auto-loading safe path"
(gdb) bt
#0  0x00007fa931538c31 in sigsuspend ()
#1  0x00007fa93136f670 in dump_core_and_abort (cpu_env=cpu_env@entry=0x555557328800, target_sig=target_sig@entry=11) at ../linux-user/signal.c:747
#2  0x00007fa93136f9f5 in handle_pending_signal (cpu_env=0x555557328800, sig=11, k=0x555557390d80) at ../linux-user/signal.c:1068
#3  0x00007fa9313716b5 in process_pending_signals (cpu_env=cpu_env@entry=0x555557328800) at ../linux-user/signal.c:1143
#4  0x00007fa93118f09a in cpu_loop (env=env@entry=0x555557328800) at ../linux-user/aarch64/cpu_loop.c:179
#5  0x00007fa93118a498 in main (argc=<optimized out>, argv=0x7ffea05e15d8, envp=<optimized out>) at ../linux-user/main.c:1014
(gdb) frame 2
#2  0x00007fa93136f9f5 in handle_pending_signal (cpu_env=0x555557328800, sig=11, k=0x555557390d80) at ../linux-user/signal.c:1068
1068	        dump_core_and_abort(cpu_env, sig);
(gdb) frame 3
#3  0x00007fa9313716b5 in process_pending_signals (cpu_env=cpu_env@entry=0x555557328800) at ../linux-user/signal.c:1143
1143	            handle_pending_signal(cpu_env, sig, &ts->sync_signal);
(gdb) l
1138	                || sigact_table[sig - 1]._sa_handler == TARGET_SIG_IGN) {
1139	                sigdelset(&ts->signal_mask, target_to_host_signal_table[sig]);
1140	                sigact_table[sig - 1]._sa_handler = TARGET_SIG_DFL;
1141	            }
1142	
1143	            handle_pending_signal(cpu_env, sig, &ts->sync_signal);
1144	        }
1145	
1146	        for (sig = 1; sig <= TARGET_NSIG; sig++) {
1147	            blocked_set = ts->in_sigsuspend ?
(gdb)


Is it worth to bisect?

/mjt

05.08.2023 16:28, Michael Tokarev wrote:
...
> qemu-8.1 rc, with or without this patch set, does not work in
> old aarch64 environment at all. F.e. ubuntu xenial or debian
> jessie, like this:
> 
> # chroot /tmp/jessie-arm64/
> qemu: uncaught target signal 11 (Segmentation fault) - core dumped
> Segmentation fault
> 
> dash works, but bash or ls gives such sigsegv
...
> Is it worth to bisect?

Since it was kinda trivial to bisect, I just did. And here's the
result:

commit 59b6b42cd3446862567637f3a7ab31d69c9bef51
Author: Richard Henderson <richard.henderson@linaro.org>
Date:   Tue Jun 6 10:19:39 2023 +0100

     target/arm: Enable FEAT_LSE2 for -cpu max

Reverting this patch on top of current master makes old linuxes
to work again.

/mjt

On 8/5/23 06:51, Michael Tokarev wrote:
> 05.08.2023 16:28, Michael Tokarev wrote:
> ...
>> qemu-8.1 rc, with or without this patch set, does not work in
>> old aarch64 environment at all. F.e. ubuntu xenial or debian
>> jessie, like this:
>>
>> # chroot /tmp/jessie-arm64/
>> qemu: uncaught target signal 11 (Segmentation fault) - core dumped
>> Segmentation fault
>>
>> dash works, but bash or ls gives such sigsegv
> ...
>> Is it worth to bisect?
> 
> Since it was kinda trivial to bisect, I just did. And here's the
> result:
> 
> commit 59b6b42cd3446862567637f3a7ab31d69c9bef51
> Author: Richard Henderson <richard.henderson@linaro.org>
> Date:   Tue Jun 6 10:19:39 2023 +0100
> 
>      target/arm: Enable FEAT_LSE2 for -cpu max
> 
> Reverting this patch on top of current master makes old linuxes
> to work again.

What is your host?  That's probably the only relevant thing.


r~

Please excuse me for jijacking this thread. I was sure it is something
relevant to the issues we were dealing with, - since I remember qemu-aarch64
segfaulting with intermediate patches in this area.

For this aarch64-user segfault, my guess is that older software isn't
prepared for -cpu max.

/mjt

05.08.2023 17:01, Richard Henderson wrote:

>> Since it was kinda trivial to bisect, I just did. And here's the
>> result:
>>
>> commit 59b6b42cd3446862567637f3a7ab31d69c9bef51
>> Author: Richard Henderson <richard.henderson@linaro.org>
>> Date:   Tue Jun 6 10:19:39 2023 +0100
>>
>>      target/arm: Enable FEAT_LSE2 for -cpu max
>>
>> Reverting this patch on top of current master makes old linuxes
>> to work again.
> 
> What is your host?  That's probably the only relevant thing.

It's running on amd64 machine (AMD Ryzen 7 PRO 5750G), current debian
bookworm, kernel 6.1.0-10-amd64 (for qemu-user-static only architecture
and the kernel matters, I guess).

I noticed this while trying to reproduce
  https://gitlab.com/qemu-project/qemu/-/issues/1763

/mjt