On 06.05.15 23:02, Dirk Müller wrote:
Hi,
Dirk did not bother to CC me originally, and none of you have so far pointed to any particular breakage.
There is no "original" mail other than this thread, really, so you're not left out. I didn't bother to debug it further since it was broken everywhere on every occassion including on /bin/false. Here's the backtrace:
Program received signal SIGSEGV, Segmentation fault.
thunk_convert (dst=dst@entry=0x7fffffffcbe0, src=0x4000a1f170,
type_ptr=0x6051b20c
, type_ptr@entry=0x6051b204 , to_host=to_host@entry=1) at /home/abuild/rpmbuild/BUILD/qemu-2.3.0/thunk.c:273
273 (*se->convert[to_host])(dst, src);
(gdb) bt
#0 thunk_convert (dst=dst@entry=0x7fffffffcbe0, src=0x4000a1f170,
type_ptr=0x6051b20c
, type_ptr@entry=0x6051b204 , to_host=to_host@entry=1) at /home/abuild/rpmbuild/BUILD/qemu-2.3.0/thunk.c:273
#1 0x0000000060038358 in do_ioctl (arg=274888520048, cmd=<optimized out>, fd=<optimized out>)
at /home/abuild/rpmbuild/BUILD/qemu-2.3.0/linux-user/syscall.c:3940
#2 do_syscall (cpu_env=cpu_env@entry=0x625a5bd0, num=16, arg1=<optimized out>,
arg2=<optimized out>, arg3=274888520048, arg4=<optimized out>, arg5=274901073728,
arg6=274888522607, arg7=0, arg8=0)
at /home/abuild/rpmbuild/BUILD/qemu-2.3.0/linux-user/syscall.c:6281
#3 0x00000000600298b6 in cpu_loop (env=env@entry=0x625a5bd0)
at /home/abuild/rpmbuild/BUILD/qemu-2.3.0/linux-user/main.c:305
#4 0x0000000060003676 in main (argc=<optimized out>, argv=<optimized out>,
envp=<optimized out>) at /home/abuild/rpmbuild/BUILD/qemu-2.3.0/linux-user/main.c:4419
(gdb) p se->convert[to_host]
$1 = (void (*)(void *, const void *)) 0xbabababababababa
which means the pointer has been free'ed already. Overall this points out that
0037-linux-user-Allocate-thunk-size-dyna.patch is the culprit.
Bleks. I'm still waiting for the day when I write a patch and it just works. The thunk framework implicitly assumed that the se->convert fields are initialized to 0. This did happen before my patch when the thunk cache resided in the bss section. Now we're allocating it dynamically and so it may get filled with garbage (correctly tested by the malloccheck thing). The easy fix is to s/g_new/g_new0/ to expose the same allocation semantics as before. I've changed the code accordingly and submitted a fixed qemu package to the Virtualization project. Alex -- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org