[Qemu-devel] [Bug 1766896] Re: qemu-system-arm segfault in arm_v7m_mmu_idx_for_secstate
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=95f875654ae8b433b5
** Changed in: qemu
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1766896
Title:
qemu-system-arm segfault in arm_v7m_mmu_idx_for_secstate
Status in QEMU:
Fix Released
Bug description:
Attempting to emulate some baremetal ARM cortex-M* firmware with gdb
causes a segfault every time.
qemu invocation:
qemu-system-arm -machine none -cpu cortex-m3 -nographic -monitor null -serial
null -s -S -device loader,file=firmware.elf
qemu seems to startup fine with that command. Segfault happens as soon
as I connect from another console with
arm-none-eabi-gdb firmware.elf
> target remote localhost:1234
# qemu segfaults, and kills arm-none-eabi-gdb along with it
Here's a bt from qemu-system-arm :
*
#0 armv7m_nvic_neg_prio_requested (opaque=0x0, secure=false)
at /home/sac/qemu/src/qemu/hw/intc/armv7m_nvic.c:383
s = 0x0
#1 0x006e4806 in arm_v7m_mmu_idx_for_secstate (secstate=,
env=0xb620263c)
at /home/sac/qemu/src/qemu/target/arm/cpu.h:2345
el =
mmu_idx = ARMMMUIdx_MPriv
el =
mmu_idx =
#2 cpu_mmu_index (ifetch=false, env=0xb620263c) at
/home/sac/qemu/src/qemu/target/arm/cpu.h:2358
mmu_idx =
el =
ifetch =
env = 0xb620263c
el =
mmu_idx =
el =
el =
mmu_idx =
#3 arm_cpu_get_phys_page_attrs_debug (cs=0xb61fe480, addr=0,
attrs=0xbfffc668)
at /home/sac/qemu/src/qemu/target/arm/helper.c:9858
cpu = 0xb61fe480
__func__ = "arm_cpu_get_phys_page_attrs_debug"
env = 0xb620263c
phys_addr = 6402535376434480864
page_size = 5
prot = -1239242724
ret =
fsr = 4294967041
fi = {s2addr = 0, stage2 = false, s1ptw = false, ea = false}
mmu_idx =
#4 0x005729d1 in cpu_get_phys_page_attrs_debug (attrs=,
addr=,
cpu=) at /home/sac/qemu/src/qemu/include/qom/cpu.h:580
cc =
cc =
#5 cpu_memory_rw_debug (cpu=0xb61fe480, addr=0, buf=0xbfffd6dc "", len=4,
is_write=0)
at /home/sac/qemu/src/qemu/exec.c:3524
asidx =
attrs = {unspecified = 0, secure = 0, user = 0, requester_id = 15525}
l =
phys_addr =
page = 0
__PRETTY_FUNCTION__ = "cpu_memory_rw_debug"
#6 0x005b4c5e in target_memory_rw_debug (is_write=false, len=4,
buf=, addr=0,
cpu=0xb61fe480) at /home/sac/qemu/src/qemu/gdbstub.c:56
cc =
cc =
#7 gdb_handle_packet (s=s@entry=0xb6229800,
line_buf=line_buf@entry=0xb6229810 "m0,4")
at /home/sac/qemu/src/qemu/gdbstub.c:1109
cpu =
cc =
p = 0xb6229813 "4"
thread =
ch =
reg_size =
type =
res =
buf = "m1\000", '\060' ,
"d3010040\000t modification,\n are permitted in any medium
without royalt"...
mem_buf = '\000' ,
"\377\377\377\377\000\000\000\000\323\001\000@", '\000' ...
registers =
addr = 0
len = 4
__func__ = "gdb_handle_packet"
#8 0x005b55b3 in gdb_read_byte (ch=100, s=0xb6229800) at
/home/sac/qemu/src/qemu/gdbstub.c:1664
reply = 43 '+'
reply =
repeat =
#9 gdb_chr_receive (opaque=, buf=,
size=)
at /home/sac/qemu/src/qemu/gdbstub.c:1868
i =
#10 0x00980319 in tcp_chr_read (chan=0xb6c86200, cond=G_IO_IN,
opaque=0xb63fc6e0)
at chardev/char-socket.c:440
chr =
__func__ = "tcp_chr_read"
s = 0xb63fc6e0
buf =
"$m0,4#fddInfo#c8read:arm-core.xml:0,ffb#08+;qRelocInsn+;fork-events+;vfork-events+;exec-events+;vContSupported+;QThreadEvents+;no-resumed+#df\363\377\377\000\000\000\000\274\354\377\277",
'\000' , "\272\356\377 \274\354\377\277", '\000' , "\373\377\377\377\005\000\000\000"...
len =
size =
#11 0xb7808c44 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#12 0x009e14d2 in glib_pollfds_poll () at util/main-loop.c:214
context = 0xb645f740
pfds =
context =
pfds =
#13 os_host_main_loop_wait (timeout=) at util/main-loop.c:261
context = 0xb645f740
ret = 1
spin_counter = 0
context =
ret =
spin_counter = 0
notified = false
#14 main_loop_wait (nonblocking=0) at util/main-loop.c:515
ret =
timeout = 1000
timeout_ns =
#15 0x00561781 in main_loop () at vl.c:1995
No locals.
#16 main (argc=, argv=, envp=)
at vl.c:4911
i =
snapshot =
linux_boot =
[Qemu-devel] [Bug 1766896] Re: qemu-system-arm segfault in arm_v7m_mmu_idx_for_secstate
The patch referred to in comment #4 has now been committed, so from QEMU
3.0 this will fail with a useful error message to tell the user their
choice of machine and CPU aren't compatible.
** Changed in: qemu
Status: New => Fix Committed
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1766896
Title:
qemu-system-arm segfault in arm_v7m_mmu_idx_for_secstate
Status in QEMU:
Fix Committed
Bug description:
Attempting to emulate some baremetal ARM cortex-M* firmware with gdb
causes a segfault every time.
qemu invocation:
qemu-system-arm -machine none -cpu cortex-m3 -nographic -monitor null -serial
null -s -S -device loader,file=firmware.elf
qemu seems to startup fine with that command. Segfault happens as soon
as I connect from another console with
arm-none-eabi-gdb firmware.elf
> target remote localhost:1234
# qemu segfaults, and kills arm-none-eabi-gdb along with it
Here's a bt from qemu-system-arm :
*
#0 armv7m_nvic_neg_prio_requested (opaque=0x0, secure=false)
at /home/sac/qemu/src/qemu/hw/intc/armv7m_nvic.c:383
s = 0x0
#1 0x006e4806 in arm_v7m_mmu_idx_for_secstate (secstate=,
env=0xb620263c)
at /home/sac/qemu/src/qemu/target/arm/cpu.h:2345
el =
mmu_idx = ARMMMUIdx_MPriv
el =
mmu_idx =
#2 cpu_mmu_index (ifetch=false, env=0xb620263c) at
/home/sac/qemu/src/qemu/target/arm/cpu.h:2358
mmu_idx =
el =
ifetch =
env = 0xb620263c
el =
mmu_idx =
el =
el =
mmu_idx =
#3 arm_cpu_get_phys_page_attrs_debug (cs=0xb61fe480, addr=0,
attrs=0xbfffc668)
at /home/sac/qemu/src/qemu/target/arm/helper.c:9858
cpu = 0xb61fe480
__func__ = "arm_cpu_get_phys_page_attrs_debug"
env = 0xb620263c
phys_addr = 6402535376434480864
page_size = 5
prot = -1239242724
ret =
fsr = 4294967041
fi = {s2addr = 0, stage2 = false, s1ptw = false, ea = false}
mmu_idx =
#4 0x005729d1 in cpu_get_phys_page_attrs_debug (attrs=,
addr=,
cpu=) at /home/sac/qemu/src/qemu/include/qom/cpu.h:580
cc =
cc =
#5 cpu_memory_rw_debug (cpu=0xb61fe480, addr=0, buf=0xbfffd6dc "", len=4,
is_write=0)
at /home/sac/qemu/src/qemu/exec.c:3524
asidx =
attrs = {unspecified = 0, secure = 0, user = 0, requester_id = 15525}
l =
phys_addr =
page = 0
__PRETTY_FUNCTION__ = "cpu_memory_rw_debug"
#6 0x005b4c5e in target_memory_rw_debug (is_write=false, len=4,
buf=, addr=0,
cpu=0xb61fe480) at /home/sac/qemu/src/qemu/gdbstub.c:56
cc =
cc =
#7 gdb_handle_packet (s=s@entry=0xb6229800,
line_buf=line_buf@entry=0xb6229810 "m0,4")
at /home/sac/qemu/src/qemu/gdbstub.c:1109
cpu =
cc =
p = 0xb6229813 "4"
thread =
ch =
reg_size =
type =
res =
buf = "m1\000", '\060' ,
"d3010040\000t modification,\n are permitted in any medium
without royalt"...
mem_buf = '\000' ,
"\377\377\377\377\000\000\000\000\323\001\000@", '\000' ...
registers =
addr = 0
len = 4
__func__ = "gdb_handle_packet"
#8 0x005b55b3 in gdb_read_byte (ch=100, s=0xb6229800) at
/home/sac/qemu/src/qemu/gdbstub.c:1664
reply = 43 '+'
reply =
repeat =
#9 gdb_chr_receive (opaque=, buf=,
size=)
at /home/sac/qemu/src/qemu/gdbstub.c:1868
i =
#10 0x00980319 in tcp_chr_read (chan=0xb6c86200, cond=G_IO_IN,
opaque=0xb63fc6e0)
at chardev/char-socket.c:440
chr =
__func__ = "tcp_chr_read"
s = 0xb63fc6e0
buf =
"$m0,4#fddInfo#c8read:arm-core.xml:0,ffb#08+;qRelocInsn+;fork-events+;vfork-events+;exec-events+;vContSupported+;QThreadEvents+;no-resumed+#df\363\377\377\000\000\000\000\274\354\377\277",
'\000' , "\272\356\377 \274\354\377\277", '\000' , "\373\377\377\377\005\000\000\000"...
len =
size =
#11 0xb7808c44 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#12 0x009e14d2 in glib_pollfds_poll () at util/main-loop.c:214
context = 0xb645f740
pfds =
context =
pfds =
#13 os_host_main_loop_wait (timeout=) at util/main-loop.c:261
context = 0xb645f740
ret = 1
spin_counter = 0
context =
ret =
spin_counter = 0
notified = false
#14 main_loop_wait (nonblocking=0) at util/main-loop.c:515
ret =
timeout = 1000
timeout_ns =
#15 0x00561781 in main_loop () at vl.c:1995
No locals.
#16
[Qemu-devel] [Bug 1766896] Re: qemu-system-arm segfault in arm_v7m_mmu_idx_for_secstate
https://patchwork.ozlabs.org/patch/924145/ is a patch which improves our error
checking for this case. The command that previously segfaulted should now exit
with the error message:
qemu-system-arm: This board cannot be used with Cortex-M CPUs
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1766896
Title:
qemu-system-arm segfault in arm_v7m_mmu_idx_for_secstate
Status in QEMU:
New
Bug description:
Attempting to emulate some baremetal ARM cortex-M* firmware with gdb
causes a segfault every time.
qemu invocation:
qemu-system-arm -machine none -cpu cortex-m3 -nographic -monitor null -serial
null -s -S -device loader,file=firmware.elf
qemu seems to startup fine with that command. Segfault happens as soon
as I connect from another console with
arm-none-eabi-gdb firmware.elf
> target remote localhost:1234
# qemu segfaults, and kills arm-none-eabi-gdb along with it
Here's a bt from qemu-system-arm :
*
#0 armv7m_nvic_neg_prio_requested (opaque=0x0, secure=false)
at /home/sac/qemu/src/qemu/hw/intc/armv7m_nvic.c:383
s = 0x0
#1 0x006e4806 in arm_v7m_mmu_idx_for_secstate (secstate=,
env=0xb620263c)
at /home/sac/qemu/src/qemu/target/arm/cpu.h:2345
el =
mmu_idx = ARMMMUIdx_MPriv
el =
mmu_idx =
#2 cpu_mmu_index (ifetch=false, env=0xb620263c) at
/home/sac/qemu/src/qemu/target/arm/cpu.h:2358
mmu_idx =
el =
ifetch =
env = 0xb620263c
el =
mmu_idx =
el =
el =
mmu_idx =
#3 arm_cpu_get_phys_page_attrs_debug (cs=0xb61fe480, addr=0,
attrs=0xbfffc668)
at /home/sac/qemu/src/qemu/target/arm/helper.c:9858
cpu = 0xb61fe480
__func__ = "arm_cpu_get_phys_page_attrs_debug"
env = 0xb620263c
phys_addr = 6402535376434480864
page_size = 5
prot = -1239242724
ret =
fsr = 4294967041
fi = {s2addr = 0, stage2 = false, s1ptw = false, ea = false}
mmu_idx =
#4 0x005729d1 in cpu_get_phys_page_attrs_debug (attrs=,
addr=,
cpu=) at /home/sac/qemu/src/qemu/include/qom/cpu.h:580
cc =
cc =
#5 cpu_memory_rw_debug (cpu=0xb61fe480, addr=0, buf=0xbfffd6dc "", len=4,
is_write=0)
at /home/sac/qemu/src/qemu/exec.c:3524
asidx =
attrs = {unspecified = 0, secure = 0, user = 0, requester_id = 15525}
l =
phys_addr =
page = 0
__PRETTY_FUNCTION__ = "cpu_memory_rw_debug"
#6 0x005b4c5e in target_memory_rw_debug (is_write=false, len=4,
buf=, addr=0,
cpu=0xb61fe480) at /home/sac/qemu/src/qemu/gdbstub.c:56
cc =
cc =
#7 gdb_handle_packet (s=s@entry=0xb6229800,
line_buf=line_buf@entry=0xb6229810 "m0,4")
at /home/sac/qemu/src/qemu/gdbstub.c:1109
cpu =
cc =
p = 0xb6229813 "4"
thread =
ch =
reg_size =
type =
res =
buf = "m1\000", '\060' ,
"d3010040\000t modification,\n are permitted in any medium
without royalt"...
mem_buf = '\000' ,
"\377\377\377\377\000\000\000\000\323\001\000@", '\000' ...
registers =
addr = 0
len = 4
__func__ = "gdb_handle_packet"
#8 0x005b55b3 in gdb_read_byte (ch=100, s=0xb6229800) at
/home/sac/qemu/src/qemu/gdbstub.c:1664
reply = 43 '+'
reply =
repeat =
#9 gdb_chr_receive (opaque=, buf=,
size=)
at /home/sac/qemu/src/qemu/gdbstub.c:1868
i =
#10 0x00980319 in tcp_chr_read (chan=0xb6c86200, cond=G_IO_IN,
opaque=0xb63fc6e0)
at chardev/char-socket.c:440
chr =
__func__ = "tcp_chr_read"
s = 0xb63fc6e0
buf =
"$m0,4#fddInfo#c8read:arm-core.xml:0,ffb#08+;qRelocInsn+;fork-events+;vfork-events+;exec-events+;vContSupported+;QThreadEvents+;no-resumed+#df\363\377\377\000\000\000\000\274\354\377\277",
'\000' , "\272\356\377 \274\354\377\277", '\000' , "\373\377\377\377\005\000\000\000"...
len =
size =
#11 0xb7808c44 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#12 0x009e14d2 in glib_pollfds_poll () at util/main-loop.c:214
context = 0xb645f740
pfds =
context =
pfds =
#13 os_host_main_loop_wait (timeout=) at util/main-loop.c:261
context = 0xb645f740
ret = 1
spin_counter = 0
context =
ret =
spin_counter = 0
notified = false
#14 main_loop_wait (nonblocking=0) at util/main-loop.c:515
ret =
timeout = 1000
timeout_ns =
#15 0x00561781 in main_loop () at vl.c:1995
No locals.
#16 main
[Qemu-devel] [Bug 1766896] Re: qemu-system-arm segfault in arm_v7m_mmu_idx_for_secstate
** Tags added: arm
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1766896
Title:
qemu-system-arm segfault in arm_v7m_mmu_idx_for_secstate
Status in QEMU:
New
Bug description:
Attempting to emulate some baremetal ARM cortex-M* firmware with gdb
causes a segfault every time.
qemu invocation:
qemu-system-arm -machine none -cpu cortex-m3 -nographic -monitor null -serial
null -s -S -device loader,file=firmware.elf
qemu seems to startup fine with that command. Segfault happens as soon
as I connect from another console with
arm-none-eabi-gdb firmware.elf
> target remote localhost:1234
# qemu segfaults, and kills arm-none-eabi-gdb along with it
Here's a bt from qemu-system-arm :
*
#0 armv7m_nvic_neg_prio_requested (opaque=0x0, secure=false)
at /home/sac/qemu/src/qemu/hw/intc/armv7m_nvic.c:383
s = 0x0
#1 0x006e4806 in arm_v7m_mmu_idx_for_secstate (secstate=,
env=0xb620263c)
at /home/sac/qemu/src/qemu/target/arm/cpu.h:2345
el =
mmu_idx = ARMMMUIdx_MPriv
el =
mmu_idx =
#2 cpu_mmu_index (ifetch=false, env=0xb620263c) at
/home/sac/qemu/src/qemu/target/arm/cpu.h:2358
mmu_idx =
el =
ifetch =
env = 0xb620263c
el =
mmu_idx =
el =
el =
mmu_idx =
#3 arm_cpu_get_phys_page_attrs_debug (cs=0xb61fe480, addr=0,
attrs=0xbfffc668)
at /home/sac/qemu/src/qemu/target/arm/helper.c:9858
cpu = 0xb61fe480
__func__ = "arm_cpu_get_phys_page_attrs_debug"
env = 0xb620263c
phys_addr = 6402535376434480864
page_size = 5
prot = -1239242724
ret =
fsr = 4294967041
fi = {s2addr = 0, stage2 = false, s1ptw = false, ea = false}
mmu_idx =
#4 0x005729d1 in cpu_get_phys_page_attrs_debug (attrs=,
addr=,
cpu=) at /home/sac/qemu/src/qemu/include/qom/cpu.h:580
cc =
cc =
#5 cpu_memory_rw_debug (cpu=0xb61fe480, addr=0, buf=0xbfffd6dc "", len=4,
is_write=0)
at /home/sac/qemu/src/qemu/exec.c:3524
asidx =
attrs = {unspecified = 0, secure = 0, user = 0, requester_id = 15525}
l =
phys_addr =
page = 0
__PRETTY_FUNCTION__ = "cpu_memory_rw_debug"
#6 0x005b4c5e in target_memory_rw_debug (is_write=false, len=4,
buf=, addr=0,
cpu=0xb61fe480) at /home/sac/qemu/src/qemu/gdbstub.c:56
cc =
cc =
#7 gdb_handle_packet (s=s@entry=0xb6229800,
line_buf=line_buf@entry=0xb6229810 "m0,4")
at /home/sac/qemu/src/qemu/gdbstub.c:1109
cpu =
cc =
p = 0xb6229813 "4"
thread =
ch =
reg_size =
type =
res =
buf = "m1\000", '\060' ,
"d3010040\000t modification,\n are permitted in any medium
without royalt"...
mem_buf = '\000' ,
"\377\377\377\377\000\000\000\000\323\001\000@", '\000' ...
registers =
addr = 0
len = 4
__func__ = "gdb_handle_packet"
#8 0x005b55b3 in gdb_read_byte (ch=100, s=0xb6229800) at
/home/sac/qemu/src/qemu/gdbstub.c:1664
reply = 43 '+'
reply =
repeat =
#9 gdb_chr_receive (opaque=, buf=,
size=)
at /home/sac/qemu/src/qemu/gdbstub.c:1868
i =
#10 0x00980319 in tcp_chr_read (chan=0xb6c86200, cond=G_IO_IN,
opaque=0xb63fc6e0)
at chardev/char-socket.c:440
chr =
__func__ = "tcp_chr_read"
s = 0xb63fc6e0
buf =
"$m0,4#fddInfo#c8read:arm-core.xml:0,ffb#08+;qRelocInsn+;fork-events+;vfork-events+;exec-events+;vContSupported+;QThreadEvents+;no-resumed+#df\363\377\377\000\000\000\000\274\354\377\277",
'\000' , "\272\356\377 \274\354\377\277", '\000' , "\373\377\377\377\005\000\000\000"...
len =
size =
#11 0xb7808c44 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#12 0x009e14d2 in glib_pollfds_poll () at util/main-loop.c:214
context = 0xb645f740
pfds =
context =
pfds =
#13 os_host_main_loop_wait (timeout=) at util/main-loop.c:261
context = 0xb645f740
ret = 1
spin_counter = 0
context =
ret =
spin_counter = 0
notified = false
#14 main_loop_wait (nonblocking=0) at util/main-loop.c:515
ret =
timeout = 1000
timeout_ns =
#15 0x00561781 in main_loop () at vl.c:1995
No locals.
#16 main (argc=, argv=, envp=)
at vl.c:4911
i =
snapshot =
linux_boot =
initrd_filename =
kernel_filename =
kernel_cmdline =
boot_order =
boot_once =
[Qemu-devel] [Bug 1766896] Re: qemu-system-arm segfault in arm_v7m_mmu_idx_for_secstate
Yes; cortex-m3 will only work on machine types that are expecting it (ie
which instantiate the M profile NVIC interrupt controller, which is
really an integral part of the CPU).
We should catch this case and make QEMU exit with a more helpful
message.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1766896
Title:
qemu-system-arm segfault in arm_v7m_mmu_idx_for_secstate
Status in QEMU:
New
Bug description:
Attempting to emulate some baremetal ARM cortex-M* firmware with gdb
causes a segfault every time.
qemu invocation:
qemu-system-arm -machine none -cpu cortex-m3 -nographic -monitor null -serial
null -s -S -device loader,file=firmware.elf
qemu seems to startup fine with that command. Segfault happens as soon
as I connect from another console with
arm-none-eabi-gdb firmware.elf
> target remote localhost:1234
# qemu segfaults, and kills arm-none-eabi-gdb along with it
Here's a bt from qemu-system-arm :
*
#0 armv7m_nvic_neg_prio_requested (opaque=0x0, secure=false)
at /home/sac/qemu/src/qemu/hw/intc/armv7m_nvic.c:383
s = 0x0
#1 0x006e4806 in arm_v7m_mmu_idx_for_secstate (secstate=,
env=0xb620263c)
at /home/sac/qemu/src/qemu/target/arm/cpu.h:2345
el =
mmu_idx = ARMMMUIdx_MPriv
el =
mmu_idx =
#2 cpu_mmu_index (ifetch=false, env=0xb620263c) at
/home/sac/qemu/src/qemu/target/arm/cpu.h:2358
mmu_idx =
el =
ifetch =
env = 0xb620263c
el =
mmu_idx =
el =
el =
mmu_idx =
#3 arm_cpu_get_phys_page_attrs_debug (cs=0xb61fe480, addr=0,
attrs=0xbfffc668)
at /home/sac/qemu/src/qemu/target/arm/helper.c:9858
cpu = 0xb61fe480
__func__ = "arm_cpu_get_phys_page_attrs_debug"
env = 0xb620263c
phys_addr = 6402535376434480864
page_size = 5
prot = -1239242724
ret =
fsr = 4294967041
fi = {s2addr = 0, stage2 = false, s1ptw = false, ea = false}
mmu_idx =
#4 0x005729d1 in cpu_get_phys_page_attrs_debug (attrs=,
addr=,
cpu=) at /home/sac/qemu/src/qemu/include/qom/cpu.h:580
cc =
cc =
#5 cpu_memory_rw_debug (cpu=0xb61fe480, addr=0, buf=0xbfffd6dc "", len=4,
is_write=0)
at /home/sac/qemu/src/qemu/exec.c:3524
asidx =
attrs = {unspecified = 0, secure = 0, user = 0, requester_id = 15525}
l =
phys_addr =
page = 0
__PRETTY_FUNCTION__ = "cpu_memory_rw_debug"
#6 0x005b4c5e in target_memory_rw_debug (is_write=false, len=4,
buf=, addr=0,
cpu=0xb61fe480) at /home/sac/qemu/src/qemu/gdbstub.c:56
cc =
cc =
#7 gdb_handle_packet (s=s@entry=0xb6229800,
line_buf=line_buf@entry=0xb6229810 "m0,4")
at /home/sac/qemu/src/qemu/gdbstub.c:1109
cpu =
cc =
p = 0xb6229813 "4"
thread =
ch =
reg_size =
type =
res =
buf = "m1\000", '\060' ,
"d3010040\000t modification,\n are permitted in any medium
without royalt"...
mem_buf = '\000' ,
"\377\377\377\377\000\000\000\000\323\001\000@", '\000' ...
registers =
addr = 0
len = 4
__func__ = "gdb_handle_packet"
#8 0x005b55b3 in gdb_read_byte (ch=100, s=0xb6229800) at
/home/sac/qemu/src/qemu/gdbstub.c:1664
reply = 43 '+'
reply =
repeat =
#9 gdb_chr_receive (opaque=, buf=,
size=)
at /home/sac/qemu/src/qemu/gdbstub.c:1868
i =
#10 0x00980319 in tcp_chr_read (chan=0xb6c86200, cond=G_IO_IN,
opaque=0xb63fc6e0)
at chardev/char-socket.c:440
chr =
__func__ = "tcp_chr_read"
s = 0xb63fc6e0
buf =
"$m0,4#fddInfo#c8read:arm-core.xml:0,ffb#08+;qRelocInsn+;fork-events+;vfork-events+;exec-events+;vContSupported+;QThreadEvents+;no-resumed+#df\363\377\377\000\000\000\000\274\354\377\277",
'\000' , "\272\356\377 \274\354\377\277", '\000' , "\373\377\377\377\005\000\000\000"...
len =
size =
#11 0xb7808c44 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#12 0x009e14d2 in glib_pollfds_poll () at util/main-loop.c:214
context = 0xb645f740
pfds =
context =
pfds =
#13 os_host_main_loop_wait (timeout=) at util/main-loop.c:261
context = 0xb645f740
ret = 1
spin_counter = 0
context =
ret =
spin_counter = 0
notified = false
#14 main_loop_wait (nonblocking=0) at util/main-loop.c:515
ret =
timeout = 1000
timeout_ns =
#15 0x00561781 in main_loop () at vl.c:1995
No locals.
#16
[Qemu-devel] [Bug 1766896] Re: qemu-system-arm segfault in arm_v7m_mmu_idx_for_secstate
follow-up to IRC discussions with stsquad and danpb : the problem is
"-machine none" which prevents all the data structures from being
initialized properly.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1766896
Title:
qemu-system-arm segfault in arm_v7m_mmu_idx_for_secstate
Status in QEMU:
New
Bug description:
Attempting to emulate some baremetal ARM cortex-M* firmware with gdb
causes a segfault every time.
qemu invocation:
qemu-system-arm -machine none -cpu cortex-m3 -nographic -monitor null -serial
null -s -S -device loader,file=firmware.elf
qemu seems to startup fine with that command. Segfault happens as soon
as I connect from another console with
arm-none-eabi-gdb firmware.elf
> target remote localhost:1234
# qemu segfaults, and kills arm-none-eabi-gdb along with it
Here's a bt from qemu-system-arm :
*
#0 armv7m_nvic_neg_prio_requested (opaque=0x0, secure=false)
at /home/sac/qemu/src/qemu/hw/intc/armv7m_nvic.c:383
s = 0x0
#1 0x006e4806 in arm_v7m_mmu_idx_for_secstate (secstate=,
env=0xb620263c)
at /home/sac/qemu/src/qemu/target/arm/cpu.h:2345
el =
mmu_idx = ARMMMUIdx_MPriv
el =
mmu_idx =
#2 cpu_mmu_index (ifetch=false, env=0xb620263c) at
/home/sac/qemu/src/qemu/target/arm/cpu.h:2358
mmu_idx =
el =
ifetch =
env = 0xb620263c
el =
mmu_idx =
el =
el =
mmu_idx =
#3 arm_cpu_get_phys_page_attrs_debug (cs=0xb61fe480, addr=0,
attrs=0xbfffc668)
at /home/sac/qemu/src/qemu/target/arm/helper.c:9858
cpu = 0xb61fe480
__func__ = "arm_cpu_get_phys_page_attrs_debug"
env = 0xb620263c
phys_addr = 6402535376434480864
page_size = 5
prot = -1239242724
ret =
fsr = 4294967041
fi = {s2addr = 0, stage2 = false, s1ptw = false, ea = false}
mmu_idx =
#4 0x005729d1 in cpu_get_phys_page_attrs_debug (attrs=,
addr=,
cpu=) at /home/sac/qemu/src/qemu/include/qom/cpu.h:580
cc =
cc =
#5 cpu_memory_rw_debug (cpu=0xb61fe480, addr=0, buf=0xbfffd6dc "", len=4,
is_write=0)
at /home/sac/qemu/src/qemu/exec.c:3524
asidx =
attrs = {unspecified = 0, secure = 0, user = 0, requester_id = 15525}
l =
phys_addr =
page = 0
__PRETTY_FUNCTION__ = "cpu_memory_rw_debug"
#6 0x005b4c5e in target_memory_rw_debug (is_write=false, len=4,
buf=, addr=0,
cpu=0xb61fe480) at /home/sac/qemu/src/qemu/gdbstub.c:56
cc =
cc =
#7 gdb_handle_packet (s=s@entry=0xb6229800,
line_buf=line_buf@entry=0xb6229810 "m0,4")
at /home/sac/qemu/src/qemu/gdbstub.c:1109
cpu =
cc =
p = 0xb6229813 "4"
thread =
ch =
reg_size =
type =
res =
buf = "m1\000", '\060' ,
"d3010040\000t modification,\n are permitted in any medium
without royalt"...
mem_buf = '\000' ,
"\377\377\377\377\000\000\000\000\323\001\000@", '\000' ...
registers =
addr = 0
len = 4
__func__ = "gdb_handle_packet"
#8 0x005b55b3 in gdb_read_byte (ch=100, s=0xb6229800) at
/home/sac/qemu/src/qemu/gdbstub.c:1664
reply = 43 '+'
reply =
repeat =
#9 gdb_chr_receive (opaque=, buf=,
size=)
at /home/sac/qemu/src/qemu/gdbstub.c:1868
i =
#10 0x00980319 in tcp_chr_read (chan=0xb6c86200, cond=G_IO_IN,
opaque=0xb63fc6e0)
at chardev/char-socket.c:440
chr =
__func__ = "tcp_chr_read"
s = 0xb63fc6e0
buf =
"$m0,4#fddInfo#c8read:arm-core.xml:0,ffb#08+;qRelocInsn+;fork-events+;vfork-events+;exec-events+;vContSupported+;QThreadEvents+;no-resumed+#df\363\377\377\000\000\000\000\274\354\377\277",
'\000' , "\272\356\377 \274\354\377\277", '\000' , "\373\377\377\377\005\000\000\000"...
len =
size =
#11 0xb7808c44 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#12 0x009e14d2 in glib_pollfds_poll () at util/main-loop.c:214
context = 0xb645f740
pfds =
context =
pfds =
#13 os_host_main_loop_wait (timeout=) at util/main-loop.c:261
context = 0xb645f740
ret = 1
spin_counter = 0
context =
ret =
spin_counter = 0
notified = false
#14 main_loop_wait (nonblocking=0) at util/main-loop.c:515
ret =
timeout = 1000
timeout_ns =
#15 0x00561781 in main_loop () at vl.c:1995
No locals.
#16 main (argc=, argv=, envp=)
at vl.c:4911
i =
snapshot =
linux_boot
[Qemu-devel] [Bug 1766896] Re: qemu-system-arm segfault in arm_v7m_mmu_idx_for_secstate
You also did not specify any amount of RAM with the -m parameter and the
"none" machine does not have any RAM by default.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1766896
Title:
qemu-system-arm segfault in arm_v7m_mmu_idx_for_secstate
Status in QEMU:
New
Bug description:
Attempting to emulate some baremetal ARM cortex-M* firmware with gdb
causes a segfault every time.
qemu invocation:
qemu-system-arm -machine none -cpu cortex-m3 -nographic -monitor null -serial
null -s -S -device loader,file=firmware.elf
qemu seems to startup fine with that command. Segfault happens as soon
as I connect from another console with
arm-none-eabi-gdb firmware.elf
> target remote localhost:1234
# qemu segfaults, and kills arm-none-eabi-gdb along with it
Here's a bt from qemu-system-arm :
*
#0 armv7m_nvic_neg_prio_requested (opaque=0x0, secure=false)
at /home/sac/qemu/src/qemu/hw/intc/armv7m_nvic.c:383
s = 0x0
#1 0x006e4806 in arm_v7m_mmu_idx_for_secstate (secstate=,
env=0xb620263c)
at /home/sac/qemu/src/qemu/target/arm/cpu.h:2345
el =
mmu_idx = ARMMMUIdx_MPriv
el =
mmu_idx =
#2 cpu_mmu_index (ifetch=false, env=0xb620263c) at
/home/sac/qemu/src/qemu/target/arm/cpu.h:2358
mmu_idx =
el =
ifetch =
env = 0xb620263c
el =
mmu_idx =
el =
el =
mmu_idx =
#3 arm_cpu_get_phys_page_attrs_debug (cs=0xb61fe480, addr=0,
attrs=0xbfffc668)
at /home/sac/qemu/src/qemu/target/arm/helper.c:9858
cpu = 0xb61fe480
__func__ = "arm_cpu_get_phys_page_attrs_debug"
env = 0xb620263c
phys_addr = 6402535376434480864
page_size = 5
prot = -1239242724
ret =
fsr = 4294967041
fi = {s2addr = 0, stage2 = false, s1ptw = false, ea = false}
mmu_idx =
#4 0x005729d1 in cpu_get_phys_page_attrs_debug (attrs=,
addr=,
cpu=) at /home/sac/qemu/src/qemu/include/qom/cpu.h:580
cc =
cc =
#5 cpu_memory_rw_debug (cpu=0xb61fe480, addr=0, buf=0xbfffd6dc "", len=4,
is_write=0)
at /home/sac/qemu/src/qemu/exec.c:3524
asidx =
attrs = {unspecified = 0, secure = 0, user = 0, requester_id = 15525}
l =
phys_addr =
page = 0
__PRETTY_FUNCTION__ = "cpu_memory_rw_debug"
#6 0x005b4c5e in target_memory_rw_debug (is_write=false, len=4,
buf=, addr=0,
cpu=0xb61fe480) at /home/sac/qemu/src/qemu/gdbstub.c:56
cc =
cc =
#7 gdb_handle_packet (s=s@entry=0xb6229800,
line_buf=line_buf@entry=0xb6229810 "m0,4")
at /home/sac/qemu/src/qemu/gdbstub.c:1109
cpu =
cc =
p = 0xb6229813 "4"
thread =
ch =
reg_size =
type =
res =
buf = "m1\000", '\060' ,
"d3010040\000t modification,\n are permitted in any medium
without royalt"...
mem_buf = '\000' ,
"\377\377\377\377\000\000\000\000\323\001\000@", '\000' ...
registers =
addr = 0
len = 4
__func__ = "gdb_handle_packet"
#8 0x005b55b3 in gdb_read_byte (ch=100, s=0xb6229800) at
/home/sac/qemu/src/qemu/gdbstub.c:1664
reply = 43 '+'
reply =
repeat =
#9 gdb_chr_receive (opaque=, buf=,
size=)
at /home/sac/qemu/src/qemu/gdbstub.c:1868
i =
#10 0x00980319 in tcp_chr_read (chan=0xb6c86200, cond=G_IO_IN,
opaque=0xb63fc6e0)
at chardev/char-socket.c:440
chr =
__func__ = "tcp_chr_read"
s = 0xb63fc6e0
buf =
"$m0,4#fddInfo#c8read:arm-core.xml:0,ffb#08+;qRelocInsn+;fork-events+;vfork-events+;exec-events+;vContSupported+;QThreadEvents+;no-resumed+#df\363\377\377\000\000\000\000\274\354\377\277",
'\000' , "\272\356\377 \274\354\377\277", '\000' , "\373\377\377\377\005\000\000\000"...
len =
size =
#11 0xb7808c44 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#12 0x009e14d2 in glib_pollfds_poll () at util/main-loop.c:214
context = 0xb645f740
pfds =
context =
pfds =
#13 os_host_main_loop_wait (timeout=) at util/main-loop.c:261
context = 0xb645f740
ret = 1
spin_counter = 0
context =
ret =
spin_counter = 0
notified = false
#14 main_loop_wait (nonblocking=0) at util/main-loop.c:515
ret =
timeout = 1000
timeout_ns =
#15 0x00561781 in main_loop () at vl.c:1995
No locals.
#16 main (argc=, argv=, envp=)
at vl.c:4911
i =
snapshot =
linux_boot =
initrd_filename =
