** Description changed:
+ [ Impact ]
+ * qemu-system-aarch64 crashes with an assertion failure in
+ regime_is_user() when running AArch64 guests that trigger
+ FEAT_E0PD behaviour (e.g. Fedora 44, openSUSE Tumbleweed ARM
+ cloud images):
+
+ ERROR:target/arm/internals.h:767:regime_is_user: code should not be
reached
+ Bail out! ERROR:target/arm/internals.h:767:regime_is_user: code should
not be reached
+ Aborted (core dumped)
+
+ * Root cause: commit e4c93e44ab10 ("target/arm: Implement FEAT_E0PD")
+ added a call to regime_is_user() inside aa64_va_parameters(),
+ which can be reached with ARMMMUIdx_E10_* mmuidx values (stage 1+2
+ combined indexes) when the guest sets TCR_ELx.{E0PD0,E0PD1}.
+ The original code asserted these indexes were never valid, making
+ that assertion now incorrect. A TLBI operation in the guest is
+ enough to trigger the abort.
+
+ * The bug is present in noble (QEMU 8.2.2). It does not affect
+ jammy (6.2) which predates FEAT_E0PD, nor stonking (10.2.1) which
+ already carries the upstream fix.
+
+ [ Test Plan ]
+ 1. On a fresh Ubuntu 24.04 amd64 host, install qemu-system-arm:
+ sudo apt update && sudo apt install -y qemu-system-arm
+
+ 2. Boot the VM:
+ qemu-system-aarch64 -nographic -nodefaults -m 2G -smp 2 \
+ -cpu max -machine type=virt,accel=tcg \
+ -drive
file=/usr/share/AAVMF/AAVMF_CODE.fd,if=pflash,unit=0,format=raw,readonly=on
+
+ * Before fix: QEMU aborts with the regime_is_user assertion failure
+ shortly after the guest starts booting.
+ * After fix: the VM boots and show UEFI output
+
+ [ Where problems could occur ]
+
+ * The change is a one-line addition to a switch statement in
+ target/arm/internals.h — regime_is_user() now correctly classifies
+ ARMMMUIdx_E10_0 as user mode and lets E10_1/E10_1_PAN fall through
+ to the existing "return false" default.
+
+ * Risk is low: the only change in behavior is for the E10_0
+ index which previously aborted; now it returns true (user mode),
+ matching the semantics of the equivalent E20_0 case.
+
+ * No impact on non-AArch64 guests or on non-FEAT_E0PD workloads.
+
+ [ Other Info ]
+
+ * Upstream fix:
https://gitlab.com/qemu-project/qemu/-/commit/1505b651fdbd9af59a4a90876a62ae7ea2d4cd39
+ * Only noble is affected among supported Ubuntu LTS releases.
+
+
+ ---Original bug report---
+
The qemu-system-aarch64 process from qemu-system-arm package crashes with the
following message:
```
ERROR:target/arm/internals.h:767:regime_is_user: code should not be reached
Bail out! ERROR:target/arm/internals.h:767:regime_is_user: code should not be
reached
Aborted (core dumped)
```
To reproduce, run the following on a fresh Ubuntu 24.04.4 amd64 system:
```
sudo apt update
sudo apt install -y qemu-system-arm
wget
https://download.fedoraproject.org/pub/fedora/linux/releases/44/Cloud/aarch64/images/Fedora-Cloud-Base-Generic-44-1.7.aarch64.qcow2
cp /usr/share/AAVMF/AAVMF_CODE.fd efivars.fd
qemu-system-aarch64 -nographic -nodefaults -m 2G -smp 2 -cpu max -machine
type=virt,accel=tcg -drive
file=./Fedora-Cloud-Base-Generic-44-1.7.aarch64.qcow2,if=virtio,cache=writeback,discard=ignore,format=qcow2
-drive
file=/usr/share/AAVMF/AAVMF_CODE.fd,if=pflash,unit=0,format=raw,readonly=on
-drive file=./efivars.fd,if=pflash,unit=1,format=raw
```
The package version is 1:8.2.2+ds-0ubuntu1.1
The same reproduction steps do NOT result in a crash on Ubuntu 22.04
(1:6.2+dfsg-2ubuntu6.31) and Ubuntu 26.04 (1:10.2.1+ds-1ubuntu3.1).
If you're looking for another example, I've also ran into the same crash
when working with the openSUSE Tumbleweed ARM cloud image
(https://download.opensuse.org/ports/aarch64/tumbleweed/appliances/openSUSE-
Tumbleweed-Minimal-VM.aarch64-Cloud.qcow2).
I'ev pinpointed this to the following commit:
https://gitlab.com/qemu-project/qemu/-/commit/1505b651fdbd9af59a4a90876a62ae7ea2d4cd39
I added it to series of patches in a branch based on the ubuntu/noble-
updates branch and a build from that branch did, in fact, fix the crash.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2157713
Title:
qemu-system-aarch64 crashes on regime_is_user assert
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/2157713/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
