Bug 1339977

Summary: -M virt,gic-version=host,accel=tcg causes segmentation fault on aarch64
Product: [Fedora] Fedora Reporter: Richard W.M. Jones <rjones>
Component: qemuAssignee: Fedora Virtualization Maintainers <virt-maint>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: abologna, amit.shah, berrange, cfergeau, crobinso, drjones, dwmw2, itamar, pbonzini, pbrobinson, rjones, virt-maint
Target Milestone: ---   
Target Release: ---   
Hardware: aarch64   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-05-26 18:00:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 910269    

Description Richard W.M. Jones 2016-05-26 09:33:12 UTC 
Description of problem:

$ qemu-system-aarch64 -nodefconfig -nodefaults -display none -M virt,gic-version=host,accel=tcg -cpu cortex-a57 -m 1024 -serial stdio
Segmentation fault (core dumped)

If you remove the gic-version=host subclause, OR change tcg -> kvm
then it no longer segfaults.

The stack trace is:

#0  0x000002aaaac64efc in kvm_ioctl (s=s@entry=0x0, type=type@entry=44547)
    at /usr/src/debug/qemu-2.6.0/kvm-all.c:1948
#1  0x000002aaaac64f54 in kvm_check_extension (s=s@entry=0x0, extension=extension@entry=89) at /usr/src/debug/qemu-2.6.0/kvm-all.c:481
#2  0x000002aaaac682c8 in kvm_create_device (s=0x0, type=type@entry=7, test=test@entry=true) at /usr/src/debug/qemu-2.6.0/kvm-all.c:2330
#3  0x000002aaaad05ab4 in kvm_arm_vgic_probe ()
    at /usr/src/debug/qemu-2.6.0/target-arm/kvm.c:608
#4  0x000002aaaace02ec in machvirt_init (machine=0x2aaac0d25a0)
    at /usr/src/debug/qemu-2.6.0/hw/arm/virt.c:1117
#5  0x000002aaaac28bb8 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4515

Also the host kernel gives this error at the same time:

[  940.129565] qemu-system-aar[23224]: unhandled level 2 translation fault (11) at 0x0000002c, esr 0x92000006
[  940.139183] pgd = fffffe03dd3f0000
[  940.142574] [0000002c] *pgd=0000000000000000, *pud=0000000000000000, *pmd=0000000000000000

[  940.152321] CPU: 3 PID: 23224 Comm: qemu-system-aar Tainted: G        W       4.5.4-300.fc24.aarch64 #1
[  940.161669] Hardware name: AppliedMicro Mustang/Mustang, BIOS 1.1.0 Aug 26 2015
[  940.168944] task: fffffe03df026800 ti: fffffe03dbba4000 task.ti: fffffe03dbba4000
[  940.176391] PC is at 0x2aabb7f4efc
[  940.179778] LR is at 0x2aabb7f4f54
[  940.183165] pc : [<000002aabb7f4efc>] lr : [<000002aabb7f4f54>] pstate: 20000000
[  940.190524] sp : 000003ffd23adf40
[  940.193822] x29: 000003ffd23adf40 x28: 000002aac990ab00 
[  940.199131] x27: 000002aabbbe4000 x26: 000002aabbe2f000 
[  940.204440] x25: 0000000000000000 x24: 000002aabbe2e000 
[  940.209751] x23: 000002aabbe52000 x22: 000002aabbb3fae0 
[  940.215061] x21: 0000000000000000 x20: 0000000000000001 
[  940.220369] x19: 000002aabbe2f000 x18: 0000000000000001 
[  940.225692] x17: 000003ff679f0fc0 x16: 000003ff67eff1a0 
[  940.231002] x15: 0000000000000002 x14: 0000000000000000 
[  940.236312] x13: 000002aac98e2fe8 x12: 0000000000000000 
[  940.241623] x11: 0000000000000000 x10: 000003ffd23aeb50 
[  940.246931] x9 : 0000000000000000 x8 : 000003ff7cb6fc60 
[  940.252240] x7 : 0000000000000000 x6 : 0000000000000000 
[  940.257552] x5 : 000003ff7cb6fc60 x4 : 0000000000000000 
[  940.262860] x3 : 000003ffd23ae040 x2 : 0000000000000059 
[  940.268170] x1 : 000000000000ae03 x0 : 0000000000000000 

Version-Release number of selected component (if applicable):

qemu-2.6.0-2.fc24.aarch64

How reproducible:

100%

Steps to Reproduce:
1. See command above.
Comment 1 Cole Robinson 2016-05-26 14:34:00 UTC 
Since gic-version=host requires KVM APIs, we should explicitly reject it if KVM isn't enabled, like we do for x86 -cpu host. I sent a patch upstream
Comment 2 Cole Robinson 2016-05-26 18:00:13 UTC 
Fixed in qemu-2.6.0-3.fc25
Comment 3 Richard W.M. Jones 2016-05-27 12:26:20 UTC 
Peter: The qemu update isn't the whole story here.  Also needed
is libguestfs >= 1.33.32, which I'm just about to build for F24
primary architectures.
Comment 4 Richard W.M. Jones 2016-05-27 12:30:00 UTC 
b/c of this commit:
https://github.com/libguestfs/libguestfs/commit/7023f20830a681ef36f8f99415fe41791555a3db
Comment 5 Peter Robinson 2016-05-27 12:30:58 UTC 
(In reply to Richard W.M. Jones from comment #3)
> Peter: The qemu update isn't the whole story here.  Also needed
> is libguestfs >= 1.33.32, which I'm just about to build for F24
> primary architectures.

that's cool, as long as all bits are in place and stable in time for freeze I'm happy!