Red Hat Bugzilla – Bug 1314483
qemu crash on ppc64
Last modified: 2016-03-08 09:20:10 EST
/usr/bin/qemu-system-x86_64 -help crashes on ppc64
GNU gdb (GDB) Fedora 7.11-58.fc24
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "ppc64-redhat-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
Find the GDB manual and other documentation resources online at:
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./qemu-system-x86_64...done.
(gdb) r -help
Starting program: /home/than/rpmbuild/BUILD/qemu-2.5.0/x86_64-softmmu/qemu-system-x86_64 -help
Program received signal SIGSEGV, Segmentation fault.
0x0000000000000000 in ?? ()
#0 0x0000000000000000 in ?? ()
#1 0x00003fffb0c70298 in ?? ()
#2 0x00003fffb0c72d84 in ?? ()
#3 0x00003fffb7fb8c38 in resolve_ifunc (sym_map=0x3fffb11b3088, map=0x3fffb11b3088, value=0) at ../sysdeps/powerpc/powerpc64/dl-machine.h:666
#4 elf_machine_rela (skip_ifunc=<optimized out>, reloc_addr_arg=0x3fffb0ccd218, version=<optimized out>, sym=<optimized out>, reloc=0x3fffb0c688c0,
map=0x3fffb11b3088) at ../sysdeps/powerpc/powerpc64/dl-machine.h:708
#5 elf_dynamic_do_Rela (skip_ifunc=<optimized out>, lazy=<optimized out>, nrelative=<optimized out>, relsize=<optimized out>, reladdr=<optimized out>,
map=<optimized out>) at do-rel.h:137
#6 _dl_relocate_object (scope=0x3fffb11b3400, reloc_mode=<optimized out>, consider_profiling=<optimized out>) at dl-reloc.c:258
#7 0x00003fffb7fa6f04 in dl_main (phdr=<optimized out>, phnum=<optimized out>, user_entry=<optimized out>, auxv=<optimized out>) at rtld.c:2066
#8 0x00003fffb7fcb3bc in _dl_sysdep_start (start_argptr=<optimized out>, dl_main=@0x3fffb7ff0110: 0x3fffb7fa4800 <dl_main>) at ../elf/dl-sysdep.c:249
#9 0x00003fffb7fa4018 in _dl_start_final (arg=arg@entry=0x3ffffffff320, info=info@entry=0x3fffffffed70) at rtld.c:305
#10 0x00003fffb7fa84f0 in _dl_start (arg=0x3ffffffff320) at rtld.c:413
#11 0x00003fffb7fa37b0 in ._start () from /lib64/ld64.so.1
Same issue as bug 1312462. The tcmalloc ifunc needs to be rewritten or removed. I'm investigating this right now to provide some guidance to gperftools on the issue.
Moving to gperftools.
I think we should disable usage of tcmalloc in qemu for ppc64/ppc64le (same as it is disabled for s390(x)) until gperftools are fixed and updated. Or even keep tcmalloc enabled only for x86/x86_64. Will cycle the component to get the qemu people into CC.
While the bug only affects ppc64, ppc64le and armv7, gperftools is
using an undefined feature and so this could affect any architecture
There are two possible workarounds:
(1) Disable C++ dynamic sized delete support in gperftools. See:
(2) Disabling `-z now', which I did already:
does appear to work around the problem on armv7. Does it fix it
i'm trying the workarounds and will post the feedbacks today
i can confirm that the workaround (2) does fix the crash on ppc64
i also disabled hardened in gperftools, built in f24/rawhide.
(In reply to Ngo Than from comment #7)
> i also disabled hardened in gperftools, built in f24/rawhide.
I recommend against disabling hardening. Of all things qemu and its dependent libraries like tcmalloc should absolutely be hardened. We should be moving forward with more secure virtualized systems not less secure.
I agree with Carlos here. It was fine when we didn't understand
the problem and that was the only available workaround, but I
think a better workaround (assuming we don't get a proper fix
from upstream) is to disable the C++ dynamic sized delete feature.
(In reply to Richard W.M. Jones from comment #9)
> I agree with Carlos here. It was fine when we didn't understand
> the problem and that was the only available workaround, but I
> think a better workaround (assuming we don't get a proper fix
> from upstream) is to disable the C++ dynamic sized delete feature.
Alternatively, don't use IFUNC, and use a pointer dispatch at runtime, taking the extra cost while keeping the feature.
I also think packaging guidelines apply here, we want hardening enabled for gperftools, particularly if qemu is going to continue to use tcmalloc:
I'm going to mark this as a duplicate of the original issue.
*** This bug has been marked as a duplicate of bug 1312462 ***