Wrong code execution of s390x code with qemu TCG
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu on IBM z Systems |
Fix Released
|
High
|
Skipper Bug Screeners | ||
qemu (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Jammy |
Fix Released
|
Medium
|
Sergio Durigan Junior | ||
Lunar |
Won't Fix
|
Undecided
|
Unassigned | ||
Mantic |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
SRU Justification:
[ Impact ]
* Wrong code execution with qemu.
* Frequently used s390x code sequences are wrongly executed
when running with qemu instruction set emulation.
* This happens only in KVM VMs, not while running natively on s390x.
* For example also with
gcc 11.4.0 (Ubuntu 11.4.0-
on WSL (Windows 11_5.15.
with any kind of Build Optimization Options: O0, O1, O2, O3
on KVM - like reported.
* The problem was probably introduced with:
Convert COMPARE, COMPARE LOGICAL
https:/
and got fixed with:
https:/
[ Test Plan ]
* An Ubuntu Server 22.04 LTS installed on an s390x LPAR as KVM host
and a KVM guest running on top - again 22.04.
* Have a build environment installed with gcc 11(.4).
* Now compiling this reproducer:
#include <stdio.h>
signed short v1 = 1;
signed int v2 = 2;
unsigned long long bug = 0;
int main ()
{
if ((v1 < v2))
{
bug = v2;
}
printf("bug = %llu\n", bug);
return 0;
}
with:
gcc -o bug0 bug.c -O0 -fsanitize=
* Now running it:
qemu-
* Expected output (on KVM host, that natively runs Ubuntu):
O0: 2
O1: 2
O2: 2
O3: 2
Actual output (on un-fixed qemu environment):
O0: 2
O1: 2
O2: 0
O3: 0
[ Where problems could occur ]
* The fix is in COMPARE HALFWORD RELATIVE LONG and two files
are touched in tcg:
target/
target/
* Problems can for example occur in the newly introduced in2_mri2_16s
in case the pointer handling is wrong, or wrong arguments are taken
(not only in in2_mri2_16s, but also in tcg_gen_
* Issues could also happen is something relies on mri2_32s or mri2_64.
* The problem and fix is limited to s390x.
[ Other Info ]
* The issue was initially reported at gcc upstream:
https:/
but tunred out to be a qemue problem.
Nevertheless, there is a reproducer mentioned that got
picked here as test case.
* This issue is fixed in qemu 7, but qemu 6.2.0 in Ubuntu 22.04
is still affected, hence this SRU.
__________
---Problem Description---
Wrong code execution with qemu
---Steps to Reproduce---
please have a look at the following bug:
https:/
-------
Contact Information = Andreas Krebbel <email address hidden>
Machine Type = IBM Z
Userspace tool common name: qemu
The userspace tool has the following bit modes: 64 bit
Userspace deb: - 1:6.2+dfsg-
-------
Frequently used s390x code sequences are wrongly executed when running with qemu instruction set emulation.
The problem has been fixed in upstream qemu already. A backport for qemu 7 branch has been committed as well. The qemu 6.2.0 version used in Ubuntu 22.04 needs a backport of a trivial fix to work properly:
From the GCC BZ:
Problem fixed in v8.0.0 (https:/
The fix was backported to v7.2.2 (https:/
Please consider picking up
https:/
for the Ubuntu 22.04 qemu package 1:6.2+dfsg-
Related branches
- git-ubuntu bot: Approve
- Athos Ribeiro (community): Approve
- Canonical Server Core Reviewers: Pending requested
- Canonical Server Reporter: Pending requested
-
Diff: 174 lines (+146/-0)4 files modifieddebian/changelog (+8/-0)
debian/patches/series (+2/-0)
debian/patches/ubuntu/lp-2046439-s390x-Fix-emulation-of-C-G-HRL.patch (+53/-0)
debian/patches/ubuntu/lp-2046439-target-s390x-Split-out-gen_ri2.patch (+83/-0)
tags: | added: architecture-s39064 bugnameltc-204491 severity-high targetmilestone-inin--- |
Changed in ubuntu: | |
assignee: | nobody → Skipper Bug Screeners (skipper-screen-team) |
affects: | ubuntu → linux (Ubuntu) |
affects: | linux (Ubuntu) → qemu (Ubuntu) |
Changed in ubuntu-z-systems: | |
assignee: | nobody → Skipper Bug Screeners (skipper-screen-team) |
Changed in qemu (Ubuntu): | |
assignee: | Skipper Bug Screeners (skipper-screen-team) → nobody |
Changed in ubuntu-z-systems: | |
importance: | Undecided → High |
status: | New → Triaged |
tags: | added: server-next |
tags: |
added: server-todo removed: server-next |
Changed in qemu (Ubuntu Jammy): | |
assignee: | nobody → Sergio Durigan Junior (sergiodj) |
description: | updated |
Changed in ubuntu-z-systems: | |
status: | Triaged → In Progress |
Changed in ubuntu-z-systems: | |
status: | In Progress → Fix Committed |
tags: |
added: targetmilestone-inin2204 removed: targetmilestone-inin--- |
Changed in ubuntu-z-systems: | |
status: | Fix Committed → Fix Released |
Thank Andreas, this is helpful and I appreciate the work.
But I'd not say this is something I'd rush or hold people back from a Christmas PTO.
Since that means the fix will land in ~january we do IMHO not really have to consider Lunar which goes EOL there.
But for jammy this will be a good fix to have.