qemu-arm dies with libarmmem inside ld.so.preload

Which version of QEMU are you using? This is I think due to SETEND emulation, which I thought we had implemented now.

If this still doesn't work on QEMU 2.7, please can you provide full instructions to reproduce the problem (assume I know nothing about how to get raspbian or run it on QEMU).

- I'm on Ubuntu 16.04, and it looks like it's 2.6.1

qemu-arm version 2.6.1 (Debian 1:2.6.1+dfsg-0~16.04), Copyright (c)
2003-2008 Fabrice Bellard

Is there a PPA for qemu 2.7 somewhere ?

On 19 September 2016 at 21:27, Peter Maydell <email address hidden>
wrote:

> Which version of QEMU are you using? This is I think due to SETEND
> emulation, which I thought we had implemented now.
>
> If this still doesn't work on QEMU 2.7, please can you provide full
> instructions to reproduce the problem (assume I know nothing about how
> to get raspbian or run it on QEMU).
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1625295
>
> Title:
> qemu-arm dies with libarmmem inside ld.so.preload
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/qemu/+bug/1625295/+subscriptions
>

On 20 September 2016 at 00:02, Stu <email address hidden> wrote:
> - I'm on Ubuntu 16.04, and it looks like it's 2.6.1
>
> qemu-arm version 2.6.1 (Debian 1:2.6.1+dfsg-0~16.04), Copyright (c)
> 2003-2008 Fabrice Bellard
>
> Is there a PPA for qemu 2.7 somewhere ?

You'd need to ask the Ubuntu folks about that. Upstream
we provide source code distributions only.

thanks
-- PMM

Cheers :)

May as well close this, I'll re-open it if I try 2.7 and find the same bug.

Testing involves trying stock raspbian in qemu.

On 20 September 2016 at 10:26, Peter Maydell <email address hidden>
wrote:

> On 20 September 2016 at 00:02, Stu <email address hidden> wrote:
> > - I'm on Ubuntu 16.04, and it looks like it's 2.6.1
> >
> > qemu-arm version 2.6.1 (Debian 1:2.6.1+dfsg-0~16.04), Copyright (c)
> > 2003-2008 Fabrice Bellard
> >
> > Is there a PPA for qemu 2.7 somewhere ?
>
> You'd need to ask the Ubuntu folks about that. Upstream
> we provide source code distributions only.
>
> thanks
> -- PMM
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1625295
>
> Title:
> qemu-arm dies with libarmmem inside ld.so.preload
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/qemu/+bug/1625295/+subscriptions
>

As I say, for providing reproduction instructions you have to assume I know nothing about raspbian, so "trying stock raspbian in qemu" is not detailed enough. I was looking for details more like "download this particular image from this website and then run this specific QEMU commandline, and then in the guest do <this thing> and it fails in <this way>".

Are bash scripts OK ?

I put everything into some scripts - I'm on ubuntu, debian should be
similar - not sure about other platforms.

# Grab scripts
$ git clone https://github.com/stuaxo/raspbian-qemu-scripts
$ cd raspbian-qemu-scripts

# Download current raspbian lite to /tmp/raspbian:
$ ./download-raspbian.sh

# Test that may fail - run
/tmp/raspbian/2016-05-27-raspbian-jessie-lite.img in qemu:
$ ./run_qemu.sh

# If the above fails, then it's you can edit /etc/ld.so.preload ---
$ ./mount-raspbian.sh

^ mounts the image to /tmp/raspbian/

Now edit the file /tmp/raspbian/etc/ld.so.preload and comment any lines,
e.g

$ sudo nano -w /tmp/raspbian/mnt/etc/ld.so.preload

$ umount /tmp/raspbian

## Test again in qemu

$ ./run_qemu.sh

One I get do the edit, qemu works for me.
To get chroot working, one has to mount the image and copy the file

$ ./mount-raspbian.sh
$ sudo cp /usr/bin/qemu-arm-static /tmp/raspbian/mnt/usr/bin

# After that chroot works...
$ sudo chroot /tmp/raspbian/mnt

-- Remember to umount the image before using qemu + but mount for chroot :)

On 20 September 2016 at 11:22, Peter Maydell <email address hidden>
wrote:

> As I say, for providing reproduction instructions you have to assume I
> know nothing about raspbian, so "trying stock raspbian in qemu" is not
> detailed enough. I was looking for details more like "download this
> particular image from this website and then run this specific QEMU
> commandline, and then in the guest do <this thing> and it fails in <this
> way>".
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1625295
>
> Title:
> qemu-arm dies with libarmmem inside ld.so.preload
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/qemu/+bug/1625295/+subscriptions
>

Thanks. I can reproduce this with the current QEMU, so there is still a problem of some kind here.

Awesome, cheers :)

On 20 September 2016 at 14:29, Peter Maydell <email address hidden>
wrote:

> Thanks. I can reproduce this with the current QEMU, so there is still a
> problem of some kind here.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1625295
>
> Title:
> qemu-arm dies with libarmmem inside ld.so.preload
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/qemu/+bug/1625295/+subscriptions
>

This turns out to be nothing to do with setend. We're doing something wrong emulating the following nasty hack:
https://github.com/bavison/arm-mem/blob/master/architecture.S

.arm
architecture:
        sub pc, pc, #1 @ is an interworking branch on ARMv7, not ARMv6
        and a1, a4, a1 @ second word interpreted as 'B .+0xA' if Thumb
        mov a1, #6
        bx lr
.thumb
        mov a1, #7
        bx lr

so after the 'sub pc, pc, #1' (which in my debug trace is at address 0xb6f086dc) QEMU next tries to execute from 0xb6f086e2 in ARM mode, which is neither of the two expected outcomes. As it happens we hit an undefined instruction pretty much immediately afterwards:

0xb6f086e2: 0006e003 andeq lr, r6, r3
0xb6f086e6: ff1ee3a0 undefined instruction 0xff1ee3a0

Patch which fixes this: http://patchwork.ozlabs.org/patch/672288/

Now fixed in QEMU master, commit 9b6a3ea7a69959416.

Awesome, thanks :)

On 4 October 2016 at 15:55, Peter Maydell <email address hidden> wrote:

> Now fixed in QEMU master, commit 9b6a3ea7a69959416.
>
>
> ** Changed in: qemu
> Status: In Progress => Fix Committed
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1625295
>
> Title:
> qemu-arm dies with libarmmem inside ld.so.preload
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/qemu/+bug/1625295/+subscriptions
>

Quick followup on this, finally got the time to build this + can confirming I can boot raspbian with the default /etc/ld.so.conf to the command prompt (both raspbian jessie lite and the default distro).

NB that commit 9b6a3ea7a69959416 had a bug (it broke exception return to Thumb code), so you should also make sure you have commit fb0e8e79a9d77 which fixes that bug.

Yup, got it - cheers :)

On 20 October 2016 at 08:41, Peter Maydell <email address hidden> wrote:

> NB that commit 9b6a3ea7a69959416 had a bug (it broke exception return to
> Thumb code), so you should also make sure you have commit fb0e8e79a9d77
> which fixes that bug.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1625295
>
> Title:
> qemu-arm dies with libarmmem inside ld.so.preload
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/qemu/+bug/1625295/+subscriptions
>

Released with version 2.8