OpenJDK JVM segfaults on qemu-sh4 (regression)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
QEMU |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Some of the recent changes introduced a regression which makes the OpenJDK JVM crash on qemu-sh4:
(sid-sh4-
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault
(sid-sh4-
An older version works fine:
(sid-sh4-
openjdk version "9.0.1"
OpenJDK Runtime Environment (build 9.0.1+11-Debian-1)
OpenJDK Zero VM (build 9.0.1+11-Debian-1, interpreted mode)
(sid-sh4-
Haven't had time for bisecting this yet.
Adrian
Peter Maydell (pmaydell) wrote : | #1 |
John Paul Adrian Glaubitz (glaubitz) wrote : Re: [Bug 1735384] Re: OpenJDK JVM segfaults on qemu-sh4 (regression) | #2 |
On 11/30/2017 01:19 PM, Peter Maydell wrote:
> This sounds like it may be the bug fixed by this patchset:
> https:/
Unfortunately not. I will upload a prepared chroot for testing later
and link it in this bug report.
Adrian
--
.''`. John Paul Adrian Glaubitz
: :' : Debian Developer - <email address hidden>
`. `' Freie Universitaet Berlin - <email address hidden>
`- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
John Paul Adrian Glaubitz (glaubitz) wrote : | #3 |
The offending commit is:
d25f2a72272b9ff
commit d25f2a72272b9ff
Author: Alex Bennée <email address hidden>
Date: Mon Nov 13 13:55:27 2017 +0000
accel/
We are still seeing signals during translation time when we walk over
a page protection boundary. This expands the check to ensure the host
PC is inside the code generation buffer. The original suggestion was
to check versus tcg_ctx.
translation buffer we have to settle for just a general check for
being inside.
I've also fixed up the declaration to make it clear it can deal with
invalid addresses. A later patch will fix up the call sites.
Signed-off-by: Alex Bennée <email address hidden>
Reported-by: Peter Maydell <email address hidden>
Reviewed-by: Laurent Vivier <email address hidden>
Reviewed-by: Richard Henderson <email address hidden>
Message-id: <email address hidden>
Suggested-by: Paolo Bonzini <email address hidden>
Cc: Richard Henderson <email address hidden>
Tested-by: Peter Maydell <email address hidden>
Signed-off-by: Peter Maydell <email address hidden>
:040000 040000 da50c4c43089d3e
:040000 040000 c294a7c102d2729
Reverting the commit resolves the issue.
--
.''`. John Paul Adrian Glaubitz
: :' : Debian Developer - <email address hidden>
`. `' Freie Universitaet Berlin - <email address hidden>
`- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
Alex Bennée (ajbennee) wrote : Re: [Qemu-devel] [Bug 1735384] Re: OpenJDK JVM segfaults on qemu-sh4 (regression) | #4 |
Thomas Huth <email address hidden> writes:
> On 01.12.2017 00:25, John Paul Adrian Glaubitz wrote:
>> The offending commit is:
>>
>> d25f2a72272b9ff
>> commit d25f2a72272b9ff
>> Author: Alex Bennée <email address hidden>
>> Date: Mon Nov 13 13:55:27 2017 +0000
>>
>> accel/tcg/
>>
>> We are still seeing signals during translation time when we walk over
>> a page protection boundary. This expands the check to ensure the host
>> PC is inside the code generation buffer. The original suggestion was
>> to check versus tcg_ctx.
>> translation buffer we have to settle for just a general check for
>> being inside.
>>
>> I've also fixed up the declaration to make it clear it can deal with
>> invalid addresses. A later patch will fix up the call sites.
>>
>> Signed-off-by: Alex Bennée <email address hidden>
>> Reported-by: Peter Maydell <email address hidden>
>> Reviewed-by: Laurent Vivier <email address hidden>
>> Reviewed-by: Richard Henderson <email address hidden>
>> Message-id: <email address hidden>
>> Suggested-by: Paolo Bonzini <email address hidden>
>> Cc: Richard Henderson <email address hidden>
>> Tested-by: Peter Maydell <email address hidden>
>> Signed-off-by: Peter Maydell <email address hidden>
>>
>> :040000 040000 da50c4c43089d3e
>> :040000 040000 c294a7c102d2729
>>
>> Reverting the commit resolves the issue.
>>
>
> Alex, any ideas what might be wrong here?
It's hard to imagine a scenario where taking the tb_lock() for resolving
something that will fail is going to be an improvement. However maybe
there is a subtle difference with sh4's javavm implementation.
A backtrace QEMU after the segv would be useful here.
--
Alex Bennée
John Paul Adrian Glaubitz (glaubitz) wrote : | #5 |
On 12/04/2017 10:29 AM, Alex Bennée wrote:
> It's hard to imagine a scenario where taking the tb_lock() for resolving
> something that will fail is going to be an improvement. However maybe
> there is a subtle difference with sh4's javavm implementation.
So, OpenJDK doesn't have a SH-specific implementation of the JVM, it just
uses the Zero variant, which is a pure C++ implementation of the JVM.
The same implementation is used on any other architecture like older ARM
(< ARMv7). I just tested it on ARMv4T and it doesn't crash there on
qemu-user.
However, SH4 is special due to its implementation of atomics in user
space called gUSA for which support to qemu-user has been recently
added by Richard Hendersson. Maybe the problem lies there.
> A backtrace QEMU after the segv would be useful here.
I forgot what the proper procedure is for running qemu-user inside
GDB. Could you help me with that?
The strace looks like this in any case:
28856 access(
28856 open("/
28856 read(3,
28856 fstat64(
28856 mmap(NULL,
28856 mprotect(
28856 mmap(0x7ee54000
28856 close(3) = 0
28856 mprotect(
28856 mprotect(
28856 mprotect(
28856 mprotect(
28856 getpid() = 28856
28856 munmap(
28856 getpid() = 28856
28856 mmap(NULL,
28856 mprotect(
28856 clone(CLONE_
28856 futex(0x7ee2652
--- SIGSEGV {si_signo=SIGSEGV, si_code=1, si_addr=0x289da000} ---
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault
(sid-sh4-
Adrian
--
.''`. John Paul Adrian Glaubitz
: :' : Debian Developer - <email address hidden>
`. `' Freie Universitaet Berlin - <email address hidden>
`- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
Alex Bennée (ajbennee) wrote : | #6 |
John Paul Adrian Glaubitz <email address hidden> writes:
> On 12/04/2017 10:29 AM, Alex Bennée wrote:
>> It's hard to imagine a scenario where taking the tb_lock() for resolving
>> something that will fail is going to be an improvement. However maybe
>> there is a subtle difference with sh4's javavm implementation.
>
> So, OpenJDK doesn't have a SH-specific implementation of the JVM, it just
> uses the Zero variant, which is a pure C++ implementation of the JVM.
>
> The same implementation is used on any other architecture like older ARM
> (< ARMv7). I just tested it on ARMv4T and it doesn't crash there on
> qemu-user.
>
> However, SH4 is special due to its implementation of atomics in user
> space called gUSA for which support to qemu-user has been recently
> added by Richard Hendersson. Maybe the problem lies there.
>
>> A backtrace QEMU after the segv would be useful here.
>
> I forgot what the proper procedure is for running qemu-user inside
> GDB. Could you help me with that?
Either call directly:
gdb --args qemu-foo <userspace args>
Or alternatively:
qemu-foo -g 1234 <userspace args>
And then:
gdb qemu-foo -p <pid of qemu-foo>
And finally attaching to the gdbstub:
gdb-multiarch -ex "target remote localhost:1234"
c
Or just make sure your environment is generating core dumps you can
backtrace at leisure:
gdb qemu-foo core
bt
>
> The strace looks like this in any case:
>
> 28856 access(
> 28856 open("/
> 28856 read(3,
> 28856 fstat64(
> 28856 mmap(NULL,
> 28856 mprotect(
> 28856 mmap(0x7ee54000
> 28856 close(3) = 0
> 28856 mprotect(
> 28856 mprotect(
> 28856 mprotect(
> 28856 mprotect(
> 28856 getpid() = 28856
> 28856 munmap(
> 28856 getpid() = 28856
> 28856 mmap(NULL,
> 28856 mprotect(
> 28856 clone(CLONE_
> 28856 futex(0x7ee2652
> --- SIGSEGV {si_signo=SIGSEGV, si_code=1, si_addr=0x289da000} ---
> qemu: uncaught target signal 11 (Segmentation fault) - core dumped
> Segmentation fault
> (sid-sh4-
>
> Adrian
>
> --
> .''`. John Paul Adrian Glaubitz
> : :' : Debian Developer - <email address hidden>
> `. `' Freie Universitaet Berlin - <email address hidden>
> `- GPG: 62FF 8A75 84E0 2956 9546 00...
Alex Bennée (ajbennee) wrote : Re: [Qemu-devel] [Bug 1735384] [NEW] OpenJDK JVM segfaults on qemu-sh4 (regression) | #7 |
John Paul Adrian Glaubitz <email address hidden> writes:
> Public bug reported:
>
> Some of the recent changes introduced a regression which makes the
> OpenJDK JVM crash on qemu-sh4:
>
> (sid-sh4-
> qemu: uncaught target signal 11 (Segmentation fault) - core dumped
> Segmentation fault
> (sid-sh4-
With an --enable-debug build I managed to replicate:
root@
qemu-sh4: /home/alex/
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault (core dumped)
Which implies the front end has gotten something wrong. Maybe this
somehow tripped up the fault resolution in the end? Can you try with an
--enable-debug build?
>
> An older version works fine:
>
> (sid-sh4-
> openjdk version "9.0.1"
> OpenJDK Runtime Environment (build 9.0.1+11-Debian-1)
> OpenJDK Zero VM (build 9.0.1+11-Debian-1, interpreted mode)
> (sid-sh4-
>
> Haven't had time for bisecting this yet.
>
> Adrian
>
> ** Affects: qemu
> Importance: Undecided
> Status: New
--
Alex Bennée
John Paul Adrian Glaubitz (glaubitz) wrote : | #8 |
On 12/05/2017 04:02 PM, Alex Bennée wrote:
> With an --enable-debug build I managed to replicate:
>
> root@6e10336e48
> qemu-sh4: /home/alex/
> qemu: uncaught target signal 11 (Segmentation fault) - core dumped
> Segmentation fault (core dumped)
>
> Which implies the front end has gotten something wrong. Maybe this
> somehow tripped up the fault resolution in the end? Can you try with an
> --enable-debug build?
Will do. Thank you for giving me a heads-up!
Adrian
--
.''`. John Paul Adrian Glaubitz
: :' : Debian Developer - <email address hidden>
`. `' Freie Universitaet Berlin - <email address hidden>
`- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
Alex Bennée (ajbennee) wrote : [RFC PATCH] target/sh4/translate.c: fix TCG leak during gusa sequence | #9 |
This fixes bug #1735384 while running java under qemu-sh4. When debug
was enabled it showed a problem with TCG temps. Once fixed I was able
to run java -version normally.
Reported-by: John Paul Adrian Glaubitz <email address hidden>
Suggested-by: Richard Henderson <email address hidden>
Signed-off-by: Alex Bennée <email address hidden>
---
target/
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/
index 703020fe87.
--- a/target/
+++ b/target/
@@ -2189,7 +2189,7 @@ static int decode_
}
/* If op_src is not a valid register, then op_arg was a constant. */
- if (op_src < 0) {
+ if (op_src < 0 && !TCGV_IS_
}
--
2.15.1
John Paul Adrian Glaubitz (glaubitz) wrote : Re: [Bug 1735384] [RFC PATCH] target/sh4/translate.c: fix TCG leak during gusa sequence | #10 |
Hi Alex!
Wow, thanks! I wanted to run your suggested test today as I ran out of time yesterday and now you already fixed it :-).
Thanks a lot!
Adrian
> On Dec 6, 2017, at 10:30 AM, Alex Bennée <email address hidden> wrote:
>
> This fixes bug #1735384 while running java under qemu-sh4. When debug
> was enabled it showed a problem with TCG temps. Once fixed I was able
> to run java -version normally.
>
> Reported-by: John Paul Adrian Glaubitz <email address hidden>
> Suggested-by: Richard Henderson <email address hidden>
> Signed-off-by: Alex Bennée <email address hidden>
> ---
> target/
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/target/
> index 703020fe87.
> --- a/target/
> +++ b/target/
> @@ -2189,7 +2189,7 @@ static int decode_
> }
>
> /* If op_src is not a valid register, then op_arg was a constant. */
> - if (op_src < 0) {
> + if (op_src < 0 && !TCGV_IS_
> tcg_temp_
> }
>
> --
> 2.15.1
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https:/
>
> Title:
> OpenJDK JVM segfaults on qemu-sh4 (regression)
>
> Status in QEMU:
> New
>
> Bug description:
> Some of the recent changes introduced a regression which makes the
> OpenJDK JVM crash on qemu-sh4:
>
> (sid-sh4-
> qemu: uncaught target signal 11 (Segmentation fault) - core dumped
> Segmentation fault
> (sid-sh4-
>
> An older version works fine:
>
> (sid-sh4-
> openjdk version "9.0.1"
> OpenJDK Runtime Environment (build 9.0.1+11-Debian-1)
> OpenJDK Zero VM (build 9.0.1+11-Debian-1, interpreted mode)
> (sid-sh4-
>
> Haven't had time for bisecting this yet.
>
> Adrian
>
> To manage notifications about this bug go to:
> https:/
John Paul Adrian Glaubitz (glaubitz) wrote : | #11 |
On 12/06/2017 10:30 AM, Alex Bennée wrote:
> This fixes bug #1735384 while running java under qemu-sh4. When debug
> was enabled it showed a problem with TCG temps. Once fixed I was able
> to run java -version normally.
>
> Reported-by: John Paul Adrian Glaubitz <email address hidden>
> Suggested-by: Richard Henderson <email address hidden>
> Signed-off-by: Alex Bennée <email address hidden>
I can confirm that this fixes the issue for me, too.
So, just in case:
Tested-by: John Paul Adrian Glaubitz <email address hidden>
--
.''`. John Paul Adrian Glaubitz
: :' : Debian Developer - <email address hidden>
`. `' Freie Universitaet Berlin - <email address hidden>
`- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
Alex Bennée (ajbennee) wrote : Re: [Qemu-devel] [Bug 1735384] [RFC PATCH] target/sh4/translate.c: fix TCG leak during gusa sequence | #12 |
John Paul Adrian Glaubitz <email address hidden> writes:
> Hi Alex!
>
> Wow, thanks! I wanted to run your suggested test today as I ran out of
> time yesterday and now you already fixed it :-).
Can you confirm you've tested it and your happy it works?
>
> Thanks a lot!
>
> Adrian
>
>> On Dec 6, 2017, at 10:30 AM, Alex Bennée <email address hidden> wrote:
>>
>> This fixes bug #1735384 while running java under qemu-sh4. When debug
>> was enabled it showed a problem with TCG temps. Once fixed I was able
>> to run java -version normally.
>>
>> Reported-by: John Paul Adrian Glaubitz <email address hidden>
>> Suggested-by: Richard Henderson <email address hidden>
>> Signed-off-by: Alex Bennée <email address hidden>
>> ---
>> target/
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/target/
>> index 703020fe87.
>> --- a/target/
>> +++ b/target/
>> @@ -2189,7 +2189,7 @@ static int decode_
>> }
>>
>> /* If op_src is not a valid register, then op_arg was a constant. */
>> - if (op_src < 0) {
>> + if (op_src < 0 && !TCGV_IS_
>> tcg_temp_
>> }
>>
>> --
>> 2.15.1
>>
>> --
>> You received this bug notification because you are subscribed to the bug
>> report.
>> https:/
>>
>> Title:
>> OpenJDK JVM segfaults on qemu-sh4 (regression)
>>
>> Status in QEMU:
>> New
>>
>> Bug description:
>> Some of the recent changes introduced a regression which makes the
>> OpenJDK JVM crash on qemu-sh4:
>>
>> (sid-sh4-
>> qemu: uncaught target signal 11 (Segmentation fault) - core dumped
>> Segmentation fault
>> (sid-sh4-
>>
>> An older version works fine:
>>
>> (sid-sh4-
>> openjdk version "9.0.1"
>> OpenJDK Runtime Environment (build 9.0.1+11-Debian-1)
>> OpenJDK Zero VM (build 9.0.1+11-Debian-1, interpreted mode)
>> (sid-sh4-
>>
>> Haven't had time for bisecting this yet.
>>
>> Adrian
>>
>> To manage notifications about this bug go to:
>> https:/
--
Alex Bennée
John Paul Adrian Glaubitz (glaubitz) wrote : | #13 |
On 12/06/2017 11:52 AM, Alex Bennée wrote:
>> Wow, thanks! I wanted to run your suggested test today as I ran out of
>> time yesterday and now you already fixed it :-).
>
> Can you confirm you've tested it and your happy it works?
I already confirmed it, but in case my previous mail got lost:
Tested-by: John Paul Adrian Glaubitz <email address hidden>
And, yes, I'm happy it works :-). Can now switch back to using the latest
qemu snapshot for building packages for Debian sh4.
Adrian
--
.''`. John Paul Adrian Glaubitz
: :' : Debian Developer - <email address hidden>
`. `' Freie Universitaet Berlin - <email address hidden>
`- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
John Paul Adrian Glaubitz (glaubitz) wrote : | #14 |
This has been fixed now and Java works fine again on qemu-sh4 on git master:
(sid-sh4-
openjdk 10 2018-03-20
OpenJDK Runtime Environment (build 10+46-Debian-5)
OpenJDK Zero VM (build 10+46-Debian-5, interpreted mode)
(sid-sh4-
Changed in qemu: | |
status: | New → Fix Released |
This sounds like it may be the bug fixed by this patchset: https:/ /lists. gnu.org/ archive/ html/qemu- devel/2017- 11/msg05067. html