The Ubuntu-power-systems project

Bug #1920784
Comment #4

Comment 4 for bug 1920784

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2021-03-23:

Hi Sadoon,
thanks for the report!
There isn't much to find about this issue yet.
One automatic syscaller crash report [1].
On the emulation side there is [2][3].

On the glibc side we have [4][5] adding the use of it with [6] being a fix.
All those seem to be in glibc 2.33 - so I'd expect with [6] it should only
be issued on power9 which in turn should HW-support the instruction.

I was trying to recreate this on power8 and power9 machines.
As expected on power8 just nothing happens (the instruction isn't used due to [6]).
TBH I first wondered if these Sforza chips [7][8][9] you mentioned are
fully identical to a classic IBM p9 box - but I was indeed able to reproduce
the issue just fine on an IBM-sold P9
dmesg:
[ 1516.438442] Facility 'SCV' unavailable (12), exception at 0x76c9f84c49a0, MSR=900000000280f033
[ 1516.438472] qemu-system-ppc[42884]: illegal instruction (4) at 76c9f84c49a0 nip 76c9f84c49a0 lr 1f12839d9f0 code 1 in libc-2.33.so[76c9f8380000+220000]
[ 1516.438489] qemu-system-ppc[42884]: code: e8010010 7c0803a6 4e800020 60420000 7ca42b78 4bffed65 60000000 38210020
[ 1516.438493] qemu-system-ppc[42884]: code: e8010010 7c0803a6 4e800020 60420000 <44000001> 4bffffb8 60000000 60420000

The chip I used for this test is:
Model: 2.2 (pvr 004e 1202)
Model name: POWER9, altivec supported

The syscall this crashes in belongs to the ioctl
(gdb) bt
#0 __GI___ioctl (fd=<optimized out>, request=536915584) at ../sysdeps/unix/sysv/linux/powerpc/ioctl.c:56
#1 0x00000cb63ef7d9f0 in kvm_vcpu_ioctl (cpu=cpu@entry=0x7d0f48010010, type=type@entry=536915584) at ../../accel/kvm/kvm-all.c:2654
#2 0x00000cb63ef7dbdc in kvm_cpu_exec (cpu=0x7d0f48010010) at ../../accel/kvm/kvm-all.c:2491
#3 0x00000cb63ee78344 in kvm_vcpu_thread_fn (arg=0x7d0f48010010) at ../../accel/kvm/kvm-cpus.c:49
#4 0x00000cb63f1d14bc in qemu_thread_start (args=<optimized out>) at ../../util/qemu-thread-posix.c:521
#5 0x00007d0f4ac69114 in start_thread (arg=0x7d0f23dfe720) at pthread_create.c:473
#6 0x00007d0f4ab755c0 in clone () at ../sysdeps/unix/sysv/linux/powerpc/powerpc64/clone.S:103

And jumping into the code of the __GI___ioctl we can clearly see
the scv instruction is indeed there in the executed code path:

   0x7ffff66c4984 <__GI___ioctl+292> bl 0x7ffff66c36e8 <__GI___tcgetattr+8>
   0x7ffff66c4988 <__GI___ioctl+296> nop
   0x7ffff66c498c <__GI___ioctl+300> addi r1,r1,32
   0x7ffff66c4990 <__GI___ioctl+304> ld r0,16(r1)
   0x7ffff66c4994 <__GI___ioctl+308> mtlr r0
   0x7ffff66c4998 <__GI___ioctl+312> blr
   0x7ffff66c499c <__GI___ioctl+316> ori r2,r2,0
  >0x7ffff66c49a0 <__GI___ioctl+320> scv 0

[1]: https://webcache.googleusercontent.com/search?q=cache:uS0jhPekyqMJ:https://syzkaller-ppc64.appspot.com/text%3Ftag%3DCrashReport%26x%3D17d99883000000+&cd=2&hl=de&ct=clnk&gl=uk
[2]: https://git.qemu.org/?p=qemu.git;a=commit;h=3c89b8d6ac5b8728cd7620f9885bd953edd18a11
[3]: https://lists.gnu.org/archive/html/qemu-devel/2021-03/msg05425.html
[4]: https://sourceware.org/git/?p=glibc.git;a=commit;h=68ab82f56690ada86ac1e0c46bad06ba189a10ef
[5]: https://sourceware.org/git/?p=glibc.git;a=commit;h=41f013cef24884604c303435dd1915be2ea5c0e0
[6]: https://sourceware.org/git/?p=glibc.git;a=commit;h=527c89cd32f8522859f58343be3d3dc8f754b783
[7]: https://wiki.raptorcs.com/wiki/Sforza
[8]: https://wiki.raptorcs.com/wiki/Talos_II
[9]: https://wiki.raptorcs.com/wiki/POWER9
[10]: https://lwn.net/Articles/822867/

Hi Sadoon,
thanks for the report!
There isn't much to find about this issue yet.
One automatic syscaller crash report [1].
On the emulation side there is [2][3].

I was trying to recreate this on power8 and power9 machines.
As expected on power8 just nothing happens (the instruction isn't used due to [6]).
TBH I first wondered if these Sforza chips [7][8][9] you mentioned are
fully identical to a classic IBM p9 box - but I was indeed able to reproduce
the issue just fine on an IBM-sold P9
dmesg:
[ 1516.438442] Facility 'SCV' unavailable (12), exception at 0x76c9f84c49a0, MSR=900000000280f033
[ 1516.438472] qemu-system-ppc[42884]: illegal instruction (4) at 76c9f84c49a0 nip 76c9f84c49a0 lr 1f12839d9f0 code 1 in libc-2.33.so[76c9f8380000+220000]
[ 1516.438489] qemu-system-ppc[42884]: code: e8010010 7c0803a6 4e800020 60420000 7ca42b78 4bffed65 60000000 38210020 
[ 1516.438493] qemu-system-ppc[42884]: code: e8010010 7c0803a6 4e800020 60420000 <44000001> 4bffffb8 60000000 60420000

The chip I used for this test is:
Model:                           2.2 (pvr 004e 1202)
Model name:                      POWER9, altivec supported

The syscall this crashes in belongs to the ioctl
(gdb) bt
#0  __GI___ioctl (fd=<optimized out>, request=536915584) at ../sysdeps/unix/sysv/linux/powerpc/ioctl.c:56
#1  0x00000cb63ef7d9f0 in kvm_vcpu_ioctl (cpu=cpu@entry=0x7d0f48010010, type=type@entry=536915584) at ../../accel/kvm/kvm-all.c:2654
#2  0x00000cb63ef7dbdc in kvm_cpu_exec (cpu=0x7d0f48010010) at ../../accel/kvm/kvm-all.c:2491
#3  0x00000cb63ee78344 in kvm_vcpu_thread_fn (arg=0x7d0f48010010) at ../../accel/kvm/kvm-cpus.c:49
#4  0x00000cb63f1d14bc in qemu_thread_start (args=<optimized out>) at ../../util/qemu-thread-posix.c:521
#5  0x00007d0f4ac69114 in start_thread (arg=0x7d0f23dfe720) at pthread_create.c:473
#6  0x00007d0f4ab755c0 in clone () at ../sysdeps/unix/sysv/linux/powerpc/powerpc64/clone.S:103

And jumping into the code of the  __GI___ioctl we can clearly see
the scv instruction is indeed there in the executed code path:

0x7ffff66c4984 <__GI___ioctl+292>       bl      0x7ffff66c36e8 <__GI___tcgetattr+8>
   0x7ffff66c4988 <__GI___ioctl+296>       nop
   0x7ffff66c498c <__GI___ioctl+300>       addi    r1,r1,32
   0x7ffff66c4990 <__GI___ioctl+304>       ld      r0,16(r1)
   0x7ffff66c4994 <__GI___ioctl+308>       mtlr    r0
   0x7ffff66c4998 <__GI___ioctl+312>       blr
   0x7ffff66c499c <__GI___ioctl+316>       ori     r2,r2,0
  >0x7ffff66c49a0 <__GI___ioctl+320>       scv     0