[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [Bug 1404690] Re: Qemu crashes with chrooted m68k
From: |
Peter Maydell |
Subject: |
[Qemu-devel] [Bug 1404690] Re: Qemu crashes with chrooted m68k |
Date: |
Mon, 22 Dec 2014 22:49:01 -0000 |
I've identified the cause of "ls" not returning any output, but I don't
think we can fix it in QEMU.
This happens if the host fs is ext3 or ext4 on a 64 bit system. Here the
"d_off" entry in a linux_dirent64 is actually a hashtable hash, and so
can be a full 64 bits. Unfortunately the guest binary here is trying to
convert getdents64() syscall return information into a dirent with only
a 32 bit offset field, and so it (guest libc, I think) just ignores
dirents with offsets >4GB, which is all of them.
Sadly although ext3/4 support an f_mode bit for "make hash offsets fit
in 32 bit", this is only for the benefit of kernel internal APIs (it's
used by NFS) and AFAICT can't be set by userspace. So I can't at the
moment think of any way for QEMU to deal with this...
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1404690
Title:
Qemu crashes with chrooted m68k
Status in QEMU:
New
Bug description:
I'm using qemu-m68k 2.2.0 to chroot into a m68k coldfire linux, which
works fine on the coldfire machine.
I've been able to use binfmt_msc and used the above code to use qemu
with strace:
#include <unistd.h>
#include <string.h>
int main(int argc, char **argv, char **envp) {
char *newargv[argc + 4];
newargv[0] = argv[0];
newargv[1] = "-cpu";
newargv[2] = "cfv4e";
newargv[3] = "-strace";
memcpy(&newargv[4], &argv[1], sizeof(*argv) * (argc - 1));
newargv[argc + 3] = NULL;
return execve("/usr/bin/qemu-m68k", newargv, envp);
}
Everything works fine. I can run bash, busybox, ash, but when I try to
run a ls or just type an invalid command, I got the attached sequence
of messages, which end like so:
11351 waitpid(-1,0xf6fffa00,0x3) = -1 errno=10 (No child processes)
qemu: fatal: Illegal instruction: 0000 @ f6fffa30
D0 = ffffffff A0 = f67dcf50 F0 = 0000000000000000 ( 0)
D1 = 0000000a A1 = f66e0898 F1 = 0000000000000000 ( 0)
D2 = f6fffaa8 A2 = f67df268 F2 = 0000000000000000 ( 0)
D3 = 00000000 A3 = 00000000 F3 = 0000000000000000 ( 0)
D4 = 00000008 A4 = 800026c4 F4 = 0000000000000000 ( 0)
D5 = 00000000 A5 = f67d98e0 F5 = 0000000000000000 ( 0)
D6 = f6fffaa8 A6 = f6fffa7c F6 = 0000000000000000 ( 0)
D7 = 00000002 A7 = f6fffa24 F7 = 0000000000000000 ( 0)
PC = f6fffa30 SR = 0000 ----- FPRESULT = 0
Aborted
How can I debug it further to try to figure out if this is a qemu
issue or not? Thanks
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1404690/+subscriptions