Re: [PATCH 066/147] include/exec: Move TLB_MMIO, TLB_DISCARD_WRITE to slow flags

Tue, 29 Apr 2025 19:44:09 -0700 

On 4/29/25 14:35, Alistair Francis wrote:

On Sat, Apr 26, 2025 at 3:36 AM Jonathan Cameron via
<qemu-devel@nongnu.org> wrote:


On Tue, 22 Apr 2025 12:26:55 -0700
Richard Henderson <richard.hender...@linaro.org> wrote:


Recover two bits from the inline flags.



Hi Richard,

Early days but something (I'm fairly sure in this patch) is tripping up my 
favourite
TCG corner case of running code out of MMIO memory (interleaved CXL memory).

Only seeing it on arm64 tests so far which isn't upstream yet..
(guess what I was getting ready to post today)

Back trace is:

#0  0x0000555555fd4296 in cpu_atomic_fetch_andq_le_mmu (env=0x555557ee19b0, 
addr=18442241572520067072, val=18446744073701163007, oi=8244, retaddr=<optimized 
out>) at ../../accel/tcg/atomic_template.h:140
#1  0x00007fffb6894125 in code_gen_buffer ()
#2  0x0000555555fc4c46 in cpu_tb_exec (cpu=cpu@entry=0x555557ededf0, 
itb=itb@entry=0x7fffb6894000 <code_gen_buffer+200511443>, 
tb_exit=tb_exit@entry=0x7ffff4bfb744) at ../../accel/tcg/cpu-exec.c:455
#3  0x0000555555fc51c2 in cpu_loop_exec_tb (tb_exit=0x7ffff4bfb744, last_tb=<synthetic 
pointer>, pc=<optimized out>, tb=0x7fffb6894000 <code_gen_buffer+200511443>, 
cpu=0x555557ededf0) at ../../accel/tcg/cpu-exec.c:904
#4  cpu_exec_loop (cpu=cpu@entry=0x555557ededf0, sc=sc@entry=0x7ffff4bfb7f0) at 
../../accel/tcg/cpu-exec.c:1018
#5  0x0000555555fc58f1 in cpu_exec_setjmp (cpu=cpu@entry=0x555557ededf0, 
sc=sc@entry=0x7ffff4bfb7f0) at ../../accel/tcg/cpu-exec.c:1035
#6  0x0000555555fc5f6c in cpu_exec (cpu=cpu@entry=0x555557ededf0) at 
../../accel/tcg/cpu-exec.c:1061
#7  0x0000555556146ac3 in tcg_cpu_exec (cpu=cpu@entry=0x555557ededf0) at 
../../accel/tcg/tcg-accel-ops.c:81
#8  0x0000555556146ee3 in mttcg_cpu_thread_fn (arg=arg@entry=0x555557ededf0) at 
../../accel/tcg/tcg-accel-ops-mttcg.c:94
#9  0x00005555561f6450 in qemu_thread_start (args=0x555557f8f430) at 
../../util/qemu-thread-posix.c:541
#10 0x00007ffff7750aa4 in start_thread (arg=<optimized out>) at 
./nptl/pthread_create.c:447
#11 0x00007ffff77ddc3c in clone3 () at 
../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

I haven't pushed out the rebased tree yet making this a truly awful bug report.

The pull request you sent with this in wasn't bisectable so this was a bit of a 
guessing
game. I see the seg fault only after this patch.


I see the same thing with some RISC-V tests. I can provide the test
images if you want as well



Yes please.


r~























					Reply via email to