Public bug reported:
While working with qtest test cases generated via fuzzing with QEMU
2.5.0, I discovered some odd behavior for the AC97 virtual device with
qemu-system-i386. If AC97_MIC_ADC_RATE is set to the value of 1, the
QEMU process allocates over 500MB of additional host RAM. You probably
would not normally notice this on a modern PC, except that I was using a
"ulimit" command to restrict the maximum amount of virtual memory
allowed for the QEMU process, so the process would crash with a SIGTRAP
(signal 5) on the failed memory allocation.
My minimized qtest code to reproduce the issue is:
static void test_crash(void)
{
uint64_t barsize;
dev = get_device();
dev_base[0] = qpci_iomap(dev, 0, &barsize);
dev_base[1] = qpci_iomap(dev, 1, &barsize);
qpci_device_enable(dev);
qpci_io_writew(dev, dev_base[0]+0x32, 0x00000001);
}
I ran a "ulimit -sv 650000" command and then launched the
tests/ac97-test binary with this crash test case included in it. I can
then see the QEMU process crash on an allocation of 722538464 bytes. I
can gradually increase the ulimit memory limit to ~1200000 and then no
longer see the issue, hence my estimate of 500 MB of RAM allocated by
the device.
** Affects: qemu
Importance: Undecided
Status: New
** Tags: ac97
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1603779
Title:
AC97 can allocate ~500MB of host RAM
Status in QEMU:
New
Bug description:
While working with qtest test cases generated via fuzzing with QEMU
2.5.0, I discovered some odd behavior for the AC97 virtual device with
qemu-system-i386. If AC97_MIC_ADC_RATE is set to the value of 1, the
QEMU process allocates over 500MB of additional host RAM. You probably
would not normally notice this on a modern PC, except that I was using
a "ulimit" command to restrict the maximum amount of virtual memory
allowed for the QEMU process, so the process would crash with a
SIGTRAP (signal 5) on the failed memory allocation.
My minimized qtest code to reproduce the issue is:
static void test_crash(void)
{
uint64_t barsize;
dev = get_device();
dev_base[0] = qpci_iomap(dev, 0, &barsize);
dev_base[1] = qpci_iomap(dev, 1, &barsize);
qpci_device_enable(dev);
qpci_io_writew(dev, dev_base[0]+0x32, 0x00000001);
}
I ran a "ulimit -sv 650000" command and then launched the
tests/ac97-test binary with this crash test case included in it. I can
then see the QEMU process crash on an allocation of 722538464 bytes. I
can gradually increase the ulimit memory limit to ~1200000 and then no
longer see the issue, hence my estimate of 500 MB of RAM allocated by
the device.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1603779/+subscriptions
