From owner-freebsd-ppc@freebsd.org Sun Aug 27 16:50:31 2017 Return-Path: Delivered-To: freebsd-ppc@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 33A8BDF3550 for ; Sun, 27 Aug 2017 16:50:31 +0000 (UTC) (envelope-from dclarke@blastwave.org) Received: from atl4mhfb01.myregisteredsite.com (atl4mhfb01.myregisteredsite.com [209.17.115.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id F2AA876E27 for ; Sun, 27 Aug 2017 16:50:30 +0000 (UTC) (envelope-from dclarke@blastwave.org) Received: from atl4mhob04.registeredsite.com (atl4mhob04.registeredsite.com [209.17.115.42]) by atl4mhfb01.myregisteredsite.com (8.14.4/8.14.4) with ESMTP id v7RGoMvf006172 for ; Sun, 27 Aug 2017 12:50:23 -0400 Received: from mailpod.hostingplatform.com ([10.30.77.35]) by atl4mhob04.registeredsite.com (8.14.4/8.14.4) with ESMTP id v7RGoDNF029957 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Sun, 27 Aug 2017 12:50:14 -0400 Received: (qmail 28575 invoked by uid 0); 27 Aug 2017 16:50:13 -0000 X-TCPREMOTEIP: 99.253.103.29 X-Authenticated-UID: dclarke@blastwave.org Received: from unknown (HELO ?172.16.35.9?) (dclarke@blastwave.org@99.253.103.29) by 0 with ESMTPA; 27 Aug 2017 16:50:13 -0000 To: freebsd-ppc@freebsd.org From: Dennis Clarke Subject: Where would I look to find release 8.1 iso files ? Message-ID: <775bd926-9937-7022-0f51-cf0b745d04ea@blastwave.org> Date: Sun, 27 Aug 2017 12:50:12 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 Thunderbird/56.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-ppc@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Porting FreeBSD to the PowerPC List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Aug 2017 16:50:31 -0000 Dear FreeBSD : I am trying to install a reasonably stable operating system of some sort into a PowerMac G5 unit. There seems to be very little left on the planet that will work. I could try some Linux out there but I would like to stay with a "UNIX" type system. I have now yet looked at the OpenBSD types and I don't even know if there is a stable build for ye old super PowerPC64 anyways. So where would I look to make some bootable DVD's to see if I can install FreeBSD on this PowerMac G5 ? Is the 8.1 release really the last one that can work in a stable fashion ? Dennis From owner-freebsd-ppc@freebsd.org Sun Aug 27 17:34:42 2017 Return-Path: Delivered-To: freebsd-ppc@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0CABCDF44C8 for ; Sun, 27 Aug 2017 17:34:42 +0000 (UTC) (envelope-from chmeeedalf@gmail.com) Received: from mail-lf0-x231.google.com (mail-lf0-x231.google.com [IPv6:2a00:1450:4010:c07::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 860CC7CBAD for ; Sun, 27 Aug 2017 17:34:41 +0000 (UTC) (envelope-from chmeeedalf@gmail.com) Received: by mail-lf0-x231.google.com with SMTP id y15so14683382lfd.0 for ; Sun, 27 Aug 2017 10:34:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=SeVktMitXv3jWyidKP7AijGhj/nnbhbRoibt1EOmZ0Y=; b=XpKY6rP0Qs6vnefeZF/YnoPDUp77/nXbmeEJuHqcfG0AgRKeBaQrralgt5k1+z9cC2 p0mnsVHWBKV7ID2AOpVcOgM8bbb7l07amydcxrZLuqb/MksQIReN+BKgu4LXD00NDrDu NXJO2mjQkqdQya4k2qGuBaHU1/OaXHwmxOjBeMk5ZiXqikS+iw+Ze51Q4D2ZEkeMlOkS dUzZmkOUWuG4cQ3HMpynEQfc5MdoXnUsoLwl73Ma0m/RjgwrI9UBQ/xAkOGgauBlv7aM fxtp8wW2TXEuX7iVwesr0ijoiRtu9r7m5wThDBIveZJLMBsvIUUdDy1A2qTrJBUyEp/s KjKg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=SeVktMitXv3jWyidKP7AijGhj/nnbhbRoibt1EOmZ0Y=; b=U7zm2KDKyWH5CQMZD4Rf607HFISKCJyDbBJLpm3crmMpF1dK0jNhdWIcAH27WLxeTs GknBStaGBqpYZ77XqgBxCJ/SbzvOpOLZNzYYbhVoXYVor4DCeYsAr9VNtJb+7YJy1air aNm9vNKtpFRJrIjdQiRLgXaRtlv7PAl97f80nB9X9AFbjkEj475LXESbyE2vnqA41/Os WNAjFPPu7xWBsppoXVbaZNmlYVxoeNt8wH7svypoqBkqXAZVTbr2jLTKoAScwPeVKlgD A07iUG/nuMDuXT/fBT3JVauMKWZEUSaIZoePtbizmBM/4gcOGNZWUoR0Yqte+DFR7vMJ AaSw== X-Gm-Message-State: AHYfb5jxmgcelaK3/EiMhycGUNmRs7GC5vpa/W+n5nCD2EBo6r3Etqah GgsXg/SFhR7F+b9Hm0z7Dv990AJ8MA== X-Received: by 10.46.8.25 with SMTP id 25mr1572069lji.39.1503855279735; Sun, 27 Aug 2017 10:34:39 -0700 (PDT) MIME-Version: 1.0 Received: by 10.46.87.73 with HTTP; Sun, 27 Aug 2017 10:34:38 -0700 (PDT) Received: by 10.46.87.73 with HTTP; Sun, 27 Aug 2017 10:34:38 -0700 (PDT) In-Reply-To: <775bd926-9937-7022-0f51-cf0b745d04ea@blastwave.org> References: <775bd926-9937-7022-0f51-cf0b745d04ea@blastwave.org> From: Justin Hibbits Date: Sun, 27 Aug 2017 12:34:38 -0500 Message-ID: Subject: Re: Where would I look to find release 8.1 iso files ? To: Dennis Clarke Cc: FreeBSD PowerPC ML Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-ppc@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Porting FreeBSD to the PowerPC List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Aug 2017 17:34:42 -0000 Hi Dennis, 11.1 (latest release) should run stable on the G5. I run current on mine, dated back to March. - Justin On Aug 27, 2017 11:50, "Dennis Clarke" wrote: Dear FreeBSD : I am trying to install a reasonably stable operating system of some sort into a PowerMac G5 unit. There seems to be very little left on the planet that will work. I could try some Linux out there but I would like to stay with a "UNIX" type system. I have now yet looked at the OpenBSD types and I don't even know if there is a stable build for ye old super PowerPC64 anyways. So where would I look to make some bootable DVD's to see if I can install FreeBSD on this PowerMac G5 ? Is the 8.1 release really the last one that can work in a stable fashion ? Dennis _______________________________________________ freebsd-ppc@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ppc To unsubscribe, send any mail to "freebsd-ppc-unsubscribe@freebsd.org" From owner-freebsd-ppc@freebsd.org Sun Aug 27 17:44:42 2017 Return-Path: Delivered-To: freebsd-ppc@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 72A9EDF48B0 for ; Sun, 27 Aug 2017 17:44:42 +0000 (UTC) (envelope-from dclarke@blastwave.org) Received: from atl4mhfb02.myregisteredsite.com (atl4mhfb02.myregisteredsite.com [209.17.115.118]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3A2407D152 for ; Sun, 27 Aug 2017 17:44:41 +0000 (UTC) (envelope-from dclarke@blastwave.org) Received: from atl4mhob07.registeredsite.com (atl4mhob07.registeredsite.com [209.17.115.45]) by atl4mhfb02.myregisteredsite.com (8.14.4/8.14.4) with ESMTP id v7RHfQoM012029 for ; Sun, 27 Aug 2017 13:41:26 -0400 Received: from mailpod.hostingplatform.com ([10.30.77.36]) by atl4mhob07.registeredsite.com (8.14.4/8.14.4) with ESMTP id v7RHfIfA017506 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Sun, 27 Aug 2017 13:41:18 -0400 Received: (qmail 9221 invoked by uid 0); 27 Aug 2017 17:41:18 -0000 X-TCPREMOTEIP: 99.253.103.29 X-Authenticated-UID: dclarke@blastwave.org Received: from unknown (HELO ?172.16.35.9?) (dclarke@blastwave.org@99.253.103.29) by 0 with ESMTPA; 27 Aug 2017 17:41:18 -0000 Subject: Re: Where would I look to find release 8.1 iso files ? To: Justin Hibbits Cc: FreeBSD PowerPC ML References: <775bd926-9937-7022-0f51-cf0b745d04ea@blastwave.org> From: Dennis Clarke Message-ID: <2feb3b83-b2a9-42a5-8c64-cd7d2c76c31b@blastwave.org> Date: Sun, 27 Aug 2017 13:41:17 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 Thunderbird/56.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-ppc@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Porting FreeBSD to the PowerPC List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Aug 2017 17:44:42 -0000 On 8/27/17 1:34 PM, Justin Hibbits wrote: > Hi Dennis, > > 11.1 (latest release) should run stable on the G5. I run current on > mine, dated back to March. Thank you ! I did a bit of digging and also found that the most recent should work fine. Therefore I will backup this unit because it has an old debian release on it and quite frankly the debian folks dropped the support on ppc64 it seems. Either way it is a struggle to work with. I am hoping the the freebsd world is far better. What is the compiler of choice on freebsd? I am goiung to guess gcc is available as well as some of the usual gnu tools for a toolchain. I did download the FreeBSD-11.1-RELEASE-powerpc-powerpc64-dvd1.iso.xz file from a mirror but it looks way way too small. Shouldn't the install DVD be around 3GB in size? Uncompressed this is only 878MB. Dennis From owner-freebsd-ppc@freebsd.org Sun Aug 27 17:46:26 2017 Return-Path: Delivered-To: freebsd-ppc@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A2AC5DF4A83 for ; Sun, 27 Aug 2017 17:46:26 +0000 (UTC) (envelope-from chmeeedalf@gmail.com) Received: from mail-lf0-x231.google.com (mail-lf0-x231.google.com [IPv6:2a00:1450:4010:c07::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1C6A17D433 for ; Sun, 27 Aug 2017 17:46:26 +0000 (UTC) (envelope-from chmeeedalf@gmail.com) Received: by mail-lf0-x231.google.com with SMTP id d17so14625521lfe.1 for ; Sun, 27 Aug 2017 10:46:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Hg+SWYnPDSsSNNJpnNvXCinVjwZGReoHjJ04k7znv5Q=; b=MYoVKWGmaBGhV3BOfftDNgERWOvTky43a0a9KJ9pJ6S80SHMj16qmkVRjzqOPEdMH0 P2viMUhsS2tNhUp6sH+POfeCHpWSBr+o6T4ouPeJrrPS8O5fKjOyo39EJMK0HSbl4I15 rORS/oC00BrUrhbTwxUmhUXWTQm1mPPfldwE1NAUWUgeQTWeDQOePwF0uWUBPEkZxf5l bdlk1Bdu9JtieMnK3UCtcnff/gUkMA2Tp8E/4sguDw9wBeJmTlPO4RmvUDqU02LDxcps R26a329DRIS+tPmwhPrAx7pJV+nxg+JHI3xn2QWyWKCN4TUahoxQQV2dt/4jlBvAOI2i O5DQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Hg+SWYnPDSsSNNJpnNvXCinVjwZGReoHjJ04k7znv5Q=; b=UO5UNkE6tmSfnjnB+bIKSOjpsREasVDettuR/zhs2OMjFlqlFjLSdwai9W9tkhA+2Y NYQkzoj4yIbujzgipCxX589XpJG8ev+E4R7D0GK3J6GZmOkVARP663N5594x0RR7yKpv NfxrD8wxNg4J7u7NWkuhwg0LUPf5KKbLyl/0OTU7aNygwltJ7qBJ4ntkXk9W08pLEqAn QZ/MUjUt2T2kk+NBsmvJKLXbwJC7u8rYCApOFmBB5Ko4EwDSY7gfl+7PqGbgJBzAHNXi /K7PsnNZk7IFA9Ek5sZGUKvqbvjyPjZK0AT4xvm3fclU4jsyg9vaHHddEzb+R4c46N2G Y7FA== X-Gm-Message-State: AHYfb5gBlOQTeRQaPQVwLRZyPGIUQ9jsRmoCjyJhCfpmG+V58W5mO5kO 6+Qv/h9/kkJkEl5TQy3P3iB/gq4h0w== X-Received: by 10.25.206.4 with SMTP id e4mr1324602lfg.74.1503855984202; Sun, 27 Aug 2017 10:46:24 -0700 (PDT) MIME-Version: 1.0 Received: by 10.46.87.73 with HTTP; Sun, 27 Aug 2017 10:46:23 -0700 (PDT) Received: by 10.46.87.73 with HTTP; Sun, 27 Aug 2017 10:46:23 -0700 (PDT) In-Reply-To: <2feb3b83-b2a9-42a5-8c64-cd7d2c76c31b@blastwave.org> References: <775bd926-9937-7022-0f51-cf0b745d04ea@blastwave.org> <2feb3b83-b2a9-42a5-8c64-cd7d2c76c31b@blastwave.org> From: Justin Hibbits Date: Sun, 27 Aug 2017 12:46:23 -0500 Message-ID: Subject: Re: Where would I look to find release 8.1 iso files ? To: Dennis Clarke Cc: FreeBSD PowerPC ML Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-ppc@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Porting FreeBSD to the PowerPC List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Aug 2017 17:46:26 -0000 On Aug 27, 2017 12:41, "Dennis Clarke" wrote: On 8/27/17 1:34 PM, Justin Hibbits wrote: > Hi Dennis, > > 11.1 (latest release) should run stable on the G5. I run current on mine, > dated back to March. > Thank you ! I did a bit of digging and also found that the most recent should work fine. Therefore I will backup this unit because it has an old debian release on it and quite frankly the debian folks dropped the support on ppc64 it seems. Either way it is a struggle to work with. I am hoping the the freebsd world is far better. What is the compiler of choice on freebsd? I am goiung to guess gcc is available as well as some of the usual gnu tools for a toolchain. Yeah we currently use GCC for PowerPC. Llvm is coming along but still needs some care. I did download the FreeBSD-11.1-RELEASE-powerpc-powerpc64-dvd1.iso.xz file from a mirror but it looks way way too small. Shouldn't the install DVD be around 3GB in size? Uncompressed this is only 878MB. Dennis That sounds right. We don't have previously packages for PowerPC right now, so the DVD is my smaller than for x86. - Justin From owner-freebsd-ppc@freebsd.org Sun Aug 27 18:09:39 2017 Return-Path: Delivered-To: freebsd-ppc@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8B737DF513E for ; Sun, 27 Aug 2017 18:09:39 +0000 (UTC) (envelope-from dclarke@blastwave.org) Received: from atl4mhfb01.myregisteredsite.com (atl4mhfb01.myregisteredsite.com [209.17.115.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 51C0D7DFF1 for ; Sun, 27 Aug 2017 18:09:38 +0000 (UTC) (envelope-from dclarke@blastwave.org) Received: from atl4mhob14.registeredsite.com (atl4mhob14.registeredsite.com [209.17.115.52]) by atl4mhfb01.myregisteredsite.com (8.14.4/8.14.4) with ESMTP id v7RI9axB006937 for ; Sun, 27 Aug 2017 14:09:36 -0400 Received: from mailpod.hostingplatform.com ([10.30.77.36]) by atl4mhob14.registeredsite.com (8.14.4/8.14.4) with ESMTP id v7RI9QxX026542 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Sun, 27 Aug 2017 14:09:26 -0400 Received: (qmail 15405 invoked by uid 0); 27 Aug 2017 18:09:26 -0000 X-TCPREMOTEIP: 99.253.103.29 X-Authenticated-UID: dclarke@blastwave.org Received: from unknown (HELO ?172.16.35.9?) (dclarke@blastwave.org@99.253.103.29) by 0 with ESMTPA; 27 Aug 2017 18:09:26 -0000 Subject: Re: Where would I look to find release 8.1 iso files ? To: Justin Hibbits Cc: FreeBSD PowerPC ML References: <775bd926-9937-7022-0f51-cf0b745d04ea@blastwave.org> <2feb3b83-b2a9-42a5-8c64-cd7d2c76c31b@blastwave.org> From: Dennis Clarke Message-ID: Date: Sun, 27 Aug 2017 14:09:25 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 Thunderbird/56.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-ppc@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Porting FreeBSD to the PowerPC List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Aug 2017 18:09:39 -0000 > Yeah we currently use GCC for PowerPC. Llvm is coming along but still > needs some care. Perfect. I will be doing a bootstrap of gcc 7.2.0 in any case. > I did download the FreeBSD-11.1-RELEASE-powerpc-powerpc64-dvd1.iso.xz > file from a mirror but it looks way way too small. Shouldn't the install > DVD be around 3GB in size?  Uncompressed this is only 878MB. > > Dennis > > > That sounds right. We don't have previously packages for PowerPC right > now, so the DVD is my smaller than for x86. Even more perfect. Stripped down and bare bones is just fine. So long as there is a console, very basic networking and ssh as well as gcc and some sort of termcap setup then I am fine. If I had it my way there would be a serial console at 9600 baud 8n1. No need for X. Yet. Dennis From owner-freebsd-ppc@freebsd.org Sun Aug 27 19:10:05 2017 Return-Path: Delivered-To: freebsd-ppc@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2D0D6DF62CD for ; Sun, 27 Aug 2017 19:10:05 +0000 (UTC) (envelope-from dclarke@blastwave.org) Received: from atl4mhfb03.myregisteredsite.com (atl4mhfb03.myregisteredsite.com [209.17.115.119]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E0BF67F969 for ; Sun, 27 Aug 2017 19:10:04 +0000 (UTC) (envelope-from dclarke@blastwave.org) Received: from atl4mhob16.registeredsite.com (atl4mhob16.registeredsite.com [209.17.115.109]) by atl4mhfb03.myregisteredsite.com (8.14.4/8.14.4) with ESMTP id v7RJ5VI0022546 for ; Sun, 27 Aug 2017 15:05:31 -0400 Received: from mailpod.hostingplatform.com ([10.30.77.35]) by atl4mhob16.registeredsite.com (8.14.4/8.14.4) with ESMTP id v7RJ5NHK038915 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Sun, 27 Aug 2017 15:05:23 -0400 Received: (qmail 13220 invoked by uid 0); 27 Aug 2017 19:05:23 -0000 X-TCPREMOTEIP: 99.253.103.29 X-Authenticated-UID: dclarke@blastwave.org Received: from unknown (HELO ?172.16.35.9?) (dclarke@blastwave.org@99.253.103.29) by 0 with ESMTPA; 27 Aug 2017 19:05:23 -0000 To: FreeBSD PowerPC ML From: Dennis Clarke Subject: another question .. is there a memory tester in the FreeBSD installer ? Message-ID: <25076b54-9bbe-4ceb-ec0a-ae7502365da3@blastwave.org> Date: Sun, 27 Aug 2017 15:05:22 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 Thunderbird/56.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-ppc@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Porting FreeBSD to the PowerPC List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Aug 2017 19:10:05 -0000 Just curious. I am fairly certain that I have a memory fault in this old power mac g5 but would love to run a tester on it. Dennis From owner-freebsd-ppc@freebsd.org Wed Aug 30 10:09:44 2017 Return-Path: Delivered-To: freebsd-ppc@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D88E8DF4A06 for ; Wed, 30 Aug 2017 10:09:44 +0000 (UTC) (envelope-from markmi@dsl-only.net) Received: from asp.reflexion.net (outbound-mail-210-94.reflexion.net [208.70.210.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 859C765F4B for ; Wed, 30 Aug 2017 10:09:43 +0000 (UTC) (envelope-from markmi@dsl-only.net) Received: (qmail 7317 invoked from network); 30 Aug 2017 10:09:42 -0000 Received: from unknown (HELO mail-cs-01.app.dca.reflexion.local) (10.81.19.1) by 0 (rfx-qmail) with SMTP; 30 Aug 2017 10:09:42 -0000 Received: by mail-cs-01.app.dca.reflexion.local (Reflexion email security v8.40.2) with SMTP; Wed, 30 Aug 2017 06:09:42 -0400 (EDT) Received: (qmail 32279 invoked from network); 30 Aug 2017 10:09:41 -0000 Received: from unknown (HELO iron2.pdx.net) (69.64.224.71) by 0 (rfx-qmail) with (AES256-SHA encrypted) SMTP; 30 Aug 2017 10:09:41 -0000 Received: from [192.168.1.109] (c-67-170-167-181.hsd1.or.comcast.net [67.170.167.181]) by iron2.pdx.net (Postfix) with ESMTPSA id 19411EC8143; Wed, 30 Aug 2017 03:09:41 -0700 (PDT) From: Mark Millard Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: FYI: qemu-ppc64-static and qemu-ppc-static "live-hang" when I attempt use with poudriere; qemu-arm-static and qemu-aarch64-static work Message-Id: <7BCCF7B6-7AA0-470E-A3ED-9D116E13DBFC@dsl-only.net> Date: Wed, 30 Aug 2017 03:09:40 -0700 Cc: freebsd-arm To: FreeBSD Toolchain , FreeBSD PowerPC ML , FreeBSD Ports X-Mailer: Apple Mail (2.3273) X-BeenThere: freebsd-ppc@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Porting FreeBSD to the PowerPC List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Aug 2017 10:09:45 -0000 qemu-ppc64-static and qemu-ppc-static "live-hang" when I attempt use them with poudriere, hanging at the command (showing an example process id): /usr/local/bin/qemu-ppc-static /bin/ps -ww -p 47841 -o jid=3D which eats CPU time and grows memory SIZE over time. Examples from after waiting a while in each case: PID USERNAME THR PRI NICE SIZE RES SWAP STATE C TIME = CPU COMMAND 48319 root 2 103 0 8413M 234M 0K CPU11 11 2:50 = 101.97% /usr/local/bin/qemu-ppc64-static /bin/ps -ww -p 48318 -o jid PID USERNAME THR PRI NICE SIZE RES SWAP STATE C TIME = CPU COMMAND 47842 root 2 103 0 16597M 455M 0K CPU1 1 5:25 = 96.38% /usr/local/bin/qemu-ppc-static /bin/ps -ww -p 47841 -o jid=3D By contrast I've no such problem with qemu-arm-static or qemu-aarch64-static : these were able to build lang/gcc7 (full bootstrap) in between 4 and 5 hours hours each, the prerequisites also being built in the process. # svnlite info /usr/ports/ | grep "Re[plv]" Relative URL: ^/head Repository Root: svn://svn.freebsd.org/ports Repository UUID: 35697150-7ecd-e111-bb59-0022644237b5 Revision: 448068 Last Changed Rev: 448068 My attempts to manually use qemu-ppc64-static and qemu-ppc-static (with -L supplied) also get such results. The same for qemu-ppc*-static running a statically linked rescue program (so no -L needed). It appears that qemu-ppc64-static and qemu-ppc-static from emulators/qemu-user-static are broken. =3D=3D=3D Mark Millard markmi at dsl-only.net From owner-freebsd-ppc@freebsd.org Wed Aug 30 11:00:50 2017 Return-Path: Delivered-To: freebsd-ppc@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 27AA9DF5ADF; Wed, 30 Aug 2017 11:00:50 +0000 (UTC) (envelope-from linimon@lonesome.com) Received: from mail.soaustin.net (mail.soaustin.net [192.108.105.60]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.soaustin.net", Issuer "StartCom Class 2 IV Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0D00367842; Wed, 30 Aug 2017 11:00:49 +0000 (UTC) (envelope-from linimon@lonesome.com) Received: from lonesome.com (bones.soaustin.net [192.108.105.22]) by mail.soaustin.net (Postfix) with ESMTPSA id 2F2AD67F; Wed, 30 Aug 2017 06:00:48 -0500 (CDT) Date: Wed, 30 Aug 2017 06:00:47 -0500 From: Mark Linimon To: Mark Millard Cc: FreeBSD Toolchain , FreeBSD PowerPC ML , FreeBSD Ports , freebsd-arm Subject: Re: FYI: qemu-ppc64-static and qemu-ppc-static "live-hang" when I attempt use with poudriere; qemu-arm-static and qemu-aarch64-static work Message-ID: <20170830110046.GA32595@lonesome.com> References: <7BCCF7B6-7AA0-470E-A3ED-9D116E13DBFC@dsl-only.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <7BCCF7B6-7AA0-470E-A3ED-9D116E13DBFC@dsl-only.net> User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-ppc@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Porting FreeBSD to the PowerPC List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Aug 2017 11:00:50 -0000 On Wed, Aug 30, 2017 at 03:09:40AM -0700, Mark Millard wrote: > It appears that qemu-ppc64-static and qemu-ppc-static from > emulators/qemu-user-static are broken. Correct, and known for some time. (fwiw sparc64 hangs as well.) mcl From owner-freebsd-ppc@freebsd.org Wed Aug 30 23:22:49 2017 Return-Path: Delivered-To: freebsd-ppc@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 957BCE0C897 for ; Wed, 30 Aug 2017 23:22:49 +0000 (UTC) (envelope-from markmi@dsl-only.net) Received: from asp.reflexion.net (outbound-mail-210-94.reflexion.net [208.70.210.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5442084613 for ; Wed, 30 Aug 2017 23:22:47 +0000 (UTC) (envelope-from markmi@dsl-only.net) Received: (qmail 6709 invoked from network); 30 Aug 2017 23:22:41 -0000 Received: from unknown (HELO mail-cs-02.app.dca.reflexion.local) (10.81.19.2) by 0 (rfx-qmail) with SMTP; 30 Aug 2017 23:22:41 -0000 Received: by mail-cs-02.app.dca.reflexion.local (Reflexion email security v8.40.2) with SMTP; Wed, 30 Aug 2017 19:22:41 -0400 (EDT) Received: (qmail 23177 invoked from network); 30 Aug 2017 23:22:41 -0000 Received: from unknown (HELO iron2.pdx.net) (69.64.224.71) by 0 (rfx-qmail) with (AES256-SHA encrypted) SMTP; 30 Aug 2017 23:22:41 -0000 Received: from [192.168.1.109] (c-67-170-167-181.hsd1.or.comcast.net [67.170.167.181]) by iron2.pdx.net (Postfix) with ESMTPSA id 846A0EC938A; Wed, 30 Aug 2017 16:22:40 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: FYI: qemu-ppc64-static and qemu-ppc-static "live-hang" when I attempt use with poudriere; qemu-arm-static and qemu-aarch64-static work From: Mark Millard In-Reply-To: <20170830110046.GA32595@lonesome.com> Date: Wed, 30 Aug 2017 16:22:39 -0700 Cc: FreeBSD Toolchain , FreeBSD PowerPC ML , FreeBSD Ports Content-Transfer-Encoding: quoted-printable Message-Id: References: <7BCCF7B6-7AA0-470E-A3ED-9D116E13DBFC@dsl-only.net> <20170830110046.GA32595@lonesome.com> To: Mark Linimon X-Mailer: Apple Mail (2.3273) X-BeenThere: freebsd-ppc@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Porting FreeBSD to the PowerPC List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Aug 2017 23:22:49 -0000 On 2017-Aug-30, at 4:00 AM, Mark Linimon wrote: > On Wed, Aug 30, 2017 at 03:09:40AM -0700, Mark Millard wrote: >> It appears that qemu-ppc64-static and qemu-ppc-static from >> emulators/qemu-user-static are broken. >=20 > Correct, and known for some time. (fwiw sparc64 hangs as well.) Looks like qemu-ppc64-static is stuck in a loop, calling repeatedly: do_freebsd_syscall (cpu_env=3D0x860ea3ac0, num=3D58, arg1=3D14, = arg2=3D35995509911, arg3=3D1024, arg4=3D268435904, arg5=3D281494784, = arg6=3D35985701568, arg7=3D515, arg8=3D35985668288) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/syscall.c:210 210 = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/syscall.c: No such file or directory. Which is for: 58 AUE_READLINK STD { ssize_t readlink(char *path, char = *buf, \ size_t count); } As confirmed by (note the "callq 0x60207360 " ): (gdb)=20 lock_user_string (guest_addr=3D14) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/qemu.h:508 508 = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/qemu.h: No such file or directory. (gdb) x/64i 0x0000000060045d3e =3D> 0x60045d3e : callq 0x6004fd20 = 0x60045d43 : test %rax,%rax 0x60045d46 : js 0x6004b99c = 0x60045d4c : inc %rax 0x60045d4f : mov $0x1,%edx 0x60045d54 : mov %rbx,%rdi 0x60045d57 : mov %rax,%rsi 0x60045d5a : callq 0x6003c430 = 0x60045d5f : test %eax,%eax 0x60045d61 : jne 0x6004bce4 = 0x60045d67 : add = 0x26d91b2(%rip),%rbx # 0x6271ef20 0x60045d6e : je 0x6004bce4 = 0x60045d74 : mov $0x3,%edx 0x60045d79 : mov -0x2a8(%rbp),%r14 0x60045d80 : mov %r14,%rdi 0x60045d83 : mov %r12,%rsi 0x60045d86 : callq 0x6003c430 = 0x60045d8b : test %eax,%eax 0x60045d8d : jne 0x6004bce4 = 0x60045d93 : add = 0x26d9186(%rip),%r14 # 0x6271ef20 0x60045d9a : mov = -0x294(%rbp),%r10d 0x60045da1 : mov = $0xfffffffffffffff2,%r13 0x60045da8 : je 0x6004bcf2 = 0x60045dae : mov $0x602b93da,%esi 0x60045db3 : mov %rbx,%rdi 0x60045db6 : callq 0x60230af0 = 0x60045dbb : test %eax,%eax 0x60045dbd : je 0x6004c566 = 0x60045dc3 : mov %rbx,%rdi 0x60045dc6 : callq 0x60158660 0x60045dcb : mov %rax,%rdi 0x60045dce : mov %r14,%rsi 0x60045dd1 : mov %r12,%rdx 0x60045dd4 : callq 0x60207360 = But note that the "lock_user_string (guest_addr=3D14)" and "do_freebsd_syscall (cpu_env=3D0x860ea3ac0, num=3D58, arg1=3D14," indicate that the "readlink(char *path," is using a really small address for the path string. I've not figured a way for poudriere bulk builds to leave behind the source code automatically. So far I've not looked at the qemu-bsd-user source code. I do build with both debug and optimization turned on via bsd.port.mk having: STRIP_CMD=3D ${TRUE} .endif DEBUG_FLAGS?=3D -g +.if defined(ALLOW_OPTIMIZATIONS_FOR_WITH_DEBUG) +CFLAGS:=3D ${CFLAGS} ${DEBUG_FLAGS} +.else CFLAGS:=3D ${CFLAGS:N-O*:N-fno-strict*} ${DEBUG_FLAGS} +.endif .if defined(INSTALL_TARGET) INSTALL_TARGET:=3D ${INSTALL_TARGET:S/^install-strip$/install/g} .endif mixed with make.conf indicating to use the new alternative: WANT_QT_VERBOSE_CONFIGURE=3D1 # DEFAULT_VERSIONS+=3Dperl5=3D5.24 gcc=3D7 # # =46rom a local /usr/ports/Mk/bsd.port.mk extension: ALLOW_OPTIMIZATIONS_FOR_WITH_DEBUG=3D # .if ${.CURDIR:M*/devel/llvm*} #WITH_DEBUG=3D .elif ${.CURDIR:M*/www/webkit-qt5*} #WITH_DEBUG=3D .else WITH_DEBUG=3D .endif MALLOC_PRODUCTION=3D I got as much information as I report above via use of: /usr/local/bin/gdb /usr/local/bin/qemu-user-static and then: run = /usr/obj/DESTDIRs/clang-powerpc64-installworld-dist-from-src/rescue/id and then interrupting it and exploring. =3D=3D=3D Mark Millard markmi at dsl-only.net From owner-freebsd-ppc@freebsd.org Wed Aug 30 23:32:41 2017 Return-Path: Delivered-To: freebsd-ppc@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0C3FDE0CAB4; Wed, 30 Aug 2017 23:32:41 +0000 (UTC) (envelope-from truckman@FreeBSD.org) Received: from gw.catspoiler.org (unknown [IPv6:2602:304:b010:ef20::f2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "gw.catspoiler.org", Issuer "gw.catspoiler.org" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id D150184A01; Wed, 30 Aug 2017 23:32:40 +0000 (UTC) (envelope-from truckman@FreeBSD.org) Received: from FreeBSD.org (mousie.catspoiler.org [192.168.101.2]) by gw.catspoiler.org (8.15.2/8.15.2) with ESMTP id v7UNWSVY073465; Wed, 30 Aug 2017 16:32:32 -0700 (PDT) (envelope-from truckman@FreeBSD.org) Message-Id: <201708302332.v7UNWSVY073465@gw.catspoiler.org> Date: Wed, 30 Aug 2017 16:32:28 -0700 (PDT) From: Don Lewis Subject: Re: FYI: qemu-ppc64-static and qemu-ppc-static "live-hang" when I attempt use with poudriere; qemu-arm-static and qemu-aarch64-static work To: markmi@dsl-only.net cc: linimon@lonesome.com, freebsd-toolchain@freebsd.org, freebsd-ports@freebsd.org, freebsd-ppc@freebsd.org In-Reply-To: MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii X-BeenThere: freebsd-ppc@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Porting FreeBSD to the PowerPC List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Aug 2017 23:32:41 -0000 On 30 Aug, Mark Millard wrote: > On 2017-Aug-30, at 4:00 AM, Mark Linimon wrote: > >> On Wed, Aug 30, 2017 at 03:09:40AM -0700, Mark Millard wrote: >>> It appears that qemu-ppc64-static and qemu-ppc-static from >>> emulators/qemu-user-static are broken. >> >> Correct, and known for some time. (fwiw sparc64 hangs as well.) > > Looks like qemu-ppc64-static is stuck in a loop, calling > repeatedly: > > do_freebsd_syscall (cpu_env=0x860ea3ac0, num=58, arg1=14, arg2=35995509911, arg3=1024, arg4=268435904, arg5=281494784, arg6=35985701568, arg7=515, arg8=35985668288) > at /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/bsd-user/syscall.c:210 > 210 /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/bsd-user/syscall.c: No such file or directory. > > Which is for: > > 58 AUE_READLINK STD { ssize_t readlink(char *path, char *buf, \ > size_t count); } > > As confirmed by (note the "callq 0x60207360 " ): > > (gdb) > lock_user_string (guest_addr=14) at /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/bsd-user/qemu.h:508 > 508 /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/bsd-user/qemu.h: No such file or directory. > > (gdb) x/64i 0x0000000060045d3e > => 0x60045d3e : callq 0x6004fd20 > 0x60045d43 : test %rax,%rax > 0x60045d46 : js 0x6004b99c > 0x60045d4c : inc %rax > 0x60045d4f : mov $0x1,%edx > 0x60045d54 : mov %rbx,%rdi > 0x60045d57 : mov %rax,%rsi > 0x60045d5a : callq 0x6003c430 > 0x60045d5f : test %eax,%eax > 0x60045d61 : jne 0x6004bce4 > 0x60045d67 : add 0x26d91b2(%rip),%rbx # 0x6271ef20 > 0x60045d6e : je 0x6004bce4 > 0x60045d74 : mov $0x3,%edx > 0x60045d79 : mov -0x2a8(%rbp),%r14 > 0x60045d80 : mov %r14,%rdi > 0x60045d83 : mov %r12,%rsi > 0x60045d86 : callq 0x6003c430 > 0x60045d8b : test %eax,%eax > 0x60045d8d : jne 0x6004bce4 > 0x60045d93 : add 0x26d9186(%rip),%r14 # 0x6271ef20 > 0x60045d9a : mov -0x294(%rbp),%r10d > 0x60045da1 : mov $0xfffffffffffffff2,%r13 > 0x60045da8 : je 0x6004bcf2 > 0x60045dae : mov $0x602b93da,%esi > 0x60045db3 : mov %rbx,%rdi > 0x60045db6 : callq 0x60230af0 > 0x60045dbb : test %eax,%eax > 0x60045dbd : je 0x6004c566 > 0x60045dc3 : mov %rbx,%rdi > 0x60045dc6 : callq 0x60158660 > 0x60045dcb : mov %rax,%rdi > 0x60045dce : mov %r14,%rsi > 0x60045dd1 : mov %r12,%rdx > 0x60045dd4 : callq 0x60207360 > > But note that the "lock_user_string (guest_addr=14)" and > "do_freebsd_syscall (cpu_env=0x860ea3ac0, num=58, arg1=14," > indicate that the "readlink(char *path," is using a really > small address for the path string. > > > I've not figured a way for poudriere bulk builds to leave > behind the source code automatically. So far I've not > looked at the qemu-bsd-user source code. I do build with > both debug and optimization turned on via bsd.port.mk > having: The -w option will create a tarball of the work directory if the package build fails. I also often use the testport -i option I want to poke around in the WRKDIR after a build. From owner-freebsd-ppc@freebsd.org Thu Aug 31 03:44:00 2017 Return-Path: Delivered-To: freebsd-ppc@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 62ACAE14706 for ; Thu, 31 Aug 2017 03:44:00 +0000 (UTC) (envelope-from markmi@dsl-only.net) Received: from asp.reflexion.net (outbound-mail-210-93.reflexion.net [208.70.210.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 17D5A67485 for ; Thu, 31 Aug 2017 03:43:59 +0000 (UTC) (envelope-from markmi@dsl-only.net) Received: (qmail 24677 invoked from network); 31 Aug 2017 03:49:07 -0000 Received: from unknown (HELO mail-cs-01.app.dca.reflexion.local) (10.81.19.1) by 0 (rfx-qmail) with SMTP; 31 Aug 2017 03:49:07 -0000 Received: by mail-cs-01.app.dca.reflexion.local (Reflexion email security v8.40.2) with SMTP; Wed, 30 Aug 2017 23:43:53 -0400 (EDT) Received: (qmail 11559 invoked from network); 31 Aug 2017 03:43:53 -0000 Received: from unknown (HELO iron2.pdx.net) (69.64.224.71) by 0 (rfx-qmail) with (AES256-SHA encrypted) SMTP; 31 Aug 2017 03:43:53 -0000 Received: from [192.168.1.109] (c-67-170-167-181.hsd1.or.comcast.net [67.170.167.181]) by iron2.pdx.net (Postfix) with ESMTPSA id 5F07EEC86F0; Wed, 30 Aug 2017 20:43:52 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: FYI: qemu-ppc64-static and qemu-ppc-static "live-hang" when I attempt use with poudriere; qemu-arm-static and qemu-aarch64-static work From: Mark Millard In-Reply-To: <201708302332.v7UNWSVY073465@gw.catspoiler.org> Date: Wed, 30 Aug 2017 20:43:51 -0700 Cc: linimon@lonesome.com, freebsd-toolchain@freebsd.org, freebsd-ports@freebsd.org, freebsd-ppc@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <9B916738-394B-48B7-AA2E-6193F54760B3@dsl-only.net> References: <201708302332.v7UNWSVY073465@gw.catspoiler.org> To: Don Lewis X-Mailer: Apple Mail (2.3273) X-BeenThere: freebsd-ppc@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Porting FreeBSD to the PowerPC List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Aug 2017 03:44:00 -0000 On 2017-Aug-30, at 4:32 PM, Don Lewis wrote: > On 30 Aug, Mark Millard wrote: >> On 2017-Aug-30, at 4:00 AM, Mark Linimon = wrote: >>=20 >>> On Wed, Aug 30, 2017 at 03:09:40AM -0700, Mark Millard wrote: >>>> It appears that qemu-ppc64-static and qemu-ppc-static from >>>> emulators/qemu-user-static are broken. >>>=20 >>> Correct, and known for some time. (fwiw sparc64 hangs as well.) >>=20 >> Looks like qemu-ppc64-static is stuck in a loop, calling >> repeatedly: >>=20 >> do_freebsd_syscall (cpu_env=3D0x860ea3ac0, num=3D58, arg1=3D14, = arg2=3D35995509911, arg3=3D1024, arg4=3D268435904, arg5=3D281494784, = arg6=3D35985701568, arg7=3D515, arg8=3D35985668288) >> at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/syscall.c:210 >> 210 = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/syscall.c: No such file or directory. >>=20 >> Which is for: >>=20 >> 58 AUE_READLINK STD { ssize_t readlink(char *path, char = *buf, \ >> size_t count); } >>=20 >> As confirmed by (note the "callq 0x60207360 " ): >>=20 >> (gdb)=20 >> lock_user_string (guest_addr=3D14) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/qemu.h:508 >> 508 = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/qemu.h: No such file or directory. >>=20 >> (gdb) x/64i 0x0000000060045d3e >> =3D> 0x60045d3e : callq 0x6004fd20 = >> 0x60045d43 : test %rax,%rax >> 0x60045d46 : js 0x6004b99c = >> 0x60045d4c : inc %rax >> 0x60045d4f : mov $0x1,%edx >> 0x60045d54 : mov %rbx,%rdi >> 0x60045d57 : mov %rax,%rsi >> 0x60045d5a : callq 0x6003c430 = >> 0x60045d5f : test %eax,%eax >> 0x60045d61 : jne 0x6004bce4 = >> 0x60045d67 : add = 0x26d91b2(%rip),%rbx # 0x6271ef20 >> 0x60045d6e : je 0x6004bce4 = >> 0x60045d74 : mov $0x3,%edx >> 0x60045d79 : mov -0x2a8(%rbp),%r14 >> 0x60045d80 : mov %r14,%rdi >> 0x60045d83 : mov %r12,%rsi >> 0x60045d86 : callq 0x6003c430 = >> 0x60045d8b : test %eax,%eax >> 0x60045d8d : jne 0x6004bce4 = >> 0x60045d93 : add = 0x26d9186(%rip),%r14 # 0x6271ef20 >> 0x60045d9a : mov = -0x294(%rbp),%r10d >> 0x60045da1 : mov = $0xfffffffffffffff2,%r13 >> 0x60045da8 : je 0x6004bcf2 = >> 0x60045dae : mov $0x602b93da,%esi >> 0x60045db3 : mov %rbx,%rdi >> 0x60045db6 : callq 0x60230af0 = >> 0x60045dbb : test %eax,%eax >> 0x60045dbd : je 0x6004c566 = >> 0x60045dc3 : mov %rbx,%rdi >> 0x60045dc6 : callq 0x60158660 >> 0x60045dcb : mov %rax,%rdi >> 0x60045dce : mov %r14,%rsi >> 0x60045dd1 : mov %r12,%rdx >> 0x60045dd4 : callq 0x60207360 = >>=20 >> But note that the "lock_user_string (guest_addr=3D14)" and >> "do_freebsd_syscall (cpu_env=3D0x860ea3ac0, num=3D58, arg1=3D14," >> indicate that the "readlink(char *path," is using a really >> small address for the path string. >>=20 >>=20 >> I've not figured a way for poudriere bulk builds to leave >> behind the source code automatically. So far I've not >> looked at the qemu-bsd-user source code. I do build with >> both debug and optimization turned on via bsd.port.mk >> having: >=20 > The -w option will create a tarball of the work directory if the > package build fails. I also often use the testport -i option I want = to > poke around in the WRKDIR after a build. I've been using -w right along. But I'd not used testport at all. It looks to me like the syscall errno handling is messed up. The details that I've observed follow. It follows a simplified sequence of discovery as far a presentation order goes. The looping code is: static inline void target_cpu_loop(CPUPPCState *env) { CPUState *cs =3D CPU(ppc_env_get_cpu(env)); target_siginfo_t info; int trapnr; target_ulong ret; =20 for(;;) { cpu_exec_start(cs); trapnr =3D cpu_exec(cs); cpu_exec_end(cs); process_queued_cpu_work(cs); =20 switch(trapnr) { . . . case POWERPC_EXCP_SYSCALL_USER: /* system call in user-mode emulation */ /* WARNING: * PPC ABI uses overflow flag in cr0 to signal an error * in syscalls. */ env->crf[0] &=3D ~0x1; ret =3D do_freebsd_syscall(env, env->gpr[0], env->gpr[3], = env->gpr[4], env->gpr[5], env->gpr[6], env->gpr[7], env->gpr[8], env->gpr[9], env->gpr[10]); if (ret =3D=3D (target_ulong)(-TARGET_QEMU_ESIGRETURN)) { /* Returning from a successful sigreturn syscall. Avoid corrupting register state. */ break; } if (ret > (target_ulong)(-515)) { env->crf[0] |=3D 0x1; ret =3D -ret; } env->gpr[3] =3D ret; break; . . . } process_pending_signals(env); } } The observed env->gpr[3] =3D=3D 14 is from a prior loop iteration having ret =3D=3D 14 in the: env->gpr[3] =3D ret; Prior to this were the values (as seen via lock_user_string): guest_addr=3D278408977 guest_addr=3D2 That 2 also came from the prior ret =3D=3D 2 in the: env->gpr[3] =3D ret; from when the 278408977 was in being attempted. For both the ret =3D=3D 2 and ret =3D=3D 14 were from: ret =3D -ret; so the return values from do_freebsd_syscall were -2 and -14 (interpreted as signed). The return values trace back to the following code, where TARGET_EFAULT =3D=3D 14 : static inline abi_long do_bsd_readlink(CPUArchState *env, abi_long arg1, abi_long arg2, abi_long arg3) { abi_long ret; void *p1, *p2; =20 LOCK_PATH(p1, arg1); p2 =3D lock_user(VERIFY_WRITE, arg2, arg3, 0); if (p2 =3D=3D NULL) { UNLOCK_PATH(p1, arg1); return -TARGET_EFAULT; } #ifdef __FreeBSD__ if (strcmp(p1, "/proc/curproc/file") =3D=3D 0) { CPUState *cpu =3D ENV_GET_CPU(env); TaskState *ts =3D (TaskState *)cpu->opaque; strncpy(p2, ts->bprm->fullpath, arg3); ret =3D MIN((abi_long)strlen(ts->bprm->fullpath), arg3); } else #endif ret =3D get_errno(readlink(path(p1), p2, arg3)); unlock_user(p2, arg2, ret); UNLOCK_PATH(p1, arg1); return ret; } The 2 is from: ret =3D get_errno(readlink(path(p1), p2, arg3)); At the time the p1 points to "/etc/malloc.conf": (gdb) step=20 path (name=3D0x10982f11 "/etc/malloc.conf") at util/path.c:173 169 const char *path(const char *name) 170 { 171 /* Only do absolute paths: quick and dirty, but should = mostly be OK. 172 Could do relative by tracking cwd. */ (gdb)=20 173 if (!base || !name || name[0] !=3D '/') 174 return name; 175=09 176 return follow_path(base, name) ?: name; 177 } (gdb) print base $8 =3D (struct pathelem *) 0x0 So name is returned unchanged. The 2 is in turn from: #define __ENOENT 2 /* No such file or directory */ Overall one oddity is that this code structure seems to use -ret from: ret =3D do_freebsd_syscall(env, env->gpr[0], env->gpr[3], = env->gpr[4], env->gpr[5], env->gpr[6], env->gpr[7], env->gpr[8], env->gpr[9], env->gpr[10]); to retry the same operation again the next iteration, but with env->gpr[3] =3D=3D -ret (as ret was on the return of do_freebsd_syscall ). Once abs(ret) =3D=3D 14 it is fully stuck repeating itself. I've no clue if: env->gpr[3] =3D ret; even makes sense here. I've not tried to track down the memory leak activity that is associated. Nor have I checked anything for the: cpu_exec_start(cs); trapnr =3D cpu_exec(cs); cpu_exec_end(cs); process_queued_cpu_work(cs); activity. It likely contributes to why the loop retries the readlink again (with a junk address for the path). =3D=3D=3D Mark Millard markmi at dsl-only.net From owner-freebsd-ppc@freebsd.org Thu Aug 31 09:33:57 2017 Return-Path: Delivered-To: freebsd-ppc@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4E844E1A5F0 for ; Thu, 31 Aug 2017 09:33:57 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 219B570BAE for ; Thu, 31 Aug 2017 09:33:57 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by freefall.freebsd.org (Postfix) id 7C9C7F68E; Thu, 31 Aug 2017 09:33:56 +0000 (UTC) Delivered-To: freebsd-powerpc@localmail.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx1.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by freefall.freebsd.org (Postfix) with ESMTPS id 66109F68D for ; Thu, 31 Aug 2017 09:33:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A6BA070BAD for ; Thu, 31 Aug 2017 09:33:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v7V9XsRx018870 for ; Thu, 31 Aug 2017 09:33:55 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-powerpc@FreeBSD.org Subject: [Bug 221640] sysutils/consolekit2 build fails with loop initial declaration used outside C99 mode Date: Thu, 31 Aug 2017 09:33:55 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: kwm@FreeBSD.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: gnome@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: cc bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ppc@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Porting FreeBSD to the PowerPC List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Aug 2017 09:33:57 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D221640 Koop Mast changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kwm@FreeBSD.org Status|New |In Progress --- Comment #1 from Koop Mast --- Powerpc is still stuck with gcc 4.2.1 isn't it?=20 Would "USE_CSTD=3Dc99" work? Or "gnu99" if the previous doesn't work. --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-ppc@freebsd.org Thu Aug 31 19:13:21 2017 Return-Path: Delivered-To: freebsd-ppc@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 12A97E04038 for ; Thu, 31 Aug 2017 19:13:21 +0000 (UTC) (envelope-from markmi@dsl-only.net) Received: from asp.reflexion.net (outbound-mail-210-94.reflexion.net [208.70.210.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BA38B64204 for ; Thu, 31 Aug 2017 19:13:20 +0000 (UTC) (envelope-from markmi@dsl-only.net) Received: (qmail 15752 invoked from network); 31 Aug 2017 19:13:19 -0000 Received: from unknown (HELO mail-cs-02.app.dca.reflexion.local) (10.81.19.2) by 0 (rfx-qmail) with SMTP; 31 Aug 2017 19:13:19 -0000 Received: by mail-cs-02.app.dca.reflexion.local (Reflexion email security v8.40.2) with SMTP; Thu, 31 Aug 2017 15:13:19 -0400 (EDT) Received: (qmail 15339 invoked from network); 31 Aug 2017 19:13:18 -0000 Received: from unknown (HELO iron2.pdx.net) (69.64.224.71) by 0 (rfx-qmail) with (AES256-SHA encrypted) SMTP; 31 Aug 2017 19:13:18 -0000 Received: from [192.168.1.109] (c-67-170-167-181.hsd1.or.comcast.net [67.170.167.181]) by iron2.pdx.net (Postfix) with ESMTPSA id 24003EC7A6F; Thu, 31 Aug 2017 12:13:18 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: FYI: qemu-ppc64-static and qemu-ppc-static "live-hang" when I attempt use with poudriere; qemu-arm-static and qemu-aarch64-static work From: Mark Millard In-Reply-To: <9B916738-394B-48B7-AA2E-6193F54760B3@dsl-only.net> Date: Thu, 31 Aug 2017 12:13:17 -0700 Cc: Mark Linimon , FreeBSD Toolchain , FreeBSD Ports , freebsd-ppc@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <85B5ADE0-5573-4E04-8EC3-CB5751C035FF@dsl-only.net> References: <201708302332.v7UNWSVY073465@gw.catspoiler.org> <9B916738-394B-48B7-AA2E-6193F54760B3@dsl-only.net> To: Don Lewis X-Mailer: Apple Mail (2.3273) X-BeenThere: freebsd-ppc@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Porting FreeBSD to the PowerPC List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Aug 2017 19:13:21 -0000 [Turns out that the emulated program counter is not progressing for syscall emulation, at least for syscall falure cases.] On 2017-Aug-30, at 8:43 PM, Mark Millard wrote: > On 2017-Aug-30, at 4:32 PM, Don Lewis wrote: >=20 >> On 30 Aug, Mark Millard wrote: >>> On 2017-Aug-30, at 4:00 AM, Mark Linimon = wrote: >>>=20 >>>> On Wed, Aug 30, 2017 at 03:09:40AM -0700, Mark Millard wrote: >>>>> It appears that qemu-ppc64-static and qemu-ppc-static from >>>>> emulators/qemu-user-static are broken. >>>>=20 >>>> Correct, and known for some time. (fwiw sparc64 hangs as well.) >>>=20 >>> Looks like qemu-ppc64-static is stuck in a loop, calling >>> repeatedly: >>>=20 >>> do_freebsd_syscall (cpu_env=3D0x860ea3ac0, num=3D58, arg1=3D14, = arg2=3D35995509911, arg3=3D1024, arg4=3D268435904, arg5=3D281494784, = arg6=3D35985701568, arg7=3D515, arg8=3D35985668288) >>> at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/syscall.c:210 >>> 210 = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/syscall.c: No such file or directory. >>>=20 >>> Which is for: >>>=20 >>> 58 AUE_READLINK STD { ssize_t readlink(char *path, char = *buf, \ >>> size_t count); } >>>=20 >>> As confirmed by (note the "callq 0x60207360 " ): >>>=20 >>> (gdb)=20 >>> lock_user_string (guest_addr=3D14) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/qemu.h:508 >>> 508 = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/qemu.h: No such file or directory. >>>=20 >>> (gdb) x/64i 0x0000000060045d3e >>> =3D> 0x60045d3e : callq 0x6004fd20 = >>> 0x60045d43 : test %rax,%rax >>> 0x60045d46 : js 0x6004b99c = >>> 0x60045d4c : inc %rax >>> 0x60045d4f : mov $0x1,%edx >>> 0x60045d54 : mov %rbx,%rdi >>> 0x60045d57 : mov %rax,%rsi >>> 0x60045d5a : callq 0x6003c430 = >>> 0x60045d5f : test %eax,%eax >>> 0x60045d61 : jne 0x6004bce4 = >>> 0x60045d67 : add = 0x26d91b2(%rip),%rbx # 0x6271ef20 >>> 0x60045d6e : je 0x6004bce4 = >>> 0x60045d74 : mov $0x3,%edx >>> 0x60045d79 : mov -0x2a8(%rbp),%r14 >>> 0x60045d80 : mov %r14,%rdi >>> 0x60045d83 : mov %r12,%rsi >>> 0x60045d86 : callq 0x6003c430 = >>> 0x60045d8b : test %eax,%eax >>> 0x60045d8d : jne 0x6004bce4 = >>> 0x60045d93 : add = 0x26d9186(%rip),%r14 # 0x6271ef20 >>> 0x60045d9a : mov = -0x294(%rbp),%r10d >>> 0x60045da1 : mov = $0xfffffffffffffff2,%r13 >>> 0x60045da8 : je 0x6004bcf2 = >>> 0x60045dae : mov $0x602b93da,%esi >>> 0x60045db3 : mov %rbx,%rdi >>> 0x60045db6 : callq 0x60230af0 = >>> 0x60045dbb : test %eax,%eax >>> 0x60045dbd : je 0x6004c566 = >>> 0x60045dc3 : mov %rbx,%rdi >>> 0x60045dc6 : callq 0x60158660 >>> 0x60045dcb : mov %rax,%rdi >>> 0x60045dce : mov %r14,%rsi >>> 0x60045dd1 : mov %r12,%rdx >>> 0x60045dd4 : callq 0x60207360 = >>>=20 >>> But note that the "lock_user_string (guest_addr=3D14)" and >>> "do_freebsd_syscall (cpu_env=3D0x860ea3ac0, num=3D58, arg1=3D14," >>> indicate that the "readlink(char *path," is using a really >>> small address for the path string. >>>=20 >>>=20 >>> I've not figured a way for poudriere bulk builds to leave >>> behind the source code automatically. So far I've not >>> looked at the qemu-bsd-user source code. I do build with >>> both debug and optimization turned on via bsd.port.mk >>> having: >>=20 >> The -w option will create a tarball of the work directory if the >> package build fails. I also often use the testport -i option I want = to >> poke around in the WRKDIR after a build. >=20 > I've been using -w right along. But I'd not used testport at all. >=20 > It looks to me like the syscall errno handling is messed > up. The details that I've observed follow. It follows > a simplified sequence of discovery as far a presentation > order goes. >=20 > The looping code is: >=20 > static inline void target_cpu_loop(CPUPPCState *env) > { > CPUState *cs =3D CPU(ppc_env_get_cpu(env)); > target_siginfo_t info; > int trapnr; > target_ulong ret; >=20 > for(;;) { > cpu_exec_start(cs); > trapnr =3D cpu_exec(cs); > cpu_exec_end(cs); > process_queued_cpu_work(cs); >=20 > switch(trapnr) { > . . . > case POWERPC_EXCP_SYSCALL_USER: > /* system call in user-mode emulation */ > /* WARNING: > * PPC ABI uses overflow flag in cr0 to signal an error > * in syscalls. > */ > env->crf[0] &=3D ~0x1; > ret =3D do_freebsd_syscall(env, env->gpr[0], env->gpr[3], = env->gpr[4], > env->gpr[5], env->gpr[6], env->gpr[7], > env->gpr[8], env->gpr[9], env->gpr[10]); > if (ret =3D=3D (target_ulong)(-TARGET_QEMU_ESIGRETURN)) { > /* Returning from a successful sigreturn syscall. > Avoid corrupting register state. */ > break; > } > if (ret > (target_ulong)(-515)) { > env->crf[0] |=3D 0x1; > ret =3D -ret; > } > env->gpr[3] =3D ret; > break; > . . . > } > process_pending_signals(env); > } > } >=20 > The observed env->gpr[3] =3D=3D 14 is from a prior loop > iteration having ret =3D=3D 14 in the: >=20 > env->gpr[3] =3D ret; >=20 > Prior to this were the values (as seen via > lock_user_string): >=20 > guest_addr=3D278408977 > guest_addr=3D2 >=20 > That 2 also came from the prior ret =3D=3D 2 in the: >=20 > env->gpr[3] =3D ret; >=20 > from when the 278408977 was in being attempted. >=20 > For both the ret =3D=3D 2 and ret =3D=3D 14 were from: >=20 > ret =3D -ret; >=20 > so the return values from do_freebsd_syscall were > -2 and -14 (interpreted as signed). >=20 > The return values trace back to the following code, > where TARGET_EFAULT =3D=3D 14 : >=20 > static inline abi_long do_bsd_readlink(CPUArchState *env, abi_long = arg1, > abi_long arg2, abi_long arg3) > { > abi_long ret; > void *p1, *p2; >=20 > LOCK_PATH(p1, arg1); > p2 =3D lock_user(VERIFY_WRITE, arg2, arg3, 0); > if (p2 =3D=3D NULL) { > UNLOCK_PATH(p1, arg1); > return -TARGET_EFAULT; > } > #ifdef __FreeBSD__ > if (strcmp(p1, "/proc/curproc/file") =3D=3D 0) { > CPUState *cpu =3D ENV_GET_CPU(env); > TaskState *ts =3D (TaskState *)cpu->opaque; > strncpy(p2, ts->bprm->fullpath, arg3); > ret =3D MIN((abi_long)strlen(ts->bprm->fullpath), arg3); > } else > #endif > ret =3D get_errno(readlink(path(p1), p2, arg3)); > unlock_user(p2, arg2, ret); > UNLOCK_PATH(p1, arg1); >=20 > return ret; > } >=20 > The 2 is from: >=20 > ret =3D get_errno(readlink(path(p1), p2, arg3)); >=20 > At the time the p1 points to "/etc/malloc.conf": >=20 > (gdb) step=20 > path (name=3D0x10982f11 "/etc/malloc.conf") at util/path.c:173 >=20 > 169 const char *path(const char *name) > 170 { > 171 /* Only do absolute paths: quick and dirty, but should = mostly be OK. > 172 Could do relative by tracking cwd. */ > (gdb)=20 > 173 if (!base || !name || name[0] !=3D '/') > 174 return name; > 175=09 > 176 return follow_path(base, name) ?: name; > 177 } >=20 > (gdb) print base > $8 =3D (struct pathelem *) 0x0 >=20 > So name is returned unchanged. >=20 >=20 > The 2 is in turn from: >=20 > #define __ENOENT 2 /* No such file or = directory */ >=20 >=20 > Overall one oddity is that this code structure > seems to use -ret from: >=20 > ret =3D do_freebsd_syscall(env, env->gpr[0], env->gpr[3], = env->gpr[4], > env->gpr[5], env->gpr[6], env->gpr[7], > env->gpr[8], env->gpr[9], env->gpr[10]); >=20 > to retry the same operation again the next iteration, > but with env->gpr[3] =3D=3D -ret (as ret was on the return > of do_freebsd_syscall ). >=20 > Once abs(ret) =3D=3D 14 it is fully stuck repeating itself. >=20 > I've no clue if: >=20 > env->gpr[3] =3D ret; >=20 > even makes sense here. >=20 > I've not tried to track down the memory leak activity > that is associated. >=20 > Nor have I checked anything for the: >=20 > cpu_exec_start(cs); > trapnr =3D cpu_exec(cs); > cpu_exec_end(cs); > process_queued_cpu_work(cs); >=20 > activity. It likely contributes to why the loop > retries the readlink again (with a junk address > for the path). I do not see activity advancing the emulated program counter as this looping/retrying happens. Nor anything that is adjusting the problematical re-used env->gpr[3] other than the: 516 env->gpr[3] =3D ret; after the negation of ret for the syscall failure handling. This is confirmed by the following: (gdb) bt #0 cpu_tb_exec (cpu=3D0x860e9b8c0, itb=3D0x60723340 = ) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:141 #1 0x0000000060039cb5 in cpu_loop_exec_tb (cpu=3D, = tb=3D, last_tb=3D, tb_exit=3D) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:574 #2 cpu_exec (cpu=3D) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:672 #3 0x000000006003c988 in target_cpu_loop (env=3D0x860ea3ac0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/ppc/target_arch_cpu.h:139 #4 cpu_loop (env=3D0x860ea3ac0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/main.c:121 #5 0x000000006003e003 in main (argc=3D, argv=3D) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/main.c:516 . . . (gdb) list 569 { 570 uintptr_t ret; 571 int32_t insns_left; 572=09 573 trace_exec_tb(tb, tb->pc); 574 ret =3D cpu_tb_exec(cpu, tb); 575 tb =3D (TranslationBlock *)(ret & ~TB_EXIT_MASK); 576 *tb_exit =3D ret & TB_EXIT_MASK; 577 if (*tb_exit !=3D TB_EXIT_REQUESTED) { 578 *last_tb =3D tb; . . . cpu_tb_exec (cpu=3D0x860e9b8c0, itb=3D0x60723340 = ) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:141 141 CPUArchState *env =3D cpu->env_ptr; (gdb) print/x itb->pc $16 =3D 0x1074d784 (gdb) c Continuing. Thread 1 hit Breakpoint 9, cpu_tb_exec (cpu=3D0x860e9b8c0, = itb=3D0x60723340 ) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:141 141 CPUArchState *env =3D cpu->env_ptr; . . . (gdb) print/x itb->pc $18 =3D 0x1074d784 (gdb) c Continuing. Thread 1 hit Breakpoint 9, cpu_tb_exec (cpu=3D0x860e9b8c0, = itb=3D0x60723340 ) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:141 141 CPUArchState *env =3D cpu->env_ptr; (gdb) print/x itb->pc $19 =3D 0x1074d784 (gdb) c Continuing. Thread 1 hit Breakpoint 9, cpu_tb_exec (cpu=3D0x860e9b8c0, = itb=3D0x60723340 ) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:141 141 CPUArchState *env =3D cpu->env_ptr; (gdb) print/x itb->pc $20 =3D 0x1074d784 and so on. So it appears that syscall emulation does not progress the emulated instruction pointer and so the syscall repeats over and over. (I've still not tracked down what is leaking memory during this looping. But that is probably a secodnary concern at this point.) So how does the code get from: 139 trapnr =3D cpu_exec(cs); to (re-)trying the failed syscall (readlink) attempt? (gdb) bt #0 0x00000000601e25c0 in siglongjmp () #1 0x000000006003a1aa in cpu_loop_exit_restore (cpu=3D, = pc=3D) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec-common.c:77 #2 0x00000000600e0eeb in raise_exception_err_ra (env=3D, = exception=3D, error_code=3D0, raddr=3D0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/t= arget/ppc/excp_helper.c:905 #3 helper_raise_exception_err (env=3D, = exception=3D, error_code=3D0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/t= arget/ppc/excp_helper.c:928 #4 0x00000000607233e6 in static_code_gen_buffer () #5 0x0000000060039ffa in cpu_tb_exec (cpu=3D0x860e9b8c0, itb=3D0x60723340= ) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:166 #6 0x0000000060039cb5 in cpu_loop_exec_tb (cpu=3D, = tb=3D, last_tb=3D, tb_exit=3D) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:574 #7 cpu_exec (cpu=3D) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:672 #8 0x000000006003c988 in target_cpu_loop (env=3D0x860ea3ac0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/ppc/target_arch_cpu.h:139 #9 cpu_loop (env=3D0x860ea3ac0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/main.c:121 #10 0x000000006003e003 in main (argc=3D, argv=3D) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/main.c:516 It does a siglongjmp via helper_raise_execption_err : (gdb) up #1 0x0000000060039ffa in cpu_tb_exec (cpu=3D0x860e9b8c0, itb=3D0x60723340= ) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:166 166 ret =3D tcg_qemu_tb_exec(env, tb_ptr); (gdb) list 161 qemu_log_unlock(); 162 } 163 #endif /* DEBUG_DISAS */ 164=09 165 cpu->can_do_io =3D !use_icount; 166 ret =3D tcg_qemu_tb_exec(env, tb_ptr); 167 cpu->can_do_io =3D 1; 168 last_tb =3D (TranslationBlock *)(ret & ~TB_EXIT_MASK); 169 tb_exit =3D ret & TB_EXIT_MASK; 170 trace_exec_tb_exit(last_tb, tb_exit); (gdb) print tb_ptr $11 =3D (uint8_t *) 0x607233c0 = "A\213n\354\205\355\017\214\037" 0x607233c0 : mov -0x14(%r14),%ebp 0x607233c4 : test %ebp,%ebp 0x607233c6 : jl 0x607233eb = 0x607233cc : movq = $0x1074d784,0x3c8(%r14) 0x607233d7 : mov %r14,%rdi 0x607233da : mov $0x203,%esi 0x607233df : xor %edx,%edx 0x607233e1 : callq 0x600e0ed0 = =3D> 0x607233e6 : jmpq 0x6071ef06 = 0x607233eb : mov $0x60723343,%eax 0x607233f0 : jmpq 0x6071ef08 = The exception is exception=3D=3D515 . 515 is the figure matching up with POWERPC_EXCP_SYSCALL_USER . (gdb) stepi helper_raise_exception_err (env=3D0x860ea3ac0, exception=3D515, = error_code=3D0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/t= arget/ppc/excp_helper.c:927 927 { (gdb) bt #0 helper_raise_exception_err (env=3D0x860ea3ac0, exception=3D515, = error_code=3D0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/t= arget/ppc/excp_helper.c:927 #1 0x00000000607233e6 in static_code_gen_buffer () #2 0x0000000060039ffa in cpu_tb_exec (cpu=3D0x860e9b8c0, itb=3D0x60723340= ) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:166 #3 0x0000000060039cb5 in cpu_loop_exec_tb (cpu=3D, = tb=3D, last_tb=3D, tb_exit=3D) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:574 #4 cpu_exec (cpu=3D) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:672 #5 0x000000006003c988 in target_cpu_loop (env=3D0x860ea3ac0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/ppc/target_arch_cpu.h:139 #6 cpu_loop (env=3D0x860ea3ac0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/main.c:121 #7 0x000000006003e003 in main (argc=3D, argv=3D) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/main.c:516 Later there is: raise_exception_err_ra (env=3D0x860ea3ac0, exception=3D515, = error_code=3D0, raddr=3D0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/t= arget/ppc/excp_helper.c:903 903 cs->exception_index =3D exception; and then: (gdb) s cpu_loop_exit_restore (cpu=3D0x860e9b8c0, pc=3D0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec-common.c:74 74 if (pc) { (gdb) n 77 siglongjmp(cpu->jmp_env, 1); (gdb) n 0x00000000600398e9 in cpu_exec (cpu=3D0x860e9b8c0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:645 645 if (sigsetjmp(cpu->jmp_env, 0) !=3D 0) { (gdb) bt #0 0x00000000600398e9 in cpu_exec (cpu=3D0x860e9b8c0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:645 #1 0x000000006003c988 in target_cpu_loop (env=3D0x860ea3ac0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/ppc/target_arch_cpu.h:139 #2 cpu_loop (env=3D0x860ea3ac0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/main.c:121 #3 0x000000006003e003 in main (argc=3D, argv=3D) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/main.c:516 (gdb) n 651 cpu =3D current_cpu; (gdb)=20 652 cc =3D CPU_GET_CLASS(cpu); (gdb)=20 658 cpu->can_do_io =3D 1; (gdb)=20 659 tb_lock_reset(); (gdb)=20 660 if (qemu_mutex_iothread_locked()) { (gdb)=20 661 qemu_mutex_unlock_iothread(); (gdb)=20 666 while (!cpu_handle_exception(cpu, &ret)) { (gdb)=20 679 cc->cpu_exec_exit(cpu); (gdb) n 680 rcu_read_unlock(); (gdb) n 683 } (gdb) n target_cpu_loop (env=3D0x860ea3ac0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/ppc/target_arch_cpu.h:140 140 cpu_exec_end(cs); And it sends up back in: 141 process_queued_cpu_work(cs); 142=09 143 switch(trapnr) { . . . 497 case POWERPC_EXCP_SYSCALL_USER: 498 /* system call in user-mode emulation */ 499 /* WARNING: 500 * PPC ABI uses overflow flag in cr0 to signal an = error 501 * in syscalls. 502 */ (gdb)=20 503 env->crf[0] &=3D ~0x1; 504 ret =3D do_freebsd_syscall(env, env->gpr[0], = env->gpr[3], env->gpr[4], 505 env->gpr[5], env->gpr[6], = env->gpr[7], 506 env->gpr[8], env->gpr[9], = env->gpr[10]); 507 if (ret =3D=3D = (target_ulong)(-TARGET_QEMU_ESIGRETURN)) { 508 /* Returning from a successful sigreturn = syscall. 509 Avoid corrupting register state. */ 510 break; 511 } 512 if (ret > (target_ulong)(-515)) { (gdb)=20 513 env->crf[0] |=3D 0x1; 514 ret =3D -ret; 515 } 516 env->gpr[3] =3D ret; 517 break; =3D=3D=3D Mark Millard markmi at dsl-only.net From owner-freebsd-ppc@freebsd.org Thu Aug 31 19:40:58 2017 Return-Path: Delivered-To: freebsd-ppc@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8BF85E048B9 for ; Thu, 31 Aug 2017 19:40:58 +0000 (UTC) (envelope-from markmi@dsl-only.net) Received: from asp.reflexion.net (outbound-mail-210-93.reflexion.net [208.70.210.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4DD4D64CA5 for ; Thu, 31 Aug 2017 19:40:57 +0000 (UTC) (envelope-from markmi@dsl-only.net) Received: (qmail 13295 invoked from network); 31 Aug 2017 19:40:56 -0000 Received: from unknown (HELO mail-cs-01.app.dca.reflexion.local) (10.81.19.1) by 0 (rfx-qmail) with SMTP; 31 Aug 2017 19:40:56 -0000 Received: by mail-cs-01.app.dca.reflexion.local (Reflexion email security v8.40.2) with SMTP; Thu, 31 Aug 2017 15:40:56 -0400 (EDT) Received: (qmail 4786 invoked from network); 31 Aug 2017 19:40:56 -0000 Received: from unknown (HELO iron2.pdx.net) (69.64.224.71) by 0 (rfx-qmail) with (AES256-SHA encrypted) SMTP; 31 Aug 2017 19:40:56 -0000 Received: from [192.168.1.109] (c-67-170-167-181.hsd1.or.comcast.net [67.170.167.181]) by iron2.pdx.net (Postfix) with ESMTPSA id 79869EC7ED7; Thu, 31 Aug 2017 12:40:55 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: FYI: qemu-ppc64-static and qemu-ppc-static "live-hang" when I attempt use with poudriere; qemu-arm-static and qemu-aarch64-static work From: Mark Millard In-Reply-To: <85B5ADE0-5573-4E04-8EC3-CB5751C035FF@dsl-only.net> Date: Thu, 31 Aug 2017 12:40:54 -0700 Cc: Don Lewis , Mark Linimon , FreeBSD Toolchain , FreeBSD Ports , freebsd-ppc@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <201708302332.v7UNWSVY073465@gw.catspoiler.org> <9B916738-394B-48B7-AA2E-6193F54760B3@dsl-only.net> <85B5ADE0-5573-4E04-8EC3-CB5751C035FF@dsl-only.net> To: Sean Bruno X-Mailer: Apple Mail (2.3273) X-BeenThere: freebsd-ppc@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Porting FreeBSD to the PowerPC List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Aug 2017 19:40:58 -0000 [Just adding Sean Bruno in case the information is new to him. I top post a note for that.] Sean: The below reports on what I've found for what is happening for qemu-ppc64-static (and possibly others) when it gets stuck eating CPU time (and leaking memory), at least for the example I ran into (that basically blocks all use of qemu-ppc64-static it happens very early in all(?) attempted uses that load. The content reflects my exploration order. The summary is: A) I've found an example context where the emulated pc does not progress and it ends up looping repeating a syscall. B) Given that is involved: I've found that env->gpr[3] handling for failed syscall attempts contributes to the detailed failure behaviors. (This part is, of course, likely very powerpc specific.) But I found (B) before finding (A) as its context and (A) might be the only problem for all I know: having the emulated program counter progress correctly might end up dealing with env->gpr[3] correctly in the newly executed code. At this point I've no clue where the emulated PC should be adjusted in the code or what the detailed adjustment rules should be for the context, only that the PC is not being adjusted now but needs to be adjusted. =3D=3D=3D Mark Millard markmi at dsl-only.net On 2017-Aug-31, at 12:13 PM, Mark Millard = wrote: [Turns out that the emulated program counter is not progressing for syscall emulation, at least for [some] syscall [failure] cases.] On 2017-Aug-30, at 8:43 PM, Mark Millard wrote: > On 2017-Aug-30, at 4:32 PM, Don Lewis wrote: >=20 >> On 30 Aug, Mark Millard wrote: >>> On 2017-Aug-30, at 4:00 AM, Mark Linimon = wrote: >>>=20 >>>> On Wed, Aug 30, 2017 at 03:09:40AM -0700, Mark Millard wrote: >>>>> It appears that qemu-ppc64-static and qemu-ppc-static from >>>>> emulators/qemu-user-static are broken. >>>>=20 >>>> Correct, and known for some time. (fwiw sparc64 hangs as well.) >>>=20 >>> Looks like qemu-ppc64-static is stuck in a loop, calling >>> repeatedly: >>>=20 >>> do_freebsd_syscall (cpu_env=3D0x860ea3ac0, num=3D58, arg1=3D14, = arg2=3D35995509911, arg3=3D1024, arg4=3D268435904, arg5=3D281494784, = arg6=3D35985701568, arg7=3D515, arg8=3D35985668288) >>> at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/syscall.c:210 >>> 210 = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/syscall.c: No such file or directory. >>>=20 >>> Which is for: >>>=20 >>> 58 AUE_READLINK STD { ssize_t readlink(char *path, char = *buf, \ >>> size_t count); } >>>=20 >>> As confirmed by (note the "callq 0x60207360 " ): >>>=20 >>> (gdb)=20 >>> lock_user_string (guest_addr=3D14) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/qemu.h:508 >>> 508 = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/qemu.h: No such file or directory. >>>=20 >>> (gdb) x/64i 0x0000000060045d3e >>> =3D> 0x60045d3e : callq 0x6004fd20 = >>> 0x60045d43 : test %rax,%rax >>> 0x60045d46 : js 0x6004b99c = >>> 0x60045d4c : inc %rax >>> 0x60045d4f : mov $0x1,%edx >>> 0x60045d54 : mov %rbx,%rdi >>> 0x60045d57 : mov %rax,%rsi >>> 0x60045d5a : callq 0x6003c430 = >>> 0x60045d5f : test %eax,%eax >>> 0x60045d61 : jne 0x6004bce4 = >>> 0x60045d67 : add = 0x26d91b2(%rip),%rbx # 0x6271ef20 >>> 0x60045d6e : je 0x6004bce4 = >>> 0x60045d74 : mov $0x3,%edx >>> 0x60045d79 : mov -0x2a8(%rbp),%r14 >>> 0x60045d80 : mov %r14,%rdi >>> 0x60045d83 : mov %r12,%rsi >>> 0x60045d86 : callq 0x6003c430 = >>> 0x60045d8b : test %eax,%eax >>> 0x60045d8d : jne 0x6004bce4 = >>> 0x60045d93 : add = 0x26d9186(%rip),%r14 # 0x6271ef20 >>> 0x60045d9a : mov = -0x294(%rbp),%r10d >>> 0x60045da1 : mov = $0xfffffffffffffff2,%r13 >>> 0x60045da8 : je 0x6004bcf2 = >>> 0x60045dae : mov $0x602b93da,%esi >>> 0x60045db3 : mov %rbx,%rdi >>> 0x60045db6 : callq 0x60230af0 = >>> 0x60045dbb : test %eax,%eax >>> 0x60045dbd : je 0x6004c566 = >>> 0x60045dc3 : mov %rbx,%rdi >>> 0x60045dc6 : callq 0x60158660 >>> 0x60045dcb : mov %rax,%rdi >>> 0x60045dce : mov %r14,%rsi >>> 0x60045dd1 : mov %r12,%rdx >>> 0x60045dd4 : callq 0x60207360 = >>>=20 >>> But note that the "lock_user_string (guest_addr=3D14)" and >>> "do_freebsd_syscall (cpu_env=3D0x860ea3ac0, num=3D58, arg1=3D14," >>> indicate that the "readlink(char *path," is using a really >>> small address for the path string. >>>=20 >>>=20 >>> I've not figured a way for poudriere bulk builds to leave >>> behind the source code automatically. So far I've not >>> looked at the qemu-bsd-user source code. I do build with >>> both debug and optimization turned on via bsd.port.mk >>> having: >>=20 >> The -w option will create a tarball of the work directory if the >> package build fails. I also often use the testport -i option I want = to >> poke around in the WRKDIR after a build. >=20 > I've been using -w right along. But I'd not used testport at all. >=20 > It looks to me like the syscall errno handling is messed > up. The details that I've observed follow. It follows > a simplified sequence of discovery as far a presentation > order goes. >=20 > The looping code is: >=20 > static inline void target_cpu_loop(CPUPPCState *env) > { > CPUState *cs =3D CPU(ppc_env_get_cpu(env)); > target_siginfo_t info; > int trapnr; > target_ulong ret; >=20 > for(;;) { > cpu_exec_start(cs); > trapnr =3D cpu_exec(cs); > cpu_exec_end(cs); > process_queued_cpu_work(cs); >=20 > switch(trapnr) { > . . . > case POWERPC_EXCP_SYSCALL_USER: > /* system call in user-mode emulation */ > /* WARNING: > * PPC ABI uses overflow flag in cr0 to signal an error > * in syscalls. > */ > env->crf[0] &=3D ~0x1; > ret =3D do_freebsd_syscall(env, env->gpr[0], env->gpr[3], = env->gpr[4], > env->gpr[5], env->gpr[6], env->gpr[7], > env->gpr[8], env->gpr[9], env->gpr[10]); > if (ret =3D=3D (target_ulong)(-TARGET_QEMU_ESIGRETURN)) { > /* Returning from a successful sigreturn syscall. > Avoid corrupting register state. */ > break; > } > if (ret > (target_ulong)(-515)) { > env->crf[0] |=3D 0x1; > ret =3D -ret; > } > env->gpr[3] =3D ret; > break; > . . . > } > process_pending_signals(env); > } > } >=20 > The observed env->gpr[3] =3D=3D 14 is from a prior loop > iteration having ret =3D=3D 14 in the: >=20 > env->gpr[3] =3D ret; >=20 > Prior to this were the values (as seen via > lock_user_string): >=20 > guest_addr=3D278408977 > guest_addr=3D2 >=20 > That 2 also came from the prior ret =3D=3D 2 in the: >=20 > env->gpr[3] =3D ret; >=20 > from when the 278408977 was in being attempted. >=20 > For both the ret =3D=3D 2 and ret =3D=3D 14 were from: >=20 > ret =3D -ret; >=20 > so the return values from do_freebsd_syscall were > -2 and -14 (interpreted as signed). >=20 > The return values trace back to the following code, > where TARGET_EFAULT =3D=3D 14 : >=20 > static inline abi_long do_bsd_readlink(CPUArchState *env, abi_long = arg1, > abi_long arg2, abi_long arg3) > { > abi_long ret; > void *p1, *p2; >=20 > LOCK_PATH(p1, arg1); > p2 =3D lock_user(VERIFY_WRITE, arg2, arg3, 0); > if (p2 =3D=3D NULL) { > UNLOCK_PATH(p1, arg1); > return -TARGET_EFAULT; > } > #ifdef __FreeBSD__ > if (strcmp(p1, "/proc/curproc/file") =3D=3D 0) { > CPUState *cpu =3D ENV_GET_CPU(env); > TaskState *ts =3D (TaskState *)cpu->opaque; > strncpy(p2, ts->bprm->fullpath, arg3); > ret =3D MIN((abi_long)strlen(ts->bprm->fullpath), arg3); > } else > #endif > ret =3D get_errno(readlink(path(p1), p2, arg3)); > unlock_user(p2, arg2, ret); > UNLOCK_PATH(p1, arg1); >=20 > return ret; > } >=20 > The 2 is from: >=20 > ret =3D get_errno(readlink(path(p1), p2, arg3)); >=20 > At the time the p1 points to "/etc/malloc.conf": >=20 > (gdb) step=20 > path (name=3D0x10982f11 "/etc/malloc.conf") at util/path.c:173 >=20 > 169 const char *path(const char *name) > 170 { > 171 /* Only do absolute paths: quick and dirty, but should = mostly be OK. > 172 Could do relative by tracking cwd. */ > (gdb)=20 > 173 if (!base || !name || name[0] !=3D '/') > 174 return name; > 175=09 > 176 return follow_path(base, name) ?: name; > 177 } >=20 > (gdb) print base > $8 =3D (struct pathelem *) 0x0 >=20 > So name is returned unchanged. >=20 >=20 > The 2 is in turn from: >=20 > #define __ENOENT 2 /* No such file or = directory */ >=20 >=20 > Overall one oddity is that this code structure > seems to use -ret from: >=20 > ret =3D do_freebsd_syscall(env, env->gpr[0], env->gpr[3], = env->gpr[4], > env->gpr[5], env->gpr[6], env->gpr[7], > env->gpr[8], env->gpr[9], env->gpr[10]); >=20 > to retry the same operation again the next iteration, > but with env->gpr[3] =3D=3D -ret (as ret was on the return > of do_freebsd_syscall ). >=20 > Once abs(ret) =3D=3D 14 it is fully stuck repeating itself. >=20 > I've no clue if: >=20 > env->gpr[3] =3D ret; >=20 > even makes sense here. >=20 > I've not tried to track down the memory leak activity > that is associated. >=20 > Nor have I checked anything for the: >=20 > cpu_exec_start(cs); > trapnr =3D cpu_exec(cs); > cpu_exec_end(cs); > process_queued_cpu_work(cs); >=20 > activity. It likely contributes to why the loop > retries the readlink again (with a junk address > for the path). I do not see activity advancing the emulated program counter as this looping/retrying happens. Nor anything that is adjusting the problematical re-used env->gpr[3] other than the: 516 env->gpr[3] =3D ret; after the negation of ret for the syscall failure handling. This is confirmed by the following: (gdb) bt #0 cpu_tb_exec (cpu=3D0x860e9b8c0, itb=3D0x60723340 = ) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:141 #1 0x0000000060039cb5 in cpu_loop_exec_tb (cpu=3D, = tb=3D, last_tb=3D, tb_exit=3D) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:574 #2 cpu_exec (cpu=3D) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:672 #3 0x000000006003c988 in target_cpu_loop (env=3D0x860ea3ac0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/ppc/target_arch_cpu.h:139 #4 cpu_loop (env=3D0x860ea3ac0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/main.c:121 #5 0x000000006003e003 in main (argc=3D, argv=3D) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/main.c:516 . . . (gdb) list 569 { 570 uintptr_t ret; 571 int32_t insns_left; 572=09 573 trace_exec_tb(tb, tb->pc); 574 ret =3D cpu_tb_exec(cpu, tb); 575 tb =3D (TranslationBlock *)(ret & ~TB_EXIT_MASK); 576 *tb_exit =3D ret & TB_EXIT_MASK; 577 if (*tb_exit !=3D TB_EXIT_REQUESTED) { 578 *last_tb =3D tb; . . . cpu_tb_exec (cpu=3D0x860e9b8c0, itb=3D0x60723340 = ) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:141 141 CPUArchState *env =3D cpu->env_ptr; (gdb) print/x itb->pc $16 =3D 0x1074d784 (gdb) c Continuing. Thread 1 hit Breakpoint 9, cpu_tb_exec (cpu=3D0x860e9b8c0, = itb=3D0x60723340 ) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:141 141 CPUArchState *env =3D cpu->env_ptr; . . . (gdb) print/x itb->pc $18 =3D 0x1074d784 (gdb) c Continuing. Thread 1 hit Breakpoint 9, cpu_tb_exec (cpu=3D0x860e9b8c0, = itb=3D0x60723340 ) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:141 141 CPUArchState *env =3D cpu->env_ptr; (gdb) print/x itb->pc $19 =3D 0x1074d784 (gdb) c Continuing. Thread 1 hit Breakpoint 9, cpu_tb_exec (cpu=3D0x860e9b8c0, = itb=3D0x60723340 ) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:141 141 CPUArchState *env =3D cpu->env_ptr; (gdb) print/x itb->pc $20 =3D 0x1074d784 and so on. So it appears that syscall emulation does not progress the emulated instruction pointer and so the syscall repeats over and over. (I've still not tracked down what is leaking memory during this looping. But that is probably a secodnary concern at this point.) So how does the code get from: 139 trapnr =3D cpu_exec(cs); to (re-)trying the failed syscall (readlink) attempt? (gdb) bt #0 0x00000000601e25c0 in siglongjmp () #1 0x000000006003a1aa in cpu_loop_exit_restore (cpu=3D, = pc=3D) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec-common.c:77 #2 0x00000000600e0eeb in raise_exception_err_ra (env=3D, = exception=3D, error_code=3D0, raddr=3D0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/t= arget/ppc/excp_helper.c:905 #3 helper_raise_exception_err (env=3D, = exception=3D, error_code=3D0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/t= arget/ppc/excp_helper.c:928 #4 0x00000000607233e6 in static_code_gen_buffer () #5 0x0000000060039ffa in cpu_tb_exec (cpu=3D0x860e9b8c0, itb=3D0x60723340= ) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:166 #6 0x0000000060039cb5 in cpu_loop_exec_tb (cpu=3D, = tb=3D, last_tb=3D, tb_exit=3D) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:574 #7 cpu_exec (cpu=3D) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:672 #8 0x000000006003c988 in target_cpu_loop (env=3D0x860ea3ac0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/ppc/target_arch_cpu.h:139 #9 cpu_loop (env=3D0x860ea3ac0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/main.c:121 #10 0x000000006003e003 in main (argc=3D, argv=3D) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/main.c:516 It does a siglongjmp via helper_raise_execption_err : (gdb) up #1 0x0000000060039ffa in cpu_tb_exec (cpu=3D0x860e9b8c0, itb=3D0x60723340= ) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:166 166 ret =3D tcg_qemu_tb_exec(env, tb_ptr); (gdb) list 161 qemu_log_unlock(); 162 } 163 #endif /* DEBUG_DISAS */ 164=09 165 cpu->can_do_io =3D !use_icount; 166 ret =3D tcg_qemu_tb_exec(env, tb_ptr); 167 cpu->can_do_io =3D 1; 168 last_tb =3D (TranslationBlock *)(ret & ~TB_EXIT_MASK); 169 tb_exit =3D ret & TB_EXIT_MASK; 170 trace_exec_tb_exit(last_tb, tb_exit); (gdb) print tb_ptr $11 =3D (uint8_t *) 0x607233c0 = "A\213n\354\205\355\017\214\037" 0x607233c0 : mov -0x14(%r14),%ebp 0x607233c4 : test %ebp,%ebp 0x607233c6 : jl 0x607233eb = 0x607233cc : movq = $0x1074d784,0x3c8(%r14) 0x607233d7 : mov %r14,%rdi 0x607233da : mov $0x203,%esi 0x607233df : xor %edx,%edx 0x607233e1 : callq 0x600e0ed0 = =3D> 0x607233e6 : jmpq 0x6071ef06 = 0x607233eb : mov $0x60723343,%eax 0x607233f0 : jmpq 0x6071ef08 = The exception is exception=3D=3D515 . 515 is the figure matching up with POWERPC_EXCP_SYSCALL_USER . (gdb) stepi helper_raise_exception_err (env=3D0x860ea3ac0, exception=3D515, = error_code=3D0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/t= arget/ppc/excp_helper.c:927 927 { (gdb) bt #0 helper_raise_exception_err (env=3D0x860ea3ac0, exception=3D515, = error_code=3D0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/t= arget/ppc/excp_helper.c:927 #1 0x00000000607233e6 in static_code_gen_buffer () #2 0x0000000060039ffa in cpu_tb_exec (cpu=3D0x860e9b8c0, itb=3D0x60723340= ) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:166 #3 0x0000000060039cb5 in cpu_loop_exec_tb (cpu=3D, = tb=3D, last_tb=3D, tb_exit=3D) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:574 #4 cpu_exec (cpu=3D) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:672 #5 0x000000006003c988 in target_cpu_loop (env=3D0x860ea3ac0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/ppc/target_arch_cpu.h:139 #6 cpu_loop (env=3D0x860ea3ac0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/main.c:121 #7 0x000000006003e003 in main (argc=3D, argv=3D) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/main.c:516 Later there is: raise_exception_err_ra (env=3D0x860ea3ac0, exception=3D515, = error_code=3D0, raddr=3D0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/t= arget/ppc/excp_helper.c:903 903 cs->exception_index =3D exception; and then: (gdb) s cpu_loop_exit_restore (cpu=3D0x860e9b8c0, pc=3D0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec-common.c:74 74 if (pc) { (gdb) n 77 siglongjmp(cpu->jmp_env, 1); (gdb) n 0x00000000600398e9 in cpu_exec (cpu=3D0x860e9b8c0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:645 645 if (sigsetjmp(cpu->jmp_env, 0) !=3D 0) { (gdb) bt #0 0x00000000600398e9 in cpu_exec (cpu=3D0x860e9b8c0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:645 #1 0x000000006003c988 in target_cpu_loop (env=3D0x860ea3ac0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/ppc/target_arch_cpu.h:139 #2 cpu_loop (env=3D0x860ea3ac0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/main.c:121 #3 0x000000006003e003 in main (argc=3D, argv=3D) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/main.c:516 (gdb) n 651 cpu =3D current_cpu; (gdb)=20 652 cc =3D CPU_GET_CLASS(cpu); (gdb)=20 658 cpu->can_do_io =3D 1; (gdb)=20 659 tb_lock_reset(); (gdb)=20 660 if (qemu_mutex_iothread_locked()) { (gdb)=20 661 qemu_mutex_unlock_iothread(); (gdb)=20 666 while (!cpu_handle_exception(cpu, &ret)) { (gdb)=20 679 cc->cpu_exec_exit(cpu); (gdb) n 680 rcu_read_unlock(); (gdb) n 683 } (gdb) n target_cpu_loop (env=3D0x860ea3ac0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/ppc/target_arch_cpu.h:140 140 cpu_exec_end(cs); And it sends up back in: 141 process_queued_cpu_work(cs); 142=09 143 switch(trapnr) { . . . 497 case POWERPC_EXCP_SYSCALL_USER: 498 /* system call in user-mode emulation */ 499 /* WARNING: 500 * PPC ABI uses overflow flag in cr0 to signal an = error 501 * in syscalls. 502 */ (gdb)=20 503 env->crf[0] &=3D ~0x1; 504 ret =3D do_freebsd_syscall(env, env->gpr[0], = env->gpr[3], env->gpr[4], 505 env->gpr[5], env->gpr[6], = env->gpr[7], 506 env->gpr[8], env->gpr[9], = env->gpr[10]); 507 if (ret =3D=3D = (target_ulong)(-TARGET_QEMU_ESIGRETURN)) { 508 /* Returning from a successful sigreturn = syscall. 509 Avoid corrupting register state. */ 510 break; 511 } 512 if (ret > (target_ulong)(-515)) { (gdb)=20 513 env->crf[0] |=3D 0x1; 514 ret =3D -ret; 515 } 516 env->gpr[3] =3D ret; 517 break; =3D=3D=3D Mark Millard markmi at dsl-only.net From owner-freebsd-ppc@freebsd.org Thu Aug 31 23:37:37 2017 Return-Path: Delivered-To: freebsd-ppc@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 673E9E0AFBC for ; Thu, 31 Aug 2017 23:37:37 +0000 (UTC) (envelope-from markmi@dsl-only.net) Received: from asp.reflexion.net (outbound-mail-210-94.reflexion.net [208.70.210.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 287EC6CA89 for ; Thu, 31 Aug 2017 23:37:36 +0000 (UTC) (envelope-from markmi@dsl-only.net) Received: (qmail 5909 invoked from network); 31 Aug 2017 23:37:30 -0000 Received: from unknown (HELO rtc-sm-01.app.dca.reflexion.local) (10.81.150.1) by 0 (rfx-qmail) with SMTP; 31 Aug 2017 23:37:30 -0000 Received: by rtc-sm-01.app.dca.reflexion.local (Reflexion email security v8.40.2) with SMTP; Thu, 31 Aug 2017 19:37:30 -0400 (EDT) Received: (qmail 5645 invoked from network); 31 Aug 2017 23:37:29 -0000 Received: from unknown (HELO iron2.pdx.net) (69.64.224.71) by 0 (rfx-qmail) with (AES256-SHA encrypted) SMTP; 31 Aug 2017 23:37:29 -0000 Received: from [192.168.1.109] (c-67-170-167-181.hsd1.or.comcast.net [67.170.167.181]) by iron2.pdx.net (Postfix) with ESMTPSA id 0D2E5EC7ED7; Thu, 31 Aug 2017 16:37:29 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: FYI: qemu-ppc64-static and qemu-ppc-static "live-hang" when I attempt use with poudriere; qemu-arm-static and qemu-aarch64-static work From: Mark Millard In-Reply-To: Date: Thu, 31 Aug 2017 16:37:28 -0700 Cc: Mark Linimon , Don Lewis , FreeBSD Toolchain , FreeBSD Ports , FreeBSD PowerPC ML Content-Transfer-Encoding: quoted-printable Message-Id: <32379D16-A06E-4BE8-8FC5-C68A8B80E1D2@dsl-only.net> References: <201708302332.v7UNWSVY073465@gw.catspoiler.org> <9B916738-394B-48B7-AA2E-6193F54760B3@dsl-only.net> <85B5ADE0-5573-4E04-8EC3-CB5751C035FF@dsl-only.net> To: Sean Bruno X-Mailer: Apple Mail (2.3273) X-BeenThere: freebsd-ppc@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Porting FreeBSD to the PowerPC List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Aug 2017 23:37:37 -0000 [I show some of the target/ppc/translate.c source code and related material this time. Not that I know enough to patch it correctly.] On 2017-Aug-31, at 12:13 PM, Mark Millard = wrote: > [Turns out that the emulated program counter is not progressing > for syscall emulation, at least for [some] syscall [failure] cases.] >=20 > On 2017-Aug-30, at 8:43 PM, Mark Millard = wrote: >=20 >> On 2017-Aug-30, at 4:32 PM, Don Lewis = wrote: >>=20 >>> On 30 Aug, Mark Millard wrote: >>>> On 2017-Aug-30, at 4:00 AM, Mark Linimon = wrote: >>>>=20 >>>>> On Wed, Aug 30, 2017 at 03:09:40AM -0700, Mark Millard wrote: >>>>>> It appears that qemu-ppc64-static and qemu-ppc-static from >>>>>> emulators/qemu-user-static are broken. >>>>>=20 >>>>> Correct, and known for some time. (fwiw sparc64 hangs as well.) >>>>=20 >>>> Looks like qemu-ppc64-static is stuck in a loop, calling >>>> repeatedly: >>>>=20 >>>> do_freebsd_syscall (cpu_env=3D0x860ea3ac0, num=3D58, arg1=3D14, = arg2=3D35995509911, arg3=3D1024, arg4=3D268435904, arg5=3D281494784, = arg6=3D35985701568, arg7=3D515, arg8=3D35985668288) >>>> at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/syscall.c:210 >>>> 210 = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/syscall.c: No such file or directory. >>>>=20 >>>> Which is for: >>>>=20 >>>> 58 AUE_READLINK STD { ssize_t readlink(char *path, char = *buf, \ >>>> size_t count); } >>>>=20 >>>> As confirmed by (note the "callq 0x60207360 " ): >>>>=20 >>>> (gdb)=20 >>>> lock_user_string (guest_addr=3D14) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/qemu.h:508 >>>> 508 = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/qemu.h: No such file or directory. >>>>=20 >>>> (gdb) x/64i 0x0000000060045d3e >>>> =3D> 0x60045d3e : callq 0x6004fd20 = >>>> 0x60045d43 : test %rax,%rax >>>> 0x60045d46 : js 0x6004b99c = >>>> 0x60045d4c : inc %rax >>>> 0x60045d4f : mov $0x1,%edx >>>> 0x60045d54 : mov %rbx,%rdi >>>> 0x60045d57 : mov %rax,%rsi >>>> 0x60045d5a : callq 0x6003c430 = >>>> 0x60045d5f : test %eax,%eax >>>> 0x60045d61 : jne 0x6004bce4 = >>>> 0x60045d67 : add = 0x26d91b2(%rip),%rbx # 0x6271ef20 >>>> 0x60045d6e : je 0x6004bce4 = >>>> 0x60045d74 : mov $0x3,%edx >>>> 0x60045d79 : mov -0x2a8(%rbp),%r14 >>>> 0x60045d80 : mov %r14,%rdi >>>> 0x60045d83 : mov %r12,%rsi >>>> 0x60045d86 : callq 0x6003c430 = >>>> 0x60045d8b : test %eax,%eax >>>> 0x60045d8d : jne 0x6004bce4 = >>>> 0x60045d93 : add = 0x26d9186(%rip),%r14 # 0x6271ef20 >>>> 0x60045d9a : mov = -0x294(%rbp),%r10d >>>> 0x60045da1 : mov = $0xfffffffffffffff2,%r13 >>>> 0x60045da8 : je 0x6004bcf2 = >>>> 0x60045dae : mov $0x602b93da,%esi >>>> 0x60045db3 : mov %rbx,%rdi >>>> 0x60045db6 : callq 0x60230af0 = >>>> 0x60045dbb : test %eax,%eax >>>> 0x60045dbd : je 0x6004c566 = >>>> 0x60045dc3 : mov %rbx,%rdi >>>> 0x60045dc6 : callq 0x60158660 >>>> 0x60045dcb : mov %rax,%rdi >>>> 0x60045dce : mov %r14,%rsi >>>> 0x60045dd1 : mov %r12,%rdx >>>> 0x60045dd4 : callq 0x60207360 = >>>>=20 >>>> But note that the "lock_user_string (guest_addr=3D14)" and >>>> "do_freebsd_syscall (cpu_env=3D0x860ea3ac0, num=3D58, arg1=3D14," >>>> indicate that the "readlink(char *path," is using a really >>>> small address for the path string. >>>>=20 >>>>=20 >>>> I've not figured a way for poudriere bulk builds to leave >>>> behind the source code automatically. So far I've not >>>> looked at the qemu-bsd-user source code. I do build with >>>> both debug and optimization turned on via bsd.port.mk >>>> having: >>>=20 >>> The -w option will create a tarball of the work directory if the >>> package build fails. I also often use the testport -i option I want = to >>> poke around in the WRKDIR after a build. >>=20 >> I've been using -w right along. But I'd not used testport at all. >>=20 >> It looks to me like the syscall errno handling is messed >> up. The details that I've observed follow. It follows >> a simplified sequence of discovery as far a presentation >> order goes. >>=20 >> The looping code is: >>=20 >> static inline void target_cpu_loop(CPUPPCState *env) >> { >> CPUState *cs =3D CPU(ppc_env_get_cpu(env)); >> target_siginfo_t info; >> int trapnr; >> target_ulong ret; >>=20 >> for(;;) { >> cpu_exec_start(cs); >> trapnr =3D cpu_exec(cs); >> cpu_exec_end(cs); >> process_queued_cpu_work(cs); >>=20 >> switch(trapnr) { >> . . . >> case POWERPC_EXCP_SYSCALL_USER: >> /* system call in user-mode emulation */ >> /* WARNING: >> * PPC ABI uses overflow flag in cr0 to signal an error >> * in syscalls. >> */ >> env->crf[0] &=3D ~0x1; >> ret =3D do_freebsd_syscall(env, env->gpr[0], env->gpr[3], = env->gpr[4], >> env->gpr[5], env->gpr[6], env->gpr[7], >> env->gpr[8], env->gpr[9], env->gpr[10]); >> if (ret =3D=3D (target_ulong)(-TARGET_QEMU_ESIGRETURN)) { >> /* Returning from a successful sigreturn syscall. >> Avoid corrupting register state. */ >> break; >> } >> if (ret > (target_ulong)(-515)) { >> env->crf[0] |=3D 0x1; >> ret =3D -ret; >> } >> env->gpr[3] =3D ret; >> break; >> . . . >> } >> process_pending_signals(env); >> } >> } >>=20 >> The observed env->gpr[3] =3D=3D 14 is from a prior loop >> iteration having ret =3D=3D 14 in the: >>=20 >> env->gpr[3] =3D ret; >>=20 >> Prior to this were the values (as seen via >> lock_user_string): >>=20 >> guest_addr=3D278408977 >> guest_addr=3D2 >>=20 >> That 2 also came from the prior ret =3D=3D 2 in the: >>=20 >> env->gpr[3] =3D ret; >>=20 >> from when the 278408977 was in being attempted. >>=20 >> For both the ret =3D=3D 2 and ret =3D=3D 14 were from: >>=20 >> ret =3D -ret; >>=20 >> so the return values from do_freebsd_syscall were >> -2 and -14 (interpreted as signed). >>=20 >> The return values trace back to the following code, >> where TARGET_EFAULT =3D=3D 14 : >>=20 >> static inline abi_long do_bsd_readlink(CPUArchState *env, abi_long = arg1, >> abi_long arg2, abi_long arg3) >> { >> abi_long ret; >> void *p1, *p2; >>=20 >> LOCK_PATH(p1, arg1); >> p2 =3D lock_user(VERIFY_WRITE, arg2, arg3, 0); >> if (p2 =3D=3D NULL) { >> UNLOCK_PATH(p1, arg1); >> return -TARGET_EFAULT; >> } >> #ifdef __FreeBSD__ >> if (strcmp(p1, "/proc/curproc/file") =3D=3D 0) { >> CPUState *cpu =3D ENV_GET_CPU(env); >> TaskState *ts =3D (TaskState *)cpu->opaque; >> strncpy(p2, ts->bprm->fullpath, arg3); >> ret =3D MIN((abi_long)strlen(ts->bprm->fullpath), arg3); >> } else >> #endif >> ret =3D get_errno(readlink(path(p1), p2, arg3)); >> unlock_user(p2, arg2, ret); >> UNLOCK_PATH(p1, arg1); >>=20 >> return ret; >> } >>=20 >> The 2 is from: >>=20 >> ret =3D get_errno(readlink(path(p1), p2, arg3)); >>=20 >> At the time the p1 points to "/etc/malloc.conf": >>=20 >> (gdb) step=20 >> path (name=3D0x10982f11 "/etc/malloc.conf") at util/path.c:173 >>=20 >> 169 const char *path(const char *name) >> 170 { >> 171 /* Only do absolute paths: quick and dirty, but should = mostly be OK. >> 172 Could do relative by tracking cwd. */ >> (gdb)=20 >> 173 if (!base || !name || name[0] !=3D '/') >> 174 return name; >> 175=09 >> 176 return follow_path(base, name) ?: name; >> 177 } >>=20 >> (gdb) print base >> $8 =3D (struct pathelem *) 0x0 >>=20 >> So name is returned unchanged. >>=20 >>=20 >> The 2 is in turn from: >>=20 >> #define __ENOENT 2 /* No such file or = directory */ >>=20 >>=20 >> Overall one oddity is that this code structure >> seems to use -ret from: >>=20 >> ret =3D do_freebsd_syscall(env, env->gpr[0], env->gpr[3], = env->gpr[4], >> env->gpr[5], env->gpr[6], env->gpr[7], >> env->gpr[8], env->gpr[9], env->gpr[10]); >>=20 >> to retry the same operation again the next iteration, >> but with env->gpr[3] =3D=3D -ret (as ret was on the return >> of do_freebsd_syscall ). >>=20 >> Once abs(ret) =3D=3D 14 it is fully stuck repeating itself. >>=20 >> I've no clue if: >>=20 >> env->gpr[3] =3D ret; >>=20 >> even makes sense here. >>=20 >> I've not tried to track down the memory leak activity >> that is associated. >>=20 >> Nor have I checked anything for the: >>=20 >> cpu_exec_start(cs); >> trapnr =3D cpu_exec(cs); >> cpu_exec_end(cs); >> process_queued_cpu_work(cs); >>=20 >> activity. It likely contributes to why the loop >> retries the readlink again (with a junk address >> for the path). >=20 > I do not see activity advancing the emulated > program counter as this looping/retrying happens. > Nor anything that is adjusting the problematical > re-used env->gpr[3] other than the: >=20 > 516 env->gpr[3] =3D ret; >=20 > after the negation of ret for the syscall failure > handling. >=20 > This is confirmed by the following: >=20 > (gdb) bt > #0 cpu_tb_exec (cpu=3D0x860e9b8c0, itb=3D0x60723340 = ) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:141 > #1 0x0000000060039cb5 in cpu_loop_exec_tb (cpu=3D, = tb=3D, last_tb=3D, tb_exit=3D) > at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:574 > #2 cpu_exec (cpu=3D) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:672 > #3 0x000000006003c988 in target_cpu_loop (env=3D0x860ea3ac0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/ppc/target_arch_cpu.h:139 > #4 cpu_loop (env=3D0x860ea3ac0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/main.c:121 > #5 0x000000006003e003 in main (argc=3D, = argv=3D) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/main.c:516 > . . . > (gdb) list > 569 { > 570 uintptr_t ret; > 571 int32_t insns_left; > 572=09 > 573 trace_exec_tb(tb, tb->pc); > 574 ret =3D cpu_tb_exec(cpu, tb); > 575 tb =3D (TranslationBlock *)(ret & ~TB_EXIT_MASK); > 576 *tb_exit =3D ret & TB_EXIT_MASK; > 577 if (*tb_exit !=3D TB_EXIT_REQUESTED) { > 578 *last_tb =3D tb; > . . . > cpu_tb_exec (cpu=3D0x860e9b8c0, itb=3D0x60723340 = ) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:141 > 141 CPUArchState *env =3D cpu->env_ptr; > (gdb) print/x itb->pc > $16 =3D 0x1074d784 > (gdb) c > Continuing. >=20 > Thread 1 hit Breakpoint 9, cpu_tb_exec (cpu=3D0x860e9b8c0, = itb=3D0x60723340 ) > at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:141 > 141 CPUArchState *env =3D cpu->env_ptr; > . . . > (gdb) print/x itb->pc > $18 =3D 0x1074d784 > (gdb) c > Continuing. >=20 > Thread 1 hit Breakpoint 9, cpu_tb_exec (cpu=3D0x860e9b8c0, = itb=3D0x60723340 ) > at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:141 > 141 CPUArchState *env =3D cpu->env_ptr; > (gdb) print/x itb->pc > $19 =3D 0x1074d784 > (gdb) c > Continuing. >=20 > Thread 1 hit Breakpoint 9, cpu_tb_exec (cpu=3D0x860e9b8c0, = itb=3D0x60723340 ) > at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:141 > 141 CPUArchState *env =3D cpu->env_ptr; > (gdb) print/x itb->pc > $20 =3D 0x1074d784 >=20 > and so on. >=20 > So it appears that syscall emulation does not progress the > emulated instruction pointer and so the syscall repeats > over and over. >=20 > (I've still not tracked down what is leaking memory > during this looping. But that is probably a secodnary > concern at this point.) >=20 >=20 > So how does the code get from: >=20 > 139 trapnr =3D cpu_exec(cs); >=20 > to (re-)trying the failed syscall (readlink) attempt? >=20 > (gdb) bt > #0 0x00000000601e25c0 in siglongjmp () > #1 0x000000006003a1aa in cpu_loop_exit_restore (cpu=3D, pc=3D) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec-common.c:77 > #2 0x00000000600e0eeb in raise_exception_err_ra (env=3D, exception=3D, error_code=3D0, raddr=3D0) > at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/t= arget/ppc/excp_helper.c:905 > #3 helper_raise_exception_err (env=3D, = exception=3D, error_code=3D0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/t= arget/ppc/excp_helper.c:928 > #4 0x00000000607233e6 in static_code_gen_buffer () > #5 0x0000000060039ffa in cpu_tb_exec (cpu=3D0x860e9b8c0, = itb=3D0x60723340 ) > at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:166 > #6 0x0000000060039cb5 in cpu_loop_exec_tb (cpu=3D, = tb=3D, last_tb=3D, tb_exit=3D) > at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:574 > #7 cpu_exec (cpu=3D) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:672 > #8 0x000000006003c988 in target_cpu_loop (env=3D0x860ea3ac0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/ppc/target_arch_cpu.h:139 > #9 cpu_loop (env=3D0x860ea3ac0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/main.c:121 > #10 0x000000006003e003 in main (argc=3D, = argv=3D) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/main.c:516 >=20 > It does a siglongjmp via helper_raise_execption_err : >=20 > (gdb) up > #1 0x0000000060039ffa in cpu_tb_exec (cpu=3D0x860e9b8c0, = itb=3D0x60723340 ) > at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:166 > 166 ret =3D tcg_qemu_tb_exec(env, tb_ptr); > (gdb) list > 161 qemu_log_unlock(); > 162 } > 163 #endif /* DEBUG_DISAS */ > 164=09 > 165 cpu->can_do_io =3D !use_icount; > 166 ret =3D tcg_qemu_tb_exec(env, tb_ptr); > 167 cpu->can_do_io =3D 1; > 168 last_tb =3D (TranslationBlock *)(ret & ~TB_EXIT_MASK); > 169 tb_exit =3D ret & TB_EXIT_MASK; > 170 trace_exec_tb_exit(last_tb, tb_exit); > (gdb) print tb_ptr > $11 =3D (uint8_t *) 0x607233c0 = "A\213n\354\205\355\017\214\037" >=20 > 0x607233c0 : mov -0x14(%r14),%ebp > 0x607233c4 : test %ebp,%ebp > 0x607233c6 : jl 0x607233eb = > 0x607233cc : movq = $0x1074d784,0x3c8(%r14) > 0x607233d7 : mov %r14,%rdi > 0x607233da : mov $0x203,%esi > 0x607233df : xor %edx,%edx > 0x607233e1 : callq 0x600e0ed0 = > =3D> 0x607233e6 : jmpq = 0x6071ef06 > 0x607233eb : mov $0x60723343,%eax > 0x607233f0 : jmpq 0x6071ef08 = >=20 > The exception is exception=3D=3D515 . 515 is the > figure matching up with POWERPC_EXCP_SYSCALL_USER . >=20 > (gdb) stepi > helper_raise_exception_err (env=3D0x860ea3ac0, exception=3D515, = error_code=3D0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/t= arget/ppc/excp_helper.c:927 > 927 { > (gdb) bt > #0 helper_raise_exception_err (env=3D0x860ea3ac0, exception=3D515, = error_code=3D0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/t= arget/ppc/excp_helper.c:927 > #1 0x00000000607233e6 in static_code_gen_buffer () > #2 0x0000000060039ffa in cpu_tb_exec (cpu=3D0x860e9b8c0, = itb=3D0x60723340 ) > at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:166 > #3 0x0000000060039cb5 in cpu_loop_exec_tb (cpu=3D, = tb=3D, last_tb=3D, tb_exit=3D) > at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:574 > #4 cpu_exec (cpu=3D) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:672 > #5 0x000000006003c988 in target_cpu_loop (env=3D0x860ea3ac0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/ppc/target_arch_cpu.h:139 > #6 cpu_loop (env=3D0x860ea3ac0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/main.c:121 > #7 0x000000006003e003 in main (argc=3D, = argv=3D) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/main.c:516 >=20 > Later there is: >=20 > raise_exception_err_ra (env=3D0x860ea3ac0, exception=3D515, = error_code=3D0, raddr=3D0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/t= arget/ppc/excp_helper.c:903 > 903 cs->exception_index =3D exception; >=20 > and then: >=20 > (gdb) s > cpu_loop_exit_restore (cpu=3D0x860e9b8c0, pc=3D0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec-common.c:74 > 74 if (pc) { > (gdb) n > 77 siglongjmp(cpu->jmp_env, 1); > (gdb) n > 0x00000000600398e9 in cpu_exec (cpu=3D0x860e9b8c0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:645 > 645 if (sigsetjmp(cpu->jmp_env, 0) !=3D 0) { > (gdb) bt > #0 0x00000000600398e9 in cpu_exec (cpu=3D0x860e9b8c0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:645 > #1 0x000000006003c988 in target_cpu_loop (env=3D0x860ea3ac0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/ppc/target_arch_cpu.h:139 > #2 cpu_loop (env=3D0x860ea3ac0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/main.c:121 > #3 0x000000006003e003 in main (argc=3D, = argv=3D) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/main.c:516 > (gdb) n > 651 cpu =3D current_cpu; > (gdb)=20 > 652 cc =3D CPU_GET_CLASS(cpu); > (gdb)=20 > 658 cpu->can_do_io =3D 1; > (gdb)=20 > 659 tb_lock_reset(); > (gdb)=20 > 660 if (qemu_mutex_iothread_locked()) { > (gdb)=20 > 661 qemu_mutex_unlock_iothread(); > (gdb)=20 > 666 while (!cpu_handle_exception(cpu, &ret)) { > (gdb)=20 > 679 cc->cpu_exec_exit(cpu); > (gdb) n > 680 rcu_read_unlock(); > (gdb) n > 683 } > (gdb) n > target_cpu_loop (env=3D0x860ea3ac0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/ppc/target_arch_cpu.h:140 > 140 cpu_exec_end(cs); >=20 > And it sends up back in: >=20 > 141 process_queued_cpu_work(cs); > 142=09 > 143 switch(trapnr) { > . . . > 497 case POWERPC_EXCP_SYSCALL_USER: > 498 /* system call in user-mode emulation */ > 499 /* WARNING: > 500 * PPC ABI uses overflow flag in cr0 to signal an = error > 501 * in syscalls. > 502 */ > (gdb)=20 > 503 env->crf[0] &=3D ~0x1; > 504 ret =3D do_freebsd_syscall(env, env->gpr[0], = env->gpr[3], env->gpr[4], > 505 env->gpr[5], env->gpr[6], = env->gpr[7], > 506 env->gpr[8], env->gpr[9], = env->gpr[10]); > 507 if (ret =3D=3D = (target_ulong)(-TARGET_QEMU_ESIGRETURN)) { > 508 /* Returning from a successful sigreturn = syscall. > 509 Avoid corrupting register state. */ > 510 break; > 511 } > 512 if (ret > (target_ulong)(-515)) { > (gdb)=20 > 513 env->crf[0] |=3D 0x1; > 514 ret =3D -ret; > 515 } > 516 env->gpr[3] =3D ret; > 517 break; target/ppc/translate.c has : static inline void gen_update_nip(DisasContext *ctx, target_ulong nip) { if (NARROW_MODE(ctx)) { nip =3D (uint32_t)nip; } tcg_gen_movi_tl(cpu_nip, nip); } =20 static void gen_exception_err(DisasContext *ctx, uint32_t excp, uint32_t = error) { TCGv_i32 t0, t1; =20 /* These are all synchronous exceptions, we set the PC back to * the faulting instruction */ if (ctx->exception =3D=3D POWERPC_EXCP_NONE) { gen_update_nip(ctx, ctx->nip - 4); } t0 =3D tcg_const_i32(excp); t1 =3D tcg_const_i32(error); gen_helper_raise_exception_err(cpu_env, t0, t1); tcg_temp_free_i32(t0); tcg_temp_free_i32(t1); ctx->exception =3D (excp); } . . . #if defined(CONFIG_USER_ONLY) #define POWERPC_SYSCALL POWERPC_EXCP_SYSCALL_USER #else #define POWERPC_SYSCALL POWERPC_EXCP_SYSCALL #endif static void gen_sc(DisasContext *ctx) { uint32_t lev; lev =3D (ctx->opcode >> 5) & 0x7F; gen_exception_err(ctx, POWERPC_SYSCALL, lev); } And there is: Thread 1 hit Breakpoint 10, gen_sc (ctx=3D0x7ffffffe3f48) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/t= arget/ppc/translate.c:3703 3703 lev =3D (ctx->opcode >> 5) & 0x7F; (gdb) bt #0 gen_sc (ctx=3D0x7ffffffe3f48) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/t= arget/ppc/translate.c:3703 #1 0x0000000060064f4b in gen_intermediate_code (env=3D0x860ea3ac0, = tb=3D0x60723280 ) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/t= arget/ppc/translate.c:7360 #2 0x000000006003b090 in tb_gen_code (cpu=3D, = pc=3D276092800, cs_base=3D0, flags=3D33579008, cflags=3D0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/translate-all.c:1276 #3 0x0000000060039c14 in tb_find (cpu=3D, = last_tb=3D, tb_exit=3D) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:363 #4 cpu_exec (cpu=3D) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:671 #5 0x000000006003c988 in target_cpu_loop (env=3D0x860ea3ac0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/ppc/target_arch_cpu.h:139 #6 cpu_loop (env=3D0x860ea3ac0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/main.c:121 #7 0x000000006003e003 in main (argc=3D, argv=3D) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/b= sd-user/main.c:516(gdb) finish Run till exit from #0 gen_sc (ctx=3D0x7ffffffe3f48) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/t= arget/ppc/translate.c:3703 gen_intermediate_code (env=3D0x860ea3ac0, tb=3D0x60723280 = ) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/t= arget/ppc/translate.c:7365 7365 if (unlikely(ctx.singlestep_enabled & CPU_SINGLE_STEP && (gdb) finish Run till exit from #0 gen_sc (ctx=3D0x7ffffffe3f48) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/t= arget/ppc/translate.c:3703 gen_intermediate_code (env=3D0x860ea3ac0, tb=3D0x60723280 = ) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/t= arget/ppc/translate.c:7365 7365 if (unlikely(ctx.singlestep_enabled & CPU_SINGLE_STEP && (gdb) finish Run till exit from #0 gen_intermediate_code (env=3D0x860ea3ac0, = tb=3D0x60723280 ) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/t= arget/ppc/translate.c:7365 tb_gen_code (cpu=3D, pc=3D276092800, cs_base=3D0, = flags=3D33579008, cflags=3D0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/translate-all.c:1277 1277 tcg_ctx.cpu =3D NULL; (gdb) finish Run till exit from #0 tb_gen_code (cpu=3D, pc=3D276092800,= cs_base=3D0, flags=3D33579008, cflags=3D0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/translate-all.c:1277 0x0000000060039c14 in tb_find (cpu=3D, last_tb=3D, tb_exit=3D) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-17977d0/a= ccel/tcg/cpu-exec.c:363 363 tb =3D tb_gen_code(cpu, pc, cs_base, flags, 0); Value returned is $23 =3D (TranslationBlock *) 0x60723280 = Note that the: 0x607233cc : movq = $0x1074d784,0x3c8(%r14) is the emulated PC being forced to point back to the same syscall instruction again, generated via gen_update_nip(ctx, ctx->nip - 4) . The gen_sc instance (the first) seems to be responsible for: 0x607233cc : movq = $0x1074d784,0x3c8(%r14) 0x607233d7 : mov %r14,%rdi 0x607233da : mov $0x203,%esi 0x607233df : xor %edx,%edx 0x607233e1 : callq 0x600e0ed0 = =3D> 0x607233e6 : jmpq 0x6071ef06 = 0x607233eb : mov $0x60723343,%eax 0x607233f0 : jmpq 0x6071ef08 = being generated as its callers "finish" (see above). (helper_raise_exception_err leads to siglongjmp so the call does not return.) If I interpret everything right, even for a successful readlink (or other syscall) the emulated PC would not be updated to the next instruction and the code would loop, repeating the syscall. It appears to me that something is wrong with the logic: static void gen_exception_err(DisasContext *ctx, uint32_t excp, uint32_t = error) { TCGv_i32 t0, t1; =20 /* These are all synchronous exceptions, we set the PC back to * the faulting instruction */ if (ctx->exception =3D=3D POWERPC_EXCP_NONE) { gen_update_nip(ctx, ctx->nip - 4); } . . . or some balancing action is needed later for the likes of readlink once it has completed the (in this case): ret =3D get_errno(readlink(path(p1), p2, arg3)); In fact for the early return (the -14 case) that avoids the call t readlink the loop happens as stands: LOCK_PATH(p1, arg1); p2 =3D lock_user(VERIFY_WRITE, arg2, arg3, 0); if (p2 =3D=3D NULL) { UNLOCK_PATH(p1, arg1); return -TARGET_EFAULT; } So either the emulated PC should progress for the early return or some other handling should be involved for it: neither continuing to the next instruction nor repeating the instruction would seem appropriate. I expect that this is a separate issue from the readlink-used case as far as correct handling goes. =3D=3D=3D Mark Millard markmi at dsl-only.net