Skip to content

qemu-armel SEGFAULTs when trying to map a commpage on armel

When qemu-armel run on armel host, it dies at startup when loading the target executable. gdb:

$ gdb qemu-arm

(gdb) ru -cpu cortex-a7 /usr/libexec/arm-linux-gnueabi/isa-support/test-ARMv7
Starting program: /home/mjt/qemu/b/qemu-arm -cpu cortex-a7 /usr/libexec/arm-linux-gnueabi/isa-support/test-ARMv7
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/arm-linux-gnueabi/libthread_db.so.1".
[New Thread 0xf7bc13a0 (LWP 424006)]

Thread 1 "qemu-arm" received signal SIGSEGV, Segmentation fault.
0xffff0fe0 in ?? ()

(gdb) bt
#0  0xffff0fe0 in ?? ()
#1  0x00529f18 in have_mmap_lock () at ../linux-user/mmap.c:46
#2  0x00517f58 in page_set_flags (start=start@entry=4294901760, last=4294905855, flags=flags@entry=13) at ../accel/tcg/user-exec.c:495
#3  0x005255e8 in init_guest_commpage () at ../linux-user/elfload.c:461
#4  probe_guest_base (image_name=0x0, image_name@entry=0x67817c <real_exec_path> "/usr/libexec/arm-linux-gnueabi/isa-support/test-ARMv7", 
    guest_loaddr=<optimized out>, guest_hiaddr=<optimized out>) at ../linux-user/elfload.c:2846
#5  0x00525c44 in load_elf_image (image_name=<optimized out>, image_fd=<optimized out>, info=info@entry=0xfffeef20, pinterp_name=0xfffeed8c, 
    pinterp_name@entry=0xfffeed84, bprm_buf=<optimized out>, bprm_buf@entry=0xfffeeff8 "\177ELF\001\001\001") at ../linux-user/elfload.c:3142
#6  0x00526518 in load_elf_binary (bprm=bprm@entry=0xfffeeff8, info=info@entry=0xfffeef20) at ../linux-user/elfload.c:3577
#7  0x00528fd0 in loader_exec (fdexec=fdexec@entry=0, filename=<optimized out>, argv=<optimized out>, envp=envp@entry=0x268eae0, 
    regs=0xfffeefb0, regs@entry=0x268eae0, infop=0xfffeef20, infop@entry=0x3, bprm=0xfffeeff8, bprm@entry=0xfffeef20)
    at ../linux-user/linuxload.c:155
#8  0x0041d5a4 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at ../linux-user/main.c:903

(gdb) frame 1
#1  0x00529f18 in have_mmap_lock () at ../linux-user/mmap.c:46
46	    return mmap_lock_count > 0 ? true : false;

This happens because it tries to map guest commpage to host commpage, which are at the same address. See init_guest_commpage() for details.

This is broken for a long time.

Edited by Michael Tokarev
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information