segfault when passing x-vga=on on gpu(old) passthrough
Host environment
- Operating system: alpine linux 3.21
- OS/kernel version: 6.12.17 lts
- Architecture: x86 x84
- QEMU flavor: qemu-system-x86_64
- QEMU version: 9.12
- QEMU command line: qemu-system-x86_64 -machine pc -device vfio-pci,host=07:00.1 -device vfio-pci,host=07:00.0,x-vga=on
Description of problem
When using x-vga=on on the ati x550 gpu passthrough, qemu-system-x86 segfault occurs.(I think it may happen with other ati cards from same era, ati x300, ati x600, ati x800) Similar bug from 2017 on nvidia 7300GS: https://bugs.launchpad.net/qemu/+bug/1678466
Additional information
dmesg:
[ 5050.113978] qemu-system-x86[8288]: segfault at b8 ip 000055c4f459ad47 sp 00007fff81f966e0 error 4 in qemu-system-x86_64[57ed47,55c
4f418f000+69f000] likely on CPU 11 (core 20, socket 0)
[ 5050.113987] Code: c0 75 f0 48 8b 6b 60 48 89 b3 80 00 00 00 67 e8 9f 82 00 00 48 8b 7b 40 83 05 b0 11 2e 01 01 48 85 ff 74 06 67 e
8 59 1e 08 00 <48> 8b 85 b8 00 00 00 48 85 c0 74 7d 8b 93 b0 00 00 00 eb 11 0f 1f
[ 5050.272446] vfio-pci 0000:07:00.0: Refused to change power state from D0 to D3hotlspci -vv:
07:00.0 1002:5b63 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] RV370 [Radeon X300/X550/X1050 Series] (prog-if 00 [VGA controller])
Subsystem: PC Partner Limited / Sapphire Technology Device 1500
Control: I/O- Mem- BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Interrupt: pin A routed to IRQ 3
IOMMU group: 18
Region 0: Memory at 54000000 (32-bit, prefetchable) [disabled] [size=64M]
Region 1: I/O ports at 3000 [disabled] [size=256]
Region 2: Memory at 59c30000 (32-bit, non-prefetchable) [disabled] [size=64K]
Expansion ROM at 59c00000 [disabled] [size=128K]
Capabilities: [50] Power Management version 2
Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=0mA PME(D0-,D1-,D2-,D3hot-,D3cold-)
Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [58] Express (v1) Endpoint, IntMsgNum 0
DevCap: MaxPayload 128 bytes, PhantFunc 0, Latency L0s <128ns, L1 <2us
ExtTag+ AttnBtn- AttnInd- PwrInd- RBE- FLReset- SlotPowerLimit 10W TEE-IO-
DevCtl: CorrErr+ NonFatalErr+ FatalErr+ UnsupReq+
RlxdOrd+ ExtTag+ PhantFunc- AuxPwr- NoSnoop+
MaxPayload 128 bytes, MaxReadReq 128 bytes
DevSta: CorrErr- NonFatalErr- FatalErr- UnsupReq- AuxPwr- TransPend-
LnkCap: Port #0, Speed 2.5GT/s, Width x16, ASPM L0s L1, Exit Latency L0s <128ns, L1 <1us
ClockPM- Surprise- LLActRep- BwNot- ASPMOptComp-
LnkCtl: ASPM Disabled; RCB 64 bytes, LnkDisable- CommClk+
ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 2.5GT/s, Width x1 (downgraded)
TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt-
Capabilities: [80] MSI: Enable- Count=1/1 Maskable- 64bit+
Address: 0000000000000000 Data: 0000
Capabilities: [100 v1] Advanced Error Reporting
UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP-
ECRC- UnsupReq- ACSViol- UncorrIntErr- BlockedTLP- AtomicOpBlocked- TLPBlockedErr-
PoisonTLPBlocked- DMWrReqBlocked- IDECheck- MisIDETLP- PCRC_CHECK- TLPXlatBlocked-
UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP-
ECRC- UnsupReq- ACSViol- UncorrIntErr- BlockedTLP- AtomicOpBlocked- TLPBlockedErr-
PoisonTLPBlocked- DMWrReqBlocked- IDECheck- MisIDETLP- PCRC_CHECK- TLPXlatBlocked-
UESvrt: DLP+ SDES- TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+
ECRC- UnsupReq- ACSViol- UncorrIntErr- BlockedTLP- AtomicOpBlocked- TLPBlockedErr-
PoisonTLPBlocked- DMWrReqBlocked- IDECheck- MisIDETLP- PCRC_CHECK- TLPXlatBlocked-
CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr- CorrIntErr- HeaderOF-
CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr- CorrIntErr- HeaderOF-
AERCap: First Error Pointer: 00, ECRCGenCap- ECRCGenEn- ECRCChkCap- ECRCChkEn-
MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap-
HeaderLog: 04000001 0000030f 07070000 7efb9a03
07:00.1 1002:5b73 Display controller: Advanced Micro Devices, Inc. [AMD/ATI] RV370 [Radeon X300/X550/X1050 Series] (Secondary)
Subsystem: PC Partner Limited / Sapphire Technology Device 1501
Control: I/O- Mem- BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
IOMMU group: 18
Region 0: Memory at 59c20000 (32-bit, non-prefetchable) [disabled] [size=64K]
Capabilities: [50] Power Management version 2
Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=0mA PME(D0-,D1-,D2-,D3hot-,D3cold-)
Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [58] Express (v1) Endpoint, IntMsgNum 0
DevCap: MaxPayload 128 bytes, PhantFunc 0, Latency L0s <128ns, L1 <2us
ExtTag- AttnBtn- AttnInd- PwrInd- RBE- FLReset- SlotPowerLimit 0W TEE-IO-
DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
RlxdOrd- ExtTag- PhantFunc- AuxPwr- NoSnoop-
MaxPayload 128 bytes, MaxReadReq 128 bytes
DevSta: CorrErr- NonFatalErr- FatalErr- UnsupReq- AuxPwr- TransPend-
LnkCap: Port #0, Speed 2.5GT/s, Width x16, ASPM L0s L1, Exit Latency L0s <128ns, L1 <1us
ClockPM- Surprise- LLActRep- BwNot- ASPMOptComp-
LnkCtl: ASPM Disabled; RCB 64 bytes, LnkDisable- CommClk+
ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 2.5GT/s, Width x1 (downgraded)
TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt-(In win7 when the "07:00.1 Display controller" uses the gpu driver, dmesg spam errors occur and VM functions very very slow. I don't know where to report this, libvirt?. This I tested only in virt-manager. "07:00.1 Display controller" can be disabled in Win7 device manager and problems disappear. Independent if this, booting with x-vga=off image is corrupted on the monitor connected to passthrough gpu until driver is loaded. Image is white with vertical dark stripes.)
[ 3160.598553] DMAR: [INTR-REMAP] Request device [07:00.1] fault index 0x50 [fault reason 0x26] Blocked an interrupt request due to source-id verification failure
[ 3161.098536] DMAR: DRHD: handling fault status reg 2
[ 3165.098584] dmar_fault: 23 callbacks suppressedEdited by Radu Radu