Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenBSD 7.0 Guest crashes QEMULauncher #3197

Closed
AwlsomeAlex opened this issue Oct 21, 2021 · 10 comments
Closed

OpenBSD 7.0 Guest crashes QEMULauncher #3197

AwlsomeAlex opened this issue Oct 21, 2021 · 10 comments
Labels
crash Application crashes qemu QEMU related
Milestone
v2.4

Comments

@AwlsomeAlex
Copy link

Describe the issue
OpenBSD 7.0 crashes UTM/QEMULauncher

Configuration

  • UTM Version: 2.3.0 Beta
  • OS Version: macOS Big Sur 11.6
  • Intel or Apple Silicon? Apple Silicon

Went to run VM via miniroot.img, got to boot loader, typed in 'set tty fb0', then VM crashes.

Crash log
QEMULauncher.log

Debug log
debug.log

Upload VM
config.plist.txt
@osy
Copy link
Contributor

osy commented Oct 22, 2021

@agraf this seems to be an assertion failure on https://github.com/qemu/qemu/blob/master/target/arm/hvf/hvf.c#L1159

Have you hit this before? Can you explain the reasoning for that assertion? Thanks.

@osy osy added crash Application crashes qemu QEMU related labels Oct 22, 2021
@agraf
Copy link

agraf commented Oct 23, 2021

@agraf this seems to be an assertion failure on https://github.com/qemu/qemu/blob/master/target/arm/hvf/hvf.c#L1159

Have you hit this before? Can you explain the reasoning for that assertion? Thanks.

This means that an instruction was accessing MMIO space that is not predecoded by hardware. Neither KVM not QEMU's hvf implementation emulate instructions for MMIO exits; they merely take the hardware exit info and act accordingly.

does the same guest run fine on KVM?

@AwlsomeAlex
Copy link
Author

@agraf No issues on my x86 virtualization host (running KVM).

@osy
Copy link
Contributor

osy commented Oct 25, 2021

I think we need ARM64 KVM to test. Unfortunately I don’t have easy access to hardware (haven’t tried AsahiLinux so idk if it supports KVM).

@agraf
Copy link

agraf commented Oct 25, 2021

This is an ARM specific issue. Please check on aarch64 KVM (Raspberry Pi 4 for example).

@agraf
Copy link

agraf commented Oct 25, 2021

Looking at the latest from here: http://ftp.luis.uni-hannover.de/openbsd/snapshots/arm64/

$ ./build/qemu-system-aarch64 -M virt,highmem=no -bios build/pc-bios/edk2-aarch64-code.fd -m 4G -smp 2 -nographic -drive file=~/Downloads/miniroot70.img,if=none,id=d,snapshot=on -net none -cpu host -accel hvf -device nvme,drive=d,serial=1234 -smp 2 -trace '*hvf*' -D log

[...]
hvf_data_abort data abort: [pc=0xffffff8000342794 va=0xffffff8002421000 pa=0x0000000009000000 isv=0 iswrite=1 s1ptw=0 len=1 srt=0]

(gdb) x/i $pc
=> 0xffffff8000342794:	dc	civac, x0

(qemu) info mtree
[...]
    0000000009000000-0000000009000fff (prio 0, i/o): pl011
[...]

So from what I can see, OpenBSD is trying to issue a "cache line clear" instruction (memset(0) optimization) on the serial port registers. That is not a good idea ... :).

@AwlsomeAlex
Copy link
Author

So is this an OpenBSD issue? @agraf

@kettenis
Copy link

Yes, I've seen that. I actually think this is a cache line clean and invalidate instruction. And my reading of the ARMv8 ARM says that it should be perfectly fine to issue those on device memory.

May still not be a good idea, but our kernel cleans any page that is mapped non-cachable because it might have been mapped cachable in the past. It works on real hardware though.

@agraf
Copy link

agraf commented Oct 25, 2021

I posted a possible workaround for this in QEMU: https://patchwork.kernel.org/project/qemu-devel/patch/20211025191349.52992-1-agraf@csgraf.de/

@agraf
Copy link

agraf commented Oct 26, 2021

v2: https://patchwork.kernel.org/project/qemu-devel/patch/20211026071241.74889-1-agraf@csgraf.de/

@osy osy modified the milestones: v3.1, v2.3.2 Oct 29, 2021
@osy osy closed this as completed in 0a1637d Oct 30, 2021
bonzini pushed a commit to qemu/qemu that referenced this issue Nov 3, 2021
@agraf @rth7680
hvf: arm: Ignore cache operations on MMIO
5fd6a3e 
Apple's Hypervisor.Framework forwards cache operations as MMIO traps
into user space. For MMIO however, these have no meaning: There is no
cache attached to them.

So let's just treat cache data exits as nops.

This fixes OpenBSD booting as guest.

Reported-by: AJ Barris <AwlsomeAlex@github.com>
Signed-off-by: Alexander Graf <agraf@csgraf.de>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
Reference: utmapp/UTM#3197
Message-Id: <20211026071241.74889-1-agraf@csgraf.de>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
@omerien omerien mentioned this issue Jun 29, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
crash Application crashes qemu QEMU related
Projects
None yet
Milestone
v2.4
Development

No branches or pull requests
4 participants
@agraf @AwlsomeAlex @kettenis @osy