diff options
Diffstat (limited to 'results/classifier/105/network/1883984')
| -rw-r--r-- | results/classifier/105/network/1883984 | 154 |
1 files changed, 154 insertions, 0 deletions
diff --git a/results/classifier/105/network/1883984 b/results/classifier/105/network/1883984 new file mode 100644 index 00000000..538cf691 --- /dev/null +++ b/results/classifier/105/network/1883984 @@ -0,0 +1,154 @@ +semantic: 0.931 +network: 0.925 +other: 0.924 +device: 0.915 +instruction: 0.906 +boot: 0.902 +graphic: 0.902 +vnc: 0.900 +assembly: 0.881 +KVM: 0.877 +mistranslation: 0.867 +socket: 0.826 + +QEMU S/390x sqxbr (128-bit IEEE 754 square root) crashes qemu-system-s390x + +In porting software to guest Ubuntu 18.04 and 20.04 VMs for S/390x, I discovered +that some of my own numerical programs, and also a GNU configure script for at +least one package with CC=clang, would cause an instant crash of the VM, sometimes +also destroying recently opened files, and producing long strings of NUL characters +in /var/log/syslog in the S/390 guest O/S. + +Further detective work narrowed the cause of the crash down to a single IBM S/390 +instruction: sqxbr (128-bit IEEE 754 square root). Here is a one-line program +that when compiled and run on a VM hosted on QEMUcc emulator version 4.2.0 +(Debian 1:4.2-3ubuntu6.1) [hosted on Ubuntu 20.04 on a Dell Precision 7920 +workstation with an Intel Xeon Platinum 8253 CPU], and also on QEMU emulator +version 5.0.0, reproducibly produces a VM crash under qemu-system-s390x. + +% cat bug-sqrtl-one-line.c +int main(void) { volatile long double x, r; x = 4.0L; __asm__ __volatile__("sqxbr %0, %1" : "=f" (r) : "f" (x)); return (0);} + +% cc bug-sqrtl-one-line.c && ./a.out +Segmentation fault (core dumped) + +The problem code may be the function float128_sqrt() defined in qemu-5.0.0/fpu/softfloat.c +starting at line 7619. I have NOT attempted to run the qemu-system-s390x executable +under a debugger. However, I observe that S/390 is the only CPU family that I know of, +except possibly for a Fujitsu SPARC-64, that has a 128-bit square root in hardware. +Thus, this instruction bug may not have been seen before. + +Another way to reproduce this bug is with qemu-s390x and a cross-compiled binary: + +$ s390x-linux-gnu-gcc-5 -static -o bug-sqrtl-one-line.s390x bug-sqrtl-one-line.c +$ qemu-s390x bug-sqrtl-one-line.s390x +Segmentation fault (core dumped) + +Find attached the binary. + +With --enable-debug, + +qemu-s390x: /home/rth/qemu/qemu/include/tcg/tcg.h:687: temp_idx: Assertion `n >= 0 && n < tcg_ctx->nb_temps' failed. + +which turns out to be related to a null-pointer temporary. + +I confirm that the patch https://lists.gnu.org/archive/html/qemu-s390x/2020-06/msg00213.html fixes the issue, both for qemu-s390x and qemu-system-s390x. + +Thanks Richard! + +This bug was fixed in the package qemu - 1:5.0-5ubuntu4 + +--------------- +qemu (1:5.0-5ubuntu4) groovy; urgency=medium + + * xen: provide compat links to what libxen-dev reports where to find + the binaries (LP: #1890005) + * d/p/ubuntu/lp-1883984-target-s390x-Fix-SQXBR.patch: avoid crash on + SQXBR (LP: #1883984) + * d/p/lp-1890154-*: fix -no-reboot on s390x secure boot (LP: #1890154) + + -- Christian Ehrhardt <email address hidden> Mon, 03 Aug 2020 07:15:28 +0200 + +Note: final upstream commit link https://git.qemu.org/?p=qemu.git;a=commit;h=9bf728a09bf7509b27543664f9cca6f4f337f608 + +Hello Nelson, or anyone else affected, + +Accepted qemu into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/qemu/1:4.2-3ubuntu6.5 in a few hours, and then in the -proposed repository. + +Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. + +If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed. + +Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! + +N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. + +All autopkgtests for the newly accepted qemu (1:4.2-3ubuntu6.5) for focal have finished running. +The following regressions have been reported in tests triggered by the package: + +ubuntu-image/1.9+20.04ubuntu1 (amd64) +systemd/245.4-4ubuntu3.2 (amd64, armhf, s390x, ppc64el) +livecd-rootfs/2.664.4 (amd64, arm64, s390x, ppc64el) + + +Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1]. + +https://people.canonical.com/~ubuntu-archive/proposed-migration/focal/update_excuses.html#qemu + +[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions + +Thank you! + + +old version +sudo apt install qemu-system-s390x=1:4.2-3ubuntu6.4 +...test as listed in the test instructions ... + +ubuntu@focal-sqxbr:~$ ./a.out +Segmentation fault +(qemu is dead at this point) + +$ sudo apt install qemu-system-s390x=1:4.2-3ubuntu6.5 +Reading package lists... Done +Building dependency tree +Reading state information... Done +The following packages will be upgraded: + qemu-system-s390x +1 upgraded, 0 newly installed, 0 to remove and 315 not upgraded. +Need to get 2334 kB of archives. +After this operation, 4096 B of additional disk space will be used. +Get:1 http://ports.ubuntu.com focal-proposed/main s390x qemu-system-s390x s390x 1:4.2-3ubuntu6.5 [2334 kB] +Fetched 2334 kB in 1s (3927 kB/s) +(Reading database ... 203254 files and directories currently installed.) +Preparing to unpack .../qemu-system-s390x_1%3a4.2-3ubuntu6.5_s390x.deb ... +Unpacking qemu-system-s390x (1:4.2-3ubuntu6.5) over (1:4.2-3ubuntu6.4) ... +Setting up qemu-system-s390x (1:4.2-3ubuntu6.5) ... +Processing triggers for man-db (2.9.3-2) ... +ubuntu@s1lp05:~$ + +ubuntu@focal-sqxbr:~$ ./a.out +(no crash) + + +Setting verified + +The verification of the Stable Release Update for qemu has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions. + +This bug was fixed in the package qemu - 1:4.2-3ubuntu6.5 + +--------------- +qemu (1:4.2-3ubuntu6.5) focal; urgency=medium + + * further stabilize qemu by importing patches of qemu v4.2.1 + Fixes (LP: #1891203) and (LP: #1891877) + - d/p/stable/lp-1891877-* + - as part of the stabilization this also fixes an + riscv emulation issue due to the CVE-2020-13754 fixes via + d/p/ubuntu/hw-riscv-Allow-64-bit-access-to-SiFive-CLINT.patch + * fix s390x SQXBR emulation (LP: #1883984) + - d/p/ubuntu/lp-1883984-target-s390x-Fix-SQXBR.patch + * fix -no-reboot for s390x protvirt guests (LP: #1890154) + - d/p/ubuntu/lp-1890154-s390x-protvirt-allow-to-IPL-secure-guests-with-* + + -- Christian Ehrhardt <email address hidden> Wed, 19 Aug 2020 13:40:49 +0200 + |