1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
|
architecture: 0.872
ppc: 0.853
permissions: 0.847
virtual: 0.846
performance: 0.836
graphic: 0.836
semantic: 0.832
register: 0.831
arm: 0.829
mistranslation: 0.828
peripherals: 0.822
assembly: 0.819
KVM: 0.817
device: 0.814
TCG: 0.814
i386: 0.805
debug: 0.802
user-level: 0.800
risc-v: 0.794
PID: 0.792
kernel: 0.781
x86: 0.777
network: 0.775
vnc: 0.761
hypervisor: 0.758
VMM: 0.752
socket: 0.750
files: 0.743
boot: 0.727
qemu-i386-static ioctl return -14 (Bad Address)
I use qemu-i386-static on 64 bit ARM.But I don't know how to solve some problems.
First I added some ioctl operations.
Then I tried to do some DRM operations like test.c.
This is successful when I use qemu-x86_64-static,but it failed when I use qemu-i386-static.
I can get some strace info like this:
403 openat(AT_FDCWD,"/dev/dri/card0",O_RDWR|O_LARGEFILE|O_CLOEXEC) = 4
403 ioctl(4,DRM_IOCTL_GET_CAP,{1,0}) = 0 ({1,1})
403 ioctl(4,DRM_IOCTL_MODE_GETRESOURCES,{0,0,0,0,0,0,0,0,0,0,0,0}) = 0 ({0,0,0,0,0,2,2,2,0,16384,0,16384})
403 brk(NULL) = 0x40006000
403 brk(0x40027000) = 0x40027000
403 brk(0x40028000) = 0x40028000
403 ioctl(4,DRM_IOCTL_MODE_GETRESOURCES,{0,1073766816,1073766832,1073766848,0,2,2,2,0,16384,0,16384}) = -1 errno=14 (Bad address)
And there are similar errors in other self driven operations.
I want to know if it is QEMU's problem, so I hope to get some help.
Thank you!
This problem has bothered me for a long time, but I'm not sure whether it's the IOCTL () I added or the QEMU with 32 bits. I hope we can discuss it and help our friends who have other problems.
Thank you,my friends!
My environment is that:
schroot + debian(bullseye-i386)
qemu: 5.1.0-rc3
Please, send your patches to the QEMU devel mailing list, so we can review them and comment.
https://wiki.qemu.org/Contribute/SubmitAPatch
Hi,I found some problems, but I don't know if how to solve it better(I'm not really familiar with the source code).
When I use ioctl() and use a structure like this:
struct drm_mode_card_res {
__u64 fb_id_ptr;
__u64 crtc_id_ptr;
__u64 connector_id_ptr;
__u64 encoder_id_ptr;
__u32 count_fbs;
....
};
Look,"fb_id_ptr" is a pointer,and apply for memory allocation through malloc.But I use qemu-i386 on 64 bit ARM.As a result, my pointer has no problem in QEMU, but it is wrong when I use ioctl(bad address).This address is actually an address in QEMU, but it is not the correct address in a 64 bit machine.
Is there any better way to solve this problem?
Hi,I found some problems, but I don't know if how to solve it better(I'm not really familiar with the source code).
When I use ioctl() and use a structure like this:
struct drm_mode_card_res {
__u64 fb_id_ptr;
__u64 crtc_id_ptr;
__u64 connector_id_ptr;
__u64 encoder_id_ptr;
__u32 count_fbs;
....
};
And in syscall_types.h
STRUCT(drm_mode_card_res,
TYPE_PTRVOID,
TYPE_PTRVOID,
TYPE_PTRVOID,
TYPE_PTRVOID,
TYPE_INT,
...
)
Some code:
...
if (res.count_fbs) {
res.fb_id_ptr = VOID2U64(drmMalloc(res.count_fbs*sizeof(uint32_t)));
if (!res.fb_id_ptr)
goto err_allocs;
}
...
This is strace:
openat(AT_FDCWD,"/dev/dri/card0",O_RDWR|O_LARGEFILE|O_CLOEXEC) = 4
9469 ioctl(4,DRM_IOCTL_GET_CAP,{1,0}) = 0 ({1,1})
9469 ioctl(4,DRM_IOCTL_MODE_GETRESOURCES,{0x0,0x0,0x0,0x0,0,0,0,0,0,0,0,0}) = 0 ({0x0,0x0,0x0,0x0,0,2,2,2,0,16384,0,16384})
9469 brk(NULL) = 0x40006000
9469 brk(0x40027000) = 0x40027000
9469 brk(0x40028000) = 0x40028000
9469 ioctl(4,DRM_IOCTL_MODE_GETRESOURCES,{0x0,0x0,0x400061a0,0x0,0,2,1073832368,0,0,16384,0,16384}) = -1 errno=14 (Bad address)
9469 brk(0x40027000) = 0x40027000
Look
9469 ioctl(4,DRM_IOCTL_MODE_GETRESOURCES,{0x0,0x0,0x400061a0,0x0,0,2,1073832368,0,0,16384,0,16384}) = -1 errno=14 (Bad address)
Why does memory overrun occur here???
I think this is right:
{0x0,0x400061a0,1073832368(0x400061a0),0x400061c0,0,2,2,2,0,16384,0,16384}
Who can help me? Thank you!
You need to use IOCTL_SPECIAL() or STRUCT_SPECIAL() macro to convert the target address to the host address.
Again, share your patches on the qemu-devel mailing list if you want help.
|