Re: [Bug 1887309] [NEW] Floating-point exception in ide_set

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug 1887309] [NEW] Floating-point exception in ide_set_sector

From:	Alexander Bulekov
Subject:	Re: [Bug 1887309] [NEW] Floating-point exception in ide_set_sector
Date:	Sun, 12 Jul 2020 16:40:46 -0400
User-agent:	NeoMutt/20180716

On 200712 2025, Alexander Bulekov wrote:
> Public bug reported:
> 
> Hello,
> Here is a reproducer:
> cat << EOF | ./i386-softmmu/qemu-system-i386 -M pc,accel=qtest\
>  -qtest null -nographic -vga qxl -qtest stdio -nodefaults\
>  -drive if=none,id=drive0,file=null-co://,file.read-zeroes=on,format=raw\
>  -drive if=none,id=drive1,file=null-co://,file.read-zeroes=on,format=raw\
>  -device ide-cd,drive=drive0 -device ide-hd,drive=drive1
> outw 0x176 0x3538
> outl 0xcf8 0x80000903
> outl 0xcfc 0x184275c
> outb 0x376 0x2f
> outb 0x376 0x0
> outw 0x176 0xa1a4
> outl 0xcf8 0x80000920
> outb 0xcfc 0xff
> outb 0xf8 0x9
> EOF
> 
> The stack-trace:
> ==16513==ERROR: UndefinedBehaviorSanitizer: FPE on unknown address 
> 0x556783603fdc (pc 0x556783603fdc bp 0x7fff82143b10 sp 0x7fff82143ab0 T16513)
>     #0 0x556783603fdc in ide_set_sector 
> /home/alxndr/Development/qemu/hw/ide/core.c:626:26
>     #1 0x556783603fdc in ide_dma_cb 
> /home/alxndr/Development/qemu/hw/ide/core.c:883:9
>     #2 0x55678349d74d in dma_complete 
> /home/alxndr/Development/qemu/dma-helpers.c:120:9
>     #3 0x55678349d74d in dma_blk_cb 
> /home/alxndr/Development/qemu/dma-helpers.c:138:9
>     #4 0x556783962f25 in blk_aio_complete 
> /home/alxndr/Development/qemu/block/block-backend.c:1402:9
>     #5 0x556783962f25 in blk_aio_complete_bh 
> /home/alxndr/Development/qemu/block/block-backend.c:1412:5
>     #6 0x556783ac030f in aio_bh_call 
> /home/alxndr/Development/qemu/util/async.c:136:5
>     #7 0x556783ac030f in aio_bh_poll 
> /home/alxndr/Development/qemu/util/async.c:164:13
>     #8 0x556783a9a863 in aio_dispatch 
> /home/alxndr/Development/qemu/util/aio-posix.c:380:5
>     #9 0x556783ac1b4c in aio_ctx_dispatch 
> /home/alxndr/Development/qemu/util/async.c:306:5
>     #10 0x7f4f1c0fe9ed in g_main_context_dispatch 
> (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4e9ed)
>     #11 0x556783acdccb in glib_pollfds_poll 
> /home/alxndr/Development/qemu/util/main-loop.c:219:9
>     #12 0x556783acdccb in os_host_main_loop_wait 
> /home/alxndr/Development/qemu/util/main-loop.c:242:5
>     #13 0x556783acdccb in main_loop_wait 
> /home/alxndr/Development/qemu/util/main-loop.c:518:11
>     #14 0x5567833613e5 in qemu_main_loop 
> /home/alxndr/Development/qemu/softmmu/vl.c:1664:9
>     #15 0x556783a07a4d in main 
> /home/alxndr/Development/qemu/softmmu/main.c:49:5
>     #16 0x7f4f1ac84e0a in __libc_start_main 
> /build/glibc-GwnBeO/glibc-2.30/csu/../csu/libc-start.c:308:16
>     #17 0x5567830a9089 in _start 
> (/home/alxndr/Development/qemu/build/i386-softmmu/qemu-system-i386+0x7d2089)
> 
> With -trace ide*
> 
> 12163@1594585516.671265:ide_reset IDEstate 0x56162a269058
> [R +0.024963] outw 0x176 0x3538
> 12163@1594585516.673676:ide_ioport_write IDE PIO wr @ 0x176 (Device/Head); 
> val 0x38; bus 0x56162a268c00 IDEState 0x56162a268c88
> 12163@1594585516.673683:ide_ioport_write IDE PIO wr @ 0x177 (Command); val 
> 0x35; bus 0x56162a268c00 IDEState 0x56162a269058
> 12163@1594585516.673686:ide_exec_cmd IDE exec cmd: bus 0x56162a268c00; state 
> 0x56162a269058; cmd 0x35
> OK
> [S +0.025002] OK
> [R +0.025012] outl 0xcf8 0x80000903
> OK
> [S +0.025018] OK
> [R +0.025026] outl 0xcfc 0x184275c
> OK
> [S +0.025210] OK
> [R +0.025219] outb 0x376 0x2f
> 12163@1594585516.673916:ide_cmd_write IDE PIO wr @ 0x376 (Device Control); 
> val 0x2f; bus 0x56162a268c00
> OK
> [S +0.025229] OK
> [R +0.025234] outb 0x376 0x0
> 12163@1594585516.673928:ide_cmd_write IDE PIO wr @ 0x376 (Device Control); 
> val 0x00; bus 0x56162a268c00
> OK
> [S +0.025240] OK
> [R +0.025246] outw 0x176 0xa1a4
> 12163@1594585516.673940:ide_ioport_write IDE PIO wr @ 0x176 (Device/Head); 
> val 0xa4; bus 0x56162a268c00 IDEState 0x56162a269058
> 12163@1594585516.673943:ide_ioport_write IDE PIO wr @ 0x177 (Command); val 
> 0xa1; bus 0x56162a268c00 IDEState 0x56162a268c88
> 12163@1594585516.673946:ide_exec_cmd IDE exec cmd: bus 0x56162a268c00; state 
> 0x56162a268c88; cmd 0xa1
> OK
> [S +0.025265] OK
> [R +0.025270] outl 0xcf8 0x80000920
> OK
> [S +0.025274] OK
> [R +0.025279] outb 0xcfc 0xff
> OK
> [S +0.025443] OK
> [R +0.025451] outb 0xf8 0x9
> 12163@1594585516.674221:ide_dma_cb IDEState 0x56162a268c88; sector_num=0 n=1 
> cmd=DMA READ
> OK
> [S +0.025724] OK
> UndefinedBehaviorSanitizer:DEADLYSIGNAL
> ==12163==ERROR: UndefinedBehaviorSanitizer: FPE on unknown address 
> 0x5616279cffdc (pc 0x5616279cffdc bp 0x7ffcdaabae90 sp 0x7ffcdaabae30 T12163)
> 
> -Alex
> 
> ** Affects: qemu
>      Importance: Undecided
>          Status: New
> 
> -- 
> You received this bug notification because you are a member of qemu-
> devel-ml, which is subscribed to QEMU.
> https://bugs.launchpad.net/bugs/1887309
> 
> Title:
>   Floating-point exception in ide_set_sector
> 
> Status in QEMU:
>   New
> 
> Bug description:
>   Hello,
>   Here is a reproducer:
>   cat << EOF | ./i386-softmmu/qemu-system-i386 -M pc,accel=qtest\
>    -qtest null -nographic -vga qxl -qtest stdio -nodefaults\
>    -drive if=none,id=drive0,file=null-co://,file.read-zeroes=on,format=raw\
>    -drive if=none,id=drive1,file=null-co://,file.read-zeroes=on,format=raw\
>    -device ide-cd,drive=drive0 -device ide-hd,drive=drive1
>   outw 0x176 0x3538
>   outl 0xcf8 0x80000903
>   outl 0xcfc 0x184275c
>   outb 0x376 0x2f
>   outb 0x376 0x0
>   outw 0x176 0xa1a4
>   outl 0xcf8 0x80000920
>   outb 0xcfc 0xff
>   outb 0xf8 0x9
>   EOF
> 
>   The stack-trace:
>   ==16513==ERROR: UndefinedBehaviorSanitizer: FPE on unknown address 
> 0x556783603fdc (pc 0x556783603fdc bp 0x7fff82143b10 sp 0x7fff82143ab0 T16513)
>       #0 0x556783603fdc in ide_set_sector 
> /home/alxndr/Development/qemu/hw/ide/core.c:626:26
>       #1 0x556783603fdc in ide_dma_cb 
> /home/alxndr/Development/qemu/hw/ide/core.c:883:9
>       #2 0x55678349d74d in dma_complete 
> /home/alxndr/Development/qemu/dma-helpers.c:120:9
>       #3 0x55678349d74d in dma_blk_cb 
> /home/alxndr/Development/qemu/dma-helpers.c:138:9
>       #4 0x556783962f25 in blk_aio_complete 
> /home/alxndr/Development/qemu/block/block-backend.c:1402:9
>       #5 0x556783962f25 in blk_aio_complete_bh 
> /home/alxndr/Development/qemu/block/block-backend.c:1412:5
>       #6 0x556783ac030f in aio_bh_call 
> /home/alxndr/Development/qemu/util/async.c:136:5
>       #7 0x556783ac030f in aio_bh_poll 
> /home/alxndr/Development/qemu/util/async.c:164:13
>       #8 0x556783a9a863 in aio_dispatch 
> /home/alxndr/Development/qemu/util/aio-posix.c:380:5
>       #9 0x556783ac1b4c in aio_ctx_dispatch 
> /home/alxndr/Development/qemu/util/async.c:306:5
>       #10 0x7f4f1c0fe9ed in g_main_context_dispatch 
> (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4e9ed)
>       #11 0x556783acdccb in glib_pollfds_poll 
> /home/alxndr/Development/qemu/util/main-loop.c:219:9
>       #12 0x556783acdccb in os_host_main_loop_wait 
> /home/alxndr/Development/qemu/util/main-loop.c:242:5
>       #13 0x556783acdccb in main_loop_wait 
> /home/alxndr/Development/qemu/util/main-loop.c:518:11
>       #14 0x5567833613e5 in qemu_main_loop 
> /home/alxndr/Development/qemu/softmmu/vl.c:1664:9
>       #15 0x556783a07a4d in main 
> /home/alxndr/Development/qemu/softmmu/main.c:49:5
>       #16 0x7f4f1ac84e0a in __libc_start_main 
> /build/glibc-GwnBeO/glibc-2.30/csu/../csu/libc-start.c:308:16
>       #17 0x5567830a9089 in _start 
> (/home/alxndr/Development/qemu/build/i386-softmmu/qemu-system-i386+0x7d2089)
> 

This adds a check to avoid the FPE, but I don't know how to properly
report the error, and whether this is the correct place to add this
check.

diff --git a/hw/ide/core.c b/hw/ide/core.c
index d997a78e47..c191d74ca6 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -622,7 +622,7 @@ void ide_set_sector(IDEState *s, int64_t sector_num)
             s->hob_lcyl = sector_num >> 32;
             s->hob_hcyl = sector_num >> 40;
         }
-    } else {
+    } else if (s->heads && s->sectors){
         cyl = sector_num / (s->heads * s->sectors);
         r = sector_num % (s->heads * s->sectors);
         s->hcyl = cyl >> 8;

>   With -trace ide*
> 
>   12163@1594585516.671265:ide_reset IDEstate 0x56162a269058
>   [R +0.024963] outw 0x176 0x3538
>   12163@1594585516.673676:ide_ioport_write IDE PIO wr @ 0x176 (Device/Head); 
> val 0x38; bus 0x56162a268c00 IDEState 0x56162a268c88
>   12163@1594585516.673683:ide_ioport_write IDE PIO wr @ 0x177 (Command); val 
> 0x35; bus 0x56162a268c00 IDEState 0x56162a269058
>   12163@1594585516.673686:ide_exec_cmd IDE exec cmd: bus 0x56162a268c00; 
> state 0x56162a269058; cmd 0x35
>   OK
>   [S +0.025002] OK
>   [R +0.025012] outl 0xcf8 0x80000903
>   OK
>   [S +0.025018] OK
>   [R +0.025026] outl 0xcfc 0x184275c
>   OK
>   [S +0.025210] OK
>   [R +0.025219] outb 0x376 0x2f
>   12163@1594585516.673916:ide_cmd_write IDE PIO wr @ 0x376 (Device Control); 
> val 0x2f; bus 0x56162a268c00
>   OK
>   [S +0.025229] OK
>   [R +0.025234] outb 0x376 0x0
>   12163@1594585516.673928:ide_cmd_write IDE PIO wr @ 0x376 (Device Control); 
> val 0x00; bus 0x56162a268c00
>   OK
>   [S +0.025240] OK
>   [R +0.025246] outw 0x176 0xa1a4
>   12163@1594585516.673940:ide_ioport_write IDE PIO wr @ 0x176 (Device/Head); 
> val 0xa4; bus 0x56162a268c00 IDEState 0x56162a269058
>   12163@1594585516.673943:ide_ioport_write IDE PIO wr @ 0x177 (Command); val 
> 0xa1; bus 0x56162a268c00 IDEState 0x56162a268c88
>   12163@1594585516.673946:ide_exec_cmd IDE exec cmd: bus 0x56162a268c00; 
> state 0x56162a268c88; cmd 0xa1
>   OK
>   [S +0.025265] OK
>   [R +0.025270] outl 0xcf8 0x80000920
>   OK
>   [S +0.025274] OK
>   [R +0.025279] outb 0xcfc 0xff
>   OK
>   [S +0.025443] OK
>   [R +0.025451] outb 0xf8 0x9
>   12163@1594585516.674221:ide_dma_cb IDEState 0x56162a268c88; sector_num=0 
> n=1 cmd=DMA READ
>   OK
>   [S +0.025724] OK
>   UndefinedBehaviorSanitizer:DEADLYSIGNAL
>   ==12163==ERROR: UndefinedBehaviorSanitizer: FPE on unknown address 
> 0x5616279cffdc (pc 0x5616279cffdc bp 0x7ffcdaabae90 sp 0x7ffcdaabae30 T12163)
> 
>   -Alex
> 
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/qemu/+bug/1887309/+subscriptions
>

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug 1887309] [NEW] Floating-point exception in ide_set_sector, Alexander Bulekov, 2020/07/12
- Re: [Bug 1887309] [NEW] Floating-point exception in ide_set_sector, Alexander Bulekov <=
- [Bug 1887309] Re: Floating-point exception in ide_set_sector, Philippe Mathieu-Daudé, 2020/07/17
- [Bug 1887309] Re: Floating-point exception in ide_set_sector, John Snow, 2020/07/27

Prev by Date: [Bug 1887309] [NEW] Floating-point exception in ide_set_sector
Next by Date: Re: [PATCH for-5.1 0/3] Move and improve qdev API doc comments
Previous by thread: [Bug 1887309] [NEW] Floating-point exception in ide_set_sector
Next by thread: [Bug 1887309] Re: Floating-point exception in ide_set_sector
Index(es):
- Date
- Thread