[Bug 2120835] Re: EDK2 tests for riscv emulation fail against qemu 10.1 on ppc64el
Launchpad Bug Tracker
2120835 at bugs.launchpad.net
Fri Aug 29 23:21:29 UTC 2025
This bug was fixed in the package qemu - 1:10.1.0+ds-1ubuntu1
---------------
qemu (1:10.1.0+ds-1ubuntu1) questing; urgency=medium
* Merge with Debian unstable (LP: #2120700 LP: #2115707).
Among many other improvements things this will resolve
- Report vfio-ap configuration changes with CHSC Store
Event Information (LP: #2119160)
- SECURITY UPDATE of possible binfmt privilege escalation (LP: #2120814)
fixed in 1:10.1.0~rc3+ds-2, stop using C (Credentials) flag for
binfmt_misc registration.
- Save/restore and in-release migrations blocked by pdcm
detection failing on pdcm feature detection (LP: #2120649)
- Final fix for "Close the gap to support AMD SEV SNP for Nvidia H100
cards" (LP: #2097517) merged upstream in 10.1
- Implement Control Program Identification (LP: #2118769)
Remaining changes:
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-system-common.qemu-kvm.service: systemd unit to call
qemu-kvm-init
- d/qemu-system-common.install: install helper script
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
- Distribution specific machine type
(LP 1304107 1621042 1776189 1761372 1761372 1776189)
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types containing release versioned machine attributes
- Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
- ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
- Enable nesting by default
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
[ No more strictly needed, but required for backward compatibility ]
- tolerate ipxe size change on migrations to >=18.04 (LP 1713490)
- d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
reference 256k path
- d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
handle incoming migrations from former releases.
- d/qemu-block-extra.postinst: Use latest Ubuntu's QEMU
package version when deciding whether to invoke
'deb-systemd-helper purge'.
- d/control-in: Disable B-D on qemu-system-data, due to that also
- d/rules: Export DEB_BUILD_PROFILES with
pkg.qemu.use-upstream-vdso when building on non-amd64 architectures.
- d/control: Disable B-D on seabios.
- d/rules: Disable upstream tests depending on qemu-system-data
- d/control-in: B-D on multipath libs for multipath persist in
qemu-pr-helper (LP 2117378)
- d/p/u/ubuntu/mitigate-gcc15-ftbfs.patch: fix gcc-15 FTBFS
+ roms/u-boot-sam460ex/config.mk would ignore cflags, set it in makefile
+ SLOF would fail with old and new std, but works with updated headers
matching the recent libgcc-15-dev package in questing leveraging
/usr/lib/gcc/x86_64-linux-gnu/15/include/stdbool.h
- d/p/u/Revert-i386-cpu-Warn-about-why-CPUID_EXT_PDCM-is-not.patch
avoid issues in migration and save/restore in regard to the pdcm
feature.
* Updated delta:
- d/p/u/define-ubuntu-machine-types.patch: update to match 10.1
* Added changes
- d/control-in: breaks/replaces for dtb files moving qemu-system-misc
to qemu-system-data
- d/p/u/mitigate-gcc15-wrong-behavior.patch: mitigate riscv emulation
being broken by gcc15 on ppc64 (LP: #2120835)
- d/p/u/mitigate-gcc15-ftbfs.patch: fix FTBFS in sam460ex replacing
d/p/u-boot-sam460ex-stdc23.patch
- d/control-in: B-D on multipath libs for multipath persist in
qemu-pr-helper (LP: #2117378)
* Dropped Changes [ Fixed in rust-coreutils ]:
- d/rules: Workaround for bug LP 2112445, keep arches in one line for now
* Dropped Changes [in Upstream 10.1 ]:
- d/p/u/lp-2097517-*: allow VFIO without discard (LP 2097517)
- d/p/u/lp-2097517-TEMP-Revert-RAMBlock-make-guest_memfd-*: update to match
qemu 10.0 and add hint on when to replace with a final solution
- d/p/u/lp-2107396-*: fix ppc boot with vfio >128G memory (LP 2107396)
* Dropped Changes [in Debian now ]:
- Add missing recommends for qemu-system-riscv (LP 2115150).
This is required for booting via EDK II, using the spice protocol, using
OpenGL, special block devices as qemu-sytem-arm and qemu-system-x86.
qemu (1:10.1.0+ds-1) unstable; urgency=medium
* new upstream release (v10.1.0)
Closes: #1107104, #1108387
* d/gbp.conf: switch to upstream-10.1 branch
* d/watch: switch to 10.1.x series
* d/copyright: update Files-Excluded
* d/patches/qemu-img-options.patch: remove
* remove patches which has been applied upstream:
- hw-display-qxl-render.c-fix-qxl_unpack_chunks-chunk-.patch
- system-physmem-fix-use-after-free-with-dispatch.patch
- pcie_sriov-Fix-configuration-and-state-synchronizati.patch
- hw-uefi-clear-uefi-vars-buffer-in-uefi_vars_write-CVE-2025-8860.patch
* d/patches/gnu-hurd.patch: refresh
* d/patches/disable-pycotap.patch: refresh
* d/control.mk: checked-version=10.1.0+ds
* d/rules: remove --enable-avx2 (not used anymore)
* d/rules: dts files in pc-bios moved into a subdir (pc-bios/dtb)
* skip-install-dtb.patch: avoid installing dtb files during arch build
These are built in indep step in d/rules.
+ skip-install-dtb.patch
* d/rules: use ${sysdataidir} in one more place instead of direct reference
* d/control: remove redundant unversioned python3 from Build-Depends
* d/control.mk: enable microblaze system targets on 32bit hosts
microbiaze has been erroneously treated as 64bit architecture,
and has been disabled in 10.0 on 32bit hosts. Now it is correctly
treated as 32bit architecture and is buildable on 32bit hosts again
* d/control: suggest passt among with vde2
* d/rules: add comment to remove ipxe from FIRMWAREPATH
* d/rules: remove --disable-pie from i386 qemu-user build
and remove references to old related bugs
* two patches for roms to support gcc -std=23 (bool type)
+SLOF-stdc23.patch
+u-boot-sam460ex-stdc23.patch
Closes: #1097693
* d/*.lintian-overrides: remove spelling-error-in-binary wtH mips overrides
qemu (1:10.0.3+ds-4) unstable; urgency=medium
[ Heinrich Schuchardt ]
* d/control: qemu-system-riscv missing recommends
qemu-system-riscv needs the same/similar packages for EFI, spice,
opengl, special block devices, as qemu-system-arm and qemu-system-x86
[ Michael Tokarev ]
* d/control: omit system-xen if omit-system build profile is specified
this makes pkg.qemu.omit-system to omit all system components,
including xen
* qemu-user binfmts: stop supporting old kernels using custom patch
qemu supports argv[0] handling with a help of kernel support since
at least bullseye (or even buster), - for a really long time.
There's no need to use custom code for older kernels anymore.
Also closes: #1054104
* d/binfmt-install: do not generate update-binfmt un-registration
postinst script for upgrades from bookworm
* d/control: drop old (pre-bookworm) breaks/replaces/conflicts/provides
* hw-uefi-clear-uefi-vars-buffer-in-uefi_vars_write-CVE-2025-8860.patch
Closes: #1111030, CVE-2025-8860
* d/control: remove long-forgotten qemu-system-common dependency on acl
(for #762192) which is not needed
* remove qemu-user-static package (& qemu-debootstrap)
remove links to qemu-user with -static suffix, together with
obsolete qemu-debootstrap command.
qemu-user-static is now provided by qemu-user-binfmt package.
Also closes: #1107554
* d/gbp.conf: switch to master branch
qemu (1:10.0.3+ds-3) unstable; urgency=medium
* d/binfmt-install: stop using C (Credentials) flag for binfmt_misc
registration. This means suid and sgid binaries under qemu-user
will work without changing credentials. This is a serious security
issue, since qemu-user never supposed to be used in this way, and
it is trivial to get elevated privileges for an attacker if there's
any suid/sgid binary under qemu-user which is runnable for an
attacker. This change might break CI/testing environment expectations.
* d/qemu-user.postinst: trigger /usr/lib/binfmt.d (#1110982)
* d/rules: fix typo in comment (it is qemu-system-data, not qemu-user-data)
qemu (1:10.0.3+ds-2) unstable; urgency=medium
* d/control: (temporarily) build-depend on python3-distlib
to work around new pip 25.2+ in forky
qemu (1:10.0.3+ds-1) unstable; urgency=medium
* new upstream stable/bugfix release:
- Update version for 10.0.3 release
- hvf: arm: Emulate ICC_RPR_EL1 accesses properly
- target/arm: Correct encoding of Debug Communications Channel registers
https://gitlab.com/qemu-project/qemu/-/issues/2986
- ui: fix setting client_endian field defaults
- hw/net/npcm_gmac.c: Send the right data for second packet in a row
- target/i386: do not expose ARCH_CAPABILITIES on AMD CPU
- i386/cpu: Honor maximum value for CPUID.8000001DH.EAX[25:14]
- i386/cpu: Fix overflow of cache topology fields in CPUID.04H
- i386/cpu: Fix cpu number overflow in CPUID.01H.EBX[23:16]
- ui/vnc: Do not copy z_stream
- vhost: Fix used memslot tracking when destroying a vhost device
- roms: re-remove execute bit from hppa-firmware*
- file-posix: Fix aio=reads performance regression after enablign FUA
https://issues.redhat.com/browse/RHEL-96854
- amd_iommu: Fix truncation of oldval in amdvi_writeq
- amd_iommu: Remove duplicated definitions
- amd_iommu: Fix the calculation for Device Table size
- amd_iommu: Fix mask to retrieve Interrupt Table Root Pointer from DTE
- amd_iommu: Fix masks for various IOMMU MMIO Registers
- amd_iommu: Update bitmasks representing DTE reserved fields
- amd_iommu: Fix Device ID decoding for INVALIDATE_IOTLB_PAGES command
- amd_iommu: Fix Miscellaneous Information Register 0 encoding
- virtio-net: Add queues for RSS during migration
- net: fix buffer overflow in af_xdp_umem_create()
- accel/kvm: Adjust the note about the minimum required kernel version
- linux-user: Use qemu_set_cloexec() to mark pidfd as FD_CLOEXEC
- migration: Don't sync volatile memory after migration completes
- linux-user: Hold the fd-trans lock across fork
https://gitlab.com/qemu-project/qemu/-/issues/2846
- linux-user: Check for EFAULT failure in nanosleep
- linux-user: Implement fchmodat2 syscall
https://gitlab.com/qemu-project/qemu/-/issues/3019
- hw/arm/fsl-imx8mp: Wire VIRQ and VFIQ
- target/arm: Don't enforce NSE,NS check for EL3->EL3 returns
https://gitlab.com/qemu-project/qemu/-/issues/3016
- target/i386: fix TB exit logic in gen_movl_seg() when writing to SS
https://gitlab.com/qemu-project/qemu/-/issues/2987
- target/arm: Fix bfdotadd_ebf vs nan selection
- target/arm: Fix f16_dotadd vs nan selection
- target/arm: Fix PSEL size operands to tcg_gen_gvec_ands
- target/arm: Fix 128-bit element ZIP, UZP, TRN
- target/arm: Fix sve_access_check for SME
- target/arm: Fix SME vs AdvSIMD exception priority
- hw/s390x/ccw-device: Fix memory leak in loadparm setter
- virtio-gpu: support context init multiple timeline
- target/arm: Correct KVM & HVF dtb_compatible value
- target/arm: Make RETA[AB] UNDEF when pauth is not implemented
- tcg: Fix constant propagation in tcg_reg_alloc_dup
https://gitlab.com/qemu-project/qemu/-/issues/3002
- target/loongarch: fix vldi/xvldi raise wrong error
- target/loongarch: add check for fcond
- linux-user/arm: Fix return value of SYS_cacheflush
- hw/arm/mps2: Configure the AN500 CPU with 16 MPU regions
- qemu-options.hx: Fix reversed description of icount sleep behavior
- hw/arm/virt: Check bypass iommu is not set for iommu-map DT property
- hw/loongarch/virt: Fix big endian support with MCFG table
- hw/core/qdev-properties-system: Add missing return in set_drive_helper()
- iotests: fix 240
- target/i386: Remove FRED dependency on WRMSRNS
- hw/audio/asc: fix SIGSEGV in asc_realize()
- audio: fix size calculation in AUD_get_buffer_size_out()
- audio: fix SIGSEGV in AUD_get_buffer_size_out()
- hw/i386/amd_iommu: Fix xtsup when vcpus < 255
- hw/i386/amd_iommu: Fix device setup failure when PT is on.
- hw/i386/pc_piix: Fix RTC ISA IRQ wiring of isapc machine
- vhost: Don't set vring call if guest notifier is unused
- hw/arm: Add missing psci_conduit to NPCM8XX SoC boot info
- ui/vnc: fix tight palette pixel encoding for 8/16-bpp formats
- ui/vnc: take account of client byte order in pixman format
- ui/vnc.c: replace big endian flag with byte order value
- ui/sdl: Consider scaling in mouse event handling
- ui/gtk: Update scales in fixed-scale mode when rendering GL area
- gtk/ui: Introduce helper gd_update_scale
- ui/gtk: Use consistent naming for variables in different coordinates
- ui/gtk: Document scale and coordinate handling
- hw/arm/aspeed_ast27x0: Fix RAM size detection failure on BE hosts
- hw/misc/aspeed_hace: Ensure HASH_IRQ is always set
to prevent firmware hang
* d/gbp.conf: switch to debian-trixie branch
* d/control.mk: checked-version=10.0.3+ds
* qemu-img-options.patch: adjust help text for "convert" subcommand:
use the historic option which were accepted by the upstream, not
the new option introduced in this patch
* pcie_sriov-Fix-configuration-and-state-synchronizati.patch from upstream
Closes: #1109989, CVE-2025-54566, CVE-2025-54567
qemu (1:10.0.2+ds-2) unstable; urgency=medium
* d/control: switch from Static-Built-Using
back to Built-Using for qemu-user (Closes: #1106804)
* d/rules: simplify qemu:archlist variable generation
(does not change the resulting packages)
* d/control: drop build dependency alternative on python3-tomli,
which was needed for bpo builds before bookworm (Closes: #1105938)
* system-physmem-fix-use-after-free-with-dispatch.patch long-awaited
fix for UAF which was affected multiple other packages and was quite
difficult to track (Closes: #1106792)
-- Christian Ehrhardt <christian.ehrhardt at canonical.com> Fri, 15 Aug
2025 08:07:30 +0200
** Changed in: qemu (Ubuntu)
Status: In Progress => Fix Released
** Bug watch added: gitlab.com/qemu-project/qemu/-/issues #2986
https://gitlab.com/qemu-project/qemu/-/issues/2986
** Bug watch added: gitlab.com/qemu-project/qemu/-/issues #2846
https://gitlab.com/qemu-project/qemu/-/issues/2846
** Bug watch added: gitlab.com/qemu-project/qemu/-/issues #3019
https://gitlab.com/qemu-project/qemu/-/issues/3019
** Bug watch added: gitlab.com/qemu-project/qemu/-/issues #3016
https://gitlab.com/qemu-project/qemu/-/issues/3016
** Bug watch added: gitlab.com/qemu-project/qemu/-/issues #2987
https://gitlab.com/qemu-project/qemu/-/issues/2987
** Bug watch added: gitlab.com/qemu-project/qemu/-/issues #3002
https://gitlab.com/qemu-project/qemu/-/issues/3002
** CVE added: https://cve.org/CVERecord?id=CVE-2025-54566
** CVE added: https://cve.org/CVERecord?id=CVE-2025-54567
** CVE added: https://cve.org/CVERecord?id=CVE-2025-8860
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gcc-15 in Ubuntu.
https://bugs.launchpad.net/bugs/2120835
Title:
EDK2 tests for riscv emulation fail against qemu 10.1 on ppc64el
Status in gcc:
Unknown
Status in edk2 package in Ubuntu:
Invalid
Status in gcc-15 package in Ubuntu:
Confirmed
Status in qemu package in Ubuntu:
Fix Released
Bug description:
In testing qemu 10.1 we've seen them start to fail on armhf and ppc64
(only there)
https://autopkgtest.ubuntu.com/packages/e/edk2/questing/armhf
https://autopkgtest.ubuntu.com/packages/e/edk2/questing/ppc64el
An example log is
https://autopkgtest.ubuntu.com/results/autopkgtest-questing/questing/ppc64el/e/edk2/20250818_045238_153f0@/log.gz
With a porterbox setup the good case is reproducible like this:
sudo apt install -y ovmf ovmf-ia32 python3-pexpect qemu-efi-aarch64 qemu-efi-arm qemu-efi-loongarch64 qemu-efi-riscv64 qemu-system-arm qemu-system-loongarch64 qemu-system-riscv64 qemu-system-x86
apt source edk2
cd edk2-2025.02/
PYTHONPATH=./debian/python python3 debian/tests/shell.py
PYTHONPATH=./debian/python python3 debian/tests/shell.py 2>&1 | tee -a ~/compare-10.0.log
...
works fine
Switching to the qemu 10.1 (and by dependency glibc) from proposed
makes this reproducible.
The error (or red herring) is
241s ERROR:target/riscv/pmu.c:216:riscv_pmu_icount_update_priv: assertion failed: (newpriv <= PRV_S)
241s Bail out! ERROR:target/riscv/pmu.c:216:riscv_pmu_icount_update_priv: assertion failed: (newpriv <= PRV_S)
251s ERROR
PMU again - really? - /me is shaking the fist!
And inside the test that is
251s ======================================================================
251s ERROR: test_riscv64 (__main__.BootToShellTest.test_riscv64)
251s ----------------------------------------------------------------------
251s Traceback (most recent call last):
251s File "/tmp/autopkgtest.RPBps3/build.f20/src/debian/tests/shell.py", line 100, in run_cmd_check_shell
251s i = child.expect(
251s [
251s ...<3 lines>...
251s timeout=TEST_TIMEOUT,
251s )
251s File "/usr/lib/python3/dist-packages/pexpect/spawnbase.py", line 354, in expect
251s return self.expect_list(compiled_pattern_list,
251s ~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^
251s timeout, searchwindowsize, async_)
251s ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
251s File "/usr/lib/python3/dist-packages/pexpect/spawnbase.py", line 383, in expect_list
251s return exp.expect_loop(timeout)
251s ~~~~~~~~~~~~~~~^^^^^^^^^
251s File "/usr/lib/python3/dist-packages/pexpect/expect.py", line 179, in expect_loop
251s return self.eof(e)
251s ~~~~~~~~^^^
251s File "/usr/lib/python3/dist-packages/pexpect/expect.py", line 122, in eof
251s raise exc
AFAICS this very much comes down to
251s args: [b'/usr/bin/qemu-system-riscv64', b'-no-user-config',
b'-nodefaults', b'-m', b'256', b'-smp',
b'1,sockets=1,cores=1,threads=1', b'-display', b'none', b'-serial',
b'stdio', b'-machine', b'virt', b'-device', b'virtio-serial-device',
b'-drive', b'file=/usr/share/qemu-efi-
riscv64/RISCV_VIRT_CODE.fd,if=pflash,format=raw,unit=0,readonly=on',
b'-drive',
b'file=/tmp/tmpr31gjfit,if=pflash,format=raw,unit=1,readonly=off']
From here I have two log filed for 10.0 and 10.1 which we can compare, but the diff shows no interesting Delta until the bug happens.
I need to modify the test to keep the artifacts around and allow it to be ran directly.
We can steal the test drive from the test (will attach) and then
isolate the command:
Command:
qemu-system-riscv64 -no-user-config -nodefaults -m 256 -smp '1,sockets=1,cores=1,threads=1' -display 'none' -serial 'stdio' -machine 'virt' -device 'virtio-serial-device' -drive 'file=/usr/share/qemu-efi-riscv64/RISCV_VIRT_CODE.fd,if=pflash,format=raw,unit=0,readonly=on' -drive 'file=/tmp/testdrive,if=pflash,format=raw,unit=1,readonly=off'
Riddles: At least in automation they only fail on armhf and ppc64
(?!?) ?
To manage notifications about this bug go to:
https://bugs.launchpad.net/gcc/+bug/2120835/+subscriptions
More information about the foundations-bugs
mailing list