Re: [Qemu-devel] [Question] memory: AddressSpace backed by single IO MemoryRegion

[Marcel Apfelbaum <marcel.a@redhat.com>]

On Mon, 2013-09-16 at 16:52 +0200, Paolo Bonzini wrote:
> Il 16/09/2013 16:48, Marcel Apfelbaum ha scritto:
> > Hi all,
> > 
> > I have an AddressSpace backed by a single MemoryRegion which is
> > initiated using memory_region_init_io (has ops).
> > Once I enable it, I get an assertion:
> >     exec.c:806: register_subpage: Assertion `existing->mr->subpage || existing->mr == &io_mem_unassigned' failed.
> > 
> > 
> > Here is the pseudo-code:
> >     memory_region_init_io(my_reg, owner, my_ops, my_obj, "my region", INT64_MAX);
> >     memory_region_set_enabled(my_reg, false);
> >     address_space_init(my_as, my_reg, name);
> >     memory_region_set_enabled(my_reg, true);
> > Receives:
> >     exec.c:806: register_subpage: Assertion `existing->mr->subpage || existing->mr == &io_mem_unassigned' failed.
> > 
> > Any idea why? Any suggestion would be appreciated.
> 
> Backtrace, and print of local variables in mem_add?

Backtrace:
---------
#1  0x00007ffff0880128 in __GI_abort () at abort.c:90
#2  0x00007ffff0877986 in __assert_fail_base (fmt=0x7ffff09c63e8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x555555a35a20 "existing->mr->subpage || existing->mr == &io_mem_unassigned", file=file@entry=0x555555a358f8 "qemu/exec.c", line=line@entry=806, function=function@entry=0x555555a35de0 <__PRETTY_FUNCTION__.30604> "register_subpage") at assert.c:92
#3  0x00007ffff0877a32 in __GI___assert_fail (assertion=0x555555a35a20 "existing->mr->subpage || existing->mr == &io_mem_unassigned", file=0x555555a358f8 "qemu/exec.c", line=806, function=0x555555a35de0 <__PRETTY_FUNCTION__.30604> "register_subpage") at assert.c:101
#4  0x0000555555889838 in register_subpage (d=0x7fffdc000d40, section=0x7fffea65f370) at qemu/exec.c:806
#5  0x0000555555889c5e in mem_add (listener=0x5555564c4648, section=0x7fffea65f6b0) at qemu/exec.c:856
#6  0x000055555590f236 in address_space_update_topology_pass (as=0x5555564c4610, old_view=0x7fffdc038e20, new_view=0x7fffdc000b20, adding=true) at qemu/memory.c:749
#7  0x000055555590f31c in address_space_update_topology (as=0x5555564c4610) at qemu/memory.c:764
#8  0x000055555590f48b in memory_region_transaction_commit () at qemu/memory.c:799
#9  0x0000555555911e88 in memory_region_set_enabled (mr=0x5555564c46e8, enabled=true) at qemu/memory.c:1503
#10 0x0000555555740b1a in pci_default_write_config (d=0x5555564c43f0, addr=4, val=0, l=2) at qemu/hw/pci/pci.c:1222
#11 0x0000555555744c1b in pci_bridge_write_config (d=0x5555564c43f0, address=4, val=263, len=2) at qemu/hw/pci/pci_bridge.c:252
#12 0x0000555555733e4e in pci_bridge_dev_write_config (d=0x5555564c43f0, address=4, val=263, len=2) at qemu/hw/pci-bridge/pci_bridge_dev.c:104
#13 0x0000555555745756 in pci_host_config_write_common (pci_dev=0x5555564c43f0, addr=4, limit=256, val=263, len=2) at qemu/hw/pci/pci_host.c:57
#14 0x00005555557458a6 in pci_data_write (s=0x55555648ac40, addr=2147489796, val=263, len=2) at qemu/hw/pci/pci_host.c:84
#15 0x0000555555745a62 in pci_host_data_write (opaque=0x555556487740, addr=0, val=263, len=2) at qemu/hw/pci/pci_host.c:137
#16 0x000055555590d5b3 in memory_region_write_accessor (mr=0x555556489b30, addr=0, value=0x7fffea65fa28, size=2, shift=0, mask=65535) at qemu/memory.c:440
#17 0x000055555590d6f0 in access_with_adjusted_size (addr=0, value=0x7fffea65fa28, size=2, access_size_min=1, access_size_max=4, access=0x55555590d523 <memory_region_write_accessor>, mr=0x555556489b30) at qemu/memory.c:477
#18 0x000055555590fcbd in memory_region_dispatch_write (mr=0x555556489b30, addr=0, data=263, size=2) at qemu/memory.c:984
#19 0x0000555555912f44 in io_mem_write (mr=0x555556489b30, addr=0, val=263, size=2) at qemu/memory.c:1748
#20 0x000055555588c6d6 in address_space_rw (as=0x55555626e740 <address_space_io>, addr=3324, buf=0x7ffff7ff1000 "\a\001", len=2, is_write=true) at qemu/exec.c:1959
#21 0x0000555555909d82 in kvm_handle_io (port=3324, data=0x7ffff7ff1000, direction=1, size=2, count=1) at qemu/kvm-all.c:1518
#22 0x000055555590a33f in kvm_cpu_exec (cpu=0x55555646c890) at qemu/kvm-all.c:1656
#23 0x000055555587ee08 in qemu_kvm_cpu_thread_fn (arg=0x55555646c890) at qemu/cpus.c:802
#24 0x00007ffff625ec53 in start_thread (arg=0x7fffea660700) at pthread_create.c:308
#25 0x00007ffff093e13d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

Local variables of mem_add:
---------------------------
(gdb) print *listener
$15 = {begin = 0x55555588bd21 <mem_begin>, commit = 0x55555588bdaa <mem_commit>, region_add = 0x5555558899f3 <mem_add>, region_del = 0x0, region_nop = 0x5555558899f3 <mem_add>, log_start = 0x0, log_stop = 0x0, log_sync = 0x0, log_global_start = 0x0, log_global_stop = 0x0, eventfd_add = 0x0, eventfd_del = 0x0, coalesced_mmio_add = 0x0, coalesced_mmio_del = 0x0, priority = 0, address_space_filter = 0x5555564c4610, link = {tqe_next = 0x7fffe943d268, tqe_prev = 0x5555564f7a88}}
(gdb) print *section
$16 = {mr = 0x5555564c46e8, address_space = 0x5555564c4610, offset_within_region = 0, size = {lo = 9223372036854775807, hi = 0}, offset_within_address_space = 0, readonly = false}
(gdb) print *as
$17 = {name = 0x5555564b7700 "pci-bridge", root = 0x5555564c46e8, current_map = 0x7fffdc038e20, ioeventfd_nb = 0, ioeventfds = 0x0, dispatch = 0x7fffdc000bd0, next_dispatch = 0x7fffdc000d40, dispatch_listener = {begin = 0x55555588bd21 <mem_begin>, commit = 0x55555588bdaa <mem_commit>, region_add = 0x5555558899f3 <mem_add>, region_del = 0x0, region_nop = 0x5555558899f3 <mem_add>, log_start = 0x0, log_stop = 0x0, log_sync = 0x0, log_global_start = 0x0, log_global_stop = 0x0, eventfd_add = 0x0, eventfd_del = 0x0, coalesced_mmio_add = 0x0, coalesced_mmio_del = 0x0, priority = 0, address_space_filter = 0x5555564c4610, link = {tqe_next = 0x7fffe943d268, tqe_prev = 0x5555564f7a88}}, address_spaces_link = {tqe_next = 0x7fffe943d230, tqe_prev = 0x5555564f7a98}}
(gdb) print *d
$18 = {phys_map = {is_leaf = 0, ptr = 11}, nodes = 0x7fffdc000a50, sections = 0x7fffdc04aa60, as = 0x5555564c4610}
(gdb) print now
$19 = {mr = 0x5555564c46e8, address_space = 0x5555564c4610, offset_within_region = 9223372036854771712, size = {lo = 4095, hi = 0}, offset_within_address_space = 9223372036854771712, readonly = false}
(gdb) print remain
$20 = {mr = 0x5555564c46e8, address_space = 0x5555564c4610, offset_within_region = 9223372036854771712, size = {lo = 4095, hi = 0}, offset_within_address_space = 9223372036854771712, readonly = false}
(gdb) print page_size
$21 = {lo = 4096, hi = 0}

Thanks,
Marcel

> Paolo