Re: [Qemu-devel] [memory] abort with head a8170e5

[Aurelien Jarno <aurelien@aurel32.net>]

On Thu, Oct 25, 2012 at 03:47:34PM +0200, Avi Kivity wrote:
> On 10/24/2012 04:00 PM, Aurelien Jarno wrote:
> > 
> > mips is also broken but by commit 1c380f9460522f32c8dd2577b2a53d518ec91c6d:
> > 
> > | [    0.436000] PCI: Enabling device 0000:00:0a.1 (0000 -> 0001)
> > | Segmentation fault (core dumped)
> > 
> 
> How do you reproduce it?

You can use the mips kernel version 2.6.32 from:
  http://people.debian.org/~aurel32/qemu/mips/

Then just run it with the following command:
  qemu-system-mips -M malta -kernel vmlinux-2.6.32-5-4kc-malta -append "console=tty0"

(You can also get the README command line if you don't care about
downloading the disk image).

> Does this patch fix it for you?

Thanks for this patch. Unfortunately it doesn't. In the mean time, I 
have also found that it's possible to workaround the issue by using 
-vga none or -vga std (instead of the default cirrus). I don't know
if it rings a bell for you.

> From: Avi Kivity <avi@redhat.com>
> Date: Thu, 11 Oct 2012 12:40:24 +0200
> Subject: [PATCH] memory: limit sections in the radix tree to the actual
>  address space size
> 
> The radix tree is statically sized to fit TARGET_PHYS_ADDR_SPACE_BITS.
> If a larger memory region is registered, it will overflow.
> 
> Fix by limiting any section in the radix tree to the supported size.
> 
> This problem was not observed earlier since artificial regions (containers
> and aliases) are eliminated by the memory core, leaving only device regions
> which have reasonable sizes.  An IOMMU however cannot be eliminated by the
> memory core, and may have an artificial size.
> 
> Signed-off-by: Avi Kivity <avi@redhat.com>
> 
> diff --git a/exec.c b/exec.c
> index b0ed593..deee8ec 100644
> --- a/exec.c
> +++ b/exec.c
> @@ -2280,10 +2280,23 @@ static void register_multipage(AddressSpaceDispatch *d, MemoryRegionSection *sec
>                    section_index);
>  }
>  
> +static MemoryRegionSection limit(MemoryRegionSection section)
> +{
> +    unsigned practical_as_bits = MIN(TARGET_PHYS_ADDR_SPACE_BITS, 62);
> +    hwaddr as_limit;
> +
> +    as_limit = (hwaddr)1 << practical_as_bits;
> +
> +    section.size = MIN(section.offset_within_address_space + section.size, as_limit)
> +                   - section.offset_within_address_space;
> +
> +    return section;
> +}
> +
>  static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
>  {
>      AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
> -    MemoryRegionSection now = *section, remain = *section;
> +    MemoryRegionSection now = limit(*section), remain = limit(*section);
>  
>      if ((now.offset_within_address_space & ~TARGET_PAGE_MASK)
>          || (now.size < TARGET_PAGE_SIZE)) {
> 
> 
> 
> -- 
> error compiling committee.c: too many arguments to function
> 
> 

-- 
Aurelien Jarno                          GPG: 1024D/F1BCDB73
aurelien@aurel32.net                 http://www.aurel32.net