From: Alex Williamson <alex.williamson@redhat.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH v3 0/3] vfio: free data and unmap BARs in instance_finalize
Date: Fri, 06 Feb 2015 18:39:04 -0700 [thread overview]
Message-ID: <1423273144.22865.654.camel@redhat.com> (raw)
In-Reply-To: <1423257311-1345-1-git-send-email-pbonzini@redhat.com>
On Fri, 2015-02-06 at 22:15 +0100, Paolo Bonzini wrote:
> Mostly the same as v2;
We've got something screwy going on with MemoryListeners, I did some
hotplug testing with this and I hit the following segfault:
Program received signal SIGSEGV, Segmentation fault.
0x00007ff7bd8f7416 in memory_listener_register (listener=0x7ff7bf935e50,
filter=0x7ff7bf935e08)
at /net/gimli/home/alwillia/Work/qemu.git/memory.c:1931
1931 QTAILQ_INSERT_BEFORE(other, listener, link);
Call path is:
#0 0x00007ff7bd8f7416 in memory_listener_register (listener=0x7ff7bf935e50, filter=0x7ff7bf935e08)
at memory.c:1931
#1 0x00007ff7bd8aa400 in address_space_init_dispatch (as=0x7ff7bf935e08)
at exec.c:2059
#2 0x00007ff7bd8f75d4 in address_space_init (as=0x7ff7bf935e08, root=0x7ff7bf935ef0, name=0x7ff7bf71aee0 "vfio-pci")
at memory.c:1954
#3 0x00007ff7bdae5d85 in do_pci_register_device (pci_dev=0x7ff7bf935c00, bus=0x7ff7bf77ce40, name=0x7ff7bf71aee0 "vfio-pci", devfn=64)
at hw/pci/pci.c:837
#4 0x00007ff7bdae7eba in pci_qdev_init (qdev=0x7ff7bf935c00)
at hw/pci/pci.c:1768
#5 0x00007ff7bda67fc6 in device_realize (dev=0x7ff7bf935c00,
errp=0x7fffcee75550) at hw/core/qdev.c:247
#6 0x00007ff7bda6a00a in device_set_realized (obj=0x7ff7bf935c00, value=true,
errp=0x7fffcee75700) at hw/core/qdev.c:1040
#7 0x00007ff7bdb823b7 in property_set_bool (obj=0x7ff7bf935c00, v=0x7ff7bf9375b0, opaque=0x7ff7bf98aee0, name=0x7ff7bdca0869 "realized",
errp=0x7fffcee75700) at qom/object.c:1514
#8 0x00007ff7bdb80cb1 in object_property_set (obj=0x7ff7bf935c00, v=0x7ff7bf9375b0, name=0x7ff7bdca0869 "realized", errp=0x7fffcee75700)
at qom/object.c:837
#9 0x00007ff7bdb82ccf in object_property_set_qobject (obj=0x7ff7bf935c00, value=0x7ff7bfa01680, name=0x7ff7bdca0869 "realized", errp=0x7fffcee75700)
at qom/qom-qobject.c:24
#10 0x00007ff7bdb80f20 in object_property_set_bool (obj=0x7ff7bf935c00, value=true, name=0x7ff7bdca0869 "realized", errp=0x7fffcee75700)
at qom/object.c:905
#11 0x00007ff7bd9d0914 in qdev_device_add (opts=0x7ff7bfa07910)
at qdev-monitor.c:574
#12 0x00007ff7bd9d0f2e in do_device_add (mon=0x7ff7bf7b8130,
Walking through the QTAIL list, we get to these last two entries:
(gdb) p *(MemoryListener *)0x7ff7bfa6a860
$18 = {begin = 0x7ff7bd8aa0ee <mem_begin>,
commit = 0x7ff7bd8aa275 <mem_commit>, region_add = 0x7ff7bd8a7bf6 <mem_add>,
region_del = 0x0, region_nop = 0x7ff7bd8a7bf6 <mem_add>, log_start = 0x0,
log_stop = 0x0, log_sync = 0x0, log_global_start = 0x0,
log_global_stop = 0x0, eventfd_add = 0x0, eventfd_del = 0x0,
coalesced_mmio_add = 0x0, coalesced_mmio_del = 0x0, priority = 0,
address_space_filter = 0x7ff7bfa6a818, link = {tqe_next = 0x7ff7bf937e90,
tqe_prev = 0x7ff7bfa4e380}}
(gdb) p *(MemoryListener *)0x7ff7bf937e90
$19 = {begin = 0x0, commit = 0x0, region_add = 0x0, region_del = 0x0,
region_nop = 0x0, log_start = 0x0, log_stop = 0x0, log_sync = 0x0,
log_global_start = 0x0, log_global_stop = 0x0, eventfd_add = 0x0,
eventfd_del = 0x0, coalesced_mmio_add = 0x0, coalesced_mmio_del = 0x0,
priority = 0, address_space_filter = 0x0, link = {tqe_next = 0x0,
tqe_prev = 0x0}}
So we've got a zero'd MemoryListener that's still on the
memory_listeners list and QTAILQ_INSERT_BEFORE isn't happy touching
*(0x0).
I'm not sure where it's coming from yet, but I did extensive testing for
my last pull request based on ec6f25e because if I updated to d5fbb4c
vfio hotplug broke immediately. I'll keep looking, but I thought I'd
share in case you have some ideas. Thanks,
Alex
next prev parent reply other threads:[~2015-02-07 1:39 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-06 21:15 [Qemu-devel] [PATCH v3 0/3] vfio: free data and unmap BARs in instance_finalize Paolo Bonzini
2015-02-06 21:15 ` [Qemu-devel] [PATCH 1/3] vfio: cleanup vfio_get_device error path, remove vfio_populate_device callback Paolo Bonzini
2015-02-06 21:15 ` [Qemu-devel] [PATCH 2/3] vfio: free dynamically-allocated data in instance_finalize Paolo Bonzini
2015-02-06 21:15 ` [Qemu-devel] [PATCH 3/3] vfio: unmap and free BAR " Paolo Bonzini
2015-02-07 1:39 ` Alex Williamson [this message]
2015-02-07 20:00 ` [Qemu-devel] [PATCH v3 0/3] vfio: free data and unmap BARs " Paolo Bonzini
2015-02-08 17:22 ` Alex Williamson
2015-02-08 18:55 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1423273144.22865.654.camel@redhat.com \
--to=alex.williamson@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).