* [Qemu-devel] qemu git (f03d07d46) / e100 / sending large packets causes SIGABRT
@ 2013-07-24 10:17 Oleksii Shevchuk
2013-07-29 8:50 ` Stefan Hajnoczi
0 siblings, 1 reply; 5+ messages in thread
From: Oleksii Shevchuk @ 2013-07-24 10:17 UTC (permalink / raw)
To: qemu-devel Developers
1. qemu-kvm -sdl -nodefaults -name NP1-C1 \
-uuid b71057e9-5705-420b-a780-52339afa6ed9 \
-boot c \
-hda np1UD.disk \
-hdb fat:exchange \
-device i82559c,netdev=vin0,romfile="",mac="00:11:22:33:44:54" \
-netdev tap,id=vin0,ifname=vin0,script=no \
-device cirrus-vga \
-serial pty \
&
2. ping -s 65000
3. Program received signal SIGABRT, Aborted.
#0 0x00007f9aa35e62a9 in __GI_raise (sig=sig@entry=0x6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 0x00007f9aa35e7608 in __GI_abort () at abort.c:90
#2 0x00007f9aa97cb9ac in address_space_rw (as=as@entry=0x7f9aac086a40, addr=0x86fa453c, addr@entry=0x86fa4000, buf=0x7f9a97ffe55e "\327\060\061\061\272?32\330\061\062\062\276@43\331\062\063\063\302A54\332\063\064\064\306B65\333\064\065\065\312C76\334\065\066\066\316D87\335\066\067\067\322E98\336\067\070\070\326F:9\337\070\071\071\332G;:\340\071::\336H<;\341:;;\342I=<\342;<<\346J>=\343<==\352K?>\344=>>", '\377' <repeats 92 times>..., buf@entry=0x7f9a97ffe022 '\377' <repeats 200 times>..., len=0x3, len@entry=0x53f, is_write=is_write@entry=0x0) at /tmp/portage/app-emulation/qemu-9999/work/qemu-9999/exec.c:2005
#3 0x00007f9aa96d6349 in dma_memory_rw_relaxed (dir=DMA_DIRECTION_TO_DEVICE, len=0x53f, buf=0x7f9a97ffe022, addr=0x86fa4000, as=0x7f9aac086a40) at /tmp/portage/app-emulation/qemu-9999/work/qemu-9999/include/sysemu/dma.h:90
#4 dma_memory_rw (dir=DMA_DIRECTION_TO_DEVICE, len=0x53f, buf=0x7f9a97ffe022, addr=0x86fa4000, as=0x7f9aac086a40) at /tmp/portage/app-emulation/qemu-9999/work/qemu-9999/include/sysemu/dma.h:112
#5 pci_dma_rw (dir=DMA_DIRECTION_TO_DEVICE, len=0x53f, buf=0x7f9a97ffe022, addr=0x86fa4000, dev=0x7f9aac086820) at /tmp/portage/app-emulation/qemu-9999/work/qemu-9999/include/hw/pci/pci.h:652
#6 pci_dma_read (len=0x53f, buf=0x7f9a97ffe022, addr=0x86fa4000, dev=0x7f9aac086820) at /tmp/portage/app-emulation/qemu-9999/work/qemu-9999/include/hw/pci/pci.h:659
#7 tx_command (s=s@entry=0x7f9aac086820) at /tmp/portage/app-emulation/qemu-9999/work/qemu-9999/hw/net/eepro100.c:804
#8 0x00007f9aa96d6e38 in action_command (s=s@entry=0x7f9aac086820) at /tmp/portage/app-emulation/qemu-9999/work/qemu-9999/hw/net/eepro100.c:906
#9 0x00007f9aa96d70fb in eepro100_cu_command (s=s@entry=0x7f9aac086820, val=val@entry=0x20) at /tmp/portage/app-emulation/qemu-9999/work/qemu-9999/hw/net/eepro100.c:980
#10 0x00007f9aa96d8065 in eepro100_write_command (val=<optimized out>, s=0x7f9aac086820) at /tmp/portage/app-emulation/qemu-9999/work/qemu-9999/hw/net/eepro100.c:1074
#11 eepro100_write1 (s=0x7f9aac086820, addr=<optimized out>, val=<optimized out>) at /tmp/portage/app-emulation/qemu-9999/work/qemu-9999/hw/net/eepro100.c:1457
#12 0x00007f9aa981d012 in access_with_adjusted_size (addr=addr@entry=0x2, value=value@entry=0x7f9a97ffeba0, size=size@entry=0x1, access_size_min=<optimized out>, access_size_max=<optimized out>, access=0x7f9aa981d1c0 <memory_region_write_accessor>, opaque=0x7f9aac086fd8) at /tmp/portage/app-emulation/qemu-9999/work/qemu-9999/memory.c:436
#13 0x00007f9aa9822153 in memory_region_dispatch_write (size=0x1, data=0x20, addr=0x2, mr=0x7f9aac086fd8) at /tmp/portage/app-emulation/qemu-9999/work/qemu-9999/memory.c:978
#14 io_mem_write (mr=mr@entry=0x7f9aac086fd8, addr=0x2, val=<optimized out>, size=size@entry=0x1) at /tmp/portage/app-emulation/qemu-9999/work/qemu-9999/memory.c:1737
#15 0x00007f9aa97cb9fd in address_space_rw (as=as@entry=0x7f9aa9fa1080 <address_space_memory>, addr=0xfe001002, buf=buf@entry=0x7f9aa956b028 " \242\005\272", len=0x1, is_write=0x1) at /tmp/portage/app-emulation/qemu-9999/work/qemu-9999/exec.c:1967
#16 0x00007f9aa97cbcb5 in cpu_physical_memory_rw (addr=<optimized out>, buf=buf@entry=0x7f9aa956b028 " \242\005\272", len=<optimized out>, is_write=<optimized out>) at /tmp/portage/app-emulation/qemu-9999/work/qemu-9999/exec.c:2036
#17 0x00007f9aa981bfe5 in kvm_cpu_exec (cpu=cpu@entry=0x7f9aabfe1550) at /tmp/portage/app-emulation/qemu-9999/work/qemu-9999/kvm-all.c:1673
#18 0x00007f9aa97c1f7a in qemu_kvm_cpu_thread_fn (arg=0x7f9aabfe1550) at /tmp/portage/app-emulation/qemu-9999/work/qemu-9999/cpus.c:785
#19 0x00007f9aa70b5d63 in start_thread (arg=0x7f9a97fff700) at pthread_create.c:308
#20 0x00007f9aa3698cfd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Qemu-devel] qemu git (f03d07d46) / e100 / sending large packets causes SIGABRT
2013-07-24 10:17 [Qemu-devel] qemu git (f03d07d46) / e100 / sending large packets causes SIGABRT Oleksii Shevchuk
@ 2013-07-29 8:50 ` Stefan Hajnoczi
2013-07-29 10:53 ` Paolo Bonzini
0 siblings, 1 reply; 5+ messages in thread
From: Stefan Hajnoczi @ 2013-07-29 8:50 UTC (permalink / raw)
To: Oleksii Shevchuk; +Cc: Paolo Bonzini, qemu-devel Developers
On Wed, Jul 24, 2013 at 01:17:29PM +0300, Oleksii Shevchuk wrote:
>
> 1. qemu-kvm -sdl -nodefaults -name NP1-C1 \
> -uuid b71057e9-5705-420b-a780-52339afa6ed9 \
> -boot c \
> -hda np1UD.disk \
> -hdb fat:exchange \
> -device i82559c,netdev=vin0,romfile="",mac="00:11:22:33:44:54" \
> -netdev tap,id=vin0,ifname=vin0,script=no \
> -device cirrus-vga \
> -serial pty \
> &
>
> 2. ping -s 65000
>
> 3. Program received signal SIGABRT, Aborted.
Here is an annotated backtrace:
> #7 tx_command (s=s@entry=0x7f9aac086820) at /tmp/portage/app-emulation/qemu-9999/work/qemu-9999/hw/net/eepro100.c:804
> #6 pci_dma_read (len=0x53f, buf=0x7f9a97ffe022, addr=0x86fa4000, dev=0x7f9aac086820) at /tmp/portage/app-emulation/qemu-9999/work/qemu-9999/include/hw/pci/pci.h:659
len=0x53f is an odd number: 1343
> #5 pci_dma_rw (dir=DMA_DIRECTION_TO_DEVICE, len=0x53f, buf=0x7f9a97ffe022, addr=0x86fa4000, dev=0x7f9aac086820) at /tmp/portage/app-emulation/qemu-9999/work/qemu-9999/include/hw/pci/pci.h:652
> #4 dma_memory_rw (dir=DMA_DIRECTION_TO_DEVICE, len=0x53f, buf=0x7f9a97ffe022, addr=0x86fa4000, as=0x7f9aac086a40) at /tmp/portage/app-emulation/qemu-9999/work/qemu-9999/include/sysemu/dma.h:112
> #3 0x00007f9aa96d6349 in dma_memory_rw_relaxed (dir=DMA_DIRECTION_TO_DEVICE, len=0x53f, buf=0x7f9a97ffe022, addr=0x86fa4000, as=0x7f9aac086a40) at /tmp/portage/app-emulation/qemu-9999/work/qemu-9999/include/sysemu/dma.h:90
> #2 0x00007f9aa97cb9ac in address_space_rw (as=as@entry=0x7f9aac086a40, addr=0x86fa453c, addr@entry=0x86fa4000, buf=0x7f9a97ffe55e "\327\060\061\061\272?32\330\061\062\062\276@43\331\062\063\063\302A54\332\063\064\064\306B65\333\064\065\065\312C76\334\065\066\066\316D87\335\066\067\067\322E98\336\067\070\070\326F:9\337\070\071\071\332G;:\340\071::\336H<;\341:;;\342I=<\342;<<\346J>=\343<==\352K?>\344=>>", '\377' <repeats 92 times>..., buf@entry=0x7f9a97ffe022 '\377' <repeats 200 times>..., len=0x3, len@entry=0x53f, is_write=is_write@entry=0x0) at /tmp/portage/app-emulation/qemu-9999/work/qemu-9999/exec.c:2005
There are only a few bytes remaining: len=0x3. The abort(3) comes from address_space_rw():
if (!memory_access_is_direct(mr, is_write)) {
/* I/O case */
l = memory_access_size(mr, l, addr1);
switch (l) {
case 8:
...
case 4:
...
case 2:
...
case 1:
...
default:
abort(); <-- we abort here
}
Paolo: Do you know how the memory API is supposed to work here?
Stefan
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Qemu-devel] qemu git (f03d07d46) / e100 / sending large packets causes SIGABRT
2013-07-29 8:50 ` Stefan Hajnoczi
@ 2013-07-29 10:53 ` Paolo Bonzini
2013-07-29 11:40 ` Stefan Hajnoczi
0 siblings, 1 reply; 5+ messages in thread
From: Paolo Bonzini @ 2013-07-29 10:53 UTC (permalink / raw)
To: Stefan Hajnoczi; +Cc: Oleksii Shevchuk, qemu-devel Developers
Il 29/07/2013 10:50, Stefan Hajnoczi ha scritto:
> There are only a few bytes remaining: len=0x3. The abort(3) comes from address_space_rw():
>
> if (!memory_access_is_direct(mr, is_write)) {
> /* I/O case */
> l = memory_access_size(mr, l, addr1);
> switch (l) {
> case 8:
> ...
> case 4:
> ...
> case 2:
> ...
> case 1:
> ...
> default:
> abort(); <-- we abort here
> }
>
> Paolo: Do you know how the memory API is supposed to work here?
The problem is introduced by commit 2332616 (exec: Support 64-bit
operations in address_space_rw, 2013-07-08). Before that commit,
memory_access_size would only return 1/2/4. The following should help:
diff --git a/exec.c b/exec.c
index 7997002..7686c15 100644
--- a/exec.c
+++ b/exec.c
@@ -1922,6 +1922,9 @@ static int memory_access_size(MemoryRegion *mr,
unsigned l, hwaddr addr)
if (l > access_size_max) {
l = access_size_max;
}
+ if (l & (l - 1)) {
+ l = 1 << (qemu_fls(l) - 1);
+ }
return l;
}
Paolo
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [Qemu-devel] qemu git (f03d07d46) / e100 / sending large packets causes SIGABRT
2013-07-29 10:53 ` Paolo Bonzini
@ 2013-07-29 11:40 ` Stefan Hajnoczi
2013-07-29 12:03 ` Oleksii Shevchuk
0 siblings, 1 reply; 5+ messages in thread
From: Stefan Hajnoczi @ 2013-07-29 11:40 UTC (permalink / raw)
To: Oleksii Shevchuk; +Cc: Paolo Bonzini, qemu-devel Developers
On Mon, Jul 29, 2013 at 12:53 PM, Paolo Bonzini <pbonzini@redhat.com> wrote:
> Il 29/07/2013 10:50, Stefan Hajnoczi ha scritto:
>> There are only a few bytes remaining: len=0x3. The abort(3) comes from address_space_rw():
>>
>> if (!memory_access_is_direct(mr, is_write)) {
>> /* I/O case */
>> l = memory_access_size(mr, l, addr1);
>> switch (l) {
>> case 8:
>> ...
>> case 4:
>> ...
>> case 2:
>> ...
>> case 1:
>> ...
>> default:
>> abort(); <-- we abort here
>> }
>>
>> Paolo: Do you know how the memory API is supposed to work here?
>
> The problem is introduced by commit 2332616 (exec: Support 64-bit
> operations in address_space_rw, 2013-07-08). Before that commit,
> memory_access_size would only return 1/2/4. The following should help:
>
> diff --git a/exec.c b/exec.c
> index 7997002..7686c15 100644
> --- a/exec.c
> +++ b/exec.c
> @@ -1922,6 +1922,9 @@ static int memory_access_size(MemoryRegion *mr,
> unsigned l, hwaddr addr)
> if (l > access_size_max) {
> l = access_size_max;
> }
> + if (l & (l - 1)) {
> + l = 1 << (qemu_fls(l) - 1);
> + }
>
> return l;
> }
Oleksii, are you able to test Paolo's patch?
Thanks,
Stefan
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Qemu-devel] qemu git (f03d07d46) / e100 / sending large packets causes SIGABRT
2013-07-29 11:40 ` Stefan Hajnoczi
@ 2013-07-29 12:03 ` Oleksii Shevchuk
0 siblings, 0 replies; 5+ messages in thread
From: Oleksii Shevchuk @ 2013-07-29 12:03 UTC (permalink / raw)
To: Stefan Hajnoczi; +Cc: Oleksii Shevchuk, Paolo Bonzini, qemu-devel Developers
Stefan Hajnoczi <stefanha@gmail.com> writes:
> Oleksii, are you able to test Paolo's patch?
Issue goes away with the patch applied to the current git. At least, it doesn't
reproduce with large packets.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2013-07-29 12:03 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-07-24 10:17 [Qemu-devel] qemu git (f03d07d46) / e100 / sending large packets causes SIGABRT Oleksii Shevchuk
2013-07-29 8:50 ` Stefan Hajnoczi
2013-07-29 10:53 ` Paolo Bonzini
2013-07-29 11:40 ` Stefan Hajnoczi
2013-07-29 12:03 ` Oleksii Shevchuk
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).