From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:36610)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <dgilbert@redhat.com>) id 1WAzmk-0003zA-JL
	for qemu-devel@nongnu.org; Wed, 05 Feb 2014 05:32:55 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <dgilbert@redhat.com>) id 1WAzmb-0008Nv-O8
	for qemu-devel@nongnu.org; Wed, 05 Feb 2014 05:32:50 -0500
Received: from mx1.redhat.com ([209.132.183.28]:4593)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <dgilbert@redhat.com>) id 1WAzmb-0008Nl-Er
	for qemu-devel@nongnu.org; Wed, 05 Feb 2014 05:32:41 -0500
Date: Wed, 5 Feb 2014 09:35:53 +0000
From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Message-ID: <20140205093552.GB2398@work-vm>
References: <20140203160455.GC13707@wheatley> <20140203184509.GA18504@work-vm>
	<CAEgOgz7kCuxhYKguwwY8qp=PEkPyH6ixh_HHmjb9F219QjYHRA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAEgOgz7kCuxhYKguwwY8qp=PEkPyH6ixh_HHmjb9F219QjYHRA@mail.gmail.com>
Subject: Re: [Qemu-devel] qemu segfauls with spiceport chardev and isa-serial
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Cc: Martin Kletzander <mkletzan@redhat.com>, Michael Tokarev <mjt@tls.msk.ru>, "qemu-devel@nongnu.org Developers" <qemu-devel@nongnu.org>

* Peter Crosthwaite (peter.crosthwaite@xilinx.com) wrote:
> On Tue, Feb 4, 2014 at 4:45 AM, Dr. David Alan Gilbert
> <dgilbert@redhat.com> wrote:
> > (cc'ing in Peter Crosthwaite and Michael Tokarev due to a serial fifo change
> > - see below!)
> >
> > * Martin Kletzander (mkletzan@redhat.com) wrote:
> >> Hello,
> >
> > Hi Martin,
> >    I don't know about your spice warnings that triggered this but looking
> > down the backtrace I can see something odd:
> >
> >> current HEAD (2f61120c10da9128357510debc8e66880cd2bfdc) segfaults when
> >> I'm trying to do the following:
> >>
> >> I add this to qemu's command-line:
> >>
> >>  -chardev spiceport,id=charserial0,name=org.qemu.console.serial.0 \
> >>  -device isa-serial,chardev=charserial0,id=serial0

<snip>

> Hi Dave,
> 
> Yes that does looks suss. My bad. Can you confirm your theory by
> making the proposed change? does it fix the bug?
> 
> --- a/hw/char/serial.c
> +++ b/hw/char/serial.c
> @@ -225,7 +225,7 @@ static gboolean serial_xmit(GIOChannel *chan,
> GIOCondition cond, void
> 
>      if (s->tsr_retry <= 0) {
>          if (s->fcr & UART_FCR_FE) {
> -            s->tsr = fifo8_is_full(&s->xmit_fifo) ?
> +            s->tsr = fifo8_is_empty(&s->xmit_fifo) ?
>                          0 : fifo8_pop(&s->xmit_fifo);
>              if (!s->xmit_fifo.num) {
>                  s->lsr |= UART_LSR_THRE;

Yep, seems reasonable; and Martin says it stops the seg;
I wonder if there are any serial tests out there - The other
failure mode this could have caused is the replacing of chunks
of outbound data by \0's if the fifo was full.

Dave
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK