From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1NKVFQ-0005it-LZ for qemu-devel@nongnu.org; Tue, 15 Dec 2009 06:07:20 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1NKVFL-0005cF-72 for qemu-devel@nongnu.org; Tue, 15 Dec 2009 06:07:19 -0500 Received: from [199.232.76.173] (port=34438 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1NKVFK-0005bz-Ub for qemu-devel@nongnu.org; Tue, 15 Dec 2009 06:07:14 -0500 Received: from cantor.suse.de ([195.135.220.2]:55020 helo=mx1.suse.de) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1NKVFK-0002s9-FW for qemu-devel@nongnu.org; Tue, 15 Dec 2009 06:07:14 -0500 Message-ID: <4B276DDE.2060901@suse.de> Date: Tue, 15 Dec 2009 12:07:10 +0100 From: Hannes Reinecke MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: [Qemu-devel] Infinite recursion in pci_default_read_config() List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "qemu-devel@nongnu.org" , Gerd Hoffmann Hi all, when using PCI device-assignment I ran into a nice infinite recursion wit= h pci_default_read_config: uint32_t pci_default_read_config(PCIDevice *d, uint32_t address, int len) { uint32_t val =3D 0; assert(len =3D=3D 1 || len =3D=3D 2 || len =3D=3D 4); if (pci_access_cap_config(d, address, len)) { return d->cap.config_read(d, address, len); } len =3D MIN(len, pci_config_size(d) - address); memcpy(&val, d->config + address, len); return le32_to_cpu(val); } and d->cap.config_read points to: (gdb) print *d $3 =3D {qdev =3D {id =3D 0xc99b10 "01:10.0", state =3D DEV_STATE_INITIALI= ZED,=20 opts =3D 0xc99ad0, hotplugged =3D 0, info =3D 0x837e60, parent_bus =3D= 0xc71710,=20 num_gpio_out =3D 0, gpio_out =3D 0x0, num_gpio_in =3D 0, gpio_in =3D = 0x0,=20 child_bus =3D {lh_first =3D 0x0}, num_child_bus =3D 0, sibling =3D { le_next =3D 0xc99c30, le_prev =3D 0xc71730}},=20 config =3D 0xca3010 "\206\200\312\020\003",=20 cmask =3D 0xca3120 "\377\377\377\377", wmask =3D 0xca3230 "",=20 used =3D 0xca3340 "", bus =3D 0xc71710, devfn =3D 32,=20 name =3D "pci-assign", '\000' , io_regions =3D {{ addr =3D 4060102656, size =3D 16384, filtered_size =3D 16384, type = =3D 0 '\000',=20 map_func =3D 0x46a5f0 }, {addr =3D 0, size = =3D 0,=20 filtered_size =3D 0, type =3D 0 '\000', map_func =3D 0}, {addr =3D = 0, size =3D 0,=20 filtered_size =3D 0, type =3D 0 '\000', map_func =3D 0}, {addr =3D = 4060119040,=20 size =3D 16384, filtered_size =3D 16384, type =3D 0 '\000',=20 map_func =3D 0x46a5f0 }, {addr =3D 0, size = =3D 0,=20 filtered_size =3D 0, type =3D 0 '\000', map_func =3D 0}, {addr =3D = 0, size =3D 0,=20 filtered_size =3D 0, type =3D 0 '\000', map_func =3D 0}, {addr =3D = 0, size =3D 0,=20 filtered_size =3D 0, type =3D 0 '\000', map_func =3D 0}},=20 config_read =3D 0x46a050 ,=20 config_write =3D 0x469f30 , irq =3D 0xca= 3450,=20 irq_state =3D 0 '\000', cap_present =3D 0, msix_cap =3D 0 '\000',=20 msix_entries_nr =3D 0, msix_table_page =3D 0x0, msix_mmio_index =3D 0,=20 msix_entry_used =3D 0x0, msix_bar_size =3D 0, version_id =3D 2,=20 msix_page_size =3D 0, msix_irq_entries =3D 0x0, cap =3D {supported =3D = 1,=20 start =3D 64, length =3D 16,=20 config_read =3D 0x416770 ,=20 config_write =3D 0x46b750 }} which is: uint32_t pci_default_cap_read_config(PCIDevice *pci_dev, uint32_t address, int len) { return pci_default_read_config(pci_dev, address, len); } Surprisingly, after 100 iterations qemu segfaulted ... Cheers, Hannes --=20 Dr. Hannes Reinecke zSeries & Storage hare@suse.de +49 911 74053 688 SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 N=FCrnberg GF: Markus Rex, HRB 16746 (AG N=FCrnberg)