From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1NwFDz-0008Iv-ST for qemu-devel@nongnu.org; Mon, 29 Mar 2010 09:41:51 -0400 Received: from [140.186.70.92] (port=41305 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1NwFDy-0008IO-IC for qemu-devel@nongnu.org; Mon, 29 Mar 2010 09:41:51 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1NwFDw-000277-UA for qemu-devel@nongnu.org; Mon, 29 Mar 2010 09:41:50 -0400 Received: from mx1.redhat.com ([209.132.183.28]:63405) by eggs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1NwFDw-00026y-N4 for qemu-devel@nongnu.org; Mon, 29 Mar 2010 09:41:48 -0400 Message-ID: <4BB0AE15.6020303@redhat.com> Date: Mon, 29 Mar 2010 15:41:41 +0200 From: Gerd Hoffmann MIME-Version: 1.0 Subject: Re: [Qemu-devel] QEMU 0.12.3 and SCSI boot References: <4BB0A359.8010700@redhat.com> In-Reply-To: <4BB0A359.8010700@redhat.com> Content-Type: multipart/mixed; boundary="------------080802000600050401030102" List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Kevin Wolf Cc: Gerhard Wiesinger , qemu-devel@nongnu.org This is a multi-part message in MIME format. --------------080802000600050401030102 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit > Tried the same with current git master and it segfaults. This segfault > was introduced in af12ac98 (lsi: have lsi_request for the whole life > time of the request): > > #0 0x000000000052e2d3 in lsi_command_complete (bus=0xca22f8, reason=1, > tag=0, arg=512) at /home/kwolf/source/qemu/hw/lsi53c895a.c:690 > #1 0x00000000004416e7 in qcow_aio_read_cb (opaque=0xc813f0, ret=0) at > block/qcow2.c:480 > #2 0x0000000000433028 in posix_aio_process_queue (opaque= optimized out>) at posix-aio-compat.c:459 > #3 0x00000000004330cc in posix_aio_read (opaque=0xc4bb60) at > posix-aio-compat.c:489 > #4 0x000000000040ac60 in main_loop_wait (timeout=0) at > /home/kwolf/source/qemu/vl.c:3949 > #5 0x000000000040ce85 in main_loop (argc=, > argv=, envp=) > at /home/kwolf/source/qemu/vl.c:4172 > #6 main (argc=, argv=, > envp=) at /home/kwolf/source/qemu/vl.c:6147 > > s->current is set to NULL by lsi_queue_command. I don't know the code > well enough to say if lsi_queue_command is wrong in setting it to NULL > or if lsi_command_complete shouldn't even try to access it (maybe it > should search in the queue for the right tag?) It actually searches the queue in case tag != s->current->tag, and it should most likely do the same for s->current == NULL ... Attached patch makes the rom boot for me. cheers, Gerd --------------080802000600050401030102 Content-Type: text/plain; name="0001-lsi-fix-segfault-in-lsi_command_complete.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="0001-lsi-fix-segfault-in-lsi_command_complete.patch" >>From 4b385e8b5c617f2e14261a609898afdb13c12062 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Mon, 29 Mar 2010 15:31:03 +0200 Subject: [PATCH] lsi: fix segfault in lsi_command_complete Signed-off-by: Gerd Hoffmann --- hw/lsi53c895a.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/hw/lsi53c895a.c b/hw/lsi53c895a.c index a332401..525f3ca 100644 --- a/hw/lsi53c895a.c +++ b/hw/lsi53c895a.c @@ -679,7 +679,7 @@ static void lsi_command_complete(SCSIBus *bus, int reason, uint32_t tag, return; } - if (s->waiting == 1 || tag != s->current->tag || + if (s->waiting == 1 || !s->current || tag != s->current->tag || (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON))) { if (lsi_queue_tag(s, tag, arg)) return; -- 1.6.6.1 --------------080802000600050401030102--