From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:37455)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <jan.kiszka@siemens.com>) id 1QJRcv-00066f-5T
	for qemu-devel@nongnu.org; Mon, 09 May 2011 10:40:02 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <jan.kiszka@siemens.com>) id 1QJRct-0006oH-Fb
	for qemu-devel@nongnu.org; Mon, 09 May 2011 10:40:01 -0400
Received: from goliath.siemens.de ([192.35.17.28]:17168)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <jan.kiszka@siemens.com>) id 1QJRct-0006nT-5C
	for qemu-devel@nongnu.org; Mon, 09 May 2011 10:39:59 -0400
Message-ID: <4DC7FCB9.5030700@siemens.com>
Date: Mon, 09 May 2011 16:39:53 +0200
From: Jan Kiszka <jan.kiszka@siemens.com>
MIME-Version: 1.0
References: <4DC6EAB5.4040607@web.de> <4DC7F668.2060205@suse.de>
	<4DC7F9A3.6070309@redhat.com> <4DC7FAAE.5090200@suse.de>
In-Reply-To: <4DC7FAAE.5090200@suse.de>
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] ahci: crash after duplicate bh registration
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Alexander Graf <agraf@suse.de>
Cc: Kevin Wolf <kwolf@redhat.com>, qemu-devel <qemu-devel@nongnu.org>

On 2011-05-09 16:31, Alexander Graf wrote:
> On 05/09/2011 04:26 PM, Kevin Wolf wrote:
>> Am 09.05.2011 16:12, schrieb Alexander Graf:
>>> On 05/08/2011 09:10 PM, Jan Kiszka wrote:
>>>> Hi Alex,
>>>>
>>>> I've seen crashes caused by ahci_check_cmd_bh unregistering a NULL bh.
>>>> It looks like ahci_dma_set_inactive can a called while there is already
>>>> a bh hanging around. Patch below cures the issue, but I have no clue if
>>>> such an invocation order is valid at all.
>>> It's certainly guest triggerable, so yes, let's check here.
>>>
>>> Acked-by: Alexander Graf<agraf@suse.de>
>> Yes, the change makes sense to me. Please resend this as a proper patch,
>> Jan.

Will do.

>>
>> However, I still think Jan's question is valid: Is the AHCI emulation
>> supposed to run multiple DMA requests at once using the core.c
>> functions? I'd find it surprising if this actually worked well.
> 
> Not through the IDE core, no. There it can process a queue of IDE
> commands after each other or do NCQ, but that goes a different code
> patch, can do multiple requests at once though.
> 
> I'm not sure how this got triggered.

Forgot to mention: With a hacked-up q35 series. I may have broken
something there, or it was already broken (there are definitely bugs in
that series), so upstream might not expose the problem at all.

Jan

-- 
Siemens AG, Corporate Technology, CT T DE IT 1
Corporate Competence Center Embedded Linux