From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:44657)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <avi@redhat.com>) id 1QoZvp-0003Y8-3U
	for qemu-devel@nongnu.org; Wed, 03 Aug 2011 07:48:14 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <avi@redhat.com>) id 1QoZvn-0001Sv-TH
	for qemu-devel@nongnu.org; Wed, 03 Aug 2011 07:48:13 -0400
Received: from mx1.redhat.com ([209.132.183.28]:57975)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <avi@redhat.com>) id 1QoZvn-0001Sr-Jn
	for qemu-devel@nongnu.org; Wed, 03 Aug 2011 07:48:11 -0400
Message-ID: <4E393575.4090003@redhat.com>
Date: Wed, 03 Aug 2011 14:48:05 +0300
From: Avi Kivity <avi@redhat.com>
MIME-Version: 1.0
References: <4E36E5F7.6060202@cisco.com>
In-Reply-To: <4E36E5F7.6060202@cisco.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] qemu-kvm aborts - vhost_dev_unassign_memory:
 Assertion `to >= 0' failed.
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: David Ahern <daahern@cisco.com>, "Michael S. Tsirkin" <mst@redhat.com>
Cc: aliguori@us.ibm.com, qemu-devel <qemu-devel@nongnu.org>, KVM mailing list <kvm@vger.kernel.org>

On 08/01/2011 08:44 PM, David Ahern wrote:
> qemu-kvm.git as of:
>
> commit dacdc4b10bafbb21120e1c24a9665444768ef999
> Merge: 7b69d4f 0af4922
> Author: Avi Kivity<avi@redhat.com>
> Date:   Sun Jul 31 11:42:26 2011 +0300
>
>      Merge branch 'upstream-merge' into next
>
> is aborting with the error:
>
> qemu-kvm: qemu-kvm.git/hw/vhost.c:123: vhost_dev_unassign_memory:
> Assertion `to>= 0' failed.
> Aborted
>

It's a bug in vhost:

/* Assign/unassign. Keep an unsorted array of non-overlapping
  * memory regions in dev->mem. */
static void vhost_dev_unassign_memory(struct vhost_dev *dev,
                                       uint64_t start_addr,
                                       uint64_t size)
{
     int from, to, n = dev->mem->nregions;
     /* Track overlapping/split regions for sanity checking. */
     int overlap_start = 0, overlap_end = 0, overlap_middle = 0, split = 0;

     for (from = 0, to = 0; from < n; ++from, ++to) {
         struct vhost_memory_region *reg = dev->mem->regions + to;
         uint64_t reglast;
         uint64_t memlast;
         uint64_t change;

         /* clone old region */
         if (to != from) {
             memcpy(reg, dev->mem->regions + from, sizeof *reg);
         }

         /* No overlap is simple */
         if (!ranges_overlap(reg->guest_phys_addr, reg->memory_size,
                             start_addr, size)) {
             continue;
         }

         /* Split only happens if supplied region
          * is in the middle of an existing one. Thus it can not
          * overlap with any other existing region. */
         assert(!split);

         reglast = range_get_last(reg->guest_phys_addr, reg->memory_size);
         memlast = range_get_last(start_addr, size);

         /* Remove whole region */
         if (start_addr <= reg->guest_phys_addr && memlast >= reglast) {
             --dev->mem->nregions;
             --to;
             assert(to >= 0);
             ++overlap_middle;
             continue;
         }


We're removing the first region, and 'to' goes negative.  Michael?

-- 
error compiling committee.c: too many arguments to function