From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:56957) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TQh8u-0007Wu-KM for qemu-devel@nongnu.org; Tue, 23 Oct 2012 12:15:58 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1TQh8s-0007AR-7A for qemu-devel@nongnu.org; Tue, 23 Oct 2012 12:15:48 -0400 Received: from mx1.redhat.com ([209.132.183.28]:40704) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TQh8r-0007A5-TX for qemu-devel@nongnu.org; Tue, 23 Oct 2012 12:15:46 -0400 Message-ID: <5086C2A6.8010909@redhat.com> Date: Tue, 23 Oct 2012 18:15:34 +0200 From: Avi Kivity MIME-Version: 1.0 References: In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] sysbus-ohci segfaults with NULL DMAContext* List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Peter Maydell Cc: Gerd Hoffmann , QEMU Developers , David Gibson On 10/23/2012 06:00 PM, Peter Maydell wrote: > (found while trying to rebase the qemu-linaro OMAP3 patches; > dunno if it's reproducable in plain mainline easily) > > Commit 9ac6a217 makes ohci_init_pxa() set up the OHCI code > with a NULL DMAContext*, and asserts in the commit message: > > "in the SysBus case, it uses NULL - i.e. assumes for now that there > will be no IOMMU translation for a SysBus OHCI." > > However if you actually try to use the device it segfaults: > > > Program received signal SIGSEGV, Segmentation fault. > [Switching to Thread 0x7ffff7fb97c0 (LWP 23837)] > 0x000055555571b47c in dma_memory_rw_relaxed (dma=0x0, addr=2658340864, > buf=0x7fffffffded0, len=136, > dir=DMA_DIRECTION_TO_DEVICE) at ./dma.h:125 > 125 address_space_rw(dma->as, addr, buf, len, dir == > DMA_DIRECTION_FROM_DEVICE); > (gdb) bt > #0 0x000055555571b47c in dma_memory_rw_relaxed (dma=0x0, > addr=2658340864, buf=0x7fffffffded0, len=136, > dir=DMA_DIRECTION_TO_DEVICE) at ./dma.h:125 > #1 0x000055555571b527 in dma_memory_rw (dma=0x0, addr=2658340864, > buf=0x7fffffffded0, len=136, > dir=DMA_DIRECTION_TO_DEVICE) at ./dma.h:151 > #2 0x000055555571b582 in dma_memory_read (dma=0x0, addr=2658340864, > buf=0x7fffffffded0, len=136) at ./dma.h:157 > #3 0x000055555571c1ae in ohci_read_hcca (ohci=0x5555566dbf80, > addr=2658340864, hcca=0x7fffffffded0) > at hw/usb/hcd-ohci.c:570 > #4 0x000055555571d9b5 in ohci_frame_boundary (opaque=0x5555566dbf80) > at hw/usb/hcd-ohci.c:1206 > #5 0x000055555578f424 in qemu_run_timers (clock=0x5555565d4590) at > qemu-timer.c:392 > #6 0x000055555578f666 in qemu_run_all_timers () at qemu-timer.c:448 > #7 0x0000555555753799 in main_loop_wait (nonblocking=0) at main-loop.c:502 > #8 0x00005555557e157d in main_loop () at vl.c:1652 > #9 0x00005555557e82d4 in main (argc=18, argv=0x7fffffffe478, > envp=0x7fffffffe510) at vl.c:3787 > > > Is the problem that we should not be passing a NULL DMAContext* > around in the first place, or that dma_memory_read() is > incorrectly not handling the NULL ? The former. I changed PCI to always create a DMAContext (817dcc5368988b), but I didn't consider sysbus-ohci. After the iommu patchset, DMAContext is a no-op wrapper around AddressSpace. We can unwrap it, and use address_space_memory instead. For now I suggest creating a global DMAContext that wraps address_space_memory (don't have a good name for it) and use it instead of NULL. -- error compiling committee.c: too many arguments to function