[Qemu-devel] [Question] memory: AddressSpace backed by single IO MemoryRegion

[Qemu-devel] [Question] memory: AddressSpace backed by single IO MemoryRegion

[Marcel Apfelbaum]

Hi all,

I have an AddressSpace backed by a single MemoryRegion which is
initiated using memory_region_init_io (has ops).
Once I enable it, I get an assertion:
    exec.c:806: register_subpage: Assertion `existing->mr->subpage || existing->mr == &io_mem_unassigned' failed.


Here is the pseudo-code:
    memory_region_init_io(my_reg, owner, my_ops, my_obj, "my region", INT64_MAX);
    memory_region_set_enabled(my_reg, false);
    address_space_init(my_as, my_reg, name);
    memory_region_set_enabled(my_reg, true);
Receives:
    exec.c:806: register_subpage: Assertion `existing->mr->subpage || existing->mr == &io_mem_unassigned' failed.

Any idea why? Any suggestion would be appreciated.
Thanks,
Marcel

Re: [Qemu-devel] [Question] memory: AddressSpace backed by single IO MemoryRegion

[Paolo Bonzini]

Il 16/09/2013 16:48, Marcel Apfelbaum ha scritto:
> Hi all,
> 
> I have an AddressSpace backed by a single MemoryRegion which is
> initiated using memory_region_init_io (has ops).
> Once I enable it, I get an assertion:
>     exec.c:806: register_subpage: Assertion `existing->mr->subpage || existing->mr == &io_mem_unassigned' failed.
> 
> 
> Here is the pseudo-code:
>     memory_region_init_io(my_reg, owner, my_ops, my_obj, "my region", INT64_MAX);
>     memory_region_set_enabled(my_reg, false);
>     address_space_init(my_as, my_reg, name);
>     memory_region_set_enabled(my_reg, true);
> Receives:
>     exec.c:806: register_subpage: Assertion `existing->mr->subpage || existing->mr == &io_mem_unassigned' failed.
> 
> Any idea why? Any suggestion would be appreciated.

Backtrace, and print of local variables in mem_add?

Paolo

Re: [Qemu-devel] [Question] memory: AddressSpace backed by single IO MemoryRegion

[Marcel Apfelbaum]

On Monday, September 16, 2013, Paolo Bonzini <pbonzini@redhat.com> wrote:
> Il 16/09/2013 16:48, Marcel Apfelbaum ha scritto:
>> Hi all,
>>
>> I have an AddressSpace backed by a single MemoryRegion which yis
>> initiated using memoy_region_init_io (has ops).
>> Once I enable it, I get an assertion:
>>     exec.c:806: register_subpage: Assertion `existing->mr->subpage || existing->mr == &io_mem_unassigned' failed.
>>
>>
>> Here is the pseudo-code:
>>     memory_region_init_io(my_reg, owner, my_ops, my_obj, "my region", INT64_MAX);
>>     memory_region_set_enabled(my_reg, false);
>>     address_space_init(my_as, my_reg, name);
>>     memory_region_set_enabled(my_reg, true);
>> Receives:
>>     exec.c:806: register_subpage: Assertion `existing->mr->subpage || existing->mr == &io_mem_unassigned' failed.
>>
>> Any idea why? Any suggestion would be appreciated.
>
> Backtrace, and print of local variables in mem_add?
>


Sure! I will send tonight!
Thanks,
Marcel

> Paolo
>

Re: [Qemu-devel] [Question] memory: AddressSpace backed by single IO MemoryRegion

[Marcel Apfelbaum]

On Mon, 2013-09-16 at 16:52 +0200, Paolo Bonzini wrote:
> Il 16/09/2013 16:48, Marcel Apfelbaum ha scritto:
> > Hi all,
> > 
> > I have an AddressSpace backed by a single MemoryRegion which is
> > initiated using memory_region_init_io (has ops).
> > Once I enable it, I get an assertion:
> >     exec.c:806: register_subpage: Assertion `existing->mr->subpage || existing->mr == &io_mem_unassigned' failed.
> > 
> > 
> > Here is the pseudo-code:
> >     memory_region_init_io(my_reg, owner, my_ops, my_obj, "my region", INT64_MAX);
> >     memory_region_set_enabled(my_reg, false);
> >     address_space_init(my_as, my_reg, name);
> >     memory_region_set_enabled(my_reg, true);
> > Receives:
> >     exec.c:806: register_subpage: Assertion `existing->mr->subpage || existing->mr == &io_mem_unassigned' failed.
> > 
> > Any idea why? Any suggestion would be appreciated.
> 
> Backtrace, and print of local variables in mem_add?

Backtrace:
---------
#1  0x00007ffff0880128 in __GI_abort () at abort.c:90
#2  0x00007ffff0877986 in __assert_fail_base (fmt=0x7ffff09c63e8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x555555a35a20 "existing->mr->subpage || existing->mr == &io_mem_unassigned", file=file@entry=0x555555a358f8 "qemu/exec.c", line=line@entry=806, function=function@entry=0x555555a35de0 <__PRETTY_FUNCTION__.30604> "register_subpage") at assert.c:92
#3  0x00007ffff0877a32 in __GI___assert_fail (assertion=0x555555a35a20 "existing->mr->subpage || existing->mr == &io_mem_unassigned", file=0x555555a358f8 "qemu/exec.c", line=806, function=0x555555a35de0 <__PRETTY_FUNCTION__.30604> "register_subpage") at assert.c:101
#4  0x0000555555889838 in register_subpage (d=0x7fffdc000d40, section=0x7fffea65f370) at qemu/exec.c:806
#5  0x0000555555889c5e in mem_add (listener=0x5555564c4648, section=0x7fffea65f6b0) at qemu/exec.c:856
#6  0x000055555590f236 in address_space_update_topology_pass (as=0x5555564c4610, old_view=0x7fffdc038e20, new_view=0x7fffdc000b20, adding=true) at qemu/memory.c:749
#7  0x000055555590f31c in address_space_update_topology (as=0x5555564c4610) at qemu/memory.c:764
#8  0x000055555590f48b in memory_region_transaction_commit () at qemu/memory.c:799
#9  0x0000555555911e88 in memory_region_set_enabled (mr=0x5555564c46e8, enabled=true) at qemu/memory.c:1503
#10 0x0000555555740b1a in pci_default_write_config (d=0x5555564c43f0, addr=4, val=0, l=2) at qemu/hw/pci/pci.c:1222
#11 0x0000555555744c1b in pci_bridge_write_config (d=0x5555564c43f0, address=4, val=263, len=2) at qemu/hw/pci/pci_bridge.c:252
#12 0x0000555555733e4e in pci_bridge_dev_write_config (d=0x5555564c43f0, address=4, val=263, len=2) at qemu/hw/pci-bridge/pci_bridge_dev.c:104
#13 0x0000555555745756 in pci_host_config_write_common (pci_dev=0x5555564c43f0, addr=4, limit=256, val=263, len=2) at qemu/hw/pci/pci_host.c:57
#14 0x00005555557458a6 in pci_data_write (s=0x55555648ac40, addr=2147489796, val=263, len=2) at qemu/hw/pci/pci_host.c:84
#15 0x0000555555745a62 in pci_host_data_write (opaque=0x555556487740, addr=0, val=263, len=2) at qemu/hw/pci/pci_host.c:137
#16 0x000055555590d5b3 in memory_region_write_accessor (mr=0x555556489b30, addr=0, value=0x7fffea65fa28, size=2, shift=0, mask=65535) at qemu/memory.c:440
#17 0x000055555590d6f0 in access_with_adjusted_size (addr=0, value=0x7fffea65fa28, size=2, access_size_min=1, access_size_max=4, access=0x55555590d523 <memory_region_write_accessor>, mr=0x555556489b30) at qemu/memory.c:477
#18 0x000055555590fcbd in memory_region_dispatch_write (mr=0x555556489b30, addr=0, data=263, size=2) at qemu/memory.c:984
#19 0x0000555555912f44 in io_mem_write (mr=0x555556489b30, addr=0, val=263, size=2) at qemu/memory.c:1748
#20 0x000055555588c6d6 in address_space_rw (as=0x55555626e740 <address_space_io>, addr=3324, buf=0x7ffff7ff1000 "\a\001", len=2, is_write=true) at qemu/exec.c:1959
#21 0x0000555555909d82 in kvm_handle_io (port=3324, data=0x7ffff7ff1000, direction=1, size=2, count=1) at qemu/kvm-all.c:1518
#22 0x000055555590a33f in kvm_cpu_exec (cpu=0x55555646c890) at qemu/kvm-all.c:1656
#23 0x000055555587ee08 in qemu_kvm_cpu_thread_fn (arg=0x55555646c890) at qemu/cpus.c:802
#24 0x00007ffff625ec53 in start_thread (arg=0x7fffea660700) at pthread_create.c:308
#25 0x00007ffff093e13d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

Local variables of mem_add:
---------------------------
(gdb) print *listener
$15 = {begin = 0x55555588bd21 <mem_begin>, commit = 0x55555588bdaa <mem_commit>, region_add = 0x5555558899f3 <mem_add>, region_del = 0x0, region_nop = 0x5555558899f3 <mem_add>, log_start = 0x0, log_stop = 0x0, log_sync = 0x0, log_global_start = 0x0, log_global_stop = 0x0, eventfd_add = 0x0, eventfd_del = 0x0, coalesced_mmio_add = 0x0, coalesced_mmio_del = 0x0, priority = 0, address_space_filter = 0x5555564c4610, link = {tqe_next = 0x7fffe943d268, tqe_prev = 0x5555564f7a88}}
(gdb) print *section
$16 = {mr = 0x5555564c46e8, address_space = 0x5555564c4610, offset_within_region = 0, size = {lo = 9223372036854775807, hi = 0}, offset_within_address_space = 0, readonly = false}
(gdb) print *as
$17 = {name = 0x5555564b7700 "pci-bridge", root = 0x5555564c46e8, current_map = 0x7fffdc038e20, ioeventfd_nb = 0, ioeventfds = 0x0, dispatch = 0x7fffdc000bd0, next_dispatch = 0x7fffdc000d40, dispatch_listener = {begin = 0x55555588bd21 <mem_begin>, commit = 0x55555588bdaa <mem_commit>, region_add = 0x5555558899f3 <mem_add>, region_del = 0x0, region_nop = 0x5555558899f3 <mem_add>, log_start = 0x0, log_stop = 0x0, log_sync = 0x0, log_global_start = 0x0, log_global_stop = 0x0, eventfd_add = 0x0, eventfd_del = 0x0, coalesced_mmio_add = 0x0, coalesced_mmio_del = 0x0, priority = 0, address_space_filter = 0x5555564c4610, link = {tqe_next = 0x7fffe943d268, tqe_prev = 0x5555564f7a88}}, address_spaces_link = {tqe_next = 0x7fffe943d230, tqe_prev = 0x5555564f7a98}}
(gdb) print *d
$18 = {phys_map = {is_leaf = 0, ptr = 11}, nodes = 0x7fffdc000a50, sections = 0x7fffdc04aa60, as = 0x5555564c4610}
(gdb) print now
$19 = {mr = 0x5555564c46e8, address_space = 0x5555564c4610, offset_within_region = 9223372036854771712, size = {lo = 4095, hi = 0}, offset_within_address_space = 9223372036854771712, readonly = false}
(gdb) print remain
$20 = {mr = 0x5555564c46e8, address_space = 0x5555564c4610, offset_within_region = 9223372036854771712, size = {lo = 4095, hi = 0}, offset_within_address_space = 9223372036854771712, readonly = false}
(gdb) print page_size
$21 = {lo = 4096, hi = 0}

Thanks,
Marcel

> Paolo

Re: [Qemu-devel] [Question] memory: AddressSpace backed by single IO MemoryRegion

[Paolo Bonzini]

Il 16/09/2013 19:11, Marcel Apfelbaum ha scritto:
>> >     memory_region_init_io(my_reg, owner, my_ops, my_obj, "my region", INT64_MAX);

This is 2^63-1, not 2^64-1.  You need UINT64_MAX here.

Paolo

>> >     memory_region_set_enabled(my_reg, false);
>> >     address_space_init(my_as, my_reg, name);
>> >     memory_region_set_enabled(my_reg, true);

Re: [Qemu-devel] [Question] memory: AddressSpace backed by single IO MemoryRegion

[Marcel Apfelbaum]

On Mon, 2013-09-16 at 19:18 +0200, Paolo Bonzini wrote:
> Il 16/09/2013 19:11, Marcel Apfelbaum ha scritto:
> >> >     memory_region_init_io(my_reg, owner, my_ops, my_obj, "my region", INT64_MAX);
> 
> This is 2^63-1, not 2^64-1.  You need UINT64_MAX here.
Ooops! Thanks a lot and sorry for the trouble!
Marcel

> 
> Paolo
> 
> >> >     memory_region_set_enabled(my_reg, false);
> >> >     address_space_init(my_as, my_reg, name);
> >> >     memory_region_set_enabled(my_reg, true);
> 
> 

Re: [Qemu-devel] [Question] memory: AddressSpace backed by single IO MemoryRegion

[Peter Maydell]

On 16 September 2013 18:18, Paolo Bonzini <pbonzini@redhat.com> wrote:
> Il 16/09/2013 19:11, Marcel Apfelbaum ha scritto:
>>> >     memory_region_init_io(my_reg, owner, my_ops, my_obj, "my region", INT64_MAX);
>
> This is 2^63-1, not 2^64-1.  You need UINT64_MAX here.

So does this mean address_space_init()'s base memory
region has to be 2^64-1 (could we assert that?) or should
this have worked anyway?

-- PMM

Re: [Qemu-devel] [Question] memory: AddressSpace backed by single IO MemoryRegion

[Paolo Bonzini]

Il 17/09/2013 10:29, Peter Maydell ha scritto:
> On 16 September 2013 18:18, Paolo Bonzini <pbonzini@redhat.com> wrote:
>> Il 16/09/2013 19:11, Marcel Apfelbaum ha scritto:
>>>>>     memory_region_init_io(my_reg, owner, my_ops, my_obj, "my region", INT64_MAX);
>>
>> This is 2^63-1, not 2^64-1.  You need UINT64_MAX here.
> 
> So does this mean address_space_init()'s base memory
> region has to be 2^64-1 (could we assert that?) or should
> this have worked anyway?

No, it probably means that it must be page-aligned.

It should have worked anyway, but I'm not 100% sure without looking more
at the code.  It's a somewhat obscure corner case.

Paolo