qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v3 0/3] vfio: free data and unmap BARs in instan

From: Alex Williamson
Subject: Re: [Qemu-devel] [PATCH v3 0/3] vfio: free data and unmap BARs in instance_finalize
Date: Fri, 06 Feb 2015 18:39:04 -0700 
On Fri, 2015-02-06 at 22:15 +0100, Paolo Bonzini wrote:
> Mostly the same as v2;

We've got something screwy going on with MemoryListeners, I did some
hotplug testing with this and I hit the following segfault:

Program received signal SIGSEGV, Segmentation fault.
0x00007ff7bd8f7416 in memory_listener_register (listener=0x7ff7bf935e50, 
    filter=0x7ff7bf935e08)
    at /net/gimli/home/alwillia/Work/qemu.git/memory.c:1931
1931            QTAILQ_INSERT_BEFORE(other, listener, link);


Call path is:

#0  0x00007ff7bd8f7416 in memory_listener_register (listener=0x7ff7bf935e50, 
filter=0x7ff7bf935e08)
    at memory.c:1931
#1  0x00007ff7bd8aa400 in address_space_init_dispatch (as=0x7ff7bf935e08)
    at exec.c:2059
#2  0x00007ff7bd8f75d4 in address_space_init (as=0x7ff7bf935e08, 
root=0x7ff7bf935ef0, name=0x7ff7bf71aee0 "vfio-pci")
    at memory.c:1954
#3  0x00007ff7bdae5d85 in do_pci_register_device (pci_dev=0x7ff7bf935c00, 
bus=0x7ff7bf77ce40, name=0x7ff7bf71aee0 "vfio-pci", devfn=64)
    at hw/pci/pci.c:837
#4  0x00007ff7bdae7eba in pci_qdev_init (qdev=0x7ff7bf935c00)
    at hw/pci/pci.c:1768
#5  0x00007ff7bda67fc6 in device_realize (dev=0x7ff7bf935c00, 
    errp=0x7fffcee75550) at hw/core/qdev.c:247
#6  0x00007ff7bda6a00a in device_set_realized (obj=0x7ff7bf935c00, value=true, 
    errp=0x7fffcee75700) at hw/core/qdev.c:1040
#7  0x00007ff7bdb823b7 in property_set_bool (obj=0x7ff7bf935c00, 
v=0x7ff7bf9375b0, opaque=0x7ff7bf98aee0, name=0x7ff7bdca0869 "realized", 
    errp=0x7fffcee75700) at qom/object.c:1514
#8  0x00007ff7bdb80cb1 in object_property_set (obj=0x7ff7bf935c00, 
v=0x7ff7bf9375b0, name=0x7ff7bdca0869 "realized", errp=0x7fffcee75700)
    at qom/object.c:837
#9  0x00007ff7bdb82ccf in object_property_set_qobject (obj=0x7ff7bf935c00, 
value=0x7ff7bfa01680, name=0x7ff7bdca0869 "realized", errp=0x7fffcee75700)
    at qom/qom-qobject.c:24
#10 0x00007ff7bdb80f20 in object_property_set_bool (obj=0x7ff7bf935c00, 
value=true, name=0x7ff7bdca0869 "realized", errp=0x7fffcee75700)
    at qom/object.c:905
#11 0x00007ff7bd9d0914 in qdev_device_add (opts=0x7ff7bfa07910)
    at qdev-monitor.c:574
#12 0x00007ff7bd9d0f2e in do_device_add (mon=0x7ff7bf7b8130, 

Walking through the QTAIL list, we get to these last two entries:

(gdb) p *(MemoryListener *)0x7ff7bfa6a860
$18 = {begin = 0x7ff7bd8aa0ee <mem_begin>, 
  commit = 0x7ff7bd8aa275 <mem_commit>, region_add = 0x7ff7bd8a7bf6 <mem_add>, 
  region_del = 0x0, region_nop = 0x7ff7bd8a7bf6 <mem_add>, log_start = 0x0, 
  log_stop = 0x0, log_sync = 0x0, log_global_start = 0x0, 
  log_global_stop = 0x0, eventfd_add = 0x0, eventfd_del = 0x0, 
  coalesced_mmio_add = 0x0, coalesced_mmio_del = 0x0, priority = 0, 
  address_space_filter = 0x7ff7bfa6a818, link = {tqe_next = 0x7ff7bf937e90, 
    tqe_prev = 0x7ff7bfa4e380}}
(gdb) p *(MemoryListener *)0x7ff7bf937e90
$19 = {begin = 0x0, commit = 0x0, region_add = 0x0, region_del = 0x0, 
  region_nop = 0x0, log_start = 0x0, log_stop = 0x0, log_sync = 0x0, 
  log_global_start = 0x0, log_global_stop = 0x0, eventfd_add = 0x0, 
  eventfd_del = 0x0, coalesced_mmio_add = 0x0, coalesced_mmio_del = 0x0, 
  priority = 0, address_space_filter = 0x0, link = {tqe_next = 0x0, 
    tqe_prev = 0x0}}

So we've got a zero'd MemoryListener that's still on the
memory_listeners list and QTAILQ_INSERT_BEFORE isn't happy touching
*(0x0).

I'm not sure where it's coming from yet, but I did extensive testing for
my last pull request based on ec6f25e because if I updated to d5fbb4c
vfio hotplug broke immediately.  I'll keep looking, but I thought I'd
share in case you have some ideas.  Thanks,

Alex
reply via email to
[Prev in Thread] Current Thread [Next in Thread]