Re: [Qemu-devel] sysbus-ohci segfaults with NULL DMAContext*

Tue, 23 Oct 2012 09:16:14 -0700 

On 10/23/2012 06:00 PM, Peter Maydell wrote:
> (found while trying to rebase the qemu-linaro OMAP3 patches;
> dunno if it's reproducable in plain mainline easily)
> 
> Commit 9ac6a217 makes ohci_init_pxa() set up the OHCI code
> with a NULL DMAContext*, and asserts in the commit message:
> 
> "in the SysBus case, it uses NULL - i.e. assumes for now that there
> will be no IOMMU translation for a SysBus OHCI."
> 
> However if you actually try to use the device it segfaults:
> 
> 
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 0x7ffff7fb97c0 (LWP 23837)]
> 0x000055555571b47c in dma_memory_rw_relaxed (dma=0x0, addr=2658340864,
> buf=0x7fffffffded0, len=136,
>     dir=DMA_DIRECTION_TO_DEVICE) at ./dma.h:125
> 125             address_space_rw(dma->as, addr, buf, len, dir ==
> DMA_DIRECTION_FROM_DEVICE);
> (gdb) bt
> #0  0x000055555571b47c in dma_memory_rw_relaxed (dma=0x0,
> addr=2658340864, buf=0x7fffffffded0, len=136,
>     dir=DMA_DIRECTION_TO_DEVICE) at ./dma.h:125
> #1  0x000055555571b527 in dma_memory_rw (dma=0x0, addr=2658340864,
> buf=0x7fffffffded0, len=136,
>     dir=DMA_DIRECTION_TO_DEVICE) at ./dma.h:151
> #2  0x000055555571b582 in dma_memory_read (dma=0x0, addr=2658340864,
> buf=0x7fffffffded0, len=136) at ./dma.h:157
> #3  0x000055555571c1ae in ohci_read_hcca (ohci=0x5555566dbf80,
> addr=2658340864, hcca=0x7fffffffded0)
>     at hw/usb/hcd-ohci.c:570
> #4  0x000055555571d9b5 in ohci_frame_boundary (opaque=0x5555566dbf80)
> at hw/usb/hcd-ohci.c:1206
> #5  0x000055555578f424 in qemu_run_timers (clock=0x5555565d4590) at
> qemu-timer.c:392
> #6  0x000055555578f666 in qemu_run_all_timers () at qemu-timer.c:448
> #7  0x0000555555753799 in main_loop_wait (nonblocking=0) at main-loop.c:502
> #8  0x00005555557e157d in main_loop () at vl.c:1652
> #9  0x00005555557e82d4 in main (argc=18, argv=0x7fffffffe478,
> envp=0x7fffffffe510) at vl.c:3787
> 
> 
> Is the problem that we should not be passing a NULL DMAContext*
> around in the first place, or that dma_memory_read() is
> incorrectly not handling the NULL ?

The former.  I changed PCI to always create a DMAContext
(817dcc5368988b), but I didn't consider sysbus-ohci.

After the iommu patchset, DMAContext is a no-op wrapper around
AddressSpace.  We can unwrap it, and use address_space_memory instead.
For now I suggest creating a global DMAContext that wraps
address_space_memory (don't have a good name for it) and use it instead
of NULL.

-- 
error compiling committee.c: too many arguments to function

Reply via email to