(found while trying to rebase the qemu-linaro OMAP3 patches;
dunno if it's reproducable in plain mainline easily)
Commit 9ac6a217 makes ohci_init_pxa() set up the OHCI code
with a NULL DMAContext*, and asserts in the commit message:
"in the SysBus case, it uses NULL - i.e. assumes for now that there
will be no IOMMU translation for a SysBus OHCI."
However if you actually try to use the device it segfaults:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff7fb97c0 (LWP 23837)]
0x000055555571b47c in dma_memory_rw_relaxed (dma=0x0, addr=2658340864,
buf=0x7fffffffded0, len=136,
dir=DMA_DIRECTION_TO_DEVICE) at ./dma.h:125
125 address_space_rw(dma->as, addr, buf, len, dir ==
DMA_DIRECTION_FROM_DEVICE);
(gdb) bt
#0 0x000055555571b47c in dma_memory_rw_relaxed (dma=0x0,
addr=2658340864, buf=0x7fffffffded0, len=136,
dir=DMA_DIRECTION_TO_DEVICE) at ./dma.h:125
#1 0x000055555571b527 in dma_memory_rw (dma=0x0, addr=2658340864,
buf=0x7fffffffded0, len=136,
dir=DMA_DIRECTION_TO_DEVICE) at ./dma.h:151
#2 0x000055555571b582 in dma_memory_read (dma=0x0, addr=2658340864,
buf=0x7fffffffded0, len=136) at ./dma.h:157
#3 0x000055555571c1ae in ohci_read_hcca (ohci=0x5555566dbf80,
addr=2658340864, hcca=0x7fffffffded0)
at hw/usb/hcd-ohci.c:570
#4 0x000055555571d9b5 in ohci_frame_boundary (opaque=0x5555566dbf80)
at hw/usb/hcd-ohci.c:1206
#5 0x000055555578f424 in qemu_run_timers (clock=0x5555565d4590) at
qemu-timer.c:392
#6 0x000055555578f666 in qemu_run_all_timers () at qemu-timer.c:448
#7 0x0000555555753799 in main_loop_wait (nonblocking=0) at main-loop.c:502
#8 0x00005555557e157d in main_loop () at vl.c:1652
#9 0x00005555557e82d4 in main (argc=18, argv=0x7fffffffe478,
envp=0x7fffffffe510) at vl.c:3787
Is the problem that we should not be passing a NULL DMAContext*
around in the first place, or that dma_memory_read() is
incorrectly not handling the NULL ?
thanks
-- PMM
