On Thu, 2014-11-27 at 13:11 +0200, Marcel Apfelbaum wrote:
> On Wed, 2014-11-26 at 13:05 -0500, Luiz Capitulino wrote:
> > On Wed, 26 Nov 2014 13:50:01 +0200
> > Marcel Apfelbaum <marce...@redhat.com> wrote:
> >
> > > The commits:
> > > - 6a1fa9f5 (monitor: add del completion for peripheral device)
> > > - 66e56b13 (qdev: add qdev_build_hotpluggable_device_list helper)
> > >
> > > cause a QEMU crash when trying to use HMP device_del auto-completion.
> > > It can be easily reproduced by:
> > > <qemu-bin> -enable-kvm ~/images/fedora.qcow2 -monitor stdio -device
> > > virtio-net-pci,id=vnet
> > >
> > > (qemu) device_del
> > >
> > > /home/mapfelba/git/upstream/qemu/hw/core/qdev.c:941:qdev_build_hotpluggable_device_list:
> > > Object 0x7f6ce04e4fe0 is not an instance of type device
> > > Aborted (core dumped)
> > >
> > > The root cause is qdev_build_hotpluggable_device_list going recursively
> > > over
> > > all peripherals and their children assuming all are devices. It doesn't
> > > work
> > > since PCI devices have at least on child which is a memory region (bus
> > > master).
> > >
> > > Solved by observing that all devices appear as direct children of
> > > /machine/peripheral container. No need of going recursively
> > > over all the children.
> > >
> > > Signed-off-by: Marcel Apfelbaum <marce...@redhat.com>
> >
> > Peter, can you apply this patch directly to master to avoid me a pull
> > request? Maybe it's a good idea to wait until tomorrow for more
> > reviewers though.
> Speaking of reviewers, I double checked the patch and indeed it solves
> the crash, but the original patch has another semantic error.
> It looks for hot-pluggable device and not *hot-plugged* ones.
Thinking further, this is not fully true, we can hot-unplugged devices that
weren't hot-plugged.
We have only a specific problem/bug with pci-2-pci bridge that is hotpluggable,
but can be hot-unpluged *only if* was hot-plugged. Other devices do not have
this limitation.
>
> I'll try to come with a solution fast. It should be a "hot-plugged" property
> somewhere...
No need for a solution now, the above bug can wait for 2.3, the crash is
more important.
Please pull the patch for 2.2
Thanks,
Marcel
>
> Thanks,
> Marcel
>
>
> >
> > Marcel, thanks a lot for taking care of this!
> >
> > > ---
> > > hw/core/qdev.c | 12 ++++++++++--
> > > include/hw/qdev-core.h | 2 +-
> > > monitor.c | 11 ++++-------
> > > 3 files changed, 15 insertions(+), 10 deletions(-)
> > >
> > > diff --git a/hw/core/qdev.c b/hw/core/qdev.c
> > > index 413b413..35fd00d 100644
> > > --- a/hw/core/qdev.c
> > > +++ b/hw/core/qdev.c
> > > @@ -935,7 +935,7 @@ void qdev_alias_all_properties(DeviceState *target,
> > > Object *source)
> > > } while (class != object_class_by_name(TYPE_DEVICE));
> > > }
> > >
> > > -int qdev_build_hotpluggable_device_list(Object *obj, void *opaque)
> > > +static int qdev_add_hotpluggable_device(Object *obj, void *opaque)
> > > {
> > > GSList **list = opaque;
> > > DeviceState *dev = DEVICE(obj);
> > > @@ -944,10 +944,18 @@ int qdev_build_hotpluggable_device_list(Object
> > > *obj, void *opaque)
> > > *list = g_slist_append(*list, dev);
> > > }
> > >
> > > - object_child_foreach(obj, qdev_build_hotpluggable_device_list,
> > > opaque);
> > > return 0;
> > > }
> > >
> > > +GSList *qdev_build_hotpluggable_device_list(Object *peripheral)
> > > +{
> > > + GSList *list = NULL;
> > > +
> > > + object_child_foreach(peripheral, qdev_add_hotpluggable_device,
> > > &list);
> > > +
> > > + return list;
> > > +}
> > > +
> > > static bool device_get_realized(Object *obj, Error **errp)
> > > {
> > > DeviceState *dev = DEVICE(obj);
> > > diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h
> > > index d3a2940..589bbe7 100644
> > > --- a/include/hw/qdev-core.h
> > > +++ b/include/hw/qdev-core.h
> > > @@ -365,7 +365,7 @@ extern int qdev_hotplug;
> > >
> > > char *qdev_get_dev_path(DeviceState *dev);
> > >
> > > -int qdev_build_hotpluggable_device_list(Object *obj, void *opaque);
> > > +GSList *qdev_build_hotpluggable_device_list(Object *peripheral);
> > >
> > > void qbus_set_hotplug_handler(BusState *bus, DeviceState *handler,
> > > Error **errp);
> > > diff --git a/monitor.c b/monitor.c
> > > index fa00594..f1031a1 100644
> > > --- a/monitor.c
> > > +++ b/monitor.c
> > > @@ -4321,17 +4321,14 @@ void object_add_completion(ReadLineState *rs, int
> > > nb_args, const char *str)
> > > static void peripheral_device_del_completion(ReadLineState *rs,
> > > const char *str, size_t len)
> > > {
> > > - Object *peripheral;
> > > - GSList *list = NULL, *item;
> > > + Object *peripheral = container_get(qdev_get_machine(),
> > > "/peripheral");
> > > + GSList *list, *item;
> > >
> > > - peripheral = object_resolve_path("/machine/peripheral/", NULL);
> > > - if (peripheral == NULL) {
> > > + list = qdev_build_hotpluggable_device_list(peripheral);
> > > + if (!list) {
> > > return;
> > > }
> > >
> > > - object_child_foreach(peripheral, qdev_build_hotpluggable_device_list,
> > > - &list);
> > > -
> > > for (item = list; item; item = g_slist_next(item)) {
> > > DeviceState *dev = item->data;
> > >
> >
> >
>
>
>
>
