Re: [Qemu-devel] QEMU 0.12.3 and SCSI boot

Mon, 29 Mar 2010 06:43:13 -0700 



Tried the same with current git master and it segfaults. This segfault
was introduced in af12ac98 (lsi: have lsi_request for the whole life
time of the request):

#0  0x000000000052e2d3 in lsi_command_complete (bus=0xca22f8, reason=1,
tag=0, arg=512) at /home/kwolf/source/qemu/hw/lsi53c895a.c:690
#1  0x00000000004416e7 in qcow_aio_read_cb (opaque=0xc813f0, ret=0) at
block/qcow2.c:480
#2  0x0000000000433028 in posix_aio_process_queue (opaque=<value
optimized out>) at posix-aio-compat.c:459
#3  0x00000000004330cc in posix_aio_read (opaque=0xc4bb60) at
posix-aio-compat.c:489
#4  0x000000000040ac60 in main_loop_wait (timeout=0) at
/home/kwolf/source/qemu/vl.c:3949
#5  0x000000000040ce85 in main_loop (argc=<value optimized out>,
argv=<value optimized out>, envp=<value optimized out>)
     at /home/kwolf/source/qemu/vl.c:4172
#6  main (argc=<value optimized out>, argv=<value optimized out>,
envp=<value optimized out>) at /home/kwolf/source/qemu/vl.c:6147

s->current is set to NULL by lsi_queue_command. I don't know the code
well enough to say if lsi_queue_command is wrong in setting it to NULL
or if lsi_command_complete shouldn't even try to access it (maybe it
should search in the queue for the right tag?)
It actually searches the queue in case tag != s->current->tag, and it should most likely do the same for s->current == NULL ... 

Attached patch makes the rom boot for me.

cheers,
  Gerd


>From 4b385e8b5c617f2e14261a609898afdb13c12062 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kra...@redhat.com>
Date: Mon, 29 Mar 2010 15:31:03 +0200
Subject: [PATCH] lsi: fix segfault in lsi_command_complete


Signed-off-by: Gerd Hoffmann <kra...@redhat.com>
---
 hw/lsi53c895a.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/hw/lsi53c895a.c b/hw/lsi53c895a.c
index a332401..525f3ca 100644
--- a/hw/lsi53c895a.c
+++ b/hw/lsi53c895a.c
@@ -679,7 +679,7 @@ static void lsi_command_complete(SCSIBus *bus, int reason, 
uint32_t tag,
         return;
     }
 
-    if (s->waiting == 1 || tag != s->current->tag ||
+    if (s->waiting == 1 || !s->current || tag != s->current->tag ||
         (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON))) {
         if (lsi_queue_tag(s, tag, arg))
             return;
-- 
1.6.6.1

Reply via email to