Google Git
Sign in
qemu-android / qemu-android / 43b11a91dd861a946b231b89b7542856ade23d1b
commit43b11a91dd861a946b231b89b7542856ade23d1b[log] [tgz]
authorMarc-André Lureau <marcandre.lureau@redhat.com>Fri Jun 26 14:25:29 2015 +0200
committerMarc-André Lureau <marcandre.lureau@redhat.com>Sat Oct 24 18:03:18 2015 +0200
treebd1ec20124738f4cea17a4ca66e90f942abc2620
parent45b00c44ceffeac8143fb8857a12677234114f2b [diff]
msix: implement pba write (but read-only)

qpci_msix_pending() writes on pba region, causing qemu to SEGV:

  Program received signal SIGSEGV, Segmentation fault.
  [Switching to Thread 0x7ffff7fba8c0 (LWP 25882)]
  0x0000000000000000 in ?? ()
  (gdb) bt
  #0  0x0000000000000000 in  ()
  #1  0x00005555556556c5 in memory_region_oldmmio_write_accessor (mr=0x5555579f3f80, addr=0, value=0x7fffffffbf68, size=4, shift=0, mask=4294967295, attrs=...) at /home/elmarco/src/qemu/memory.c:434
  #2  0x00005555556558e1 in access_with_adjusted_size (addr=0, value=0x7fffffffbf68, size=4, access_size_min=1, access_size_max=4, access=0x55555565563e <memory_region_oldmmio_write_accessor>, mr=0x5555579f3f80, attrs=...) at /home/elmarco/src/qemu/memory.c:506
  #3  0x00005555556581eb in memory_region_dispatch_write (mr=0x5555579f3f80, addr=0, data=0, size=4, attrs=...) at /home/elmarco/src/qemu/memory.c:1176
  #4  0x000055555560b6f9 in address_space_rw (as=0x555555eff4e0 <address_space_memory>, addr=3759147008, attrs=..., buf=0x7fffffffc1b0 "", len=4, is_write=true) at /home/elmarco/src/qemu/exec.c:2439
  #5  0x000055555560baa2 in cpu_physical_memory_rw (addr=3759147008, buf=0x7fffffffc1b0 "", len=4, is_write=1) at /home/elmarco/src/qemu/exec.c:2534
  #6  0x000055555564c005 in cpu_physical_memory_write (addr=3759147008, buf=0x7fffffffc1b0, len=4) at /home/elmarco/src/qemu/include/exec/cpu-common.h:80
  #7  0x000055555564cd9c in qtest_process_command (chr=0x55555642b890, words=0x5555578de4b0) at /home/elmarco/src/qemu/qtest.c:378
  #8  0x000055555564db77 in qtest_process_inbuf (chr=0x55555642b890, inbuf=0x55555641b340) at /home/elmarco/src/qemu/qtest.c:569
  #9  0x000055555564dc07 in qtest_read (opaque=0x55555642b890, buf=0x7fffffffc2e0 "writel 0xe0100800 0x0\n", size=22) at /home/elmarco/src/qemu/qtest.c:581
  #10 0x000055555574ce3e in qemu_chr_be_write (s=0x55555642b890, buf=0x7fffffffc2e0 "writel 0xe0100800 0x0\n", len=22) at qemu-char.c:306
  #11 0x0000555555751263 in tcp_chr_read (chan=0x55555642bcf0, cond=G_IO_IN, opaque=0x55555642b890) at qemu-char.c:2876
  #12 0x00007ffff64c9a8a in g_main_context_dispatch (context=0x55555641c400) at gmain.c:3122

(without this patch, this can be reproduced with the ivshmem qtest)

Implement an empty mmio write to avoid the crash.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
1 file changed
tree: bd1ec20124738f4cea17a4ca66e90f942abc2620
  1. audio/
  2. backends/
  3. block/
  4. bsd-user/
  5. contrib/
  6. crypto/
  7. default-configs/
  8. disas/
  9. docs/
  10. fpu/
  11. fsdev/
  12. gdb-xml/
  13. hw/
  14. include/
  15. libdecnumber/
  16. linux-headers/
  17. linux-user/
  18. migration/
  19. net/
  20. pc-bios/
  21. po/
  22. qapi/
  23. qga/
  24. qobject/
  25. qom/
  26. roms/
  27. scripts/
  28. slirp/
  29. stubs/
  30. target-alpha/
  31. target-arm/
  32. target-cris/
  33. target-i386/
  34. target-lm32/
  35. target-m68k/
  36. target-microblaze/
  37. target-mips/
  38. target-moxie/
  39. target-openrisc/
  40. target-ppc/
  41. target-s390x/
  42. target-sh4/
  43. target-sparc/
  44. target-tilegx/
  45. target-tricore/
  46. target-unicore32/
  47. target-xtensa/
  48. tcg/
  49. tests/
  50. trace/
  51. ui/
  52. util/
  53. dtc
  54. pixman
  55. .dir-locals.el
  56. .exrc
  57. .gitignore
  58. .gitmodules
  59. .mailmap
  60. .travis.yml
  61. accel.c
  62. aio-posix.c
  63. aio-win32.c
  64. arch_init.c
  65. async.c
  66. balloon.c
  67. block.c
  68. blockdev-nbd.c
  69. blockdev.c
  70. blockjob.c
  71. bootdevice.c
  72. bt-host.c
  73. bt-vhci.c
  74. Changelog
  75. CODING_STYLE
  76. configure
  77. COPYING
  78. COPYING.LIB
  79. cpu-exec-common.c
  80. cpu-exec.c
  81. cpus.c
  82. cputlb.c
  83. device-hotplug.c
  84. device_tree.c
  85. disas.c
  86. dma-helpers.c
  87. dump.c
  88. exec.c
  89. gdbstub.c
  90. HACKING
  91. hmp-commands-info.hx
  92. hmp-commands.hx
  93. hmp.c
  94. hmp.h
  95. iohandler.c
  96. ioport.c
  97. iothread.c
  98. kvm-all.c
  99. kvm-stub.c
  100. LICENSE
  101. main-loop.c
  102. MAINTAINERS
  103. Makefile
  104. Makefile.objs
  105. Makefile.target
  106. memory.c
  107. memory_mapping.c
  108. module-common.c
  109. monitor.c
  110. nbd.c
  111. numa.c
  112. os-posix.c
  113. os-win32.c
  114. page_cache.c
  115. qapi-schema.json
  116. qdev-monitor.c
  117. qdict-test-data.txt
  118. qemu-bridge-helper.c
  119. qemu-char.c
  120. qemu-doc.texi
  121. qemu-ga.texi
  122. qemu-img-cmds.hx
  123. qemu-img.c
  124. qemu-img.texi
  125. qemu-io-cmds.c
  126. qemu-io.c
  127. qemu-log.c
  128. qemu-nbd.c
  129. qemu-nbd.texi
  130. qemu-options-wrapper.h
  131. qemu-options.h
  132. qemu-options.hx
  133. qemu-seccomp.c
  134. qemu-tech.texi
  135. qemu-timer.c
  136. qemu.nsi
  137. qemu.sasl
  138. qjson.c
  139. qmp-commands.hx
  140. qmp.c
  141. qtest.c
  142. README
  143. rules.mak
  144. softmmu_template.h
  145. spice-qemu-char.c
  146. tcg-runtime.c
  147. tci.c
  148. thread-pool.c
  149. thunk.c
  150. tpm.c
  151. trace-events
  152. translate-all.c
  153. translate-all.h
  154. translate-common.c
  155. user-exec.c
  156. VERSION
  157. version.rc
  158. vl.c
  159. xen-common-stub.c
  160. xen-common.c
  161. xen-hvm-stub.c
  162. xen-hvm.c
  163. xen-mapcache.c