All of lore.kernel.org
 help / color / mirror / Atom feed
From: Thomas Huth <1678466@bugs.launchpad.net>
To: qemu-devel@nongnu.org
Subject: [Qemu-devel] [Bug 1678466] Re: using x-vga=on with vfio-pci leads to segfault
Date: Fri, 07 Apr 2017 19:25:39 -0000	[thread overview]
Message-ID: <20170407192540.12359.49185.launchpad@gac.canonical.com> (raw)
In-Reply-To: 20170401120201.1125.46046.malonedeb@gac.canonical.com

** Changed in: qemu
       Status: New => Fix Committed

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1678466

Title:
  using x-vga=on with vfio-pci leads to segfault

Status in QEMU:
  Fix Committed

Bug description:
  bug occures at least with qemu 2.8.0 and 2.8.1 in 64bit-system

  stripped cmd for minimal config:
  qemu-system-i386 -m 2048 -M q35  -enable-kvm -nodefaults -nodefconfig -device ioh3420,bus=pcie.0,addr=0x9,multifunction=on,port=1,chassis=1,id=root.1 -device vfio-pci,host=01:00.0,bus=root.1,addr=01.0,x-vga=on

  Backtrace is:
  #0  0x00005555557ca836 in memory_region_update_container_subregions (subregion=0x55555828f2f0) at qemu-2.8.1/memory.c:2030
  #1  0x00005555557ca9dc in memory_region_add_subregion_common (mr=0x0, offset=8, subregion=0x55555828f2f0) at qemu-2.8.1/memory.c:2049
  #2  0x00005555557caa9a in memory_region_add_subregion_overlap (mr=0x0, offset=8, subregion=0x55555828f2f0, priority=1) at qemu-2.8.1/memory.c:2066
  #3  0x0000555555832e48 in vfio_probe_nvidia_bar5_quirk (vdev=0x55555805aef0, nr=5) at qemu-2.8.1/hw/vfio/pci-quirks.c:689
  #4  0x0000555555835433 in vfio_bar_quirk_setup (vdev=0x55555805aef0, nr=5) at qemu-2.8.1/hw/vfio/pci-quirks.c:1652
  #5  0x000055555582f122 in vfio_realize (pdev=0x55555805aef0, errp=0x7fffffffdc78) at qemu-2.8.1/hw/vfio/pci.c:2777
  #6  0x0000555555a86195 in pci_qdev_realize (qdev=0x55555805aef0, errp=0x7fffffffdcf0) at hw/pci/pci.c:1966
  #7  0x00005555559be7b7 in device_set_realized (obj=0x55555805aef0, value=true, errp=0x7fffffffdeb0) at hw/core/qdev.c:918
  #8  0x0000555555bb017f in property_set_bool (obj=0x55555805aef0, v=0x55555805ced0, name=0x555556071b56 "realized", opaque=0x555557f15860, errp=0x7fffffffdeb0) at qom/object.c:1854
  #9  0x0000555555bae2e6 in object_property_set (obj=0x55555805aef0, v=0x55555805ced0, name=0x555556071b56 "realized", errp=0x7fffffffdeb0) at qom/object.c:1088
  #10 0x0000555555bb184f in object_property_set_qobject (obj=0x55555805aef0, value=0x55555805cd70, name=0x555556071b56 "realized", errp=0x7fffffffdeb0) at qom/qom-qobject.c:27
  #11 0x0000555555bae637 in object_property_set_bool (obj=0x55555805aef0, value=true, name=0x555556071b56 "realized", errp=0x7fffffffdeb0) at qom/object.c:1157
  #12 0x00005555558fee4b in qdev_device_add (opts=0x555556b15160, errp=0x7fffffffdf28) at qdev-monitor.c:623
  #13 0x00005555559142c1 in device_init_func (opaque=0x0, opts=0x555556b15160, errp=0x0) at vl.c:2373
  #14 0x0000555555cc3bb7 in qemu_opts_foreach (list=0x555556548b80 <qemu_device_opts>, func=0x555555914283 <device_init_func>, opaque=0x0, errp=0x0) at util/qemu-option.c:1116
  #15 0x00005555559198aa in main (argc=12, argv=0x7fffffffe388, envp=0x7fffffffe3f0) at vl.c:4574

  as I can see, it happens during initialization of the device-option.

  seems that the code tries to loop over a memory-region mr, which is
  null from at least three calls before it crashes.

  because there seems to be special handling for nvidia-cards, here're the pci-infos of the card:
  01:00.0 VGA compatible controller [0300]: NVIDIA Corporation G72 [GeForce 7300 GS] [10de:01df] (rev a1) (prog-if 00 [VGA controller])
  	Subsystem: Gigabyte Technology Co., Ltd Device [1458:342a]
  	Flags: fast devsel, IRQ 16
  	Memory at de000000 (32-bit, non-prefetchable) [disabled] [size=16M]
  	Memory at c0000000 (64-bit, prefetchable) [disabled] [size=256M]
  	Memory at dd000000 (64-bit, non-prefetchable) [disabled] [size=16M]
  	Expansion ROM at df000000 [disabled] [size=128K]
  	Capabilities: [60] Power Management version 2
  	Capabilities: [68] MSI: Enable- Count=1/1 Maskable- 64bit+
  	Capabilities: [78] Express Endpoint, MSI 00
  	Capabilities: [100] Virtual Channel
  	Capabilities: [128] Power Budgeting <?>
  	Kernel driver in use: vfio-pci

  at least with a similar card in another slot the crash does not occure.
  (sorry, can't change the slots at the moment)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1678466/+subscriptions

  parent reply	other threads:[~2017-04-07 19:31 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-04-01 12:02 [Qemu-devel] [Bug 1678466] [NEW] using x-vga=on with vfio-pci leads to segfault sh-dvl
2017-04-03 20:36 ` [Qemu-devel] [Bug 1678466] " Alex Williamson
2017-04-03 21:40 ` sh-dvl
2017-04-04  4:37 ` Alex Williamson
2017-04-05 18:49 ` sh-dvl
2017-04-07 15:00 ` Alex Williamson
2017-04-07 19:25 ` Thomas Huth [this message]
2017-04-24  7:44 ` Thomas Huth

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170407192540.12359.49185.launchpad@gac.canonical.com \
    --to=1678466@bugs.launchpad.net \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.