From: Peter Maydell <peter.maydell@linaro.org>
To: "Michael S. Tsirkin" <mst@redhat.com>
Cc: QEMU Developers <qemu-devel@nongnu.org>
Subject: Re: [PULL 00/20] pc,virtio,pci: fixes, features
Date: Mon, 22 Mar 2021 18:46:06 +0000 [thread overview]
Message-ID: <CAFEAcA81p5aDj9CzuihLchX3QQB27Z7Jd6cNF9uo-2rh7EXx=w@mail.gmail.com> (raw)
In-Reply-To: <CAFEAcA9xniNP73rbFLc_eUB2vi2N71vM2xKRMzqGWjXLEeLVag@mail.gmail.com>
On Mon, 22 Mar 2021 at 16:41, Peter Maydell <peter.maydell@linaro.org> wrote:
>
> On Mon, 22 Mar 2021 at 15:44, Michael S. Tsirkin <mst@redhat.com> wrote:
> >
> > The following changes since commit f0f20022a0c744930935fdb7020a8c18347d391a:
> >
> > Merge remote-tracking branch 'remotes/thuth-gitlab/tags/pull-request-2021-03-21' into staging (2021-03-22 10:05:45 +0000)
> >
> > are available in the Git repository at:
> >
> > git://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git tags/for_upstream
> >
> > for you to fetch changes up to 5971d4a968d51a80daaad53ddaec2b285115af62:
> >
> > acpi: Move setters/getters of oem fields to X86MachineState (2021-03-22 11:39:02 -0400)
> >
> > ----------------------------------------------------------------
> > pc,virtio,pci: fixes, features
> >
> > Fixes all over the place.
> > ACPI index support.
> >
> > Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
> >
>
> This triggers a new clang runtime sanitizer warning:
With a backtrace:
$ UBSAN_OPTIONS=print_stacktrace=1
QTEST_QEMU_BINARY=build/clang/qemu-system-mips64el
./build/clang/tests/qtest/endianness-test -p
/mips64el/endianness/fuloong2e
/mips64el/endianness/fuloong2e: ../../hw/pci/pci.c:252:30: runtime
error: shift exponent -1 is negative
#0 0x55a17bc17a1f in pci_irq_state
/home/petmay01/linaro/qemu-for-merges/build/clang/../../hw/pci/pci.c:252:30
#1 0x55a17bc17a1f in pci_irq_handler
/home/petmay01/linaro/qemu-for-merges/build/clang/../../hw/pci/pci.c:1453
#2 0x55a17b7ed0a5 in pm_update_sci
/home/petmay01/linaro/qemu-for-merges/build/clang/../../hw/isa/vt82c686.c:147:5
#3 0x55a17b7ecce3 in via_pm_reset
/home/petmay01/linaro/qemu-for-merges/build/clang/../../hw/isa/vt82c686.c:173:5
#4 0x55a17c546cc7 in resettable_phase_hold
/home/petmay01/linaro/qemu-for-merges/build/clang/../../hw/core/resettable.c:182:13
#5 0x55a17c53839a in bus_reset_child_foreach
/home/petmay01/linaro/qemu-for-merges/build/clang/../../hw/core/bus.c:97:13
#6 0x55a17c546bc2 in resettable_phase_hold
/home/petmay01/linaro/qemu-for-merges/build/clang/../../hw/core/resettable.c:173:5
#7 0x55a17c5435ca in device_reset_child_foreach
/home/petmay01/linaro/qemu-for-merges/build/clang/../../hw/core/qdev.c:366:9
#8 0x55a17c546bc2 in resettable_phase_hold
/home/petmay01/linaro/qemu-for-merges/build/clang/../../hw/core/resettable.c:173:5
#9 0x55a17c53839a in bus_reset_child_foreach
/home/petmay01/linaro/qemu-for-merges/build/clang/../../hw/core/bus.c:97:13
#10 0x55a17c546bc2 in resettable_phase_hold
/home/petmay01/linaro/qemu-for-merges/build/clang/../../hw/core/resettable.c:173:5
#11 0x55a17c545ee0 in resettable_assert_reset
/home/petmay01/linaro/qemu-for-merges/build/clang/../../hw/core/resettable.c:60:5
#12 0x55a17c545dbf in resettable_reset
/home/petmay01/linaro/qemu-for-merges/build/clang/../../hw/core/resettable.c:45:5
#13 0x55a17c545d68 in qemu_devices_reset
/home/petmay01/linaro/qemu-for-merges/build/clang/../../hw/core/reset.c:69:9
#14 0x55a17c47b3eb in qemu_system_reset
/home/petmay01/linaro/qemu-for-merges/build/clang/../../softmmu/runstate.c:444:9
#15 0x55a17ba225ee in qdev_machine_creation_done
/home/petmay01/linaro/qemu-for-merges/build/clang/../../hw/core/machine.c:1279:5
#16 0x55a17c4bdb03 in qemu_machine_creation_done
/home/petmay01/linaro/qemu-for-merges/build/clang/../../softmmu/vl.c:2567:5
#17 0x55a17c4bdb03 in qmp_x_exit_preconfig
/home/petmay01/linaro/qemu-for-merges/build/clang/../../softmmu/vl.c:2590
#18 0x55a17c4c2c0b in qemu_init
/home/petmay01/linaro/qemu-for-merges/build/clang/../../softmmu/vl.c:3611:9
#19 0x55a17b756db5 in main
/home/petmay01/linaro/qemu-for-merges/build/clang/../../softmmu/main.c:49:5
#20 0x7f3a9c9f6bf6 in __libc_start_main
/build/glibc-S9d2JN/glibc-2.27/csu/../csu/libc-start.c:310
#21 0x55a17b731969 in _start
(/home/petmay01/linaro/qemu-for-merges/build/clang/qemu-system-mips64el+0x1140969)
OK
Suggests the relevant commit is
"acpi:piix4, vt82c686: reinitialize acpi PM device on reset"
This happens because pm_update_sci() calls pci_irq_handler(),
which calls pci_intx(pci_dev), which returns -1, which is not
a valid interrupt number to call pci_irq_handler() with.
Q: given that pci_irq_handler() says it must only be called with
an irqnum in [0..3], shouldn't pci_set_irq() be a bit more
cautious than to pull a byte directly out of PCI_INTERRUPT_PIN
and assume it's valid? (Is this guest-writable, or is it read-only?)
thanks
-- PMM
next prev parent reply other threads:[~2021-03-22 18:48 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-22 15:44 [PULL 00/20] pc,virtio,pci: fixes, features Michael S. Tsirkin
2021-03-22 15:44 ` [PULL 01/20] virtio: Fix virtio_mmio_read()/virtio_mmio_write() Michael S. Tsirkin
2021-03-22 15:44 ` [PULL 02/20] vhost-user: Drop misleading EAGAIN checks in slave_read() Michael S. Tsirkin
2021-03-22 15:44 ` [PULL 03/20] vhost-user: Fix double-close on slave_read() error path Michael S. Tsirkin
2021-03-22 15:44 ` [PULL 04/20] vhost-user: Factor out duplicated slave_fd teardown code Michael S. Tsirkin
2021-03-22 15:44 ` [PULL 05/20] vhost-user: Convert slave channel to QIOChannelSocket Michael S. Tsirkin
2021-03-22 15:44 ` [PULL 06/20] vhost-user: Introduce nested event loop in vhost_user_read() Michael S. Tsirkin
2021-03-22 15:44 ` [PULL 07/20] vhost-user: Monitor slave channel " Michael S. Tsirkin
2021-03-22 15:44 ` [PULL 08/20] virtio-pmem: fix virtio_pmem_resp assign problem Michael S. Tsirkin
2021-03-22 15:44 ` [PULL 09/20] acpi:piix4, vt82c686: reinitialize acpi PM device on reset Michael S. Tsirkin
2021-03-22 15:44 ` [PULL 11/20] pci: introduce acpi-index property for PCI device Michael S. Tsirkin
2021-03-22 15:45 ` [PULL 12/20] pci: acpi: ensure that acpi-index is unique Michael S. Tsirkin
2021-03-22 15:45 ` [PULL 13/20] acpi: add aml_to_decimalstring() and aml_call6() helpers Michael S. Tsirkin
2021-03-22 15:45 ` [PULL 14/20] pci: acpi: add _DSM method to PCI devices Michael S. Tsirkin
2021-03-22 15:45 ` [PULL 15/20] tests: acpi: update expected blobs Michael S. Tsirkin
2021-03-22 15:45 ` [PULL 16/20] acpi: Set proper maximum size for "etc/table-loader" blob Michael S. Tsirkin
2021-03-22 15:45 ` [PULL 17/20] microvm: Don't open-code "etc/table-loader" Michael S. Tsirkin
2021-03-22 15:45 ` [PULL 18/20] acpi: Move maximum size logic into acpi_add_rom_blob() Michael S. Tsirkin
2021-03-22 15:45 ` [PULL 19/20] acpi: Set proper maximum size for "etc/acpi/rsdp" blob Michael S. Tsirkin
2021-03-22 15:45 ` [PULL 20/20] acpi: Move setters/getters of oem fields to X86MachineState Michael S. Tsirkin
2021-03-22 16:41 ` [PULL 00/20] pc,virtio,pci: fixes, features Peter Maydell
2021-03-22 18:46 ` Peter Maydell [this message]
2021-03-22 22:56 ` Michael S. Tsirkin
2021-03-23 10:50 ` Peter Maydell
2021-03-23 14:13 ` Michael S. Tsirkin
2021-03-23 17:06 ` Igor Mammedov
2021-03-22 22:53 ` Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAFEAcA81p5aDj9CzuihLchX3QQB27Z7Jd6cNF9uo-2rh7EXx=w@mail.gmail.com' \
--to=peter.maydell@linaro.org \
--cc=mst@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).