[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [qemu-xen-4.0-testing] passthrough: fix segmentation fault after hotplug pass-through device
commit 883b932b33400ef3c44a8ae3b74b540810a466ae Author: Ian Jackson <ian.jackson@xxxxxxxxxxxxx> Date: Tue Apr 13 12:07:33 2010 +0100 passthrough: fix segmentation fault after hotplug pass-through device This patch fixed the QEMU segmentation fault after hotplug pass-through devices with MSI-X for many times. There is a wrong boundary check in cpu_register_io_memory that uses io_index rather than io_mem_nb. After many times of hotplug of MSI-X pass-through device, io_mem_read[] got extended to overwrite mmio_cnt, then cause QEMU segmentation fault. This fix sync with upstream QEMU code in exec.c, and free unused io_mem_XXX element after hot removal. Signed-off-by: Zhai Edwin <edwin.zhai@xxxxxxxxx> (cherry picked from commit b5160622517fb2d16d0836172a2e34633c9d94bf) --- hw/pt-msi.c | 6 ++++++ i386-dm/exec-dm.c | 23 +++++++++++++++++++---- 2 files changed, 25 insertions(+), 4 deletions(-) diff --git a/hw/pt-msi.c b/hw/pt-msi.c index a12917f..b59b4fa 100644 --- a/hw/pt-msi.c +++ b/hw/pt-msi.c @@ -623,5 +623,11 @@ void pt_msix_delete(struct pt_dev *dev) dev->msix->table_offset_adjust); } + if (dev->msix->mmio_index > 0) + { + cpu_unregister_io_memory(dev->msix->mmio_index); + } + + free(dev->msix); } diff --git a/i386-dm/exec-dm.c b/i386-dm/exec-dm.c index 2603de1..2158f7c 100644 --- a/i386-dm/exec-dm.c +++ b/i386-dm/exec-dm.c @@ -125,7 +125,7 @@ unsigned long qemu_host_page_mask; CPUWriteMemoryFunc *io_mem_write[IO_MEM_NB_ENTRIES][4]; CPUReadMemoryFunc *io_mem_read[IO_MEM_NB_ENTRIES][4]; void *io_mem_opaque[IO_MEM_NB_ENTRIES]; -static int io_mem_nb = 1; +char io_mem_used[IO_MEM_NB_ENTRIES]; /* log support */ FILE *logfile; @@ -310,6 +310,20 @@ void cpu_register_physical_memory(target_phys_addr_t start_addr, mmio[mmio_cnt++].size = size; } +static int get_free_io_mem_idx(void) +{ + int i; + + /* Leave 1st element empty */ + for (i = 1; i<IO_MEM_NB_ENTRIES; i++) + if (!io_mem_used[i]) { + io_mem_used[i] = 1; + return i; + } + + return -1; +} + /* mem_read and mem_write are arrays of functions containing the function to access byte (index 0), word (index 1) and dword (index 2). All functions must be supplied. If io_index is non zero, the @@ -324,9 +338,9 @@ int cpu_register_io_memory(int io_index, int i; if (io_index <= 0) { - if (io_index >= IO_MEM_NB_ENTRIES) - return -1; - io_index = io_mem_nb++; + io_index = get_free_io_mem_idx(); + if (io_index == -1) + return io_index; } else { if (io_index >= IO_MEM_NB_ENTRIES) return -1; @@ -357,6 +371,7 @@ void cpu_unregister_io_memory(int io_table_address) io_mem_write[io_index][i] = NULL; } io_mem_opaque[io_index] = NULL; + io_mem_used[io_index] = 0; } void cpu_physical_memory_set_dirty(ram_addr_t addr) -- generated by git-patchbot for /home/xen/git/qemu-xen-4.0-testing.git _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-changelog
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |