qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [Bug 1678466] [NEW] using x-vga=on with vfio-pci leads to s


From: sh-dvl
Subject: [Qemu-devel] [Bug 1678466] [NEW] using x-vga=on with vfio-pci leads to segfault
Date: Sat, 01 Apr 2017 12:02:01 -0000

Public bug reported:

bug occures at least with qemu 2.8.0 and 2.8.1 in 64bit-system

stripped cmd for minimal config:
qemu-system-i386 -m 2048 -M q35  -enable-kvm -nodefaults -nodefconfig -device 
ioh3420,bus=pcie.0,addr=0x9,multifunction=on,port=1,chassis=1,id=root.1 -device 
vfio-pci,host=01:00.0,bus=root.1,addr=01.0,x-vga=on

Backtrace is:
#0  0x00005555557ca836 in memory_region_update_container_subregions 
(subregion=0x55555828f2f0) at qemu-2.8.1/memory.c:2030
#1  0x00005555557ca9dc in memory_region_add_subregion_common (mr=0x0, offset=8, 
subregion=0x55555828f2f0) at qemu-2.8.1/memory.c:2049
#2  0x00005555557caa9a in memory_region_add_subregion_overlap (mr=0x0, 
offset=8, subregion=0x55555828f2f0, priority=1) at qemu-2.8.1/memory.c:2066
#3  0x0000555555832e48 in vfio_probe_nvidia_bar5_quirk (vdev=0x55555805aef0, 
nr=5) at qemu-2.8.1/hw/vfio/pci-quirks.c:689
#4  0x0000555555835433 in vfio_bar_quirk_setup (vdev=0x55555805aef0, nr=5) at 
qemu-2.8.1/hw/vfio/pci-quirks.c:1652
#5  0x000055555582f122 in vfio_realize (pdev=0x55555805aef0, 
errp=0x7fffffffdc78) at qemu-2.8.1/hw/vfio/pci.c:2777
#6  0x0000555555a86195 in pci_qdev_realize (qdev=0x55555805aef0, 
errp=0x7fffffffdcf0) at hw/pci/pci.c:1966
#7  0x00005555559be7b7 in device_set_realized (obj=0x55555805aef0, value=true, 
errp=0x7fffffffdeb0) at hw/core/qdev.c:918
#8  0x0000555555bb017f in property_set_bool (obj=0x55555805aef0, 
v=0x55555805ced0, name=0x555556071b56 "realized", opaque=0x555557f15860, 
errp=0x7fffffffdeb0) at qom/object.c:1854
#9  0x0000555555bae2e6 in object_property_set (obj=0x55555805aef0, 
v=0x55555805ced0, name=0x555556071b56 "realized", errp=0x7fffffffdeb0) at 
qom/object.c:1088
#10 0x0000555555bb184f in object_property_set_qobject (obj=0x55555805aef0, 
value=0x55555805cd70, name=0x555556071b56 "realized", errp=0x7fffffffdeb0) at 
qom/qom-qobject.c:27
#11 0x0000555555bae637 in object_property_set_bool (obj=0x55555805aef0, 
value=true, name=0x555556071b56 "realized", errp=0x7fffffffdeb0) at 
qom/object.c:1157
#12 0x00005555558fee4b in qdev_device_add (opts=0x555556b15160, 
errp=0x7fffffffdf28) at qdev-monitor.c:623
#13 0x00005555559142c1 in device_init_func (opaque=0x0, opts=0x555556b15160, 
errp=0x0) at vl.c:2373
#14 0x0000555555cc3bb7 in qemu_opts_foreach (list=0x555556548b80 
<qemu_device_opts>, func=0x555555914283 <device_init_func>, opaque=0x0, 
errp=0x0) at util/qemu-option.c:1116
#15 0x00005555559198aa in main (argc=12, argv=0x7fffffffe388, 
envp=0x7fffffffe3f0) at vl.c:4574

as I can see, it happens during initialization of the device-option.

seems that the code tries to loop over a memory-region mr, which is null
from at least three calls before it crashes.

because there seems to be special handling for nvidia-cards, here're the 
pci-infos of the card:
01:00.0 VGA compatible controller [0300]: NVIDIA Corporation G72 [GeForce 7300 
GS] [10de:01df] (rev a1) (prog-if 00 [VGA controller])
        Subsystem: Gigabyte Technology Co., Ltd Device [1458:342a]
        Flags: fast devsel, IRQ 16
        Memory at de000000 (32-bit, non-prefetchable) [disabled] [size=16M]
        Memory at c0000000 (64-bit, prefetchable) [disabled] [size=256M]
        Memory at dd000000 (64-bit, non-prefetchable) [disabled] [size=16M]
        Expansion ROM at df000000 [disabled] [size=128K]
        Capabilities: [60] Power Management version 2
        Capabilities: [68] MSI: Enable- Count=1/1 Maskable- 64bit+
        Capabilities: [78] Express Endpoint, MSI 00
        Capabilities: [100] Virtual Channel
        Capabilities: [128] Power Budgeting <?>
        Kernel driver in use: vfio-pci

at least with a similar card in another slot the crash does not occure.
(sorry, can't change the slots at the moment)

** Affects: qemu
     Importance: Undecided
         Status: New


** Tags: nvidia segfault vfio x-vga

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1678466

Title:
  using x-vga=on with vfio-pci leads to segfault

Status in QEMU:
  New

Bug description:
  bug occures at least with qemu 2.8.0 and 2.8.1 in 64bit-system

  stripped cmd for minimal config:
  qemu-system-i386 -m 2048 -M q35  -enable-kvm -nodefaults -nodefconfig -device 
ioh3420,bus=pcie.0,addr=0x9,multifunction=on,port=1,chassis=1,id=root.1 -device 
vfio-pci,host=01:00.0,bus=root.1,addr=01.0,x-vga=on

  Backtrace is:
  #0  0x00005555557ca836 in memory_region_update_container_subregions 
(subregion=0x55555828f2f0) at qemu-2.8.1/memory.c:2030
  #1  0x00005555557ca9dc in memory_region_add_subregion_common (mr=0x0, 
offset=8, subregion=0x55555828f2f0) at qemu-2.8.1/memory.c:2049
  #2  0x00005555557caa9a in memory_region_add_subregion_overlap (mr=0x0, 
offset=8, subregion=0x55555828f2f0, priority=1) at qemu-2.8.1/memory.c:2066
  #3  0x0000555555832e48 in vfio_probe_nvidia_bar5_quirk (vdev=0x55555805aef0, 
nr=5) at qemu-2.8.1/hw/vfio/pci-quirks.c:689
  #4  0x0000555555835433 in vfio_bar_quirk_setup (vdev=0x55555805aef0, nr=5) at 
qemu-2.8.1/hw/vfio/pci-quirks.c:1652
  #5  0x000055555582f122 in vfio_realize (pdev=0x55555805aef0, 
errp=0x7fffffffdc78) at qemu-2.8.1/hw/vfio/pci.c:2777
  #6  0x0000555555a86195 in pci_qdev_realize (qdev=0x55555805aef0, 
errp=0x7fffffffdcf0) at hw/pci/pci.c:1966
  #7  0x00005555559be7b7 in device_set_realized (obj=0x55555805aef0, 
value=true, errp=0x7fffffffdeb0) at hw/core/qdev.c:918
  #8  0x0000555555bb017f in property_set_bool (obj=0x55555805aef0, 
v=0x55555805ced0, name=0x555556071b56 "realized", opaque=0x555557f15860, 
errp=0x7fffffffdeb0) at qom/object.c:1854
  #9  0x0000555555bae2e6 in object_property_set (obj=0x55555805aef0, 
v=0x55555805ced0, name=0x555556071b56 "realized", errp=0x7fffffffdeb0) at 
qom/object.c:1088
  #10 0x0000555555bb184f in object_property_set_qobject (obj=0x55555805aef0, 
value=0x55555805cd70, name=0x555556071b56 "realized", errp=0x7fffffffdeb0) at 
qom/qom-qobject.c:27
  #11 0x0000555555bae637 in object_property_set_bool (obj=0x55555805aef0, 
value=true, name=0x555556071b56 "realized", errp=0x7fffffffdeb0) at 
qom/object.c:1157
  #12 0x00005555558fee4b in qdev_device_add (opts=0x555556b15160, 
errp=0x7fffffffdf28) at qdev-monitor.c:623
  #13 0x00005555559142c1 in device_init_func (opaque=0x0, opts=0x555556b15160, 
errp=0x0) at vl.c:2373
  #14 0x0000555555cc3bb7 in qemu_opts_foreach (list=0x555556548b80 
<qemu_device_opts>, func=0x555555914283 <device_init_func>, opaque=0x0, 
errp=0x0) at util/qemu-option.c:1116
  #15 0x00005555559198aa in main (argc=12, argv=0x7fffffffe388, 
envp=0x7fffffffe3f0) at vl.c:4574

  as I can see, it happens during initialization of the device-option.

  seems that the code tries to loop over a memory-region mr, which is
  null from at least three calls before it crashes.

  because there seems to be special handling for nvidia-cards, here're the 
pci-infos of the card:
  01:00.0 VGA compatible controller [0300]: NVIDIA Corporation G72 [GeForce 
7300 GS] [10de:01df] (rev a1) (prog-if 00 [VGA controller])
        Subsystem: Gigabyte Technology Co., Ltd Device [1458:342a]
        Flags: fast devsel, IRQ 16
        Memory at de000000 (32-bit, non-prefetchable) [disabled] [size=16M]
        Memory at c0000000 (64-bit, prefetchable) [disabled] [size=256M]
        Memory at dd000000 (64-bit, non-prefetchable) [disabled] [size=16M]
        Expansion ROM at df000000 [disabled] [size=128K]
        Capabilities: [60] Power Management version 2
        Capabilities: [68] MSI: Enable- Count=1/1 Maskable- 64bit+
        Capabilities: [78] Express Endpoint, MSI 00
        Capabilities: [100] Virtual Channel
        Capabilities: [128] Power Budgeting <?>
        Kernel driver in use: vfio-pci

  at least with a similar card in another slot the crash does not occure.
  (sorry, can't change the slots at the moment)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1678466/+subscriptions



reply via email to

[Prev in Thread] Current Thread [Next in Thread]