Patchwork qemu git (f03d07d46) / e100 / sending large packets causes SIGABRT

login
register
mail settings
Submitter Paolo Bonzini
Date July 29, 2013, 10:53 a.m.
Message ID <51F6499E.3090306@redhat.com>
Download mbox | patch
Permalink /patch/262714/
State New
Headers show

Comments

Paolo Bonzini - July 29, 2013, 10:53 a.m.
Il 29/07/2013 10:50, Stefan Hajnoczi ha scritto:
> There are only a few bytes remaining: len=0x3.  The abort(3) comes from address_space_rw():
> 
> if (!memory_access_is_direct(mr, is_write)) {
>     /* I/O case */
>     l = memory_access_size(mr, l, addr1);
>     switch (l) {
>     case 8:
>         ...
>     case 4:
>         ...
>     case 2:
>         ...
>     case 1:
>         ...
>     default:
>         abort();  <-- we abort here
> }
> 
> Paolo: Do you know how the memory API is supposed to work here?

The problem is introduced by commit 2332616 (exec: Support 64-bit
operations in address_space_rw, 2013-07-08).  Before that commit,
memory_access_size would only return 1/2/4.  The following should help:

 }


Paolo
Stefan Hajnoczi - July 29, 2013, 11:40 a.m.
On Mon, Jul 29, 2013 at 12:53 PM, Paolo Bonzini <pbonzini@redhat.com> wrote:
> Il 29/07/2013 10:50, Stefan Hajnoczi ha scritto:
>> There are only a few bytes remaining: len=0x3.  The abort(3) comes from address_space_rw():
>>
>> if (!memory_access_is_direct(mr, is_write)) {
>>     /* I/O case */
>>     l = memory_access_size(mr, l, addr1);
>>     switch (l) {
>>     case 8:
>>         ...
>>     case 4:
>>         ...
>>     case 2:
>>         ...
>>     case 1:
>>         ...
>>     default:
>>         abort();  <-- we abort here
>> }
>>
>> Paolo: Do you know how the memory API is supposed to work here?
>
> The problem is introduced by commit 2332616 (exec: Support 64-bit
> operations in address_space_rw, 2013-07-08).  Before that commit,
> memory_access_size would only return 1/2/4.  The following should help:
>
> diff --git a/exec.c b/exec.c
> index 7997002..7686c15 100644
> --- a/exec.c
> +++ b/exec.c
> @@ -1922,6 +1922,9 @@ static int memory_access_size(MemoryRegion *mr,
> unsigned l, hwaddr addr)
>      if (l > access_size_max) {
>          l = access_size_max;
>      }
> +    if (l & (l - 1)) {
> +        l = 1 << (qemu_fls(l) - 1);
> +    }
>
>      return l;
>  }

Oleksii, are you able to test Paolo's patch?

Thanks,
Stefan
Oleksii Shevchuk - July 29, 2013, 12:03 p.m.
Stefan Hajnoczi <stefanha@gmail.com> writes:

> Oleksii, are you able to test Paolo's patch?

Issue goes away with the patch applied to the current git. At least, it doesn't
reproduce with large packets.

Patch

diff --git a/exec.c b/exec.c
index 7997002..7686c15 100644
--- a/exec.c
+++ b/exec.c
@@ -1922,6 +1922,9 @@  static int memory_access_size(MemoryRegion *mr,
unsigned l, hwaddr addr)
     if (l > access_size_max) {
         l = access_size_max;
     }
+    if (l & (l - 1)) {
+        l = 1 << (qemu_fls(l) - 1);
+    }

     return l;