diff mbox series

[v2,5/6] macio: don't reference serial_hd() directly within the device

Message ID 20200926140216.7368-6-mark.cave-ayland@ilande.co.uk
State Superseded
Headers show
Series QOM minor fixes | expand

Commit Message

Mark Cave-Ayland Sept. 26, 2020, 2:02 p.m. UTC 
Instead use qdev_prop_set_chr() to configure the ESCC serial chardevs at the
Mac Old World and New World machine level.

Also remove the now obsolete comment referring to the use of serial_hd() and
the setting of user_creatable to false accordingly.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
---
 hw/misc/macio/macio.c | 4 ----
 hw/ppc/mac_newworld.c | 6 ++++++
 hw/ppc/mac_oldworld.c | 6 ++++++
 3 files changed, 12 insertions(+), 4 deletions(-)

Comments

Thomas Huth Nov. 4, 2020, 12:47 p.m. UTC | #1 
On 26/09/2020 16.02, Mark Cave-Ayland wrote:
> Instead use qdev_prop_set_chr() to configure the ESCC serial chardevs at the

> Mac Old World and New World machine level.

> 

> Also remove the now obsolete comment referring to the use of serial_hd() and

> the setting of user_creatable to false accordingly.

> 

> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>

> ---

>  hw/misc/macio/macio.c | 4 ----

>  hw/ppc/mac_newworld.c | 6 ++++++

>  hw/ppc/mac_oldworld.c | 6 ++++++

>  3 files changed, 12 insertions(+), 4 deletions(-)

> 

> diff --git a/hw/misc/macio/macio.c b/hw/misc/macio/macio.c

> index 679722628e..51368884d0 100644

> --- a/hw/misc/macio/macio.c

> +++ b/hw/misc/macio/macio.c

> @@ -109,8 +109,6 @@ static void macio_common_realize(PCIDevice *d, Error **errp)

>      qdev_prop_set_uint32(DEVICE(&s->escc), "disabled", 0);

>      qdev_prop_set_uint32(DEVICE(&s->escc), "frequency", ESCC_CLOCK);

>      qdev_prop_set_uint32(DEVICE(&s->escc), "it_shift", 4);

> -    qdev_prop_set_chr(DEVICE(&s->escc), "chrA", serial_hd(0));

> -    qdev_prop_set_chr(DEVICE(&s->escc), "chrB", serial_hd(1));

>      qdev_prop_set_uint32(DEVICE(&s->escc), "chnBtype", escc_serial);

>      qdev_prop_set_uint32(DEVICE(&s->escc), "chnAtype", escc_serial);

>      if (!qdev_realize(DEVICE(&s->escc), BUS(&s->macio_bus), errp)) {

> @@ -458,8 +456,6 @@ static void macio_class_init(ObjectClass *klass, void *data)

>      k->class_id = PCI_CLASS_OTHERS << 8;

>      device_class_set_props(dc, macio_properties);

>      set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);

> -    /* Reason: Uses serial_hds in macio_instance_init */

> -    dc->user_creatable = false;

>  }


 Hi Mark,

the macio device can now be used to crash QEMU:

 $ ./qemu-system-ppc -M sam460ex -device macio-newworld
 Segmentation fault (core dumped)

I guess we should either restore the user_creatable flag or add some sanity
checks elsewhere?

 Thomas
Xingtao Yao (Fujitsu)" via Nov. 4, 2020, 2:16 p.m. UTC | #2 
On Wed, 4 Nov 2020, Thomas Huth wrote:
> On 26/09/2020 16.02, Mark Cave-Ayland wrote:

>> Instead use qdev_prop_set_chr() to configure the ESCC serial chardevs at the

>> Mac Old World and New World machine level.

>>

>> Also remove the now obsolete comment referring to the use of serial_hd() and

>> the setting of user_creatable to false accordingly.

>>

>> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>

>> ---

>>  hw/misc/macio/macio.c | 4 ----

>>  hw/ppc/mac_newworld.c | 6 ++++++

>>  hw/ppc/mac_oldworld.c | 6 ++++++

>>  3 files changed, 12 insertions(+), 4 deletions(-)

>>

>> diff --git a/hw/misc/macio/macio.c b/hw/misc/macio/macio.c

>> index 679722628e..51368884d0 100644

>> --- a/hw/misc/macio/macio.c

>> +++ b/hw/misc/macio/macio.c

>> @@ -109,8 +109,6 @@ static void macio_common_realize(PCIDevice *d, Error **errp)

>>      qdev_prop_set_uint32(DEVICE(&s->escc), "disabled", 0);

>>      qdev_prop_set_uint32(DEVICE(&s->escc), "frequency", ESCC_CLOCK);

>>      qdev_prop_set_uint32(DEVICE(&s->escc), "it_shift", 4);

>> -    qdev_prop_set_chr(DEVICE(&s->escc), "chrA", serial_hd(0));

>> -    qdev_prop_set_chr(DEVICE(&s->escc), "chrB", serial_hd(1));

>>      qdev_prop_set_uint32(DEVICE(&s->escc), "chnBtype", escc_serial);

>>      qdev_prop_set_uint32(DEVICE(&s->escc), "chnAtype", escc_serial);

>>      if (!qdev_realize(DEVICE(&s->escc), BUS(&s->macio_bus), errp)) {

>> @@ -458,8 +456,6 @@ static void macio_class_init(ObjectClass *klass, void *data)

>>      k->class_id = PCI_CLASS_OTHERS << 8;

>>      device_class_set_props(dc, macio_properties);

>>      set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);

>> -    /* Reason: Uses serial_hds in macio_instance_init */

>> -    dc->user_creatable = false;

>>  }

>

> Hi Mark,

>

> the macio device can now be used to crash QEMU:

>

> $ ./qemu-system-ppc -M sam460ex -device macio-newworld

> Segmentation fault (core dumped)

>

> I guess we should either restore the user_creatable flag or add some sanity

> checks elsewhere?


Looks like it needs to check if pic_dev is set:

$ gdb --args ./qemu-system-ppc -M sam460ex -device macio-newworld
(gdb) r
Thread 1 "qemu-system-ppc" received signal SIGSEGV, Segmentation fault.
0x0000555555c3d65a in qdev_get_named_gpio_list (dev=0x0, name=0x0)
    at ../hw/core/qdev.c:456
456	    QLIST_FOREACH(ngl, &dev->gpios, node) {
(gdb) bt
#0  0x0000555555c3d65a in qdev_get_named_gpio_list (dev=0x0, name=0x0)
    at ../hw/core/qdev.c:456
#1  0x0000555555c3e349 in qdev_get_gpio_in_named (dev=<optimized out>,
    name=<optimized out>, n=36) at ../hw/core/qdev.c:532
#2  0x00005555559c690f in macio_newworld_realize (d=<optimized out>,
    errp=0x7fffffffda40) at ../hw/misc/macio/macio.c:301
#3  0x0000555555946334 in pci_qdev_realize (qdev=0x555556b578e0,
    errp=<optimized out>) at ../hw/pci/pci.c:2125
#4  0x0000555555c3f1ff in device_set_realized (obj=<optimized out>,
    value=true, errp=0x7fffffffdb50) at ../hw/core/qdev.c:886
[...]
(gdb) up
#1  0x0000555555c3e349 in qdev_get_gpio_in_named (dev=<optimized out>,
    name=<optimized out>, n=36) at ../hw/core/qdev.c:532
532	    NamedGPIOList *gpio_list = qdev_get_named_gpio_list(dev, name);
(gdb)
#2  0x00005555559c690f in macio_newworld_realize (d=<optimized out>,
    errp=0x7fffffffda40) at ../hw/misc/macio/macio.c:301
301	    sysbus_connect_irq(sysbus_dev, 0, qdev_get_gpio_in(pic_dev,
(gdb) l 285
280	    .read = timer_read,
281	    .write = timer_write,
282	    .endianness = DEVICE_LITTLE_ENDIAN,
283	};
284
285	static void macio_newworld_realize(PCIDevice *d, Error **errp)
286	{
287	    MacIOState *s = MACIO(d);
288	    NewWorldMacIOState *ns = NEWWORLD_MACIO(d);
289	    DeviceState *pic_dev = DEVICE(ns->pic);
(gdb)
290	    Error *err = NULL;
291	    SysBusDevice *sysbus_dev;
292	    MemoryRegion *timer_memory = NULL;
293
294	    macio_common_realize(d, &err);
295	    if (err) {
296	        error_propagate(errp, err);
297	        return;
298	    }
299
(gdb)
300	    sysbus_dev = SYS_BUS_DEVICE(&s->escc);
301	    sysbus_connect_irq(sysbus_dev, 0, qdev_get_gpio_in(pic_dev,
302	                                                       NEWWORLD_ESCCB_IRQ));
303	    sysbus_connect_irq(sysbus_dev, 1, qdev_get_gpio_in(pic_dev,
304	                                                       NEWWORLD_ESCCA_IRQ));
305
306	    /* OpenPIC */
307	    sysbus_dev = SYS_BUS_DEVICE(ns->pic);
308	    memory_region_add_subregion(&s->bar, 0x40000,
309	                                sysbus_mmio_get_region(sysbus_dev, 
0));

Maybe something like:

if (!pic_dev) {
    error_setg(errp, "some meaningful error message");
    return;
}

before the sysbus_connect_irq calls but unless the user can set this via 
the command line somehow then keeping the user_creatable = false with 
comment adjusted to say that this device needs to be connected by board 
code is probably better.

Regards,
BALATON Zoltan
Xingtao Yao (Fujitsu)" via Nov. 4, 2020, 2:24 p.m. UTC | #3 
On Wed, 4 Nov 2020, BALATON Zoltan via wrote:
> On Wed, 4 Nov 2020, Thomas Huth wrote:
>> On 26/09/2020 16.02, Mark Cave-Ayland wrote:
>>> Instead use qdev_prop_set_chr() to configure the ESCC serial chardevs at the
>>> Mac Old World and New World machine level.
>>>
>>> Also remove the now obsolete comment referring to the use of serial_hd() and
>>> the setting of user_creatable to false accordingly.
>>>
>>> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
>>> ---
>>>  hw/misc/macio/macio.c | 4 ----
>>>  hw/ppc/mac_newworld.c | 6 ++++++
>>>  hw/ppc/mac_oldworld.c | 6 ++++++
>>>  3 files changed, 12 insertions(+), 4 deletions(-)
>>>
>>> diff --git a/hw/misc/macio/macio.c b/hw/misc/macio/macio.c
>>> index 679722628e..51368884d0 100644
>>> --- a/hw/misc/macio/macio.c
>>> +++ b/hw/misc/macio/macio.c
>>> @@ -109,8 +109,6 @@ static void macio_common_realize(PCIDevice *d, Error **errp)
>>>      qdev_prop_set_uint32(DEVICE(&s->escc), "disabled", 0);
>>>      qdev_prop_set_uint32(DEVICE(&s->escc), "frequency", ESCC_CLOCK);
>>>      qdev_prop_set_uint32(DEVICE(&s->escc), "it_shift", 4);
>>> -    qdev_prop_set_chr(DEVICE(&s->escc), "chrA", serial_hd(0));
>>> -    qdev_prop_set_chr(DEVICE(&s->escc), "chrB", serial_hd(1));
>>>      qdev_prop_set_uint32(DEVICE(&s->escc), "chnBtype", escc_serial);
>>>      qdev_prop_set_uint32(DEVICE(&s->escc), "chnAtype", escc_serial);
>>>      if (!qdev_realize(DEVICE(&s->escc), BUS(&s->macio_bus), errp)) {
>>> @@ -458,8 +456,6 @@ static void macio_class_init(ObjectClass *klass, void *data)
>>>      k->class_id = PCI_CLASS_OTHERS << 8;
>>>      device_class_set_props(dc, macio_properties);
>>>      set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
>>> -    /* Reason: Uses serial_hds in macio_instance_init */
>>> -    dc->user_creatable = false;
>>>  }
>>
>> Hi Mark,
>>
>> the macio device can now be used to crash QEMU:
>>
>> $ ./qemu-system-ppc -M sam460ex -device macio-newworld
>> Segmentation fault (core dumped)

Also in macio-oldworld that seems to have the same problem.

Regards,
BALATON Zoltan
Thomas Huth Nov. 4, 2020, 2:51 p.m. UTC | #4 
On 04/11/2020 15.16, BALATON Zoltan wrote:
> On Wed, 4 Nov 2020, Thomas Huth wrote:

>> On 26/09/2020 16.02, Mark Cave-Ayland wrote:

>>> Instead use qdev_prop_set_chr() to configure the ESCC serial chardevs at the

>>> Mac Old World and New World machine level.

>>>

>>> Also remove the now obsolete comment referring to the use of serial_hd() and

>>> the setting of user_creatable to false accordingly.

>>>

>>> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>

>>> ---

>>>  hw/misc/macio/macio.c | 4 ----

>>>  hw/ppc/mac_newworld.c | 6 ++++++

>>>  hw/ppc/mac_oldworld.c | 6 ++++++

>>>  3 files changed, 12 insertions(+), 4 deletions(-)

>>>

>>> diff --git a/hw/misc/macio/macio.c b/hw/misc/macio/macio.c

>>> index 679722628e..51368884d0 100644

>>> --- a/hw/misc/macio/macio.c

>>> +++ b/hw/misc/macio/macio.c

>>> @@ -109,8 +109,6 @@ static void macio_common_realize(PCIDevice *d, Error **errp)

>>>      qdev_prop_set_uint32(DEVICE(&s->escc), "disabled", 0);

>>>      qdev_prop_set_uint32(DEVICE(&s->escc), "frequency", ESCC_CLOCK);

>>>      qdev_prop_set_uint32(DEVICE(&s->escc), "it_shift", 4);

>>> -    qdev_prop_set_chr(DEVICE(&s->escc), "chrA", serial_hd(0));

>>> -    qdev_prop_set_chr(DEVICE(&s->escc), "chrB", serial_hd(1));

>>>      qdev_prop_set_uint32(DEVICE(&s->escc), "chnBtype", escc_serial);

>>>      qdev_prop_set_uint32(DEVICE(&s->escc), "chnAtype", escc_serial);

>>>      if (!qdev_realize(DEVICE(&s->escc), BUS(&s->macio_bus), errp)) {

>>> @@ -458,8 +456,6 @@ static void macio_class_init(ObjectClass *klass, void *data)

>>>      k->class_id = PCI_CLASS_OTHERS << 8;

>>>      device_class_set_props(dc, macio_properties);

>>>      set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);

>>> -    /* Reason: Uses serial_hds in macio_instance_init */

>>> -    dc->user_creatable = false;

>>>  }

>>

>> Hi Mark,

>>

>> the macio device can now be used to crash QEMU:

>>

>> $ ./qemu-system-ppc -M sam460ex -device macio-newworld

>> Segmentation fault (core dumped)

>>

>> I guess we should either restore the user_creatable flag or add some sanity

>> checks elsewhere?

> 

> Looks like it needs to check if pic_dev is set:

> 

> $ gdb --args ./qemu-system-ppc -M sam460ex -device macio-newworld

> (gdb) r

> Thread 1 "qemu-system-ppc" received signal SIGSEGV, Segmentation fault.

> 0x0000555555c3d65a in qdev_get_named_gpio_list (dev=0x0, name=0x0)

>     at ../hw/core/qdev.c:456

> 456	    QLIST_FOREACH(ngl, &dev->gpios, node) {

> (gdb) bt

> #0  0x0000555555c3d65a in qdev_get_named_gpio_list (dev=0x0, name=0x0)

>     at ../hw/core/qdev.c:456

> #1  0x0000555555c3e349 in qdev_get_gpio_in_named (dev=<optimized out>,

>     name=<optimized out>, n=36) at ../hw/core/qdev.c:532

> #2  0x00005555559c690f in macio_newworld_realize (d=<optimized out>,

>     errp=0x7fffffffda40) at ../hw/misc/macio/macio.c:301

> #3  0x0000555555946334 in pci_qdev_realize (qdev=0x555556b578e0,

>     errp=<optimized out>) at ../hw/pci/pci.c:2125

> #4  0x0000555555c3f1ff in device_set_realized (obj=<optimized out>,

>     value=true, errp=0x7fffffffdb50) at ../hw/core/qdev.c:886

> [...]

> (gdb) up

> #1  0x0000555555c3e349 in qdev_get_gpio_in_named (dev=<optimized out>,

>     name=<optimized out>, n=36) at ../hw/core/qdev.c:532

> 532	    NamedGPIOList *gpio_list = qdev_get_named_gpio_list(dev, name);

> (gdb)

> #2  0x00005555559c690f in macio_newworld_realize (d=<optimized out>,

>     errp=0x7fffffffda40) at ../hw/misc/macio/macio.c:301

> 301	    sysbus_connect_irq(sysbus_dev, 0, qdev_get_gpio_in(pic_dev,

> (gdb) l 285

> 280	    .read = timer_read,

> 281	    .write = timer_write,

> 282	    .endianness = DEVICE_LITTLE_ENDIAN,

> 283	};

> 284

> 285	static void macio_newworld_realize(PCIDevice *d, Error **errp)

> 286	{

> 287	    MacIOState *s = MACIO(d);

> 288	    NewWorldMacIOState *ns = NEWWORLD_MACIO(d);

> 289	    DeviceState *pic_dev = DEVICE(ns->pic);

> (gdb)

> 290	    Error *err = NULL;

> 291	    SysBusDevice *sysbus_dev;

> 292	    MemoryRegion *timer_memory = NULL;

> 293

> 294	    macio_common_realize(d, &err);

> 295	    if (err) {

> 296	        error_propagate(errp, err);

> 297	        return;

> 298	    }

> 299

> (gdb)

> 300	    sysbus_dev = SYS_BUS_DEVICE(&s->escc);

> 301	    sysbus_connect_irq(sysbus_dev, 0, qdev_get_gpio_in(pic_dev,

> 302	                                                       NEWWORLD_ESCCB_IRQ));

> 303	    sysbus_connect_irq(sysbus_dev, 1, qdev_get_gpio_in(pic_dev,

> 304	                                                       NEWWORLD_ESCCA_IRQ));

> 305

> 306	    /* OpenPIC */

> 307	    sysbus_dev = SYS_BUS_DEVICE(ns->pic);

> 308	    memory_region_add_subregion(&s->bar, 0x40000,

> 309	                                sysbus_mmio_get_region(sysbus_dev, 

> 0));

> 

> Maybe something like:

> 

> if (!pic_dev) {

>     error_setg(errp, "some meaningful error message");

>     return;

> }

> 

> before the sysbus_connect_irq calls but unless the user can set this via 

> the command line somehow then keeping the user_creatable = false with 

> comment adjusted to say that this device needs to be connected by board 

> code is probably better.


Yes, as far as I can see, there is no way a user could use these devices
from the command line - the "pic" link has to be set up by code. So I'd also
suggest to add the user_creatable = false back again.

 Thomas
Mark Cave-Ayland Nov. 4, 2020, 7:29 p.m. UTC | #5 
On 04/11/2020 12:47, Thomas Huth wrote:

> On 26/09/2020 16.02, Mark Cave-Ayland wrote:

>> Instead use qdev_prop_set_chr() to configure the ESCC serial chardevs at the

>> Mac Old World and New World machine level.

>>

>> Also remove the now obsolete comment referring to the use of serial_hd() and

>> the setting of user_creatable to false accordingly.

>>

>> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>

>> ---

>>   hw/misc/macio/macio.c | 4 ----

>>   hw/ppc/mac_newworld.c | 6 ++++++

>>   hw/ppc/mac_oldworld.c | 6 ++++++

>>   3 files changed, 12 insertions(+), 4 deletions(-)

>>

>> diff --git a/hw/misc/macio/macio.c b/hw/misc/macio/macio.c

>> index 679722628e..51368884d0 100644

>> --- a/hw/misc/macio/macio.c

>> +++ b/hw/misc/macio/macio.c

>> @@ -109,8 +109,6 @@ static void macio_common_realize(PCIDevice *d, Error **errp)

>>       qdev_prop_set_uint32(DEVICE(&s->escc), "disabled", 0);

>>       qdev_prop_set_uint32(DEVICE(&s->escc), "frequency", ESCC_CLOCK);

>>       qdev_prop_set_uint32(DEVICE(&s->escc), "it_shift", 4);

>> -    qdev_prop_set_chr(DEVICE(&s->escc), "chrA", serial_hd(0));

>> -    qdev_prop_set_chr(DEVICE(&s->escc), "chrB", serial_hd(1));

>>       qdev_prop_set_uint32(DEVICE(&s->escc), "chnBtype", escc_serial);

>>       qdev_prop_set_uint32(DEVICE(&s->escc), "chnAtype", escc_serial);

>>       if (!qdev_realize(DEVICE(&s->escc), BUS(&s->macio_bus), errp)) {

>> @@ -458,8 +456,6 @@ static void macio_class_init(ObjectClass *klass, void *data)

>>       k->class_id = PCI_CLASS_OTHERS << 8;

>>       device_class_set_props(dc, macio_properties);

>>       set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);

>> -    /* Reason: Uses serial_hds in macio_instance_init */

>> -    dc->user_creatable = false;

>>   }

> 

>   Hi Mark,

> 

> the macio device can now be used to crash QEMU:

> 

>   $ ./qemu-system-ppc -M sam460ex -device macio-newworld

>   Segmentation fault (core dumped)

> 

> I guess we should either restore the user_creatable flag or add some sanity

> checks elsewhere?


(goes and looks)

Ah okay it appears to be because the object property link to the PIC is missing, 
which is to be expected as it is only present on the Mac machines.

With the latest round of QOM updates I can see the solution but it's probably a bit 
much now that we've reached rc-0. The easiest thing for the moment is to switch 
user_creatable back to false if this is causing an issue.

Just out of interest how did you find this? My new workflow involves a local "make 
check" with all ppc targets and a pass through Travis-CI and it didn't show up there 
for me (or indeed Peter's pre-merge tests).


ATB,

Mark.
Thomas Huth Nov. 5, 2020, 5:31 a.m. UTC | #6 
On 04/11/2020 20.29, Mark Cave-Ayland wrote:
> On 04/11/2020 12:47, Thomas Huth wrote:
> 
>> On 26/09/2020 16.02, Mark Cave-Ayland wrote:
>>> Instead use qdev_prop_set_chr() to configure the ESCC serial chardevs at the
>>> Mac Old World and New World machine level.
>>>
>>> Also remove the now obsolete comment referring to the use of serial_hd() and
>>> the setting of user_creatable to false accordingly.
>>>
>>> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
>>> ---
>>>   hw/misc/macio/macio.c | 4 ----
>>>   hw/ppc/mac_newworld.c | 6 ++++++
>>>   hw/ppc/mac_oldworld.c | 6 ++++++
>>>   3 files changed, 12 insertions(+), 4 deletions(-)
>>>
>>> diff --git a/hw/misc/macio/macio.c b/hw/misc/macio/macio.c
>>> index 679722628e..51368884d0 100644
>>> --- a/hw/misc/macio/macio.c
>>> +++ b/hw/misc/macio/macio.c
>>> @@ -109,8 +109,6 @@ static void macio_common_realize(PCIDevice *d, Error
>>> **errp)
>>>       qdev_prop_set_uint32(DEVICE(&s->escc), "disabled", 0);
>>>       qdev_prop_set_uint32(DEVICE(&s->escc), "frequency", ESCC_CLOCK);
>>>       qdev_prop_set_uint32(DEVICE(&s->escc), "it_shift", 4);
>>> -    qdev_prop_set_chr(DEVICE(&s->escc), "chrA", serial_hd(0));
>>> -    qdev_prop_set_chr(DEVICE(&s->escc), "chrB", serial_hd(1));
>>>       qdev_prop_set_uint32(DEVICE(&s->escc), "chnBtype", escc_serial);
>>>       qdev_prop_set_uint32(DEVICE(&s->escc), "chnAtype", escc_serial);
>>>       if (!qdev_realize(DEVICE(&s->escc), BUS(&s->macio_bus), errp)) {
>>> @@ -458,8 +456,6 @@ static void macio_class_init(ObjectClass *klass, void
>>> *data)
>>>       k->class_id = PCI_CLASS_OTHERS << 8;
>>>       device_class_set_props(dc, macio_properties);
>>>       set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
>>> -    /* Reason: Uses serial_hds in macio_instance_init */
>>> -    dc->user_creatable = false;
>>>   }
>>
>>   Hi Mark,
>>
>> the macio device can now be used to crash QEMU:
>>
>>   $ ./qemu-system-ppc -M sam460ex -device macio-newworld
>>   Segmentation fault (core dumped)
>>
>> I guess we should either restore the user_creatable flag or add some sanity
>> checks elsewhere?
> 
> (goes and looks)
> 
> Ah okay it appears to be because the object property link to the PIC is
> missing, which is to be expected as it is only present on the Mac machines.
> 
> With the latest round of QOM updates I can see the solution but it's
> probably a bit much now that we've reached rc-0. The easiest thing for the
> moment is to switch user_creatable back to false if this is causing an issue.

+1 for setting user_creatable back to false ... can you send a patch or
shall I prepare one?

> Just out of interest how did you find this? My new workflow involves a local
> "make check" with all ppc targets and a pass through Travis-CI and it didn't
> show up there for me (or indeed Peter's pre-merge tests).

I've found it with the scripts/device-crash-test script. (You currently need
to apply Eduardo's patch "Check if path is actually an executable file" on
top first to run it)

 Thomas
Markus Armbruster Nov. 5, 2020, 6:29 a.m. UTC | #7 
Thomas Huth <thuth@redhat.com> writes:

> On 04/11/2020 15.16, BALATON Zoltan wrote:
>> On Wed, 4 Nov 2020, Thomas Huth wrote:
>>> On 26/09/2020 16.02, Mark Cave-Ayland wrote:
>>>> Instead use qdev_prop_set_chr() to configure the ESCC serial chardevs at the
>>>> Mac Old World and New World machine level.
>>>>
>>>> Also remove the now obsolete comment referring to the use of serial_hd() and
>>>> the setting of user_creatable to false accordingly.
>>>>
>>>> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
>>>> ---
>>>>  hw/misc/macio/macio.c | 4 ----
>>>>  hw/ppc/mac_newworld.c | 6 ++++++
>>>>  hw/ppc/mac_oldworld.c | 6 ++++++
>>>>  3 files changed, 12 insertions(+), 4 deletions(-)
>>>>
>>>> diff --git a/hw/misc/macio/macio.c b/hw/misc/macio/macio.c
>>>> index 679722628e..51368884d0 100644
>>>> --- a/hw/misc/macio/macio.c
>>>> +++ b/hw/misc/macio/macio.c
>>>> @@ -109,8 +109,6 @@ static void macio_common_realize(PCIDevice *d, Error **errp)
>>>>      qdev_prop_set_uint32(DEVICE(&s->escc), "disabled", 0);
>>>>      qdev_prop_set_uint32(DEVICE(&s->escc), "frequency", ESCC_CLOCK);
>>>>      qdev_prop_set_uint32(DEVICE(&s->escc), "it_shift", 4);
>>>> -    qdev_prop_set_chr(DEVICE(&s->escc), "chrA", serial_hd(0));
>>>> -    qdev_prop_set_chr(DEVICE(&s->escc), "chrB", serial_hd(1));
>>>>      qdev_prop_set_uint32(DEVICE(&s->escc), "chnBtype", escc_serial);
>>>>      qdev_prop_set_uint32(DEVICE(&s->escc), "chnAtype", escc_serial);
>>>>      if (!qdev_realize(DEVICE(&s->escc), BUS(&s->macio_bus), errp)) {
>>>> @@ -458,8 +456,6 @@ static void macio_class_init(ObjectClass *klass, void *data)
>>>>      k->class_id = PCI_CLASS_OTHERS << 8;
>>>>      device_class_set_props(dc, macio_properties);
>>>>      set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
>>>> -    /* Reason: Uses serial_hds in macio_instance_init */
>>>> -    dc->user_creatable = false;
>>>>  }
>>>
>>> Hi Mark,
>>>
>>> the macio device can now be used to crash QEMU:
>>>
>>> $ ./qemu-system-ppc -M sam460ex -device macio-newworld
>>> Segmentation fault (core dumped)
>>>
>>> I guess we should either restore the user_creatable flag or add some sanity
>>> checks elsewhere?
>> 
>> Looks like it needs to check if pic_dev is set:
[...]
>> Maybe something like:
>> 
>> if (!pic_dev) {
>>     error_setg(errp, "some meaningful error message");
>>     return;
>> }
>> 
>> before the sysbus_connect_irq calls but unless the user can set this via 
>> the command line somehow then keeping the user_creatable = false with 
>> comment adjusted to say that this device needs to be connected by board 
>> code is probably better.
>
> Yes, as far as I can see, there is no way a user could use these devices
> from the command line - the "pic" link has to be set up by code. So I'd also
> suggest to add the user_creatable = false back again.

When you do that, add a comment that explains why.  You might want to
examine existing comments for inspiration.
Mark Cave-Ayland Nov. 6, 2020, 7:35 a.m. UTC | #8 
On 05/11/2020 05:31, Thomas Huth wrote:

>> (goes and looks)

>>

>> Ah okay it appears to be because the object property link to the PIC is

>> missing, which is to be expected as it is only present on the Mac machines.

>>

>> With the latest round of QOM updates I can see the solution but it's

>> probably a bit much now that we've reached rc-0. The easiest thing for the

>> moment is to switch user_creatable back to false if this is causing an issue.

> 

> +1 for setting user_creatable back to false ... can you send a patch or

> shall I prepare one?


No that's fine, I can come up with a fix over the next couple of days.

>> Just out of interest how did you find this? My new workflow involves a local

>> "make check" with all ppc targets and a pass through Travis-CI and it didn't

>> show up there for me (or indeed Peter's pre-merge tests).

> 

> I've found it with the scripts/device-crash-test script. (You currently need

> to apply Eduardo's patch "Check if path is actually an executable file" on

> top first to run it)


Have you got a link for this? I've tried doing some basic searches in my email client 
and couldn't easily spot it...


ATB,

Mark.
Thomas Huth Nov. 9, 2020, 10:02 a.m. UTC | #9 
On 06/11/2020 08.35, Mark Cave-Ayland wrote:
> On 05/11/2020 05:31, Thomas Huth wrote:

> 

>>> (goes and looks)

>>>

>>> Ah okay it appears to be because the object property link to the PIC is

>>> missing, which is to be expected as it is only present on the Mac machines.

>>>

>>> With the latest round of QOM updates I can see the solution but it's

>>> probably a bit much now that we've reached rc-0. The easiest thing for the

>>> moment is to switch user_creatable back to false if this is causing an

>>> issue.

>>

>> +1 for setting user_creatable back to false ... can you send a patch or

>> shall I prepare one?

> 

> No that's fine, I can come up with a fix over the next couple of days.


Thanks!

>>> Just out of interest how did you find this? My new workflow involves a local

>>> "make check" with all ppc targets and a pass through Travis-CI and it didn't

>>> show up there for me (or indeed Peter's pre-merge tests).

>>

>> I've found it with the scripts/device-crash-test script. (You currently need

>> to apply Eduardo's patch "Check if path is actually an executable file" on

>> top first to run it)

> 

> Have you got a link for this? I've tried doing some basic searches in my

> email client and couldn't easily spot it...


https://lists.gnu.org/archive/html/qemu-devel/2020-10/msg07549.html

 Thomas
Mark Cave-Ayland Nov. 10, 2020, 9:03 a.m. UTC | #10 
On 09/11/2020 10:02, Thomas Huth wrote:

>>>> Just out of interest how did you find this? My new workflow involves a local

>>>> "make check" with all ppc targets and a pass through Travis-CI and it didn't

>>>> show up there for me (or indeed Peter's pre-merge tests).

>>>

>>> I've found it with the scripts/device-crash-test script. (You currently need

>>> to apply Eduardo's patch "Check if path is actually an executable file" on

>>> top first to run it)

>>

>> Have you got a link for this? I've tried doing some basic searches in my

>> email client and couldn't easily spot it...

> 

> https://lists.gnu.org/archive/html/qemu-devel/2020-10/msg07549.html


Thanks for this - I gave it a quick run with my patch and I see that there are still 
quite a few failures for qemu-system-ppc, so certainly there are other devices that 
will need attention in future.

I've just realised that I didn't explicitly mark the patch as for-5.2 so I'll resend 
it along with your R-B tag.


ATB,

Mark.
diff mbox series

Patch

diff --git a/hw/misc/macio/macio.c b/hw/misc/macio/macio.c
index 679722628e..51368884d0 100644
--- a/hw/misc/macio/macio.c
+++ b/hw/misc/macio/macio.c
@@ -109,8 +109,6 @@  static void macio_common_realize(PCIDevice *d, Error **errp)
     qdev_prop_set_uint32(DEVICE(&s->escc), "disabled", 0);
     qdev_prop_set_uint32(DEVICE(&s->escc), "frequency", ESCC_CLOCK);
     qdev_prop_set_uint32(DEVICE(&s->escc), "it_shift", 4);
-    qdev_prop_set_chr(DEVICE(&s->escc), "chrA", serial_hd(0));
-    qdev_prop_set_chr(DEVICE(&s->escc), "chrB", serial_hd(1));
     qdev_prop_set_uint32(DEVICE(&s->escc), "chnBtype", escc_serial);
     qdev_prop_set_uint32(DEVICE(&s->escc), "chnAtype", escc_serial);
     if (!qdev_realize(DEVICE(&s->escc), BUS(&s->macio_bus), errp)) {
@@ -458,8 +456,6 @@  static void macio_class_init(ObjectClass *klass, void *data)
     k->class_id = PCI_CLASS_OTHERS << 8;
     device_class_set_props(dc, macio_properties);
     set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
-    /* Reason: Uses serial_hds in macio_instance_init */
-    dc->user_creatable = false;
 }
 
 static const TypeInfo macio_bus_info = {
diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c
index e42bd7a626..e59b30e0a7 100644
--- a/hw/ppc/mac_newworld.c
+++ b/hw/ppc/mac_newworld.c
@@ -123,6 +123,7 @@  static void ppc_core99_init(MachineState *machine)
     UNINHostState *uninorth_pci;
     PCIBus *pci_bus;
     PCIDevice *macio;
+    ESCCState *escc;
     bool has_pmu, has_adb;
     MACIOIDEState *macio_ide;
     BusState *adb_bus;
@@ -382,6 +383,11 @@  static void ppc_core99_init(MachineState *machine)
     qdev_prop_set_bit(dev, "has-adb", has_adb);
     object_property_set_link(OBJECT(macio), "pic", OBJECT(pic_dev),
                              &error_abort);
+
+    escc = ESCC(object_resolve_path_component(OBJECT(macio), "escc"));
+    qdev_prop_set_chr(DEVICE(escc), "chrA", serial_hd(0));
+    qdev_prop_set_chr(DEVICE(escc), "chrB", serial_hd(1));
+
     pci_realize_and_unref(macio, pci_bus, &error_fatal);
 
     /* We only emulate 2 out of 3 IDE controllers for now */
diff --git a/hw/ppc/mac_oldworld.c b/hw/ppc/mac_oldworld.c
index 7aba040f1b..25ade63ba3 100644
--- a/hw/ppc/mac_oldworld.c
+++ b/hw/ppc/mac_oldworld.c
@@ -96,6 +96,7 @@  static void ppc_heathrow_init(MachineState *machine)
     PCIBus *pci_bus;
     PCIDevice *macio;
     MACIOIDEState *macio_ide;
+    ESCCState *escc;
     SysBusDevice *s;
     DeviceState *dev, *pic_dev;
     BusState *adb_bus;
@@ -283,6 +284,11 @@  static void ppc_heathrow_init(MachineState *machine)
     qdev_prop_set_uint64(dev, "frequency", tbfreq);
     object_property_set_link(OBJECT(macio), "pic", OBJECT(pic_dev),
                              &error_abort);
+
+    escc = ESCC(object_resolve_path_component(OBJECT(macio), "escc"));
+    qdev_prop_set_chr(DEVICE(escc), "chrA", serial_hd(0));
+    qdev_prop_set_chr(DEVICE(escc), "chrB", serial_hd(1));
+
     pci_realize_and_unref(macio, pci_bus, &error_fatal);
 
     macio_ide = MACIO_IDE(object_resolve_path_component(OBJECT(macio),