[Qemu-devel] [Bug 1678466] Re: using x-vga=on with vfio-pci leads to segfault
** Changed in: qemu Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1678466 Title: using x-vga=on with vfio-pci leads to segfault Status in QEMU: Fix Released Bug description: bug occures at least with qemu 2.8.0 and 2.8.1 in 64bit-system stripped cmd for minimal config: qemu-system-i386 -m 2048 -M q35 -enable-kvm -nodefaults -nodefconfig -device ioh3420,bus=pcie.0,addr=0x9,multifunction=on,port=1,chassis=1,id=root.1 -device vfio-pci,host=01:00.0,bus=root.1,addr=01.0,x-vga=on Backtrace is: #0 0x557ca836 in memory_region_update_container_subregions (subregion=0x5828f2f0) at qemu-2.8.1/memory.c:2030 #1 0x557ca9dc in memory_region_add_subregion_common (mr=0x0, offset=8, subregion=0x5828f2f0) at qemu-2.8.1/memory.c:2049 #2 0x557caa9a in memory_region_add_subregion_overlap (mr=0x0, offset=8, subregion=0x5828f2f0, priority=1) at qemu-2.8.1/memory.c:2066 #3 0x55832e48 in vfio_probe_nvidia_bar5_quirk (vdev=0x5805aef0, nr=5) at qemu-2.8.1/hw/vfio/pci-quirks.c:689 #4 0x55835433 in vfio_bar_quirk_setup (vdev=0x5805aef0, nr=5) at qemu-2.8.1/hw/vfio/pci-quirks.c:1652 #5 0x5582f122 in vfio_realize (pdev=0x5805aef0, errp=0x7fffdc78) at qemu-2.8.1/hw/vfio/pci.c:2777 #6 0x55a86195 in pci_qdev_realize (qdev=0x5805aef0, errp=0x7fffdcf0) at hw/pci/pci.c:1966 #7 0x559be7b7 in device_set_realized (obj=0x5805aef0, value=true, errp=0x7fffdeb0) at hw/core/qdev.c:918 #8 0x55bb017f in property_set_bool (obj=0x5805aef0, v=0x5805ced0, name=0x56071b56 "realized", opaque=0x57f15860, errp=0x7fffdeb0) at qom/object.c:1854 #9 0x55bae2e6 in object_property_set (obj=0x5805aef0, v=0x5805ced0, name=0x56071b56 "realized", errp=0x7fffdeb0) at qom/object.c:1088 #10 0x55bb184f in object_property_set_qobject (obj=0x5805aef0, value=0x5805cd70, name=0x56071b56 "realized", errp=0x7fffdeb0) at qom/qom-qobject.c:27 #11 0x55bae637 in object_property_set_bool (obj=0x5805aef0, value=true, name=0x56071b56 "realized", errp=0x7fffdeb0) at qom/object.c:1157 #12 0x558fee4b in qdev_device_add (opts=0x56b15160, errp=0x7fffdf28) at qdev-monitor.c:623 #13 0x559142c1 in device_init_func (opaque=0x0, opts=0x56b15160, errp=0x0) at vl.c:2373 #14 0x55cc3bb7 in qemu_opts_foreach (list=0x56548b80 , func=0x55914283 , opaque=0x0, errp=0x0) at util/qemu-option.c:1116 #15 0x559198aa in main (argc=12, argv=0x7fffe388, envp=0x7fffe3f0) at vl.c:4574 as I can see, it happens during initialization of the device-option. seems that the code tries to loop over a memory-region mr, which is null from at least three calls before it crashes. because there seems to be special handling for nvidia-cards, here're the pci-infos of the card: 01:00.0 VGA compatible controller [0300]: NVIDIA Corporation G72 [GeForce 7300 GS] [10de:01df] (rev a1) (prog-if 00 [VGA controller]) Subsystem: Gigabyte Technology Co., Ltd Device [1458:342a] Flags: fast devsel, IRQ 16 Memory at de00 (32-bit, non-prefetchable) [disabled] [size=16M] Memory at c000 (64-bit, prefetchable) [disabled] [size=256M] Memory at dd00 (64-bit, non-prefetchable) [disabled] [size=16M] Expansion ROM at df00 [disabled] [size=128K] Capabilities: [60] Power Management version 2 Capabilities: [68] MSI: Enable- Count=1/1 Maskable- 64bit+ Capabilities: [78] Express Endpoint, MSI 00 Capabilities: [100] Virtual Channel Capabilities: [128] Power Budgeting Kernel driver in use: vfio-pci at least with a similar card in another slot the crash does not occure. (sorry, can't change the slots at the moment) To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1678466/+subscriptions
[Qemu-devel] [Bug 1678466] Re: using x-vga=on with vfio-pci leads to segfault
** Changed in: qemu Status: New => Fix Committed -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1678466 Title: using x-vga=on with vfio-pci leads to segfault Status in QEMU: Fix Committed Bug description: bug occures at least with qemu 2.8.0 and 2.8.1 in 64bit-system stripped cmd for minimal config: qemu-system-i386 -m 2048 -M q35 -enable-kvm -nodefaults -nodefconfig -device ioh3420,bus=pcie.0,addr=0x9,multifunction=on,port=1,chassis=1,id=root.1 -device vfio-pci,host=01:00.0,bus=root.1,addr=01.0,x-vga=on Backtrace is: #0 0x557ca836 in memory_region_update_container_subregions (subregion=0x5828f2f0) at qemu-2.8.1/memory.c:2030 #1 0x557ca9dc in memory_region_add_subregion_common (mr=0x0, offset=8, subregion=0x5828f2f0) at qemu-2.8.1/memory.c:2049 #2 0x557caa9a in memory_region_add_subregion_overlap (mr=0x0, offset=8, subregion=0x5828f2f0, priority=1) at qemu-2.8.1/memory.c:2066 #3 0x55832e48 in vfio_probe_nvidia_bar5_quirk (vdev=0x5805aef0, nr=5) at qemu-2.8.1/hw/vfio/pci-quirks.c:689 #4 0x55835433 in vfio_bar_quirk_setup (vdev=0x5805aef0, nr=5) at qemu-2.8.1/hw/vfio/pci-quirks.c:1652 #5 0x5582f122 in vfio_realize (pdev=0x5805aef0, errp=0x7fffdc78) at qemu-2.8.1/hw/vfio/pci.c:2777 #6 0x55a86195 in pci_qdev_realize (qdev=0x5805aef0, errp=0x7fffdcf0) at hw/pci/pci.c:1966 #7 0x559be7b7 in device_set_realized (obj=0x5805aef0, value=true, errp=0x7fffdeb0) at hw/core/qdev.c:918 #8 0x55bb017f in property_set_bool (obj=0x5805aef0, v=0x5805ced0, name=0x56071b56 "realized", opaque=0x57f15860, errp=0x7fffdeb0) at qom/object.c:1854 #9 0x55bae2e6 in object_property_set (obj=0x5805aef0, v=0x5805ced0, name=0x56071b56 "realized", errp=0x7fffdeb0) at qom/object.c:1088 #10 0x55bb184f in object_property_set_qobject (obj=0x5805aef0, value=0x5805cd70, name=0x56071b56 "realized", errp=0x7fffdeb0) at qom/qom-qobject.c:27 #11 0x55bae637 in object_property_set_bool (obj=0x5805aef0, value=true, name=0x56071b56 "realized", errp=0x7fffdeb0) at qom/object.c:1157 #12 0x558fee4b in qdev_device_add (opts=0x56b15160, errp=0x7fffdf28) at qdev-monitor.c:623 #13 0x559142c1 in device_init_func (opaque=0x0, opts=0x56b15160, errp=0x0) at vl.c:2373 #14 0x55cc3bb7 in qemu_opts_foreach (list=0x56548b80 , func=0x55914283 , opaque=0x0, errp=0x0) at util/qemu-option.c:1116 #15 0x559198aa in main (argc=12, argv=0x7fffe388, envp=0x7fffe3f0) at vl.c:4574 as I can see, it happens during initialization of the device-option. seems that the code tries to loop over a memory-region mr, which is null from at least three calls before it crashes. because there seems to be special handling for nvidia-cards, here're the pci-infos of the card: 01:00.0 VGA compatible controller [0300]: NVIDIA Corporation G72 [GeForce 7300 GS] [10de:01df] (rev a1) (prog-if 00 [VGA controller]) Subsystem: Gigabyte Technology Co., Ltd Device [1458:342a] Flags: fast devsel, IRQ 16 Memory at de00 (32-bit, non-prefetchable) [disabled] [size=16M] Memory at c000 (64-bit, prefetchable) [disabled] [size=256M] Memory at dd00 (64-bit, non-prefetchable) [disabled] [size=16M] Expansion ROM at df00 [disabled] [size=128K] Capabilities: [60] Power Management version 2 Capabilities: [68] MSI: Enable- Count=1/1 Maskable- 64bit+ Capabilities: [78] Express Endpoint, MSI 00 Capabilities: [100] Virtual Channel Capabilities: [128] Power Budgeting Kernel driver in use: vfio-pci at least with a similar card in another slot the crash does not occure. (sorry, can't change the slots at the moment) To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1678466/+subscriptions
[Qemu-devel] [Bug 1678466] Re: using x-vga=on with vfio-pci leads to segfault
This is now fixed in QEMU 2.9-rc -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1678466 Title: using x-vga=on with vfio-pci leads to segfault Status in QEMU: New Bug description: bug occures at least with qemu 2.8.0 and 2.8.1 in 64bit-system stripped cmd for minimal config: qemu-system-i386 -m 2048 -M q35 -enable-kvm -nodefaults -nodefconfig -device ioh3420,bus=pcie.0,addr=0x9,multifunction=on,port=1,chassis=1,id=root.1 -device vfio-pci,host=01:00.0,bus=root.1,addr=01.0,x-vga=on Backtrace is: #0 0x557ca836 in memory_region_update_container_subregions (subregion=0x5828f2f0) at qemu-2.8.1/memory.c:2030 #1 0x557ca9dc in memory_region_add_subregion_common (mr=0x0, offset=8, subregion=0x5828f2f0) at qemu-2.8.1/memory.c:2049 #2 0x557caa9a in memory_region_add_subregion_overlap (mr=0x0, offset=8, subregion=0x5828f2f0, priority=1) at qemu-2.8.1/memory.c:2066 #3 0x55832e48 in vfio_probe_nvidia_bar5_quirk (vdev=0x5805aef0, nr=5) at qemu-2.8.1/hw/vfio/pci-quirks.c:689 #4 0x55835433 in vfio_bar_quirk_setup (vdev=0x5805aef0, nr=5) at qemu-2.8.1/hw/vfio/pci-quirks.c:1652 #5 0x5582f122 in vfio_realize (pdev=0x5805aef0, errp=0x7fffdc78) at qemu-2.8.1/hw/vfio/pci.c:2777 #6 0x55a86195 in pci_qdev_realize (qdev=0x5805aef0, errp=0x7fffdcf0) at hw/pci/pci.c:1966 #7 0x559be7b7 in device_set_realized (obj=0x5805aef0, value=true, errp=0x7fffdeb0) at hw/core/qdev.c:918 #8 0x55bb017f in property_set_bool (obj=0x5805aef0, v=0x5805ced0, name=0x56071b56 "realized", opaque=0x57f15860, errp=0x7fffdeb0) at qom/object.c:1854 #9 0x55bae2e6 in object_property_set (obj=0x5805aef0, v=0x5805ced0, name=0x56071b56 "realized", errp=0x7fffdeb0) at qom/object.c:1088 #10 0x55bb184f in object_property_set_qobject (obj=0x5805aef0, value=0x5805cd70, name=0x56071b56 "realized", errp=0x7fffdeb0) at qom/qom-qobject.c:27 #11 0x55bae637 in object_property_set_bool (obj=0x5805aef0, value=true, name=0x56071b56 "realized", errp=0x7fffdeb0) at qom/object.c:1157 #12 0x558fee4b in qdev_device_add (opts=0x56b15160, errp=0x7fffdf28) at qdev-monitor.c:623 #13 0x559142c1 in device_init_func (opaque=0x0, opts=0x56b15160, errp=0x0) at vl.c:2373 #14 0x55cc3bb7 in qemu_opts_foreach (list=0x56548b80 , func=0x55914283 , opaque=0x0, errp=0x0) at util/qemu-option.c:1116 #15 0x559198aa in main (argc=12, argv=0x7fffe388, envp=0x7fffe3f0) at vl.c:4574 as I can see, it happens during initialization of the device-option. seems that the code tries to loop over a memory-region mr, which is null from at least three calls before it crashes. because there seems to be special handling for nvidia-cards, here're the pci-infos of the card: 01:00.0 VGA compatible controller [0300]: NVIDIA Corporation G72 [GeForce 7300 GS] [10de:01df] (rev a1) (prog-if 00 [VGA controller]) Subsystem: Gigabyte Technology Co., Ltd Device [1458:342a] Flags: fast devsel, IRQ 16 Memory at de00 (32-bit, non-prefetchable) [disabled] [size=16M] Memory at c000 (64-bit, prefetchable) [disabled] [size=256M] Memory at dd00 (64-bit, non-prefetchable) [disabled] [size=16M] Expansion ROM at df00 [disabled] [size=128K] Capabilities: [60] Power Management version 2 Capabilities: [68] MSI: Enable- Count=1/1 Maskable- 64bit+ Capabilities: [78] Express Endpoint, MSI 00 Capabilities: [100] Virtual Channel Capabilities: [128] Power Budgeting Kernel driver in use: vfio-pci at least with a similar card in another slot the crash does not occure. (sorry, can't change the slots at the moment) To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1678466/+subscriptions
[Qemu-devel] [Bug 1678466] Re: using x-vga=on with vfio-pci leads to segfault
after applying the patch no segfault occures any more. thanks for quick fix. regarding my assumption the missing I/O may depend on bios/slot or similar: it doesn't. the card does not show the entry in either slot or even as only extra-card. -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1678466 Title: using x-vga=on with vfio-pci leads to segfault Status in QEMU: New Bug description: bug occures at least with qemu 2.8.0 and 2.8.1 in 64bit-system stripped cmd for minimal config: qemu-system-i386 -m 2048 -M q35 -enable-kvm -nodefaults -nodefconfig -device ioh3420,bus=pcie.0,addr=0x9,multifunction=on,port=1,chassis=1,id=root.1 -device vfio-pci,host=01:00.0,bus=root.1,addr=01.0,x-vga=on Backtrace is: #0 0x557ca836 in memory_region_update_container_subregions (subregion=0x5828f2f0) at qemu-2.8.1/memory.c:2030 #1 0x557ca9dc in memory_region_add_subregion_common (mr=0x0, offset=8, subregion=0x5828f2f0) at qemu-2.8.1/memory.c:2049 #2 0x557caa9a in memory_region_add_subregion_overlap (mr=0x0, offset=8, subregion=0x5828f2f0, priority=1) at qemu-2.8.1/memory.c:2066 #3 0x55832e48 in vfio_probe_nvidia_bar5_quirk (vdev=0x5805aef0, nr=5) at qemu-2.8.1/hw/vfio/pci-quirks.c:689 #4 0x55835433 in vfio_bar_quirk_setup (vdev=0x5805aef0, nr=5) at qemu-2.8.1/hw/vfio/pci-quirks.c:1652 #5 0x5582f122 in vfio_realize (pdev=0x5805aef0, errp=0x7fffdc78) at qemu-2.8.1/hw/vfio/pci.c:2777 #6 0x55a86195 in pci_qdev_realize (qdev=0x5805aef0, errp=0x7fffdcf0) at hw/pci/pci.c:1966 #7 0x559be7b7 in device_set_realized (obj=0x5805aef0, value=true, errp=0x7fffdeb0) at hw/core/qdev.c:918 #8 0x55bb017f in property_set_bool (obj=0x5805aef0, v=0x5805ced0, name=0x56071b56 "realized", opaque=0x57f15860, errp=0x7fffdeb0) at qom/object.c:1854 #9 0x55bae2e6 in object_property_set (obj=0x5805aef0, v=0x5805ced0, name=0x56071b56 "realized", errp=0x7fffdeb0) at qom/object.c:1088 #10 0x55bb184f in object_property_set_qobject (obj=0x5805aef0, value=0x5805cd70, name=0x56071b56 "realized", errp=0x7fffdeb0) at qom/qom-qobject.c:27 #11 0x55bae637 in object_property_set_bool (obj=0x5805aef0, value=true, name=0x56071b56 "realized", errp=0x7fffdeb0) at qom/object.c:1157 #12 0x558fee4b in qdev_device_add (opts=0x56b15160, errp=0x7fffdf28) at qdev-monitor.c:623 #13 0x559142c1 in device_init_func (opaque=0x0, opts=0x56b15160, errp=0x0) at vl.c:2373 #14 0x55cc3bb7 in qemu_opts_foreach (list=0x56548b80 , func=0x55914283 , opaque=0x0, errp=0x0) at util/qemu-option.c:1116 #15 0x559198aa in main (argc=12, argv=0x7fffe388, envp=0x7fffe3f0) at vl.c:4574 as I can see, it happens during initialization of the device-option. seems that the code tries to loop over a memory-region mr, which is null from at least three calls before it crashes. because there seems to be special handling for nvidia-cards, here're the pci-infos of the card: 01:00.0 VGA compatible controller [0300]: NVIDIA Corporation G72 [GeForce 7300 GS] [10de:01df] (rev a1) (prog-if 00 [VGA controller]) Subsystem: Gigabyte Technology Co., Ltd Device [1458:342a] Flags: fast devsel, IRQ 16 Memory at de00 (32-bit, non-prefetchable) [disabled] [size=16M] Memory at c000 (64-bit, prefetchable) [disabled] [size=256M] Memory at dd00 (64-bit, non-prefetchable) [disabled] [size=16M] Expansion ROM at df00 [disabled] [size=128K] Capabilities: [60] Power Management version 2 Capabilities: [68] MSI: Enable- Count=1/1 Maskable- 64bit+ Capabilities: [78] Express Endpoint, MSI 00 Capabilities: [100] Virtual Channel Capabilities: [128] Power Budgeting Kernel driver in use: vfio-pci at least with a similar card in another slot the crash does not occure. (sorry, can't change the slots at the moment) To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1678466/+subscriptions
[Qemu-devel] [Bug 1678466] Re: using x-vga=on with vfio-pci leads to segfault
Does this resolve the segfault?
diff --git a/hw/vfio/pci-quirks.c b/hw/vfio/pci-quirks.c
index e9b493b939db..349085ea12bc 100644
--- a/hw/vfio/pci-quirks.c
+++ b/hw/vfio/pci-quirks.c
@@ -660,7 +660,7 @@ static void vfio_probe_nvidia_bar5_quirk(VFIOPCIDevice *vdev
VFIOConfigWindowQuirk *window;
if (!vfio_pci_is(vdev, PCI_VENDOR_ID_NVIDIA, PCI_ANY_ID) ||
-!vdev->vga || nr != 5) {
+!vdev->vga || nr != 5 || !vdev->bars[5].ioport) {
return;
}
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1678466
Title:
using x-vga=on with vfio-pci leads to segfault
Status in QEMU:
New
Bug description:
bug occures at least with qemu 2.8.0 and 2.8.1 in 64bit-system
stripped cmd for minimal config:
qemu-system-i386 -m 2048 -M q35 -enable-kvm -nodefaults -nodefconfig -device
ioh3420,bus=pcie.0,addr=0x9,multifunction=on,port=1,chassis=1,id=root.1 -device
vfio-pci,host=01:00.0,bus=root.1,addr=01.0,x-vga=on
Backtrace is:
#0 0x557ca836 in memory_region_update_container_subregions
(subregion=0x5828f2f0) at qemu-2.8.1/memory.c:2030
#1 0x557ca9dc in memory_region_add_subregion_common (mr=0x0,
offset=8, subregion=0x5828f2f0) at qemu-2.8.1/memory.c:2049
#2 0x557caa9a in memory_region_add_subregion_overlap (mr=0x0,
offset=8, subregion=0x5828f2f0, priority=1) at qemu-2.8.1/memory.c:2066
#3 0x55832e48 in vfio_probe_nvidia_bar5_quirk (vdev=0x5805aef0,
nr=5) at qemu-2.8.1/hw/vfio/pci-quirks.c:689
#4 0x55835433 in vfio_bar_quirk_setup (vdev=0x5805aef0, nr=5) at
qemu-2.8.1/hw/vfio/pci-quirks.c:1652
#5 0x5582f122 in vfio_realize (pdev=0x5805aef0,
errp=0x7fffdc78) at qemu-2.8.1/hw/vfio/pci.c:2777
#6 0x55a86195 in pci_qdev_realize (qdev=0x5805aef0,
errp=0x7fffdcf0) at hw/pci/pci.c:1966
#7 0x559be7b7 in device_set_realized (obj=0x5805aef0,
value=true, errp=0x7fffdeb0) at hw/core/qdev.c:918
#8 0x55bb017f in property_set_bool (obj=0x5805aef0,
v=0x5805ced0, name=0x56071b56 "realized", opaque=0x57f15860,
errp=0x7fffdeb0) at qom/object.c:1854
#9 0x55bae2e6 in object_property_set (obj=0x5805aef0,
v=0x5805ced0, name=0x56071b56 "realized", errp=0x7fffdeb0) at
qom/object.c:1088
#10 0x55bb184f in object_property_set_qobject (obj=0x5805aef0,
value=0x5805cd70, name=0x56071b56 "realized", errp=0x7fffdeb0) at
qom/qom-qobject.c:27
#11 0x55bae637 in object_property_set_bool (obj=0x5805aef0,
value=true, name=0x56071b56 "realized", errp=0x7fffdeb0) at
qom/object.c:1157
#12 0x558fee4b in qdev_device_add (opts=0x56b15160,
errp=0x7fffdf28) at qdev-monitor.c:623
#13 0x559142c1 in device_init_func (opaque=0x0, opts=0x56b15160,
errp=0x0) at vl.c:2373
#14 0x55cc3bb7 in qemu_opts_foreach (list=0x56548b80
, func=0x55914283 , opaque=0x0,
errp=0x0) at util/qemu-option.c:1116
#15 0x559198aa in main (argc=12, argv=0x7fffe388,
envp=0x7fffe3f0) at vl.c:4574
as I can see, it happens during initialization of the device-option.
seems that the code tries to loop over a memory-region mr, which is
null from at least three calls before it crashes.
because there seems to be special handling for nvidia-cards, here're the
pci-infos of the card:
01:00.0 VGA compatible controller [0300]: NVIDIA Corporation G72 [GeForce
7300 GS] [10de:01df] (rev a1) (prog-if 00 [VGA controller])
Subsystem: Gigabyte Technology Co., Ltd Device [1458:342a]
Flags: fast devsel, IRQ 16
Memory at de00 (32-bit, non-prefetchable) [disabled] [size=16M]
Memory at c000 (64-bit, prefetchable) [disabled] [size=256M]
Memory at dd00 (64-bit, non-prefetchable) [disabled] [size=16M]
Expansion ROM at df00 [disabled] [size=128K]
Capabilities: [60] Power Management version 2
Capabilities: [68] MSI: Enable- Count=1/1 Maskable- 64bit+
Capabilities: [78] Express Endpoint, MSI 00
Capabilities: [100] Virtual Channel
Capabilities: [128] Power Budgeting
Kernel driver in use: vfio-pci
at least with a similar card in another slot the crash does not occure.
(sorry, can't change the slots at the moment)
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1678466/+subscriptions
[Qemu-devel] [Bug 1678466] Re: using x-vga=on with vfio-pci leads to segfault
It's highly likely that a 7-series GeForce has a different BAR layout than a modern card and should be considered unsupported. Is the "similar card in another slot" also a 7-series or older card? Out of curiosity, add another -v to the lspci output (lspci -vv) so that it identifies which BARs are which. A more modern card looks like this: Region 0: Memory at f600 (32-bit, non-prefetchable) [size=16M] Region 1: Memory at e000 (64-bit, prefetchable) [size=256M] Region 3: Memory at f000 (64-bit, prefetchable) [size=32M] Region 5: I/O ports at e000 [size=128] Expansion ROM at f700 [disabled] [size=512K] Thus the quirk should be triggered on the I/O port BAR, which your card doesn't seem to have. -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1678466 Title: using x-vga=on with vfio-pci leads to segfault Status in QEMU: New Bug description: bug occures at least with qemu 2.8.0 and 2.8.1 in 64bit-system stripped cmd for minimal config: qemu-system-i386 -m 2048 -M q35 -enable-kvm -nodefaults -nodefconfig -device ioh3420,bus=pcie.0,addr=0x9,multifunction=on,port=1,chassis=1,id=root.1 -device vfio-pci,host=01:00.0,bus=root.1,addr=01.0,x-vga=on Backtrace is: #0 0x557ca836 in memory_region_update_container_subregions (subregion=0x5828f2f0) at qemu-2.8.1/memory.c:2030 #1 0x557ca9dc in memory_region_add_subregion_common (mr=0x0, offset=8, subregion=0x5828f2f0) at qemu-2.8.1/memory.c:2049 #2 0x557caa9a in memory_region_add_subregion_overlap (mr=0x0, offset=8, subregion=0x5828f2f0, priority=1) at qemu-2.8.1/memory.c:2066 #3 0x55832e48 in vfio_probe_nvidia_bar5_quirk (vdev=0x5805aef0, nr=5) at qemu-2.8.1/hw/vfio/pci-quirks.c:689 #4 0x55835433 in vfio_bar_quirk_setup (vdev=0x5805aef0, nr=5) at qemu-2.8.1/hw/vfio/pci-quirks.c:1652 #5 0x5582f122 in vfio_realize (pdev=0x5805aef0, errp=0x7fffdc78) at qemu-2.8.1/hw/vfio/pci.c:2777 #6 0x55a86195 in pci_qdev_realize (qdev=0x5805aef0, errp=0x7fffdcf0) at hw/pci/pci.c:1966 #7 0x559be7b7 in device_set_realized (obj=0x5805aef0, value=true, errp=0x7fffdeb0) at hw/core/qdev.c:918 #8 0x55bb017f in property_set_bool (obj=0x5805aef0, v=0x5805ced0, name=0x56071b56 "realized", opaque=0x57f15860, errp=0x7fffdeb0) at qom/object.c:1854 #9 0x55bae2e6 in object_property_set (obj=0x5805aef0, v=0x5805ced0, name=0x56071b56 "realized", errp=0x7fffdeb0) at qom/object.c:1088 #10 0x55bb184f in object_property_set_qobject (obj=0x5805aef0, value=0x5805cd70, name=0x56071b56 "realized", errp=0x7fffdeb0) at qom/qom-qobject.c:27 #11 0x55bae637 in object_property_set_bool (obj=0x5805aef0, value=true, name=0x56071b56 "realized", errp=0x7fffdeb0) at qom/object.c:1157 #12 0x558fee4b in qdev_device_add (opts=0x56b15160, errp=0x7fffdf28) at qdev-monitor.c:623 #13 0x559142c1 in device_init_func (opaque=0x0, opts=0x56b15160, errp=0x0) at vl.c:2373 #14 0x55cc3bb7 in qemu_opts_foreach (list=0x56548b80 , func=0x55914283 , opaque=0x0, errp=0x0) at util/qemu-option.c:1116 #15 0x559198aa in main (argc=12, argv=0x7fffe388, envp=0x7fffe3f0) at vl.c:4574 as I can see, it happens during initialization of the device-option. seems that the code tries to loop over a memory-region mr, which is null from at least three calls before it crashes. because there seems to be special handling for nvidia-cards, here're the pci-infos of the card: 01:00.0 VGA compatible controller [0300]: NVIDIA Corporation G72 [GeForce 7300 GS] [10de:01df] (rev a1) (prog-if 00 [VGA controller]) Subsystem: Gigabyte Technology Co., Ltd Device [1458:342a] Flags: fast devsel, IRQ 16 Memory at de00 (32-bit, non-prefetchable) [disabled] [size=16M] Memory at c000 (64-bit, prefetchable) [disabled] [size=256M] Memory at dd00 (64-bit, non-prefetchable) [disabled] [size=16M] Expansion ROM at df00 [disabled] [size=128K] Capabilities: [60] Power Management version 2 Capabilities: [68] MSI: Enable- Count=1/1 Maskable- 64bit+ Capabilities: [78] Express Endpoint, MSI 00 Capabilities: [100] Virtual Channel Capabilities: [128] Power Budgeting Kernel driver in use: vfio-pci at least with a similar card in another slot the crash does not occure. (sorry, can't change the slots at the moment) To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1678466/+subscriptions
[Qemu-devel] [Bug 1678466] Re: using x-vga=on with vfio-pci leads to segfault
well but even if it's unsupported it shouldn't segfault... the other card is nearly the same this one is a GeForce 7300 GS, the other a GeForce 7300 GT I think, the above output was done with "lspci -vv", but I've do it again: lspci -vv for the "bad card" is: 01:00.0 VGA compatible controller: NVIDIA Corporation G72 [GeForce 7300 GS] (rev a1) (prog-if 00 [VGA controller]) Subsystem: Gigabyte Technology Co., Ltd Device 342a Flags: fast devsel, IRQ 16 Memory at de00 (32-bit, non-prefetchable) [disabled] [size=16M] Memory at c000 (64-bit, prefetchable) [disabled] [size=256M] Memory at dd00 (64-bit, non-prefetchable) [disabled] [size=16M] Expansion ROM at df00 [disabled] [size=128K] Capabilities: [60] Power Management version 2 Capabilities: [68] MSI: Enable- Count=1/1 Maskable- 64bit+ Capabilities: [78] Express Endpoint, MSI 00 Capabilities: [100] Virtual Channel Capabilities: [128] Power Budgeting Kernel driver in use: vfio-pci and for the "good" card: 07:00.0 VGA compatible controller: NVIDIA Corporation G73 [GeForce 7300 GT] (rev a1) (prog-if 00 [VGA controller]) Subsystem: CardExpert Technology Device 1401 Flags: fast devsel, IRQ 16 Memory at db00 (32-bit, non-prefetchable) [disabled] [size=16M] Memory at b000 (64-bit, prefetchable) [disabled] [size=256M] Memory at da00 (64-bit, non-prefetchable) [disabled] [size=16M] I/O ports at e000 [disabled] [size=128] Expansion ROM at dc00 [disabled] [size=128K] Capabilities: [60] Power Management version 2 Capabilities: [68] MSI: Enable- Count=1/1 Maskable- 64bit+ Capabilities: [78] Express Endpoint, MSI 00 Capabilities: [100] Virtual Channel Capabilities: [128] Power Budgeting Kernel driver in use: vfio-pci your're right that the I/O-Port is not shown for the "bad" card, even I don't know why. Maybe because the card's bios-routine saw the other or vice versa. nevertheless, segfaults are not nice... -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1678466 Title: using x-vga=on with vfio-pci leads to segfault Status in QEMU: New Bug description: bug occures at least with qemu 2.8.0 and 2.8.1 in 64bit-system stripped cmd for minimal config: qemu-system-i386 -m 2048 -M q35 -enable-kvm -nodefaults -nodefconfig -device ioh3420,bus=pcie.0,addr=0x9,multifunction=on,port=1,chassis=1,id=root.1 -device vfio-pci,host=01:00.0,bus=root.1,addr=01.0,x-vga=on Backtrace is: #0 0x557ca836 in memory_region_update_container_subregions (subregion=0x5828f2f0) at qemu-2.8.1/memory.c:2030 #1 0x557ca9dc in memory_region_add_subregion_common (mr=0x0, offset=8, subregion=0x5828f2f0) at qemu-2.8.1/memory.c:2049 #2 0x557caa9a in memory_region_add_subregion_overlap (mr=0x0, offset=8, subregion=0x5828f2f0, priority=1) at qemu-2.8.1/memory.c:2066 #3 0x55832e48 in vfio_probe_nvidia_bar5_quirk (vdev=0x5805aef0, nr=5) at qemu-2.8.1/hw/vfio/pci-quirks.c:689 #4 0x55835433 in vfio_bar_quirk_setup (vdev=0x5805aef0, nr=5) at qemu-2.8.1/hw/vfio/pci-quirks.c:1652 #5 0x5582f122 in vfio_realize (pdev=0x5805aef0, errp=0x7fffdc78) at qemu-2.8.1/hw/vfio/pci.c:2777 #6 0x55a86195 in pci_qdev_realize (qdev=0x5805aef0, errp=0x7fffdcf0) at hw/pci/pci.c:1966 #7 0x559be7b7 in device_set_realized (obj=0x5805aef0, value=true, errp=0x7fffdeb0) at hw/core/qdev.c:918 #8 0x55bb017f in property_set_bool (obj=0x5805aef0, v=0x5805ced0, name=0x56071b56 "realized", opaque=0x57f15860, errp=0x7fffdeb0) at qom/object.c:1854 #9 0x55bae2e6 in object_property_set (obj=0x5805aef0, v=0x5805ced0, name=0x56071b56 "realized", errp=0x7fffdeb0) at qom/object.c:1088 #10 0x55bb184f in object_property_set_qobject (obj=0x5805aef0, value=0x5805cd70, name=0x56071b56 "realized", errp=0x7fffdeb0) at qom/qom-qobject.c:27 #11 0x55bae637 in object_property_set_bool (obj=0x5805aef0, value=true, name=0x56071b56 "realized", errp=0x7fffdeb0) at qom/object.c:1157 #12 0x558fee4b in qdev_device_add (opts=0x56b15160, errp=0x7fffdf28) at qdev-monitor.c:623 #13 0x559142c1 in device_init_func (opaque=0x0, opts=0x56b15160, errp=0x0) at vl.c:2373 #14 0x55cc3bb7 in qemu_opts_foreach (list=0x56548b80 , func=0x55914283 , opaque=0x0, errp=0x0) at util/qemu-option.c:1116 #15 0x559198aa in main (argc=12, argv=0x7fffe388, envp=0x7fffe3f0) at vl.c:4574 as I can see, it happens during initialization of the device-option. seems that the code tries to loop over a memory-region mr, which is null
