qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] Segfault using qemu-system-arm in smc91c111

From: Peter Maydell
Subject: Re: [Qemu-devel] Segfault using qemu-system-arm in smc91c111
Date: Fri, 4 Sep 2015 18:30:35 +0100 
On 4 September 2015 at 18:20, Richard Purdie
<address@hidden> wrote:
> On Fri, 2015-09-04 at 13:43 +0100, Richard Purdie wrote:
>> On Fri, 2015-09-04 at 12:31 +0100, Peter Maydell wrote:
>> > On 4 September 2015 at 12:24, Richard Purdie
>> > <address@hidden> wrote:
>> > > So just based on that, yes, seems that the rx_fifo looks to be
>> > > overrunning. I can add the asserts but I think it would just confirm
>> > > this.
>> >
>> > Yes, the point of adding assertions is to confirm a hypothesis.
>>
>> I've now confirmed that it does indeed trigger the assert in
>> smc91c111_receive().
>
> I just tried an experiment where I put:
>
>     if (s->rx_fifo_len >= NUM_PACKETS)
>         return -1;
>
> into smc91c111_receive() and my reproducer stops reproducing the
> problem. I also noticed can_receive() could also have a check on buffer
> availability. Would one of these changes be the correct fix here?

The interesting question is why smc91c111_allocate_packet() doesn't
fail in this situation. We only have NUM_PACKETS worth of storage,
shared between the tx and rx buffers, so how could we both have
already filled the rx_fifo and have a spare packet for the allocate
function to return?

-- PMM
reply via email to
[Prev in Thread] Current Thread [Next in Thread]