| commit | e5ff041f62fd01154dc91f9ac43ac3498b4689e1 | |
| author | Peter Maydell <peter.maydell@linaro.org> | |
| Sat, 22 Jan 2022 18:24:33 +0000 (22 18:24 +0000) | ||
| committer | Peter Maydell <peter.maydell@linaro.org> | |
| Fri, 28 Jan 2022 14:29:47 +0000 (28 14:29 +0000) | ||
| tree | 812f9b65f2ca405c4269fcfc8be0048785e8935f | treesnapshot (tar.gz zip) |
| parent | 195209d3682847b253175af7a1cffd2c007273a2 | commitdiff |
hw/intc/arm_gicv3: Initialise dma_as in GIC, not ITS
In our implementation, all ITSes connected to a GIC share a single
AddressSpace, which we keep in the GICv3State::dma_as field and
initialized based on the GIC's 'sysmem' property. The right place
to set it up by calling address_space_init() is therefore in the
GIC's realize method, not the ITS's realize.
This fixes a theoretical bug where QEMU hangs on startup if the board
model creates two ITSes connected to the same GIC -- we would call
address_space_init() twice on the same AddressSpace*, which creates
an infinite loop in the QTAILQ that softmmu/memory.c uses to store
its list of AddressSpaces and causes any subsequent attempt to
iterate through that list to loop forever. There aren't any board
models like that in the tree at the moment, though.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220122182444.724087-4-peter.maydell@linaro.org
In our implementation, all ITSes connected to a GIC share a single
AddressSpace, which we keep in the GICv3State::dma_as field and
initialized based on the GIC's 'sysmem' property. The right place
to set it up by calling address_space_init() is therefore in the
GIC's realize method, not the ITS's realize.
This fixes a theoretical bug where QEMU hangs on startup if the board
model creates two ITSes connected to the same GIC -- we would call
address_space_init() twice on the same AddressSpace*, which creates
an infinite loop in the QTAILQ that softmmu/memory.c uses to store
its list of AddressSpaces and causes any subsequent attempt to
iterate through that list to loop forever. There aren't any board
models like that in the tree at the moment, though.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220122182444.724087-4-peter.maydell@linaro.org
| hw/intc/arm_gicv3_common.c | diffblobblamehistory | |
| hw/intc/arm_gicv3_its.c | diffblobblamehistory |