Re: KVM crashes when using certain USB device

Jim Paris <jim@xxxxxxxx> · Thu, 16 Jul 2009 03:15:26 -0400

Hi G,

> >> I've continued my attempts to get the HASP dongle working, but with no success:
...
> Good idea. The results from three test runs after that change are in
> the attached files. The third was done while also dumping the USB bus,
> and the output from that dump is also attached.

The gdb output here looks questionable.  Only the second trial seems
to have USB related stuff in the backtrace, so either gdb is wrong or
there's some memory corruption that is causing crashes elsewhere.
Maybe valgrind could help?

You can also add more debugging to the usb code to try to figure out
where things are going wrong.  See the attached patch for some printfs
that might help.

Try again with less memory on the guest, like -m 2048, just to reduce
possible problems with the 32-bit guest and address space.

I didn't see anything obviously wrong with the usbmon dumps you sent,
or the debugging that qemu printed out, but I'm not familiar with this
code.

Even though you're having problems with -no-kvm, I suspect this is an
upstream qemu issue, so you should probably try the qemu list too.

-jim
diff -urN kvm-87/usb-linux.c kvm-87-debug/usb-linux.c

--- kvm-87/usb-linux.c	2009-06-23 09:32:38.000000000 -0400
+++ kvm-87-debug/usb-linux.c	2009-07-16 03:06:22.000000000 -0400
@@ -209,16 +209,21 @@
 
 static AsyncURB *async_alloc(void)
 {
-    return (AsyncURB *) qemu_mallocz(sizeof(AsyncURB));
+    AsyncURB *aurb = (AsyncURB *) qemu_mallocz(sizeof(AsyncURB));
+    dprintf("husb: allocated %p\n", aurb);
+    return aurb;
 }
 
 static void async_free(AsyncURB *aurb)
 {
+    dprintf("husb: freeing %p\n", aurb);
     qemu_free(aurb);
 }
 
 static void async_complete_ctrl(USBHostDevice *s, USBPacket *p)
 {
+    dprintf("husb: complete ctrl, host state %d len %d\n", 
+	    s->ctrl.state, s->ctrl.len);
     switch(s->ctrl.state) {
     case CTRL_STATE_SETUP:
         if (p->len < s->ctrl.len)
@@ -266,6 +271,7 @@
                 aurb, aurb->urb.status, aurb->urb.actual_length);
 
 	if (p) {
+	    dprintf("husb: p=%p\n", p);
             switch (aurb->urb.status) {
             case 0:
                 p->len = aurb->urb.actual_length;
@@ -280,11 +286,12 @@
                 p->len = USB_RET_NAK;
                 break;
             }
-
+	    dprintf("husb: completing, p->len=%d\n", p->len);
             usb_packet_complete(p);
 	}
 
         async_free(aurb);
+
     }
 }
 




