On 28/5/26 11:31, Mohammadfaiz Bawa wrote:
Calling memory_region_init_ram_device_ptr() and
memory_region_init_io() from tpm_tis_sysbus_initfn() crashes
when the device is introspected without being realized, because
the memory subsystem has not been initialized at that point.
So running:
$ qemu-system-aarch64 -device tpm-tis-device,help
triggers qdev_device_help() which creates the device object
to list its properties, calling instance_init, but never
realizefn. The memory region calls in instance_init then hit
uninitialized subsystems:
With CONFIG_DEBUG_TCG:
Assertion 'target_page.decided' failed. (physmem.c:2524)
Without CONFIG_DEBUG_TCG:
Assertion 'mutex->initialized' failed. (qemu-thread-posix.c:107)
Since realizefn is only called when the device is actually
used in a running VM, moving resource allocation there avoids
the crash without breaking introspection.
Signed-off-by: Mohammadfaiz Bawa <[email protected]>
---
Changes in v2:
- Also move memory_region_init_io() to realizefn (Philippe)
- Make host_page_size const (Philippe)
- Reword commit message to cover both crash variants
hw/tpm/tpm_tis_sysbus.c | 18 ++++++++----------
1 file changed, 8 insertions(+), 10 deletions(-)
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
