On Thu, 28 May 2026 at 10:31, Mohammadfaiz Bawa <[email protected]> wrote:
>
> Calling memory_region_init_ram_device_ptr() and
> memory_region_init_io() from tpm_tis_sysbus_initfn() crashes
> when the device is introspected without being realized, because
> the memory subsystem has not been initialized at that point.
>
> So running:
> $ qemu-system-aarch64 -device tpm-tis-device,help
>
> triggers qdev_device_help() which creates the device object
> to list its properties, calling instance_init, but never
> realizefn. The memory region calls in instance_init then hit
> uninitialized subsystems:
>
> With CONFIG_DEBUG_TCG:
> Assertion 'target_page.decided' failed. (physmem.c:2524)
>
> Without CONFIG_DEBUG_TCG:
> Assertion 'mutex->initialized' failed. (qemu-thread-posix.c:107)
>
> Since realizefn is only called when the device is actually
> used in a running VM, moving resource allocation there avoids
> the crash without breaking introspection.
>
>
> Signed-off-by: Mohammadfaiz Bawa <[email protected]>
This also fixes a memory leak that is reported by the address
sanitizer during 'make check', because we currently allocate
ppi.buf during instance_init and never free it. "Allocate in
realize and never free" is less bad, because we don't currently
support "unrealize and destroy a sysbus device".
Fixes: 46cd2c1050f ("hw/tpm: add PPI support to tpm-tis-device for ARM64 virt")
thanks
-- PMM
