From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:41505) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Y1DKV-000609-LD for qemu-devel@nongnu.org; Wed, 17 Dec 2014 07:03:52 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Y1DKP-0004N3-QO for qemu-devel@nongnu.org; Wed, 17 Dec 2014 07:03:47 -0500 Received: from cantor2.suse.de ([195.135.220.15]:40216 helo=mx2.suse.de) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Y1DKP-0004Mw-Kc for qemu-devel@nongnu.org; Wed, 17 Dec 2014 07:03:41 -0500 Message-ID: <5491711B.3050105@suse.de> Date: Wed, 17 Dec 2014 13:03:39 +0100 From: Alexander Graf MIME-Version: 1.0 References: <1418006882-12246-1-git-send-email-david@gibson.dropbear.id.au> In-Reply-To: <1418006882-12246-1-git-send-email-david@gibson.dropbear.id.au> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH] Fix crash on spapr_tce_table_finalize() List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: David Gibson , aik@ozlabs.ru, mdroth@us.ibm.com Cc: qemu-devel@nongnu.org On 08.12.14 03:48, David Gibson wrote: > spapr_tce_table_finalize() can SEGV if the object was not previously > realized. In particular this can be triggered by running > qemu-system-ppc -device spapr-tce-table,? > > The basic problem is that we have mismatched initialization versus > finalization: spapr_tce_table_finalize() is attempting to undo things that > are done in spapr_tce_table_realize(), not an instance_init function. > > Therefore, replace spapr_tce_table_finalize() with > spapr_tce_table_unrealize(). > > Signed-off-by: David Gibson Thanks, applied to ppc-next and added CC stable. Alex