From: Eric Blake <eblake@redhat.com>
To: Bug 1529859 <1529859@bugs.launchpad.net>, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [Bug 1529859] [NEW] qemu 2.5.0 ivshmem segfault with msi=off option
Date: Mon, 4 Jan 2016 13:24:23 -0700 [thread overview]
Message-ID: <568AD4F7.6090702@redhat.com> (raw)
In-Reply-To: <20151229133835.25580.50152.malonedeb@soybean.canonical.com>
[-- Attachment #1: Type: text/plain, Size: 1817 bytes --]
On 12/29/2015 06:38 AM, maquefel wrote:
> Public bug reported:
>
> Launching qemu with "-device ivshmem,chardev=ivshmemid,msi=off -chardev
> socket,path=/tmp/ivshmem_socket,id=ivshmemid"
>
> Causes segfault because, s->msi_vectors is not initialized and
> s->msi_vectors == 0.
>
> Does ivshmem exactly need this line ? :
>
> s->msi_vectors[vector].pdev = pdev;
>
> It makes no sence for me.
>
> Subject: [PATCH] fixed ivshmem empty msi vector on msi=off segfault
Patches require a Signed-off-by: line before they can be applied.
>
> ---
> hw/misc/ivshmem.c | 9 ++++-----
> 1 file changed, 4 insertions(+), 5 deletions(-)
>
> diff --git a/hw/misc/ivshmem.c b/hw/misc/ivshmem.c
> index f73f0c2..2087d5e 100644
> --- a/hw/misc/ivshmem.c
> +++ b/hw/misc/ivshmem.c
> @@ -359,8 +359,6 @@ static CharDriverState* create_eventfd_chr_device(void * opaque, EventNotifier *
> int eventfd = event_notifier_get_fd(n);
> CharDriverState *chr;
>
> - s->msi_vectors[vector].pdev = pdev;
> -
This avoids the segfault, but it may break other uses. Are you sure you
don't need an 'if (s->msi_vectors[vector])' conditional?
> chr = qemu_chr_open_eventfd(eventfd);
>
> if (chr == NULL) {
> @@ -1038,10 +1036,11 @@ static void pci_ivshmem_exit(PCIDevice *dev)
> }
>
> if (ivshmem_has_feature(s, IVSHMEM_MSI)) {
> - msix_uninit_exclusive_bar(dev);
> + msix_uninit_exclusive_bar(dev);
I can't see what's changing here. Whitespace?
> }
> -
> - g_free(s->msi_vectors);
> +
> + if(s->msi_vectors)
> + g_free(s->msi_vectors);
This hunk is bogus. g_free(NULL) already works properly.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]
next prev parent reply other threads:[~2016-01-04 20:24 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-29 13:38 [Qemu-devel] [Bug 1529859] [NEW] qemu 2.5.0 ivshmem segfault with msi=off option maquefel
2016-01-04 20:24 ` Eric Blake [this message]
2016-01-04 21:46 ` Marc-André Lureau
2016-01-05 10:02 ` [Qemu-devel] [Bug 1529859] " maquefel
2016-06-23 19:18 ` T. Huth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=568AD4F7.6090702@redhat.com \
--to=eblake@redhat.com \
--cc=1529859@bugs.launchpad.net \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.