From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jan Kiszka Subject: Re: [PATCH] kvm-all: Use 'tmpcpu' instead of 'cpu' in sub-looping to avoid 'cpu' be NULL Date: Sun, 20 Jul 2014 09:29:03 +0200 Message-ID: <53CB6FBF.1060009@web.de> References: <53C9C82A.2060003@gmail.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="I42XKARBwdl7Df9FlPPnJQuIqaqXrwhfh" Cc: qemu-trivial@nongnu.org, qemu-devel@nongnu.org, kvm@vger.kernel.org To: Chen Gang , Michael Tokarev , pbonzini@redhat.com Return-path: Received: from mout.web.de ([212.227.15.14]:62107 "EHLO mout.web.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751982AbaGTH3Y (ORCPT ); Sun, 20 Jul 2014 03:29:24 -0400 In-Reply-To: <53C9C82A.2060003@gmail.com> Sender: kvm-owner@vger.kernel.org List-ID: This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --I42XKARBwdl7Df9FlPPnJQuIqaqXrwhfh Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 2014-07-19 03:21, Chen Gang wrote: > If kvm_arch_remove_sw_breakpoint() in CPU_FOREACH() always be fail, it > will let 'cpu' NULL. And the next kvm_arch_remove_sw_breakpoint() in > QTAILQ_FOREACH_SAFE() will get NULL parameter for 'cpu'. >=20 > And kvm_arch_remove_sw_breakpoint() can assumes 'cpu' must never be NUL= L, > so need define additional temporary variable for 'cpu' to avoid the cas= e. >=20 >=20 > Signed-off-by: Chen Gang > --- > kvm-all.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) >=20 > diff --git a/kvm-all.c b/kvm-all.c > index 3ae30ee..1402f4f 100644 > --- a/kvm-all.c > +++ b/kvm-all.c > @@ -2077,12 +2077,13 @@ void kvm_remove_all_breakpoints(CPUState *cpu) > { > struct kvm_sw_breakpoint *bp, *next; > KVMState *s =3D cpu->kvm_state; > + CPUState *tmpcpu; > =20 > QTAILQ_FOREACH_SAFE(bp, &s->kvm_sw_breakpoints, entry, next) { > if (kvm_arch_remove_sw_breakpoint(cpu, bp) !=3D 0) { > /* Try harder to find a CPU that currently sees the breakp= oint. */ > - CPU_FOREACH(cpu) { > - if (kvm_arch_remove_sw_breakpoint(cpu, bp) =3D=3D 0) {= > + CPU_FOREACH(tmpcpu) { > + if (kvm_arch_remove_sw_breakpoint(tmpcpu, bp) =3D=3D 0= ) { > break; > } > } >=20 Good catch. To make it clear in the changelog: The actual issue is that we misuse "cpu" as an iteration variable while its original value is still in use. That cpu can eventually become NULL this way is one result.= Jan --I42XKARBwdl7Df9FlPPnJQuIqaqXrwhfh Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlPLb8MACgkQitSsb3rl5xRa2ACgjCNdDeVxG+mvBJ+685ICv++W kC0AoJLMbqHFeipKGDMhikq3LUuvtFfm =SeCO -----END PGP SIGNATURE----- --I42XKARBwdl7Df9FlPPnJQuIqaqXrwhfh--