From: Alexander Graf <agraf@suse.de>
To: qemu-ppc@nongnu.org
Cc: peter.maydell@linaro.org, qemu-stable@nongnu.org,
qemu-devel@nongnu.org, David Gibson <david@gibson.dropbear.id.au>
Subject: [Qemu-devel] [PULL 18/37] PPC: Fix crash on spapr_tce_table_finalize()
Date: Wed, 7 Jan 2015 16:20:29 +0100 [thread overview]
Message-ID: <1420644048-16919-19-git-send-email-agraf@suse.de> (raw)
In-Reply-To: <1420644048-16919-1-git-send-email-agraf@suse.de>
From: David Gibson <david@gibson.dropbear.id.au>
spapr_tce_table_finalize() can SEGV if the object was not previously
realized. In particular this can be triggered by running
qemu-system-ppc -device spapr-tce-table,?
The basic problem is that we have mismatched initialization versus
finalization: spapr_tce_table_finalize() is attempting to undo things that
are done in spapr_tce_table_realize(), not an instance_init function.
Therefore, replace spapr_tce_table_finalize() with
spapr_tce_table_unrealize().
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Cc: qemu-stable@nongnu.org
Signed-off-by: Alexander Graf <agraf@suse.de>
---
hw/ppc/spapr_iommu.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/hw/ppc/spapr_iommu.c b/hw/ppc/spapr_iommu.c
index 6c91d8e..da47474 100644
--- a/hw/ppc/spapr_iommu.c
+++ b/hw/ppc/spapr_iommu.c
@@ -173,9 +173,9 @@ sPAPRTCETable *spapr_tce_new_table(DeviceState *owner, uint32_t liobn,
return tcet;
}
-static void spapr_tce_table_finalize(Object *obj)
+static void spapr_tce_table_unrealize(DeviceState *dev, Error **errp)
{
- sPAPRTCETable *tcet = SPAPR_TCE_TABLE(obj);
+ sPAPRTCETable *tcet = SPAPR_TCE_TABLE(dev);
QLIST_REMOVE(tcet, list);
@@ -420,6 +420,7 @@ static void spapr_tce_table_class_init(ObjectClass *klass, void *data)
DeviceClass *dc = DEVICE_CLASS(klass);
dc->init = spapr_tce_table_realize;
dc->reset = spapr_tce_reset;
+ dc->unrealize = spapr_tce_table_unrealize;
QLIST_INIT(&spapr_tce_tables);
@@ -435,7 +436,6 @@ static TypeInfo spapr_tce_table_info = {
.parent = TYPE_DEVICE,
.instance_size = sizeof(sPAPRTCETable),
.class_init = spapr_tce_table_class_init,
- .instance_finalize = spapr_tce_table_finalize,
};
static void register_types(void)
--
1.8.1.4
next prev parent reply other threads:[~2015-01-07 15:21 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-07 15:20 [Qemu-devel] [PULL 00/37] ppc patch queue 2015-01-07 Alexander Graf
2015-01-07 15:20 ` [Qemu-devel] [PULL 01/37] PPC: e500: Move CCSR definition to params Alexander Graf
2015-01-07 15:20 ` [Qemu-devel] [PULL 02/37] PPC: e500: Move CCSR and MMIO space to upper end of address space Alexander Graf
2015-01-07 15:20 ` [Qemu-devel] [PULL 03/37] PPC: mpc8554ds: Tell user about exceeding RAM limits Alexander Graf
2015-01-07 15:20 ` [Qemu-devel] [PULL 04/37] PPC: e500 pci host: Add support for ATMUs Alexander Graf
2015-01-07 15:20 ` [Qemu-devel] [PULL 05/37] target-ppc: Load/Store Vector Element Storage Alignment Alexander Graf
2015-01-07 15:20 ` [Qemu-devel] [PULL 06/37] target-ppc: VXSQRT Should Not Be Set for NaNs Alexander Graf
2015-02-12 22:21 ` Maciej W. Rozycki
2015-02-13 14:28 ` Tom Musta
2015-02-13 23:35 ` Alexander Graf
2015-01-07 15:20 ` [Qemu-devel] [PULL 07/37] target-ppc: Fix Floating Point Move Instructions That Set CR1 Alexander Graf
2015-01-07 15:20 ` [Qemu-devel] [PULL 08/37] target-ppc: mffs. Should Set CR1 from FPSCR Bits Alexander Graf
2015-01-07 15:20 ` [Qemu-devel] [PULL 09/37] target-ppc: Fully Migrate to gen_set_cr1_from_fpscr Alexander Graf
2015-01-07 15:20 ` [Qemu-devel] [PULL 10/37] target-ppc: Eliminate set_fprf Argument From gen_compute_fprf Alexander Graf
2015-01-07 15:20 ` [Qemu-devel] [PULL 11/37] target-ppc: Eliminate set_fprf Argument From helper_compute_fprf Alexander Graf
2015-01-07 15:20 ` [Qemu-devel] [PULL 12/37] target-ppc: explicitly save page table headers in big endian Alexander Graf
2015-01-07 15:20 ` [Qemu-devel] [PULL 13/37] spapr: Fix stale HTAB during live migration (KVM) Alexander Graf
2015-01-07 15:20 ` [Qemu-devel] [PULL 14/37] spapr: Fix integer overflow during migration (TCG) Alexander Graf
2015-01-07 15:20 ` [Qemu-devel] [PULL 15/37] spapr: Fix stale HTAB during live " Alexander Graf
2015-01-07 15:20 ` [Qemu-devel] [PULL 16/37] device-tree: fix memory leak Alexander Graf
2015-01-07 15:20 ` [Qemu-devel] [PULL 17/37] ppc: do not use get_clock_realtime() Alexander Graf
2015-01-07 15:20 ` Alexander Graf [this message]
2015-01-07 15:20 ` [Qemu-devel] [PULL 19/37] pseries: Update SLOF firmware image to 20141202 Alexander Graf
2015-01-07 15:20 ` [Qemu-devel] [PULL 20/37] target-ppc: Introduce Instruction Type for Transactional Memory Alexander Graf
2015-01-07 15:20 ` [Qemu-devel] [PULL 21/37] target-ppc: Introduce Feature Flag " Alexander Graf
2015-01-07 15:20 ` [Qemu-devel] [PULL 22/37] target-ppc: Introduce tm_enabled Bit to CPU State Alexander Graf
2015-01-07 15:20 ` [Qemu-devel] [PULL 23/37] target-ppc: Power8 Supports Transactional Memory Alexander Graf
2015-01-07 15:20 ` [Qemu-devel] [PULL 24/37] target-ppc: Introduce TEXASRU Bit Fields Alexander Graf
2015-01-07 15:20 ` [Qemu-devel] [PULL 25/37] target-ppc: Introduce tbegin Alexander Graf
2015-01-07 15:20 ` [Qemu-devel] [PULL 26/37] target-ppc: Introduce TM Noops Alexander Graf
2015-01-07 15:20 ` [Qemu-devel] [PULL 27/37] target-ppc: Introduce tcheck Alexander Graf
2015-01-07 15:20 ` [Qemu-devel] [PULL 28/37] target-ppc: Introduce Privileged TM Noops Alexander Graf
2015-01-07 15:20 ` [Qemu-devel] [PULL 29/37] PPC: e500: Fix GPIO controller interrupt number Alexander Graf
2015-01-07 15:20 ` [Qemu-devel] [PULL 30/37] target-ppc: Mark SR() and gen_sync_exception() as !CONFIG_USER_ONLY Alexander Graf
2015-01-07 15:20 ` [Qemu-devel] [PULL 31/37] target-ppc: Cast ssize_t to size_t before printing with %zx Alexander Graf
2015-01-07 15:20 ` [Qemu-devel] [PULL 32/37] hw/ppc: modified the condition for usb controllers to be created for some ppc machines Alexander Graf
2015-01-07 15:20 ` [Qemu-devel] [PULL 33/37] hw/machine: added machine_usb wrapper Alexander Graf
2015-01-07 15:20 ` [Qemu-devel] [PULL 34/37] hw/usb: simplified usb_enabled Alexander Graf
2015-01-07 15:20 ` [Qemu-devel] [PULL 35/37] hw/ppc/mac_newworld: QOMified mac99 machines Alexander Graf
2015-01-07 15:20 ` [Qemu-devel] [PULL 36/37] hw/ppc/spapr: simplify usb controller creation logic Alexander Graf
2015-01-07 15:20 ` [Qemu-devel] [PULL 37/37] hw/ppc/mac_newworld: " Alexander Graf
2015-01-10 21:02 ` [Qemu-devel] [PULL 00/37] ppc patch queue 2015-01-07 Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1420644048-16919-19-git-send-email-agraf@suse.de \
--to=agraf@suse.de \
--cc=david@gibson.dropbear.id.au \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
--cc=qemu-stable@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).