[Qemu-devel] [PULL for-2.9 13/17] Revert "hostmem: fix QEMU crash by 'info memdev'"

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Markus Armbruster <armbru@redhat.com>
To: qemu-devel@nongnu.org
Cc: Xiao Guangrong <guangrong.xiao@linux.intel.com>,
	Paolo Bonzini <pbonzini@redhat.com>
Subject: [Qemu-devel] [PULL for-2.9 13/17] Revert "hostmem: fix QEMU crash by 'info memdev'"
Date: Wed, 22 Mar 2017 17:05:44 +0100	[thread overview]
Message-ID: <1490198748-4753-14-git-send-email-armbru@redhat.com> (raw)
In-Reply-To: <1490198748-4753-1-git-send-email-armbru@redhat.com>

This reverts commit 1454d33f0507cb54d62ed80f494884157c9e7130.

The string input visitor regression fixed in the previous commit made
visit_type_uint16List() fail on empty input.  query_memdev() calls it
via object_property_get_uint16List().  Because it doesn't expect it to
fail, it passes &error_abort, and duly crashes.

Commit 1454d33 "fixes" this crash by making
host_memory_backend_get_host_nodes() return a list containing just
MAX_NODES instead of the empty list.  Papers over the regression, and
leads to bogus "info memdev" output, as shown below; revert.

I suspect that if we had bisected the crash back then, we would have
found and fixed the actual bug instead of papering over it.

To reproduce, run HMP command "info memdev" with

    $ qemu-system-x86_64 --nodefaults -S -display none -monitor stdio -object memory-backend-ram,id=mem1,size=4k

With this commit, "info memdev" prints

    memory backend: mem1
      size:  4096
      merge: true
      dump: true
      prealloc: false
      policy: default
      host nodes:

exactly like before commit 74f24cb.

Between commit 1454d33 and this commit, it prints

    memory backend: mem1
      size:  4096
      merge: true
      dump: true
      prealloc: false
      policy: default
      host nodes: 128

The last line is bogus.

Between commit 74f24cb and 1454d33, it crashes like this:

    Unexpected error in parse_str() at /work/armbru/tmp/qemu/qapi/string-input-visitor.c:126:
    Parameter 'null' expects an int64 value or range
    Aborted (core dumped)

Cc: Xiao Guangrong <guangrong.xiao@linux.intel.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1490026424-11330-3-git-send-email-armbru@redhat.com>
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
---
 backends/hostmem.c | 22 ++++++++--------------
 1 file changed, 8 insertions(+), 14 deletions(-)

diff --git a/backends/hostmem.c b/backends/hostmem.c
index 162c218..89feb9e 100644
--- a/backends/hostmem.c
+++ b/backends/hostmem.c
@@ -64,14 +64,6 @@ out:
     error_propagate(errp, local_err);
 }
 
-static uint16List **host_memory_append_node(uint16List **node,
-                                            unsigned long value)
-{
-     *node = g_malloc0(sizeof(**node));
-     (*node)->value = value;
-     return &(*node)->next;
-}
-
 static void
 host_memory_backend_get_host_nodes(Object *obj, Visitor *v, const char *name,
                                    void *opaque, Error **errp)
@@ -82,23 +74,25 @@ host_memory_backend_get_host_nodes(Object *obj, Visitor *v, const char *name,
     unsigned long value;
 
     value = find_first_bit(backend->host_nodes, MAX_NODES);
-
-    node = host_memory_append_node(node, value);
-
     if (value == MAX_NODES) {
-        goto out;
+        return;
     }
 
+    *node = g_malloc0(sizeof(**node));
+    (*node)->value = value;
+    node = &(*node)->next;
+
     do {
         value = find_next_bit(backend->host_nodes, MAX_NODES, value + 1);
         if (value == MAX_NODES) {
             break;
         }
 
-        node = host_memory_append_node(node, value);
+        *node = g_malloc0(sizeof(**node));
+        (*node)->value = value;
+        node = &(*node)->next;
     } while (true);
 
-out:
     visit_type_uint16List(v, name, &host_nodes, errp);
 }
 
-- 
2.7.4

next prev parent reply	other threads:[~2017-03-22 16:05 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-03-22 16:05 [Qemu-devel] [PULL for-2.9 00/17] QAPI patches for 2017-03-22 Markus Armbruster
2017-03-22 16:05 ` [Qemu-devel] [PULL for-2.9 01/17] test-keyval: Tweaks to improve list coverage Markus Armbruster
2017-03-22 16:05 ` [Qemu-devel] [PULL for-2.9 02/17] keyval: Improve some comments Markus Armbruster
2017-03-22 16:05 ` [Qemu-devel] [PULL for-2.9 03/17] test-keyval: Cover alternate and 'any' type Markus Armbruster
2017-03-22 16:05 ` [Qemu-devel] [PULL for-2.9 04/17] keyval: Document issues with 'any' and alternate types Markus Armbruster
2017-03-22 16:05 ` [Qemu-devel] [PULL for-2.9 05/17] MAINTAINERS: Add myself for files I touched recently Markus Armbruster
2017-03-22 16:05 ` [Qemu-devel] [PULL for-2.9 06/17] qapi: Drop excessive Make dependencies on qapi2texi.py Markus Armbruster
2017-03-22 16:05 ` [Qemu-devel] [PULL for-2.9 07/17] qapi2texi: Fix to actually fail when 'doc-required' is false Markus Armbruster
2017-03-22 16:05 ` [Qemu-devel] [PULL for-2.9 08/17] qapi: Drop unused QAPIDoc member optional Markus Armbruster
2017-03-22 16:05 ` [Qemu-devel] [PULL for-2.9 09/17] tests/qapi-schema: Make test-qapi.py print docs again Markus Armbruster
2017-03-22 16:05 ` [Qemu-devel] [PULL for-2.9 10/17] tests/qapi-schema: Systematic positive doc comment tests Markus Armbruster
2017-03-22 16:05 ` [Qemu-devel] [PULL for-2.9 11/17] qapi2texi: Fix translation of *strong* and _emphasized_ Markus Armbruster
2017-03-22 16:05 ` [Qemu-devel] [PULL for-2.9 12/17] qapi: Fix string input visitor regression for empty lists Markus Armbruster
2017-03-22 16:05 ` Markus Armbruster [this message]
2017-03-22 16:05 ` [Qemu-devel] [PULL for-2.9 14/17] test-qobject-input-visitor: Cover visit_type_uint64() Markus Armbruster
2017-03-22 16:05 ` [Qemu-devel] [PULL for-2.9 15/17] tests: Expose regression in QemuOpts visitor Markus Armbruster
2017-03-22 16:05 ` [Qemu-devel] [PULL for-2.9 16/17] qom: Avoid unvisited 'id'/'qom-type' in user_creatable_add_opts Markus Armbruster
2017-03-22 17:28   ` Eric Blake
2017-03-22 16:05 ` [Qemu-devel] [PULL for-2.9 17/17] qapi: Fix QemuOpts visitor regression on unvisited input Markus Armbruster

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:162c218 dfblob:89feb9e )
 OR (
bs:"[Qemu-devel] [PULL for-2.9 13/17] Revert "
bs:"hostmem: fix QEMU crash by 'info memdev'" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1490198748-4753-14-git-send-email-armbru@redhat.com \
    --to=armbru@redhat.com \
    --cc=guangrong.xiao@linux.intel.com \
    --cc=pbonzini@redhat.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).