From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:39589)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <akong@redhat.com>) id 1XmGBC-0001rl-JH
	for qemu-devel@nongnu.org; Thu, 06 Nov 2014 01:04:28 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <akong@redhat.com>) id 1XmGB6-0002Fq-F1
	for qemu-devel@nongnu.org; Thu, 06 Nov 2014 01:04:22 -0500
Received: from mx1.redhat.com ([209.132.183.28]:52144)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <akong@redhat.com>) id 1XmGB6-0002FK-7P
	for qemu-devel@nongnu.org; Thu, 06 Nov 2014 01:04:16 -0500
Received: from int-mx14.intmail.prod.int.phx2.redhat.com
	(int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27])
	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id sA664DH6009804
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=FAIL)
	for <qemu-devel@nongnu.org>; Thu, 6 Nov 2014 01:04:13 -0500
Date: Thu, 6 Nov 2014 14:04:09 +0800
From: Amos Kong <akong@redhat.com>
Message-ID: <20141106060409.GE8764@air.redhat.com>
References: <1415197775-18506-1-git-send-email-marcel.a@redhat.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="+JUInw4efm7IfTNU"
Content-Disposition: inline
In-Reply-To: <1415197775-18506-1-git-send-email-marcel.a@redhat.com>
Subject: Re: [Qemu-devel] [PATCH] hw/pci: fix crash on shpc error flow
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Marcel Apfelbaum <marcel.a@redhat.com>
Cc: marcel@redhat.com, qemu-devel@nongnu.org, mst@redhat.com


--+JUInw4efm7IfTNU
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Nov 05, 2014 at 04:29:35PM +0200, Marcel Apfelbaum wrote:
> If the pci bridge enters in error flow as part
> of init process it will only delete the shpc mmio
> subregion but not remove it from the properties list,
> resulting in segmentation fault when the bridge runs
> the exit function.
>=20
> Example: add a pci bridge without specifing the chassis number:
>     <qemu-bin> ... -device pci-bridge,id=3Dp1
> Result:
>     (qemu) qemu-system-x86_64: -device pci-bridge,id=3Dp1: Bridge chassis=
 not specified. Each bridge is required to be assigned a unique chassis id =
> 0.
>     qemu-system-x86_64: -device pci-bridge,id=3Dp1: Device
>     initialization failed.
>     Segmentation fault (core dumped)
>=20
>     if (child->class->unparent) {
>     #0  0x00005555558d629b in object_finalize_child_property (obj=3D0x555=
556d2e830, name=3D0x555556d30630 "shpc-mmio[0]", opaque=3D0x555556a42fc8) a=
t qom/object.c:1078
>     #1  0x00005555558d4b1f in object_property_del_all (obj=3D0x555556d2e8=
30) at qom/object.c:367
>     #2  0x00005555558d4ca1 in object_finalize (data=3D0x555556d2e830) at =
qom/object.c:412
>     #3  0x00005555558d55a1 in object_unref (obj=3D0x555556d2e830) at qom/=
object.c:720
>     #4  0x000055555572c907 in qdev_device_add (opts=3D0x5555563544f0) at =
qdev-monitor.c:566
>     #5  0x0000555555744f16 in device_init_func (opts=3D0x5555563544f0, op=
aque=3D0x0) at vl.c:2213
>     #6  0x00005555559cf5f0 in qemu_opts_foreach (list=3D0x555555e0f8e0 <q=
emu_device_opts>, func=3D0x555555744efa <device_init_func>, opaque=3D0x0, a=
bort_on_failure=3D1) at util/qemu-option.c:1057
>     #7  0x000055555574a11b in main (argc=3D16, argv=3D0x7fffffffdde8, env=
p=3D0x7fffffffde70) at vl.c:423
>=20
> Unparent the shpc mmio region as part of shpc cleanup.
>=20
> Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
> ---
>  hw/pci/shpc.c | 1 +
>  1 file changed, 1 insertion(+)
>=20
> diff --git a/hw/pci/shpc.c b/hw/pci/shpc.c
> index 65b2f51..2e887d7 100644
> --- a/hw/pci/shpc.c
> +++ b/hw/pci/shpc.c
> @@ -662,6 +662,7 @@ void shpc_cleanup(PCIDevice *d, MemoryRegion *bar)
>      SHPCDevice *shpc =3D d->shpc;
>      d->cap_present &=3D ~QEMU_PCI_CAP_SHPC;
>      memory_region_del_subregion(bar, &shpc->mmio);
> +    object_unparent(OBJECT(&shpc->mmio));
>      /* TODO: cleanup config space changes? */
>      g_free(shpc->config);
>      g_free(shpc->cmask);
> --=20


Reviewed-by: Amos Kong <akong@redhat.com>

> 1.8.3.1
>=20

--=20
			Amos.

--+JUInw4efm7IfTNU
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUWw9ZAAoJELxSv6I5vP9j044P/00Nl9Px3OmoMNBTrTZDokXJ
s93R8Qz0qBNnZi7Z/V9vk8ppWD/ZGZ3JBJyS68RoF6+/ynSY+4arVIt+2y0LLCy4
MS75bBGYA/bclw8GQ5EvqzA2F/XkNRMrCbSYYK/Ph/1Q00vFFfbnHfNmpGPg/2CG
UkGAYtlMCOjI2qI3IL2q9EAncUZM/su6f9r3h3azUJcRRhl2HCh5BNFx/kE4iG44
2FydZY6Cz+iWlQPIl69WeLuBSvGYe8Y0UOr3efopkTPPCe2+z03hH9mDn2adDeVy
5ULADoIeLfBcW2ec1P586i2hDIURtu6A7tX9pbRDpDTLnWGGxfJq/fGxycrrKMcM
+TysSEmb6jedKpi9mPZ1n7gQItVHTpmMnqsqas+Fsfv3llNlHHi7PQbPQswCD1UC
AuJMxvyOStjGK4nt32qchZr/XmShTD2a06lc/qUc5MiurJqeXgZ3WztOo5ubultW
H5nr1m/bQF+iyNeeBzQcTSG6Ryc0ujboCDc89YTD8+9A7364Lf3z2MksttGSRqa5
/Ettqqb+HRNI/wwpxOyBZ9cwsZB1OdVXszkMTNNFmqOTt19Od9Lq19WULNJB/vmm
8qOczIggNYNzPPrQ8iTEi50QJMoq4oHtTslMReCMtAd9Ac+GSRkTWvp/3Rh6Ahar
i0z64WOJMSzqPhSc+56w
=jZYG
-----END PGP SIGNATURE-----

--+JUInw4efm7IfTNU--