From: Michael Roth <mdroth@linux.vnet.ibm.com>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Thomas Huth <thuth@redhat.com>,
Gerd Hoffmann <kraxel@redhat.com>
Subject: [Qemu-devel] [PATCH 02/55] hw/usb/bus: Remove bad object_unparent() from usb_try_create_simple()
Date: Wed, 6 Dec 2017 13:15:55 -0600 [thread overview]
Message-ID: <20171206191648.18208-3-mdroth@linux.vnet.ibm.com> (raw)
In-Reply-To: <20171206191648.18208-1-mdroth@linux.vnet.ibm.com>
From: Thomas Huth <thuth@redhat.com>
Valgrind detects an invalid read operation when hot-plugging of an
USB device fails:
$ valgrind x86_64-softmmu/qemu-system-x86_64 -device usb-ehci -nographic -S
==30598== Memcheck, a memory error detector
==30598== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==30598== Using Valgrind-3.12.0 and LibVEX; rerun with -h for copyright info
==30598== Command: x86_64-softmmu/qemu-system-x86_64 -device usb-ehci -nographic -S
==30598==
QEMU 2.10.50 monitor - type 'help' for more information
(qemu) device_add usb-tablet
(qemu) device_add usb-tablet
(qemu) device_add usb-tablet
(qemu) device_add usb-tablet
(qemu) device_add usb-tablet
(qemu) device_add usb-tablet
==30598== Invalid read of size 8
==30598== at 0x60EF50: object_unparent (object.c:445)
==30598== by 0x580F0D: usb_try_create_simple (bus.c:346)
==30598== by 0x581BEB: usb_claim_port (bus.c:451)
==30598== by 0x582310: usb_qdev_realize (bus.c:257)
==30598== by 0x4CB399: device_set_realized (qdev.c:914)
==30598== by 0x60E26D: property_set_bool (object.c:1886)
==30598== by 0x61235E: object_property_set_qobject (qom-qobject.c:27)
==30598== by 0x61000F: object_property_set_bool (object.c:1162)
==30598== by 0x4567C3: qdev_device_add (qdev-monitor.c:630)
==30598== by 0x456D52: qmp_device_add (qdev-monitor.c:807)
==30598== by 0x470A99: hmp_device_add (hmp.c:1933)
==30598== by 0x3679C3: handle_hmp_command (monitor.c:3123)
The object_unparent() here is not necessary anymore since commit
69382d8b3e8600b3 ("qdev: Fix object reference leak in case device.realize()
fails"), so let's remove it now.
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-id: 1506526106-30971-1-git-send-email-thuth@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit f3b2bea3c76ba9283b957f1373e7cebdbf863059)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
hw/usb/bus.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/hw/usb/bus.c b/hw/usb/bus.c
index d910f849e7..e56dc3348a 100644
--- a/hw/usb/bus.c
+++ b/hw/usb/bus.c
@@ -341,9 +341,7 @@ static USBDevice *usb_try_create_simple(USBBus *bus, const char *name,
object_property_set_bool(OBJECT(dev), true, "realized", &err);
if (err) {
error_propagate(errp, err);
- error_prepend(errp, "Failed to initialize USB device '%s': ",
- name);
- object_unparent(OBJECT(dev));
+ error_prepend(errp, "Failed to initialize USB device '%s': ", name);
return NULL;
}
return dev;
--
2.11.0
next prev parent reply other threads:[~2017-12-06 19:17 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-06 19:15 [Qemu-devel] [PATCH 00/55] Patch Round-up for stable 2.10.2, freeze on 2017-12-13 Michael Roth
2017-12-06 19:15 ` [Qemu-devel] [PATCH 01/55] hw/ppc: CAS reset on early device hotplug Michael Roth
2017-12-06 19:15 ` Michael Roth [this message]
2017-12-06 19:15 ` [Qemu-devel] [PATCH 03/55] block/mirror: check backing in bdrv_mirror_top_flush Michael Roth
2017-12-06 19:15 ` [Qemu-devel] [PATCH 04/55] kvmclock: use the updated system_timer_msr Michael Roth
2017-12-06 19:15 ` [Qemu-devel] [PATCH 05/55] block: Perform copy-on-read in loop Michael Roth
2017-12-06 19:15 ` [Qemu-devel] [PATCH 06/55] exec: Explicitly export target AS from address_space_translate_internal Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 07/55] memory: Open code FlatView rendering Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 08/55] memory: Move FlatView allocation to a helper Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 09/55] memory: Move AddressSpaceDispatch from AddressSpace to FlatView Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 10/55] memory: Remove AddressSpace pointer from AddressSpaceDispatch Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 11/55] memory: avoid "resurrection" of dead FlatViews Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 12/55] memory: Switch memory from using AddressSpace to FlatView Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 13/55] memory: Cleanup after switching " Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 14/55] memory: Rename mem_begin/mem_commit/mem_add helpers Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 15/55] memory: Store physical root MR in FlatView Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 16/55] memory: Alloc dispatch tree where topology is generared Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 17/55] memory: Move address_space_update_ioeventfds Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 18/55] memory: Share FlatView's and dispatch trees between address spaces Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 19/55] memory: Do not allocate FlatView in address_space_init Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 20/55] memory: Get rid of address_space_init_shareable Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 21/55] memory: Create FlatView directly Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 22/55] memory: trace FlatView creation and destruction Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 23/55] memory: seek FlatView sharing candidates among children subregions Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 24/55] memory: Share special empty FlatView Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 25/55] exec: add page_mask for flatview_do_translate Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 26/55] exec: simplify address_space_get_iotlb_entry Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 27/55] memory: fix off-by-one error in memory_region_notify_one() Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 28/55] hw/sd: fix out-of-bounds check for multi block reads Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 29/55] qcow2: Fix unaligned preallocated truncation Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 30/55] qcow2: Always execute preallocate() in a coroutine Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 31/55] iotests: Add cluster_size=64k to 125 Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 32/55] nios2: define tcg_env Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 33/55] io: monitor encoutput buffer size from websocket GSource Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 34/55] ppc: fix setting of compat mode Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 35/55] translate.c: Fix usermode big-endian AArch32 LDREXD and STREXD Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 36/55] hw/intc/arm_gicv3_its: Don't abort on table save failure Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 37/55] net/socket: fix coverity issue Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 38/55] net: fix check for number of parameters to -netdev socket Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 39/55] nbd/client: Use error_prepend() correctly Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 40/55] util/stats64: Fix min/max comparisons Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 41/55] virtio: Add queue interface to restore avail index from vring used index Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 42/55] vhost: restore avail index from vring used index on disconnection Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 43/55] hw/ppc: clear pending_events on machine reset Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 44/55] spapr: reset DRCs after devices Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 45/55] scripts/make-release: ship u-boot source as a tarball Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 46/55] block/nfs: fix nfs_client_open for filesize greater than 1TB Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 47/55] virtio-net: don't touch virtqueue if vm is stopped Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 48/55] nbd/server: CVE-2017-15119 Reject options larger than 32M Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 49/55] nbd/server: CVE-2017-15118 Stack smash on large export name Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 50/55] vhost: fix error check in vhost_verify_ring_mappings() Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 51/55] nbd/server: fix nbd_negotiate_handle_info Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 52/55] nbd-client: Refuse read-only client with BDRV_O_RDWR Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 53/55] nbd/client: Don't hard-disconnect on ESHUTDOWN from server Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 54/55] vga: drop line_offset variable Michael Roth
2017-12-06 19:16 ` [Qemu-devel] [PATCH 55/55] vga: handle cirrus vbe mode wraparounds Michael Roth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171206191648.18208-3-mdroth@linux.vnet.ibm.com \
--to=mdroth@linux.vnet.ibm.com \
--cc=kraxel@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).