From: "Michael S. Tsirkin" <mst@redhat.com>
To: qemu-devel@nongnu.org
Cc: Peter Maydell <peter.maydell@linaro.org>,
Matthias Weckbecker <matthias@weckbecker.name>,
Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Subject: [Qemu-devel] [PULL v2 09/30] hw/pci-bridge: Fix invalid free()
Date: Tue, 18 Dec 2018 11:11:46 -0500 [thread overview]
Message-ID: <20181218161008.3882-10-mst@redhat.com> (raw)
In-Reply-To: <20181218161008.3882-1-mst@redhat.com>
From: Matthias Weckbecker <matthias@weckbecker.name>
When loadvm'ing a *running* snapshot qemu crashes due to an invalid
free. It's fortunately caught early by glibc heap memory corruption
protection and qemu gets killed with SIGABRT.
Steps to reproduce:
1) Create VM (e.g w/ virsh define)
2) Start the VM and take a snapshot while it's running and having a
PCI bridge attached
3) Destroy the VM and revert the running snapshot.
This commit fixes the issue.
Signed-off-by: Matthias Weckbecker <matthias@weckbecker.name>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
hw/pci/pci_bridge.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/pci/pci_bridge.c b/hw/pci/pci_bridge.c
index ee9dff2d3a..b9143ac88b 100644
--- a/hw/pci/pci_bridge.c
+++ b/hw/pci/pci_bridge.c
@@ -241,9 +241,9 @@ void pci_bridge_update_mappings(PCIBridge *br)
* while another accesses an unaffected region. */
memory_region_transaction_begin();
pci_bridge_region_del(br, br->windows);
+ pci_bridge_region_cleanup(br, w);
br->windows = pci_bridge_region_init(br);
memory_region_transaction_commit();
- pci_bridge_region_cleanup(br, w);
}
/* default write_config function for PCI-to-PCI bridge */
--
MST
next prev parent reply other threads:[~2018-12-18 16:11 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-18 16:11 [Qemu-devel] [PULL v2 00/30] pci, pc, virtio: fixes, features Michael S. Tsirkin
2018-12-18 16:11 ` [Qemu-devel] [PULL v2 01/30] pcie: set link state inactive/active after hot unplug/plug Michael S. Tsirkin
2018-12-18 16:11 ` [Qemu-devel] [PULL v2 02/30] pc:piix4: Update smbus I/O space after a migration Michael S. Tsirkin
2018-12-18 16:11 ` [Qemu-devel] [PULL v2 03/30] virtio: Helper for registering virtio device types Michael S. Tsirkin
2018-12-18 16:11 ` [Qemu-devel] [PULL v2 04/30] virtio: Provide version-specific variants of virtio PCI devices Michael S. Tsirkin
2018-12-18 16:11 ` [Qemu-devel] [PULL v2 05/30] tests: Remove unused include Michael S. Tsirkin
2018-12-18 16:11 ` [Qemu-devel] [PULL v2 06/30] hw/smbios: Restrict access to "hw/smbios/ipmi.h" Michael S. Tsirkin
2018-12-18 16:11 ` [Qemu-devel] [PULL v2 07/30] hw/smbios: Remove "smbios_ipmi.h" Michael S. Tsirkin
2018-12-18 16:11 ` [Qemu-devel] [PULL v2 08/30] hw/smbios: Move to the hw/firmware/ subdirectory Michael S. Tsirkin
2018-12-18 16:11 ` Michael S. Tsirkin [this message]
2018-12-18 16:11 ` [Qemu-devel] [PULL v2 10/30] pcie: Create enums for link speed and width Michael S. Tsirkin
2018-12-18 16:12 ` [Qemu-devel] [PULL v2 11/30] pci: Sync PCIe downstream port LNKSTA on read Michael S. Tsirkin
2018-12-18 16:12 ` [Qemu-devel] [PULL v2 12/30] qapi: Define PCIe link speed and width properties Michael S. Tsirkin
2018-12-18 16:12 ` [Qemu-devel] [PULL v2 13/30] pcie: Add link speed and width fields to PCIESlot Michael S. Tsirkin
2018-12-18 16:12 ` [Qemu-devel] [PULL v2 14/30] pcie: Fill PCIESlot link fields to support higher speeds and widths Michael S. Tsirkin
2018-12-18 16:12 ` [Qemu-devel] [PULL v2 15/30] pcie: Allow generic PCIe root port to specify link speed and width Michael S. Tsirkin
2018-12-18 16:12 ` [Qemu-devel] [PULL v2 16/30] vfio/pci: Remove PCIe Link Status emulation Michael S. Tsirkin
2018-12-18 16:12 ` [Qemu-devel] [PULL v2 17/30] pcie: Fast PCIe root ports for new machines Michael S. Tsirkin
2018-12-18 16:12 ` [Qemu-devel] [PULL v2 18/30] intel_iommu: dump correct iova when failed Michael S. Tsirkin
2018-12-18 16:13 ` [Qemu-devel] [PULL v2 19/30] intel_iommu: convert invalid traces into error reports Michael S. Tsirkin
2018-12-18 16:13 ` [Qemu-devel] [PULL v2 20/30] intel_iommu: dma read/write draining support Michael S. Tsirkin
2018-12-18 16:13 ` [Qemu-devel] [PULL v2 21/30] intel_iommu: remove "x-" prefix for "aw-bits" Michael S. Tsirkin
2018-12-18 16:13 ` [Qemu-devel] [PULL v2 22/30] hw: acpi: The RSDP build API can return void Michael S. Tsirkin
2018-12-18 16:13 ` [Qemu-devel] [PULL v2 23/30] hw: arm: acpi: Fix incorrect checksums in RSDP Michael S. Tsirkin
2018-12-18 16:13 ` [Qemu-devel] [PULL v2 24/30] hw: i386: Use correct RSDT length for checksum Michael S. Tsirkin
2018-12-18 16:13 ` [Qemu-devel] [PULL v2 25/30] hw: arm: Carry RSDP specific data through AcpiRsdpData Michael S. Tsirkin
2018-12-18 16:13 ` [Qemu-devel] [PULL v2 26/30] hw: arm: Convert the RSDP build to the buid_append_foo() API Michael S. Tsirkin
2018-12-18 16:13 ` [Qemu-devel] [PULL v2 27/30] hw: arm: Support both legacy and current RSDP build Michael S. Tsirkin
2018-12-18 16:13 ` [Qemu-devel] [PULL v2 28/30] hw: acpi: Export and share the ARM " Michael S. Tsirkin
2018-12-18 16:13 ` [Qemu-devel] [PULL v2 29/30] hw: acpi: Remove AcpiRsdpDescriptor and fix tests Michael S. Tsirkin
2018-12-20 15:02 ` [Qemu-devel] [PATCH v3 " Igor Mammedov
2018-12-18 16:13 ` [Qemu-devel] [PULL v2 30/30] hw/i386: Remove deprecated machines pc-0.10 and pc-0.11 Michael S. Tsirkin
2018-12-19 19:15 ` [Qemu-devel] [PULL v2 00/30] pci, pc, virtio: fixes, features Peter Maydell
2018-12-20 14:49 ` Igor Mammedov
2018-12-20 14:52 ` Peter Maydell
2018-12-20 15:11 ` Igor Mammedov
2018-12-20 15:03 ` Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181218161008.3882-10-mst@redhat.com \
--to=mst@redhat.com \
--cc=marcel.apfelbaum@gmail.com \
--cc=matthias@weckbecker.name \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).