From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1LCM8b-0006Cm-1W for qemu-devel@nongnu.org; Mon, 15 Dec 2008 17:42:05 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1LCM8Z-0006AZ-8w for qemu-devel@nongnu.org; Mon, 15 Dec 2008 17:42:04 -0500 Received: from [199.232.76.173] (port=49743 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LCM8Z-0006AL-59 for qemu-devel@nongnu.org; Mon, 15 Dec 2008 17:42:03 -0500 Received: from mx2.redhat.com ([66.187.237.31]:40694) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1LCM8Y-0004ab-JF for qemu-devel@nongnu.org; Mon, 15 Dec 2008 17:42:03 -0500 Received: from int-mx2.corp.redhat.com (int-mx2.corp.redhat.com [172.16.27.26]) by mx2.redhat.com (8.13.8/8.13.8) with ESMTP id mBFMfxrZ005433 for ; Mon, 15 Dec 2008 17:41:59 -0500 Received: from ns3.rdu.redhat.com (ns3.rdu.redhat.com [10.11.255.199]) by int-mx2.corp.redhat.com (8.13.1/8.13.1) with ESMTP id mBFMfw1H004818 for ; Mon, 15 Dec 2008 17:41:58 -0500 Received: from zweiblum.travel.kraxel.org (vpn-10-141.str.redhat.com [10.32.10.141]) by ns3.rdu.redhat.com (8.13.8/8.13.8) with ESMTP id mBFMftUS011618 for ; Mon, 15 Dec 2008 17:41:57 -0500 Message-ID: <4946DD33.4070608@redhat.com> Date: Mon, 15 Dec 2008 23:41:55 +0100 From: Gerd Hoffmann MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="------------090703000400040102030703" Subject: [Qemu-devel] [RESEND PATCH] Fix qemu crash with kvm enabled. Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org This is a multi-part message in MIME format. --------------090703000400040102030703 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Hi, If you see crashes after commit 6060, try this one ;) Not initializing msr_list.nmsrs before the KVM_GET_MSR_INDEX_LIST ioctl will make the kernel fill too much data into msr_list, thereby overflowing the stack and crashing the qemu. cheers, Gerd --------------090703000400040102030703 Content-Type: text/plain; name="0045-Fix-qemu-crash-with-kvm-enabled.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="0045-Fix-qemu-crash-with-kvm-enabled.patch" >>From cb6c5b6fde117fe05699230c43c3163e91dbb3cd Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Tue, 9 Dec 2008 17:42:27 +0100 Subject: [PATCH] Fix qemu crash with kvm enabled. Signed-off-by: Gerd Hoffmann --- target-i386/kvm.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/target-i386/kvm.c b/target-i386/kvm.c index effd5af..db11ac2 100644 --- a/target-i386/kvm.c +++ b/target-i386/kvm.c @@ -104,11 +104,11 @@ static int kvm_has_msr_star(CPUState *env) /* Obtain MSR list from KVM. These are the MSRs that we must * save/restore */ + msr_list.nmsrs = 0; ret = kvm_ioctl(env->kvm_state, KVM_GET_MSR_INDEX_LIST, &msr_list); if (ret < 0) return 0; - msr_list.nmsrs = 0; kvm_msr_list = qemu_mallocz(sizeof(msr_list) + msr_list.nmsrs * sizeof(msr_list.indices[0])); if (kvm_msr_list == NULL) -- 1.5.6.5 --------------090703000400040102030703--