From: Kevin Wolf <kwolf@redhat.com>
To: Anthony Liguori <anthony@codemonkey.ws>
Cc: afaerber@suse.de, Qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [RFC] Fix SCSI hotplug with invalid slot
Date: Fri, 13 Jul 2012 11:47:44 +0200 [thread overview]
Message-ID: <4FFFEEC0.1070808@redhat.com> (raw)
In-Reply-To: <87629su9xd.fsf@codemonkey.ws>
[ Whoops, forgot qemu-devel in my original mail, added now ]
Am 12.07.2012 20:11, schrieb Anthony Liguori:
> Kevin Wolf <kwolf@redhat.com> writes:
>
>> While trying to hotplug an if=scsi disk with drive_add, I didn't pay
>> attention to using a valid slot (it doesn't matter with the usual
>> if=none...), and so I got:
>>
>> (qemu) drive_add 0 file=/tmp/test.qcow2,if=scsi
>> Segmentation fault.
>>
>> qemu just takes the PCI device at slot 0 and starts working on its first
>> child bus, no matter what device it is, and whether it even has a bus.
>> This NULL pointer access is easy enough to fix, it's what this patch
>> does.
>>
>> However this leaves a second case where the device in the slot does
>> exist, has child buses and still isn't a SCSI bus. For example (here
>> it's IDE):
>>
>> (qemu) drive_add 1 file=/tmp/test.qcow2,if=scsi
>> Object 0x7fadb204bbf0 is not an instance of type SCSI
>> Aborted.
>>
>> I couldn't find any obvious solution for checking if it has the right
>> type without aborting. I'm sure that this is a pretty standard case, but
>> my QOM knowledge is lacking...
>>
>> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
>> ---
>> hw/pci-hotplug.c | 8 +++++++-
>> 1 files changed, 7 insertions(+), 1 deletions(-)
>>
>> diff --git a/hw/pci-hotplug.c b/hw/pci-hotplug.c
>> index e7fb780..87d4721 100644
>> --- a/hw/pci-hotplug.c
>> +++ b/hw/pci-hotplug.c
>> @@ -77,10 +77,16 @@ static PCIDevice *qemu_pci_hot_add_nic(Monitor *mon,
>> static int scsi_hot_add(Monitor *mon, DeviceState *adapter,
>> DriveInfo *dinfo, int printinfo)
>> {
>> + BusState *bus;
>> SCSIBus *scsibus;
>> SCSIDevice *scsidev;
>>
>> - scsibus = SCSI_BUS(QLIST_FIRST(&adapter->child_bus));
>> + bus = QLIST_FIRST(&adapter->child_bus);
>> + if (bus == NULL) {
>
> if (bus == NULL || object_dynamic_cast(bus, TYPE_SCSI_BUS) == NULL) {
Ah well, so this is really the official way... Then I could as well use
the result of that instead of calling it a second time in SCSI_BUS().
Should I send an updated patch for this, or is it a more general problem
of the QOM conversions that checks were lost and you'll post a broader fix?
Kevin
parent reply other threads:[~2012-07-13 9:47 UTC|newest]
Thread overview: expand[flat|nested] mbox.gz Atom feed
[parent not found: <87629su9xd.fsf@codemonkey.ws>]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4FFFEEC0.1070808@redhat.com \
--to=kwolf@redhat.com \
--cc=Qemu-devel@nongnu.org \
--cc=afaerber@suse.de \
--cc=anthony@codemonkey.ws \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).