* [Qemu-devel] [PATCH v1] vl: Fix possible freed memory accessing
@ 2014-09-19 3:37 zhanghailiang
2014-09-19 6:54 ` Markus Armbruster
` (2 more replies)
0 siblings, 3 replies; 10+ messages in thread
From: zhanghailiang @ 2014-09-19 3:37 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-trivial, luonengjun, peter.huangpeng, zhanghailiang
The logic of pcmcia_socket_unregister is wrong,
which will cause a freed memory accessing
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
---
Hi,
The function pcmcia_socket_unregister seemes to be unused,
Should it be removed? Thanks.
---
vl.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/vl.c b/vl.c
index dc792fe..bf659b7 100644
--- a/vl.c
+++ b/vl.c
@@ -1545,11 +1545,13 @@ void pcmcia_socket_unregister(PCMCIASocket *socket)
struct pcmcia_socket_entry_s *entry, **ptr;
ptr = &pcmcia_sockets;
- for (entry = *ptr; entry; ptr = &entry->next, entry = *ptr)
+ for (entry = *ptr; entry; ptr = &entry->next, entry = *ptr) {
if (entry->socket == socket) {
*ptr = entry->next;
g_free(entry);
+ break;
}
+ }
}
void pcmcia_info(Monitor *mon, const QDict *qdict)
--
1.7.12.4
^ permalink raw reply related [flat|nested] 10+ messages in thread* Re: [Qemu-devel] [PATCH v1] vl: Fix possible freed memory accessing 2014-09-19 3:37 [Qemu-devel] [PATCH v1] vl: Fix possible freed memory accessing zhanghailiang @ 2014-09-19 6:54 ` Markus Armbruster 2014-09-19 14:14 ` Peter Maydell 2014-09-19 8:09 ` Paolo Bonzini 2014-09-20 13:58 ` [Qemu-devel] [Qemu-trivial] " Michael Tokarev 2 siblings, 1 reply; 10+ messages in thread From: Markus Armbruster @ 2014-09-19 6:54 UTC (permalink / raw) To: zhanghailiang Cc: qemu-trivial, peter.maydell, luonengjun, qemu-devel, peter.huangpeng zhanghailiang <zhang.zhanghailiang@huawei.com> writes: > The logic of pcmcia_socket_unregister is wrong, > which will cause a freed memory accessing > > Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com> > --- > Hi, > > The function pcmcia_socket_unregister seemes to be unused, > Should it be removed? Thanks. I think we should remove the whole thing: pcmcia_sockets, pcmcia_socket_register(), pcmcia_socket_unregister, pcmcia_info(). Here's why. It serves just one purpose: "info pcmcia". HMP-only, therefore not a stable interface. But is it a useful one? The only caller of pcmcia_socket_register() is pxa2xx_pcmcia_realize(), of device model "pxa2xx-pcmcia". As far as I can tell, used only by a couple of ARM boards: "verdex", "mainstone", "akita", "spitz", "borzoi", "terrier", "z2", "connex", "tosa". Of these, only "akita", "spitz", "borzoi", "terrier" and "tosa" insert a card into the slot, and they do so right on board initialization. Nothing ever ejects a card from a slot. Therefore, "info pcmcia" effectively prints a fixed, machine-specific string so far. Doesn't sound useful to me. If we acquire PCMCIA devices where querying status is interesting, we'll want a QMP command, so this code will be pretty much useless. Peter M., what do you think? ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Qemu-devel] [PATCH v1] vl: Fix possible freed memory accessing 2014-09-19 6:54 ` Markus Armbruster @ 2014-09-19 14:14 ` Peter Maydell 0 siblings, 0 replies; 10+ messages in thread From: Peter Maydell @ 2014-09-19 14:14 UTC (permalink / raw) To: Markus Armbruster Cc: QEMU Trivial, peter.huangpeng, Luonengjun, zhanghailiang, QEMU Developers On 18 September 2014 23:54, Markus Armbruster <armbru@redhat.com> wrote: > I think we should remove the whole thing: pcmcia_sockets, > pcmcia_socket_register(), pcmcia_socket_unregister, pcmcia_info(). > Here's why. > > It serves just one purpose: "info pcmcia". HMP-only, therefore not a > stable interface. But is it a useful one? > > The only caller of pcmcia_socket_register() is pxa2xx_pcmcia_realize(), > of device model "pxa2xx-pcmcia". As far as I can tell, used only by a > couple of ARM boards: "verdex", "mainstone", "akita", "spitz", "borzoi", > "terrier", "z2", "connex", "tosa". > > Of these, only "akita", "spitz", "borzoi", "terrier" and "tosa" insert a > card into the slot, and they do so right on board initialization. > Nothing ever ejects a card from a slot. Therefore, "info pcmcia" > effectively prints a fixed, machine-specific string so far. Doesn't > sound useful to me. > > If we acquire PCMCIA devices where querying status is interesting, we'll > want a QMP command, so this code will be pretty much useless. I wouldn't particularly object to the info code disappearing. pxa2xx is pretty old and crufty code at this point and I don't suppose the pcmcia code has been modernised very much. (Couldn't you implement a hypothetical pcmcia HMP/QMP command by scanning the QOM tree for pcmcia device objects now anyway?) -- PMM ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Qemu-devel] [PATCH v1] vl: Fix possible freed memory accessing 2014-09-19 3:37 [Qemu-devel] [PATCH v1] vl: Fix possible freed memory accessing zhanghailiang 2014-09-19 6:54 ` Markus Armbruster @ 2014-09-19 8:09 ` Paolo Bonzini 2014-09-20 13:58 ` [Qemu-devel] [Qemu-trivial] " Michael Tokarev 2 siblings, 0 replies; 10+ messages in thread From: Paolo Bonzini @ 2014-09-19 8:09 UTC (permalink / raw) To: zhanghailiang, qemu-devel; +Cc: qemu-trivial, luonengjun, peter.huangpeng Il 19/09/2014 05:37, zhanghailiang ha scritto: > The logic of pcmcia_socket_unregister is wrong, > which will cause a freed memory accessing > > Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com> > --- > Hi, > > The function pcmcia_socket_unregister seemes to be unused, > Should it be removed? Thanks. Perhaps---however, the patch silences a Coverity warning, so it is worthwhile. Thanks for doing this! Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Paolo ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Qemu-devel] [Qemu-trivial] [PATCH v1] vl: Fix possible freed memory accessing 2014-09-19 3:37 [Qemu-devel] [PATCH v1] vl: Fix possible freed memory accessing zhanghailiang 2014-09-19 6:54 ` Markus Armbruster 2014-09-19 8:09 ` Paolo Bonzini @ 2014-09-20 13:58 ` Michael Tokarev 2014-09-22 6:23 ` Markus Armbruster 2 siblings, 1 reply; 10+ messages in thread From: Michael Tokarev @ 2014-09-20 13:58 UTC (permalink / raw) To: zhanghailiang, qemu-devel; +Cc: qemu-trivial, luonengjun, peter.huangpeng Applied to -trivial, thank you! /mjt ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Qemu-devel] [Qemu-trivial] [PATCH v1] vl: Fix possible freed memory accessing 2014-09-20 13:58 ` [Qemu-devel] [Qemu-trivial] " Michael Tokarev @ 2014-09-22 6:23 ` Markus Armbruster 2014-09-22 7:34 ` Michael Tokarev 0 siblings, 1 reply; 10+ messages in thread From: Markus Armbruster @ 2014-09-22 6:23 UTC (permalink / raw) To: Michael Tokarev Cc: qemu-trivial, peter.huangpeng, luonengjun, zhanghailiang, qemu-devel Michael Tokarev <mjt@tls.msk.ru> writes: > Applied to -trivial, thank you! Makes my 'hmp: Remove "info pcmcia"' conflict. Either revert this one before applying mine, or resolve the conflict and drop the paragraph about the bug from my commit message. ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Qemu-devel] [Qemu-trivial] [PATCH v1] vl: Fix possible freed memory accessing 2014-09-22 6:23 ` Markus Armbruster @ 2014-09-22 7:34 ` Michael Tokarev 2014-10-23 6:33 ` Michael Tokarev 0 siblings, 1 reply; 10+ messages in thread From: Michael Tokarev @ 2014-09-22 7:34 UTC (permalink / raw) To: Markus Armbruster Cc: qemu-trivial, peter.huangpeng, luonengjun, zhanghailiang, qemu-devel 22.09.2014 10:23, Markus Armbruster wrote: > Michael Tokarev <mjt@tls.msk.ru> writes: > >> Applied to -trivial, thank you! > > Makes my 'hmp: Remove "info pcmcia"' conflict. Either revert this one > before applying mine, or resolve the conflict and drop the paragraph > about the bug from my commit message. Okay, I'll keep an eye on this -- I'm reverting the trivial patch for now. /mjt ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Qemu-devel] [Qemu-trivial] [PATCH v1] vl: Fix possible freed memory accessing 2014-09-22 7:34 ` Michael Tokarev @ 2014-10-23 6:33 ` Michael Tokarev 2014-10-23 6:52 ` Markus Armbruster 2014-10-23 7:16 ` Peter Maydell 0 siblings, 2 replies; 10+ messages in thread From: Michael Tokarev @ 2014-10-23 6:33 UTC (permalink / raw) To: Markus Armbruster Cc: qemu-trivial, qemu-devel, luonengjun, peter.huangpeng, zhanghailiang On 09/22/2014 11:34 AM, Michael Tokarev wrote: > 22.09.2014 10:23, Markus Armbruster wrote: >> Michael Tokarev <mjt@tls.msk.ru> writes: >> >>> Applied to -trivial, thank you! >> >> Makes my 'hmp: Remove "info pcmcia"' conflict. Either revert this one >> before applying mine, or resolve the conflict and drop the paragraph >> about the bug from my commit message. > > Okay, I'll keep an eye on this -- I'm reverting the trivial patch > for now. So it looks like the original patch by zhanghailiang still applies, and your patch, `info pcmcia' removal, hasn't been applied for over a month. Should I apply the bugfix by zhanghailiang finally? Thanks, /mjt ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Qemu-devel] [Qemu-trivial] [PATCH v1] vl: Fix possible freed memory accessing 2014-10-23 6:33 ` Michael Tokarev @ 2014-10-23 6:52 ` Markus Armbruster 2014-10-23 7:16 ` Peter Maydell 1 sibling, 0 replies; 10+ messages in thread From: Markus Armbruster @ 2014-10-23 6:52 UTC (permalink / raw) To: Michael Tokarev Cc: qemu-trivial, zhanghailiang, luonengjun, qemu-devel, peter.huangpeng Michael Tokarev <mjt@tls.msk.ru> writes: > On 09/22/2014 11:34 AM, Michael Tokarev wrote: >> 22.09.2014 10:23, Markus Armbruster wrote: >>> Michael Tokarev <mjt@tls.msk.ru> writes: >>> >>>> Applied to -trivial, thank you! >>> >>> Makes my 'hmp: Remove "info pcmcia"' conflict. Either revert this one >>> before applying mine, or resolve the conflict and drop the paragraph >>> about the bug from my commit message. >> >> Okay, I'll keep an eye on this -- I'm reverting the trivial patch >> for now. > > So it looks like the original patch by zhanghailiang still applies, > and your patch, `info pcmcia' removal, hasn't been applied for over > a month. Should I apply the bugfix by zhanghailiang finally? Please give me a few more days to try getting it committed. ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Qemu-devel] [Qemu-trivial] [PATCH v1] vl: Fix possible freed memory accessing 2014-10-23 6:33 ` Michael Tokarev 2014-10-23 6:52 ` Markus Armbruster @ 2014-10-23 7:16 ` Peter Maydell 1 sibling, 0 replies; 10+ messages in thread From: Peter Maydell @ 2014-10-23 7:16 UTC (permalink / raw) To: Michael Tokarev Cc: QEMU Developers, zhanghailiang, QEMU Trivial, Luonengjun, peter.huangpeng, Markus Armbruster On 23 October 2014 07:33, Michael Tokarev <mjt@tls.msk.ru> wrote: > On 09/22/2014 11:34 AM, Michael Tokarev wrote: >> 22.09.2014 10:23, Markus Armbruster wrote: >>> Michael Tokarev <mjt@tls.msk.ru> writes: >>> >>>> Applied to -trivial, thank you! >>> >>> Makes my 'hmp: Remove "info pcmcia"' conflict. Either revert this one >>> before applying mine, or resolve the conflict and drop the paragraph >>> about the bug from my commit message. >> >> Okay, I'll keep an eye on this -- I'm reverting the trivial patch >> for now. > > So it looks like the original patch by zhanghailiang still applies, > and your patch, `info pcmcia' removal, hasn't been applied for over > a month. Should I apply the bugfix by zhanghailiang finally? The 'remove info pcmcia' patch is in target-arm.next: https://git.linaro.org/people/peter.maydell/qemu-arm.git/shortlog/refs/heads/target-arm.next it's just that pressure of other stuff plus KVM Forum means I haven't yet had a chance to scan for other ARM things to pick up and flush the queue yet. I'll try to do that this week. thanks -- PMM ^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2014-10-23 7:17 UTC | newest] Thread overview: 10+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2014-09-19 3:37 [Qemu-devel] [PATCH v1] vl: Fix possible freed memory accessing zhanghailiang 2014-09-19 6:54 ` Markus Armbruster 2014-09-19 14:14 ` Peter Maydell 2014-09-19 8:09 ` Paolo Bonzini 2014-09-20 13:58 ` [Qemu-devel] [Qemu-trivial] " Michael Tokarev 2014-09-22 6:23 ` Markus Armbruster 2014-09-22 7:34 ` Michael Tokarev 2014-10-23 6:33 ` Michael Tokarev 2014-10-23 6:52 ` Markus Armbruster 2014-10-23 7:16 ` Peter Maydell
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).