[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] Use-after-free during unrealize in system_reset
From: |
Stefan Hajnoczi |
Subject: |
Re: [Qemu-devel] Use-after-free during unrealize in system_reset |
Date: |
Fri, 6 Jun 2014 11:03:34 +0200 |
On Thu, Jun 5, 2014 at 6:18 PM, Michael S. Tsirkin <address@hidden> wrote:
> On Thu, Jun 05, 2014 at 05:31:45PM +0200, Stefan Hajnoczi wrote:
>> qemu-iotests ./check -qcow2 067 is entering an infinite loop during
>> system_reset. This failure is a non-deterministic use-after-free and
>> the infinite loop happens maybe 1/3 of the time.
>
> This patch makes it fail deterministically.
>
> diff --git a/hw/pci/pci.c b/hw/pci/pci.c
> index 22fe5ee..6815fad 100644
> --- a/hw/pci/pci.c
> +++ b/hw/pci/pci.c
> @@ -790,6 +790,7 @@ static void pci_config_alloc(PCIDevice *pci_dev)
> static void pci_config_free(PCIDevice *pci_dev)
> {
> g_free(pci_dev->config);
> + pci_dev->config = NULL;
> g_free(pci_dev->cmask);
> g_free(pci_dev->wmask);
> g_free(pci_dev->w1cmask);
Thanks for the patch, I bisected the use-after-free to this commit:
commit 5c21ce77d7e5643089ceec556c0408445d017f32
Author: Bandan Das <address@hidden>
Date: Wed Mar 12 21:02:12 2014 +0100
qdev: Realize buses on device realization
Integrate (un)realization of child buses with realization/unrealization
of the device hosting them. Code in device_unparent() is reordered for
unrealization of buses to work as part of device unrealization.
That way no changes need to be made to bus instantiation.
Signed-off-by: Bandan Das <address@hidden>
Signed-off-by: Andreas Färber <address@hidden>
Stefan
- [Qemu-devel] Use-after-free during unrealize in system_reset, Stefan Hajnoczi, 2014/06/05
- Re: [Qemu-devel] Use-after-free during unrealize in system_reset, Michael S. Tsirkin, 2014/06/05
- Re: [Qemu-devel] Use-after-free during unrealize in system_reset,
Stefan Hajnoczi <=
- Re: [Qemu-devel] Use-after-free during unrealize in system_reset, Paolo Bonzini, 2014/06/06
- Re: [Qemu-devel] Use-after-free during unrealize in system_reset, Michael S. Tsirkin, 2014/06/08
- Re: [Qemu-devel] Use-after-free during unrealize in system_reset, Paolo Bonzini, 2014/06/08
- Re: [Qemu-devel] Use-after-free during unrealize in system_reset, Michael S. Tsirkin, 2014/06/08
- Re: [Qemu-devel] Use-after-free during unrealize in system_reset, Michael S. Tsirkin, 2014/06/08
- Re: [Qemu-devel] Use-after-free during unrealize in system_reset, Paolo Bonzini, 2014/06/09
- Re: [Qemu-devel] Use-after-free during unrealize in system_reset, Michael S. Tsirkin, 2014/06/09
- Re: [Qemu-devel] Use-after-free during unrealize in system_reset, Bandan Das, 2014/06/09
- Re: [Qemu-devel] Use-after-free during unrealize in system_reset, Andreas Färber, 2014/06/11
- Re: [Qemu-devel] Use-after-free during unrealize in system_reset, Paolo Bonzini, 2014/06/11