[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-ppc] [PULL 02/40] hw/ppc: clear pending_events on machine rese
|
From: |
Greg Kurz |
|
Subject: |
Re: [Qemu-ppc] [PULL 02/40] hw/ppc: clear pending_events on machine reset |
|
Date: |
Tue, 12 Sep 2017 20:27:42 +0200 |
On Tue, 12 Sep 2017 18:28:04 +0100
Peter Maydell <address@hidden> wrote:
> On 8 September 2017 at 11:35, David Gibson <address@hidden> wrote:
> > From: Daniel Henrique Barboza <address@hidden>
> >
> > The sPAPR machine isn't clearing up the pending events QTAILQ on
> > machine reboot. This allows for unprocessed hotplug/epow events
> > to persist in the queue after reset and, when reasserting the IRQs in
> > check_exception later on, these will be being processed by the OS.
> >
> > This patch implements a new function called 'spapr_clear_pending_events'
> > that clears up the pending_events QTAILQ. This helper is then called
> > inside ppc_spapr_reset to clear up the events queue, preventing
> > old/deprecated events from persisting after a reset.
> >
> > Signed-off-by: Daniel Henrique Barboza <address@hidden>
> > Signed-off-by: David Gibson <address@hidden>
>
> > +void spapr_clear_pending_events(sPAPRMachineState *spapr)
> > +{
> > + sPAPREventLogEntry *entry = NULL;
> > +
> > + QTAILQ_FOREACH(entry, &spapr->pending_events, next) {
> > + QTAILQ_REMOVE(&spapr->pending_events, entry, next);
> > + g_free(entry->extended_log);
> > + g_free(entry);
> > + }
> > +}
>
> Coverity points out that this is a use-after-free error,
> because QTAILQ_FOREACH will access the list pointers of
> entry after the loop body has freed it. You want
> QTAILQ_FOREACH_SAFE, I think. (CID 1381017)
>
Yes indeed, QTAILQ_FOREACH_SAFE() is needed when removing
the current element from the list. I'll send a patch.
> thanks
> -- PMM
>
pgpPb5UJi4wsA.pgp
Description: OpenPGP digital signature
- [Qemu-ppc] [PULL 00/40] ppc-for-2.11 queue 20170908, David Gibson, 2017/09/08
- [Qemu-ppc] [PULL 07/40] spapr_iommu: convert TCE table object to realize(), David Gibson, 2017/09/08
- [Qemu-ppc] [PULL 03/40] hw/ppc: CAS reset on early device hotplug, David Gibson, 2017/09/08
- [Qemu-ppc] [PULL 11/40] spapr_iommu: pass object ownership to parent/owner, David Gibson, 2017/09/08
- [Qemu-ppc] [PULL 04/40] spapr_pci: use memory_region_add_subregion() with DMA windows, David Gibson, 2017/09/08
- [Qemu-ppc] [PULL 02/40] hw/ppc: clear pending_events on machine reset, David Gibson, 2017/09/08
- [Qemu-ppc] [PULL 12/40] spapr_iommu: unregister vmstate at unrealize time, David Gibson, 2017/09/08
- [Qemu-ppc] [PULL 08/40] spapr_pci: parent the MSI memory region to the PHB, David Gibson, 2017/09/08
- [Qemu-ppc] [PULL 10/40] spapr_drc: pass object ownership to parent/owner, David Gibson, 2017/09/08
- [Qemu-ppc] [PULL 05/40] spapr_iommu: use g_strdup_printf() instead of snprintf(), David Gibson, 2017/09/08
- [Qemu-ppc] [PULL 09/40] spapr_drc: add unrealize method to physical DRC class, David Gibson, 2017/09/08
- [Qemu-ppc] [PULL 01/40] hw/ppc/spapr_drc.c: change spapr_drc_needed to use drc->dev, David Gibson, 2017/09/08
- [Qemu-ppc] [PULL 14/40] e500: Use cpu_index instead of vcpu_dt_id, David Gibson, 2017/09/08
- [Qemu-ppc] [PULL 17/40] booke206: fix booke206_tlbnps for mav 2.0, David Gibson, 2017/09/08
- [Qemu-ppc] [PULL 18/40] booke206: fix tlbnps for fixed size TLB, David Gibson, 2017/09/08
- [Qemu-ppc] [PULL 06/40] spapr_drc: use g_strdup_printf() instead of snprintf(), David Gibson, 2017/09/08