[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] ce0abc: qdev: Fix crash by validating the obj
|
From: |
GitHub |
|
Subject: |
[Qemu-commits] [qemu/qemu] ce0abc: qdev: Fix crash by validating the object type |
|
Date: |
Wed, 07 May 2014 07:00:07 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: ce0abca3e35a9f95e9edcb5d6b2910b2fcd52099
https://github.com/qemu/qemu/commit/ce0abca3e35a9f95e9edcb5d6b2910b2fcd52099
Author: Amos Kong <address@hidden>
Date: 2014-05-05 (Mon, 05 May 2014)
Changed paths:
M qdev-monitor.c
Log Message:
-----------
qdev: Fix crash by validating the object type
QEMU crashed when I try to list device parameters and the driver name is
actually an available bus name.
# qemu -device virtio-pci-bus,?
# qemu -device virtio-bus,?
# qemu -device virtio-serial-bus,?
qdev-monitor.c:212:qdev_device_help: Object 0x7fd932f50620 is not an
instance of type device
Aborted (core dumped)
We can also reproduce this bug by adding device from monitor, so it's
worth to fix the crash.
(qemu) device_add virtio-serial-bus
qdev-monitor.c:491:qdev_device_add: Object 0x7f5e89530920 is not an
instance of type device
Aborted (core dumped)
Cc: address@hidden
Signed-off-by: Amos Kong <address@hidden>
Reviewed-by: Markus Armbruster <address@hidden>
Signed-off-by: Andreas Färber <address@hidden>
Commit: 9e1d668ba9783483284e081662b8a19fd48846b0
https://github.com/qemu/qemu/commit/9e1d668ba9783483284e081662b8a19fd48846b0
Author: Marcel Apfelbaum <address@hidden>
Date: 2014-05-05 (Mon, 05 May 2014)
Changed paths:
M include/hw/boards.h
Log Message:
-----------
machine: Remove obsoleted field from QEMUMachine
This field shouldn't be used any more since we
adopted the QOM way of iterating over the types.
The commit that obsoleted it is:
commit 261747f176f6f2d88f8268aaebfdd1a1afe887e2
vl: Use MachineClass instead of global QEMUMachine list
The machine registration flow is refactored to use the QOM functionality.
Instead of linking the machines into a list, each machine has a type
and the types can be traversed in the QOM way.
Signed-off-by: Marcel Apfelbaum <address@hidden>
Signed-off-by: Andreas Färber <address@hidden>
Commit: 00b4fbe27452ddc346f7f38d5690686166932588
https://github.com/qemu/qemu/commit/00b4fbe27452ddc346f7f38d5690686166932588
Author: Marcel Apfelbaum <address@hidden>
Date: 2014-05-05 (Mon, 05 May 2014)
Changed paths:
M hw/ppc/spapr.c
M include/hw/boards.h
M vl.c
Log Message:
-----------
machine: Copy QEMUMachine's fields to MachineClass
In order to eliminate the QEMUMachine indirection,
add its fields directly to MachineClass.
Do not yet remove qemu_machine field because it is
still in use by sPAPR.
Signed-off-by: Marcel Apfelbaum <address@hidden>
[AF: Copied fields for sPAPR, too]
Signed-off-by: Andreas Färber <address@hidden>
Commit: aaa663916d78aeb51a97842735052e7c8859dc9e
https://github.com/qemu/qemu/commit/aaa663916d78aeb51a97842735052e7c8859dc9e
Author: Marcel Apfelbaum <address@hidden>
Date: 2014-05-05 (Mon, 05 May 2014)
Changed paths:
M include/hw/boards.h
M vl.c
Log Message:
-----------
vl.c: Replace QEMUMachine with MachineClass in QEMUMachineInitArgs
QEMUMachine's fields are already in MachineClass. We can safely
make the switch because we copy them in machine_class_init() and
spapr_machine_class_init().
Signed-off-by: Marcel Apfelbaum <address@hidden>
Signed-off-by: Andreas Färber <address@hidden>
Commit: f1e298794daea46e7f52995887c865ac6ada10b9
https://github.com/qemu/qemu/commit/f1e298794daea46e7f52995887c865ac6ada10b9
Author: Marcel Apfelbaum <address@hidden>
Date: 2014-05-05 (Mon, 05 May 2014)
Changed paths:
M include/hw/boards.h
M include/hw/xen/xen.h
M include/qemu/typedefs.h
M include/sysemu/kvm.h
M include/sysemu/qtest.h
M kvm-all.c
M kvm-stub.c
M qtest.c
M vl.c
M xen-all.c
M xen-stub.c
Log Message:
-----------
machine: Replace QEMUMachine by MachineClass in accelerator configuration
This minimizes QEMUMachine usage, as part of machine QOM-ification.
Signed-off-by: Marcel Apfelbaum <address@hidden>
Signed-off-by: Andreas Färber <address@hidden>
Commit: 958db90cd54823c33345000c995453a8c9b7a005
https://github.com/qemu/qemu/commit/958db90cd54823c33345000c995453a8c9b7a005
Author: Marcel Apfelbaum <address@hidden>
Date: 2014-05-05 (Mon, 05 May 2014)
Changed paths:
M device-hotplug.c
M hw/ppc/spapr.c
M include/hw/boards.h
M qmp.c
M vl.c
Log Message:
-----------
machine: Remove QEMUMachine indirection from MachineClass
No need to go through qemu_machine field. Use
MachineClass fields directly.
Signed-off-by: Marcel Apfelbaum <address@hidden>
Signed-off-by: Andreas Färber <address@hidden>
Commit: 2f719f195cfdacb0cbc42ec03e5172eeefff1726
https://github.com/qemu/qemu/commit/2f719f195cfdacb0cbc42ec03e5172eeefff1726
Author: Markus Armbruster <address@hidden>
Date: 2014-05-05 (Mon, 05 May 2014)
Changed paths:
M hw/core/qdev-properties-system.c
M hw/dma/xilinx_axidma.c
M hw/net/xilinx_axienet.c
Log Message:
-----------
hw: Consistently name Error * objects err, and not errp
Signed-off-by: Markus Armbruster <address@hidden>
Signed-off-by: Andreas Färber <address@hidden>
Commit: a7737e4496aa3c1c8c3a4b4b9d5e44875fe21e12
https://github.com/qemu/qemu/commit/a7737e4496aa3c1c8c3a4b4b9d5e44875fe21e12
Author: Markus Armbruster <address@hidden>
Date: 2014-05-05 (Mon, 05 May 2014)
Changed paths:
M hw/core/qdev.c
M hw/intc/i8259.c
M hw/timer/i8254.c
Log Message:
-----------
hw: Consistently name Error ** objects errp, and not err
Signed-off-by: Markus Armbruster <address@hidden>
Signed-off-by: Andreas Färber <address@hidden>
Commit: 65cd9064e13f2388d3bd9c815826f5db6b0b13ec
https://github.com/qemu/qemu/commit/65cd9064e13f2388d3bd9c815826f5db6b0b13ec
Author: Markus Armbruster <address@hidden>
Date: 2014-05-05 (Mon, 05 May 2014)
Changed paths:
M backends/rng.c
M backends/tpm.c
M hw/core/qdev-properties.c
M hw/misc/tmp105.c
M hw/virtio/virtio-balloon.c
M target-i386/cpu.c
Log Message:
-----------
qom: Clean up fragile use of error_is_set() in set() methods
Using error_is_set(ERRP) to find out whether a function failed is
either wrong, fragile, or unnecessarily opaque. It's wrong when ERRP
may be null, because errors go undetected when it is. It's fragile
when proving ERRP non-null involves a non-local argument. Else, it's
unnecessarily opaque (see commit 84d18f0).
I guess the error_is_set(errp) in the ObjectProperty set() methods are
merely fragile right now, because I can't find a call chain that
passes a null errp argument.
Make the code more robust and more obviously correct: receive the
error in a local variable, then propagate it through the parameter.
Signed-off-by: Markus Armbruster <address@hidden>
Signed-off-by: Andreas Färber <address@hidden>
Commit: 0175ba109eb0c098a00903887328393c2e17d4ae
https://github.com/qemu/qemu/commit/0175ba109eb0c098a00903887328393c2e17d4ae
Author: Markus Armbruster <address@hidden>
Date: 2014-05-05 (Mon, 05 May 2014)
Changed paths:
M hw/intc/arm_gic.c
M hw/intc/arm_gic_kvm.c
M hw/intc/armv7m_nvic.c
Log Message:
-----------
arm: Clean up fragile use of error_is_set() in realize() methods
Using error_is_set(ERRP) to find out whether a function failed is
either wrong, fragile, or unnecessarily opaque. It's wrong when ERRP
may be null, because errors go undetected when it is. It's fragile
when proving ERRP non-null involves a non-local argument. Else, it's
unnecessarily opaque (see commit 84d18f0).
I guess the error_is_set(errp) in the DeviceClass realize() methods
are merely fragile right now, because I can't find a call chain that
passes a null errp argument.
Make the code more robust and more obviously correct: receive the
error in a local variable, then propagate it through the parameter.
Signed-off-by: Markus Armbruster <address@hidden>
Acked-by: Peter Maydell <address@hidden>
Signed-off-by: Andreas Färber <address@hidden>
Commit: 4688c94c1f59b8df45079391e26569d0615ab7af
https://github.com/qemu/qemu/commit/4688c94c1f59b8df45079391e26569d0615ab7af
Author: Andreas Färber <address@hidden>
Date: 2014-05-05 (Mon, 05 May 2014)
Changed paths:
M MAINTAINERS
Log Message:
-----------
MAINTAINERS: Document QOM
Invented by Anthony. Maintained through my qom-next tree lately.
Cc: Anthony Liguori <address@hidden>
Acked-by: Paolo Bonzini <address@hidden>
Acked-by: Peter Maydell <address@hidden>
Signed-off-by: Andreas Färber <address@hidden>
Commit: a7ded163dbe548075d65219c6189f059da2d99bb
https://github.com/qemu/qemu/commit/a7ded163dbe548075d65219c6189f059da2d99bb
Author: Andreas Färber <address@hidden>
Date: 2014-05-05 (Mon, 05 May 2014)
Changed paths:
M tests/libqtest.c
Log Message:
-----------
qtest: Assure that init_socket()'s listen() does not fail
In practice this seems very unlikely, so cleanup is neglected, as done
for bind().
Reviewed-by: Stefan Hajnoczi <address@hidden>
Signed-off-by: Andreas Färber <address@hidden>
Commit: a7d915f388355f5353f2b692a1abd7868b8307a1
https://github.com/qemu/qemu/commit/a7d915f388355f5353f2b692a1abd7868b8307a1
Author: Andreas Färber <address@hidden>
Date: 2014-05-05 (Mon, 05 May 2014)
Changed paths:
M tests/libqtest.c
Log Message:
-----------
qtest: Add error reporting to socket_accept()
We're not using the GLib infrastructure here, to allow cleaning up the
sockets. Still, knowing why a certain test run failed can be valuable.
Reviewed-by: Stefan Hajnoczi <address@hidden>
Signed-off-by: Andreas Färber <address@hidden>
Commit: 535b45631ad7176e10dab89d55443b5a096500b9
https://github.com/qemu/qemu/commit/535b45631ad7176e10dab89d55443b5a096500b9
Author: Andreas Färber <address@hidden>
Date: 2014-05-05 (Mon, 05 May 2014)
Changed paths:
M tests/libqtest.c
Log Message:
-----------
qtest: Be paranoid about accept() addrlen argument
POSIX specifies that address_len shall on output specify the length of
the stored address; it does not however specify whether it may get
updated on failure as well to, e.g., zero.
In case EINTR occurs, re-initialize the variable to the desired value.
Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Andreas Färber <address@hidden>
Commit: d7b50c0cc052f705eceb17018ff36a453a6c60c7
https://github.com/qemu/qemu/commit/d7b50c0cc052f705eceb17018ff36a453a6c60c7
Author: Andreas Färber <address@hidden>
Date: 2014-05-05 (Mon, 05 May 2014)
Changed paths:
M MAINTAINERS
M tests/Makefile
A tests/ac97-test.c
Log Message:
-----------
tests: Add ac97 qtest
Signed-off-by: Andreas Färber <address@hidden>
Commit: 8fa74c947df001d411452ea8e7d528e23235134d
https://github.com/qemu/qemu/commit/8fa74c947df001d411452ea8e7d528e23235134d
Author: Andreas Färber <address@hidden>
Date: 2014-05-05 (Mon, 05 May 2014)
Changed paths:
M MAINTAINERS
M tests/Makefile
A tests/es1370-test.c
Log Message:
-----------
tests: Add es1370 qtest
Signed-off-by: Andreas Färber <address@hidden>
Commit: fbaf445a899ec763cdd99f32c733ef2d080ff8ad
https://github.com/qemu/qemu/commit/fbaf445a899ec763cdd99f32c733ef2d080ff8ad
Author: Andreas Färber <address@hidden>
Date: 2014-05-05 (Mon, 05 May 2014)
Changed paths:
M MAINTAINERS
M tests/Makefile
A tests/intel-hda-test.c
Log Message:
-----------
tests: Add intel-hda qtests
Test both the ich6 and the ich9 version (cf. q35 config) and all the
codecs.
Cc: Gerd Hoffmann <address@hidden>
Signed-off-by: Andreas Färber <address@hidden>
Commit: efbf5df02007e6754593bd542296c4005a04d192
https://github.com/qemu/qemu/commit/efbf5df02007e6754593bd542296c4005a04d192
Author: Andreas Färber <address@hidden>
Date: 2014-05-05 (Mon, 05 May 2014)
Changed paths:
M tests/Makefile
A tests/ioh3420-test.c
Log Message:
-----------
tests: Add ioh3420 qtest
Signed-off-by: Andreas Färber <address@hidden>
Commit: cc900d34e7f298dd4b41c5626307de15416bb045
https://github.com/qemu/qemu/commit/cc900d34e7f298dd4b41c5626307de15416bb045
Author: Andreas Färber <address@hidden>
Date: 2014-05-05 (Mon, 05 May 2014)
Changed paths:
M MAINTAINERS
M tests/Makefile
A tests/usb-hcd-ehci-test.c
Log Message:
-----------
tests: Add EHCI qtest
Signed-off-by: Andreas Färber <address@hidden>
Commit: 848696bf353750899832c51005f1bd3540da5c29
https://github.com/qemu/qemu/commit/848696bf353750899832c51005f1bd3540da5c29
Author: Kirill Batuzov <address@hidden>
Date: 2014-05-05 (Mon, 05 May 2014)
Changed paths:
M hw/audio/adlib.c
M hw/display/qxl.c
M hw/display/qxl.h
M hw/display/vga.c
M hw/display/vga_int.h
M hw/dma/i82374.c
M hw/isa/isa-bus.c
M hw/ppc/prep.c
M hw/watchdog/wdt_ib700.c
Log Message:
-----------
PortioList: Store PortioList in device state
PortioList is an abstraction used for construction of MemoryRegionPortioList
from MemoryRegionPortio. It can be used later to unmap created memory regions.
It also requires proper cleanup because some of the memory inside is allocated
dynamically.
By moving PortioList ot device state we make it possible to cleanup later and
avoid leaking memory.
This change spans several target platforms. The following testcases cover all
changed lines:
qemu-system-ppc -M prep
qemu-system-i386 -vga qxl
qemu-system-i386 -M isapc -soundhw adlib -device ib700,id=watchdog0,bus=isa.0
Signed-off-by: Kirill Batuzov <address@hidden>
Reviewed-by: Paolo Bonzini <address@hidden>
Signed-off-by: Andreas Färber <address@hidden>
Commit: 7f8fea8b3d31ca396eb3c88bf97b543a86773774
https://github.com/qemu/qemu/commit/7f8fea8b3d31ca396eb3c88bf97b543a86773774
Author: Peter Maydell <address@hidden>
Date: 2014-05-07 (Wed, 07 May 2014)
Changed paths:
M MAINTAINERS
M backends/rng.c
M backends/tpm.c
M device-hotplug.c
M hw/audio/adlib.c
M hw/core/qdev-properties-system.c
M hw/core/qdev-properties.c
M hw/core/qdev.c
M hw/display/qxl.c
M hw/display/qxl.h
M hw/display/vga.c
M hw/display/vga_int.h
M hw/dma/i82374.c
M hw/dma/xilinx_axidma.c
M hw/intc/arm_gic.c
M hw/intc/arm_gic_kvm.c
M hw/intc/armv7m_nvic.c
M hw/intc/i8259.c
M hw/isa/isa-bus.c
M hw/misc/tmp105.c
M hw/net/xilinx_axienet.c
M hw/ppc/prep.c
M hw/ppc/spapr.c
M hw/timer/i8254.c
M hw/virtio/virtio-balloon.c
M hw/watchdog/wdt_ib700.c
M include/hw/boards.h
M include/hw/xen/xen.h
M include/qemu/typedefs.h
M include/sysemu/kvm.h
M include/sysemu/qtest.h
M kvm-all.c
M kvm-stub.c
M qdev-monitor.c
M qmp.c
M qtest.c
M target-i386/cpu.c
M tests/Makefile
A tests/ac97-test.c
A tests/es1370-test.c
A tests/intel-hda-test.c
A tests/ioh3420-test.c
M tests/libqtest.c
A tests/usb-hcd-ehci-test.c
M vl.c
M xen-all.c
M xen-stub.c
Log Message:
-----------
Merge remote-tracking branch 'remotes/afaerber/tags/qom-devices-for-peter'
into staging
QOM/QTest infrastructure fixes and device conversions
* -device / device_add assertion fix
* QEMUMachine conversion to MachineClass
* Device error handling improvements
* QTest cleanups and test cases for some more PCI devices
* PortIO memory leak fixes
# gpg: Signature made Mon 05 May 2014 19:59:16 BST using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <address@hidden>"
# gpg: aka "Andreas Färber <address@hidden>"
* remotes/afaerber/tags/qom-devices-for-peter:
PortioList: Store PortioList in device state
tests: Add EHCI qtest
tests: Add ioh3420 qtest
tests: Add intel-hda qtests
tests: Add es1370 qtest
tests: Add ac97 qtest
qtest: Be paranoid about accept() addrlen argument
qtest: Add error reporting to socket_accept()
qtest: Assure that init_socket()'s listen() does not fail
MAINTAINERS: Document QOM
arm: Clean up fragile use of error_is_set() in realize() methods
qom: Clean up fragile use of error_is_set() in set() methods
hw: Consistently name Error ** objects errp, and not err
hw: Consistently name Error * objects err, and not errp
machine: Remove QEMUMachine indirection from MachineClass
machine: Replace QEMUMachine by MachineClass in accelerator configuration
vl.c: Replace QEMUMachine with MachineClass in QEMUMachineInitArgs
machine: Copy QEMUMachine's fields to MachineClass
machine: Remove obsoleted field from QEMUMachine
qdev: Fix crash by validating the object type
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/951916d02c59...7f8fea8b3d31
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] ce0abc: qdev: Fix crash by validating the object type,
GitHub <=