[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 955f5c: ide: ahci: unparent children buses be
|
From: |
GitHub |
|
Subject: |
[Qemu-commits] [qemu/qemu] 955f5c: ide: ahci: unparent children buses before freeing ... |
|
Date: |
Tue, 19 Sep 2017 03:02:42 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: 955f5c7ba127746345a3d43b4d7c885ca159ae6b
https://github.com/qemu/qemu/commit/955f5c7ba127746345a3d43b4d7c885ca159ae6b
Author: Igor Mammedov <address@hidden>
Date: 2017-09-18 (Mon, 18 Sep 2017)
Changed paths:
M hw/ide/ahci.c
Log Message:
-----------
ide: ahci: unparent children buses before freeing their memory
Fixes read after freeing error reported
https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04243.html
Message-Id: <address@hidden>
ich9-ahci device creates ide buses and attaches them as QOM children
at realize time, however it forgets to properly clean them up
at unrealize time and frees memory containing these children,
with following call-chain:
qdev_device_add()
object_property_set_bool('realized', true)
device_set_realized()
...
pci_qdev_realize() -> pci_ich9_ahci_realize() -> ahci_realize()
...
s->dev = g_new0(AHCIDevice, ports);
...
AHCIDevice *ad = &s->dev[i];
ide_bus_new(&ad->port, sizeof(ad->port), qdev, i, 1);
^^^ creates bus in memory allocated by above gnew()
and adds it as child propety to ahci device
...
hotplug_handler_plug(); -> goto post_realize_fail;
pci_qdev_unrealize() -> pci_ich9_uninit() -> ahci_uninit()
...
g_free(s->dev);
^^^ free memory that holds children busses
return with error from device_set_realized()
As result later when qdev_device_add() tries to unparent ich9-ahci
after failed device_set_realized(),
object_unparent() -> object_property_del_child()
iterates over existing QOM children including buses added by
ide_bus_new() and tries to unparent them, which causes access to
freed memory where they where located.
Reported-by: Thomas Huth <address@hidden>
Signed-off-by: Igor Mammedov <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Tested-by: Thomas Huth <address@hidden>
Reviewed-by: John Snow <address@hidden>
Message-id: address@hidden
Signed-off-by: John Snow <address@hidden>
Commit: 4c93950659487c7ad4f85571ee78524c1e3a94b3
https://github.com/qemu/qemu/commit/4c93950659487c7ad4f85571ee78524c1e3a94b3
Author: Thomas Huth <address@hidden>
Date: 2017-09-18 (Mon, 18 Sep 2017)
Changed paths:
M hw/ide/microdrive.c
Log Message:
-----------
hw/ide/microdrive: Mark the dscm1xxxx device with user_creatable = false
QEMU currently aborts with an assertion message when the user is trying
to remove a dscm1xxxx again:
$ aarch64-softmmu/qemu-system-aarch64 -S -M integratorcp -nographic
QEMU 2.9.93 monitor - type 'help' for more information
(qemu) device_add dscm1xxxx,id=xyz
(qemu) device_del xyz
**
ERROR:qemu/qdev-monitor.c:872:qdev_unplug: assertion failed: (hotplug_ctrl)
Aborted (core dumped)
Looks like this device has to be wired up in code and is not meant
to be hot-pluggable, so let's mark it with user_creatable = false.
Signed-off-by: Thomas Huth <address@hidden>
Reviewed-by: John Snow <address@hidden>
Message-id: address@hidden
Signed-off-by: John Snow <address@hidden>
Commit: 3eee2611dd89b2713eab4e33a6195add1fa6af32
https://github.com/qemu/qemu/commit/3eee2611dd89b2713eab4e33a6195add1fa6af32
Author: John Snow <address@hidden>
Date: 2017-09-18 (Mon, 18 Sep 2017)
Changed paths:
M Makefile.objs
M hw/ide/cmd646.c
M hw/ide/core.c
M hw/ide/pci.c
M hw/ide/piix.c
A hw/ide/trace-events
M hw/ide/via.c
M include/hw/ide/internal.h
Log Message:
-----------
IDE: replace DEBUG_IDE with tracing system
Remove the DEBUG_IDE preprocessor definition with something more
appropriately flexible, using the trace-events subsystem.
This will be less prone to bitrot and will more effectively allow
us to target just the functions we care about.
Signed-off-by: John Snow <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Reviewed-by: Stefan Hajnoczi <address@hidden>
Message-id: address@hidden
Signed-off-by: John Snow <address@hidden>
Commit: 335ca2f2f0f540c2e24fb9d4d58593222ed40708
https://github.com/qemu/qemu/commit/335ca2f2f0f540c2e24fb9d4d58593222ed40708
Author: John Snow <address@hidden>
Date: 2017-09-18 (Mon, 18 Sep 2017)
Changed paths:
M hw/ide/core.c
M hw/ide/trace-events
Log Message:
-----------
IDE: Add register hints to tracing
Name the registers for tracing purposes.
Signed-off-by: John Snow <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Reviewed-by: Stefan Hajnoczi <address@hidden>
Message-id: address@hidden
Signed-off-by: John Snow <address@hidden>
Commit: 1787efc3d217ae513b45f7f965cdf3f751bc8c3c
https://github.com/qemu/qemu/commit/1787efc3d217ae513b45f7f965cdf3f751bc8c3c
Author: John Snow <address@hidden>
Date: 2017-09-18 (Mon, 18 Sep 2017)
Changed paths:
M hw/ide/core.c
M hw/ide/trace-events
Log Message:
-----------
IDE: add tracing for data ports
To be used sparingly, but still interesting in the case of small
firmwares designed to reproduce bugs in QEMU IDE.
Signed-off-by: John Snow <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Reviewed-by: Stefan Hajnoczi <address@hidden>
Message-id: address@hidden
Signed-off-by: John Snow <address@hidden>
Commit: 82a13ff821a785357a0ce6ed4d51cc85bcc993e9
https://github.com/qemu/qemu/commit/82a13ff821a785357a0ce6ed4d51cc85bcc993e9
Author: John Snow <address@hidden>
Date: 2017-09-18 (Mon, 18 Sep 2017)
Changed paths:
M hw/ide/atapi.c
M hw/ide/trace-events
M include/hw/ide/internal.h
Log Message:
-----------
ATAPI: Replace DEBUG_IDE_ATAPI with tracing events
As part of the ongoing effort to modernize the tracing facilities for
the IDE family of devices, remove PRINTFs in the ATAPI device with
actual tracing events.
Signed-off-by: John Snow <address@hidden>
Reviewed-by: Stefan Hajnoczi <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Message-id: address@hidden
Signed-off-by: John Snow <address@hidden>
Commit: 0e168d35519ee04590a439cd6631f53cd954edd0
https://github.com/qemu/qemu/commit/0e168d35519ee04590a439cd6631f53cd954edd0
Author: John Snow <address@hidden>
Date: 2017-09-18 (Mon, 18 Sep 2017)
Changed paths:
M hw/ide/atapi.c
M hw/ide/core.c
M hw/ide/trace-events
M include/hw/ide/internal.h
Log Message:
-----------
IDE: replace DEBUG_AIO with trace events
Signed-off-by: John Snow <address@hidden>
Reviewed-by: Stefan Hajnoczi <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Message-id: address@hidden
[Edited enum conditional for Clang --js]
Signed-off-by: John Snow <address@hidden>
Commit: e4baa9f00b9ddf47ac2811eb58a3931434b848f7
https://github.com/qemu/qemu/commit/e4baa9f00b9ddf47ac2811eb58a3931434b848f7
Author: John Snow <address@hidden>
Date: 2017-09-18 (Mon, 18 Sep 2017)
Changed paths:
M hw/ide/ahci.c
M hw/ide/trace-events
Log Message:
-----------
AHCI: Replace DPRINTF with trace-events
There are a few hangers-on that will be dealt with individually
in forthcoming patches.
Signed-off-by: John Snow <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Reviewed-by: Stefan Hajnoczi <address@hidden>
Message-id: address@hidden
Signed-off-by: John Snow <address@hidden>
Commit: 5fa0feecaa5c1e05b6bed0e9684b78ae15f0e755
https://github.com/qemu/qemu/commit/5fa0feecaa5c1e05b6bed0e9684b78ae15f0e755
Author: John Snow <address@hidden>
Date: 2017-09-18 (Mon, 18 Sep 2017)
Changed paths:
M hw/ide/ahci.c
M hw/ide/ahci_internal.h
M hw/ide/trace-events
Log Message:
-----------
AHCI: Rework IRQ constants
Create a new enum so that we can name the IRQ bits, which will make debugging
them a little nicer if we can print them out. Not handled in this patch, but
this will make it possible to get a nice debug printf detailing exactly which
status bits are set, as it can be multiple at any given time.
As a consequence of this patch, it is no longer possible to set multiple IRQ
codes at once, but nothing was utilizing this ability anyway.
Signed-off-by: John Snow <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Reviewed-by: Stefan Hajnoczi <address@hidden>
Message-id: address@hidden
Signed-off-by: John Snow <address@hidden>
Commit: 797285c8db3b9216186004beaad4aac4b70a43c0
https://github.com/qemu/qemu/commit/797285c8db3b9216186004beaad4aac4b70a43c0
Author: John Snow <address@hidden>
Date: 2017-09-18 (Mon, 18 Sep 2017)
Changed paths:
M hw/ide/ahci.c
M hw/ide/trace-events
Log Message:
-----------
AHCI: pretty-print FIS to buffer instead of stderr
The current FIS printing routines dump the FIS to screen. adjust this
such that it dumps to buffer instead, then use this ability to have
FIS dump mechanisms via trace-events instead of compiled defines.
Signed-off-by: John Snow <address@hidden>
Reviewed-by: Stefan Hajnoczi <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Message-id: address@hidden
Signed-off-by: John Snow <address@hidden>
Commit: ac8d9f2e4ca290ecc87abb3b09fb10c21c41d281
https://github.com/qemu/qemu/commit/ac8d9f2e4ca290ecc87abb3b09fb10c21c41d281
Author: John Snow <address@hidden>
Date: 2017-09-18 (Mon, 18 Sep 2017)
Changed paths:
M hw/ide/ahci.c
Log Message:
-----------
AHCI: remove DPRINTF macro
Signed-off-by: John Snow <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Tested-by: Philippe Mathieu-Daudé <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Reviewed-by: Stefan Hajnoczi <address@hidden>
Message-id: address@hidden
Signed-off-by: John Snow <address@hidden>
Commit: 794939e81d4c61d86298402a2e9913dc74b55a8e
https://github.com/qemu/qemu/commit/794939e81d4c61d86298402a2e9913dc74b55a8e
Author: Mao Zhongyi <address@hidden>
Date: 2017-09-18 (Mon, 18 Sep 2017)
Changed paths:
M hw/ide/core.c
M hw/ide/qdev.c
M include/hw/ide/internal.h
M tests/qemu-iotests/051.pc.out
Log Message:
-----------
hw/ide: Convert DeviceClass init to realize
Replace init with realize in IDEDeviceClass, which has errp
as a parameter. So all the implementations now use error_setg
instead of error_report for reporting error.
Cc: John Snow <address@hidden>
Cc: Markus Armbruster <address@hidden>
Cc: Kevin Wolf <address@hidden>
Cc: Max Reitz <address@hidden>
Signed-off-by: Mao Zhongyi <address@hidden>
Reviewed-by: John Snow <address@hidden>
Message-id: address@hidden
Signed-off-by: John Snow <address@hidden>
Commit: ae34fce5f94e93a68c879fe6179d4bcd9ee915d7
https://github.com/qemu/qemu/commit/ae34fce5f94e93a68c879fe6179d4bcd9ee915d7
Author: Mao Zhongyi <address@hidden>
Date: 2017-09-18 (Mon, 18 Sep 2017)
Changed paths:
M hw/block/fdc.c
M tests/qemu-iotests/172.out
Log Message:
-----------
hw/block/fdc: Convert to realize
Convert floppy_drive_init() to realize and rename it to
floppy_drive_realize().
Cc: John Snow <address@hidden>
Cc: Kevin Wolf <address@hidden>
Cc: Max Reitz <address@hidden>
Cc: Markus Armbruster <address@hidden>
Signed-off-by: Mao Zhongyi <address@hidden>
Reviewed-by: John Snow <address@hidden>
Message-id: address@hidden
Signed-off-by: John Snow <address@hidden>
Commit: 11e06ce1ed28fd0ffcbc1e2436b72f3412b4ecc8
https://github.com/qemu/qemu/commit/11e06ce1ed28fd0ffcbc1e2436b72f3412b4ecc8
Author: Peter Maydell <address@hidden>
Date: 2017-09-19 (Tue, 19 Sep 2017)
Changed paths:
M Makefile.objs
M hw/block/fdc.c
M hw/ide/ahci.c
M hw/ide/ahci_internal.h
M hw/ide/atapi.c
M hw/ide/cmd646.c
M hw/ide/core.c
M hw/ide/microdrive.c
M hw/ide/pci.c
M hw/ide/piix.c
M hw/ide/qdev.c
A hw/ide/trace-events
M hw/ide/via.c
M include/hw/ide/internal.h
M tests/qemu-iotests/051.pc.out
M tests/qemu-iotests/172.out
Log Message:
-----------
Merge remote-tracking branch 'remotes/jnsnow/tags/ide-pull-request' into
staging
# gpg: Signature made Tue 19 Sep 2017 01:10:40 BST
# gpg: using RSA key 0x7DEF8106AAFC390E
# gpg: Good signature from "John Snow (John Huston) <address@hidden>"
# Primary key fingerprint: FAEB 9711 A12C F475 812F 18F2 88A9 064D 1835 61EB
# Subkey fingerprint: F9B7 ABDB BCAC DF95 BE76 CBD0 7DEF 8106 AAFC 390E
* remotes/jnsnow/tags/ide-pull-request:
hw/block/fdc: Convert to realize
hw/ide: Convert DeviceClass init to realize
AHCI: remove DPRINTF macro
AHCI: pretty-print FIS to buffer instead of stderr
AHCI: Rework IRQ constants
AHCI: Replace DPRINTF with trace-events
IDE: replace DEBUG_AIO with trace events
ATAPI: Replace DEBUG_IDE_ATAPI with tracing events
IDE: add tracing for data ports
IDE: Add register hints to tracing
IDE: replace DEBUG_IDE with tracing system
hw/ide/microdrive: Mark the dscm1xxxx device with user_creatable = false
ide: ahci: unparent children buses before freeing their memory
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/a9158a5cba95...11e06ce1ed28
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] 955f5c: ide: ahci: unparent children buses before freeing ...,
GitHub <=