[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-stable] [PATCH 24/43] PPC: Fix crash on spapr_tce_table_finalize()
|
From: |
Michael Roth |
|
Subject: |
[Qemu-stable] [PATCH 24/43] PPC: Fix crash on spapr_tce_table_finalize() |
|
Date: |
Tue, 24 Feb 2015 15:47:59 -0600 |
From: David Gibson <address@hidden>
spapr_tce_table_finalize() can SEGV if the object was not previously
realized. In particular this can be triggered by running
qemu-system-ppc -device spapr-tce-table,?
The basic problem is that we have mismatched initialization versus
finalization: spapr_tce_table_finalize() is attempting to undo things that
are done in spapr_tce_table_realize(), not an instance_init function.
Therefore, replace spapr_tce_table_finalize() with
spapr_tce_table_unrealize().
Signed-off-by: David Gibson <address@hidden>
Cc: address@hidden
Signed-off-by: Alexander Graf <address@hidden>
(cherry picked from commit 5f9490de566c5b092a6cfedc3c7a37a9c9dee917)
Signed-off-by: Michael Roth <address@hidden>
---
hw/ppc/spapr_iommu.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/hw/ppc/spapr_iommu.c b/hw/ppc/spapr_iommu.c
index 6c91d8e..da47474 100644
--- a/hw/ppc/spapr_iommu.c
+++ b/hw/ppc/spapr_iommu.c
@@ -173,9 +173,9 @@ sPAPRTCETable *spapr_tce_new_table(DeviceState *owner,
uint32_t liobn,
return tcet;
}
-static void spapr_tce_table_finalize(Object *obj)
+static void spapr_tce_table_unrealize(DeviceState *dev, Error **errp)
{
- sPAPRTCETable *tcet = SPAPR_TCE_TABLE(obj);
+ sPAPRTCETable *tcet = SPAPR_TCE_TABLE(dev);
QLIST_REMOVE(tcet, list);
@@ -420,6 +420,7 @@ static void spapr_tce_table_class_init(ObjectClass *klass,
void *data)
DeviceClass *dc = DEVICE_CLASS(klass);
dc->init = spapr_tce_table_realize;
dc->reset = spapr_tce_reset;
+ dc->unrealize = spapr_tce_table_unrealize;
QLIST_INIT(&spapr_tce_tables);
@@ -435,7 +436,6 @@ static TypeInfo spapr_tce_table_info = {
.parent = TYPE_DEVICE,
.instance_size = sizeof(sPAPRTCETable),
.class_init = spapr_tce_table_class_init,
- .instance_finalize = spapr_tce_table_finalize,
};
static void register_types(void)
--
1.9.1
- [Qemu-stable] [PATCH 17/43] block: Don't probe for unknown backing file format, (continued)
- [Qemu-stable] [PATCH 17/43] block: Don't probe for unknown backing file format, Michael Roth, 2015/02/24
- [Qemu-stable] [PATCH 16/43] qcow2.py: Add required padding for header extensions, Michael Roth, 2015/02/24
- [Qemu-stable] [PATCH 18/43] linuxboot: fix loading old kernels, Michael Roth, 2015/02/24
- [Qemu-stable] [PATCH 12/43] qcow2: Respect bdrv_truncate() error, Michael Roth, 2015/02/24
- [Qemu-stable] [PATCH 19/43] audio: Don't free hw resources until after hw backend is stopped, Michael Roth, 2015/02/24
- [Qemu-stable] [PATCH 23/43] atomic: fix position of volatile qualifier, Michael Roth, 2015/02/24
- [Qemu-stable] [PATCH 01/43] block: Make essential BlockDriver objects public, Michael Roth, 2015/02/24
- [Qemu-stable] [PATCH 22/43] migration/block: fix pending() return value, Michael Roth, 2015/02/24
- [Qemu-stable] [PATCH 21/43] target-xtensa: test cross-page opcode, Michael Roth, 2015/02/24
- [Qemu-stable] [PATCH 15/43] qcow2: Fix header extension size check, Michael Roth, 2015/02/24
- [Qemu-stable] [PATCH 24/43] PPC: Fix crash on spapr_tce_table_finalize(),
Michael Roth <=
- [Qemu-stable] [PATCH 26/43] serial: reset thri_pending on IER writes with THRI=0, Michael Roth, 2015/02/24
- [Qemu-stable] [PATCH 25/43] vl.c: fix regression when reading machine type from config file, Michael Roth, 2015/02/24
- [Qemu-stable] [PATCH 20/43] target-xtensa: fix translation for opcodes crossing page boundary, Michael Roth, 2015/02/24
- [Qemu-stable] [PATCH 27/43] serial: refine serial_thr_ipending_needed, Michael Roth, 2015/02/24
- [Qemu-stable] [PATCH 29/43] linux-user: Fix broken m68k signal handling on 64 bit hosts, Michael Roth, 2015/02/24
[Qemu-stable] [PATCH 28/43] pckbd: set bits 2-3-6-7 of the output port by default, Michael Roth, 2015/02/24