Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/806653/?format=api
{ "id": 806653, "url": "http://patchwork.ozlabs.org/api/patches/806653/?format=api", "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/patch/1503938085-169486-1-git-send-email-imammedo@redhat.com/", "project": { "id": 14, "url": "http://patchwork.ozlabs.org/api/projects/14/?format=api", "name": "QEMU Development", "link_name": "qemu-devel", "list_id": "qemu-devel.nongnu.org", "list_email": "qemu-devel@nongnu.org", "web_url": "", "scm_url": "", "webscm_url": "", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<1503938085-169486-1-git-send-email-imammedo@redhat.com>", "list_archive_url": null, "date": "2017-08-28T16:34:45", "name": "[for-2.11] ide: ahci: unparent children buses before freeing their memory", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "006ce512c4f480f95a5a6fdd39e0a3d3a3ce3ee9", "submitter": { "id": 11305, "url": "http://patchwork.ozlabs.org/api/people/11305/?format=api", "name": "Igor Mammedov", "email": "imammedo@redhat.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/qemu-devel/patch/1503938085-169486-1-git-send-email-imammedo@redhat.com/mbox/", "series": [ { "id": 212, "url": "http://patchwork.ozlabs.org/api/series/212/?format=api", "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/list/?series=212", "date": "2017-08-28T16:34:45", "name": "[for-2.11] ide: ahci: unparent children buses before freeing their memory", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/212/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/806653/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/806653/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@bilbo.ozlabs.org", "Authentication-Results": [ "ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=nongnu.org\n\t(client-ip=2001:4830:134:3::11; helo=lists.gnu.org;\n\tenvelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n\treceiver=<UNKNOWN>)", "ext-mx04.extmail.prod.ext.phx2.redhat.com;\n\tdmarc=none (p=none dis=none) header.from=redhat.com", "ext-mx04.extmail.prod.ext.phx2.redhat.com;\n\tspf=fail smtp.mailfrom=imammedo@redhat.com" ], "Received": [ "from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11])\n\t(using TLSv1 with cipher AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xgy746fY8z9s1h\n\tfor <incoming@patchwork.ozlabs.org>;\n\tTue, 29 Aug 2017 02:35:27 +1000 (AEST)", "from localhost ([::1]:40595 helo=lists.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.71) (envelope-from\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)\n\tid 1dmN0U-0000xN-JA\n\tfor incoming@patchwork.ozlabs.org; Mon, 28 Aug 2017 12:35:22 -0400", "from eggs.gnu.org ([2001:4830:134:3::10]:43568)\n\tby lists.gnu.org with esmtp (Exim 4.71)\n\t(envelope-from <imammedo@redhat.com>) id 1dmN08-0000vI-LP\n\tfor qemu-devel@nongnu.org; Mon, 28 Aug 2017 12:35:02 -0400", "from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)\n\t(envelope-from <imammedo@redhat.com>) id 1dmN07-0005yD-HL\n\tfor qemu-devel@nongnu.org; Mon, 28 Aug 2017 12:35:00 -0400", "from mx1.redhat.com ([209.132.183.28]:59824)\n\tby eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)\n\t(Exim 4.71) (envelope-from <imammedo@redhat.com>)\n\tid 1dmN01-0005Vx-L7; Mon, 28 Aug 2017 12:34:53 -0400", "from smtp.corp.redhat.com\n\t(int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13])\n\t(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby mx1.redhat.com (Postfix) with ESMTPS id 7E5C17EA84;\n\tMon, 28 Aug 2017 16:34:52 +0000 (UTC)", "from dell-r430-03.lab.eng.brq.redhat.com\n\t(dell-r430-03.lab.eng.brq.redhat.com [10.34.112.60])\n\tby smtp.corp.redhat.com (Postfix) with ESMTP id 5C2CF60605;\n\tMon, 28 Aug 2017 16:34:46 +0000 (UTC)" ], "DMARC-Filter": "OpenDMARC Filter v1.3.2 mx1.redhat.com 7E5C17EA84", "From": "Igor Mammedov <imammedo@redhat.com>", "To": "qemu-devel@nongnu.org", "Date": "Mon, 28 Aug 2017 18:34:45 +0200", "Message-Id": "<1503938085-169486-1-git-send-email-imammedo@redhat.com>", "X-Scanned-By": "MIMEDefang 2.79 on 10.5.11.13", "X-Greylist": "Sender IP whitelisted, not delayed by milter-greylist-4.5.16\n\t(mx1.redhat.com [10.5.110.28]);\n\tMon, 28 Aug 2017 16:34:52 +0000 (UTC)", "X-detected-operating-system": "by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]\n\t[fuzzy]", "X-Received-From": "209.132.183.28", "Subject": "[Qemu-devel] [PATCH for-2.11] ide: ahci: unparent children buses\n\tbefore freeing their memory", "X-BeenThere": "qemu-devel@nongnu.org", "X-Mailman-Version": "2.1.21", "Precedence": "list", "List-Id": "<qemu-devel.nongnu.org>", "List-Unsubscribe": "<https://lists.nongnu.org/mailman/options/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>", "List-Archive": "<http://lists.nongnu.org/archive/html/qemu-devel/>", "List-Post": "<mailto:qemu-devel@nongnu.org>", "List-Help": "<mailto:qemu-devel-request@nongnu.org?subject=help>", "List-Subscribe": "<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=subscribe>", "Cc": "thuth@redhat.com, jsnow@redhat.com, f4bug@amsat.org,\n\tqemu-block@nongnu.org, mst@redhat.com", "Errors-To": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org", "Sender": "\"Qemu-devel\"\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>" }, "content": "Fixes read after freeing error reported\n https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04243.html\n Message-Id: <59a56959-ca12-ea75-33fa-ff07eba1b090@redhat.com>\n\nich9-ahci device creates ide buses and attaches them as QOM children\nat realize time, however it forgets to properly clean them up\nat unrealize time and frees memory containing these children,\nwith following call-chain:\n\n qdev_device_add()\n object_property_set_bool('realized', true)\n device_set_realized()\n ...\n pci_qdev_realize() -> pci_ich9_ahci_realize() -> ahci_realize()\n ...\n s->dev = g_new0(AHCIDevice, ports);\n ...\n AHCIDevice *ad = &s->dev[i];\n ide_bus_new(&ad->port, sizeof(ad->port), qdev, i, 1);\n ^^^ creates bus in memory allocated by above gnew()\n and adds it as child propety to ahci device\n ...\n hotplug_handler_plug(); -> goto post_realize_fail;\n pci_qdev_unrealize() -> pci_ich9_uninit() -> ahci_uninit()\n ...\n g_free(s->dev);\n ^^^ free memory that holds children busses\n\n return with error from device_set_realized()\n\nAs result later when qdev_device_add() tries to unparent ich9-ahci\nafter failed device_set_realized(),\n object_unparent() -> object_property_del_child()\niterates over existing QOM children including buses added by\nide_bus_new() and tries to unparent them, which causes access to\nfreed memory where they where located.\n\nReported-by: Thomas Huth <thuth@redhat.com>\nSigned-off-by: Igor Mammedov <imammedo@redhat.com>\n---\n hw/ide/ahci.c | 1 +\n 1 file changed, 1 insertion(+)", "diff": "diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c\nindex 406a1b5..ccbe091 100644\n--- a/hw/ide/ahci.c\n+++ b/hw/ide/ahci.c\n@@ -1495,6 +1495,7 @@ void ahci_uninit(AHCIState *s)\n \n ide_exit(s);\n }\n+ object_unparent(OBJECT(&ad->port));\n }\n \n g_free(s->dev);\n", "prefixes": [ "for-2.11" ] }