Patchwork [semi-urgent,v2] linux-user: Fix exit syscall with QOM CPU

login
register
mail settings
Submitter Andreas Färber
Date April 15, 2012, 4:51 p.m.
Message ID <1334508661-13492-1-git-send-email-afaerber@suse.de>
Download mbox | patch
Permalink /patch/152663/
State New
Headers show

Comments

Andreas Färber - April 15, 2012, 4:51 p.m.
For QOM'ified CPUs we cannot g_free() CPUArchState, we must
object_delete() the object it is embedded into.

Fixes LP#982321 (invalid free() while executing pacman with qemu-arm).

Reported-by: Serge Schneider <serge@xecdesign.com>
Reported-by: Russell Keith Davis <russell@russelldavis.org>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Serge Schneider <serge@xecdesign.com>
Tested-by: Russell Keith Davis <russell@russelldavis.org>
---
 Blue, can you please apply this fix before more targets get converted and
 run into regressions? Thanks! (ppc PULL coming up)
 
 linux-user/syscall.c |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)
Blue Swirl - April 15, 2012, 6:35 p.m.
On Sun, Apr 15, 2012 at 16:51, Andreas Färber <afaerber@suse.de> wrote:
> For QOM'ified CPUs we cannot g_free() CPUArchState, we must
> object_delete() the object it is embedded into.
>
> Fixes LP#982321 (invalid free() while executing pacman with qemu-arm).
>
> Reported-by: Serge Schneider <serge@xecdesign.com>
> Reported-by: Russell Keith Davis <russell@russelldavis.org>
> Signed-off-by: Andreas Färber <afaerber@suse.de>
> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
> Tested-by: Serge Schneider <serge@xecdesign.com>
> Tested-by: Russell Keith Davis <russell@russelldavis.org>
> ---
>  Blue, can you please apply this fix before more targets get converted and
>  run into regressions? Thanks! (ppc PULL coming up)

Thanks, applied.

>
>  linux-user/syscall.c |    4 ++++
>  1 files changed, 4 insertions(+), 0 deletions(-)
>
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index 8a92162..7128618 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -5045,7 +5045,11 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
>                         NULL, NULL, 0);
>           }
>           thread_env = NULL;
> +#ifdef ENV_GET_CPU
> +          object_delete(OBJECT(ENV_GET_CPU(cpu_env)));
> +#else
>           g_free(cpu_env);
> +#endif
>           g_free(ts);
>           pthread_exit(NULL);
>       }
> --
> 1.7.7
>

Patch

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 8a92162..7128618 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -5045,7 +5045,11 @@  abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
                         NULL, NULL, 0);
           }
           thread_env = NULL;
+#ifdef ENV_GET_CPU
+          object_delete(OBJECT(ENV_GET_CPU(cpu_env)));
+#else
           g_free(cpu_env);
+#endif
           g_free(ts);
           pthread_exit(NULL);
       }