| Message ID | 1452873871-138914-1-git-send-email-pbonzini@redhat.com |
|---|---|
| State | New |
| Headers | show |
From: P J P <ppandit@redhat.com>
Hello,
A null pointer dereference issue was reported by Mr Ling Liu, CC'd here. It
occurs while doing I/O port write operations via hmp interface. In that,
'current_cpu' remains null as it is not called from cpu_exec loop, which
results in the said issue.
Below is a proposed (tested)patch to fix this issue; Does it look okay?
===
Did 'git send-email' get confused? This has no contents, and then there is a message "[Qemu-devel] [PULL] i386: avoid null pointer dereference" with no mention of where it fits in the series (presumably 3/15). On 01/15/2016 09:04 AM, Paolo Bonzini wrote: > From: P J P <ppandit@redhat.com> > > Hello, > > A null pointer dereference issue was reported by Mr Ling Liu, CC'd here. It > occurs while doing I/O port write operations via hmp interface. In that, > 'current_cpu' remains null as it is not called from cpu_exec loop, which > results in the said issue. > > Below is a proposed (tested)patch to fix this issue; Does it look okay? > > === > >
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 15/01/2016 17:53, Eric Blake wrote: > Did 'git send-email' get confused? This has no contents, and then > there is a message "[Qemu-devel] [PULL] i386: avoid null pointer > dereference" with no mention of where it fits in the series > (presumably 3/15). This is probably due to the original patch being formatted badly, and my workload assuming that a patch series or pull request can be manipulated as a single mbox file. Paolo -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJWmSe5AAoJEL/70l94x66DUiUH/18ishjBK0cp8gln3VY6Qiih akKIcQ5I4tq5/U9ChqQPyc1OgfF/ocYIZh0iJLuNn9PKxEm59tIhHC+ZZIvZI16V CdWZDhJqyYUhu/Vz34UzhWbtXdZG8mVJgTj8eBHCd62V9eMMySKQ1wQg7C6FnDqe RuzsE7U/N/ZKCGbkZgzrU685u2uWd1v+dOZ2kiODzvBqA3hqVb6phJ1PxsPTm22E Erc7VE8nuNQDByeUKhWx4gHE67e8OZTBOK9dJ3bUgk7hP1caSzmjNUBrP2eqxFPx Dku+/92UJ4yHXu/LZqW0yLXB50Z0cObw50oX5jvdZ3ZSWlp+pNm3GI3rduPmvi4= =SoPv -----END PGP SIGNATURE-----
On 15 January 2016 at 16:04, Paolo Bonzini <pbonzini@redhat.com> wrote: > The following changes since commit f02ccf53693758b65843264e077f90cf295e7d98: > > disas/libvixl: Really suppress gcc 4.6.3 sign-compare warnings (2016-01-14 17:57:51 +0000) > > are available in the git repository at: > > git://github.com/bonzini/qemu.git tags/for-upstream > > for you to fetch changes up to 196ab03442304823ee8e7f46bdca49ea6516ebe5: > > qemu-char: do not leak QemuMutex when freeing a character device (2016-01-15 17:03:09 +0100) > > ---------------------------------------------------------------- > * qemu-char logfile facility > * NBD coroutine based negotiation > * bugfixes Hi. I'm afraid this fails to build for w32: target-i386/helper.c: In function ‘x86_cpu_handle_mmu_fault’: target-i386/helper.c:930: error: ‘PROT_WRITE’ undeclared (first use in this function) target-i386/helper.c:930: error: (Each undeclared identifier is reported only once target-i386/helper.c:930: error: for each function it appears in.) Looks like the code intended to use PAGE_WRITE. thanks -- PMM
+-- On Fri, 15 Jan 2016, Paolo Bonzini wrote --+ | This is probably due to the original patch being formatted badly, and Sorry! Should I resend it? -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
On 15/01/2016 20:46, P J P wrote: > +-- On Fri, 15 Jan 2016, Paolo Bonzini wrote --+ > | This is probably due to the original patch being formatted badly, and > > Sorry! Should I resend it? No, it's okay. Paolo
The following changes since commit f02ccf53693758b65843264e077f90cf295e7d98: disas/libvixl: Really suppress gcc 4.6.3 sign-compare warnings (2016-01-14 17:57:51 +0000) are available in the git repository at: git://github.com/bonzini/qemu.git tags/for-upstream for you to fetch changes up to 196ab03442304823ee8e7f46bdca49ea6516ebe5: qemu-char: do not leak QemuMutex when freeing a character device (2016-01-15 17:03:09 +0100) ---------------------------------------------------------------- * qemu-char logfile facility * NBD coroutine based negotiation * bugfixes ---------------------------------------------------------------- Cao jin (1): SCSI device: fix to incomplete QOMify Daniel P. Berrange (2): qemu-char: delete send_all/recv_all helper methods qemu-char: add logfile facility to all chardev backends Fam Zheng (3): nbd: Always call "close_fn" in nbd_client_new nbd: Split nbd.c nbd-server: Coroutine based negotiation P J P (2): i386: avoid null pointer dereference scsi: initialise info object with appropriate size Paolo Bonzini (5): scsi: revert change to scsi_req_cancel_async and add assertions target-i386: do not duplicate page protection checks nbd-server: do not check request length except for reads and writes nbd-server: do not exit on failed memory allocation qemu-char: do not leak QemuMutex when freeing a character device Shmulik Ladkani (1): vmw_pvscsi: x-disable-pcie, x-old-pci-configuration back-compat props are 2.5 specific Zhu Lingshan (1): iscsi: send readcapacity10 when readcapacity16 failed MAINTAINERS | 5 +- Makefile.objs | 3 +- backends/baum.c | 7 +- backends/msmouse.c | 6 +- block/block-backend.c | 5 + block/iscsi.c | 7 +- blockdev-nbd.c | 5 +- gdbstub.c | 3 +- hw/i386/kvmvapic.c | 15 +- hw/scsi/megasas.c | 14 +- hw/scsi/scsi-bus.c | 15 +- hw/scsi/virtio-scsi.c | 2 +- hw/tpm/tpm_passthrough.c | 29 +- include/block/nbd.h | 3 +- include/hw/compat.h | 17 +- include/qemu/sockets.h | 2 - include/sysemu/block-backend.h | 1 + include/sysemu/char.h | 9 +- nbd/Makefile.objs | 1 + nbd/client.c | 361 ++++++++++++++++++++++++ nbd/common.c | 64 +++++ nbd/nbd-internal.h | 113 ++++++++ nbd.c => nbd/server.c | 608 ++++++++--------------------------------- qapi-schema.json | 49 +++- qemu-char.c | 320 ++++++++++++++-------- qemu-nbd.c | 10 +- qemu-options.hx | 48 ++-- spice-qemu-char.c | 20 +- target-i386/helper.c | 65 ++--- tests/qemu-iotests/083 | 2 +- ui/console.c | 6 +- 31 files changed, 1077 insertions(+), 738 deletions(-) create mode 100644 nbd/Makefile.objs create mode 100644 nbd/client.c create mode 100644 nbd/common.c create mode 100644 nbd/nbd-internal.h rename nbd.c => nbd/server.c (62%)