| Message ID | 20160922074356.2918-1-zxiaol@linux.vnet.ibm.com |
|---|---|
| State | New |
| Headers | show |
Xiao Long Jiang <zxiaol@linux.vnet.ibm.com> writes: > This fixes a Qemu crash that introduced by commit ad73970 > ("qom: Wrap prop visit in visit_start_struct"). > > Not all of the callers of user_creatable_add_type always pass qdict, > so we should check qdict against NULL, but not raise an assertion. > > The problem can be easily triggered by adding an iothread with: > $ virsh iothreadadd <domain> <threadid> > In which the <threadid> is newly defined. The result of the command > will return an error and cause the running guest crash. > > Cc: Eric Blake <eblake@redhat.com> > Cc: Markus Armbruster <armbru@redhat.com> > Signed-off-by: Xiao Long Jiang <zxiaol@linux.vnet.ibm.com> > Reviewed-by: Dong Jia Shi <bjsdjshi@linux.vnet.ibm.com> Marc-André already posted a simpler fix: Subject: [PATCH] qmp: fix object-add assert() without props Message-Id: <20160921194126.10223-1-marcandre.lureau@redhat.com> Would you be willing to test it? Review would of course also be appreciated. Thanks!
Hi Markus, On 2016/9/22 下午7:56, Markus Armbruster wrote: > Xiao Long Jiang <zxiaol@linux.vnet.ibm.com> writes: > >> This fixes a Qemu crash that introduced by commit ad73970 >> ("qom: Wrap prop visit in visit_start_struct"). >> >> Not all of the callers of user_creatable_add_type always pass qdict, >> so we should check qdict against NULL, but not raise an assertion. >> >> The problem can be easily triggered by adding an iothread with: >> $ virsh iothreadadd <domain> <threadid> >> In which the <threadid> is newly defined. The result of the command >> will return an error and cause the running guest crash. >> >> Cc: Eric Blake <eblake@redhat.com> >> Cc: Markus Armbruster <armbru@redhat.com> >> Signed-off-by: Xiao Long Jiang <zxiaol@linux.vnet.ibm.com> >> Reviewed-by: Dong Jia Shi <bjsdjshi@linux.vnet.ibm.com> > Marc-André already posted a simpler fix: > Subject: [PATCH] qmp: fix object-add assert() without props > Message-Id: <20160921194126.10223-1-marcandre.lureau@redhat.com> > > Would you be willing to test it? Review would of course also be > appreciated. > > Thanks! Have tested that patch. It works fine on arch s390 system.
diff --git a/qom/object_interfaces.c b/qom/object_interfaces.c index bf59846..cc40dff 100644 --- a/qom/object_interfaces.c +++ b/qom/object_interfaces.c @@ -112,24 +112,25 @@ Object *user_creatable_add_type(const char *type, const char *id, return NULL; } - assert(qdict); obj = object_new(type); - visit_start_struct(v, NULL, NULL, 0, &local_err); - if (local_err) { - goto out; - } - for (e = qdict_first(qdict); e; e = qdict_next(qdict, e)) { - object_property_set(obj, v, e->key, &local_err); + if (qdict) { + visit_start_struct(v, NULL, NULL, 0, &local_err); if (local_err) { - break; + goto out; + } + for (e = qdict_first(qdict); e; e = qdict_next(qdict, e)) { + object_property_set(obj, v, e->key, &local_err); + if (local_err) { + break; + } + } + if (!local_err) { + visit_check_struct(v, &local_err); + } + visit_end_struct(v, NULL); + if (local_err) { + goto out; } - } - if (!local_err) { - visit_check_struct(v, &local_err); - } - visit_end_struct(v, NULL); - if (local_err) { - goto out; } object_property_add_child(object_get_objects_root(),
This fixes a Qemu crash that introduced by commit ad73970 ("qom: Wrap prop visit in visit_start_struct"). Not all of the callers of user_creatable_add_type always pass qdict, so we should check qdict against NULL, but not raise an assertion. The problem can be easily triggered by adding an iothread with: $ virsh iothreadadd <domain> <threadid> In which the <threadid> is newly defined. The result of the command will return an error and cause the running guest crash. Cc: Eric Blake <eblake@redhat.com> Cc: Markus Armbruster <armbru@redhat.com> Signed-off-by: Xiao Long Jiang <zxiaol@linux.vnet.ibm.com> Reviewed-by: Dong Jia Shi <bjsdjshi@linux.vnet.ibm.com> --- qom/object_interfaces.c | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-)