From patchwork Tue Dec 29 13:38:35 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: maquefel X-Patchwork-Id: 561580 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id C6D2A140C0B for ; Wed, 30 Dec 2015 02:30:08 +1100 (AEDT) Received: from localhost ([::1]:48893 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aDwDu-0000C5-Bp for incoming@patchwork.ozlabs.org; Tue, 29 Dec 2015 10:30:06 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:43980) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aDuav-0004rk-QT for qemu-devel@nongnu.org; Tue, 29 Dec 2015 08:45:46 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aDuas-0005wQ-Jh for qemu-devel@nongnu.org; Tue, 29 Dec 2015 08:45:45 -0500 Received: from indium.canonical.com ([91.189.90.7]:50293) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aDuas-0005wE-Da for qemu-devel@nongnu.org; Tue, 29 Dec 2015 08:45:42 -0500 Received: from loganberry.canonical.com ([91.189.90.37]) by indium.canonical.com with esmtp (Exim 4.76 #1 (Debian)) id 1aDuaq-0005XH-RX for ; Tue, 29 Dec 2015 13:45:40 +0000 Received: from loganberry.canonical.com (localhost [127.0.0.1]) by loganberry.canonical.com (Postfix) with ESMTP id 3B0A02E80CE for ; Tue, 29 Dec 2015 13:45:39 +0000 (UTC) MIME-Version: 1.0 Date: Tue, 29 Dec 2015 13:38:35 -0000 From: maquefel To: qemu-devel@nongnu.org X-Launchpad-Notification-Type: bug X-Launchpad-Bug: product=qemu; status=New; importance=Undecided; assignee=None; X-Launchpad-Bug-Tags: ivshmem X-Launchpad-Bug-Information-Type: Public X-Launchpad-Bug-Private: no X-Launchpad-Bug-Security-Vulnerability: no X-Launchpad-Bug-Commenters: maquefel X-Launchpad-Bug-Reporter: maquefel (maquefel) X-Launchpad-Bug-Modifier: maquefel (maquefel) Message-Id: <20151229133835.25580.50152.malonedeb@soybean.canonical.com> X-Launchpad-Message-Rationale: Subscriber (QEMU) @qemu-devel-ml X-Launchpad-Message-For: qemu-devel-ml Precedence: bulk X-Generated-By: Launchpad (canonical.com); Revision="17865"; Instance="launchpad-lazr.conf" X-Launchpad-Hash: 02a618b580d5860b9a7bca47a2c6072b2c1cb372 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 91.189.90.7 X-Mailman-Approved-At: Tue, 29 Dec 2015 10:28:22 -0500 Subject: [Qemu-devel] [Bug 1529859] [NEW] qemu 2.5.0 ivshmem segfault with msi=off option X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Reply-To: Bug 1529859 <1529859@bugs.launchpad.net> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Public bug reported: Launching qemu with "-device ivshmem,chardev=ivshmemid,msi=off -chardev socket,path=/tmp/ivshmem_socket,id=ivshmemid" Causes segfault because, s->msi_vectors is not initialized and s->msi_vectors == 0. Does ivshmem exactly need this line ? : s->msi_vectors[vector].pdev = pdev; It makes no sence for me. Subject: [PATCH] fixed ivshmem empty msi vector on msi=off segfault --- hw/misc/ivshmem.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/hw/misc/ivshmem.c b/hw/misc/ivshmem.c index f73f0c2..2087d5e 100644 --- a/hw/misc/ivshmem.c +++ b/hw/misc/ivshmem.c @@ -359,8 +359,6 @@ static CharDriverState* create_eventfd_chr_device(void * opaque, EventNotifier * int eventfd = event_notifier_get_fd(n); CharDriverState *chr; - s->msi_vectors[vector].pdev = pdev; - chr = qemu_chr_open_eventfd(eventfd); if (chr == NULL) { @@ -1038,10 +1036,11 @@ static void pci_ivshmem_exit(PCIDevice *dev) } if (ivshmem_has_feature(s, IVSHMEM_MSI)) { - msix_uninit_exclusive_bar(dev); + msix_uninit_exclusive_bar(dev); } - - g_free(s->msi_vectors); + + if(s->msi_vectors) + g_free(s->msi_vectors); } static bool test_msix(void *opaque, int version_id)