From patchwork Wed Apr 29 11:34:59 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michal Kazior X-Patchwork-Id: 466038 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id EEC4A140320 for ; Wed, 29 Apr 2015 23:31:42 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=fail reason="verification failed; unprotected key" header.d=tieto.com header.i=@tieto.com header.b=iSMWbpnH; dkim-adsp=none (unprotected policy); dkim-atps=neutral Received: from localhost ([::1]:39010 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YnS5V-0006CU-5I for incoming@patchwork.ozlabs.org; Wed, 29 Apr 2015 09:31:41 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:59969) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YnQIU-0004bj-M4 for qemu-devel@nongnu.org; Wed, 29 Apr 2015 07:37:00 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YnQIR-00082T-FJ for qemu-devel@nongnu.org; Wed, 29 Apr 2015 07:36:58 -0400 Received: from mail-lb0-x234.google.com ([2a00:1450:4010:c04::234]:33845) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YnQIR-000828-4B for qemu-devel@nongnu.org; Wed, 29 Apr 2015 07:36:55 -0400 Received: by lbcga7 with SMTP id ga7so17831767lbc.1 for ; Wed, 29 Apr 2015 04:36:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tieto.com; s=google; h=from:to:cc:subject:date:message-id; bh=t9n41O7/N9rnfK9/J0EmVeZa+m6gTlHNb6fEkJpanD8=; b=iSMWbpnHvTB1W9t5pz4clTwPNmii3hqabBu6RRnCO7JiBzwzzlmKqCEhvWuVSgyuEv og8ZphArgfaTvDYLp4cAaxn8yPjWHTzg8Yd+pkZFVHbI+YckuHW6B7AVagS2jIdurV/X 0xrmzi7RLFvWi8Avz6NsOeIifhUsirndiSI4Q= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=t9n41O7/N9rnfK9/J0EmVeZa+m6gTlHNb6fEkJpanD8=; b=Pjasc54uq4zbD82OR23qZdaAFQIxzIpfQ2UEweQ6zhBXSR+OHoq6OabB+4yEt1rrln iegpqDJCFrHYyzEa12EHxAlvvBR1c9NFzwyrVZ4LH8fgnWCbLtEi6dTPwTVHZa8fedfO 1VW5a4WiI1+czykBziE/kVchKGdAqXA30h3YMw0IE1R0ileyequeIJEBPs7YFduFIFB4 gp5TeZKmognV2xLobQSPZZxBpxNlG1J3i70E5vNrfPT7gJwwAhn9vEXca/j324jq7nui XeZOsV/L97E3eudnSuYQWRCZZSb+79o0KHaR8r7WLs9lKIO+7r09uNTOAE6yN0b7wler l5tw== X-Gm-Message-State: ALoCoQm7BKEwLyX40ZQeOmKeO4eMnd/WAfqmA1gj8+KP7Wgq+fXvbzQWNtOfZdR5e2EuFHvFUUMKNRa4kqJ/z9xLRXf2ChL83wIpL5jBJaXof7AFPD79FcYvrffOdqE1VSMMjOYkornNLWij8j3WVGJlzzTCAnxjYw88ds5xNptkVByP7I0dGzo= X-Received: by 10.112.129.132 with SMTP id nw4mr4652362lbb.122.1430307411963; Wed, 29 Apr 2015 04:36:51 -0700 (PDT) Received: from localhost.localdomain ([91.198.246.8]) by mx.google.com with ESMTPSA id lf12sm6273847lac.38.2015.04.29.04.36.50 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 29 Apr 2015 04:36:50 -0700 (PDT) From: Michal Kazior To: qemu-devel@nongnu.org Date: Wed, 29 Apr 2015 11:34:59 +0000 Message-Id: <1430307299-8427-1-git-send-email-michal.kazior@tieto.com> X-Mailer: git-send-email 2.1.4 X-DomainID: tieto.com X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2a00:1450:4010:c04::234 X-Mailman-Approved-At: Wed, 29 Apr 2015 09:17:34 -0400 Cc: kraxel@redhat.com, Michal Kazior Subject: [Qemu-devel] [PATCH] usb: fix usb-net segfault X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org The dev->config pointer isn't set until guest system initializes usb devices (via usb_desc_set_config). However qemu networking can go through some motions prior to that, e.g.: #0 is_rndis (s=0x555557261970) at hw/usb/dev-network.c:653 #1 0x000055555585f723 in usbnet_can_receive (nc=0x55555641e820) at hw/usb/dev-network.c:1315 #2 0x000055555587635e in qemu_can_send_packet (sender=0x5555572660a0) at net/net.c:470 #3 0x0000555555878e34 in net_hub_port_can_receive (nc=0x5555562d7800) at net/hub.c:101 #4 0x000055555587635e in qemu_can_send_packet (sender=0x5555562d7980) at net/net.c:470 #5 0x000055555587dbca in tap_can_send (opaque=0x5555562d7980) at net/tap.c:172 The command to reproduce most reliably was: qemu-system-i386 -usb -device usb-net,vlan=0 -net tap,vlan=0 This wasn't strictly a problem with tap. Other networking endpoints (vde, user) could trigger this problem as well. Fixes: https://bugs.launchpad.net/qemu/+bug/1050823 Signed-off-by: Michal Kazior --- hw/usb/dev-network.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hw/usb/dev-network.c b/hw/usb/dev-network.c index 18669917f564..9be3a64006f4 100644 --- a/hw/usb/dev-network.c +++ b/hw/usb/dev-network.c @@ -1310,6 +1310,10 @@ static int usbnet_can_receive(NetClientState *nc) { USBNetState *s = qemu_get_nic_opaque(nc); + if (!s->dev.config) { + return 0; + } + if (is_rndis(s) && s->rndis_state != RNDIS_DATA_INITIALIZED) { return 1; }