qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] assert and crash on hot-unplug

From: Anthony Liguori
Subject: Re: [Qemu-devel] assert and crash on hot-unplug
Date: Fri, 21 Sep 2012 07:52:42 -0500
User-agent: Notmuch/0.13.2+93~ged93d79 (http://notmuchmail.org) Emacs/23.3.1 (x86_64-pc-linux-gnu) 
"Serge E. Hallyn" <address@hidden> writes:

Hi Serge,

> Hi,
>
> a regression test of CVE-2011-1751 (fixed by
> 505597e4476a6bc219d0ec1362b760d71cb4fdca) found that when writing 2 to
> 0xae08, qemu-system-i386 crashes with
>
> ERROR:qom/object.c:386:object_finalize: assertion failed: (obj->ref == 0)
>
> A simple way to reproduce this (in qemu 1.1 or 1.2) is:
>
> address@hidden:~/qa-regression-testing/scripts$ 
> ~/src/qemu/i386-softmmu/qemu-system-i386 -usb -monitor stdio -vnc :1 -hda 
> x.img
> QEMU 1.2.50 monitor - type 'help' for more information
> (qemu) o 0xae08 2
> **
> ERROR:qom/object.c:386:object_finalize: assertion failed: (obj->ref == 0)
> Aborted (core dumped)
>
> I don't think it's a regression of the CVE, as some added printfs show it is
> the usb controller which is being unplugged (dev 1, fn 2, not dev 1 fn 3).
>
>   Bus  0, device   1, function 2:
>     USB controller: PCI device 8086:7020
>       IRQ 11.
>       BAR4: I/O at 0xc040 [0xc05f].
>       id ""
>   Bus  0, device   1, function 3:
>     Bridge: PCI device 8086:7113
>       IRQ 9.
>       id ""

Thanks, I'll take a look.

Regards,

Anthony Liguori

>
>
> -serge
reply via email to
[Prev in Thread] Current Thread [Next in Thread]