[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PULL 02/40] hw/ppc: clear pending_events on machine re
|
From: |
Peter Maydell |
|
Subject: |
Re: [Qemu-devel] [PULL 02/40] hw/ppc: clear pending_events on machine reset |
|
Date: |
Tue, 12 Sep 2017 18:28:04 +0100 |
On 8 September 2017 at 11:35, David Gibson <address@hidden> wrote:
> From: Daniel Henrique Barboza <address@hidden>
>
> The sPAPR machine isn't clearing up the pending events QTAILQ on
> machine reboot. This allows for unprocessed hotplug/epow events
> to persist in the queue after reset and, when reasserting the IRQs in
> check_exception later on, these will be being processed by the OS.
>
> This patch implements a new function called 'spapr_clear_pending_events'
> that clears up the pending_events QTAILQ. This helper is then called
> inside ppc_spapr_reset to clear up the events queue, preventing
> old/deprecated events from persisting after a reset.
>
> Signed-off-by: Daniel Henrique Barboza <address@hidden>
> Signed-off-by: David Gibson <address@hidden>
> +void spapr_clear_pending_events(sPAPRMachineState *spapr)
> +{
> + sPAPREventLogEntry *entry = NULL;
> +
> + QTAILQ_FOREACH(entry, &spapr->pending_events, next) {
> + QTAILQ_REMOVE(&spapr->pending_events, entry, next);
> + g_free(entry->extended_log);
> + g_free(entry);
> + }
> +}
Coverity points out that this is a use-after-free error,
because QTAILQ_FOREACH will access the list pointers of
entry after the loop body has freed it. You want
QTAILQ_FOREACH_SAFE, I think. (CID 1381017)
thanks
-- PMM
- [Qemu-devel] [PULL 00/40] ppc-for-2.11 queue 20170908, David Gibson, 2017/09/08
- [Qemu-devel] [PULL 02/40] hw/ppc: clear pending_events on machine reset, David Gibson, 2017/09/08
- Re: [Qemu-devel] [PULL 02/40] hw/ppc: clear pending_events on machine reset,
Peter Maydell <=
- [Qemu-devel] [PULL 03/40] hw/ppc: CAS reset on early device hotplug, David Gibson, 2017/09/08
- [Qemu-devel] [PULL 07/40] spapr_iommu: convert TCE table object to realize(), David Gibson, 2017/09/08
- [Qemu-devel] [PULL 04/40] spapr_pci: use memory_region_add_subregion() with DMA windows, David Gibson, 2017/09/08
- [Qemu-devel] [PULL 12/40] spapr_iommu: unregister vmstate at unrealize time, David Gibson, 2017/09/08
- [Qemu-devel] [PULL 05/40] spapr_iommu: use g_strdup_printf() instead of snprintf(), David Gibson, 2017/09/08
- [Qemu-devel] [PULL 17/40] booke206: fix booke206_tlbnps for mav 2.0, David Gibson, 2017/09/08
- [Qemu-devel] [PULL 01/40] hw/ppc/spapr_drc.c: change spapr_drc_needed to use drc->dev, David Gibson, 2017/09/08
- [Qemu-devel] [PULL 08/40] spapr_pci: parent the MSI memory region to the PHB, David Gibson, 2017/09/08
- [Qemu-devel] [PULL 11/40] spapr_iommu: pass object ownership to parent/owner, David Gibson, 2017/09/08