[Qemu-devel] [Bug 1529859] [NEW] qemu 2.5.0 ivshmem segfault with msi=off option

Tue, 29 Dec 2015 07:30:34 -0800 

Public bug reported:

Launching qemu with "-device ivshmem,chardev=ivshmemid,msi=off -chardev
socket,path=/tmp/ivshmem_socket,id=ivshmemid"

Causes segfault because, s->msi_vectors is not initialized and
s->msi_vectors == 0.

Does ivshmem exactly need this line ? :

s->msi_vectors[vector].pdev = pdev;

It makes no sence for me.

Subject: [PATCH] fixed ivshmem empty msi vector on msi=off segfault

---
 hw/misc/ivshmem.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/hw/misc/ivshmem.c b/hw/misc/ivshmem.c
index f73f0c2..2087d5e 100644
--- a/hw/misc/ivshmem.c
+++ b/hw/misc/ivshmem.c
@@ -359,8 +359,6 @@ static CharDriverState* create_eventfd_chr_device(void * 
opaque, EventNotifier *
     int eventfd = event_notifier_get_fd(n);
     CharDriverState *chr;
 
-    s->msi_vectors[vector].pdev = pdev;
-
     chr = qemu_chr_open_eventfd(eventfd);
 
     if (chr == NULL) {
@@ -1038,10 +1036,11 @@ static void pci_ivshmem_exit(PCIDevice *dev)
     }
 
     if (ivshmem_has_feature(s, IVSHMEM_MSI)) {
-        msix_uninit_exclusive_bar(dev);
+        msix_uninit_exclusive_bar(dev);
     }
-
-    g_free(s->msi_vectors);
+    
+    if(s->msi_vectors)
+       g_free(s->msi_vectors);
 }
 
 static bool test_msix(void *opaque, int version_id)
-- 
2.3.6

** Affects: qemu
     Importance: Undecided
         Status: New


** Tags: ivshmem

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1529859

Title:
  qemu 2.5.0 ivshmem segfault with msi=off option

Status in QEMU:
  New

Bug description:
  Launching qemu with "-device ivshmem,chardev=ivshmemid,msi=off
  -chardev socket,path=/tmp/ivshmem_socket,id=ivshmemid"

  Causes segfault because, s->msi_vectors is not initialized and
  s->msi_vectors == 0.

  Does ivshmem exactly need this line ? :

  s->msi_vectors[vector].pdev = pdev;

  It makes no sence for me.

  Subject: [PATCH] fixed ivshmem empty msi vector on msi=off segfault

  ---
   hw/misc/ivshmem.c | 9 ++++-----
   1 file changed, 4 insertions(+), 5 deletions(-)

  diff --git a/hw/misc/ivshmem.c b/hw/misc/ivshmem.c
  index f73f0c2..2087d5e 100644
  --- a/hw/misc/ivshmem.c
  +++ b/hw/misc/ivshmem.c
  @@ -359,8 +359,6 @@ static CharDriverState* create_eventfd_chr_device(void * 
opaque, EventNotifier *
       int eventfd = event_notifier_get_fd(n);
       CharDriverState *chr;
   
  -    s->msi_vectors[vector].pdev = pdev;
  -
       chr = qemu_chr_open_eventfd(eventfd);
   
       if (chr == NULL) {
  @@ -1038,10 +1036,11 @@ static void pci_ivshmem_exit(PCIDevice *dev)
       }
   
       if (ivshmem_has_feature(s, IVSHMEM_MSI)) {
  -        msix_uninit_exclusive_bar(dev);
  +        msix_uninit_exclusive_bar(dev);
       }
  -
  -    g_free(s->msi_vectors);
  +    
  +    if(s->msi_vectors)
  +       g_free(s->msi_vectors);
   }
   
   static bool test_msix(void *opaque, int version_id)
  -- 
  2.3.6

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1529859/+subscriptions

Reply via email to