diff options
| author | Igor Mammedov <imammedo@redhat.com> | 2018-09-04 14:39:37 +0200 |
|---|---|---|
| committer | Paolo Bonzini <pbonzini@redhat.com> | 2018-10-02 19:09:11 +0200 |
| commit | 1cd3d492624da399d66c4c3e6a5eabb8f96bb0a2 (patch) | |
| tree | 0b9fb6877354245b40ef98d54b44b708e7a1492c /chardev | |
| parent | e9b6be9260a0f43d7b9b709674f3fddd7432057b (diff) | |
| download | qemu-1cd3d492624da399d66c4c3e6a5eabb8f96bb0a2.zip qemu-1cd3d492624da399d66c4c3e6a5eabb8f96bb0a2.tar.gz qemu-1cd3d492624da399d66c4c3e6a5eabb8f96bb0a2.tar.bz2 | |
memory: cleanup side effects of memory_region_init_foo() on failure
if MemoryRegion intialization fails it's left in semi-initialized state,
where it's size is not 0 and attached as child to owner object.
And this leds to crash in following use-case:
(monitor) object_add memory-backend-file,id=mem1,size=99999G,mem-path=/tmp/foo,discard-data=yes
memory.c:2083: memory_region_get_ram_ptr: Assertion `mr->ram_block' failed
Aborted (core dumped)
it happens due to assumption that memory region is intialized when
memory_region_size() != 0
and therefore it's ok to access it in
file_backend_unparent()
if (memory_region_size() != 0)
memory_region_get_ram_ptr()
which happens when object_add fails and unparents failed backend making
file_backend_unparent() access invalid memory region.
Fix it by making sure that memory_region_init_foo() APIs cleanup externally
visible side effects on failure (like set size to 0 and unparenting object)
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <1536064777-42312-1-git-send-email-imammedo@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'chardev')
0 files changed, 0 insertions, 0 deletions