Re: [Qemu-arm] [PATCH v1 0/5] Fix crashes with introspection

[Paolo Bonzini]

On 12/07/2018 17:30, Thomas Huth wrote:
> As discovered recently, you can crash QEMU with a lot of devices
> that do not get the reference counting of child objects right.
> You just have to run 'device-list-properties' and call 'info qtree'
> afterwards.
> This patch series fixes a bunch of these problems in the ARM code.
> I did not fix all problems yet, since it is quite time consuming
> and I first want to get some feedback whether this is the right
> way to go or not.

Patches 1-3 look like the way to go to me.

(FWIW, this is indeed an instance of the bug that Eduardo envisioned:
you have a reference to the inner object, and it becomes invalid after
the outer object is freed.  However, in this case the reference is
unnecessary so this is the right fix).

Thanks,

Paolo

> Thomas Huth (5):
>   qom/object: Add a new function object_initialize_as_child()
>   hw/core/sysbus: Add a function for creating and attaching an object
>   hw/arm/bcm2836: Fix crash with device_add bcm2837 on unsupported
>     machines
>   hw/arm/armv7: Fix crash when introspecting the "iotkit" device
>   hw/cpu/a15mpcore: Fix introspection problem with the a15mpcore_priv
>     device
> 
>  hw/arm/armv7m.c       |  9 ++++---
>  hw/arm/bcm2836.c      | 19 +++++--------
>  hw/arm/iotkit.c       | 74 
> ++++++++++++++++++++++-----------------------------
>  hw/core/sysbus.c      |  8 ++++++
>  hw/cpu/a15mpcore.c    |  8 +++---
>  hw/intc/armv7m_nvic.c |  5 ++--
>  include/hw/sysbus.h   |  3 +++
>  include/qom/object.h  | 19 +++++++++++++
>  qom/object.c          | 14 ++++++++++
>  9 files changed, 93 insertions(+), 66 deletions(-)
>