[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] qdev: fix crash by validating the object type
From: |
Andreas Färber |
Subject: |
Re: [Qemu-devel] [PATCH] qdev: fix crash by validating the object type |
Date: |
Wed, 30 Apr 2014 17:55:55 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 |
Am 16.04.2014 09:02, schrieb Markus Armbruster:
> Amos Kong <address@hidden> writes:
>
>> QEMU crashed when I try to list device parameters, the driver name is
>> actually the available bus name.
>>
>> # qemu -device virtio-pci-bus,?
>> # qemu -device virtio-bus,?
>> # qemu -device virtio-serial-bus,?
>> qdev-monitor.c:212:qdev_device_help: Object 0x7fd932f50620 is not an
>> instance of type device
>> Aborted (core dumped)
>>
>> We can also reproduce this bug by adding device from monitor, so it's
>> worth to fix the crash.
>>
>> (qemu) device_add virtio-serial-bus
>> qdev-monitor.c:491:qdev_device_add: Object 0x7f5e89530920 is not an
>> instance of type device
>> Aborted (core dumped)
>>
>> Cc: address@hidden
>> Signed-off-by: Amos Kong <address@hidden>
>> ---
>> qdev-monitor.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/qdev-monitor.c b/qdev-monitor.c
>> index 9268c87..40c117d 100644
>> --- a/qdev-monitor.c
>> +++ b/qdev-monitor.c
>> @@ -206,7 +206,7 @@ int qdev_device_help(QemuOpts *opts)
> if (!driver || !qemu_opt_has_help_opt(opts)) {
> return 0;
> }
>
> klass = object_class_by_name(driver);
> if (!klass) {
> const char *typename = find_typename_by_alias(driver);
>
> if (typename) {
> driver = typename;
> klass = object_class_by_name(driver);
>> }
>> }
>>
>> - if (!klass) {
>> + if (!object_class_dynamic_cast(klass, TYPE_DEVICE)) {
>> return 0;
>> }
>> do {
>
> Works because when qdev_device_help() returns zero, its caller
> do_device_add() proceeds to call qdev_device_add(), which checks "klass
> subtype of TYPE_DEVICE" again, and reports properly when it's not:
> "-device virtio-bus,help: 'virtio-bus' is not a valid device model
> name".
>
> Reviewed-by: Markus Armbruster <address@hidden>
Thanks, applied to qom-next (with message slightly tweaked):
https://github.com/afaerber/qemu-cpu/commits/qom-next
Andreas
--
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg