qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 1/2] hostmem: fix QEMU crash by 'info memdev'

From: Paolo Bonzini
Subject: Re: [Qemu-devel] [PATCH 1/2] hostmem: fix QEMU crash by 'info memdev'
Date: Wed, 13 Jul 2016 13:37:25 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1 

On 13/07/2016 13:29, Markus Armbruster wrote:
>> > I'm curious about one thing.  Eric/Markus, it would be nice to open code
>> > the visit of the list with
>> >
>> >     visit_start_list(v, name, NULL, 0, &err);
>> >     if (err) {
>> >         goto out;
>> >     }
>> >     ...
>> >     visit_type_uint16(v, name, &value, &err);
>> >     visit_next_list(v, NULL, 0);
>> >     ...
>> >     visit_end_list(v, NULL);
>> >
>> > We know here that on the other side there is an output visitor.
>> > However, it doesn't work because visit_next_list asserts that tail ==
>> > NULL.  Would it be easy to support this idiom, and would it make sense
>> > to extend it to other kinds of visitor?
> visit_next_list() asserts tail != NULL because to protect the
> next_list() method.  qmp_output_next_list() dereferences tail.
> 
> Note that you don't have to call visit_next_list() in a virtual visit.
> For an example, see prop_get_fdt().  Good enough already?

Yes, definitely!  I'm queueing Guangrong's patch because it fixes a
crash and the leak existed before, but without next_list we can indeed
visit a "virtual" list and fix the leak.  It can be done during the -rc
period.

Paolo
reply via email to
[Prev in Thread] Current Thread [Next in Thread]