[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-stable] [PATCH for-1.4] acpi_piix4: fix segfault migrating from 1.
|
From: |
Michael Roth |
|
Subject: |
[Qemu-stable] [PATCH for-1.4] acpi_piix4: fix segfault migrating from 1.2 |
|
Date: |
Mon, 4 Feb 2013 10:07:51 -0600 |
b0b873a07872f7ab7f66f259c73fb9dd42aa66a9 bumped the vmstate version and
introduced an old-style load function to handle migration from prior
(<= 1.2) versions.
The load function passes the top-level PIIX4PMState pointer to
vmstate_load_state() to handle nested structs for APMState and
pci_status, which leads to corruption of the top-level PIIX4PMState,
since pointers to the nested structs are expected.
A segfault can be fairly reliably triggered by migrating from 1.2 and
issuing a reset, which will trigger a number of QOM operations which
rely on the now corrupted ObjectClass/Object members.
Fix this by passing in the expected pointers for vmstate_load_state().
Cc: address@hidden
Signed-off-by: Michael Roth <address@hidden>
---
hw/acpi_piix4.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/acpi_piix4.c b/hw/acpi_piix4.c
index 0d33849..65b2601 100644
--- a/hw/acpi_piix4.c
+++ b/hw/acpi_piix4.c
@@ -235,7 +235,7 @@ static int acpi_load_old(QEMUFile *f, void *opaque, int
version_id)
qemu_get_be16s(f, &s->ar.pm1.evt.en);
qemu_get_be16s(f, &s->ar.pm1.cnt.cnt);
- ret = vmstate_load_state(f, &vmstate_apm, opaque, 1);
+ ret = vmstate_load_state(f, &vmstate_apm, &s->apm, 1);
if (ret) {
return ret;
}
@@ -253,7 +253,7 @@ static int acpi_load_old(QEMUFile *f, void *opaque, int
version_id)
qemu_get_be16s(f, &temp);
}
- ret = vmstate_load_state(f, &vmstate_pci_status, opaque, 1);
+ ret = vmstate_load_state(f, &vmstate_pci_status, &s->pci0_status, 1);
return ret;
}
--
1.7.9.5
- [Qemu-stable] [PATCH for-1.4] acpi_piix4: fix segfault migrating from 1.2,
Michael Roth <=