[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-stable] [Qemu-devel] [PATCH] qdev: fix crash by validating the
|
From: |
Markus Armbruster |
|
Subject: |
Re: [Qemu-stable] [Qemu-devel] [PATCH] qdev: fix crash by validating the object type |
|
Date: |
Wed, 16 Apr 2014 09:02:24 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.2 (gnu/linux) |
Amos Kong <address@hidden> writes:
> QEMU crashed when I try to list device parameters, the driver name is
> actually the available bus name.
>
> # qemu -device virtio-pci-bus,?
> # qemu -device virtio-bus,?
> # qemu -device virtio-serial-bus,?
> qdev-monitor.c:212:qdev_device_help: Object 0x7fd932f50620 is not an
> instance of type device
> Aborted (core dumped)
>
> We can also reproduce this bug by adding device from monitor, so it's
> worth to fix the crash.
>
> (qemu) device_add virtio-serial-bus
> qdev-monitor.c:491:qdev_device_add: Object 0x7f5e89530920 is not an
> instance of type device
> Aborted (core dumped)
>
> Cc: address@hidden
> Signed-off-by: Amos Kong <address@hidden>
> ---
> qdev-monitor.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/qdev-monitor.c b/qdev-monitor.c
> index 9268c87..40c117d 100644
> --- a/qdev-monitor.c
> +++ b/qdev-monitor.c
> @@ -206,7 +206,7 @@ int qdev_device_help(QemuOpts *opts)
if (!driver || !qemu_opt_has_help_opt(opts)) {
return 0;
}
klass = object_class_by_name(driver);
if (!klass) {
const char *typename = find_typename_by_alias(driver);
if (typename) {
driver = typename;
klass = object_class_by_name(driver);
> }
> }
>
> - if (!klass) {
> + if (!object_class_dynamic_cast(klass, TYPE_DEVICE)) {
> return 0;
> }
> do {
Works because when qdev_device_help() returns zero, its caller
do_device_add() proceeds to call qdev_device_add(), which checks "klass
subtype of TYPE_DEVICE" again, and reports properly when it's not:
"-device virtio-bus,help: 'virtio-bus' is not a valid device model
name".
Reviewed-by: Markus Armbruster <address@hidden>