qemu-e2k

History

Marc-André Lureau 949055a254 char: use a fixed idx for child muxed chr mux_chr_update_read_handler() is adding a new mux_cnt each time mux_chr_update_read_handler() is called, it's not possible to actually update the "child" chr callbacks that were set previously. This may lead to crashes if the "child" chr is destroyed: valgrind x86_64-softmmu/qemu-system-x86_64 -chardev stdio,mux=on,id=char0 -mon chardev=char0,mode=control,default when quitting: ==4306== Invalid read of size 8 ==4306== at 0x8061D3: json_lexer_destroy (json-lexer.c:385) ==4306== by 0x7E39F8: json_message_parser_destroy (json-streamer.c:134) ==4306== by 0x3447F6: monitor_qmp_event (monitor.c:3908) ==4306== by 0x480153: mux_chr_send_event (qemu-char.c:630) ==4306== by 0x480694: mux_chr_event (qemu-char.c:734) ==4306== by 0x47F1E9: qemu_chr_be_event (qemu-char.c:205) ==4306== by 0x481207: fd_chr_close (qemu-char.c:1114) ==4306== by 0x481659: qemu_chr_close_stdio (qemu-char.c:1221) ==4306== by 0x486F07: qemu_chr_free (qemu-char.c:4146) ==4306== by 0x486F97: qemu_chr_delete (qemu-char.c:4154) ==4306== by 0x487E66: qemu_chr_cleanup (qemu-char.c:4678) ==4306== by 0x495A98: main (vl.c:4675) ==4306== Address 0x28439e90 is 112 bytes inside a block of size 240 free'd ==4306== at 0x4C2CD5A: free (vg_replace_malloc.c:530) ==4306== by 0x1E4CBF2D: g_free (in /usr/lib64/libglib-2.0.so.0.4800.2) ==4306== by 0x344DE9: monitor_cleanup (monitor.c:4058) ==4306== by 0x495A93: main (vl.c:4674) ==4306== Block was alloc'd at ==4306== at 0x4C2BBAD: malloc (vg_replace_malloc.c:299) ==4306== by 0x1E4CBE18: g_malloc (in /usr/lib64/libglib-2.0.so.0.4800.2) ==4306== by 0x344BF8: monitor_init (monitor.c:4021) ==4306== by 0x49063C: mon_init_func (vl.c:2417) ==4306== by 0x7FC6DE: qemu_opts_foreach (qemu-option.c:1116) ==4306== by 0x4954E0: main (vl.c:4473) Instead, keep the "child" chr associated with a particular idx so its handlers can be updated and removed to avoid the crash. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161003094704.18087-3-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>		2016-10-04 10:00:26 +02:00
..
accel.h	accel: make configure_accelerator return void	2016-05-18 15:04:27 +03:00
arch_init.h	qmp: add QMP interface "query-cpu-model-baseline"	2016-09-06 17:06:51 +02:00
balloon.h	Clean up ill-advised or unusual header guards	2016-07-12 16:20:46 +02:00
block-backend.h	qdev-monitor: Add blk_by_qdev_id()	2016-09-23 13:36:10 +02:00
blockdev.h
bt.h	Clean up header guards that don't match their file name	2016-07-12 16:19:16 +02:00
char.h	char: use a fixed idx for child muxed chr	2016-10-04 10:00:26 +02:00
cpus.h	linux-user: remove #define smp_{cores, threads}	2016-09-27 16:17:17 -03:00
device_tree.h	Clean up ill-advised or unusual header guards	2016-07-12 16:20:46 +02:00
dma.h	dma-helpers: change BlockBackend to opaque value in DMAIOFunc	2016-05-25 19:04:11 +02:00
dump-arch.h
dump.h
hostmem.h	* SCSI scanner support	2016-07-14 13:44:06 +01:00
iothread.h	iothread: Stop threads before main() quits	2016-09-13 11:00:57 +01:00
kvm_int.h
kvm.h	Remove unused function declarations	2016-09-15 15:32:22 +03:00
memory_mapping.h	Use scripts/clean-includes to drop redundant qemu/typedefs.h	2016-03-22 22:20:16 +01:00
numa.h
os-posix.h	os-posix: include sys/mman.h	2016-06-16 18:39:03 +02:00
os-win32.h	osdep: remove use of socket_error() from all code	2016-03-10 17:19:34 +00:00
qtest.h
replay.h	replay: allow replay stopping and restarting	2016-09-27 11:57:30 +02:00
rng-random.h	rng-random: rename RndRandom to RngRandom	2016-05-23 12:18:43 +05:30
rng.h
seccomp.h
sysemu.h	vl: Switch qemu_uuid to QemuUUID	2016-09-23 11:42:52 +08:00
tpm_backend_int.h	Clean up header guards that don't match their file name	2016-07-12 16:19:16 +02:00
tpm_backend.h	Clean up header guards that don't match their file name	2016-07-12 16:19:16 +02:00
tpm.h
watchdog.h
xen-mapcache.h	Clean up decorations and whitespace around header guards	2016-07-12 16:20:46 +02:00