qemu-e2k/hw
Alex Kompel a023b7ac62 hw/pci: use-after-free in pci_nic_init_nofail when nic device fails to initialize
object_property_set_bool(OBJECT(dev), true, "realized", &err) in
pci_nic_init_nofail may release the object if device fails to
initialize which leads to use-after-free in error handling block.
qdev_init_nofail does the same thing while holding the reference.

(gdb) run -net nic
qemu-system-x86_64: failed to find romfile "efi-e1000.rom"

Program received signal SIGSEGV, Segmentation fault.
object_unparent (obj=0x7fffe96a0010) at qom/object.c:440
440     in qom/object.c
(gdb) bt
<nd_table>, rootbus=0x5555567ed990, default_model=<optimized out>,
default_devaddr=<optimized out>) at hw/pci/pci.c:1812
pci_bus=0x5555567ed990) at hw/i386/pc.c:1634
pci_type=0x555555c1a523 "i440FX", host_type=0x555555ba564e
"i440FX-pcihost") at hw/i386/pc_piix.c:241
out>, envp=<optimized out>) at vl.c:4481

Signed-off-by: Alex Kompel <barbos@gmail.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-01-20 10:58:26 +08:00
..
9pfs 9pfs: fix P9_NOTAG and P9_NOFID macros 2017-01-03 17:28:44 +01:00
acpi memhp: move DIMM devices into dedicated scope with related common methods 2017-01-10 07:03:24 +02:00
adc
alpha Move target-* CPU file into a target/ folder 2016-12-20 21:52:12 +01:00
arm hw/arm/virt-acpi-build: Don't incorrectly claim architectural timer to be edge-triggered 2017-01-09 11:40:23 +00:00
audio es1370: wire up reset via DeviceClass 2017-01-11 09:19:03 +01:00
block virtio: convert to use DMA api 2017-01-10 05:56:58 +02:00
bt
char virtio: convert to use DMA api 2017-01-10 05:56:58 +02:00
core loader: fix undefined behavior in rom_order_compare() 2016-11-30 04:22:18 +02:00
cpu
cris
display virtio-gpu: tag as not hotpluggable 2017-01-11 09:19:05 +01:00
dma
gpio i2c: Allow I2C devices to NAK start events 2017-01-09 11:40:20 +00:00
i2c i2c: Allow I2C devices to NAK start events 2017-01-09 11:40:20 +00:00
i386 memhp: don't generate memory hotplug AML if it's not enabled/supported 2017-01-10 07:03:24 +02:00
ide
input gtk,vnc: misc bugfixes. 2017-01-10 14:52:34 +00:00
intc hw/intc/arm_gicv3: Don't signal Pending+Active interrupts to CPU 2016-12-27 14:59:25 +00:00
ipack
ipmi ipmi: fix qemu crash while migrating with ipmi 2016-11-18 17:50:09 +02:00
isa
lm32 loader: fix handling of custom address spaces when adding ROM blobs 2016-11-30 04:20:57 +02:00
m68k m68k: QOMify the MCF Fast Ethernet Controller device 2017-01-20 10:36:38 +08:00
mem
microblaze
mips
misc i2c: Allow I2C devices to NAK start events 2017-01-09 11:40:20 +00:00
moxie
net hw/net/dp8393x: Avoid unintentional sign extensions on addresses 2017-01-20 10:36:38 +08:00
nvram fw_cfg: move FW_CFG_NB_CPUS out of fw_cfg_init1() 2016-11-16 12:09:58 -02:00
openrisc
pci hw/pci: use-after-free in pci_nic_init_nofail when nic device fails to initialize 2017-01-20 10:58:26 +08:00
pci-bridge pcie_aer: support configurable AER capa version 2017-01-10 07:02:52 +02:00
pci-host ppc: Make uninorth interrupt swizzling identical to Grackle 2016-11-23 12:00:48 +11:00
pcmcia
ppc Move target-* CPU file into a target/ folder 2016-12-20 21:52:12 +01:00
s390x virtio: avoid using guest_notifier_mask in vhost-user mode 2016-12-16 01:14:54 +02:00
scsi virtio: convert to use DMA api 2017-01-10 05:56:58 +02:00
sd
sh4 cputlb: drop flush_global flag from tlb_flush 2017-01-13 14:24:37 +00:00
smbios
sparc fw_cfg: move FW_CFG_NB_CPUS out of fw_cfg_init1() 2016-11-16 12:09:58 -02:00
sparc64 target-sparc: fix up niagara machine 2017-01-18 22:03:44 +01:00
ssi hw/ssi/imx_spi.c: Remove MSGDATA register support 2017-01-09 11:50:23 +00:00
timer target-sparc: move common cpu initialisation routines to sparc64.c 2017-01-18 22:03:44 +01:00
tpm
tricore
unicore32
usb xen: attach pvusb usb bus to backend qdev 2016-11-22 10:29:41 -08:00
vfio
virtio vhost-user: Add MTU protocol feature and op 2017-01-10 07:02:53 +02:00
watchdog watchdog: 6300esb: add exit function 2016-12-22 16:00:23 +01:00
xen xen: create qdev for each backend device 2016-11-22 10:29:39 -08:00
xenpv
xtensa
Makefile.objs