haraldwolff/qemu-patch-raspberry4
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
qemu-patch-raspberry4/chardev
History
Marc-André Lureau 6806601969 char: fix use-after-free with dup chardev & reconnect 
With a reconnect socket, qemu_char_open() will start a background
thread. It should keep a reference on the chardev.

Fixes invalid read:
READ of size 8 at 0x6040000ac858 thread T7
    #0 0x5555598d37b8 in unix_connect_saddr /home/elmarco/src/qq/util/qemu-sockets.c:954
    #1 0x5555598d4751 in socket_connect /home/elmarco/src/qq/util/qemu-sockets.c:1109
    #2 0x555559707c34 in qio_channel_socket_connect_sync /home/elmarco/src/qq/io/channel-socket.c:145
    #3 0x5555596adebb in tcp_chr_connect_client_task /home/elmarco/src/qq/chardev/char-socket.c:1104
    #4 0x555559723d55 in qio_task_thread_worker /home/elmarco/src/qq/io/task.c:123
    #5 0x5555598a6731 in qemu_thread_start /home/elmarco/src/qq/util/qemu-thread-posix.c:519
    #6 0x7ffff40d4431 in start_thread (/lib64/libpthread.so.0+0x9431)
    #7 0x7ffff40029d2 in __clone (/lib64/libc.so.6+0x1019d2)

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20200420112012.567284-1-marcandre.lureau@redhat.com>
2020-07-13 11:59:47 +04:00
..
baum.c Include qemu/main-loop.h less 2019-08-16 13:31:52 +02:00
char-console.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
char-fd.c Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
char-fe.c char: update the mux handlers in class callback 2019-02-13 15:36:14 +01:00
char-file.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
char-io.c chardev: use a child source for qio input source 2018-10-03 14:45:05 +04:00
char-mux.c chardev: Use QEMUChrEvent enum in IOEventHandler typedef 2020-01-08 11:15:35 +01:00
char-null.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
char-parallel.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
char-pipe.c chardev: Improve error report by calling error_setg_win32() 2020-03-09 13:36:15 +01:00
char-pty.c Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
char-ringbuf.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
char-serial.c chardev: Add macOS to list of OSes that support -chardev serial 2020-05-04 14:35:23 +02:00
char-socket.c char: fix use-after-free with dup chardev & reconnect 2020-07-13 11:59:47 +04:00
char-stdio.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
char-udp.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
char-win-stdio.c Include qemu/main-loop.h less 2019-08-16 13:31:52 +02:00
char-win.c chardev: Improve error report by calling error_setg_win32() 2020-03-09 13:36:15 +01:00
char.c chardev: don't abort on attempt to add duplicated chardev 2020-07-13 11:59:47 +04:00
Makefile.objs chardev: enable modules, use for braille 2020-07-07 15:33:59 +02:00
msmouse.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
spice.c qemu/queue.h: add QLIST_SAFE_REMOVE() 2020-02-22 08:26:47 +00:00
testdev.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
trace-events trace-events: Shorten file names in comments 2019-03-22 16:18:07 +00:00
wctablet.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00