haraldwolff/qemu-patch-raspberry4
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
qemu-patch-raspberry4/hw
History
Kevin Wolf a9d52a7563 block/qdev: Fix NULL access when using BB twice 
BlockBackend has only a single pointer to its guest device, so it makes
sure that only a single guest device is attached to it. device-add
returns an error if you try to attach a second device to a BB. In order
to make the error message nicer, -device that manually connects to a
if=none block device get a different message than -drive that implicitly
creates a guest device. The if=... option is stored in DriveInfo.

However, since blockdev-add exists, not every BlockBackend has a
DriveInfo any more. Check that it exists before we dereference it.

QMP reproducer resulting in a segfault:

{"execute":"blockdev-add","arguments":{"options":{"id":"disk","driver":"file","filename":"/tmp/test.img"}}}
{"execute":"device_add","arguments":{"driver":"virtio-blk-pci","drive":"disk"}}
{"execute":"device_add","arguments":{"driver":"virtio-blk-pci","drive":"disk"}}

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-07-05 16:46:26 +02:00
..
9pfs 9p: synth: drop v9fs_ prefix 2016-07-01 14:38:54 +02:00
acpi pc: use new CPU hotplug interface since 2.7 machine type 2016-06-24 05:21:38 +03:00
alpha trace: split out trace events for hw/alpha/ directory 2016-06-20 17:22:17 +01:00
arm ast2400: create SPI flash slaves 2016-07-04 13:15:22 +01:00
audio pcspk: fix KVM 2016-06-30 19:00:02 +01:00
block block: Switch transfer length bounds to byte-based 2016-07-05 16:46:25 +02:00
bt bt: rewrite csrhci_write to avoid out-of-bounds writes 2016-05-29 09:11:11 +02:00
char * serial port fixes (Paolo) 2016-06-29 19:14:48 +01:00
core block/qdev: Fix NULL access when using BB twice 2016-07-05 16:46:26 +02:00
cpu cpu: Abstract CPU core type 2016-06-17 16:33:48 +10:00
cris hw/char: QOM'ify etraxfs_ser.c 2016-05-29 09:11:10 +02:00
display ssi: change ssi_slave_init to be a realize ops 2016-07-04 13:15:22 +01:00
dma dma: Add Xilinx Zynq devcfg device model 2016-07-04 13:15:22 +01:00
gpio hw/gpio: QOM'ify zaurus.c 2016-06-14 15:59:13 +01:00
i2c ICH9 SMB: make TYPE_ICH9_SMB_DEVICE macro public 2016-06-29 14:03:46 +02:00
i386 intel_iommu: Throw hw_error on notify_started 2016-06-30 13:00:24 -06:00
ide * serial port fixes (Paolo) 2016-06-29 19:14:48 +01:00
input pckbd: handle A20 IRQ as GPIO 2016-06-29 14:03:46 +02:00
intc armv7m_nvic: Use qemu_get_cpu(0) instead of current_cpu 2016-07-04 13:15:22 +01:00
ipack ipack: Update e-mail address 2016-05-18 15:04:27 +03:00
ipmi hw/ipmi: fix spelling 2016-06-07 18:02:48 +03:00
isa ich9: implement SCI_IRQ_SEL register 2016-06-29 14:03:48 +02:00
lm32 hw/char: QOM'ify milkymist-uart.c 2016-05-29 09:11:10 +02:00
m68k hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
mem nvdimm: support nvdimm label 2016-06-24 05:13:57 +03:00
microblaze m25p80: qdev-ify drive property 2016-07-04 13:15:22 +01:00
mips mips: use MIPSCPU instead of CPUMIPSState 2016-05-19 16:42:27 +02:00
misc ssi: change ssi_slave_init to be a realize ops 2016-07-04 13:15:22 +01:00
moxie hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
net ipxe: update submodule from 4e03af8ec to 041863191 2016-07-05 12:46:18 +01:00
nvram trace: split out trace events for hw/nvram/ directory 2016-06-20 17:22:15 +01:00
openrisc hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
pci trace: split out trace events for hw/pci/ directory 2016-06-20 17:22:16 +01:00
pci-bridge fix some coding style problems 2016-06-17 03:28:03 +03:00
pci-host Q35: implement property interfece to several parameters 2016-06-29 14:03:46 +02:00
pcmcia hw: Clean up includes 2016-01-29 15:07:25 +00:00
ppc ppc/hash64: Add proper real mode translation support 2016-07-05 14:31:08 +10:00
s390x virtio-ccw: convert to ioeventfd callbacks 2016-06-24 08:47:35 +03:00
scsi block: Switch transfer length bounds to byte-based 2016-07-05 16:46:25 +02:00
sd ssi: change ssi_slave_init to be a realize ops 2016-07-04 13:15:22 +01:00
sh4 hw/sh4/sh_pci.c: Use ldl_le_p() and stl_le_p() 2016-06-28 15:09:32 +01:00
smbios ipmi: Add SMBIOS table entry 2016-06-24 05:13:57 +03:00
sparc trace: split out trace events for hw/sparc/ directory 2016-06-20 17:22:16 +01:00
sparc64 util: move declarations out of qemu-common.h 2016-03-22 22:20:17 +01:00
ssi ast2400: add SPI flash slaves 2016-07-04 13:15:22 +01:00
timer MC146818 RTC: add GPIO access to output IRQ 2016-06-29 14:03:46 +02:00
tpm tpm: Fix write to file descriptor function 2016-04-13 19:52:34 +03:00
tricore hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
unicore32 hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
usb usb-uas: hotplug support 2016-06-22 12:53:26 +02:00
vfio vfio/spapr: Create DMA window dynamically (SPAPR IOMMU v2) 2016-07-05 14:31:08 +10:00
virtio virtio-bus: remove old set_host_notifier callback 2016-06-24 08:47:35 +03:00
watchdog nmi: remove x86 specific nmi handling 2016-05-23 16:53:46 +02:00
xen xen: move xen_sysdev to xen_backend.c 2016-06-22 11:28:42 +01:00
xenpv xen: move xen_sysdev to xen_backend.c 2016-06-22 11:28:42 +01:00
xtensa replace muldiv64(a, b, c) by (uint64_t)a * b / c 2016-06-07 18:02:49 +03:00
Makefile.objs Add a base IPMI interface 2015-12-22 18:39:19 +02:00