| commit | 4eae2a657d1ff5ada56eb9b4966eae0eff333b0b | |
| author | Ladi Prosek <lprosek@redhat.com> | |
| Tue, 1 Mar 2016 11:14:03 +0000 (1 12:14 +0100) | ||
| committer | Michael S. Tsirkin <mst@redhat.com> | |
| Fri, 11 Mar 2016 12:54:28 +0000 (11 14:54 +0200) | ||
| tree | 57cc83df89f1a0d157bf883854c5674fa7e03587 | treesnapshot (tar.gz zip) |
| parent | f20354910893310d5496ebb6edfc551d83d95343 | commitdiff |
balloon: fix segfault and harden the stats queue
The segfault here is triggered by the driver notifying the stats queue
twice after adding a buffer to it. This effectively resets stats_vq_elem
back to NULL and QEMU crashes on the next stats timer tick in
balloon_stats_poll_cb.
This is a regression introduced in 51b19ebe4320f3dc, although admittedly
the device assumed too much about the stats queue protocol even before
that commit. This commit adds a few more checks and ensures that the one
stats buffer gets deallocated on device reset.
Cc: qemu-stable@nongnu.org
Signed-off-by: Ladi Prosek <lprosek@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The segfault here is triggered by the driver notifying the stats queue
twice after adding a buffer to it. This effectively resets stats_vq_elem
back to NULL and QEMU crashes on the next stats timer tick in
balloon_stats_poll_cb.
This is a regression introduced in 51b19ebe4320f3dc, although admittedly
the device assumed too much about the stats queue protocol even before
that commit. This commit adds a few more checks and ensures that the one
stats buffer gets deallocated on device reset.
Cc: qemu-stable@nongnu.org
Signed-off-by: Ladi Prosek <lprosek@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
| hw/virtio/virtio-balloon.c | diffblobblamehistory |