* [Qemu-devel] [PATCH] audio: es1370: unregister reset call on exit
@ 2016-11-23 9:35 P J P
2016-11-23 9:49 ` no-reply
0 siblings, 1 reply; 2+ messages in thread
From: P J P @ 2016-11-23 9:35 UTC (permalink / raw)
To: Qemu Developers; +Cc: Gerd Hoffmann, Huawei PSIRT, Prasad J Pandit
From: Prasad J Pandit <pjp@fedoraproject.org>
ES1370 audio device emulator registers a device reset call with
Qemu during initialisation. But the same is not unregistered when
audio device is unplugged. This leads to a use-after-free error
during reboot, as Qemu resets the machine. Add 'es1370_exit'
PCIDeviceClass method to avoid it.
Reported-by: Huawei PSIRT <PSIRT@huawei.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
---
hw/audio/es1370.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/hw/audio/es1370.c b/hw/audio/es1370.c
index 8449b5f..5c97295 100644
--- a/hw/audio/es1370.c
+++ b/hw/audio/es1370.c
@@ -1047,12 +1047,19 @@ static int es1370_init (PCIBus *bus)
return 0;
}
+static void es1370_exit (PCIDevice *dev)
+{
+ ES1370State *s = ES1370(dev);
+ qemu_unregister_reset(es1370_on_reset, s);
+}
+
static void es1370_class_init (ObjectClass *klass, void *data)
{
DeviceClass *dc = DEVICE_CLASS (klass);
PCIDeviceClass *k = PCI_DEVICE_CLASS (klass);
k->realize = es1370_realize;
+ k->exit = es1370_exit;
k->vendor_id = PCI_VENDOR_ID_ENSONIQ;
k->device_id = PCI_DEVICE_ID_ENSONIQ_ES1370;
k->class_id = PCI_CLASS_MULTIMEDIA_AUDIO;
--
2.7.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [Qemu-devel] [PATCH] audio: es1370: unregister reset call on exit
2016-11-23 9:35 [Qemu-devel] [PATCH] audio: es1370: unregister reset call on exit P J P
@ 2016-11-23 9:49 ` no-reply
0 siblings, 0 replies; 2+ messages in thread
From: no-reply @ 2016-11-23 9:49 UTC (permalink / raw)
To: ppandit; +Cc: famz, qemu-devel, PSIRT, kraxel, pjp
Hi,
Your series seems to have some coding style problems. See output below for
more information:
Subject: [Qemu-devel] [PATCH] audio: es1370: unregister reset call on exit
Type: series
Message-id: 1479893700-4596-1-git-send-email-ppandit@redhat.com
=== TEST SCRIPT BEGIN ===
#!/bin/bash
BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0
# Useful git options
git config --local diff.renamelimit 0
git config --local diff.renames True
commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done
exit $failed
=== TEST SCRIPT END ===
Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
89219ee audio: es1370: unregister reset call on exit
=== OUTPUT BEGIN ===
Checking PATCH 1/1: audio: es1370: unregister reset call on exit...
ERROR: space prohibited between function name and open parenthesis '('
#24: FILE: hw/audio/es1370.c:1050:
+static void es1370_exit (PCIDevice *dev)
total: 1 errors, 0 warnings, 19 lines checked
Your patch has style problems, please review. If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
=== OUTPUT END ===
Test command exited with code: 1
---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-devel@freelists.org
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-11-23 9:49 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-11-23 9:35 [Qemu-devel] [PATCH] audio: es1370: unregister reset call on exit P J P
2016-11-23 9:49 ` no-reply
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.