From: Daniel Henrique Barboza <danielhb413@gmail.com>
To: Bin Meng <bmeng.cn@gmail.com>, qemu-devel@nongnu.org
Cc: "Xuzhou Cheng" <xuzhou.cheng@windriver.com>,
"Bin Meng" <bin.meng@windriver.com>,
"Cédric Le Goater" <clg@kaod.org>,
qemu-ppc@nongnu.org
Subject: Re: [PATCH v2 28/39] hw/pci-host: pnv_phb{3, 4}: Fix heap out-of-bound access failure
Date: Tue, 20 Sep 2022 12:40:23 -0300 [thread overview]
Message-ID: <8c9748e9-0204-c5c5-bdde-3ae069c0c98a@gmail.com> (raw)
In-Reply-To: <20220920103159.1865256-29-bmeng.cn@gmail.com>
Bin,
Since I'll send a ppc pull request shortly, I'll queue up both this and patch 27 via
the ppc tree. These are good fixes that are independent of what happens with the
'tests/qtest: Enable running qtest on Windows' series.
Thanks,
Daniel
On 9/20/22 07:31, Bin Meng wrote:
> From: Xuzhou Cheng <xuzhou.cheng@windriver.com>
>
> pnv_phb3_root_bus_info and pnv_phb4_root_bus_info are missing the
> instance_size initialization. This results in accessing out-of-bound
> memory when setting 'chip-id' and 'phb-id', and eventually crashes
> glib's malloc functionality with the following message:
>
> "qemu-system-ppc64: GLib: ../glib-2.72.3/glib/gmem.c:131: failed to allocate 3232 bytes"
>
> This issue was noticed only when running qtests with QEMU Windows
> 32-bit executable. Windows 64-bit, Linux 32/64-bit do not expose
> this bug though.
>
> Fixes: 9ae1329ee2fe ("ppc/pnv: Add models for POWER8 PHB3 PCIe Host bridge")
> Fixes: 4f9924c4d4cf ("ppc/pnv: Add models for POWER9 PHB4 PCIe Host bridge")
> Signed-off-by: Xuzhou Cheng <xuzhou.cheng@windriver.com>
> Signed-off-by: Bin Meng <bin.meng@windriver.com>
> ---
>
> Changes in v2:
> - new patch: "hw/pci-host: pnv_phb{3,4}: Fix heap out-of-bound access failure"
>
> hw/pci-host/pnv_phb3.c | 1 +
> hw/pci-host/pnv_phb4.c | 1 +
> 2 files changed, 2 insertions(+)
>
> diff --git a/hw/pci-host/pnv_phb3.c b/hw/pci-host/pnv_phb3.c
> index af8575c007..9054c393a2 100644
> --- a/hw/pci-host/pnv_phb3.c
> +++ b/hw/pci-host/pnv_phb3.c
> @@ -1169,6 +1169,7 @@ static void pnv_phb3_root_bus_class_init(ObjectClass *klass, void *data)
> static const TypeInfo pnv_phb3_root_bus_info = {
> .name = TYPE_PNV_PHB3_ROOT_BUS,
> .parent = TYPE_PCIE_BUS,
> + .instance_size = sizeof(PnvPHB3RootBus),
> .class_init = pnv_phb3_root_bus_class_init,
> };
>
> diff --git a/hw/pci-host/pnv_phb4.c b/hw/pci-host/pnv_phb4.c
> index 824e1a73fb..ccbde841fc 100644
> --- a/hw/pci-host/pnv_phb4.c
> +++ b/hw/pci-host/pnv_phb4.c
> @@ -1773,6 +1773,7 @@ static void pnv_phb4_root_bus_class_init(ObjectClass *klass, void *data)
> static const TypeInfo pnv_phb4_root_bus_info = {
> .name = TYPE_PNV_PHB4_ROOT_BUS,
> .parent = TYPE_PCIE_BUS,
> + .instance_size = sizeof(PnvPHB4RootBus),
> .class_init = pnv_phb4_root_bus_class_init,
> };
>
next prev parent reply other threads:[~2022-09-20 20:33 UTC|newest]
Thread overview: 87+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-20 10:31 [PATCH v2 00/39] tests/qtest: Enable running qtest on Windows Bin Meng
2022-09-20 10:31 ` [PATCH v2 01/39] tests: Change to use g_mkdir() Bin Meng
2022-09-22 19:32 ` Marc-André Lureau
2022-09-23 1:09 ` Bin Meng
2022-09-23 18:02 ` Thomas Huth
2022-09-26 8:21 ` Daniel P. Berrangé
2022-09-20 10:31 ` [PATCH v2 02/39] tests/qtest: i440fx-test: Rewrite create_blob_file() to be portable Bin Meng
2022-09-22 19:34 ` Marc-André Lureau
2022-09-20 10:31 ` [PATCH v2 03/39] block: Unify the get_tmp_filename() implementation Bin Meng
2022-09-22 19:38 ` Marc-André Lureau
2022-09-24 8:09 ` Bin Meng
2022-09-20 10:31 ` [PATCH v2 04/39] semihosting/arm-compat-semi: Avoid using hardcoded /tmp Bin Meng
2022-09-23 16:20 ` Alex Bennée
2022-09-20 10:31 ` [PATCH v2 05/39] tcg: " Bin Meng
2022-09-23 16:20 ` Alex Bennée
2022-09-20 10:31 ` [PATCH v2 06/39] util/qemu-sockets: Use g_get_tmp_dir() to get the directory for temporary files Bin Meng
2022-09-20 10:31 ` [PATCH v2 07/39] tests: Avoid using hardcoded /tmp in test cases Bin Meng
2022-09-22 19:46 ` Marc-André Lureau
2022-09-23 4:43 ` Markus Armbruster
2022-09-20 10:31 ` [PATCH v2 08/39] block/vvfat: Unify the mkdir() call Bin Meng
2022-09-22 19:47 ` Marc-André Lureau
2022-09-20 10:31 ` [PATCH v2 09/39] fsdev/virtfs-proxy-helper: Use g_mkdir() Bin Meng
2022-09-20 13:42 ` Christian Schoenebeck
2022-09-20 10:31 ` [PATCH v2 10/39] hw/usb: dev-mtp: " Bin Meng
2022-09-20 11:20 ` Gerd Hoffmann
2022-09-20 10:31 ` [PATCH v2 11/39] tests/qtest: Skip running virtio-net-test cases that require socketpair() for win32 Bin Meng
2022-09-20 10:31 ` [PATCH v2 12/39] tests/qtest: Build test-filter-{mirror, redirector} cases for posix only Bin Meng
2022-09-20 10:31 ` [PATCH v2 13/39] tests/qtest: qmp-test: Skip running test_qmp_oob for win32 Bin Meng
2022-09-20 10:31 ` [PATCH v2 14/39] accel/qtest: Implement a portable qtest accelerator Bin Meng
2022-09-20 10:31 ` [PATCH v2 15/39] tests/qtest: libqtest: Adapt global_qtest declaration for win32 Bin Meng
2022-09-20 10:31 ` [PATCH v2 16/39] tests/qtest: Use send/recv for socket communication Bin Meng
2022-09-22 19:52 ` Marc-André Lureau
2022-09-20 10:31 ` [PATCH v2 17/39] tests/qtest: libqtest: Exclude the *_fds APIs for win32 Bin Meng
2022-09-20 10:31 ` [PATCH v2 18/39] tests/qtest: libqtest: Install signal handler via signal() Bin Meng
2022-09-22 19:55 ` Marc-André Lureau
2022-09-23 17:54 ` Thomas Huth
2022-09-20 10:31 ` [PATCH v2 19/39] tests/qtest: Support libqtest to build and run on Windows Bin Meng
2022-09-22 19:59 ` Marc-André Lureau
2022-09-20 10:31 ` [PATCH v2 20/39] tests/qtest: {ahci, ide}-test: Use relative path for temporary files for win32 Bin Meng
2022-09-22 20:02 ` Marc-André Lureau
2022-09-23 20:00 ` John Snow
2022-09-20 10:31 ` [PATCH v2 21/39] tests/qtest: bios-tables-test: Adapt the case " Bin Meng
2022-09-20 10:31 ` [PATCH v2 22/39] tests/qtest: migration-test: Disable IO redirection " Bin Meng
2022-09-22 20:04 ` Marc-André Lureau
2022-09-20 10:31 ` [PATCH v2 23/39] tests/qtest: ide-test: Open file in binary mode Bin Meng
2022-09-20 10:31 ` [PATCH v2 24/39] tests/qtest: virtio-net-failover: Disable migration tests for win32 Bin Meng
2022-09-22 20:05 ` Marc-André Lureau
2022-09-20 10:31 ` [PATCH v2 25/39] chardev/char-file: Add FILE_SHARE_WRITE when openning the file " Bin Meng
2022-09-22 20:09 ` Marc-André Lureau
2022-09-24 8:10 ` Bin Meng
2022-09-25 5:19 ` Bin Meng
2022-09-20 10:31 ` [PATCH v2 26/39] tests/qtest: migration-test: Make sure QEMU process "to" exited after migration is canceled Bin Meng
2022-09-21 16:29 ` Dr. David Alan Gilbert
2022-09-21 16:50 ` Daniel P. Berrangé
2022-09-21 21:54 ` Marc-André Lureau
2022-09-22 3:29 ` Bin Meng
2022-09-20 10:31 ` [PATCH v2 27/39] hw/ppc: spapr: Use qemu_vfree() to free spapr->htab Bin Meng
2022-09-20 10:31 ` [PATCH v2 28/39] hw/pci-host: pnv_phb{3, 4}: Fix heap out-of-bound access failure Bin Meng
2022-09-20 11:17 ` Cédric Le Goater
2022-09-20 15:40 ` Daniel Henrique Barboza [this message]
2022-09-21 0:14 ` Bin Meng
2022-09-20 10:31 ` [PATCH v2 29/39] tests/qtest: microbit-test: Fix socket access for win32 Bin Meng
2022-09-20 10:31 ` [PATCH v2 30/39] tests/qtest: libqtest: Replace the call to close a socket with closesocket() Bin Meng
2022-09-20 10:31 ` [PATCH v2 31/39] tests/qtest: libqtest: Correct the timeout unit of blocking receive calls for win32 Bin Meng
2022-09-20 10:31 ` [PATCH v2 32/39] io/channel-watch: Drop a superfluous '#ifdef WIN32' Bin Meng
2022-09-20 10:31 ` [PATCH v2 33/39] io/channel-watch: Drop the unnecessary cast Bin Meng
2022-09-22 20:13 ` Marc-André Lureau
2022-09-20 10:31 ` [PATCH v2 34/39] io/channel-watch: Fix socket watch on Windows Bin Meng
2022-09-20 10:31 ` [PATCH v2 35/39] tests/qtest: migration-test: Skip running some TLS cases for win32 Bin Meng
2022-09-21 16:51 ` Dr. David Alan Gilbert
2022-09-21 17:23 ` Daniel P. Berrangé
2022-09-22 2:47 ` Bin Meng
2022-09-22 10:39 ` Daniel P. Berrangé
2022-09-22 11:54 ` Bin Meng
2022-09-27 15:40 ` Daniel P. Berrangé
2022-09-28 6:03 ` Bin Meng
2022-09-28 7:07 ` Daniel P. Berrangé
2022-09-22 20:16 ` Marc-André Lureau
2022-09-20 10:31 ` [PATCH v2 36/39] .gitlab-ci.d/windows.yml: Increase the timeout to 90 minutes Bin Meng
2022-09-23 16:22 ` Alex Bennée
2022-09-23 17:50 ` Thomas Huth
2022-09-24 1:13 ` Bin Meng
2022-09-20 10:31 ` [PATCH v2 37/39] .gitlab-ci.d/windows.yml: Display meson test logs Bin Meng
2022-09-20 10:31 ` [PATCH v2 38/39] tests/qtest: Enable qtest build on Windows Bin Meng
2022-09-22 20:18 ` Marc-André Lureau
2022-09-24 8:13 ` Bin Meng
2022-09-20 10:31 ` [PATCH v2 39/39] docs/devel: testing: Document writing portable test cases Bin Meng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8c9748e9-0204-c5c5-bdde-3ae069c0c98a@gmail.com \
--to=danielhb413@gmail.com \
--cc=bin.meng@windriver.com \
--cc=bmeng.cn@gmail.com \
--cc=clg@kaod.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
--cc=xuzhou.cheng@windriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.