david.venhoff/QEMU-Nyx-fork
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

acpi_piix4: fix segfault migrating from 1.2

Browse Source 
b0b873a07872f7ab7f66f259c73fb9dd42aa66a9 bumped the vmstate version and
introduced an old-style load function to handle migration from prior
(<= 1.2) versions.

The load function passes the top-level PIIX4PMState pointer to
vmstate_load_state() to handle nested structs for APMState and
pci_status, which leads to corruption of the top-level PIIX4PMState,
since pointers to the nested structs are expected.

A segfault can be fairly reliably triggered by migrating from 1.2 and
issuing a reset, which will trigger a number of QOM operations which
rely on the now corrupted ObjectClass/Object members.

Fix this by passing in the expected pointers for vmstate_load_state().

Cc: qemu-stable@nongnu.org
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This commit is contained in:
Michael Roth 2013-02-04 10:07:51 -06:00 committed by Anthony Liguori
parent c881e20eed
commit ded67782e6
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
hw/acpi_piix4.c
View File

@ -235,7 +235,7 @@ static int acpi_load_old(QEMUFile *f, void *opaque, int version_id)
qemu_get_be16s(f, &s->ar.pm1.evt.en);
qemu_get_be16s(f, &s->ar.pm1.cnt.cnt);
ret = vmstate_load_state(f, &vmstate_apm, opaque, 1);
ret = vmstate_load_state(f, &vmstate_apm, &s->apm, 1);
if (ret) {
return ret;
}
@ -253,7 +253,7 @@ static int acpi_load_old(QEMUFile *f, void *opaque, int version_id)
qemu_get_be16s(f, &temp);
}
ret = vmstate_load_state(f, &vmstate_pci_status, opaque, 1);
ret = vmstate_load_state(f, &vmstate_pci_status, &s->pci0_status, 1);
return ret;
}