Go to file
Michal Privoznik a760715095 qemu_opts_append: Play nicely with QemuOptsList's head
When running a libvirt test suite I've noticed the qemu-img is
crashing occasionally. Tracing the problem down led me to the
following valgrind output:

qemu.git $ valgrind -q ./qemu-img create -f qed -obacking_file=/dev/null,backing_fmt=raw qed
==14881== Invalid write of size 8
==14881==    at 0x1D263F: qemu_opts_create (qemu-option.c:692)
==14881==    by 0x130782: bdrv_img_create (block.c:5531)
==14881==    by 0x118DE0: img_create (qemu-img.c:462)
==14881==    by 0x11E7E4: main (qemu-img.c:2830)
==14881==  Address 0x11fedd38 is 24 bytes inside a block of size 232 free'd
==14881==    at 0x4C2CA5E: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==14881==    by 0x592D35E: g_realloc (in /usr/lib64/libglib-2.0.so.0.3800.2)
==14881==    by 0x1D38D8: qemu_opts_append (qemu-option.c:1129)
==14881==    by 0x13075E: bdrv_img_create (block.c:5528)
==14881==    by 0x118DE0: img_create (qemu-img.c:462)
==14881==    by 0x11E7E4: main (qemu-img.c:2830)
==14881==
Formatting 'qed', fmt=qed size=0 backing_file='/dev/null' backing_fmt='raw' cluster_size=65536
==14881== Invalid write of size 8
==14881==    at 0x1D28BE: qemu_opts_del (qemu-option.c:750)
==14881==    by 0x130BF3: bdrv_img_create (block.c:5638)
==14881==    by 0x118DE0: img_create (qemu-img.c:462)
==14881==    by 0x11E7E4: main (qemu-img.c:2830)
==14881==  Address 0x11fedd38 is 24 bytes inside a block of size 232 free'd
==14881==    at 0x4C2CA5E: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==14881==    by 0x592D35E: g_realloc (in /usr/lib64/libglib-2.0.so.0.3800.2)
==14881==    by 0x1D38D8: qemu_opts_append (qemu-option.c:1129)
==14881==    by 0x13075E: bdrv_img_create (block.c:5528)
==14881==    by 0x118DE0: img_create (qemu-img.c:462)
==14881==    by 0x11E7E4: main (qemu-img.c:2830)
==14881==

The problem is apparently in the qemu_opts_append(). Well, if it
gets called twice or more. On the first call, when @dst is NULL
some initialization is done during which @dst->head list gets
initialized. The list is initialized in a way, so that the list
tail points at the list head. However, the next time
qemu_opts_append() is called for new options to be added,
g_realloc() may move @dst to a new address making the old list tail
point at an invalid address. If that's the case, we must update the
list pointers.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-06-26 15:53:52 +02:00
audio audio: Drop superfluous conditionals around g_free() 2014-06-13 12:34:54 +02:00
backends rng-random: NULL check not needed before g_free() 2014-06-24 20:01:24 +04:00
block block: Catch backing files assigned to non-COW drivers 2014-06-26 13:51:01 +02:00
bsd-user bsd-user: Fix syscall format, add strace support for more syscalls 2014-06-11 00:25:06 +01:00
default-configs pc: implement pc-dimm device abstraction 2014-06-19 16:41:47 +03:00
disas disas/libvixl: Update to libvixl 1.4 2014-05-13 16:09:35 +01:00
docs qapi event: convert QUORUM events 2014-06-23 11:12:28 -04:00
dtc@bc895d6d09 dtc: add submodule 2013-04-18 13:50:53 +02:00
fpu fpu: softfloat: drop INLINE macro 2014-06-23 11:00:12 -04:00
fsdev virtfs-proxy-helper: fix call to accept 2014-04-28 08:55:32 +04:00
gdb-xml target-arm: Support fp registers in gdb stub 2013-12-17 19:42:32 +00:00
hw hw/moxie/moxiesim.c: Remove unused moxie_intc_create() 2014-06-24 20:01:24 +04:00
include block: Catch backing files assigned to non-COW drivers 2014-06-26 13:51:01 +02:00
libcacard vscclient: Add required headers to fix build on FreeBSD 2014-06-24 20:01:24 +04:00
libdecnumber libdecnumber: Fix decNumberSetBCD 2014-06-16 13:24:29 +02:00
linux-headers linux-headers: update linux headers to kvm/next 2014-06-16 13:24:41 +02:00
linux-user Add support for the arm breakpoint syscall 2014-06-24 20:01:24 +04:00
net Add the vhost-user netdev backend to the command line 2014-06-19 18:44:18 +03:00
pc-bios pc-bios/s390-ccw: update s390-ccw.img binary 2014-06-23 14:19:45 +02:00
pixman@97336fad32 qapi: move include files to include/qobject/ 2012-12-19 08:31:31 +01:00
po po: add proper Language: tags to .po files 2014-04-28 08:55:32 +04:00
qapi Merge remote-tracking branch 'remotes/qmp-unstable/queue/qmp' into staging 2014-06-24 13:06:13 +01:00
qga qga: Fix handle fd leak in acquire_privilege() 2014-06-03 15:07:59 -05:00
qobject json-lexer: fix escaped backslash in single-quoted string 2014-06-23 11:01:24 -04:00
qom qom: introduce object_property_get_enum and object_property_get_uint16List 2014-06-19 18:44:19 +03:00
roms Update OpenBIOS images 2014-06-20 23:59:19 +01:00
scripts migration/next for 20140623 2014-06-24 15:33:42 +01:00
slirp Increase maximum number of session of the internal TFTP server. 2014-06-24 20:01:24 +04:00
stubs Merge remote-tracking branch 'remotes/qmp-unstable/queue/qmp' into staging 2014-06-24 13:06:13 +01:00
sysconfigs/target Eliminate cpus-x86_64.conf file 2012-09-21 15:12:58 +02:00
target-alpha softmmu: introduce cpu_ldst.h 2014-06-05 16:10:33 +02:00
target-arm Fix new typos (found by codespell) 2014-06-24 20:01:24 +04:00
target-cris target-cris/translate.c: Remove _t_gen_mov_TN_env and _t_gen_mov_env_TN 2014-06-09 01:04:44 +02:00
target-i386 target-i386: Use Common ShiftRows and InvShiftRows Tables 2014-06-16 13:24:33 +02:00
target-lm32 vl: allow other threads to do qemu_system_vmstop_request 2014-06-23 16:36:13 +08:00
target-m68k softmmu: introduce cpu_ldst.h 2014-06-05 16:10:33 +02:00
target-microblaze target-microblaze: Delete unused sign_extend() function 2014-06-10 19:39:34 +04:00
target-mips target-mips: copy CP0_Config1 into DisasContext 2014-06-20 22:14:13 +02:00
target-moxie softmmu: introduce cpu_ldst.h 2014-06-05 16:10:33 +02:00
target-openrisc softmmu: introduce cpu_ldst.h 2014-06-05 16:10:33 +02:00
target-ppc target-ppc: Fix compiler warning 2014-06-24 20:01:24 +04:00
target-s390x target-s390x: Remove unused ld_code6() function 2014-06-24 20:01:24 +04:00
target-sh4 softmmu: introduce cpu_ldst.h 2014-06-05 16:10:33 +02:00
target-sparc softmmu: introduce cpu_ldst.h 2014-06-05 16:10:33 +02:00
target-unicore32 target-unicore: Remove unused functions 2014-06-24 20:01:24 +04:00
target-xtensa softmmu: introduce cpu_ldst.h 2014-06-05 16:10:33 +02:00
tcg tcg: mark tcg_out* and tcg_patch* with attribute 'unused' 2014-06-24 20:01:24 +04:00
tests block: Catch backing files assigned to non-COW drivers 2014-06-26 13:51:01 +02:00
trace glib-compat.h: add new thread API emulation on top of pre-2.31 API 2014-06-10 07:44:01 +02:00
ui qemu-char: introduce qemu_chr_alloc 2014-06-23 11:12:28 -04:00
util qemu_opts_append: Play nicely with QemuOptsList's head 2014-06-26 15:53:52 +02:00
.exrc qemu: add .exrc 2012-09-07 09:02:44 +03:00
.gitignore configure: Put tempfiles in a subdir of the build directory 2014-05-24 00:34:38 +04:00
.gitmodules PPC: Add u-boot firmware for e500 2014-06-16 13:24:35 +02:00
.mailmap Update mailmap 2013-09-05 09:40:31 -05:00
.travis.yml trace: Multi-backend tracing 2014-06-09 15:43:40 +02:00
aio-posix.c aio: make aio_poll(ctx, true) block with no fds 2013-12-06 16:53:51 +01:00
aio-win32.c aio: make aio_poll(ctx, true) block with no fds 2013-12-06 16:53:51 +01:00
arch_init.c migration: catch unknown flags in ram_load 2014-06-16 04:55:27 +02:00
async.c aio: fix qemu_bh_schedule() bh->ctx race condition 2014-06-04 09:56:06 +02:00
balloon.c qapi event: convert BALLOON_CHANGE 2014-06-23 11:12:28 -04:00
block-migration.c block: fix wrong order in live block migration setup 2014-06-04 11:22:39 +02:00
block.c block: Remove a special case for protocols 2014-06-26 13:51:01 +02:00
blockdev-nbd.c nbd: Close socket on negotiation failure. 2014-05-24 00:07:29 +04:00
blockdev.c qapi event: convert other BLOCK_JOB events 2014-06-23 11:12:28 -04:00
blockjob.c blockjob: Add block_job_yield() 2014-06-26 12:12:22 +02:00
bt-host.c sysemu: avoid proliferation of include/ subdirectories 2013-04-15 18:19:25 +02:00
bt-vhci.c sysemu: avoid proliferation of include/ subdirectories 2013-04-15 18:19:25 +02:00
Changelog Use qemu-project.org domain name 2013-10-11 09:34:56 -07:00
CODING_STYLE CODING_STYLE: Section about mixed declarations 2014-03-27 19:22:49 +04:00
configure configure: Enable TPM by default, add --disable-tpm 2014-06-24 20:01:24 +04:00
COPYING
COPYING.LIB
coroutine-gthread.c glib-compat.h: add new thread API emulation on top of pre-2.31 API 2014-06-10 07:44:01 +02:00
coroutine-sigaltstack.c Merge remote-tracking branch 'kwolf/for-anthony' into staging 2013-02-26 07:44:39 -06:00
coroutine-ucontext.c Fix warnings suppressors to honor --disable-werror 2013-04-17 10:28:04 -05:00
coroutine-win32.c block: move include files to include/block/ 2012-12-19 08:31:31 +01:00
cpu-exec.c cpu: make CPU_INTERRUPT_RESET available on all targets 2014-05-13 13:21:51 +02:00
cpus.c qapi event: convert STOP 2014-06-23 11:01:25 -04:00
cputlb.c softmmu: introduce cpu_ldst.h 2014-06-05 16:10:33 +02:00
device_tree.c device_tree: qemu_fdt_setprop: Rename val_array arg 2013-12-20 01:58:12 +01:00
device-hotplug.c blockdev: Remove unused DriveInfo reference count 2014-06-16 17:23:19 +08:00
disas.c monitor: QEMU Monitor Instruction Disassembly Incorrect for PowerPC LE Mode 2014-06-16 13:24:26 +02:00
dma-helpers.c dma-helpers: avoid calling dma_bdrv_unmap() twice 2014-05-24 00:28:43 +04:00
dump.c dump: Make DumpState and endian conversion routines available for arch-specific dump code 2014-06-16 13:24:36 +02:00
exec.c tcg-ppc: Merge cache-utils into the backend 2014-06-23 07:32:30 -07:00
gdbstub.c exec: Change cpu_breakpoint_{insert,remove{,_by_ref,_all}} argument 2014-03-13 19:20:48 +01:00
HACKING HACKING: Document vaddr type usage 2013-07-23 02:41:31 +02:00
hmp-commands.hx Add the vhost-user netdev backend to the command line 2014-06-19 18:44:18 +03:00
hmp.c Merge remote-tracking branch 'remotes/qmp-unstable/queue/qmp' into staging 2014-06-24 13:06:13 +01:00
hmp.h hmp: add info memdev 2014-06-19 18:44:21 +03:00
iohandler.c iohandler.c: Properly initialize sigaction struct 2014-05-24 00:07:29 +04:00
ioport.c portio: Allow to mark portio lists as coalesced MMIO flushing 2013-10-17 17:24:15 +02:00
iothread.c iothread: make IOThread struct definition public 2014-04-04 20:48:02 +02:00
kvm-all.c Merge remote-tracking branch 'remotes/kvm/uq/master' into staging 2014-06-20 19:25:18 +01:00
kvm-stub.c Add kvm_eventfds_enabled function 2014-06-19 16:41:54 +03:00
LICENSE LICENSE: clarify 2013-08-12 09:15:12 -05:00
main-loop.c main-loop: Suppress "I/O thread spun" warnings for qtest 2014-03-13 21:36:50 +01:00
MAINTAINERS Merge remote-tracking branch 'remotes/kvm/uq/master' into staging 2014-06-20 19:25:18 +01:00
Makefile build-sys: introduce install-prog macro to install&strip binaries and use it 2014-06-24 20:01:24 +04:00
Makefile.objs qapi script: add event support 2014-06-23 11:01:25 -04:00
Makefile.target build-sys: introduce install-prog macro to install&strip binaries and use it 2014-06-24 20:01:24 +04:00
memory_mapping.c cpu: Use QTAILQ for CPU list 2013-09-03 12:25:55 +02:00
memory.c hostmem: add property to map memory with MAP_SHARED 2014-06-19 18:44:20 +03:00
migration-exec.c aio / timers: Untangle include files 2013-08-22 19:10:27 +02:00
migration-fd.c aio / timers: Untangle include files 2013-08-22 19:10:27 +02:00
migration-rdma.c rdma: bug fixes 2014-06-23 19:09:50 +02:00
migration-tcp.c Coverity: Fix failure path for qemu_accept in migration 2014-05-05 22:15:03 +02:00
migration-unix.c Coverity: Fix failure path for qemu_accept in migration 2014-05-05 22:15:03 +02:00
migration.c migration: catch unknown flags in ram_load 2014-06-16 04:55:27 +02:00
module-common.c module: implement module loading 2014-02-20 13:14:18 +01:00
monitor.c Merge remote-tracking branch 'remotes/qmp-unstable/queue/qmp' into staging 2014-06-24 13:06:13 +01:00
nbd.c nbd: Miscellaneous typo fixes. 2014-05-24 00:07:29 +04:00
numa.c numa: handle mmaped memory allocation failure correctly 2014-06-19 18:44:22 +03:00
os-posix.c oslib-posix: Fix build on FreeBSD 2014-03-13 14:34:16 +00:00
os-win32.c util: Split out exec_dir from os_find_datadir 2014-02-20 13:12:54 +01:00
page_cache.c migration: Plug memory leak in migrate-set-cache-size command 2014-06-10 19:54:43 +04:00
qapi-event.json qapi event: convert QUORUM events 2014-06-23 11:12:28 -04:00
qapi-schema.json Merge remote-tracking branch 'remotes/qmp-unstable/queue/qmp' into staging 2014-06-24 13:06:13 +01:00
qdev-monitor.c qdev: Implement named GPIOs 2014-05-28 17:36:21 +02:00
qdict-test-data.txt
qemu-bridge-helper.c qemu-bridge-helper: force usage of a very high MAC address for the bridge 2013-03-28 12:58:52 -05:00
qemu-char.c Merge remote-tracking branch 'remotes/qmp-unstable/queue/qmp' into staging 2014-06-24 13:06:13 +01:00
qemu-coroutine-io.c aio / timers: Untangle include files 2013-08-22 19:10:27 +02:00
qemu-coroutine-lock.c coroutine: remove qemu_co_queue_wait_insert_head 2013-12-02 17:11:49 +01:00
qemu-coroutine-sleep.c coroutine: add co_aio_sleep_ns() to allow sleep in block drivers 2013-10-30 12:22:09 +01:00
qemu-coroutine.c coroutine: add ./configure --disable-coroutine-pool 2013-09-12 10:12:48 +02:00
qemu-doc.texi doc: grammify "allows to" 2014-04-18 10:33:36 +04:00
qemu-file.c Make qemu_peek_buffer loop until it gets it's data 2014-05-05 22:15:03 +02:00
qemu-img-cmds.hx qemu-img: add -l for snapshot in convert 2013-12-04 15:19:00 +01:00
qemu-img.c cleanup QEMUOptionParameter 2014-06-16 17:23:21 +08:00
qemu-img.texi qemu-img: Document check exit codes 2014-06-04 11:30:32 +02:00
qemu-io-cmds.c qemu-io-cmds: Fixed typo in example for writev. 2014-03-19 09:39:41 +01:00
qemu-io.c trace: Multi-backend tracing 2014-06-09 15:43:40 +02:00
qemu-log.c qemu-log: default to stderr for logging output 2013-02-26 13:31:47 -06:00
qemu-nbd.c qemu-nbd: Don't use qerror_report() 2014-05-28 14:28:46 +02:00
qemu-nbd.texi nbd: Miscellaneous typo fixes. 2014-05-24 00:07:29 +04:00
qemu-options-wrapper.h vl.c: In qemu -h output, only print options for the arch we are running as 2011-12-19 10:27:33 -06:00
qemu-options.h vl.c: Move option generation logic into a wrapper file 2011-12-19 10:27:33 -06:00
qemu-options.hx migration: dump vmstate info as a json file for static analysis 2014-06-23 19:14:50 +02:00
qemu-seccomp.c seccomp: add shmctl(), mlock(), and munlock() to the syscall whitelist 2014-04-25 14:52:03 -03:00
qemu-tech.texi qemu-tech.texi: update implemented xtensa features list 2012-11-29 13:00:52 -06:00
qemu-timer.c vl.c: remove init_clocks call from main 2014-05-09 20:57:32 +02:00
qemu.nsi nsis: Improved support for parallel installation of 32 and 64 bit code 2013-11-07 07:02:44 +01:00
qemu.sasl sasl: Avoid 'Could not find keytab file' in syslog 2014-03-15 13:54:18 +04:00
qmp-commands.hx qmp: add query-acpi-ospm-status command 2014-06-19 18:44:22 +03:00
qmp.c qmp: add query-acpi-ospm-status command 2014-06-19 18:44:22 +03:00
qtest.c qtest: fix hex2nib for capital characters 2014-06-10 19:39:34 +04:00
README Use qemu-project.org domain name 2013-10-11 09:34:56 -07:00
rules.mak build-sys: introduce install-prog macro to install&strip binaries and use it 2014-06-24 20:01:24 +04:00
savevm.c migration: dump vmstate info as a json file for static analysis 2014-06-23 19:14:50 +02:00
softmmu_template.h softmmu: move softmmu_template.h out of include/ 2014-06-05 16:10:33 +02:00
spice-qemu-char.c qemu-char: introduce qemu_chr_alloc 2014-06-23 11:12:28 -04:00
tcg-runtime.c tcg: Push tcg-runtime routines into exec/helper-* 2014-05-28 09:33:54 -07:00
tci.c Merge remote-tracking branch 'remotes/bonzini/softmmu-smap' into staging 2014-06-05 21:06:14 +01:00
thread-pool.c aio: Fix use-after-free in cancellation path 2014-05-28 14:28:46 +02:00
thunk.c exec: move include files to include/exec/ 2012-12-19 08:31:31 +01:00
tpm.c Use error_is_set() only when necessary 2014-02-17 11:57:23 -05:00
trace-events trace: pc: add PC_DIMM slot & address allocation 2014-06-19 16:41:50 +03:00
translate-all.c Fix new typos (found by codespell) 2014-06-24 20:01:24 +04:00
translate-all.h translate-all: Change tb_check_watchpoint() argument to CPUState 2014-03-13 19:20:48 +01:00
user-exec.c softmmu: introduce cpu_ldst.h 2014-06-05 16:10:33 +02:00
VERSION Open 2.1 development tree 2014-04-17 20:39:32 +01:00
version.rc Use qemu-project.org domain name 2013-10-11 09:34:56 -07:00
vl.c migration/next for 20140623 2014-06-24 15:33:42 +01:00
vmstate.c vmstate: Return error in case of error 2014-06-23 19:14:52 +02:00
xbzrle.c xbzrle.c: Avoid undefined behaviour with signed arithmetic 2014-04-18 10:33:36 +04:00
xen-common-stub.c xen: factor out common functions 2014-05-07 16:16:43 +00:00
xen-common.c xen: factor out common functions 2014-05-07 16:16:43 +00:00
xen-hvm-stub.c xen-hvm: Fix xen_hvm_init() to adjust pc memory layout 2014-06-23 17:50:04 +03:00
xen-hvm.c xen-hvm: Handle machine opt max-ram-below-4g 2014-06-23 18:02:55 +03:00
xen-mapcache.c hw: move headers to include/ 2013-04-08 18:13:10 +02:00

Read the documentation in qemu-doc.html or on http://wiki.qemu-project.org

- QEMU team