target-arm: fix a segmentation fault due to illegal memory access

The elements of kvm_devices_head list are freed in kvm_arm_machine_init_done(), but we still access these illegal memory in kvm_arm_devlistener_del(). This will cause segment fault when booting guest with MALLOC_PERTURB_=1. Signed-off-by: N Zheng Xiang <xiang.zheng@linaro.org> Message-id: 20180619075821.9884-1-zhengxiang9@huawei.com Reviewed-by: N Peter Maydell <peter.maydell@linaro.org> Signed-off-by: N Peter Maydell <peter.maydell@linaro.org>

target-arm: fix a segmentation fault due to illegal memory access
The elements of kvm_devices_head list are freed in kvm_arm_machine_init_done(), but we still access these illegal memory in kvm_arm_devlistener_del(). This will cause segment fault when booting guest with MALLOC_PERTURB_=1. Signed-off-by: N Zheng Xiang <xiang.zheng@linaro.org> Message-id: 20180619075821.9884-1-zhengxiang9@huawei.com Reviewed-by: N Peter Maydell <peter.maydell@linaro.org> Signed-off-by: N Peter Maydell <peter.maydell@linaro.org>
5ff9aaab · Zheng Xiang · Peter Maydell · 8297cb13 · 5ff9aaab
隐藏空白更改
内联并排

Showing with 1 addition and 0 deletion

target/arm/kvm.c target/arm/kvm.c +1 -0

未找到文件。
--- a/target/arm/kvm.c
+++ b/target/arm/kvm.c
@@ -256,6 +256,7 @@ static void kvm_arm_machine_init_done(Notifier *notifier, void *data)
            kvm_arm_set_device_addr(kd);
        }
        memory_region_unref(kd->mr);
+        QSLIST_REMOVE_HEAD(&kvm_devices_head, entries);
        g_free(kd);
    }
    memory_listener_unregister(&devlistener);