From: Zheng Xiang <xiang.zheng@linaro.org>

The elements of kvm_devices_head list are freed in kvm_arm_machine_init_done(),
but we still access these illegal memory in kvm_arm_devlistener_del().

This will cause segment fault when booting guest with MALLOC_PERTURB_=1.

Signed-off-by: Zheng Xiang <xiang.zheng@linaro.org>
---
 target/arm/kvm.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/target/arm/kvm.c b/target/arm/kvm.c
index 98f5006..5bf41e1 100644
--- a/target/arm/kvm.c
+++ b/target/arm/kvm.c
@@ -256,6 +256,7 @@ static void kvm_arm_machine_init_done(Notifier *notifier, void *data)
             kvm_arm_set_device_addr(kd);
         }
         memory_region_unref(kd->mr);
+        QSLIST_REMOVE_HEAD(&kvm_devices_head, entries);
         g_free(kd);
     }
     memory_listener_unregister(&devlistener);
-- 
1.8.3.1

Hi,

This series failed build test on s390x host. Please find the details below.

N/A. Internal error while reading log file



---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-devel@redhat.com

On 19 June 2018 at 08:58, Zheng Xiang <zhengxiang9@huawei.com> wrote:
> From: Zheng Xiang <xiang.zheng@linaro.org>
>
> The elements of kvm_devices_head list are freed in kvm_arm_machine_init_done(),
> but we still access these illegal memory in kvm_arm_devlistener_del().
>
> This will cause segment fault when booting guest with MALLOC_PERTURB_=1.
>
> Signed-off-by: Zheng Xiang <xiang.zheng@linaro.org>
> ---
>  target/arm/kvm.c | 1 +
>  1 file changed, 1 insertion(+)



Applied to target-arm.next, thanks.

-- PMM