1. Patchew
  2. QEMU
  3. View series

[PATCH] hw/misc/pca9552: Add missing TypeInfo::class_size field

Philippe Mathieu-Daudé posted 1 patch 3 years, 10 months ago
Test FreeBSD passed
Test docker-quick@centos7 passed
Test checkpatch passed
Test docker-mingw@fedora passed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20200629074704.23028-1-f4bug@amsat.org
hw/misc/pca9552.c | 1 +
1 file changed, 1 insertion(+)
[PATCH] hw/misc/pca9552: Add missing TypeInfo::class_size field
Posted by Philippe Mathieu-Daudé 3 years, 10 months ago 
When adding the generic PCA955xClass in commit 736132e455, we
forgot to set the class_size field. Fill it now to avoid:

  (gdb) run -machine mcimx6ul-evk -m 128M -display none -serial stdio -kernel ./OS.elf
  Starting program: ../../qemu/qemu/arm-softmmu/qemu-system-arm -machine mcimx6ul-evk -m 128M -display none -serial stdio -kernel ./OS.elf
  double free or corruption (!prev)
  Thread 1 "qemu-system-arm" received signal SIGABRT, Aborted.
  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
  (gdb) where
  #0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
  #1  0x00007ffff75d8859 in __GI_abort () at abort.c:79
  #2  0x00007ffff76433ee in __libc_message
      (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff776d285 "%s\n")
      at ../sysdeps/posix/libc_fatal.c:155
  #3  0x00007ffff764b47c in malloc_printerr
      (str=str@entry=0x7ffff776f690 "double free or corruption (!prev)")
      at malloc.c:5347
  #4  0x00007ffff764d12c in _int_free
      (av=0x7ffff779eb80 <main_arena>, p=0x5555567a3990, have_lock=<optimized out>) at malloc.c:4317
  #5  0x0000555555c906c3 in type_initialize_interface
      (ti=ti@entry=0x5555565b8f40, interface_type=0x555556597ad0, parent_type=0x55555662ca10) at qom/object.c:259
  #6  0x0000555555c902da in type_initialize (ti=ti@entry=0x5555565b8f40)
      at qom/object.c:323
  #7  0x0000555555c90d20 in type_initialize (ti=0x5555565b8f40)
      at qom/object.c:1028

  $ valgrind --track-origins=yes qemu-system-arm -M mcimx6ul-evk -m 128M -display none -serial stdio -kernel ./OS.elf
  ==77479== Memcheck, a memory error detector
  ==77479== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
  ==77479== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
  ==77479== Command: qemu-system-arm -M mcimx6ul-evk -m 128M -display none -serial stdio -kernel ./OS.elf
  ==77479==
  ==77479== Invalid write of size 2
  ==77479==    at 0x6D8322: pca9552_class_init (pca9552.c:424)
  ==77479==    by 0x844D1F: type_initialize (object.c:1029)
  ==77479==    by 0x844D1F: object_class_foreach_tramp (object.c:1016)
  ==77479==    by 0x4AE1057: g_hash_table_foreach (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.6400.2)
  ==77479==    by 0x8453A4: object_class_foreach (object.c:1038)
  ==77479==    by 0x8453A4: object_class_get_list (object.c:1095)
  ==77479==    by 0x556194: select_machine (vl.c:2416)
  ==77479==    by 0x556194: qemu_init (vl.c:3828)
  ==77479==    by 0x40AF9C: main (main.c:48)
  ==77479==  Address 0x583f108 is 0 bytes after a block of size 200 alloc'd
  ==77479==    at 0x483DD99: calloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
  ==77479==    by 0x4AF8D30: g_malloc0 (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.6400.2)
  ==77479==    by 0x844258: type_initialize.part.0 (object.c:306)
  ==77479==    by 0x844D1F: type_initialize (object.c:1029)
  ==77479==    by 0x844D1F: object_class_foreach_tramp (object.c:1016)
  ==77479==    by 0x4AE1057: g_hash_table_foreach (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.6400.2)
  ==77479==    by 0x8453A4: object_class_foreach (object.c:1038)
  ==77479==    by 0x8453A4: object_class_get_list (object.c:1095)
  ==77479==    by 0x556194: select_machine (vl.c:2416)
  ==77479==    by 0x556194: qemu_init (vl.c:3828)
  ==77479==    by 0x40AF9C: main (main.c:48)

Fixes: 736132e455 ("hw/misc/pca9552: Add generic PCA955xClass")
Reported-by: Jean-Christophe DUBOIS <jcd@tribudubois.net>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
---
 hw/misc/pca9552.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/misc/pca9552.c b/hw/misc/pca9552.c
index 80caa9ec8f..68b574d084 100644
--- a/hw/misc/pca9552.c
+++ b/hw/misc/pca9552.c
@@ -410,6 +410,7 @@ static const TypeInfo pca955x_info = {
     .instance_init = pca955x_initfn,
     .instance_size = sizeof(PCA955xState),
     .class_init    = pca955x_class_init,
+    .class_size    = sizeof(PCA955xClass),
     .abstract      = true,
 };
 
-- 
2.21.3
Re: [PATCH] hw/misc/pca9552: Add missing TypeInfo::class_size field
Posted by Jean-Christophe DUBOIS 3 years, 10 months ago 
Le 29/06/2020 à 09:47, Philippe Mathieu-Daudé a écrit :
> When adding the generic PCA955xClass in commit 736132e455, we
> forgot to set the class_size field. Fill it now to avoid:
>
>    (gdb) run -machine mcimx6ul-evk -m 128M -display none -serial stdio -kernel ./OS.elf
>    Starting program: ../../qemu/qemu/arm-softmmu/qemu-system-arm -machine mcimx6ul-evk -m 128M -display none -serial stdio -kernel ./OS.elf
>    double free or corruption (!prev)
>    Thread 1 "qemu-system-arm" received signal SIGABRT, Aborted.
>    __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
>    (gdb) where
>    #0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
>    #1  0x00007ffff75d8859 in __GI_abort () at abort.c:79
>    #2  0x00007ffff76433ee in __libc_message
>        (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff776d285 "%s\n")
>        at ../sysdeps/posix/libc_fatal.c:155
>    #3  0x00007ffff764b47c in malloc_printerr
>        (str=str@entry=0x7ffff776f690 "double free or corruption (!prev)")
>        at malloc.c:5347
>    #4  0x00007ffff764d12c in _int_free
>        (av=0x7ffff779eb80 <main_arena>, p=0x5555567a3990, have_lock=<optimized out>) at malloc.c:4317
>    #5  0x0000555555c906c3 in type_initialize_interface
>        (ti=ti@entry=0x5555565b8f40, interface_type=0x555556597ad0, parent_type=0x55555662ca10) at qom/object.c:259
>    #6  0x0000555555c902da in type_initialize (ti=ti@entry=0x5555565b8f40)
>        at qom/object.c:323
>    #7  0x0000555555c90d20 in type_initialize (ti=0x5555565b8f40)
>        at qom/object.c:1028
>
>    $ valgrind --track-origins=yes qemu-system-arm -M mcimx6ul-evk -m 128M -display none -serial stdio -kernel ./OS.elf
>    ==77479== Memcheck, a memory error detector
>    ==77479== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
>    ==77479== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
>    ==77479== Command: qemu-system-arm -M mcimx6ul-evk -m 128M -display none -serial stdio -kernel ./OS.elf
>    ==77479==
>    ==77479== Invalid write of size 2
>    ==77479==    at 0x6D8322: pca9552_class_init (pca9552.c:424)
>    ==77479==    by 0x844D1F: type_initialize (object.c:1029)
>    ==77479==    by 0x844D1F: object_class_foreach_tramp (object.c:1016)
>    ==77479==    by 0x4AE1057: g_hash_table_foreach (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.6400.2)
>    ==77479==    by 0x8453A4: object_class_foreach (object.c:1038)
>    ==77479==    by 0x8453A4: object_class_get_list (object.c:1095)
>    ==77479==    by 0x556194: select_machine (vl.c:2416)
>    ==77479==    by 0x556194: qemu_init (vl.c:3828)
>    ==77479==    by 0x40AF9C: main (main.c:48)
>    ==77479==  Address 0x583f108 is 0 bytes after a block of size 200 alloc'd
>    ==77479==    at 0x483DD99: calloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
>    ==77479==    by 0x4AF8D30: g_malloc0 (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.6400.2)
>    ==77479==    by 0x844258: type_initialize.part.0 (object.c:306)
>    ==77479==    by 0x844D1F: type_initialize (object.c:1029)
>    ==77479==    by 0x844D1F: object_class_foreach_tramp (object.c:1016)
>    ==77479==    by 0x4AE1057: g_hash_table_foreach (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.6400.2)
>    ==77479==    by 0x8453A4: object_class_foreach (object.c:1038)
>    ==77479==    by 0x8453A4: object_class_get_list (object.c:1095)
>    ==77479==    by 0x556194: select_machine (vl.c:2416)
>    ==77479==    by 0x556194: qemu_init (vl.c:3828)
>    ==77479==    by 0x40AF9C: main (main.c:48)
>
> Fixes: 736132e455 ("hw/misc/pca9552: Add generic PCA955xClass")
> Reported-by: Jean-Christophe DUBOIS <jcd@tribudubois.net>

Tested-by: Jean-Christophe DUBOIS <jcd@tribudubois.net>

> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> ---
>   hw/misc/pca9552.c | 1 +
>   1 file changed, 1 insertion(+)
>
> diff --git a/hw/misc/pca9552.c b/hw/misc/pca9552.c
> index 80caa9ec8f..68b574d084 100644
> --- a/hw/misc/pca9552.c
> +++ b/hw/misc/pca9552.c
> @@ -410,6 +410,7 @@ static const TypeInfo pca955x_info = {
>       .instance_init = pca955x_initfn,
>       .instance_size = sizeof(PCA955xState),
>       .class_init    = pca955x_class_init,
> +    .class_size    = sizeof(PCA955xClass),
>       .abstract      = true,
>   };
>
Re: [PATCH] hw/misc/pca9552: Add missing TypeInfo::class_size field
Posted by Peter Maydell 3 years, 10 months ago 
On Mon, 29 Jun 2020 at 08:47, Philippe Mathieu-Daudé <f4bug@amsat.org> wrote:
>
> When adding the generic PCA955xClass in commit 736132e455, we
> forgot to set the class_size field. Fill it now to avoid:

Thanks; I've applied this to master since it fixes a memory
corruption that affects all arm targets and I'm not otherwise
planning an arm pullreq for a bit.

-- PMM
Re: [PATCH] hw/misc/pca9552: Add missing TypeInfo::class_size field
Posted by Philippe Mathieu-Daudé 3 years, 10 months ago 
On 6/29/20 11:07 PM, Peter Maydell wrote:
> On Mon, 29 Jun 2020 at 08:47, Philippe Mathieu-Daudé <f4bug@amsat.org> wrote:
>>
>> When adding the generic PCA955xClass in commit 736132e455, we
>> forgot to set the class_size field. Fill it now to avoid:
> 
> Thanks; I've applied this to master since it fixes a memory
> corruption that affects all arm targets and I'm not otherwise
> planning an arm pullreq for a bit.

Thanks Peter!

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.