Commit 6595ab31 authored Jun 16, 2017 by Bharata B Rao Committed by David Gibson Jun 30, 2017

spapr: prevent QEMU crash when CPU realization fails



ICPState objects were being allocated before CPU thread realization.
However commit 9ed65663 (xics: setup cpu at realize time) reversed it
by allocating ICPState objects after CPU thread is realized. But it
didn't take care to fix the error path because of which we observe
a SIGSEGV when CPU thread realization fails during cold/hotplug.

Fix this by ensuring that we do object_unparent() of ICPState object
only in case when is was created earlier.

Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

parent fd356563

hw/ppc/spapr_cpu_core.c

+4 −3

Original line number	Diff line number	Diff line
		@@ -178,7 +178,7 @@ static void spapr_cpu_core_realize_child(Object child, Error *errp)
		sPAPRMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
		CPUState *cs = CPU(child);
		PowerPCCPU *cpu = POWERPC_CPU(cs);
		Object *obj = NULL;
		Object *obj;

		object_property_set_bool(child, true, "realized", &local_err);
		if (local_err) {
		@@ -198,13 +198,14 @@ static void spapr_cpu_core_realize_child(Object child, Error *errp)
		object_property_add_const_link(obj, ICP_PROP_CPU, child, &error_abort);
		object_property_set_bool(obj, true, "realized", &local_err);
		if (local_err) {
		goto error;
		goto free_icp;
		}

		return;

		error:
		free_icp:
		object_unparent(obj);
		error:
		error_propagate(errp, local_err);
		}