From aa262928595d431bfee7914cb7d9d79197f887a2 Mon Sep 17 00:00:00 2001 From: Halil Pasic Date: Thu, 2 Mar 2017 19:13:08 +0100 Subject: [PATCH 1/3] event_notifier: prevent accidental use after close Let's set the handles to the underlying facilities to their extremal value so no accidental misuse can happen, and to make it obvious that the notifier is dysfunctional. E.g. if we just close an fd but do not touch the int holding the fd eventually a read/write could succeed again when the fd gets reused, and corrupt the file addressed by the fd. Signed-off-by: Halil Pasic Reviewed-by: Stefan Hajnoczi Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin --- util/event_notifier-posix.c | 2 ++ util/event_notifier-win32.c | 1 + 2 files changed, 3 insertions(+) diff --git a/util/event_notifier-posix.c b/util/event_notifier-posix.c index 7e40252ade..acdbe3b483 100644 --- a/util/event_notifier-posix.c +++ b/util/event_notifier-posix.c @@ -81,8 +81,10 @@ void event_notifier_cleanup(EventNotifier *e) { if (e->rfd != e->wfd) { close(e->rfd); + e->rfd = -1; } close(e->wfd); + e->wfd = -1; } int event_notifier_get_fd(const EventNotifier *e) diff --git a/util/event_notifier-win32.c b/util/event_notifier-win32.c index 519fb59123..62c53b0a99 100644 --- a/util/event_notifier-win32.c +++ b/util/event_notifier-win32.c @@ -25,6 +25,7 @@ int event_notifier_init(EventNotifier *e, int active) void event_notifier_cleanup(EventNotifier *e) { CloseHandle(e->event); + e->event = NULL; } HANDLE event_notifier_get_handle(EventNotifier *e) From c53598ed18e40a9609573b21f2a361221ca0f806 Mon Sep 17 00:00:00 2001 From: Alexey Kardashevskiy Date: Mon, 27 Mar 2017 15:40:30 +1100 Subject: [PATCH 2/3] pci: Add missing drop of bus master AS reference The recent introduction of a bus master container added memory_region_add_subregion() into the PCI device registering path but missed memory_region_del_subregion() in the unregistering path leaving a reference to the root memory region of the new container. This adds missing memory_region_del_subregion(). Fixes: 3716d5902d743 ("pci: introduce a bus master container") Signed-off-by: Alexey Kardashevskiy Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin Reviewed-by: Paolo Bonzini --- hw/pci/pci.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hw/pci/pci.c b/hw/pci/pci.c index e6b08e1988..bd8043c460 100644 --- a/hw/pci/pci.c +++ b/hw/pci/pci.c @@ -869,6 +869,8 @@ static void do_pci_unregister_device(PCIDevice *pci_dev) pci_dev->bus->devices[pci_dev->devfn] = NULL; pci_config_free(pci_dev); + memory_region_del_subregion(&pci_dev->bus_master_container_region, + &pci_dev->bus_master_enable_region); address_space_destroy(&pci_dev->bus_master_as); } From b8adbc657802482e4da1767bf983ebfdf9bfe9fc Mon Sep 17 00:00:00 2001 From: Andrew Baumann Date: Fri, 24 Mar 2017 16:19:43 -0700 Subject: [PATCH 3/3] virtio: fix vring_align() on 64-bit windows MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit long is 32-bits on 64-bit windows, which caused the top half of the address to be truncated; this patch changes it to use the QEMU_ALIGN_UP macro which does not suffer the same problem Signed-off-by: Andrew Baumann Reviewed-by: Eric Blake Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin Reviewed-by: Stefan Weil Reviewed-by: Philippe Mathieu-Daudé --- include/hw/virtio/virtio.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h index 15efcf2057..7b6edbafd7 100644 --- a/include/hw/virtio/virtio.h +++ b/include/hw/virtio/virtio.h @@ -34,7 +34,7 @@ struct VirtQueue; static inline hwaddr vring_align(hwaddr addr, unsigned long align) { - return (addr + align - 1) & ~(align - 1); + return QEMU_ALIGN_UP(addr, align); } typedef struct VirtQueue VirtQueue;