git.proxmox.com Git - mirror_qemu.git/commit

author	Igor Mammedov <imammedo@redhat.com>
	Tue, 4 Sep 2018 12:39:37 +0000 (14:39 +0200)
committer	Paolo Bonzini <pbonzini@redhat.com>
	Tue, 2 Oct 2018 17:09:11 +0000 (19:09 +0200)
commit	1cd3d492624da399d66c4c3e6a5eabb8f96bb0a2
tree	0b9fb6877354245b40ef98d54b44b708e7a1492c	tree
parent	e9b6be9260a0f43d7b9b709674f3fddd7432057b	commit \| diff

memory: cleanup side effects of memory_region_init_foo() on failure

if MemoryRegion intialization fails it's left in semi-initialized state,
where it's size is not 0 and attached as child to owner object.
And this leds to crash in following use-case:
    (monitor) object_add memory-backend-file,id=mem1,size=99999G,mem-path=/tmp/foo,discard-data=yes
    memory.c:2083: memory_region_get_ram_ptr: Assertion `mr->ram_block' failed
    Aborted (core dumped)
it happens due to assumption that memory region is intialized when
   memory_region_size() != 0
and therefore it's ok to access it in
   file_backend_unparent()
      if (memory_region_size() != 0)
          memory_region_get_ram_ptr()

which happens when object_add fails and unparents failed backend making
file_backend_unparent() access invalid memory region.

Fix it by making sure that memory_region_init_foo() APIs cleanup externally
visible side effects on failure (like set size to 0 and unparenting object)

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <1536064777-42312-1-git-send-email-imammedo@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>