qemu2.7 : qmp-fix-object-add-assert-without-props

This fix object-add iothread crash

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>

diff --git a/debian/patches/extra/0004-qmp-fix-object-add-assert-without-props b/debian/patches/extra/0004-qmp-fix-object-add-assert-without-props
new file mode 100644 (file)
index 0000000..dc03931
--- /dev/null
+++ b/debian/patches/extra/0004-qmp-fix-object-add-assert-without-props
@@ -0,0 +1,66 @@
+From d803b04e8203f48901186a27ab688326aa5569ec Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
+Date: Fri, 23 Sep 2016 00:39:25 +0400
+Subject: [PATCH 1/4] qmp: fix object-add assert() without props
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Since commit ad739706bbadee49, user_creatable_add_type() expects to be
+given a qdict. However, if object-add is called without props, you reach
+the assert: "qemu/qom/object_interfaces.c:115: user_creatable_add_type:
+Assertion `qdict' failed.", because the qdict isn't created in this
+case (it's optional).
+
+Furthermore, qmp_input_visitor_new() is not meant to be called without a
+dict, and a further commit will assert in this situation.
+
+If none given, create an empty qdict in qmp to avoid the
+user_creatable_add_type() assert(qdict).
+
+Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Reviewed-by: Eric Blake <eblake@redhat.com>
+Message-Id: <20160922203927.28241-2-marcandre.lureau@redhat.com>
+Tested-by: Xiao Long Jiang <zxiaol@linux.vnet.ibm.com>
+Reviewed-by: Markus Armbruster <armbru@redhat.com>
+Signed-off-by: Markus Armbruster <armbru@redhat.com>
+---
+ qmp.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/qmp.c b/qmp.c
+index b6d531e..c485abe 100644
+--- a/qmp.c
++++ b/qmp.c
+@@ -654,7 +654,7 @@ void qmp_add_client(const char *protocol, const char *fdname,
+ void qmp_object_add(const char *type, const char *id,
+                     bool has_props, QObject *props, Error **errp)
+ {
+-    const QDict *pdict = NULL;
++    QDict *pdict;
+     Visitor *v;
+     Object *obj;
+ 
+@@ -664,14 +664,18 @@ void qmp_object_add(const char *type, const char *id,
+             error_setg(errp, QERR_INVALID_PARAMETER_TYPE, "props", "dict");
+             return;
+         }
++        QINCREF(pdict);
++    } else {
++        pdict = qdict_new();
+     }
+ 
+-    v = qmp_input_visitor_new(props, true);
++    v = qmp_input_visitor_new(QOBJECT(pdict), true);
+     obj = user_creatable_add_type(type, id, pdict, v, errp);
+     visit_free(v);
+     if (obj) {
+         object_unref(obj);
+     }
++    QDECREF(pdict);
+ }
+ 
+ void qmp_object_del(const char *id, Error **errp)
+-- 
+2.1.4
+

diff --git a/debian/patches/series b/debian/patches/series
index 0283083f22f5df8af6e5ccac30fd7661e4343734..87b7a6679708e9535068ac8c8961dbe50dbaeab5 100644 (file)
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -45,6 +45,7 @@ extra/x86-lapic-Load-LAPIC-state-at-post_load.patch
 extra/0001-Revert-target-i386-disable-LINT0-after-reset.patch
 extra/0002-net-vmxnet-initialise-local-tx-descriptor.patch
 extra/0003-net-limit-allocation-in-nc_sendv_compat.patch
 extra/0001-Revert-target-i386-disable-LINT0-after-reset.patch
 extra/0002-net-vmxnet-initialise-local-tx-descriptor.patch
 extra/0003-net-limit-allocation-in-nc_sendv_compat.patch

+extra/0004-qmp-fix-object-add-assert-without-props

 extra/CVE-2016-7155-scsi-check-page-count-while-initialising-descriptor-.patch
 extra/CVE-2016-7156-scsi-pvscsi-avoid-infinite-loop-while-building-SG-li.patch
 extra/CVE-2016-7157-scsi-mptconfig-fix-an-assert-expression.patch
 extra/CVE-2016-7155-scsi-check-page-count-while-initialising-descriptor-.patch
 extra/CVE-2016-7156-scsi-pvscsi-avoid-infinite-loop-while-building-SG-li.patch
 extra/CVE-2016-7157-scsi-mptconfig-fix-an-assert-expression.patch