[Qemu-devel] [PATCH] qdev: Use GList for global properties

Thu, 28 Jan 2016 07:04:05 -0800 

If the same GlobalProperty struct is registered twice, the list
entry gets corrupted, making tqe_next points to itself, and
qdev_prop_set_globals() gets stuck in a loop. The bug can be
easily reproduced by running:

  $ qemu-system-x86_64 -rtc-td-hack -rtc-td-hack

Change global_props to use GList instead of queue.h, making the
code simpler and able to deal with properties being registered
twice.

Signed-off-by: Eduardo Habkost <ehabk...@redhat.com>
---
 hw/core/qdev-properties.c | 17 ++++++++++-------
 include/hw/qdev-core.h    |  1 -
 2 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/hw/core/qdev-properties.c b/hw/core/qdev-properties.c
index aacad66..180e0da 100644
--- a/hw/core/qdev-properties.c
+++ b/hw/core/qdev-properties.c
@@ -1,3 +1,5 @@
+#include <glib.h>
+
 #include "net/net.h"
 #include "hw/qdev.h"
 #include "qapi/qmp/qerror.h"
@@ -1009,12 +1011,11 @@ void qdev_prop_set_ptr(DeviceState *dev, const char 
*name, void *value)
     *ptr = value;
 }
 
-static QTAILQ_HEAD(, GlobalProperty) global_props =
-        QTAILQ_HEAD_INITIALIZER(global_props);
+static GList *global_props;
 
 void qdev_prop_register_global(GlobalProperty *prop)
 {
-    QTAILQ_INSERT_TAIL(&global_props, prop, next);
+    global_props = g_list_append(global_props, prop);
 }
 
 void qdev_prop_register_global_list(GlobalProperty *props)
@@ -1028,10 +1029,11 @@ void qdev_prop_register_global_list(GlobalProperty 
*props)
 
 int qdev_prop_check_globals(void)
 {
-    GlobalProperty *prop;
+    GList *l;
     int ret = 0;
 
-    QTAILQ_FOREACH(prop, &global_props, next) {
+    for (l = global_props; l; l = l->next) {
+        GlobalProperty *prop = l->data;
         ObjectClass *oc;
         DeviceClass *dc;
         if (prop->used) {
@@ -1062,9 +1064,10 @@ int qdev_prop_check_globals(void)
 static void qdev_prop_set_globals_for_type(DeviceState *dev,
                                 const char *typename)
 {
-    GlobalProperty *prop;
+    GList *l;
 
-    QTAILQ_FOREACH(prop, &global_props, next) {
+    for (l = global_props; l; l = l->next) {
+        GlobalProperty *prop = l->data;
         Error *err = NULL;
 
         if (strcmp(typename, prop->driver) != 0) {
diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h
index abcdee8..1fdbaaa 100644
--- a/include/hw/qdev-core.h
+++ b/include/hw/qdev-core.h
@@ -268,7 +268,6 @@ typedef struct GlobalProperty {
     const char *value;
     bool user_provided;
     bool used;
-    QTAILQ_ENTRY(GlobalProperty) next;
 } GlobalProperty;
 
 /*** Board API.  This should go away once we have a machine config file.  ***/
-- 
2.1.0

Reply via email to