blob: d5fc939d851a9e31a915394125c09c0d21073645 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
x86: 0.992
architecture: 0.976
device: 0.966
peripherals: 0.946
ppc: 0.934
vnc: 0.918
graphic: 0.893
PID: 0.861
network: 0.823
i386: 0.820
kernel: 0.789
KVM: 0.788
files: 0.772
socket: 0.753
performance: 0.722
register: 0.713
boot: 0.711
permissions: 0.706
VMM: 0.688
user-level: 0.680
risc-v: 0.676
TCG: 0.658
mistranslation: 0.650
semantic: 0.645
hypervisor: 0.608
arm: 0.594
virtual: 0.551
debug: 0.477
assembly: 0.197
ohci doesn't check the 'num-ports' property
command:
qemu-system-x86_64 -m 1024 -enable-kvm /root/centos6.img -enable-kvm -device pci-ohci,num-ports=100,masterbus=1
The ohci doesn't check the 'num-ports' property and would case an out-of-bands write,crash the qemu process.
ohci->num_ports = num_ports;
if (masterbus) {
USBPort *ports[OHCI_MAX_PORTS];
for(i = 0; i < num_ports; i++) {
ports[i] = &ohci->rhport[i].port;
}
The version of qemu is 2.6.0 release from
http://wiki.qemu-project.org/download/qemu-2.6.0.tar.bz2
I was able to reproduce the crash, and proposed now a fix on the qemu-devel mailing list (see https://patchwork.ozlabs.org/patch/625092/ for details)
The fix has been included in the repository:
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d400fc018b326104d26
Thanks for reporting the issue!
|