summary refs log tree commit diff stats
diff options
context:
space:
mode:
authorRichard Henderson <richard.henderson@linaro.org>2023-05-02 12:21:10 +0100
committerRichard Henderson <richard.henderson@linaro.org>2023-05-02 12:21:10 +0100
commitb5f47ba73b7c1457d2f18d71c00e1a91a76fe60b (patch)
tree72dc066a0c4d87dc647fe03b78426bc8e21de136
parent7c18f2d663521f1b31b821a13358ce38075eaf7d (diff)
parent7915bd06f25e1803778081161bf6fa10c42dc7cd (diff)
downloadfocaccia-qemu-b5f47ba73b7c1457d2f18d71c00e1a91a76fe60b.tar.gz
focaccia-qemu-b5f47ba73b7c1457d2f18d71c00e1a91a76fe60b.zip
Merge tag 'pull-request-2023-05-02' of https://gitlab.com/thuth/qemu into staging
* Fix the failing FreeBSD job in our CI
* Run the tpm-tis-i2c-test only if TCG is enabled
* Fix a use-after-free problem in the new reentracy checking code

# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmRQ4vERHHRodXRoQHJl
# ZGhhdC5jb20ACgkQLtnXdP5wLbXo8g//dVRM+LCeCqNfjqtQLwGUUAt3ve1vruLD
# v9BT4ooTNIGFScQlc9NRnweCPPBvmdSyXfxdfa3ITW62BEKEcCaf9tXiNeXE9jUE
# VAQMA3u5/w0HSsWK9uqCZ/5azI4mwo5c2ykocX7XsdyP0LoFvlgydYBZ9S5PxRit
# JsX78x740qTGjOSxD2O5wYocDwRUVsCcY7nAIC1Cj52gxi9Vedxqzb8MW30AU+oh
# W9h49nVJAOvcx1UBNtYC0t6LCdJvMkhLPmewp4g4o0iiQqnGBjjD0pT2SUYhl1A5
# pZYjsq7IBFGPDEyQOD3R4VeaMPpo22NLifLbU8Kt+BepyHJHJgCkjX/WUnCEzwu9
# jmxaIUubT5/UanDzOX5qa/JDgNnUxkLfoVgZ8GOeNKoJ+Ik52xATnMm5Dqod369E
# MydBN8gqnT+I7Qb7KxSS5Q18YugUS3uUd17LqpZ846yxyqMjoM2Zee2J2K7x4clO
# cJ5h1AP7D6ZzyPzBMD0U9fanA+2M/qFiV3NJ9IDqiQYglafnU+gZOohE+p1Id4Dq
# IeSITK+OaaYPdlADfKcVJNLy3qBvyL/ZsJ/2X1zRO5vhPVal4tMfo4Fv8Su0vx34
# mXiUJO8SWk/GiPtJy7fNhxfiBBhwDTiyVX97In/+jbFC3ZKwPnwo/nq1DeBg4YI7
# Rj2rHq4HS7o=
# =zdof
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 02 May 2023 11:16:17 AM BST
# gpg:                using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg:                issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [undefined]
# gpg:                 aka "Thomas Huth <thuth@redhat.com>" [undefined]
# gpg:                 aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# gpg:                 aka "Thomas Huth <huth@tuxfamily.org>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3  EAB9 2ED9 D774 FE70 2DB5

* tag 'pull-request-2023-05-02' of https://gitlab.com/thuth/qemu:
  async: avoid use-after-free on re-entrancy guard
  tests/qtest: Restrict tpm-tis-i2c-test to CONFIG_TCG
  tests/qtest: Disable the spice test of readconfig-test on FreeBSD

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Diffstat
-rw-r--r--tests/qtest/meson.build3
-rw-r--r--tests/qtest/readconfig-test.c6
-rw-r--r--util/async.c14
3 files changed, 13 insertions, 10 deletions
diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build
index cfc66ade6f..48cd35b5b2 100644
--- a/tests/qtest/meson.build
+++ b/tests/qtest/meson.build
@@ -213,7 +213,8 @@ qtests_aarch64 = \
     ['tpm-tis-device-test', 'tpm-tis-device-swtpm-test'] : []) +                                         \
   (config_all_devices.has_key('CONFIG_XLNX_ZYNQMP_ARM') ? ['xlnx-can-test', 'fuzz-xlnx-dp-test'] : []) + \
   (config_all_devices.has_key('CONFIG_RASPI') ? ['bcm2835-dma-test'] : []) +  \
-  (config_all_devices.has_key('CONFIG_TPM_TIS_I2C') ? ['tpm-tis-i2c-test'] : []) + \
+  (config_all.has_key('CONFIG_TCG') and                                            \
+   config_all_devices.has_key('CONFIG_TPM_TIS_I2C') ? ['tpm-tis-i2c-test'] : []) + \
   ['arm-cpu-features',
    'numa-test',
    'boot-serial-test',
diff --git a/tests/qtest/readconfig-test.c b/tests/qtest/readconfig-test.c
index 2160603880..918d45684b 100644
--- a/tests/qtest/readconfig-test.c
+++ b/tests/qtest/readconfig-test.c
@@ -86,8 +86,8 @@ static void test_x86_memdev(void)
     qtest_quit(qts);
 }
 
-
-#ifdef CONFIG_SPICE
+/* FIXME: The test is currently broken on FreeBSD */
+#if defined(CONFIG_SPICE) && !defined(__FreeBSD__)
 static void test_spice_resp(QObject *res)
 {
     Visitor *v;
@@ -209,7 +209,7 @@ int main(int argc, char *argv[])
         qtest_add_func("readconfig/x86/memdev", test_x86_memdev);
         qtest_add_func("readconfig/x86/ich9-ehci-uhci", test_docs_config_ich9);
     }
-#ifdef CONFIG_SPICE
+#if defined(CONFIG_SPICE) && !defined(__FreeBSD__)
     qtest_add_func("readconfig/spice", test_spice);
 #endif
 
diff --git a/util/async.c b/util/async.c
index 9df7674b4e..055070ffbd 100644
--- a/util/async.c
+++ b/util/async.c
@@ -156,18 +156,20 @@ void aio_bh_call(QEMUBH *bh)
 {
     bool last_engaged_in_io = false;
 
-    if (bh->reentrancy_guard) {
-        last_engaged_in_io = bh->reentrancy_guard->engaged_in_io;
-        if (bh->reentrancy_guard->engaged_in_io) {
+    /* Make a copy of the guard-pointer as cb may free the bh */
+    MemReentrancyGuard *reentrancy_guard = bh->reentrancy_guard;
+    if (reentrancy_guard) {
+        last_engaged_in_io = reentrancy_guard->engaged_in_io;
+        if (reentrancy_guard->engaged_in_io) {
             trace_reentrant_aio(bh->ctx, bh->name);
         }
-        bh->reentrancy_guard->engaged_in_io = true;
+        reentrancy_guard->engaged_in_io = true;
     }
 
     bh->cb(bh->opaque);
 
-    if (bh->reentrancy_guard) {
-        bh->reentrancy_guard->engaged_in_io = last_engaged_in_io;
+    if (reentrancy_guard) {
+        reentrancy_guard->engaged_in_io = last_engaged_in_io;
     }
 }