Commit ded67782 authored by Michael Roth's avatar Michael Roth Committed by Anthony Liguori
Browse files

acpi_piix4: fix segfault migrating from 1.2

b0b873a0

 bumped the vmstate version and
introduced an old-style load function to handle migration from prior
(<= 1.2) versions.

The load function passes the top-level PIIX4PMState pointer to
vmstate_load_state() to handle nested structs for APMState and
pci_status, which leads to corruption of the top-level PIIX4PMState,
since pointers to the nested structs are expected.

A segfault can be fairly reliably triggered by migrating from 1.2 and
issuing a reset, which will trigger a number of QOM operations which
rely on the now corrupted ObjectClass/Object members.

Fix this by passing in the expected pointers for vmstate_load_state().

Cc: qemu-stable@nongnu.org
Signed-off-by: default avatarMichael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: default avatarAnthony Liguori <aliguori@us.ibm.com>
parent c881e20e
......@@ -235,7 +235,7 @@ static int acpi_load_old(QEMUFile *f, void *opaque, int version_id)
qemu_get_be16s(f, &s->ar.pm1.evt.en);
qemu_get_be16s(f, &s->ar.pm1.cnt.cnt);
ret = vmstate_load_state(f, &vmstate_apm, opaque, 1);
ret = vmstate_load_state(f, &vmstate_apm, &s->apm, 1);
if (ret) {
return ret;
}
......@@ -253,7 +253,7 @@ static int acpi_load_old(QEMUFile *f, void *opaque, int version_id)
qemu_get_be16s(f, &temp);
}
ret = vmstate_load_state(f, &vmstate_pci_status, opaque, 1);
ret = vmstate_load_state(f, &vmstate_pci_status, &s->pci0_status, 1);
return ret;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment