qemu/hw
Laszlo Ersek 3afca1d6d4 vmstate_xhci_event: fix unterminated field list
"vmstate_xhci_event" was introduced in commit 37352df3 ("xhci: add live
migration support"), and first released in v1.6.0. The field list in this
VMSD is not terminated with the VMSTATE_END_OF_LIST() macro.

During normal use (ie. migration), the issue is practically invisible,
because the "vmstate_xhci_event" object (with the unterminated field list)
is only ever referenced -- via "vmstate_xhci_intr" -- if xhci_er_full()
returns true, for the "ev_buffer" test. Since that field_exists() check
(apparently) almost always returns false, we almost never traverse
"vmstate_xhci_event" during migration, which hides the bug.

However, Amit's vmstate checker forces recursion into this VMSD as well,
and the lack of VMSTATE_END_OF_LIST() breaks the field list terminator
check (field->name != NULL) in dump_vmstate_vmsd(). The result is
undefined behavior, which in my case translates to infinite recursion
(because the loop happens to overflow into "vmstate_xhci_intr", which then
links back to "vmstate_xhci_event").

Add the missing terminator.

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-07-22 17:34:24 +01:00
..
9pfs virtio-9p: use virtio wrappers to access headers 2014-06-29 19:39:43 +03:00
acpi fix typo: apci -> acpi 2014-07-11 21:31:55 +03:00
alpha machine: Conversion of QEMUMachineInitArgs to MachineState 2014-05-28 17:35:01 +02:00
arm hw/arm/vexpress: Alias NOR flash at 0 for vexpress-a9 2014-07-08 13:05:10 +01:00
audio audio: fmopl: drop INLINE macro 2014-06-23 11:01:24 -04:00
block virtio-blk: dataplane: notify guest as a batch 2014-07-15 15:34:13 +02:00
bt Preparation for usb-bt-dongle conditional build 2013-09-10 11:14:41 +02:00
char cadence_uart: check for serial backend before using it. 2014-07-17 16:36:17 +01:00
core machine: Replace underscores in machine's property names 2014-07-21 18:58:36 +02:00
cpu icc_bus: QOM'ify ICC 2013-12-24 18:02:18 +01:00
cris machine: Conversion of QEMUMachineInitArgs to MachineState 2014-05-28 17:35:01 +02:00
display cirrus: Fix host CPU blits 2014-07-11 10:17:02 +02:00
dma hw: Fix qemu_allocate_irqs() leaks 2014-06-30 21:13:30 +02:00
gpio savevm: Remove all the unneeded version_minimum_id_old (arm) 2014-05-13 16:09:35 +01:00
i2c savevm: Remove all the unneeded version_minimum_id_old (rest) 2014-05-14 15:24:51 +02:00
i386 trivial patches for 2014-07-18 2014-07-18 16:59:29 +01:00
ide ide: Treat read/write beyond end as invalid 2014-07-14 12:03:21 +02:00
input input: fix jumpy mouse cursor with USB mouse emulation 2014-07-01 13:26:37 +02:00
intc xics: Implement xics_ics_free() 2014-06-27 13:48:26 +02:00
ipack irq: Allocate IRQs individually 2014-07-01 04:02:53 +02:00
isa acpi: implement ospm_status() method for PIIX4/ICH9_LPC devices 2014-06-19 18:44:22 +03:00
lm32 machine: Conversion of QEMUMachineInitArgs to MachineState 2014-05-28 17:35:01 +02:00
m68k machine: Conversion of QEMUMachineInitArgs to MachineState 2014-05-28 17:35:01 +02:00
mem pc-dimm: error out if memory hotplug is not enabled 2014-07-06 09:13:54 +03:00
microblaze ssi: Name the CS GPIO 2014-05-28 17:36:21 +02:00
mips mips_malta: Catch kernels linked at wrong address 2014-07-09 18:17:08 +02:00
misc sPAPR/IOMMU: Fix TCE entry permission 2014-07-15 16:11:59 +02:00
moxie hw/moxie/moxiesim.c: Remove unused moxie_intc_create() 2014-06-24 20:01:24 +04:00
net vhost-net: disable when cross-endian 2014-06-29 19:39:43 +03:00
nvram spapr: Fix RTAS token numbers 2014-06-27 13:48:22 +02:00
openrisc machine: Conversion of QEMUMachineInitArgs to MachineState 2014-05-28 17:35:01 +02:00
pci pci: assign devfn to pci_dev before calling pci_device_iommu_address_space() 2014-07-06 09:13:54 +03:00
pci-bridge hw/pcie: implement power controller functionality 2014-06-23 17:48:42 +03:00
pci-host prep: Remove PCI memory hack related to OpenHack'Ware 2014-07-07 16:46:35 +02:00
pcmcia hw: Fix qemu_allocate_irqs() leaks 2014-06-30 21:13:30 +02:00
ppc ppc: fix -mem-path failure 2014-07-22 17:37:25 +02:00
s390x s390x/css: reflect cpa in scsw 2014-07-08 15:08:03 +02:00
scsi scsi: Report error when lun number is in use 2014-07-14 11:54:57 +02:00
sd hw: Fix qemu_allocate_irqs() leaks 2014-06-30 21:13:30 +02:00
sh4 hw: Fix qemu_allocate_irqs() leaks 2014-06-30 21:13:30 +02:00
sparc tcx: move initialisation from realizefn to initfn 2014-06-05 20:51:57 +01:00
sparc64 machine: Conversion of QEMUMachineInitArgs to MachineState 2014-05-28 17:35:01 +02:00
ssi ssi: Name the CS GPIO 2014-05-28 17:36:21 +02:00
timer mc146818rtc: register the clock reset notifier on the right clock 2014-07-10 17:06:33 +02:00
tpm
unicore32 machine: Conversion of QEMUMachineInitArgs to MachineState 2014-05-28 17:35:01 +02:00
usb vmstate_xhci_event: fix unterminated field list 2014-07-22 17:34:24 +01:00
virtio virtio-rng: Add human-readable error message for negative max-bytes parameter 2014-07-22 17:18:55 +05:30
watchdog watchdog: fix deadlock with -watchdog-action pause 2014-07-09 18:17:08 +02:00
xen xen_backend: introduce xenstore_read_uint64 and xenstore_read_fe_uint64 2014-07-07 10:37:40 +00:00
xenpv machine: Conversion of QEMUMachineInitArgs to MachineState 2014-05-28 17:35:01 +02:00
xtensa hw/xtensa/xtfpga: implement initrd loading 2014-06-29 02:32:42 +04:00
Makefile.objs pc: implement pc-dimm device abstraction 2014-06-19 16:41:47 +03:00