From: Zheng Xiang <xiang.zheng@linaro.org>
Date: Fri, 22 Jun 2018 12:28:35 +0000 (+0100)
Subject: target-arm: fix a segmentation fault due to illegal memory access
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=5ff9aaabdc6aec367ba139bf3f2ccacd918a495f;p=qemu.git

target-arm: fix a segmentation fault due to illegal memory access

The elements of kvm_devices_head list are freed in kvm_arm_machine_init_done(),
but we still access these illegal memory in kvm_arm_devlistener_del().

This will cause segment fault when booting guest with MALLOC_PERTURB_=1.

Signed-off-by: Zheng Xiang <xiang.zheng@linaro.org>
Message-id: 20180619075821.9884-1-zhengxiang9@huawei.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---

diff --git a/target/arm/kvm.c b/target/arm/kvm.c
index 98f5006323..5bf41e151c 100644
--- a/target/arm/kvm.c
+++ b/target/arm/kvm.c
@@ -256,6 +256,7 @@ static void kvm_arm_machine_init_done(Notifier *notifier, void *data)
             kvm_arm_set_device_addr(kd);
         }
         memory_region_unref(kd->mr);
+        QSLIST_REMOVE_HEAD(&kvm_devices_head, entries);
         g_free(kd);
     }
     memory_listener_unregister(&devlistener);