diff options
| author | Igor Mammedov <imammedo@redhat.com> | 2016-12-30 15:33:11 +0100 |
|---|---|---|
| committer | Michael Roth <mdroth@linux.vnet.ibm.com> | 2017-03-16 12:10:39 -0500 |
| commit | 87ede19db3ee8c657cded1a6a376545ffb491094 (patch) | |
| tree | 0e542c55812779efe6e8b29e8de4c0c9a1274ba4 | |
| parent | da95bfe06b8afe193a1039adc015bd82438bfad5 (diff) | |
| download | qemu-87ede19db3ee8c657cded1a6a376545ffb491094.tar.gz | |
pc: fix crash in rtc_set_memory() if initial cpu is marked as hotplugged
'hotplugged' propperty is meant to be used on migration side when migrating
source with hotplugged devices.
However though it not exacly correct usage of 'hotplugged' property
it's possible to set generic hotplugged property for CPU using
-cpu foo,hotplugged=on
or
-global foo.hotplugged=on
in this case qemu crashes with following backtrace:
...
because pc_cpu_plug() assumes that hotplugged CPU could appear only after
rtc/fw_cfg are initialized.
Fix crash by replacing assumption with explicit checks of rtc/fw_cfg
and updating them only if they were initialized.
Cc: qemu-stable@nongnu.org
Reported-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <1483108391-199542-1-git-send-email-imammedo@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 26ef65beab852caf2b1ef4976e3473f2d525164d)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
| -rw-r--r-- | hw/i386/pc.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/hw/i386/pc.c b/hw/i386/pc.c index a9e64a88e5..02cc5a24f1 100644 --- a/hw/i386/pc.c +++ b/hw/i386/pc.c @@ -1818,8 +1818,10 @@ static void pc_cpu_plug(HotplugHandler *hotplug_dev, /* increment the number of CPUs */ pcms->boot_cpus++; - if (dev->hotplugged) { + if (pcms->rtc) { rtc_set_cpus_count(pcms->rtc, pcms->boot_cpus); + } + if (pcms->fw_cfg) { fw_cfg_modify_i16(pcms->fw_cfg, FW_CFG_NB_CPUS, pcms->boot_cpus); } |