On Mon, 16 Oct 2017 12:33:26 +0530 Bharata B Rao <[email protected]> wrote:
> The following sequence of steps kill the QEMU: > > - Hotplug a CPU > - Change the default CPU to the newly hotplugged cpu using "cpu" HMP command. > - Hot unplug the CPU > - Run "info cpus" > > Fix this by not letting monitor_get_cpu() to return a CPU which is marked > for unplug. > > Reported-by: Satheesh Rajendran <[email protected]> > Signed-off-by: Bharata B Rao <[email protected]> > --- > monitor.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/monitor.c b/monitor.c > index fe0d1bd..8d60e57 100644 > --- a/monitor.c > +++ b/monitor.c > @@ -1053,7 +1053,7 @@ int monitor_set_cpu(int cpu_index) > > CPUState *mon_get_cpu(void) > { > - if (!cur_mon->mon_cpu) { > + if (!cur_mon->mon_cpu || cur_mon->mon_cpu->unplug) { mon_cpu could be freed so it would cause use after free, Greg was looking into the same issue see his patch: "PATCH] monitor: fix dangling CPU pointer" > if (!first_cpu) { > return NULL; > }
