[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-stable] [PATCH] virtio-serial-bus: Unset hotplug handler when
|
From: |
Paolo Bonzini |
|
Subject: |
Re: [Qemu-stable] [PATCH] virtio-serial-bus: Unset hotplug handler when unrealize |
|
Date: |
Tue, 30 May 2017 12:05:48 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.0 |
On 30/05/2017 10:59, Ladi Prosek wrote:
> Virtio serial device controls the lifetime of virtio-serial-bus and
> virtio-serial-bus links back to the device via its hotplug-handler
> property. This extra ref-count prevents the device from getting
> finalized, leaving the VirtIODevice memory listener registered and
> leading to use-after-free later on.
>
> This patch addresses the same issue as Fam Zheng's
> "virtio-scsi: Unset hotplug handler when unrealize"
> only for a different virtio device.
>
> Cc: address@hidden
> Signed-off-by: Ladi Prosek <address@hidden>
> ---
> hw/char/virtio-serial-bus.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/hw/char/virtio-serial-bus.c b/hw/char/virtio-serial-bus.c
> index d797a67..aa9c11a 100644
> --- a/hw/char/virtio-serial-bus.c
> +++ b/hw/char/virtio-serial-bus.c
> @@ -1121,6 +1121,9 @@ static void virtio_serial_device_unrealize(DeviceState
> *dev, Error **errp)
> timer_free(vser->post_load->timer);
> g_free(vser->post_load);
> }
> +
> + qbus_set_hotplug_handler(BUS(&vser->bus), NULL, errp);
> +
> virtio_cleanup(vdev);
> }
>
>
Reviewed-by: Paolo Bonzini <address@hidden>