[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-stable] [PATCH 34/79] virtio-scsi: Unset hotplug handler when unre
|
From: |
Michael Roth |
|
Subject: |
[Qemu-stable] [PATCH 34/79] virtio-scsi: Unset hotplug handler when unrealize |
|
Date: |
Mon, 28 Aug 2017 19:14:09 -0500 |
From: Fam Zheng <address@hidden>
This matches the qbus_set_hotplug_handler in realize, and it releases
the final reference to the embedded VirtIODevice so that it is
properly finalized.
A use-after-free is fixed with this patch, indirectly:
virtio_device_instance_finalize wasn't called at hot-unplug, and the
vdev->listener would be a dangling pointer in the global and the per
address space listener list. See also RHBZ 1449031.
Cc: address@hidden
Signed-off-by: Fam Zheng <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
(cherry picked from commit 2cbe2de5454cf9af44b620b2b40d56361a12a45f)
Signed-off-by: Michael Roth <address@hidden>
---
hw/scsi/virtio-scsi.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c
index bd62d08..cb1c123 100644
--- a/hw/scsi/virtio-scsi.c
+++ b/hw/scsi/virtio-scsi.c
@@ -915,6 +915,9 @@ void virtio_scsi_common_unrealize(DeviceState *dev, Error
**errp)
static void virtio_scsi_device_unrealize(DeviceState *dev, Error **errp)
{
+ VirtIOSCSI *s = VIRTIO_SCSI(dev);
+
+ qbus_set_hotplug_handler(BUS(&s->bus), NULL, &error_abort);
virtio_scsi_common_unrealize(dev, errp);
}
--
2.7.4
- [Qemu-stable] [PATCH 29/79] curl: never invoke callbacks with s->mutex held, (continued)
- [Qemu-stable] [PATCH 29/79] curl: never invoke callbacks with s->mutex held, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 18/79] qobject: Use simpler QDict/QList scalar insertion macros, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 03/79] qemu-img/convert: Always set ret < 0 on error, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 32/79] vvfat: fix qemu-img map and qemu-img convert, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 36/79] s390x/css: catch section mismatch on load, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 02/79] dirty-bitmap: Report BlockDirtyInfo.count in bytes, as documented, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 39/79] blkdebug: Refactor error injection, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 43/79] tests: Add coverage for recent block geometry fixes, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 40/79] blkdebug: Add pass-through write_zero and discard support, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 31/79] stream: fix crash in stream_start() when block_job_create() fails, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 34/79] virtio-scsi: Unset hotplug handler when unrealize,
Michael Roth <=
- [Qemu-stable] [PATCH 46/79] mirror: Drop permissions on s->target on completion, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 37/79] virtio-net: fix wild pointer when remove virtio-net queues, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 44/79] block: Simplify BDRV_BLOCK_RAW recursion, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 50/79] monitor: fix object_del for command-line-created objects, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 38/79] blkdebug: Sanity check block layer guarantees, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 53/79] target/ppc: fix memory leak in kvmppc_is_mem_backend_page_size_ok(), Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 54/79] spapr: add pre_plug function for memory, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 49/79] tests: check-qom-proplist: add checks for cmdline-created objects, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 55/79] spapr: fix memory leak in spapr_memory_pre_plug(), Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 60/79] commit: Fix completion with extra reference, Michael Roth, 2017/08/28