]>
Commit | Line | Data |
---|---|---|
e74c0f31 | 1 | From 691689ab216143f5fefd8e229ffd91086b9a261e Mon Sep 17 00:00:00 2001 |
90a6d957 WB |
2 | From: Ladi Prosek <lprosek@redhat.com> |
3 | Date: Tue, 30 May 2017 10:59:43 +0200 | |
e74c0f31 | 4 | Subject: [PATCH 07/23] virtio-serial-bus: Unset hotplug handler when unrealize |
90a6d957 WB |
5 | |
6 | Virtio serial device controls the lifetime of virtio-serial-bus and | |
7 | virtio-serial-bus links back to the device via its hotplug-handler | |
8 | property. This extra ref-count prevents the device from getting | |
9 | finalized, leaving the VirtIODevice memory listener registered and | |
10 | leading to use-after-free later on. | |
11 | ||
12 | This patch addresses the same issue as Fam Zheng's | |
13 | "virtio-scsi: Unset hotplug handler when unrealize" | |
14 | only for a different virtio device. | |
15 | ||
16 | Cc: qemu-stable@nongnu.org | |
17 | Signed-off-by: Ladi Prosek <lprosek@redhat.com> | |
18 | Reviewed-by: Michael S. Tsirkin <mst@redhat.com> | |
19 | Signed-off-by: Michael S. Tsirkin <mst@redhat.com> | |
20 | Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> | |
21 | Reviewed-by: Fam Zheng <famz@redhat.com> | |
22 | --- | |
23 | hw/char/virtio-serial-bus.c | 3 +++ | |
24 | 1 file changed, 3 insertions(+) | |
25 | ||
26 | diff --git a/hw/char/virtio-serial-bus.c b/hw/char/virtio-serial-bus.c | |
27 | index d797a6796e..aa9c11ae92 100644 | |
28 | --- a/hw/char/virtio-serial-bus.c | |
29 | +++ b/hw/char/virtio-serial-bus.c | |
30 | @@ -1121,6 +1121,9 @@ static void virtio_serial_device_unrealize(DeviceState *dev, Error **errp) | |
31 | timer_free(vser->post_load->timer); | |
32 | g_free(vser->post_load); | |
33 | } | |
34 | + | |
35 | + qbus_set_hotplug_handler(BUS(&vser->bus), NULL, errp); | |
36 | + | |
37 | virtio_cleanup(vdev); | |
38 | } | |
39 | ||
40 | -- | |
41 | 2.11.0 | |
42 |