]> git.proxmox.com Git - mirror_qemu.git/commit
virtio-scsi: Unset hotplug handler when unrealize
authorFam Zheng <famz@redhat.com>
Thu, 18 May 2017 10:28:08 +0000 (18:28 +0800)
committerMichael Roth <mdroth@linux.vnet.ibm.com>
Thu, 3 Aug 2017 19:42:49 +0000 (14:42 -0500)
commit952cc382044af1f74cdae4256036ba121d75f528
tree57fb4316b34362e618fa09271a71be66c2837256
parentc6b510d1e57cd4d3861955d8c989a67e739ae539
virtio-scsi: Unset hotplug handler when unrealize

This matches the qbus_set_hotplug_handler in realize, and it releases
the final reference to the embedded VirtIODevice so that it is
properly finalized.

A use-after-free is fixed with this patch, indirectly:
virtio_device_instance_finalize wasn't called at hot-unplug, and the
vdev->listener would be a dangling pointer in the global and the per
address space listener list. See also RHBZ 1449031.

Cc: qemu-stable@nongnu.org
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-Id: <20170518102808.30046-1-famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 2cbe2de5454cf9af44b620b2b40d56361a12a45f)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
hw/scsi/virtio-scsi.c