[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] virtio-net: only delete bh that existed
|
From: |
Jason Wang |
|
Subject: |
Re: [Qemu-devel] [PATCH] virtio-net: only delete bh that existed |
|
Date: |
Thu, 07 Nov 2013 11:03:35 +0800 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 |
On 11/06/2013 07:17 PM, Michael S. Tsirkin wrote:
> On Wed, Nov 06, 2013 at 04:58:08PM +0800, Jason Wang wrote:
>> We delete without check whether it existed during exit. This will lead NULL
>> pointer deference since it was created conditionally depends on guest driver
>> status and features. So add a check of existence before trying to delete it.
>>
>> Cc: address@hidden
>> Signed-off-by: Jason Wang <address@hidden>
> Reviewed-by: Michael S. Tsirkin <address@hidden>
>
> Looks like the bug was introduced by:
> commit 17ec5a8686143da66208273d355f2eeb09807614
> Author: KONRAD Frederic <address@hidden>
> Date: Thu Apr 11 16:29:57 2013 +0200
> virtio-net: add the virtio-net device.
>
> Before that we had a single bh and created/destroyed
> that unconditionally.
> Is this a correct analysis?
>
Nope, it was introduced in the multiqueue virito-net, since the bh were
created conditionally from that commit.
commit fed699f9ca6ae8a0fb62803334cf46fa64d1eb91
Author: Jason Wang <address@hidden>
Date: Wed Jan 30 19:12:39 2013 +0800
virtio-net: multiqueue support
>
>> ---
>> hw/net/virtio-net.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
>> index 22dbd05..ae51d96 100644
>> --- a/hw/net/virtio-net.c
>> +++ b/hw/net/virtio-net.c
>> @@ -1601,7 +1601,7 @@ static int virtio_net_device_exit(DeviceState *qdev)
>> if (q->tx_timer) {
>> timer_del(q->tx_timer);
>> timer_free(q->tx_timer);
>> - } else {
>> + } else if (q->tx_bh) {
>> qemu_bh_delete(q->tx_bh);
>> }
>> }
>> --
>> 1.8.3.2