[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 37/79] virtio-net: fix wild pointer when remove virt
From: |
Michael Roth |
Subject: |
[Qemu-devel] [PATCH 37/79] virtio-net: fix wild pointer when remove virtio-net queues |
Date: |
Mon, 28 Aug 2017 19:14:12 -0500 |
From: Yunjian Wang <address@hidden>
The tx_bh or tx_timer will free in virtio_net_del_queue() function, when
removing virtio-net queues if the guest doesn't support multiqueue. But
it might be still referenced by virtio_net_set_status(), which needs to
be set NULL. And also the tx_waiting needs to be set zero to prevent
virtio_net_set_status() accessing tx_bh or tx_timer.
Cc: address@hidden
Signed-off-by: Yunjian Wang <address@hidden>
Signed-off-by: Jason Wang <address@hidden>
(cherry picked from commit f989c30cf834ba8625e98b808eac30e4e7ec5008)
Signed-off-by: Michael Roth <address@hidden>
---
hw/net/virtio-net.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index 7d091c9..98bd683 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -1522,9 +1522,12 @@ static void virtio_net_del_queue(VirtIONet *n, int index)
if (q->tx_timer) {
timer_del(q->tx_timer);
timer_free(q->tx_timer);
+ q->tx_timer = NULL;
} else {
qemu_bh_delete(q->tx_bh);
+ q->tx_bh = NULL;
}
+ q->tx_waiting = 0;
virtio_del_queue(vdev, index * 2 + 1);
}
--
2.7.4
- [Qemu-devel] [PATCH 33/79] virtio: allow broken device to notify guest, (continued)
- [Qemu-devel] [PATCH 33/79] virtio: allow broken device to notify guest, Michael Roth, 2017/08/28
- [Qemu-devel] [PATCH 31/79] stream: fix crash in stream_start() when block_job_create() fails, Michael Roth, 2017/08/28
- [Qemu-devel] [PATCH 46/79] mirror: Drop permissions on s->target on completion, Michael Roth, 2017/08/28
- [Qemu-devel] [PATCH 36/79] s390x/css: catch section mismatch on load, Michael Roth, 2017/08/28
- [Qemu-devel] [PATCH 43/79] tests: Add coverage for recent block geometry fixes, Michael Roth, 2017/08/28
- [Qemu-devel] [PATCH 41/79] blkdebug: Simplify override logic, Michael Roth, 2017/08/28
- [Qemu-devel] [PATCH 44/79] block: Simplify BDRV_BLOCK_RAW recursion, Michael Roth, 2017/08/28
- [Qemu-devel] [PATCH 49/79] tests: check-qom-proplist: add checks for cmdline-created objects, Michael Roth, 2017/08/28
- [Qemu-devel] [PATCH 53/79] target/ppc: fix memory leak in kvmppc_is_mem_backend_page_size_ok(), Michael Roth, 2017/08/28
- [Qemu-devel] [PATCH 55/79] spapr: fix memory leak in spapr_memory_pre_plug(), Michael Roth, 2017/08/28
- [Qemu-devel] [PATCH 37/79] virtio-net: fix wild pointer when remove virtio-net queues,
Michael Roth <=
- [Qemu-devel] [PATCH 38/79] blkdebug: Sanity check block layer guarantees, Michael Roth, 2017/08/28
- [Qemu-devel] [PATCH 52/79] target/ppc: pass const string to kvmppc_is_mem_backend_page_size_ok(), Michael Roth, 2017/08/28
- [Qemu-devel] [PATCH 54/79] spapr: add pre_plug function for memory, Michael Roth, 2017/08/28
- [Qemu-devel] [PATCH 48/79] linuxboot_dma: compile for i486, Michael Roth, 2017/08/28
- [Qemu-devel] [PATCH 51/79] pc: Use "min-[x]level" on compat_props, Michael Roth, 2017/08/28
- [Qemu-devel] [PATCH 58/79] nbd: Fully initialize client in case of failed negotiation, Michael Roth, 2017/08/28
- [Qemu-devel] [PATCH 63/79] nbd: fix NBD over TLS, Michael Roth, 2017/08/28
- [Qemu-devel] [PATCH 61/79] blkdebug: Catch bs->exact_filename overflow, Michael Roth, 2017/08/28
- [Qemu-devel] [PATCH 42/79] blkdebug: Add ability to override unmap geometries, Michael Roth, 2017/08/28
- [Qemu-devel] [PATCH 40/79] blkdebug: Add pass-through write_zero and discard support, Michael Roth, 2017/08/28