[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-stable] [PATCH 37/79] virtio-net: fix wild pointer when remove vir
From: |
Michael Roth |
Subject: |
[Qemu-stable] [PATCH 37/79] virtio-net: fix wild pointer when remove virtio-net queues |
Date: |
Mon, 28 Aug 2017 19:14:12 -0500 |
From: Yunjian Wang <address@hidden>
The tx_bh or tx_timer will free in virtio_net_del_queue() function, when
removing virtio-net queues if the guest doesn't support multiqueue. But
it might be still referenced by virtio_net_set_status(), which needs to
be set NULL. And also the tx_waiting needs to be set zero to prevent
virtio_net_set_status() accessing tx_bh or tx_timer.
Cc: address@hidden
Signed-off-by: Yunjian Wang <address@hidden>
Signed-off-by: Jason Wang <address@hidden>
(cherry picked from commit f989c30cf834ba8625e98b808eac30e4e7ec5008)
Signed-off-by: Michael Roth <address@hidden>
---
hw/net/virtio-net.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index 7d091c9..98bd683 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -1522,9 +1522,12 @@ static void virtio_net_del_queue(VirtIONet *n, int index)
if (q->tx_timer) {
timer_del(q->tx_timer);
timer_free(q->tx_timer);
+ q->tx_timer = NULL;
} else {
qemu_bh_delete(q->tx_bh);
+ q->tx_bh = NULL;
}
+ q->tx_waiting = 0;
virtio_del_queue(vdev, index * 2 + 1);
}
--
2.7.4
- [Qemu-stable] [PATCH 03/79] qemu-img/convert: Always set ret < 0 on error, (continued)
- [Qemu-stable] [PATCH 03/79] qemu-img/convert: Always set ret < 0 on error, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 32/79] vvfat: fix qemu-img map and qemu-img convert, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 36/79] s390x/css: catch section mismatch on load, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 02/79] dirty-bitmap: Report BlockDirtyInfo.count in bytes, as documented, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 39/79] blkdebug: Refactor error injection, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 43/79] tests: Add coverage for recent block geometry fixes, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 40/79] blkdebug: Add pass-through write_zero and discard support, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 31/79] stream: fix crash in stream_start() when block_job_create() fails, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 34/79] virtio-scsi: Unset hotplug handler when unrealize, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 46/79] mirror: Drop permissions on s->target on completion, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 37/79] virtio-net: fix wild pointer when remove virtio-net queues,
Michael Roth <=
- [Qemu-stable] [PATCH 44/79] block: Simplify BDRV_BLOCK_RAW recursion, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 50/79] monitor: fix object_del for command-line-created objects, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 38/79] blkdebug: Sanity check block layer guarantees, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 53/79] target/ppc: fix memory leak in kvmppc_is_mem_backend_page_size_ok(), Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 54/79] spapr: add pre_plug function for memory, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 49/79] tests: check-qom-proplist: add checks for cmdline-created objects, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 55/79] spapr: fix memory leak in spapr_memory_pre_plug(), Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 60/79] commit: Fix completion with extra reference, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 58/79] nbd: Fully initialize client in case of failed negotiation, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 62/79] blkverify: Catch bs->exact_filename overflow, Michael Roth, 2017/08/28