diff options
| author | Maxime Coquelin | 2017-06-30 18:04:22 +0200 |
|---|---|---|
| committer | Michael S. Tsirkin | 2017-07-03 21:29:49 +0200 |
| commit | b9ec9bd468b2c5b218d16642e8f8ea4df60418bb (patch) | |
| tree | 27020a2b06047394cd50696caacbee7ecff40d94 | |
| parent | vhost: ensure vhost_ops are set before calling iotlb callback (diff) | |
| download | qemu-b9ec9bd468b2c5b218d16642e8f8ea4df60418bb.tar.gz qemu-b9ec9bd468b2c5b218d16642e8f8ea4df60418bb.tar.xz qemu-b9ec9bd468b2c5b218d16642e8f8ea4df60418bb.zip | |
vhost-user: unregister slave req handler at cleanup time
If the backend sends a request just before closing the socket,
the aio dispatcher might schedule its reading after the vhost
device has been cleaned, leading to a NULL pointer dereference
in slave_read();
vhost_user_cleanup() already closes the socket but it is not
enough, the handler has to be unregistered.
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
| -rw-r--r-- | hw/virtio/vhost-user.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c index 958ee09bcb..2203011125 100644 --- a/hw/virtio/vhost-user.c +++ b/hw/virtio/vhost-user.c @@ -779,6 +779,7 @@ static int vhost_user_cleanup(struct vhost_dev *dev) u = dev->opaque; if (u->slave_fd >= 0) { + qemu_set_fd_handler(u->slave_fd, NULL, NULL, NULL); close(u->slave_fd); u->slave_fd = -1; } |