Qemu/Xen: Fix early freeing MSIX MMIO memory region - bwlp/qemu.git - Experimental fork of QEMU with video encoding patches

diff options

author	Lan Tianyu	2015-10-11 17:19:24 +0200
committer	Stefano Stabellini	2015-10-26 12:32:18 +0100
commit	4e494de66800747446e73b5ec0189ad7f4690908 (patch)
tree	2d12bc4ae4b77bcd1275fd0e0bf694a0cfb292ec /include
parent	Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging (diff)
download	qemu-4e494de66800747446e73b5ec0189ad7f4690908.tar.gz qemu-4e494de66800747446e73b5ec0189ad7f4690908.tar.xz qemu-4e494de66800747446e73b5ec0189ad7f4690908.zip

Qemu/Xen: Fix early freeing MSIX MMIO memory region

msix->mmio is added to XenPCIPassthroughState's object as property. object_finalize_child_property is called for XenPCIPassthroughState's object, which calls object_property_del_all, which is going to try to delete msix->mmio. object_finalize_child_property() will access msix->mmio's obj. But the whole msix struct has already been freed by xen_pt_msix_delete. This will cause segment fault when msix->mmio has been overwritten. This patch is to fix the issue. Signed-off-by: Lan Tianyu <tianyu.lan@intel.com> Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>

Diffstat (limited to 'include')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: