mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

virtio-net: fix wild pointer when remove virtio-net queues

Browse Source 
The tx_bh or tx_timer will free in virtio_net_del_queue() function, when
removing virtio-net queues if the guest doesn't support multiqueue. But
it might be still referenced by virtio_net_set_status(), which needs to
be set NULL. And also the tx_waiting needs to be set zero to prevent
virtio_net_set_status() accessing tx_bh or tx_timer.

Cc: qemu-stable@nongnu.org
Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
This commit is contained in:
Yunjian Wang 2017-04-26 14:45:56 +08:00 committed by Jason Wang
parent f5ab20a468
commit f989c30cf8
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
hw/net/virtio-net.c
View File

@ -1522,9 +1522,12 @@ static void virtio_net_del_queue(VirtIONet *n, int index)
if (q->tx_timer) {
timer_del(q->tx_timer);
timer_free(q->tx_timer);
q->tx_timer = NULL;
} else {
qemu_bh_delete(q->tx_bh);
q->tx_bh = NULL;
}
q->tx_waiting = 0;
virtio_del_queue(vdev, index * 2 + 1);
}