qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PULL 32/35] vhost-user: disable chardev handlers on cl

From: Paolo Bonzini
Subject: Re: [Qemu-devel] [PULL 32/35] vhost-user: disable chardev handlers on close
Date: Wed, 29 Jun 2016 17:45:15 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1 

On 29/06/2016 17:31, Marc-André Lureau wrote:
> Hi
> 
> ----- Original Message -----
>> This otherwise causes a use-after-free if network backend cleanup
>> is performed before character device cleanup.
>>
>> Cc: Marc-André Lureau <address@hidden>
>> Signed-off-by: Paolo Bonzini <address@hidden>
> 
> 
> 
> See also my previous (still unreviewed) series:
> https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01004.html

Oh, interesting!

This is indeed a superset of patch 1, but you need to either delete the
chardev (patch 2) or clear the handlers.  There are only a handful uses
of qemu_chr_delete outside qemu-char.c, which makes me believe that most
of them are wrong...

Paolo

> so: Reviewed-by: Marc-André Lureau <address@hidden>
> 
> 
>> ---
>>  net/vhost-user.c | 5 +++++
>>  1 file changed, 5 insertions(+)
>>
>> diff --git a/net/vhost-user.c b/net/vhost-user.c
>> index 636899a..92f4cfd 100644
>> --- a/net/vhost-user.c
>> +++ b/net/vhost-user.c
>> @@ -151,6 +151,11 @@ static void vhost_user_cleanup(NetClientState *nc)
>>          vhost_net_cleanup(s->vhost_net);
>>          s->vhost_net = NULL;
>>      }
>> +    if (s->chr) {
>> +        qemu_chr_add_handlers(s->chr, NULL, NULL, NULL, NULL);
>> +        qemu_chr_fe_release(s->chr);
>> +        s->chr = NULL;
>> +    }
>>  
>>      qemu_purge_queued_packets(nc);
>>  }
>> --
>> 1.8.3.1
>>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]