Patchwork [02/16] hotplug: safely iterate bus's sibling list while removing a device

login
register
mail settings
Submitter Mark McLoughlin
Date Oct. 8, 2009, 6:58 p.m.
Message ID <1255028312-28180-3-git-send-email-markmc@redhat.com>
Download mbox | patch
Permalink /patch/35519/
State Under Review
Headers show

Comments

Mark McLoughlin - Oct. 8, 2009, 6:58 p.m.
Without this, I'm seeing a segfault when unpluging a NIC.

Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
---
 hw/acpi.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)
Gerd Hoffmann - Oct. 12, 2009, 1:16 p.m.
On 10/08/09 20:58, Mark McLoughlin wrote:
> Without this, I'm seeing a segfault when unpluging a NIC.

Patch looks good.

I'm wondering I didn't see segfaults in my testing.  The bug doesn't 
look nic-specific.  Where does it crash?

cheers,
   Gerd
Mark McLoughlin - Oct. 12, 2009, 1:22 p.m.
On Mon, 2009-10-12 at 15:16 +0200, Gerd Hoffmann wrote:
> On 10/08/09 20:58, Mark McLoughlin wrote:
> > Without this, I'm seeing a segfault when unpluging a NIC.
> 
> Patch looks good.
> 
> I'm wondering I didn't see segfaults in my testing.  The bug doesn't 
> look nic-specific.  Where does it crash?

I didn't investigate in great detail, but it looked like it crashed
while trying to iterate the list after the qdev_free()

Cheers,
Mark.

Patch

diff --git a/hw/acpi.c b/hw/acpi.c
index 4373133..d73aee9 100644
--- a/hw/acpi.c
+++ b/hw/acpi.c
@@ -695,11 +695,11 @@  static uint32_t pciej_read(void *opaque, uint32_t addr)
 static void pciej_write(void *opaque, uint32_t addr, uint32_t val)
 {
     BusState *bus = opaque;
-    DeviceState *qdev;
+    DeviceState *qdev, *next;
     PCIDevice *dev;
     int slot = ffs(val) - 1;
 
-    QLIST_FOREACH(qdev, &bus->children, sibling) {
+    QLIST_FOREACH_SAFE(qdev, &bus->children, sibling, next) {
         dev = DO_UPCAST(PCIDevice, qdev, qdev);
         if (PCI_SLOT(dev->devfn) == slot) {
 #if defined (TARGET_I386)