diff mbox

usb: fix segfault when hot-unplugging usb host adapter

Message ID 1426591711-14472-1-git-send-email-arei.gonglei@huawei.com
State New
Headers show

Commit Message

Gonglei (Arei) March 17, 2015, 11:28 a.m. UTC 
From: Gonglei <arei.gonglei@huawei.com>

When hot-unplugging the usb controllers (ehci/uhci),
we have to clean all resouce of these devices,
involed registered reset handler. Otherwise, it
may cause NULL pointer access and/or segmentation fault
if we reboot the guest os after hot-unplugging.

Cc: qemu-stable <qemu-stable@nongnu.org>
Reported-by: Lidonglin <lidonglin@huawei.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
---
 hw/usb/hcd-ehci.c | 1 +
 hw/usb/hcd-ohci.c | 1 +
 hw/usb/hcd-uhci.c | 2 ++
 3 files changed, 4 insertions(+)

Comments

Gerd Hoffmann March 17, 2015, 11:58 a.m. UTC | #1 
> +    qemu_unregister_reset(ehci_reset, s);

We should hook up reset via DeviceClass->reset then (xhci already does
it this way) and drop the qemu_register_reset() calls.

Then qemu will register and unregister the reset handler automatically
for us.

cheers,
  Gerd
Gonglei (Arei) March 17, 2015, 12:10 p.m. UTC | #2 
On 2015/3/17 19:58, Gerd Hoffmann wrote:
>> +    qemu_unregister_reset(ehci_reset, s);
> 
> We should hook up reset via DeviceClass->reset then (xhci already does
> it this way) and drop the qemu_register_reset() calls.
> 
> Then qemu will register and unregister the reset handler automatically
> for us.
> 
I'll look for this, thanks :)

Regards,
-Gonglei
diff mbox

Patch

diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
index ccf54b6..5be41f8 100644
--- a/hw/usb/hcd-ehci.c
+++ b/hw/usb/hcd-ehci.c
@@ -2495,6 +2495,7 @@  void usb_ehci_unrealize(EHCIState *s, DeviceState *dev, Error **errp)
     memory_region_del_subregion(&s->mem, &s->mem_opreg);
     memory_region_del_subregion(&s->mem, &s->mem_ports);
 
+    qemu_unregister_reset(ehci_reset, s);
     usb_bus_release(&s->bus);
 
     if (s->vmstate) {
diff --git a/hw/usb/hcd-ohci.c b/hw/usb/hcd-ohci.c
index a0d478e..840d254 100644
--- a/hw/usb/hcd-ohci.c
+++ b/hw/usb/hcd-ohci.c
@@ -1949,6 +1949,7 @@  static void usb_ohci_exit(PCIDevice *dev)
     if (!ohci->masterbus) {
         usb_bus_release(&s->bus);
     }
+    qemu_register_reset(ohci_reset, ohci);
 }
 
 #define TYPE_SYSBUS_OHCI "sysbus-ohci"
diff --git a/hw/usb/hcd-uhci.c b/hw/usb/hcd-uhci.c
index f903de7..70ad52a 100644
--- a/hw/usb/hcd-uhci.c
+++ b/hw/usb/hcd-uhci.c
@@ -1274,6 +1274,8 @@  static void usb_uhci_exit(PCIDevice *dev)
     if (!s->masterbus) {
         usb_bus_release(&s->bus);
     }
+
+    qemu_unregister_reset(uhci_reset, s);
 }
 
 static Property uhci_properties_companion[] = {