diff mbox

audio: es1370: unregister reset call on exit

Message ID 1479893700-4596-1-git-send-email-ppandit@redhat.com
State New
Headers show

Commit Message

Prasad Pandit Nov. 23, 2016, 9:35 a.m. UTC 
From: Prasad J Pandit <pjp@fedoraproject.org>

ES1370 audio device emulator registers a device reset call with
Qemu during initialisation. But the same is not unregistered when
audio device is unplugged. This leads to a use-after-free error
during reboot, as Qemu resets the machine. Add 'es1370_exit'
PCIDeviceClass method to avoid it.

Reported-by: Huawei PSIRT <PSIRT@huawei.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
---
 hw/audio/es1370.c | 7 +++++++
 1 file changed, 7 insertions(+)

Comments

no-reply@patchew.org Nov. 23, 2016, 9:49 a.m. UTC | #1 
Hi,

Your series seems to have some coding style problems. See output below for
more information:

Subject: [Qemu-devel] [PATCH] audio: es1370: unregister reset call on exit
Type: series
Message-id: 1479893700-4596-1-git-send-email-ppandit@redhat.com

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

# Useful git options
git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
    echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
    if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
        failed=1
        echo
    fi
    n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
89219ee audio: es1370: unregister reset call on exit

=== OUTPUT BEGIN ===
Checking PATCH 1/1: audio: es1370: unregister reset call on exit...
ERROR: space prohibited between function name and open parenthesis '('
#24: FILE: hw/audio/es1370.c:1050:
+static void es1370_exit (PCIDevice *dev)

total: 1 errors, 0 warnings, 19 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-devel@freelists.org
diff mbox

Patch

diff --git a/hw/audio/es1370.c b/hw/audio/es1370.c
index 8449b5f..5c97295 100644
--- a/hw/audio/es1370.c
+++ b/hw/audio/es1370.c
@@ -1047,12 +1047,19 @@  static int es1370_init (PCIBus *bus)
     return 0;
 }
 
+static void es1370_exit (PCIDevice *dev)
+{
+    ES1370State *s = ES1370(dev);
+    qemu_unregister_reset(es1370_on_reset, s);
+}
+
 static void es1370_class_init (ObjectClass *klass, void *data)
 {
     DeviceClass *dc = DEVICE_CLASS (klass);
     PCIDeviceClass *k = PCI_DEVICE_CLASS (klass);
 
     k->realize = es1370_realize;
+    k->exit = es1370_exit;
     k->vendor_id = PCI_VENDOR_ID_ENSONIQ;
     k->device_id = PCI_DEVICE_ID_ENSONIQ_ES1370;
     k->class_id = PCI_CLASS_MULTIMEDIA_AUDIO;