diff options
author | Juergen Gross <jgross@suse.com> | 2017-02-01 07:52:02 +0100 |
---|---|---|
committer | Stefano Stabellini <sstabellini@kernel.org> | 2017-02-02 10:23:53 -0800 |
commit | e9dcbc86d614018923e26e31319b0a54c9e5abac (patch) | |
tree | 544976b0f20bfbce14433e3e09214fcc72889cb7 /hw/xen | |
parent | 6d06220ad91985f59454c619dc238ebd8a968cd8 (diff) | |
download | qemu-e9dcbc86d614018923e26e31319b0a54c9e5abac.zip qemu-e9dcbc86d614018923e26e31319b0a54c9e5abac.tar.gz qemu-e9dcbc86d614018923e26e31319b0a54c9e5abac.tar.bz2 |
xen: use qdev_unplug() instead of g_free() in xen_pv_find_xendev()
The error exits of xen_pv_find_xendev() free the new xen-device via
g_free() which is wrong.
As the xen-device has been initialized as qdev it must be removed
via qdev_unplug().
This bug has been introduced with commit 3a6c9172ac5951e6dac2b3f6
("xen: create qdev for each backend device").
Reported-by: Roger Pau Monné <roger.pau@citrix.com>
Tested-by: Roger Pau Monné <roger.pau@citrix.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Diffstat (limited to 'hw/xen')
-rw-r--r-- | hw/xen/xen_backend.c | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/hw/xen/xen_backend.c b/hw/xen/xen_backend.c index d119004..6c21c37 100644 --- a/hw/xen/xen_backend.c +++ b/hw/xen/xen_backend.c @@ -124,10 +124,11 @@ static struct XenDevice *xen_be_get_xendev(const char *type, int dom, int dev, /* init new xendev */ xendev = g_malloc0(ops->size); object_initialize(&xendev->qdev, ops->size, TYPE_XENBACKEND); - qdev_set_parent_bus(&xendev->qdev, xen_sysbus); - qdev_set_id(&xendev->qdev, g_strdup_printf("xen-%s-%d", type, dev)); - qdev_init_nofail(&xendev->qdev); - object_unref(OBJECT(&xendev->qdev)); + OBJECT(xendev)->free = g_free; + qdev_set_parent_bus(DEVICE(xendev), xen_sysbus); + qdev_set_id(DEVICE(xendev), g_strdup_printf("xen-%s-%d", type, dev)); + qdev_init_nofail(DEVICE(xendev)); + object_unref(OBJECT(xendev)); xendev->type = type; xendev->dom = dom; @@ -145,7 +146,7 @@ static struct XenDevice *xen_be_get_xendev(const char *type, int dom, int dev, xendev->evtchndev = xenevtchn_open(NULL, 0); if (xendev->evtchndev == NULL) { xen_pv_printf(NULL, 0, "can't open evtchn device\n"); - g_free(xendev); + qdev_unplug(DEVICE(xendev), NULL); return NULL; } fcntl(xenevtchn_fd(xendev->evtchndev), F_SETFD, FD_CLOEXEC); @@ -155,7 +156,7 @@ static struct XenDevice *xen_be_get_xendev(const char *type, int dom, int dev, if (xendev->gnttabdev == NULL) { xen_pv_printf(NULL, 0, "can't open gnttab device\n"); xenevtchn_close(xendev->evtchndev); - g_free(xendev); + qdev_unplug(DEVICE(xendev), NULL); return NULL; } } else { |