diff options
author | Marcel Apfelbaum <marcel.a@redhat.com> | 2014-01-21 18:37:51 +0200 |
---|---|---|
committer | Michael S. Tsirkin <mst@redhat.com> | 2014-01-26 13:11:45 +0200 |
commit | 306077640a652e090779498aadbeb0c605feaacd (patch) | |
tree | f8169efccfff4c0d7b2b01508d3c824fcb148f0a /hw | |
parent | b8124cecb55b3bc4e7dee0ff34b294942044d74a (diff) | |
download | qemu-306077640a652e090779498aadbeb0c605feaacd.zip qemu-306077640a652e090779498aadbeb0c605feaacd.tar.gz qemu-306077640a652e090779498aadbeb0c605feaacd.tar.bz2 |
hw/pci: fix error flow in pci multifunction init
Scenario:
- There is a non multifunction pci device A on 00:0X.0.
- Hot-plug another multifunction pci device B at 00:0X.1.
- The operation will fail of course.
- Try to hot-plug the B device 2-3 more times, qemu will crash.
Reason: The error flow leaves the B's address space into global address spaces
list, but the device object is freed. Fixed that.
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Diffstat (limited to 'hw')
-rw-r--r-- | hw/pci/pci.c | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/hw/pci/pci.c b/hw/pci/pci.c index 2aca8a4..1221f32 100644 --- a/hw/pci/pci.c +++ b/hw/pci/pci.c @@ -793,6 +793,15 @@ static void pci_config_free(PCIDevice *pci_dev) g_free(pci_dev->used); } +static void do_pci_unregister_device(PCIDevice *pci_dev) +{ + pci_dev->bus->devices[pci_dev->devfn] = NULL; + pci_config_free(pci_dev); + + address_space_destroy(&pci_dev->bus_master_as); + memory_region_destroy(&pci_dev->bus_master_enable_region); +} + /* -1 for devfn means auto assign */ static PCIDevice *do_pci_register_device(PCIDevice *pci_dev, PCIBus *bus, const char *name, int devfn) @@ -858,7 +867,7 @@ static PCIDevice *do_pci_register_device(PCIDevice *pci_dev, PCIBus *bus, pci_init_mask_bridge(pci_dev); } if (pci_init_multifunction(bus, pci_dev)) { - pci_config_free(pci_dev); + do_pci_unregister_device(pci_dev); return NULL; } @@ -873,15 +882,6 @@ static PCIDevice *do_pci_register_device(PCIDevice *pci_dev, PCIBus *bus, return pci_dev; } -static void do_pci_unregister_device(PCIDevice *pci_dev) -{ - pci_dev->bus->devices[pci_dev->devfn] = NULL; - pci_config_free(pci_dev); - - address_space_destroy(&pci_dev->bus_master_as); - memory_region_destroy(&pci_dev->bus_master_enable_region); -} - static void pci_unregister_io_regions(PCIDevice *pci_dev) { PCIIORegion *r; |