|
 |
c401cc |
From 01fd3878eb64119364eab82b0e5b3cac88736fa6 Mon Sep 17 00:00:00 2001
|
|
|
c401cc |
Message-Id: <01fd3878eb64119364eab82b0e5b3cac88736fa6.1386932210.git.jdenemar@redhat.com>
|
|
|
c401cc |
From: Cole Robinson <crobinso@redhat.com>
|
|
|
c401cc |
Date: Mon, 9 Dec 2013 20:12:44 +0100
|
|
|
c401cc |
Subject: [PATCH] qemu: hotplug: Fix double free on USB collision
|
|
|
c401cc |
|
|
|
c401cc |
https://bugzilla.redhat.com/show_bug.cgi?id=1025108
|
|
|
c401cc |
|
|
|
c401cc |
If we hit a collision, we free the USB device while it is still part
|
|
|
c401cc |
of our temporary USBDeviceList. When the list is unref'd, the device
|
|
|
c401cc |
is free'd again.
|
|
|
c401cc |
|
|
|
c401cc |
Make the initial device freeing dependent on whether it is present
|
|
|
c401cc |
in the temporary list or not.
|
|
|
c401cc |
|
|
|
c401cc |
(cherry picked from commit 5953a73787b50da56e2ee820a8095ccb09c7a79b)
|
|
|
c401cc |
|
|
|
c401cc |
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
|
|
|
c401cc |
---
|
|
|
c401cc |
src/qemu/qemu_hotplug.c | 5 ++++-
|
|
|
c401cc |
1 file changed, 4 insertions(+), 1 deletion(-)
|
|
|
c401cc |
|
|
|
c401cc |
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
|
|
|
c401cc |
index f2b6dba..a253a74 100644
|
|
|
c401cc |
--- a/src/qemu/qemu_hotplug.c
|
|
|
c401cc |
+++ b/src/qemu/qemu_hotplug.c
|
|
|
c401cc |
@@ -1377,7 +1377,10 @@ cleanup:
|
|
|
c401cc |
}
|
|
|
c401cc |
if (added)
|
|
|
c401cc |
virUSBDeviceListSteal(driver->activeUsbHostdevs, usb);
|
|
|
c401cc |
- virUSBDeviceFree(usb);
|
|
|
c401cc |
+ if (list && usb &&
|
|
|
c401cc |
+ !virUSBDeviceListFind(list, usb) &&
|
|
|
c401cc |
+ !virUSBDeviceListFind(driver->activeUsbHostdevs, usb))
|
|
|
c401cc |
+ virUSBDeviceFree(usb);
|
|
|
c401cc |
virObjectUnref(list);
|
|
|
c401cc |
VIR_FREE(devstr);
|
|
|
c401cc |
return ret;
|
|
|
c401cc |
--
|
|
|
c401cc |
1.8.5.1
|
|
|
c401cc |
|