9ae3a8
From 3c47b10c7a3a86d6fb5fb15a0c41fe512ed44f87 Mon Sep 17 00:00:00 2001
9ae3a8
From: Xiao Wang <jasowang@redhat.com>
9ae3a8
Date: Thu, 14 Nov 2013 09:40:26 +0100
9ae3a8
Subject: [PATCH 02/14] virtio-net: only delete bh that existed
9ae3a8
9ae3a8
RH-Author: Xiao Wang <jasowang@redhat.com>
9ae3a8
Message-id: <1384422026-7632-1-git-send-email-jasowang@redhat.com>
9ae3a8
Patchwork-id: 55681
9ae3a8
O-Subject: [RHEL7.0 qemu-kvm PATCH] virtio-net: only delete bh that existed
9ae3a8
Bugzilla: 922463
9ae3a8
RH-Acked-by: Amos Kong <akong@redhat.com>
9ae3a8
RH-Acked-by: Michael S. Tsirkin <mst@redhat.com>
9ae3a8
RH-Acked-by: Markus Armbruster <armbru@redhat.com>
9ae3a8
RH-Acked-by: Vlad Yasevich <vyasevic@redhat.com>
9ae3a8
9ae3a8
bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=922463
9ae3a8
upstream: 6b9b8758c15f3bc2875dbd6e2d03c5362b8d6902
9ae3a8
brew build: https://brewweb.devel.redhat.com/taskinfo?taskID=6576713
9ae3a8
test status: tested by my self
9ae3a8
9ae3a8
We delete without check whether it existed during exit. This will lead NULL
9ae3a8
pointer deference since it was created conditionally depends on guest driver
9ae3a8
status and features. So add a check of existence before trying to delete it.
9ae3a8
9ae3a8
Cc: qemu-stable@nongnu.org
9ae3a8
Signed-off-by: Jason Wang <jasowang@redhat.com>
9ae3a8
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
9ae3a8
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9ae3a8
---
9ae3a8
 hw/net/virtio-net.c |    2 +-
9ae3a8
 1 files changed, 1 insertions(+), 1 deletions(-)
9ae3a8
9ae3a8
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
9ae3a8
---
9ae3a8
 hw/net/virtio-net.c |    2 +-
9ae3a8
 1 files changed, 1 insertions(+), 1 deletions(-)
9ae3a8
9ae3a8
diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
9ae3a8
index 19c5030..f889841 100644
9ae3a8
--- a/hw/net/virtio-net.c
9ae3a8
+++ b/hw/net/virtio-net.c
9ae3a8
@@ -1532,7 +1532,7 @@ static int virtio_net_device_exit(DeviceState *qdev)
9ae3a8
         if (q->tx_timer) {
9ae3a8
             qemu_del_timer(q->tx_timer);
9ae3a8
             qemu_free_timer(q->tx_timer);
9ae3a8
-        } else {
9ae3a8
+        } else if (q->tx_bh) {
9ae3a8
             qemu_bh_delete(q->tx_bh);
9ae3a8
         }
9ae3a8
     }
9ae3a8
-- 
9ae3a8
1.7.1
9ae3a8