aboutsummaryrefslogtreecommitdiff
path: root/hw/xen/xen_pt.c
diff options
context:
space:
mode:
authorLan Tianyu <tianyu.lan@intel.com>2015-10-11 23:19:24 +0800
committerStefano Stabellini <stefano.stabellini@eu.citrix.com>2015-10-26 11:32:18 +0000
commit4e494de66800747446e73b5ec0189ad7f4690908 (patch)
tree2d12bc4ae4b77bcd1275fd0e0bf694a0cfb292ec /hw/xen/xen_pt.c
parentaf25e7277d3e95a3ea31023f31d8097ab5e2ac84 (diff)
Qemu/Xen: Fix early freeing MSIX MMIO memory region
msix->mmio is added to XenPCIPassthroughState's object as property. object_finalize_child_property is called for XenPCIPassthroughState's object, which calls object_property_del_all, which is going to try to delete msix->mmio. object_finalize_child_property() will access msix->mmio's obj. But the whole msix struct has already been freed by xen_pt_msix_delete. This will cause segment fault when msix->mmio has been overwritten. This patch is to fix the issue. Signed-off-by: Lan Tianyu <tianyu.lan@intel.com> Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Diffstat (limited to 'hw/xen/xen_pt.c')
-rw-r--r--hw/xen/xen_pt.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/hw/xen/xen_pt.c b/hw/xen/xen_pt.c
index 2b54f52707..aa96288236 100644
--- a/hw/xen/xen_pt.c
+++ b/hw/xen/xen_pt.c
@@ -938,10 +938,18 @@ static void xen_pci_passthrough_class_init(ObjectClass *klass, void *data)
dc->props = xen_pci_passthrough_properties;
};
+static void xen_pci_passthrough_finalize(Object *obj)
+{
+ XenPCIPassthroughState *s = XEN_PT_DEVICE(obj);
+
+ xen_pt_msix_delete(s);
+}
+
static const TypeInfo xen_pci_passthrough_info = {
.name = TYPE_XEN_PT_DEVICE,
.parent = TYPE_PCI_DEVICE,
.instance_size = sizeof(XenPCIPassthroughState),
+ .instance_finalize = xen_pci_passthrough_finalize,
.class_init = xen_pci_passthrough_class_init,
};