From: Jason Wang <jasowang@redhat.com>
Date: Mon, 15 Feb 2016 04:52:34 +0000 (+0800)
Subject: net: filter: correctly remove filter from the list during finalization
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=5dd2d45e344b50b018912b6d98ab47493f946eb6;p=qemu.git

net: filter: correctly remove filter from the list during finalization

Qemu may crash when we want to add two filters on the same netdev but
the initialization of second fails (e.g missing parameters):

./qemu-system-x86_64 -netdev user,id=un0 \
 -object filter-buffer,id=f0,netdev=un0,interval=10 \
 -object filter-buffer,id=f1,netdev=un0
Segmentation fault (core dumped)

This is because we don't check whether or not the filter was in the
list of netdev. This patch fixes this.

Cc: Yang Hongyang <hongyang.yang@easystack.cn>
Reviewed-by: Yang Hongyang <hongyang.yang@easystack.cn>
Signed-off-by: Jason Wang <jasowang@redhat.com>
---

diff --git a/net/filter.c b/net/filter.c
index d2a514eb8d..7cdbc6c615 100644
--- a/net/filter.c
+++ b/net/filter.c
@@ -196,7 +196,8 @@ static void netfilter_finalize(Object *obj)
         nfc->cleanup(nf);
     }
 
-    if (nf->netdev && !QTAILQ_EMPTY(&nf->netdev->filters)) {
+    if (nf->netdev && !QTAILQ_EMPTY(&nf->netdev->filters) &&
+        nf->next.tqe_prev) {
         QTAILQ_REMOVE(&nf->netdev->filters, nf, next);
     }
     g_free(nf->netdev_id);