From: Maxime Coquelin <maxime.coquelin@redhat.com>
Date: Fri, 30 Jun 2017 16:04:22 +0000 (+0200)
Subject: vhost-user: unregister slave req handler at cleanup time
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=b9ec9bd468b2c5b218d16642e8f8ea4df60418bb;p=qemu.git

vhost-user: unregister slave req handler at cleanup time

If the backend sends a request just before closing the socket,
the aio dispatcher might schedule its reading after the vhost
device has been cleaned, leading to a NULL pointer dereference
in slave_read();

vhost_user_cleanup() already closes the socket but it is not
enough, the handler has to be unregistered.

Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---

diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
index 958ee09bcb..2203011125 100644
--- a/hw/virtio/vhost-user.c
+++ b/hw/virtio/vhost-user.c
@@ -779,6 +779,7 @@ static int vhost_user_cleanup(struct vhost_dev *dev)
 
     u = dev->opaque;
     if (u->slave_fd >= 0) {
+        qemu_set_fd_handler(u->slave_fd, NULL, NULL, NULL);
         close(u->slave_fd);
         u->slave_fd = -1;
     }