Commit b9ec9bd4 authored by Maxime Coquelin's avatar Maxime Coquelin Committed by Michael S. Tsirkin
Browse files

vhost-user: unregister slave req handler at cleanup time 



If the backend sends a request just before closing the socket,
the aio dispatcher might schedule its reading after the vhost
device has been cleaned, leading to a NULL pointer dereference
in slave_read();

vhost_user_cleanup() already closes the socket but it is not
enough, the handler has to be unregistered.

Signed-off-by: default avatarMaxime Coquelin <maxime.coquelin@redhat.com>
Reviewed-by: default avatarMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: default avatarMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
parent 384b557d

hw/virtio/vhost-user.c

+1 −0
Original line number Diff line number Diff line
@@ -779,6 +779,7 @@ static int vhost_user_cleanup(struct vhost_dev *dev) 


    u = dev->opaque;

    if (u->slave_fd >= 0) {

        qemu_set_fd_handler(u->slave_fd, NULL, NULL, NULL);

        close(u->slave_fd);

        u->slave_fd = -1;

    }