Commit db3a5ed7 authored Dec 15, 2011 by Stefan Hajnoczi Committed by Anthony Liguori Dec 15, 2011

usb: fix usb_qdev_init() error handling again



Commit f462141f introduced clean up code
when usb_qdev_init() fails.  Unfortunately it calls .handle_destroy()
when .init() was never invoked or failed.  This can lead to crashes when
.handle_destroy() tries to clean up things that were never initialized.

This patch is careful to undo only those steps that completed along the
usb_qdev_init() code path.  It's not as pretty as the unified error
handling in f462141f but it's necessary.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

parent 56384e8b

hw/usb-bus.c

+5 −7

Original line number	Diff line number	Diff line
		@@ -77,23 +77,21 @@ static int usb_qdev_init(DeviceState qdev, DeviceInfo base)
		QLIST_INIT(&dev->strings);
		rc = usb_claim_port(dev);
		if (rc != 0) {
		goto err;
		return rc;
		}
		rc = dev->info->init(dev);
		if (rc != 0) {
		goto err;
		usb_release_port(dev);
		return rc;
		}
		if (dev->auto_attach) {
		rc = usb_device_attach(dev);
		if (rc != 0) {
		goto err;
		usb_qdev_exit(qdev);
		return rc;
		}
		}
		return 0;

		err:
		usb_qdev_exit(qdev);
		return rc;
		}

		static int usb_qdev_exit(DeviceState *qdev)