----- Original Message -----
> If the backend sends a request just before closing the socket,
> the aio dispatcher might schedule its reading after the vhost
> device has been cleaned, leading to a NULL pointer dereference
> in slave_read();
>
> vhost_user_cleanup() already closes the socket but it is not
> enough, the handler has to be unregistered.
>
> Signed-off-by: Maxime Coquelin <maxime.coque...@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lur...@redhat.com>
> ---
> hw/virtio/vhost-user.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
> index 958ee09..2203011 100644
> --- a/hw/virtio/vhost-user.c
> +++ b/hw/virtio/vhost-user.c
> @@ -779,6 +779,7 @@ static int vhost_user_cleanup(struct vhost_dev *dev)
>
> u = dev->opaque;
> if (u->slave_fd >= 0) {
> + qemu_set_fd_handler(u->slave_fd, NULL, NULL, NULL);
> close(u->slave_fd);
> u->slave_fd = -1;
> }
> --
> 2.9.4
>
>
