The error exits of xen_pv_find_xendev() free the new xen-device via
g_free() which is wrong.
As the xen-device has been initialized as qdev it must be removed
via qdev_unplug().
This bug has been introduced with commit 3a6c9172ac5951e6dac2b3f6
("xen: create qdev for each backend device").
Reported-by: Roger Pau Monné <[email protected]>
Tested-by: Roger Pau Monné <[email protected]>
Signed-off-by: Juergen Gross <[email protected]>
---
hw/xen/xen_backend.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/xen/xen_backend.c b/hw/xen/xen_backend.c
index d119004..030772b 100644
--- a/hw/xen/xen_backend.c
+++ b/hw/xen/xen_backend.c
@@ -145,7 +145,7 @@ static struct XenDevice *xen_be_get_xendev(const char
*type, int dom, int dev,
xendev->evtchndev = xenevtchn_open(NULL, 0);
if (xendev->evtchndev == NULL) {
xen_pv_printf(NULL, 0, "can't open evtchn device\n");
- g_free(xendev);
+ qdev_unplug(&xendev->qdev, NULL);
return NULL;
}
fcntl(xenevtchn_fd(xendev->evtchndev), F_SETFD, FD_CLOEXEC);
@@ -155,7 +155,7 @@ static struct XenDevice *xen_be_get_xendev(const char
*type, int dom, int dev,
if (xendev->gnttabdev == NULL) {
xen_pv_printf(NULL, 0, "can't open gnttab device\n");
xenevtchn_close(xendev->evtchndev);
- g_free(xendev);
+ qdev_unplug(&xendev->qdev, NULL);
return NULL;
}
} else {
--
2.10.2
_______________________________________________
Xen-devel mailing list
[email protected]
https://lists.xen.org/xen-devel
