From 37cebcc98807d6c37d5ef3ce2121a3b1a8b7b8cf Mon Sep 17 00:00:00 2001 From: Maxime Coquelin Date: Thu, 31 Aug 2017 15:07:15 +0200 Subject: [PATCH 4/4] vhost-user: unregister slave req handler at cleanup time MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RH-Author: Maxime Coquelin Message-id: <20170831150715.27421-3-maxime.coquelin@redhat.com> Patchwork-id: 76169 O-Subject: [RHV-7.4.z qemu-kvm-rhev PATCH 2/2] vhost-user: unregister slave req handler at cleanup time Bugzilla: 1480446 RH-Acked-by: Marc-André Lureau RH-Acked-by: Jens Freimann RH-Acked-by: Michael S. Tsirkin If the backend sends a request just before closing the socket, the aio dispatcher might schedule its reading after the vhost device has been cleaned, leading to a NULL pointer dereference in slave_read(); vhost_user_cleanup() already closes the socket but it is not enough, the handler has to be unregistered. Signed-off-by: Maxime Coquelin Reviewed-by: Marc-André Lureau Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin (cherry picked from commit b9ec9bd468b2c5b218d16642e8f8ea4df60418bb) Signed-off-by: Maxime Coquelin Signed-off-by: Miroslav Rezanina --- hw/virtio/vhost-user.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c index c44bbad..50e1a73 100644 --- a/hw/virtio/vhost-user.c +++ b/hw/virtio/vhost-user.c @@ -780,6 +780,7 @@ static int vhost_user_cleanup(struct vhost_dev *dev) u = dev->opaque; if (u->slave_fd >= 0) { + qemu_set_fd_handler(u->slave_fd, NULL, NULL, NULL); close(u->slave_fd); u->slave_fd = -1; } -- 1.8.3.1