qemu/hw
Fam Zheng 2cbe2de545 virtio-scsi: Unset hotplug handler when unrealize
This matches the qbus_set_hotplug_handler in realize, and it releases
the final reference to the embedded VirtIODevice so that it is
properly finalized.

A use-after-free is fixed with this patch, indirectly:
virtio_device_instance_finalize wasn't called at hot-unplug, and the
vdev->listener would be a dangling pointer in the global and the per
address space listener list. See also RHBZ 1449031.

Cc: qemu-stable@nongnu.org
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-Id: <20170518102808.30046-1-famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-06-06 20:18:36 +02:00
..
9pfs 9pfs: local: metadata file for the VirtFS root 2017-05-25 10:30:14 +02:00
acpi shutdown: Add source information to SHUTDOWN and RESET 2017-05-23 13:28:17 +02:00
adc STM32F2xx: Add the ADC device 2016-10-04 13:28:07 +01:00
alpha memory: tune last param of iommu_ops.translate() 2017-05-25 21:25:27 +03:00
arm numa: make sure that all cpus have has_node_id set if numa is enabled 2017-06-05 14:59:08 -03:00
audio audio: Rename hw/audio/audio.h to hw/audio/soundhw.h 2017-05-19 10:48:54 +02:00
block nvme: Add support for Controller Memory Buffers 2017-05-26 16:48:21 +02:00
bt be-hci: use backend functions 2017-06-02 11:33:53 +04:00
char -----BEGIN PGP SIGNATURE----- 2017-06-05 10:09:14 +01:00
core x86 and machine queue, 2017-06-05 2017-06-06 10:00:34 +01:00
cpu Introduce DEVICE_CATEGORY_CPU for CPU devices 2017-01-27 18:07:31 +01:00
cris cris: Fix broken header guard in hw/cris/boot.h 2016-07-12 16:20:46 +02:00
display Remove/replace sysemu/char.h inclusion 2017-06-02 11:33:52 +04:00
dma hw/dma: QOM'ify sun4m_iommu.c 2017-06-02 05:54:43 +01:00
gpio qdev: Replace cannot_instantiate_with_device_add_yet with !user_creatable 2017-05-17 10:37:00 -03:00
i2c migration/next for 20170601 2017-06-02 14:07:53 +01:00
i386 numa: make sure that all cpus have has_node_id set if numa is enabled 2017-06-05 14:59:08 -03:00
ide allwinner-ahci: Remove user_creatable flag 2017-05-17 10:37:01 -03:00
input shutdown: Add source information to SHUTDOWN and RESET 2017-05-23 13:28:17 +02:00
intc target-ppc: Fix openpic timer read register offset 2017-06-06 08:53:24 +10:00
ipack ipack: Update e-mail address 2016-05-18 15:04:27 +03:00
ipmi char: move CharBackend handling in char-fe unit 2017-06-02 11:33:53 +04:00
isa chardev: move headers to include/chardev 2017-06-02 11:33:52 +04:00
lm32 char: rename CharDriverState Chardev 2017-01-27 18:07:59 +01:00
m68k hw/m68k: QOMify the ColdFire interrupt controller 2017-02-18 22:23:31 +01:00
mem pc: memhp: enable nvdimm device hotplug 2016-11-01 19:21:09 +02:00
microblaze Remove reduntant qemu: from error functions 2017-05-07 09:57:51 +03:00
mips chardev: move headers to include/chardev 2017-06-02 11:33:52 +04:00
misc -----BEGIN PGP SIGNATURE----- 2017-06-05 10:09:14 +01:00
moxie hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
net migration: remove register_savevm() 2017-06-06 08:53:24 +10:00
nios2 Remove reduntant qemu: from error functions 2017-05-07 09:57:51 +03:00
nvram spapr_nvram: Check return value from blk_getlength() 2017-06-06 09:18:32 +10:00
openrisc target/openrisc: Support non-busy idle state using PMR SPR 2017-05-04 09:39:14 +09:00
pci msix: trace control bit write op 2017-06-06 20:18:35 +02:00
pci-bridge pci, virtio, vhost: fixes 2017-05-18 10:01:08 +01:00
pci-host pci, virtio, vhost: fixes 2017-05-30 14:15:04 +01:00
pcmcia hw: Clean up includes 2016-01-29 15:07:25 +00:00
ppc ppc patch queue 2017-06-06 2017-06-06 14:30:06 +01:00
s390x migration: remove register_savevm() 2017-06-06 08:53:24 +10:00
scsi virtio-scsi: Unset hotplug handler when unrealize 2017-06-06 20:18:36 +02:00
sd generic-sdhci: Remove user_creatable flag 2017-05-17 10:37:01 -03:00
sh4 shutdown: Add source information to SHUTDOWN and RESET 2017-05-23 13:28:17 +02:00
smbios stubs: move smbios stubs to hw/smbios 2017-01-16 17:52:35 +01:00
sparc -----BEGIN PGP SIGNATURE----- 2017-06-05 10:09:14 +01:00
sparc64 hw/sparc: use ARRAY_SIZE() macro 2017-06-04 18:42:55 +03:00
ssi aspeed/smc: use a modulo to check segment limits 2017-02-10 17:40:30 +00:00
timer qtest: add rtc periodic timer test 2017-06-06 20:18:35 +02:00
tpm clean-up: removed duplicate #includes 2016-10-28 18:17:24 +03:00
tricore Remove reduntant qemu: from error functions 2017-05-07 09:57:51 +03:00
unicore32 clean-up: removed duplicate #includes 2016-10-28 18:17:24 +03:00
usb char: make chr_fe_deinit() optionaly delete backend 2017-06-02 11:33:53 +04:00
vfio pci, virtio, vhost: fixes 2017-05-30 14:15:04 +01:00
virtio -----BEGIN PGP SIGNATURE----- 2017-06-05 10:09:14 +01:00
watchdog shutdown: Add source information to SHUTDOWN and RESET 2017-05-23 13:28:17 +02:00
xen chardev: move headers to include/chardev 2017-06-02 11:33:52 +04:00
xenpv shutdown: Add source information to SHUTDOWN and RESET 2017-05-23 13:28:17 +02:00
xtensa target/xtensa: support output to chardev console 2017-06-06 02:40:48 -07:00
Makefile.objs acpi: filter based on CONFIG_ACPI_X86 rather than TARGET 2017-01-16 17:52:35 +01:00