xenbits.xensource.com Git - people/liuw/libxenctrl-split/libvirt.git/commit

author	Laine Stump <laine@laine.org>
	Tue, 25 Jun 2013 02:04:43 +0000 (22:04 -0400)
committer	Laine Stump <laine@laine.org>
	Tue, 25 Jun 2013 22:24:50 +0000 (18:24 -0400)
commit	b2a2d00f5792c6af3b4a159617216191d783a6cd
tree	b3e26fc622a8e3f19add73a0c1bcbf628b0ecc50	tree
parent	2a2739a8664c9f9dc3f08db8a272e5bf7b6af5db	commit \| diff

pci: fix dangling pointer in qemuDomainReAttachHostdevDevices

(This isn't as bad as it sounds - it's only a problem in case of an
OOM error.)

qemuGetActivePciHostDeviceList() had been creating a list that
contained pointers to objects that were also on the activePciHostdevs
list. In case of an OOM error, this newly created list would be
virObjectUnref'ed, which would cause everything on the list to be
freed. But all of those objects would still be on the
activePciHostdevs list, which could have very bad consequences if that
list was ever again accessed.

The solution used here is to populate the new list with *copies* of
the objects from the original list. It turns out that on return from
qemuGetActivePciHostDeviceList(), the caller would almost immediately
go through all the device objects and "steal" them (i.e. remove the
pointer from the list but not delete it) all from either one list or
the other; we now instead just *delete* (remove from the list and
free) each device from one list or the other, so in the end we have
the same state.