passthrough: fix pci-dettach issue

Commit 8c771eb6294afc5b3754a9e3de51568d4e5986c2 breaks guest PCI hotplug:

Before pt_config_delete() ->
qemu_free_timer(ptdev->pm_state->pm_timer), we should invoke
qemu_del_timer(), otherwise, qemu_run_timers() would access a
qemu_free_timer()-ed timer.  The below patch fixes the issue.

Signed-off-by: Dexuan Cui <dexuan.cui@intel.com>

diff --git a/hw/pass-through.c b/hw/pass-through.c
index 522eb739bc60096fba933bd2b432f8db4943d76c..0b44daa07793e7ec84779fae1183c262e1c6569a 100644 (file)
--- a/hw/pass-through.c
+++ b/hw/pass-through.c
@@ -2037,6 +2037,7 @@ out:
     pm_state->flags &= ~PT_FLAG_TRANSITING;
 
     qemu_free_timer(pm_state->pm_timer);
+    pm_state->pm_timer = NULL;
 }
 
 void pt_default_power_transition(void *opaque)
@@ -2051,6 +2052,7 @@ void pt_default_power_transition(void *opaque)
     pm_state->flags &= ~PT_FLAG_TRANSITING;
 
     qemu_free_timer(pm_state->pm_timer);
+    pm_state->pm_timer = NULL;
 }
 
 /* initialize emulate register */
@@ -2184,7 +2186,11 @@ static void pt_config_delete(struct pt_dev *ptdev)
     if (ptdev->pm_state)
     {
         if (ptdev->pm_state->pm_timer)
+        {
+            qemu_del_timer(ptdev->pm_state->pm_timer);
             qemu_free_timer(ptdev->pm_state->pm_timer);
+            ptdev->pm_state->pm_timer = NULL;
+        }
 
         free(ptdev->pm_state);
     }