From: Ian Jackson <ian.jackson@eu.citrix.com>
Date: Mon, 16 Mar 2009 18:04:35 +0000 (+0000)
Subject: passthrough: fix pci-dettach issue
X-Git-Tag: xen-3.4.0-rc2~57
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=9f40d906995fb1c704fd04cf14ca02e033ddc1ed;p=qemu-xen-4.1-testing.git

passthrough: fix pci-dettach issue

Commit 8c771eb6294afc5b3754a9e3de51568d4e5986c2 breaks guest PCI hotplug:

Before pt_config_delete() ->
qemu_free_timer(ptdev->pm_state->pm_timer), we should invoke
qemu_del_timer(), otherwise, qemu_run_timers() would access a
qemu_free_timer()-ed timer.  The below patch fixes the issue.

Signed-off-by: Dexuan Cui <dexuan.cui@intel.com>
---

diff --git a/hw/pass-through.c b/hw/pass-through.c
index 522eb739b..0b44daa07 100644
--- a/hw/pass-through.c
+++ b/hw/pass-through.c
@@ -2037,6 +2037,7 @@ out:
     pm_state->flags &= ~PT_FLAG_TRANSITING;
 
     qemu_free_timer(pm_state->pm_timer);
+    pm_state->pm_timer = NULL;
 }
 
 void pt_default_power_transition(void *opaque)
@@ -2051,6 +2052,7 @@ void pt_default_power_transition(void *opaque)
     pm_state->flags &= ~PT_FLAG_TRANSITING;
 
     qemu_free_timer(pm_state->pm_timer);
+    pm_state->pm_timer = NULL;
 }
 
 /* initialize emulate register */
@@ -2184,7 +2186,11 @@ static void pt_config_delete(struct pt_dev *ptdev)
     if (ptdev->pm_state)
     {
         if (ptdev->pm_state->pm_timer)
+        {
+            qemu_del_timer(ptdev->pm_state->pm_timer);
             qemu_free_timer(ptdev->pm_state->pm_timer);
+            ptdev->pm_state->pm_timer = NULL;
+        }
 
         free(ptdev->pm_state);
     }