From: Chen Gang Date: Fri, 8 Aug 2014 15:37:59 +0000 (+0800) Subject: virt/kvm/assigned-dev.c: Set 'dev->irq_source_id' to '-1' after free it X-Git-Tag: firefly_0821_release~176^2~3004^2~59 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=30d1e0e806e5b2fadc297ba78f2d7afd6ba309cf;p=firefly-linux-kernel-4.4.55.git virt/kvm/assigned-dev.c: Set 'dev->irq_source_id' to '-1' after free it As a generic function, deassign_guest_irq() assumes it can be called even if assign_guest_irq() is not be called successfully (which can be triggered by ioctl from user mode, indirectly). So for assign_guest_irq() failure process, need set 'dev->irq_source_id' to -1 after free 'dev->irq_source_id', or deassign_guest_irq() may free it again. Signed-off-by: Chen Gang Signed-off-by: Paolo Bonzini --- diff --git a/virt/kvm/assigned-dev.c b/virt/kvm/assigned-dev.c index bf06577fea51..5819a2708d7e 100644 --- a/virt/kvm/assigned-dev.c +++ b/virt/kvm/assigned-dev.c @@ -526,8 +526,10 @@ static int assign_guest_irq(struct kvm *kvm, dev->irq_requested_type |= guest_irq_type; if (dev->ack_notifier.gsi != -1) kvm_register_irq_ack_notifier(kvm, &dev->ack_notifier); - } else + } else { kvm_free_irq_source_id(kvm, dev->irq_source_id); + dev->irq_source_id = -1; + } return r; }