Commit 8c771eb6294afc5b3754a9e3de51568d4e5986c2 breaks guest PCI hotplug:
Before pt_config_delete() ->
qemu_free_timer(ptdev->pm_state->pm_timer), we should invoke
qemu_del_timer(), otherwise, qemu_run_timers() would access a
qemu_free_timer()-ed timer.
The below patch fixes the issue.
Signed-off-by: Dexuan Cui <dexuan.cui@intel.com>
---------------------------------------------------------------------------
diff --git a/hw/pass-through.c b/hw/pass-through.c
index 4a86309..22969c8 100644
--- a/hw/pass-through.c
+++ b/hw/pass-through.c
@@ -2034,6 +2034,7 @@ out:
pm_state->flags &= ~PT_FLAG_TRANSITING;
qemu_free_timer(pm_state->pm_timer);
+ pm_state->pm_timer = NULL;
}
void pt_default_power_transition(void *opaque)
@@ -2048,6 +2049,7 @@ void pt_default_power_transition(void *opaque)
pm_state->flags &= ~PT_FLAG_TRANSITING;
qemu_free_timer(pm_state->pm_timer);
+ pm_state->pm_timer = NULL;
}
/* initialize emulate register */
@@ -2181,7 +2183,11 @@ static void pt_config_delete(struct pt_dev *ptdev)
if (ptdev->pm_state)
{
if (ptdev->pm_state->pm_timer)
+ {
+ qemu_del_timer(ptdev->pm_state->pm_timer);
qemu_free_timer(ptdev->pm_state->pm_timer);
+ ptdev->pm_state->pm_timer = NULL;
+ }
free(ptdev->pm_state);
}
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel